28 #if defined(POLARSSL_SSL_CLI_C)
37 #if defined(POLARSSL_SHA4_C)
41 static int ssl_write_client_hello(
ssl_context *ssl )
44 size_t i, n, ext_len = 0;
48 unsigned char sig_alg_list[20];
49 size_t sig_alg_len = 0;
53 if( ssl->
f_rng == NULL )
88 *p++ = (
unsigned char)( t >> 24 );
89 *p++ = (
unsigned char)( t >> 16 );
90 *p++ = (
unsigned char)( t >> 8 );
91 *p++ = (
unsigned char)( t );
95 if( ( ret = ssl->
f_rng( ssl->
p_rng, p, 28 ) ) != 0 )
102 SSL_DEBUG_BUF( 3,
"client hello, random bytes", buf + 6, 32 );
120 *p++ = (
unsigned char) n;
122 for( i = 0; i < n; i++ )
125 SSL_DEBUG_MSG( 3, (
"client hello, session id len.: %d", n ) );
130 *p++ = (
unsigned char)( n >> 7 );
131 *p++ = (
unsigned char)( n << 1 );
143 SSL_DEBUG_MSG( 3, (
"client hello, got %d ciphersuites", n ) );
145 for( i = 0; i < n; i++ )
154 #if defined(POLARSSL_ZLIB_SUPPORT)
155 SSL_DEBUG_MSG( 3, (
"client hello, compress len.: %d", 2 ) );
163 SSL_DEBUG_MSG( 3, (
"client hello, compress len.: %d", 1 ) );
172 SSL_DEBUG_MSG( 3, (
"client hello, prepping for server name extension: %s",
180 SSL_DEBUG_MSG( 3, (
"client hello, prepping for renegotiation extension" ) );
189 #if defined(POLARSSL_SHA4_C)
195 #if defined(POLARSSL_SHA2_C)
201 #if defined(POLARSSL_SHA1_C)
205 #if defined(POLARSSL_MD5_C)
209 ext_len += 6 + sig_alg_len;
212 SSL_DEBUG_MSG( 3, (
"client hello, total extension length: %d",
217 *p++ = (
unsigned char)( ( ext_len >> 8 ) & 0xFF );
218 *p++ = (
unsigned char)( ( ext_len ) & 0xFF );
241 SSL_DEBUG_MSG( 3, (
"client hello, adding server name extension: %s",
247 *p++ = (
unsigned char)( ( (ssl->
hostname_len + 5) >> 8 ) & 0xFF );
248 *p++ = (
unsigned char)( ( (ssl->
hostname_len + 5) ) & 0xFF );
250 *p++ = (
unsigned char)( ( (ssl->
hostname_len + 3) >> 8 ) & 0xFF );
251 *p++ = (
unsigned char)( ( (ssl->
hostname_len + 3) ) & 0xFF );
254 *p++ = (
unsigned char)( ( ssl->
hostname_len >> 8 ) & 0xFF );
266 SSL_DEBUG_MSG( 3, (
"client hello, renegotiation info extension" ) );
298 SSL_DEBUG_MSG( 3, (
"client hello, adding signature_algorithms extension" ) );
303 *p++ = (
unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF );
304 *p++ = (
unsigned char)( ( ( sig_alg_len + 2 ) ) & 0xFF );
306 *p++ = (
unsigned char)( ( sig_alg_len >> 8 ) & 0xFF );
307 *p++ = (
unsigned char)( ( sig_alg_len ) & 0xFF );
309 memcpy( p, sig_alg_list, sig_alg_len );
331 static int ssl_parse_renegotiation_info(
ssl_context *ssl,
339 if( len != 1 || buf[0] != 0x0 )
341 SSL_DEBUG_MSG( 1, (
"non-zero length renegotiated connection field" ) );
361 SSL_DEBUG_MSG( 1, (
"non-matching renegotiated connection field" ) );
373 static int ssl_parse_server_hello(
ssl_context *ssl )
375 #if defined(POLARSSL_DEBUG_C)
381 unsigned char *buf, *ext;
382 int renegotiation_info_seen = 0;
383 int handshake_failure = 0;
429 SSL_DEBUG_MSG( 1, (
"server only supports ssl smaller than minimum"
439 #if defined(POLARSSL_DEBUG_C)
440 t = ( (time_t) buf[6] << 24 )
441 | ( (time_t) buf[7] << 16 )
442 | ( (time_t) buf[8] << 8 )
443 | ( (time_t) buf[9] );
450 SSL_DEBUG_MSG( 3, (
"server hello, current time: %lu", t ) );
