57 #define EINVAL_CHANGE_CIPHER __einfo_error ( EINFO_EINVAL_CHANGE_CIPHER ) 58 #define EINFO_EINVAL_CHANGE_CIPHER \ 59 __einfo_uniqify ( EINFO_EINVAL, 0x01, \ 60 "Invalid Change Cipher record" ) 61 #define EINVAL_ALERT __einfo_error ( EINFO_EINVAL_ALERT ) 62 #define EINFO_EINVAL_ALERT \ 63 __einfo_uniqify ( EINFO_EINVAL, 0x02, \ 64 "Invalid Alert record" ) 65 #define EINVAL_HELLO __einfo_error ( EINFO_EINVAL_HELLO ) 66 #define EINFO_EINVAL_HELLO \ 67 __einfo_uniqify ( EINFO_EINVAL, 0x03, \ 68 "Invalid Server Hello record" ) 69 #define EINVAL_CERTIFICATE __einfo_error ( EINFO_EINVAL_CERTIFICATE ) 70 #define EINFO_EINVAL_CERTIFICATE \ 71 __einfo_uniqify ( EINFO_EINVAL, 0x04, \ 72 "Invalid Certificate" ) 73 #define EINVAL_CERTIFICATES __einfo_error ( EINFO_EINVAL_CERTIFICATES ) 74 #define EINFO_EINVAL_CERTIFICATES \ 75 __einfo_uniqify ( EINFO_EINVAL, 0x05, \ 76 "Invalid Server Certificate record" ) 77 #define EINVAL_HELLO_DONE __einfo_error ( EINFO_EINVAL_HELLO_DONE ) 78 #define EINFO_EINVAL_HELLO_DONE \ 79 __einfo_uniqify ( EINFO_EINVAL, 0x06, \ 80 "Invalid Server Hello Done record" ) 81 #define EINVAL_FINISHED __einfo_error ( EINFO_EINVAL_FINISHED ) 82 #define EINFO_EINVAL_FINISHED \ 83 __einfo_uniqify ( EINFO_EINVAL, 0x07, \ 84 "Invalid Server Finished record" ) 85 #define EINVAL_HANDSHAKE __einfo_error ( EINFO_EINVAL_HANDSHAKE ) 86 #define EINFO_EINVAL_HANDSHAKE \ 87 __einfo_uniqify ( EINFO_EINVAL, 0x08, \ 88 "Invalid Handshake record" ) 89 #define EINVAL_IV __einfo_error ( EINFO_EINVAL_IV ) 90 #define EINFO_EINVAL_IV \ 91 __einfo_uniqify ( EINFO_EINVAL, 0x0a, \ 92 "Invalid initialisation vector" ) 93 #define EINVAL_PADDING __einfo_error ( EINFO_EINVAL_PADDING ) 94 #define EINFO_EINVAL_PADDING \ 95 __einfo_uniqify ( EINFO_EINVAL, 0x0b, \ 96 "Invalid block padding" ) 97 #define EINVAL_RX_STATE __einfo_error ( EINFO_EINVAL_RX_STATE ) 98 #define EINFO_EINVAL_RX_STATE \ 99 __einfo_uniqify ( EINFO_EINVAL, 0x0c, \ 100 "Invalid receive state" ) 101 #define EINVAL_MAC __einfo_error ( EINFO_EINVAL_MAC ) 102 #define EINFO_EINVAL_MAC \ 103 __einfo_uniqify ( EINFO_EINVAL, 0x0d, \ 104 "Invalid MAC or authentication tag" ) 105 #define EINVAL_TICKET __einfo_error ( EINFO_EINVAL_TICKET ) 106 #define EINFO_EINVAL_TICKET \ 107 __einfo_uniqify ( EINFO_EINVAL, 0x0e, \ 108 "Invalid New Session Ticket record") 109 #define EINVAL_KEY_EXCHANGE __einfo_error ( EINFO_EINVAL_KEY_EXCHANGE ) 110 #define EINFO_EINVAL_KEY_EXCHANGE \ 111 __einfo_uniqify ( EINFO_EINVAL, 0x0f, \ 112 "Invalid Server Key Exchange record" ) 113 #define EIO_ALERT __einfo_error ( EINFO_EIO_ALERT ) 114 #define EINFO_EIO_ALERT \ 115 __einfo_uniqify ( EINFO_EIO, 0x01, \ 116 "Unknown alert level" ) 117 #define ENOMEM_CONTEXT __einfo_error ( EINFO_ENOMEM_CONTEXT ) 118 #define EINFO_ENOMEM_CONTEXT \ 119 __einfo_uniqify ( EINFO_ENOMEM, 0x01, \ 120 "Not enough space for crypto context" ) 121 #define ENOMEM_CERTIFICATE __einfo_error ( EINFO_ENOMEM_CERTIFICATE ) 122 #define EINFO_ENOMEM_CERTIFICATE \ 123 __einfo_uniqify ( EINFO_ENOMEM, 0x02, \ 124 "Not enough space for certificate" ) 125 #define ENOMEM_CHAIN __einfo_error ( EINFO_ENOMEM_CHAIN ) 126 #define EINFO_ENOMEM_CHAIN \ 127 __einfo_uniqify ( EINFO_ENOMEM, 0x03, \ 128 "Not enough space for certificate chain" ) 129 #define ENOMEM_TX_PLAINTEXT __einfo_error ( EINFO_ENOMEM_TX_PLAINTEXT ) 130 #define EINFO_ENOMEM_TX_PLAINTEXT \ 131 __einfo_uniqify ( EINFO_ENOMEM, 0x04, \ 132 "Not enough space for transmitted plaintext" ) 133 #define ENOMEM_TX_CIPHERTEXT __einfo_error ( EINFO_ENOMEM_TX_CIPHERTEXT ) 134 #define EINFO_ENOMEM_TX_CIPHERTEXT \ 135 __einfo_uniqify ( EINFO_ENOMEM, 0x05, \ 136 "Not enough space for transmitted ciphertext" ) 137 #define ENOMEM_RX_DATA __einfo_error ( EINFO_ENOMEM_RX_DATA ) 138 #define EINFO_ENOMEM_RX_DATA \ 139 __einfo_uniqify ( EINFO_ENOMEM, 0x07, \ 140 "Not enough space for received data" ) 141 #define ENOMEM_RX_CONCAT __einfo_error ( EINFO_ENOMEM_RX_CONCAT ) 142 #define EINFO_ENOMEM_RX_CONCAT \ 143 __einfo_uniqify ( EINFO_ENOMEM, 0x08, \ 144 "Not enough space to concatenate received data" ) 145 #define ENOTSUP_CIPHER __einfo_error ( EINFO_ENOTSUP_CIPHER ) 146 #define EINFO_ENOTSUP_CIPHER \ 147 __einfo_uniqify ( EINFO_ENOTSUP, 0x01, \ 148 "Unsupported cipher" ) 149 #define ENOTSUP_NULL __einfo_error ( EINFO_ENOTSUP_NULL ) 150 #define EINFO_ENOTSUP_NULL \ 151 __einfo_uniqify ( EINFO_ENOTSUP, 0x02, \ 152 "Refusing to use null cipher" ) 153 #define ENOTSUP_SIG_HASH __einfo_error ( EINFO_ENOTSUP_SIG_HASH ) 154 #define EINFO_ENOTSUP_SIG_HASH \ 155 __einfo_uniqify ( EINFO_ENOTSUP, 0x03, \ 156 "Unsupported signature and hash algorithm" ) 157 #define ENOTSUP_VERSION __einfo_error ( EINFO_ENOTSUP_VERSION ) 158 #define EINFO_ENOTSUP_VERSION \ 159 __einfo_uniqify ( EINFO_ENOTSUP, 0x04, \ 160 "Unsupported protocol version" ) 161 #define ENOTSUP_CURVE __einfo_error ( EINFO_ENOTSUP_CURVE ) 162 #define EINFO_ENOTSUP_CURVE \ 163 __einfo_uniqify ( EINFO_ENOTSUP, 0x05, \ 164 "Unsupported elliptic curve" ) 165 #define EPERM_ALERT __einfo_error ( EINFO_EPERM_ALERT ) 166 #define EINFO_EPERM_ALERT \ 167 __einfo_uniqify ( EINFO_EPERM, 0x01, \ 168 "Received fatal alert" ) 169 #define EPERM_VERIFY __einfo_error ( EINFO_EPERM_VERIFY ) 170 #define EINFO_EPERM_VERIFY \ 171 __einfo_uniqify ( EINFO_EPERM, 0x02, \ 172 "Handshake verification failed" ) 173 #define EPERM_CLIENT_CERT __einfo_error ( EINFO_EPERM_CLIENT_CERT ) 174 #define EINFO_EPERM_CLIENT_CERT \ 175 __einfo_uniqify ( EINFO_EPERM, 0x03, \ 176 "No suitable client certificate available" ) 177 #define EPERM_RENEG_INSECURE __einfo_error ( EINFO_EPERM_RENEG_INSECURE ) 178 #define EINFO_EPERM_RENEG_INSECURE \ 179 __einfo_uniqify ( EINFO_EPERM, 0x04, \ 180 "Secure renegotiation not supported" ) 181 #define EPERM_RENEG_VERIFY __einfo_error ( EINFO_EPERM_RENEG_VERIFY ) 182 #define EINFO_EPERM_RENEG_VERIFY \ 183 __einfo_uniqify ( EINFO_EPERM, 0x05, \ 184 "Secure renegotiation verification failed" ) 185 #define EPERM_KEY_EXCHANGE __einfo_error ( EINFO_EPERM_KEY_EXCHANGE ) 186 #define EINFO_EPERM_KEY_EXCHANGE \ 187 __einfo_uniqify ( EINFO_EPERM, 0x06, \ 188 "ServerKeyExchange verification failed" ) 189 #define EPROTO_VERSION __einfo_error ( EINFO_EPROTO_VERSION ) 190 #define EINFO_EPROTO_VERSION \ 191 __einfo_uniqify ( EINFO_EPROTO, 0x01, \ 192 "Illegal protocol version upgrade" ) 199 const void *
