Annotation of embedaddon/strongswan/src/libtls/tls_server.c, revision 1.1.1.2
1.1 misho 1: /*
1.1.1.2 ! misho 2: * Copyright (C) 2020-2021 Pascal Knecht
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
1.1 misho 5: * Copyright (C) 2010 Martin Willi
6: * Copyright (C) 2010 revosec AG
7: *
8: * This program is free software; you can redistribute it and/or modify it
9: * under the terms of the GNU General Public License as published by the
10: * Free Software Foundation; either version 2 of the License, or (at your
11: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12: *
13: * This program is distributed in the hope that it will be useful, but
14: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16: * for more details.
17: */
18:
19: #include "tls_server.h"
20:
21: #include <time.h>
22:
23: #include <utils/debug.h>
24: #include <credentials/certificates/x509.h>
1.1.1.2 ! misho 25: #include <collections/array.h>
1.1 misho 26:
27: typedef struct private_tls_server_t private_tls_server_t;
28:
29: /**
30: * Size of a session ID
31: */
32: #define SESSION_ID_SIZE 16
33:
34: typedef enum {
35: STATE_INIT,
36: STATE_HELLO_RECEIVED,
37: STATE_HELLO_SENT,
38: STATE_CERT_SENT,
39: STATE_KEY_EXCHANGE_SENT,
40: STATE_CERTREQ_SENT,
41: STATE_HELLO_DONE,
42: STATE_CERT_RECEIVED,
43: STATE_KEY_EXCHANGE_RECEIVED,
44: STATE_CERT_VERIFY_RECEIVED,
45: STATE_CIPHERSPEC_CHANGED_IN,
46: STATE_FINISHED_RECEIVED,
47: STATE_CIPHERSPEC_CHANGED_OUT,
48: STATE_FINISHED_SENT,
1.1.1.2 ! misho 49: /* new states in TLS 1.3 */
! 50: STATE_ENCRYPTED_EXTENSIONS_SENT,
! 51: STATE_CERT_VERIFY_SENT,
! 52: STATE_KEY_UPDATE_REQUESTED,
! 53: STATE_KEY_UPDATE_SENT,
! 54: STATE_FINISHED_SENT_KEY_SWITCHED,
1.1 misho 55: } server_state_t;
56:
57: /**
58: * Private data of an tls_server_t object.
59: */
60: struct private_tls_server_t {
61:
62: /**
63: * Public tls_server_t interface.
64: */
65: tls_server_t public;
66:
67: /**
68: * TLS stack
69: */
70: tls_t *tls;
71:
72: /**
73: * TLS crypto context
74: */
75: tls_crypto_t *crypto;
76:
77: /**
78: * TLS alert handler
79: */
80: tls_alert_t *alert;
81:
82: /**
83: * Server identity
84: */
85: identification_t *server;
86:
87: /**
88: * Peer identity, NULL for no client authentication
89: */
90: identification_t *peer;
91:
92: /**
93: * State we are in
94: */
95: server_state_t state;
96:
97: /**
98: * Hello random data selected by client
99: */
100: char client_random[32];
101:
102: /**
103: * Hello random data selected by server
104: */
105: char server_random[32];
106:
107: /**
108: * Auth helper for peer authentication
109: */
110: auth_cfg_t *peer_auth;
111:
112: /**
113: * Auth helper for server authentication
114: */
115: auth_cfg_t *server_auth;
116:
117: /**
118: * Peer private key
119: */
120: private_key_t *private;
121:
122: /**
123: * DHE exchange
124: */
125: diffie_hellman_t *dh;
126:
127: /**
1.1.1.2 ! misho 128: * Requested DH group
! 129: */
! 130: tls_named_group_t requested_curve;
! 131:
! 132: /**
1.1 misho 133: * Selected TLS cipher suite
134: */
135: tls_cipher_suite_t suite;
136:
137: /**
138: * Offered TLS version of the client
139: */
140: tls_version_t client_version;
141:
142: /**
143: * TLS session identifier
144: */
145: chunk_t session;
146:
147: /**
148: * Do we resume a session?
149: */
150: bool resume;
151:
152: /**
153: * Hash and signature algorithms supported by peer
154: */
155: chunk_t hashsig;
156:
157: /**
158: * Elliptic curves supported by peer
159: */
160: chunk_t curves;
161:
162: /**
163: * Did we receive the curves from the client?
164: */
165: bool curves_received;
1.1.1.2 ! misho 166:
! 167: /**
! 168: * Whether to include CAs in CertificateRequest messages
! 169: */
! 170: bool send_certreq_authorities;
1.1 misho 171: };
172:
173: /**
1.1.1.2 ! misho 174: * Find a trusted public key to encrypt/verify key exchange data
! 175: */
! 176: public_key_t *tls_find_public_key(auth_cfg_t *peer_auth)
! 177: {
! 178: public_key_t *public = NULL, *current;
! 179: certificate_t *cert, *found;
! 180: enumerator_t *enumerator;
! 181: auth_cfg_t *auth;
! 182:
! 183: cert = peer_auth->get(peer_auth, AUTH_HELPER_SUBJECT_CERT);
! 184: if (cert)
! 185: {
! 186: enumerator = lib->credmgr->create_public_enumerator(lib->credmgr,
! 187: KEY_ANY, cert->get_subject(cert),
! 188: peer_auth, TRUE);
! 189: while (enumerator->enumerate(enumerator, ¤t, &auth))
! 190: {
! 191: found = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
! 192: if (found && cert->equals(cert, found))
! 193: {
! 194: public = current->get_ref(current);
! 195: peer_auth->merge(peer_auth, auth, FALSE);
! 196: break;
! 197: }
! 198: }
! 199: enumerator->destroy(enumerator);
! 200: }
! 201: return public;
! 202: }
! 203:
! 204: /**
1.1 misho 205: * Find a cipher suite and a server key
206: */
207: static bool select_suite_and_key(private_tls_server_t *this,
208: tls_cipher_suite_t *suites, int count)
209: {
1.1.1.2 ! misho 210: tls_version_t version_min, version_max;
1.1 misho 211: private_key_t *key;
1.1.1.2 ! misho 212: auth_cfg_t *auth;
! 213: enumerator_t *enumerator;
1.1 misho 214:
1.1.1.2 ! misho 215: version_min = this->tls->get_version_min(this->tls);
! 216: version_max = this->tls->get_version_max(this->tls);
! 217: enumerator = tls_create_private_key_enumerator(version_min, version_max,
! 218: this->hashsig, this->server);
! 219: if (!enumerator)
! 220: {
! 221: DBG1(DBG_TLS, "no common signature algorithms found");
! 222: return FALSE;
! 223: }
! 224: if (!enumerator->enumerate(enumerator, &key, &auth))
1.1 misho 225: {
226: DBG1(DBG_TLS, "no usable TLS server certificate found for '%Y'",
227: this->server);
1.1.1.2 ! misho 228: enumerator->destroy(enumerator);
1.1 misho 229: return FALSE;
230: }
1.1.1.2 ! misho 231:
! 232: if (version_max >= TLS_1_3)
! 233: {
! 234: this->suite = this->crypto->select_cipher_suite(this->crypto, suites,
! 235: count, KEY_ANY);
! 236: }
! 237: else
! 238: {
! 239: this->suite = this->crypto->select_cipher_suite(this->crypto, suites,
! 240: count, key->get_type(key));
! 241: while (!this->suite &&
! 242: enumerator->enumerate(enumerator, &key, &auth))
! 243: { /* find a key and cipher suite for one of the remaining key types */
! 244: this->suite = this->crypto->select_cipher_suite(this->crypto,
! 245: suites, count,
! 246: key->get_type(key));
1.1 misho 247: }
1.1.1.2 ! misho 248: }
! 249: if (!this->suite)
! 250: {
! 251: DBG1(DBG_TLS, "received cipher suites or signature schemes unacceptable");
! 252: enumerator->destroy(enumerator);
! 253: return FALSE;
! 254: }
! 255: DBG1(DBG_TLS, "using key of type %N", key_type_names, key->get_type(key));
! 256: DESTROY_IF(this->private);
! 257: this->private = key->get_ref(key);
! 258: this->server_auth->purge(this->server_auth, FALSE);
! 259: this->server_auth->merge(this->server_auth, auth, FALSE);
! 260: enumerator->destroy(enumerator);
! 261: return TRUE;
! 262: }
! 263:
! 264: /**
! 265: * Check if the peer supports a given TLS curve
! 266: */
! 267: static bool peer_supports_curve(private_tls_server_t *this,
! 268: tls_named_group_t curve)
! 269: {
! 270: bio_reader_t *reader;
! 271: uint16_t current;
1.1 misho 272:
1.1.1.2 ! misho 273: if (!this->curves_received)
! 274: { /* none received, assume yes */
! 275: return TRUE;
! 276: }
! 277: reader = bio_reader_create(this->curves);
! 278: while (reader->remaining(reader) && reader->read_uint16(reader, ¤t))
! 279: {
! 280: if (current == curve)
1.1 misho 281: {
1.1.1.2 ! misho 282: reader->destroy(reader);
! 283: return TRUE;
1.1 misho 284: }
1.1.1.2 ! misho 285: }
! 286: reader->destroy(reader);
! 287: return FALSE;
! 288: }
! 289:
! 290: /**
! 291: * TLS 1.3 key exchange key share
! 292: */
! 293: typedef struct {
! 294: uint16_t curve;
! 295: chunk_t key_share;
! 296: } key_share_t;
! 297:
! 298: /**
! 299: * Check if peer sent a key share of a given TLS named DH group
! 300: */
! 301: static bool peer_offered_curve(array_t *key_shares, tls_named_group_t curve,
! 302: key_share_t *out)
! 303: {
! 304: key_share_t peer;
! 305: int i;
! 306:
! 307: for (i = 0; i < array_count(key_shares); i++)
! 308: {
! 309: array_get(key_shares, i, &peer);
! 310: if (curve == peer.curve)
1.1 misho 311: {
1.1.1.2 ! misho 312: if (out)
! 313: {
! 314: *out = peer;
! 315: }
! 316: return TRUE;
1.1 misho 317: }
318: }
1.1.1.2 ! misho 319: return FALSE;
! 320: }
! 321:
! 322: /**
! 323: * Check if client is currently retrying to connect to the server.
