unsigned long dh_g_len = sizeof dh_g;
unsigned long dh_Ys_len = sizeof dh_Ys;
+ ENTER;
if (tls_dh_export_pqY(dh_p, &dh_p_len, dh_g, &dh_g_len, dh_Ys,
&dh_Ys_len, ctx->dhe)) {
DEBUG_PRINT("ERROR EXPORTING DHE KEY %p\n", ctx->dhe);
buf->error = 1;
tls_dhe_free(ctx);
+ LEAVE;;
return;
}
+ tls_buffer_append_byte(buf, 0x10);
tls_dhe_free(ctx);
DEBUG_DUMP_HEX_LABEL("Yc", dh_Ys, dh_Ys_len);
tls_buffer_append24(buf, dh_Ys_len + 2);
-
tls_buffer_append16(buf, dh_Ys_len);
tls_buffer_append(buf, dh_Ys, dh_Ys_len);
+ LEAVE;
}
static void append_ecdhe(struct TLSContext *ctx, struct tls_buffer *buf) {
unsigned char out[TLS_MAX_RSA_KEY];
unsigned long out_len = TLS_MAX_RSA_KEY;
- //fprintf(stderr, "ecc dhe\n");
+ ENTER;
if (ecc_ansi_x963_export(ctx->ecc_dhe, out, &out_len)) {
DEBUG_PRINT("Error exporting ECC key\n");
buf->error = 1;
+ LEAVE;;
+ return;
}
tls_ecc_dhe_free(ctx);
tls_buffer_append_byte(buf, out_len);
tls_buffer_append(buf, out, out_len);
+ LEAVE;
}
static void set_record_size(struct tls_buffer *b) {
struct tls_buffer cke;
struct TLSPacket *p;
+ ENTER;
tls_buffer_init(&cke, 42);
tls_buffer_append_byte(&cke, 0x16);
tls_buffer_append16(&cke, 0x0303);
context->connection_status = 2;
tls_packet_update(p);
+ LEAVE;
return p;
}
void tls_send_client_key_exchange(struct TLSContext *context) {
struct TLSPacket *packet;
+ ENTER;
int ephemeral = tls_cipher_is_ephemeral(context);
if (ephemeral && context->premaster_key && context->premaster_key_len) {
//fprintf(stderr, "YYYY\n");
packet = tls_client_key_exchange(context);
tls_queue_packet(packet);
+ LEAVE;
return;
if (ephemeral == 1) {
/* dhe */
/* TODO should never happen, should always require
* either DHE or ECC DHE */
fprintf(stderr, "ZZZZ build random\n");
+ LEAVE;
return;
packet = tls_create_packet(context, TLS_HANDSHAKE, context->version, 0);
tls_packet_uint8(packet, 0x10);
context->connection_status = 2;
tls_packet_update(packet);
tls_queue_packet(packet);
+ LEAVE;
return;
}
/* two bytes server version */
uint16_t server_ver = get16(buf+i);
i+=2;
+ DEBUG_PRINTLN("server version = %04x\n", server_ver);
if (server_ver != ctx->version) {
/* TODO allow (or not) downgrade to v1.2 */
return TLS_UNEXPECTED_MESSAGE;
/* two bytes cipher suite selected */
ctx->cipher = get16(buf+i);
i+=2;
+ DEBUG_PRINTLN("server cipher = %04x\n", ctx->cipher);
if (!tls_cipher_supported(ctx, ctx->cipher)) {
ctx->cipher = 0;
DEBUG_PRINT("NO CIPHER SUPPORTED\n");
+ MARK;
return TLS_NO_COMMON_CIPHER;
}
continue;
}
if (i+elen > len) {
+ MARK;
return TLS_BROKEN_PACKET;
}
}
/* if ctx->curve */
if (selected) {
- fprintf(stderr, "SELECTED CURVE %s\n",
+ DEBUG_PRINTLN("SELECTED CURVE %s\n",
ctx->curve->name);
}
case 0x0010:
case 0xff01: /* renegotiation info */
//fprintf(stderr, "renegotiation info\n");
/* ignore, we don't support renegotiation */
+ MARK;
break;
case 0x0033: /* key share */
/* TODO parse key share */
break;
case 0x000b:
/* signature algorithms */
+ MARK;
break;
case 0x002b: /* supported versions */
/* should be two bytes of 0x00 0x02
}
#endif
+ MARK;
return 1;
}