data,
size_t len );
229 static inline __attribute__ (( always_inline ))
unsigned long 461 DBGC ( tls,
"TLS %p could not generate random data: %s\n",
481 while ( (
data =
va_arg ( args,
void * ) ) ) {
500 const void *secret,
size_t secret_len,
501 void *
out,
size_t out_len,
511 DBGC2_HD ( tls, secret, secret_len );
527 memcpy ( ctx_partial,
ctx,
sizeof ( ctx_partial ) );
534 if ( frag_len > out_len )
561 size_t secret_len,
void *
out,
size_t out_len, ... ) {
564 size_t subsecret_len;
565 const void *md5_secret;
566 const void *sha1_secret;
575 out, out_len, seeds );
582 subsecret_len = ( ( secret_len + 1 ) / 2 );
584 sha1_secret = ( secret + secret_len - subsecret_len );
589 subsecret_len,
out, out_len, seeds );
595 subsecret_len, buf, out_len, seeds );
599 for ( i = 0 ; i < out_len ; i++ )
616 #define tls_prf_label( tls, secret, secret_len, out, out_len, label, ... ) \ 617 tls_prf ( (tls), (secret), (secret_len), (out), (out_len), \ 618 label, ( sizeof ( label ) - 1 ), __VA_ARGS__, NULL ) 637 const void *pre_master_secret,
638 size_t pre_master_secret_len ) {
640 DBGC ( tls,
"TLS %p pre-master-secret:\n", tls );
641 DBGC_HD ( tls, pre_master_secret, pre_master_secret_len );
642 DBGC ( tls,
"TLS %p client random bytes:\n", tls );
644 DBGC ( tls,
"TLS %p server random bytes:\n", tls );
647 tls_prf_label ( tls, pre_master_secret, pre_master_secret_len,
653 DBGC ( tls,
"TLS %p generated master secret:\n", tls );
670 size_t total = ( 2 * ( hash_size + key_size + iv_size ) );
677 key_block, sizeof ( key_block ),
"key expansion",
686 DBGC ( tls,
"TLS %p TX MAC secret:\n", tls );
692 DBGC ( tls,
"TLS %p RX MAC secret:\n", tls );
699 key, key_size ) ) != 0 ) {
700 DBGC ( tls,
"TLS %p could not set TX key: %s\n",
704 DBGC ( tls,
"TLS %p TX key:\n", tls );
711 key, key_size ) ) != 0 ) {
712 DBGC ( tls,
"TLS %p could not set TX key: %s\n",
716 DBGC ( tls,
"TLS %p RX key:\n", tls );
722 DBGC ( tls,
"TLS %p TX IV:\n", tls );
728 DBGC ( tls,
"TLS %p RX IV:\n", tls );
791 const void *
data,
size_t len ) {
830 #define TLS_NUM_CIPHER_SUITES table_num_entries ( TLS_CIPHER_SUITES ) 844 if ( suite->
code == cipher_suite )
859 if ( cipherspec->
suite ) {
864 memset ( cipherspec, 0,
sizeof ( *cipherspec ) );
890 dynamic =
zalloc ( total );
892 DBGC ( tls,
"TLS %p could not allocate %zd bytes for crypto " 893 "context\n", tls, total );
906 cipherspec->
suite = suite;
919 unsigned int cipher_suite ) {
927 DBGC ( tls,
"TLS %p does not support cipher %04x\n",
928 tls,
ntohs ( cipher_suite ) );
946 DBGC ( tls,
"TLS %p selected %s-%s-%s-%d-%s\n", tls,
968 DBGC ( tls,
"TLS %p refusing to use null cipher\n", tls );
985 #define TLS_NUM_SIG_HASH_ALGORITHMS \ 986 table_num_entries ( TLS_SIG_HASH_ALGORITHMS ) 1057 #define TLS_NUM_NAMED_CURVES table_num_entries ( TLS_NAMED_CURVES ) 1071 if (
curve->code == named_curve )
1135 const void *
data,
size_t len ) {
1210 typeof ( *server_name_ext ) server_name;
1211 typeof ( *max_fragment_length_ext ) max_fragment_length;
1212 typeof ( *signature_algorithms_ext ) signature_algorithms;
1213 typeof ( *renegotiation_info_ext ) renegotiation_info;
1214 typeof ( *session_ticket_ext ) session_ticket;
1215 typeof ( *named_curve_ext )
1226 uint8_t compression_methods_len;
1227 uint8_t compression_methods[1];
1229 typeof ( *extensions ) extensions;
1240 sizeof (
hello.type_length ) ) );
1245 sizeof (
hello.session_id ) );
1249 hello.compression_methods_len =
sizeof (
hello.compression_methods );
1251 extensions = &
hello.extensions;
1254 server_name_ext = &extensions->server_name;
1256 server_name_ext->len =
htons (
sizeof ( server_name_ext->data ) );
1257 server_name_ext->data.len
1258 =
htons (
sizeof ( server_name_ext->data.list ) );
1260 server_name_ext->data.list[0].len
1261 =
htons (
sizeof ( server_name_ext->data.list[0].name ) );
1263 sizeof ( server_name_ext->data.list[0].name ) );
1266 max_fragment_length_ext = &extensions->max_fragment_length;
1268 max_fragment_length_ext->len
1269 =
htons (
sizeof ( max_fragment_length_ext->data ) );
1273 signature_algorithms_ext = &extensions->signature_algorithms;
1275 signature_algorithms_ext->len
1276 =
htons (
sizeof ( signature_algorithms_ext->data ) );
1277 signature_algorithms_ext->data.len
1278 =
htons (
sizeof ( signature_algorithms_ext->data.code ) );
1280 signature_algorithms_ext->data.code[i++] = sighash->
code;
1283 renegotiation_info_ext = &extensions->renegotiation_info;
1285 renegotiation_info_ext->len
1286 =
htons (
sizeof ( renegotiation_info_ext->data ) );
1287 renegotiation_info_ext->data.len
1288 =
sizeof ( renegotiation_info_ext->data.data );
1290 sizeof ( renegotiation_info_ext->data.data ) );
1293 session_ticket_ext = &extensions->session_ticket;
1295 session_ticket_ext->len
1296 =
htons (
sizeof ( session_ticket_ext->data ) );
1298 sizeof ( session_ticket_ext->data.data ) );
1301 if (
sizeof ( extensions->named_curve ) ) {
1302 named_curve_ext = &extensions->named_curve[0];
1304 named_curve_ext->len
1305 =
htons (
sizeof ( named_curve_ext->data ) );
1306 named_curve_ext->data.len
1307 =
htons (
sizeof ( named_curve_ext->data.code ) );
1309 named_curve_ext->data.code[i++] =
curve->code;
1312 return action ( tls, &
hello,
sizeof (
hello ) );
1340 typeof ( *certificate ) certificates[0];
1351 len += (
sizeof ( *certificate ) + cert->
raw.
len );
1352 DBGC ( tls,
"TLS %p sending client certificate %s\n",
1359 certificates =
zalloc (
sizeof ( *certificates ) +
len );
1360 if ( ! certificates )
1364 certificates->type_length =
1366 htonl (
sizeof ( *certificates ) +
len -
1367 sizeof ( certificates->type_length ) ) );
1369 certificate = &certificates->certificates[0];
1374 certificate = ( ( (
void * ) certificate->data ) +
1380 (
sizeof ( *certificates ) +
len ) );
1383 free ( certificates );
1404 uint16_t encrypted_pre_master_secret_len;
1414 ( sizeof ( pre_master_secret.random ) ) ) ) != 0 ) {
1420 sizeof ( pre_master_secret ) );
1423 memset ( &key_xchg, 0,
sizeof ( key_xchg ) );
1425 &pre_master_secret, sizeof ( pre_master_secret ),
1426 key_xchg.encrypted_pre_master_secret );
1429 DBGC ( tls,
"TLS %p could not encrypt pre-master secret: %s\n",
1434 key_xchg.type_length =
1436 htonl (
sizeof ( key_xchg ) -
1437 sizeof ( key_xchg.type_length ) -
unused ) );
1438 key_xchg.encrypted_pre_master_secret_len =
1439 htons (
sizeof ( key_xchg.encrypted_pre_master_secret ) -
1443 (
sizeof ( key_xchg ) -
unused ) );
1460 size_t param_len ) {
1475 assert ( param_len <= tls->server_key_len );
1481 if ( (
sizeof ( *
sig ) > remaining ) ||
1482 (
ntohs (
sig->signature_len ) > ( remaining -
1483 sizeof ( *sig ) ) ) ) {
1484 DBGC ( tls,
"TLS %p received underlength ServerKeyExchange\n",
1491 if ( use_sig_hash ) {
1494 if ( ( ! pubkey ) || ( !
digest ) ) {
1495 DBGC ( tls,
"TLS %p ServerKeyExchange unsupported " 1496 "signature and hash algorithm\n", tls );
1500 DBGC ( tls,
"TLS %p ServerKeyExchange incorrect " 1501 "signature algorithm %s (expected %s)\n", tls,
1527 if ( (
rc = pubkey_verify ( pubkey, cipherspec->
pubkey_ctx,
1530 DBGC ( tls,
"TLS %p ServerKeyExchange failed " 1531 "verification\n", tls );
1563 for ( i = 0 ; i < (
sizeof ( dh_val ) /
sizeof ( dh_val[0] ) ) ; i++ ){
1565 if ( (
sizeof ( *dh_val[i] ) > remaining ) ||
1566 (
ntohs ( dh_val[i]->
len ) > ( remaining -
1567 sizeof ( *dh_val[i] ) ) )){
1568 DBGC ( tls,
"TLS %p received underlength " 1569 "ServerKeyExchange\n", tls );
1575 frag_len = (
sizeof ( *dh_val[i] ) +
ntohs ( dh_val[i]->
len ));
1577 remaining -= frag_len;
1587 sizeof (
private ) ) ) != 0 ) {
1593 typeof ( dh_val[0] ) dh_p = dh_val[0];
1594 typeof ( dh_val[1] ) dh_g = dh_val[1];
1595 typeof ( dh_val[2] ) dh_ys = dh_val[2];
1604 typeof ( *key_xchg ) key_xchg;
1609 dynamic =
malloc (
sizeof ( *dynamic ) );
1614 pre_master_secret = dynamic->pre_master_secret;
1615 key_xchg = &dynamic->key_xchg;
1616 key_xchg->type_length =
1618 htonl (
sizeof ( *key_xchg ) -
1619 sizeof ( key_xchg->type_length ) ) );
1620 key_xchg->dh_xs_len =
htons (
len );
1624 dh_g->data,
ntohs ( dh_g->len ),
1625 dh_ys->data,
ntohs ( dh_ys->len ),
1626 private, sizeof (
private ),
1628 pre_master_secret ) ) != 0 ) {
1629 DBGC ( tls,
"TLS %p could not calculate DHE key: %s\n",
1635 while (
len && ( ! *pre_master_secret ) ) {
1636 pre_master_secret++;
1645 sizeof ( *key_xchg ) ) ) !=0){
1646 goto err_send_handshake;
1686 ( ecdh->public_len > ( tls->
server_key_len - sizeof ( *ecdh ) ))){
1687 DBGC ( tls,
"TLS %p received underlength ServerKeyExchange\n",
1692 param_len = (
sizeof ( *ecdh ) + ecdh->public_len );
1700 DBGC ( tls,
"TLS %p unsupported curve type %d\n",
1701 tls, ecdh->curve_type );
1707 DBGC ( tls,
"TLS %p unsupported named curve %d\n",
1708 tls,
ntohs ( ecdh->named_curve ) );
1715 DBGC ( tls,
"TLS %p invalid %s key\n",
1734 sizeof (
private ) ) ) != 0){
1739 if ( (
rc = elliptic_multiply ( curve->
curve,
1740 ecdh->public,
private,
1741 pre_master_secret ) ) != 0 ) {
1742 DBGC ( tls,
"TLS %p could not exchange ECDHE key: %s\n",
1751 key_xchg.type_length =
1753 htonl (
sizeof ( key_xchg ) -
1754 sizeof ( key_xchg.type_length ) ) );
1755 key_xchg.public_len =
len;
1756 if ( (
rc = elliptic_multiply ( curve->
curve,
NULL,
private,
1757 key_xchg.public ) ) != 0 ) {
1758 DBGC ( tls,
"TLS %p could not generate ECDHE key: %s\n",
1765 sizeof ( key_xchg ) ) ) !=0){
1792 DBGC ( tls,
"TLS %p could not exchange keys: %s\n",
1799 DBGC ( tls,
"TLS %p could not generate keys: %s\n",
1828 DBGC ( tls,
"TLS %p could not initialise %s client private " 1830 goto err_pubkey_init;
1837 DBGC ( tls,
"TLS %p could not identify (%s,%s) " 1838 "signature and hash algorithm\n", tls,
1848 int use_sig_hash = ( ( sig_hash ==
NULL ) ? 0 : 1 );
1860 certificate_verify.signature );
1863 DBGC ( tls,
"TLS %p could not sign %s digest using %s " 1864 "client private key: %s\n", tls,
digest->
name,
1866 goto err_pubkey_sign;
1871 certificate_verify.type_length =
1873 htonl (
sizeof ( certificate_verify ) -
1874 sizeof ( certificate_verify.type_length ) -
1876 if ( use_sig_hash ) {
1877 memcpy ( &certificate_verify.sig_hash[0],
1879 sizeof ( certificate_verify.sig_hash[0] ) );
1881 certificate_verify.signature_len =
1882 htons (
sizeof ( certificate_verify.signature ) -
1887 (
sizeof ( certificate_verify ) -
unused ) );
1892 pubkey_final ( pubkey,
ctx );
1904 static const struct {
1911 &change_cipher,
sizeof ( change_cipher ) );
1933 "client finished", digest_out, sizeof ( digest_out ) );
1936 memset ( &finished, 0,
sizeof ( finished ) );
1938 htonl (
sizeof ( finished ) -
1939 sizeof ( finished.type_length ) ) );
1941 sizeof ( finished.verify_data ) );
1945 sizeof ( finished ) ) ) != 0 )
1970 if ( (
sizeof ( *change_cipher ) !=
len ) ||
1972 DBGC ( tls,
"TLS %p received invalid Change Cipher\n", tls );
1976 iob_pull ( iobuf,
sizeof ( *change_cipher ) );
1981 DBGC ( tls,
"TLS %p could not activate RX cipher: %s\n",
2008 DBGC ( tls,
"TLS %p received overlength Alert\n", tls );
2015 switch (
alert->level ) {
2017 DBGC ( tls,
"TLS %p received warning alert %d\n",
2018 tls,
alert->description );
2021 DBGC ( tls,
"TLS %p received fatal alert %d\n",
2022 tls,
alert->description );
2025 DBGC ( tls,
"TLS %p received unknown alert level %d" 2026 "(alert %d)\n", tls,
alert->level,
alert->description );
2045 DBGC ( tls,
"TLS %p ignoring Hello Request\n", tls );
2051 DBGC ( tls,
"TLS %p refusing to renegotiate insecurely\n",
2071 const void *
data,
size_t len ) {
2104 if ( (
sizeof ( *hello_a ) >
len ) ||
