36 #if defined(POLARSSL_SSL_TLS_C)
48 #if defined _MSC_VER && !defined strcasecmp
49 #define strcasecmp _stricmp
55 static int tls1_prf(
unsigned char *secret,
size_t slen,
char *label,
56 unsigned char *random,
size_t rlen,
57 unsigned char *dstbuf,
size_t dlen )
61 unsigned char *S1, *S2;
62 unsigned char tmp[128];
63 unsigned char h_i[20];
65 if(
sizeof( tmp ) < 20 + strlen( label ) + rlen )
68 hs = ( slen + 1 ) / 2;
70 S2 = secret + slen - hs;
73 memcpy( tmp + 20, label, nb );
74 memcpy( tmp + 20 + nb, random, rlen );
80 md5_hmac( S1, hs, tmp + 20, nb, 4 + tmp );
82 for( i = 0; i < dlen; i += 16 )
84 md5_hmac( S1, hs, 4 + tmp, 16 + nb, h_i );
85 md5_hmac( S1, hs, 4 + tmp, 16, 4 + tmp );
87 k = ( i + 16 > dlen ) ? dlen % 16 : 16;
89 for( j = 0; j < k; j++ )
90 dstbuf[i + j] = h_i[j];
98 for( i = 0; i < dlen; i += 20 )
103 k = ( i + 20 > dlen ) ? dlen % 20 : 20;
105 for( j = 0; j < k; j++ )
106 dstbuf[i + j] = (
unsigned char)( dstbuf[i + j] ^ h_i[j] );
109 memset( tmp, 0,
sizeof( tmp ) );
110 memset( h_i, 0,
sizeof( h_i ) );
120 unsigned char tmp[64];
121 unsigned char padding[16];
122 unsigned char sha1sum[20];
123 unsigned char keyblk[256];
147 for( i = 0; i < 3; i++ )
149 memset( padding,
'A' + i, 1 + i );
164 tls1_prf( ssl->
premaster, len,
"master secret",
178 memset( tmp, 0,
sizeof( tmp ) );
194 for( i = 0; i < 16; i++ )
196 memset( padding,
'A' + i, 1 + i );
210 memset( &md5, 0,
sizeof( md5 ) );
211 memset( &sha1, 0,
sizeof( sha1 ) );
213 memset( padding, 0,
sizeof( padding ) );
214 memset( sha1sum, 0,
sizeof( sha1sum ) );
232 #if defined(POLARSSL_ARC4_C)
244 #if defined(POLARSSL_DES_C)
252 #if defined(POLARSSL_AES_C)
266 #if defined(POLARSSL_CAMELLIA_C)
286 SSL_DEBUG_MSG( 3, (
"keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
294 key1 = keyblk + ssl->
maclen * 2;
310 key2 = keyblk + ssl->
maclen * 2;
325 #if defined(POLARSSL_ARC4_C)
333 #if defined(POLARSSL_DES_C)
341 #if defined(POLARSSL_AES_C)
355 #if defined(POLARSSL_CAMELLIA_C)
373 memset( keyblk, 0,
sizeof( keyblk ) );
384 unsigned char pad_1[48];
385 unsigned char pad_2[48];
394 memset( pad_1, 0x36, 48 );
395 memset( pad_2, 0x5C, 48 );
432 static void ssl_mac_md5(
unsigned char *secret,
433 unsigned char *buf,
size_t len,
434 unsigned char *ctr,
int type )
436 unsigned char header[11];
437 unsigned char padding[48];
440 memcpy( header, ctr, 8 );
441 header[ 8] = (
unsigned char) type;
442 header[ 9] = (
unsigned char)( len >> 8 );
443 header[10] = (
unsigned char)( len );
445 memset( padding, 0x36, 48 );
453 memset( padding, 0x5C, 48 );
461 static void ssl_mac_sha1(
unsigned char *secret,
462 unsigned char *buf,
size_t len,
463 unsigned char *ctr,
int type )
465 unsigned char header[11];
466 unsigned char padding[40];
469 memcpy( header, ctr, 8 );
470 header[ 8] = (
unsigned char) type;
471 header[ 9] = (
unsigned char)( len >> 8 );
472 header[10] = (
unsigned char)( len );
474 memset( padding, 0x36, 40 );
482 memset( padding, 0x5C, 40 );
532 for( i = 8; i > 0; i-- )
533 if( ++ssl->
out_ctr[i - 1] != 0 )
536 if( ssl->
ivlen == 0 )
538 #if defined(POLARSSL_ARC4_C)
542 "including %d bytes of padding",
557 unsigned char *enc_msg;
561 if( padlen == ssl->
ivlen )
564 for( i = 0; i <= padlen; i++ )
600 "including %d bytes of IV and %d bytes of padding",
