2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 #include "tls_server.h"
21 #include <credentials/certificates/x509.h>
23 typedef struct private_tls_server_t private_tls_server_t
;
26 * Size of a session ID
28 #define SESSION_ID_SIZE 16
35 STATE_KEY_EXCHANGE_SENT
,
39 STATE_KEY_EXCHANGE_RECEIVED
,
40 STATE_CERT_VERIFY_RECEIVED
,
41 STATE_CIPHERSPEC_CHANGED_IN
,
42 STATE_FINISHED_RECEIVED
,
43 STATE_CIPHERSPEC_CHANGED_OUT
,
48 * Private data of an tls_server_t object.
50 struct private_tls_server_t
{
53 * Public tls_server_t interface.
75 identification_t
*server
;
78 * Peer identity, NULL for no client authentication
80 identification_t
*peer
;
88 * Hello random data selected by client
90 char client_random
[32];
93 * Hello random data selected by server
95 char server_random
[32];
98 * Auth helper for peer authentication
100 auth_cfg_t
*peer_auth
;
103 * Auth helper for server authentication
105 auth_cfg_t
*server_auth
;
110 private_key_t
*private;
115 diffie_hellman_t
*dh
;
118 * Selected TLS cipher suite
120 tls_cipher_suite_t suite
;
123 * Offered TLS version of the client
125 tls_version_t client_version
;
128 * TLS session identifier
133 * Do we resume a session?
138 * Hash and signature algorithms supported by peer
143 * Elliptic curves supported by peer
148 * Did we receive the curves from the client?
150 bool curves_received
;
154 * Find a cipher suite and a server key
156 static bool select_suite_and_key(private_tls_server_t
*this,
157 tls_cipher_suite_t
*suites
, int count
)
162 key
= lib
->credmgr
->get_private(lib
->credmgr
, KEY_ANY
, this->server
,
166 DBG1(DBG_TLS
, "no usable TLS server certificate found for '%Y'",
170 this->suite
= this->crypto
->select_cipher_suite(this->crypto
,
171 suites
, count
, key
->get_type(key
));
173 { /* no match for this key, try to find another type */
174 if (key
->get_type(key
) == KEY_ECDSA
)
184 this->suite
= this->crypto
->select_cipher_suite(this->crypto
,
185 suites
, count
, type
);
188 DBG1(DBG_TLS
, "received cipher suites inacceptable");
191 this->server_auth
->destroy(this->server_auth
);
192 this->server_auth
= auth_cfg_create();
193 key
= lib
->credmgr
->get_private(lib
->credmgr
, type
, this->server
,
197 DBG1(DBG_TLS
, "received cipher suites inacceptable");
206 * Process client hello message
208 static status_t
process_client_hello(private_tls_server_t
*this,
209 bio_reader_t
*reader
)
211 u_int16_t version
, extension
;
212 chunk_t random
, session
, ciphers
, compression
, ext
= chunk_empty
;
213 bio_reader_t
*extensions
;
214 tls_cipher_suite_t
*suites
;
218 this->crypto
->append_handshake(this->crypto
,
219 TLS_CLIENT_HELLO
, reader
->peek(reader
));
221 if (!reader
->read_uint16(reader
, &version
) ||
222 !reader
->read_data(reader
, sizeof(this->client_random
), &random
) ||
223 !reader
->read_data8(reader
, &session
) ||
224 !reader
->read_data16(reader
, &ciphers
) ||
225 !reader
->read_data8(reader
, &compression
) ||
226 (reader
->remaining(reader
) && !reader
->read_data16(reader
, &ext
)))
228 DBG1(DBG_TLS
, "received invalid ClientHello");
229 this->alert
->add(this->alert
, TLS_FATAL
, TLS_DECODE_ERROR
);
235 extensions
= bio_reader_create(ext
);
236 while (extensions
->remaining(extensions
))
238 if (!extensions
->read_uint16(extensions
, &extension
) ||
239 !extensions
->read_data16(extensions
, &ext
))
241 DBG1(DBG_TLS
, "received invalid ClientHello Extensions");
