2 * Copyright (C) 2007 Michael Brown <mbrown@fensystems.co.uk>.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 * Transport Layer Security Protocol
31 #include <gpxe/hmac.h>
33 #include <gpxe/sha1.h>
36 #include <gpxe/xfer.h>
37 #include <gpxe/open.h>
38 #include <gpxe/filter.h>
41 static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
42 const void *data, size_t len );
43 static void tls_clear_cipher ( struct tls_session *tls,
44 struct tls_cipherspec *cipherspec );
49 * @v refcnt Reference counter
51 static void free_tls ( struct refcnt *refcnt ) {
52 struct tls_session *tls =
53 container_of ( refcnt, struct tls_session, refcnt );
55 /* Free dynamically-allocated resources */
56 tls_clear_cipher ( tls, &tls->tx_cipherspec );
57 tls_clear_cipher ( tls, &tls->tx_cipherspec_pending );
58 tls_clear_cipher ( tls, &tls->rx_cipherspec );
59 tls_clear_cipher ( tls, &tls->rx_cipherspec_pending );
60 free ( tls->rsa_mod );
61 free ( tls->rsa_pub_exp );
62 free ( tls->rx_data );
64 /* Free TLS structure itself */
69 * Finish with TLS session
74 static void tls_close ( struct tls_session *tls, int rc ) {
77 process_del ( &tls->process );
79 /* Close ciphertext and plaintext streams */
80 xfer_nullify ( &tls->cipherstream.xfer );
81 xfer_close ( &tls->cipherstream.xfer, rc );
82 xfer_nullify ( &tls->plainstream.xfer );
83 xfer_close ( &tls->plainstream.xfer, rc );
86 /******************************************************************************
88 * Random number generation
90 ******************************************************************************
94 * Generate random data
96 * @v data Buffer to fill
97 * @v len Length of buffer
99 static void tls_generate_random ( void *data, size_t len ) {
100 /* FIXME: Some real random data source would be nice... */
101 memset ( data, 0x01, len );
105 * Update HMAC with a list of ( data, len ) pairs
107 * @v digest Hash function to use
108 * @v digest_ctx Digest context
109 * @v args ( data, len ) pairs of data, terminated by NULL
111 static void tls_hmac_update_va ( struct crypto_algorithm *digest,
112 void *digest_ctx, va_list args ) {
116 while ( ( data = va_arg ( args, void * ) ) ) {
117 len = va_arg ( args, size_t );
118 hmac_update ( digest, digest_ctx, data, len );
123 * Generate secure pseudo-random data using a single hash function
126 * @v digest Hash function to use
128 * @v secret_len Length of secret
129 * @v out Output buffer
130 * @v out_len Length of output buffer
131 * @v seeds ( data, len ) pairs of seed data, terminated by NULL
133 static void tls_p_hash_va ( struct tls_session *tls,
134 struct crypto_algorithm *digest,
135 void *secret, size_t secret_len,
136 void *out, size_t out_len,
138 uint8_t secret_copy[secret_len];
139 uint8_t digest_ctx[digest->ctxsize];
140 uint8_t digest_ctx_partial[digest->ctxsize];
141 uint8_t a[digest->digestsize];
142 uint8_t out_tmp[digest->digestsize];
143 size_t frag_len = digest->digestsize;
146 /* Copy the secret, in case HMAC modifies it */
147 memcpy ( secret_copy, secret, secret_len );
148 secret = secret_copy;
149 DBGC2 ( tls, "TLS %p %s secret:\n", tls, digest->name );
150 DBGC2_HD ( tls, secret, secret_len );
153 hmac_init ( digest, digest_ctx, secret, &secret_len );
154 va_copy ( tmp, seeds );
155 tls_hmac_update_va ( digest, digest_ctx, tmp );
157 hmac_final ( digest, digest_ctx, secret, &secret_len, a );
158 DBGC2 ( tls, "TLS %p %s A(1):\n", tls, digest->name );
159 DBGC2_HD ( tls, &a, sizeof ( a ) );
161 /* Generate as much data as required */
163 /* Calculate output portion */
164 hmac_init ( digest, digest_ctx, secret, &secret_len );
165 hmac_update ( digest, digest_ctx, a, sizeof ( a ) );
166 memcpy ( digest_ctx_partial, digest_ctx, digest->ctxsize );
167 va_copy ( tmp, seeds );
168 tls_hmac_update_va ( digest, digest_ctx, tmp );
170 hmac_final ( digest, digest_ctx,
171 secret, &secret_len, out_tmp );
174 if ( frag_len > out_len )
176 memcpy ( out, out_tmp, frag_len );
177 DBGC2 ( tls, "TLS %p %s output:\n", tls, digest->name );
178 DBGC2_HD ( tls, out, frag_len );
181 hmac_final ( digest, digest_ctx_partial,
182 secret, &secret_len, a );
183 DBGC2 ( tls, "TLS %p %s A(n):\n", tls, digest->name );
184 DBGC2_HD ( tls, &a, sizeof ( a ) );
192 * Generate secure pseudo-random data
196 * @v secret_len Length of secret
197 * @v out Output buffer
198 * @v out_len Length of output buffer
199 * @v ... ( data, len ) pairs of seed data, terminated by NULL
201 static void tls_prf ( struct tls_session *tls, void *secret, size_t secret_len,
202 void *out, size_t out_len, ... ) {
205 size_t subsecret_len;
208 uint8_t out_md5[out_len];
209 uint8_t out_sha1[out_len];
212 va_start ( seeds, out_len );
214 /* Split secret into two, with an overlap of up to one byte */
215 subsecret_len = ( ( secret_len + 1 ) / 2 );
217 sha1_secret = ( secret + secret_len - subsecret_len );
219 /* Calculate MD5 portion */
220 va_copy ( tmp, seeds );
221 tls_p_hash_va ( tls, &md5_algorithm, md5_secret, subsecret_len,
222 out_md5, out_len, seeds );
225 /* Calculate SHA1 portion */
226 va_copy ( tmp, seeds );
227 tls_p_hash_va ( tls, &sha1_algorithm, sha1_secret, subsecret_len,
228 out_sha1, out_len, seeds );
231 /* XOR the two portions together into the final output buffer */
232 for ( i = 0 ; i < out_len ; i++ ) {
233 *( ( uint8_t * ) out + i ) = ( out_md5[i] ^ out_sha1[i] );
240 * Generate secure pseudo-random data
243 * @v secret_len Length of secret
244 * @v out Output buffer
245 * @v out_len Length of output buffer
246 * @v label String literal label
247 * @v ... ( data, len ) pairs of seed data
249 #define tls_prf_label( tls, secret, secret_len, out, out_len, label, ... ) \
250 tls_prf ( (tls), (secret), (secret_len), (out), (out_len), \
251 label, ( sizeof ( label ) - 1 ), __VA_ARGS__, NULL )
253 /******************************************************************************
257 ******************************************************************************
261 * Generate master secret
265 * The pre-master secret and the client and server random values must
268 static void tls_generate_master_secret ( struct tls_session *tls ) {
269 DBGC ( tls, "TLS %p pre-master-secret:\n", tls );
270 DBGC_HD ( tls, &tls->pre_master_secret,
271 sizeof ( tls->pre_master_secret ) );
272 DBGC ( tls, "TLS %p client random bytes:\n", tls );
273 DBGC_HD ( tls, &tls->client_random, sizeof ( tls->server_random ) );
274 DBGC ( tls, "TLS %p server random bytes:\n", tls );
275 DBGC_HD ( tls, &tls->server_random, sizeof ( tls->server_random ) );
277 tls_prf_label ( tls, tls->pre_master_secret,
278 sizeof ( tls->pre_master_secret ),
279 tls->master_secret, sizeof ( tls->master_secret ),
281 tls->client_random, sizeof ( tls->client_random ),
282 tls->server_random, sizeof ( tls->server_random ) );
284 DBGC ( tls, "TLS %p generated master secret:\n", tls );
285 DBGC_HD ( tls, &tls->master_secret, sizeof ( tls->master_secret ) );
289 * Generate key material
293 * The master secret must already be known.