2105 ( hello_a->session_id_len > (
len - sizeof ( *hello_a ) ) ) ||
2106 (
sizeof ( *hello_b ) > (
len -
sizeof ( *hello_a ) -
2107 hello_a->session_id_len ) ) ) {
2108 DBGC ( tls,
"TLS %p received underlength Server Hello\n", tls );
2112 session_id = hello_a->session_id;
2113 hello_b = ( (
void * ) ( session_id + hello_a->session_id_len ) );
2116 remaining = (
len -
sizeof ( *hello_a ) - hello_a->session_id_len -
2117 sizeof ( *hello_b ) );
2121 exts = ( (
void * ) hello_b->next );
2122 if ( (
sizeof ( *exts ) > remaining ) ||
2123 ( ( exts_len =
ntohs ( exts->len ) ) >
2124 ( remaining -
sizeof ( *exts ) ) ) ) {
2125 DBGC ( tls,
"TLS %p received underlength extensions\n",
2132 for (
ext = ( (
void * ) exts->data ), remaining = exts_len ;
2134 ext = ( ( (
void * )
ext ) + sizeof ( *
ext ) + ext_len ),
2135 remaining -= (
sizeof ( *
ext ) + ext_len ) ) {
2138 if ( (
sizeof ( *
ext ) > remaining ) ||
2139 ( ( ext_len =
ntohs (
ext->len ) ) >
2140 ( remaining - sizeof ( *
ext ) ) ) ) {
2141 DBGC ( tls,
"TLS %p received underlength " 2142 "extension\n", tls );
2148 switch (
ext->type ) {
2150 reneg = ( (
void * )
ext->data );
2151 if ( (
sizeof ( *reneg ) > ext_len ) ||
2153 ( ext_len - sizeof ( *reneg ) ) ) ) {
2154 DBGC ( tls,
"TLS %p received " 2155 "underlength renegotiation " 2168 DBGC ( tls,
"TLS %p does not support protocol version %d.%d\n",
2173 DBGC ( tls,
"TLS %p server attempted to illegally upgrade to " 2174 "protocol version %d.%d\n",
2179 DBGC ( tls,
"TLS %p using protocol version %d.%d\n",
2195 if ( hello_a->session_id_len &&
2201 DBGC ( tls,
"TLS %p resuming session ID:\n", tls );
2209 if ( hello_a->session_id_len &&
2210 ( hello_a->session_id_len <= sizeof ( tls->
session_id ))){
2214 DBGC ( tls,
"TLS %p new session ID:\n", tls );
2224 if ( ( reneg ==
NULL ) ||
2225 ( reneg->len != sizeof ( tls->
verify ) ) ||
2227 sizeof ( tls->
verify ) ) != 0 ) ) {
2228 DBGC ( tls,
"TLS %p server failed secure " 2229 "renegotiation\n", tls );
2233 }
else if ( reneg !=
NULL ) {
2236 if ( reneg->len != 0 ) {
2237 DBGC ( tls,
"TLS %p server provided non-empty initial " 2238 "renegotiation\n", tls );
2256 const void *
data,
size_t len ) {
2265 if (
sizeof ( *new_session_ticket ) >
len ) {
2266 DBGC ( tls,
"TLS %p received underlength New Session Ticket\n",
2271 ticket_len =
ntohs ( new_session_ticket->len );
2272 if ( ticket_len > (
len -
sizeof ( *new_session_ticket ) ) ) {
2273 DBGC ( tls,
"TLS %p received overlength New Session Ticket\n",
2291 DBGC ( tls,
"TLS %p new session ticket:\n", tls );
2307 const void *
data,
size_t len ) {
2308 size_t remaining =
len;
2317 if ( ! tls->
chain ) {
2319 goto err_alloc_chain;
2323 while ( remaining ) {
2328 size_t certificate_len;
2333 if (
sizeof ( *certificate ) > remaining ) {
2334 DBGC ( tls,
"TLS %p underlength certificate:\n", tls );
2337 goto err_underlength;
2339 certificate_len =
tls_uint24 ( &certificate->length );
2340 if ( certificate_len > ( remaining -
sizeof ( *certificate ) )){
2341 DBGC ( tls,
"TLS %p overlength certificate:\n", tls );
2344 goto err_overlength;
2346 record_len = (
sizeof ( *certificate ) + certificate_len );
2350 certificate_len ) ) != 0 ) {
2351 DBGC ( tls,
"TLS %p could not append certificate: %s\n",
2357 DBGC ( tls,
"TLS %p found certificate %s\n",
2362 remaining -= record_len;
2385 const void *
data,
size_t len ) {
2390 size_t certificates_len;
2394 if (
sizeof ( *certificate ) >
len ) {
2395 DBGC ( tls,
"TLS %p received underlength Server Certificate\n",
2400 certificates_len =
tls_uint24 ( &certificate->length );
2401 if ( certificates_len > (
len -
sizeof ( *certificate ) ) ) {
2402 DBGC ( tls,
"TLS %p received overlength Server Certificate\n",
2410 certificates_len ) ) != 0 )
2425 const void *
data,
size_t len ) {
2472 DBGC ( tls,
"TLS %p could not find certificate corresponding " 2473 "to private key\n", tls );
2478 DBGC ( tls,
"TLS %p selected client certificate %s\n",
2483 if ( ! tls->
certs ) {
2494 goto err_auto_append;
2520 const void *
data,
size_t len ) {
2527 if (
sizeof ( *hello_done ) !=
len ) {
2528 DBGC ( tls,
"TLS %p received overlength Server Hello Done\n",
2536 tls->
root ) ) != 0 ) {
2537 DBGC ( tls,
"TLS %p could not start certificate validation: " 2555 const void *
data,
size_t len ) {
2565 if (
sizeof ( *finished ) !=
len ) {
2566 DBGC ( tls,
"TLS %p received overlength Finished\n", tls );
2575 "server finished", digest_out, sizeof ( digest_out ) );
2578 DBGC ( tls,
"TLS %p verification failed\n", tls );
2597 sizeof (
session->master_secret ) );
2636 while ( ( remaining =
iob_len ( iobuf ) ) ) {
2642 const void *payload;
2647 if (
sizeof ( *handshake ) > remaining ) {
2651 payload_len =
tls_uint24 ( &handshake->length );
2652 if ( payload_len > ( remaining -
sizeof ( *handshake ) ) ) {
2656 payload = &handshake->payload;
2657 record_len = (
sizeof ( *handshake ) + payload_len );
2660 switch ( handshake->type ) {
2691 DBGC ( tls,
"TLS %p ignoring handshake type %d\n",
2692 tls, handshake->type );
2751 DBGC ( tls,
"TLS %p could not deliver data: " 2794 DBGC ( tls,
"TLS %p unknown record type %d\n", tls,
type );
2801 list_add ( &(*iobuf)->list, rx_data );
2804 DBGC ( tls,
"TLS %p could not concatenate non-data record " 2805 "type %d\n", tls,
type );
2807 goto err_concatenate;
2811 if ( (
rc = handler ( tls, *iobuf ) ) != 0 )
2864 const void *
data,
size_t len ) {
2895 const void *
data,
size_t len,
void *hmac ) {
2937 const void *
data,
size_t len ) {
2949 size_t plaintext_len;
2951 size_t ciphertext_len;
2960 sizeof (
iv.record ) ) ) != 0 ) {
2972 if ( is_block_cipher ( cipher ) ) {
2973 padding_len = ( ( ( cipher->
blocksize - 1 ) &
2974 -( plaintext_len + 1 ) ) + 1 );
2978 plaintext_len += padding_len;
2981 plaintext =
malloc ( plaintext_len );
2982 if ( ! plaintext ) {
2983 DBGC ( tls,
"TLS %p could not allocate %zd bytes for " 2984 "plaintext\n", tls, plaintext_len );
2997 memset (
tmp, ( padding_len - 1 ), padding_len );
2999 assert (
tmp == ( plaintext + plaintext_len ) );
3000 DBGC2 ( tls,
"Sending plaintext data:\n" );
3001 DBGC2_HD ( tls, plaintext, plaintext_len );
3004 cipher_setiv ( cipher, cipherspec->
cipher_ctx, &
iv, sizeof (