609 #if defined(POLARSSL_DES_C)
612 ssl->
iv_enc, enc_msg, enc_msg );
617 #if defined(POLARSSL_AES_C)
625 ssl->
iv_enc, enc_msg, enc_msg);
630 #if defined(POLARSSL_CAMELLIA_C)
638 ssl->
iv_enc, enc_msg, enc_msg );
656 unsigned char tmp[20];
667 if( ssl->
ivlen == 0 )
669 #if defined(POLARSSL_ARC4_C)
680 unsigned char *dec_msg;
681 unsigned char *dec_msg_result;
696 dec_msg_result = ssl->
in_msg;
703 dec_msg += ssl->
ivlen;
704 dec_msglen -= ssl->
ivlen;
707 for( i = 0; i < ssl->
ivlen; i++ )
713 #if defined(POLARSSL_DES_C)
717 ssl->
iv_dec, dec_msg, dec_msg_result );
722 #if defined(POLARSSL_AES_C)
730 ssl->
iv_dec, dec_msg, dec_msg_result );
735 #if defined(POLARSSL_CAMELLIA_C)
743 ssl->
iv_dec, dec_msg, dec_msg_result );
756 if( padlen > ssl->
ivlen )
759 "should be no more than %d",
760 padlen, ssl->
ivlen ) );
769 for( i = 1; i <= padlen; i++ )
774 "%02x, but is %02x", padlen - 1,
790 SSL_DEBUG_MSG( 1, (
"msglen (%d) < maclen (%d) + padlen (%d)",
840 if( ssl->
ivlen != 0 && padlen == 0 )
854 "messages, possible DoS attack" ) );
861 for( i = 8; i > 0; i-- )
862 if( ++ssl->
in_ctr[i - 1] != 0 )
880 while( ssl->
in_left < nb_want )
946 ssl->
out_hdr[3] = (
unsigned char)( len >> 8 );
947 ssl->
out_hdr[4] = (
unsigned char)( len );
951 ssl->
out_msg[1] = (
unsigned char)( ( len - 4 ) >> 16 );
952 ssl->
out_msg[2] = (
unsigned char)( ( len - 4 ) >> 8 );
953 ssl->
out_msg[3] = (
unsigned char)( ( len - 4 ) );
961 if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
968 ssl->
out_hdr[3] = (
unsigned char)( len >> 8 );
969 ssl->
out_hdr[4] = (
unsigned char)( len );
975 "version = [%d:%d], msglen = %d",
1014 " %d, type = %d, hslen = %d",
1050 "version = [%d:%d], msglen = %d",
1118 if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
1140 " %d, type = %d, hslen = %d",
1254 while( crt != NULL )
1264 ssl->
out_msg[i ] = (
unsigned char)( n >> 16 );
1265 ssl->
out_msg[i + 1] = (
unsigned char)( n >> 8 );
1266 ssl->
out_msg[i + 2] = (
unsigned char)( n );
1268 i += 3; memcpy( ssl->
out_msg + i, crt->
raw.
p, n );
1269 i += n; crt = crt->
next;
1272 ssl->
out_msg[4] = (
unsigned char)( ( i - 7 ) >> 16 );
1273 ssl->
out_msg[5] = (
unsigned char)( ( i - 7 ) >> 8 );
1274 ssl->
out_msg[6] = (
unsigned char)( ( i - 7 ) );
1346 memcmp( ssl->
in_msg + 4,
"\0\0\0", 3 ) == 0 )
1393 while( i < ssl->in_hslen )
1395 if( ssl->
in_msg[i] != 0 )
1401 n = ( (
unsigned int) ssl->
in_msg[i + 1] << 8 )
1402 | (
unsigned int) ssl->
in_msg[i + 2];
1405 if( n < 128 || i + n > ssl->
in_hslen )
1504 static void ssl_calc_finished(
1510 unsigned char padbuf[48];
1511 unsigned char md5sum[16];
1512 unsigned char sha1sum[20];
1540 memset( padbuf, 0x36, 48 );
1542 md5_update( md5, (
unsigned char *) sender, 4 );
1552 memset( padbuf, 0x5C, 48 );
1571 ? (
char *)
"client finished"
1572 : (
char *)
"server finished";
1578 padbuf, 36, buf, len );
1586 memset( padbuf, 0,
sizeof( padbuf ) );
1587 memset( md5sum, 0,
sizeof( md5sum ) );
1588 memset( sha1sum, 0,
sizeof( sha1sum ) );
1604 ssl_calc_finished( ssl, ssl->
out_msg + 4,
1643 unsigned int hash_len;
1644 unsigned char buf[36];
1676 ssl_calc_finished( ssl, buf, ssl->
endpoint ^ 1, &md5, &sha1 );
1678 if( memcmp( ssl->
in_msg + 4, buf, hash_len ) != 0 )
