Transport Layer Security Protocol. More...

#include <stdint.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <errno.h>
#include <byteswap.h>
#include <ipxe/pending.h>
#include <ipxe/hmac.h>
#include <ipxe/md5.h>
#include <ipxe/sha1.h>
#include <ipxe/sha256.h>
#include <ipxe/aes.h>
#include <ipxe/rsa.h>
#include <ipxe/iobuf.h>
#include <ipxe/xfer.h>
#include <ipxe/open.h>
#include <ipxe/x509.h>
#include <ipxe/privkey.h>
#include <ipxe/certstore.h>
#include <ipxe/rootcert.h>
#include <ipxe/rbg.h>
#include <ipxe/validator.h>
#include <ipxe/job.h>
#include <ipxe/dhe.h>
#include <ipxe/ecdhe.h>
#include <ipxe/tls.h>
#include <config/crypto.h>

Data Structures
struct	tls24_t
	A TLS 24-bit integer. More...

Macros
#define	EINVAL_CHANGE_CIPHER __einfo_error ( EINFO_EINVAL_CHANGE_CIPHER )
#define	EINFO_EINVAL_CHANGE_CIPHER
#define	EINVAL_ALERT __einfo_error ( EINFO_EINVAL_ALERT )
#define	EINFO_EINVAL_ALERT
#define	EINVAL_HELLO __einfo_error ( EINFO_EINVAL_HELLO )
#define	EINFO_EINVAL_HELLO
#define	EINVAL_CERTIFICATE __einfo_error ( EINFO_EINVAL_CERTIFICATE )
#define	EINFO_EINVAL_CERTIFICATE
#define	EINVAL_CERTIFICATES __einfo_error ( EINFO_EINVAL_CERTIFICATES )
#define	EINFO_EINVAL_CERTIFICATES
#define	EINVAL_HELLO_DONE __einfo_error ( EINFO_EINVAL_HELLO_DONE )
#define	EINFO_EINVAL_HELLO_DONE
#define	EINVAL_FINISHED __einfo_error ( EINFO_EINVAL_FINISHED )
#define	EINFO_EINVAL_FINISHED
#define	EINVAL_HANDSHAKE __einfo_error ( EINFO_EINVAL_HANDSHAKE )
#define	EINFO_EINVAL_HANDSHAKE
#define	EINVAL_IV __einfo_error ( EINFO_EINVAL_IV )
#define	EINFO_EINVAL_IV
#define	EINVAL_PADDING __einfo_error ( EINFO_EINVAL_PADDING )
#define	EINFO_EINVAL_PADDING
#define	EINVAL_RX_STATE __einfo_error ( EINFO_EINVAL_RX_STATE )
#define	EINFO_EINVAL_RX_STATE
#define	EINVAL_MAC __einfo_error ( EINFO_EINVAL_MAC )
#define	EINFO_EINVAL_MAC
#define	EINVAL_TICKET __einfo_error ( EINFO_EINVAL_TICKET )
#define	EINFO_EINVAL_TICKET
#define	EINVAL_KEY_EXCHANGE __einfo_error ( EINFO_EINVAL_KEY_EXCHANGE )
#define	EINFO_EINVAL_KEY_EXCHANGE
#define	EIO_ALERT __einfo_error ( EINFO_EIO_ALERT )
#define	EINFO_EIO_ALERT
#define	ENOMEM_CONTEXT __einfo_error ( EINFO_ENOMEM_CONTEXT )
#define	EINFO_ENOMEM_CONTEXT
#define	ENOMEM_CERTIFICATE __einfo_error ( EINFO_ENOMEM_CERTIFICATE )
#define	EINFO_ENOMEM_CERTIFICATE
#define	ENOMEM_CHAIN __einfo_error ( EINFO_ENOMEM_CHAIN )
#define	EINFO_ENOMEM_CHAIN
#define	ENOMEM_TX_PLAINTEXT __einfo_error ( EINFO_ENOMEM_TX_PLAINTEXT )
#define	EINFO_ENOMEM_TX_PLAINTEXT
#define	ENOMEM_TX_CIPHERTEXT __einfo_error ( EINFO_ENOMEM_TX_CIPHERTEXT )
#define	EINFO_ENOMEM_TX_CIPHERTEXT
#define	ENOMEM_RX_DATA __einfo_error ( EINFO_ENOMEM_RX_DATA )
#define	EINFO_ENOMEM_RX_DATA
#define	ENOMEM_RX_CONCAT __einfo_error ( EINFO_ENOMEM_RX_CONCAT )
#define	EINFO_ENOMEM_RX_CONCAT
#define	ENOTSUP_CIPHER __einfo_error ( EINFO_ENOTSUP_CIPHER )
#define	EINFO_ENOTSUP_CIPHER
#define	ENOTSUP_NULL __einfo_error ( EINFO_ENOTSUP_NULL )
#define	EINFO_ENOTSUP_NULL
#define	ENOTSUP_SIG_HASH __einfo_error ( EINFO_ENOTSUP_SIG_HASH )
#define	EINFO_ENOTSUP_SIG_HASH
#define	ENOTSUP_VERSION __einfo_error ( EINFO_ENOTSUP_VERSION )
#define	EINFO_ENOTSUP_VERSION
#define	ENOTSUP_CURVE __einfo_error ( EINFO_ENOTSUP_CURVE )
#define	EINFO_ENOTSUP_CURVE
#define	EPERM_ALERT __einfo_error ( EINFO_EPERM_ALERT )
#define	EINFO_EPERM_ALERT
#define	EPERM_VERIFY __einfo_error ( EINFO_EPERM_VERIFY )
#define	EINFO_EPERM_VERIFY
#define	EPERM_RENEG_INSECURE __einfo_error ( EINFO_EPERM_RENEG_INSECURE )
#define	EINFO_EPERM_RENEG_INSECURE
#define	EPERM_RENEG_VERIFY __einfo_error ( EINFO_EPERM_RENEG_VERIFY )
#define	EINFO_EPERM_RENEG_VERIFY
#define	EPERM_KEY_EXCHANGE __einfo_error ( EINFO_EPERM_KEY_EXCHANGE )
#define	EINFO_EPERM_KEY_EXCHANGE
#define	EPERM_EMS __einfo_error ( EINFO_EPERM_EMS )
#define	EINFO_EPERM_EMS
#define	EPROTO_VERSION __einfo_error ( EINFO_EPROTO_VERSION )
#define	EINFO_EPROTO_VERSION
#define	tls_prf_label(tls, secret, secret_len, out, out_len, label, ...)
	Generate secure pseudo-random data.
#define	TLS_NUM_CIPHER_SUITES table_num_entries ( TLS_CIPHER_SUITES )
	Number of supported cipher suites.
#define	TLS_NUM_SIG_HASH_ALGORITHMS table_num_entries ( TLS_SIG_HASH_ALGORITHMS )
	Number of supported signature and hash algorithms.
#define	TLS_NUM_NAMED_CURVES table_num_entries ( TLS_NAMED_CURVES )
	Number of supported named curves.

Functions
	FILE_LICENCE (GPL2_OR_LATER)
	FILE_SECBOOT (PERMITTED)
static	LIST_HEAD (tls_sessions)
	List of TLS session.
static void	tls_tx_resume_all (struct tls_session *session)
	Resume TX state machine for all connections within a session.
static struct io_buffer *	tls_alloc_iob (struct tls_connection *tls, size_t len)
	Allocate I/O buffer for transmitted record(s)
static int	tls_send_alert (struct tls_connection *tls, unsigned int level, unsigned int description)
	Transmit Alert record.
static int	tls_send_record (struct tls_connection tls, unsigned int type, struct io_buffer iobuf)
	Send plaintext record(s)
static int	tls_send_plaintext (struct tls_connection tls, unsigned int type, const void data, size_t len)
	Send plaintext record.
static void	tls_clear_cipher (struct tls_connection tls, struct tls_cipherspec cipherspec)
static void	tls_verify_handshake (struct tls_connection tls, void out)
	Calculate handshake verification hash.
static unsigned long	tls_uint24 (const tls24_t *field24)
	Extract 24-bit field value.
static void	tls_set_uint24 (tls24_t *field24, unsigned long value)
	Set 24-bit field value.
static int	tls_ready (struct tls_connection *tls)
	Determine if TLS connection is ready for application data.
static int	tls_version (struct tls_connection *tls, unsigned int version)
	Check for TLS version.
static void	md5_sha1_init (void *ctx)
	Initialise MD5+SHA1 algorithm.
static void	md5_sha1_update (void ctx, const void data, size_t len)
	Accumulate data with MD5+SHA1 algorithm.
static void	md5_sha1_final (void ctx, void out)
	Generate MD5+SHA1 digest.
static void	free_tls_session (struct refcnt *refcnt)
	Free TLS session.
static void	free_tls (struct refcnt *refcnt)
	Free TLS connection.
static void	tls_close (struct tls_connection *tls, int rc)
	Finish with TLS connection.
static int	tls_generate_random (struct tls_connection tls, void data, size_t len)
	Generate random data.
static void	tls_hmac_update_va (struct digest_algorithm digest, void ctx, va_list args)
	Update HMAC with a list of ( data, len ) pairs.
static void	tls_p_hash_va (struct tls_connection tls, struct digest_algorithm digest, const void secret, size_t secret_len, void out, size_t out_len, va_list seeds)
	Generate secure pseudo-random data using a single hash function.
static void	tls_prf (struct tls_connection tls, const void secret, size_t secret_len, void *out, size_t out_len,...)
	Generate secure pseudo-random data.
static void	tls_generate_master_secret (struct tls_connection tls, const void pre_master_secret, size_t pre_master_secret_len)
	Generate master secret.
static int	tls_generate_keys (struct tls_connection *tls)
	Generate key material.
static void	tls_clear_handshake (struct tls_connection *tls)
	Clear handshake digest algorithm.
static int	tls_select_handshake (struct tls_connection tls, struct digest_algorithm digest)
	Select handshake digest algorithm.
static int	tls_add_handshake (struct tls_connection tls, const void data, size_t len)
	Add handshake record to verification hash.
static struct tls_cipher_suite *	tls_find_cipher_suite (unsigned int cipher_suite)
	Identify cipher suite.
static void	tls_clear_cipher (struct tls_connection tls __unused, struct tls_cipherspec cipherspec)
	Clear cipher suite.
static int	tls_set_cipher (struct tls_connection tls, struct tls_cipherspec cipherspec, struct tls_cipher_suite *suite)
	Set cipher suite.
static int	tls_select_cipher (struct tls_connection *tls, unsigned int cipher_suite)
	Select next cipher suite.
static int	tls_change_cipher (struct tls_connection tls, struct tls_cipherspec_pair pair)
	Activate next cipher suite.
static struct tls_signature_hash_algorithm *	tls_signature_hash_algorithm (struct pubkey_algorithm pubkey, struct digest_algorithm digest)
	Find TLS signature and hash algorithm.
static struct pubkey_algorithm *	tls_signature_hash_pubkey (struct tls_signature_hash_id code)
	Find TLS signature algorithm.
static struct digest_algorithm *	tls_signature_hash_digest (struct tls_signature_hash_id code)
	Find TLS hash algorithm.
static struct tls_named_curve *	tls_find_named_curve (unsigned int named_curve)
	Identify named curve.
static void	tls_tx_resume (struct tls_connection *tls)
	Resume TX state machine.
static void	tls_restart (struct tls_connection *tls)
	Restart negotiation.
static int	tls_send_handshake (struct tls_connection tls, const void data, size_t len)
	Transmit Handshake record.
static int	tls_client_hello (struct tls_connection tls, int(action)(struct tls_connection tls, const void data, size_t len))
	Digest or transmit Client Hello record.
static int	tls_send_client_hello (struct tls_connection *tls)
	Transmit Client Hello record.
static int	tls_send_certificate (struct tls_connection *tls)
	Transmit Certificate record.
static int	tls_send_client_key_exchange_pubkey (struct tls_connection *tls)
	Transmit Client Key Exchange record using public key exchange.
static int	tls_verify_dh_params (struct tls_connection *tls, size_t param_len)
	Verify Diffie-Hellman parameter signature.
static int	tls_send_client_key_exchange_dhe (struct tls_connection *tls)
	Transmit Client Key Exchange record using DHE key exchange.
static int	tls_send_client_key_exchange_ecdhe (struct tls_connection *tls)
	Transmit Client Key Exchange record using ECDHE key exchange.
static int	tls_send_client_key_exchange (struct tls_connection *tls)
	Transmit Client Key Exchange record.
static int	tls_send_certificate_verify (struct tls_connection *tls)
	Transmit Certificate Verify record.
static int	tls_send_change_cipher (struct tls_connection *tls)
	Transmit Change Cipher record.
static int	tls_send_finished (struct tls_connection *tls)
	Transmit Finished record.
static int	tls_new_change_cipher (struct tls_connection tls, struct io_buffer iobuf)
	Receive new Change Cipher record.
static int	tls_new_alert (struct tls_connection tls, struct io_buffer iobuf)
	Receive new Alert record.
static int	tls_new_hello_request (struct tls_connection tls, const void data __unused, size_t len __unused)
	Receive new Hello Request handshake record.
static int	tls_new_server_hello (struct tls_connection tls, const void data, size_t len)
	Receive new Server Hello handshake record.
static int	tls_new_session_ticket (struct tls_connection tls, const void data, size_t len)
	Receive New Session Ticket handshake record.
static int	tls_parse_chain (struct tls_connection tls, const void data, size_t len)
	Parse certificate chain.
static int	tls_new_certificate (struct tls_connection tls, const void data, size_t len)
	Receive new Certificate handshake record.
static int	tls_new_server_key_exchange (struct tls_connection tls, const void data, size_t len)
	Receive new Server Key Exchange handshake record.
static int	tls_new_certificate_request (struct tls_connection tls, const void data __unused, size_t len __unused)
	Receive new Certificate Request handshake record.
static int	tls_new_server_hello_done (struct tls_connection tls, const void data, size_t len)
	Receive new Server Hello Done handshake record.
static int	tls_new_finished (struct tls_connection tls, const void data, size_t len)
	Receive new Finished handshake record.
static int	tls_new_handshake (struct tls_connection tls, struct io_buffer iobuf)
	Receive new Handshake record.
static int	tls_new_unknown (struct tls_connection tls __unused, struct io_buffer iobuf)
	Receive new unknown record.
static int	tls_new_data (struct tls_connection tls, struct list_head rx_data)
	Receive new data record.
static int	tls_new_record (struct tls_connection tls, unsigned int type, struct list_head rx_data)
	Receive new record.
static void	tls_hmac_init (struct tls_cipherspec cipherspec, void ctx, struct tls_auth_header *authhdr)
	Initialise HMAC.
static void	tls_hmac_update (struct tls_cipherspec cipherspec, void ctx, const void *data, size_t len)
	Update HMAC.
static void	tls_hmac_final (struct tls_cipherspec cipherspec, void ctx, void *hmac)
	Finalise HMAC.
static void	tls_hmac (struct tls_cipherspec cipherspec, struct tls_auth_header authhdr, const void data, size_t len, void hmac)
	Calculate HMAC.
static void	tls_hmac_list (struct tls_cipherspec cipherspec, struct tls_auth_header authhdr, struct list_head list, void hmac)
	Calculate HMAC over list of I/O buffers.
static size_t	tls_iob_reserved (struct tls_connection *tls, size_t len)
	Calculate maximum additional length required for transmitted record(s)
static int	tls_verify_padding (struct tls_connection tls, struct io_buffer iobuf)
	Verify block padding.
static int	tls_new_ciphertext (struct tls_connection tls, struct tls_header tlshdr, struct list_head *rx_data)
	Receive new ciphertext record.
static size_t	tls_plainstream_window (struct tls_connection *tls)
	Check flow control window.
static int	tls_plainstream_deliver (struct tls_connection tls, struct io_buffer iobuf, struct xfer_metadata *meta __unused)
	Deliver datagram as raw data.
static int	tls_progress (struct tls_connection tls, struct job_progress progress)
	Report job progress.
static int	tls_newdata_process_header (struct tls_connection *tls)
	Handle received TLS header.
static int	tls_newdata_process_data (struct tls_connection *tls)
	Handle received TLS data payload.
static size_t	tls_cipherstream_window (struct tls_connection *tls)
	Check flow control window.
static int	tls_cipherstream_deliver (struct tls_connection tls, struct io_buffer iobuf, struct xfer_metadata *xfer __unused)
	Receive new ciphertext.
static void	tls_validator_done (struct tls_connection *tls, int rc)
	Handle certificate validation completion.
static void	tls_tx_step (struct tls_connection *tls)
	TLS TX state machine.
static int	tls_session (struct tls_connection tls, const char name)
	Find or create session for TLS connection.
int	add_tls (struct interface xfer, const char name, struct x509_root root, struct private_key key)
	Add TLS on an interface.
	REQUIRING_SYMBOL (add_tls)
	REQUIRE_OBJECT (config_crypto)

Variables
static struct digest_algorithm	md5_sha1_algorithm
	Hybrid MD5+SHA1 digest algorithm.
struct rsa_digestinfo_prefix rsa_md5_sha1_prefix	__rsa_digestinfo_prefix
	RSA digestInfo prefix for MD5+SHA1 algorithm.
struct tls_cipher_suite	tls_cipher_suite_null
	Null cipher suite.
struct tls_key_exchange_algorithm	tls_pubkey_exchange_algorithm
	Public key exchange algorithm.
struct tls_key_exchange_algorithm	tls_dhe_exchange_algorithm
	Ephemeral Diffie-Hellman key exchange algorithm.
struct tls_key_exchange_algorithm	tls_ecdhe_exchange_algorithm
	Ephemeral Elliptic Curve Diffie-Hellman key exchange algorithm.
static struct interface_operation	tls_plainstream_ops []
	TLS plaintext stream interface operations.
static struct interface_descriptor	tls_plainstream_desc
	TLS plaintext stream interface descriptor.
static struct interface_operation	tls_cipherstream_ops []
	TLS ciphertext stream interface operations.
static struct interface_descriptor	tls_cipherstream_desc
	TLS ciphertext stream interface descriptor.
static struct interface_operation	tls_validator_ops []
	TLS certificate validator interface operations.
static struct interface_descriptor	tls_validator_desc
	TLS certificate validator interface descriptor.
static struct process_descriptor	tls_process_desc
	TLS TX process descriptor.

Detailed Description

Transport Layer Security Protocol.

Definition in file tls.c.

Macro Definition Documentation

◆ EINVAL_CHANGE_CIPHER

#define EINVAL_CHANGE_CIPHER __einfo_error ( EINFO_EINVAL_CHANGE_CIPHER )

Definition at line 58 of file tls.c.

Referenced by tls_new_change_cipher().

◆ EINFO_EINVAL_CHANGE_CIPHER

#define EINFO_EINVAL_CHANGE_CIPHER

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x01, \

"Invalid Change Cipher record" )

__einfo_uniqify

#define __einfo_uniqify(einfo_base, uniq, desc)

Declare disambiguated error.

Definition errno.h:181

EINFO_EINVAL

#define EINFO_EINVAL

Definition errno.h:430

Definition at line 59 of file tls.c.

#define EINFO_EINVAL_CHANGE_CIPHER                                      \
        __einfo_uniqify ( EINFO_EINVAL, 0x01,                           \
                          "Invalid Change Cipher record" )

◆ EINVAL_ALERT

#define EINVAL_ALERT __einfo_error ( EINFO_EINVAL_ALERT )

Definition at line 62 of file tls.c.

Referenced by tls_new_alert().

◆ EINFO_EINVAL_ALERT

#define EINFO_EINVAL_ALERT

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x02, \

"Invalid Alert record" )

Definition at line 63 of file tls.c.

#define EINFO_EINVAL_ALERT                                              \
        __einfo_uniqify ( EINFO_EINVAL, 0x02,                           \
                          "Invalid Alert record" )

◆ EINVAL_HELLO

#define EINVAL_HELLO __einfo_error ( EINFO_EINVAL_HELLO )

Definition at line 66 of file tls.c.

Referenced by tls_new_server_hello().

◆ EINFO_EINVAL_HELLO

#define EINFO_EINVAL_HELLO

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x03, \

"Invalid Server Hello record" )

Definition at line 67 of file tls.c.

#define EINFO_EINVAL_HELLO                                              \
        __einfo_uniqify ( EINFO_EINVAL, 0x03,                           \
                          "Invalid Server Hello record" )

◆ EINVAL_CERTIFICATE

#define EINVAL_CERTIFICATE __einfo_error ( EINFO_EINVAL_CERTIFICATE )

Definition at line 70 of file tls.c.

Referenced by tls_parse_chain().

◆ EINFO_EINVAL_CERTIFICATE

#define EINFO_EINVAL_CERTIFICATE

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x04, \

"Invalid Certificate" )

Definition at line 71 of file tls.c.

#define EINFO_EINVAL_CERTIFICATE                                        \
        __einfo_uniqify ( EINFO_EINVAL, 0x04,                           \
                          "Invalid Certificate" )

◆ EINVAL_CERTIFICATES

#define EINVAL_CERTIFICATES __einfo_error ( EINFO_EINVAL_CERTIFICATES )

Definition at line 74 of file tls.c.

Referenced by tls_new_certificate().

◆ EINFO_EINVAL_CERTIFICATES

#define EINFO_EINVAL_CERTIFICATES

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x05, \

"Invalid Server Certificate record" )

Definition at line 75 of file tls.c.

#define EINFO_EINVAL_CERTIFICATES                                       \
        __einfo_uniqify ( EINFO_EINVAL, 0x05,                           \
                          "Invalid Server Certificate record" )

◆ EINVAL_HELLO_DONE

#define EINVAL_HELLO_DONE __einfo_error ( EINFO_EINVAL_HELLO_DONE )

Definition at line 78 of file tls.c.

Referenced by tls_new_server_hello_done().

◆ EINFO_EINVAL_HELLO_DONE

#define EINFO_EINVAL_HELLO_DONE

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x06, \

"Invalid Server Hello Done record" )

Definition at line 79 of file tls.c.

#define EINFO_EINVAL_HELLO_DONE                                         \
        __einfo_uniqify ( EINFO_EINVAL, 0x06,                           \
                          "Invalid Server Hello Done record" )

◆ EINVAL_FINISHED

#define EINVAL_FINISHED __einfo_error ( EINFO_EINVAL_FINISHED )

Definition at line 82 of file tls.c.

Referenced by tls_new_finished().

◆ EINFO_EINVAL_FINISHED

#define EINFO_EINVAL_FINISHED

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x07, \

"Invalid Server Finished record" )

Definition at line 83 of file tls.c.

#define EINFO_EINVAL_FINISHED                                           \
        __einfo_uniqify ( EINFO_EINVAL, 0x07,                           \
                          "Invalid Server Finished record" )

◆ EINVAL_HANDSHAKE

#define EINVAL_HANDSHAKE __einfo_error ( EINFO_EINVAL_HANDSHAKE )

Definition at line 86 of file tls.c.

◆ EINFO_EINVAL_HANDSHAKE

#define EINFO_EINVAL_HANDSHAKE

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x08, \

"Invalid Handshake record" )

Definition at line 87 of file tls.c.

#define EINFO_EINVAL_HANDSHAKE                                          \
        __einfo_uniqify ( EINFO_EINVAL, 0x08,                           \
                          "Invalid Handshake record" )

◆ EINVAL_IV

#define EINVAL_IV __einfo_error ( EINFO_EINVAL_IV )

Definition at line 90 of file tls.c.

Referenced by tls_new_ciphertext().

◆ EINFO_EINVAL_IV

#define EINFO_EINVAL_IV

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x0a, \

"Invalid initialisation vector" )

Definition at line 91 of file tls.c.

#define EINFO_EINVAL_IV                                                 \
        __einfo_uniqify ( EINFO_EINVAL, 0x0a,                           \
                          "Invalid initialisation vector" )

◆ EINVAL_PADDING

#define EINVAL_PADDING __einfo_error ( EINFO_EINVAL_PADDING )

Definition at line 94 of file tls.c.

Referenced by tls_verify_padding().

◆ EINFO_EINVAL_PADDING

#define EINFO_EINVAL_PADDING

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x0b, \

"Invalid block padding" )

Definition at line 95 of file tls.c.

#define EINFO_EINVAL_PADDING                                            \
        __einfo_uniqify ( EINFO_EINVAL, 0x0b,                           \
                          "Invalid block padding" )

◆ EINVAL_RX_STATE

#define EINVAL_RX_STATE __einfo_error ( EINFO_EINVAL_RX_STATE )

Definition at line 98 of file tls.c.

Referenced by tls_cipherstream_deliver().

◆ EINFO_EINVAL_RX_STATE

#define EINFO_EINVAL_RX_STATE

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x0c, \

"Invalid receive state" )

Definition at line 99 of file tls.c.

#define EINFO_EINVAL_RX_STATE                                           \
        __einfo_uniqify ( EINFO_EINVAL, 0x0c,                           \
                          "Invalid receive state" )

◆ EINVAL_MAC

#define EINVAL_MAC __einfo_error ( EINFO_EINVAL_MAC )

Definition at line 102 of file tls.c.

Referenced by tls_new_ciphertext().

◆ EINFO_EINVAL_MAC

#define EINFO_EINVAL_MAC

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x0d, \

"Invalid MAC or authentication tag" )

Definition at line 103 of file tls.c.

#define EINFO_EINVAL_MAC                                                \
        __einfo_uniqify ( EINFO_EINVAL, 0x0d,                           \
                          "Invalid MAC or authentication tag" )

◆ EINVAL_TICKET

#define EINVAL_TICKET __einfo_error ( EINFO_EINVAL_TICKET )

Definition at line 106 of file tls.c.

Referenced by tls_new_session_ticket().

◆ EINFO_EINVAL_TICKET

#define EINFO_EINVAL_TICKET

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x0e, \

"Invalid New Session Ticket record")

Definition at line 107 of file tls.c.

#define EINFO_EINVAL_TICKET                                             \
        __einfo_uniqify ( EINFO_EINVAL, 0x0e,                           \
                          "Invalid New Session Ticket record")

◆ EINVAL_KEY_EXCHANGE

#define EINVAL_KEY_EXCHANGE __einfo_error ( EINFO_EINVAL_KEY_EXCHANGE )

Definition at line 110 of file tls.c.