451 SSL_DEBUG_BUF( 3,
"server hello, random bytes", buf + 6, 32 );
469 ext_len = ( ( buf[42 + n] << 8 )
472 if( ( ext_len > 0 && ext_len < 4 ) ||
489 i = ( buf[39 + n] << 8 ) | buf[40 + n];
497 SSL_DEBUG_MSG( 3, (
"server hello, session id len.: %d", n ) );
532 SSL_DEBUG_MSG( 3, (
"server hello, chosen ciphersuite: %d", i ) );
533 SSL_DEBUG_MSG( 3, (
"server hello, compress alg.: %d", buf[41 + n] ) );
549 #
if defined(POLARSSL_ZLIB_SUPPORT)
563 unsigned int ext_id = ( ( ext[0] << 8 )
565 unsigned int ext_size = ( ( ext[2] << 8 )
568 if( ext_size + 4 > ext_len )
578 renegotiation_info_seen = 1;
580 if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size ) ) != 0 )
586 SSL_DEBUG_MSG( 3, (
"unknown extension found: %d (ignoring)",
590 ext_len -= 4 + ext_size;
593 if( ext_len > 0 && ext_len < 4 )
606 SSL_DEBUG_MSG( 1, (
"legacy renegotiation, breaking off handshake" ) );
607 handshake_failure = 1;
611 renegotiation_info_seen == 0 )
613 SSL_DEBUG_MSG( 1, (
"renegotiation_info extension missing (secure)" ) );
614 handshake_failure = 1;
621 handshake_failure = 1;
625 renegotiation_info_seen == 1 )
627 SSL_DEBUG_MSG( 1, (
"renegotiation_info extension present (legacy)" ) );
628 handshake_failure = 1;
631 if( handshake_failure == 1 )
644 static int ssl_parse_server_key_exchange(
ssl_context *ssl )
646 #if defined(POLARSSL_DHM_C)
649 unsigned char *p, *end;
650 unsigned char hash[64];
654 unsigned int hashlen = 0;
677 #if !defined(POLARSSL_DHM_C)
715 SSL_DEBUG_MSG( 2, (
"DHM Read Params returned -0x%x", -ret ) );
724 SSL_DEBUG_MSG( 2, (
"server used unsupported SignatureAlgorithm %d", p[1] ) );
731 #if defined(POLARSSL_MD5_C)
736 #if defined(POLARSSL_SHA1_C)
741 #if defined(POLARSSL_SHA2_C)
749 #if defined(POLARSSL_SHA4_C)
758 SSL_DEBUG_MSG( 2, (
"Server used unsupported HashAlgorithm %d", p[0] ) );
763 SSL_DEBUG_MSG( 2, (
"Server used SignatureAlgorithm %d", p[1] ) );
764 SSL_DEBUG_MSG( 2, (
"Server used HashAlgorithm %d", p[0] ) );
768 n = ( p[0] << 8 ) | p[1];
777 if( (
unsigned int)( end - p ) !=
809 n = ssl->
in_hslen - ( end - p ) - 6;
827 #if defined(POLARSSL_SHA4_C)
831 n = ssl->
in_hslen - ( end - p ) - 8;
842 #if defined(POLARSSL_MD5_C)
851 #if defined(POLARSSL_SHA1_C)
860 #if defined(POLARSSL_SHA2_C)
876 #if defined(POLARSSL_SHA4_C)
899 hash_id, hashlen, hash, p ) ) != 0 )
913 static int ssl_parse_certificate_request(
ssl_context *ssl )
916 unsigned char *buf, *p;
918 size_t cert_type_len = 0, sig_alg_len = 0, dn_len = 0;
965 cert_type_len = buf[4];
975 while( cert_type_len > 0 )
995 sig_alg_len = ( ( buf[5 + n] << 8 )
1009 dn_len = ( ( buf[5 + m + n] << 8 )
1010 | ( buf[6 + m + n] ) );
1025 static int ssl_parse_server_hello_done(
ssl_context *ssl )
1060 static int ssl_write_client_key_exchange(
ssl_context *ssl )
1080 #if !defined(POLARSSL_DHM_C)
1089 ssl->
out_msg[4] = (
unsigned char)( n >> 8 );
1090 ssl->
out_msg[5] = (
unsigned char)( n );
1139 ssl->
out_msg[4] = (
unsigned char)( n >> 8 );
1140 ssl->
out_msg[5] = (
unsigned char)( n );
1179 static int ssl_write_certificate_verify(
ssl_context *ssl )