242 this->alert
->add(this->alert
, TLS_FATAL
, TLS_DECODE_ERROR
);
243 extensions
->destroy(extensions
);
246 DBG2(DBG_TLS
, "received TLS '%N' extension",
247 tls_extension_names
, extension
);
248 DBG3(DBG_TLS
, "%B", &ext
);
251 case TLS_EXT_SIGNATURE_ALGORITHMS
:
252 this->hashsig
= chunk_clone(ext
);
254 case TLS_EXT_ELLIPTIC_CURVES
:
255 this->curves_received
= TRUE
;
256 this->curves
= chunk_clone(ext
);
262 extensions
->destroy(extensions
);
265 memcpy(this->client_random
, random
.ptr
, sizeof(this->client_random
));
267 htoun32(&this->server_random
, time(NULL
));
268 rng
= lib
->crypto
->create_rng(lib
->crypto
, RNG_WEAK
);
270 !rng
->get_bytes(rng
, sizeof(this->server_random
) - 4,
271 this->server_random
+ 4))
273 DBG1(DBG_TLS
, "failed to generate server random");
274 this->alert
->add(this->alert
, TLS_FATAL
, TLS_INTERNAL_ERROR
);
280 if (!this->tls
->set_version(this->tls
, version
))
282 DBG1(DBG_TLS
, "negotiated version %N not supported",
283 tls_version_names
, version
);
284 this->alert
->add(this->alert
, TLS_FATAL
, TLS_PROTOCOL_VERSION
);
288 this->client_version
= version
;
289 this->suite
= this->crypto
->resume_session(this->crypto
, session
, this->peer
,
290 chunk_from_thing(this->client_random
),
291 chunk_from_thing(this->server_random
));
294 this->session
= chunk_clone(session
);
296 DBG1(DBG_TLS
, "resumed %N using suite %N",
297 tls_version_names
, this->tls
->get_version(this->tls
),
298 tls_cipher_suite_names
, this->suite
);
302 count
= ciphers
.len
/ sizeof(u_int16_t
);
303 suites
= alloca(count
* sizeof(tls_cipher_suite_t
));
304 DBG2(DBG_TLS
, "received %d TLS cipher suites:", count
);
305 for (i
= 0; i
< count
; i
++)
307 suites
[i
] = untoh16(&ciphers
.ptr
[i
* sizeof(u_int16_t
)]);
308 DBG2(DBG_TLS
, " %N", tls_cipher_suite_names
, suites
[i
]);
310 if (!select_suite_and_key(this, suites
, count
))
312 this->alert
->add(this->alert
, TLS_FATAL
, TLS_HANDSHAKE_FAILURE
);
315 rng
= lib
->crypto
->create_rng(lib
->crypto
, RNG_STRONG
);
318 rng
->allocate_bytes(rng
, SESSION_ID_SIZE
, &this->session
);
321 DBG1(DBG_TLS
, "negotiated %N using suite %N",
322 tls_version_names
, this->tls
->get_version(this->tls
),
323 tls_cipher_suite_names
, this->suite
);
325 this->state
= STATE_HELLO_RECEIVED
;
330 * Process certificate
332 static status_t
process_certificate(private_tls_server_t
*this,
333 bio_reader_t
*reader
)
340 this->crypto
->append_handshake(this->crypto
,
341 TLS_CERTIFICATE
, reader
->peek(reader
));
343 if (!reader
->read_data24(reader
, &data
))
345 DBG1(DBG_TLS
, "certificate message header invalid");
346 this->alert
->add(this->alert
, TLS_FATAL
, TLS_DECODE_ERROR
);
349 certs
= bio_reader_create(data
);
350 while (certs
->remaining(certs
))
352 if (!certs
->read_data24(certs
, &data
))
354 DBG1(DBG_TLS
, "certificate message invalid");
355 this->alert
->add(this->alert
, TLS_FATAL
, TLS_DECODE_ERROR
);
356 certs
->destroy(certs
);
359 cert
= lib
->creds
->create(lib
->creds
, CRED_CERTIFICATE
, CERT_X509
,
360 BUILD_BLOB_ASN1_DER
, data
, BUILD_END
);
365 this->peer_auth
->add(this->peer_auth
,
366 AUTH_HELPER_SUBJECT_CERT
, cert
);
367 DBG1(DBG_TLS
, "received TLS peer certificate '%Y'",
368 cert
->get_subject(cert
));
373 DBG1(DBG_TLS
, "received TLS intermediate certificate '%Y'",
374 cert
->get_subject(cert
));
375 this->peer_auth
->add(this->peer_auth
, AUTH_HELPER_IM_CERT
, cert
);
380 DBG1(DBG_TLS