Referenced by tls_send_client_key_exchange_dhe(), tls_send_client_key_exchange_ecdhe(), and tls_verify_dh_params().

◆ EINFO_EINVAL_KEY_EXCHANGE

#define EINFO_EINVAL_KEY_EXCHANGE

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x0f, \

"Invalid Server Key Exchange record" )

Definition at line 111 of file tls.c.

#define EINFO_EINVAL_KEY_EXCHANGE                                       \
        __einfo_uniqify ( EINFO_EINVAL, 0x0f,                           \
                          "Invalid Server Key Exchange record" )

◆ EIO_ALERT

#define EIO_ALERT __einfo_error ( EINFO_EIO_ALERT )

Definition at line 114 of file tls.c.

Referenced by tls_new_alert().

◆ EINFO_EIO_ALERT

#define EINFO_EIO_ALERT

Value:

__einfo_uniqify ( EINFO_EIO, 0x01, \

"Unknown alert level" )

EINFO_EIO

#define EINFO_EIO

Definition errno.h:435

Definition at line 115 of file tls.c.

#define EINFO_EIO_ALERT                                                 \
        __einfo_uniqify ( EINFO_EIO, 0x01,                              \
                          "Unknown alert level" )

◆ ENOMEM_CONTEXT

#define ENOMEM_CONTEXT __einfo_error ( EINFO_ENOMEM_CONTEXT )

Definition at line 118 of file tls.c.

Referenced by tls_set_cipher().

◆ EINFO_ENOMEM_CONTEXT

#define EINFO_ENOMEM_CONTEXT

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x01, \

"Not enough space for crypto context" )

EINFO_ENOMEM

#define EINFO_ENOMEM

Definition errno.h:536

Definition at line 119 of file tls.c.

#define EINFO_ENOMEM_CONTEXT                                            \
        __einfo_uniqify ( EINFO_ENOMEM, 0x01,                           \
                          "Not enough space for crypto context" )

◆ ENOMEM_CERTIFICATE

#define ENOMEM_CERTIFICATE __einfo_error ( EINFO_ENOMEM_CERTIFICATE )

Definition at line 122 of file tls.c.

Referenced by tls_send_certificate().

◆ EINFO_ENOMEM_CERTIFICATE

#define EINFO_ENOMEM_CERTIFICATE

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x02, \

"Not enough space for certificate" )

Definition at line 123 of file tls.c.

#define EINFO_ENOMEM_CERTIFICATE                                        \
        __einfo_uniqify ( EINFO_ENOMEM, 0x02,                           \
                          "Not enough space for certificate" )

◆ ENOMEM_CHAIN

#define ENOMEM_CHAIN __einfo_error ( EINFO_ENOMEM_CHAIN )

Definition at line 126 of file tls.c.

Referenced by tls_parse_chain().

◆ EINFO_ENOMEM_CHAIN

#define EINFO_ENOMEM_CHAIN

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x03, \

"Not enough space for certificate chain" )

Definition at line 127 of file tls.c.

#define EINFO_ENOMEM_CHAIN                                              \
        __einfo_uniqify ( EINFO_ENOMEM, 0x03,                           \
                          "Not enough space for certificate chain" )

◆ ENOMEM_TX_PLAINTEXT

#define ENOMEM_TX_PLAINTEXT __einfo_error ( EINFO_ENOMEM_TX_PLAINTEXT )

Definition at line 130 of file tls.c.

Referenced by tls_send_plaintext().

◆ EINFO_ENOMEM_TX_PLAINTEXT

#define EINFO_ENOMEM_TX_PLAINTEXT

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x04, \

"Not enough space for transmitted plaintext" )

Definition at line 131 of file tls.c.

#define EINFO_ENOMEM_TX_PLAINTEXT                                       \
        __einfo_uniqify ( EINFO_ENOMEM, 0x04,                           \
                          "Not enough space for transmitted plaintext" )

◆ ENOMEM_TX_CIPHERTEXT

#define ENOMEM_TX_CIPHERTEXT __einfo_error ( EINFO_ENOMEM_TX_CIPHERTEXT )

Definition at line 134 of file tls.c.

◆ EINFO_ENOMEM_TX_CIPHERTEXT

#define EINFO_ENOMEM_TX_CIPHERTEXT

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x05, \

"Not enough space for transmitted ciphertext" )

Definition at line 135 of file tls.c.

#define EINFO_ENOMEM_TX_CIPHERTEXT                                      \
        __einfo_uniqify ( EINFO_ENOMEM, 0x05,                           \
                          "Not enough space for transmitted ciphertext" )

◆ ENOMEM_RX_DATA

#define ENOMEM_RX_DATA __einfo_error ( EINFO_ENOMEM_RX_DATA )

Definition at line 138 of file tls.c.

Referenced by tls_newdata_process_header().

◆ EINFO_ENOMEM_RX_DATA

#define EINFO_ENOMEM_RX_DATA

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x07, \

"Not enough space for received data" )

Definition at line 139 of file tls.c.

#define EINFO_ENOMEM_RX_DATA                                            \
        __einfo_uniqify ( EINFO_ENOMEM, 0x07,                           \
                          "Not enough space for received data" )

◆ ENOMEM_RX_CONCAT

#define ENOMEM_RX_CONCAT __einfo_error ( EINFO_ENOMEM_RX_CONCAT )

Definition at line 142 of file tls.c.

Referenced by tls_new_record().

◆ EINFO_ENOMEM_RX_CONCAT

#define EINFO_ENOMEM_RX_CONCAT

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x08, \

"Not enough space to concatenate received data" )

Definition at line 143 of file tls.c.

#define EINFO_ENOMEM_RX_CONCAT                                          \
        __einfo_uniqify ( EINFO_ENOMEM, 0x08,                           \
                          "Not enough space to concatenate received data" )

◆ ENOTSUP_CIPHER

#define ENOTSUP_CIPHER __einfo_error ( EINFO_ENOTSUP_CIPHER )

Definition at line 146 of file tls.c.

Referenced by tls_select_cipher().

◆ EINFO_ENOTSUP_CIPHER

#define EINFO_ENOTSUP_CIPHER

Value:

__einfo_uniqify ( EINFO_ENOTSUP, 0x01, \

"Unsupported cipher" )

EINFO_ENOTSUP

#define EINFO_ENOTSUP

Definition errno.h:591

Definition at line 147 of file tls.c.

#define EINFO_ENOTSUP_CIPHER                                            \
        __einfo_uniqify ( EINFO_ENOTSUP, 0x01,                          \
                          "Unsupported cipher" )

◆ ENOTSUP_NULL

#define ENOTSUP_NULL __einfo_error ( EINFO_ENOTSUP_NULL )

Definition at line 150 of file tls.c.

Referenced by tls_change_cipher().

◆ EINFO_ENOTSUP_NULL

#define EINFO_ENOTSUP_NULL

Value:

__einfo_uniqify ( EINFO_ENOTSUP, 0x02, \

"Refusing to use null cipher" )

Definition at line 151 of file tls.c.

#define EINFO_ENOTSUP_NULL                                              \
        __einfo_uniqify ( EINFO_ENOTSUP, 0x02,                          \
                          "Refusing to use null cipher" )

◆ ENOTSUP_SIG_HASH

#define ENOTSUP_SIG_HASH __einfo_error ( EINFO_ENOTSUP_SIG_HASH )

Definition at line 154 of file tls.c.

Referenced by tls_send_certificate_verify(), and tls_verify_dh_params().

◆ EINFO_ENOTSUP_SIG_HASH

#define EINFO_ENOTSUP_SIG_HASH

Value:

__einfo_uniqify ( EINFO_ENOTSUP, 0x03, \

"Unsupported signature and hash algorithm" )

Definition at line 155 of file tls.c.

#define EINFO_ENOTSUP_SIG_HASH                                          \
        __einfo_uniqify ( EINFO_ENOTSUP, 0x03,                          \
                          "Unsupported signature and hash algorithm" )

◆ ENOTSUP_VERSION

#define ENOTSUP_VERSION __einfo_error ( EINFO_ENOTSUP_VERSION )

Definition at line 158 of file tls.c.

◆ EINFO_ENOTSUP_VERSION

#define EINFO_ENOTSUP_VERSION

Value:

__einfo_uniqify ( EINFO_ENOTSUP, 0x04, \

"Unsupported protocol version" )

Definition at line 159 of file tls.c.

#define EINFO_ENOTSUP_VERSION                                           \
        __einfo_uniqify ( EINFO_ENOTSUP, 0x04,                          \
                          "Unsupported protocol version" )

◆ ENOTSUP_CURVE

#define ENOTSUP_CURVE __einfo_error ( EINFO_ENOTSUP_CURVE )

Definition at line 162 of file tls.c.

Referenced by tls_send_client_key_exchange_ecdhe().

◆ EINFO_ENOTSUP_CURVE

#define EINFO_ENOTSUP_CURVE

Value:

__einfo_uniqify ( EINFO_ENOTSUP, 0x05, \

"Unsupported elliptic curve" )

Definition at line 163 of file tls.c.

#define EINFO_ENOTSUP_CURVE                                             \
        __einfo_uniqify ( EINFO_ENOTSUP, 0x05,                          \
                          "Unsupported elliptic curve" )

◆ EPERM_ALERT

#define EPERM_ALERT __einfo_error ( EINFO_EPERM_ALERT )

Definition at line 166 of file tls.c.

Referenced by tls_new_alert().

◆ EINFO_EPERM_ALERT

#define EINFO_EPERM_ALERT

Value:

__einfo_uniqify ( EINFO_EPERM, 0x01, \

"Received fatal alert" )

EINFO_EPERM

#define EINFO_EPERM

Definition errno.h:616

Definition at line 167 of file tls.c.

#define EINFO_EPERM_ALERT                                               \
        __einfo_uniqify ( EINFO_EPERM, 0x01,                            \
                          "Received fatal alert" )

◆ EPERM_VERIFY

#define EPERM_VERIFY __einfo_error ( EINFO_EPERM_VERIFY )

Definition at line 170 of file tls.c.

Referenced by tls_new_finished().

◆ EINFO_EPERM_VERIFY

#define EINFO_EPERM_VERIFY

Value:

__einfo_uniqify ( EINFO_EPERM, 0x02, \

"Handshake verification failed" )

Definition at line 171 of file tls.c.

#define EINFO_EPERM_VERIFY                                              \
        __einfo_uniqify ( EINFO_EPERM, 0x02,                            \
                          "Handshake verification failed" )

◆ EPERM_RENEG_INSECURE

#define EPERM_RENEG_INSECURE __einfo_error ( EINFO_EPERM_RENEG_INSECURE )

Definition at line 174 of file tls.c.

Referenced by tls_new_hello_request().

◆ EINFO_EPERM_RENEG_INSECURE

#define EINFO_EPERM_RENEG_INSECURE

Value:

__einfo_uniqify ( EINFO_EPERM, 0x04, \

"Secure renegotiation not supported" )

Definition at line 175 of file tls.c.

#define EINFO_EPERM_RENEG_INSECURE                                      \
        __einfo_uniqify ( EINFO_EPERM, 0x04,                            \
                          "Secure renegotiation not supported" )

◆ EPERM_RENEG_VERIFY

#define EPERM_RENEG_VERIFY __einfo_error ( EINFO_EPERM_RENEG_VERIFY )

Definition at line 178 of file tls.c.

Referenced by tls_new_server_hello().

◆ EINFO_EPERM_RENEG_VERIFY

#define EINFO_EPERM_RENEG_VERIFY

Value:

__einfo_uniqify ( EINFO_EPERM, 0x05, \

"Secure renegotiation verification failed" )

Definition at line 179 of file tls.c.

#define EINFO_EPERM_RENEG_VERIFY                                        \
        __einfo_uniqify ( EINFO_EPERM, 0x05,                            \
                          "Secure renegotiation verification failed" )

◆ EPERM_KEY_EXCHANGE

#define EPERM_KEY_EXCHANGE __einfo_error ( EINFO_EPERM_KEY_EXCHANGE )

Definition at line 182 of file tls.c.

Referenced by tls_verify_dh_params().

◆ EINFO_EPERM_KEY_EXCHANGE

#define EINFO_EPERM_KEY_EXCHANGE

Value:

__einfo_uniqify ( EINFO_EPERM, 0x06, \

"ServerKeyExchange verification failed" )

Definition at line 183 of file tls.c.

#define EINFO_EPERM_KEY_EXCHANGE                                        \
        __einfo_uniqify ( EINFO_EPERM, 0x06,                            \
                          "ServerKeyExchange verification failed" )

◆ EPERM_EMS

#define EPERM_EMS __einfo_error ( EINFO_EPERM_EMS )

Definition at line 186 of file tls.c.

Referenced by tls_new_server_hello().

◆ EINFO_EPERM_EMS

#define EINFO_EPERM_EMS

Value:

__einfo_uniqify ( EINFO_EPERM, 0x07, \

"Extended master secret extension mismatch" )

Definition at line 187 of file tls.c.

#define EINFO_EPERM_EMS                                                 \
        __einfo_uniqify ( EINFO_EPERM, 0x07,                            \
                          "Extended master secret extension mismatch" )

◆ EPROTO_VERSION

#define EPROTO_VERSION __einfo_error ( EINFO_EPROTO_VERSION )

Definition at line 190 of file tls.c.

Referenced by tls_new_server_hello().

◆ EINFO_EPROTO_VERSION

#define EINFO_EPROTO_VERSION

Value:

__einfo_uniqify ( EINFO_EPROTO, 0x01, \

"Illegal protocol version upgrade" )

EINFO_EPROTO

#define EINFO_EPROTO

Definition errno.h:626

Definition at line 191 of file tls.c.

#define EINFO_EPROTO_VERSION                                            \
        __einfo_uniqify ( EINFO_EPROTO, 0x01,                           \
                          "Illegal protocol version upgrade" )

◆ tls_prf_label

#define tls_prf_label	(	tls,
		secret,
		secret_len,
		out,
		out_len,
		label,
		... )

Value:

tls_prf ( (tls), (secret), (secret_len), (out), (out_len), \

label, ( sizeof ( label ) - 1 ), __VA_ARGS__, NULL )

NULL

#define NULL

NULL pointer (VOID *)

Definition Base.h:322

out

__be32 out[4]

Definition CIB_PRM.h:8

label

A text label widget.

Definition label.h:16

tls_prf

static void tls_prf(struct tls_connection *tls, const void *secret, size_t secret_len, void *out, size_t out_len,...)

Generate secure pseudo-random data.

Definition tls.c:571

Generate secure pseudo-random data.

Parameters

secret	Secret
secret_len	Length of secret
out	Output buffer
out_len	Length of output buffer
label	String literal label
...	( data, len ) pairs of seed data

Definition at line 627 of file tls.c.

#define tls_prf_label( tls, secret, secret_len, out, out_len, label, ... ) \
        tls_prf ( (tls), (secret), (secret_len), (out), (out_len),         \
                  label, ( sizeof ( label ) - 1 ), __VA_ARGS__, NULL )

Referenced by tls_generate_keys(), tls_generate_master_secret(), tls_new_finished(), and tls_send_finished().

◆ TLS_NUM_CIPHER_SUITES

#define TLS_NUM_CIPHER_SUITES table_num_entries ( TLS_CIPHER_SUITES )

Number of supported cipher suites.

Definition at line 863 of file tls.c.

Referenced by tls_client_hello().

◆ TLS_NUM_SIG_HASH_ALGORITHMS

#define TLS_NUM_SIG_HASH_ALGORITHMS table_num_entries ( TLS_SIG_HASH_ALGORITHMS )

Number of supported signature and hash algorithms.

Definition at line 1009 of file tls.c.

1009#define TLS_NUM_SIG_HASH_ALGORITHMS \

1010 table_num_entries ( TLS_SIG_HASH_ALGORITHMS )

Referenced by tls_client_hello().

◆ TLS_NUM_NAMED_CURVES

#define TLS_NUM_NAMED_CURVES table_num_entries ( TLS_NAMED_CURVES )

Number of supported named curves.

Definition at line 1081 of file tls.c.

Referenced by tls_client_hello().

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER )

◆ FILE_SECBOOT()

FILE_SECBOOT ( PERMITTED )

◆ LIST_HEAD()

LIST_HEAD ( tls_sessions )

static

List of TLS session.

References data, len, and type.

◆ tls_tx_resume_all()

void tls_tx_resume_all ( struct tls_session * session )

static

Resume TX state machine for all connections within a session.

Parameters

session TLS session

Definition at line 1123 of file tls.c.

                                                              {
        struct tls_connection *tls;
 
        list_for_each_entry ( tls, &session->conn, list )
                tls_tx_resume ( tls );
}

References tls_session::conn, tls_connection::list, list_for_each_entry, tls_connection::session, and tls_tx_resume().

Referenced by tls_close(), and tls_new_finished().

◆ tls_alloc_iob()

struct io_buffer * tls_alloc_iob	(	struct tls_connection *	tls,
		size_t	len )

static

Allocate I/O buffer for transmitted record(s)

Parameters

tls	TLS connection
len	I/O buffer payload length

Return values

iobuf I/O buffer

Definition at line 3061 of file tls.c.

                                                       {
        struct io_buffer *iobuf;
        size_t reserve;
 
        /* Calculate maximum additional length to reserve */
        reserve = tls_iob_reserved ( tls, len );
 
        /* Allocate I/O buffer */
        iobuf = xfer_alloc_iob ( &tls->cipherstream, ( reserve + len ) );
        if ( ! iobuf )
                return NULL;
 
        /* Reserve space */
        iob_reserve ( iobuf, reserve );
 
        return iobuf;
}

References tls_connection::cipherstream, iob_reserve, len, NULL, tls_iob_reserved(), and xfer_alloc_iob().

Referenced by tls_send_certificate(), and tls_send_plaintext().

◆ tls_send_alert()

int tls_send_alert	(	struct tls_connection *	tls,
		unsigned int	level,
		unsigned int	description )

static

Transmit Alert record.

Parameters

tls	TLS connection
level	Alert level
description	Alert description

Return values

rc	Return status code

Definition at line 2014 of file tls.c.

                                                       {
        const struct {
                uint8_t level;
                uint8_t description;
        } __attribute__ (( packed )) alert = {
                .level = level,
                .description = description,
        };
 
        /* Send record */
        return tls_send_plaintext ( tls, TLS_TYPE_ALERT, &alert,
                                    sizeof ( alert ) );
}

References __attribute__, alert(), tls_send_plaintext(), and TLS_TYPE_ALERT.

Referenced by tls_close().

◆ tls_send_record()

int tls_send_record	(	struct tls_connection *	tls,
		unsigned int	type,
		struct io_buffer *	iobuf )

static

Send plaintext record(s)

Parameters

tls	TLS connection
type	Record type
iobuf	I/O buffer

Return values

rc	Return status code

Definition at line 3088 of file tls.c.

                                                       {
        struct tls_cipherspec *cipherspec = &tls->tx.cipherspec.active;
        struct tls_cipher_suite *suite = cipherspec->suite;
        struct cipher_algorithm *cipher = suite->cipher;
        struct digest_algorithm *digest = suite->digest;
        struct {
                uint8_t fixed[suite->fixed_iv_len];
                uint8_t rec[suite->record_iv_len];
        } __attribute__ (( packed )) iv;
        struct tls_auth_header authhdr;
        struct tls_header *tlshdr;
        uint8_t mac[digest->digestsize];
        const void *plaintext;
        const void *encrypt;
        void *ciphertext;
        size_t record_len;
        size_t encrypt_len;
        size_t pad_len;
        size_t len;
        int rc;
 
        /* Record plaintext pointer and length */
        plaintext = iobuf->data;
        len = iob_len ( iobuf );
 
        /* Add to handshake digest if applicable */
        if ( type == TLS_TYPE_HANDSHAKE )
                tls_add_handshake ( tls, plaintext, len );
 
        /* Start constructing ciphertext at start of reserved space */
        iob_push ( iobuf, tls_iob_reserved ( tls, len ) );
        iob_unput ( iobuf, iob_len ( iobuf ) );
 
        /* Construct records */
        do {
                /* Limit length of this record (may be zero) */
                record_len = len;
                if ( record_len > TLS_TX_BUFSIZE )
                        record_len = TLS_TX_BUFSIZE;
 
                /* Construct and set initialisation vector */
                memcpy ( iv.fixed, cipherspec->fixed_iv, sizeof ( iv.fixed ) );
                if ( ( rc = tls_generate_random ( tls, iv.rec,
                                                  sizeof ( iv.rec ) ) ) != 0 ) {
                        goto err_random;
                }
                cipher_setiv ( cipher, cipherspec->cipher_ctx, &iv,
                               sizeof ( iv ) );
 
                /* Construct and process authentication data */
                authhdr.seq = cpu_to_be64 ( tls->tx.seq );
                authhdr.header.type = type;
                authhdr.header.version = htons ( tls->version );
                authhdr.header.length = htons ( record_len );
                if ( suite->mac_len ) {
                        tls_hmac ( cipherspec, &authhdr, plaintext, record_len,
                                   mac );
                }
                if ( is_auth_cipher ( cipher ) ) {
                        cipher_encrypt ( cipher, cipherspec->cipher_ctx,
                                         &authhdr, NULL, sizeof ( authhdr ) );
                }
 
                /* Calculate encryption length */
                encrypt_len = ( record_len + suite->mac_len );
                if ( is_block_cipher ( cipher ) ) {
                        pad_len = ( ( ( cipher->blocksize - 1 ) &
                                      -( encrypt_len + 1 ) ) + 1 );
                } else {
                        pad_len = 0;
                }
                encrypt_len += pad_len;
 
                /* Add record header */
                tlshdr = iob_put ( iobuf, sizeof ( *tlshdr ) );
                tlshdr->type = type;
                tlshdr->version = htons ( tls->version );
                tlshdr->length = htons ( sizeof ( iv.rec ) + encrypt_len +
                                         cipher->authsize );
 
                /* Add record initialisation vector, if applicable */
                memcpy ( iob_put ( iobuf, sizeof ( iv.rec ) ), iv.rec,
                         sizeof ( iv.rec ) );
 
                /* Copy plaintext data if necessary */
                ciphertext = iob_put ( iobuf, record_len );
                assert ( ciphertext <= plaintext );
                if ( encrypt_len > record_len ) {
                        memmove ( ciphertext, plaintext, record_len );
                        encrypt = ciphertext;
                } else {
                        encrypt = plaintext;
                }
 
                /* Add MAC, if applicable */
                memcpy ( iob_put ( iobuf, suite->mac_len ), mac,
                         suite->mac_len );
 
                /* Add padding, if applicable */
                memset ( iob_put ( iobuf, pad_len ), ( pad_len - 1 ), pad_len );
 
                /* Encrypt data and append authentication tag */
                DBGC2 ( tls, "Sending plaintext data:\n" );
                DBGC2_HDA ( tls, 0, encrypt, encrypt_len );
                cipher_encrypt ( cipher, cipherspec->cipher_ctx, encrypt,
                                 ciphertext, encrypt_len );
                cipher_auth ( cipher, cipherspec->cipher_ctx,
                              iob_put ( iobuf, cipher->authsize ) );
 
                /* Move to next record */
                tls->tx.seq += 1;
                plaintext += record_len;
                len -= record_len;
 
        } while ( len );
 
        /* Send ciphertext */
        if ( ( rc = xfer_deliver_iob ( &tls->cipherstream,
                                       iob_disown ( iobuf ) ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not deliver ciphertext: %s\n",
                       tls, strerror ( rc ) );
                goto err_deliver;
        }
 
        assert ( iobuf == NULL );
        return 0;
 
 err_deliver:
 err_random:
        free_iob ( iobuf );
        return rc;
}

References __attribute__, tls_cipherspec_pair::active, assert, cipher_algorithm::authsize, cipher_algorithm::blocksize, tls_cipher_suite::cipher, cipher_auth(), tls_cipherspec::cipher_ctx, cipher_encrypt, cipher_setiv(), tls_tx::cipherspec, tls_connection::cipherstream, cpu_to_be64, io_buffer::data, DBGC, DBGC2, DBGC2_HDA, tls_cipher_suite::digest, digest_algorithm::digestsize, fixed, tls_cipherspec::fixed_iv, tls_cipher_suite::fixed_iv_len, free_iob(), tls_auth_header::header, htons, iob_disown, iob_len(), iob_push, iob_put, iob_unput, is_auth_cipher(), is_block_cipher(), iv, len, tls_header::length, mac, tls_cipher_suite::mac_len, memcpy(), memmove(), memset(), NULL, pad_len, rc, tls_cipher_suite::record_iv_len, tls_auth_header::seq, tls_tx::seq, strerror(), tls_cipherspec::suite, tls_add_handshake(), tls_generate_random(), tls_hmac(), tls_iob_reserved(), TLS_TX_BUFSIZE, TLS_TYPE_HANDSHAKE, tls_connection::tx, tls_header::type, type, tls_connection::version, tls_header::version, and xfer_deliver_iob().

Referenced by tls_plainstream_deliver(), tls_send_certificate(), and tls_send_plaintext().

◆ tls_send_plaintext()

int tls_send_plaintext	(	struct tls_connection *	tls,
		unsigned int	type,
		const void *	data,
		size_t	len )

static

Send plaintext record.

Parameters

tls	TLS connection
type	Record type
data	Plaintext record
len	Length of plaintext record

Return values

rc	Return status code

Definition at line 3231 of file tls.c.

                                                               {
        struct io_buffer *iobuf;
        int rc;
 
        /* Allocate I/O buffer */
        iobuf = tls_alloc_iob ( tls, len );
        if ( ! iobuf )
                return -ENOMEM_TX_PLAINTEXT;
        memcpy ( iob_put ( iobuf, len ), data, len );
 
        /* Transmit I/O buffer */
        if ( ( rc = tls_send_record ( tls, type, iob_disown ( iobuf ) ) ) != 0 )
                return rc;
 
        return 0;
}

References data, ENOMEM_TX_PLAINTEXT, iob_disown, iob_put, len, memcpy(), rc, tls_alloc_iob(), tls_send_record(), and type.

Referenced by tls_send_alert(), tls_send_change_cipher(), and tls_send_handshake().

◆ tls_clear_cipher() [1/2]

void tls_clear_cipher	(	struct tls_connection *	tls,
		struct tls_cipherspec *	cipherspec )

static

References out.