295 static int tls_generate_keys ( struct tls_session *tls ) {
296 struct tls_cipherspec *tx_cipherspec = &tls->tx_cipherspec_pending;
297 struct tls_cipherspec *rx_cipherspec = &tls->rx_cipherspec_pending;
298 size_t hash_size = tx_cipherspec->digest->digestsize;
299 size_t key_size = tx_cipherspec->key_len;
300 size_t iv_size = tx_cipherspec->cipher->blocksize;
301 size_t total = ( 2 * ( hash_size + key_size + iv_size ) );
302 uint8_t key_block[total];
306 /* Generate key block */
307 tls_prf_label ( tls, tls->master_secret, sizeof ( tls->master_secret ),
308 key_block, sizeof ( key_block ), "key expansion",
309 tls->server_random, sizeof ( tls->server_random ),
310 tls->client_random, sizeof ( tls->client_random ) );
312 /* Split key block into portions */
316 memcpy ( tx_cipherspec->mac_secret, key, hash_size );
317 DBGC ( tls, "TLS %p TX MAC secret:\n", tls );
318 DBGC_HD ( tls, key, hash_size );
322 memcpy ( rx_cipherspec->mac_secret, key, hash_size );
323 DBGC ( tls, "TLS %p RX MAC secret:\n", tls );
324 DBGC_HD ( tls, key, hash_size );
328 if ( ( rc = cipher_setkey ( tx_cipherspec->cipher,
329 tx_cipherspec->cipher_ctx,
330 key, key_size ) ) != 0 ) {
331 DBGC ( tls, "TLS %p could not set TX key: %s\n",
332 tls, strerror ( rc ) );
335 DBGC ( tls, "TLS %p TX key:\n", tls );
336 DBGC_HD ( tls, key, key_size );
340 if ( ( rc = cipher_setkey ( rx_cipherspec->cipher,
341 rx_cipherspec->cipher_ctx,
342 key, key_size ) ) != 0 ) {
343 DBGC ( tls, "TLS %p could not set TX key: %s\n",
344 tls, strerror ( rc ) );
348 /* FIXME: AES needs to be fixed to not require this */
349 AES_convert_key ( rx_cipherspec->cipher_ctx );
351 DBGC ( tls, "TLS %p RX key:\n", tls );
352 DBGC_HD ( tls, key, key_size );
355 /* TX initialisation vector */
356 cipher_setiv ( tx_cipherspec->cipher, tx_cipherspec->cipher_ctx, key );
357 DBGC ( tls, "TLS %p TX IV:\n", tls );
358 DBGC_HD ( tls, key, iv_size );
361 /* RX initialisation vector */
362 cipher_setiv ( rx_cipherspec->cipher, rx_cipherspec->cipher_ctx, key );
363 DBGC ( tls, "TLS %p RX IV:\n", tls );
364 DBGC_HD ( tls, key, iv_size );
367 assert ( ( key_block + total ) == key );
372 /******************************************************************************
374 * Cipher suite management
376 ******************************************************************************
382 * @v cipherspec TLS cipher specification
384 static void tls_clear_cipher ( struct tls_session *tls __unused,
385 struct tls_cipherspec *cipherspec ) {
386 free ( cipherspec->dynamic );
387 memset ( cipherspec, 0, sizeof ( cipherspec ) );
388 cipherspec->pubkey = &crypto_null;
389 cipherspec->cipher = &crypto_null;
390 cipherspec->digest = &crypto_null;
397 * @v cipherspec TLS cipher specification
398 * @v pubkey Public-key encryption elgorithm
399 * @v cipher Bulk encryption cipher algorithm
400 * @v digest MAC digest algorithm
401 * @v key_len Key length
402 * @ret rc Return status code
404 static int tls_set_cipher ( struct tls_session *tls,
405 struct tls_cipherspec *cipherspec,
406 struct crypto_algorithm *pubkey,
407 struct crypto_algorithm *cipher,
408 struct crypto_algorithm *digest,
413 /* Clear out old cipher contents, if any */
414 tls_clear_cipher ( tls, cipherspec );
416 /* Allocate dynamic storage */
417 total = ( pubkey->ctxsize + 2 * cipher->ctxsize + digest->digestsize );
418 dynamic = malloc ( total );
420 DBGC ( tls, "TLS %p could not allocate %zd bytes for crypto "
421 "context\n", tls, total );
424 memset ( dynamic, 0, total );
427 cipherspec->dynamic = dynamic;
428 cipherspec->pubkey_ctx = dynamic; dynamic += pubkey->ctxsize;
429 cipherspec->cipher_ctx = dynamic; dynamic += cipher->ctxsize;
430 cipherspec->cipher_next_ctx = dynamic; dynamic += cipher->ctxsize;
431 cipherspec->mac_secret = dynamic; dynamic += digest->digestsize;
432 assert ( ( cipherspec->dynamic + total ) == dynamic );
434 /* Store parameters */
435 cipherspec->pubkey = pubkey;
436 cipherspec->cipher = cipher;
437 cipherspec->digest = digest;
438 cipherspec->key_len = key_len;
444 * Select next cipher suite
447 * @v cipher_suite Cipher suite specification
448 * @ret rc Return status code
450 static int tls_select_cipher ( struct tls_session *tls,
451 unsigned int cipher_suite ) {
452 struct crypto_algorithm *pubkey = &crypto_null;
453 struct crypto_algorithm *cipher = &crypto_null;
454 struct crypto_algorithm *digest = &crypto_null;
458 switch ( cipher_suite ) {
459 case htons ( TLS_RSA_WITH_AES_128_CBC_SHA ):
460 key_len = ( 128 / 8 );
461 cipher = &aes_algorithm;
462 digest = &sha1_algorithm;
464 case htons ( TLS_RSA_WITH_AES_256_CBC_SHA ):
465 key_len = ( 256 / 8 );
466 cipher = &aes_algorithm;
467 digest = &sha1_algorithm;
470 DBGC ( tls, "TLS %p does not support cipher %04x\n",
471 tls, ntohs ( cipher_suite ) );
476 if ( ( rc = tls_set_cipher ( tls, &tls->tx_cipherspec_pending, pubkey,
477 cipher, digest, key_len ) ) != 0 )
479 if ( ( rc = tls_set_cipher ( tls, &tls->rx_cipherspec_pending, pubkey,
480 cipher, digest, key_len ) ) != 0 )
483 DBGC ( tls, "TLS %p selected %s-%s-%d-%s\n", tls,
484 pubkey->name, cipher->name, ( key_len * 8 ), digest->name );
490 * Activate next cipher suite
