2 * TLS v1.0/v1.1/v1.2 server (RFC 2246, RFC 4346, RFC 5246)
3 * Copyright (c) 2006-2014, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/sha1.h"
13 #include "crypto/tls.h"
14 #include "tlsv1_common.h"
15 #include "tlsv1_record.h"
16 #include "tlsv1_server.h"
17 #include "tlsv1_server_i.h"
20 * Support for a message fragmented across several records (RFC 2246, 6.2.1)
24 void tlsv1_server_log(struct tlsv1_server
*conn
, const char *fmt
, ...)
31 buflen
= vsnprintf(NULL
, 0, fmt
, ap
) + 1;
34 buf
= os_malloc(buflen
);
38 vsnprintf(buf
, buflen
, fmt
, ap
);
41 wpa_printf(MSG_DEBUG
, "TLSv1: %s", buf
);
43 conn
->log_cb(conn
->log_cb_ctx
, buf
);
49 void tlsv1_server_alert(struct tlsv1_server
*conn
, u8 level
, u8 description
)
51 conn
->alert_level
= level
;
52 conn
->alert_description
= description
;
56 int tlsv1_server_derive_keys(struct tlsv1_server
*conn
,
57 const u8
*pre_master_secret
,
58 size_t pre_master_secret_len
)
60 u8 seed
[2 * TLS_RANDOM_LEN
];
61 u8 key_block
[TLS_MAX_KEY_BLOCK_LEN
];
65 if (pre_master_secret
) {
66 wpa_hexdump_key(MSG_MSGDUMP
, "TLSv1: pre_master_secret",
67 pre_master_secret
, pre_master_secret_len
);
68 os_memcpy(seed
, conn
->client_random
, TLS_RANDOM_LEN
);
69 os_memcpy(seed
+ TLS_RANDOM_LEN
, conn
->server_random
,
71 if (tls_prf(conn
->rl
.tls_version
,
72 pre_master_secret
, pre_master_secret_len
,
73 "master secret", seed
, 2 * TLS_RANDOM_LEN
,
74 conn
->master_secret
, TLS_MASTER_SECRET_LEN
)) {
75 wpa_printf(MSG_DEBUG
, "TLSv1: Failed to derive "
79 wpa_hexdump_key(MSG_MSGDUMP
, "TLSv1: master_secret",
80 conn
->master_secret
, TLS_MASTER_SECRET_LEN
);
83 os_memcpy(seed
, conn
->server_random
, TLS_RANDOM_LEN
);
84 os_memcpy(seed
+ TLS_RANDOM_LEN
, conn
->client_random
, TLS_RANDOM_LEN
);
85 key_block_len
= 2 * (conn
->rl
.hash_size
+ conn
->rl
.key_material_len
+
87 if (tls_prf(conn
->rl
.tls_version
,
88 conn
->master_secret
, TLS_MASTER_SECRET_LEN
,
89 "key expansion", seed
, 2 * TLS_RANDOM_LEN
,
90 key_block
, key_block_len
)) {
91 wpa_printf(MSG_DEBUG
, "TLSv1: Failed to derive key_block");
94 wpa_hexdump_key(MSG_MSGDUMP
, "TLSv1: key_block",
95 key_block
, key_block_len
);
99 /* client_write_MAC_secret */
100 os_memcpy(conn
->rl
.read_mac_secret
, pos
, conn
->rl
.hash_size
);
101 pos
+= conn
->rl
.hash_size
;
102 /* server_write_MAC_secret */
103 os_memcpy(conn
->rl
.write_mac_secret
, pos
, conn
->rl
.hash_size
);
104 pos
+= conn
->rl
.hash_size
;
106 /* client_write_key */
107 os_memcpy(conn
->rl
.read_key
, pos
, conn
->rl
.key_material_len
);
108 pos
+= conn
->rl
.key_material_len
;
109 /* server_write_key */
110 os_memcpy(conn
->rl
.write_key
, pos
, conn
->rl
.key_material_len
);
111 pos
+= conn
->rl
.key_material_len
;
113 /* client_write_IV */
114 os_memcpy(conn
->rl
.read_iv
, pos
, conn
->rl
.iv_size
);
115 pos
+= conn
->rl
.iv_size
;
116 /* server_write_IV */
117 os_memcpy(conn
->rl
.write_iv
, pos
, conn
->rl
.iv_size
);
118 pos
+= conn
->rl
.iv_size
;
125 * tlsv1_server_handshake - Process TLS handshake
126 * @conn: TLSv1 server connection data from tlsv1_server_init()
127 * @in_data: Input data from TLS peer
128 * @in_len: Input data length
129 * @out_len: Length of the output buffer.
130 * Returns: Pointer to output data, %NULL on failure
132 u8
* tlsv1_server_handshake(struct tlsv1_server
*conn
,
133 const u8
*in_data
, size_t in_len
,
137 u8
*msg
= NULL
, *in_msg
, *in_pos
, *in_end
, alert
, ct
;
141 if (in_data
== NULL
|| in_len
== 0) {
142 wpa_printf(MSG_DEBUG
, "TLSv1: No input data to server");
147 end
= in_data
+ in_len
;
148 in_msg
= os_malloc(in_len
);
152 /* Each received packet may include multiple records */
155 used
= tlsv1_record_receive(&conn
->rl
, pos
, end
- pos
,
156 in_msg
, &in_msg_len
, &alert
);
158 wpa_printf(MSG_DEBUG
, "TLSv1: Processing received "
160 tlsv1_server_alert(conn
, TLS_ALERT_LEVEL_FATAL
, alert
);
165 wpa_printf(MSG_DEBUG
, "TLSv1: Partial processing not "
167 tlsv1_server_alert(conn
, TLS_ALERT_LEVEL_FATAL
, alert
);
173 in_end
= in_msg
+ in_msg_len
;
175 /* Each received record may include multiple messages of the
176 * same ContentType. */
177 while (in_pos
< in_end
) {
178 in_msg_len
= in_end
- in_pos
;
179 if (tlsv1_server_process_handshake(conn
, ct
, in_pos
,
182 in_pos
+= in_msg_len
;
191 msg
= tlsv1_server_handshake_write(conn
, out_len
);
195 if (conn
->alert_level
) {
196 if (conn
->state
== FAILED
) {
197 /* Avoid alert loops */
198 wpa_printf(MSG_DEBUG
, "TLSv1: Drop alert loop");
202 conn
->state
= FAILED
;
204 msg
= tlsv1_server_send_alert(conn
, conn
->alert_level
,
205 conn
->alert_description
,
214 * tlsv1_server_encrypt - Encrypt data into TLS tunnel
215 * @conn: TLSv1 server connection data from tlsv1_server_init()
216 * @in_data: Pointer to plaintext data to be encrypted
217 * @in_len: Input buffer length
218 * @out_data: Pointer to output buffer (encrypted TLS data)
219 * @out_len: Maximum out_data length
220 * Returns: Number of bytes written to out_data, -1 on failure
222 * This function is used after TLS handshake has been completed successfully to
223 * send data in the encrypted tunnel.
225 int tlsv1_server_encrypt(struct tlsv1_server
*conn
,
226 const u8
*in_data
, size_t in_len
,
227 u8
*out_data
, size_t out_len
)
231 wpa_hexdump_key(MSG_MSGDUMP
, "TLSv1: Plaintext AppData",
234 if (tlsv1_record_send(&conn
->rl
, TLS_CONTENT_TYPE_APPLICATION_DATA
,
235 out_data
, out_len
, in_data
, in_len
, &rlen
) < 0) {
236 wpa_printf(MSG_DEBUG
, "TLSv1: Failed to create a record");
237 tlsv1_server_alert(conn
, TLS_ALERT_LEVEL_FATAL
,
238 TLS_ALERT_INTERNAL_ERROR
);
247 * tlsv1_server_decrypt - Decrypt data from TLS tunnel
248 * @conn: TLSv1 server connection data from tlsv1_server_init()
249 * @in_data: Pointer to input buffer (encrypted TLS data)
250 * @in_len: Input buffer length
251 * @out_data: Pointer to output buffer (decrypted data from TLS tunnel)
252 * @out_len: Maximum out_data length
253 * Returns: Number of bytes written to out_data, -1 on failure
255 * This function is used after TLS handshake has been completed successfully to
256 * receive data from the encrypted tunnel.
