#define EINFO_EPERM_CLIENT_CERT \
__einfo_uniqify ( EINFO_EPERM, 0x03, \
"No suitable client certificate available" )
+#define EPERM_RENEG_INSECURE __einfo_error ( EINFO_EPERM_RENEG_INSECURE )
+#define EINFO_EPERM_RENEG_INSECURE \
+ __einfo_uniqify ( EINFO_EPERM, 0x04, \
+ "Secure renegotiation not supported" )
+#define EPERM_RENEG_VERIFY __einfo_error ( EINFO_EPERM_RENEG_VERIFY )
+#define EINFO_EPERM_RENEG_VERIFY \
+ __einfo_uniqify ( EINFO_EPERM, 0x05, \
+ "Secure renegotiation verification failed" )
#define EPROTO_VERSION __einfo_error ( EINFO_EPROTO_VERSION )
#define EINFO_EPROTO_VERSION \
__einfo_uniqify ( EINFO_EPROTO, 0x01, \
******************************************************************************
*/
+/**
+ * Restart negotiation
+ *
+ * @v tls TLS session
+ */
+static void tls_restart ( struct tls_session *tls ) {
+
+ /* Sanity check */
+ assert ( ! tls->tx_pending );
+ assert ( ! is_pending ( &tls->client_negotiation ) );
+ assert ( ! is_pending ( &tls->server_negotiation ) );
+
+ /* (Re)initialise handshake context */
+ digest_init ( &md5_sha1_algorithm, tls->handshake_md5_sha1_ctx );
+ digest_init ( &sha256_algorithm, tls->handshake_sha256_ctx );
+ tls->handshake_digest = &sha256_algorithm;
+ tls->handshake_ctx = tls->handshake_sha256_ctx;
+
+ /* (Re)start negotiation */
+ tls->tx_pending = TLS_TX_CLIENT_HELLO;
+ pending_get ( &tls->client_negotiation );
+ pending_get ( &tls->server_negotiation );
+}
+
/**
* Resume TX state machine
*
struct tls_signature_hash_id
code[TLS_NUM_SIG_HASH_ALGORITHMS];
} __attribute__ (( packed )) signature_algorithms;
+ uint16_t renegotiation_info_type;
+ uint16_t renegotiation_info_len;
+ struct {
+ uint8_t len;
+ uint8_t data[ tls->secure_renegotiation ?
+ sizeof ( tls->verify.client ) :0];
+ } __attribute__ (( packed )) renegotiation_info;
} __attribute__ (( packed )) extensions;
} __attribute__ (( packed )) hello;
struct tls_cipher_suite *suite;
= htons ( sizeof ( hello.extensions.signature_algorithms.code));
i = 0 ; for_each_table_entry ( sighash, TLS_SIG_HASH_ALGORITHMS )
hello.extensions.signature_algorithms.code[i++] = sighash->code;
+ hello.extensions.renegotiation_info_type
+ = htons ( TLS_RENEGOTIATION_INFO );
+ hello.extensions.renegotiation_info_len
+ = htons ( sizeof ( hello.extensions.renegotiation_info ) );
+ hello.extensions.renegotiation_info.len
+ = sizeof ( hello.extensions.renegotiation_info.data );
+ memcpy ( hello.extensions.renegotiation_info.data, tls->verify.client,
+ sizeof ( hello.extensions.renegotiation_info.data ) );
return tls_send_handshake ( tls, &hello, sizeof ( hello ) );
}
struct digest_algorithm *digest = tls->handshake_digest;
struct {
uint32_t type_length;
- uint8_t verify_data[12];
+ uint8_t verify_data[ sizeof ( tls->verify.client ) ];
} __attribute__ (( packed )) finished;
uint8_t digest_out[ digest->digestsize ];
int rc;
+ /* Construct client verification data */
+ tls_verify_handshake ( tls, digest_out );
+ tls_prf_label ( tls, &tls->master_secret, sizeof ( tls->master_secret ),
+ tls->verify.client, sizeof ( tls->verify.client ),
+ "client finished", digest_out, sizeof ( digest_out ) );
