]> git.saurik.com Git - apple/security.git/blob - SecureTransport/hdskhelo.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-29.tar.gz
[apple/security.git] / SecureTransport / hdskhelo.c
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 File: hdskhelo.c
21
22 Contains: Support for client hello and server hello messages.
23
24 Written by: Doug Mitchell, based on Netscape RSARef 3.0
25
26 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
27
28 */
29 /* *********************************************************************
30 File: hdskhelo.c
31
32 SSLRef 3.0 Final -- 11/19/96
33
34 Copyright (c)1996 by Netscape Communications Corp.
35
36 By retrieving this software you are bound by the licensing terms
37 disclosed in the file "LICENSE.txt". Please read it, and if you don't
38 accept the terms, delete this software.
39
40 SSLRef 3.0 was developed by Netscape Communications Corp. of Mountain
41 View, California <http://home.netscape.com/> and Consensus Development
42 Corporation of Berkeley, California <http://www.consensus.com/>.
43
44 *********************************************************************
45
46 File: hdskhelo.c Support for client hello and server hello messages
47
48 Also, encoding of Random structures and initializing the message
49 hashes used for calculating finished and certificate verify messages.
50
51 ****************************************************************** */
52
53 #ifndef _SSLCTX_H_
54 #include "sslctx.h"
55 #endif
56
57 #ifndef _SSLHDSHK_H_
58 #include "sslhdshk.h"
59 #endif
60
61 #ifndef _SSLALLOC_H_
62 #include "sslalloc.h"
63 #endif
64
65 #ifndef _SSLSESS_H_
66 #include "sslsess.h"
67 #endif
68
69 #ifndef _SSLUTIL_H_
70 #include "sslutil.h"
71 #endif
72
73 #ifndef _SSL_DEBUG_H_
74 #include "sslDebug.h"
75 #endif
76
77 #ifndef _APPLE_GLUE_H_
78 #include "appleGlue.h"
79 #endif
80
81 #ifndef _APPLE_CDSA_H_
82 #include "appleCdsa.h"
83 #endif
84
85 #ifndef _DIGESTS_H_
86 #include "digests.h"
87 #endif
88
89 #ifndef _CIPHER_SPECS_H_
90 #include "cipherSpecs.h"
91 #endif
92
93 #include <string.h>
94
95 static SSLErr SSLEncodeRandom(unsigned char *p, SSLContext *ctx);
96
97 SSLErr
98 SSLEncodeServerHello(SSLRecord *serverHello, SSLContext *ctx)
99 { SSLErr err;
100 UInt8 *progress;
101 int sessionIDLen;
102
103 sessionIDLen = 0;
104 if (ctx->sessionID.data != 0)
105 sessionIDLen = (UInt8)ctx->sessionID.length;
106 #if LOG_NEGOTIATE
107 dprintf0("===SSL3 server: sending SSL_Version_3_0\n");
108 #endif
109 serverHello->protocolVersion = SSL_Version_3_0;
110 serverHello->contentType = SSL_handshake;
111 if ((err = SSLAllocBuffer(&serverHello->contents, 42 + sessionIDLen, &ctx->sysCtx)) != 0)
112 return err;
113
114 progress = serverHello->contents.data;
115 *progress++ = SSL_server_hello;
116 progress = SSLEncodeInt(progress, 38 + sessionIDLen, 3);
117 progress = SSLEncodeInt(progress, SSL_Version_3_0, 2);
118 if ((err = SSLEncodeRandom(progress, ctx)) != 0)
119 return err;
120 memcpy(ctx->serverRandom, progress, 32);
121 progress += 32;
122 *(progress++) = (UInt8)sessionIDLen;
123 if (sessionIDLen > 0)
124 memcpy(progress, ctx->sessionID.data, sessionIDLen);
125 progress += sessionIDLen;
126 progress = SSLEncodeInt(progress, ctx->selectedCipher, 2);
127 *(progress++) = 0; /* Null compression */
128
129 dprintf1("ssl3: server specifying cipherSuite 0x%lx\n", (UInt32)ctx->selectedCipher);
130
131 CASSERT(progress == serverHello->contents.data + serverHello->contents.length);
132
133 return SSLNoErr;
134 }
135
136 SSLErr
137 SSLProcessServerHello(SSLBuffer message, SSLContext *ctx)
138 { SSLErr err;
139 SSLProtocolVersion protocolVersion;
140 unsigned int sessionIDLen;
141 UInt8 *p;