Referenced by add_tls(), free_tls(), tls_change_cipher(), and tls_set_cipher().

◆ tls_verify_handshake()

void tls_verify_handshake	(	struct tls_connection *	tls,
		void *	out )

static

Calculate handshake verification hash.

Parameters

tls	TLS connection
out	Output buffer

Calculates the digest over all handshake messages seen so far.

Definition at line 839 of file tls.c.

                                                                           {
        struct digest_algorithm *digest = tls->handshake_digest;
        uint8_t ctx[ digest->ctxsize ];
 
        memcpy ( ctx, tls->handshake_ctx, sizeof ( ctx ) );
        digest_final ( digest, ctx, out );
}

References ctx, digest_algorithm::ctxsize, digest_final(), tls_connection::handshake_ctx, tls_connection::handshake_digest, memcpy(), and out.

Referenced by tls_generate_master_secret(), tls_new_finished(), tls_send_certificate_verify(), and tls_send_finished().

◆ tls_uint24()

unsigned long tls_uint24 ( const tls24_t * field24 )

inlinestatic

Extract 24-bit field value.

Parameters

field24 24-bit field

Return values

value Field value

Definition at line 238 of file tls.c.

                                      {
 
        return ( ( field24->high << 16 ) | be16_to_cpu ( field24->low ) );
}

References be16_to_cpu, tls24_t::high, and tls24_t::low.

Referenced by tls_new_certificate(), tls_new_handshake(), and tls_parse_chain().

◆ tls_set_uint24()

void tls_set_uint24	(	tls24_t *	field24,
		unsigned long	value )

static

Set 24-bit field value.

Parameters

field24	24-bit field
value	Field value

Definition at line 249 of file tls.c.

                                                                     {
 
        field24->high = ( value >> 16 );
        field24->low = cpu_to_be16 ( value );
}

References cpu_to_be16, tls24_t::high, tls24_t::low, and value.

Referenced by tls_send_certificate().

◆ tls_ready()

int tls_ready ( struct tls_connection * tls )

static

Determine if TLS connection is ready for application data.

Parameters

tls	TLS connection

Return values

is_ready TLS connection is ready

Definition at line 261 of file tls.c.

                                                    {
        return ( ( ! is_pending ( &tls->client.negotiation ) ) &&
                 ( ! is_pending ( &tls->server.negotiation ) ) );
}

References tls_connection::client, is_pending(), tls_client::negotiation, tls_server::negotiation, and tls_connection::server.

Referenced by tls_cipherstream_window(), tls_new_data(), tls_new_hello_request(), tls_plainstream_deliver(), and tls_plainstream_window().

◆ tls_version()

int tls_version	(	struct tls_connection *	tls,
		unsigned int	version )

inlinestatic

Check for TLS version.

Parameters

tls	TLS connection
version	TLS version

Return values

at_least TLS connection is using at least the specified version

Check that TLS connection uses at least the specified protocol version. Optimise down to a compile-time constant true result if this is already guaranteed by the minimum supported version check.

Definition at line 278 of file tls.c.

                                                                 {
        return ( ( TLS_VERSION_MIN >= version ) ||
                 ( tls->version >= version ) );
}

References TLS_VERSION_MIN, tls_connection::version, and version.

Referenced by tls_prf(), tls_select_cipher(), tls_send_certificate_verify(), and tls_verify_dh_params().

◆ md5_sha1_init()

void md5_sha1_init ( void * ctx )

static

Initialise MD5+SHA1 algorithm.

Parameters

ctx	MD5+SHA1 context

Definition at line 295 of file tls.c.

                                        {
        struct md5_sha1_context *context = ctx;
 
        digest_init ( &md5_algorithm, context->md5 );
        digest_init ( &sha1_algorithm, context->sha1 );
}

References ctx, digest_init(), md5_sha1_context::md5, md5_algorithm, md5_sha1_context::sha1, and sha1_algorithm.

◆ md5_sha1_update()

void md5_sha1_update	(	void *	ctx,
		const void *	data,
		size_t	len )

static

Accumulate data with MD5+SHA1 algorithm.

Parameters

ctx	MD5+SHA1 context
data	Data
len	Length of data

Definition at line 309 of file tls.c.

                                                                        {
        struct md5_sha1_context *context = ctx;
 
        digest_update ( &md5_algorithm, context->md5, data, len );
        digest_update ( &sha1_algorithm, context->sha1, data, len );
}

References ctx, data, digest_update(), len, md5_sha1_context::md5, md5_algorithm, md5_sha1_context::sha1, and sha1_algorithm.

◆ md5_sha1_final()

void md5_sha1_final	(	void *	ctx,
		void *	out )

static

Generate MD5+SHA1 digest.

Parameters

ctx	MD5+SHA1 context
out	Output buffer

Definition at line 322 of file tls.c.

                                                    {
        struct md5_sha1_context *context = ctx;
        struct md5_sha1_digest *digest = out;
 
        digest_final ( &md5_algorithm, context->md5, digest->md5 );
        digest_final ( &sha1_algorithm, context->sha1, digest->sha1 );
}

References ctx, digest_final(), md5_sha1_context::md5, md5_sha1_digest::md5, md5_algorithm, out, md5_sha1_context::sha1, md5_sha1_digest::sha1, and sha1_algorithm.

◆ free_tls_session()

void free_tls_session ( struct refcnt * refcnt )

static

Free TLS session.

Parameters

refcnt Reference counter

Definition at line 360 of file tls.c.

                                                       {
        struct tls_session *session =
                container_of ( refcnt, struct tls_session, refcnt );
 
        /* Sanity check */
        assert ( list_empty ( &session->conn ) );
 
        /* Remove from list of sessions */
        list_del ( &session->list );
 
        /* Free dynamically-allocated resources */
        x509_root_put ( session->root );
        privkey_put ( session->key );
        free ( session->ticket );
 
        /* Free session */
        free ( session );
}

References assert, tls_session::conn, container_of, free, tls_session::key, tls_session::list, list_del, list_empty, privkey_put(), tls_session::root, tls_session::ticket, and x509_root_put().

Referenced by tls_session().

◆ free_tls()

void free_tls ( struct refcnt * refcnt )

static

Free TLS connection.

Parameters

refcnt Reference counter

Definition at line 384 of file tls.c.

                                               {
        struct tls_connection *tls =
                container_of ( refcnt, struct tls_connection, refcnt );
        struct tls_session *session = tls->session;
        struct io_buffer *iobuf;
        struct io_buffer *tmp;
 
        /* Free dynamically-allocated resources */
        free ( tls->new_session_ticket );
        tls_clear_cipher ( tls, &tls->tx.cipherspec.active );
        tls_clear_cipher ( tls, &tls->tx.cipherspec.pending );
        tls_clear_cipher ( tls, &tls->rx.cipherspec.active );
        tls_clear_cipher ( tls, &tls->rx.cipherspec.pending );
        free ( tls->server.exchange );
        free ( tls->handshake_ctx );
        list_for_each_entry_safe ( iobuf, tmp, &tls->rx.data, list ) {
                list_del ( &iobuf->list );
                free_iob ( iobuf );
        }
        free_iob ( tls->rx.handshake );
        privkey_put ( tls->client.key );
        x509_chain_put ( tls->client.chain );
        x509_chain_put ( tls->server.chain );
        x509_root_put ( tls->server.root );
 
        /* Drop reference to session */
        assert ( list_empty ( &tls->list ) );
        ref_put ( &session->refcnt );
 
        /* Free TLS structure itself */
        free ( tls );
}

References tls_cipherspec_pair::active, assert, tls_client::chain, tls_server::chain, tls_rx::cipherspec, tls_tx::cipherspec, tls_connection::client, container_of, tls_rx::data, tls_server::exchange, free, free_iob(), tls_rx::handshake, tls_connection::handshake_ctx, tls_client::key, io_buffer::list, tls_connection::list, list_del, list_empty, list_for_each_entry_safe, tls_connection::new_session_ticket, tls_cipherspec_pair::pending, privkey_put(), ref_put, tls_session::refcnt, tls_server::root, tls_connection::rx, tls_connection::server, tls_connection::session, tls_clear_cipher(), tmp, tls_connection::tx, x509_chain_put(), and x509_root_put().

Referenced by add_tls().

◆ tls_close()

void tls_close	(	struct tls_connection *	tls,
		int	rc )

static

Finish with TLS connection.

Parameters

tls	TLS connection
rc	Status code

Definition at line 423 of file tls.c.

                                                             {
 
        /* Send closure alert */
        tls_send_alert ( tls, TLS_ALERT_WARNING, TLS_ALERT_CLOSE_NOTIFY );
 
        /* Remove pending operations, if applicable */
        pending_put ( &tls->client.negotiation );
        pending_put ( &tls->server.negotiation );
        pending_put ( &tls->server.validation );
 
        /* Remove process */
        process_del ( &tls->tx.process );
 
        /* Close all interfaces */
        intf_shutdown ( &tls->cipherstream, rc );
        intf_shutdown ( &tls->plainstream, rc );
        intf_shutdown ( &tls->server.validator, rc );
 
        /* Remove from session */
        list_del ( &tls->list );
        INIT_LIST_HEAD ( &tls->list );
 
        /* Resume all other connections, in case we were the lead connection */
        tls_tx_resume_all ( tls->session );
}

References tls_connection::cipherstream, tls_connection::client, INIT_LIST_HEAD, intf_shutdown(), tls_connection::list, list_del, tls_client::negotiation, tls_server::negotiation, pending_put(), tls_connection::plainstream, tls_tx::process, process_del(), rc, tls_connection::server, tls_connection::session, TLS_ALERT_CLOSE_NOTIFY, TLS_ALERT_WARNING, tls_send_alert(), tls_tx_resume_all(), tls_connection::tx, tls_server::validation, and tls_server::validator.

Referenced by tls_cipherstream_deliver(), tls_new_alert(), tls_tx_step(), and tls_validator_done().

◆ tls_generate_random()

int tls_generate_random	(	struct tls_connection *	tls,
		void *	data,
		size_t	len )

static

Generate random data.

Parameters

tls	TLS connection
data	Buffer to fill
len	Length of buffer

Return values

rc	Return status code

Definition at line 464 of file tls.c.

                                                          {
        int rc;
 
        /* Generate random bits with no additional input and without
         * prediction resistance
         */
        if ( ( rc = rbg_generate ( NULL, 0, 0, data, len ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not generate random data: %s\n",
                       tls, strerror ( rc ) );
                return rc;
        }
 
        return 0;
}

References data, DBGC, len, NULL, rbg_generate(), rc, and strerror().

Referenced by add_tls(), tls_send_client_key_exchange_dhe(), tls_send_client_key_exchange_ecdhe(), tls_send_client_key_exchange_pubkey(), and tls_send_record().

◆ tls_hmac_update_va()

void tls_hmac_update_va	(	struct digest_algorithm *	digest,
		void *	ctx,
		va_list	args )

static

Update HMAC with a list of ( data, len ) pairs.

Parameters

digest	Hash function to use
ctx	HMAC context
args	( data, len ) pairs of data, terminated by NULL

Definition at line 487 of file tls.c.

                                                           {
        void *data;
        size_t len;
 
        while ( ( data = va_arg ( args, void * ) ) ) {
                len = va_arg ( args, size_t );
                hmac_update ( digest, ctx, data, len );
        }
}

References ctx, data, hmac_update(), len, and va_arg.

Referenced by tls_p_hash_va().

◆ tls_p_hash_va()

void tls_p_hash_va	(	struct tls_connection *	tls,
		struct digest_algorithm *	digest,
		const void *	secret,
		size_t	secret_len,
		void *	out,
		size_t	out_len,
		va_list	seeds )

static

Generate secure pseudo-random data using a single hash function.

Parameters

tls	TLS connection
digest	Hash function to use
secret	Secret
secret_len	Length of secret
out	Output buffer
out_len	Length of output buffer
seeds	( data, len ) pairs of seed data, terminated by NULL

Definition at line 509 of file tls.c.

                                            {
        uint8_t ctx[ hmac_ctxsize ( digest ) ];
        uint8_t ctx_partial[ sizeof ( ctx ) ];
        uint8_t a[digest->digestsize];
        uint8_t out_tmp[digest->digestsize];
        size_t frag_len = digest->digestsize;
        va_list tmp;
 
        DBGC2 ( tls, "TLS %p %s secret:\n", tls, digest->name );
        DBGC2_HD ( tls, secret, secret_len );
 
        /* Calculate A(1) */
        hmac_init ( digest, ctx, secret, secret_len );
        va_copy ( tmp, seeds );
        tls_hmac_update_va ( digest, ctx, tmp );
        va_end ( tmp );
        hmac_final ( digest, ctx, a );
        DBGC2 ( tls, "TLS %p %s A(1):\n", tls, digest->name );
        DBGC2_HD ( tls, &a, sizeof ( a ) );
 
        /* Generate as much data as required */
        while ( out_len ) {
                /* Calculate output portion */
                hmac_init ( digest, ctx, secret, secret_len );
                hmac_update ( digest, ctx, a, sizeof ( a ) );
                memcpy ( ctx_partial, ctx, sizeof ( ctx_partial ) );
                va_copy ( tmp, seeds );
                tls_hmac_update_va ( digest, ctx, tmp );
                va_end ( tmp );
                hmac_final ( digest, ctx, out_tmp );
 
                /* Copy output */
                if ( frag_len > out_len )
                        frag_len = out_len;
                memcpy ( out, out_tmp, frag_len );
                DBGC2 ( tls, "TLS %p %s output:\n", tls, digest->name );
                DBGC2_HD ( tls, out, frag_len );
 
                /* Calculate A(i) */
                hmac_final ( digest, ctx_partial, a );
                DBGC2 ( tls, "TLS %p %s A(n):\n", tls, digest->name );
                DBGC2_HD ( tls, &a, sizeof ( a ) );
 
                out += frag_len;
                out_len -= frag_len;
        }
}

References ctx, DBGC2, DBGC2_HD, digest_algorithm::digestsize, hmac_ctxsize(), hmac_final(), hmac_init(), hmac_update(), memcpy(), digest_algorithm::name, out, tls_hmac_update_va(), tmp, va_copy, and va_end.

Referenced by tls_prf().

◆ tls_prf()

void tls_prf	(	struct tls_connection *	tls,
		const void *	secret,
		size_t	secret_len,
		void *	out,
		size_t	out_len,
			... )

static

Generate secure pseudo-random data.

Parameters

tls	TLS connection
secret	Secret
secret_len	Length of secret
out	Output buffer
out_len	Length of output buffer
...	( data, len ) pairs of seed data, terminated by NULL

Definition at line 571 of file tls.c.

                                                                          {
        va_list seeds;
        va_list tmp;
        size_t subsecret_len;
        const void *md5_secret;
        const void *sha1_secret;
        uint8_t buf[out_len];
        unsigned int i;
 
        va_start ( seeds, out_len );
 
        if ( tls_version ( tls, TLS_VERSION_TLS_1_2 ) ) {
                /* Use handshake digest PRF for TLSv1.2 and later */
                tls_p_hash_va ( tls, tls->handshake_digest, secret, secret_len,
                                out, out_len, seeds );
        } else {
                /* Use combination of P_MD5 and P_SHA-1 for TLSv1.1
                 * and earlier
                 */
 
                /* Split secret into two, with an overlap of up to one byte */
                subsecret_len = ( ( secret_len + 1 ) / 2 );
                md5_secret = secret;
                sha1_secret = ( secret + secret_len - subsecret_len );
 
                /* Calculate MD5 portion */
                va_copy ( tmp, seeds );
                tls_p_hash_va ( tls, &md5_algorithm, md5_secret,
                                subsecret_len, out, out_len, seeds );
                va_end ( tmp );
 
                /* Calculate SHA1 portion */
                va_copy ( tmp, seeds );
                tls_p_hash_va ( tls, &sha1_algorithm, sha1_secret,
                                subsecret_len, buf, out_len, seeds );
                va_end ( tmp );
 
                /* XOR the two portions together into the final output buffer */
                for ( i = 0 ; i < out_len ; i++ )
                        *( ( uint8_t * ) out + i ) ^= buf[i];
        }
 
        va_end ( seeds );
}

References tls_connection::handshake_digest, md5_algorithm, out, sha1_algorithm, tls_p_hash_va(), tls_version(), TLS_VERSION_TLS_1_2, tmp, va_copy, va_end, and va_start.

◆ tls_generate_master_secret()

void tls_generate_master_secret	(	struct tls_connection *	tls,
		const void *	pre_master_secret,
		size_t	pre_master_secret_len )

static

Generate master secret.

Parameters

tls	TLS connection
pre_master_secret	Pre-master secret
pre_master_secret_len	Length of pre-master secret

The client and server random values must already be known.

Definition at line 647 of file tls.c.

                                                                        {
        struct digest_algorithm *digest = tls->handshake_digest;
        uint8_t digest_out[ digest->digestsize ];
 
        /* Generate handshake digest */
        tls_verify_handshake ( tls, digest_out );
 
        /* Show inputs */
        DBGC ( tls, "TLS %p pre-master secret:\n", tls );
        DBGC_HD ( tls, pre_master_secret, pre_master_secret_len );
        DBGC ( tls, "TLS %p client random bytes:\n", tls );
        DBGC_HD ( tls, &tls->client.random, sizeof ( tls->client.random ) );
        DBGC ( tls, "TLS %p server random bytes:\n", tls );
        DBGC_HD ( tls, &tls->server.random, sizeof ( tls->server.random ) );
        DBGC ( tls, "TLS %p session hash:\n", tls );
        DBGC_HD ( tls, digest_out, sizeof ( digest_out ) );
 
        /* Generate master secret */
        if ( tls->extended_master_secret ) {
                tls_prf_label ( tls, pre_master_secret, pre_master_secret_len,
                                &tls->master_secret,
                                sizeof ( tls->master_secret ),
                                "extended master secret",
                                digest_out, sizeof ( digest_out ) );
        } else {
                tls_prf_label ( tls, pre_master_secret, pre_master_secret_len,
                                &tls->master_secret,
                                sizeof ( tls->master_secret ),
                                "master secret",
                                &tls->client.random,
                                sizeof ( tls->client.random ),
                                &tls->server.random,
                                sizeof ( tls->server.random ) );
        }
 
        /* Show output */
        DBGC ( tls, "TLS %p generated %smaster secret:\n", tls,
               ( tls->extended_master_secret ? "extended ": "" ) );
        DBGC_HD ( tls, &tls->master_secret, sizeof ( tls->master_secret ) );
}

References tls_connection::client, DBGC, DBGC_HD, digest_algorithm::digestsize, tls_connection::extended_master_secret, tls_connection::handshake_digest, tls_connection::master_secret, tls_client::random, tls_server::random, tls_connection::server, tls_prf_label, and tls_verify_handshake().

Referenced by tls_send_client_key_exchange_dhe(), tls_send_client_key_exchange_ecdhe(), and tls_send_client_key_exchange_pubkey().

◆ tls_generate_keys()

int tls_generate_keys ( struct tls_connection * tls )

static

Generate key material.

Parameters

tls	TLS connection

The master secret must already be known.

Definition at line 697 of file tls.c.

                                                            {
        struct tls_cipherspec *tx_cipherspec = &tls->tx.cipherspec.pending;
        struct tls_cipherspec *rx_cipherspec = &tls->rx.cipherspec.pending;
        size_t hash_size = tx_cipherspec->suite->mac_len;
        size_t key_size = tx_cipherspec->suite->key_len;
        size_t iv_size = tx_cipherspec->suite->fixed_iv_len;
        size_t total = ( 2 * ( hash_size + key_size + iv_size ) );
        uint8_t key_block[total];
        uint8_t *key;
        int rc;
 
        /* Generate key block */
        tls_prf_label ( tls, &tls->master_secret, sizeof ( tls->master_secret ),
                        key_block, sizeof ( key_block ), "key expansion",
                        &tls->server.random, sizeof ( tls->server.random ),
                        &tls->client.random, sizeof ( tls->client.random ) );
 
        /* Split key block into portions */
        key = key_block;
 
        /* TX MAC secret */
        memcpy ( tx_cipherspec->mac_secret, key, hash_size );
        DBGC ( tls, "TLS %p TX MAC secret:\n", tls );
        DBGC_HD ( tls, key, hash_size );
        key += hash_size;
 
        /* RX MAC secret */
        memcpy ( rx_cipherspec->mac_secret, key, hash_size );
        DBGC ( tls, "TLS %p RX MAC secret:\n", tls );
        DBGC_HD ( tls, key, hash_size );
        key += hash_size;
 
        /* TX key */
        if ( ( rc = cipher_setkey ( tx_cipherspec->suite->cipher,
                                    tx_cipherspec->cipher_ctx,
                                    key, key_size ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not set TX key: %s\n",
                       tls, strerror ( rc ) );
                return rc;
        }
        DBGC ( tls, "TLS %p TX key:\n", tls );
        DBGC_HD ( tls, key, key_size );
        key += key_size;
 
        /* RX key */
        if ( ( rc = cipher_setkey ( rx_cipherspec->suite->cipher,
                                    rx_cipherspec->cipher_ctx,
                                    key, key_size ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not set TX key: %s\n",
                       tls, strerror ( rc ) );
                return rc;
        }
        DBGC ( tls, "TLS %p RX key:\n", tls );
        DBGC_HD ( tls, key, key_size );
        key += key_size;
 
        /* TX initialisation vector */
        memcpy ( tx_cipherspec->fixed_iv, key, iv_size );
        DBGC ( tls, "TLS %p TX IV:\n", tls );
        DBGC_HD ( tls, key, iv_size );
        key += iv_size;
 
        /* RX initialisation vector */
        memcpy ( rx_cipherspec->fixed_iv, key, iv_size );
        DBGC ( tls, "TLS %p RX IV:\n", tls );
        DBGC_HD ( tls, key, iv_size );
        key += iv_size;
 
        assert ( ( key_block + total ) == key );
 
        return 0;
}

References assert, tls_cipher_suite::cipher, tls_cipherspec::cipher_ctx, cipher_setkey(), tls_rx::cipherspec, tls_tx::cipherspec, tls_connection::client, DBGC, DBGC_HD, tls_cipherspec::fixed_iv, tls_cipher_suite::fixed_iv_len, key, tls_cipher_suite::key_len, tls_cipher_suite::mac_len, tls_cipherspec::mac_secret, tls_connection::master_secret, memcpy(), tls_cipherspec_pair::pending, tls_client::random, tls_server::random, rc, tls_connection::rx, tls_connection::server, strerror(), tls_cipherspec::suite, tls_prf_label, and tls_connection::tx.

Referenced by tls_new_server_hello(), and tls_send_client_key_exchange().

◆ tls_clear_handshake()

void tls_clear_handshake ( struct tls_connection * tls )

static

Clear handshake digest algorithm.

Parameters

tls	TLS connection

Definition at line 782 of file tls.c.

                                                               {
 
        /* Select null digest algorithm */
        tls->handshake_digest = &digest_null;
 
        /* Free any existing context */
        free ( tls->handshake_ctx );
        tls->handshake_ctx = NULL;
}

References digest_null, free, tls_connection::handshake_ctx, tls_connection::handshake_digest, and NULL.

Referenced by add_tls(), and tls_select_handshake().

◆ tls_select_handshake()

int tls_select_handshake	(	struct tls_connection *	tls,
		struct digest_algorithm *	digest )

static

Select handshake digest algorithm.

Parameters

tls	TLS connection
digest	Handshake digest algorithm

Return values

rc	Return status code

Definition at line 799 of file tls.c.

                                                                    {
 
        /* Clear existing handshake digest */
        tls_clear_handshake ( tls );
 
        /* Allocate and initialise context */
        tls->handshake_ctx = malloc ( digest->ctxsize );
        if ( ! tls->handshake_ctx )
                return -ENOMEM;
        tls->handshake_digest = digest;
        digest_init ( digest, tls->handshake_ctx );
 
        return 0;
}

References digest_algorithm::ctxsize, digest_init(), ENOMEM, tls_connection::handshake_ctx, tls_connection::handshake_digest, malloc(), and tls_clear_handshake().

Referenced by tls_select_cipher().

◆ tls_add_handshake()

int tls_add_handshake	(	struct tls_connection *	tls,
		const void *	data,
		size_t	len )

static

Add handshake record to verification hash.

Parameters

tls	TLS connection
data	Handshake record
len	Length of handshake record

Return values

rc	Return status code

Definition at line 823 of file tls.c.

                                                              {
        struct digest_algorithm *digest = tls->handshake_digest;
 
        digest_update ( digest, tls->handshake_ctx, data, len );
        return 0;
}

References data, digest_update(), tls_connection::handshake_ctx, tls_connection::handshake_digest, and len.

Referenced by tls_new_handshake(), tls_new_server_hello(), and tls_send_record().

◆ tls_find_cipher_suite()

struct tls_cipher_suite * tls_find_cipher_suite ( unsigned int cipher_suite )

static

Identify cipher suite.

Parameters

cipher_suite Cipher suite specification

Return values

suite Cipher suite, or NULL

Definition at line 872 of file tls.c.

                                                    {
        struct tls_cipher_suite *suite;
 
        /* Identify cipher suite */
        for_each_table_entry ( suite, TLS_CIPHER_SUITES ) {
                if ( suite->code == cipher_suite )
                        return suite;
        }
 
        return NULL;
}

References tls_cipher_suite::code, for_each_table_entry, NULL, and TLS_CIPHER_SUITES.

Referenced by tls_select_cipher().

◆ tls_clear_cipher() [2/2]

void tls_clear_cipher	(	struct tls_connection *tls	__unused,
		struct tls_cipherspec *	cipherspec )

static

Clear cipher suite.

Parameters

cipherspec TLS cipher specification

Definition at line 889 of file tls.c.

                                                                   {
 
        free ( cipherspec->dynamic );
        memset ( cipherspec, 0, sizeof ( *cipherspec ) );
        cipherspec->suite = &tls_cipher_suite_null;
}

References __unused, tls_cipherspec::dynamic, free, memset(), tls_cipherspec::suite, and tls_cipher_suite_null.

◆ tls_set_cipher()

int tls_set_cipher	(	struct tls_connection *	tls,
		struct tls_cipherspec *	cipherspec,
		struct tls_cipher_suite *	suite )

static

Set cipher suite.