258 int tlsv1_server_decrypt(struct tlsv1_server
*conn
,
259 const u8
*in_data
, size_t in_len
,
260 u8
*out_data
, size_t out_len
)
262 const u8
*in_end
, *pos
;
264 u8 alert
, *out_end
, *out_pos
, ct
;
268 in_end
= in_data
+ in_len
;
270 out_end
= out_data
+ out_len
;
272 while (pos
< in_end
) {
274 olen
= out_end
- out_pos
;
275 used
= tlsv1_record_receive(&conn
->rl
, pos
, in_end
- pos
,
276 out_pos
, &olen
, &alert
);
278 tlsv1_server_log(conn
, "Record layer processing failed");
279 tlsv1_server_alert(conn
, TLS_ALERT_LEVEL_FATAL
, alert
);
284 wpa_printf(MSG_DEBUG
, "TLSv1: Partial processing not "
286 tlsv1_server_alert(conn
, TLS_ALERT_LEVEL_FATAL
, alert
);
290 if (ct
== TLS_CONTENT_TYPE_ALERT
) {
292 tlsv1_server_log(conn
, "Alert underflow");
293 tlsv1_server_alert(conn
, TLS_ALERT_LEVEL_FATAL
,
294 TLS_ALERT_DECODE_ERROR
);
297 tlsv1_server_log(conn
, "Received alert %d:%d",
298 out_pos
[0], out_pos
[1]);
299 if (out_pos
[0] == TLS_ALERT_LEVEL_WARNING
) {
300 /* Continue processing */
305 tlsv1_server_alert(conn
, TLS_ALERT_LEVEL_FATAL
,
310 if (ct
!= TLS_CONTENT_TYPE_APPLICATION_DATA
) {
311 tlsv1_server_log(conn
, "Unexpected content type 0x%x",
313 tlsv1_server_alert(conn
, TLS_ALERT_LEVEL_FATAL
,
314 TLS_ALERT_UNEXPECTED_MESSAGE
);
318 #ifdef CONFIG_TESTING_OPTIONS
319 if ((conn
->test_flags
&
320 (TLS_BREAK_VERIFY_DATA
| TLS_BREAK_SRV_KEY_X_HASH
|
321 TLS_BREAK_SRV_KEY_X_SIGNATURE
)) &&
322 !conn
->test_failure_reported
) {
323 tlsv1_server_log(conn
, "TEST-FAILURE: Client ApplData received after invalid handshake");
324 conn
->test_failure_reported
= 1;
326 #endif /* CONFIG_TESTING_OPTIONS */
329 if (out_pos
> out_end
) {
330 wpa_printf(MSG_DEBUG
, "TLSv1: Buffer not large enough "
331 "for processing the received record");
332 tlsv1_server_alert(conn
, TLS_ALERT_LEVEL_FATAL
,
333 TLS_ALERT_INTERNAL_ERROR
);
340 return out_pos
- out_data
;
345 * tlsv1_server_global_init - Initialize TLSv1 server
346 * Returns: 0 on success, -1 on failure
348 * This function must be called before using any other TLSv1 server functions.
350 int tlsv1_server_global_init(void)
352 return crypto_global_init();
357 * tlsv1_server_global_deinit - Deinitialize TLSv1 server
359 * This function can be used to deinitialize the TLSv1 server that was
360 * initialized by calling tlsv1_server_global_init(). No TLSv1 server functions
361 * can be called after this before calling tlsv1_server_global_init() again.