! 324: */
! 325: static bool retrying(private_tls_server_t *this)
! 326: {
! 327: return this->state == STATE_INIT && this->requested_curve;
1.1 misho 328: }
329:
330: /**
331: * Process client hello message
332: */
333: static status_t process_client_hello(private_tls_server_t *this,
334: bio_reader_t *reader)
335: {
1.1.1.2 ! misho 336: uint16_t legacy_version = 0, version = 0, extension_type = 0;
! 337: chunk_t random, session, ciphers, versions = chunk_empty, compression;
! 338: chunk_t ext = chunk_empty, key_shares = chunk_empty;
! 339: key_share_t peer = {0};
! 340: chunk_t extension_data = chunk_empty;
! 341: bio_reader_t *extensions, *extension;
1.1 misho 342: tls_cipher_suite_t *suites;
1.1.1.2 ! misho 343: tls_version_t original_version_max;
1.1 misho 344: int count, i;
345: rng_t *rng;
346:
347: this->crypto->append_handshake(this->crypto,
348: TLS_CLIENT_HELLO, reader->peek(reader));
349:
1.1.1.2 ! misho 350: if (!reader->read_uint16(reader, &legacy_version) ||
1.1 misho 351: !reader->read_data(reader, sizeof(this->client_random), &random) ||
352: !reader->read_data8(reader, &session) ||
353: !reader->read_data16(reader, &ciphers) ||
354: !reader->read_data8(reader, &compression) ||
355: (reader->remaining(reader) && !reader->read_data16(reader, &ext)))
356: {
357: DBG1(DBG_TLS, "received invalid ClientHello");
358: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
359: return NEED_MORE;
360: }
361:
1.1.1.2 ! misho 362: /* before we do anything version-related, determine our supported suites
! 363: * as that might change the min./max. versions */
! 364: this->crypto->get_cipher_suites(this->crypto, NULL);
! 365:
! 366: extensions = bio_reader_create(ext);
! 367: while (extensions->remaining(extensions))
1.1 misho 368: {
1.1.1.2 ! misho 369: if (!extensions->read_uint16(extensions, &extension_type) ||
! 370: !extensions->read_data16(extensions, &extension_data))
1.1 misho 371: {
1.1.1.2 ! misho 372: DBG1(DBG_TLS, "received invalid ClientHello Extensions");
! 373: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
! 374: extensions->destroy(extensions);
! 375: return NEED_MORE;
1.1 misho 376: }
1.1.1.2 ! misho 377: extension = bio_reader_create(extension_data);
! 378: DBG2(DBG_TLS, "received TLS '%N' extension",
! 379: tls_extension_names, extension_type);
! 380: DBG3(DBG_TLS, "%B", &extension_data);
! 381: switch (extension_type)
! 382: {
! 383: case TLS_EXT_SIGNATURE_ALGORITHMS:
! 384: if (!extension->read_data16(extension, &extension_data))
! 385: {
! 386: DBG1(DBG_TLS, "invalid %N extension",
! 387: tls_extension_names, extension_type);
! 388: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
! 389: extensions->destroy(extensions);
! 390: extension->destroy(extension);
! 391: return NEED_MORE;
! 392: }
! 393: chunk_free(&this->hashsig);
! 394: this->hashsig = chunk_clone(extension_data);
! 395: break;
! 396: case TLS_EXT_SUPPORTED_GROUPS:
! 397: if (!extension->read_data16(extension, &extension_data))
! 398: {
! 399: DBG1(DBG_TLS, "invalid %N extension",
! 400: tls_extension_names, extension_type);
! 401: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
! 402: extensions->destroy(extensions);
! 403: extension->destroy(extension);
! 404: return NEED_MORE;
! 405: }
! 406: chunk_free(&this->curves);
! 407: this->curves_received = TRUE;
! 408: this->curves = chunk_clone(extension_data);
! 409: break;
! 410: case TLS_EXT_SUPPORTED_VERSIONS:
! 411: if (!extension->read_data8(extension, &versions))
! 412: {
! 413: DBG1(DBG_TLS, "invalid %N extension",
! 414: tls_extension_names, extension_type);
! 415: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
! 416: extensions->destroy(extensions);
! 417: extension->destroy(extension);
! 418: return NEED_MORE;
! 419: }
! 420: break;
! 421: case TLS_EXT_KEY_SHARE:
! 422: if (!extension->read_data16(extension, &key_shares))
! 423: {
! 424: DBG1(DBG_TLS, "invalid %N extension",
! 425: tls_extension_names, extension_type);
! 426: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
! 427: extensions->destroy(extensions);
! 428: extension->destroy(extension);
! 429: return NEED_MORE;
! 430: }
! 431: break;
! 432: default:
! 433: break;
! 434: }
! 435: extension->destroy(extension);
! 436: }
! 437: extensions->destroy(extensions);
! 438:
! 439: if (this->tls->get_version_max(this->tls) >= TLS_1_3 && !this->hashsig.len)
! 440: {
! 441: DBG1(DBG_TLS, "no %N extension received", tls_extension_names,
! 442: TLS_MISSING_EXTENSION);
! 443: this->alert->add(this->alert, TLS_FATAL, TLS_MISSING_EXTENSION);
! 444: return NEED_MORE;
1.1 misho 445: }
446:
447: memcpy(this->client_random, random.ptr, sizeof(this->client_random));
448:
449: htoun32(&this->server_random, time(NULL));
450: rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
451: if (!rng ||
452: !rng->get_bytes(rng, sizeof(this->server_random) - 4,
453: this->server_random + 4))
454: {
455: DBG1(DBG_TLS, "failed to generate server random");
456: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
457: DESTROY_IF(rng);
458: return NEED_MORE;
459: }
460: rng->destroy(rng);
461:
1.1.1.2 ! misho 462: original_version_max = this->tls->get_version_max(this->tls);
! 463:
! 464: if (versions.len)
! 465: {
! 466: bio_reader_t *client_versions;
! 467:
! 468: client_versions = bio_reader_create(versions);
! 469: while (client_versions->remaining(client_versions))
! 470: {
! 471: if (client_versions->read_uint16(client_versions, &version))
! 472: {
! 473: if (this->tls->set_version(this->tls, version, version))
! 474: {
! 475: this->client_version = version;
! 476: break;
! 477: }
! 478: }
! 479: }
! 480: client_versions->destroy(client_versions);
! 481: }
! 482: else
! 483: {
! 484: version = legacy_version;
! 485: if (this->tls->set_version(this->tls, version, version))
! 486: {
! 487: this->client_version = version;
! 488: }
! 489: }
! 490:
! 491: /* downgrade protection (see RFC 8446, section 4.1.3) */
! 492: if ((original_version_max == TLS_1_3 && version < TLS_1_3) ||
! 493: (original_version_max == TLS_1_2 && version < TLS_1_2))
! 494: {
! 495: chunk_t downgrade_protection = tls_downgrade_protection_tls11;
! 496:
! 497: if (version == TLS_1_2)
! 498: {
! 499: downgrade_protection = tls_downgrade_protection_tls12;
! 500: }
! 501: memcpy(&this->server_random[24], downgrade_protection.ptr,
! 502: downgrade_protection.len);
! 503: }
! 504:
! 505: if (!this->client_version)
1.1 misho 506: {
1.1.1.2 ! misho 507: DBG1(DBG_TLS, "proposed version %N not supported", tls_version_names,
! 508: version);
1.1 misho 509: this->alert->add(this->alert, TLS_FATAL, TLS_PROTOCOL_VERSION);
510: return NEED_MORE;
511: }
512:
1.1.1.2 ! misho 513: if (this->tls->get_version_max(this->tls) < TLS_1_3)
! 514: {
! 515: this->suite = this->crypto->resume_session(this->crypto, session,
! 516: this->peer,
! 517: chunk_from_thing(this->client_random),
! 518: chunk_from_thing(this->server_random));
! 519: }
! 520:
! 521: if (this->suite && !retrying(this))
1.1 misho 522: {
523: this->session = chunk_clone(session);
524: this->resume = TRUE;
525: DBG1(DBG_TLS, "resumed %N using suite %N",
1.1.1.2 ! misho 526: tls_version_names, this->tls->get_version_max(this->tls),
1.1 misho 527: tls_cipher_suite_names, this->suite);
528: }
529: else
530: {
1.1.1.2 ! misho 531: tls_cipher_suite_t original_suite = this->suite;
! 532:
