STATE_CERT_SENT,
STATE_KEY_EXCHANGE_SENT,
STATE_VERIFY_SENT,
- STATE_CIPHERSPEC_CHANGED,
+ STATE_CIPHERSPEC_CHANGED_OUT,
STATE_FINISHED_SENT,
+ STATE_CIPHERSPEC_CHANGED_IN,
} peer_state_t;
/**
return NEED_MORE;
}
+/**
+ * Process finished message
+ */
+static status_t process_finished(private_tls_peer_t *this, tls_reader_t *reader)
+{
+ return FAILED;
+}
+
METHOD(tls_handshake_t, process, status_t,
private_tls_peer_t *this, tls_handshake_type_t type, tls_reader_t *reader)
{
break;
}
break;
+ case STATE_CIPHERSPEC_CHANGED_IN:
+ switch (type)
+ {
+ case TLS_FINISHED:
+ return process_finished(this, reader);
+ default:
+ break;
+ }
+ break;
default:
break;
}
*type = TLS_FINISHED;
this->state = STATE_FINISHED_SENT;
+ append_handshake(this, *type, writer->get_buf(writer));
return NEED_MORE;
}
return send_key_exchange(this, type, writer);
case STATE_KEY_EXCHANGE_SENT:
return send_certificate_verify(this, type, writer);
- case STATE_CIPHERSPEC_CHANGED:
+ case STATE_CIPHERSPEC_CHANGED_OUT:
return send_finished(this, type, writer);
default:
return INVALID_STATE;
if (this->state == STATE_VERIFY_SENT)
{
this->crypto->change_cipher(this->crypto, FALSE);
- this->state = STATE_CIPHERSPEC_CHANGED;
+ this->state = STATE_CIPHERSPEC_CHANGED_OUT;
return TRUE;
}
return FALSE;
}
-METHOD(tls_handshake_t, change_cipherspec, void,
+METHOD(tls_handshake_t, change_cipherspec, bool,
private_tls_peer_t *this)
{
-
+ if (this->state == STATE_FINISHED_SENT)
+ {
+ this->crypto->change_cipher(this->crypto, TRUE);
+ this->state = STATE_CIPHERSPEC_CHANGED_IN;
+ return TRUE;
+ }
+ return FALSE;
}
METHOD(tls_handshake_t, destroy, void,
METHOD(tls_protection_t, process, status_t,
private_tls_protection_t *this, tls_content_type_t type, chunk_t data)
{
- this->seq_in++;
+ if (this->crypter_in)
+ {
+ chunk_t iv, next_iv = chunk_empty;
+ u_int8_t bs, padding_length;
+
+ bs = this->crypter_in->get_block_size(this->crypter_in);
+ if (data.len < bs || data.len % bs)
+ {
+ DBG1(DBG_IKE, "encrypted TLS record not multiple of block size");
+ return FAILED;
+ }
+ if (this->iv_in.len)
+ { /* < TLSv1.1 uses IV from key derivation/last block */
+ iv = this->iv_in;
+ next_iv = chunk_clone(chunk_create(data.ptr + data.len - bs, bs));
+ }
+ else
+ { /* TLSv1.1 uses random IVs, prepended to record */
+ iv = chunk_create(data.ptr, bs);
+ data = chunk_skip(data, bs);
+ if (data.len < bs)
+ {
+ DBG1(DBG_IKE, "TLS record too short to decrypt");
+ return FAILED;
+ }
+ }
+ this->crypter_in->decrypt(this->crypter_in, data, iv, NULL);
+
+ if (next_iv.len)
+ { /* next record IV is last ciphertext block of this record */
+ memcpy(this->iv_in.ptr, next_iv.ptr, next_iv.len);
+ free(next_iv.ptr);
+ }
+
+ padding_length = data.ptr[data.len - 1];
+ if (padding_length >= data.len)
+ {
+ DBG1(DBG_IKE, "invalid TLS record padding");
+ return FAILED;
+ }
+ data.len -= padding_length + 1;
+ }
+ if (this->signer_in)
+ {
+ chunk_t mac, macdata, header;
+ u_int8_t bs;
+
+ bs = this->signer_in->get_block_size(this->signer_in);
+ if (data.len <= bs)
+ {
+ DBG1(DBG_IKE, "TLS record too short to verify MAC");
+ return FAILED;
+ }
+ mac = chunk_skip(data, data.len - bs);
+ data.len -= bs;
+
+ header = sigheader(this->seq_in, type,
+ this->tls->get_version(this->tls), data.len);
+ macdata = chunk_cat("mc", header, data);
+ if (!this->signer_in->verify_signature(this->signer_in, macdata, mac))
+ {
+ DBG1(DBG_IKE, "TLS record MAC verification failed");
+ free(macdata.ptr);
+ return FAILED;
+ }
+ free(macdata.ptr);
+ }
+
+ if (type == TLS_CHANGE_CIPHER_SPEC)
+ {
+ this->seq_in = 0;
+ }
+ else
+ {
+ this->seq_in++;
+ }
return this->compression->process(this->compression, type, data);
}
memset(padding.ptr, padding_length, padding.len);
if (this->iv_out.len)
- { /* < TLSv1.2 uses IV from key derivation/last block */
+ { /* < TLSv1.1 uses IV from key derivation/last block */
iv = this->iv_out;
}
else
- { /* TLSv1.2 uses random IVs, prepended to record */
+ { /* TLSv1.1 uses random IVs, prepended to record */
if (!this->rng)
{
DBG1(DBG_IKE, "no RNG supported to generate TLS IV");
*data = chunk_cat("mmcc", *data, mac, padding,
chunk_from_thing(padding_length));
/* encrypt inline */
- this->crypter_out->encrypt(this->crypter_out, *data,
- this->iv_out, NULL);
+ this->crypter_out->encrypt(this->crypter_out, *data, iv, NULL);
if (this->iv_out.len)
{ /* next record IV is last ciphertext block of this record */