projects / project / luci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #278 from nmav/ocserv
[project/luci.git] / libs / nixio / axTLS / ssl / tls1_clnt.c
1 /*
2 * Copyright (c) 2007, Cameron Rich
3 *
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * * Neither the name of the axTLS project nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 #include <stdlib.h>
32 #include <string.h>
33 #include <time.h>
34 #include <stdio.h>
35
36 #include "ssl.h"
37
38 #ifdef CONFIG_SSL_ENABLE_CLIENT /* all commented out if no client */
39
40 static int send_client_hello(SSL *ssl);
41 static int process_server_hello(SSL *ssl);
42 static int process_server_hello_done(SSL *ssl);
43 static int send_client_key_xchg(SSL *ssl);
44 static int process_cert_req(SSL *ssl);
45 static int send_cert_verify(SSL *ssl);
46
47 /*
48 * Establish a new SSL connection to an SSL server.
49 */
50 EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
51 uint8_t *session_id, uint8_t sess_id_size)
52 {
53 SSL *ssl;
54 int ret;
55
56 SOCKET_BLOCK(client_fd); /* ensure blocking mode */
57 ssl = ssl_new(ssl_ctx, client_fd);
58
59 if (session_id && ssl_ctx->num_sessions)
60 {
61 if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */
62 {
63 ssl_free(ssl);
64 return NULL;
65 }
66
67 memcpy(ssl->session_id, session_id, sess_id_size);
68 ssl->sess_id_size = sess_id_size;
69 SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */
70 }
71
72 SET_SSL_FLAG(SSL_IS_CLIENT);
73 ret = do_client_connect(ssl);
74 return ssl;
75 }
76
77 /*
78 * Process the handshake record.
79 */
80 int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
81 {
82 int ret = SSL_OK;
83
84 /* To get here the state must be valid */
85 switch (handshake_type)
86 {
87 case HS_SERVER_HELLO:
88 ret = process_server_hello(ssl);
89 break;
90
91 case HS_CERTIFICATE:
92 ret = process_certificate(ssl, &ssl->x509_ctx);
93 break;
94
95 case HS_SERVER_HELLO_DONE:
96 if ((ret = process_server_hello_done(ssl)) == SSL_OK)
97 {
98 if (IS_SET_SSL_FLAG(SSL_HAS_CERT_REQ))
99 {
100 if ((ret = send_certificate(ssl)) == SSL_OK &&
101 (ret = send_client_key_xchg(ssl)) == SSL_OK)
102 {
103 send_cert_verify(ssl);
104 }
105 }
106 else
107 {
108 ret = send_client_key_xchg(ssl);
109 }
110
111 if (ret == SSL_OK &&
112 (ret = send_change_cipher_spec(ssl)) == SSL_OK)
113 {
114 ret = send_finished(ssl);
115 }
116 }
117 break;
118
119 case HS_CERT_REQ:
120 ret = process_cert_req(ssl);
121 break;
122
123 case HS_FINISHED:
124 ret = process_finished(ssl, hs_len);
125 disposable_free(ssl); /* free up some memory */
126 break;
127
128 case HS_HELLO_REQUEST:
129 disposable_new(ssl);
130 ret = do_client_connect(ssl);
131 break;
132 }
133
134 return ret;
135 }
136
137 /*
138 * Do the handshaking from the beginning.
139 */
140 int do_client_connect(SSL *ssl)
141 {
142 int ret = SSL_OK;
143
144 send_client_hello(ssl); /* send the client hello */
145 ssl->bm_read_index = 0;
146 ssl->next_state = HS_SERVER_HELLO;
147 ssl->hs_status = SSL_NOT_OK; /* not connected */
148 x509_free(ssl->x509_ctx);
149
150 /* sit in a loop until it all looks good */
151 while (ssl->hs_status != SSL_OK)
152 {
153 ret = basic_read(ssl, NULL);
154
155 if (ret < SSL_OK)
156 {
157 if (ret != SSL_ERROR_CONN_LOST)
158 {
159 /* let the server know we are dying and why */
160 if (send_alert(ssl, ret))
161 {
162 /* something nasty happened, so get rid of it */
163 kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
164 }
165 }
166
167 break;
168 }
169 }
170
171 ssl->hs_status = ret; /* connected? */
172 return ret;
173 }
174
175 /*
176 * Send the initial client hello.
177 */
178 static int send_client_hello(SSL *ssl)
179 {
180 uint8_t *buf = ssl->bm_data;
181 time_t tm = time(NULL);
182 uint8_t *tm_ptr = &buf[6]; /* time will go here */
183 int i, offset;
184
185 buf[0] = HS_CLIENT_HELLO;
186 buf[1] = 0;
187 buf[2] = 0;
188 /* byte 3 is calculated later */
189 buf[4] = 0x03;
190 buf[5] = 0x01;
191
192 /* client random value - spec says that 1st 4 bytes are big endian time */
193 *tm_ptr++ = (uint8_t)(((long)tm & 0xff000000) >> 24);
194 *tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16);
195 *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
196 *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
197 get_random(SSL_RANDOM_SIZE-4, &buf[10]);
198 memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
199 offset = 6 + SSL_RANDOM_SIZE;
200
201 /* give session resumption a go */
202 if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME)) /* set initially by user */
203 {
204 buf[offset++] = ssl->sess_id_size;
205 memcpy(&buf[offset], ssl->session_id, ssl->sess_id_size);
206 offset += ssl->sess_id_size;
207 CLR_SSL_FLAG(SSL_SESSION_RESUME); /* clear so we can set later */
208 }
209 else
210 {
211 /* no session id - because no session resumption just yet */
212 buf[offset++] = 0;
213 }
214
215 buf[offset++] = 0; /* number of ciphers */
216 buf[offset++] = NUM_PROTOCOLS*2;/* number of ciphers */
217
218 /* put all our supported protocols in our request */
219 for (i = 0; i < NUM_PROTOCOLS; i++)
220 {
221 buf[offset++] = 0; /* cipher we are using */
222 buf[offset++] = ssl_prot_prefs[i];
223 }
224
225 buf[offset++] = 1; /* no compression */
226 buf[offset++] = 0;
227 buf[3] = offset - 4; /* handshake size */
228
229 return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
230 }
231
232 /*
233 * Process the server hello.
234 */
235 static int process_server_hello(SSL *ssl)
236 {
237 uint8_t *buf = ssl->bm_data;
238 int pkt_size = ssl->bm_index;
239 int version = (buf[4] << 4) + buf[5];
240 int num_sessions = ssl->ssl_ctx->num_sessions;
241 uint8_t sess_id_size;
242 int offset, ret = SSL_OK;
243
244 /* check that we are talking to a TLSv1 server */
245 if (version != 0x31)
246 return SSL_ERROR_INVALID_VERSION;
247
248 /* get the server random value */
249 memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
250 offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
251 sess_id_size = buf[offset++];
252
253 if (num_sessions)
254 {
255 ssl->session = ssl_session_update(num_sessions,
256 ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
257 memcpy(ssl->session->session_id, &buf[offset], sess_id_size);
258
259 /* pad the rest with 0's */
260 if (sess_id_size < SSL_SESSION_ID_SIZE)
261 {
262 memset(&ssl->session->session_id[sess_id_size], 0,
263 SSL_SESSION_ID_SIZE-sess_id_size);
264 }
265 }
266
267 memcpy(ssl->session_id, &buf[offset], sess_id_size);
268 ssl->sess_id_size = sess_id_size;
269 offset += sess_id_size;
270
271 /* get the real cipher we are using */
272 ssl->cipher = buf[++offset];
273 ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ?
274 HS_FINISHED : HS_CERTIFICATE;
275
276 offset++; // skip the compr
277 PARANOIA_CHECK(pkt_size, offset);
278 ssl->dc->bm_proc_index = offset+1;
279
280 error:
281 return ret;
282 }
283
284 /**
285 * Process the server hello done message.
286 */
287 static int process_server_hello_done(SSL *ssl)
288 {
289 ssl->next_state = HS_FINISHED;
290 return SSL_OK;
291 }
292
293 /*
294 * Send a client key exchange message.
295 */
296 static int send_client_key_xchg(SSL *ssl)
297 {
298 uint8_t *buf = ssl->bm_data;
299 uint8_t premaster_secret[SSL_SECRET_SIZE];
300 int enc_secret_size = -1;
301
302 buf[0] = HS_CLIENT_KEY_XCHG;
303 buf[1] = 0;
304
305 premaster_secret[0] = 0x03; /* encode the version number */
306 premaster_secret[1] = 0x01;
307 get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]);
308 DISPLAY_RSA(ssl, ssl->x509_ctx->rsa_ctx);
309
310 /* rsa_ctx->bi_ctx is not thread-safe */
311 SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
312 enc_secret_size = RSA_encrypt(ssl->x509_ctx->rsa_ctx, premaster_secret,
313 SSL_SECRET_SIZE, &buf[6], 0);
314 SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
315
316 buf[2] = (enc_secret_size + 2) >> 8;
317 buf[3] = (enc_secret_size + 2) & 0xff;
318 buf[4] = enc_secret_size >> 8;
319 buf[5] = enc_secret_size & 0xff;
320
321 generate_master_secret(ssl, premaster_secret);
322 return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, enc_secret_size+6);
323 }
324
325 /*
326 * Process the certificate request.
327 */
328 static int process_cert_req(SSL *ssl)
329 {
330 uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
331 int ret = SSL_OK;
332 int offset = (buf[2] << 4) + buf[3];
333 int pkt_size = ssl->bm_index;
334
335 /* don't do any processing - we will send back an RSA certificate anyway */
336 ssl->next_state = HS_SERVER_HELLO_DONE;
337 SET_SSL_FLAG(SSL_HAS_CERT_REQ);
338 ssl->dc->bm_proc_index += offset;
339 PARANOIA_CHECK(pkt_size, offset);
340 error:
341 return ret;
342 }
343
344 /*
345 * Send a certificate verify message.
346 */
347 static int send_cert_verify(SSL *ssl)
348 {
349 uint8_t *buf = ssl->bm_data;
350 uint8_t dgst[MD5_SIZE+SHA1_SIZE];
351 RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
352 int n = 0, ret;
353
354 DISPLAY_RSA(ssl, rsa_ctx);
355
356 buf[0] = HS_CERT_VERIFY;
357 buf[1] = 0;
358
359 finished_digest(ssl, NULL, dgst); /* calculate the digest */
360
361 /* rsa_ctx->bi_ctx is not thread-safe */
362 if (rsa_ctx)
363 {
364 SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
365 n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
366 SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
367
368 if (n == 0)
369 {
370 ret = SSL_ERROR_INVALID_KEY;
371 goto error;
372 }
373 }
374
375 buf[4] = n >> 8; /* add the RSA size (not officially documented) */
376 buf[5] = n & 0xff;
377 n += 2;
378 buf[2] = n >> 8;
379 buf[3] = n & 0xff;
380 ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n+4);
381
382 error:
383 return ret;
384 }
385
386 #endif /* CONFIG_SSL_ENABLE_CLIENT */
Lua Configuration Interface (mirror)