, "parsing TLS certificate failed, skipped");
381 this->alert
->add(this->alert
, TLS_WARNING
, TLS_BAD_CERTIFICATE
);
384 certs
->destroy(certs
);
385 this->state
= STATE_CERT_RECEIVED
;
390 * Process Client Key Exchange, using premaster encryption
392 static status_t
process_key_exchange_encrypted(private_tls_server_t
*this,
393 bio_reader_t
*reader
)
395 chunk_t encrypted
, decrypted
;
399 this->crypto
->append_handshake(this->crypto
,
400 TLS_CLIENT_KEY_EXCHANGE
, reader
->peek(reader
));
402 if (!reader
->read_data16(reader
, &encrypted
))
404 DBG1(DBG_TLS
, "received invalid Client Key Exchange");
405 this->alert
->add(this->alert
, TLS_FATAL
, TLS_DECODE_ERROR
);
409 htoun16(premaster
, this->client_version
);
410 /* pre-randomize premaster for failure cases */
411 rng
= lib
->crypto
->create_rng(lib
->crypto
, RNG_WEAK
);
412 if (!rng
|| !rng
->get_bytes(rng
, sizeof(premaster
) - 2, premaster
+ 2))
414 DBG1(DBG_TLS
, "failed to generate premaster secret");
415 this->alert
->add(this->alert
, TLS_FATAL
, TLS_INTERNAL_ERROR
);
422 this->private->decrypt(this->private,
423 ENCRYPT_RSA_PKCS1
, encrypted
, &decrypted
))
425 if (decrypted
.len
== sizeof(premaster
) &&
426 untoh16(decrypted
.ptr
) == this->client_version
)
428 memcpy(premaster
+ 2, decrypted
.ptr
+ 2, sizeof(premaster
) - 2);
432 DBG1(DBG_TLS
, "decrypted premaster has invalid length/version");
434 chunk_clear(&decrypted
);
438 DBG1(DBG_TLS
, "decrypting Client Key Exchange failed");
441 if (!this->crypto
->derive_secrets(this->crypto
, chunk_from_thing(premaster
),
442 this->session
, this->peer
,
443 chunk_from_thing(this->client_random
),
444 chunk_from_thing(this->server_random
)))
446 this->alert
->add(this->alert
, TLS_FATAL
, TLS_INTERNAL_ERROR
);
450 this->state
= STATE_KEY_EXCHANGE_RECEIVED
;
455 * Process client key exchange, using DHE exchange
457 static status_t
process_key_exchange_dhe(private_tls_server_t
*this,
458 bio_reader_t
*reader
)
460 chunk_t premaster
, pub
;
463 this->crypto
->append_handshake(this->crypto
,
464 TLS_CLIENT_KEY_EXCHANGE
, reader
->peek(reader
));
466 ec
= diffie_hellman_group_is_ec(this->dh
->get_dh_group(this->dh
));
467 if ((ec
&& !reader
->read_data8(reader
, &pub
)) ||
468 (!ec
&& (!reader
->read_data16(reader
, &pub
) || pub
.len
== 0)))
470 DBG1(DBG_TLS
, "received invalid Client Key Exchange");
471 this->alert
->add(this->alert
, TLS_FATAL
, TLS_DECODE_ERROR
);
477 if (pub
.ptr
[0] != TLS_ANSI_UNCOMPRESSED
)
479 DBG1(DBG_TLS
, "DH point format '%N' not supported",
480 tls_ansi_point_format_names
, pub
.ptr
[0]);
481 this->alert
->add(this->alert
, TLS_FATAL
, TLS_INTERNAL_ERROR
);
484 pub
= chunk_skip(pub
, 1);
486 this->dh
->set_other_public_value(this->dh
, pub
);
487 if (this->dh
->get_shared_secret(this->dh
, &premaster
) != SUCCESS
)
489 DBG1(DBG_TLS
, "calculating premaster from DH failed");
490 this->alert
->add(this->alert
, TLS_FATAL
, TLS_INTERNAL_ERROR
);
494 if (!this->crypto
->derive_secrets(this->crypto
, premaster
,
495 this->session
, this->peer
,
496 chunk_from_thing(this->client_random
),
497 chunk_from_thing(this->server_random
)))
499 this->alert
->add(this->alert
, TLS_FATAL
, TLS_INTERNAL_ERROR
);
500 chunk_clear(&premaster
);
503 chunk_clear(&premaster
);
505 this->state
= STATE_KEY_EXCHANGE_RECEIVED
;
510 * Process Client Key Exchange
512 static status_t
process_key_exchange(private_tls_server_t
*this,
513 bio_reader_t
