Lines Matching refs:conn
28 static size_t tls_client_cert_chain_der_len(struct tlsv1_client *conn)
33 if (conn->cred == NULL)
36 cert = conn->cred->cert;
41 cert = x509_certificate_get_subject(conn->cred->trusted_certs,
49 u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
59 WPA_PUT_BE32(conn->client_random, now.sec);
60 if (os_get_random(conn->client_random + 4, TLS_RANDOM_LEN - 4)) {
66 conn->client_random, TLS_RANDOM_LEN);
68 len = 100 + conn->num_cipher_suites * 2 + conn->client_hello_ext_len;
91 os_memcpy(pos, conn->client_random, TLS_RANDOM_LEN);
94 *pos++ = conn->session_id_len;
95 os_memcpy(pos, conn->session_id, conn->session_id_len);
96 pos += conn->session_id_len;
98 WPA_PUT_BE16(pos, 2 * conn->num_cipher_suites);
100 for (i = 0; i < conn->num_cipher_suites; i++) {
101 WPA_PUT_BE16(pos, conn->cipher_suites[i]);
108 if (conn->client_hello_ext) {
109 os_memcpy(pos, conn->client_hello_ext,
110 conn->client_hello_ext_len);
111 pos += conn->client_hello_ext_len;
115 tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
117 if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
120 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
126 conn->state = SERVER_HELLO;
132 static int tls_write_client_certificate(struct tlsv1_client *conn,
158 cert = conn->cred ? conn->cred->cert : NULL;
165 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
176 cert = x509_certificate_get_subject(conn->cred->trusted_certs,
179 if (conn->cred == NULL || cert == conn->cred->cert || cert == NULL) {
193 if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
196 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
202 tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
210 static int tlsv1_key_x_anon_dh(struct tlsv1_client *conn, u8 **pos, u8 *end)
217 csecret_len = conn->dh_p_len;
222 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
229 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
235 if (os_memcmp(csecret, conn->dh_p, csecret_len) > 0)
247 dh_yc_len = conn->dh_p_len;
252 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
257 if (crypto_mod_exp(conn->dh_g, conn->dh_g_len,
259 conn->dh_p, conn->dh_p_len,
261 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
276 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
286 shared_len = conn->dh_p_len;
291 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
298 if (crypto_mod_exp(conn->dh_ys, conn->dh_ys_len,
300 conn->dh_p, conn->dh_p_len,
302 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
313 if (tls_derive_keys(conn, shared, shared_len)) {
315 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
322 tlsv1_client_free_dh(conn);
325 tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_INTERNAL_ERROR);
331 static int tlsv1_key_x_rsa(struct tlsv1_client *conn, u8 **pos, u8 *end)
338 tls_derive_keys(conn, pre_master_secret,
341 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
347 if (conn->server_rsa_key == NULL) {
350 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
359 conn->server_rsa_key,
365 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
378 static int tls_write_client_key_exchange(struct tlsv1_client *conn,
386 suite = tls_get_cipher_suite(conn->rl.cipher_suite);
410 if (tlsv1_key_x_anon_dh(conn, &pos, end) < 0)
413 if (tlsv1_key_x_rsa(conn, &pos, end) < 0)
419 if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
422 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
427 tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
435 static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
482 if (conn->verify.md5_cert == NULL ||
483 crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0)
485 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
487 conn->verify.md5_cert = NULL;
488 crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
489 conn->verify.sha1_cert = NULL;
494 crypto_hash_finish(conn->verify.md5_cert, NULL, NULL);
496 conn->verify.md5_cert = NULL;
498 if (conn->verify.sha1_cert == NULL ||
499 crypto_hash_finish(conn->verify.sha1_cert, hpos, &hlen) < 0) {
500 conn->verify.sha1_cert = NULL;
501 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
505 conn->verify.sha1_cert = NULL;
526 if (conn->cred == NULL ||
527 crypto_private_key_sign_pkcs1(conn->cred->key, hash, hlen,
530 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
540 if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
543 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
549 tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
557 static int tls_write_client_change_cipher_spec(struct tlsv1_client *conn,
569 if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC,
572 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
577 if (tlsv1_record_change_write_cipher(&conn->rl) < 0) {
580 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
591 static int tls_write_client_finished(struct tlsv1_client *conn,
606 if (conn->verify.md5_client == NULL ||
607 crypto_hash_finish(conn->verify.md5_client, hash, &hlen) < 0) {
608 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
610 conn->verify.md5_client = NULL;
611 crypto_hash_finish(conn->verify.sha1_client, NULL, NULL);
612 conn->verify.sha1_client = NULL;
615 conn->verify.md5_client = NULL;
617 if (conn->verify.sha1_client == NULL ||
618 crypto_hash_finish(conn
620 conn->verify.sha1_client = NULL;
621 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
625 conn->verify.sha1_client = NULL;
627 if (tls_prf(conn->master_secret, TLS_MASTER_SECRET_LEN,
631 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
650 tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
652 if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
655 tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
668 static u8 * tls_send_client_key_exchange(struct tlsv1_client *conn,
677 if (conn->certificate_requested)
678 msglen += tls_client_cert_chain_der_len(conn);
687 if (conn->certificate_requested) {
688 if (tls_write_client_certificate(conn, &pos, end) < 0) {
694 if (tls_write_client_key_exchange(conn, &pos, end) < 0 ||
695 (conn->certificate_requested && conn->cred && conn->cred->key &&
696 tls_write_client_certificate_verify(conn, &pos, end) < 0) ||
697 tls_write_client_change_cipher_spec(conn, &pos, end) < 0 ||
698 tls_write_client_finished(conn, &pos, end) < 0) {
705 conn->state = SERVER_CHANGE_CIPHER_SPEC;
711 static u8 * tls_send_change_cipher_spec(struct tlsv1_client *conn,
725 if (tls_write_client_change_cipher_spec(conn, &pos, end) < 0 ||
726 tls_write_client_finished(conn, &pos, end) < 0) {
735 conn->state = ESTABLISHED;
741 u8 * tlsv1_client_handshake_write(struct tlsv1_client *conn, size_t *out_len,
744 switch (conn->state) {
746 return tls_send_client_key_exchange(conn, out_len);
748 return tls_send_change_cipher_spec(conn, out_len);
752 conn->state = ESTABLISHED;
761 "generating reply", conn->state);
767 u8 * tlsv1_client_send_alert(struct tlsv1_client *conn, u8 level,