1.1 misho 533: count = ciphers.len / sizeof(uint16_t);
534: suites = alloca(count * sizeof(tls_cipher_suite_t));
535: DBG2(DBG_TLS, "received %d TLS cipher suites:", count);
536: for (i = 0; i < count; i++)
537: {
538: suites[i] = untoh16(&ciphers.ptr[i * sizeof(uint16_t)]);
539: DBG2(DBG_TLS, " %N", tls_cipher_suite_names, suites[i]);
540: }
541: if (!select_suite_and_key(this, suites, count))
542: {
543: this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE);
544: return NEED_MORE;
545: }
1.1.1.2 ! misho 546: if (retrying(this) && original_suite != this->suite)
1.1 misho 547: {
1.1.1.2 ! misho 548: DBG1(DBG_TLS, "selected %N instead of %N during retry",
! 549: tls_cipher_suite_names, this->suite, tls_cipher_suite_names,
! 550: original_suite);
! 551: this->alert->add(this->alert, TLS_FATAL, TLS_ILLEGAL_PARAMETER);
! 552: return NEED_MORE;
! 553: }
! 554: if (this->tls->get_version_max(this->tls) < TLS_1_3)
! 555: {
! 556: rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
! 557: if (!rng ||
! 558: !rng->allocate_bytes(rng, SESSION_ID_SIZE, &this->session))
! 559: {
! 560: DBG1(DBG_TLS, "generating TLS session identifier failed, skipped");
! 561: }
! 562: DESTROY_IF(rng);
! 563: }
! 564: else
! 565: {
! 566: chunk_free(&this->session);
! 567: this->session = chunk_clone(session);
1.1 misho 568: }
569: DBG1(DBG_TLS, "negotiated %N using suite %N",
1.1.1.2 ! misho 570: tls_version_names, this->tls->get_version_max(this->tls),
1.1 misho 571: tls_cipher_suite_names, this->suite);
572: }
1.1.1.2 ! misho 573:
! 574: if (this->tls->get_version_max(this->tls) >= TLS_1_3)
! 575: {
! 576: diffie_hellman_group_t group;
! 577: tls_named_group_t curve, requesting_curve = 0;
! 578: enumerator_t *enumerator;
! 579: array_t *peer_key_shares;
! 580:
! 581: peer_key_shares = array_create(sizeof(key_share_t), 1);
! 582: extension = bio_reader_create(key_shares);
! 583: while (extension->remaining(extension))
! 584: {
! 585: if (!extension->read_uint16(extension, &peer.curve) ||
! 586: !extension->read_data16(extension, &peer.key_share) ||
! 587: !peer.key_share.len)
! 588: {
! 589: DBG1(DBG_TLS, "invalid %N extension",
! 590: tls_extension_names, extension_type);
! 591: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
! 592: extension->destroy(extension);
! 593: array_destroy(peer_key_shares);
! 594: return NEED_MORE;
! 595: }
! 596: array_insert(peer_key_shares, ARRAY_TAIL, &peer);
! 597: }
! 598: extension->destroy(extension);
! 599:
! 600: enumerator = this->crypto->create_ec_enumerator(this->crypto);
! 601: while (enumerator->enumerate(enumerator, &group, &curve))
! 602: {
! 603: if (!requesting_curve &&
! 604: peer_supports_curve(this, curve) &&
! 605: !peer_offered_curve(peer_key_shares, curve, NULL))
! 606: {
! 607: requesting_curve = curve;
! 608: }
! 609: if (peer_supports_curve(this, curve) &&
! 610: peer_offered_curve(peer_key_shares, curve, &peer))
! 611: {
! 612: DBG1(DBG_TLS, "using key exchange %N",
! 613: tls_named_group_names, curve);
! 614: this->dh = lib->crypto->create_dh(lib->crypto, group);
! 615: break;
! 616: }
! 617: }
! 618: enumerator->destroy(enumerator);
! 619: array_destroy(peer_key_shares);
! 620:
! 621: if (!this->dh)
! 622: {
! 623: if (retrying(this))
! 624: {
! 625: DBG1(DBG_TLS, "already replied with a hello retry request");
! 626: this->alert->add(this->alert, TLS_FATAL, TLS_UNEXPECTED_MESSAGE);
! 627: return NEED_MORE;
! 628: }
! 629:
! 630: if (!requesting_curve)
! 631: {
! 632: DBG1(DBG_TLS, "no mutual supported group in client hello");
! 633: this->alert->add(this->alert, TLS_FATAL, TLS_ILLEGAL_PARAMETER);
! 634: return NEED_MORE;
! 635: }
! 636: this->requested_curve = requesting_curve;
! 637:
! 638: if (!this->crypto->hash_handshake(this->crypto, NULL))
! 639: {
! 640: DBG1(DBG_TLS, "failed to hash handshake messages");
! 641: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
! 642: return NEED_MORE;
! 643: }
! 644: }
! 645: else
! 646: {
! 647: if (peer.key_share.len &&
! 648: peer.curve != TLS_CURVE25519 &&
! 649: peer.curve != TLS_CURVE448)
! 650: { /* classic format (see RFC 8446, section 4.2.8.2) */
! 651: if (peer.key_share.ptr[0] != TLS_ANSI_UNCOMPRESSED)
! 652: {
! 653: DBG1(DBG_TLS, "DH point format '%N' not supported",
! 654: tls_ansi_point_format_names, peer.key_share.ptr[0]);
! 655: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
! 656: return NEED_MORE;
! 657: }
! 658: peer.key_share = chunk_skip(peer.key_share, 1);
! 659: }
! 660: if (!peer.key_share.len ||
! 661: !this->dh->set_other_public_value(this->dh, peer.key_share))
! 662: {
! 663: DBG1(DBG_TLS, "DH key derivation failed");
! 664: this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE);
! 665: return NEED_MORE;
! 666: }
! 667: this->requested_curve = 0;
! 668: }
! 669: }
! 670:
1.1 misho 671: this->state = STATE_HELLO_RECEIVED;
672: return NEED_MORE;
673: }
674:
675: /**
676: * Process certificate
677: */
678: static status_t process_certificate(private_tls_server_t *this,
679: bio_reader_t *reader)
680: {
681: certificate_t *cert;
682: bio_reader_t *certs;
683: chunk_t data;
684: bool first = TRUE;
685:
686: this->crypto->append_handshake(this->crypto,
687: TLS_CERTIFICATE, reader->peek(reader));
688:
1.1.1.2 ! misho 689: if (this->tls->get_version_max(this->tls) > TLS_1_2)
! 690: {
! 691: if (!reader->read_data8(reader, &data))
! 692: {
! 693: DBG1(DBG_TLS, "certificate request context invalid");
! 694: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
! 695: return NEED_MORE;
! 696: }
! 697: }
! 698:
1.1 misho 699: if (!reader->read_data24(reader, &data))
700: {
701: DBG1(DBG_TLS, "certificate message header invalid");
702: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
703: return NEED_MORE;
704: }
705: certs = bio_reader_create(data);
1.1.1.2 ! misho 706: if (!certs->remaining(certs))
! 707: {
! 708: if (this->tls->get_flags(this->tls) & TLS_FLAG_CLIENT_AUTH_OPTIONAL)
! 709: {
! 710: /* client authentication is not required so we clear the identity */
! 711: DESTROY_IF(this->peer);
! 712: this->peer = NULL;
! 713: }
! 714: else
! 715: {
! 716: DBG1(DBG_TLS, "no certificate sent by peer");
! 717: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
! 718: return NEED_MORE;
! 719: }
! 720: }
1.1 misho 721: while (certs->remaining(certs))
722: {
723: if (!certs->read_data24(certs, &data))
724: {
725: DBG1(DBG_TLS, "certificate message invalid");
726: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
727: certs->destroy(certs);
728: return NEED_MORE;
729: }
730: cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
731: BUILD_BLOB_ASN1_DER, data, BUILD_END);
732: if (cert)
733: {
734: if (first)
735: {
736: this->peer_auth->add(this->peer_auth,
737: AUTH_HELPER_SUBJECT_CERT, cert);
738: DBG1(DBG_TLS, "received TLS peer certificate '%Y'",
739: cert->get_subject(cert));
740: first = FALSE;
1.1.1.2 ! misho 741: if (this->peer && this->peer->get_type(this->peer) == ID_ANY)
! 742: {
! 743: this->peer->destroy(this->peer);
1.1 misho 744: this->peer = cert->get_subject(cert);
745: this->peer = this->peer->clone(this->peer);
746: }
747: }
748: else
749: {
750: DBG1(DBG_TLS, "received TLS intermediate certificate '%Y'",
751: cert->get_subject(cert));
752: this->peer_auth->add(this->peer_auth, AUTH_HELPER_IM_CERT, cert);
753: }
754: }
755: else
756: {
757: DBG1(DBG_TLS, "parsing TLS certificate failed, skipped");