iv ) );
3007 if ( is_auth_cipher ( cipher ) ) {
3009 NULL, sizeof ( authhdr ) );
3013 ciphertext_len = (
sizeof ( *tlshdr ) +
sizeof (
iv.record ) +
3014 plaintext_len + cipher->
authsize );
3016 if ( ! ciphertext ) {
3017 DBGC ( tls,
"TLS %p could not allocate %zd bytes for " 3018 "ciphertext\n", tls, ciphertext_len );
3020 goto err_ciphertext;
3024 tlshdr =
iob_put ( ciphertext,
sizeof ( *tlshdr ) );
3027 tlshdr->
length =
htons ( ciphertext_len -
sizeof ( *tlshdr ) );
3029 sizeof (
iv.record ) );
3031 iob_put ( ciphertext, plaintext_len ), plaintext_len );
3032 cipher_auth ( cipher, cipherspec->
cipher_ctx,
3043 DBGC ( tls,
"TLS %p could not deliver ciphertext: %s\n",
3080 padding = ( iobuf->
tail - 1 );
3084 DBGC ( tls,
"TLS %p received underlength padding\n", tls );
3088 for ( i = 0 ; i <
pad ; i++ ) {
3089 if ( *(--padding) !=
pad ) {
3090 DBGC ( tls,
"TLS %p received bad padding\n", tls );
3138 DBGC ( tls,
"TLS %p received underlength IV\n", tls );
3145 len -=
sizeof (
iv.record );
3149 DBGC ( tls,
"TLS %p received underlength authentication tag\n",
3165 cipher_setiv ( cipher, cipherspec->
cipher_ctx, &
iv, sizeof (
iv ) );
3168 if ( is_auth_cipher ( cipher ) ) {
3170 NULL, sizeof ( authhdr ) );
3178 check_len +=
iob_len ( iobuf );
3183 if ( is_block_cipher ( cipher ) ) {
3195 DBGC ( tls,
"TLS %p received underlength MAC\n", tls );
3204 DBGC2 ( tls,
"Received plaintext data:\n" );
3208 check_len +=
iob_len ( iobuf );
3215 tls_hmac_list ( cipherspec, &authhdr, rx_data, verify_mac );
3218 cipher_auth ( cipher, cipherspec->
cipher_ctx, verify_auth );
3222 DBGC ( tls,
"TLS %p failed MAC verification\n", tls );
3228 DBGC ( tls,
"TLS %p failed authentication tag verification\n",
3352 reserve = ( ( -iv_len ) & ( cipher->
alignsize - 1 ) );
3353 remaining += reserve;
3357 while ( remaining ) {
3363 frag_len = remaining;
3366 remaining -= frag_len;
3368 frag_len += remaining;
3375 DBGC ( tls,
"TLS %p could not allocate %zd of %zd " 3376 "bytes for receive buffer\n", tls,
3565 DBGC ( tls,
"TLS %p certificate validation failed: %s\n",
3569 DBGC ( tls,
"TLS %p certificate validation succeeded\n", tls );
3577 DBGC ( tls,
"TLS %p server certificate does not match %s: %s\n",
3583 if ( (
rc = pubkey_init ( pubkey, cipherspec->
pubkey_ctx,
3586 DBGC ( tls,
"TLS %p cannot initialise public key: %s\n",
3668 DBGC ( tls,
"TLS %p could not send Client Hello: %s\n",
3676 DBGC ( tls,
"TLS %p cold not send Certificate: %s\n",
3684 DBGC ( tls,
"TLS %p could not send Client Key " 3692 DBGC ( tls,
"TLS %p could not send Certificate " 3700 DBGC ( tls,
"TLS %p could not send Change Cipher: " 3707 DBGC ( tls,
"TLS %p could not activate TX cipher: " 3716 DBGC ( tls,
"TLS %p could not send Finished: %s\n",
3768 DBGC ( tls,
"TLS %p joining session %s\n", tls,
name );
3781 name_copy = ( ( (
void * )
session ) +
sizeof ( *session ) );
3792 DBGC ( tls,
"TLS %p created session %s\n", tls,
name );
3822 tls =
malloc (
sizeof ( *tls ) );
3827 memset ( tls, 0,
sizeof ( *tls ) );
Transport Layer Security Protocol.
#define cpu_to_be16(value)
struct tls_verify_data verify
Verification data.
void * memswap(void *first, void *second, size_t len)
Swap memory regions.
static void free_tls(struct refcnt *refcnt)
Free TLS connection.
static void x509_chain_put(struct x509_chain *chain)
Drop reference to X.509 certificate chain.
#define iob_pull(iobuf, len)
static int tls_send_certificate(struct tls_connection *tls)
Transmit Certificate record.
void hmac_init(struct digest_algorithm *digest, void *ctx, const void *key, size_t key_len)
Initialise HMAC.
An object interface operation.
#define EPERM_CLIENT_CERT
size_t blocksize
Block size.
struct digest_algorithm * digest
Digest algorithm.
struct asn1_cursor raw
Raw public key information.
struct arbelprm_rc_send_wqe rc
static void tls_tx_resume_all(struct tls_session *session)
Resume TX state machine for all connections within a session.
void xfer_window_changed(struct interface *intf)
Report change of flow control window.
void intf_close(struct interface *intf, int rc)
Close an object interface.
struct x509_chain * chain
Server certificate chain.
static void tls_validator_done(struct tls_connection *tls, int rc)
Handle certificate validation completion.
static void privkey_put(struct private_key *key)
Drop reference to private key.
void intf_restart(struct interface *intf, int rc)
Shut down and restart an object interface.
struct tls_cipher_suite tls_cipher_suite_null
Null cipher suite.
static int tls_select_cipher(struct tls_connection *tls, unsigned int cipher_suite)
Select next cipher suite.
struct pending_operation client_negotiation
Client security negotiation pending operation.
#define iob_put(iobuf, len)
struct process process
TX process.
#define TLS_NUM_CIPHER_SUITES
Number of supported cipher suites.
void intf_shutdown(struct interface *intf, int rc)
Shut down an object interface.
static void tls_tx_resume(struct tls_connection *tls)
Resume TX state machine.
static int tls_new_ciphertext(struct tls_connection *tls, struct tls_header *tlshdr, struct list_head *rx_data)
Receive new ciphertext record.
static int tls_newdata_process_header(struct tls_connection *tls)
Handle received TLS header.
#define TLS_RENEGOTIATION_INFO
int xfer_deliver_iob(struct interface *intf, struct io_buffer *iobuf)
Deliver datagram as I/O buffer without metadata.
struct x509_certificate * certstore_find_key(struct private_key *key)
Find certificate in store corresponding to a private key.
struct x509_chain certstore
Certificate store.
struct tls_session * session
Session.
static struct tls_named_curve * tls_find_named_curve(unsigned int named_curve)
Identify named curve.
static struct x509_certificate * x509_get(struct x509_certificate *cert)
Get reference to X.509 certificate.
struct tls_key_exchange_algorithm * exchange
Key exchange algorithm.
struct io_buffer rx_header_iobuf
Current received record header (static I/O buffer)
uint8_t record_iv_len
Record initialisation vector length.
static unsigned long tls_uint24(const tls24_t *field24)
Extract 24-bit field value.
static void tls_restart(struct tls_connection *tls)
Restart negotiation.