493 * @v pending Pending cipher specification
494 * @v active Active cipher specification to replace
495 * @ret rc Return status code
497 static int tls_change_cipher ( struct tls_session *tls,
498 struct tls_cipherspec *pending,
499 struct tls_cipherspec *active ) {
502 if ( /* FIXME (when pubkey is not hard-coded to RSA):
503 * ( pending->pubkey == &crypto_null ) || */
504 ( pending->cipher == &crypto_null ) ||
505 ( pending->digest == &crypto_null ) ) {
506 DBGC ( tls, "TLS %p refusing to use null cipher\n", tls );
510 tls_clear_cipher ( tls, active );
511 memswap ( active, pending, sizeof ( *active ) );
515 /******************************************************************************
517 * Handshake verification
519 ******************************************************************************
523 * Add handshake record to verification hash
526 * @v data Handshake record
527 * @v len Length of handshake record
529 static void tls_add_handshake ( struct tls_session *tls,
530 const void *data, size_t len ) {
532 digest_update ( &md5_algorithm, tls->handshake_md5_ctx, data, len );
533 digest_update ( &sha1_algorithm, tls->handshake_sha1_ctx, data, len );
537 * Calculate handshake verification hash
540 * @v out Output buffer
542 * Calculates the MD5+SHA1 digest over all handshake messages seen so
545 static void tls_verify_handshake ( struct tls_session *tls, void *out ) {
546 struct crypto_algorithm *md5 = &md5_algorithm;
547 struct crypto_algorithm *sha1 = &sha1_algorithm;
548 uint8_t md5_ctx[md5->ctxsize];
549 uint8_t sha1_ctx[sha1->ctxsize];
550 void *md5_digest = out;
551 void *sha1_digest = ( out + md5->digestsize );
553 memcpy ( md5_ctx, tls->handshake_md5_ctx, sizeof ( md5_ctx ) );
554 memcpy ( sha1_ctx, tls->handshake_sha1_ctx, sizeof ( sha1_ctx ) );
555 digest_final ( md5, md5_ctx, md5_digest );
556 digest_final ( sha1, sha1_ctx, sha1_digest );
559 /******************************************************************************
563 ******************************************************************************
567 * Transmit Handshake record
570 * @v data Plaintext record
571 * @v len Length of plaintext record
572 * @ret rc Return status code
574 static int tls_send_handshake ( struct tls_session *tls,
575 void *data, size_t len ) {
577 /* Add to handshake digest */
578 tls_add_handshake ( tls, data, len );
581 return tls_send_plaintext ( tls, TLS_TYPE_HANDSHAKE, data, len );
585 * Transmit Client Hello record
588 * @ret rc Return status code
590 static int tls_send_client_hello ( struct tls_session *tls ) {
592 uint32_t type_length;
595 uint8_t session_id_len;
596 uint16_t cipher_suite_len;
597 uint16_t cipher_suites[2];
598 uint8_t compression_methods_len;
599 uint8_t compression_methods[1];
600 } __attribute__ (( packed )) hello;
602 memset ( &hello, 0, sizeof ( hello ) );
603 hello.type_length = ( cpu_to_le32 ( TLS_CLIENT_HELLO ) |
604 htonl ( sizeof ( hello ) -
605 sizeof ( hello.type_length ) ) );
606 hello.version = htons ( TLS_VERSION_TLS_1_0 );
607 memcpy ( &hello.random, tls->client_random, sizeof ( hello.random ) );
608 hello.cipher_suite_len = htons ( sizeof ( hello.cipher_suites ) );
609 hello.cipher_suites[0] = htons ( TLS_RSA_WITH_AES_128_CBC_SHA );
610 hello.cipher_suites[1] = htons ( TLS_RSA_WITH_AES_256_CBC_SHA );
611 hello.compression_methods_len = sizeof ( hello.compression_methods );
613 return tls_send_handshake ( tls, &hello, sizeof ( hello ) );
617 * Transmit Client Key Exchange record
620 * @ret rc Return status code
622 static int tls_send_client_key_exchange ( struct tls_session *tls ) {
623 /* FIXME: Hack alert */
625 RSA_pub_key_new ( &rsa_ctx, tls->rsa_mod, tls->rsa_mod_len,
626 tls->rsa_pub_exp, tls->rsa_pub_exp_len );
628 uint32_t type_length;
629 uint16_t encrypted_pre_master_secret_len;
630 uint8_t encrypted_pre_master_secret[rsa_ctx->num_octets];
631 } __attribute__ (( packed )) key_xchg;
633 memset ( &key_xchg, 0, sizeof ( key_xchg ) );
634 key_xchg.type_length = ( cpu_to_le32 ( TLS_CLIENT_KEY_EXCHANGE ) |
635 htonl ( sizeof ( key_xchg ) -
636 sizeof ( key_xchg.type_length ) ) );
637 key_xchg.encrypted_pre_master_secret_len
638 = htons ( sizeof ( key_xchg.encrypted_pre_master_secret ) );
640 /* FIXME: Hack alert */
641 DBGC ( tls, "RSA encrypting plaintext, modulus, exponent:\n" );
642 DBGC_HD ( tls, &tls->pre_master_secret,
643 sizeof ( tls->pre_master_secret ) );
644 DBGC_HD ( tls, tls->rsa_mod, tls->rsa_mod_len );
645 DBGC_HD ( tls, tls->rsa_pub_exp, tls->rsa_pub_exp_len );
646 RSA_encrypt ( rsa_ctx, tls->pre_master_secret,
647 sizeof ( tls->pre_master_secret ),
648 key_xchg.encrypted_pre_master_secret, 0 );
649 DBGC ( tls, "RSA encrypt done. Ciphertext:\n" );
650 DBGC_HD ( tls, &key_xchg.encrypted_pre_master_secret,
651 sizeof ( key_xchg.encrypted_pre_master_secret ) );
652 RSA_free ( rsa_ctx );
655 return tls_send_handshake ( tls, &key_xchg, sizeof ( key_xchg ) );
659 * Transmit Change Cipher record
662 * @ret rc Return status code
664 static int tls_send_change_cipher ( struct tls_session *tls ) {
665 static const uint8_t change_cipher[1] = { 1 };
666 return tls_send_plaintext ( tls, TLS_TYPE_CHANGE_CIPHER,