758: this->alert->add(this->alert, TLS_WARNING, TLS_BAD_CERTIFICATE);
759: }
1.1.1.2 ! misho 760: if (this->tls->get_version_max(this->tls) > TLS_1_2)
! 761: {
! 762: if (!certs->read_data16(certs, &data))
! 763: {
! 764: DBG1(DBG_TLS, "failed to read extensions of CertificateEntry");
! 765: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
! 766: return NEED_MORE;
! 767: }
! 768: }
1.1 misho 769: }
770: certs->destroy(certs);
771: this->state = STATE_CERT_RECEIVED;
772: return NEED_MORE;
773: }
774:
775: /**
776: * Process Client Key Exchange, using premaster encryption
777: */
778: static status_t process_key_exchange_encrypted(private_tls_server_t *this,
779: bio_reader_t *reader)
780: {
781: chunk_t encrypted, decrypted;
782: char premaster[48];
783: rng_t *rng;
784:
785: this->crypto->append_handshake(this->crypto,
786: TLS_CLIENT_KEY_EXCHANGE, reader->peek(reader));
787:
788: if (!reader->read_data16(reader, &encrypted))
789: {
790: DBG1(DBG_TLS, "received invalid Client Key Exchange");
791: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
792: return NEED_MORE;
793: }
794:
795: htoun16(premaster, this->client_version);
796: /* pre-randomize premaster for failure cases */
797: rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
798: if (!rng || !rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2))
799: {
800: DBG1(DBG_TLS, "failed to generate premaster secret");
801: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
802: DESTROY_IF(rng);
803: return NEED_MORE;
804: }
805: rng->destroy(rng);
806:
807: if (this->private &&
808: this->private->decrypt(this->private,
809: ENCRYPT_RSA_PKCS1, encrypted, &decrypted))
810: {
811: if (decrypted.len == sizeof(premaster) &&
812: untoh16(decrypted.ptr) == this->client_version)
813: {
814: memcpy(premaster + 2, decrypted.ptr + 2, sizeof(premaster) - 2);
815: }
816: else
817: {
818: DBG1(DBG_TLS, "decrypted premaster has invalid length/version");
819: }
820: chunk_clear(&decrypted);
821: }
822: else
823: {
824: DBG1(DBG_TLS, "decrypting Client Key Exchange failed");
825: }
826:
827: if (!this->crypto->derive_secrets(this->crypto, chunk_from_thing(premaster),
828: this->session, this->peer,
829: chunk_from_thing(this->client_random),
830: chunk_from_thing(this->server_random)))
831: {
832: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
833: return NEED_MORE;
834: }
835:
836: this->state = STATE_KEY_EXCHANGE_RECEIVED;
837: return NEED_MORE;
838: }
839:
840: /**
841: * Process client key exchange, using DHE exchange
842: */
843: static status_t process_key_exchange_dhe(private_tls_server_t *this,
844: bio_reader_t *reader)
845: {
846: chunk_t premaster, pub;
1.1.1.2 ! misho 847: diffie_hellman_group_t group;
1.1 misho 848: bool ec;
849:
850: this->crypto->append_handshake(this->crypto,
851: TLS_CLIENT_KEY_EXCHANGE, reader->peek(reader));
852:
1.1.1.2 ! misho 853: group = this->dh->get_dh_group(this->dh);
! 854: ec = diffie_hellman_group_is_ec(group);
1.1 misho 855: if ((ec && !reader->read_data8(reader, &pub)) ||
856: (!ec && (!reader->read_data16(reader, &pub) || pub.len == 0)))
857: {
858: DBG1(DBG_TLS, "received invalid Client Key Exchange");
859: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
860: return NEED_MORE;
861: }
862:
1.1.1.2 ! misho 863: if (ec &&
! 864: group != CURVE_25519 &&
! 865: group != CURVE_448)
1.1 misho 866: {
867: if (pub.ptr[0] != TLS_ANSI_UNCOMPRESSED)
868: {
869: DBG1(DBG_TLS, "DH point format '%N' not supported",
870: tls_ansi_point_format_names, pub.ptr[0]);
871: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
872: return NEED_MORE;
873: }
874: pub = chunk_skip(pub, 1);
875: }
876: if (!this->dh->set_other_public_value(this->dh, pub))
877: {
878: DBG1(DBG_TLS, "applying DH public value failed");
879: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
880: return NEED_MORE;
881: }
882: if (!this->dh->get_shared_secret(this->dh, &premaster))
883: {
884: DBG1(DBG_TLS, "calculating premaster from DH failed");
885: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
886: return NEED_MORE;
887: }
888:
889: if (!this->crypto->derive_secrets(this->crypto, premaster,
890: this->session, this->peer,
891: chunk_from_thing(this->client_random),
892: chunk_from_thing(this->server_random)))
893: {
894: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
895: chunk_clear(&premaster);
896: return NEED_MORE;
897: }
898: chunk_clear(&premaster);
899:
900: this->state = STATE_KEY_EXCHANGE_RECEIVED;
901: return NEED_MORE;
902: }
903:
904: /**
905: * Process Client Key Exchange
906: */
907: static status_t process_key_exchange(private_tls_server_t *this,
908: bio_reader_t *reader)
909: {
910: if (this->dh)
911: {
912: return process_key_exchange_dhe(this, reader);
913: }
914: return process_key_exchange_encrypted(this, reader);
915: }
916:
917: /**
918: * Process Certificate verify
919: */
920: static status_t process_cert_verify(private_tls_server_t *this,
921: bio_reader_t *reader)
922: {
923: public_key_t *public;
1.1.1.2 ! misho 924: chunk_t msg;
1.1 misho 925:
1.1.1.2 ! misho 926: public = tls_find_public_key(this->peer_auth);
! 927: if (!public)
1.1 misho 928: {
929: DBG1(DBG_TLS, "no trusted certificate found for '%Y' to verify TLS peer",
930: this->peer);
1.1.1.2 ! misho 931: this->alert->add(this->alert, TLS_FATAL, TLS_CERTIFICATE_UNKNOWN);
! 932: return NEED_MORE;
1.1 misho 933: }
1.1.1.2 ! misho 934:
! 935: msg = reader->peek(reader);
! 936: if (!this->crypto->verify_handshake(this->crypto, public, reader))
1.1 misho 937: {
1.1.1.2 ! misho 938: public->destroy(public);
! 939: DBG1(DBG_TLS, "signature verification failed");
! 940: this->alert->add(this->alert, TLS_FATAL, TLS_DECRYPT_ERROR);
! 941: return NEED_MORE;
1.1 misho 942: }
1.1.1.2 ! misho 943: public->destroy(public);
! 944: this->state = STATE_CERT_VERIFY_RECEIVED;
! 945: this->crypto->append_handshake(this->crypto, TLS_CERTIFICATE_VERIFY, msg);
1.1 misho 946: return NEED_MORE;
947: }
948:
949: /**
950: * Process finished message
951: */
952: static status_t process_finished(private_tls_server_t *this,
953: bio_reader_t *reader)
954: {
1.1.1.2 ! misho 955: chunk_t received, verify_data;
! 956: u_char buf[12];
1.1 misho 957:
1.1.1.2 ! misho 958: if (this->tls->get_version_max(this->tls) < TLS_1_3)
1.1 misho 959: {
1.1.1.2 ! misho 960: if (!reader->read_data(reader, sizeof(buf), &received))
! 961: {
! 962: DBG1(DBG_TLS, "received client finished too short");
! 963: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
! 964: return NEED_MORE;
! 965: }
! 966: if (!this->crypto->calculate_finished_legacy(this->crypto,
! 967: "client finished", buf))
! 968: {
! 969: DBG1(DBG_TLS, "calculating client finished failed");
! 970: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
! 971: return NEED_MORE;
! 972: }
! 973: verify_data = chunk_from_thing(buf);
1.1 misho 974: }
1.1.1.2 ! misho 975: else
1.1 misho 976: {
1.1.1.2 ! misho 977: received = reader->peek(reader);
! 978: if (!this->crypto->calculate_finished(this->crypto, FALSE, &verify_data))
! 979: {
! 980: DBG1(DBG_TLS, "calculating client finished failed");
! 981: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
! 982: return NEED_MORE;
! 983: }
! 984: this->crypto->change_cipher(this->crypto, TRUE);
1.1 misho 985: }
1.1.1.2 ! misho 986:
! 987: if (!chunk_equals_const(received, verify_data))
