Lines Matching full:conn
23 static int tls_process_client_key_exchange(struct tlsv1_server *conn, u8 ct,
25 static int tls_process_change_cipher_spec(struct tlsv1_server *conn,
30 static int testing_cipher_suite_filter(struct tlsv1_server *conn, u16 suite)
33 if ((conn->test_flags &
49 static void tls_process_status_request_item(struct tlsv1_server *conn,
86 conn->status_request_multi = 1;
90 static void tls_process_status_request_v2(struct tlsv1_server *conn,
95 conn->status_request_v2 = 1;
115 tls_process_status_request_item(conn, pos, len);
121 static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct,
132 tlsv1_server_log(conn, "Expected Handshake; received content type 0x%x",
134 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
147 tlsv1_server_log(conn, "Received unexpected handshake message %d (expected ClientHello)",
149 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
153 tlsv1_server_log(conn, "Received ClientHello");
171 conn->client_version = WPA_GET_BE16(pos);
172 tlsv1_server_log(conn, "Client version %d.%d",
173 conn->client_version >> 8,
174 conn->client_version & 0xff);
175 if (conn->client_version < TLS_VERSION_1) {
176 tlsv1_server_log(conn, "Unexpected protocol version in ClientHello %u.%u",
177 conn->client_version >> 8,
178 conn->client_version & 0xff);
179 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
186 conn->rl.tls_version = TLS_VERSION_1;
188 else if (conn->client_version >= TLS_VERSION_1_2)
189 conn->rl.tls_version = TLS_VERSION_1_2;
191 else if (conn->client_version > TLS_VERSION_1_1)
192 conn->rl.tls_version = TLS_VERSION_1_1;
194 conn->rl.tls_version = conn->client_version;
195 tlsv1_server_log(conn, "Using TLS v%s",
196 tls_version_str(conn->rl.tls_version));
202 os_memcpy(conn->client_random, pos, TLS_RANDOM_LEN);
205 conn->client_random, TLS_RANDOM_LEN);
230 for (i = 0; !cipher_suite && i < conn->num_cipher_suites; i++) {
231 if (testing_cipher_suite_filter(conn, conn->cipher_suites[i]))
237 if (!cipher_suite && tmp == conn->cipher_suites[i]) {
245 tlsv1_server_log(conn, "No supported cipher suite available");
246 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
251 if (tlsv1_record_set_cipher_suite(&conn->rl, cipher_suite) < 0) {
254 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
259 conn->cipher_suite = cipher_suite;
275 tlsv1_server_log(conn, "Client does not accept NULL compression");
276 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
282 tlsv1_server_log(conn, "Unexpected extra octet in the end of ClientHello: 0x%02x",
292 tlsv1_server_log(conn, "%u bytes of ClientHello extensions",
295 tlsv1_server_log(conn, "Invalid ClientHello extension list length %u (expected %u)",
309 tlsv1_server_log(conn, "Invalid extension_type field");
317 tlsv1_server_log(conn, "Invalid extension_data length field");
325 tlsv1_server_log(conn, "Invalid extension_data field");
329 tlsv1_server_log(conn, "ClientHello Extension type %u",
335 os_free(conn->session_ticket);
336 conn->session_ticket = os_malloc(ext_len);
337 if (conn->session_ticket) {
338 os_memcpy(conn->session_ticket, pos,
340 conn->session_ticket_len = ext_len;
343 conn->status_request = 1;
345 tls_process_status_request_v2(conn, pos,
355 tlsv1_server_log(conn, "ClientHello OK - proceed to ServerHello");
356 conn->state = SERVER_HELLO;
361 tlsv1_server_log(conn, "Failed to decode ClientHello");
362 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
368 static int tls_process_certificate(struct tlsv1_server *conn, u8 ct,
378 tlsv1_server_log(conn, "Expected Handshake; received content type 0x%x",
380 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
389 tlsv1_server_log(conn, "Too short Certificate message (len=%lu)",
391 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
402 tlsv1_server_log(conn, "Unexpected Certificate message length (len=%lu != left=%lu)",
404 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
410 if (conn->verify_peer) {
411 tlsv1_server_log(conn, "Client did not include Certificate");
412 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
417 return tls_process_client_key_exchange(conn, ct, in_data,
421 tlsv1_server_log(conn, "Received unexpected handshake message %d (expected Certificate/ClientKeyExchange)",
423 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
428 tlsv1_server_log(conn, "Received Certificate (certificate_list len %lu)",
442 tlsv1_server_log(conn, "Too short Certificate (left=%lu)",
444 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
453 tlsv1_server_log(conn, "Unexpected certificate_list length (len=%lu left=%lu)",
456 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
464 tlsv1_server_log(conn, "Failed to parse certificate_list");
465 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
475 tlsv1_server_log(conn, "Unexpected certificate length (len=%lu left=%lu)",
478 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
484 tlsv1_server_log(conn, "Certificate %lu (len %lu)",
488 crypto_public_key_free(conn->client_rsa_key);
490 &conn->client_rsa_key)) {
491 tlsv1_server_log(conn, "Failed to parse the certificate");
492 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