1182 size_t n = 0, offset = 0;
1183 unsigned char hash[48];
1185 unsigned int hashlen = 36;
1263 ssl->
out_msg[4 + offset] = (
unsigned char)( n >> 8 );
1264 ssl->
out_msg[5 + offset] = (
unsigned char)( n );
1270 hashlen, hash, ssl->
out_msg + 6 + offset );
1311 switch( ssl->
state )
1321 ret = ssl_write_client_hello( ssl );
1332 ret = ssl_parse_server_hello( ssl );
1340 ret = ssl_parse_server_key_exchange( ssl );
1344 ret = ssl_parse_certificate_request( ssl );
1348 ret = ssl_parse_server_hello_done( ssl );
1363 ret = ssl_write_client_key_exchange( ssl );
1367 ret = ssl_write_certificate_verify( ssl );
#define SSL_HS_CLIENT_KEY_EXCHANGE
#define SSL_ALERT_LEVEL_FATAL
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS 1.2.
int ssl_send_alert_message(ssl_context *ssl, unsigned char level, unsigned char message)
Send an alert message.
int(* f_rng)(void *, unsigned char *, size_t)
#define TLS_EXT_SERVERNAME_HOSTNAME
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE
Processing of the ServerKeyExchange handshake message failed.
SHA-256 context structure.
#define SSL_DEBUG_RET(level, text, ret)
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE
Processing of the ServerHelloDone handshake message failed.
const int ** ciphersuites
char peer_verify_data[36]
#define SSL_HS_CLIENT_HELLO
void sha1(const unsigned char *input, size_t ilen, unsigned char output[20])
Output = SHA-1( input buffer )
void(* calc_verify)(ssl_context *, unsigned char *)
void sha1_finish(sha1_context *ctx, unsigned char output[20])
SHA-1 final digest.
#define SSL_HS_SERVER_KEY_EXCHANGE
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO
Processing of the ServerHello handshake message failed.
ssl_session * session_negotiate
int ssl_parse_certificate(ssl_context *ssl)
int ssl_parse_finished(ssl_context *ssl)
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
TLS 1.2.
#define SSL_RENEGOTIATION
int ssl_write_finished(ssl_context *ssl)
Configuration options (set of defines)
#define SSL_DEBUG_MSG(level, args)
void ssl_handshake_wrapup(ssl_context *ssl)
#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
void md5_finish(md5_context *ctx, unsigned char output[16])
MD5 final digest.
#define SSL_LEGACY_NO_RENEGOTIATION
#define SSL_MAJOR_VERSION_3
#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
int dhm_read_params(dhm_context *ctx, unsigned char **p, const unsigned char *end)
Parse the ServerKeyExchange parameters.
unsigned char premaster[POLARSSL_MPI_MAX_SIZE]
void sha4_starts(sha4_context *ctx, int is384)
SHA-512 context setup.
#define SSL_CERT_TYPE_RSA_SIGN
#define SSL_HS_CERTIFICATE_REQUEST
#define TLS_RSA_WITH_AES_256_GCM_SHA384
ssl_handshake_params * handshake
#define SSL_MSG_HANDSHAKE
int ssl_write_certificate(ssl_context *ssl)
#define SSL_ALERT_MSG_PROTOCOL_VERSION
#define POLARSSL_ERR_SSL_NO_RNG
No RNG was provided to the SSL module.
int rsa_pkcs1_encrypt(rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t ilen, const unsigned char *input, unsigned char *output)
Generic wrapper to perform a PKCS#1 encryption using the mode from the context.
SHA-384 and SHA-512 cryptographic hash function.
rsa_key_len_func rsa_key_len
#define SSL_MINOR_VERSION_0
#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION
Handshake protocol not within min/max boundaries.
#define SSL_HS_SERVER_HELLO_DONE
#define TLS_DHE_RSA_WITH_DES_CBC_SHA
Weak! Not in TLS 1.2.
int ssl_handshake_client_step(ssl_context *ssl)
void sha4_update(sha4_context *ctx, const unsigned char *input, size_t ilen)
SHA-512 process buffer.
#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE
An unexpected message was received from our peer.
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
void md5_starts(md5_context *ctx)
MD5 context setup.
int ssl_flush_output(ssl_context *ssl)
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA
#define SSL_HS_SERVER_HELLO
#define SSL_COMPRESS_DEFLATE
#define SSL_MINOR_VERSION_3
#define TLS_EXT_RENEGOTIATION_INFO
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST
Processing of the CertificateRequest handshake message failed.
int ssl_parse_change_cipher_spec(ssl_context *ssl)
void sha1_starts(sha1_context *ctx)
SHA-1 context setup.
#define SSL_EMPTY_RENEGOTIATION_INFO
renegotiation info ext
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS 1.2.
#define SSL_DEBUG_BUF(level, text, buf, len)
#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED
The own private key is not set, but needed.
#define SSL_INITIAL_HANDSHAKE
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
void sha2_update(sha2_context *ctx, const unsigned char *input, size_t ilen)
SHA-256 process buffer.
int allow_legacy_renegotiation
#define SSL_COMPRESS_NULL
int dhm_calc_secret(dhm_context *ctx, unsigned char *output, size_t *olen)
Derive and export the shared secret (G^Y)^X mod P.
int ssl_read_record(ssl_context *ssl)
void sha4(const unsigned char *input, size_t ilen, unsigned char output[64], int is384)
Output = SHA-512( input buffer )
#define SSL_HS_CERTIFICATE_VERIFY
#define TLS_EXT_SERVERNAME
int dhm_make_public(dhm_context *ctx, int x_size, unsigned char *output, size_t olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Create own private value X and export G^X.
#define SSL_DEBUG_MPI(level, text, X)
size_t mpi_size(const mpi *X)
Return the total size in bytes.
#define SSL_LEGACY_BREAK_HANDSHAKE
SHA-512 context structure.
#define SSL_LEGACY_RENEGOTIATION
#define SSL_SECURE_RENEGOTIATION
void sha1_update(sha1_context *ctx, const unsigned char *input, size_t ilen)
SHA-1 process buffer.
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA
void md5_update(md5_context *ctx, const unsigned char *input, size_t ilen)
MD5 process buffer.
int ssl_write_change_cipher_spec(ssl_context *ssl)
void sha2(const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
Output = SHA-256( input buffer )
int ssl_derive_keys(ssl_context *ssl)
void sha4_finish(sha4_context *ctx, unsigned char output[64])
SHA-512 final digest.
static int safer_memcmp(const void *a, const void *b, size_t n)
void ssl_optimize_checksum(ssl_context *ssl, int ciphersuite)
int ssl_send_fatal_handshake_failure(ssl_context *ssl)
void sha2_starts(sha2_context *ctx, int is224)
SHA-256 context setup.
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
TLS 1.2.
rsa_context rsa
Container for the RSA context.
void md5(const unsigned char *input, size_t ilen, unsigned char output[16])
Output = MD5( input buffer )
#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE
The requested feature is not available.
#define POLARSSL_ERR_SSL_BAD_INPUT_DATA
Bad input parameters to function.
int ssl_write_record(ssl_context *ssl)
int rsa_pkcs1_verify(rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, int hash_id, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
Generic wrapper to perform a PKCS#1 verification using the mode from the context. ...
unsigned char randbytes[64]
void sha2_finish(sha2_context *ctx, unsigned char output[32])
SHA-256 final digest.