Parameters

tls	TLS connection
cipherspec	TLS cipher specification
suite	Cipher suite

Return values

rc	Return status code

Definition at line 905 of file tls.c.

                                                             {
        struct cipher_algorithm *cipher = suite->cipher;
        size_t total;
        void *dynamic;
 
        /* Clear out old cipher contents, if any */
        tls_clear_cipher ( tls, cipherspec );
 
        /* Allocate dynamic storage */
        total = ( cipher->ctxsize + suite->mac_len + suite->fixed_iv_len );
        dynamic = zalloc ( total );
        if ( ! dynamic ) {
                DBGC ( tls, "TLS %p could not allocate %zd bytes for crypto "
                       "context\n", tls, total );
                return -ENOMEM_CONTEXT;
        }
 
        /* Assign storage */
        cipherspec->dynamic = dynamic;
        cipherspec->cipher_ctx = dynamic;     dynamic += cipher->ctxsize;
        cipherspec->mac_secret = dynamic;     dynamic += suite->mac_len;
        cipherspec->fixed_iv = dynamic;         dynamic += suite->fixed_iv_len;
        assert ( ( cipherspec->dynamic + total ) == dynamic );
 
        /* Store parameters */
        cipherspec->suite = suite;
 
        return 0;
}

References assert, tls_cipher_suite::cipher, tls_cipherspec::cipher_ctx, cipher_algorithm::ctxsize, DBGC, tls_cipherspec::dynamic, ENOMEM_CONTEXT, tls_cipherspec::fixed_iv, tls_cipher_suite::fixed_iv_len, tls_cipher_suite::mac_len, tls_cipherspec::mac_secret, tls_cipherspec::suite, tls_clear_cipher(), and zalloc().

Referenced by tls_select_cipher().

◆ tls_select_cipher()

int tls_select_cipher	(	struct tls_connection *	tls,
		unsigned int	cipher_suite )

static

Select next cipher suite.

Parameters

tls	TLS connection
cipher_suite	Cipher suite specification

Return values

rc	Return status code

Definition at line 944 of file tls.c.

                                                           {
        struct tls_cipher_suite *suite;
        struct digest_algorithm *digest;
        int rc;
 
        /* Identify cipher suite */
        suite = tls_find_cipher_suite ( cipher_suite );
        if ( ! suite ) {
                DBGC ( tls, "TLS %p does not support cipher %04x\n",
                       tls, ntohs ( cipher_suite ) );
                return -ENOTSUP_CIPHER;
        }
 
        /* Set handshake digest algorithm */
        digest = ( tls_version ( tls, TLS_VERSION_TLS_1_2 ) ?
                   suite->handshake : &md5_sha1_algorithm );
        if ( ( rc = tls_select_handshake ( tls, digest ) ) != 0 )
                return rc;
 
        /* Set ciphers */
        if ( ( rc = tls_set_cipher ( tls, &tls->tx.cipherspec.pending,
                                     suite ) ) != 0 )
                return rc;
        if ( ( rc = tls_set_cipher ( tls, &tls->rx.cipherspec.pending,
                                     suite ) ) != 0 )
                return rc;
 
        DBGC ( tls, "TLS %p selected %s-%s-%s-%d-%s\n", tls,
               suite->exchange->name, suite->pubkey->name,
               suite->cipher->name, ( suite->key_len * 8 ),
               suite->digest->name );
 
        return 0;
}

References tls_cipher_suite::cipher, tls_rx::cipherspec, tls_tx::cipherspec, DBGC, tls_cipher_suite::digest, ENOTSUP_CIPHER, tls_cipher_suite::exchange, tls_cipher_suite::handshake, tls_cipher_suite::key_len, md5_sha1_algorithm, cipher_algorithm::name, digest_algorithm::name, pubkey_algorithm::name, tls_key_exchange_algorithm::name, ntohs, tls_cipherspec_pair::pending, tls_cipher_suite::pubkey, rc, tls_connection::rx, tls_find_cipher_suite(), tls_select_handshake(), tls_set_cipher(), tls_version(), TLS_VERSION_TLS_1_2, and tls_connection::tx.

Referenced by tls_new_server_hello().

◆ tls_change_cipher()

int tls_change_cipher	(	struct tls_connection *	tls,
		struct tls_cipherspec_pair *	pair )

static

Activate next cipher suite.

Parameters

tls	TLS connection
pair	Cipher specification pair

Return values

rc	Return status code

Definition at line 987 of file tls.c.

                                                                  {
 
        /* Sanity check */
        if ( pair->pending.suite == &tls_cipher_suite_null ) {
                DBGC ( tls, "TLS %p refusing to use null cipher\n", tls );
                return -ENOTSUP_NULL;
        }
 
        tls_clear_cipher ( tls, &pair->active );
        memswap ( &pair->active, &pair->pending, sizeof ( pair->active ) );
        return 0;
}

References tls_cipherspec_pair::active, DBGC, ENOTSUP_NULL, memswap(), tls_cipherspec_pair::pending, tls_cipherspec::suite, tls_cipher_suite_null, and tls_clear_cipher().

Referenced by tls_new_change_cipher(), and tls_tx_step().

◆ tls_signature_hash_algorithm()

struct tls_signature_hash_algorithm * tls_signature_hash_algorithm	(	struct pubkey_algorithm *	pubkey,
		struct digest_algorithm *	digest )

static

Find TLS signature and hash algorithm.

Parameters

pubkey	Public-key algorithm
digest	Digest algorithm

Return values

sig_hash Signature and hash algorithm, or NULL

Definition at line 1020 of file tls.c.

                                                                 {
        struct tls_signature_hash_algorithm *sig_hash;
 
        /* Identify signature and hash algorithm */
        for_each_table_entry ( sig_hash, TLS_SIG_HASH_ALGORITHMS ) {
                if ( ( sig_hash->pubkey == pubkey ) &&
                     ( sig_hash->digest == digest ) ) {
                        return sig_hash;
                }
        }
 
        return NULL;
}

References tls_signature_hash_algorithm::digest, for_each_table_entry, NULL, tls_signature_hash_algorithm::pubkey, and TLS_SIG_HASH_ALGORITHMS.

Referenced by tls_send_certificate_verify().

◆ tls_signature_hash_pubkey()

struct pubkey_algorithm * tls_signature_hash_pubkey ( struct tls_signature_hash_id code )

static

Find TLS signature algorithm.

Parameters

code	Signature and hash algorithm identifier

Return values

pubkey Public key algorithm, or NULL

Definition at line 1042 of file tls.c.

                                                                {
        struct tls_signature_hash_algorithm *sig_hash;
 
        /* Identify signature and hash algorithm */
        for_each_table_entry ( sig_hash, TLS_SIG_HASH_ALGORITHMS ) {
                if ( sig_hash->code.signature == code.signature )
                        return sig_hash->pubkey;
        }
 
        return NULL;
}

References code, tls_signature_hash_algorithm::code, for_each_table_entry, NULL, tls_signature_hash_algorithm::pubkey, tls_signature_hash_id::signature, and TLS_SIG_HASH_ALGORITHMS.

Referenced by tls_verify_dh_params().

◆ tls_signature_hash_digest()

struct digest_algorithm * tls_signature_hash_digest ( struct tls_signature_hash_id code )

static

Find TLS hash algorithm.

Parameters

code	Signature and hash algorithm identifier

Return values

digest Digest algorithm, or NULL

Definition at line 1061 of file tls.c.

                                                                {
        struct tls_signature_hash_algorithm *sig_hash;
 
        /* Identify signature and hash algorithm */
        for_each_table_entry ( sig_hash, TLS_SIG_HASH_ALGORITHMS ) {
                if ( sig_hash->code.hash == code.hash )
                        return sig_hash->digest;
        }
 
        return NULL;
}

References code, tls_signature_hash_algorithm::code, tls_signature_hash_algorithm::digest, for_each_table_entry, tls_signature_hash_id::hash, NULL, and TLS_SIG_HASH_ALGORITHMS.

Referenced by tls_verify_dh_params().

◆ tls_find_named_curve()

struct tls_named_curve * tls_find_named_curve ( unsigned int named_curve )

static

Identify named curve.

Parameters

named_curve Named curve specification

Return values

curve Named curve, or NULL

Definition at line 1090 of file tls.c.

                                                  {
        struct tls_named_curve *curve;
 
        /* Identify named curve */
        for_each_table_entry ( curve, TLS_NAMED_CURVES ) {
                if ( curve->code == named_curve )
                        return curve;
        }
 
        return NULL;
}

References tls_named_curve::curve, for_each_table_entry, NULL, and TLS_NAMED_CURVES.

Referenced by tls_send_client_key_exchange_ecdhe().

◆ tls_tx_resume()

void tls_tx_resume ( struct tls_connection * tls )

static

Resume TX state machine.

Parameters

tls	TLS connection

Definition at line 1114 of file tls.c.

                                                         {
        process_add ( &tls->tx.process );
}

References tls_tx::process, process_add(), and tls_connection::tx.

Referenced by tls_new_finished(), tls_restart(), tls_tx_resume_all(), tls_tx_step(), and tls_validator_done().

◆ tls_restart()

void tls_restart ( struct tls_connection * tls )

static

Restart negotiation.

Parameters

tls	TLS connection

Definition at line 1135 of file tls.c.

                                                       {
 
        /* Sanity check */
        assert ( ! tls->tx.pending );
        assert ( ! is_pending ( &tls->client.negotiation ) );
        assert ( ! is_pending ( &tls->server.negotiation ) );
        assert ( ! is_pending ( &tls->server.validation ) );
 
        /* (Re)start negotiation */
        tls->tx.pending = TLS_TX_CLIENT_HELLO;
        tls_tx_resume ( tls );
        pending_get ( &tls->client.negotiation );
        pending_get ( &tls->server.negotiation );
}

References assert, tls_connection::client, is_pending(), tls_client::negotiation, tls_server::negotiation, tls_tx::pending, pending_get(), tls_connection::server, TLS_TX_CLIENT_HELLO, tls_tx_resume(), tls_connection::tx, and tls_server::validation.

Referenced by add_tls(), and tls_new_hello_request().

◆ tls_send_handshake()

int tls_send_handshake	(	struct tls_connection *	tls,
		const void *	data,
		size_t	len )

static

Transmit Handshake record.

Parameters

tls	TLS connection
data	Plaintext record
len	Length of plaintext record

Return values

rc	Return status code

Definition at line 1158 of file tls.c.

                                                               {
 
        /* Send record */
        return tls_send_plaintext ( tls, TLS_TYPE_HANDSHAKE, data, len );
}

References data, len, tls_send_plaintext(), and TLS_TYPE_HANDSHAKE.

Referenced by tls_send_certificate_verify(), tls_send_client_hello(), tls_send_client_key_exchange_dhe(), tls_send_client_key_exchange_ecdhe(), tls_send_client_key_exchange_pubkey(), and tls_send_finished().

◆ tls_client_hello()

int tls_client_hello	(	struct tls_connection *	tls,
		int(*	action )(struct tls_connection tls, const void data, size_t len) )

static

Digest or transmit Client Hello record.

Parameters

tls	TLS connection
action	Action to take on Client Hello record

Return values

rc	Return status code

Definition at line 1172 of file tls.c.

                                                                {
        struct tls_session *session = tls->session;
        size_t name_len = strlen ( session->name );
        struct {
                uint16_t type;
                uint16_t len;
                struct {
                        uint16_t len;
                        struct {
                                uint8_t type;
                                uint16_t len;
                                uint8_t name[name_len];
                        } __attribute__ (( packed )) list[1];
                } __attribute__ (( packed )) data;
        } __attribute__ (( packed )) *server_name_ext;
        struct {
                uint16_t type;
                uint16_t len;
                struct {
                        uint8_t max;
                } __attribute__ (( packed )) data;
        } __attribute__ (( packed )) *max_fragment_length_ext;
        struct {
                uint16_t type;
                uint16_t len;
                struct {
                        uint16_t len;
                        struct tls_signature_hash_id
                                code[TLS_NUM_SIG_HASH_ALGORITHMS];
                } __attribute__ (( packed )) data;
        } __attribute__ (( packed )) *signature_algorithms_ext;
        struct {
                uint16_t type;
                uint16_t len;
                struct {
                        uint8_t len;
                        uint8_t data[ tls->secure_renegotiation ?
                                      sizeof ( tls->verify.client ) :0 ];
                } __attribute__ (( packed )) data;
        } __attribute__ (( packed )) *renegotiation_info_ext;
        struct {
                uint16_t type;
                uint16_t len;
                struct {
                        uint8_t data[session->ticket_len];
                } __attribute__ (( packed )) data;
        } __attribute__ (( packed )) *session_ticket_ext;
        struct {
                uint16_t type;
                uint16_t len;
                struct {
                        uint16_t len;
                        uint16_t code[TLS_NUM_NAMED_CURVES];
                } __attribute__ (( packed )) data;
        } __attribute__ (( packed )) *named_curve_ext;
        struct {
                uint16_t type;
                uint16_t len;
        } __attribute__ (( packed )) *extended_master_secret_ext;
        struct {
                typeof ( *server_name_ext ) server_name;
                typeof ( *max_fragment_length_ext ) max_fragment_length;
                typeof ( *signature_algorithms_ext ) signature_algorithms;
                typeof ( *renegotiation_info_ext ) renegotiation_info;
                typeof ( *session_ticket_ext ) session_ticket;
                typeof ( *extended_master_secret_ext ) extended_master_secret;
                typeof ( *named_curve_ext )
                        named_curve[TLS_NUM_NAMED_CURVES ? 1 : 0];
        } __attribute__ (( packed )) *extensions;
        struct {
                uint32_t type_length;
                uint16_t version;
                uint8_t random[32];
                uint8_t session_id_len;
                uint8_t session_id[tls->session_id_len];
                uint16_t cipher_suite_len;
                uint16_t cipher_suites[TLS_NUM_CIPHER_SUITES];
                uint8_t compression_methods_len;
                uint8_t compression_methods[1];
                uint16_t extensions_len;
                typeof ( *extensions ) extensions;
        } __attribute__ (( packed )) hello;
        struct tls_cipher_suite *suite;
        struct tls_signature_hash_algorithm *sighash;
        struct tls_named_curve *curve;
        unsigned int i;
 
        /* Construct record */
        memset ( &hello, 0, sizeof ( hello ) );
        hello.type_length = ( cpu_to_le32 ( TLS_CLIENT_HELLO ) |
                              htonl ( sizeof ( hello ) -
                                      sizeof ( hello.type_length ) ) );
        hello.version = htons ( TLS_VERSION_MAX );
        memcpy ( &hello.random, &tls->client.random, sizeof ( hello.random ) );
        hello.session_id_len = tls->session_id_len;
        memcpy ( hello.session_id, tls->session_id,
                 sizeof ( hello.session_id ) );
        hello.cipher_suite_len = htons ( sizeof ( hello.cipher_suites ) );
        i = 0 ; for_each_table_entry ( suite, TLS_CIPHER_SUITES )
                hello.cipher_suites[i++] = suite->code;
        hello.compression_methods_len = sizeof ( hello.compression_methods );
        hello.extensions_len = htons ( sizeof ( hello.extensions ) );
        extensions = &hello.extensions;
 
        /* Construct server name extension */
        server_name_ext = &extensions->server_name;
        server_name_ext->type = htons ( TLS_SERVER_NAME );
        server_name_ext->len = htons ( sizeof ( server_name_ext->data ) );
        server_name_ext->data.len
                = htons ( sizeof ( server_name_ext->data.list ) );
        server_name_ext->data.list[0].type = TLS_SERVER_NAME_HOST_NAME;
        server_name_ext->data.list[0].len
                = htons ( sizeof ( server_name_ext->data.list[0].name ) );
        memcpy ( server_name_ext->data.list[0].name, session->name,
                 sizeof ( server_name_ext->data.list[0].name ) );
 
        /* Construct maximum fragment length extension */
        max_fragment_length_ext = &extensions->max_fragment_length;
        max_fragment_length_ext->type = htons ( TLS_MAX_FRAGMENT_LENGTH );
        max_fragment_length_ext->len
                = htons ( sizeof ( max_fragment_length_ext->data ) );
        max_fragment_length_ext->data.max = TLS_MAX_FRAGMENT_LENGTH_VALUE;
 
        /* Construct supported signature algorithms extension */
        signature_algorithms_ext = &extensions->signature_algorithms;
        signature_algorithms_ext->type = htons ( TLS_SIGNATURE_ALGORITHMS );
        signature_algorithms_ext->len
                = htons ( sizeof ( signature_algorithms_ext->data ) );
        signature_algorithms_ext->data.len
                = htons ( sizeof ( signature_algorithms_ext->data.code ) );
        i = 0 ; for_each_table_entry ( sighash, TLS_SIG_HASH_ALGORITHMS )
                signature_algorithms_ext->data.code[i++] = sighash->code;
 
        /* Construct renegotiation information extension */
        renegotiation_info_ext = &extensions->renegotiation_info;
        renegotiation_info_ext->type = htons ( TLS_RENEGOTIATION_INFO );
        renegotiation_info_ext->len
                = htons ( sizeof ( renegotiation_info_ext->data ) );
        renegotiation_info_ext->data.len
                = sizeof ( renegotiation_info_ext->data.data );
        memcpy ( renegotiation_info_ext->data.data, tls->verify.client,
                 sizeof ( renegotiation_info_ext->data.data ) );
 
        /* Construct session ticket extension */
        session_ticket_ext = &extensions->session_ticket;
        session_ticket_ext->type = htons ( TLS_SESSION_TICKET );
        session_ticket_ext->len
                = htons ( sizeof ( session_ticket_ext->data ) );
        memcpy ( session_ticket_ext->data.data, session->ticket,
                 sizeof ( session_ticket_ext->data.data ) );
 
        /* Construct extended master secret extension */
        extended_master_secret_ext = &extensions->extended_master_secret;
        extended_master_secret_ext->type
                = htons ( TLS_EXTENDED_MASTER_SECRET );
        extended_master_secret_ext->len = 0;
 
        /* Construct named curves extension, if applicable */
        if ( sizeof ( extensions->named_curve ) ) {
                named_curve_ext = &extensions->named_curve[0];
                named_curve_ext->type = htons ( TLS_NAMED_CURVE );
                named_curve_ext->len
                        = htons ( sizeof ( named_curve_ext->data ) );
                named_curve_ext->data.len
                        = htons ( sizeof ( named_curve_ext->data.code ) );
                i = 0 ; for_each_table_entry ( curve, TLS_NAMED_CURVES )
                        named_curve_ext->data.code[i++] = curve->code;
        }
 
        return action ( tls, &hello, sizeof ( hello ) );
}

References __attribute__, tls_connection::client, tls_verify_data::client, code, tls_cipher_suite::code, tls_signature_hash_algorithm::code, cpu_to_le32, tls_named_curve::curve, data, for_each_table_entry, hello, htonl, htons, len, tls_session::list, max, memcpy(), memset(), name, tls_session::name, random(), tls_client::random, tls_connection::secure_renegotiation, tls_connection::session, tls_connection::session_id, tls_connection::session_id_len, strlen(), tls_session::ticket, tls_session::ticket_len, TLS_CIPHER_SUITES, TLS_CLIENT_HELLO, TLS_EXTENDED_MASTER_SECRET, TLS_MAX_FRAGMENT_LENGTH, TLS_MAX_FRAGMENT_LENGTH_VALUE, TLS_NAMED_CURVE, TLS_NAMED_CURVES, TLS_NUM_CIPHER_SUITES, TLS_NUM_NAMED_CURVES, TLS_NUM_SIG_HASH_ALGORITHMS, TLS_RENEGOTIATION_INFO, TLS_SERVER_NAME, TLS_SERVER_NAME_HOST_NAME, TLS_SESSION_TICKET, TLS_SIG_HASH_ALGORITHMS, TLS_SIGNATURE_ALGORITHMS, TLS_VERSION_MAX, type, typeof(), tls_connection::verify, and version.

Referenced by tls_new_server_hello(), and tls_send_client_hello().

◆ tls_send_client_hello()

int tls_send_client_hello ( struct tls_connection * tls )

static

Transmit Client Hello record.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1353 of file tls.c.

                                                                {
 
        return tls_client_hello ( tls, tls_send_handshake );
}

References tls_client_hello(), and tls_send_handshake().

Referenced by tls_tx_step().

◆ tls_send_certificate()

int tls_send_certificate ( struct tls_connection * tls )

static

Transmit Certificate record.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1364 of file tls.c.

                                                               {
        struct {
                tls24_t length;
                uint8_t data[0];
        } __attribute__ (( packed )) *certificate;
        struct {
                uint32_t type_length;
                tls24_t length;
                typeof ( *certificate ) certificates[0];
        } __attribute__ (( packed )) *certificates;
        struct x509_link *link;
        struct x509_certificate *cert;
        struct io_buffer *iobuf;
        size_t len;
 
        /* Calculate length of client certificates */
        len = 0;
        list_for_each_entry ( link, &tls->client.chain->links, list ) {
                cert = link->cert;
                len += ( sizeof ( *certificate ) + cert->raw.len );
                DBGC ( tls, "TLS %p sending client certificate %s\n",
                       tls, x509_name ( cert ) );
        }
 
        /* Allocate storage for Certificate record (which may be too
         * large for the stack).
         */
        iobuf = tls_alloc_iob ( tls, ( sizeof ( *certificates ) + len ) );
        if ( ! iobuf )
                return -ENOMEM_CERTIFICATE;
 
        /* Populate record */
        certificates = iob_put ( iobuf, sizeof ( *certificates ) );
        certificates->type_length =
                ( cpu_to_le32 ( TLS_CERTIFICATE ) |
                  htonl ( sizeof ( *certificates ) + len -
                          sizeof ( certificates->type_length ) ) );
        tls_set_uint24 ( &certificates->length, len );
        list_for_each_entry ( link, &tls->client.chain->links, list ) {
                cert = link->cert;
                certificate = iob_put ( iobuf, sizeof ( *certificate ) );
                tls_set_uint24 ( &certificate->length, cert->raw.len );
                memcpy ( iob_put ( iobuf, cert->raw.len ), cert->raw.data,
                         cert->raw.len );
        }
 
        /* Transmit record */
        return tls_send_record ( tls, TLS_TYPE_HANDSHAKE,
                                 iob_disown ( iobuf ) );
}

References __attribute__, tls_client::chain, tls_connection::client, cpu_to_le32, asn1_cursor::data, data, DBGC, ENOMEM_CERTIFICATE, htonl, iob_disown, iob_put, asn1_cursor::len, len, length, link, x509_chain::links, io_buffer::list, list_for_each_entry, memcpy(), x509_certificate::raw, tls_alloc_iob(), TLS_CERTIFICATE, tls_send_record(), tls_set_uint24(), TLS_TYPE_HANDSHAKE, typeof(), and x509_name().

Referenced by tls_tx_step().

◆ tls_send_client_key_exchange_pubkey()

int tls_send_client_key_exchange_pubkey ( struct tls_connection * tls )

static

Transmit Client Key Exchange record using public key exchange.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1421 of file tls.c.

                                                                              {
        struct tls_cipherspec *cipherspec = &tls->tx.cipherspec.pending;
        struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
        struct {
                uint16_t version;
                uint8_t random[46];
        } __attribute__ (( packed )) pre_master_secret;
        struct asn1_cursor cursor = {
                .data = &pre_master_secret,
                .len = sizeof ( pre_master_secret ),
        };
        struct asn1_builder builder = { NULL, 0 };
        int rc;
 
        /* Generate pre-master secret */
        pre_master_secret.version = htons ( TLS_VERSION_MAX );
        if ( ( rc = tls_generate_random ( tls, &pre_master_secret.random,
                          ( sizeof ( pre_master_secret.random ) ) ) ) != 0 ) {
                goto err_random;
        }
 
        /* Encrypt pre-master secret using server's public key */
        if ( ( rc = pubkey_encrypt ( pubkey, &tls->server.key, &cursor,
                                     &builder ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not encrypt pre-master secret: %s\n",
                       tls, strerror ( rc ) );
                goto err_encrypt;
        }
 
        /* Construct Client Key Exchange record */
        {
                struct {
                        uint32_t type_length;
                        uint16_t encrypted_pre_master_secret_len;
                } __attribute__ (( packed )) header;
 
                header.type_length =
                        ( cpu_to_le32 ( TLS_CLIENT_KEY_EXCHANGE ) |
                          htonl ( builder.len + sizeof ( header ) -
                                  sizeof ( header.type_length ) ) );
                header.encrypted_pre_master_secret_len = htons ( builder.len );
 
                if ( ( rc = asn1_prepend_raw ( &builder, &header,
                                               sizeof ( header ) ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not construct Client Key "
                               "Exchange: %s\n", tls, strerror ( rc ) );
                        goto err_prepend;
                }
        }
 
        /* Transmit Client Key Exchange record */
        if ( ( rc = tls_send_handshake ( tls, builder.data,
                                         builder.len ) ) != 0 ) {
                goto err_send;
        }
 
        /* Generate master secret */
        tls_generate_master_secret ( tls, &pre_master_secret,
                                     sizeof ( pre_master_secret ) );
 
 err_random:
 err_encrypt:
 err_prepend:
 err_send:
        free ( builder.data );
        return rc;
}

References __attribute__, asn1_prepend_raw(), tls_tx::cipherspec, cpu_to_le32, asn1_builder::data, DBGC, free, header, htonl, htons, tls_server::key, asn1_builder::len, NULL, tls_cipherspec_pair::pending, tls_cipher_suite::pubkey, pubkey_encrypt(), random(), rc, tls_connection::server, strerror(), tls_cipherspec::suite, TLS_CLIENT_KEY_EXCHANGE, tls_generate_master_secret(), tls_generate_random(), tls_send_handshake(), TLS_VERSION_MAX, tls_connection::tx, and version.

◆ tls_verify_dh_params()

int tls_verify_dh_params	(	struct tls_connection *	tls,
		size_t	param_len )

static

Verify Diffie-Hellman parameter signature.

Parameters

tls	TLS connection
param_len	Diffie-Hellman parameter length

Return values

rc	Return status code

Definition at line 1502 of file tls.c.