1.1 misho 988: {
989: DBG1(DBG_TLS, "received client finished invalid");
990: this->alert->add(this->alert, TLS_FATAL, TLS_DECRYPT_ERROR);
991: return NEED_MORE;
992: }
993:
1.1.1.2 ! misho 994: if (verify_data.ptr != buf)
! 995: {
! 996: chunk_free(&verify_data);
! 997: }
! 998:
1.1 misho 999: this->crypto->append_handshake(this->crypto, TLS_FINISHED, received);
1000: this->state = STATE_FINISHED_RECEIVED;
1001: return NEED_MORE;
1002: }
1003:
1.1.1.2 ! misho 1004: /**
! 1005: * Process KeyUpdate message
! 1006: */
! 1007: static status_t process_key_update(private_tls_server_t *this,
! 1008: bio_reader_t *reader)
! 1009: {
! 1010: uint8_t update_requested;
! 1011:
! 1012: if (!reader->read_uint8(reader, &update_requested) ||
! 1013: update_requested > 1)
! 1014: {
! 1015: DBG1(DBG_TLS, "received invalid KeyUpdate");
! 1016: this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
! 1017: return NEED_MORE;
! 1018: }
! 1019:
! 1020: if (!this->crypto->update_app_keys(this->crypto, TRUE))
! 1021: {
! 1022: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
! 1023: return NEED_MORE;
! 1024: }
! 1025: this->crypto->change_cipher(this->crypto, TRUE);
! 1026:
! 1027: if (update_requested)
! 1028: {
! 1029: DBG1(DBG_TLS, "client requested KeyUpdate");
! 1030: this->state = STATE_KEY_UPDATE_REQUESTED;
! 1031: }
! 1032: return NEED_MORE;
! 1033: }
! 1034:
1.1 misho 1035: METHOD(tls_handshake_t, process, status_t,
1036: private_tls_server_t *this, tls_handshake_type_t type, bio_reader_t *reader)
1037: {
1038: tls_handshake_type_t expected;
1039:
1.1.1.2 ! misho 1040: if (this->tls->get_version_max(this->tls) < TLS_1_3)
1.1 misho 1041: {
1.1.1.2 ! misho 1042: switch (this->state)
! 1043: {
! 1044: case STATE_INIT:
! 1045: if (type == TLS_CLIENT_HELLO)
! 1046: {
! 1047: return process_client_hello(this, reader);
! 1048: }
! 1049: expected = TLS_CLIENT_HELLO;
1.1 misho 1050: break;
1.1.1.2 ! misho 1051: case STATE_HELLO_DONE:
! 1052: if (type == TLS_CERTIFICATE)
! 1053: {
! 1054: return process_certificate(this, reader);
! 1055: }
! 1056: if (this->peer)
! 1057: {
! 1058: expected = TLS_CERTIFICATE;
! 1059: break;
! 1060: }
! 1061: /* otherwise fall through to next state */
! 1062: case STATE_CERT_RECEIVED:
! 1063: if (type == TLS_CLIENT_KEY_EXCHANGE)
! 1064: {
! 1065: return process_key_exchange(this, reader);
! 1066: }
! 1067: expected = TLS_CLIENT_KEY_EXCHANGE;
1.1 misho 1068: break;
1.1.1.2 ! misho 1069: case STATE_KEY_EXCHANGE_RECEIVED:
! 1070: if (type == TLS_CERTIFICATE_VERIFY)
! 1071: {
! 1072: return process_cert_verify(this, reader);
! 1073: }
! 1074: if (this->peer)
! 1075: {
! 1076: expected = TLS_CERTIFICATE_VERIFY;
! 1077: break;
! 1078: }
! 1079: return INVALID_STATE;
! 1080: case STATE_CIPHERSPEC_CHANGED_IN:
! 1081: if (type == TLS_FINISHED)
! 1082: {
! 1083: return process_finished(this, reader);
! 1084: }
! 1085: expected = TLS_FINISHED;
! 1086: break;
! 1087: default:
! 1088: DBG1(DBG_TLS, "TLS %N not expected in current state",
! 1089: tls_handshake_type_names, type);
! 1090: this->alert->add(this->alert, TLS_FATAL, TLS_UNEXPECTED_MESSAGE);
! 1091: return NEED_MORE;
! 1092: }
! 1093: }
! 1094: else
! 1095: {
! 1096: switch (this->state)
! 1097: {
! 1098: case STATE_INIT:
! 1099: if (type == TLS_CLIENT_HELLO)
! 1100: {
! 1101: return process_client_hello(this, reader);
! 1102: }
! 1103: expected = TLS_CLIENT_HELLO;
! 1104: break;
! 1105: case STATE_CIPHERSPEC_CHANGED_IN:
! 1106: case STATE_FINISHED_SENT:
! 1107: case STATE_FINISHED_SENT_KEY_SWITCHED:
! 1108: if (type == TLS_CERTIFICATE)
! 1109: {
! 1110: return process_certificate(this, reader);
! 1111: }
! 1112: if (this->peer)
! 1113: {
! 1114: expected = TLS_CERTIFICATE;
! 1115: break;
! 1116: }
! 1117: /* otherwise fall through to next state */
! 1118: case STATE_CERT_RECEIVED:
! 1119: if (type == TLS_CERTIFICATE_VERIFY)
! 1120: {
! 1121: return process_cert_verify(this, reader);
! 1122: }
! 1123: if (this->peer)
! 1124: {
! 1125: expected = TLS_CERTIFICATE_VERIFY;
! 1126: break;
! 1127: }
! 1128: /* otherwise fall through to next state */
! 1129: case STATE_CERT_VERIFY_RECEIVED:
! 1130: if (type == TLS_FINISHED)
! 1131: {
! 1132: return process_finished(this, reader);
! 1133: }
! 1134: return NEED_MORE;
! 1135: case STATE_FINISHED_RECEIVED:
! 1136: if (type == TLS_KEY_UPDATE)
! 1137: {
! 1138: return process_key_update(this, reader);
! 1139: }
! 1140: return INVALID_STATE;
! 1141: default:
! 1142: DBG1(DBG_TLS, "TLS %N not expected in current state",
! 1143: tls_handshake_type_names, type);
! 1144: this->alert->add(this->alert, TLS_FATAL, TLS_UNEXPECTED_MESSAGE);
! 1145: return NEED_MORE;
! 1146: }
1.1 misho 1147: }
1148: DBG1(DBG_TLS, "TLS %N expected, but received %N",
1149: tls_handshake_type_names, expected, tls_handshake_type_names, type);
1150: this->alert->add(this->alert, TLS_FATAL, TLS_UNEXPECTED_MESSAGE);
1151: return NEED_MORE;
1152: }
1153:
1154: /**
1.1.1.2 ! misho 1155: * Write public key into key share extension
! 1156: */
! 1157: bool tls_write_key_share(bio_writer_t **key_share, diffie_hellman_t *dh)
! 1158: {
! 1159: bio_writer_t *writer;
! 1160: tls_named_group_t curve;
! 1161: chunk_t pub;
! 1162:
! 1163: if (!dh)
! 1164: {
! 1165: return FALSE;
! 1166: }
! 1167: curve = tls_ec_group_to_curve(dh->get_dh_group(dh));
! 1168: if (!curve || !dh->get_my_public_value(dh, &pub))
! 1169: {
! 1170: return FALSE;
! 1171: }
! 1172: *key_share = writer = bio_writer_create(pub.len + 7);
! 1173: writer->write_uint16(writer, curve);
! 1174: if (curve == TLS_CURVE25519 ||
! 1175: curve == TLS_CURVE448)
! 1176: {
! 1177: writer->write_data16(writer, pub);
! 1178: }
! 1179: else
! 1180: { /* classic format (see RFC 8446, section 4.2.8.2) */
! 1181: writer->write_uint16(writer, pub.len + 1);
! 1182: writer->write_uint8(writer, TLS_ANSI_UNCOMPRESSED);
! 1183: writer->write_data(writer, pub);
! 1184: }
! 1185: free(pub.ptr);
! 1186: return TRUE;
! 1187: }
! 1188:
! 1189: /**
1.1 misho 1190: * Send ServerHello message
1191: */
1192: static status_t send_server_hello(private_tls_server_t *this,
1193: tls_handshake_type_t *type, bio_writer_t *writer)
1194: {
1.1.1.2 ! misho 1195: bio_writer_t *key_share, *extensions;
! 1196: tls_version_t version;
! 1197:
! 1198: version = this->tls->get_version_max(this->tls);
! 1199:
! 1200: /* cap legacy version at TLS 1.2 for middlebox compatibility */
! 1201: writer->write_uint16(writer, min(TLS_1_2, version));
! 1202:
! 1203: if (this->requested_curve)
! 1204: {
! 1205: writer->write_data(writer, tls_hello_retry_request_magic);
! 1206: }
! 1207: else
! 1208: {
! 1209: writer->write_data(writer, chunk_from_thing(this->server_random));
! 1210: }
1.1 misho 1211:
1212: /* session identifier if we have one */
1213: writer->write_data8(writer, this->session);
1214:
1215: /* add selected TLS cipher suite */
1216: writer->write_uint16(writer, this->suite);
1217:
1218: /* NULL compression only */
1219: writer->write_uint8(writer, 0);
1220:
1.1.1.2 ! misho 1221: if (version >= TLS_1_3)
! 1222: {
! 1223: extensions = bio_writer_create(32);
! 1224:
! 1225: DBG2(DBG_TLS, "sending extension: %N",
! 1226: tls_extension_names, TLS_EXT_SUPPORTED_VERSIONS);
! 1227: extensions->write_uint16(extensions, TLS_EXT_SUPPORTED_VERSIONS);
! 1228: extensions->write_uint16(extensions, 2);
! 1229: extensions->write_uint16(extensions, version);