363 void tlsv1_server_global_deinit(void)
365 crypto_global_deinit();
370 * tlsv1_server_init - Initialize TLSv1 server connection
371 * @cred: Pointer to server credentials from tlsv1_server_cred_alloc()
372 * Returns: Pointer to TLSv1 server connection data or %NULL on failure
374 struct tlsv1_server
* tlsv1_server_init(struct tlsv1_credentials
*cred
)
376 struct tlsv1_server
*conn
;
380 conn
= os_zalloc(sizeof(*conn
));
386 conn
->state
= CLIENT_HELLO
;
388 if (tls_verify_hash_init(&conn
->verify
) < 0) {
389 wpa_printf(MSG_DEBUG
, "TLSv1: Failed to initialize verify "
396 suites
= conn
->cipher_suites
;
397 suites
[count
++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
;
398 suites
[count
++] = TLS_RSA_WITH_AES_256_CBC_SHA256
;
399 suites
[count
++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA
;
400 suites
[count
++] = TLS_RSA_WITH_AES_256_CBC_SHA
;
401 suites
[count
++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
;
402 suites
[count
++] = TLS_RSA_WITH_AES_128_CBC_SHA256
;
403 suites
[count
++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA
;
404 suites
[count
++] = TLS_RSA_WITH_AES_128_CBC_SHA
;
405 suites
[count
++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
;
406 suites
[count
++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA
;
407 suites
[count
++] = TLS_RSA_WITH_RC4_128_SHA
;
408 suites
[count
++] = TLS_RSA_WITH_RC4_128_MD5
;
409 conn
->num_cipher_suites
= count
;
415 static void tlsv1_server_clear_data(struct tlsv1_server
*conn
)
417 tlsv1_record_set_cipher_suite(&conn
->rl
, TLS_NULL_WITH_NULL_NULL
);
418 tlsv1_record_change_write_cipher(&conn
->rl
);
419 tlsv1_record_change_read_cipher(&conn
->rl
);
420 tls_verify_hash_free(&conn
->verify
);
422 crypto_public_key_free(conn
->client_rsa_key
);
423 conn
->client_rsa_key
= NULL
;
425 os_free(conn
->session_ticket
);
426 conn
->session_ticket
= NULL
;
427 conn
->session_ticket_len
= 0;
428 conn
->use_session_ticket
= 0;
430 os_free(conn
->dh_secret
);
431 conn
->dh_secret
= NULL
;
432 conn
->dh_secret_len
= 0;
437 * tlsv1_server_deinit - Deinitialize TLSv1 server connection
438 * @conn: TLSv1 server connection data from tlsv1_server_init()
440 void tlsv1_server_deinit(struct tlsv1_server
*conn
)
442 tlsv1_server_clear_data(conn
);
448 * tlsv1_server_established - Check whether connection has been established
449 * @conn: TLSv1 server connection data from tlsv1_server_init()
450 * Returns: 1 if connection is established, 0 if not
452 int tlsv1_server_established(struct tlsv1_server
*conn
)
454 return conn
->state
== ESTABLISHED
;
459 * tlsv1_server_prf - Use TLS-PRF to derive keying material
460 * @conn: TLSv1 server connection data from tlsv1_server_init()
461 * @label: Label (e.g., description of the key) for PRF
462 * @server_random_first: seed is 0 = client_random|server_random,
463 * 1 = server_random|client_random
464 * @out: Buffer for output data from TLS-PRF
465 * @out_len: Length of the output buffer
466 * Returns: 0 on success, -1 on failure
468 int tlsv1_server_prf(struct tlsv1_server
*conn
, const char *label
,
469 int server_random_first
, u8
*out
, size_t out_len
)
471 u8 seed
[2 * TLS_RANDOM_LEN
];
473 if (conn
->state
!= ESTABLISHED
)
476 if (server_random_first
) {
477 os_memcpy(seed
, conn
->server_random
, TLS_RANDOM_LEN
);
478 os_memcpy(seed
+ TLS_RANDOM_LEN
, conn
->client_random
,
481 os_memcpy(seed
, conn
->client_random
, TLS_RANDOM_LEN
);
482 os_memcpy(seed
+ TLS_RANDOM_LEN
, conn
->server_random
,
486 return tls_prf(conn
->rl
.tls_version
,
487 conn
->master_secret
, TLS_MASTER_SECRET_LEN
,
488 label
, seed
, 2 * TLS_RANDOM_LEN
, out
, out_len
);
493 * tlsv1_server_get_cipher - Get current cipher name
494 * @conn: TLSv1 server connection data from tlsv1_server_init()
495 * @buf: Buffer for the cipher name
497 * Returns: 0 on success, -1 on failure
499 * Get the name of the currently used cipher.