*reader
)
517 return process_key_exchange_dhe(this, reader
);
519 return process_key_exchange_encrypted(this, reader
);
523 * Process Certificate verify
525 static status_t
process_cert_verify(private_tls_server_t
*this,
526 bio_reader_t
*reader
)
528 bool verified
= FALSE
;
529 enumerator_t
*enumerator
;
530 public_key_t
*public;
534 enumerator
= lib
->credmgr
->create_public_enumerator(lib
->credmgr
,
535 KEY_ANY
, this->peer
, this->peer_auth
);
536 while (enumerator
->enumerate(enumerator
, &public, &auth
))
538 sig
= bio_reader_create(reader
->peek(reader
));
539 verified
= this->crypto
->verify_handshake(this->crypto
, public, sig
);
545 DBG1(DBG_TLS
, "signature verification failed, trying another key");
547 enumerator
->destroy(enumerator
);
551 DBG1(DBG_TLS
, "no trusted certificate found for '%Y' to verify TLS peer",
553 this->alert
->add(this->alert
, TLS_FATAL
, TLS_CERTIFICATE_UNKNOWN
);
557 this->crypto
->append_handshake(this->crypto
,
558 TLS_CERTIFICATE_VERIFY
, reader
->peek(reader
));
559 this->state
= STATE_CERT_VERIFY_RECEIVED
;
564 * Process finished message
566 static status_t
process_finished(private_tls_server_t
*this,
567 bio_reader_t
*reader
)
572 if (!reader
->read_data(reader
, sizeof(buf
), &received
))
574 DBG1(DBG_TLS
, "received client finished too short");
575 this->alert
->add(this->alert
, TLS_FATAL
, TLS_DECODE_ERROR
);
578 if (!this->crypto
->calculate_finished(this->crypto
, "client finished", buf
))
580 DBG1(DBG_TLS
, "calculating client finished failed");
581 this->alert
->add(this->alert
, TLS_FATAL
, TLS_INTERNAL_ERROR
);
584 if (!chunk_equals(received
, chunk_from_thing(buf
)))
586 DBG1(DBG_TLS
, "received client finished invalid");
587 this->alert
->add(this->alert
, TLS_FATAL
, TLS_DECRYPT_ERROR
);
591 this->crypto
->append_handshake(this->crypto
, TLS_FINISHED
, received
);
592 this->state
= STATE_FINISHED_RECEIVED
;
596 METHOD(tls_handshake_t
, process
, status_t
,
597 private_tls_server_t
*this, tls_handshake_type_t type
, bio_reader_t
*reader
)
599 tls_handshake_type_t expected
;
604 if (type
== TLS_CLIENT_HELLO
)
606 return process_client_hello(this, reader
);
608 expected
= TLS_CLIENT_HELLO
;
610 case STATE_HELLO_DONE
:
611 if (type
== TLS_CERTIFICATE
)
613 return process_certificate(this, reader
);
617 expected
= TLS_CERTIFICATE
;
620 /* otherwise fall through to next state */
621 case STATE_CERT_RECEIVED
:
622 if (type
== TLS_CLIENT_KEY_EXCHANGE
)
624 return process_key_exchange(this, reader
);
626 expected
= TLS_CLIENT_KEY_EXCHANGE
;
628 case STATE_KEY_EXCHANGE_RECEIVED
:
629 if (type
== TLS_CERTIFICATE_VERIFY
)
631 return process_cert_verify(this, reader
);
635 expected
= TLS_CERTIFICATE_VERIFY
;
638 return INVALID_STATE
;
639 case STATE_CIPHERSPEC_CHANGED_IN
:
640 if (type
== TLS_FINISHED
)
642 return process_finished(this, reader
);
644 expected
= TLS_FINISHED
;
647 DBG1(DBG_TLS
, "TLS %N not expected in current state",
648 tls_handshake_type_names
, type
);
649 this->alert
->add(this->alert
, TLS_FATAL
, TLS_UNEXPECTED_MESSAGE
);
652 DBG1(DBG_TLS
, "TLS %N expected, but received %N",
653 tls_handshake_type_names
, expected
, tls_handshake_type_names
, type
);
654 this->alert
->add(this->alert
, TLS_FATAL
, TLS_UNEXPECTED_MESSAGE
);
659 * Send ServerHello message
661 static status_t
send_server_hello(private_tls_server_t
*this,
662 tls_handshake_type_t
*type
, bio_writer_t
*writer
)
665 writer
