PSK_COBJECTS = psk.c
-COBJECTS = range.c record.c compress.c debug.c cipher.c gthreads.h \
+COBJECTS = range.c record.c compress.c debug.c cipher.c gthreads.h handshake-tls13.c \
mbuffers.c buffers.c handshake.c num.c errors.c dh.c kx.c \
priority.c hash_int.c cipher_int.c session.c db.c x509_b64.c \
hello_ext.c auth.c sslv2_compat.c datum.c session_pack.c mpi.c \
type)
{
switch (type) {
+ case GNUTLS_HANDSHAKE_END_OF_EARLY_DATA:
+ return "END OF EARLY DATA";
+ case GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST:
+ return "HELLO RETRY REQUEST";
case GNUTLS_HANDSHAKE_HELLO_REQUEST:
return "HELLO REQUEST";
- break;
case GNUTLS_HANDSHAKE_CLIENT_HELLO:
return "CLIENT HELLO";
- break;
#ifdef ENABLE_SSL2
case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2:
return "SSL2 CLIENT HELLO";
- break;
#endif
case GNUTLS_HANDSHAKE_SERVER_HELLO:
return "SERVER HELLO";
- break;
case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST:
return "HELLO VERIFY REQUEST";
- break;
case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
return "CERTIFICATE";
- break;
+ case GNUTLS_HANDSHAKE_ENCRYPTED_EXTENSIONS:
+ return "ENCRYPTED EXTENSIONS";
case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
return "SERVER KEY EXCHANGE";
- break;
case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
return "CERTIFICATE REQUEST";
- break;
case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
return "SERVER HELLO DONE";
- break;
case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
return "CERTIFICATE VERIFY";
- break;
case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
return "CLIENT KEY EXCHANGE";
- break;
case GNUTLS_HANDSHAKE_FINISHED:
return "FINISHED";
- break;
case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
return "SUPPLEMENTAL";
- break;
case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
return "CERTIFICATE STATUS";
- break;
case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
return "NEW SESSION TICKET";
- break;
case GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC:
return "CHANGE CIPHER SPEC";
- break;
default:
return "Unknown Handshake packet";
}
STATE9, STATE10, STATE11, STATE12, STATE13, STATE14,
STATE15, STATE16, STATE17, STATE18, STATE19,
STATE20 = 20, STATE21, STATE22,
- STATE30 = 30, STATE31, STATE40 = 40, STATE41, STATE50 = 50
+ STATE30 = 30, STATE31, STATE40 = 40, STATE41, STATE50 = 50,
+ STATE100=100, STATE101, STATE102, STATE103, STATE104,
+ STATE105, STATE106, STATE107, STATE108, STATE109
} handshake_state_t;
typedef enum bye_state_t {
--- /dev/null
+/*
+ * Copyright (C) 2017 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* Functions that relate to the TLS handshake procedure.
+ */
+
+#include "gnutls_int.h"
+#include "errors.h"
+#include "dh.h"
+#include "debug.h"
+#include "algorithms.h"
+#include "cipher.h"
+#include "buffers.h"
+#include "mbuffers.h"
+#include "kx.h"
+#include "handshake.h"
+#include "num.h"
+#include "hash_int.h"
+#include "db.h"
+#include "hello_ext.h"
+#include "supplemental.h"
+#include "auth.h"
+#include "sslv2_compat.h"
+#include <auth/cert.h>
+#include "constate.h"
+#include <record.h>
+#include <state.h>
+#include <random.h>
+#include <dtls.h>
+
+/*
+ * _gnutls13_handshake_client
+ * This function performs the client side of the handshake of the TLS/SSL protocol.