! 1230:
! 1231: DBG2(DBG_TLS, "sending extension: %N",
! 1232: tls_extension_names, TLS_EXT_KEY_SHARE);
! 1233: extensions->write_uint16(extensions, TLS_EXT_KEY_SHARE);
! 1234: if (this->requested_curve)
! 1235: {
! 1236: DBG1(DBG_TLS, "requesting key exchange with %N",
! 1237: tls_named_group_names, this->requested_curve);
! 1238: extensions->write_uint16(extensions, 2);
! 1239: extensions->write_uint16(extensions, this->requested_curve);
! 1240: }
! 1241: else
! 1242: {
! 1243: if (!tls_write_key_share(&key_share, this->dh))
! 1244: {
! 1245: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
! 1246: extensions->destroy(extensions);
! 1247: return NEED_MORE;
! 1248: }
! 1249: extensions->write_data16(extensions, key_share->get_buf(key_share));
! 1250: key_share->destroy(key_share);
! 1251: }
! 1252:
! 1253: writer->write_data16(writer, extensions->get_buf(extensions));
! 1254: extensions->destroy(extensions);
! 1255: }
! 1256:
1.1 misho 1257: *type = TLS_SERVER_HELLO;
1.1.1.2 ! misho 1258: this->state = this->requested_curve ? STATE_INIT : STATE_HELLO_SENT;
! 1259: this->crypto->append_handshake(this->crypto, *type, writer->get_buf(writer));
! 1260: return NEED_MORE;
! 1261: }
! 1262:
! 1263: /**
! 1264: * Send encrypted extensions message
! 1265: */
! 1266: static status_t send_encrypted_extensions(private_tls_server_t *this,
! 1267: tls_handshake_type_t *type,
! 1268: bio_writer_t *writer)
! 1269: {
! 1270: chunk_t shared_secret = chunk_empty;
! 1271:
! 1272: if (!this->dh->get_shared_secret(this->dh, &shared_secret) ||
! 1273: !this->crypto->derive_handshake_keys(this->crypto, shared_secret))
! 1274: {
! 1275: DBG1(DBG_TLS, "DH key derivation failed");
! 1276: this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE);
! 1277: chunk_clear(&shared_secret);
! 1278: return NEED_MORE;
! 1279: }
! 1280: chunk_clear(&shared_secret);
! 1281:
! 1282: this->crypto->change_cipher(this->crypto, TRUE);
! 1283: this->crypto->change_cipher(this->crypto, FALSE);
! 1284:
! 1285: /* currently no extensions are supported */
! 1286: writer->write_uint16(writer, 0);
! 1287:
! 1288: *type = TLS_ENCRYPTED_EXTENSIONS;
! 1289: this->state = STATE_ENCRYPTED_EXTENSIONS_SENT;
1.1 misho 1290: this->crypto->append_handshake(this->crypto, *type, writer->get_buf(writer));
1291: return NEED_MORE;
1292: }
1293:
1294: /**
1295: * Send Certificate
1296: */
1297: static status_t send_certificate(private_tls_server_t *this,
1298: tls_handshake_type_t *type, bio_writer_t *writer)
1299: {
1300: enumerator_t *enumerator;
1301: certificate_t *cert;
1302: auth_rule_t rule;
1303: bio_writer_t *certs;
1304: chunk_t data;
1305:
1.1.1.2 ! misho 1306: /* certificate request context as described in RFC 8446, section 4.4.2 */
! 1307: if (this->tls->get_version_max(this->tls) > TLS_1_2)
! 1308: {
! 1309: writer->write_uint8(writer, 0);
! 1310: }
! 1311:
1.1 misho 1312: /* generate certificate payload */
1313: certs = bio_writer_create(256);
1314: cert = this->server_auth->get(this->server_auth, AUTH_RULE_SUBJECT_CERT);
1315: if (cert)
1316: {
1317: if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
1318: {
1319: DBG1(DBG_TLS, "sending TLS server certificate '%Y'",
1320: cert->get_subject(cert));
1321: certs->write_data24(certs, data);
1322: free(data.ptr);
1323: }
1.1.1.2 ! misho 1324: /* extensions see RFC 8446, section 4.4.2 */
! 1325: if (this->tls->get_version_max(this->tls) > TLS_1_2)
! 1326: {
! 1327: certs->write_uint16(certs, 0);
! 1328: }
1.1 misho 1329: }
1330: enumerator = this->server_auth->create_enumerator(this->server_auth);
1331: while (enumerator->enumerate(enumerator, &rule, &cert))
1332: {
1333: if (rule == AUTH_RULE_IM_CERT)
1334: {
1335: if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
1336: {
1337: DBG1(DBG_TLS, "sending TLS intermediate certificate '%Y'",
1338: cert->get_subject(cert));
1339: certs->write_data24(certs, data);
1340: free(data.ptr);
1341: }
1342: }
1343: }
1344: enumerator->destroy(enumerator);
1345:
1346: writer->write_data24(writer, certs->get_buf(certs));
1347: certs->destroy(certs);
1348:
1349: *type = TLS_CERTIFICATE;
1350: this->state = STATE_CERT_SENT;
1351: this->crypto->append_handshake(this->crypto, *type, writer->get_buf(writer));
1352: return NEED_MORE;
1353: }
1354:
1355: /**
1.1.1.2 ! misho 1356: * Send Certificate Verify
1.1 misho 1357: */
1.1.1.2 ! misho 1358: static status_t send_certificate_verify(private_tls_server_t *this,
! 1359: tls_handshake_type_t *type,
! 1360: bio_writer_t *writer)
1.1 misho 1361: {
1.1.1.2 ! misho 1362: if (!this->crypto->sign_handshake(this->crypto, this->private, writer,
! 1363: this->hashsig))
! 1364: {
! 1365: DBG1(DBG_TLS, "signature generation failed");
! 1366: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
! 1367: return NEED_MORE;
! 1368: }
! 1369:
! 1370: *type = TLS_CERTIFICATE_VERIFY;
! 1371: this->state = STATE_CERT_VERIFY_SENT;
! 1372: this->crypto->append_handshake(this->crypto, *type, writer->get_buf(writer));
! 1373: return NEED_MORE;
! 1374: }
! 1375:
! 1376: /*
! 1377: * Write all available certificate authorities to output writer
! 1378: */
! 1379: static void write_certificate_authorities(bio_writer_t *writer)
! 1380: {
! 1381: bio_writer_t *authorities;
1.1 misho 1382: enumerator_t *enumerator;
1383: certificate_t *cert;
1384: x509_t *x509;
1385: identification_t *id;
1386:
1387: authorities = bio_writer_create(64);
1.1.1.2 ! misho 1388: enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr, CERT_X509,
! 1389: KEY_RSA, NULL, TRUE);
1.1 misho 1390: while (enumerator->enumerate(enumerator, &cert))
1391: {
1392: x509 = (x509_t*)cert;
1393: if (x509->get_flags(x509) & X509_CA)
1394: {
1395: id = cert->get_subject(cert);
1396: DBG1(DBG_TLS, "sending TLS cert request for '%Y'", id);
1397: authorities->write_data16(authorities, id->get_encoding(id));
1398: }
1399: }
1400: enumerator->destroy(enumerator);
1401: writer->write_data16(writer, authorities->get_buf(authorities));
1402: authorities->destroy(authorities);
1403: }
1404:
1405: /**
1.1.1.2 ! misho 1406: * Send Certificate Request
1.1 misho 1407: */
1.1.1.2 ! misho 1408: static status_t send_certificate_request(private_tls_server_t *this,
! 1409: tls_handshake_type_t *type,
! 1410: bio_writer_t *writer)
1.1 misho 1411: {
1.1.1.2 ! misho 1412: bio_writer_t *authorities, *supported, *extensions;
1.1 misho 1413:
1.1.1.2 ! misho 1414: if (this->tls->get_version_max(this->tls) < TLS_1_3)
1.1 misho 1415: {
1.1.1.2 ! misho 1416: supported = bio_writer_create(4);
! 1417: /* we propose both RSA and ECDSA */
! 1418: supported->write_uint8(supported, TLS_RSA_SIGN);
! 1419: supported->write_uint8(supported, TLS_ECDSA_SIGN);
! 1420: writer->write_data8(writer, supported->get_buf(supported));
! 1421: supported->destroy(supported);
! 1422: if (this->tls->get_version_max(this->tls) >= TLS_1_2)
1.1 misho 1423: {
1.1.1.2 ! misho 1424: this->crypto->get_signature_algorithms(this->crypto, writer, TRUE);
1.1 misho 1425: }
1426:
1.1.1.2 ! misho 1427: if (this->send_certreq_authorities)
! 1428: {
! 1429: write_certificate_authorities(writer);
! 1430: }
! 1431: else
! 1432: {
! 1433: writer->write_data16(writer, chunk_empty);
! 1434: }
1.1 misho 1435: }
1.1.1.2 ! misho 1436: else
1.1 misho 1437: {
1.1.1.2 ! misho 1438: /* certificate request context as described in RFC 8446, section 4.3.2 */