                                                     {
        struct tls_cipherspec *cipherspec = &tls->tx.cipherspec.pending;
        struct pubkey_algorithm *pubkey;
        struct digest_algorithm *digest;
        int use_sig_hash = tls_version ( tls, TLS_VERSION_TLS_1_2 );
        const struct {
                struct tls_signature_hash_id sig_hash[use_sig_hash];
                uint16_t signature_len;
                uint8_t signature[0];
        } __attribute__ (( packed )) *sig;
        struct asn1_cursor signature;
        const void *data;
        size_t remaining;
        int rc;
 
        /* Signature follows parameters */
        assert ( param_len <= tls->server.exchange_len );
        data = ( tls->server.exchange + param_len );
        remaining = ( tls->server.exchange_len - param_len );
 
        /* Parse signature from ServerKeyExchange */
        sig = data;
        if ( ( sizeof ( *sig ) > remaining ) ||
             ( ntohs ( sig->signature_len ) > ( remaining -
                                                sizeof ( *sig ) ) ) ) {
                DBGC ( tls, "TLS %p received underlength ServerKeyExchange\n",
                       tls );
                DBGC_HDA ( tls, 0, tls->server.exchange,
                           tls->server.exchange_len );
                return -EINVAL_KEY_EXCHANGE;
        }
        signature.data = sig->signature;
        signature.len = ntohs ( sig->signature_len );
 
        /* Identify signature and hash algorithm */
        if ( use_sig_hash ) {
                pubkey = tls_signature_hash_pubkey ( sig->sig_hash[0] );
                digest = tls_signature_hash_digest ( sig->sig_hash[0] );
                if ( ( ! pubkey ) || ( ! digest ) ) {
                        DBGC ( tls, "TLS %p ServerKeyExchange unsupported "
                               "signature and hash algorithm\n", tls );
                        return -ENOTSUP_SIG_HASH;
                }
                if ( pubkey != cipherspec->suite->pubkey ) {
                        DBGC ( tls, "TLS %p ServerKeyExchange incorrect "
                               "signature algorithm %s (expected %s)\n", tls,
                               pubkey->name, cipherspec->suite->pubkey->name );
                        return -EPERM_KEY_EXCHANGE;
                }
        } else {
                pubkey = cipherspec->suite->pubkey;
                digest = &md5_sha1_algorithm;
        }
 
        /* Verify signature */
        {
                uint8_t ctx[digest->ctxsize];
                uint8_t hash[digest->digestsize];
 
                /* Calculate digest */
                digest_init ( digest, ctx );
                digest_update ( digest, ctx, &tls->client.random,
                                sizeof ( tls->client.random ) );
                digest_update ( digest, ctx, tls->server.random,
                                sizeof ( tls->server.random ) );
                digest_update ( digest, ctx, tls->server.exchange, param_len );
                digest_final ( digest, ctx, hash );
 
                /* Verify signature */
                if ( ( rc = pubkey_verify ( pubkey, &tls->server.key, digest,
                                            hash, &signature ) ) != 0 ) {
                        DBGC ( tls, "TLS %p ServerKeyExchange failed "
                               "verification\n", tls );
                        DBGC_HDA ( tls, 0, tls->server.exchange,
                                   tls->server.exchange_len );
                        return -EPERM_KEY_EXCHANGE;
                }
        }
 
        return 0;
}

References __attribute__, assert, tls_tx::cipherspec, tls_connection::client, ctx, digest_algorithm::ctxsize, data, DBGC, DBGC_HDA, digest_final(), digest_init(), digest_update(), digest_algorithm::digestsize, EINVAL_KEY_EXCHANGE, ENOTSUP_SIG_HASH, EPERM_KEY_EXCHANGE, tls_server::exchange, tls_server::exchange_len, hash, tls_server::key, md5_sha1_algorithm, pubkey_algorithm::name, ntohs, tls_cipherspec_pair::pending, tls_cipher_suite::pubkey, pubkey_verify(), tls_client::random, tls_server::random, rc, tls_connection::server, sig, signature, tls_cipherspec::suite, tls_signature_hash_digest(), tls_signature_hash_pubkey(), tls_version(), TLS_VERSION_TLS_1_2, and tls_connection::tx.

Referenced by tls_send_client_key_exchange_dhe(), and tls_send_client_key_exchange_ecdhe().

◆ tls_send_client_key_exchange_dhe()

int tls_send_client_key_exchange_dhe ( struct tls_connection * tls )

static

Transmit Client Key Exchange record using DHE key exchange.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1591 of file tls.c.

                                                                           {
        uint8_t private[ sizeof ( tls->client.random.random ) ];
        const struct {
                uint16_t len;
                uint8_t data[0];
        } __attribute__ (( packed )) *dh_val[3];
        const void *data;
        size_t remaining;
        size_t frag_len;
        size_t param_len;
        unsigned int i;
        int rc;
 
        /* Parse ServerKeyExchange */
        data = tls->server.exchange;
        remaining = tls->server.exchange_len;
        for ( i = 0 ; i < ( sizeof ( dh_val ) / sizeof ( dh_val[0] ) ) ; i++ ){
                dh_val[i] = data;
                if ( ( sizeof ( *dh_val[i] ) > remaining ) ||
                     ( ntohs ( dh_val[i]->len ) > ( remaining -
                                                    sizeof ( *dh_val[i] ) ) )){
                        DBGC ( tls, "TLS %p received underlength "
                               "ServerKeyExchange\n", tls );
                        DBGC_HDA ( tls, 0, tls->server.exchange,
                                   tls->server.exchange_len );
                        rc = -EINVAL_KEY_EXCHANGE;
                        goto err_header;
                }
                frag_len = ( sizeof ( *dh_val[i] ) + ntohs ( dh_val[i]->len ));
                data += frag_len;
                remaining -= frag_len;
        }
        param_len = ( tls->server.exchange_len - remaining );
 
        /* Verify parameter signature */
        if ( ( rc = tls_verify_dh_params ( tls, param_len ) ) != 0 )
                goto err_verify;
 
        /* Generate Diffie-Hellman private key */
        if ( ( rc = tls_generate_random ( tls, private,
                                          sizeof ( private ) ) ) != 0 ) {
                goto err_random;
        }
 
        /* Construct pre-master secret and ClientKeyExchange record */
        {
                typeof ( dh_val[0] ) dh_p = dh_val[0];
                typeof ( dh_val[1] ) dh_g = dh_val[1];
                typeof ( dh_val[2] ) dh_ys = dh_val[2];
                size_t len = ntohs ( dh_p->len );
                struct {
                        uint32_t type_length;
                        uint16_t dh_xs_len;
                        uint8_t dh_xs[len];
                } __attribute__ (( packed )) *key_xchg;
                struct {
                        uint8_t pre_master_secret[len];
                        typeof ( *key_xchg ) key_xchg;
                } *dynamic;
                uint8_t *pre_master_secret;
 
                /* Allocate space */
                dynamic = malloc ( sizeof ( *dynamic ) );
                if ( ! dynamic ) {
                        rc = -ENOMEM;
                        goto err_alloc;
                }
                pre_master_secret = dynamic->pre_master_secret;
                key_xchg = &dynamic->key_xchg;
                key_xchg->type_length =
                        ( cpu_to_le32 ( TLS_CLIENT_KEY_EXCHANGE ) |
                          htonl ( sizeof ( *key_xchg ) -
                                  sizeof ( key_xchg->type_length ) ) );
                key_xchg->dh_xs_len = htons ( len );
 
                /* Calculate pre-master secret and client public value */
                if ( ( rc = dhe_key ( dh_p->data, len,
                                      dh_g->data, ntohs ( dh_g->len ),
                                      dh_ys->data, ntohs ( dh_ys->len ),
                                      private, sizeof ( private ),
                                      key_xchg->dh_xs,
                                      pre_master_secret ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not calculate DHE key: %s\n",
                               tls, strerror ( rc ) );
                        goto err_dhe_key;
                }
 
                /* Strip leading zeroes from pre-master secret */
                while ( len && ( ! *pre_master_secret ) ) {
                        pre_master_secret++;
                        len--;
                }
 
                /* Transmit Client Key Exchange record */
                if ( ( rc = tls_send_handshake ( tls, key_xchg,
                                                 sizeof ( *key_xchg ) ) ) !=0){
                        goto err_send_handshake;
                }
 
                /* Generate master secret */
                tls_generate_master_secret ( tls, pre_master_secret, len );
 
        err_send_handshake:
        err_dhe_key:
                free ( dynamic );
        }
 err_alloc:
 err_random:
 err_verify:
 err_header:
        return rc;
}

References __attribute__, tls_connection::client, cpu_to_le32, data, DBGC, DBGC_HDA, dhe_key(), EINVAL_KEY_EXCHANGE, ENOMEM, tls_server::exchange, tls_server::exchange_len, free, htonl, htons, len, malloc(), ntohs, tls_client::random, tls_client_random::random, rc, tls_connection::server, strerror(), TLS_CLIENT_KEY_EXCHANGE, tls_generate_master_secret(), tls_generate_random(), tls_send_handshake(), tls_verify_dh_params(), and typeof().

◆ tls_send_client_key_exchange_ecdhe()

int tls_send_client_key_exchange_ecdhe ( struct tls_connection * tls )

static

Transmit Client Key Exchange record using ECDHE key exchange.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1716 of file tls.c.

                                                                             {
        struct tls_named_curve *curve;
        const struct {
                uint8_t curve_type;
                uint16_t named_curve;
                uint8_t public_len;
                uint8_t public[0];
        } __attribute__ (( packed )) *ecdh;
        size_t param_len;
        size_t pointsize;
        size_t keysize;
        size_t offset;
        int rc;
 
        /* Parse ServerKeyExchange record */
        ecdh = tls->server.exchange;
        if ( ( sizeof ( *ecdh ) > tls->server.exchange_len ) ||
             ( ecdh->public_len > ( tls->server.exchange_len -
                                    sizeof ( *ecdh ) ) ) ) {
                DBGC ( tls, "TLS %p received underlength ServerKeyExchange\n",
                       tls );
                DBGC_HDA ( tls, 0, tls->server.exchange,
                           tls->server.exchange_len );
                return -EINVAL_KEY_EXCHANGE;
        }
        param_len = ( sizeof ( *ecdh ) + ecdh->public_len );
 
        /* Verify parameter signature */
        if ( ( rc = tls_verify_dh_params ( tls, param_len ) ) != 0 )
                return rc;
 
        /* Identify named curve */
        if ( ecdh->curve_type != TLS_NAMED_CURVE_TYPE ) {
                DBGC ( tls, "TLS %p unsupported curve type %d\n",
                       tls, ecdh->curve_type );
                DBGC_HDA ( tls, 0, tls->server.exchange,
                           tls->server.exchange_len );
                return -ENOTSUP_CURVE;
        }
        curve = tls_find_named_curve ( ecdh->named_curve );
        if ( ! curve ) {
                DBGC ( tls, "TLS %p unsupported named curve %d\n",
                       tls, ntohs ( ecdh->named_curve ) );
                DBGC_HDA ( tls, 0, tls->server.exchange,
                           tls->server.exchange_len );
                return -ENOTSUP_CURVE;
        }
        DBGC ( tls, "TLS %p using named curve %s\n", tls, curve->curve->name );
        pointsize = curve->curve->pointsize;
        keysize = curve->curve->keysize;
        offset = ( curve->format ? 1 : 0 );
 
        /* Check key length */
        if ( ecdh->public_len != ( offset + pointsize ) ) {
                DBGC ( tls, "TLS %p invalid %s key\n",
                       tls, curve->curve->name );
                DBGC_HDA ( tls, 0, tls->server.exchange,
                           tls->server.exchange_len );
                return -EINVAL_KEY_EXCHANGE;
        }
 
        /* Check curve point format byte (if present) */
        if ( curve->format && ( ecdh->public[0] != curve->format ) ) {
                DBGC ( tls, "TLS %p invalid %s curve point format\n",
                       tls, curve->curve->name );
                DBGC_HDA ( tls, 0, tls->server.exchange,
                           tls->server.exchange_len );
                return -EINVAL_KEY_EXCHANGE;
        }
 
        /* Construct pre-master secret and ClientKeyExchange record */
        {
                uint8_t private[keysize];
                uint8_t pre_master_secret[pointsize];
                struct {
                        uint32_t type_length;
                        uint8_t public_len;
                        uint8_t public[ecdh->public_len];
                } __attribute__ (( packed )) key_xchg;
 
                /* Generate ephemeral private key */
                if ( ( rc = tls_generate_random ( tls, private,
                                                  sizeof ( private ) ) ) != 0){
                        return rc;
                }
 
                /* Exchange keys */
                if ( ( rc = ecdhe_key ( curve->curve, ( ecdh->public + offset ),
                                        private, ( key_xchg.public + offset ),
                                        pre_master_secret ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not exchange ECDHE key: %s\n",
                               tls, strerror ( rc ) );
                        return rc;
                }
 
                /* Generate Client Key Exchange record */
                key_xchg.type_length =
                        ( cpu_to_le32 ( TLS_CLIENT_KEY_EXCHANGE ) |
                          htonl ( sizeof ( key_xchg ) -
                                  sizeof ( key_xchg.type_length ) ) );
                key_xchg.public_len = sizeof ( key_xchg.public );
                if ( curve->format )
                        key_xchg.public[0] = curve->format;
 
                /* Transmit Client Key Exchange record */
                if ( ( rc = tls_send_handshake ( tls, &key_xchg,
                                                 sizeof ( key_xchg ) ) ) !=0){
                        return rc;
                }
 
                /* Generate master secret */
                tls_generate_master_secret ( tls, pre_master_secret,
                                             curve->pre_master_secret_len );
        }
 
        return 0;
}

References __attribute__, cpu_to_le32, tls_named_curve::curve, DBGC, DBGC_HDA, ecdhe_key(), EINVAL_KEY_EXCHANGE, ENOTSUP_CURVE, tls_server::exchange, tls_server::exchange_len, tls_named_curve::format, htonl, elliptic_curve::keysize, keysize, elliptic_curve::name, ntohs, offset, elliptic_curve::pointsize, tls_named_curve::pre_master_secret_len, rc, tls_connection::server, strerror(), TLS_CLIENT_KEY_EXCHANGE, tls_find_named_curve(), tls_generate_master_secret(), tls_generate_random(), TLS_NAMED_CURVE_TYPE, tls_send_handshake(), and tls_verify_dh_params().

◆ tls_send_client_key_exchange()

int tls_send_client_key_exchange ( struct tls_connection * tls )

static

Transmit Client Key Exchange record.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1846 of file tls.c.

                                                                       {
        struct tls_cipherspec *cipherspec = &tls->tx.cipherspec.pending;
        struct tls_cipher_suite *suite = cipherspec->suite;
        int rc;
 
        /* Transmit Client Key Exchange record via key exchange algorithm */
        if ( ( rc = suite->exchange->exchange ( tls ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not exchange keys: %s\n",
                       tls, strerror ( rc ) );
                return rc;
        }
 
        /* Generate keys from master secret */
        if ( ( rc = tls_generate_keys ( tls ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not generate keys: %s\n",
                       tls, strerror ( rc ) );
                return rc;
        }
 
        return 0;
}

References tls_tx::cipherspec, DBGC, tls_cipher_suite::exchange, tls_key_exchange_algorithm::exchange, tls_cipherspec_pair::pending, rc, strerror(), tls_cipherspec::suite, tls_generate_keys(), and tls_connection::tx.

Referenced by tls_tx_step().

◆ tls_send_certificate_verify()

int tls_send_certificate_verify ( struct tls_connection * tls )

static

Transmit Certificate Verify record.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1874 of file tls.c.

                                                                      {
        struct digest_algorithm *digest = tls->handshake_digest;
        struct x509_certificate *cert = x509_first ( tls->client.chain );
        struct pubkey_algorithm *pubkey = cert->signature_algorithm->pubkey;
        struct asn1_cursor *key = privkey_cursor ( tls->client.key );
        uint8_t digest_out[ digest->digestsize ];
        struct tls_signature_hash_algorithm *sig_hash = NULL;
        struct asn1_builder builder = { NULL, 0 };
        int rc;
 
        /* Generate digest to be signed */
        tls_verify_handshake ( tls, digest_out );
 
        /* TLSv1.2 and later use explicit algorithm identifiers */
        if ( tls_version ( tls, TLS_VERSION_TLS_1_2 ) ) {
                sig_hash = tls_signature_hash_algorithm ( pubkey, digest );
                if ( ! sig_hash ) {
                        DBGC ( tls, "TLS %p could not identify (%s,%s) "
                               "signature and hash algorithm\n", tls,
                               pubkey->name, digest->name );
                        rc = -ENOTSUP_SIG_HASH;
                        goto err_sig_hash;
                }
        }
 
        /* Sign digest */
        if ( ( rc = pubkey_sign ( pubkey, key, digest, digest_out,
                                  &builder ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not sign %s digest using %s client "
                       "private key: %s\n", tls, digest->name, pubkey->name,
                       strerror ( rc ) );
                goto err_pubkey_sign;
        }
 
        /* Construct Certificate Verify record */
        {
                int use_sig_hash = ( ( sig_hash == NULL ) ? 0 : 1 );
                struct {
                        uint32_t type_length;
                        struct tls_signature_hash_id sig_hash[use_sig_hash];
                        uint16_t signature_len;
                } __attribute__ (( packed )) header;
 
                header.type_length = ( cpu_to_le32 ( TLS_CERTIFICATE_VERIFY ) |
                                       htonl ( builder.len +
                                               sizeof ( header ) -
                                               sizeof ( header.type_length )));
                if ( use_sig_hash ) {
                        memcpy ( &header.sig_hash[0], &sig_hash->code,
                                 sizeof ( header.sig_hash[0] ) );
                }
                header.signature_len = htons ( builder.len );
 
                if ( ( rc = asn1_prepend_raw ( &builder, &header,
                                               sizeof ( header ) ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not construct Certificate "
                               "Verify: %s\n", tls, strerror ( rc ) );
                        goto err_prepend;
                }
        }
 
        /* Transmit record */
        if ( ( rc = tls_send_handshake ( tls, builder.data,
                                         builder.len ) ) != 0 ) {
                goto err_send;
        }
 
 err_send:
 err_prepend:
 err_pubkey_sign:
 err_sig_hash:
        free ( builder.data );
        return rc;
}

References __attribute__, asn1_prepend_raw(), tls_client::chain, tls_connection::client, tls_signature_hash_algorithm::code, cpu_to_le32, asn1_builder::data, DBGC, digest_algorithm::digestsize, ENOTSUP_SIG_HASH, free, tls_connection::handshake_digest, header, htonl, htons, key, tls_client::key, asn1_builder::len, memcpy(), digest_algorithm::name, pubkey_algorithm::name, NULL, privkey_cursor(), asn1_algorithm::pubkey, pubkey_sign(), rc, x509_certificate::signature_algorithm, strerror(), TLS_CERTIFICATE_VERIFY, tls_send_handshake(), tls_signature_hash_algorithm(), tls_verify_handshake(), tls_version(), TLS_VERSION_TLS_1_2, and x509_first().

Referenced by tls_tx_step().

◆ tls_send_change_cipher()

int tls_send_change_cipher ( struct tls_connection * tls )

static

Transmit Change Cipher record.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1955 of file tls.c.

                                                                 {
        static const struct {
                uint8_t spec;
        } __attribute__ (( packed )) change_cipher = {
                .spec = TLS_CHANGE_CIPHER_SPEC,
        };
 
        return tls_send_plaintext ( tls, TLS_TYPE_CHANGE_CIPHER,
                                    &change_cipher, sizeof ( change_cipher ) );
}

References __attribute__, spec, TLS_CHANGE_CIPHER_SPEC, tls_send_plaintext(), and TLS_TYPE_CHANGE_CIPHER.

Referenced by tls_tx_step().

◆ tls_send_finished()

int tls_send_finished ( struct tls_connection * tls )

static

Transmit Finished record.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1972 of file tls.c.

                                                            {
        struct digest_algorithm *digest = tls->handshake_digest;
        struct {
                uint32_t type_length;
                uint8_t verify_data[ sizeof ( tls->verify.client ) ];
        } __attribute__ (( packed )) finished;
        uint8_t digest_out[ digest->digestsize ];
        int rc;
 
        /* Construct client verification data */
        tls_verify_handshake ( tls, digest_out );
        tls_prf_label ( tls, &tls->master_secret, sizeof ( tls->master_secret ),
                        tls->verify.client, sizeof ( tls->verify.client ),
                        "client finished", digest_out, sizeof ( digest_out ) );
 
        /* Construct record */
        memset ( &finished, 0, sizeof ( finished ) );
        finished.type_length = ( cpu_to_le32 ( TLS_FINISHED ) |
                                 htonl ( sizeof ( finished ) -
                                         sizeof ( finished.type_length ) ) );
        memcpy ( finished.verify_data, tls->verify.client,
                 sizeof ( finished.verify_data ) );
 
        /* Transmit record */
        if ( ( rc = tls_send_handshake ( tls, &finished,
                                         sizeof ( finished ) ) ) != 0 )
                return rc;
 
        /* Mark client as finished */
        pending_put ( &tls->client.negotiation );
 
        return 0;
}

References __attribute__, tls_connection::client, tls_verify_data::client, cpu_to_le32, digest_algorithm::digestsize, tls_connection::handshake_digest, htonl, tls_connection::master_secret, memcpy(), memset(), tls_client::negotiation, pending_put(), rc, TLS_FINISHED, tls_prf_label, tls_send_handshake(), tls_verify_handshake(), and tls_connection::verify.

Referenced by tls_tx_step().

◆ tls_new_change_cipher()

int tls_new_change_cipher	(	struct tls_connection *	tls,
		struct io_buffer *	iobuf )

static

Receive new Change Cipher record.

Parameters

tls	TLS connection
iobuf	I/O buffer

Return values

rc	Return status code

Definition at line 2036 of file tls.c.

                                                             {
        const struct {
                uint8_t spec;
        } __attribute__ (( packed )) *change_cipher = iobuf->data;
        size_t len = iob_len ( iobuf );
        int rc;
 
        /* Sanity check */
        if ( ( sizeof ( *change_cipher ) != len ) ||
             ( change_cipher->spec != TLS_CHANGE_CIPHER_SPEC ) ) {
                DBGC ( tls, "TLS %p received invalid Change Cipher\n", tls );
                DBGC_HD ( tls, change_cipher, len );
                return -EINVAL_CHANGE_CIPHER;
        }
        iob_pull ( iobuf, sizeof ( *change_cipher ) );
 
        /* Change receive cipher spec */
        if ( ( rc = tls_change_cipher ( tls, &tls->rx.cipherspec ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not activate RX cipher: %s\n",
                       tls, strerror ( rc ) );
                return rc;
        }
        tls->rx.seq = ~( ( uint64_t ) 0 );
 
        return 0;
}

References __attribute__, tls_rx::cipherspec, io_buffer::data, DBGC, DBGC_HD, EINVAL_CHANGE_CIPHER, iob_len(), iob_pull, len, rc, tls_connection::rx, tls_rx::seq, spec, strerror(), tls_change_cipher(), and TLS_CHANGE_CIPHER_SPEC.

Referenced by tls_new_record().

◆ tls_new_alert()

int tls_new_alert	(	struct tls_connection *	tls,
		struct io_buffer *	iobuf )

static

Receive new Alert record.

Parameters

tls	TLS connection
iobuf	I/O buffer

Return values

rc	Return status code

Definition at line 2071 of file tls.c.

                                                     {
        const struct {
                uint8_t level;
                uint8_t description;
                char next[0];
        } __attribute__ (( packed )) *alert = iobuf->data;
        size_t len = iob_len ( iobuf );
 
        /* Sanity check */
        if ( sizeof ( *alert ) != len ) {
                DBGC ( tls, "TLS %p received overlength Alert\n", tls );
                DBGC_HD ( tls, alert, len );
                return -EINVAL_ALERT;
        }
        iob_pull ( iobuf, sizeof ( *alert ) );
 
        /* Handle alert */
        switch ( alert->level ) {
        case TLS_ALERT_WARNING:
                switch ( alert->description ) {
                case TLS_ALERT_CLOSE_NOTIFY:
                        DBGC ( tls, "TLS %p closed by notification\n", tls );
                        tls_close ( tls, 0 );
                        break;
                default:
                        DBGC ( tls, "TLS %p received warning alert %d\n",
                               tls, alert->description );
                        break;
                }
                return 0;
        case TLS_ALERT_FATAL:
                DBGC ( tls, "TLS %p received fatal alert %d\n",
                       tls, alert->description );
                return -EPERM_ALERT;
        default:
                DBGC ( tls, "TLS %p received unknown alert level %d"
                       "(alert %d)\n", tls, alert->level, alert->description );
                return -EIO_ALERT;
        }
}

References __attribute__, alert(), io_buffer::data, DBGC, DBGC_HD, EINVAL_ALERT, EIO_ALERT, EPERM_ALERT, iob_len(), iob_pull, len, next, TLS_ALERT_CLOSE_NOTIFY, TLS_ALERT_FATAL, TLS_ALERT_WARNING, and tls_close().

Referenced by tls_new_record().

◆ tls_new_hello_request()

int tls_new_hello_request	(	struct tls_connection *	tls,
		const void *data	__unused,
		size_t len	__unused )

static

Receive new Hello Request handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2121 of file tls.c.

                                                         {
 
        /* Ignore if a handshake is in progress */
        if ( ! tls_ready ( tls ) ) {
                DBGC ( tls, "TLS %p ignoring Hello Request\n", tls );
                return 0;
        }
 
        /* Fail unless server supports secure renegotiation */
        if ( ! ( tls->secure_renegotiation && tls->extended_master_secret ) ) {
                DBGC ( tls, "TLS %p refusing to renegotiate insecurely\n",
                       tls );
                return -EPERM_RENEG_INSECURE;
        }
 
        /* Restart negotiation */
        tls_restart ( tls );
 
        return 0;
}

References __unused, data, DBGC, EPERM_RENEG_INSECURE, tls_connection::extended_master_secret, len, tls_connection::secure_renegotiation, tls_ready(), and tls_restart().

Referenced by tls_new_handshake().

◆ tls_new_server_hello()

int tls_new_server_hello	(	struct tls_connection *	tls,
		const void *	data,
		size_t	len )

static

Receive new Server Hello handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2152 of file tls.c.