142
143 CASSERT(ctx->protocolSide == SSL_ClientSide);
144
145 if (message.length < 38 || message.length > 70) {
146 errorLog0("SSLProcessServerHello: msg len error\n");
147 return SSLProtocolErr;
148 }
149 p = message.data;
150
151 protocolVersion = (SSLProtocolVersion)SSLDecodeInt(p, 2);
152 p += 2;
153 if (protocolVersion != SSL_Version_3_0)
154 return SSLUnsupportedErr;
155 ctx->negProtocolVersion = protocolVersion;
156 #if LOG_NEGOTIATE
157 dprintf0("===SSL3 client: negVersion is 3_0\n");
158 #endif
159
160 memcpy(ctx->serverRandom, p, 32);
161 p += 32;
162
163 sessionIDLen = *p++;
164 if (message.length != 38 + sessionIDLen) {
165 errorLog0("SSLProcessServerHello: msg len error 2\n");
166 return SSLProtocolErr;
167 }
168 if (sessionIDLen > 0 && ctx->peerID.data != 0)
169 { /* Don't die on error; just treat it as an uncached session */
170 err = SSLAllocBuffer(&ctx->sessionID, sessionIDLen, &ctx->sysCtx);
171 if (err == 0)
172 memcpy(ctx->sessionID.data, p, sessionIDLen);
173 }
174 p += sessionIDLen;
175
176 ctx->selectedCipher = (UInt16)SSLDecodeInt(p,2);
177 #if LOG_NEGOTIATE
178 dprintf1("===ssl3: server requests cipherKind 0x%x\n",
179 (UInt32)ctx->selectedCipher);
180 #endif
181 p += 2;
182 if ((err = FindCipherSpec(ctx)) != 0) {
183 return err;
184 }
185
186 if (*p++ != 0) /* Compression */
187 return SSLUnsupportedErr;
188
189 CASSERT(p == message.data + message.length);
190 return SSLNoErr;
191 }
192
193 SSLErr
194 SSLEncodeClientHello(SSLRecord *clientHello, SSLContext *ctx)
195 { int length, i;
196 SSLErr err;
197 unsigned char *p;
198 SSLBuffer sessionIdentifier;
199 UInt16 sessionIDLen;
200
201 CASSERT(ctx->protocolSide == SSL_ClientSide);
202
203 sessionIDLen = 0;
204 if (ctx->resumableSession.data != 0)
205 { if (ERR(err = SSLRetrieveSessionIDIdentifier(ctx->resumableSession, &sessionIdentifier, ctx)) != 0)
206 { return err;
207 }
208 sessionIDLen = sessionIdentifier.length;
209 }
210
211 length = 39 + 2*(ctx->numValidCipherSpecs) + sessionIDLen;
212
213 clientHello->protocolVersion = SSL_Version_3_0;
214 clientHello->contentType = SSL_handshake;
215 if ((err = SSLAllocBuffer(&clientHello->contents, length + 4, &ctx->sysCtx)) != 0)
216 return err;
217
218 p = clientHello->contents.data;
219 *p++ = SSL_client_hello;
220 p = SSLEncodeInt(p, length, 3);
221 p = SSLEncodeInt(p, SSL_Version_3_0, 2);
222 #if LOG_NEGOTIATE
223 dprintf0("===SSL3 client: proclaiming Version_3_0 capable ONLY\n");
224 #endif
225 if ((err = SSLEncodeRandom(p, ctx)) != 0)
226 { SSLFreeBuffer(&clientHello->contents, &ctx->sysCtx);
227 return err;
228 }
229 memcpy(ctx->clientRandom, p, 32);
230 p += 32;
231 *p++ = sessionIDLen; /* 1 byte vector length */
232 if (sessionIDLen > 0)
233 { memcpy(p, sessionIdentifier.data, sessionIDLen);
234 if ((err = SSLFreeBuffer(&sessionIdentifier, &ctx->sysCtx)) != 0)
235 return err;
236 }
237 p += sessionIDLen;
238 p = SSLEncodeInt(p, 2*(ctx->numValidCipherSpecs), 2); /* 2 byte long vector length */
239 for (i = 0; i<ctx->numValidCipherSpecs; ++i)
240 p = SSLEncodeInt(p, ctx->validCipherSpecs[i].cipherSpec, 2);
241 *p++ = 1; /* 1 byte long vector */
242 *p++ = 0; /* null compression */
243
244 CASSERT(p == clientHello->contents.data + clientHello->contents.length);
245
246 if ((err = SSLInitMessageHashes(ctx)) != 0)
247 return err;
248
249 return SSLNoErr;
250 }
251
252 SSLErr
253 SSLProcessClientHello(SSLBuffer message, SSLContext *ctx)
254 { SSLErr err;
255 SSLProtocolVersion clientVersion;
256 UInt16 cipherListLen, cipherCount, desiredSpec, cipherSpec;
257 UInt8 sessionIDLen, compressionCount;
258 UInt8 *progress;
259 int i;
260
261 if (message.length < 41) {
262 errorLog0("SSLProcessClientHello: msg len error 1\n");