+ */
+int _gnutls13_handshake_client(gnutls_session_t session)
+{
+ int ret = 0;
+
+ switch (STATE) {
+ case STATE100:
+ abort();
+ STATE = STATE100;
+ IMED_RET("recv encrypted extensions", ret, 0);
+ /* fall through */
+ case STATE101:
+ abort();
+ STATE = STATE101;
+ IMED_RET("recv certificate request", ret, 0);
+ /* fall through */
+ case STATE102:
+ abort();
+ STATE = STATE102;
+ IMED_RET("recv certificate", ret, 0);
+ /* fall through */
+ case STATE103:
+ abort();
+ STATE = STATE103;
+ IMED_RET("recv server certificate verify", ret, 0);
+ /* fall through */
+ case STATE104:
+ ret = _gnutls_run_verify_callback(session, GNUTLS_CLIENT);
+ STATE = STATE102;
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ FALLTHROUGH;
+ case STATE105:
+ abort();
+ STATE = STATE105;
+ IMED_RET("recv finished", ret, 0);
+ /* fall through */
+ case STATE106:
+ abort();
+ STATE = STATE106;
+ IMED_RET("send certificate", ret, 0);
+ /* fall through */
+ case STATE107:
+ abort();
+ STATE = STATE107;
+ IMED_RET("send certificate verify", ret, 0);
+ /* fall through */
+ case STATE108:
+ abort();
+ STATE = STATE108;
+ IMED_RET("send finished", ret, 0);
+
+ STATE = STATE0;
+ break;
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+
+ /* explicitly reset any false start flags */
+ session->internals.recv_state = RECV_STATE_0;
+
+ return 0;
+}
+
+/*
+ * _gnutls13_handshake_server
+ * This function does the server stuff of the handshake protocol.
+ */
+int _gnutls13_handshake_server(gnutls_session_t session)
+{
+ int ret = 0;
+
+ switch (STATE) {
+ case STATE100:
+ case STATE101:
+ abort();
+ STATE = STATE101;
+ IMED_RET("send encrypted extensions", ret, 0);
+ /* fall through */
+ case STATE102:
+ abort();
+ STATE = STATE102;
+ IMED_RET("send certificate request", ret, 0);
+ /* fall through */
+ case STATE103:
+ abort();
+ STATE = STATE103;
+ IMED_RET("send certificate", ret, 0);
+ /* fall through */
+ case STATE104:
+ abort();
+ STATE = STATE104;
+ IMED_RET("send certificate verify", ret, 0);
+ /* fall through */
+ case STATE105:
+ abort();
+ STATE = STATE105;
+ IMED_RET("send finished", ret, 0);
+ /* fall through */
+ case STATE106:
+ abort();
+ STATE = STATE106;
+ IMED_RET("recv certificate", ret, 0);
+ /* fall through */
+ case STATE107:
+ abort();
+ STATE = STATE107;
+ IMED_RET("recv certificate verify", ret, 0);
+ /* fall through */
+ case STATE108:
+ ret = _gnutls_run_verify_callback(session, GNUTLS_SERVER);
+ STATE = STATE108;
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ /* fall through */
+ case STATE109:
+ abort();
+ STATE = STATE109;
+ IMED_RET("recv finished", ret, 0);
+ /* fall through */
+
+ STATE = STATE0;
+ break;
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+
+ return 0;
+}
+
* and initializing encryption. This is the first encrypted message
* we send.
*/
-static int _gnutls_send_finished(gnutls_session_t session, int again)
+int _gnutls_send_finished(gnutls_session_t session, int again)
{
mbuffer_st *bufel;
uint8_t *data;
/* This is to be called after sending our finished message. If everything
* went fine we have negotiated a secure connection
*/
-static int _gnutls_recv_finished(gnutls_session_t session)
+int _gnutls_recv_finished(gnutls_session_t session)
{
uint8_t data[MAX_VERIFY_DATA_SIZE], *vrfy;
gnutls_buffer_st buf;
case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
case GNUTLS_HANDSHAKE_FINISHED:
+ case GNUTLS_HANDSHAKE_ENCRYPTED_EXTENSIONS:
case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
session->internals.handshake_timeout_ms = ms;
}
-
-#define IMED_RET( str, ret, allow_alert) do { \
- if (ret < 0) { \
- /* EAGAIN and INTERRUPTED are always non-fatal */ \
- if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \
- return ret; \
- if (ret == GNUTLS_E_GOT_APPLICATION_DATA && session->internals.initial_negotiation_completed != 0) \
- return ret; \
- if (session->internals.handshake_suspicious_loops < 16) { \
- if (ret == GNUTLS_E_LARGE_PACKET) { \
- session->internals.handshake_suspicious_loops++; \
- return ret; \
- } \
- /* a warning alert might interrupt handshake */ \
- if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) { \
- session->internals.handshake_suspicious_loops++; \
- return ret; \
- } \
- } \
- gnutls_assert(); \
- /* do not allow non-fatal errors at this point */ \
- if (gnutls_error_is_fatal(ret) == 0) ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); \
- session_invalidate(session); \
- _gnutls_handshake_hash_buffers_clear(session); \
- return ret; \
- } } while (0)
-
-
/* Runs the certificate verification callback.
* side is either GNUTLS_CLIENT or GNUTLS_SERVER.
