tls.c File Reference

Transport Layer Security Protocol. More...

#include <stdint.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <time.h>
#include <errno.h>
#include <byteswap.h>
#include <ipxe/pending.h>
#include <ipxe/hmac.h>
#include <ipxe/md5.h>
#include <ipxe/sha1.h>
#include <ipxe/sha256.h>
#include <ipxe/aes.h>
#include <ipxe/rsa.h>
#include <ipxe/iobuf.h>
#include <ipxe/xfer.h>
#include <ipxe/open.h>
#include <ipxe/x509.h>
#include <ipxe/privkey.h>
#include <ipxe/certstore.h>
#include <ipxe/rootcert.h>
#include <ipxe/rbg.h>
#include <ipxe/validator.h>
#include <ipxe/job.h>
#include <ipxe/dhe.h>
#include <ipxe/tls.h>
#include <config/crypto.h>

Go to the source code of this file.

Data Structures
struct	tls24_t
	A TLS 24-bit integer. More...

Macros
#define	EINVAL_CHANGE_CIPHER   __einfo_error ( EINFO_EINVAL_CHANGE_CIPHER )
#define	EINFO_EINVAL_CHANGE_CIPHER
#define	EINVAL_ALERT   __einfo_error ( EINFO_EINVAL_ALERT )
#define	EINFO_EINVAL_ALERT
#define	EINVAL_HELLO   __einfo_error ( EINFO_EINVAL_HELLO )
#define	EINFO_EINVAL_HELLO
#define	EINVAL_CERTIFICATE   __einfo_error ( EINFO_EINVAL_CERTIFICATE )
#define	EINFO_EINVAL_CERTIFICATE
#define	EINVAL_CERTIFICATES   __einfo_error ( EINFO_EINVAL_CERTIFICATES )
#define	EINFO_EINVAL_CERTIFICATES
#define	EINVAL_HELLO_DONE   __einfo_error ( EINFO_EINVAL_HELLO_DONE )
#define	EINFO_EINVAL_HELLO_DONE
#define	EINVAL_FINISHED   __einfo_error ( EINFO_EINVAL_FINISHED )
#define	EINFO_EINVAL_FINISHED
#define	EINVAL_HANDSHAKE   __einfo_error ( EINFO_EINVAL_HANDSHAKE )
#define	EINFO_EINVAL_HANDSHAKE
#define	EINVAL_IV   __einfo_error ( EINFO_EINVAL_IV )
#define	EINFO_EINVAL_IV
#define	EINVAL_PADDING   __einfo_error ( EINFO_EINVAL_PADDING )
#define	EINFO_EINVAL_PADDING
#define	EINVAL_RX_STATE   __einfo_error ( EINFO_EINVAL_RX_STATE )
#define	EINFO_EINVAL_RX_STATE
#define	EINVAL_MAC   __einfo_error ( EINFO_EINVAL_MAC )
#define	EINFO_EINVAL_MAC
#define	EINVAL_TICKET   __einfo_error ( EINFO_EINVAL_TICKET )
#define	EINFO_EINVAL_TICKET
#define	EINVAL_KEY_EXCHANGE   __einfo_error ( EINFO_EINVAL_KEY_EXCHANGE )
#define	EINFO_EINVAL_KEY_EXCHANGE
#define	EIO_ALERT   __einfo_error ( EINFO_EIO_ALERT )
#define	EINFO_EIO_ALERT
#define	ENOMEM_CONTEXT   __einfo_error ( EINFO_ENOMEM_CONTEXT )
#define	EINFO_ENOMEM_CONTEXT
#define	ENOMEM_CERTIFICATE   __einfo_error ( EINFO_ENOMEM_CERTIFICATE )
#define	EINFO_ENOMEM_CERTIFICATE
#define	ENOMEM_CHAIN   __einfo_error ( EINFO_ENOMEM_CHAIN )
#define	EINFO_ENOMEM_CHAIN
#define	ENOMEM_TX_PLAINTEXT   __einfo_error ( EINFO_ENOMEM_TX_PLAINTEXT )
#define	EINFO_ENOMEM_TX_PLAINTEXT
#define	ENOMEM_TX_CIPHERTEXT   __einfo_error ( EINFO_ENOMEM_TX_CIPHERTEXT )
#define	EINFO_ENOMEM_TX_CIPHERTEXT
#define	ENOMEM_RX_DATA   __einfo_error ( EINFO_ENOMEM_RX_DATA )
#define	EINFO_ENOMEM_RX_DATA
#define	ENOMEM_RX_CONCAT   __einfo_error ( EINFO_ENOMEM_RX_CONCAT )
#define	EINFO_ENOMEM_RX_CONCAT
#define	ENOTSUP_CIPHER   __einfo_error ( EINFO_ENOTSUP_CIPHER )
#define	EINFO_ENOTSUP_CIPHER
#define	ENOTSUP_NULL   __einfo_error ( EINFO_ENOTSUP_NULL )
#define	EINFO_ENOTSUP_NULL
#define	ENOTSUP_SIG_HASH   __einfo_error ( EINFO_ENOTSUP_SIG_HASH )
#define	EINFO_ENOTSUP_SIG_HASH
#define	ENOTSUP_VERSION   __einfo_error ( EINFO_ENOTSUP_VERSION )
#define	EINFO_ENOTSUP_VERSION
#define	EPERM_ALERT   __einfo_error ( EINFO_EPERM_ALERT )
#define	EINFO_EPERM_ALERT
#define	EPERM_VERIFY   __einfo_error ( EINFO_EPERM_VERIFY )
#define	EINFO_EPERM_VERIFY
#define	EPERM_CLIENT_CERT   __einfo_error ( EINFO_EPERM_CLIENT_CERT )
#define	EINFO_EPERM_CLIENT_CERT
#define	EPERM_RENEG_INSECURE   __einfo_error ( EINFO_EPERM_RENEG_INSECURE )
#define	EINFO_EPERM_RENEG_INSECURE
#define	EPERM_RENEG_VERIFY   __einfo_error ( EINFO_EPERM_RENEG_VERIFY )
#define	EINFO_EPERM_RENEG_VERIFY
#define	EPERM_KEY_EXCHANGE   __einfo_error ( EINFO_EPERM_KEY_EXCHANGE )
#define	EINFO_EPERM_KEY_EXCHANGE
#define	EPROTO_VERSION   __einfo_error ( EINFO_EPROTO_VERSION )
#define	EINFO_EPROTO_VERSION
#define	tls_prf_label(tls, secret, secret_len, out, out_len, label, ...)
	Generate secure pseudo-random data. More...
#define	TLS_NUM_CIPHER_SUITES   table_num_entries ( TLS_CIPHER_SUITES )
	Number of supported cipher suites. More...
#define	TLS_NUM_SIG_HASH_ALGORITHMS   table_num_entries ( TLS_SIG_HASH_ALGORITHMS )
	Number of supported signature and hash algorithms. More...

Functions
	FILE_LICENCE (GPL2_OR_LATER)
static	LIST_HEAD (tls_sessions)
	List of TLS session. More...
static void	tls_tx_resume_all (struct tls_session *session)
	Resume TX state machine for all connections within a session. More...
static int	tls_send_plaintext (struct tls_connection *tls, unsigned int type, const void *data, size_t len)
	Send plaintext record. More...
static void	tls_clear_cipher (struct tls_connection *tls, struct tls_cipherspec *cipherspec)
static unsigned long	tls_uint24 (const tls24_t *field24)
	Extract 24-bit field value. More...
static void	tls_set_uint24 (tls24_t *field24, unsigned long value)
	Set 24-bit field value. More...
static int	tls_ready (struct tls_connection *tls)
	Determine if TLS connection is ready for application data. More...
static int	tls_version (struct tls_connection *tls, unsigned int version)
	Check for TLS version. More...
static void	md5_sha1_init (void *ctx)
	Initialise MD5+SHA1 algorithm. More...
static void	md5_sha1_update (void *ctx, const void *data, size_t len)
	Accumulate data with MD5+SHA1 algorithm. More...
static void	md5_sha1_final (void *ctx, void *out)
	Generate MD5+SHA1 digest. More...
static void	free_tls_session (struct refcnt *refcnt)
	Free TLS session. More...
static void	free_tls (struct refcnt *refcnt)
	Free TLS connection. More...
static void	tls_close (struct tls_connection *tls, int rc)
	Finish with TLS connection. More...
static int	tls_generate_random (struct tls_connection *tls, void *data, size_t len)
	Generate random data. More...
static void	tls_hmac_update_va (struct digest_algorithm *digest, void *ctx, va_list args)
	Update HMAC with a list of ( data, len ) pairs. More...
static void	tls_p_hash_va (struct tls_connection *tls, struct digest_algorithm *digest, const void *secret, size_t secret_len, void *out, size_t out_len, va_list seeds)
	Generate secure pseudo-random data using a single hash function. More...
static void	tls_prf (struct tls_connection *tls, const void *secret, size_t secret_len, void *out, size_t out_len,...)
	Generate secure pseudo-random data. More...
static void	tls_generate_master_secret (struct tls_connection *tls, const void *pre_master_secret, size_t pre_master_secret_len)
	Generate master secret. More...
static int	tls_generate_keys (struct tls_connection *tls)
	Generate key material. More...
static void	tls_clear_handshake (struct tls_connection *tls)
	Clear handshake digest algorithm. More...
static int	tls_select_handshake (struct tls_connection *tls, struct digest_algorithm *digest)
	Select handshake digest algorithm. More...
static int	tls_add_handshake (struct tls_connection *tls, const void *data, size_t len)
	Add handshake record to verification hash. More...
static void	tls_verify_handshake (struct tls_connection *tls, void *out)
	Calculate handshake verification hash. More...
static struct tls_cipher_suite *	tls_find_cipher_suite (unsigned int cipher_suite)
	Identify cipher suite. More...
static void	tls_clear_cipher (struct tls_connection *tls __unused, struct tls_cipherspec *cipherspec)
	Clear cipher suite. More...
static int	tls_set_cipher (struct tls_connection *tls, struct tls_cipherspec *cipherspec, struct tls_cipher_suite *suite)
	Set cipher suite. More...
static int	tls_select_cipher (struct tls_connection *tls, unsigned int cipher_suite)
	Select next cipher suite. More...
static int	tls_change_cipher (struct tls_connection *tls, struct tls_cipherspec *pending, struct tls_cipherspec *active)
	Activate next cipher suite. More...
static struct tls_signature_hash_algorithm *	tls_signature_hash_algorithm (struct pubkey_algorithm *pubkey, struct digest_algorithm *digest)
	Find TLS signature and hash algorithm. More...
static struct pubkey_algorithm *	tls_signature_hash_pubkey (struct tls_signature_hash_id code)
	Find TLS signature algorithm. More...
static struct digest_algorithm *	tls_signature_hash_digest (struct tls_signature_hash_id code)
	Find TLS hash algorithm. More...
static void	tls_tx_resume (struct tls_connection *tls)
	Resume TX state machine. More...
static void	tls_restart (struct tls_connection *tls)
	Restart negotiation. More...
static int	tls_send_handshake (struct tls_connection *tls, const void *data, size_t len)
	Transmit Handshake record. More...
static int	tls_client_hello (struct tls_connection *tls, int(*action)(struct tls_connection *tls, const void *data, size_t len))
	Digest or transmit Client Hello record. More...
static int	tls_send_client_hello (struct tls_connection *tls)
	Transmit Client Hello record. More...
static int	tls_send_certificate (struct tls_connection *tls)
	Transmit Certificate record. More...
static int	tls_send_client_key_exchange_pubkey (struct tls_connection *tls)
	Transmit Client Key Exchange record using public key exchange. More...
static int	tls_send_client_key_exchange_dhe (struct tls_connection *tls)
	Transmit Client Key Exchange record using DHE key exchange. More...
static int	tls_send_client_key_exchange (struct tls_connection *tls)
	Transmit Client Key Exchange record. More...
static int	tls_send_certificate_verify (struct tls_connection *tls)
	Transmit Certificate Verify record. More...
static int	tls_send_change_cipher (struct tls_connection *tls)
	Transmit Change Cipher record. More...
static int	tls_send_finished (struct tls_connection *tls)
	Transmit Finished record. More...
static int	tls_new_change_cipher (struct tls_connection *tls, const void *data, size_t len)
	Receive new Change Cipher record. More...
static int	tls_new_alert (struct tls_connection *tls, const void *data, size_t len)
	Receive new Alert record. More...
static int	tls_new_hello_request (struct tls_connection *tls, const void *data __unused, size_t len __unused)
	Receive new Hello Request handshake record. More...
static int	tls_new_server_hello (struct tls_connection *tls, const void *data, size_t len)
	Receive new Server Hello handshake record. More...
static int	tls_new_session_ticket (struct tls_connection *tls, const void *data, size_t len)
	Receive New Session Ticket handshake record. More...
static int	tls_parse_chain (struct tls_connection *tls, const void *data, size_t len)
	Parse certificate chain. More...
static int	tls_new_certificate (struct tls_connection *tls, const void *data, size_t len)
	Receive new Certificate handshake record. More...
static int	tls_new_server_key_exchange (struct tls_connection *tls, const void *data, size_t len)
	Receive new Server Key Exchange handshake record. More...
static int	tls_new_certificate_request (struct tls_connection *tls, const void *data __unused, size_t len __unused)
	Receive new Certificate Request handshake record. More...
static int	tls_new_server_hello_done (struct tls_connection *tls, const void *data, size_t len)
	Receive new Server Hello Done handshake record. More...
static int	tls_new_finished (struct tls_connection *tls, const void *data, size_t len)
	Receive new Finished handshake record. More...
static int	tls_new_handshake (struct tls_connection *tls, const void *data, size_t len)
	Receive new Handshake record. More...
static int	tls_new_record (struct tls_connection *tls, unsigned int type, struct list_head *rx_data)
	Receive new record. More...
static void	tls_hmac_init (struct tls_cipherspec *cipherspec, void *ctx, struct tls_auth_header *authhdr)
	Initialise HMAC. More...
static void	tls_hmac_update (struct tls_cipherspec *cipherspec, void *ctx, const void *data, size_t len)
	Update HMAC. More...
static void	tls_hmac_final (struct tls_cipherspec *cipherspec, void *ctx, void *hmac)
	Finalise HMAC. More...
static void	tls_hmac (struct tls_cipherspec *cipherspec, struct tls_auth_header *authhdr, const void *data, size_t len, void *hmac)
	Calculate HMAC. More...
static void	tls_hmac_list (struct tls_cipherspec *cipherspec, struct tls_auth_header *authhdr, struct list_head *list, void *hmac)
	Calculate HMAC over list of I/O buffers. More...
static int	tls_verify_padding (struct tls_connection *tls, struct io_buffer *iobuf)
	Verify block padding. More...
static int	tls_new_ciphertext (struct tls_connection *tls, struct tls_header *tlshdr, struct list_head *rx_data)
	Receive new ciphertext record. More...
static size_t	tls_plainstream_window (struct tls_connection *tls)
	Check flow control window. More...
static int	tls_plainstream_deliver (struct tls_connection *tls, struct io_buffer *iobuf, struct xfer_metadata *meta __unused)
	Deliver datagram as raw data. More...
static int	tls_progress (struct tls_connection *tls, struct job_progress *progress)
	Report job progress. More...
static int	tls_newdata_process_header (struct tls_connection *tls)
	Handle received TLS header. More...
static int	tls_newdata_process_data (struct tls_connection *tls)
	Handle received TLS data payload. More...
static size_t	tls_cipherstream_window (struct tls_connection *tls)
	Check flow control window. More...
static int	tls_cipherstream_deliver (struct tls_connection *tls, struct io_buffer *iobuf, struct xfer_metadata *xfer __unused)
	Receive new ciphertext. More...
static void	tls_validator_done (struct tls_connection *tls, int rc)
	Handle certificate validation completion. More...
static void	tls_tx_step (struct tls_connection *tls)
	TLS TX state machine. More...
static int	tls_session (struct tls_connection *tls, const char *name)
	Find or create session for TLS connection. More...
int	add_tls (struct interface *xfer, const char *name, struct x509_root *root, struct private_key *key)
	Add TLS on an interface. More...
	REQUIRING_SYMBOL (add_tls)
	REQUIRE_OBJECT (config_crypto)

Variables
static struct digest_algorithm	md5_sha1_algorithm
	Hybrid MD5+SHA1 digest algorithm. More...
struct rsa_digestinfo_prefix rsa_md5_sha1_prefix	__rsa_digestinfo_prefix
	RSA digestInfo prefix for MD5+SHA1 algorithm. More...
struct tls_cipher_suite	tls_cipher_suite_null
	Null cipher suite. More...
struct tls_key_exchange_algorithm	tls_pubkey_exchange_algorithm
	Public key exchange algorithm. More...
struct tls_key_exchange_algorithm	tls_dhe_exchange_algorithm
	Ephemeral Diffie-Hellman key exchange algorithm. More...
static struct interface_operation	tls_plainstream_ops []
	TLS plaintext stream interface operations. More...
static struct interface_descriptor	tls_plainstream_desc
	TLS plaintext stream interface descriptor. More...
static struct interface_operation	tls_cipherstream_ops []
	TLS ciphertext stream interface operations. More...
static struct interface_descriptor	tls_cipherstream_desc
	TLS ciphertext stream interface descriptor. More...
static struct interface_operation	tls_validator_ops []
	TLS certificate validator interface operations. More...
static struct interface_descriptor	tls_validator_desc
	TLS certificate validator interface descriptor. More...
static struct process_descriptor	tls_process_desc
	TLS TX process descriptor. More...

Detailed Description

Transport Layer Security Protocol.

Definition in file tls.c.

Macro Definition Documentation

EINVAL_CHANGE_CIPHER

#define EINVAL_CHANGE_CIPHER   __einfo_error ( EINFO_EINVAL_CHANGE_CIPHER )

Definition at line 57 of file tls.c.

EINFO_EINVAL_CHANGE_CIPHER

#define EINFO_EINVAL_CHANGE_CIPHER

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x01,                           \
                          "Invalid Change Cipher record" )

Definition at line 58 of file tls.c.

EINVAL_ALERT

#define EINVAL_ALERT   __einfo_error ( EINFO_EINVAL_ALERT )

Definition at line 61 of file tls.c.

EINFO_EINVAL_ALERT

#define EINFO_EINVAL_ALERT

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x02,                           \
                          "Invalid Alert record" )

Definition at line 62 of file tls.c.

EINVAL_HELLO

#define EINVAL_HELLO   __einfo_error ( EINFO_EINVAL_HELLO )

Definition at line 65 of file tls.c.

EINFO_EINVAL_HELLO

#define EINFO_EINVAL_HELLO

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x03,                           \
                          "Invalid Server Hello record" )

Definition at line 66 of file tls.c.

EINVAL_CERTIFICATE

#define EINVAL_CERTIFICATE   __einfo_error ( EINFO_EINVAL_CERTIFICATE )

Definition at line 69 of file tls.c.

EINFO_EINVAL_CERTIFICATE

#define EINFO_EINVAL_CERTIFICATE

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x04,                           \
                          "Invalid Certificate" )

Definition at line 70 of file tls.c.

EINVAL_CERTIFICATES

#define EINVAL_CERTIFICATES   __einfo_error ( EINFO_EINVAL_CERTIFICATES )

Definition at line 73 of file tls.c.

EINFO_EINVAL_CERTIFICATES

#define EINFO_EINVAL_CERTIFICATES

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x05,                           \
                          "Invalid Server Certificate record" )

Definition at line 74 of file tls.c.

EINVAL_HELLO_DONE

#define EINVAL_HELLO_DONE   __einfo_error ( EINFO_EINVAL_HELLO_DONE )

Definition at line 77 of file tls.c.

EINFO_EINVAL_HELLO_DONE

#define EINFO_EINVAL_HELLO_DONE

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x06,                           \
                          "Invalid Server Hello Done record" )

Definition at line 78 of file tls.c.

EINVAL_FINISHED

#define EINVAL_FINISHED   __einfo_error ( EINFO_EINVAL_FINISHED )

Definition at line 81 of file tls.c.

EINFO_EINVAL_FINISHED

#define EINFO_EINVAL_FINISHED

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x07,                           \
                          "Invalid Server Finished record" )

Definition at line 82 of file tls.c.

EINVAL_HANDSHAKE

#define EINVAL_HANDSHAKE   __einfo_error ( EINFO_EINVAL_HANDSHAKE )

Definition at line 85 of file tls.c.

EINFO_EINVAL_HANDSHAKE

#define EINFO_EINVAL_HANDSHAKE

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x08,                           \
                          "Invalid Handshake record" )

Definition at line 86 of file tls.c.

EINVAL_IV

#define EINVAL_IV   __einfo_error ( EINFO_EINVAL_IV )

Definition at line 89 of file tls.c.

EINFO_EINVAL_IV

#define EINFO_EINVAL_IV

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x0a,                           \
                          "Invalid initialisation vector" )

Definition at line 90 of file tls.c.

EINVAL_PADDING

#define EINVAL_PADDING   __einfo_error ( EINFO_EINVAL_PADDING )

Definition at line 93 of file tls.c.

EINFO_EINVAL_PADDING

#define EINFO_EINVAL_PADDING

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x0b,                           \
                          "Invalid block padding" )

Definition at line 94 of file tls.c.

EINVAL_RX_STATE

#define EINVAL_RX_STATE   __einfo_error ( EINFO_EINVAL_RX_STATE )

Definition at line 97 of file tls.c.

EINFO_EINVAL_RX_STATE

#define EINFO_EINVAL_RX_STATE

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x0c,                           \
                          "Invalid receive state" )

Definition at line 98 of file tls.c.

EINVAL_MAC

#define EINVAL_MAC   __einfo_error ( EINFO_EINVAL_MAC )

Definition at line 101 of file tls.c.

EINFO_EINVAL_MAC

#define EINFO_EINVAL_MAC

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x0d,                           \
                          "Invalid MAC or authentication tag" )

Definition at line 102 of file tls.c.

EINVAL_TICKET

#define EINVAL_TICKET   __einfo_error ( EINFO_EINVAL_TICKET )

Definition at line 105 of file tls.c.

EINFO_EINVAL_TICKET

#define EINFO_EINVAL_TICKET

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x0e,                           \
                          "Invalid New Session Ticket record")

Definition at line 106 of file tls.c.

EINVAL_KEY_EXCHANGE

#define EINVAL_KEY_EXCHANGE   __einfo_error ( EINFO_EINVAL_KEY_EXCHANGE )

Definition at line 109 of file tls.c.

EINFO_EINVAL_KEY_EXCHANGE

#define EINFO_EINVAL_KEY_EXCHANGE

Value:

__einfo_uniqify ( EINFO_EINVAL, 0x0f,                           \
                          "Invalid Server Key Exchange record" )

Definition at line 110 of file tls.c.

EIO_ALERT

#define EIO_ALERT   __einfo_error ( EINFO_EIO_ALERT )

Definition at line 113 of file tls.c.

EINFO_EIO_ALERT

#define EINFO_EIO_ALERT

Value:

__einfo_uniqify ( EINFO_EIO, 0x01,                              \
                          "Unknown alert level" )

Definition at line 114 of file tls.c.

ENOMEM_CONTEXT

#define ENOMEM_CONTEXT   __einfo_error ( EINFO_ENOMEM_CONTEXT )

Definition at line 117 of file tls.c.

EINFO_ENOMEM_CONTEXT

#define EINFO_ENOMEM_CONTEXT

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x01,                           \
                          "Not enough space for crypto context" )

Definition at line 118 of file tls.c.

ENOMEM_CERTIFICATE

#define ENOMEM_CERTIFICATE   __einfo_error ( EINFO_ENOMEM_CERTIFICATE )

Definition at line 121 of file tls.c.

EINFO_ENOMEM_CERTIFICATE

#define EINFO_ENOMEM_CERTIFICATE

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x02,                           \
                          "Not enough space for certificate" )

Definition at line 122 of file tls.c.

ENOMEM_CHAIN

#define ENOMEM_CHAIN   __einfo_error ( EINFO_ENOMEM_CHAIN )

Definition at line 125 of file tls.c.

EINFO_ENOMEM_CHAIN

#define EINFO_ENOMEM_CHAIN

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x03,                           \
                          "Not enough space for certificate chain" )

Definition at line 126 of file tls.c.

ENOMEM_TX_PLAINTEXT

#define ENOMEM_TX_PLAINTEXT   __einfo_error ( EINFO_ENOMEM_TX_PLAINTEXT )

Definition at line 129 of file tls.c.

EINFO_ENOMEM_TX_PLAINTEXT

#define EINFO_ENOMEM_TX_PLAINTEXT

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x04,                           \
                          "Not enough space for transmitted plaintext" )

Definition at line 130 of file tls.c.

ENOMEM_TX_CIPHERTEXT

#define ENOMEM_TX_CIPHERTEXT   __einfo_error ( EINFO_ENOMEM_TX_CIPHERTEXT )

Definition at line 133 of file tls.c.

EINFO_ENOMEM_TX_CIPHERTEXT

#define EINFO_ENOMEM_TX_CIPHERTEXT

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x05,                           \
                          "Not enough space for transmitted ciphertext" )

Definition at line 134 of file tls.c.

ENOMEM_RX_DATA

#define ENOMEM_RX_DATA   __einfo_error ( EINFO_ENOMEM_RX_DATA )

Definition at line 137 of file tls.c.

EINFO_ENOMEM_RX_DATA

#define EINFO_ENOMEM_RX_DATA

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x07,                           \
                          "Not enough space for received data" )

Definition at line 138 of file tls.c.

ENOMEM_RX_CONCAT

#define ENOMEM_RX_CONCAT   __einfo_error ( EINFO_ENOMEM_RX_CONCAT )

Definition at line 141 of file tls.c.

EINFO_ENOMEM_RX_CONCAT

#define EINFO_ENOMEM_RX_CONCAT

Value:

__einfo_uniqify ( EINFO_ENOMEM, 0x08,                           \
                          "Not enough space to concatenate received data" )

Definition at line 142 of file tls.c.

ENOTSUP_CIPHER

#define ENOTSUP_CIPHER   __einfo_error ( EINFO_ENOTSUP_CIPHER )

Definition at line 145 of file tls.c.

EINFO_ENOTSUP_CIPHER

#define EINFO_ENOTSUP_CIPHER

Value:

__einfo_uniqify ( EINFO_ENOTSUP, 0x01,                          \
                          "Unsupported cipher" )

Definition at line 146 of file tls.c.

ENOTSUP_NULL

#define ENOTSUP_NULL   __einfo_error ( EINFO_ENOTSUP_NULL )

Definition at line 149 of file tls.c.

EINFO_ENOTSUP_NULL

#define EINFO_ENOTSUP_NULL

Value:

__einfo_uniqify ( EINFO_ENOTSUP, 0x02,                          \
                          "Refusing to use null cipher" )

Definition at line 150 of file tls.c.

ENOTSUP_SIG_HASH

#define ENOTSUP_SIG_HASH   __einfo_error ( EINFO_ENOTSUP_SIG_HASH )

Definition at line 153 of file tls.c.

EINFO_ENOTSUP_SIG_HASH

#define EINFO_ENOTSUP_SIG_HASH

Value:

__einfo_uniqify ( EINFO_ENOTSUP, 0x03,                          \
                          "Unsupported signature and hash algorithm" )

Definition at line 154 of file tls.c.

ENOTSUP_VERSION

#define ENOTSUP_VERSION   __einfo_error ( EINFO_ENOTSUP_VERSION )

Definition at line 157 of file tls.c.

EINFO_ENOTSUP_VERSION

#define EINFO_ENOTSUP_VERSION

Value:

__einfo_uniqify ( EINFO_ENOTSUP, 0x04,                          \
                          "Unsupported protocol version" )

Definition at line 158 of file tls.c.

EPERM_ALERT

#define EPERM_ALERT   __einfo_error ( EINFO_EPERM_ALERT )

Definition at line 161 of file tls.c.

EINFO_EPERM_ALERT

#define EINFO_EPERM_ALERT

Value:

__einfo_uniqify ( EINFO_EPERM, 0x01,                            \
                          "Received fatal alert" )

Definition at line 162 of file tls.c.

EPERM_VERIFY

#define EPERM_VERIFY   __einfo_error ( EINFO_EPERM_VERIFY )

Definition at line 165 of file tls.c.

EINFO_EPERM_VERIFY

#define EINFO_EPERM_VERIFY

Value:

__einfo_uniqify ( EINFO_EPERM, 0x02,                            \
                          "Handshake verification failed" )

Definition at line 166 of file tls.c.

EPERM_CLIENT_CERT

#define EPERM_CLIENT_CERT   __einfo_error ( EINFO_EPERM_CLIENT_CERT )

Definition at line 169 of file tls.c.

EINFO_EPERM_CLIENT_CERT

#define EINFO_EPERM_CLIENT_CERT

Value:

__einfo_uniqify ( EINFO_EPERM, 0x03,                            \
                          "No suitable client certificate available" )

Definition at line 170 of file tls.c.

EPERM_RENEG_INSECURE

#define EPERM_RENEG_INSECURE   __einfo_error ( EINFO_EPERM_RENEG_INSECURE )

Definition at line 173 of file tls.c.

EINFO_EPERM_RENEG_INSECURE

#define EINFO_EPERM_RENEG_INSECURE

Value:

__einfo_uniqify ( EINFO_EPERM, 0x04,                            \
                          "Secure renegotiation not supported" )

Definition at line 174 of file tls.c.

EPERM_RENEG_VERIFY

#define EPERM_RENEG_VERIFY   __einfo_error ( EINFO_EPERM_RENEG_VERIFY )

Definition at line 177 of file tls.c.

EINFO_EPERM_RENEG_VERIFY

#define EINFO_EPERM_RENEG_VERIFY

Value:

__einfo_uniqify ( EINFO_EPERM, 0x05,                            \
                          "Secure renegotiation verification failed" )

Definition at line 178 of file tls.c.

EPERM_KEY_EXCHANGE

#define EPERM_KEY_EXCHANGE   __einfo_error ( EINFO_EPERM_KEY_EXCHANGE )

Definition at line 181 of file tls.c.

EINFO_EPERM_KEY_EXCHANGE

#define EINFO_EPERM_KEY_EXCHANGE

Value:

__einfo_uniqify ( EINFO_EPERM, 0x06,                            \
                          "ServerKeyExchange verification failed" )

Definition at line 182 of file tls.c.

EPROTO_VERSION

#define EPROTO_VERSION   __einfo_error ( EINFO_EPROTO_VERSION )

Definition at line 185 of file tls.c.

EINFO_EPROTO_VERSION

#define EINFO_EPROTO_VERSION

Value:

__einfo_uniqify ( EINFO_EPROTO, 0x01,                           \
                          "Illegal protocol version upgrade" )

Definition at line 186 of file tls.c.

tls_prf_label

#define tls_prf_label	(		tls,
			secret,
			secret_len,
			out,
			out_len,
			label,
			...
	)

Value:

tls_prf ( (tls), (secret), (secret_len), (out), (out_len),         \
                  label, ( sizeof ( label ) - 1 ), __VA_ARGS__, NULL )

Generate secure pseudo-random data.

Parameters

secret	Secret
secret_len	Length of secret
out	Output buffer
out_len	Length of output buffer
label	String literal label
...	( data, len ) pairs of seed data

Definition at line 611 of file tls.c.

TLS_NUM_CIPHER_SUITES

#define TLS_NUM_CIPHER_SUITES   table_num_entries ( TLS_CIPHER_SUITES )

Number of supported cipher suites.

Definition at line 825 of file tls.c.

TLS_NUM_SIG_HASH_ALGORITHMS

#define TLS_NUM_SIG_HASH_ALGORITHMS   table_num_entries ( TLS_SIG_HASH_ALGORITHMS )

Number of supported signature and hash algorithms.

Definition at line 980 of file tls.c.

Function Documentation

FILE_LICENCE()

FILE_LICENCE

(

GPL2_OR_LATER

)

LIST_HEAD()

static LIST_HEAD ( tls_sessions  )

static

List of TLS session.

tls_tx_resume_all()

static void tls_tx_resume_all ( struct tls_session *  session )

static

Resume TX state machine for all connections within a session.

Parameters

session

TLS session

Definition at line 1065 of file tls.c.

                                                              {
        struct tls_connection *tls;

        list_for_each_entry ( tls, &session->conn, list )
                tls_tx_resume ( tls );
}

References tls_connection::list, list_for_each_entry, session, and tls_tx_resume().

Referenced by tls_close(), and tls_new_finished().

tls_send_plaintext()

static int tls_send_plaintext ( struct tls_connection *  tls, unsigned int  type, const void *  data, size_t  len  )

static

Send plaintext record.

Parameters

tls	TLS connection
type	Record type
data	Plaintext record
len	Length of plaintext record

Return values

rc	Return status code

Definition at line 2661 of file tls.c.

                                                               {
        struct tls_cipherspec *cipherspec = &tls->tx_cipherspec;
        struct tls_cipher_suite *suite = cipherspec->suite;
        struct cipher_algorithm *cipher = suite->cipher;
        struct digest_algorithm *digest = suite->digest;
        struct {
                uint8_t fixed[suite->fixed_iv_len];
                uint8_t record[suite->record_iv_len];
        } __attribute__ (( packed )) iv;
        struct tls_auth_header authhdr;
        struct tls_header *tlshdr;
        void *plaintext = NULL;
        size_t plaintext_len = len;
        struct io_buffer *ciphertext = NULL;
        size_t ciphertext_len;
        size_t padding_len;
        uint8_t mac[digest->digestsize];
        void *tmp;
        int rc;

        /* Construct initialisation vector */
        memcpy ( iv.fixed, cipherspec->fixed_iv, sizeof ( iv.fixed ) );
        tls_generate_random ( tls, iv.record, sizeof ( iv.record ) );

        /* Construct authentication data */
        authhdr.seq = cpu_to_be64 ( tls->tx_seq );
        authhdr.header.type = type;
        authhdr.header.version = htons ( tls->version );
        authhdr.header.length = htons ( len );

        /* Calculate padding length */
        plaintext_len += suite->mac_len;
        if ( is_block_cipher ( cipher ) ) {
                padding_len = ( ( ( cipher->blocksize - 1 ) &
                                  -( plaintext_len + 1 ) ) + 1 );
        } else {
                padding_len = 0;
        }
        plaintext_len += padding_len;

        /* Allocate plaintext */
        plaintext = malloc ( plaintext_len );
        if ( ! plaintext ) {
                DBGC ( tls, "TLS %p could not allocate %zd bytes for "
                       "plaintext\n", tls, plaintext_len );
                rc = -ENOMEM_TX_PLAINTEXT;
                goto done;
        }

        /* Assemble plaintext */
        tmp = plaintext;
        memcpy ( tmp, data, len );
        tmp += len;
        if ( suite->mac_len )
                tls_hmac ( cipherspec, &authhdr, data, len, mac );
        memcpy ( tmp, mac, suite->mac_len );
        tmp += suite->mac_len;
        memset ( tmp, ( padding_len - 1 ), padding_len );
        tmp += padding_len;
        assert ( tmp == ( plaintext + plaintext_len ) );
        DBGC2 ( tls, "Sending plaintext data:\n" );
        DBGC2_HD ( tls, plaintext, plaintext_len );

        /* Set initialisation vector */
        cipher_setiv ( cipher, cipherspec->cipher_ctx, &iv, sizeof ( iv ) );

        /* Process authentication data, if applicable */
        if ( is_auth_cipher ( cipher ) ) {
                cipher_encrypt ( cipher, cipherspec->cipher_ctx, &authhdr,
                                 NULL, sizeof ( authhdr ) );
        }

        /* Allocate ciphertext */
        ciphertext_len = ( sizeof ( *tlshdr ) + sizeof ( iv.record ) +
                           plaintext_len + cipher->authsize );
        ciphertext = xfer_alloc_iob ( &tls->cipherstream, ciphertext_len );
        if ( ! ciphertext ) {
                DBGC ( tls, "TLS %p could not allocate %zd bytes for "
                       "ciphertext\n", tls, ciphertext_len );
                rc = -ENOMEM_TX_CIPHERTEXT;
                goto done;
        }

        /* Assemble ciphertext */
        tlshdr = iob_put ( ciphertext, sizeof ( *tlshdr ) );
        tlshdr->type = type;
        tlshdr->version = htons ( tls->version );
        tlshdr->length = htons ( ciphertext_len - sizeof ( *tlshdr ) );
        memcpy ( iob_put ( ciphertext, sizeof ( iv.record ) ), iv.record,
                 sizeof ( iv.record ) );
        cipher_encrypt ( cipher, cipherspec->cipher_ctx, plaintext,
                         iob_put ( ciphertext, plaintext_len ), plaintext_len );
        cipher_auth ( cipher, cipherspec->cipher_ctx,
                      iob_put ( ciphertext, cipher->authsize ) );
        assert ( iob_len ( ciphertext ) == ciphertext_len );

        /* Free plaintext as soon as possible to conserve memory */
        free ( plaintext );
        plaintext = NULL;

        /* Send ciphertext */
        if ( ( rc = xfer_deliver_iob ( &tls->cipherstream,
                                       iob_disown ( ciphertext ) ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not deliver ciphertext: %s\n",
                       tls, strerror ( rc ) );
                goto done;
        }

        /* Update TX state machine to next record */
        tls->tx_seq += 1;

 done:
        free ( plaintext );
        free_iob ( ciphertext );
        return rc;
}

References __attribute__, assert(), cipher_algorithm::authsize, cipher_algorithm::blocksize, tls_cipher_suite::cipher, cipher_auth(), tls_cipherspec::cipher_ctx, cipher_encrypt, cipher_setiv(), tls_connection::cipherstream, cpu_to_be64, data, DBGC, DBGC2, DBGC2_HD, digest, tls_cipher_suite::digest, done, ENOMEM_TX_CIPHERTEXT, ENOMEM_TX_PLAINTEXT, fixed, tls_cipherspec::fixed_iv, tls_cipher_suite::fixed_iv_len, free, free_iob(), tls_auth_header::header, htons, iob_disown, iob_len(), iob_put, is_auth_cipher(), is_block_cipher(), iv, len, tls_header::length, mac, tls_cipher_suite::mac_len, malloc(), memcpy(), memset(), NULL, rc, tls_cipher_suite::record_iv_len, tls_auth_header::seq, strerror(), tls_cipherspec::suite, tls_generate_random(), tls_hmac(), tmp, tls_connection::tx_cipherspec, tls_connection::tx_seq, type, tls_header::type, tls_header::version, tls_connection::version, xfer_alloc_iob(), and xfer_deliver_iob().

Referenced by tls_plainstream_deliver(), tls_send_change_cipher(), and tls_send_handshake().

tls_clear_cipher() [1/2]

static void tls_clear_cipher ( struct tls_connection *  tls, struct tls_cipherspec *  cipherspec  )

static

Referenced by add_tls(), free_tls(), tls_change_cipher(), and tls_set_cipher().

tls_uint24()

static unsigned long tls_uint24 ( const tls24_t *  field24 )

inlinestatic

Extract 24-bit field value.

Parameters

field24

24-bit field

Return values

value

Field value

Definition at line 226 of file tls.c.

                                      {

        return ( ( field24->high << 16 ) | be16_to_cpu ( field24->low ) );
}

References be16_to_cpu, tls24_t::high, and tls24_t::low.

Referenced by tls_new_certificate(), tls_new_handshake(), and tls_parse_chain().

tls_set_uint24()

static void tls_set_uint24 ( tls24_t *  field24, unsigned long  value  )

static

Set 24-bit field value.

Parameters

field24	24-bit field
value	Field value

Definition at line 237 of file tls.c.

                                                                     {

        field24->high = ( value >> 16 );
        field24->low = cpu_to_be16 ( value );
}

References cpu_to_be16, tls24_t::high, tls24_t::low, and value.

Referenced by tls_send_certificate().

tls_ready()

static int tls_ready ( struct tls_connection *  tls )

static

Determine if TLS connection is ready for application data.

Parameters

tls	TLS connection

Return values

is_ready

TLS connection is ready

Definition at line 249 of file tls.c.

                                                    {
        return ( ( ! is_pending ( &tls->client_negotiation ) ) &&
                 ( ! is_pending ( &tls->server_negotiation ) ) );
}

References tls_connection::client_negotiation, is_pending(), and tls_connection::server_negotiation.

Referenced by tls_cipherstream_window(), tls_new_hello_request(), tls_new_record(), tls_plainstream_deliver(), and tls_plainstream_window().

tls_version()

static int tls_version ( struct tls_connection *  tls, unsigned int  version  )

inlinestatic

Check for TLS version.

Parameters

tls	TLS connection
version	TLS version

Return values

at_least

TLS connection is using at least the specified version

Check that TLS connection uses at least the specified protocol version. Optimise down to a compile-time constant true result if this is already guaranteed by the minimum supported version check.

Definition at line 266 of file tls.c.

                                                                 {
        return ( ( TLS_VERSION_MIN >= version ) ||
                 ( tls->version >= version ) );
}

References TLS_VERSION_MIN, tls_connection::version, and version.

Referenced by tls_prf(), tls_select_cipher(), tls_send_certificate_verify(), and tls_send_client_key_exchange_dhe().

md5_sha1_init()

static void md5_sha1_init ( void *  ctx )

static

Initialise MD5+SHA1 algorithm.

Parameters

ctx	MD5+SHA1 context

Definition at line 283 of file tls.c.

                                        {
        struct md5_sha1_context *context = ctx;

        digest_init ( &md5_algorithm, context->md5 );
        digest_init ( &sha1_algorithm, context->sha1 );
}

References ctx, digest_init(), md5_sha1_context::md5, md5_algorithm, md5_sha1_context::sha1, and sha1_algorithm.

md5_sha1_update()

static void md5_sha1_update ( void *  ctx, const void *  data, size_t  len  )

static

Accumulate data with MD5+SHA1 algorithm.

Parameters

ctx	MD5+SHA1 context
data	Data
len	Length of data

Definition at line 297 of file tls.c.

                                                                        {
        struct md5_sha1_context *context = ctx;

        digest_update ( &md5_algorithm, context->md5, data, len );
        digest_update ( &sha1_algorithm, context->sha1, data, len );
}

References ctx, data, digest_update(), len, md5_sha1_context::md5, md5_algorithm, md5_sha1_context::sha1, and sha1_algorithm.

md5_sha1_final()

static void md5_sha1_final ( void *  ctx, void *  out  )

static

Generate MD5+SHA1 digest.

Parameters

ctx	MD5+SHA1 context
out	Output buffer

Definition at line 310 of file tls.c.

                                                    {
        struct md5_sha1_context *context = ctx;
        struct md5_sha1_digest *digest = out;

        digest_final ( &md5_algorithm, context->md5, digest->md5 );
        digest_final ( &sha1_algorithm, context->sha1, digest->sha1 );
}

References ctx, digest, digest_final(), md5_sha1_context::md5, md5_algorithm, out, md5_sha1_context::sha1, and sha1_algorithm.

free_tls_session()

static void free_tls_session ( struct refcnt *  refcnt )

static

Free TLS session.

Parameters

refcnt

Reference counter

Definition at line 348 of file tls.c.

                                                       {
        struct tls_session *session =
                container_of ( refcnt, struct tls_session, refcnt );

        /* Sanity check */
        assert ( list_empty ( &session->conn ) );

        /* Remove from list of sessions */
        list_del ( &session->list );

        /* Free dynamically-allocated resources */
        x509_root_put ( session->root );
        privkey_put ( session->key );
        free ( session->ticket );

        /* Free session */
        free ( session );
}

References assert(), container_of, free, list_del, list_empty, privkey_put(), session, and x509_root_put().

Referenced by tls_session().

free_tls()

static void free_tls ( struct refcnt *  refcnt )

static

Free TLS connection.

Parameters

refcnt

Reference counter

Definition at line 372 of file tls.c.

                                               {
        struct tls_connection *tls =
                container_of ( refcnt, struct tls_connection, refcnt );
        struct tls_session *session = tls->session;
        struct io_buffer *iobuf;
        struct io_buffer *tmp;

        /* Free dynamically-allocated resources */
        free ( tls->new_session_ticket );
        tls_clear_cipher ( tls, &tls->tx_cipherspec );
        tls_clear_cipher ( tls, &tls->tx_cipherspec_pending );
        tls_clear_cipher ( tls, &tls->rx_cipherspec );
        tls_clear_cipher ( tls, &tls->rx_cipherspec_pending );
        free ( tls->server_key );
        free ( tls->handshake_ctx );
        list_for_each_entry_safe ( iobuf, tmp, &tls->rx_data, list ) {
                list_del ( &iobuf->list );
                free_iob ( iobuf );
        }
        x509_chain_put ( tls->certs );
        x509_chain_put ( tls->chain );
        x509_root_put ( tls->root );
        privkey_put ( tls->key );

        /* Drop reference to session */
        assert ( list_empty ( &tls->list ) );
        ref_put ( &session->refcnt );

        /* Free TLS structure itself */
        free ( tls );
}

References assert(), tls_connection::certs, tls_connection::chain, container_of, free, free_iob(), tls_connection::handshake_ctx, tls_connection::key, io_buffer::list, tls_connection::list, list_del, list_empty, list_for_each_entry_safe, tls_connection::new_session_ticket, privkey_put(), ref_put, tls_connection::root, tls_connection::rx_cipherspec, tls_connection::rx_cipherspec_pending, tls_connection::rx_data, tls_connection::server_key, session, tls_connection::session, tls_clear_cipher(), tmp, tls_connection::tx_cipherspec, tls_connection::tx_cipherspec_pending, x509_chain_put(), and x509_root_put().

Referenced by add_tls().

tls_close()

static void tls_close ( struct tls_connection *  tls, int  rc  )

static

Finish with TLS connection.

Parameters

tls	TLS connection
rc	Status code

Definition at line 410 of file tls.c.

                                                             {

        /* Remove pending operations, if applicable */
        pending_put ( &tls->client_negotiation );
        pending_put ( &tls->server_negotiation );
        pending_put ( &tls->validation );

        /* Remove process */
        process_del ( &tls->process );

        /* Close all interfaces */
        intf_shutdown ( &tls->cipherstream, rc );
        intf_shutdown ( &tls->plainstream, rc );
        intf_shutdown ( &tls->validator, rc );

        /* Remove from session */
        list_del ( &tls->list );
        INIT_LIST_HEAD ( &tls->list );

        /* Resume all other connections, in case we were the lead connection */
        tls_tx_resume_all ( tls->session );
}

References tls_connection::cipherstream, tls_connection::client_negotiation, INIT_LIST_HEAD, intf_shutdown(), tls_connection::list, list_del, pending_put(), tls_connection::plainstream, tls_connection::process, process_del(), rc, tls_connection::server_negotiation, tls_connection::session, tls_tx_resume_all(), tls_connection::validation, and tls_connection::validator.

Referenced by tls_cipherstream_deliver(), tls_tx_step(), and tls_validator_done().

tls_generate_random()

static int tls_generate_random ( struct tls_connection *  tls, void *  data, size_t  len  )

static

Generate random data.

Parameters

tls	TLS connection
data	Buffer to fill
len	Length of buffer

Return values

rc	Return status code

Definition at line 448 of file tls.c.

                                                          {
        int rc;

        /* Generate random bits with no additional input and without
         * prediction resistance
         */
        if ( ( rc = rbg_generate ( NULL, 0, 0, data, len ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not generate random data: %s\n",
                       tls, strerror ( rc ) );
                return rc;
        }

        return 0;
}

References data, DBGC, len, NULL, rbg_generate(), rc, and strerror().

Referenced by add_tls(), tls_send_client_key_exchange_dhe(), tls_send_client_key_exchange_pubkey(), and tls_send_plaintext().

tls_hmac_update_va()

static void tls_hmac_update_va ( struct digest_algorithm *  digest, void *  ctx, va_list  args  )

static

Update HMAC with a list of ( data, len ) pairs.

Parameters

digest	Hash function to use
ctx	HMAC context
args	( data, len ) pairs of data, terminated by NULL

Definition at line 471 of file tls.c.

                                                           {
        void *data;
        size_t len;

        while ( ( data = va_arg ( args, void * ) ) ) {
                len = va_arg ( args, size_t );
                hmac_update ( digest, ctx, data, len );
        }
}

References ctx, data, digest, hmac_update(), len, and va_arg.

Referenced by tls_p_hash_va().

tls_p_hash_va()

static void tls_p_hash_va ( struct tls_connection *  tls, struct digest_algorithm *  digest, const void *  secret, size_t  secret_len, void *  out, size_t  out_len, va_list  seeds  )

static

Generate secure pseudo-random data using a single hash function.

Parameters

tls	TLS connection
digest	Hash function to use
secret	Secret
secret_len	Length of secret
out	Output buffer
out_len	Length of output buffer
seeds	( data, len ) pairs of seed data, terminated by NULL

Definition at line 493 of file tls.c.

                                            {
        uint8_t ctx[ hmac_ctxsize ( digest ) ];
        uint8_t ctx_partial[ sizeof ( ctx ) ];
        uint8_t a[digest->digestsize];
        uint8_t out_tmp[digest->digestsize];
        size_t frag_len = digest->digestsize;
        va_list tmp;

        DBGC2 ( tls, "TLS %p %s secret:\n", tls, digest->name );
        DBGC2_HD ( tls, secret, secret_len );

        /* Calculate A(1) */
        hmac_init ( digest, ctx, secret, secret_len );
        va_copy ( tmp, seeds );
        tls_hmac_update_va ( digest, ctx, tmp );
        va_end ( tmp );
        hmac_final ( digest, ctx, a );
        DBGC2 ( tls, "TLS %p %s A(1):\n", tls, digest->name );
        DBGC2_HD ( tls, &a, sizeof ( a ) );

        /* Generate as much data as required */
        while ( out_len ) {
                /* Calculate output portion */
                hmac_init ( digest, ctx, secret, secret_len );
                hmac_update ( digest, ctx, a, sizeof ( a ) );
                memcpy ( ctx_partial, ctx, sizeof ( ctx_partial ) );
                va_copy ( tmp, seeds );
                tls_hmac_update_va ( digest, ctx, tmp );
                va_end ( tmp );
                hmac_final ( digest, ctx, out_tmp );

                /* Copy output */
                if ( frag_len > out_len )
                        frag_len = out_len;
                memcpy ( out, out_tmp, frag_len );
                DBGC2 ( tls, "TLS %p %s output:\n", tls, digest->name );
                DBGC2_HD ( tls, out, frag_len );

                /* Calculate A(i) */
                hmac_final ( digest, ctx_partial, a );
                DBGC2 ( tls, "TLS %p %s A(n):\n", tls, digest->name );
                DBGC2_HD ( tls, &a, sizeof ( a ) );

                out += frag_len;
                out_len -= frag_len;
        }
}

References a, ctx, DBGC2, DBGC2_HD, digest, hmac_final(), hmac_init(), hmac_update(), memcpy(), out, tls_hmac_update_va(), tmp, va_copy, and va_end.

Referenced by tls_prf().

tls_prf()

static void tls_prf ( struct tls_connection *  tls, const void *  secret, size_t  secret_len, void *  out, size_t  out_len,   ...  )

static

Generate secure pseudo-random data.

Parameters

tls	TLS connection
secret	Secret
secret_len	Length of secret
out	Output buffer
out_len	Length of output buffer
...	( data, len ) pairs of seed data, terminated by NULL

Definition at line 555 of file tls.c.

                                                                          {
        va_list seeds;
        va_list tmp;
        size_t subsecret_len;
        const void *md5_secret;
        const void *sha1_secret;
        uint8_t buf[out_len];
        unsigned int i;

        va_start ( seeds, out_len );

        if ( tls_version ( tls, TLS_VERSION_TLS_1_2 ) ) {
                /* Use handshake digest PRF for TLSv1.2 and later */
                tls_p_hash_va ( tls, tls->handshake_digest, secret, secret_len,
                                out, out_len, seeds );
        } else {
                /* Use combination of P_MD5 and P_SHA-1 for TLSv1.1
                 * and earlier
                 */

                /* Split secret into two, with an overlap of up to one byte */
                subsecret_len = ( ( secret_len + 1 ) / 2 );
                md5_secret = secret;
                sha1_secret = ( secret + secret_len - subsecret_len );

                /* Calculate MD5 portion */
                va_copy ( tmp, seeds );
                tls_p_hash_va ( tls, &md5_algorithm, md5_secret,
                                subsecret_len, out, out_len, seeds );
                va_end ( tmp );

                /* Calculate SHA1 portion */
                va_copy ( tmp, seeds );
                tls_p_hash_va ( tls, &sha1_algorithm, sha1_secret,
                                subsecret_len, buf, out_len, seeds );
                va_end ( tmp );

                /* XOR the two portions together into the final output buffer */
                for ( i = 0 ; i < out_len ; i++ )
                        *( ( uint8_t * ) out + i ) ^= buf[i];
        }

        va_end ( seeds );
}

References tls_connection::handshake_digest, md5_algorithm, out, sha1_algorithm, tls_p_hash_va(), tls_version(), TLS_VERSION_TLS_1_2, tmp, va_copy, va_end, and va_start.

tls_generate_master_secret()

static void tls_generate_master_secret ( struct tls_connection *  tls, const void *  pre_master_secret, size_t  pre_master_secret_len  )

static

Generate master secret.

Parameters

tls	TLS connection
pre_master_secret	Pre-master secret
pre_master_secret_len	Length of pre-master secret

The client and server random values must already be known.

Definition at line 631 of file tls.c.

                                                                        {

        DBGC ( tls, "TLS %p pre-master-secret:\n", tls );
        DBGC_HD ( tls, pre_master_secret, pre_master_secret_len );
        DBGC ( tls, "TLS %p client random bytes:\n", tls );
        DBGC_HD ( tls, &tls->client_random, sizeof ( tls->client_random ) );
        DBGC ( tls, "TLS %p server random bytes:\n", tls );
        DBGC_HD ( tls, &tls->server_random, sizeof ( tls->server_random ) );

        tls_prf_label ( tls, pre_master_secret, pre_master_secret_len,
                        &tls->master_secret, sizeof ( tls->master_secret ),
                        "master secret",
                        &tls->client_random, sizeof ( tls->client_random ),
                        &tls->server_random, sizeof ( tls->server_random ) );

        DBGC ( tls, "TLS %p generated master secret:\n", tls );
        DBGC_HD ( tls, &tls->master_secret, sizeof ( tls->master_secret ) );
}

References tls_connection::client_random, DBGC, DBGC_HD, tls_connection::master_secret, tls_connection::server_random, and tls_prf_label.

Referenced by tls_send_client_key_exchange_dhe(), and tls_send_client_key_exchange_pubkey().

tls_generate_keys()

static int tls_generate_keys ( struct tls_connection *  tls )

static

Generate key material.

Parameters

tls	TLS connection

The master secret must already be known.

Definition at line 659 of file tls.c.

                                                            {
        struct tls_cipherspec *tx_cipherspec = &tls->tx_cipherspec_pending;
        struct tls_cipherspec *rx_cipherspec = &tls->rx_cipherspec_pending;
        size_t hash_size = tx_cipherspec->suite->mac_len;
        size_t key_size = tx_cipherspec->suite->key_len;
        size_t iv_size = tx_cipherspec->suite->fixed_iv_len;
        size_t total = ( 2 * ( hash_size + key_size + iv_size ) );
        uint8_t key_block[total];
        uint8_t *key;
        int rc;

        /* Generate key block */
        tls_prf_label ( tls, &tls->master_secret, sizeof ( tls->master_secret ),
                        key_block, sizeof ( key_block ), "key expansion",
                        &tls->server_random, sizeof ( tls->server_random ),
                        &tls->client_random, sizeof ( tls->client_random ) );

        /* Split key block into portions */
        key = key_block;

        /* TX MAC secret */
        memcpy ( tx_cipherspec->mac_secret, key, hash_size );
        DBGC ( tls, "TLS %p TX MAC secret:\n", tls );
        DBGC_HD ( tls, key, hash_size );
        key += hash_size;

        /* RX MAC secret */
        memcpy ( rx_cipherspec->mac_secret, key, hash_size );
        DBGC ( tls, "TLS %p RX MAC secret:\n", tls );
        DBGC_HD ( tls, key, hash_size );
        key += hash_size;

        /* TX key */
        if ( ( rc = cipher_setkey ( tx_cipherspec->suite->cipher,
                                    tx_cipherspec->cipher_ctx,
                                    key, key_size ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not set TX key: %s\n",
                       tls, strerror ( rc ) );
                return rc;
        }
        DBGC ( tls, "TLS %p TX key:\n", tls );
        DBGC_HD ( tls, key, key_size );
        key += key_size;

        /* RX key */
        if ( ( rc = cipher_setkey ( rx_cipherspec->suite->cipher,
                                    rx_cipherspec->cipher_ctx,
                                    key, key_size ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not set TX key: %s\n",
                       tls, strerror ( rc ) );
                return rc;
        }
        DBGC ( tls, "TLS %p RX key:\n", tls );
        DBGC_HD ( tls, key, key_size );
        key += key_size;

        /* TX initialisation vector */
        memcpy ( tx_cipherspec->fixed_iv, key, iv_size );
        DBGC ( tls, "TLS %p TX IV:\n", tls );
        DBGC_HD ( tls, key, iv_size );
        key += iv_size;

        /* RX initialisation vector */
        memcpy ( rx_cipherspec->fixed_iv, key, iv_size );
        DBGC ( tls, "TLS %p RX IV:\n", tls );
        DBGC_HD ( tls, key, iv_size );
        key += iv_size;

        assert ( ( key_block + total ) == key );

        return 0;
}

References assert(), tls_cipher_suite::cipher, tls_cipherspec::cipher_ctx, cipher_setkey(), tls_connection::client_random, DBGC, DBGC_HD, tls_cipherspec::fixed_iv, tls_cipher_suite::fixed_iv_len, key, tls_cipher_suite::key_len, tls_cipher_suite::mac_len, tls_cipherspec::mac_secret, tls_connection::master_secret, memcpy(), rc, tls_connection::rx_cipherspec_pending, tls_connection::server_random, strerror(), tls_cipherspec::suite, tls_prf_label, and tls_connection::tx_cipherspec_pending.

Referenced by tls_new_server_hello(), tls_send_client_key_exchange_dhe(), and tls_send_client_key_exchange_pubkey().

tls_clear_handshake()

static void tls_clear_handshake ( struct tls_connection *  tls )

static

Clear handshake digest algorithm.

Parameters

tls	TLS connection

Definition at line 744 of file tls.c.

                                                               {

        /* Select null digest algorithm */
        tls->handshake_digest = &digest_null;

        /* Free any existing context */
        free ( tls->handshake_ctx );
        tls->handshake_ctx = NULL;
}

References digest_null, free, tls_connection::handshake_ctx, tls_connection::handshake_digest, and NULL.

Referenced by add_tls(), and tls_select_handshake().

tls_select_handshake()

static int tls_select_handshake ( struct tls_connection *  tls, struct digest_algorithm *  digest  )

static

Select handshake digest algorithm.

Parameters

tls	TLS connection
digest	Handshake digest algorithm

Return values

rc	Return status code

Definition at line 761 of file tls.c.

                                                                    {

        /* Clear existing handshake digest */
        tls_clear_handshake ( tls );

        /* Allocate and initialise context */
        tls->handshake_ctx = malloc ( digest->ctxsize );
        if ( ! tls->handshake_ctx )
                return -ENOMEM;
        tls->handshake_digest = digest;
        digest_init ( digest, tls->handshake_ctx );

        return 0;
}

References digest, digest_init(), ENOMEM, tls_connection::handshake_ctx, tls_connection::handshake_digest, malloc(), and tls_clear_handshake().

Referenced by tls_select_cipher().

tls_add_handshake()

static int tls_add_handshake ( struct tls_connection *  tls, const void *  data, size_t  len  )

static

Add handshake record to verification hash.

Parameters

tls	TLS connection
data	Handshake record
len	Length of handshake record

Return values

rc	Return status code

Definition at line 785 of file tls.c.

                                                              {
        struct digest_algorithm *digest = tls->handshake_digest;

        digest_update ( digest, tls->handshake_ctx, data, len );
        return 0;
}

References data, digest, digest_update(), tls_connection::handshake_ctx, tls_connection::handshake_digest, and len.

Referenced by tls_new_handshake(), tls_new_server_hello(), and tls_send_handshake().

tls_verify_handshake()

static void tls_verify_handshake ( struct tls_connection *  tls, void *  out  )

static

Calculate handshake verification hash.

Parameters

tls	TLS connection
out	Output buffer

Calculates the digest over all handshake messages seen so far.

Definition at line 801 of file tls.c.

                                                                           {
        struct digest_algorithm *digest = tls->handshake_digest;
        uint8_t ctx[ digest->ctxsize ];

        memcpy ( ctx, tls->handshake_ctx, sizeof ( ctx ) );
        digest_final ( digest, ctx, out );
}

References ctx, digest, digest_final(), tls_connection::handshake_ctx, tls_connection::handshake_digest, memcpy(), and out.

Referenced by tls_new_finished(), tls_send_certificate_verify(), and tls_send_finished().

tls_find_cipher_suite()

static struct tls_cipher_suite* tls_find_cipher_suite ( unsigned int  cipher_suite )

static

Identify cipher suite.

Parameters

cipher_suite

Cipher suite specification

Return values

suite

Cipher suite, or NULL

Definition at line 834 of file tls.c.

                                                    {
        struct tls_cipher_suite *suite;

        /* Identify cipher suite */
        for_each_table_entry ( suite, TLS_CIPHER_SUITES ) {
                if ( suite->code == cipher_suite )
                        return suite;
        }

        return NULL;
}

References tls_cipher_suite::code, for_each_table_entry, NULL, and TLS_CIPHER_SUITES.

Referenced by tls_select_cipher().

tls_clear_cipher() [2/2]

static void tls_clear_cipher ( struct tls_connection *tls  __unused, struct tls_cipherspec *  cipherspec  )

static

Clear cipher suite.

Parameters

cipherspec

TLS cipher specification

Definition at line 851 of file tls.c.

                                                                   {

        if ( cipherspec->suite ) {
                pubkey_final ( cipherspec->suite->pubkey,
                               cipherspec->pubkey_ctx );
        }
        free ( cipherspec->dynamic );
        memset ( cipherspec, 0, sizeof ( *cipherspec ) );
        cipherspec->suite = &tls_cipher_suite_null;
}

References tls_cipherspec::dynamic, free, memset(), tls_cipher_suite::pubkey, tls_cipherspec::pubkey_ctx, pubkey_final(), tls_cipherspec::suite, and tls_cipher_suite_null.

tls_set_cipher()

static int tls_set_cipher ( struct tls_connection *  tls, struct tls_cipherspec *  cipherspec, struct tls_cipher_suite *  suite  )

static

Set cipher suite.

Parameters

tls	TLS connection
cipherspec	TLS cipher specification
suite	Cipher suite

Return values

rc	Return status code

Definition at line 871 of file tls.c.

                                                             {
        struct pubkey_algorithm *pubkey = suite->pubkey;
        struct cipher_algorithm *cipher = suite->cipher;
        size_t total;
        void *dynamic;

        /* Clear out old cipher contents, if any */
        tls_clear_cipher ( tls, cipherspec );

        /* Allocate dynamic storage */
        total = ( pubkey->ctxsize + cipher->ctxsize + suite->mac_len +
                  suite->fixed_iv_len );
        dynamic = zalloc ( total );
        if ( ! dynamic ) {
                DBGC ( tls, "TLS %p could not allocate %zd bytes for crypto "
                       "context\n", tls, total );
                return -ENOMEM_CONTEXT;
        }

        /* Assign storage */
        cipherspec->dynamic = dynamic;
        cipherspec->pubkey_ctx = dynamic;       dynamic += pubkey->ctxsize;
        cipherspec->cipher_ctx = dynamic;       dynamic += cipher->ctxsize;
        cipherspec->mac_secret = dynamic;       dynamic += suite->mac_len;
        cipherspec->fixed_iv = dynamic;         dynamic += suite->fixed_iv_len;
        assert ( ( cipherspec->dynamic + total ) == dynamic );

        /* Store parameters */
        cipherspec->suite = suite;

        return 0;
}

References assert(), tls_cipher_suite::cipher, tls_cipherspec::cipher_ctx, cipher_algorithm::ctxsize, pubkey_algorithm::ctxsize, DBGC, tls_cipherspec::dynamic, ENOMEM_CONTEXT, tls_cipherspec::fixed_iv, tls_cipher_suite::fixed_iv_len, tls_cipher_suite::mac_len, tls_cipherspec::mac_secret, tls_cipher_suite::pubkey, tls_cipherspec::pubkey_ctx, tls_cipherspec::suite, tls_clear_cipher(), and zalloc().

Referenced by tls_select_cipher().

tls_select_cipher()

static int tls_select_cipher ( struct tls_connection *  tls, unsigned int  cipher_suite  )

static

Select next cipher suite.

Parameters

tls	TLS connection
cipher_suite	Cipher suite specification

Return values

rc	Return status code

Definition at line 913 of file tls.c.

                                                           {
        struct tls_cipher_suite *suite;
        struct digest_algorithm *digest;
        int rc;

        /* Identify cipher suite */
        suite = tls_find_cipher_suite ( cipher_suite );
        if ( ! suite ) {
                DBGC ( tls, "TLS %p does not support cipher %04x\n",
                       tls, ntohs ( cipher_suite ) );
                return -ENOTSUP_CIPHER;
        }

        /* Set handshake digest algorithm */
        digest = ( tls_version ( tls, TLS_VERSION_TLS_1_2 ) ?
                   suite->handshake : &md5_sha1_algorithm );
        if ( ( rc = tls_select_handshake ( tls, digest ) ) != 0 )
                return rc;

        /* Set ciphers */
        if ( ( rc = tls_set_cipher ( tls, &tls->tx_cipherspec_pending,
                                     suite ) ) != 0 )
                return rc;
        if ( ( rc = tls_set_cipher ( tls, &tls->rx_cipherspec_pending,
                                     suite ) ) != 0 )
                return rc;

        DBGC ( tls, "TLS %p selected %s-%s-%s-%d-%s\n", tls,
               suite->exchange->name, suite->pubkey->name,
               suite->cipher->name, ( suite->key_len * 8 ),
               suite->digest->name );

        return 0;
}

References tls_cipher_suite::cipher, DBGC, digest, tls_cipher_suite::digest, ENOTSUP_CIPHER, tls_cipher_suite::exchange, tls_cipher_suite::handshake, tls_cipher_suite::key_len, md5_sha1_algorithm, digest_algorithm::name, cipher_algorithm::name, pubkey_algorithm::name, tls_key_exchange_algorithm::name, ntohs, tls_cipher_suite::pubkey, rc, tls_connection::rx_cipherspec_pending, tls_find_cipher_suite(), tls_select_handshake(), tls_set_cipher(), tls_version(), TLS_VERSION_TLS_1_2, and tls_connection::tx_cipherspec_pending.

Referenced by tls_new_server_hello().

tls_change_cipher()

static int tls_change_cipher ( struct tls_connection *  tls, struct tls_cipherspec *  pending, struct tls_cipherspec *  active  )

static

Activate next cipher suite.

Parameters

tls	TLS connection
pending	Pending cipher specification
active	Active cipher specification to replace

Return values

rc	Return status code

Definition at line 957 of file tls.c.

                                                               {

        /* Sanity check */
        if ( pending->suite == &tls_cipher_suite_null ) {
                DBGC ( tls, "TLS %p refusing to use null cipher\n", tls );
                return -ENOTSUP_NULL;
        }

        tls_clear_cipher ( tls, active );
        memswap ( active, pending, sizeof ( *active ) );
        return 0;
}

References DBGC, ENOTSUP_NULL, memswap(), pending, tls_cipher_suite_null, and tls_clear_cipher().

Referenced by tls_new_change_cipher(), and tls_tx_step().

tls_signature_hash_algorithm()

static struct tls_signature_hash_algorithm* tls_signature_hash_algorithm ( struct pubkey_algorithm *  pubkey, struct digest_algorithm *  digest  )

static

Find TLS signature and hash algorithm.

Parameters

pubkey	Public-key algorithm
digest	Digest algorithm

Return values

sig_hash

Signature and hash algorithm, or NULL

Definition at line 991 of file tls.c.

                                                                 {
        struct tls_signature_hash_algorithm *sig_hash;

        /* Identify signature and hash algorithm */
        for_each_table_entry ( sig_hash, TLS_SIG_HASH_ALGORITHMS ) {
                if ( ( sig_hash->pubkey == pubkey ) &&
                     ( sig_hash->digest == digest ) ) {
                        return sig_hash;
                }
        }

        return NULL;
}

References digest, tls_signature_hash_algorithm::digest, for_each_table_entry, NULL, tls_signature_hash_algorithm::pubkey, and TLS_SIG_HASH_ALGORITHMS.

Referenced by tls_send_certificate_verify().

tls_signature_hash_pubkey()

static struct pubkey_algorithm* tls_signature_hash_pubkey ( struct tls_signature_hash_id  code )

static

Find TLS signature algorithm.

Parameters

code	Signature and hash algorithm identifier

Return values

pubkey

Public key algorithm, or NULL

Definition at line 1013 of file tls.c.

                                                                {
        struct tls_signature_hash_algorithm *sig_hash;

        /* Identify signature and hash algorithm */
        for_each_table_entry ( sig_hash, TLS_SIG_HASH_ALGORITHMS ) {
                if ( sig_hash->code.signature == code.signature )
                        return sig_hash->pubkey;
        }

        return NULL;
}

References code, tls_signature_hash_algorithm::code, for_each_table_entry, NULL, tls_signature_hash_algorithm::pubkey, tls_signature_hash_id::signature, and TLS_SIG_HASH_ALGORITHMS.

Referenced by tls_send_client_key_exchange_dhe().

tls_signature_hash_digest()

static struct digest_algorithm* tls_signature_hash_digest ( struct tls_signature_hash_id  code )

static

Find TLS hash algorithm.

Parameters

code	Signature and hash algorithm identifier

Return values

digest

Digest algorithm, or NULL

Definition at line 1032 of file tls.c.

                                                                {
        struct tls_signature_hash_algorithm *sig_hash;

        /* Identify signature and hash algorithm */
        for_each_table_entry ( sig_hash, TLS_SIG_HASH_ALGORITHMS ) {
                if ( sig_hash->code.hash == code.hash )
                        return sig_hash->digest;
        }

        return NULL;
}

References code, tls_signature_hash_algorithm::code, tls_signature_hash_algorithm::digest, for_each_table_entry, tls_signature_hash_id::hash, NULL, and TLS_SIG_HASH_ALGORITHMS.

Referenced by tls_send_client_key_exchange_dhe().

tls_tx_resume()

static void tls_tx_resume ( struct tls_connection *  tls )

static

Resume TX state machine.

Parameters

tls	TLS connection

Definition at line 1056 of file tls.c.

                                                         {
        process_add ( &tls->process );
}

References tls_connection::process, and process_add().

Referenced by tls_new_finished(), tls_restart(), tls_tx_resume_all(), tls_tx_step(), and tls_validator_done().

tls_restart()

static void tls_restart ( struct tls_connection *  tls )

static

Restart negotiation.

Parameters

tls	TLS connection

Definition at line 1077 of file tls.c.

                                                       {

        /* Sanity check */
        assert ( ! tls->tx_pending );
        assert ( ! is_pending ( &tls->client_negotiation ) );
        assert ( ! is_pending ( &tls->server_negotiation ) );
        assert ( ! is_pending ( &tls->validation ) );

        /* (Re)start negotiation */
        tls->tx_pending = TLS_TX_CLIENT_HELLO;
        tls_tx_resume ( tls );
        pending_get ( &tls->client_negotiation );
        pending_get ( &tls->server_negotiation );
}

References assert(), tls_connection::client_negotiation, is_pending(), pending_get(), tls_connection::server_negotiation, TLS_TX_CLIENT_HELLO, tls_tx_resume(), tls_connection::tx_pending, and tls_connection::validation.

Referenced by add_tls(), and tls_new_hello_request().

tls_send_handshake()

static int tls_send_handshake ( struct tls_connection *  tls, const void *  data, size_t  len  )

static

Transmit Handshake record.

Parameters

tls	TLS connection
data	Plaintext record
len	Length of plaintext record

Return values

rc	Return status code

Definition at line 1100 of file tls.c.

                                                               {

        /* Add to handshake digest */
        tls_add_handshake ( tls, data, len );

        /* Send record */
        return tls_send_plaintext ( tls, TLS_TYPE_HANDSHAKE, data, len );
}

References data, len, tls_add_handshake(), tls_send_plaintext(), and TLS_TYPE_HANDSHAKE.

Referenced by tls_send_certificate(), tls_send_certificate_verify(), tls_send_client_hello(), tls_send_client_key_exchange_dhe(), tls_send_client_key_exchange_pubkey(), and tls_send_finished().

tls_client_hello()

static int tls_client_hello ( struct tls_connection *  tls, int(*)(struct tls_connection *tls, const void *data, size_t len)  action  )

static

Digest or transmit Client Hello record.

Parameters

tls	TLS connection
action	Action to take on Client Hello record

Return values

rc	Return status code

Definition at line 1117 of file tls.c.

                                                                {
        struct tls_session *session = tls->session;
        size_t name_len = strlen ( session->name );
        struct {
                uint32_t type_length;
                uint16_t version;
                uint8_t random[32];
                uint8_t session_id_len;
                uint8_t session_id[tls->session_id_len];
                uint16_t cipher_suite_len;
                uint16_t cipher_suites[TLS_NUM_CIPHER_SUITES];
                uint8_t compression_methods_len;
                uint8_t compression_methods[1];
                uint16_t extensions_len;
                struct {
                        uint16_t server_name_type;
                        uint16_t server_name_len;
                        struct {
                                uint16_t len;
                                struct {
                                        uint8_t type;
                                        uint16_t len;
                                        uint8_t name[name_len];
                                } __attribute__ (( packed )) list[1];
                        } __attribute__ (( packed )) server_name;
                        uint16_t max_fragment_length_type;
                        uint16_t max_fragment_length_len;
                        struct {
                                uint8_t max;
                        } __attribute__ (( packed )) max_fragment_length;
                        uint16_t signature_algorithms_type;
                        uint16_t signature_algorithms_len;
                        struct {
                                uint16_t len;
                                struct tls_signature_hash_id
                                        code[TLS_NUM_SIG_HASH_ALGORITHMS];
                        } __attribute__ (( packed )) signature_algorithms;
                        uint16_t renegotiation_info_type;
                        uint16_t renegotiation_info_len;
                        struct {
                                uint8_t len;
                                uint8_t data[ tls->secure_renegotiation ?
                                              sizeof ( tls->verify.client ) :0];
                        } __attribute__ (( packed )) renegotiation_info;
                        uint16_t session_ticket_type;
                        uint16_t session_ticket_len;
                        struct {
                                uint8_t data[session->ticket_len];
                        } __attribute__ (( packed )) session_ticket;
                } __attribute__ (( packed )) extensions;
        } __attribute__ (( packed )) hello;
        struct tls_cipher_suite *suite;
        struct tls_signature_hash_algorithm *sighash;
        unsigned int i;

        /* Construct record */
        memset ( &hello, 0, sizeof ( hello ) );
        hello.type_length = ( cpu_to_le32 ( TLS_CLIENT_HELLO ) |
                              htonl ( sizeof ( hello ) -
                                      sizeof ( hello.type_length ) ) );
        hello.version = htons ( TLS_VERSION_MAX );
        memcpy ( &hello.random, &tls->client_random, sizeof ( hello.random ) );
        hello.session_id_len = tls->session_id_len;
        memcpy ( hello.session_id, tls->session_id,
                 sizeof ( hello.session_id ) );
        hello.cipher_suite_len = htons ( sizeof ( hello.cipher_suites ) );
        i = 0 ; for_each_table_entry ( suite, TLS_CIPHER_SUITES )
                hello.cipher_suites[i++] = suite->code;
        hello.compression_methods_len = sizeof ( hello.compression_methods );
        hello.extensions_len = htons ( sizeof ( hello.extensions ) );
        hello.extensions.server_name_type = htons ( TLS_SERVER_NAME );
        hello.extensions.server_name_len
                = htons ( sizeof ( hello.extensions.server_name ) );
        hello.extensions.server_name.len
                = htons ( sizeof ( hello.extensions.server_name.list ) );
        hello.extensions.server_name.list[0].type = TLS_SERVER_NAME_HOST_NAME;
        hello.extensions.server_name.list[0].len
                = htons ( sizeof ( hello.extensions.server_name.list[0].name ));
        memcpy ( hello.extensions.server_name.list[0].name, session->name,
                 sizeof ( hello.extensions.server_name.list[0].name ) );
        hello.extensions.max_fragment_length_type
                = htons ( TLS_MAX_FRAGMENT_LENGTH );
        hello.extensions.max_fragment_length_len
                = htons ( sizeof ( hello.extensions.max_fragment_length ) );
        hello.extensions.max_fragment_length.max
                = TLS_MAX_FRAGMENT_LENGTH_4096;
        hello.extensions.signature_algorithms_type
                = htons ( TLS_SIGNATURE_ALGORITHMS );
        hello.extensions.signature_algorithms_len
                = htons ( sizeof ( hello.extensions.signature_algorithms ) );
        hello.extensions.signature_algorithms.len
                = htons ( sizeof ( hello.extensions.signature_algorithms.code));
        i = 0 ; for_each_table_entry ( sighash, TLS_SIG_HASH_ALGORITHMS )
                hello.extensions.signature_algorithms.code[i++] = sighash->code;
        hello.extensions.renegotiation_info_type
                = htons ( TLS_RENEGOTIATION_INFO );
        hello.extensions.renegotiation_info_len
                = htons ( sizeof ( hello.extensions.renegotiation_info ) );
        hello.extensions.renegotiation_info.len
                = sizeof ( hello.extensions.renegotiation_info.data );
        memcpy ( hello.extensions.renegotiation_info.data, tls->verify.client,
                 sizeof ( hello.extensions.renegotiation_info.data ) );
        hello.extensions.session_ticket_type = htons ( TLS_SESSION_TICKET );
        hello.extensions.session_ticket_len
                = htons ( sizeof ( hello.extensions.session_ticket ) );
        memcpy ( hello.extensions.session_ticket.data, session->ticket,
                 sizeof ( hello.extensions.session_ticket.data ) );

        return action ( tls, &hello, sizeof ( hello ) );
}

References __attribute__, tls_verify_data::client, tls_connection::client_random, code, tls_cipher_suite::code, tls_signature_hash_algorithm::code, cpu_to_le32, data, for_each_table_entry, hello, htonl, htons, len, tls_session::list, max, memcpy(), memset(), tls_session::name, random(), tls_connection::secure_renegotiation, session, tls_connection::session, tls_connection::session_id, tls_connection::session_id_len, strlen(), TLS_CIPHER_SUITES, TLS_CLIENT_HELLO, TLS_MAX_FRAGMENT_LENGTH, TLS_MAX_FRAGMENT_LENGTH_4096, TLS_NUM_CIPHER_SUITES, TLS_NUM_SIG_HASH_ALGORITHMS, TLS_RENEGOTIATION_INFO, TLS_SERVER_NAME, TLS_SERVER_NAME_HOST_NAME, TLS_SESSION_TICKET, TLS_SIG_HASH_ALGORITHMS, TLS_SIGNATURE_ALGORITHMS, TLS_VERSION_MAX, type, tls_connection::verify, and version.

Referenced by tls_new_server_hello(), and tls_send_client_hello().

tls_send_client_hello()

static int tls_send_client_hello ( struct tls_connection *  tls )

static

Transmit Client Hello record.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1237 of file tls.c.

                                                                {

        return tls_client_hello ( tls, tls_send_handshake );
}

References tls_client_hello(), and tls_send_handshake().

Referenced by tls_tx_step().

tls_send_certificate()

static int tls_send_certificate ( struct tls_connection *  tls )

static

Transmit Certificate record.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1248 of file tls.c.

                                                               {
        struct {
                tls24_t length;
                uint8_t data[0];
        } __attribute__ (( packed )) *certificate;
        struct {
                uint32_t type_length;
                tls24_t length;
                typeof ( *certificate ) certificates[0];
        } __attribute__ (( packed )) *certificates;
        struct x509_link *link;
        struct x509_certificate *cert;
        size_t len;
        int rc;

        /* Calculate length of client certificates */
        len = 0;
        list_for_each_entry ( link, &tls->certs->links, list ) {
                cert = link->cert;
                len += ( sizeof ( *certificate ) + cert->raw.len );
                DBGC ( tls, "TLS %p sending client certificate %s\n",
                       tls, x509_name ( cert ) );
        }

        /* Allocate storage for Certificate record (which may be too
         * large for the stack).
         */
        certificates = zalloc ( sizeof ( *certificates ) + len );
        if ( ! certificates )
                return -ENOMEM_CERTIFICATE;

        /* Populate record */
        certificates->type_length =
                ( cpu_to_le32 ( TLS_CERTIFICATE ) |
                  htonl ( sizeof ( *certificates ) + len -
                          sizeof ( certificates->type_length ) ) );
        tls_set_uint24 ( &certificates->length, len );
        certificate = &certificates->certificates[0];
        list_for_each_entry ( link, &tls->certs->links, list ) {
                cert = link->cert;
                tls_set_uint24 ( &certificate->length, cert->raw.len );
                memcpy ( certificate->data, cert->raw.data, cert->raw.len );
                certificate = ( ( ( void * ) certificate->data ) +
                                cert->raw.len );
        }

        /* Transmit record */
        rc = tls_send_handshake ( tls, certificates,
                                  ( sizeof ( *certificates ) + len ) );

        /* Free record */
        free ( certificates );

        return rc;
}

References __attribute__, tls_connection::certs, cpu_to_le32, asn1_cursor::data, data, DBGC, ENOMEM_CERTIFICATE, free, htonl, len, asn1_cursor::len, length, link, x509_chain::links, list_for_each_entry, memcpy(), x509_certificate::raw, rc, TLS_CERTIFICATE, tls_send_handshake(), tls_set_uint24(), typeof(), x509_name(), and zalloc().

Referenced by tls_tx_step().

tls_send_client_key_exchange_pubkey()

static int tls_send_client_key_exchange_pubkey ( struct tls_connection *  tls )

static

Transmit Client Key Exchange record using public key exchange.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1310 of file tls.c.

                                                                              {
        struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending;
        struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
        size_t max_len = pubkey_max_len ( pubkey, cipherspec->pubkey_ctx );
        struct {
                uint16_t version;
                uint8_t random[46];
        } __attribute__ (( packed )) pre_master_secret;
        struct {
                uint32_t type_length;
                uint16_t encrypted_pre_master_secret_len;
                uint8_t encrypted_pre_master_secret[max_len];
        } __attribute__ (( packed )) key_xchg;
        size_t unused;
        int len;
        int rc;

        /* Generate pre-master secret */
        pre_master_secret.version = htons ( TLS_VERSION_MAX );
        if ( ( rc = tls_generate_random ( tls, &pre_master_secret.random,
                          ( sizeof ( pre_master_secret.random ) ) ) ) != 0 ) {
                return rc;
        }

        /* Generate master secret */
        tls_generate_master_secret ( tls, &pre_master_secret,
                                     sizeof ( pre_master_secret ) );

        /* Generate keys */
        if ( ( rc = tls_generate_keys ( tls ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not generate keys: %s\n",
                       tls, strerror ( rc ) );
                return rc;
        }

        /* Encrypt pre-master secret using server's public key */
        memset ( &key_xchg, 0, sizeof ( key_xchg ) );
        len = pubkey_encrypt ( pubkey, cipherspec->pubkey_ctx,
                               &pre_master_secret, sizeof ( pre_master_secret ),
                               key_xchg.encrypted_pre_master_secret );
        if ( len < 0 ) {
                rc = len;
                DBGC ( tls, "TLS %p could not encrypt pre-master secret: %s\n",
                       tls, strerror ( rc ) );
                return rc;
        }
        unused = ( max_len - len );
        key_xchg.type_length =
                ( cpu_to_le32 ( TLS_CLIENT_KEY_EXCHANGE ) |
                  htonl ( sizeof ( key_xchg ) -
                          sizeof ( key_xchg.type_length ) - unused ) );
        key_xchg.encrypted_pre_master_secret_len =
                htons ( sizeof ( key_xchg.encrypted_pre_master_secret ) -
                        unused );

        return tls_send_handshake ( tls, &key_xchg,
                                    ( sizeof ( key_xchg ) - unused ) );
}

References __attribute__, cpu_to_le32, DBGC, htonl, htons, len, max_len, memset(), tls_cipher_suite::pubkey, tls_cipherspec::pubkey_ctx, pubkey_encrypt(), pubkey_max_len(), random(), rc, strerror(), tls_cipherspec::suite, TLS_CLIENT_KEY_EXCHANGE, tls_generate_keys(), tls_generate_master_secret(), tls_generate_random(), tls_send_handshake(), TLS_VERSION_MAX, tls_connection::tx_cipherspec_pending, unused, and version.

tls_send_client_key_exchange_dhe()

static int tls_send_client_key_exchange_dhe ( struct tls_connection *  tls )

static

Transmit Client Key Exchange record using DHE key exchange.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1381 of file tls.c.

                                                                           {
        struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending;
        struct pubkey_algorithm *pubkey;
        struct digest_algorithm *digest;
        int use_sig_hash = tls_version ( tls, TLS_VERSION_TLS_1_2 );
        uint8_t private[ sizeof ( tls->client_random.random ) ];
        const struct {
                uint16_t len;
                uint8_t data[0];
        } __attribute__ (( packed )) *dh_val[3];
        const struct {
                struct tls_signature_hash_id sig_hash[use_sig_hash];
                uint16_t signature_len;
                uint8_t signature[0];
        } __attribute__ (( packed )) *sig;
        const void *data;
        size_t remaining;
        size_t frag_len;
        unsigned int i;
        int rc;

        /* Parse ServerKeyExchange */
        data = tls->server_key;
        remaining = tls->server_key_len;
        for ( i = 0 ; i < ( sizeof ( dh_val ) / sizeof ( dh_val[0] ) ) ; i++ ){
                dh_val[i] = data;
                if ( ( sizeof ( *dh_val[i] ) > remaining ) ||
                     ( ntohs ( dh_val[i]->len ) > ( remaining -
                                                    sizeof ( *dh_val[i] ) ) )){
                        DBGC ( tls, "TLS %p received underlength "
                               "ServerKeyExchange\n", tls );
                        DBGC_HDA ( tls, 0, tls->server_key,
                                   tls->server_key_len );
                        rc = -EINVAL_KEY_EXCHANGE;
                        goto err_header;
                }
                frag_len = ( sizeof ( *dh_val[i] ) + ntohs ( dh_val[i]->len ));
                data += frag_len;
                remaining -= frag_len;
        }
        sig = data;
        if ( ( sizeof ( *sig ) > remaining ) ||
             ( ntohs ( sig->signature_len ) > ( remaining -
                                                sizeof ( *sig ) ) ) ) {
                DBGC ( tls, "TLS %p received underlength ServerKeyExchange\n",
                       tls );
                DBGC_HDA ( tls, 0, tls->server_key, tls->server_key_len );
                rc = -EINVAL_KEY_EXCHANGE;
                goto err_header;
        }

        /* Identify signature and hash algorithm */
        if ( use_sig_hash ) {
                pubkey = tls_signature_hash_pubkey ( sig->sig_hash[0] );
                digest = tls_signature_hash_digest ( sig->sig_hash[0] );
                if ( ( ! pubkey ) || ( ! digest ) ) {
                        DBGC ( tls, "TLS %p ServerKeyExchange unsupported "
                               "signature and hash algorithm\n", tls );
                        rc = -ENOTSUP_SIG_HASH;
                        goto err_sig_hash;
                }
                if ( pubkey != cipherspec->suite->pubkey ) {
                        DBGC ( tls, "TLS %p ServerKeyExchange incorrect "
                               "signature algorithm %s (expected %s)\n", tls,
                               pubkey->name, cipherspec->suite->pubkey->name );
                        rc = -EPERM_KEY_EXCHANGE;
                        goto err_sig_hash;
                }
        } else {
                pubkey = cipherspec->suite->pubkey;
                digest = &md5_sha1_algorithm;
        }

        /* Verify signature */
        {
                const void *signature = sig->signature;
                size_t signature_len = ntohs ( sig->signature_len );
                uint8_t ctx[digest->ctxsize];
                uint8_t hash[digest->digestsize];

                /* Calculate digest */
                digest_init ( digest, ctx );
                digest_update ( digest, ctx, &tls->client_random,
                                sizeof ( tls->client_random ) );
                digest_update ( digest, ctx, tls->server_random,
                                sizeof ( tls->server_random ) );
                digest_update ( digest, ctx, tls->server_key,
                                ( tls->server_key_len - remaining ) );
                digest_final ( digest, ctx, hash );

                /* Verify signature */
                if ( ( rc = pubkey_verify ( pubkey, cipherspec->pubkey_ctx,
                                            digest, hash, signature,
                                            signature_len ) ) != 0 ) {
                        DBGC ( tls, "TLS %p ServerKeyExchange failed "
                               "verification\n", tls );
                        DBGC_HDA ( tls, 0, tls->server_key,
                                   tls->server_key_len );
                        rc = -EPERM_KEY_EXCHANGE;
                        goto err_verify;
                }
        }

        /* Generate Diffie-Hellman private key */
        if ( ( rc = tls_generate_random ( tls, private,
                                          sizeof ( private ) ) ) != 0 ) {
                goto err_random;
        }

        /* Construct pre-master secret and ClientKeyExchange record */
        {
                typeof ( dh_val[0] ) dh_p = dh_val[0];
                typeof ( dh_val[1] ) dh_g = dh_val[1];
                typeof ( dh_val[2] ) dh_ys = dh_val[2];
                size_t len = ntohs ( dh_p->len );
                struct {
                        uint32_t type_length;
                        uint16_t dh_xs_len;
                        uint8_t dh_xs[len];
                } __attribute__ (( packed )) *key_xchg;
                struct {
                        uint8_t pre_master_secret[len];
                        typeof ( *key_xchg ) key_xchg;
                } *dynamic;
                uint8_t *pre_master_secret;

                /* Allocate space */
                dynamic = malloc ( sizeof ( *dynamic ) );
                if ( ! dynamic ) {
                        rc = -ENOMEM;
                        goto err_alloc;
                }
                pre_master_secret = dynamic->pre_master_secret;
                key_xchg = &dynamic->key_xchg;
                key_xchg->type_length =
                        ( cpu_to_le32 ( TLS_CLIENT_KEY_EXCHANGE ) |
                          htonl ( sizeof ( *key_xchg ) -
                                  sizeof ( key_xchg->type_length ) ) );
                key_xchg->dh_xs_len = htons ( len );

                /* Calculate pre-master secret and client public value */
                if ( ( rc = dhe_key ( dh_p->data, len,
                                      dh_g->data, ntohs ( dh_g->len ),
                                      dh_ys->data, ntohs ( dh_ys->len ),
                                      private, sizeof ( private ),
                                      key_xchg->dh_xs,
                                      pre_master_secret ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not calculate DHE key: %s\n",
                               tls, strerror ( rc ) );
                        goto err_dhe_key;
                }

                /* Strip leading zeroes from pre-master secret */
                while ( len && ( ! *pre_master_secret ) ) {
                        pre_master_secret++;
                        len--;
                }

                /* Generate master secret */
                tls_generate_master_secret ( tls, pre_master_secret, len );

                /* Generate keys */
                if ( ( rc = tls_generate_keys ( tls ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not generate keys: %s\n",
                               tls, strerror ( rc ) );
                        goto err_generate_keys;
                }

                /* Transmit Client Key Exchange record */
                if ( ( rc = tls_send_handshake ( tls, key_xchg,
                                                 sizeof ( *key_xchg ) ) ) !=0){
                        goto err_send_handshake;
                }

        err_send_handshake:
        err_generate_keys:
        err_dhe_key:
                free ( dynamic );
        }
 err_alloc:
 err_random:
 err_verify:
 err_sig_hash:
 err_header:
        return rc;
}

References __attribute__, tls_connection::client_random, cpu_to_le32, ctx, data, DBGC, DBGC_HDA, dhe_key(), digest, digest_final(), digest_init(), digest_update(), EINVAL_KEY_EXCHANGE, ENOMEM, ENOTSUP_SIG_HASH, EPERM_KEY_EXCHANGE, free, hash, htonl, htons, len, malloc(), md5_sha1_algorithm, pubkey_algorithm::name, ntohs, tls_cipher_suite::pubkey, tls_cipherspec::pubkey_ctx, pubkey_verify(), tls_client_random::random, rc, tls_connection::server_key, tls_connection::server_key_len, tls_connection::server_random, sig, signature, strerror(), tls_cipherspec::suite, TLS_CLIENT_KEY_EXCHANGE, tls_generate_keys(), tls_generate_master_secret(), tls_generate_random(), tls_send_handshake(), tls_signature_hash_digest(), tls_signature_hash_pubkey(), tls_version(), TLS_VERSION_TLS_1_2, tls_connection::tx_cipherspec_pending, and typeof().

tls_send_client_key_exchange()

static int tls_send_client_key_exchange ( struct tls_connection *  tls )

static

Transmit Client Key Exchange record.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1580 of file tls.c.

                                                                       {
        struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending;
        struct tls_cipher_suite *suite = cipherspec->suite;

        /* Transmit Client Key Exchange record via key exchange algorithm */
        return suite->exchange->exchange ( tls );
}

References tls_key_exchange_algorithm::exchange, tls_cipher_suite::exchange, tls_cipherspec::suite, and tls_connection::tx_cipherspec_pending.

Referenced by tls_tx_step().

tls_send_certificate_verify()

static int tls_send_certificate_verify ( struct tls_connection *  tls )

static

Transmit Certificate Verify record.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1594 of file tls.c.

                                                                      {
        struct digest_algorithm *digest = tls->handshake_digest;
        struct x509_certificate *cert = x509_first ( tls->certs );
        struct pubkey_algorithm *pubkey = cert->signature_algorithm->pubkey;
        struct asn1_cursor *key = privkey_cursor ( tls->key );
        uint8_t digest_out[ digest->digestsize ];
        uint8_t ctx[ pubkey->ctxsize ];
        struct tls_signature_hash_algorithm *sig_hash = NULL;
        int rc;

        /* Generate digest to be signed */
        tls_verify_handshake ( tls, digest_out );

        /* Initialise public-key algorithm */
        if ( ( rc = pubkey_init ( pubkey, ctx, key->data, key->len ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not initialise %s client private "
                       "key: %s\n", tls, pubkey->name, strerror ( rc ) );
                goto err_pubkey_init;
        }

        /* TLSv1.2 and later use explicit algorithm identifiers */
        if ( tls_version ( tls, TLS_VERSION_TLS_1_2 ) ) {
                sig_hash = tls_signature_hash_algorithm ( pubkey, digest );
                if ( ! sig_hash ) {
                        DBGC ( tls, "TLS %p could not identify (%s,%s) "
                               "signature and hash algorithm\n", tls,
                               pubkey->name, digest->name );
                        rc = -ENOTSUP_SIG_HASH;
                        goto err_sig_hash;
                }
        }

        /* Generate and transmit record */
        {
                size_t max_len = pubkey_max_len ( pubkey, ctx );
                int use_sig_hash = ( ( sig_hash == NULL ) ? 0 : 1 );
                struct {
                        uint32_t type_length;
                        struct tls_signature_hash_id sig_hash[use_sig_hash];
                        uint16_t signature_len;
                        uint8_t signature[max_len];
                } __attribute__ (( packed )) certificate_verify;
                size_t unused;
                int len;

                /* Sign digest */
                len = pubkey_sign ( pubkey, ctx, digest, digest_out,
                                    certificate_verify.signature );
                if ( len < 0 ) {
                        rc = len;
                        DBGC ( tls, "TLS %p could not sign %s digest using %s "
                               "client private key: %s\n", tls, digest->name,
                               pubkey->name, strerror ( rc ) );
                        goto err_pubkey_sign;
                }
                unused = ( max_len - len );

                /* Construct Certificate Verify record */
                certificate_verify.type_length =
                        ( cpu_to_le32 ( TLS_CERTIFICATE_VERIFY ) |
                          htonl ( sizeof ( certificate_verify ) -
                                  sizeof ( certificate_verify.type_length ) -
                                  unused ) );
                if ( use_sig_hash ) {
                        memcpy ( &certificate_verify.sig_hash[0],
                                 &sig_hash->code,
                                 sizeof ( certificate_verify.sig_hash[0] ) );
                }
                certificate_verify.signature_len =
                        htons ( sizeof ( certificate_verify.signature ) -
                                unused );

                /* Transmit record */
                rc = tls_send_handshake ( tls, &certificate_verify,
                                   ( sizeof ( certificate_verify ) - unused ) );
        }

 err_pubkey_sign:
 err_sig_hash:
        pubkey_final ( pubkey, ctx );
 err_pubkey_init:
        return rc;
}

References __attribute__, tls_connection::certs, tls_signature_hash_algorithm::code, cpu_to_le32, ctx, pubkey_algorithm::ctxsize, DBGC, digest, ENOTSUP_SIG_HASH, tls_connection::handshake_digest, htonl, htons, key, tls_connection::key, len, max_len, memcpy(), pubkey_algorithm::name, NULL, privkey_cursor(), tls_signature_hash_algorithm::pubkey, asn1_algorithm::pubkey, pubkey_final(), pubkey_init(), pubkey_max_len(), pubkey_sign(), rc, signature, x509_certificate::signature_algorithm, strerror(), TLS_CERTIFICATE_VERIFY, tls_send_handshake(), tls_signature_hash_algorithm(), tls_verify_handshake(), tls_version(), TLS_VERSION_TLS_1_2, unused, and x509_first().

Referenced by tls_tx_step().

tls_send_change_cipher()

static int tls_send_change_cipher ( struct tls_connection *  tls )

static

Transmit Change Cipher record.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1684 of file tls.c.

                                                                 {
        static const uint8_t change_cipher[1] = { 1 };
        return tls_send_plaintext ( tls, TLS_TYPE_CHANGE_CIPHER,
                                    change_cipher, sizeof ( change_cipher ) );
}

References tls_send_plaintext(), and TLS_TYPE_CHANGE_CIPHER.

Referenced by tls_tx_step().

tls_send_finished()

static int tls_send_finished ( struct tls_connection *  tls )

static

Transmit Finished record.

Parameters

tls	TLS connection

Return values

rc	Return status code

Definition at line 1696 of file tls.c.

                                                            {
        struct digest_algorithm *digest = tls->handshake_digest;
        struct {
                uint32_t type_length;
                uint8_t verify_data[ sizeof ( tls->verify.client ) ];
        } __attribute__ (( packed )) finished;
        uint8_t digest_out[ digest->digestsize ];
        int rc;

        /* Construct client verification data */
        tls_verify_handshake ( tls, digest_out );
        tls_prf_label ( tls, &tls->master_secret, sizeof ( tls->master_secret ),
                        tls->verify.client, sizeof ( tls->verify.client ),
                        "client finished", digest_out, sizeof ( digest_out ) );

        /* Construct record */
        memset ( &finished, 0, sizeof ( finished ) );
        finished.type_length = ( cpu_to_le32 ( TLS_FINISHED ) |
                                 htonl ( sizeof ( finished ) -
                                         sizeof ( finished.type_length ) ) );
        memcpy ( finished.verify_data, tls->verify.client,
                 sizeof ( finished.verify_data ) );

        /* Transmit record */
        if ( ( rc = tls_send_handshake ( tls, &finished,
                                         sizeof ( finished ) ) ) != 0 )
                return rc;

        /* Mark client as finished */
        pending_put ( &tls->client_negotiation );

        return 0;
}

References __attribute__, tls_verify_data::client, tls_connection::client_negotiation, cpu_to_le32, digest, tls_connection::handshake_digest, htonl, tls_connection::master_secret, memcpy(), memset(), pending_put(), rc, TLS_FINISHED, tls_prf_label, tls_send_handshake(), tls_verify_handshake(), and tls_connection::verify.

Referenced by tls_tx_step().

tls_new_change_cipher()

static int tls_new_change_cipher ( struct tls_connection *  tls, const void *  data, size_t  len  )

static

Receive new Change Cipher record.

Parameters

tls	TLS connection
data	Plaintext record
len	Length of plaintext record

Return values

rc	Return status code

Definition at line 1738 of file tls.c.

                                                                  {
        int rc;

        if ( ( len != 1 ) || ( *( ( uint8_t * ) data ) != 1 ) ) {
                DBGC ( tls, "TLS %p received invalid Change Cipher\n", tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_CHANGE_CIPHER;
        }

        if ( ( rc = tls_change_cipher ( tls, &tls->rx_cipherspec_pending,
                                        &tls->rx_cipherspec ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not activate RX cipher: %s\n",
                       tls, strerror ( rc ) );
                return rc;
        }
        tls->rx_seq = ~( ( uint64_t ) 0 );

        return 0;
}

References data, DBGC, DBGC_HD, EINVAL_CHANGE_CIPHER, len, rc, tls_connection::rx_cipherspec, tls_connection::rx_cipherspec_pending, tls_connection::rx_seq, strerror(), and tls_change_cipher().

Referenced by tls_new_record().

tls_new_alert()

static int tls_new_alert ( struct tls_connection *  tls, const void *  data, size_t  len  )

static

Receive new Alert record.

Parameters

tls	TLS connection
data	Plaintext record
len	Length of plaintext record

Return values

rc	Return status code

Definition at line 1767 of file tls.c.

                                        {
        const struct {
                uint8_t level;
                uint8_t description;
                char next[0];
        } __attribute__ (( packed )) *alert = data;

        /* Sanity check */
        if ( sizeof ( *alert ) != len ) {
                DBGC ( tls, "TLS %p received overlength Alert\n", tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_ALERT;
        }

        switch ( alert->level ) {
        case TLS_ALERT_WARNING:
                DBGC ( tls, "TLS %p received warning alert %d\n",
                       tls, alert->description );
                return 0;
        case TLS_ALERT_FATAL:
                DBGC ( tls, "TLS %p received fatal alert %d\n",
                       tls, alert->description );
                return -EPERM_ALERT;
        default:
                DBGC ( tls, "TLS %p received unknown alert level %d"
                       "(alert %d)\n", tls, alert->level, alert->description );
                return -EIO_ALERT;
        }
}

References __attribute__, alert(), data, DBGC, DBGC_HD, EINVAL_ALERT, EIO_ALERT, EPERM_ALERT, len, next, TLS_ALERT_FATAL, and TLS_ALERT_WARNING.

Referenced by tls_new_record().

tls_new_hello_request()

static int tls_new_hello_request ( struct tls_connection *  tls, const void *data  __unused, size_t len  __unused  )

static

Receive new Hello Request handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 1806 of file tls.c.

                                                         {

        /* Ignore if a handshake is in progress */
        if ( ! tls_ready ( tls ) ) {
                DBGC ( tls, "TLS %p ignoring Hello Request\n", tls );
                return 0;
        }

        /* Fail unless server supports secure renegotiation */
        if ( ! tls->secure_renegotiation ) {
                DBGC ( tls, "TLS %p refusing to renegotiate insecurely\n",
                       tls );
                return -EPERM_RENEG_INSECURE;
        }

        /* Restart negotiation */
        tls_restart ( tls );

        return 0;
}

References DBGC, EPERM_RENEG_INSECURE, tls_connection::secure_renegotiation, tls_ready(), and tls_restart().

Referenced by tls_new_handshake().

tls_new_server_hello()

static int tls_new_server_hello ( struct tls_connection *  tls, const void *  data, size_t  len  )

static

Receive new Server Hello handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 1837 of file tls.c.

                                                                 {
        const struct {
                uint16_t version;
                uint8_t random[32];
                uint8_t session_id_len;
                uint8_t session_id[0];
        } __attribute__ (( packed )) *hello_a = data;
        const uint8_t *session_id;
        const struct {
                uint16_t cipher_suite;
                uint8_t compression_method;
                char next[0];
        } __attribute__ (( packed )) *hello_b;
        const struct {
                uint16_t len;
                uint8_t data[0];
        } __attribute__ (( packed )) *exts;
        const struct {
                uint16_t type;
                uint16_t len;
                uint8_t data[0];
        } __attribute__ (( packed )) *ext;
        const struct {
                uint8_t len;
                uint8_t data[0];
        } __attribute__ (( packed )) *reneg = NULL;
        uint16_t version;
        size_t exts_len;
        size_t ext_len;
        size_t remaining;
        int rc;

        /* Parse header */
        if ( ( sizeof ( *hello_a ) > len ) ||
             ( hello_a->session_id_len > ( len - sizeof ( *hello_a ) ) ) ||
             ( sizeof ( *hello_b ) > ( len - sizeof ( *hello_a ) -
                                       hello_a->session_id_len ) ) ) {
                DBGC ( tls, "TLS %p received underlength Server Hello\n", tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_HELLO;
        }
        session_id = hello_a->session_id;
        hello_b = ( ( void * ) ( session_id + hello_a->session_id_len ) );

        /* Parse extensions, if present */
        remaining = ( len - sizeof ( *hello_a ) - hello_a->session_id_len -
                      sizeof ( *hello_b ) );
        if ( remaining ) {

                /* Parse extensions length */
                exts = ( ( void * ) hello_b->next );
                if ( ( sizeof ( *exts ) > remaining ) ||
                     ( ( exts_len = ntohs ( exts->len ) ) >
                       ( remaining - sizeof ( *exts ) ) ) ) {
                        DBGC ( tls, "TLS %p received underlength extensions\n",
                               tls );
                        DBGC_HD ( tls, data, len );
                        return -EINVAL_HELLO;
                }

                /* Parse extensions */
                for ( ext = ( ( void * ) exts->data ), remaining = exts_len ;
                      remaining ;
                      ext = ( ( ( void * ) ext ) + sizeof ( *ext ) + ext_len ),
                              remaining -= ( sizeof ( *ext ) + ext_len ) ) {

                        /* Parse extension length */
                        if ( ( sizeof ( *ext ) > remaining ) ||
                             ( ( ext_len = ntohs ( ext->len ) ) >
                               ( remaining - sizeof ( *ext ) ) ) ) {
                                DBGC ( tls, "TLS %p received underlength "
                                       "extension\n", tls );
                                DBGC_HD ( tls, data, len );
                                return -EINVAL_HELLO;
                        }

                        /* Record known extensions */
                        switch ( ext->type ) {
                        case htons ( TLS_RENEGOTIATION_INFO ) :
                                reneg = ( ( void * ) ext->data );
                                if ( ( sizeof ( *reneg ) > ext_len ) ||
                                     ( reneg->len >
                                       ( ext_len - sizeof ( *reneg ) ) ) ) {
                                        DBGC ( tls, "TLS %p received "
                                               "underlength renegotiation "
                                               "info\n", tls );
                                        DBGC_HD ( tls, data, len );
                                        return -EINVAL_HELLO;
                                }
                                break;
                        }
                }
        }

        /* Check and store protocol version */
        version = ntohs ( hello_a->version );
        if ( version < TLS_VERSION_MIN ) {
                DBGC ( tls, "TLS %p does not support protocol version %d.%d\n",
                       tls, ( version >> 8 ), ( version & 0xff ) );
                return -ENOTSUP_VERSION;
        }
        if ( version > tls->version ) {
                DBGC ( tls, "TLS %p server attempted to illegally upgrade to "
                       "protocol version %d.%d\n",
                       tls, ( version >> 8 ), ( version & 0xff ) );
                return -EPROTO_VERSION;
        }
        tls->version = version;
        DBGC ( tls, "TLS %p using protocol version %d.%d\n",
               tls, ( version >> 8 ), ( version & 0xff ) );

        /* Select cipher suite */
        if ( ( rc = tls_select_cipher ( tls, hello_b->cipher_suite ) ) != 0 )
                return rc;

        /* Add preceding Client Hello to handshake digest */
        if ( ( rc = tls_client_hello ( tls, tls_add_handshake ) ) != 0 )
                return rc;

        /* Copy out server random bytes */
        memcpy ( &tls->server_random, &hello_a->random,
                 sizeof ( tls->server_random ) );

        /* Check session ID */
        if ( hello_a->session_id_len &&
             ( hello_a->session_id_len == tls->session_id_len ) &&
             ( memcmp ( session_id, tls->session_id,
                        tls->session_id_len ) == 0 ) ) {

                /* Session ID match: reuse master secret */
                DBGC ( tls, "TLS %p resuming session ID:\n", tls );
                DBGC_HDA ( tls, 0, tls->session_id, tls->session_id_len );
                if ( ( rc = tls_generate_keys ( tls ) ) != 0 )
                        return rc;

        } else {

                /* Record new session ID, if present */
                if ( hello_a->session_id_len &&
                     ( hello_a->session_id_len <= sizeof ( tls->session_id ))){
                        tls->session_id_len = hello_a->session_id_len;
                        memcpy ( tls->session_id, session_id,
                                 tls->session_id_len );
                        DBGC ( tls, "TLS %p new session ID:\n", tls );
                        DBGC_HDA ( tls, 0, tls->session_id,
                                   tls->session_id_len );
                }
        }

        /* Handle secure renegotiation */
        if ( tls->secure_renegotiation ) {

                /* Secure renegotiation is expected; verify data */
                if ( ( reneg == NULL ) ||
                     ( reneg->len != sizeof ( tls->verify ) ) ||
                     ( memcmp ( reneg->data, &tls->verify,
                                sizeof ( tls->verify ) ) != 0 ) ) {
                        DBGC ( tls, "TLS %p server failed secure "
                               "renegotiation\n", tls );
                        return -EPERM_RENEG_VERIFY;
                }

        } else if ( reneg != NULL ) {

                /* Secure renegotiation is being enabled */
                if ( reneg->len != 0 ) {
                        DBGC ( tls, "TLS %p server provided non-empty initial "
                               "renegotiation\n", tls );
                        return -EPERM_RENEG_VERIFY;
                }
                tls->secure_renegotiation = 1;
        }

        return 0;
}

References __attribute__, data, DBGC, DBGC_HD, DBGC_HDA, EINVAL_HELLO, ENOTSUP_VERSION, EPERM_RENEG_VERIFY, EPROTO_VERSION, ext, htons, len, memcmp(), memcpy(), next, ntohs, NULL, random(), rc, tls_connection::secure_renegotiation, tls_connection::server_random, tls_connection::session_id, tls_connection::session_id_len, tls_add_handshake(), tls_client_hello(), tls_generate_keys(), TLS_RENEGOTIATION_INFO, tls_select_cipher(), TLS_VERSION_MIN, type, tls_connection::verify, tls_connection::version, and version.

Referenced by tls_new_handshake().

tls_new_session_ticket()

static int tls_new_session_ticket ( struct tls_connection *  tls, const void *  data, size_t  len  )

static

Receive New Session Ticket handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2022 of file tls.c.

                                                                   {
        const struct {
                uint32_t lifetime;
                uint16_t len;
                uint8_t ticket[0];
        } __attribute__ (( packed )) *new_session_ticket = data;
        size_t ticket_len;

        /* Parse header */
        if ( sizeof ( *new_session_ticket ) > len ) {
                DBGC ( tls, "TLS %p received underlength New Session Ticket\n",
                       tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_TICKET;
        }
        ticket_len = ntohs ( new_session_ticket->len );
        if ( ticket_len > ( len - sizeof ( *new_session_ticket ) ) ) {
                DBGC ( tls, "TLS %p received overlength New Session Ticket\n",
                       tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_TICKET;
        }

        /* Free any unapplied new session ticket */
        free ( tls->new_session_ticket );
        tls->new_session_ticket = NULL;
        tls->new_session_ticket_len = 0;

        /* Record ticket */
        tls->new_session_ticket = malloc ( ticket_len );
        if ( ! tls->new_session_ticket )
                return -ENOMEM;
        memcpy ( tls->new_session_ticket, new_session_ticket->ticket,
                 ticket_len );
        tls->new_session_ticket_len = ticket_len;
        DBGC ( tls, "TLS %p new session ticket:\n", tls );
        DBGC_HDA ( tls, 0, tls->new_session_ticket,
                   tls->new_session_ticket_len );

        return 0;
}

References __attribute__, data, DBGC, DBGC_HD, DBGC_HDA, EINVAL_TICKET, ENOMEM, free, len, lifetime, malloc(), memcpy(), tls_connection::new_session_ticket, tls_connection::new_session_ticket_len, ntohs, and NULL.

Referenced by tls_new_handshake().

tls_parse_chain()

static int tls_parse_chain ( struct tls_connection *  tls, const void *  data, size_t  len  )

static

Parse certificate chain.

Parameters

tls	TLS connection
data	Certificate chain
len	Length of certificate chain

Return values

rc	Return status code

Definition at line 2073 of file tls.c.

                                                            {
        size_t remaining = len;
        int rc;

        /* Free any existing certificate chain */
        x509_chain_put ( tls->chain );
        tls->chain = NULL;

        /* Create certificate chain */
        tls->chain = x509_alloc_chain();
        if ( ! tls->chain ) {
                rc = -ENOMEM_CHAIN;
                goto err_alloc_chain;
        }

        /* Add certificates to chain */
        while ( remaining ) {
                const struct {
                        tls24_t length;
                        uint8_t data[0];
                } __attribute__ (( packed )) *certificate = data;
                size_t certificate_len;
                size_t record_len;
                struct x509_certificate *cert;

                /* Parse header */
                if ( sizeof ( *certificate ) > remaining ) {
                        DBGC ( tls, "TLS %p underlength certificate:\n", tls );
                        DBGC_HDA ( tls, 0, data, remaining );
                        rc = -EINVAL_CERTIFICATE;
                        goto err_underlength;
                }
                certificate_len = tls_uint24 ( &certificate->length );
                if ( certificate_len > ( remaining - sizeof ( *certificate ) )){
                        DBGC ( tls, "TLS %p overlength certificate:\n", tls );
                        DBGC_HDA ( tls, 0, data, remaining );
                        rc = -EINVAL_CERTIFICATE;
                        goto err_overlength;
                }
                record_len = ( sizeof ( *certificate ) + certificate_len );

                /* Add certificate to chain */
                if ( ( rc = x509_append_raw ( tls->chain, certificate->data,
                                              certificate_len ) ) != 0 ) {
                        DBGC ( tls, "TLS %p could not append certificate: %s\n",
                               tls, strerror ( rc ) );
                        DBGC_HDA ( tls, 0, data, remaining );
                        goto err_parse;
                }
                cert = x509_last ( tls->chain );
                DBGC ( tls, "TLS %p found certificate %s\n",
                       tls, x509_name ( cert ) );

                /* Move to next certificate in list */
                data += record_len;
                remaining -= record_len;
        }

        return 0;

 err_parse:
 err_overlength:
 err_underlength:
        x509_chain_put ( tls->chain );
        tls->chain = NULL;
 err_alloc_chain:
        return rc;
}

References __attribute__, tls_connection::chain, data, DBGC, DBGC_HDA, EINVAL_CERTIFICATE, ENOMEM_CHAIN, len, length, NULL, rc, strerror(), tls_uint24(), x509_alloc_chain(), x509_append_raw(), x509_chain_put(), x509_last(), and x509_name().

Referenced by tls_new_certificate().

tls_new_certificate()

static int tls_new_certificate ( struct tls_connection *  tls, const void *  data, size_t  len  )

static

Receive new Certificate handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2151 of file tls.c.

                                                                {
        const struct {
                tls24_t length;
                uint8_t certificates[0];
        } __attribute__ (( packed )) *certificate = data;
        size_t certificates_len;
        int rc;

        /* Parse header */
        if ( sizeof ( *certificate ) > len ) {
                DBGC ( tls, "TLS %p received underlength Server Certificate\n",
                       tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_CERTIFICATES;
        }
        certificates_len = tls_uint24 ( &certificate->length );
        if ( certificates_len > ( len - sizeof ( *certificate ) ) ) {
                DBGC ( tls, "TLS %p received overlength Server Certificate\n",
                       tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_CERTIFICATES;
        }

        /* Parse certificate chain */
        if ( ( rc = tls_parse_chain ( tls, certificate->certificates,
                                      certificates_len ) ) != 0 )
                return rc;

        return 0;
}

References __attribute__, data, DBGC, DBGC_HD, EINVAL_CERTIFICATES, len, length, rc, tls_parse_chain(), and tls_uint24().

Referenced by tls_new_handshake().

tls_new_server_key_exchange()

static int tls_new_server_key_exchange ( struct tls_connection *  tls, const void *  data, size_t  len  )

static

Receive new Server Key Exchange handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2191 of file tls.c.

                                                                        {

        /* Free any existing server key exchange record */
        free ( tls->server_key );
        tls->server_key_len = 0;

        /* Allocate copy of server key exchange record */
        tls->server_key = malloc ( len );
        if ( ! tls->server_key )
                return -ENOMEM;

        /* Store copy of server key exchange record for later
         * processing.  We cannot verify the signature at this point
         * since the certificate validation will not yet have
         * completed.
         */
        memcpy ( tls->server_key, data, len );
        tls->server_key_len = len;

        return 0;
}

References data, ENOMEM, free, len, malloc(), memcpy(), tls_connection::server_key, and tls_connection::server_key_len.

Referenced by tls_new_handshake().

tls_new_certificate_request()

static int tls_new_certificate_request ( struct tls_connection *  tls, const void *data  __unused, size_t len  __unused  )

static

Receive new Certificate Request handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2222 of file tls.c.

                                                               {
        struct x509_certificate *cert;
        int rc;

        /* We can only send a single certificate, so there is no point
         * in parsing the Certificate Request.
         */

        /* Free any existing client certificate chain */
        x509_chain_put ( tls->certs );
        tls->certs = NULL;

        /* Determine client certificate to be sent */
        cert = certstore_find_key ( tls->key );
        if ( ! cert ) {
                DBGC ( tls, "TLS %p could not find certificate corresponding "
                       "to private key\n", tls );
                rc = -EPERM_CLIENT_CERT;
                goto err_find;
        }
        x509_get ( cert );
        DBGC ( tls, "TLS %p selected client certificate %s\n",
               tls, x509_name ( cert ) );

        /* Create client certificate chain */
        tls->certs = x509_alloc_chain();
        if ( ! tls->certs ) {
                rc = -ENOMEM;
                goto err_alloc;
        }

        /* Append client certificate to chain */
        if ( ( rc = x509_append ( tls->certs, cert ) ) != 0 )
                goto err_append;

        /* Append any relevant issuer certificates */
        if ( ( rc = x509_auto_append ( tls->certs, &certstore ) ) != 0 )
                goto err_auto_append;

        /* Drop local reference to client certificate */
        x509_put ( cert );

        return 0;

 err_auto_append:
 err_append:
        x509_chain_put ( tls->certs );
        tls->certs = NULL;
 err_alloc:
        x509_put ( cert );
 err_find:
        return rc;
}

References tls_connection::certs, certstore, certstore_find_key(), DBGC, ENOMEM, EPERM_CLIENT_CERT, tls_connection::key, NULL, rc, x509_alloc_chain(), x509_append(), x509_auto_append(), x509_chain_put(), x509_get(), x509_name(), and x509_put().

Referenced by tls_new_handshake().

tls_new_server_hello_done()

static int tls_new_server_hello_done ( struct tls_connection *  tls, const void *  data, size_t  len  )

static

Receive new Server Hello Done handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2286 of file tls.c.

                                                                      {
        const struct {
                char next[0];
        } __attribute__ (( packed )) *hello_done = data;
        int rc;

        /* Sanity check */
        if ( sizeof ( *hello_done ) != len ) {
                DBGC ( tls, "TLS %p received overlength Server Hello Done\n",
                       tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_HELLO_DONE;
        }

        /* Begin certificate validation */
        if ( ( rc = create_validator ( &tls->validator, tls->chain,
                                       tls->root ) ) != 0 ) {
                DBGC ( tls, "TLS %p could not start certificate validation: "
                       "%s\n", tls, strerror ( rc ) );
                return rc;
        }
        pending_get ( &tls->validation );

        return 0;
}

References __attribute__, tls_connection::chain, create_validator(), data, DBGC, DBGC_HD, EINVAL_HELLO_DONE, len, next, pending_get(), rc, tls_connection::root, strerror(), tls_connection::validation, and tls_connection::validator.

Referenced by tls_new_handshake().

tls_new_finished()

static int tls_new_finished ( struct tls_connection *  tls, const void *  data, size_t  len  )

static

Receive new Finished handshake record.

Parameters

tls	TLS connection
data	Plaintext handshake record
len	Length of plaintext handshake record

Return values

rc	Return status code

Definition at line 2321 of file tls.c.

                                                             {
        struct tls_session *session = tls->session;
        struct digest_algorithm *digest = tls->handshake_digest;
        const struct {
                uint8_t verify_data[ sizeof ( tls->verify.server ) ];
                char next[0];
        } __attribute__ (( packed )) *finished = data;
        uint8_t digest_out[ digest->digestsize ];

        /* Sanity check */
        if ( sizeof ( *finished ) != len ) {
                DBGC ( tls, "TLS %p received overlength Finished\n", tls );
                DBGC_HD ( tls, data, len );
                return -EINVAL_FINISHED;
        }

        /* Verify data */
        tls_verify_handshake ( tls, digest_out );
        tls_prf_label ( tls, &tls->master_secret, sizeof ( tls->master_secret ),
                        tls->verify.server, sizeof ( tls->verify.server ),
                        "server finished", digest_out, sizeof ( digest_out ) );
        if ( memcmp ( tls->verify.server, finished->verify_data,
                      sizeof ( tls->verify.server ) ) != 0 ) {
                DBGC ( tls, "TLS %p verification failed\n", tls );
                return -EPERM_VERIFY;
        }

        /* Mark server as finished */
        pending_put ( &tls->server_negotiation );

        /* If we are resuming a session (i.e. if the server Finished
         * arrives before the client Finished is sent), then schedule
         * transmission of Change Cipher and Finished.
         */
        if ( is_pending ( &tls->client_negotiation ) ) {
                tls->tx_pending |= ( TLS_TX_CHANGE_CIPHER | TLS_TX_FINISHED );
                tls_tx_resume ( tls );
        }

        /* Record session ID, ticket, and master secret, if applicable */
        if ( tls->session_id_len || tls->new_session_ticket_len ) {
                memcpy ( session->master_secret, tls->master_secret,
                         sizeof ( session->master_secret ) );
        }
        if ( tls->session_id_len ) {
                session->id_len = tls->session_id_len;
                memcpy ( session->id, tls->session_id, sizeof ( session->id ) );
        }
        if ( tls->new_session_ticket_len ) {
                free ( session->ticket );
                session->ticket = tls->new_session_ticket;
                session->ticket_len = tls->new_session_ticket_len;
                tls->new_session_ticket = NULL;
                tls->new_session_ticket_len = 0;
        }

        /* Move to end of session's connection list and allow other
         * connections to start making progress.
         */
        list_del ( &tls->list );
        list_add_tail ( &tls->list, &session->conn );
        tls_tx_resume_all ( session );

        /* Send notification of a window change */
        xfer_window_changed ( &tls->plainstream );

        return 0;
}

References __attribute__, tls_connection::client_negotiation, data, DBGC, DBGC_HD, digest, EINVAL_FINISHED, EPERM_VERIFY, free, tls_connection::handshake_digest, is_pending(), len, tls_connection::list, list_add_tail, list_del, tls_connection::master_secret, memcmp(), memcpy(), tls_connection::new_session_ticket, tls_connection::new_session_ticket_len, next, NULL, pending_put(), tls_connection::plainstream, tls_verify_data::server, tls_connection::server_negotiation, session, tls_connection::session, tls_connection::session_id, tls_connection::session_id_len, tls_prf_label, TLS_TX_CHANGE_CIPHER, TLS_TX_FINISHED, tls_tx_resume(), tls_tx_resume_all(), tls_verify_handshake(), tls_connection::tx_pending, tls_connection::verify, and xfer_window_changed().

Referenced by tls_new_handshake().

tls_new_handshake()

static int tls_new_handshake ( struct tls_connection *  tls, const void *  data, size_t  len  )

static

Receive new Handshake record.

Parameters

tls	TLS connection
data	Plaintext record
len	Length of plaintext record

Return values

rc	Return status code

Definition at line 2399 of file tls.c.

                                                              {
        size_t remaining = len;
        int rc;

        while ( remaining ) {
                const struct {
                        uint8_t type;
                        tls24_t length;
                        uint8_t payload[0];
                } __attribute__ (( packed )) *handshake = data;
                const void *payload;
                size_t payload_len;
                size_t record_len;

                /* Parse header */
                if ( sizeof ( *handshake ) > remaining ) {
                        DBGC ( tls, "TLS %p received underlength Handshake\n",
                               tls );
                        DBGC_HD ( tls, data, remaining );
                        return -EINVAL_HANDSHAKE;
                }
                payload_len = tls_uint24 ( &handshake->length );
                if ( payload_len > ( remaining - sizeof ( *handshake ) ) ) {
                        DBGC ( tls, "TLS %p received overlength Handshake\n",
                               tls );
                        DBGC_HD ( tls, data, len );
                        return -EINVAL_HANDSHAKE;
                }
                payload = &handshake->payload;
                record_len = ( sizeof ( *handshake ) + payload_len );

                /* Handle payload */
                switch ( handshake->type ) {
                case TLS_HELLO_REQUEST:
                        rc = tls_new_hello_request ( tls, payload,
                                                     payload_len );
                        break;
                case TLS_SERVER_HELLO:
                        rc = tls_new_server_hello ( tls, payload, payload_len );
                        break;
                case TLS_NEW_SESSION_TICKET:
                        rc = tls_new_session_ticket ( tls, payload,
                                                      payload_len );
                        break;
                case TLS_CERTIFICATE:
                        rc = tls_new_certificate ( tls, payload, payload_len );
                        break;
                case TLS_SERVER_KEY_EXCHANGE:
                        rc = tls_new_server_key_exchange ( tls, payload,
                                                           payload_len );
                        break;
                case TLS_CERTIFICATE_REQUEST:
                        rc = tls_new_certificate_request ( tls, payload,
                                                           payload_len );
                        break;
                case TLS_SERVER_HELLO_DONE:
                        rc = tls_new_server_hello_done ( tls, payload,
                                                         payload_len );
                        break;
                case TLS_FINISHED:
                        rc = tls_new_finished ( tls, payload, payload_len );
                        break;
                default:
                        DBGC ( tls, "TLS %p ignoring handshake type %d\n",
                               tls, handshake->type );