667 change_cipher, sizeof ( change_cipher ) );
671 * Transmit Finished record
674 * @ret rc Return status code
676 static int tls_send_finished ( struct tls_session *tls ) {
678 uint32_t type_length;
679 uint8_t verify_data[12];
680 } __attribute__ (( packed )) finished;
681 uint8_t digest[MD5_DIGEST_SIZE + SHA1_DIGEST_SIZE];
683 memset ( &finished, 0, sizeof ( finished ) );
684 finished.type_length = ( cpu_to_le32 ( TLS_FINISHED ) |
685 htonl ( sizeof ( finished ) -
686 sizeof ( finished.type_length ) ) );
687 tls_verify_handshake ( tls, digest );
688 tls_prf_label ( tls, tls->master_secret, sizeof ( tls->master_secret ),
689 finished.verify_data, sizeof ( finished.verify_data ),
690 "client finished", digest, sizeof ( digest ) );
692 return tls_send_handshake ( tls, &finished, sizeof ( finished ) );
696 * Receive new Change Cipher record
699 * @v data Plaintext record
700 * @v len Length of plaintext record
701 * @ret rc Return status code
703 static int tls_new_change_cipher ( struct tls_session *tls,
704 void *data, size_t len ) {
707 if ( ( len != 1 ) || ( *( ( uint8_t * ) data ) != 1 ) ) {
708 DBGC ( tls, "TLS %p received invalid Change Cipher\n", tls );
709 DBGC_HD ( tls, data, len );
713 if ( ( rc = tls_change_cipher ( tls, &tls->rx_cipherspec_pending,
714 &tls->rx_cipherspec ) ) != 0 ) {
715 DBGC ( tls, "TLS %p could not activate RX cipher: %s\n",
716 tls, strerror ( rc ) );
719 tls->rx_seq = ~( ( uint64_t ) 0 );
725 * Receive new Alert record
728 * @v data Plaintext record
729 * @v len Length of plaintext record
730 * @ret rc Return status code
732 static int tls_new_alert ( struct tls_session *tls, void *data, size_t len ) {
737 } __attribute__ (( packed )) *alert = data;
738 void *end = alert->next;
741 if ( end != ( data + len ) ) {
742 DBGC ( tls, "TLS %p received overlength Alert\n", tls );
743 DBGC_HD ( tls, data, len );
747 switch ( alert->level ) {
748 case TLS_ALERT_WARNING:
749 DBGC ( tls, "TLS %p received warning alert %d\n",
750 tls, alert->description );
752 case TLS_ALERT_FATAL:
753 DBGC ( tls, "TLS %p received fatal alert %d\n",
754 tls, alert->description );
757 DBGC ( tls, "TLS %p received unknown alert level %d"
758 "(alert %d)\n", tls, alert->level, alert->description );
764 * Receive new Server Hello record
767 * @v data Plaintext record
768 * @v len Length of plaintext record
769 * @ret rc Return status code
771 static int tls_new_server_hello ( struct tls_session *tls,
772 void *data, size_t len ) {
774 uint32_t type_length;
777 uint8_t session_id_len;
779 } __attribute__ (( packed )) *hello_a = data;
781 uint8_t session_id[hello_a->session_id_len];
782 uint16_t cipher_suite;
783 uint8_t compression_method;
785 } __attribute__ (( packed )) *hello_b = ( void * ) &hello_a->next;
786 void *end = hello_b->next;
790 if ( end != ( data + len ) ) {
791 DBGC ( tls, "TLS %p received overlength Server Hello\n", tls );
792 DBGC_HD ( tls, data, len );
796 /* Check protocol version */
797 if ( ntohs ( hello_a->version ) < TLS_VERSION_TLS_1_0 ) {
798 DBGC ( tls, "TLS %p does not support protocol version %d.%d\n",
799 tls, ( ntohs ( hello_a->version ) >> 8 ),
800 ( ntohs ( hello_a->version ) & 0xff ) );
804 /* Copy out server random bytes */
805 memcpy ( tls->server_random, hello_a->random,
806 sizeof ( tls->server_random ) );
808 /* Select cipher suite */
809 if ( ( rc = tls_select_cipher ( tls, hello_b->cipher_suite ) ) != 0 )
812 /* Generate secrets */
813 tls_generate_master_secret ( tls );
814 if ( ( rc = tls_generate_keys ( tls ) ) != 0 )
821 * Receive new Certificate record
824 * @v data Plaintext record
825 * @v len Length of plaintext record
826 * @ret rc Return status code
828 static int tls_new_certificate ( struct tls_session *tls,
829 void *data, size_t len ) {
831 uint32_t type_length;
833 uint8_t first_cert_length[3];
834 uint8_t asn1_start[0];
835 } __attribute__ (( packed )) *certificate = data;
836 uint8_t *cert = certificate->asn1_start;
842 if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
843 asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
844 asn1_skip_obj(cert, &offset, ASN1_EXPLICIT_TAG) ||
845 asn1_skip_obj(cert, &offset, ASN1_INTEGER) ||
846 asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
847 asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
848 asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
849 asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
850 asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
851 asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
852 asn1_next_obj(cert, &offset, ASN1_BIT_STRING) < 0) {
853 DBGC ( tls, "TLS %p invalid certificate\n", tls );
854 DBGC_HD ( tls, cert + offset, 64 );
860 if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0) {
861 DBGC ( tls, "TLS %p invalid certificate\n", tls );
862 DBGC_HD ( tls, cert + offset, 64 );
866 tls->rsa_mod_len = asn1_get_int(cert, &offset, &tls->rsa_mod);
867 tls->rsa_pub_exp_len = asn1_get_int(cert, &offset, &tls->rsa_pub_exp);
869 DBGC_HD ( tls, tls->rsa_mod, tls->rsa_mod_len );
870 DBGC_HD ( tls, tls->rsa_pub_exp, tls->rsa_pub_exp_len );
876 * Receive new Server Hello Done record
879 * @v data Plaintext record