#define TLS_NUM_NAMED_CURVES
Number of supported named curves.
int dhe_key(const void *modulus, size_t len, const void *generator, size_t generator_len, const void *partner, size_t partner_len, const void *private, size_t private_len, void *public, void *shared)
Calculate Diffie-Hellman key.
static struct pubkey_algorithm * tls_signature_hash_pubkey(struct tls_signature_hash_id code)
Find TLS signature algorithm.
struct stp_switch root
Root switch.
#define list_add(new, head)
Add a new entry to the head of a list.
uint32_t next
Next descriptor address.
uint16_t spec
ENA specification version.
struct list_head links
List of links.
static struct tls_cipher_suite * tls_find_cipher_suite(unsigned int cipher_suite)
Identify cipher suite.
#define EPERM_KEY_EXCHANGE
#define ref_init(refcnt, free)
Initialise a reference counter.
struct refcnt refcnt
Reference counter.
uint64_t rx_seq
RX sequence number.
static void tls_verify_handshake(struct tls_connection *tls, void *out)
Calculate handshake verification hash.
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
static int rbg_generate(const void *additional, size_t additional_len, int prediction_resist, void *data, size_t len)
Generate bits using RBG.
static int tls_send_client_key_exchange_pubkey(struct tls_connection *tls)
Transmit Client Key Exchange record using public key exchange.
static int tls_cipherstream_deliver(struct tls_connection *tls, struct io_buffer *iobuf, struct xfer_metadata *xfer __unused)
Receive new ciphertext.
uint16_t max_len
Maximum length (in bytes)
void free_iob(struct io_buffer *iobuf)
Free I/O buffer.
struct io_buffer * alloc_iob_raw(size_t len, size_t align, size_t offset)
Allocate I/O buffer with specified alignment and offset.
static int tls_add_handshake(struct tls_connection *tls, const void *data, size_t len)
Add handshake record to verification hash.
int x509_append_raw(struct x509_chain *chain, const void *data, size_t len)
Append X.509 certificate to X.509 certificate chain.
static void tls_generate_master_secret(struct tls_connection *tls, const void *pre_master_secret, size_t pre_master_secret_len)
Generate master secret.
static LIST_HEAD(tls_sessions)
List of TLS session.
size_t alignsize
Alignment size.
static struct interface_operation tls_plainstream_ops[]
TLS plaintext stream interface operations.
void pending_put(struct pending_operation *pending)
Mark an operation as no longer pending.
struct x509_root root_certificates
Root certificates.
struct asn1_algorithm * signature_algorithm
Signature algorithm.
const void * data
Start of data.
size_t new_session_ticket_len
Length of new session ticket.
#define TLS_VERSION_TLS_1_2
TLS version 1.2.
int x509_append(struct x509_chain *chain, struct x509_certificate *cert)
Append X.509 certificate to X.509 certificate chain.
static struct private_key * privkey_get(struct private_key *key)
Get reference to private key.
uint8_t server_random[32]
Server random bytes.
uint8_t session_id[32]
Session ID.
FILE_LICENCE(GPL2_OR_LATER)
struct tls_header rx_header
Current received record header.
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
static void x509_root_put(struct x509_root *root)
Drop reference to X.509 root certificate list.
#define EINVAL_HELLO_DONE
struct x509_root * root
Root of trust.
unsigned long long uint64_t
struct io_buffer * xfer_alloc_iob(struct interface *intf, size_t len)
Allocate I/O buffer.
struct eltorito_descriptor_fixed fixed
Fixed portion.
struct pubkey_algorithm pubkey_null
struct tls_key_exchange_algorithm tls_pubkey_exchange_algorithm
Public key exchange algorithm.
uint32_t data_len
Microcode data size (or 0 to indicate 2000 bytes)
static struct digest_algorithm * tls_signature_hash_digest(struct tls_signature_hash_id code)
Find TLS hash algorithm.
static struct interface_operation tls_validator_ops[]
TLS certificate validator interface operations.
#define va_copy(dest, src)
#define TLS_SERVER_HELLO_DONE
#define PROC_DESC_ONCE(object_type, process, _step)
Define a process descriptor for a process that runs only once.
static void tls_close(struct tls_connection *tls, int rc)
Finish with TLS connection.
#define TLS_CERTIFICATE_REQUEST
uint8_t mac[ETH_ALEN]
MAC address.
static void md5_sha1_final(void *ctx, void *out)
Generate MD5+SHA1 digest.
A TLS cipher specification.
static void iob_populate(struct io_buffer *iobuf, void *data, size_t len, size_t max_len)
Create a temporary I/O buffer.
#define EINVAL_CERTIFICATE
static void free_tls_session(struct refcnt *refcnt)
Free TLS session.
const char * name
Algorithm name.
struct pubkey_algorithm * pubkey
Public-key encryption algorithm.
static void md5_sha1_init(void *ctx)
Initialise MD5+SHA1 algorithm.
#define list_last_entry(list, type, member)
Get the container of the last entry in a list.
void process_del(struct process *process)
Remove process from process list.
size_t xfer_window(struct interface *intf)
Check flow control window.
size_t ctxsize
Context size.
static void tls_hmac_final(struct tls_cipherspec *cipherspec, void *ctx, void *hmac)
Finalise HMAC.
static struct interface_descriptor tls_cipherstream_desc
TLS ciphertext stream interface descriptor.
A doubly-linked list entry (or list head)
#define TLS_MAX_FRAGMENT_LENGTH
static int tls_send_handshake(struct tls_connection *tls, const void *data, size_t len)
Transmit Handshake record.
Data transfer interfaces.
size_t len
Length of data.
static struct asn1_cursor * privkey_cursor(struct private_key *key)
Get private key ASN.1 cursor.
uint32_t pending
Pending events.
static struct interface_descriptor tls_validator_desc
TLS certificate validator interface descriptor.
#define EINVAL_CHANGE_CIPHER
#define list_empty(list)
Test whether a list is empty.
static void tls_hmac_list(struct tls_cipherspec *cipherspec, struct tls_auth_header *authhdr, struct list_head *list, void *hmac)
Calculate HMAC over list of I/O buffers.
struct pubkey_algorithm * pubkey
Public-key algorithm (if applicable)
#define cipher_encrypt(cipher, ctx, src, dst, len)
#define list_first_entry(list, type, member)
Get the container of the first entry in a list.
enum tls_rx_state rx_state
RX state.
size_t authsize
Authentication tag size.
#define list_del(list)
Delete an entry from a list.
static int tls_send_client_key_exchange_ecdhe(struct tls_connection *tls)
Transmit Client Key Exchange record using ECDHE key exchange.
static int tls_new_hello_request(struct tls_connection *tls, const void *data __unused, size_t len __unused)
Receive new Hello Request handshake record.
#define ENOMEM
Not enough space.
#define iob_disown(iobuf)
Disown an I/O buffer.
#define TLS_NAMED_CURVE_TYPE
TLS named curved type.
uint8_t * handshake_ctx
Digest algorithm context used for handshake verification.
struct tls_cipherspec tx_cipherspec
Current TX cipher specification.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static void tls_hmac_update_va(struct digest_algorithm *digest, void *ctx, va_list args)
Update HMAC with a list of ( data, len ) pairs.
int(* exchange)(struct tls_connection *tls)
Transmit Client Key Exchange record.
REQUIRE_OBJECT(config_crypto)
static int tls_newdata_process_data(struct tls_connection *tls)
Handle received TLS data payload.
int create_validator(struct interface *job, struct x509_chain *chain, struct x509_root *root)
Instantiate a certificate validator.
#define TLS_TYPE_CHANGE_CIPHER
Change cipher content type.
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
#define container_of(ptr, type, field)
Get containing structure.
static struct tls_signature_hash_algorithm * tls_signature_hash_algorithm(struct pubkey_algorithm *pubkey, struct digest_algorithm *digest)
Find TLS signature and hash algorithm.
Keyed-Hashing for Message Authentication.
struct ntlm_data session
Session key.