501 tlsv1_server_log(conn, "Failed to parse the certificate");
502 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
518 if (x509_certificate_chain_validate(conn->cred->trusted_certs, chain,
521 tlsv1_server_log(conn, "Server certificate chain validation failed (reason=%d)",
546 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, tls_reason);
554 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
564 conn->state = CLIENT_KEY_EXCHANGE;
571 struct tlsv1_server *conn, const u8 *pos, const u8 *end)
580 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
588 tlsv1_server_log(conn, "Invalid ClientKeyExchange format: encr_len=%u left=%u",
590 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
599 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
622 if (crypto_private_key_decrypt_pkcs1_v15(conn->cred->key,
632 tlsv1_server_log(conn, "Unexpected PreMasterSecret length %lu",
637 if (!use_random && WPA_GET_BE16(out) != conn->client_version) {
638 tlsv1_server_log(conn, "Client version in ClientKeyExchange does not match with version in ClientHello");
649 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
656 res = tlsv1_server_derive_keys(conn, out, outlen);
664 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
674 struct tlsv1_server *conn, const u8 *pos, const u8 *end)
693 tlsv1_server_log(conn, "ClientDiffieHellmanPublic received");
700 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
706 tlsv1_server_log(conn, "Invalid client public value length");
707 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
716 tlsv1_server_log(conn, "Client public value overflow (length %d)",
718 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
726 if (conn->cred == NULL || conn->cred->dh_p == NULL ||
727 conn->dh_secret == NULL) {
729 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
734 tlsv1_server_get_dh_p(conn, &dh_p, &dh_p_len);
741 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
747 if (crypto_mod_exp(dh_yc, dh_yc_len, conn->dh_secret,
748 conn->dh_secret_len, dh_p, dh_p_len,
751 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
758 os_memset(conn->dh_secret, 0, conn->dh_secret_len);
759 os_free(conn->dh_secret);
760 conn->dh_secret = NULL;
762 res = tlsv1_server_derive_keys(conn, shared, shared_len);
770 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
779 static int tls_process_client_key_exchange(struct tlsv1_server *conn, u8 ct,
789 tlsv1_server_log(conn, "Expected Handshake; received content type 0x%x",
791 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
800 tlsv1_server_log(conn, "Too short ClientKeyExchange (Left=%lu)",
802 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
813 tlsv1_server_log(conn, "Mismatch in ClientKeyExchange length (len=%lu != left=%lu)",
815 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
823 tlsv1_server_log(conn, "Received unexpected handshake message %d (expected ClientKeyExchange)",
825 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
830 tlsv1_server_log(conn, "Received ClientKeyExchange");
834 suite = tls_get_cipher_suite(conn->rl.cipher_suite);
841 tls_process_client_key_exchange_dh(conn, pos, end) < 0)
845 tls_process_client_key_exchange_rsa(conn, pos, end) < 0)
850 conn->state = CERTIFICATE_VERIFY;
856 static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
867 if (conn->verify_peer) {
868 tlsv1_server_log(conn, "Client did not include CertificateVerify");
869 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
874 return tls_process_change_cipher_spec(conn, ct, in_data,
879 tlsv1_server_log(conn, "Expected Handshake; received content type 0x%x",
881 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
890 tlsv1_server_log(conn, "Too short CertificateVerify message (len=%lu)",
892 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
903 tlsv1_server_log(conn, "Unexpected CertificateVerify message length (len=%lu != left=%lu)",
905 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
913 tlsv1_server_log(conn, "Received unexpected handshake message %d (expected CertificateVerify)",
915 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
920 tlsv1_server_log(conn, "Received CertificateVerify");
931 if (conn->rl.tls_version == TLS_VERSION_1_2) {
943 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
952 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
959 if (conn->verify.sha256_cert == NULL ||
960 crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
962 conn->verify.sha256_cert = NULL;
963 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
967 conn->verify.sha256_cert = NULL;
972 if (conn->verify.md5_cert == NULL ||
973 crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) {
974 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
976 conn->verify.md5_cert = NULL;
977 crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
978 conn->verify.sha1_cert = NULL;
983 conn->verify.md5_cert = NULL;
985 if (conn->verify.sha1_cert == NULL ||
986 crypto_hash_finish(conn->verify.sha1_cert, hpos, &hlen) < 0) {
987 conn->verify.sha1_cert = NULL;
988 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
992 conn->verify.sha1_cert = NULL;
1002 if (tls_verify_signature(conn->rl.tls_version, conn->client_rsa_key,
1004 tlsv1_server_log(conn, "Invalid Signature in CertificateVerify");
1005 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, alert);
1011 conn->state = CHANGE_CIPHER_SPEC;
1017 static int tls_process_change_cipher_spec(struct tlsv1_server *conn,
1025 tlsv1_server_log(conn, "Expected ChangeCipherSpec; received content type 0x%x",
1027 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1036 tlsv1_server_log(conn, "Too short ChangeCipherSpec");
1037 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1043 tlsv1_server_log(conn, "Expected ChangeCipherSpec; received data 0x%x",
1045 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1050 tlsv1_server_log(conn, "Received ChangeCipherSpec");
1051 if (tlsv1_record_change_read_cipher(&conn->rl) < 0) {
1054 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1061 conn->state = CLIENT_FINISHED;
1067 static int tls_process_client_finished(struct tlsv1_server *conn, u8 ct,
1076 if ((conn->test_flags &
1078 !conn->test_failure_reported) {
1079 tlsv1_server_log(conn, "TEST-FAILURE: Client Finished received after invalid ServerKeyExchange");
1080 conn->test_failure_reported = 1;
1083 if ((conn->test_flags & TLS_DHE_PRIME_15) &&
1084 !conn->test_failure_reported) {
1085 tlsv1_server_log(conn, "TEST-FAILURE: Client Finished received after bogus DHE \"prime\" 15");
1086 conn->test_failure_reported = 1;
1089 if ((conn->test_flags & TLS_DHE_PRIME_58B) &&
1090 !conn->test_failure_reported) {
1091 tlsv1_server_log(conn, "TEST-FAILURE: Client Finished received after short 58-bit DHE prime in long container");
1092 conn->test_failure_reported = 1;
1095 if ((conn->test_flags & TLS_DHE_PRIME_511B) &&
1096 !conn->test_failure_reported) {
1097 tlsv1_server_log(conn, "TEST-WARNING: Client Finished received after short 511-bit DHE prime (insecure)");
1098 conn->test_failure_reported = 1;
1101 if ((conn->test_flags & TLS_DHE_PRIME_767B) &&
1102 !conn->test_failure_reported) {
1103 tlsv1_server_log(conn, "TEST-NOTE: Client Finished received after 767-bit DHE prime (relatively insecure)");
1104 conn->test_failure_reported = 1;
1107 if ((conn->test_flags & TLS_DHE_NON_PRIME) &&
1108 !conn->test_failure_reported) {
1109 tlsv1_server_log(conn, "TEST-NOTE: Client Finished received after non-prime claimed as DHE prime");
1110 conn->test_failure_reported = 1;
1115 tlsv1_server_log(conn, "Expected Finished; received content type 0x%x",
1117 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1126 tlsv1_server_log(conn, "Too short record (left=%lu) forFinished",
1128 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1136 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1147 tlsv1_server_log(conn, "Too short buffer for Finished (len=%lu > left=%lu)",
1149 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1155 tlsv1_server_log(conn, "Unexpected verify_data length in Finished: %lu (expected %d)",
1157 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1165 if (conn->rl.tls_version >= TLS_VERSION_1_2) {
1167 if (conn->verify.sha256_client == NULL ||
1168 crypto_hash_finish(conn->verify.sha256_client, hash, &hlen)
1170 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1172 conn->verify.sha256_client = NULL;
1175 conn->verify.sha256_client = NULL;
1180 if (conn->verify.md5_client == NULL ||
1181 crypto_hash_finish(conn->verify.md5_client, hash, &hlen) < 0) {
1182 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1184 conn->verify.md5_client = NULL;
1185 crypto_hash_finish(conn->verify.sha1_client, NULL, NULL);
1186 conn->verify.sha1_client = NULL;
1189 conn->verify.md5_client = NULL;
1191 if (conn->verify.sha1_client == NULL ||
1192 crypto_hash_finish(conn->verify.sha1_client, hash + MD5_MAC_LEN,
1194 conn->verify.sha1_client = NULL;
1195 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1199 conn->verify.sha1_client = NULL;
1206 if (tls_prf(conn->rl.tls_version,
1207 conn->master_secret, TLS_MASTER_SECRET_LEN,
1211 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1219 tlsv1_server_log(conn, "Mismatch in verify_data");
1223 tlsv1_server_log(conn, "Received Finished");
1227 if (conn->use_session_ticket) {
1229 tlsv1_server_log(conn, "Abbreviated handshake completed successfully");
1230 conn->state = ESTABLISHED;
1233 conn->state = SERVER_CHANGE_CIPHER_SPEC;
1240 int tlsv1_server_process_handshake(struct tlsv1_server *conn, u8 ct,
1245 tlsv1_server_log(conn, "Alert underflow");
1246 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1250 tlsv1_server_log(conn, "Received alert %d:%d", buf[0], buf[1]);
1252 conn->state = FAILED;
1256 switch (conn->state) {
1258 if (tls_process_client_hello(conn, ct, buf, len))
1262 if (tls_process_certificate(conn, ct, buf, len))
1266 if (tls_process_client_key_exchange(conn, ct, buf, len))
1270 if (tls_process_certificate_verify(conn, ct, buf, len))
1274 if (tls_process_change_cipher_spec(conn, ct, buf, len))
1278 if (tls_process_client_finished(conn, ct, buf, len))
1282 tlsv1_server_log(conn, "Unexpected state %d while processing received message",
1283 conn->state);
1288 tls_verify_hash_add(&conn->verify, buf, *len);