                                                                 {
        const struct {
                uint16_t version;
                uint8_t random[32];
                uint8_t session_id_len;
                uint8_t session_id[0];
        } __attribute__ (( packed )) *hello_a = data;
        const uint8_t *session_id;
        const struct {
                uint16_t cipher_suite;
                uint8_t compression_method;
                char next[0];
        } __attribute__ (( packed )) *hello_b;
        const struct {
                uint16_t len;
                uint8_t data[0];
        } __attribute__ (( packed )) *exts;
        const struct {
                uint16_t type;
                uint16_t len;
                uint8_t data[0];
        } __attribute__ (( packed )) *ext;
        const struct {
                uint8_t len;
                uint8_t data[0];
        } __attribute__ (( packed )) *reneg = NULL;
        const struct {
                uint8_t data[0];
        } __attribute__ (( packed )) *ems = NULL;
        uint16_t version;
        size_t exts_len;
        size_t ext_len;
        size_t remaining;
        int rc;
 
        /* Parse header */
        if ( ( sizeof ( *hello_a ) > len ) ||
             ( hello_a->session_id_len > ( len - sizeof ( *hello_a ) ) ) ||
             ( sizeof ( *hello_b ) > ( len - sizeof ( *hello_a ) -
                                       hello_a->session_id_len ) ) ) {
                DBGC ( tls, "TLS %p received underlength Server Hello\n", tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_HELLO;
        }
        session_id = hello_a->session_id;
        hello_b = ( ( void * ) ( session_id + hello_a->session_id_len ) );
 
        /* Parse extensions, if present */
        remaining = ( len - sizeof ( *hello_a ) - hello_a->session_id_len -
                      sizeof ( *hello_b ) );
        if ( remaining ) {
 
                /* Parse extensions length */
                exts = ( ( void * ) hello_b->next );
                if ( ( sizeof ( *exts ) > remaining ) ||
                     ( ( exts_len = ntohs ( exts->len ) ) >
                       ( remaining - sizeof ( *exts ) ) ) ) {
                        DBGC ( tls, "TLS %p received underlength extensions\n",
                               tls );
                        DBGC_HD ( tls, data, len );
                        return -EINVAL_HELLO;
                }
 
                /* Parse extensions */
                for ( ext = ( ( void * ) exts->data ), remaining = exts_len ;
                      remaining ;
                      ext = ( ( ( void * ) ext ) + sizeof ( *ext ) + ext_len ),
                              remaining -= ( sizeof ( *ext ) + ext_len ) ) {
 
                        /* Parse extension length */
                        if ( ( sizeof ( *ext ) > remaining ) ||
                             ( ( ext_len = ntohs ( ext->len ) ) >
                               ( remaining - sizeof ( *ext ) ) ) ) {
                                DBGC ( tls, "TLS %p received underlength "
                                       "extension\n", tls );
                                DBGC_HD ( tls, data, len );
                                return -EINVAL_HELLO;
                        }
 
                        /* Record known extensions */
                        switch ( ext->type ) {
                        case htons ( TLS_RENEGOTIATION_INFO ) :
                                reneg = ( ( void * ) ext->data );
                                if ( ( sizeof ( *reneg ) > ext_len ) ||
                                     ( reneg->len >
                                       ( ext_len - sizeof ( *reneg ) ) ) ) {
                                        DBGC ( tls, "TLS %p received "
                                               "underlength renegotiation "
                                               "info\n", tls );
                                        DBGC_HD ( tls, data, len );
                                        return -EINVAL_HELLO;
                                }
                                break;
                        case htons ( TLS_EXTENDED_MASTER_SECRET ) :
                                ems = ( ( void * ) ext->data );
                                break;
                        }
                }
        }
 
        /* Check and store protocol version */
        version = ntohs ( hello_a->version );
        if ( version < TLS_VERSION_MIN ) {
                DBGC ( tls, "TLS %p does not support protocol version %d.%d\n",
                       tls, ( version >> 8 ), ( version & 0xff ) );
                return -ENOTSUP_VERSION;
        }
        if ( version > tls->version ) {
                DBGC ( tls, "TLS %p server attempted to illegally upgrade to "
                       "protocol version %d.%d\n",
                       tls, ( version >> 8 ), ( version & 0xff ) );
                return -EPROTO_VERSION;
        }
        tls->version = version;
        DBGC ( tls, "TLS %p using protocol version %d.%d\n",
               tls, ( version >> 8 ), ( version & 0xff ) );
 
        /* Select cipher suite */
        if ( ( rc = tls_select_cipher ( tls, hello_b->cipher_suite ) ) != 0 )
                return rc;
 
        /* Add preceding Client Hello to handshake digest */
        if ( ( rc = tls_client_hello ( tls, tls_add_handshake ) ) != 0 )
                return rc;
 
        /* Copy out server random bytes */
        memcpy ( &tls->server.random, &hello_a->random,
                 sizeof ( tls->server.random ) );
 
        /* Handle extended master secret */
        tls->extended_master_secret = ( !! ems );
 
        /* Check session ID */
        if ( hello_a->session_id_len &&
             ( hello_a->session_id_len == tls->session_id_len ) &&
             ( memcmp ( session_id, tls->session_id,
                        tls->session_id_len ) == 0 ) ) {
 
                /* Session ID match: reuse master secret */
                DBGC ( tls, "TLS %p resuming session ID:\n", tls );
                DBGC_HDA ( tls, 0, tls->session_id, tls->session_id_len );
                if ( ( rc = tls_generate_keys ( tls ) ) != 0 )
                        return rc;
 
                /* Ensure master secret generation method matches */
                if ( tls->extended_master_secret !=
                     tls->session->extended_master_secret ) {
                        DBGC ( tls, "TLS %p mismatched extended master secret "
                               "extension\n", tls );
                        return -EPERM_EMS;
                }
 
        } else {
 
                /* Record new session ID, if present */
                if ( hello_a->session_id_len &&
                     ( hello_a->session_id_len <= sizeof ( tls->session_id ))){
                        tls->session_id_len = hello_a->session_id_len;
                        memcpy ( tls->session_id, session_id,
                                 tls->session_id_len );
                        DBGC ( tls, "TLS %p new session ID:\n", tls );
                        DBGC_HDA ( tls, 0, tls->session_id,
                                   tls->session_id_len );
                }
        }
 
        /* Handle secure renegotiation */
        if ( tls->secure_renegotiation ) {
 
                /* Secure renegotiation is expected; verify data */
                if ( ( reneg == NULL ) ||
                     ( reneg->len != sizeof ( tls->verify ) ) ||
                     ( memcmp ( reneg->data, &tls->verify,
                                sizeof ( tls->verify ) ) != 0 ) ) {
                        DBGC ( tls, "TLS %p server failed secure "
                               "renegotiation\n", tls );
                        return -EPERM_RENEG_VERIFY;
                }
 
        } else if ( reneg != NULL ) {
 
                /* Secure renegotiation is being enabled */
                if ( reneg->len != 0 ) {
                        DBGC ( tls, "TLS %p server provided non-empty initial "
                               "renegotiation\n", tls );
                        return -EPERM_RENEG_VERIFY;
                }
                tls->secure_renegotiation = 1;
        }
 
        return 0;
}

References __attribute__, data, DBGC, DBGC_HD, DBGC_HDA, EINVAL_HELLO, ENOTSUP_VERSION, EPERM_EMS, EPERM_RENEG_VERIFY, EPROTO_VERSION, ext, tls_connection::extended_master_secret, tls_session::extended_master_secret, htons, len, memcmp(), memcpy(), next, ntohs, NULL, random(), tls_server::random, rc, tls_connection::secure_renegotiation, tls_connection::server, tls_connection::session, tls_connection::session_id, tls_connection::session_id_len, tls_add_handshake(), tls_client_hello(), TLS_EXTENDED_MASTER_SECRET, tls_generate_keys(), TLS_RENEGOTIATION_INFO, tls_select_cipher(), TLS_VERSION_MIN, type, tls_connection::verify, tls_connection::version, and version.

Referenced by tls_new_handshake().

◆ tls_new_session_ticket()

int tls_new_session_ticket	(	struct tls_connection *	tls,
		const void *	data,
		size_t	len )

static

Receive New Session Ticket handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2354 of file tls.c.

                                                                   {
        const struct {
                uint32_t lifetime;
                uint16_t len;
                uint8_t ticket[0];
        } __attribute__ (( packed )) *new_session_ticket = data;
        size_t ticket_len;
 
        /* Parse header */
        if ( sizeof ( *new_session_ticket ) > len ) {
                DBGC ( tls, "TLS %p received underlength New Session Ticket\n",
                       tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_TICKET;
        }
        ticket_len = ntohs ( new_session_ticket->len );
        if ( ticket_len > ( len - sizeof ( *new_session_ticket ) ) ) {
                DBGC ( tls, "TLS %p received overlength New Session Ticket\n",
                       tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_TICKET;
        }
 
        /* Free any unapplied new session ticket */
        free ( tls->new_session_ticket );
        tls->new_session_ticket = NULL;
        tls->new_session_ticket_len = 0;
 
        /* Record ticket */
        tls->new_session_ticket = malloc ( ticket_len );
        if ( ! tls->new_session_ticket )
                return -ENOMEM;
        memcpy ( tls->new_session_ticket, new_session_ticket->ticket,
                 ticket_len );
        tls->new_session_ticket_len = ticket_len;
        DBGC ( tls, "TLS %p new session ticket:\n", tls );
        DBGC_HDA ( tls, 0, tls->new_session_ticket,
                   tls->new_session_ticket_len );
 
        return 0;
}

References __attribute__, data, DBGC, DBGC_HD, DBGC_HDA, EINVAL_TICKET, ENOMEM, free, len, lifetime, malloc(), memcpy(), tls_connection::new_session_ticket, tls_connection::new_session_ticket_len, ntohs, and NULL.

Referenced by tls_new_handshake().

◆ tls_parse_chain()

int tls_parse_chain	(	struct tls_connection *	tls,
		const void *	data,
		size_t	len )

static

Parse certificate chain.

Parameters

tls	TLS connection
data	Certificate chain
len	Length of certificate chain

Return values

rc	Return status code

Definition at line 2405 of file tls.c.

                                                            {
        size_t remaining = len;
        int rc;
 
        /* Free any existing certificate chain */
        memset ( &tls->server.key, 0, sizeof ( tls->server.key ) );
        x509_chain_put ( tls->server.chain );
        tls->server.chain = NULL;
 
        /* Create certificate chain */
        tls->server.chain = x509_alloc_chain();
        if ( ! tls->server.chain ) {
                rc = -ENOMEM_CHAIN;
                goto err_alloc_chain;
        }
 
        /* Add certificates to chain */
        while ( remaining ) {
                const struct {
                        tls24_t length;
                        uint8_t data[0];
                } __attribute__ (( packed )) *certificate = data;
                size_t certificate_len;
                size_t record_len;
                struct x509_certificate *cert;
 
                /* Parse header */
                if ( sizeof ( *certificate ) > remaining ) {
                        DBGC ( tls, "TLS %p underlength certificate:\n", tls );
                        DBGC_HDA ( tls, 0, data, remaining );
                        rc = -EINVAL_CERTIFICATE;
                        goto err_underlength;
                }
                certificate_len = tls_uint24 ( &certificate->length );
                if ( certificate_len > ( remaining - sizeof ( *certificate ) )){
                        DBGC ( tls, "TLS %p overlength certificate:\n", tls );
                        DBGC_HDA ( tls, 0, data, remaining );
                        rc = -EINVAL_CERTIFICATE;
                        goto err_overlength;
                }
                record_len = ( sizeof ( *certificate ) + certificate_len );
 
                /* Add certificate to chain */
                if ( ( rc = x509_append_raw ( tls->server.chain,
                                              certificate->data,
                                              certificate_len ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not append certificate: %s\n",
                               tls, strerror ( rc ) );
                        DBGC_HDA ( tls, 0, data, remaining );
                        goto err_parse;
                }
                cert = x509_last ( tls->server.chain );
                DBGC ( tls, "TLS %p found certificate %s\n",
                       tls, x509_name ( cert ) );
 
                /* Move to next certificate in list */
                data += record_len;
                remaining -= record_len;
        }
 
        return 0;
 
 err_parse:
 err_overlength:
 err_underlength:
        memset ( &tls->server.key, 0, sizeof ( tls->server.key ) );
        x509_chain_put ( tls->server.chain );
        tls->server.chain = NULL;
 err_alloc_chain:
        return rc;
}

References __attribute__, tls_server::chain, data, DBGC, DBGC_HDA, EINVAL_CERTIFICATE, ENOMEM_CHAIN, tls_server::key, len, length, memset(), NULL, rc, tls_connection::server, strerror(), tls_uint24(), x509_alloc_chain(), x509_append_raw(), x509_chain_put(), x509_last(), and x509_name().

Referenced by tls_new_certificate().

◆ tls_new_certificate()

int tls_new_certificate	(	struct tls_connection *	tls,
		const void *	data,
		size_t	len )

static

Receive new Certificate handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2486 of file tls.c.

                                                                {
        const struct {
                tls24_t length;
                uint8_t certificates[0];
        } __attribute__ (( packed )) *certificate = data;
        size_t certificates_len;
        int rc;
 
        /* Parse header */
        if ( sizeof ( *certificate ) > len ) {
                DBGC ( tls, "TLS %p received underlength Server Certificate\n",
                       tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_CERTIFICATES;
        }
        certificates_len = tls_uint24 ( &certificate->length );
        if ( certificates_len > ( len - sizeof ( *certificate ) ) ) {
                DBGC ( tls, "TLS %p received overlength Server Certificate\n",
                       tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_CERTIFICATES;
        }
 
        /* Parse certificate chain */
        if ( ( rc = tls_parse_chain ( tls, certificate->certificates,
                                      certificates_len ) ) != 0 )
                return rc;
 
        return 0;
}

References __attribute__, data, DBGC, DBGC_HD, EINVAL_CERTIFICATES, len, length, rc, tls_parse_chain(), and tls_uint24().

Referenced by tls_new_handshake().

◆ tls_new_server_key_exchange()

int tls_new_server_key_exchange	(	struct tls_connection *	tls,
		const void *	data,
		size_t	len )

static

Receive new Server Key Exchange handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2526 of file tls.c.

                                                                        {
 
        /* Free any existing server key exchange record */
        free ( tls->server.exchange );
        tls->server.exchange_len = 0;
 
        /* Allocate copy of server key exchange record */
        tls->server.exchange = malloc ( len );
        if ( ! tls->server.exchange )
                return -ENOMEM;
 
        /* Store copy of server key exchange record for later
         * processing.  We cannot verify the signature at this point
         * since the certificate validation will not yet have
         * completed.
         */
        memcpy ( tls->server.exchange, data, len );
        tls->server.exchange_len = len;
 
        return 0;
}

References data, ENOMEM, tls_server::exchange, tls_server::exchange_len, free, len, malloc(), memcpy(), and tls_connection::server.

Referenced by tls_new_handshake().

◆ tls_new_certificate_request()

int tls_new_certificate_request	(	struct tls_connection *	tls,
		const void *data	__unused,
		size_t len	__unused )

static

Receive new Certificate Request handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2557 of file tls.c.

                                                               {
        struct x509_certificate *cert;
        int rc;
 
        /* We can only send a single certificate, so there is no point
         * in parsing the Certificate Request.
         */
 
        /* Free any existing client certificate chain */
        x509_chain_put ( tls->client.chain );
        tls->client.chain = NULL;
 
        /* Create client certificate chain */
        tls->client.chain = x509_alloc_chain();
        if ( ! tls->client.chain ) {
                rc = -ENOMEM;
                goto err_alloc;
        }
 
        /* Determine client certificate to be sent, if any */
        cert = x509_find_key ( NULL, tls->client.key );
        if ( cert ) {
                DBGC ( tls, "TLS %p selected client certificate %s\n",
                       tls, x509_name ( cert ) );
 
                /* Append client certificate to chain */
                if ( ( rc = x509_append ( tls->client.chain, cert ) ) != 0 )
                        goto err_append;
 
                /* Append any relevant issuer certificates */
                if ( ( rc = x509_auto_append ( tls->client.chain,
                                               &certstore ) ) != 0 )
                        goto err_auto_append;
        } else {
 
                /* Send an empty certificate chain */
                DBGC ( tls, "TLS %p could not find certificate corresponding "
                       "to private key\n", tls );
        }
 
        return 0;
 
 err_auto_append:
 err_append:
        x509_chain_put ( tls->client.chain );
        tls->client.chain = NULL;
 err_alloc:
        return rc;
}

References __unused, certstore, tls_client::chain, tls_connection::client, data, DBGC, ENOMEM, tls_client::key, len, NULL, rc, x509_alloc_chain(), x509_append(), x509_auto_append(), x509_chain_put(), x509_find_key(), and x509_name().

Referenced by tls_new_handshake().

◆ tls_new_server_hello_done()

int tls_new_server_hello_done	(	struct tls_connection *	tls,
		const void *	data,
		size_t	len )

static

Receive new Server Hello Done handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2617 of file tls.c.

                                                                      {
        const struct {
                char next[0];
        } __attribute__ (( packed )) *hello_done = data;
        int rc;
 
        /* Sanity check */
        if ( sizeof ( *hello_done ) != len ) {
                DBGC ( tls, "TLS %p received overlength Server Hello Done\n",
                       tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_HELLO_DONE;
        }
 
        /* Begin certificate validation */
        if ( ( rc = create_validator ( &tls->server.validator,
                                       tls->server.chain,
                                       tls->server.root ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not start certificate validation: "
                       "%s\n", tls, strerror ( rc ) );
                return rc;
        }
        pending_get ( &tls->server.validation );
 
        return 0;
}

References __attribute__, tls_server::chain, create_validator(), data, DBGC, DBGC_HD, EINVAL_HELLO_DONE, len, next, pending_get(), rc, tls_server::root, tls_connection::server, strerror(), tls_server::validation, and tls_server::validator.

Referenced by tls_new_handshake().

◆ tls_new_finished()

int tls_new_finished	(	struct tls_connection *	tls,
		const void *	data,
		size_t	len )

static

Receive new Finished handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2653 of file tls.c.

                                                             {
        struct tls_session *session = tls->session;
        struct digest_algorithm *digest = tls->handshake_digest;
        const struct {
                uint8_t verify_data[ sizeof ( tls->verify.server ) ];
                char next[0];
        } __attribute__ (( packed )) *finished = data;
        uint8_t digest_out[ digest->digestsize ];
 
        /* Sanity check */
        if ( sizeof ( *finished ) != len ) {
                DBGC ( tls, "TLS %p received overlength Finished\n", tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_FINISHED;
        }
 
        /* Verify data */
        tls_verify_handshake ( tls, digest_out );
        tls_prf_label ( tls, &tls->master_secret, sizeof ( tls->master_secret ),
                        tls->verify.server, sizeof ( tls->verify.server ),
                        "server finished", digest_out, sizeof ( digest_out ) );
        if ( memcmp ( tls->verify.server, finished->verify_data,
                      sizeof ( tls->verify.server ) ) != 0 ) {
                DBGC ( tls, "TLS %p verification failed\n", tls );
                return -EPERM_VERIFY;
        }
 
        /* Mark server as finished */
        pending_put ( &tls->server.negotiation );
 
        /* If we are resuming a session (i.e. if the server Finished
         * arrives before the client Finished is sent), then schedule
         * transmission of Change Cipher and Finished.
         */
        if ( is_pending ( &tls->client.negotiation ) ) {
                tls->tx.pending |= ( TLS_TX_CHANGE_CIPHER | TLS_TX_FINISHED );
                tls_tx_resume ( tls );
        }
 
        /* Record session ID, ticket, and master secret, if applicable */
        if ( tls->session_id_len || tls->new_session_ticket_len ) {
                memcpy ( session->master_secret, tls->master_secret,
                         sizeof ( session->master_secret ) );
                session->extended_master_secret = tls->extended_master_secret;
        }
        if ( tls->session_id_len ) {
                session->id_len = tls->session_id_len;
                memcpy ( session->id, tls->session_id, sizeof ( session->id ) );
        }
        if ( tls->new_session_ticket_len ) {
                free ( session->ticket );
                session->ticket = tls->new_session_ticket;
                session->ticket_len = tls->new_session_ticket_len;
                tls->new_session_ticket = NULL;
                tls->new_session_ticket_len = 0;
        }
 
        /* Move to end of session's connection list and allow other
         * connections to start making progress.
         */
        list_del ( &tls->list );
        list_add_tail ( &tls->list, &session->conn );
        tls_tx_resume_all ( session );
 
        /* Send notification of a window change */
        xfer_window_changed ( &tls->plainstream );
 
        return 0;
}

References __attribute__, tls_connection::client, tls_session::conn, data, DBGC, DBGC_HD, digest_algorithm::digestsize, EINVAL_FINISHED, EPERM_VERIFY, tls_connection::extended_master_secret, tls_session::extended_master_secret, free, tls_connection::handshake_digest, tls_session::id, tls_session::id_len, is_pending(), len, tls_connection::list, list_add_tail, list_del, tls_connection::master_secret, tls_session::master_secret, memcmp(), memcpy(), tls_client::negotiation, tls_server::negotiation, tls_connection::new_session_ticket, tls_connection::new_session_ticket_len, next, NULL, tls_tx::pending, pending_put(), tls_connection::plainstream, tls_connection::server, tls_verify_data::server, tls_connection::session, tls_connection::session_id, tls_connection::session_id_len, tls_session::ticket, tls_session::ticket_len, tls_prf_label, TLS_TX_CHANGE_CIPHER, TLS_TX_FINISHED, tls_tx_resume(), tls_tx_resume_all(), tls_verify_handshake(), tls_connection::tx, tls_connection::verify, and xfer_window_changed().

Referenced by tls_new_handshake().

◆ tls_new_handshake()

int tls_new_handshake	(	struct tls_connection *	tls,
		struct io_buffer *	iobuf )

static

Receive new Handshake record.

Parameters

tls	TLS connection
iobuf	I/O buffer

Return values

rc	Return status code

Definition at line 2731 of file tls.c.

                                                         {
        size_t remaining;
        int rc;
 
        while ( ( remaining = iob_len ( iobuf ) ) ) {
                const struct {
                        uint8_t type;
                        tls24_t length;
                        uint8_t payload[0];
                } __attribute__ (( packed )) *handshake = iobuf->data;
                const void *payload;
                size_t payload_len;
                size_t record_len;
 
                /* Parse header */
                if ( sizeof ( *handshake ) > remaining ) {
                        /* Leave remaining fragment unconsumed */
                        break;
                }
                payload_len = tls_uint24 ( &handshake->length );
                if ( payload_len > ( remaining - sizeof ( *handshake ) ) ) {
                        /* Leave remaining fragment unconsumed */
                        break;
                }
                payload = &handshake->payload;
                record_len = ( sizeof ( *handshake ) + payload_len );
 
                /* Handle payload */
                switch ( handshake->type ) {
                case TLS_HELLO_REQUEST:
                        rc = tls_new_hello_request ( tls, payload,
                                                     payload_len );
                        break;
                case TLS_SERVER_HELLO:
                        rc = tls_new_server_hello ( tls, payload, payload_len );
                        break;
                case TLS_NEW_SESSION_TICKET:
                        rc = tls_new_session_ticket ( tls, payload,
                                                      payload_len );
                        break;
                case TLS_CERTIFICATE:
                        rc = tls_new_certificate ( tls, payload, payload_len );
                        break;
                case TLS_SERVER_KEY_EXCHANGE:
                        rc = tls_new_server_key_exchange ( tls, payload,
                                                           payload_len );
                        break;
                case TLS_CERTIFICATE_REQUEST:
                        rc = tls_new_certificate_request ( tls, payload,
                                                           payload_len );
                        break;
                case TLS_SERVER_HELLO_DONE:
                        rc = tls_new_server_hello_done ( tls, payload,
                                                         payload_len );
                        break;
                case TLS_FINISHED:
                        rc = tls_new_finished ( tls, payload, payload_len );
                        break;
                default:
                        DBGC ( tls, "TLS %p ignoring handshake type %d\n",
                               tls, handshake->type );
                        rc = 0;
                        break;
                }
 
                /* Add to handshake digest (except for Hello Requests,
                 * which are explicitly excluded).
                 */
                if ( handshake->type != TLS_HELLO_REQUEST )
                        tls_add_handshake ( tls, handshake, record_len );
 
                /* Abort on failure */
                if ( rc != 0 )
                        return rc;
 
                /* Move to next handshake record */
                iob_pull ( iobuf, record_len );
        }
 
        return 0;
}

References __attribute__, io_buffer::data, DBGC, iob_len(), iob_pull, length, rc, tls_add_handshake(), TLS_CERTIFICATE, TLS_CERTIFICATE_REQUEST, TLS_FINISHED, TLS_HELLO_REQUEST, tls_new_certificate(), tls_new_certificate_request(), tls_new_finished(), tls_new_hello_request(), tls_new_server_hello(), tls_new_server_hello_done(), tls_new_server_key_exchange(), TLS_NEW_SESSION_TICKET, tls_new_session_ticket(), TLS_SERVER_HELLO, TLS_SERVER_HELLO_DONE, TLS_SERVER_KEY_EXCHANGE, tls_uint24(), and type.

Referenced by tls_new_record().

◆ tls_new_unknown()

int tls_new_unknown	(	struct tls_connection *tls	__unused,
		struct io_buffer *	iobuf )

static

Receive new unknown record.

Parameters

tls	TLS connection
iobuf	I/O buffer

Return values

rc	Return status code

Definition at line 2821 of file tls.c.

                                                       {
 
        /* RFC4346 says that we should just ignore unknown record types */
        iob_pull ( iobuf, iob_len ( iobuf ) );
        return 0;
}

References __unused, iob_len(), and iob_pull.

Referenced by tls_new_record().

◆ tls_new_data()

int tls_new_data	(	struct tls_connection *	tls,
		struct list_head *	rx_data )

static

Receive new data record.

Parameters

tls	TLS connection
rx_data	List of received data buffers

Return values

rc	Return status code

Definition at line 2836 of file tls.c.