#define TLS_RX_ALIGN
RX I/O buffer alignment.
void * new_session_ticket
New session ticket.
static int tls_progress(struct tls_connection *tls, struct job_progress *progress)
Report job progress.
static int tls_send_change_cipher(struct tls_connection *tls)
Transmit Change Cipher record.
void * cipher_ctx
Bulk encryption cipher context.
static void tls_tx_step(struct tls_connection *tls)
TLS TX state machine.
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
static void struct digest_algorithm * digest
HMAC-MD5 digest.
#define TLS_SESSION_TICKET
static int tls_new_session_ticket(struct tls_connection *tls, const void *data, size_t len)
Receive New Session Ticket handshake record.
#define list_add_tail(new, head)
Add a new entry to the tail of a list.
struct tls_cipher_suite * suite
Cipher suite.
struct x509_chain * certs
Client certificate chain (if used)
static void tls_hmac_update(struct tls_cipherspec *cipherspec, void *ctx, const void *data, size_t len)
Update HMAC.
struct digest_algorithm * digest
MAC digest algorithm.
static void tls_prf(struct tls_connection *tls, const void *secret, size_t secret_len, void *out, size_t out_len,...)
Generate secure pseudo-random data.
struct pending_operation validation
Certificate validation pending operation.
struct list_head list
List of connections within the same session.
uint32_t gmt_unix_time
GMT Unix time.
#define be16_to_cpu(value)
u32 link
Link to next descriptor.
uint8_t fixed_iv_len
Fixed initialisation vector length.
char * strcpy(char *dest, const char *src)
Copy string.
A TLS signature algorithm.
static int is_pending(struct pending_operation *pending)
Check if an operation is pending.
static int tls_new_alert(struct tls_connection *tls, struct io_buffer *iobuf)
Receive new Alert record.
static struct x509_root * x509_root_get(struct x509_root *root)
Get reference to X.509 root certificate list.
uint8_t master_secret[48]
Master secret.
struct list_head list
List of sessions.
static void tls_hmac_init(struct tls_cipherspec *cipherspec, void *ctx, struct tls_auth_header *authhdr)
Initialise HMAC.
#define TLS_ALERT_WARNING
#define ENOMEM_TX_CIPHERTEXT
static int tls_send_client_key_exchange(struct tls_connection *tls)
Transmit Client Key Exchange record.
static int tls_new_data(struct tls_connection *tls, struct list_head *rx_data)
Receive new data record.
static void struct digest_algorithm const void const void size_t signature_len
const char * name
Curve name.
static int tls_new_change_cipher(struct tls_connection *tls, struct io_buffer *iobuf)
Receive new Change Cipher record.
#define TLS_RX_BUFSIZE
RX I/O buffer size.
#define list_for_each_entry_safe(pos, tmp, head, member)
Iterate over entries in a list, safe against deletion of the current entry.
#define cpu_to_le32(value)
#define TLS_NAMED_CURVES
TLS named curve table.
static struct digest_algorithm md5_sha1_algorithm
Hybrid MD5+SHA1 digest algorithm.
pseudo_bit_t value[0x00020]
struct x509_public_key public_key
Public key information.
void process_add(struct process *process)
Add process to process list.
#define ENOTCONN
The socket is not connected.
struct io_buffer * iob_concatenate(struct list_head *list)
Concatenate I/O buffers into a single buffer.
An object interface descriptor.
#define TLS_NUM_SIG_HASH_ALGORITHMS
Number of supported signature and hash algorithms.
#define TLS_HELLO_REQUEST
#define iob_unput(iobuf, len)
A link in an X.509 certificate chain.
static void hmac_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Update HMAC.
static struct x509_certificate * x509_last(struct x509_chain *chain)
Get last certificate in X.509 certificate chain.
static int tls_send_plaintext(struct tls_connection *tls, unsigned int type, const void *data, size_t len)
Send plaintext record.
pseudo_bit_t hash[0x00010]
Hash algorithm.
struct tls_client_random client_random
Client random bytes.
char * strerror(int errno)
Retrieve string representation of error number.
static void(* free)(struct refcnt *refcnt))
struct interface cipherstream
Ciphertext stream.
void * zalloc(size_t size)
Allocate cleared memory.
static int tls_new_finished(struct tls_connection *tls, const void *data, size_t len)
Receive new Finished handshake record.
void * server_key
Server Key Exchange record (if any)
struct x509_subject subject
Subject.
uint8_t hash
Hash algorithm.
#define ref_get(refcnt)
Get additional reference to object.
struct digest_algorithm digest_null
struct elliptic_curve * curve
Elliptic curve.
static size_t iob_len(struct io_buffer *iobuf)
Calculate length of data in an I/O buffer.
static struct interface_operation tls_cipherstream_ops[]
TLS ciphertext stream interface operations.
#define INTF_OP(op_type, object_type, op_func)
Define an object interface operation.
struct golan_eq_context ctx
static int tls_new_server_hello(struct tls_connection *tls, const void *data, size_t len)
Receive new Server Hello handshake record.
#define for_each_table_entry(pointer, table)
Iterate through all entries within a linker table.
uint8_t mac_len
MAC length.
long int random(void)
Generate a pseudo-random number between 0 and 2147483647L or 2147483562?
void * pubkey_ctx
Public key encryption context.
static size_t iob_tailroom(struct io_buffer *iobuf)
Calculate available space at end of an I/O buffer.
int xfer_deliver(struct interface *intf, struct io_buffer *iobuf, struct xfer_metadata *meta)
Deliver datagram.
size_t strlen(const char *src)
Get length of string.
static int tls_verify_dh_params(struct tls_connection *tls, size_t param_len)
Verify Diffie-Hellman parameter signature.
An RSA digestInfo prefix.
uint8_t signature
Signature algorithm.
Data transfer interface opening.
#define EPERM_RENEG_VERIFY
#define TLS_SIG_HASH_ALGORITHMS
TLS signature hash algorithm table.
REQUIRING_SYMBOL(add_tls)
struct private_key * key
Private key.
uint16_t hello
Hello time.
static int tls_change_cipher(struct tls_connection *tls, struct tls_cipherspec *pending, struct tls_cipherspec *active)
Activate next cipher suite.
static void process_init_stopped(struct process *process, struct process_descriptor *desc, struct refcnt *refcnt)
Initialise process without adding to process list.
u32 lifetime
For Lifetime-type KDEs, the lifetime in seconds.
size_t ctxsize
Context size.
#define cipher_decrypt(cipher, ctx, src, dst, len)
uint32_t last
Length to read in last segment, or zero.
struct tls_cipherspec rx_cipherspec
Current RX cipher specification.
void * malloc(size_t size)
Allocate memory.
static int tls_plainstream_deliver(struct tls_connection *tls, struct io_buffer *iobuf, struct xfer_metadata *meta __unused)
Deliver datagram as raw data.
static int tls_new_certificate_request(struct tls_connection *tls, const void *data __unused, size_t len __unused)
Receive new Certificate Request handshake record.
#define TLS_RX_MIN_BUFSIZE
Minimum RX I/O buffer size.
struct cipher_algorithm cipher_null
u32 version
Driver version.
Cryptographic configuration.
struct tls_signature_hash_id code
Numeric code.
#define TLS_NEW_SESSION_TICKET
uint16_t ext
Extended status.
struct tls_cipherspec tx_cipherspec_pending
Next TX cipher specification.
#define TLS_VERSION_MAX
Maximum supported TLS version.
#define TLS_SERVER_NAME_HOST_NAME
uint8_t client[12]
Client verification data.
struct pending_operation server_negotiation
Server security negotiation pending operation.
An X.509 root certificate list.
#define __unused
Declare a variable or data structure as unused.
#define TLS_TYPE_HANDSHAKE
Handshake content type.
struct list_head rx_data
List of received data buffers.
unsigned int tx_pending
TX pending transmissions.
RSA public-key cryptography.
static struct interface_descriptor tls_plainstream_desc
TLS plaintext stream interface descriptor.
#define iob_reserve(iobuf, len)
static int tls_generate_keys(struct tls_connection *tls)
Generate key material.
void intf_insert(struct interface *intf, struct interface *upper, struct interface *lower)
Insert a filter interface.
#define INIT_LIST_HEAD(list)
Initialise a list head.
#define INTF_DESC(object_type, intf, operations)
Define an object interface descriptor.