501 int tlsv1_server_get_cipher(struct tlsv1_server
*conn
, char *buf
,
506 switch (conn
->rl
.cipher_suite
) {
507 case TLS_RSA_WITH_RC4_128_MD5
:
510 case TLS_RSA_WITH_RC4_128_SHA
:
513 case TLS_RSA_WITH_DES_CBC_SHA
:
514 cipher
= "DES-CBC-SHA";
516 case TLS_RSA_WITH_3DES_EDE_CBC_SHA
:
517 cipher
= "DES-CBC3-SHA";
519 case TLS_DHE_RSA_WITH_DES_CBC_SHA
:
520 cipher
= "DHE-RSA-DES-CBC-SHA";
522 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
:
523 cipher
= "DHE-RSA-DES-CBC3-SHA";
525 case TLS_DH_anon_WITH_RC4_128_MD5
:
526 cipher
= "ADH-RC4-MD5";
528 case TLS_DH_anon_WITH_DES_CBC_SHA
:
529 cipher
= "ADH-DES-SHA";
531 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
:
532 cipher
= "ADH-DES-CBC3-SHA";
534 case TLS_RSA_WITH_AES_128_CBC_SHA
:
535 cipher
= "AES-128-SHA";
537 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA
:
538 cipher
= "DHE-RSA-AES-128-SHA";
540 case TLS_DH_anon_WITH_AES_128_CBC_SHA
:
541 cipher
= "ADH-AES-128-SHA";
543 case TLS_RSA_WITH_AES_256_CBC_SHA
:
544 cipher
= "AES-256-SHA";
546 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA
:
547 cipher
= "DHE-RSA-AES-256-SHA";
549 case TLS_DH_anon_WITH_AES_256_CBC_SHA
:
550 cipher
= "ADH-AES-256-SHA";
552 case TLS_RSA_WITH_AES_128_CBC_SHA256
:
553 cipher
= "AES-128-SHA256";
555 case TLS_RSA_WITH_AES_256_CBC_SHA256
:
556 cipher
= "AES-256-SHA256";
558 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
:
559 cipher
= "DHE-RSA-AES-128-SHA256";
561 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
:
562 cipher
= "DHE-RSA-AES-256-SHA256";
564 case TLS_DH_anon_WITH_AES_128_CBC_SHA256
:
565 cipher
= "ADH-AES-128-SHA256";
567 case TLS_DH_anon_WITH_AES_256_CBC_SHA256
:
568 cipher
= "ADH-AES-256-SHA256";
574 if (os_strlcpy(buf
, cipher
, buflen
) >= buflen
)
581 * tlsv1_server_shutdown - Shutdown TLS connection
582 * @conn: TLSv1 server connection data from tlsv1_server_init()
583 * Returns: 0 on success, -1 on failure
585 int tlsv1_server_shutdown(struct tlsv1_server
*conn
)
587 conn
->state
= CLIENT_HELLO
;
589 if (tls_verify_hash_init(&conn
->verify
) < 0) {
590 wpa_printf(MSG_DEBUG
, "TLSv1: Failed to re-initialize verify "
595 tlsv1_server_clear_data(conn
);
602 * tlsv1_server_resumed - Was session resumption used
603 * @conn: TLSv1 server connection data from tlsv1_server_init()
604 * Returns: 1 if current session used session resumption, 0 if not
606 int tlsv1_server_resumed(struct tlsv1_server
*conn
)
613 * tlsv1_server_get_random - Get random data from TLS connection
614 * @conn: TLSv1 server connection data from tlsv1_server_init()
615 * @keys: Structure of random data (filled on success)
616 * Returns: 0 on success, -1 on failure
618 int tlsv1_server_get_random(struct tlsv1_server
*conn
, struct tls_random
*keys
)
620 os_memset(keys
, 0, sizeof(*keys
));
621 if (conn
->state
== CLIENT_HELLO
)
624 keys
->client_random
= conn
->client_random
;
625 keys
->client_random_len
= TLS_RANDOM_LEN
;
627 if (conn
->state
!= SERVER_HELLO
) {
628 keys
->server_random
= conn
->server_random
;
629 keys
->server_random_len
= TLS_RANDOM_LEN
;
637 * tlsv1_server_get_keyblock_size - Get TLS key_block size
638 * @conn: TLSv1 server connection data from tlsv1_server_init()
639 * Returns: Size of the key_block for the negotiated cipher suite or -1 on
642 int tlsv1_server_get_keyblock_size(struct tlsv1_server
*conn
)
644 if (conn
->state
== CLIENT_HELLO
|| conn
->state
== SERVER_HELLO
)
647 return 2 * (conn
->rl
.hash_size
+ conn
->rl
.key_material_len
+
653 * tlsv1_server_set_cipher_list - Configure acceptable cipher suites
654 * @conn: TLSv1 server connection data from tlsv1_server_init()
655 * @ciphers: Zero (TLS_CIPHER_NONE) terminated list of allowed ciphers
657 * Returns: 0 on success, -1 on failure
659 int tlsv1_server_set_cipher_list(struct tlsv1_server
*conn
, u8
*ciphers
)
664 /* TODO: implement proper configuration of cipher suites */
665 if (ciphers
[0] == TLS_CIPHER_ANON_DH_AES128_SHA
) {
667 suites
= conn
->cipher_suites
;
668 suites
[count
++] = TLS_RSA_WITH_AES_256_CBC_SHA
;
669 suites
[count
++] = TLS_RSA_WITH_AES_128_CBC_SHA
;
670 suites
[count
++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA
;
671 suites
[count
++] = TLS_RSA_WITH_RC4_128_SHA
;
672 suites
[count
++] = TLS_RSA_WITH_RC4_128_MD5
;
673 suites
[count
++] = TLS_DH_anon_WITH_AES_256_CBC_SHA
;
674 suites
[count
++] = TLS_DH_anon_WITH_AES_128_CBC_SHA
;
675 suites
[count
++] = TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
;
676 suites
[count
++] = TLS_DH_anon_WITH_RC4_128_MD5
;
677 suites
[count
++] = TLS_DH_anon_WITH_DES_CBC_SHA
;
678 conn
->num_cipher_suites
= count
;
685 int tlsv1_server_set_verify(struct tlsv1_server
*conn
, int verify_peer
)
687 conn
->verify_peer
= verify_peer
;
692 void tlsv1_server_set_session_ticket_cb(struct tlsv1_server
*conn
,
693 tlsv1_server_session_ticket_cb cb
,
696 wpa_printf(MSG_DEBUG
, "TLSv1: SessionTicket callback set %p (ctx %p)",
698 conn
->session_ticket_cb
= cb
;
699 conn
->session_ticket_cb_ctx
= ctx
;
703 void tlsv1_server_set_log_cb(struct tlsv1_server
*conn
,
704 void (*cb
)(void *ctx
, const char *msg
), void *ctx
)
707 conn
->log_cb_ctx
= ctx
;
711 #ifdef CONFIG_TESTING_OPTIONS
712 void tlsv1_server_set_test_flags(struct tlsv1_server
*conn
, u32 flags
)
714 conn
->test_flags
= flags
;
718 static const u8 test_tls_prime15
[1] = {
722 static const u8 test_tls_prime511b
[64] = {
723 0x50, 0xfb, 0xf1, 0xae, 0x01, 0xf1, 0xfe, 0xe6,
724 0xe1, 0xae, 0xdc, 0x1e, 0xbe, 0xfb, 0x9e, 0x58,
725 0x9a, 0xd7, 0x54, 0x9d, 0x6b, 0xb3, 0x78, 0xe2,
726 0x39, 0x7f, 0x30, 0x01, 0x25, 0xa1, 0xf9, 0x7c,
727 0x55, 0x0e, 0xa1, 0x15, 0xcc, 0x36, 0x34, 0xbb,
728 0x6c, 0x8b, 0x64, 0x45, 0x15, 0x7f, 0xd3, 0xe7,
729 0x31, 0xc8, 0x8e, 0x56, 0x8e, 0x95, 0xdc, 0xea,
730 0x9e, 0xdf, 0xf7, 0x56, 0xdd, 0xb0, 0x34, 0xdb
733 static const u8 test_tls_prime767b
[96] = {
734 0x4c, 0xdc, 0xb8, 0x21, 0x20, 0x9d, 0xe8, 0xa3,
735 0x53, 0xd9, 0x1c, 0x18, 0xc1, 0x3a, 0x58, 0x67,
736 0xa7, 0x85, 0xf9, 0x28, 0x9b, 0xce, 0xc0, 0xd1,
737 0x05, 0x84, 0x61, 0x97, 0xb2, 0x86, 0x1c, 0xd0,
738 0xd1, 0x96, 0x23, 0x29, 0x8c, 0xc5, 0x30, 0x68,
739 0x3e, 0xf9, 0x05, 0xba, 0x60, 0xeb, 0xdb, 0xee,
740 0x2d, 0xdf, 0x84, 0x65, 0x49, 0x87, 0x90, 0x2a,
741 0xc9, 0x8e, 0x34, 0x63, 0x6d, 0x9a, 0x2d, 0x32,
742 0x1c, 0x46, 0xd5, 0x4e, 0x20, 0x20, 0x90, 0xac,
743 0xd5, 0x48, 0x79, 0x99, 0x0c, 0xe6, 0xed, 0xbf,
744 0x79, 0xc2, 0x47, 0x50, 0x95, 0x38, 0x38, 0xbc,
745 0xde, 0xb0, 0xd2, 0xe8, 0x97, 0xcb, 0x22, 0xbb
748 static const u8 test_tls_prime58
[128] = {
