24 static size_t tls_client_cert_chain_der_len(struct tlsv1_client *conn)  in tls_client_cert_chain_der_len()  argument
29 	if (conn->cred == NULL)  in tls_client_cert_chain_der_len()
32 	cert = conn->cred->cert;  in tls_client_cert_chain_der_len()
37 		cert = x509_certificate_get_subject(conn->cred->trusted_certs,  in tls_client_cert_chain_der_len()
45 u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)  in tls_send_client_hello()  argument
51 	u16 tls_version = tls_client_highest_ver(conn);  in tls_send_client_hello()
66 	WPA_PUT_BE32(conn->client_random, now.sec);  in tls_send_client_hello()
67 	if (random_get_bytes(conn->client_random + 4, TLS_RANDOM_LEN - 4)) {  in tls_send_client_hello()
73 		    conn->client_random, TLS_RANDOM_LEN);  in tls_send_client_hello()
75 	len = 150 + conn->num_cipher_suites * 2 + conn->client_hello_ext_len;  in tls_send_client_hello()
98 	os_memcpy(pos, conn->client_random, TLS_RANDOM_LEN);  in tls_send_client_hello()
101 	*pos++ = conn->session_id_len;  in tls_send_client_hello()
102 	os_memcpy(pos, conn->session_id, conn->session_id_len);  in tls_send_client_hello()
103 	pos += conn->session_id_len;  in tls_send_client_hello()
105 	WPA_PUT_BE16(pos, 2 * conn->num_cipher_suites);  in tls_send_client_hello()
107 	for (i = 0; i < conn->num_cipher_suites; i++) {  in tls_send_client_hello()
108 		WPA_PUT_BE16(pos, conn->cipher_suites[i]);  in tls_send_client_hello()
120 	if (conn->rl.tls_version >= TLS_VERSION_1_2) {  in tls_send_client_hello()
144 	if (conn->client_hello_ext) {  in tls_send_client_hello()
145 		os_memcpy(pos, conn->client_hello_ext,  in tls_send_client_hello()
146 			  conn->client_hello_ext_len);  in tls_send_client_hello()
147 		pos += conn->client_hello_ext_len;  in tls_send_client_hello()
150 	if (conn->flags & TLS_CONN_REQUEST_OCSP) {  in tls_send_client_hello()
234 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);  in tls_send_client_hello()
236 	if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,  in tls_send_client_hello()
240 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_send_client_hello()
246 	conn->state = SERVER_HELLO;  in tls_send_client_hello()
252 static int tls_write_client_certificate(struct tlsv1_client *conn,  in tls_write_client_certificate()  argument
261 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_certificate()
283 	cert = conn->cred ? conn->cred->cert : NULL;  in tls_write_client_certificate()
290 			tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_certificate()
301 		cert = x509_certificate_get_subject(conn->cred->trusted_certs,  in tls_write_client_certificate()
304 	if (conn->cred == NULL || cert == conn->cred->cert || cert == NULL) {  in tls_write_client_certificate()
318 	if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,  in tls_write_client_certificate()
322 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_certificate()
328 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);  in tls_write_client_certificate()
336 static int tlsv1_key_x_dh(struct tlsv1_client *conn, u8 **pos, u8 *end)  in tlsv1_key_x_dh()  argument
342 	csecret_len = conn->dh_p_len;  in tlsv1_key_x_dh()
347 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tlsv1_key_x_dh()
354 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tlsv1_key_x_dh()
360 	if (os_memcmp(csecret, conn->dh_p, csecret_len) > 0)  in tlsv1_key_x_dh()
372 	dh_yc_len = conn->dh_p_len;  in tlsv1_key_x_dh()
377 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tlsv1_key_x_dh()
382 	if (crypto_mod_exp(conn->dh_g, conn->dh_g_len,  in tlsv1_key_x_dh()
384 			   conn->dh_p, conn->dh_p_len,  in tlsv1_key_x_dh()
386 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tlsv1_key_x_dh()
397 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tlsv1_key_x_dh()
408 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tlsv1_key_x_dh()
418 	shared_len = conn->dh_p_len;  in tlsv1_key_x_dh()
423 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tlsv1_key_x_dh()
430 	if (crypto_mod_exp(conn->dh_ys, conn->dh_ys_len,  in tlsv1_key_x_dh()
432 			   conn->dh_p, conn->dh_p_len,  in tlsv1_key_x_dh()
434 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tlsv1_key_x_dh()
445 	if (tls_derive_keys(conn, shared, shared_len)) {  in tlsv1_key_x_dh()
447 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tlsv1_key_x_dh()
454 	tlsv1_client_free_dh(conn);  in tlsv1_key_x_dh()
459 static int tlsv1_key_x_rsa(struct tlsv1_client *conn, u8 **pos, u8 *end)  in tlsv1_key_x_rsa()  argument
465 	if (tls_derive_pre_master_secret(conn, pre_master_secret) < 0 ||  in tlsv1_key_x_rsa()
466 	    tls_derive_keys(conn, pre_master_secret,  in tlsv1_key_x_rsa()
469 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tlsv1_key_x_rsa()
475 	if (conn->server_rsa_key == NULL) {  in tlsv1_key_x_rsa()
478 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tlsv1_key_x_rsa()
487 		conn->server_rsa_key,  in tlsv1_key_x_rsa()
493 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tlsv1_key_x_rsa()
506 static int tls_write_client_key_exchange(struct tlsv1_client *conn,  in tls_write_client_key_exchange()  argument
514 	suite = tls_get_cipher_suite(conn->rl.cipher_suite);  in tls_write_client_key_exchange()
538 		if (tlsv1_key_x_dh(conn, &pos, end) < 0)  in tls_write_client_key_exchange()
541 		if (tlsv1_key_x_rsa(conn, &pos, end) < 0)  in tls_write_client_key_exchange()
547 	if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,  in tls_write_client_key_exchange()
551 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_key_exchange()
556 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);  in tls_write_client_key_exchange()
564 static int tls_write_client_certificate_verify(struct tlsv1_client *conn,  in tls_write_client_certificate_verify()  argument
609 	if (conn->rl.tls_version == TLS_VERSION_1_2) {  in tls_write_client_certificate_verify()
611 		if (conn->verify.sha256_cert == NULL ||  in tls_write_client_certificate_verify()
612 		    crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <  in tls_write_client_certificate_verify()
614 			conn->verify.sha256_cert = NULL;  in tls_write_client_certificate_verify()
615 			tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_certificate_verify()
619 		conn->verify.sha256_cert = NULL;  in tls_write_client_certificate_verify()
643 	if (conn->verify.md5_cert == NULL ||  in tls_write_client_certificate_verify()
644 	    crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) {  in tls_write_client_certificate_verify()
645 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_certificate_verify()
647 		conn->verify.md5_cert = NULL;  in tls_write_client_certificate_verify()
648 		crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);  in tls_write_client_certificate_verify()
649 		conn->verify.sha1_cert = NULL;  in tls_write_client_certificate_verify()
654 	conn->verify.md5_cert = NULL;  in tls_write_client_certificate_verify()
656 	if (conn->verify.sha1_cert == NULL ||  in tls_write_client_certificate_verify()
657 	    crypto_hash_finish(conn->verify.sha1_cert, hpos, &hlen) < 0) {  in tls_write_client_certificate_verify()
658 		conn->verify.sha1_cert = NULL;  in tls_write_client_certificate_verify()
659 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_certificate_verify()
663 	conn->verify.sha1_cert = NULL;  in tls_write_client_certificate_verify()
674 	if (conn->rl.tls_version >= TLS_VERSION_1_2) {  in tls_write_client_certificate_verify()
704 	if (conn->cred == NULL ||  in tls_write_client_certificate_verify()
705 	    crypto_private_key_sign_pkcs1(conn->cred->key, hash, hlen,  in tls_write_client_certificate_verify()
708 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_certificate_verify()
718 	if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,  in tls_write_client_certificate_verify()
722 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_certificate_verify()
728 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);  in tls_write_client_certificate_verify()
736 static int tls_write_client_change_cipher_spec(struct tlsv1_client *conn,  in tls_write_client_change_cipher_spec()  argument
746 	if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC,  in tls_write_client_change_cipher_spec()
750 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_change_cipher_spec()
755 	if (tlsv1_record_change_write_cipher(&conn->rl) < 0) {  in tls_write_client_change_cipher_spec()
758 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_change_cipher_spec()
769 static int tls_write_client_finished(struct tlsv1_client *conn,  in tls_write_client_finished()  argument
782 	if (conn->rl.tls_version >= TLS_VERSION_1_2) {  in tls_write_client_finished()
784 		if (conn->verify.sha256_client == NULL ||  in tls_write_client_finished()
785 		    crypto_hash_finish(conn->verify.sha256_client, hash, &hlen)  in tls_write_client_finished()
787 			tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_finished()
789 			conn->verify.sha256_client = NULL;  in tls_write_client_finished()
792 		conn->verify.sha256_client = NULL;  in tls_write_client_finished()
797 	if (conn->verify.md5_client == NULL ||  in tls_write_client_finished()
798 	    crypto_hash_finish(conn->verify.md5_client, hash, &hlen) < 0) {  in tls_write_client_finished()
799 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_finished()
801 		conn->verify.md5_client = NULL;  in tls_write_client_finished()
802 		crypto_hash_finish(conn->verify.sha1_client, NULL, NULL);  in tls_write_client_finished()
803 		conn->verify.sha1_client = NULL;  in tls_write_client_finished()
806 	conn->verify.md5_client = NULL;  in tls_write_client_finished()
808 	if (conn->verify.sha1_client == NULL ||  in tls_write_client_finished()
809 	    crypto_hash_finish(conn->verify.sha1_client, hash + MD5_MAC_LEN,  in tls_write_client_finished()
811 		conn->verify.sha1_client = NULL;  in tls_write_client_finished()
812 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_finished()
816 	conn->verify.sha1_client = NULL;  in tls_write_client_finished()
823 	if (tls_prf(conn->rl.tls_version,  in tls_write_client_finished()
824 		    conn->master_secret, TLS_MASTER_SECRET_LEN,  in tls_write_client_finished()
828 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_finished()
843 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);  in tls_write_client_finished()
845 	if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,  in tls_write_client_finished()
849 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,  in tls_write_client_finished()
860 static u8 * tls_send_client_key_exchange(struct tlsv1_client *conn,  in tls_send_client_key_exchange()  argument
869 	if (conn->certificate_requested)  in tls_send_client_key_exchange()
870 		msglen += tls_client_cert_chain_der_len(conn);  in tls_send_client_key_exchange()
879 	if (conn->certificate_requested) {  in tls_send_client_key_exchange()
880 		if (tls_write_client_certificate(conn, &pos, end) < 0) {  in tls_send_client_key_exchange()
886 	if (tls_write_client_key_exchange(conn, &pos, end) < 0 ||  in tls_send_client_key_exchange()
887 	    (conn->certificate_requested && conn->cred && conn->cred->key &&  in tls_send_client_key_exchange()
888 	     tls_write_client_certificate_verify(conn, &pos, end) < 0) ||  in tls_send_client_key_exchange()
889 	    tls_write_client_change_cipher_spec(conn, &pos, end) < 0 ||  in tls_send_client_key_exchange()
890 	    tls_write_client_finished(conn, &pos, end) < 0) {  in tls_send_client_key_exchange()
897 	conn->state = SERVER_CHANGE_CIPHER_SPEC;  in tls_send_client_key_exchange()
903 static u8 * tls_send_change_cipher_spec(struct tlsv1_client *conn,  in tls_send_change_cipher_spec()  argument
917 	if (tls_write_client_change_cipher_spec(conn, &pos, end) < 0 ||  in tls_send_change_cipher_spec()
918 	    tls_write_client_finished(conn, &pos, end) < 0) {  in tls_send_change_cipher_spec()
927 	if (!conn->session_resumed && conn->use_session_ticket)  in tls_send_change_cipher_spec()
928 		conn->session_resumed = 1;  in tls_send_change_cipher_spec()
929 	conn->state = ESTABLISHED;  in tls_send_change_cipher_spec()
935 u8 * tlsv1_client_handshake_write(struct tlsv1_client *conn, size_t *out_len,  in tlsv1_client_handshake_write()  argument
938 	switch (conn->state) {  in tlsv1_client_handshake_write()
940 		return tls_send_client_key_exchange(conn, out_len);  in tlsv1_client_handshake_write()
942 		return tls_send_change_cipher_spec(conn, out_len);  in tlsv1_client_handshake_write()
946 		conn->state = ESTABLISHED;  in tlsv1_client_handshake_write()
955 			   "generating reply", conn->state);  in tlsv1_client_handshake_write()
961 u8 * tlsv1_client_send_alert(struct tlsv1_client *conn, u8 level,  in tlsv1_client_send_alert()  argument
979 	WPA_PUT_BE16(pos, conn->rl.tls_version ? conn->rl.tls_version :  in tlsv1_client_send_alert()