+
/* Construct record */
memset ( &finished, 0, sizeof ( finished ) );
finished.type_length = ( cpu_to_le32 ( TLS_FINISHED ) |
htonl ( sizeof ( finished ) -
sizeof ( finished.type_length ) ) );
- tls_verify_handshake ( tls, digest_out );
- tls_prf_label ( tls, &tls->master_secret, sizeof ( tls->master_secret ),
- finished.verify_data, sizeof ( finished.verify_data ),
- "client finished", digest_out, sizeof ( digest_out ) );
+ memcpy ( finished.verify_data, tls->verify.client,
+ sizeof ( finished.verify_data ) );
/* Transmit record */
if ( ( rc = tls_send_handshake ( tls, &finished,
}
}
+/**
+ * Receive new Hello Request handshake record
+ *
+ * @v tls TLS session
+ * @v data Plaintext handshake record
+ * @v len Length of plaintext handshake record
+ * @ret rc Return status code
+ */
+static int tls_new_hello_request ( struct tls_session *tls,
+ const void *data __unused,
+ size_t len __unused ) {
+
+ /* Ignore if a handshake is in progress */
+ if ( ! tls_ready ( tls ) ) {
+ DBGC ( tls, "TLS %p ignoring Hello Request\n", tls );
+ return 0;
+ }
+
+ /* Fail unless server supports secure renegotiation */
+ if ( ! tls->secure_renegotiation ) {
+ DBGC ( tls, "TLS %p refusing to renegotiate insecurely\n",
+ tls );
+ return -EPERM_RENEG_INSECURE;
+ }
+
+ /* Restart negotiation */
+ tls_restart ( tls );
+
+ return 0;
+}
+
/**
* Receive new Server Hello handshake record
*
uint8_t compression_method;
char next[0];
} __attribute__ (( packed )) *hello_b;
+ const struct {
+ uint16_t len;
+ uint8_t data[0];
+ } __attribute__ (( packed )) *exts;
+ const struct {
+ uint16_t type;
+ uint16_t len;
+ uint8_t data[0];
+ } __attribute__ (( packed )) *ext;
+ const struct {
+ uint8_t len;
+ uint8_t data[0];
+ } __attribute__ (( packed )) *reneg = NULL;
uint16_t version;
+ size_t exts_len;
+ size_t ext_len;
+ size_t remaining;
int rc;
/* Parse header */
session_id = hello_a->session_id;
hello_b = ( ( void * ) ( session_id + hello_a->session_id_len ) );
+ /* Parse extensions, if present */
+ remaining = ( len - sizeof ( *hello_a ) - hello_a->session_id_len -
+ sizeof ( *hello_b ) );
+ if ( remaining ) {
+
+ /* Parse extensions length */
+ exts = ( ( void * ) hello_b->next );
+ if ( ( sizeof ( *exts ) > remaining ) ||
+ ( ( exts_len = ntohs ( exts->len ) ) >
+ ( remaining - sizeof ( *exts ) ) ) ) {
+ DBGC ( tls, "TLS %p received underlength extensions\n",
+ tls );
+ DBGC_HD ( tls, data, len );
+ return -EINVAL_HELLO;
+ }
+
+ /* Parse extensions */
+ for ( ext = ( ( void * ) exts->data ), remaining = exts_len ;
+ remaining ;
+ ext = ( ( ( void * ) ext ) + sizeof ( *ext ) + ext_len ),
+ remaining -= ( sizeof ( *ext ) + ext_len ) ) {
+
+ /* Parse extension length */
+ if ( ( sizeof ( *ext ) > remaining ) ||
+ ( ( ext_len = ntohs ( ext->len ) ) >
+ ( remaining - sizeof ( *ext ) ) ) ) {
+ DBGC ( tls, "TLS %p received underlength "
+ "extension\n", tls );
+ DBGC_HD ( tls, data, len );
+ return -EINVAL_HELLO;
+ }
+
+ /* Record known extensions */
+ switch ( ext->type ) {
+ case htons ( TLS_RENEGOTIATION_INFO ) :
+ reneg = ( ( void * ) ext->data );
+ if ( ( sizeof ( *reneg ) > ext_len ) ||