                                                      {
        struct io_buffer *iobuf;
        int rc;
 
        /* Fail unless we are ready to receive data */
        if ( ! tls_ready ( tls ) )
                return -ENOTCONN;
 
        /* Deliver each I/O buffer in turn */
        while ( ( iobuf = list_first_entry ( rx_data, struct io_buffer,
                                             list ) ) ) {
                list_del ( &iobuf->list );
                if ( ( rc = xfer_deliver_iob ( &tls->plainstream,
                                               iobuf ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not deliver data: "
                               "%s\n", tls, strerror ( rc ) );
                        return rc;
                }
        }
 
        return 0;
}

References DBGC, ENOTCONN, io_buffer::list, list_del, list_first_entry, tls_connection::plainstream, rc, strerror(), tls_ready(), and xfer_deliver_iob().

Referenced by tls_new_record().

◆ tls_new_record()

int tls_new_record	(	struct tls_connection *	tls,
		unsigned int	type,
		struct list_head *	rx_data )

static

Receive new record.

Parameters

tls	TLS connection
type	Record type
rx_data	List of received data buffers

Return values

rc	Return status code

Definition at line 2868 of file tls.c.

                                                        {
        int ( * handler ) ( struct tls_connection *tls,
                            struct io_buffer *iobuf );
        struct io_buffer *tmp = NULL;
        struct io_buffer **iobuf;
        int rc;
 
        /* Deliver data records as-is to the plainstream interface */
        if ( type == TLS_TYPE_DATA )
                return tls_new_data ( tls, rx_data );
 
        /* Determine handler and fragment buffer */
        iobuf = &tmp;
        switch ( type ) {
        case TLS_TYPE_CHANGE_CIPHER:
                handler = tls_new_change_cipher;
                break;
        case TLS_TYPE_ALERT:
                handler = tls_new_alert;
                break;
        case TLS_TYPE_HANDSHAKE:
                handler = tls_new_handshake;
                iobuf = &tls->rx.handshake;
                break;
        default:
                DBGC ( tls, "TLS %p unknown record type %d\n", tls, type );
                handler = tls_new_unknown;
                break;
        }
 
        /* Merge into a single I/O buffer */
        if ( *iobuf )
                list_add ( &(*iobuf)->list, rx_data );
        *iobuf = iob_concatenate ( rx_data );
        if ( ! *iobuf ) {
                DBGC ( tls, "TLS %p could not concatenate non-data record "
                       "type %d\n", tls, type );
                rc = -ENOMEM_RX_CONCAT;
                goto err_concatenate;
        }
 
        /* Handle record */
        if ( ( rc = handler ( tls, *iobuf ) ) != 0 )
                goto err_handle;
 
        /* Discard I/O buffer if empty */
        if ( ! iob_len ( *iobuf ) ) {
                free_iob ( *iobuf );
                *iobuf = NULL;
        }
 
        /* Sanity check */
        assert ( tmp == NULL );
 
        return 0;
 
 err_handle:
        free_iob ( *iobuf );
        *iobuf = NULL;
 err_concatenate:
        return rc;
}

References assert, DBGC, ENOMEM_RX_CONCAT, free_iob(), tls_rx::handshake, iob_concatenate(), iob_len(), list_add, NULL, rc, tls_connection::rx, tls_new_alert(), tls_new_change_cipher(), tls_new_data(), tls_new_handshake(), tls_new_unknown(), TLS_TYPE_ALERT, TLS_TYPE_CHANGE_CIPHER, TLS_TYPE_DATA, TLS_TYPE_HANDSHAKE, tmp, and type.

Referenced by tls_new_ciphertext().

◆ tls_hmac_init()

void tls_hmac_init	(	struct tls_cipherspec *	cipherspec,
		void *	ctx,
		struct tls_auth_header *	authhdr )

static

Initialise HMAC.

Parameters

cipherspec	Cipher specification
ctx	Context
authhdr	Authentication header

Definition at line 2946 of file tls.c.

                                                              {
        struct tls_cipher_suite *suite = cipherspec->suite;
        struct digest_algorithm *digest = suite->digest;
 
        hmac_init ( digest, ctx, cipherspec->mac_secret, suite->mac_len );
        hmac_update ( digest, ctx, authhdr, sizeof ( *authhdr ) );
}

References ctx, tls_cipher_suite::digest, hmac_init(), hmac_update(), tls_cipher_suite::mac_len, tls_cipherspec::mac_secret, and tls_cipherspec::suite.

Referenced by tls_hmac(), and tls_hmac_list().

◆ tls_hmac_update()

void tls_hmac_update	(	struct tls_cipherspec *	cipherspec,
		void *	ctx,
		const void *	data,
		size_t	len )

static

Update HMAC.

Parameters

cipherspec	Cipher specification
ctx	Context
data	Data
len	Length of data

Definition at line 2963 of file tls.c.

                                                             {
        struct digest_algorithm *digest = cipherspec->suite->digest;
 
        hmac_update ( digest, ctx, data, len );
}

References ctx, data, tls_cipher_suite::digest, hmac_update(), len, and tls_cipherspec::suite.

Referenced by tls_hmac(), and tls_hmac_list().

◆ tls_hmac_final()

void tls_hmac_final	(	struct tls_cipherspec *	cipherspec,
		void *	ctx,
		void *	hmac )

static

Finalise HMAC.

Parameters

cipherspec	Cipher specification
ctx	Context
mac	HMAC to fill in

Definition at line 2977 of file tls.c.

                                          {
        struct digest_algorithm *digest = cipherspec->suite->digest;
 
        hmac_final ( digest, ctx, hmac );
}

References ctx, tls_cipher_suite::digest, hmac_final(), and tls_cipherspec::suite.

Referenced by tls_hmac(), and tls_hmac_list().

◆ tls_hmac()

void tls_hmac	(	struct tls_cipherspec *	cipherspec,
		struct tls_auth_header *	authhdr,
		const void *	data,
		size_t	len,
		void *	hmac )

static

Calculate HMAC.

Parameters

cipherspec	Cipher specification
authhdr	Authentication header
data	Data
len	Length of data
mac	HMAC to fill in

Definition at line 2993 of file tls.c.

                                                                  {
        struct digest_algorithm *digest = cipherspec->suite->digest;
        uint8_t ctx[ hmac_ctxsize ( digest ) ];
 
        tls_hmac_init ( cipherspec, ctx, authhdr );
        tls_hmac_update ( cipherspec, ctx, data, len );
        tls_hmac_final ( cipherspec, ctx, hmac );
}

References ctx, data, tls_cipher_suite::digest, hmac_ctxsize(), len, tls_cipherspec::suite, tls_hmac_final(), tls_hmac_init(), and tls_hmac_update().

Referenced by tls_send_record().

◆ tls_hmac_list()

void tls_hmac_list	(	struct tls_cipherspec *	cipherspec,
		struct tls_auth_header *	authhdr,
		struct list_head *	list,
		void *	hmac )

static

Calculate HMAC over list of I/O buffers.

Parameters

cipherspec	Cipher specification
authhdr	Authentication header
list	List of I/O buffers
mac	HMAC to fill in

Definition at line 3012 of file tls.c.

                                                                 {
        struct digest_algorithm *digest = cipherspec->suite->digest;
        uint8_t ctx[ hmac_ctxsize ( digest ) ];
        struct io_buffer *iobuf;
 
        tls_hmac_init ( cipherspec, ctx, authhdr );
        list_for_each_entry ( iobuf, list, list ) {
                tls_hmac_update ( cipherspec, ctx, iobuf->data,
                                  iob_len ( iobuf ) );
        }
        tls_hmac_final ( cipherspec, ctx, hmac );
}

References ctx, io_buffer::data, tls_cipher_suite::digest, hmac_ctxsize(), iob_len(), io_buffer::list, list_for_each_entry, tls_cipherspec::suite, tls_hmac_final(), tls_hmac_init(), and tls_hmac_update().

Referenced by tls_new_ciphertext().

◆ tls_iob_reserved()

size_t tls_iob_reserved	(	struct tls_connection *	tls,
		size_t	len )

static

Calculate maximum additional length required for transmitted record(s)

Parameters

tls	TLS connection
len	I/O buffer payload length

Return values

reserve Maximum additional length to reserve

Definition at line 3034 of file tls.c.

                                                                          {
        struct tls_cipherspec *cipherspec = &tls->tx.cipherspec.active;
        struct tls_cipher_suite *suite = cipherspec->suite;
        struct cipher_algorithm *cipher = suite->cipher;
        struct tls_header *tlshdr;
        unsigned int count;
        size_t each;
 
        /* Calculate number of records (allowing for zero-length records) */
        count = ( len ? ( ( len + TLS_TX_BUFSIZE - 1 ) / TLS_TX_BUFSIZE ) : 1 );
 
        /* Calculate maximum additional length per record */
        each = ( sizeof ( *tlshdr ) + suite->record_iv_len + suite->mac_len +
                 ( is_block_cipher ( cipher ) ? cipher->blocksize : 0 ) +
                 cipher->authsize );
 
        /* Calculate maximum total additional length */
        return ( count * each );
}

References tls_cipherspec_pair::active, cipher_algorithm::authsize, cipher_algorithm::blocksize, tls_cipher_suite::cipher, tls_tx::cipherspec, count, is_block_cipher(), len, tls_cipher_suite::mac_len, tls_cipher_suite::record_iv_len, tls_cipherspec::suite, TLS_TX_BUFSIZE, and tls_connection::tx.

Referenced by tls_alloc_iob(), and tls_send_record().

◆ tls_verify_padding()

int tls_verify_padding	(	struct tls_connection *	tls,
		struct io_buffer *	iobuf )

static

Verify block padding.

Parameters

tls	TLS connection
iobuf	Last received I/O buffer

Return values

len	Padding length, or negative error
rc	Return status code

Definition at line 3257 of file tls.c.

                                                          {
        uint8_t *padding;
        unsigned int pad;
        unsigned int i;
        size_t len;
 
        /* Extract and verify padding */
        padding = ( iobuf->tail - 1 );
        pad = *padding;
        len = ( pad + 1 );
        if ( len > iob_len ( iobuf ) ) {
                DBGC ( tls, "TLS %p received underlength padding\n", tls );
                DBGC_HD ( tls, iobuf->data, iob_len ( iobuf ) );
                return -EINVAL_PADDING;
        }
        for ( i = 0 ; i < pad ; i++ ) {
                if ( *(--padding) != pad ) {
                        DBGC ( tls, "TLS %p received bad padding\n", tls );
                        DBGC_HD ( tls, iobuf->data, iob_len ( iobuf ) );
                        return -EINVAL_PADDING;
                }
        }
 
        return len;
}

References io_buffer::data, DBGC, DBGC_HD, EINVAL_PADDING, iob_len(), len, pad, and io_buffer::tail.

Referenced by tls_new_ciphertext().

◆ tls_new_ciphertext()

int tls_new_ciphertext	(	struct tls_connection *	tls,
		struct tls_header *	tlshdr,
		struct list_head *	rx_data )

static

Receive new ciphertext record.

Parameters

tls	TLS connection
tlshdr	Record header
rx_data	List of received data buffers

Return values

rc	Return status code

Definition at line 3292 of file tls.c.

                                                            {
        struct tls_cipherspec *cipherspec = &tls->rx.cipherspec.active;
        struct tls_cipher_suite *suite = cipherspec->suite;
        struct cipher_algorithm *cipher = suite->cipher;
        struct digest_algorithm *digest = suite->digest;
        size_t len = ntohs ( tlshdr->length );
        struct {
                uint8_t fixed[suite->fixed_iv_len];
                uint8_t record[suite->record_iv_len];
        } __attribute__ (( packed )) iv;
        struct tls_auth_header authhdr;
        uint8_t verify_mac[digest->digestsize];
        uint8_t verify_auth[cipher->authsize];
        struct io_buffer *first;
        struct io_buffer *last;
        struct io_buffer *iobuf;
        void *mac;
        void *auth;
        size_t check_len;
        int pad_len;
        int rc;
 
        /* Locate first and last data buffers */
        assert ( ! list_empty ( rx_data ) );
        first = list_first_entry ( rx_data, struct io_buffer, list );
        last = list_last_entry ( rx_data, struct io_buffer, list );
 
        /* Extract initialisation vector */
        if ( iob_len ( first ) < sizeof ( iv.record ) ) {
                DBGC ( tls, "TLS %p received underlength IV\n", tls );
                DBGC_HD ( tls, first->data, iob_len ( first ) );
                return -EINVAL_IV;
        }
        memcpy ( iv.fixed, cipherspec->fixed_iv, sizeof ( iv.fixed ) );
        memcpy ( iv.record, first->data, sizeof ( iv.record ) );
        iob_pull ( first, sizeof ( iv.record ) );
        len -= sizeof ( iv.record );
 
        /* Extract unencrypted authentication tag */
        if ( iob_len ( last ) < cipher->authsize ) {
                DBGC ( tls, "TLS %p received underlength authentication tag\n",
                       tls );
                DBGC_HD ( tls, last->data, iob_len ( last ) );
                return -EINVAL_MAC;
        }
        iob_unput ( last, cipher->authsize );
        len -= cipher->authsize;
        auth = last->tail;
 
        /* Construct authentication data */
        authhdr.seq = cpu_to_be64 ( tls->rx.seq );
        authhdr.header.type = tlshdr->type;
        authhdr.header.version = tlshdr->version;
        authhdr.header.length = htons ( len );
 
        /* Set initialisation vector */
        cipher_setiv ( cipher, cipherspec->cipher_ctx, &iv, sizeof ( iv ) );
 
        /* Process authentication data, if applicable */
        if ( is_auth_cipher ( cipher ) ) {
                cipher_decrypt ( cipher, cipherspec->cipher_ctx, &authhdr,
                                 NULL, sizeof ( authhdr ) );
        }
 
        /* Decrypt the received data */
        check_len = 0;
        list_for_each_entry ( iobuf, &tls->rx.data, list ) {
                cipher_decrypt ( cipher, cipherspec->cipher_ctx,
                                 iobuf->data, iobuf->data, iob_len ( iobuf ) );
                check_len += iob_len ( iobuf );
        }
        assert ( check_len == len );
 
        /* Strip block padding, if applicable */
        if ( is_block_cipher ( cipher ) ) {
                pad_len = tls_verify_padding ( tls, last );
                if ( pad_len < 0 ) {
                        /* Assume zero padding length to avoid timing attacks */
                        pad_len = 0;
                }
                iob_unput ( last, pad_len );
                len -= pad_len;
        }
 
        /* Extract decrypted MAC */
        if ( iob_len ( last ) < suite->mac_len ) {
                DBGC ( tls, "TLS %p received underlength MAC\n", tls );
                DBGC_HD ( tls, last->data, iob_len ( last ) );
                return -EINVAL_MAC;
        }
        iob_unput ( last, suite->mac_len );
        len -= suite->mac_len;
        mac = last->tail;
 
        /* Dump received data */
        DBGC2 ( tls, "Received plaintext data:\n" );
        check_len = 0;
        list_for_each_entry ( iobuf, rx_data, list ) {
                DBGC2_HD ( tls, iobuf->data, iob_len ( iobuf ) );
                check_len += iob_len ( iobuf );
        }
        assert ( check_len == len );
 
        /* Generate MAC */
        authhdr.header.length = htons ( len );
        if ( suite->mac_len )
                tls_hmac_list ( cipherspec, &authhdr, rx_data, verify_mac );
 
        /* Generate authentication tag */
        cipher_auth ( cipher, cipherspec->cipher_ctx, verify_auth );
 
        /* Verify MAC */
        if ( memcmp ( mac, verify_mac, suite->mac_len ) != 0 ) {
                DBGC ( tls, "TLS %p failed MAC verification\n", tls );
                return -EINVAL_MAC;
        }
 
        /* Verify authentication tag */
        if ( memcmp ( auth, verify_auth, cipher->authsize ) != 0 ) {
                DBGC ( tls, "TLS %p failed authentication tag verification\n",
                       tls );
                return -EINVAL_MAC;
        }
 
        /* Process plaintext record */
        if ( ( rc = tls_new_record ( tls, tlshdr->type, rx_data ) ) != 0 )
                return rc;
 
        return 0;
}

References __attribute__, tls_cipherspec_pair::active, assert, cipher_algorithm::authsize, tls_cipher_suite::cipher, cipher_auth(), tls_cipherspec::cipher_ctx, cipher_decrypt, cipher_setiv(), tls_rx::cipherspec, cpu_to_be64, io_buffer::data, tls_rx::data, DBGC, DBGC2, DBGC2_HD, DBGC_HD, tls_cipher_suite::digest, digest_algorithm::digestsize, EINVAL_IV, EINVAL_MAC, first, fixed, tls_cipherspec::fixed_iv, tls_cipher_suite::fixed_iv_len, tls_auth_header::header, htons, iob_len(), iob_pull, iob_unput, is_auth_cipher(), is_block_cipher(), iv, len, tls_header::length, io_buffer::list, list_empty, list_first_entry, list_for_each_entry, list_last_entry, mac, tls_cipher_suite::mac_len, memcmp(), memcpy(), ntohs, NULL, pad_len, rc, tls_cipher_suite::record_iv_len, tls_connection::rx, tls_auth_header::seq, tls_rx::seq, tls_cipherspec::suite, io_buffer::tail, tls_hmac_list(), tls_new_record(), tls_verify_padding(), tls_header::type, and tls_header::version.

Referenced by tls_newdata_process_data().

◆ tls_plainstream_window()

size_t tls_plainstream_window ( struct tls_connection * tls )

static

Check flow control window.

Parameters

tls	TLS connection

Return values

len	Length of window

Definition at line 3438 of file tls.c.

                                                                    {
 
        /* Block window unless we are ready to accept data */
        if ( ! tls_ready ( tls ) )
                return 0;
 
        return xfer_window ( &tls->cipherstream );
}

References tls_connection::cipherstream, tls_ready(), and xfer_window().

◆ tls_plainstream_deliver()

int tls_plainstream_deliver	(	struct tls_connection *	tls,
		struct io_buffer *	iobuf,
		struct xfer_metadata *meta	__unused )

static

Deliver datagram as raw data.

Parameters

tls	TLS connection
iobuf	I/O buffer
meta	Data transfer metadata

Return values

rc	Return status code

Definition at line 3455 of file tls.c.

                                                                           {
        int rc;
        
        /* Refuse unless we are ready to accept data */
        if ( ! tls_ready ( tls ) ) {
                rc = -ENOTCONN;
                goto done;
        }
 
        /* Send data record */
        if ( ( rc = tls_send_record ( tls, TLS_TYPE_DATA,
                                      iob_disown ( iobuf ) ) ) != 0 )
                goto done;
 
 done:
        free_iob ( iobuf );
        return rc;
}

References __unused, done, ENOTCONN, free_iob(), iob_disown, meta, rc, tls_ready(), tls_send_record(), and TLS_TYPE_DATA.

◆ tls_progress()

int tls_progress	(	struct tls_connection *	tls,
		struct job_progress *	progress )

static

Report job progress.

Parameters

tls	TLS connection
progress	Progress report to fill in

Return values

ongoing_rc Ongoing job status code (if known)

Definition at line 3483 of file tls.c.

                                                          {
 
        /* Return cipherstream or validator progress as applicable */
        if ( is_pending ( &tls->server.validation ) ) {
                return job_progress ( &tls->server.validator, progress );
        } else {
                return job_progress ( &tls->cipherstream, progress );
        }
}

References tls_connection::cipherstream, is_pending(), job_progress(), tls_connection::server, tls_server::validation, and tls_server::validator.

◆ tls_newdata_process_header()

int tls_newdata_process_header ( struct tls_connection * tls )

static

Handle received TLS header.

Parameters

tls	TLS connection

Return values

rc	Returned status code

Definition at line 3523 of file tls.c.

                                                                     {
        struct tls_cipherspec *cipherspec = &tls->rx.cipherspec.active;
        struct cipher_algorithm *cipher = cipherspec->suite->cipher;
        size_t iv_len = cipherspec->suite->record_iv_len;
        size_t data_len = ntohs ( tls->rx.header.length );
        size_t remaining = data_len;
        size_t frag_len;
        size_t reserve;
        struct io_buffer *iobuf;
        struct io_buffer *tmp;
        int rc;
 
        /* Sanity check */
        assert ( ( TLS_RX_BUFSIZE % cipher->alignsize ) == 0 );
 
        /* Calculate alignment reservation at start of first data buffer */
        reserve = ( ( -iv_len ) & ( cipher->alignsize - 1 ) );
        remaining += reserve;
 
        /* Allocate data buffers now that we know the length */
        assert ( list_empty ( &tls->rx.data ) );
        while ( remaining ) {
 
                /* Calculate fragment length.  Ensure that no block is
                 * smaller than TLS_RX_MIN_BUFSIZE (by increasing the
                 * allocation length if necessary).
                 */
                frag_len = remaining;
                if ( frag_len > TLS_RX_BUFSIZE )
                        frag_len = TLS_RX_BUFSIZE;
                remaining -= frag_len;
                if ( remaining < TLS_RX_MIN_BUFSIZE ) {
                        frag_len += remaining;
                        remaining = 0;
                }
 
                /* Allocate buffer */
                iobuf = alloc_iob_raw ( frag_len, TLS_RX_ALIGN, 0 );
                if ( ! iobuf ) {
                        DBGC ( tls, "TLS %p could not allocate %zd of %zd "
                               "bytes for receive buffer\n", tls,
                               remaining, data_len );
                        rc = -ENOMEM_RX_DATA;
                        goto err;
                }
 
                /* Ensure tailroom is exactly what we asked for.  This
                 * will result in unaligned I/O buffers when the
                 * fragment length is unaligned, which can happen only
                 * before we switch to using a block cipher.
                 */
                iob_reserve ( iobuf, ( iob_tailroom ( iobuf ) - frag_len ) );
 
                /* Ensure first buffer length will be aligned to a
                 * multiple of the cipher alignment size after
                 * stripping the record IV.
                 */
                iob_reserve ( iobuf, reserve );
                reserve = 0;
 
                /* Add I/O buffer to list */
                list_add_tail ( &iobuf->list, &tls->rx.data );
        }
 
        /* Move to data state */
        tls->rx.state = TLS_RX_DATA;
 
        return 0;
 
 err:
        list_for_each_entry_safe ( iobuf, tmp, &tls->rx.data, list ) {
                list_del ( &iobuf->list );
                free_iob ( iobuf );
        }
        return rc;
}

References tls_cipherspec_pair::active, cipher_algorithm::alignsize, alloc_iob_raw(), assert, tls_cipher_suite::cipher, tls_rx::cipherspec, tls_rx::data, data_len, DBGC, ENOMEM_RX_DATA, free_iob(), tls_rx::header, iob_reserve, iob_tailroom(), tls_header::length, io_buffer::list, list_add_tail, list_del, list_empty, list_for_each_entry_safe, ntohs, rc, tls_cipher_suite::record_iv_len, tls_connection::rx, tls_rx::state, tls_cipherspec::suite, TLS_RX_ALIGN, TLS_RX_BUFSIZE, TLS_RX_DATA, TLS_RX_MIN_BUFSIZE, and tmp.

Referenced by tls_cipherstream_deliver().

◆ tls_newdata_process_data()

int tls_newdata_process_data ( struct tls_connection * tls )

static

Handle received TLS data payload.

Parameters

tls	TLS connection

Return values

rc	Returned status code

Definition at line 3606 of file tls.c.

                                                                   {
        struct io_buffer *iobuf;
        int rc;
 
        /* Move current buffer to end of list */
        iobuf = list_first_entry ( &tls->rx.data, struct io_buffer, list );
        list_del ( &iobuf->list );
        list_add_tail ( &iobuf->list, &tls->rx.data );
 
        /* Continue receiving data if any space remains */
        iobuf = list_first_entry ( &tls->rx.data, struct io_buffer, list );
        if ( iob_tailroom ( iobuf ) )
                return 0;
 
        /* Process record */
        if ( ( rc = tls_new_ciphertext ( tls, &tls->rx.header,
                                         &tls->rx.data ) ) != 0 )
                return rc;
 
        /* Increment RX sequence number */
        tls->rx.seq += 1;
 
        /* Return to header state */
        assert ( list_empty ( &tls->rx.data ) );
        tls->rx.state = TLS_RX_HEADER;
        iob_unput ( &tls->rx.iobuf, sizeof ( tls->rx.header ) );
 
        return 0;
}

References assert, tls_rx::data, tls_rx::header, iob_tailroom(), iob_unput, tls_rx::iobuf, io_buffer::list, list_add_tail, list_del, list_empty, list_first_entry, rc, tls_connection::rx, tls_rx::seq, tls_rx::state, tls_new_ciphertext(), and TLS_RX_HEADER.

Referenced by tls_cipherstream_deliver().

◆ tls_cipherstream_window()

size_t tls_cipherstream_window ( struct tls_connection * tls )

static

Check flow control window.

Parameters

tls	TLS connection

Return values

len	Length of window

Definition at line 3642 of file tls.c.

                                                                     {
 
        /* Open window until we are ready to accept data */
        if ( ! tls_ready ( tls ) )
                return -1UL;
 
        return xfer_window ( &tls->plainstream );
}

References tls_connection::plainstream, tls_ready(), and xfer_window().

◆ tls_cipherstream_deliver()

int tls_cipherstream_deliver	(	struct tls_connection *	tls,
		struct io_buffer *	iobuf,
		struct xfer_metadata *xfer	__unused )

static

Receive new ciphertext.

Parameters

tls	TLS connection
iobuf	I/O buffer
meta	Data transfer metadat

Return values

rc	Return status code

Definition at line 3659 of file tls.c.