749 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
750 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
751 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
752 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
753 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
754 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
755 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
756 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
757 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
758 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
759 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
760 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
761 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
762 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
763 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
764 0x03, 0xc1, 0xba, 0xc8, 0x25, 0xbe, 0x2d, 0xf3
767 static const u8 test_tls_non_prime
[] = {
769 * This is not a prime and the value has the following factors:
770 * 13736783488716579923 * 16254860191773456563 * 18229434976173670763 *
771 * 11112313018289079419 * 10260802278580253339 * 12394009491575311499 *
772 * 12419059668711064739 * 14317973192687985827 * 10498605410533203179 *
773 * 16338688760390249003 * 11128963991123878883 * 12990532258280301419 *
776 0x0C, 0x8C, 0x36, 0x9C, 0x6F, 0x71, 0x2E, 0xA7,
777 0xAB, 0x32, 0xD3, 0x0F, 0x68, 0x3D, 0xB2, 0x6D,
778 0x81, 0xDD, 0xC4, 0x84, 0x0D, 0x9C, 0x6E, 0x36,
779 0x29, 0x70, 0xF3, 0x1E, 0x9A, 0x42, 0x0B, 0x67,
780 0x82, 0x6B, 0xB1, 0xF2, 0xAF, 0x55, 0x28, 0xE7,
781 0xDB, 0x67, 0x6C, 0xF7, 0x6B, 0xAC, 0xAC, 0xE5,
782 0xF7, 0x9F, 0xD4, 0x63, 0x55, 0x70, 0x32, 0x7C,
783 0x70, 0xFB, 0xAF, 0xB8, 0xEB, 0x37, 0xCF, 0x3F,
784 0xFE, 0x94, 0x73, 0xF9, 0x7A, 0xC7, 0x12, 0x2E,
785 0x9B, 0xB4, 0x7D, 0x08, 0x60, 0x83, 0x43, 0x52,
786 0x83, 0x1E, 0xA5, 0xFC, 0xFA, 0x87, 0x12, 0xF4,
787 0x64, 0xE2, 0xCE, 0x71, 0x17, 0x72, 0xB6, 0xAB
790 #endif /* CONFIG_TESTING_OPTIONS */
793 void tlsv1_server_get_dh_p(struct tlsv1_server
*conn
, const u8
**dh_p
,
796 *dh_p
= conn
->cred
->dh_p
;
797 *dh_p_len
= conn
->cred
->dh_p_len
;
799 #ifdef CONFIG_TESTING_OPTIONS
800 if (conn
->test_flags
& TLS_DHE_PRIME_511B
) {
801 tlsv1_server_log(conn
, "TESTING: Use short 511-bit prime with DHE");
802 *dh_p
= test_tls_prime511b
;
803 *dh_p_len
= sizeof(test_tls_prime511b
);
804 } else if (conn
->test_flags
& TLS_DHE_PRIME_767B
) {
805 tlsv1_server_log(conn
, "TESTING: Use short 767-bit prime with DHE");
806 *dh_p
= test_tls_prime767b
;
807 *dh_p_len
= sizeof(test_tls_prime767b
);
808 } else if (conn
->test_flags
& TLS_DHE_PRIME_15
) {
809 tlsv1_server_log(conn
, "TESTING: Use bogus 15 \"prime\" with DHE");
810 *dh_p
= test_tls_prime15
;
811 *dh_p_len
= sizeof(test_tls_prime15
);
812 } else if (conn
->test_flags
& TLS_DHE_PRIME_58B
) {
813 tlsv1_server_log(conn
, "TESTING: Use short 58-bit prime in long container with DHE");
814 *dh_p
= test_tls_prime58
;
815 *dh_p_len
= sizeof(test_tls_prime58
);
816 } else if (conn
->test_flags
& TLS_DHE_NON_PRIME
) {
817 tlsv1_server_log(conn
, "TESTING: Use claim non-prime as the DHE prime");
818 *dh_p
= test_tls_non_prime
;
819 *dh_p_len
= sizeof(test_tls_non_prime
);
821 #endif /* CONFIG_TESTING_OPTIONS */