263 return SSLProtocolErr;
264 }
265 progress = message.data;
266 clientVersion = (SSLProtocolVersion)SSLDecodeInt(progress, 2);
267 progress += 2;
268 if (clientVersion < SSL_Version_3_0) {
269 #if LOG_NEGOTIATE
270 dprintf1("===SSL3 server: clientVersion %s rejected\n", clientVersion);
271 #endif
272 return SSLUnsupportedErr;
273 }
274 ctx->negProtocolVersion = SSL_Version_3_0;
275 #if LOG_NEGOTIATE
276 dprintf0("===SSL3 server: negVersion is 3_0\n");
277 #endif
278
279 memcpy(ctx->clientRandom, progress, 32);
280 progress += 32;
281 sessionIDLen = *(progress++);
282 if (message.length < 41 + sessionIDLen) {
283 errorLog0("SSLProcessClientHello: msg len error 2\n");
284 return SSLProtocolErr;
285 }
286 if (sessionIDLen > 0 && ctx->peerID.data != 0)
287 { /* Don't die on error; just treat it as an uncacheable session */
288 err = SSLAllocBuffer(&ctx->sessionID, sessionIDLen, &ctx->sysCtx);
289 if (err == 0)
290 memcpy(ctx->sessionID.data, progress, sessionIDLen);
291 }
292 progress += sessionIDLen;
293
294 cipherListLen = (UInt16)SSLDecodeInt(progress, 2); /* Count of cipherSpecs, must be even & >= 2 */
295 progress += 2;
296 if ((cipherListLen & 1) || cipherListLen < 2 || message.length < 39 + sessionIDLen + cipherListLen) {
297 errorLog0("SSLProcessClientHello: msg len error 3\n");
298 return SSLProtocolErr;
299 }
300 cipherCount = cipherListLen/2;
301 cipherSpec = 0xFFFF; /* No match marker */
302 while (cipherSpec == 0xFFFF && cipherCount--)
303 { desiredSpec = (UInt16)SSLDecodeInt(progress, 2);
304 progress += 2;
305 for (i = 0; i <ctx->numValidCipherSpecs; i++)
306 { if (ctx->validCipherSpecs[i].cipherSpec == desiredSpec)
307 { cipherSpec = desiredSpec;
308 break;
309 }
310 }
311 }
312
313 if (cipherSpec == 0xFFFF)
314 return SSLNegotiationErr;
315 progress += 2 * cipherCount; /* Advance past unchecked cipherCounts */
316 ctx->selectedCipher = cipherSpec;
317 if ((err = FindCipherSpec(ctx)) != 0) {
318 return err;
319 }
320 #if LOG_NEGOTIATE
321 dprintf1("ssl3 server: selecting cipherKind 0x%x\n", (UInt32)ctx->selectedCipher);
322 #endif
323
324 compressionCount = *(progress++);
325 /* message.length restriction relaxed to allow too-long messages for future expansion
326 following recommendation of TLS meeting 5/29/96 */
327 if (compressionCount < 1 || message.length < 38 + sessionIDLen + cipherListLen + compressionCount) {
328 errorLog0("SSLProcessClientHello: msg len error 4\n");
329 return SSLProtocolErr;
330 }
331 /* Ignore list; we're doing null */
332
333 if ((err = SSLInitMessageHashes(ctx)) != 0)
334 return err;
335
336 return SSLNoErr;
337 }
338
339 static SSLErr
340 SSLEncodeRandom(unsigned char *p, SSLContext *ctx)
341 { SSLBuffer randomData;
342 SSLErr err;
343 UInt32 time;
344
345 #ifdef _APPLE_CDSA_
346 if ((err = sslTime(&time)) != 0)
347 #else
348 if ((err = ctx->sysCtx.time(&time, ctx->sysCtx.timeRef)) != 0)
349 #endif
350 return err;
351 SSLEncodeInt(p, time, 4);
352 randomData.data = p+4;
353 randomData.length = 28;
354 #ifdef _APPLE_CDSA_
355 if((err = sslRand(ctx, &randomData)) != 0)
356 #else
357 if ((err = ctx->sysCtx.random(randomData, ctx->sysCtx.randomRef)) != 0)
358 #endif
359 return err;
360 return SSLNoErr;
361 }
362
363 SSLErr
364 SSLInitMessageHashes(SSLContext *ctx)
365 { SSLErr err;
366 if ((err = SSLFreeBuffer(&ctx->shaState, &ctx->sysCtx)) != 0)
367 return err;
368 if ((err = SSLFreeBuffer(&ctx->md5State, &ctx->sysCtx)) != 0)
369 return err;
370 if ((err = ReadyHash(&SSLHashSHA1, &ctx->shaState, ctx)) != 0)
371 return err;
372 if ((err = ReadyHash(&SSLHashMD5, &ctx->md5State, ctx)) != 0)
373 return err;
374 return SSLNoErr;
375 }
mirror of Security