X-Git-Url: https://pd.if.org/git/?a=blobdiff_plain;f=crypto%2Fhandshake.c;h=264ecb93e26f2fad478e84bb9886c6e49f938bcf;hb=HEAD;hp=ed81920629e6f6287c191cb40cd1f19a929b85ea;hpb=4714f8eb39f360325048dcfa06da048a0c4b2be9;p=zpackage

diff --git a/crypto/handshake.c b/crypto/handshake.c
index ed81920..264ecb9 100644
--- a/crypto/handshake.c
+++ b/crypto/handshake.c
@@ -681,33 +681,38 @@ static void append_dhe(struct TLSContext *ctx, struct tls_buffer *buf) {
 	unsigned long dh_g_len = sizeof dh_g;
 	unsigned long dh_Ys_len = sizeof dh_Ys;
 
+	ENTER;
 	if (tls_dh_export_pqY(dh_p, &dh_p_len, dh_g, &dh_g_len, dh_Ys,
 				&dh_Ys_len, ctx->dhe)) {
 		DEBUG_PRINT("ERROR EXPORTING DHE KEY %p\n", ctx->dhe);
 		buf->error = 1;
 		tls_dhe_free(ctx);
+		LEAVE;;
 		return;
 	}
+	tls_buffer_append_byte(buf, 0x10);
 
 	tls_dhe_free(ctx);
 
 	DEBUG_DUMP_HEX_LABEL("Yc", dh_Ys, dh_Ys_len);
 
 	tls_buffer_append24(buf, dh_Ys_len + 2);
-
 	tls_buffer_append16(buf, dh_Ys_len);
 	tls_buffer_append(buf, dh_Ys, dh_Ys_len);
+	LEAVE;
 }
 
 static void append_ecdhe(struct TLSContext *ctx, struct tls_buffer *buf) {
 	unsigned char out[TLS_MAX_RSA_KEY];
 	unsigned long out_len = TLS_MAX_RSA_KEY;
 
-	//fprintf(stderr, "ecc dhe\n");
+	ENTER;
 
 	if (ecc_ansi_x963_export(ctx->ecc_dhe, out, &out_len)) {
 		DEBUG_PRINT("Error exporting ECC key\n");
 		buf->error = 1;
+		LEAVE;;
+		return;
 	}
 
 	tls_ecc_dhe_free(ctx);
@@ -717,6 +722,7 @@ static void append_ecdhe(struct TLSContext *ctx, struct tls_buffer *buf) {
 
 	tls_buffer_append_byte(buf, out_len);
 	tls_buffer_append(buf, out, out_len);
+	LEAVE;
 }
 
 static void set_record_size(struct tls_buffer *b) {
@@ -730,6 +736,7 @@ struct TLSPacket *tls_client_key_exchange(struct TLSContext *context) {
 	struct tls_buffer cke;
 	struct TLSPacket *p;
 
+	ENTER;
 	tls_buffer_init(&cke, 42);
 	tls_buffer_append_byte(&cke, 0x16);
 	tls_buffer_append16(&cke, 0x0303);
@@ -748,6 +755,7 @@ struct TLSPacket *tls_client_key_exchange(struct TLSContext *context) {
 	context->connection_status = 2;
 	tls_packet_update(p);
 
+	LEAVE;
 	return p;
 }
 
@@ -808,12 +816,14 @@ static int tls_build_random(struct TLSPacket *packet) {
 void tls_send_client_key_exchange(struct TLSContext *context) {
 	struct TLSPacket *packet;
 
+	ENTER;
 	int ephemeral = tls_cipher_is_ephemeral(context);
 
 	if (ephemeral && context->premaster_key && context->premaster_key_len) {
 		//fprintf(stderr, "YYYY\n");
 		packet = tls_client_key_exchange(context);
 		tls_queue_packet(packet);
+		LEAVE;
 		return;
 		if (ephemeral == 1) {
 			/* dhe */
@@ -824,6 +834,7 @@ void tls_send_client_key_exchange(struct TLSContext *context) {
 		/* TODO should never happen, should always require
 		 * either DHE or ECC DHE */
 		fprintf(stderr, "ZZZZ build random\n");
+		LEAVE;
 		return;
 		packet = tls_create_packet(context, TLS_HANDSHAKE, context->version, 0);
 		tls_packet_uint8(packet, 0x10);
@@ -832,6 +843,7 @@ void tls_send_client_key_exchange(struct TLSContext *context) {
 	context->connection_status = 2;
 	tls_packet_update(packet);
 	tls_queue_packet(packet);
+	LEAVE;
 	return;
 }
 
@@ -879,6 +891,7 @@ int tls_parse_server_hello(struct TLSContext *ctx, const unsigned char *buf, siz
 	/* two bytes server version */
 	uint16_t server_ver = get16(buf+i);
 	i+=2;
+	DEBUG_PRINTLN("server version = %04x\n", server_ver);
 	if (server_ver != ctx->version) {
 		/* TODO allow (or not) downgrade to v1.2 */
 		return TLS_UNEXPECTED_MESSAGE;
@@ -908,9 +921,11 @@ int tls_parse_server_hello(struct TLSContext *ctx, const unsigned char *buf, siz
 	/* two bytes cipher suite selected */
 	ctx->cipher = get16(buf+i);
 	i+=2;
+	DEBUG_PRINTLN("server cipher = %04x\n", ctx->cipher);
 	if (!tls_cipher_supported(ctx, ctx->cipher)) {
 		ctx->cipher = 0;
 		DEBUG_PRINT("NO CIPHER SUPPORTED\n");
+		MARK;
 		return TLS_NO_COMMON_CIPHER;
 	}
 
@@ -954,6 +969,7 @@ int tls_parse_server_hello(struct TLSContext *ctx, const unsigned char *buf, siz
 			continue;
 		}
 		if (i+elen > len) {
+		MARK;
 			return TLS_BROKEN_PACKET;
 		}
 
@@ -1006,7 +1022,7 @@ int tls_parse_server_hello(struct TLSContext *ctx, const unsigned char *buf, siz
 				}
 				/* if ctx->curve */
 				if (selected) {
-					fprintf(stderr, "SELECTED CURVE %s\n",
+					DEBUG_PRINTLN("SELECTED CURVE %s\n",
 						 ctx->curve->name);
 				}
 			case 0x0010:
@@ -1047,6 +1063,7 @@ int tls_parse_server_hello(struct TLSContext *ctx, const unsigned char *buf, siz
 			case 0xff01: /* renegotiation info */
 				//fprintf(stderr, "renegotiation info\n");
 				/* ignore, we don't support renegotiation */
+		MARK;
 				break;
 			case 0x0033: /* key share */
 				/* TODO parse key share */
@@ -1054,6 +1071,7 @@ int tls_parse_server_hello(struct TLSContext *ctx, const unsigned char *buf, siz
 				break;
 			case 0x000b:
 				/* signature algorithms */
+		MARK;
 				break;
 			case 0x002b: /* supported versions */
 				/* should be two bytes of 0x00 0x02
@@ -1075,5 +1093,6 @@ int tls_parse_server_hello(struct TLSContext *ctx, const unsigned char *buf, siz
 	}
 #endif
 
+		MARK;
 	return 1;
 }