1709 ssl->
in_ctr = (
unsigned char *) malloc( len );
1713 if( ssl->
in_ctr == NULL )
1719 ssl->
out_ctr = (
unsigned char *) malloc( len );
1726 free( ssl-> in_ctr );
1774 memset( ssl->
iv_enc, 0, 16 );
1775 memset( ssl->
iv_dec, 0, 16 );
1776 memset( ssl->
mac_enc, 0, 32 );
1777 memset( ssl->
mac_dec, 0, 32 );
1778 memset( ssl->
ctx_enc, 0, 128 );
1779 memset( ssl->
ctx_dec, 0, 128 );
1799 int (*f_vrfy)(
void *,
x509_cert *,
int,
int),
1807 int (*f_rng)(
void *,
unsigned char *,
size_t),
1815 void (*f_dbg)(
void *,
int,
const char *),
1823 int (*f_recv)(
void *,
unsigned char *,
size_t),
void *p_recv,
1824 int (*f_send)(
void *,
const unsigned char *,
size_t),
void *p_send )
1854 x509_crl *ca_crl,
const char *peer_cn )
1868 #if defined(POLARSSL_PKCS11_C)
1870 pkcs11_context *pkcs11_key )
1873 ssl->pkcs11_key = pkcs11_key;
1917 if( hostname == NULL )
1926 memcpy( ssl->
hostname, (
unsigned char *) hostname,
1955 switch( ciphersuite_id )
1957 #if defined(POLARSSL_ARC4_C)
1959 return(
"SSL-RSA-RC4-128-MD5" );
1962 return(
"SSL-RSA-RC4-128-SHA" );
1965 #if defined(POLARSSL_DES_C)
1967 return(
"SSL-RSA-DES-168-SHA" );
1970 return(
"SSL-EDH-RSA-DES-168-SHA" );
1973 #if defined(POLARSSL_AES_C)
1975 return(
"SSL-RSA-AES-128-SHA" );
1978 return(
"SSL-EDH-RSA-AES-128-SHA" );
1981 return(
"SSL-RSA-AES-256-SHA" );
1984 return(
"SSL-EDH-RSA-AES-256-SHA" );
1987 #if defined(POLARSSL_CAMELLIA_C)
1989 return(
"SSL-RSA-CAMELLIA-128-SHA" );
1992 return(
"SSL-EDH-RSA-CAMELLIA-128-SHA" );
1995 return(
"SSL-RSA-CAMELLIA-256-SHA" );
1998 return(
"SSL-EDH-RSA-CAMELLIA-256-SHA" );
2005 return(
"unknown" );
2010 #if defined(POLARSSL_ARC4_C)
2011 if (0 == strcasecmp(ciphersuite_name,
"SSL-RSA-RC4-128-MD5"))
2013 if (0 == strcasecmp(ciphersuite_name,
"SSL-RSA-RC4-128-SHA"))
2017 #if defined(POLARSSL_DES_C)
2018 if (0 == strcasecmp(ciphersuite_name,
"SSL-RSA-DES-168-SHA"))
2020 if (0 == strcasecmp(ciphersuite_name,
"SSL-EDH-RSA-DES-168-SHA"))
2024 #if defined(POLARSSL_AES_C)
2025 if (0 == strcasecmp(ciphersuite_name,
"SSL-RSA-AES-128-SHA"))
2027 if (0 == strcasecmp(ciphersuite_name,
"SSL-EDH-RSA-AES-128-SHA"))
2029 if (0 == strcasecmp(ciphersuite_name,
"SSL-RSA-AES-256-SHA"))
2031 if (0 == strcasecmp(ciphersuite_name,
"SSL-EDH-RSA-AES-256-SHA"))
2035 #if defined(POLARSSL_CAMELLIA_C)
2036 if (0 == strcasecmp(ciphersuite_name,
"SSL-RSA-CAMELLIA-128-SHA"))
2038 if (0 == strcasecmp(ciphersuite_name,
"SSL-EDH-RSA-CAMELLIA-128-SHA"))
2040 if (0 == strcasecmp(ciphersuite_name,
"SSL-RSA-CAMELLIA-256-SHA"))
2042 if (0 == strcasecmp(ciphersuite_name,
"SSL-EDH-RSA-CAMELLIA-256-SHA"))
2059 return(
"SSLv3.0" );
2062 return(
"TLSv1.0" );
2065 return(
"TLSv1.1" );
2070 return(
"unknown" );
2075 #if defined(POLARSSL_DHM_C)
2076 #if defined(POLARSSL_AES_C)
2080 #if defined(POLARSSL_CAMELLIA_C)
2084 #if defined(POLARSSL_DES_C)
2089 #if defined(POLARSSL_AES_C)
2092 #if defined(POLARSSL_CAMELLIA_C)
2095 #if defined(POLARSSL_AES_C)
2098 #if defined(POLARSSL_CAMELLIA_C)
2101 #if defined(POLARSSL_DES_C)
2104 #if defined(POLARSSL_ARC4_C)
2120 #if defined(POLARSSL_SSL_CLI_C)
2125 #if defined(POLARSSL_SSL_SRV_C)
2193 memcpy( buf, ssl->
in_offt, n );
2242 memcpy( ssl->
out_msg, buf, n );
2310 if( ssl->
in_ctr != NULL )
2316 #if defined(POLARSSL_DHM_C)