+ ( reneg->len >
+ ( ext_len - sizeof ( *reneg ) ) ) ) {
+ DBGC ( tls, "TLS %p received "
+ "underlength renegotiation "
+ "info\n", tls );
+ DBGC_HD ( tls, data, len );
+ return -EINVAL_HELLO;
+ }
+ break;
+ }
+ }
+ }
+
/* Check and store protocol version */
version = ntohs ( hello_a->version );
if ( version < TLS_VERSION_TLS_1_0 ) {
if ( ( rc = tls_generate_keys ( tls ) ) != 0 )
return rc;
+ /* Handle secure renegotiation */
+ if ( tls->secure_renegotiation ) {
+
+ /* Secure renegotiation is expected; verify data */
+ if ( ( reneg == NULL ) ||
+ ( reneg->len != sizeof ( tls->verify ) ) ||
+ ( memcmp ( reneg->data, &tls->verify,
+ sizeof ( tls->verify ) ) != 0 ) ) {
+ DBGC ( tls, "TLS %p server failed secure "
+ "renegotiation\n", tls );
+ return -EPERM_RENEG_VERIFY;
+ }
+
+ } else if ( reneg != NULL ) {
+
+ /* Secure renegotiation is being enabled */
+ if ( reneg->len != 0 ) {
+ DBGC ( tls, "TLS %p server provided non-empty initial "
+ "renegotiation\n", tls );
+ return -EPERM_RENEG_VERIFY;
+ }
+ tls->secure_renegotiation = 1;
+ }
+
return 0;
}
const void *data, size_t len ) {
struct digest_algorithm *digest = tls->handshake_digest;
const struct {
- uint8_t verify_data[12];
+ uint8_t verify_data[ sizeof ( tls->verify.server ) ];
char next[0];
} __attribute__ (( packed )) *finished = data;
uint8_t digest_out[ digest->digestsize ];
- uint8_t verify_data[ sizeof ( finished->verify_data ) ];
/* Sanity check */
if ( sizeof ( *finished ) != len ) {
/* Verify data */
tls_verify_handshake ( tls, digest_out );
tls_prf_label ( tls, &tls->master_secret, sizeof ( tls->master_secret ),
- verify_data, sizeof ( verify_data ), "server finished",
- digest_out, sizeof ( digest_out ) );
- if ( memcmp ( verify_data, finished->verify_data,
- sizeof ( verify_data ) ) != 0 ) {
+ tls->verify.server, sizeof ( tls->verify.server ),
+ "server finished", digest_out, sizeof ( digest_out ) );
+ if ( memcmp ( tls->verify.server, finished->verify_data,
+ sizeof ( tls->verify.server ) ) != 0 ) {
DBGC ( tls, "TLS %p verification failed\n", tls );
return -EPERM_VERIFY;
}
/* Handle payload */
switch ( handshake->type ) {
+ case TLS_HELLO_REQUEST:
+ rc = tls_new_hello_request ( tls, payload,
+ payload_len );
+ break;
case TLS_SERVER_HELLO:
rc = tls_new_server_hello ( tls, payload, payload_len );
break;
( sizeof ( tls->pre_master_secret.random ) ) ) ) != 0 ) {
goto err_random;
}
- digest_init ( &md5_sha1_algorithm, tls->handshake_md5_sha1_ctx );
- digest_init ( &sha256_algorithm, tls->handshake_sha256_ctx );
- tls->handshake_digest = &sha256_algorithm;
- tls->handshake_ctx = tls->handshake_sha256_ctx;
- tls->tx_pending = TLS_TX_CLIENT_HELLO;
iob_populate ( &tls->rx_header_iobuf, &tls->rx_header, 0,
sizeof ( tls->rx_header ) );
INIT_LIST_HEAD ( &tls->rx_data );
- /* Add pending operations for server and client Finished messages */
- pending_get ( &tls->client_negotiation );
- pending_get ( &tls->server_negotiation );
+ /* Start negotiation */
+ tls_restart ( tls );
/* Attach to parent interface, mortalise self, and return */
intf_plug_plug ( &tls->plainstream, xfer );
projects / thirdparty / ipxe.git / commitdiff