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
static int tls_version(struct tls_connection *tls, unsigned int version)
Check for TLS version.
static int tls_send_certificate_verify(struct tls_connection *tls)
Transmit Certificate Verify record.
#define EPERM_RENEG_INSECURE
struct digest_algorithm * handshake_digest
Digest algorithm used for handshake verification.
uint8_t random[28]
Random data.
static int tls_client_hello(struct tls_connection *tls, int(*action)(struct tls_connection *tls, const void *data, size_t len))
Digest or transmit Client Hello record.
#define ENOMEM_TX_PLAINTEXT
static void tls_hmac(struct tls_cipherspec *cipherspec, struct tls_auth_header *authhdr, const void *data, size_t len, void *hmac)
Calculate HMAC.
struct list_head list
List of which this buffer is a member.
uint8_t code
Response code.
static int tls_new_handshake(struct tls_connection *tls, struct io_buffer *iobuf)
Receive new Handshake record.
static int tls_parse_chain(struct tls_connection *tls, const void *data, size_t len)
Parse certificate chain.
struct interface validator
Certificate validator.
uint32_t type
Operating system type.
uint8_t unused[32]
Unused.
int x509_auto_append(struct x509_chain *chain, struct x509_chain *certs)
Append X.509 certificates to X.509 certificate chain.
size_t ctxsize
Context size.
#define TLS_SERVER_KEY_EXCHANGE
static struct process_descriptor tls_process_desc
TLS TX process descriptor.
static void const void * iv
__builtin_va_list va_list
int strcmp(const char *first, const char *second)
Compare strings.
size_t digestsize
Digest size.
const char * name
Algorithm name.
uint8_t sha1[SHA1_CTX_SIZE]
SHA-1 context.
static void x509_put(struct x509_certificate *cert)
Drop reference to X.509 certificate.
struct digest_algorithm * handshake
Handshake digest algorithm (for TLSv1.2 and above)
static void alert(const char *fmt,...)
Print alert message.
void * data
Start of data.
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
Ephemeral Diffie-Hellman key exchange.
struct tls_cipherspec rx_cipherspec_pending
Next RX cipher specification.
int job_progress(struct interface *intf, struct job_progress *progress)
Get job progress.
#define ENOMEM_CERTIFICATE
A message digest algorithm.
uint16_t version
Protocol version.
#define cpu_to_be64(value)
uint8_t data[48]
Additional event data.
static void tls_clear_handshake(struct tls_connection *tls)
Clear handshake digest algorithm.
uint8_t server[12]
Server verification data.
struct io_buffer * rx_handshake
Received handshake fragment.
A TLS key exchange algorithm.
struct digest_algorithm * digest
Digest algorithm.
void hmac_final(struct digest_algorithm *digest, void *ctx, void *hmac)
Finalise HMAC.
static void tls_clear_cipher(struct tls_connection *tls, struct tls_cipherspec *cipherspec)
uint8_t md5[MD5_CTX_SIZE]
MD5 context.
#define INTF_DESC_PASSTHRU(object_type, intf, operations, passthru)
Define an object interface descriptor with pass-through interface.
static void tls_set_uint24(tls24_t *field24, unsigned long value)
Set 24-bit field value.
static int tls_new_record(struct tls_connection *tls, unsigned int type, struct list_head *rx_data)
Receive new record.
struct cipher_algorithm * cipher
Bulk encryption cipher algorithm.
struct tls_key_exchange_algorithm tls_ecdhe_exchange_algorithm
Ephemeral Elliptic Curve Diffie-Hellman key exchange algorithm.
struct list_head conn
List of connections.
static size_t tls_cipherstream_window(struct tls_connection *tls)
Check flow control window.
int secure_renegotiation
Secure renegotiation flag.
static int tls_send_finished(struct tls_connection *tls)
Transmit Finished record.
typeof(acpi_finder=acpi_find)
ACPI table finder.
#define EINVAL_KEY_EXCHANGE
static int tls_new_certificate(struct tls_connection *tls, const void *data, size_t len)
Receive new Certificate handshake record.
struct pubkey_algorithm * pubkey
Public-key algorithm.
static void tls_p_hash_va(struct tls_connection *tls, struct digest_algorithm *digest, const void *secret, size_t secret_len, void *out, size_t out_len, va_list seeds)
Generate secure pseudo-random data using a single hash function.
static int tls_session(struct tls_connection *tls, const char *name)
Find or create session for TLS connection.
void * dynamic
Dynamically-allocated storage.
static int tls_send_client_hello(struct tls_connection *tls)
Transmit Client Hello record.
#define va_start(ap, last)
static int tls_generate_random(struct tls_connection *tls, void *data, size_t len)
Generate random data.
struct rsa_digestinfo_prefix rsa_md5_sha1_prefix __rsa_digestinfo_prefix
RSA digestInfo prefix for MD5+SHA1 algorithm.
#define EINVAL_CERTIFICATES
struct asn1_cursor raw
Raw certificate.
#define TLS_MAX_FRAGMENT_LENGTH_4096
static int tls_ready(struct tls_connection *tls)
Determine if TLS connection is ready for application data.
const char * name
Server name.
A TLS signature and hash algorithm identifier.
static void intf_init(struct interface *intf, struct interface_descriptor *desc, struct refcnt *refcnt)
Initialise an object interface.
const char * name
Algorithm name.
#define TLS_CERTIFICATE_VERIFY
#define TLS_TYPE_DATA
Application data content type.
size_t session_id_len
Length of session ID.
#define TLS_TYPE_ALERT
Alert content type.
static int tls_verify_padding(struct tls_connection *tls, struct io_buffer *iobuf)
Verify block padding.
struct interface plainstream
Plaintext stream.
#define TLS_VERSION_MIN
Minimum TLS version.
struct tls_key_exchange_algorithm tls_dhe_exchange_algorithm
Ephemeral Diffie-Hellman key exchange algorithm.
uint64_t time
Current time.
int memcmp(const void *first, const void *second, size_t len)
Compare memory regions.
static int tls_set_cipher(struct tls_connection *tls, struct tls_cipherspec *cipherspec, struct tls_cipher_suite *suite)
Set cipher suite.
#define NULL
NULL pointer (VOID *)
static int tls_select_handshake(struct tls_connection *tls, struct digest_algorithm *digest)
Select handshake digest algorithm.
#define tls_prf_label(tls, secret, secret_len, out, out_len, label,...)
Generate secure pseudo-random data.
#define TLS_CIPHER_SUITES
TLS cipher suite table.
#define TLS_CLIENT_KEY_EXCHANGE
void pending_get(struct pending_operation *pending)
Mark an operation as pending.
struct bofm_section_header done
void * fixed_iv
Fixed initialisation vector.
uint32_t first
Length to skip in first segment.
static int tls_new_server_hello_done(struct tls_connection *tls, const void *data, size_t len)
Receive new Server Hello Done handshake record.
int add_tls(struct interface *xfer, const char *name, struct x509_root *root, struct private_key *key)
Add TLS on an interface.
static void md5_sha1_update(void *ctx, const void *data, size_t len)
Accumulate data with MD5+SHA1 algorithm.
#define TLS_SIGNATURE_ALGORITHMS
static int tls_new_server_key_exchange(struct tls_connection *tls, const void *data, size_t len)
Receive new Server Key Exchange handshake record.
const char * name
Algorithm name.
struct digest_algorithm md5_algorithm
MD5 algorithm.
static size_t tls_plainstream_window(struct tls_connection *tls)
Check flow control window.
#define ref_put(refcnt)
Drop reference to object.
static int tls_send_client_key_exchange_dhe(struct tls_connection *tls)
Transmit Client Key Exchange record using DHE key exchange.
uint16_t code
Numeric code (in network-endian order)
static int tls_new_unknown(struct tls_connection *tls __unused, struct io_buffer *iobuf)
Receive new unknown record.
struct digest_algorithm sha1_algorithm
SHA-1 algorithm.
void * mac_secret
MAC secret.
uint64_t tx_seq
TX sequence number.
void * memset(void *dest, int character, size_t len) __nonnull
size_t server_key_len
Server Key Exchange record length.
#define TLS_CHANGE_CIPHER_SPEC
Change cipher spec magic byte.
uint8_t key_len
Key length.