880 * @v len Length of plaintext record
881 * @ret rc Return status code
883 static int tls_new_server_hello_done ( struct tls_session *tls,
884 void *data, size_t len ) {
886 uint32_t type_length;
888 } __attribute__ (( packed )) *hello_done = data;
889 void *end = hello_done->next;
892 if ( end != ( data + len ) ) {
893 DBGC ( tls, "TLS %p received overlength Server Hello Done\n",
895 DBGC_HD ( tls, data, len );
899 /* Check that we are ready to send the Client Key Exchange */
900 if ( tls->tx_state != TLS_TX_NONE ) {
901 DBGC ( tls, "TLS %p received Server Hello Done while in "
902 "TX state %d\n", tls, tls->tx_state );
906 /* Start sending the Client Key Exchange */
907 tls->tx_state = TLS_TX_CLIENT_KEY_EXCHANGE;
913 * Receive new Finished record
916 * @v data Plaintext record
917 * @v len Length of plaintext record
918 * @ret rc Return status code
920 static int tls_new_finished ( struct tls_session *tls,
921 void *data, size_t len ) {
923 /* FIXME: Handle this properly */
924 tls->tx_state = TLS_TX_DATA;
931 * Receive new Handshake record
934 * @v data Plaintext record
935 * @v len Length of plaintext record
936 * @ret rc Return status code
938 static int tls_new_handshake ( struct tls_session *tls,
939 void *data, size_t len ) {
940 uint8_t *type = data;
944 case TLS_SERVER_HELLO:
945 rc = tls_new_server_hello ( tls, data, len );
947 case TLS_CERTIFICATE:
948 rc = tls_new_certificate ( tls, data, len );
950 case TLS_SERVER_HELLO_DONE:
951 rc = tls_new_server_hello_done ( tls, data, len );
954 rc = tls_new_finished ( tls, data, len );
957 DBGC ( tls, "TLS %p ignoring handshake type %d\n",
963 /* Add to handshake digest (except for Hello Requests, which
964 * are explicitly excludede).
966 if ( *type != TLS_HELLO_REQUEST )
967 tls_add_handshake ( tls, data, len );
976 * @v type Record type
977 * @v data Plaintext record
978 * @v len Length of plaintext record
979 * @ret rc Return status code
981 static int tls_new_record ( struct tls_session *tls,
982 unsigned int type, void *data, size_t len ) {
985 case TLS_TYPE_CHANGE_CIPHER:
986 return tls_new_change_cipher ( tls, data, len );
988 return tls_new_alert ( tls, data, len );
989 case TLS_TYPE_HANDSHAKE:
990 return tls_new_handshake ( tls, data, len );
992 return xfer_deliver_raw ( &tls->plainstream.xfer, data, len );
994 /* RFC4346 says that we should just ignore unknown
997 DBGC ( tls, "TLS %p ignoring record type %d\n", tls, type );
1002 /******************************************************************************
1004 * Record encryption/decryption
1006 ******************************************************************************
1012 * @v tls TLS session
1013 * @v cipherspec Cipher specification
1014 * @v seq Sequence number
1015 * @v tlshdr TLS header
1017 * @v len Length of data
1018 * @v mac HMAC to fill in
1020 static void tls_hmac ( struct tls_session *tls __unused,
1021 struct tls_cipherspec *cipherspec,
1022 uint64_t seq, struct tls_header *tlshdr,
1023 const void *data, size_t len, void *hmac ) {
1024 struct crypto_algorithm *digest = cipherspec->digest;
1025 uint8_t digest_ctx[digest->ctxsize];
1027 hmac_init ( digest, digest_ctx, cipherspec->mac_secret,
1028 &digest->digestsize );
1029 seq = cpu_to_be64 ( seq );
1030 hmac_update ( digest, digest_ctx, &seq, sizeof ( seq ) );
1031 hmac_update ( digest, digest_ctx, tlshdr, sizeof ( *tlshdr ) );
1032 hmac_update ( digest, digest_ctx, data, len );
1033 hmac_final ( digest, digest_ctx, cipherspec->mac_secret,
1034 &digest->digestsize, hmac );
1038 * Allocate and assemble stream-ciphered record from data and MAC portions
1040 * @v tls TLS session
1042 * @ret len Length of data
1043 * @ret digest MAC digest
1044 * @ret plaintext_len Length of plaintext record
1045 * @ret plaintext Allocated plaintext record
1047 static void * tls_assemble_stream ( struct tls_session *tls,
1048 const void *data, size_t len,
1049 void *digest, size_t *plaintext_len ) {
1050 size_t mac_len = tls->tx_cipherspec.digest->digestsize;
1055 /* Calculate stream-ciphered struct length */
1056 *plaintext_len = ( len + mac_len );
1058 /* Allocate stream-ciphered struct */
1059 plaintext = malloc ( *plaintext_len );
1062 content = plaintext;
1063 mac = ( content + len );
1065 /* Fill in stream-ciphered struct */
1066 memcpy ( content, data, len );
1067 memcpy ( mac, digest, mac_len );
1073 * Allocate and assemble block-ciphered record from data and MAC portions
1075 * @v tls TLS session
1077 * @ret len Length of data
1078 * @ret digest MAC digest
1079 * @ret plaintext_len Length of plaintext record
1080 * @ret plaintext Allocated plaintext record
1082 static void * tls_assemble_block ( struct tls_session *tls,
1083 const void *data, size_t len,
1084 void *digest, size_t *plaintext_len ) {
1085 size_t blocksize = tls->tx_cipherspec.cipher->blocksize;
1086 size_t iv_len = blocksize;
1087 size_t mac_len = tls->tx_cipherspec.digest->digestsize;
1095 /* FIXME: TLSv1.1 has an explicit IV */
1098 /* Calculate block-ciphered struct length */
1099 padding_len = ( ( blocksize - 1 ) & -( iv_len + len + mac_len + 1 ) );
1100 *plaintext_len = ( iv_len + len + mac_len + padding_len + 1 );