->write_uint16(writer
, this->tls
->get_version(this->tls
));
666 writer
->write_data(writer
, chunk_from_thing(this->server_random
));
668 /* session identifier if we have one */
669 writer
->write_data8(writer
, this->session
);
671 /* add selected TLS cipher suite */
672 writer
->write_uint16(writer
, this->suite
);
674 /* NULL compression only */
675 writer
->write_uint8(writer
, 0);
677 *type
= TLS_SERVER_HELLO
;
678 this->state
= STATE_HELLO_SENT
;
679 this->crypto
->append_handshake(this->crypto
, *type
, writer
->get_buf(writer
));
686 static status_t
send_certificate(private_tls_server_t
*this,
687 tls_handshake_type_t
*type
, bio_writer_t
*writer
)
689 enumerator_t
*enumerator
;
695 /* generate certificate payload */
696 certs
= bio_writer_create(256);
697 cert
= this->server_auth
->get(this->server_auth
, AUTH_RULE_SUBJECT_CERT
);
700 if (cert
->get_encoding(cert
, CERT_ASN1_DER
, &data
))
702 DBG1(DBG_TLS
, "sending TLS server certificate '%Y'",
703 cert
->get_subject(cert
));
704 certs
->write_data24(certs
, data
);
708 enumerator
= this->server_auth
->create_enumerator(this->server_auth
);
709 while (enumerator
->enumerate(enumerator
, &rule
, &cert
))
711 if (rule
== AUTH_RULE_IM_CERT
)
713 if (cert
->get_encoding(cert
, CERT_ASN1_DER
, &data
))
715 DBG1(DBG_TLS
, "sending TLS intermediate certificate '%Y'",
716 cert
->get_subject(cert
));
717 certs
->write_data24(certs
, data
);
722 enumerator
->destroy(enumerator
);
724 writer
->write_data24(writer
, certs
->get_buf(certs
));
725 certs
->destroy(certs
);
727 *type
= TLS_CERTIFICATE
;
728 this->state
= STATE_CERT_SENT
;
729 this->crypto
->append_handshake(this->crypto
, *type
, writer
->get_buf(writer
));
734 * Send Certificate Request
736 static status_t
send_certificate_request(private_tls_server_t
*this,
737 tls_handshake_type_t
*type
, bio_writer_t
*writer
)
739 bio_writer_t
*authorities
, *supported
;
740 enumerator_t
*enumerator
;
743 identification_t
*id
;
745 supported
= bio_writer_create(4);
746 /* we propose both RSA and ECDSA */
747 supported
->write_uint8(supported
, TLS_RSA_SIGN
);
748 supported
->write_uint8(supported
, TLS_ECDSA_SIGN
);
749 writer
->write_data8(writer
, supported
->get_buf(supported
));
750 supported
->destroy(supported
);
751 if (this->tls
->get_version(this->tls
) >= TLS_1_2
)
753 this->crypto
->get_signature_algorithms(this->crypto
, writer
);
756 authorities
= bio_writer_create(64);
757 enumerator
= lib
->credmgr
->create_cert_enumerator(lib
->credmgr
,
758 CERT_X509
, KEY_RSA
, NULL
, TRUE
);
759 while (enumerator
->enumerate(enumerator
, &cert
))
761 x509
= (x509_t
*)cert
;
762 if (x509
->get_flags(x509
) & X509_CA
)
764 id
= cert
->get_subject(cert
);
765 DBG1(DBG_TLS
, "sending TLS cert request for '%Y'", id
);
766 authorities
->write_data16(authorities
, id
->get_encoding(id
));
769 enumerator
->destroy(enumerator
);
770 writer
->write_data16(writer
, authorities
->get_buf(authorities
));
771 authorities
->destroy(authorities
);
773 *type
= TLS_CERTIFICATE_REQUEST
;
774 this->state
= STATE_CERTREQ_SENT
;
775 this->crypto
->append_handshake(this->crypto
, *type
, writer
->get_buf(writer
));
780 * Get the TLS curve of a given EC DH group
782 static tls_named_curve_t
ec_group_to_curve(private_tls_server_t
*this,
783 diffie_hellman_group_t group
)
785 diffie_hellman_group_t current
;
786 tls_named_curve_t curve
;
787 enumerator_t
*enumerator
;
789 enumerator
= this->crypto
->create_ec_enumerator(this->crypto
);
790 while (enumerator
->enumerate(enumerator
, ¤t
, &curve
))
792 if (current
== group
)
794 enumerator
->destroy(enumerator
);
798 enumerator
->destroy(enumerator
);
803 * Check if the peer supports a given TLS curve
805 bool peer_supports_curve(private_tls_server_t
*this, tls_named_curve_t curve
)
807 bio_reader_t
*reader
;
810 if (!this->curves_received
)
811 { /* none received, assume yes */
814 reader
= bio_reader_create(this->curves
);
815 while (reader
->remaining(reader
) && reader
->read_uint16(reader
, ¤t
))
817 if (current
== curve
)
819 reader
->destroy(reader
);
823 reader
->destroy(reader
);
828 * Try to find a curve supported by both, client and server
830 static bool find_supported_curve(private_tls_server_t
*this,
831 tls_named_curve_t
*curve
)
833 tls_named_curve_t current
;
834 enumerator_t
*enumerator
;
836 enumerator
= this->crypto
->create_ec_enumerator(this->crypto
);
837 while (enumerator
->enumerate(enumerator
, NULL
, ¤t
))
839 if (peer_supports_curve(this, current
))
842 enumerator
->destroy(enumerator
);
846 enumerator
->destroy(enumerator
);
851 * Send Server key Exchange
853 static status_t
send_server_key_exchange(private_tls_server_t
*this,
854 tls_handshake_type_t
*type
, bio_writer_t
*writer
,
855 diffie_hellman_group_t group
)
857 diffie_hellman_params_t
*params
= NULL
;
858 tls_named_curve_t curve
;
861 if (diffie_hellman_group_is_ec(group
))
863 curve
= ec_group_to_curve(this, group
);
864 if (!curve
|| (!peer_supports_curve(this, curve
) &&
865 !find_supported_curve(this, &curve
)))
867 DBG1(DBG_TLS
, "no EC group supported by client and server");
868 this->alert
->add(this->alert
, TLS_FATAL
, TLS_HANDSHAKE_FAILURE
);
871 DBG2(DBG_TLS
, "selected ECDH group %N", tls_named_curve_names
, curve
);
872 writer
->write_uint8(writer
, TLS_ECC_NAMED_CURVE
);
873 writer
->write_uint16(writer
, curve
);
877 params
= diffie_hellman_get_params(group
);
880 DBG1(DBG_TLS
, "no parameters found for DH group %N",
881 diffie_hellman_group_names
, group
);
882 this->alert
->add(this->alert
, TLS_FATAL
, TLS_INTERNAL_ERROR
);
885 DBG2(DBG_TLS
, "selected DH group %N", diffie_hellman_group_names
, group
);
886 writer
->write_data16(writer
, params
->prime
);
887 writer
->write_data16(writer
, params
->generator
);
889 this->dh
= lib
->crypto
->create_dh(lib
->crypto
, group
);
892 DBG1(DBG_TLS
, "DH group %N not supported",
893 diffie_hellman_group_names
, group
);
894 this->alert
->add(this->alert
, TLS_FATAL
, TLS_INTERNAL_ERROR
);
897 this->dh
->get_my_public_value(this->dh
, &chunk
);
900 writer
->write_data16(writer
, chunk
);
903 { /* ECP uses 8bit length header only, but a point format */
904 writer
->write_uint8(writer
, chunk
.len
+ 1);
905 writer
->write_uint8(writer
, TLS_ANSI_UNCOMPRESSED
);
906 writer
->write_data(writer
, chunk
);
910 chunk
= chunk_cat("ccc", chunk_from_thing(this->client_random
),
911 chunk_from_thing(this->server_random
), writer
->get_buf(writer
));
912 if (!this->private || !this->crypto
->sign(this->crypto
, this->private,
913 writer
, chunk
, this->hashsig
))
915 DBG1(DBG_TLS
, "signing DH parameters failed");
916 this->alert
->add(this->alert
, TLS_FATAL
, TLS_INTERNAL_ERROR
);
921 *type
= TLS_SERVER_KEY_EXCHANGE
;
922 this->state
= STATE_KEY_EXCHANGE_SENT
;
923 this->crypto
->append_handshake(this->crypto
, *type
, writer
->get_buf(writer
));
930 static status_t
send_hello_done(private_tls_server_t
*this,
931 tls_handshake_type_t
*type
, bio_writer_t
*writer
)
933 *type
= TLS_SERVER_HELLO_DONE
;
934 this->state
= STATE_HELLO_DONE
;
935 this->crypto
->append_handshake(this->crypto
, *type
, writer
->get_buf(writer
));
942 static status_t
send_finished(private_tls_server_t
*this,
943 tls_handshake_type_t
*type
, bio_writer_t
*writer
)
947 if (!this->crypto
->calculate_finished(this->crypto
, "server finished", buf
))
949 DBG1(DBG_TLS
, "calculating server finished data failed");
950 this->alert
->add(this->alert
, TLS_FATAL
, TLS_INTERNAL_ERROR
);
954 writer
->write_data(writer
, chunk_from_thing(buf
));
956 *type
= TLS_FINISHED
;
957 this->state
= STATE_FINISHED_SENT
;
958 this->crypto
->append_handshake(this->crypto
, *type
, writer
->get_buf(writer
));
963 METHOD(tls_handshake_t
, build
, status_t
,
964 private_tls_server_t
*this, tls_handshake_type_t
*type
, bio_writer_t
*writer
)
966 diffie_hellman_group_t group
;
970 case STATE_HELLO_RECEIVED
:
971 return send_server_hello(this, type
, writer
);
972 case STATE_HELLO_SENT
:
973 return send_certificate(this, type
, writer
);
974 case STATE_CERT_SENT
:
975 group
= this->crypto
->get_dh_group(this->crypto
);
978 return send_server_key_exchange(this, type
, writer
, group
);
980 /* otherwise fall through to next state */
981 case STATE_KEY_EXCHANGE_SENT
:
984 return send_certificate_request(this, type
, writer
);
986 /* otherwise fall through to next state */
987 case STATE_CERTREQ_SENT
:
988 return send_hello_done(this, type
, writer
);
989 case STATE_CIPHERSPEC_CHANGED_OUT
:
990 return send_finished(this, type
, writer
);
991 case STATE_FINISHED_SENT
:
992 return INVALID_STATE
;
994 return INVALID_STATE
;
998 METHOD(tls_handshake_t
, cipherspec_changed
, bool,
999 private_tls_server_t
*this, bool inbound
)
1005 return this->state
== STATE_FINISHED_SENT
;
1009 return this->state
== STATE_CERT_VERIFY_RECEIVED
;
1011 return this->state
== STATE_KEY_EXCHANGE_RECEIVED
;
1017 return this->state
== STATE_HELLO_SENT
;
1019 return this->state
== STATE_FINISHED_RECEIVED
;
1024 METHOD(tls_handshake_t
, change_cipherspec
, void,
1025 private_tls_server_t
*this, bool inbound
)
1027 this->crypto
->change_cipher(this->crypto
, inbound
);
1030 this->state
= STATE_CIPHERSPEC_CHANGED_IN
;
1034 this->state
= STATE_CIPHERSPEC_CHANGED_OUT
;
1038 METHOD(tls_handshake_t
, finished
, bool,
1039 private_tls_server_t
*this)
1043 return this->state
== STATE_FINISHED_RECEIVED
;
1045 return this->state
== STATE_FINISHED_SENT
;
1048 METHOD(tls_handshake_t
, destroy
, void,
1049 private_tls_server_t
*this)
1051 DESTROY_IF(this->private);
1052 DESTROY_IF(this->dh
);
1053 this->peer_auth
->destroy(this->peer_auth
);
1054 this->server_auth
->destroy(this->server_auth
);
1055 free(this->hashsig
.ptr
);
1056 free(this->curves
.ptr
);
1057 free(this->session
.ptr
);
1064 tls_server_t
*tls_server_create(tls_t
*tls
,
1065 tls_crypto_t
*crypto
, tls_alert_t
*alert
,
1066 identification_t
*server
, identification_t
*peer
)
1068 private_tls_server_t
*this;
1073 .process
= _process
,
1075 .cipherspec_changed
= _cipherspec_changed
,
1076 .change_cipherspec
= _change_cipherspec
,
1077 .finished
= _finished
,
1078 .destroy
= _destroy
,
1086 .state
= STATE_INIT
,
1087 .peer_auth
= auth_cfg_create(),
1088 .server_auth
= auth_cfg_create(),
1091 return &this->public;
projects / strongswan.git / blob