                                                                            {
        size_t frag_len;
        int ( * process ) ( struct tls_connection *tls );
        struct io_buffer *dest;
        int rc;
 
        while ( iob_len ( iobuf ) ) {
 
                /* Select buffer according to current state */
                switch ( tls->rx.state ) {
                case TLS_RX_HEADER:
                        dest = &tls->rx.iobuf;
                        process = tls_newdata_process_header;
                        break;
                case TLS_RX_DATA:
                        dest = list_first_entry ( &tls->rx.data,
                                                  struct io_buffer, list );
                        assert ( dest != NULL );
                        process = tls_newdata_process_data;
                        break;
                default:
                        assert ( 0 );
                        rc = -EINVAL_RX_STATE;
                        goto done;
                }
 
                /* Copy data portion to buffer */
                frag_len = iob_len ( iobuf );
                if ( frag_len > iob_tailroom ( dest ) )
                        frag_len = iob_tailroom ( dest );
                memcpy ( iob_put ( dest, frag_len ), iobuf->data, frag_len );
                iob_pull ( iobuf, frag_len );
 
                /* Process data if buffer is now full */
                if ( iob_tailroom ( dest ) == 0 ) {
                        if ( ( rc = process ( tls ) ) != 0 ) {
                                tls_close ( tls, rc );
                                goto done;
                        }
                }
        }
        rc = 0;
 
 done:
        free_iob ( iobuf );
        return rc;
}

References __unused, assert, io_buffer::data, tls_rx::data, dest, done, EINVAL_RX_STATE, free_iob(), iob_len(), iob_pull, iob_put, iob_tailroom(), tls_rx::iobuf, io_buffer::list, list_first_entry, memcpy(), NULL, rc, tls_connection::rx, tls_rx::state, tls_close(), tls_newdata_process_data(), tls_newdata_process_header(), TLS_RX_DATA, and TLS_RX_HEADER.

◆ tls_validator_done()

void tls_validator_done	(	struct tls_connection *	tls,
		int	rc )

static

Handle certificate validation completion.

Parameters

tls	TLS connection
rc	Reason for completion

Definition at line 3738 of file tls.c.

                                                                      {
        struct tls_session *session = tls->session;
        struct x509_certificate *cert;
 
        /* Mark validation as complete */
        pending_put ( &tls->server.validation );
 
        /* Close validator interface */
        intf_restart ( &tls->server.validator, rc );
 
        /* Check for validation failure */
        if ( rc != 0 ) {
                DBGC ( tls, "TLS %p certificate validation failed: %s\n",
                       tls, strerror ( rc ) );
                goto err;
        }
        DBGC ( tls, "TLS %p certificate validation succeeded\n", tls );
 
        /* Extract first certificate */
        cert = x509_first ( tls->server.chain );
        assert ( cert != NULL );
 
        /* Verify server name */
        if ( ( rc = x509_check_name ( cert, session->name ) ) != 0 ) {
                DBGC ( tls, "TLS %p server certificate does not match %s: %s\n",
                       tls, session->name, strerror ( rc ) );
                goto err;
        }
 
        /* Extract the now trusted server public key */
        memcpy ( &tls->server.key, &cert->subject.public_key.raw,
                 sizeof ( tls->server.key ) );
 
        /* Schedule transmission of applicable handshake messages */
        tls->tx.pending |= ( TLS_TX_CLIENT_KEY_EXCHANGE |
                             TLS_TX_CHANGE_CIPHER |
                             TLS_TX_FINISHED );
        if ( tls->client.chain ) {
                tls->tx.pending |= TLS_TX_CERTIFICATE;
                if ( ! list_empty ( &tls->client.chain->links ) )
                        tls->tx.pending |= TLS_TX_CERTIFICATE_VERIFY;
        }
        tls_tx_resume ( tls );
 
        return;
 
 err:
        tls_close ( tls, rc );
        return;
}

References assert, tls_client::chain, tls_server::chain, tls_connection::client, DBGC, intf_restart(), tls_server::key, x509_chain::links, list_empty, memcpy(), tls_session::name, NULL, tls_tx::pending, pending_put(), x509_subject::public_key, x509_public_key::raw, rc, tls_connection::server, tls_connection::session, strerror(), x509_certificate::subject, tls_close(), TLS_TX_CERTIFICATE, TLS_TX_CERTIFICATE_VERIFY, TLS_TX_CHANGE_CIPHER, TLS_TX_CLIENT_KEY_EXCHANGE, TLS_TX_FINISHED, tls_tx_resume(), tls_connection::tx, tls_server::validation, tls_server::validator, x509_check_name(), and x509_first().

◆ tls_tx_step()

void tls_tx_step ( struct tls_connection * tls )

static

TLS TX state machine.

Parameters

tls	TLS connection

Definition at line 3811 of file tls.c.

                                                       {
        struct tls_session *session = tls->session;
        struct tls_connection *conn;
        int rc;
 
        /* Wait for cipherstream to become ready */
        if ( ! xfer_window ( &tls->cipherstream ) )
                return;
 
        /* Send first pending transmission */
        if ( tls->tx.pending & TLS_TX_CLIENT_HELLO ) {
                /* Serialise server negotiations within a session, to
                 * provide a consistent view of session IDs and
                 * session tickets.
                 */
                list_for_each_entry ( conn, &session->conn, list ) {
                        if ( conn == tls )
                                break;
                        if ( is_pending ( &conn->server.negotiation ) )
                                return;
                }
                /* Record or generate session ID and associated master secret */
                if ( session->id_len ) {
                        /* Attempt to resume an existing session */
                        memcpy ( tls->session_id, session->id,
                                 sizeof ( tls->session_id ) );
                        tls->session_id_len = session->id_len;
                        memcpy ( tls->master_secret, session->master_secret,
                                 sizeof ( tls->master_secret ) );
                } else {
                        /* No existing session: use a random session ID */
                        assert ( sizeof ( tls->session_id ) ==
                                 sizeof ( tls->client.random ) );
                        memcpy ( tls->session_id, &tls->client.random,
                                 sizeof ( tls->session_id ) );
                        tls->session_id_len = sizeof ( tls->session_id );
                }
                /* Send Client Hello */
                if ( ( rc = tls_send_client_hello ( tls ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not send Client Hello: %s\n",
                               tls, strerror ( rc ) );
                        goto err;
                }
                tls->tx.pending &= ~TLS_TX_CLIENT_HELLO;
        } else if ( tls->tx.pending & TLS_TX_CERTIFICATE ) {
                /* Send Certificate */
                if ( ( rc = tls_send_certificate ( tls ) ) != 0 ) {
                        DBGC ( tls, "TLS %p cold not send Certificate: %s\n",
                               tls, strerror ( rc ) );
                        goto err;
                }
                tls->tx.pending &= ~TLS_TX_CERTIFICATE;
        } else if ( tls->tx.pending & TLS_TX_CLIENT_KEY_EXCHANGE ) {
                /* Send Client Key Exchange */
                if ( ( rc = tls_send_client_key_exchange ( tls ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not send Client Key "
                               "Exchange: %s\n", tls, strerror ( rc ) );
                        goto err;
                }
                tls->tx.pending &= ~TLS_TX_CLIENT_KEY_EXCHANGE;
        } else if ( tls->tx.pending & TLS_TX_CERTIFICATE_VERIFY ) {
                /* Send Certificate Verify */
                if ( ( rc = tls_send_certificate_verify ( tls ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not send Certificate "
                               "Verify: %s\n", tls, strerror ( rc ) );
                        goto err;
                }
                tls->tx.pending &= ~TLS_TX_CERTIFICATE_VERIFY;
        } else if ( tls->tx.pending & TLS_TX_CHANGE_CIPHER ) {
                /* Send Change Cipher, and then change the cipher in use */
                if ( ( rc = tls_send_change_cipher ( tls ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not send Change Cipher: "
                               "%s\n", tls, strerror ( rc ) );
                        goto err;
                }
                if ( ( rc = tls_change_cipher ( tls,
                                                &tls->tx.cipherspec ) ) != 0 ){
                        DBGC ( tls, "TLS %p could not activate TX cipher: "
                               "%s\n", tls, strerror ( rc ) );
                        goto err;
                }
                tls->tx.seq = 0;
                tls->tx.pending &= ~TLS_TX_CHANGE_CIPHER;
        } else if ( tls->tx.pending & TLS_TX_FINISHED ) {
                /* Send Finished */
                if ( ( rc = tls_send_finished ( tls ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not send Finished: %s\n",
                               tls, strerror ( rc ) );
                        goto err;
                }
                tls->tx.pending &= ~TLS_TX_FINISHED;
        }
 
        /* Reschedule process if pending transmissions remain,
         * otherwise send notification of a window change.
         */
        if ( tls->tx.pending ) {
                tls_tx_resume ( tls );
        } else {
                xfer_window_changed ( &tls->plainstream );
        }
 
        return;
 
 err:
        tls_close ( tls, rc );
}

References assert, tls_tx::cipherspec, tls_connection::cipherstream, tls_connection::client, tls_session::conn, DBGC, tls_session::id, tls_session::id_len, is_pending(), tls_connection::list, list_for_each_entry, tls_connection::master_secret, tls_session::master_secret, memcpy(), tls_server::negotiation, tls_tx::pending, tls_connection::plainstream, tls_client::random, rc, tls_tx::seq, tls_connection::server, tls_connection::session, tls_connection::session_id, tls_connection::session_id_len, strerror(), tls_change_cipher(), tls_close(), tls_send_certificate(), tls_send_certificate_verify(), tls_send_change_cipher(), tls_send_client_hello(), tls_send_client_key_exchange(), tls_send_finished(), TLS_TX_CERTIFICATE, TLS_TX_CERTIFICATE_VERIFY, TLS_TX_CHANGE_CIPHER, TLS_TX_CLIENT_HELLO, TLS_TX_CLIENT_KEY_EXCHANGE, TLS_TX_FINISHED, tls_tx_resume(), tls_connection::tx, xfer_window(), and xfer_window_changed().

◆ tls_session()

int tls_session	(	struct tls_connection *	tls,
		const char *	name )

static

Find or create session for TLS connection.

Parameters

tls	TLS connection
name	Server name

Return values

rc	Return status code

Definition at line 3937 of file tls.c.

                                                                        {
        struct tls_session *session;
        char *name_copy;
        int rc;
 
        /* Find existing matching session, if any */
        list_for_each_entry ( session, &tls_sessions, list ) {
                if ( ( strcmp ( name, session->name ) == 0 ) &&
                     ( tls->server.root == session->root ) &&
                     ( tls->client.key == session->key ) ) {
                        ref_get ( &session->refcnt );
                        tls->session = session;
                        DBGC ( tls, "TLS %p joining session %s\n", tls, name );
                        return 0;
                }
        }
 
        /* Create new session */
        session = zalloc ( sizeof ( *session ) + strlen ( name )
                           + 1 /* NUL */ );
        if ( ! session ) {
                rc = -ENOMEM;
                goto err_alloc;
        }
        ref_init ( &session->refcnt, free_tls_session );
        name_copy = ( ( ( void * ) session ) + sizeof ( *session ) );
        strcpy ( name_copy, name );
        session->name = name_copy;
        session->root = x509_root_get ( tls->server.root );
        session->key = privkey_get ( tls->client.key );
        INIT_LIST_HEAD ( &session->conn );
        list_add ( &session->list, &tls_sessions );
 
        /* Record session */
        tls->session = session;
 
        DBGC ( tls, "TLS %p created session %s\n", tls, name );
        return 0;
 
        ref_put ( &session->refcnt );
 err_alloc:
        return rc;
}

References tls_connection::client, tls_session::conn, DBGC, ENOMEM, free_tls_session(), INIT_LIST_HEAD, tls_client::key, tls_session::key, tls_session::list, list_add, list_for_each_entry, name, tls_session::name, privkey_get(), rc, ref_get, ref_init, ref_put, tls_session::refcnt, tls_server::root, tls_session::root, tls_connection::server, tls_connection::session, strcmp(), strcpy(), strlen(), x509_root_get(), and zalloc().

◆ add_tls()

int add_tls	(	struct interface *	xfer,
		const char *	name,
		struct x509_root *	root,
		struct private_key *	key )

Add TLS on an interface.

Parameters

xfer	Data transfer interface
name	Host name
root	Root of trust (or NULL to use default)
key	Private key (or NULL to use default)

Return values

rc	Return status code

Definition at line 3997 of file tls.c.

                                                                {
        struct tls_connection *tls;
        int rc;
 
        /* Allocate and initialise TLS structure */
        tls = malloc ( sizeof ( *tls ) );
        if ( ! tls ) {
                rc = -ENOMEM;
                goto err_alloc;
        }
        memset ( tls, 0, sizeof ( *tls ) );
        ref_init ( &tls->refcnt, free_tls );
        INIT_LIST_HEAD ( &tls->list );
        intf_init ( &tls->plainstream, &tls_plainstream_desc, &tls->refcnt );
        intf_init ( &tls->cipherstream, &tls_cipherstream_desc, &tls->refcnt );
        intf_init ( &tls->server.validator, &tls_validator_desc, &tls->refcnt );
        process_init_stopped ( &tls->tx.process, &tls_process_desc,
                               &tls->refcnt );
        tls->client.key = privkey_get ( key ? key : &private_key );
        tls->server.root = x509_root_get ( root ? root : &root_certificates );
        tls->version = TLS_VERSION_MAX;
        tls_clear_cipher ( tls, &tls->tx.cipherspec.active );
        tls_clear_cipher ( tls, &tls->tx.cipherspec.pending );
        tls_clear_cipher ( tls, &tls->rx.cipherspec.active );
        tls_clear_cipher ( tls, &tls->rx.cipherspec.pending );
        tls_clear_handshake ( tls );
        iob_populate ( &tls->rx.iobuf, &tls->rx.header, 0,
                       sizeof ( tls->rx.header ) );
        INIT_LIST_HEAD ( &tls->rx.data );
        if ( ( rc = tls_generate_random ( tls, &tls->client.random.random,
                          ( sizeof ( tls->client.random.random ) ) ) ) != 0 ) {
                goto err_random;
        }
        if ( ( rc = tls_session ( tls, name ) ) != 0 )
                goto err_session;
        list_add_tail ( &tls->list, &tls->session->conn );
 
        /* Start negotiation */
        tls_restart ( tls );
 
        /* Attach to parent interface, mortalise self, and return */
        intf_insert ( xfer, &tls->plainstream, &tls->cipherstream );
        ref_put ( &tls->refcnt );
        return 0;
 
 err_session:
 err_random:
        ref_put ( &tls->refcnt );
 err_alloc:
        return rc;
}

References tls_cipherspec_pair::active, tls_rx::cipherspec, tls_tx::cipherspec, tls_connection::cipherstream, tls_connection::client, tls_session::conn, tls_rx::data, ENOMEM, free_tls(), tls_rx::header, INIT_LIST_HEAD, intf_init(), intf_insert(), iob_populate(), tls_rx::iobuf, key, tls_client::key, tls_connection::list, list_add_tail, malloc(), memset(), name, tls_cipherspec_pair::pending, tls_connection::plainstream, privkey_get(), tls_tx::process, process_init_stopped(), tls_client::random, tls_client_random::random, rc, ref_init, ref_put, tls_connection::refcnt, root, tls_server::root, root_certificates, tls_connection::rx, tls_connection::server, tls_connection::session, tls_cipherstream_desc, tls_clear_cipher(), tls_clear_handshake(), tls_generate_random(), tls_plainstream_desc, tls_process_desc, tls_restart(), tls_validator_desc, TLS_VERSION_MAX, tls_connection::tx, tls_server::validator, tls_connection::version, and x509_root_get().

Referenced by apply_syslogs_settings(), https_filter(), ipair_rx_session(), and REQUIRING_SYMBOL().

◆ REQUIRING_SYMBOL()

REQUIRING_SYMBOL ( add_tls )

References add_tls().

◆ REQUIRE_OBJECT()

REQUIRE_OBJECT ( config_crypto )

Variable Documentation

◆ md5_sha1_algorithm

struct digest_algorithm md5_sha1_algorithm

static

Initial value:

= {
        .name           = "md5+sha1",
        .ctxsize        = sizeof ( struct md5_sha1_context ),
        .blocksize      = 0, 
        .digestsize     = sizeof ( struct md5_sha1_digest ),
        .init           = md5_sha1_init,
        .update         = md5_sha1_update,
        .final          = md5_sha1_final,
}

Hybrid MD5+SHA1 digest algorithm.

Definition at line 331 of file tls.c.

                                                    {
        .name           = "md5+sha1",
        .ctxsize        = sizeof ( struct md5_sha1_context ),
        .blocksize      = 0, /* Not applicable */
        .digestsize     = sizeof ( struct md5_sha1_digest ),
        .init           = md5_sha1_init,
        .update         = md5_sha1_update,
        .final          = md5_sha1_final,
};

Referenced by tls_select_cipher(), and tls_verify_dh_params().

◆ __rsa_digestinfo_prefix

struct rsa_digestinfo_prefix rsa_md5_sha1_prefix __rsa_digestinfo_prefix

Initial value:

= {
        .digest = &md5_sha1_algorithm,
        .data = NULL, 
        .len = 0,
}

RSA digestInfo prefix for MD5+SHA1 algorithm.

Definition at line 342 of file tls.c.

                                                                           {
        .digest = &md5_sha1_algorithm,
        .data = NULL, /* MD5+SHA1 signatures have no digestInfo */
        .len = 0,
};

◆ tls_cipher_suite_null

struct tls_cipher_suite tls_cipher_suite_null

Initial value:

= {
        .exchange = &tls_pubkey_exchange_algorithm,
        .pubkey = &pubkey_null,
        .cipher = &cipher_null,
        .digest = &digest_null,
}

Null cipher suite.

Definition at line 855 of file tls.c.

                                                {
        .exchange = &tls_pubkey_exchange_algorithm,
        .pubkey = &pubkey_null,
        .cipher = &cipher_null,
        .digest = &digest_null,
};

Referenced by tls_change_cipher(), and tls_clear_cipher().

◆ tls_pubkey_exchange_algorithm

struct tls_key_exchange_algorithm tls_pubkey_exchange_algorithm

Initial value:

= {
        .name = "pubkey",
        .exchange = tls_send_client_key_exchange_pubkey,
}

Public key exchange algorithm.

Definition at line 1490 of file tls.c.

                                                                  {
        .name = "pubkey",
        .exchange = tls_send_client_key_exchange_pubkey,
};

Referenced by __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), and __tls_cipher_suite().

◆ tls_dhe_exchange_algorithm

struct tls_key_exchange_algorithm tls_dhe_exchange_algorithm

Initial value:

= {
        .name = "dhe",
        .exchange = tls_send_client_key_exchange_dhe,
}

Ephemeral Diffie-Hellman key exchange algorithm.

Definition at line 1705 of file tls.c.

                                                               {
        .name = "dhe",
        .exchange = tls_send_client_key_exchange_dhe,
};

Referenced by __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), and __tls_cipher_suite().

◆ tls_ecdhe_exchange_algorithm

struct tls_key_exchange_algorithm tls_ecdhe_exchange_algorithm

Initial value:

= {
        .name = "ecdhe",
        .exchange = tls_send_client_key_exchange_ecdhe,
}

Ephemeral Elliptic Curve Diffie-Hellman key exchange algorithm.

Definition at line 1835 of file tls.c.

                                                                 {
        .name = "ecdhe",
        .exchange = tls_send_client_key_exchange_ecdhe,
};

Referenced by __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), and __tls_cipher_suite().

◆ tls_plainstream_ops

struct interface_operation tls_plainstream_ops[]

static

Initial value:

= {
        INTF_OP ( xfer_alloc_iob, struct tls_connection *, tls_alloc_iob ),
        INTF_OP ( xfer_deliver, struct tls_connection *,
                  tls_plainstream_deliver ),
        INTF_OP ( xfer_window, struct tls_connection *,
                  tls_plainstream_window ),
        INTF_OP ( job_progress, struct tls_connection *, tls_progress ),
        INTF_OP ( intf_close, struct tls_connection *, tls_close ),
}

TLS plaintext stream interface operations.

Definition at line 3495 of file tls.c.

                                                          {
        INTF_OP ( xfer_alloc_iob, struct tls_connection *, tls_alloc_iob ),
        INTF_OP ( xfer_deliver, struct tls_connection *,
                  tls_plainstream_deliver ),
        INTF_OP ( xfer_window, struct tls_connection *,
                  tls_plainstream_window ),
        INTF_OP ( job_progress, struct tls_connection *, tls_progress ),
        INTF_OP ( intf_close, struct tls_connection *, tls_close ),
};

◆ tls_plainstream_desc

struct interface_descriptor tls_plainstream_desc

static

Initial value:

=
        INTF_DESC_PASSTHRU ( struct tls_connection, plainstream,
                             tls_plainstream_ops, cipherstream )

TLS plaintext stream interface descriptor.

Definition at line 3506 of file tls.c.

Referenced by add_tls().

◆ tls_cipherstream_ops

struct interface_operation tls_cipherstream_ops[]

static

Initial value:

= {
        INTF_OP ( xfer_deliver, struct tls_connection *,
                  tls_cipherstream_deliver ),
        INTF_OP ( xfer_window, struct tls_connection *,
                  tls_cipherstream_window ),
        INTF_OP ( xfer_window_changed, struct tls_connection *,
                  tls_tx_resume ),
        INTF_OP ( intf_close, struct tls_connection *, tls_close ),
}

TLS ciphertext stream interface operations.

Definition at line 3710 of file tls.c.

                                                           {
        INTF_OP ( xfer_deliver, struct tls_connection *,
                  tls_cipherstream_deliver ),
        INTF_OP ( xfer_window, struct tls_connection *,
                  tls_cipherstream_window ),
        INTF_OP ( xfer_window_changed, struct tls_connection *,
                  tls_tx_resume ),
        INTF_OP ( intf_close, struct tls_connection *, tls_close ),
};

◆ tls_cipherstream_desc

struct interface_descriptor tls_cipherstream_desc

static

Initial value:

=
        INTF_DESC_PASSTHRU ( struct tls_connection, cipherstream,
                             tls_cipherstream_ops, plainstream )

TLS ciphertext stream interface descriptor.

Definition at line 3721 of file tls.c.

Referenced by add_tls().

◆ tls_validator_ops

struct interface_operation tls_validator_ops[]

static

Initial value:

= {
        INTF_OP ( intf_close, struct tls_connection *, tls_validator_done ),
}

TLS certificate validator interface operations.

Definition at line 3790 of file tls.c.

                                                        {
        INTF_OP ( intf_close, struct tls_connection *, tls_validator_done ),
};

◆ tls_validator_desc

struct interface_descriptor tls_validator_desc

static

Initial value:

=
        INTF_DESC ( struct tls_connection, server.validator,
                    tls_validator_ops )

TLS certificate validator interface descriptor.

Definition at line 3795 of file tls.c.

Referenced by add_tls().

◆ tls_process_desc

struct process_descriptor tls_process_desc

static

Initial value:

=

PROC_DESC_ONCE ( struct tls_connection, tx.process, tls_tx_step )

PROC_DESC_ONCE

#define PROC_DESC_ONCE(object_type, process, _step)

Define a process descriptor for a process that runs only once.

Definition process.h:98

tls_tx_step

static void tls_tx_step(struct tls_connection *tls)

TLS TX state machine.

Definition tls.c:3811

tx

u8 tx[WPA_TKIP_MIC_KEY_LEN]

MIC key for packets to the AP.

Definition wpa.h:4

TLS TX process descriptor.

Definition at line 3920 of file tls.c.

Referenced by add_tls().

Data Structures

Macros

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ EINVAL_CHANGE_CIPHER

◆ EINFO_EINVAL_CHANGE_CIPHER

◆ EINVAL_ALERT

◆ EINFO_EINVAL_ALERT

◆ EINVAL_HELLO

◆ EINFO_EINVAL_HELLO

◆ EINVAL_CERTIFICATE

◆ EINFO_EINVAL_CERTIFICATE

◆ EINVAL_CERTIFICATES

◆ EINFO_EINVAL_CERTIFICATES

◆ EINVAL_HELLO_DONE

◆ EINFO_EINVAL_HELLO_DONE

◆ EINVAL_FINISHED

◆ EINFO_EINVAL_FINISHED

◆ EINVAL_HANDSHAKE

◆ EINFO_EINVAL_HANDSHAKE

◆ EINVAL_IV

◆ EINFO_EINVAL_IV

◆ EINVAL_PADDING

◆ EINFO_EINVAL_PADDING

◆ EINVAL_RX_STATE

◆ EINFO_EINVAL_RX_STATE

◆ EINVAL_MAC

◆ EINFO_EINVAL_MAC

◆ EINVAL_TICKET

◆ EINFO_EINVAL_TICKET

◆ EINVAL_KEY_EXCHANGE

◆ EINFO_EINVAL_KEY_EXCHANGE

◆ EIO_ALERT

◆ EINFO_EIO_ALERT

◆ ENOMEM_CONTEXT

◆ EINFO_ENOMEM_CONTEXT

◆ ENOMEM_CERTIFICATE

◆ EINFO_ENOMEM_CERTIFICATE

◆ ENOMEM_CHAIN

◆ EINFO_ENOMEM_CHAIN

◆ ENOMEM_TX_PLAINTEXT

◆ EINFO_ENOMEM_TX_PLAINTEXT

◆ ENOMEM_TX_CIPHERTEXT

◆ EINFO_ENOMEM_TX_CIPHERTEXT

◆ ENOMEM_RX_DATA

◆ EINFO_ENOMEM_RX_DATA

◆ ENOMEM_RX_CONCAT

◆ EINFO_ENOMEM_RX_CONCAT

◆ ENOTSUP_CIPHER

◆ EINFO_ENOTSUP_CIPHER

◆ ENOTSUP_NULL

◆ EINFO_ENOTSUP_NULL

◆ ENOTSUP_SIG_HASH

◆ EINFO_ENOTSUP_SIG_HASH

◆ ENOTSUP_VERSION

◆ EINFO_ENOTSUP_VERSION

◆ ENOTSUP_CURVE

◆ EINFO_ENOTSUP_CURVE

◆ EPERM_ALERT

◆ EINFO_EPERM_ALERT

◆ EPERM_VERIFY

◆ EINFO_EPERM_VERIFY

◆ EPERM_RENEG_INSECURE

◆ EINFO_EPERM_RENEG_INSECURE

◆ EPERM_RENEG_VERIFY

◆ EINFO_EPERM_RENEG_VERIFY

◆ EPERM_KEY_EXCHANGE

◆ EINFO_EPERM_KEY_EXCHANGE

◆ EPERM_EMS

◆ EINFO_EPERM_EMS

◆ EPROTO_VERSION

◆ EINFO_EPROTO_VERSION

◆ tls_prf_label

◆ TLS_NUM_CIPHER_SUITES

◆ TLS_NUM_SIG_HASH_ALGORITHMS

◆ TLS_NUM_NAMED_CURVES

Function Documentation

◆ FILE_LICENCE()