*/
-static int run_verify_callback(gnutls_session_t session, unsigned int side)
+int _gnutls_run_verify_callback(gnutls_session_t session, unsigned int side)
{
gnutls_certificate_credentials_t cred;
int ret, type;
static int handshake_client(gnutls_session_t session)
{
int ret = 0;
+ const version_entry_st *ver;
+
+ reset:
+ if (STATE >= STATE100)
+ return _gnutls13_handshake_client(session);
switch (STATE) {
case STATE0:
IMED_RET("recv hello", ret, 1);
/* fall through */
case STATE4:
+ ver = get_version(session);
+ if (ver->tls13_sem) { /* TLS 1.3 state machine */
+ STATE = STATE100;
+ goto reset;
+ }
+
ret = _gnutls_ext_sr_verify(session);
STATE = STATE4;
IMED_RET("recv hello", ret, 0);
#endif
/* fall through */
case STATE8:
- ret = run_verify_callback(session, GNUTLS_CLIENT);
+ ret = _gnutls_run_verify_callback(session, GNUTLS_CLIENT);
STATE = STATE8;
if (ret < 0)
return gnutls_assert_val(ret);
static int handshake_server(gnutls_session_t session)
{
int ret = 0;
+ const version_entry_st *ver;
+
+ reset:
+ if (STATE >= STATE100)
+ return _gnutls13_handshake_server(session);
switch (STATE) {
case STATE0:
IMED_RET("recv hello", ret, 1);
/* fall through */
case STATE2:
+
ret = _gnutls_ext_sr_verify(session);
STATE = STATE2;
IMED_RET("recv hello", ret, 0);
ret = send_server_hello(session, AGAIN(STATE3));
STATE = STATE3;
IMED_RET("send hello", ret, 1);
+
+ ver = get_version(session);
+ if (ver->tls13_sem) { /* TLS 1.3 state machine */
+ STATE = STATE100;
+ goto reset;
+ }
+
/* fall through */
case STATE4:
if (session->security_parameters.do_send_supplemental) {
IMED_RET("recv client certificate", ret, 1);
/* fall through */
case STATE12:
- ret = run_verify_callback(session, GNUTLS_SERVER);
+ ret = _gnutls_run_verify_callback(session, GNUTLS_SERVER);
STATE = STATE12;
if (ret < 0)
return gnutls_assert_val(ret);
/*
* Copyright (C) 2000-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2017 Red Hat, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
#define HANDSHAKE_H
#include "errors.h"
+#include "record.h"
+
+#define IMED_RET( str, ret, allow_alert) do { \
+ if (ret < 0) { \
+ /* EAGAIN and INTERRUPTED are always non-fatal */ \
+ if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \
+ return ret; \
+ if (ret == GNUTLS_E_GOT_APPLICATION_DATA && session->internals.initial_negotiation_completed != 0) \
+ return ret; \
+ if (session->internals.handshake_suspicious_loops < 16) { \
+ if (ret == GNUTLS_E_LARGE_PACKET) { \
+ session->internals.handshake_suspicious_loops++; \
+ return ret; \
+ } \
+ /* a warning alert might interrupt handshake */ \
+ if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) { \
+ session->internals.handshake_suspicious_loops++; \
+ return ret; \
+ } \
+ } \
+ gnutls_assert(); \
+ /* do not allow non-fatal errors at this point */ \
+ if (gnutls_error_is_fatal(ret) == 0) ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); \
+ session_invalidate(session); \
+ _gnutls_handshake_hash_buffers_clear(session); \
+ return ret; \
+ } } while (0)
int _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel,
gnutls_handshake_description_t type);
#define EXPORTER_LABEL "exp master"
#define RES_LABEL "res master"
+int _gnutls_run_verify_callback(gnutls_session_t session, unsigned int side);
+int _gnutls_recv_finished(gnutls_session_t session);
+int _gnutls_send_finished(gnutls_session_t session, int again);
+
+int _gnutls13_handshake_client(gnutls_session_t session);
+int _gnutls13_handshake_server(gnutls_session_t session);
+
#endif
* @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
* @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
* @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
+ * @GNUTLS_HANDSHAKE_END_OF_EARLY_DATA: End of early data.
+ * @GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST: Hello retry request.
* @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
* @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
* @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST = 3,
GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4,
+ GNUTLS_HANDSHAKE_END_OF_EARLY_DATA = 5,
+ GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST = 6,
+ GNUTLS_HANDSHAKE_ENCRYPTED_EXTENSIONS = 8,
GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
projects / thirdparty / gnutls.git / commitdiff