1102 /* Allocate block-ciphered struct */
1103 plaintext = malloc ( *plaintext_len );
1107 content = ( iv + iv_len );
1108 mac = ( content + len );
1109 padding = ( mac + mac_len );
1111 /* Fill in block-ciphered struct */
1112 memset ( iv, 0, iv_len );
1113 memcpy ( content, data, len );
1114 memcpy ( mac, digest, mac_len );
1115 memset ( padding, padding_len, ( padding_len + 1 ) );
1121 * Send plaintext record
1123 * @v tls TLS session
1124 * @v type Record type
1125 * @v data Plaintext record
1126 * @v len Length of plaintext record
1127 * @ret rc Return status code
1129 static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
1130 const void *data, size_t len ) {
1131 struct tls_header plaintext_tlshdr;
1132 struct tls_header *tlshdr;
1133 struct tls_cipherspec *cipherspec = &tls->tx_cipherspec;
1134 void *plaintext = NULL;
1135 size_t plaintext_len;
1136 struct io_buffer *ciphertext = NULL;
1137 size_t ciphertext_len;
1138 size_t mac_len = cipherspec->digest->digestsize;
1139 uint8_t mac[mac_len];
1142 /* Construct header */
1143 plaintext_tlshdr.type = type;
1144 plaintext_tlshdr.version = htons ( TLS_VERSION_TLS_1_0 );
1145 plaintext_tlshdr.length = htons ( len );
1148 tls_hmac ( tls, cipherspec, tls->tx_seq, &plaintext_tlshdr,
1151 /* Allocate and assemble plaintext struct */
1152 if ( is_stream_cipher ( cipherspec->cipher ) ) {
1153 plaintext = tls_assemble_stream ( tls, data, len, mac,
1156 plaintext = tls_assemble_block ( tls, data, len, mac,
1159 if ( ! plaintext ) {
1160 DBGC ( tls, "TLS %p could not allocate %zd bytes for "
1161 "plaintext\n", tls, plaintext_len );
1166 DBGC2 ( tls, "Sending plaintext data:\n" );
1167 DBGC2_HD ( tls, plaintext, plaintext_len );
1169 /* Allocate ciphertext */
1170 ciphertext_len = ( sizeof ( *tlshdr ) + plaintext_len );
1171 ciphertext = xfer_alloc_iob ( &tls->cipherstream.xfer,
1173 if ( ! ciphertext ) {
1174 DBGC ( tls, "TLS %p could not allocate %zd bytes for "
1175 "ciphertext\n", tls, ciphertext_len );
1180 /* Assemble ciphertext */
1181 tlshdr = iob_put ( ciphertext, sizeof ( *tlshdr ) );
1182 tlshdr->type = type;
1183 tlshdr->version = htons ( TLS_VERSION_TLS_1_0 );
1184 tlshdr->length = htons ( plaintext_len );
1185 memcpy ( cipherspec->cipher_next_ctx, cipherspec->cipher_ctx,
1186 cipherspec->cipher->ctxsize );
1187 if ( ( rc = cipher_encrypt ( cipherspec->cipher,
1188 cipherspec->cipher_next_ctx, plaintext,
1189 iob_put ( ciphertext, plaintext_len ),
1190 plaintext_len ) ) != 0 ) {
1191 DBGC ( tls, "TLS %p could not encrypt: %s\n",
1192 tls, strerror ( rc ) );
1193 DBGC_HD ( tls, plaintext, plaintext_len );
1197 /* Free plaintext as soon as possible to conserve memory */
1201 /* Send ciphertext */
1202 rc = xfer_deliver_iob ( &tls->cipherstream.xfer, ciphertext );
1205 DBGC ( tls, "TLS %p could not deliver ciphertext: %s\n",
1206 tls, strerror ( rc ) );
1210 /* Update TX state machine to next record */
1212 memcpy ( tls->tx_cipherspec.cipher_ctx,
1213 tls->tx_cipherspec.cipher_next_ctx,
1214 tls->tx_cipherspec.cipher->ctxsize );
1218 free_iob ( ciphertext );
1223 * Split stream-ciphered record into data and MAC portions
1225 * @v tls TLS session
1226 * @v plaintext Plaintext record
1227 * @v plaintext_len Length of record
1229 * @ret len Length of data
1230 * @ret digest MAC digest
1231 * @ret rc Return status code
1233 static int tls_split_stream ( struct tls_session *tls,
1234 void *plaintext, size_t plaintext_len,
1235 void **data, size_t *len, void **digest ) {
1241 /* Decompose stream-ciphered data */
1242 mac_len = tls->rx_cipherspec.digest->digestsize;
1243 if ( plaintext_len < mac_len ) {
1244 DBGC ( tls, "TLS %p received underlength record\n", tls );
1245 DBGC_HD ( tls, plaintext, plaintext_len );
1248 content_len = ( plaintext_len - mac_len );
1249 content = plaintext;
1250 mac = ( content + content_len );
1252 /* Fill in return values */
1261 * Split block-ciphered record into data and MAC portions
1263 * @v tls TLS session
1264 * @v plaintext Plaintext record
1265 * @v plaintext_len Length of record
1267 * @ret len Length of data
1268 * @ret digest MAC digest
1269 * @ret rc Return status code
1271 static int tls_split_block ( struct tls_session *tls,
1272 void *plaintext, size_t plaintext_len,
1273 void **data, size_t *len,
1285 /* Decompose block-ciphered data */
1286 if ( plaintext_len < 1 ) {
1287 DBGC ( tls, "TLS %p received underlength record\n", tls );
1288 DBGC_HD ( tls, plaintext, plaintext_len );
1291 iv_len = tls->rx_cipherspec.cipher->blocksize;
1293 /* FIXME: TLSv1.1 uses an explicit IV */
1296 mac_len = tls->rx_cipherspec.digest->digestsize;
1297 padding_len = *( ( uint8_t * ) ( plaintext + plaintext_len - 1 ) );
1298 if ( plaintext_len < ( iv_len + mac_len + padding_len + 1 ) ) {
1299 DBGC ( tls, "TLS %p received underlength record\n", tls );
1300 DBGC_HD ( tls, plaintext, plaintext_len );
1303 content_len = ( plaintext_len - iv_len - mac_len - padding_len - 1 );
1305 content = ( iv + iv_len );
1306 mac = ( content + content_len );
1307 padding = ( mac + mac_len );
1309 /* Verify padding bytes */
1310 for ( i = 0 ; i < padding_len ; i++ ) {
1311 if ( *( ( uint8_t * ) ( padding + i ) ) != padding_len ) {
1312 DBGC ( tls, "TLS %p received bad padding\n", tls );
1313 DBGC_HD ( tls, plaintext, plaintext_len );
1318 /* Fill in return values */
1327 * Receive new ciphertext record
1329 * @v tls TLS session
1330 * @v tlshdr Record header
1331 * @v ciphertext Ciphertext record
1332 * @ret rc Return status code
1334 static int tls_new_ciphertext ( struct tls_session *tls,
1335 struct tls_header *tlshdr, void *ciphertext ) {
1336 struct tls_header plaintext_tlshdr;
1337 struct tls_cipherspec *cipherspec = &tls->rx_cipherspec;
1338 size_t record_len = ntohs ( tlshdr->length );
1339 void *plaintext = NULL;
1343 size_t mac_len = cipherspec->digest->digestsize;
1344 uint8_t verify_mac[mac_len];
1347 /* Allocate buffer for plaintext */
1348 plaintext = malloc ( record_len );
1349 if ( ! plaintext ) {
1350 DBGC ( tls, "TLS %p could not allocate %zd bytes for "
1351 "decryption buffer\n", tls, record_len );
1356 /* Decrypt the record */
1357 if ( ( rc = cipher_decrypt ( cipherspec->cipher,
1358 cipherspec->cipher_ctx, ciphertext,
1359 plaintext, record_len ) ) != 0 ) {
1360 DBGC ( tls, "TLS %p could not decrypt: %s\n",
1361 tls, strerror ( rc ) );
1362 DBGC_HD ( tls, ciphertext, record_len );
1366 /* Split record into content and MAC */
1367 if ( is_stream_cipher ( cipherspec->cipher ) ) {
1368 if ( ( rc = tls_split_stream ( tls, plaintext, record_len,
1369 &data, &len, &mac ) ) != 0 )
1372 if ( ( rc = tls_split_block ( tls, plaintext, record_len,
1373 &data, &len, &mac ) ) != 0 )
1378 plaintext_tlshdr.type = tlshdr->type;
1379 plaintext_tlshdr.version = tlshdr->version;
1380 plaintext_tlshdr.length = htons ( len );
1381 tls_hmac ( tls, cipherspec, tls->rx_seq, &plaintext_tlshdr,
1382 data, len, verify_mac);
1383 if ( memcmp ( mac, verify_mac, mac_len ) != 0 ) {
1384 DBGC ( tls, "TLS %p failed MAC verification\n", tls );
1385 DBGC_HD ( tls, plaintext, record_len );
1389 DBGC2 ( tls, "Received plaintext data:\n" );
1390 DBGC2_HD ( tls, data, len );
1392 /* Process plaintext record */
1393 if ( ( rc = tls_new_record ( tls, tlshdr->type, data, len ) ) != 0 )
1402 /******************************************************************************
1404 * Plaintext stream operations
1406 ******************************************************************************
1412 * @v xfer Plainstream data transfer interface
1413 * @v rc Reason for close
1415 static void tls_plainstream_close ( struct xfer_interface *xfer, int rc ) {
1416 struct tls_session *tls =
1417 container_of ( xfer, struct tls_session, plainstream.xfer );
1419 tls_close ( tls, rc );
1423 * Check flow control window
1425 * @v xfer Plainstream data transfer interface
1426 * @ret len Length of window
1428 static size_t tls_plainstream_window ( struct xfer_interface *xfer ) {
1429 struct tls_session *tls =
1430 container_of ( xfer, struct tls_session, plainstream.xfer );
1432 /* Block window unless we are ready to accept data */
1433 if ( tls->tx_state != TLS_TX_DATA )
1436 return filter_window ( xfer );
1440 * Deliver datagram as raw data
1442 * @v xfer Plainstream data transfer interface
1443 * @v data Data buffer
1444 * @v len Length of data buffer
1445 * @ret rc Return status code
1447 static int tls_plainstream_deliver_raw ( struct xfer_interface *xfer,
1448 const void *data, size_t len ) {
1449 struct tls_session *tls =
1450 container_of ( xfer, struct tls_session, plainstream.xfer );
1452 /* Refuse unless we are ready to accept data */
1453 if ( tls->tx_state != TLS_TX_DATA )
1456 return tls_send_plaintext ( tls, TLS_TYPE_DATA, data, len );
1459 /** TLS plaintext stream operations */
1460 static struct xfer_interface_operations tls_plainstream_operations = {
1461 .close = tls_plainstream_close,
1462 .vredirect = ignore_xfer_vredirect,
1463 .seek = filter_seek,
1464 .window = tls_plainstream_window,
1465 .alloc_iob = default_xfer_alloc_iob,
1466 .deliver_iob = xfer_deliver_as_raw,
1467 .deliver_raw = tls_plainstream_deliver_raw,
1470 /******************************************************************************
1472 * Ciphertext stream operations
1474 ******************************************************************************
1480 * @v xfer Plainstream data transfer interface
1481 * @v rc Reason for close
1483 static void tls_cipherstream_close ( struct xfer_interface *xfer, int rc ) {
1484 struct tls_session *tls =
1485 container_of ( xfer, struct tls_session, cipherstream.xfer );
1487 tls_close ( tls, rc );
1491 * Handle received TLS header
1493 * @v tls TLS session
1494 * @ret rc Returned status code
1496 static int tls_newdata_process_header ( struct tls_session *tls ) {
1497 size_t data_len = ntohs ( tls->rx_header.length );
1499 /* Allocate data buffer now that we know the length */
1500 assert ( tls->rx_data == NULL );
1501 tls->rx_data = malloc ( data_len );
1502 if ( ! tls->rx_data ) {
1503 DBGC ( tls, "TLS %p could not allocate %zd bytes "
1504 "for receive buffer\n", tls, data_len );
1508 /* Move to data state */
1509 tls->rx_state = TLS_RX_DATA;
1515 * Handle received TLS data payload
1517 * @v tls TLS session
1518 * @ret rc Returned status code
1520 static int tls_newdata_process_data ( struct tls_session *tls ) {
1523 /* Process record */
1524 if ( ( rc = tls_new_ciphertext ( tls, &tls->rx_header,
1525 tls->rx_data ) ) != 0 )
1528 /* Increment RX sequence number */
1531 /* Free data buffer */
1532 free ( tls->rx_data );
1533 tls->rx_data = NULL;
1535 /* Return to header state */
1536 tls->rx_state = TLS_RX_HEADER;
1542 * Receive new ciphertext
1544 * @v app Stream application
1545 * @v data Data received
1546 * @v len Length of received data
1547 * @ret rc Return status code
1549 static int tls_cipherstream_deliver_raw ( struct xfer_interface *xfer,
1550 const void *data, size_t len ) {
1551 struct tls_session *tls =
1552 container_of ( xfer, struct tls_session, cipherstream.xfer );
1556 int ( * process ) ( struct tls_session *tls );
1560 /* Select buffer according to current state */
1561 switch ( tls->rx_state ) {
1563 buf = &tls->rx_header;
1564 buf_len = sizeof ( tls->rx_header );
1565 process = tls_newdata_process_header;
1569 buf_len = ntohs ( tls->rx_header.length );
1570 process = tls_newdata_process_data;
1577 /* Copy data portion to buffer */
1578 frag_len = ( buf_len - tls->rx_rcvd );
1579 if ( frag_len > len )
1581 memcpy ( ( buf + tls->rx_rcvd ), data, frag_len );
1582 tls->rx_rcvd += frag_len;
1586 /* Process data if buffer is now full */
1587 if ( tls->rx_rcvd == buf_len ) {
1588 if ( ( rc = process ( tls ) ) != 0 ) {
1589 tls_close ( tls, rc );
1599 /** TLS ciphertext stream operations */
1600 static struct xfer_interface_operations tls_cipherstream_operations = {
1601 .close = tls_cipherstream_close,
1602 .vredirect = xfer_vopen,
1603 .seek = filter_seek,
1604 .window = filter_window,
1605 .alloc_iob = default_xfer_alloc_iob,
1606 .deliver_iob = xfer_deliver_as_raw,
1607 .deliver_raw = tls_cipherstream_deliver_raw,
1610 /******************************************************************************
1612 * Controlling process
1614 ******************************************************************************
1618 * TLS TX state machine
1620 * @v process TLS process
1622 static void tls_step ( struct process *process ) {
1623 struct tls_session *tls =
1624 container_of ( process, struct tls_session, process );
1627 /* Wait for cipherstream to become ready */
1628 if ( ! xfer_window ( &tls->cipherstream.xfer ) )
1631 switch ( tls->tx_state ) {
1635 case TLS_TX_CLIENT_HELLO:
1636 /* Send Client Hello */
1637 if ( ( rc = tls_send_client_hello ( tls ) ) != 0 ) {
1638 DBGC ( tls, "TLS %p could not send Client Hello: %s\n",
1639 tls, strerror ( rc ) );
1642 tls->tx_state = TLS_TX_NONE;
1644 case TLS_TX_CLIENT_KEY_EXCHANGE:
1645 /* Send Client Key Exchange */
1646 if ( ( rc = tls_send_client_key_exchange ( tls ) ) != 0 ) {
1647 DBGC ( tls, "TLS %p could send Client Key Exchange: "
1648 "%s\n", tls, strerror ( rc ) );
1651 tls->tx_state = TLS_TX_CHANGE_CIPHER;
1653 case TLS_TX_CHANGE_CIPHER:
1654 /* Send Change Cipher, and then change the cipher in use */
1655 if ( ( rc = tls_send_change_cipher ( tls ) ) != 0 ) {
1656 DBGC ( tls, "TLS %p could not send Change Cipher: "
1657 "%s\n", tls, strerror ( rc ) );
1660 if ( ( rc = tls_change_cipher ( tls,
1661 &tls->tx_cipherspec_pending,
1662 &tls->tx_cipherspec )) != 0 ){
1663 DBGC ( tls, "TLS %p could not activate TX cipher: "
1664 "%s\n", tls, strerror ( rc ) );
1668 tls->tx_state = TLS_TX_FINISHED;
1670 case TLS_TX_FINISHED:
1672 if ( ( rc = tls_send_finished ( tls ) ) != 0 ) {
1673 DBGC ( tls, "TLS %p could not send Finished: %s\n",
1674 tls, strerror ( rc ) );
1677 tls->tx_state = TLS_TX_NONE;
1689 tls_close ( tls, rc );
1692 /******************************************************************************
1696 ******************************************************************************
1699 int add_tls ( struct xfer_interface *xfer, struct xfer_interface **next ) {
1700 struct tls_session *tls;
1702 /* Allocate and initialise TLS structure */
1703 tls = malloc ( sizeof ( *tls ) );
1706 memset ( tls, 0, sizeof ( *tls ) );
1707 tls->refcnt.free = free_tls;
1708 filter_init ( &tls->plainstream, &tls_plainstream_operations,
1709 &tls->cipherstream, &tls_cipherstream_operations,
1711 tls_clear_cipher ( tls, &tls->tx_cipherspec );
1712 tls_clear_cipher ( tls, &tls->tx_cipherspec_pending );
1713 tls_clear_cipher ( tls, &tls->rx_cipherspec );
1714 tls_clear_cipher ( tls, &tls->rx_cipherspec_pending );
1715 *( ( uint32_t * ) tls->client_random ) = 0; /* GMT Unix time */
1716 tls_generate_random ( ( tls->client_random + 4 ),
1717 ( sizeof ( tls->client_random ) - 4 ) );
1718 *( ( uint16_t * ) tls->pre_master_secret )
1719 = htons ( TLS_VERSION_TLS_1_0 );
1720 tls_generate_random ( ( tls->pre_master_secret + 2 ),
1721 ( sizeof ( tls->pre_master_secret ) - 2 ) );
1722 digest_init ( &md5_algorithm, tls->handshake_md5_ctx );
1723 digest_init ( &sha1_algorithm, tls->handshake_sha1_ctx );
1724 tls->tx_state = TLS_TX_CLIENT_HELLO;
1725 process_init ( &tls->process, tls_step, &tls->refcnt );
1727 /* Attach to parent interface, mortalise self, and return */
1728 xfer_plug_plug ( &tls->plainstream.xfer, xfer );
1729 *next = &tls->cipherstream.xfer;
1730 ref_put ( &tls->refcnt );
http://git.etherboot.org / people / dverkamp / gpxe.git / blob