! 1439: writer->write_uint8(writer, 0);
! 1440:
! 1441: extensions = bio_writer_create(32);
! 1442:
! 1443: if (this->send_certreq_authorities)
1.1 misho 1444: {
1.1.1.2 ! misho 1445: DBG2(DBG_TLS, "sending extension: %N",
! 1446: tls_extension_names, TLS_EXT_CERTIFICATE_AUTHORITIES);
! 1447: authorities = bio_writer_create(64);
! 1448: write_certificate_authorities(authorities);
! 1449: extensions->write_uint16(extensions, TLS_EXT_CERTIFICATE_AUTHORITIES);
! 1450: extensions->write_data16(extensions, authorities->get_buf(authorities));
! 1451: authorities->destroy(authorities);
! 1452: }
! 1453:
! 1454: DBG2(DBG_TLS, "sending extension: %N",
! 1455: tls_extension_names, TLS_EXT_SIGNATURE_ALGORITHMS);
! 1456: extensions->write_uint16(extensions, TLS_EXT_SIGNATURE_ALGORITHMS);
! 1457: supported = bio_writer_create(32);
! 1458: this->crypto->get_signature_algorithms(this->crypto, supported, TRUE);
! 1459: extensions->write_data16(extensions, supported->get_buf(supported));
! 1460: supported->destroy(supported);
! 1461: writer->write_data16(writer, extensions->get_buf(extensions));
! 1462: extensions->destroy(extensions);
1.1 misho 1463: }
1.1.1.2 ! misho 1464:
! 1465: *type = TLS_CERTIFICATE_REQUEST;
! 1466: this->state = STATE_CERTREQ_SENT;
! 1467: this->crypto->append_handshake(this->crypto, *type, writer->get_buf(writer));
! 1468: return NEED_MORE;
1.1 misho 1469: }
1470:
1471: /**
1472: * Try to find a curve supported by both, client and server
1473: */
1474: static bool find_supported_curve(private_tls_server_t *this,
1.1.1.2 ! misho 1475: tls_named_group_t *curve)
1.1 misho 1476: {
1.1.1.2 ! misho 1477: tls_named_group_t current;
1.1 misho 1478: enumerator_t *enumerator;
1479:
1480: enumerator = this->crypto->create_ec_enumerator(this->crypto);
1481: while (enumerator->enumerate(enumerator, NULL, ¤t))
1482: {
1483: if (peer_supports_curve(this, current))
1484: {
1485: *curve = current;
1486: enumerator->destroy(enumerator);
1487: return TRUE;
1488: }
1489: }
1490: enumerator->destroy(enumerator);
1491: return FALSE;
1492: }
1493:
1494: /**
1495: * Send Server key Exchange
1496: */
1497: static status_t send_server_key_exchange(private_tls_server_t *this,
1498: tls_handshake_type_t *type, bio_writer_t *writer,
1499: diffie_hellman_group_t group)
1500: {
1501: diffie_hellman_params_t *params = NULL;
1.1.1.2 ! misho 1502: tls_named_group_t curve;
1.1 misho 1503: chunk_t chunk;
1504:
1505: if (diffie_hellman_group_is_ec(group))
1506: {
1.1.1.2 ! misho 1507: curve = tls_ec_group_to_curve(group);
1.1 misho 1508: if (!curve || (!peer_supports_curve(this, curve) &&
1509: !find_supported_curve(this, &curve)))
1510: {
1511: DBG1(DBG_TLS, "no EC group supported by client and server");
1512: this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE);
1513: return NEED_MORE;
1514: }
1.1.1.2 ! misho 1515: DBG2(DBG_TLS, "selected ECDH group %N", tls_named_group_names, curve);
1.1 misho 1516: writer->write_uint8(writer, TLS_ECC_NAMED_CURVE);
1517: writer->write_uint16(writer, curve);
1518: }
1519: else
1520: {
1521: params = diffie_hellman_get_params(group);
1522: if (!params)
1523: {
1524: DBG1(DBG_TLS, "no parameters found for DH group %N",
1525: diffie_hellman_group_names, group);
1526: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
1527: return NEED_MORE;
1528: }
1529: DBG2(DBG_TLS, "selected DH group %N", diffie_hellman_group_names, group);
1530: writer->write_data16(writer, params->prime);
1531: writer->write_data16(writer, params->generator);
1532: }
1533: this->dh = lib->crypto->create_dh(lib->crypto, group);
1534: if (!this->dh)
1535: {
1536: DBG1(DBG_TLS, "DH group %N not supported",
1537: diffie_hellman_group_names, group);
1538: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
1539: return NEED_MORE;
1540: }
1541: if (!this->dh->get_my_public_value(this->dh, &chunk))
1542: {
1543: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
1544: return NEED_MORE;
1545: }
1546: if (params)
1547: {
1548: writer->write_data16(writer, chunk);
1549: }
1.1.1.2 ! misho 1550: else if (group != CURVE_25519 &&
! 1551: group != CURVE_448)
1.1 misho 1552: { /* ECP uses 8bit length header only, but a point format */
1553: writer->write_uint8(writer, chunk.len + 1);
1554: writer->write_uint8(writer, TLS_ANSI_UNCOMPRESSED);
1555: writer->write_data(writer, chunk);
1556: }
1.1.1.2 ! misho 1557: else
! 1558: { /* ECPoint uses an 8-bit length header only */
! 1559: writer->write_data8(writer, chunk);
! 1560: }
1.1 misho 1561: free(chunk.ptr);
1562:
1563: chunk = chunk_cat("ccc", chunk_from_thing(this->client_random),
1564: chunk_from_thing(this->server_random), writer->get_buf(writer));
1565: if (!this->private || !this->crypto->sign(this->crypto, this->private,
1566: writer, chunk, this->hashsig))
1567: {
1568: DBG1(DBG_TLS, "signing DH parameters failed");
1569: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
1570: free(chunk.ptr);
1571: return NEED_MORE;
1572: }
1573: free(chunk.ptr);
1574: *type = TLS_SERVER_KEY_EXCHANGE;
1575: this->state = STATE_KEY_EXCHANGE_SENT;
1576: this->crypto->append_handshake(this->crypto, *type, writer->get_buf(writer));
1577: return NEED_MORE;
1578: }
1579:
1580: /**
1581: * Send Hello Done
1582: */
1583: static status_t send_hello_done(private_tls_server_t *this,
1584: tls_handshake_type_t *type, bio_writer_t *writer)
1585: {
1586: *type = TLS_SERVER_HELLO_DONE;
1587: this->state = STATE_HELLO_DONE;
1588: this->crypto->append_handshake(this->crypto, *type, writer->get_buf(writer));
1589: return NEED_MORE;
1590: }
1591:
1592: /**
1593: * Send Finished
1594: */
1595: static status_t send_finished(private_tls_server_t *this,
1596: tls_handshake_type_t *type, bio_writer_t *writer)
1597: {
1.1.1.2 ! misho 1598: if (this->tls->get_version_max(this->tls) < TLS_1_3)
1.1 misho 1599: {
1.1.1.2 ! misho 1600: char buf[12];
! 1601:
! 1602: if (!this->crypto->calculate_finished_legacy(this->crypto,
! 1603: "server finished", buf))
! 1604: {
! 1605: DBG1(DBG_TLS, "calculating server finished data failed");
! 1606: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
! 1607: return FAILED;
! 1608: }
! 1609:
! 1610: writer->write_data(writer, chunk_from_thing(buf));
1.1 misho 1611: }
1.1.1.2 ! misho 1612: else
! 1613: {
! 1614: chunk_t verify_data;
! 1615:
! 1616: if (!this->crypto->calculate_finished(this->crypto, TRUE, &verify_data))
! 1617: {
! 1618: DBG1(DBG_TLS, "calculating server finished data failed");
! 1619: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
! 1620: return NEED_MORE;
! 1621: }
1.1 misho 1622:
1.1.1.2 ! misho 1623: writer->write_data(writer, verify_data);
! 1624: chunk_free(&verify_data);
! 1625: }
1.1 misho 1626:
1627: *type = TLS_FINISHED;
1628: this->state = STATE_FINISHED_SENT;
1629: this->crypto->append_handshake(this->crypto, *type, writer->get_buf(writer));
1630:
1631: return NEED_MORE;
1632: }
1633:
1.1.1.2 ! misho 1634: /**
! 1635: * Send KeyUpdate message
! 1636: */
! 1637: static status_t send_key_update(private_tls_server_t *this,
! 1638: tls_handshake_type_t *type, bio_writer_t *writer)
! 1639: {
! 1640: *type = TLS_KEY_UPDATE;
! 1641:
! 1642: /* we currently only send this as reply, so we never request an update */
! 1643: writer->write_uint8(writer, 0);
! 1644:
! 1645: this->state = STATE_KEY_UPDATE_SENT;
! 1646: return NEED_MORE;
! 1647: }
! 1648:
1.1 misho 1649: METHOD(tls_handshake_t, build, status_t,
1650: private_tls_server_t *this, tls_handshake_type_t *type, bio_writer_t *writer)
1651: {
1652: diffie_hellman_group_t group;
1653:
1.1.1.2 ! misho 1654: if (this->tls->get_version_max(this->tls) < TLS_1_3)
1.1 misho 1655: {
1.1.1.2 ! misho 1656: switch (this->state)
! 1657: {
! 1658: case STATE_HELLO_RECEIVED:
! 1659: return send_server_hello(this, type, writer);
! 1660: case STATE_HELLO_SENT:
! 1661: return send_certificate(this, type, writer);
! 1662: case STATE_CERT_SENT:
! 1663: group = this->crypto->get_dh_group(this->crypto);
! 1664: if (group)
! 1665: {
! 1666: return send_server_key_exchange(this, type, writer, group);
! 1667: }
! 1668: /* otherwise fall through to next state */
! 1669: case STATE_KEY_EXCHANGE_SENT:
! 1670: if (this->peer)
! 1671: {
! 1672: return send_certificate_request(this, type, writer);
! 1673: }
! 1674: /* otherwise fall through to next state */
! 1675: case STATE_CERTREQ_SENT:
! 1676: return send_hello_done(this, type, writer);
! 1677: case STATE_CIPHERSPEC_CHANGED_OUT:
! 1678: return send_finished(this, type, writer);
! 1679: case STATE_FINISHED_SENT:
! 1680: return INVALID_STATE;
! 1681: default:
! 1682: return INVALID_STATE;
! 1683: }
! 1684: }
! 1685: else
! 1686: {
! 1687: switch (this->state)
! 1688: {
! 1689: case STATE_HELLO_RECEIVED:
! 1690: return send_server_hello(this, type, writer);
! 1691: case STATE_HELLO_SENT:
! 1692: case STATE_CIPHERSPEC_CHANGED_OUT:
! 1693: return send_encrypted_extensions(this, type, writer);
! 1694: case STATE_ENCRYPTED_EXTENSIONS_SENT:
! 1695: if (this->peer)
! 1696: {
! 1697: return send_certificate_request(this, type, writer);
! 1698: }
! 1699: /* otherwise fall through to next state */
! 1700: case STATE_CERTREQ_SENT:
! 1701: return send_certificate(this, type, writer);
! 1702: case STATE_CERT_SENT:
! 1703: return send_certificate_verify(this, type, writer);
! 1704: case STATE_CERT_VERIFY_SENT:
! 1705: return send_finished(this, type, writer);
! 1706: case STATE_FINISHED_SENT:
! 1707: if (!this->crypto->derive_app_keys(this->crypto))
! 1708: {
! 1709: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
! 1710: return NEED_MORE;
! 1711: }
! 1712: /* inbound key switches after process client finished message */
! 1713: this->crypto->change_cipher(this->crypto, FALSE);
! 1714: this->state = STATE_FINISHED_SENT_KEY_SWITCHED;
! 1715: return INVALID_STATE;
! 1716: case STATE_KEY_UPDATE_REQUESTED:
! 1717: return send_key_update(this, type, writer);
! 1718: case STATE_KEY_UPDATE_SENT:
! 1719: if (!this->crypto->update_app_keys(this->crypto, FALSE))
! 1720: {
! 1721: this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
! 1722: return NEED_MORE;
! 1723: }
! 1724: this->crypto->change_cipher(this->crypto, FALSE);
! 1725: this->state = STATE_FINISHED_RECEIVED;
! 1726: default:
! 1727: return INVALID_STATE;
! 1728: }
1.1 misho 1729: }
1730: }
1731:
1732: METHOD(tls_handshake_t, cipherspec_changed, bool,
1733: private_tls_server_t *this, bool inbound)
1734: {
1.1.1.2 ! misho 1735: if (this->tls->get_version_max(this->tls) < TLS_1_3)
1.1 misho 1736: {
1.1.1.2 ! misho 1737: if (inbound)
1.1 misho 1738: {
1.1.1.2 ! misho 1739: if (this->resume)
! 1740: {
! 1741: return this->state == STATE_FINISHED_SENT;
! 1742: }
! 1743: if (this->peer)
! 1744: {
! 1745: return this->state == STATE_CERT_VERIFY_RECEIVED;
! 1746: }
! 1747: return this->state == STATE_KEY_EXCHANGE_RECEIVED;
1.1 misho 1748: }
1.1.1.2 ! misho 1749: else
1.1 misho 1750: {
1.1.1.2 ! misho 1751: if (this->resume)
! 1752: {
! 1753: return this->state == STATE_HELLO_SENT;
! 1754: }
! 1755: return this->state == STATE_FINISHED_RECEIVED;
1.1 misho 1756: }
1.1.1.2 ! misho 1757: return FALSE;
1.1 misho 1758: }
1759: else
1760: {
1.1.1.2 ! misho 1761: if (inbound)
! 1762: { /* accept ChangeCipherSpec after ServerFinish or HelloRetryRequest */
! 1763: return this->state == STATE_FINISHED_SENT ||
! 1764: this->state == STATE_FINISHED_SENT_KEY_SWITCHED ||
! 1765: retrying(this);
! 1766: }
! 1767: else
1.1 misho 1768: {
1769: return this->state == STATE_HELLO_SENT;
1770: }
1771: }
1772: }
1773:
1774: METHOD(tls_handshake_t, change_cipherspec, void,
1775: private_tls_server_t *this, bool inbound)
1776: {
1.1.1.2 ! misho 1777: if (this->tls->get_version_max(this->tls) < TLS_1_3)
! 1778: {
! 1779: this->crypto->change_cipher(this->crypto, inbound);
! 1780: }
! 1781:
! 1782: if (retrying(this))
! 1783: { /* client might send a ChangeCipherSpec after a HelloRetryRequest and
! 1784: * before a new ClientHello which should not cause any state changes */
! 1785: return;
! 1786: }
! 1787:
1.1 misho 1788: if (inbound)
1789: {
1790: this->state = STATE_CIPHERSPEC_CHANGED_IN;
1791: }
1792: else
1793: {
1794: this->state = STATE_CIPHERSPEC_CHANGED_OUT;
1795: }
1796: }
1797:
1798: METHOD(tls_handshake_t, finished, bool,
1799: private_tls_server_t *this)
1800: {
1.1.1.2 ! misho 1801: if (this->tls->get_version_max(this->tls) < TLS_1_3)
! 1802: {
! 1803: if (this->resume)
! 1804: {
! 1805: return this->state == STATE_FINISHED_RECEIVED;
! 1806: }
! 1807: return this->state == STATE_FINISHED_SENT;
! 1808: }
! 1809: else
1.1 misho 1810: {
1811: return this->state == STATE_FINISHED_RECEIVED;
1812: }
1813: }
1814:
1815: METHOD(tls_handshake_t, get_peer_id, identification_t*,
1816: private_tls_server_t *this)
1817: {
1818: return this->peer;
1819: }
1820:
1821: METHOD(tls_handshake_t, get_server_id, identification_t*,
1822: private_tls_server_t *this)
1823: {
1824: return this->server;
1825: }
1826:
1827: METHOD(tls_handshake_t, get_auth, auth_cfg_t*,
1828: private_tls_server_t *this)
1829: {
1830: return this->peer_auth;
1831: }
1832:
1833: METHOD(tls_handshake_t, destroy, void,
1834: private_tls_server_t *this)
1835: {
1836: DESTROY_IF(this->private);
1837: DESTROY_IF(this->dh);
1838: DESTROY_IF(this->peer);
1839: this->server->destroy(this->server);
1840: this->peer_auth->destroy(this->peer_auth);
1841: this->server_auth->destroy(this->server_auth);
1842: free(this->hashsig.ptr);
1843: free(this->curves.ptr);
1844: free(this->session.ptr);
1845: free(this);
1846: }
1847:
1848: /**
1849: * See header
1850: */
1851: tls_server_t *tls_server_create(tls_t *tls,
1852: tls_crypto_t *crypto, tls_alert_t *alert,
1853: identification_t *server, identification_t *peer)
1854: {
1855: private_tls_server_t *this;
1856:
1857: INIT(this,
1858: .public = {
1859: .handshake = {
1860: .process = _process,
1861: .build = _build,
1862: .cipherspec_changed = _cipherspec_changed,
1863: .change_cipherspec = _change_cipherspec,
1864: .finished = _finished,
1865: .get_peer_id = _get_peer_id,
1866: .get_server_id = _get_server_id,
1867: .get_auth = _get_auth,
1868: .destroy = _destroy,
1869: },
1870: },
1871: .tls = tls,
1872: .crypto = crypto,
1873: .alert = alert,
1874: .server = server->clone(server),
1875: .peer = peer ? peer->clone(peer) : NULL,
1876: .state = STATE_INIT,
1877: .peer_auth = auth_cfg_create(),
1878: .server_auth = auth_cfg_create(),
1.1.1.2 ! misho 1879: .send_certreq_authorities = lib->settings->get_bool(lib->settings,
! 1880: "%s.tls.send_certreq_authorities",
! 1881: TRUE, lib->ns),
1.1 misho 1882: );
1883:
1884: return &this->public;
1885: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tls_server.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtls