X-Git-Url: https://pd.if.org/git/?a=blobdiff_plain;f=crypto%2Ftlse.c;fp=crypto%2Ftlse.c;h=a49b447101f59c9bfbbd42bdc5246bbcf9eac515;hb=4eb87b5be87fdff504476d1798d558367d3f6f3e;hp=233fe26d9c410e04a9771f888b2b2443c41b9cc0;hpb=b9eb4486d50a2af606c6b776fcb5dfe065ccee9e;p=zpackage diff --git a/crypto/tlse.c b/crypto/tlse.c index 233fe26..a49b447 100644 --- a/crypto/tlse.c +++ b/crypto/tlse.c @@ -61,8 +61,12 @@ #define CHECK_HANDSHAKE_STATE(context, n, limit) { if (context->hs_messages[n] >= limit) { DEBUG_PRINT("* UNEXPECTED MESSAGE (%i)\n", (int)n); payload_res = TLS_UNEXPECTED_MESSAGE; break; } context->hs_messages[n]++; } -//#define MARK fprintf(stderr, "%s %s:%d\n", __FILE__, __func__, __LINE__) -#define MARK +#ifdef DEBUG +int tls_indent = 0; +int tls_indent_i = 0; +#endif + +//#define MARK typedef enum { KEA_dhe_dss, KEA_dhe_rsa, @@ -207,23 +211,65 @@ static uint32_t get24(const unsigned char *buf) { return res; } +#ifdef DEBUG +static char *packet_content_type(int type) { + switch (type) { + case 20: return "change_cipher_spec"; break; + case 21: return "alert"; break; + case 22: return "handshake"; break; + case 23: return "application_data"; break; + default: break; + } + return "unknown content type"; +} + +static char *packet_handshake_type(int type) { + switch (type) { + case 0: return "hello_request"; break; + case 1: return "client_hello"; break; + case 2: return "server_hello"; break; + case 11: return "certificate"; break; + case 12: return "server_key_exchange"; break; + case 13: return "certificate_request"; break; + case 14: return "server_hello_done"; break; + case 15: return "certificate_verify"; break; + case 16: return "client_key_exchange"; break; + case 20: return "finished"; break; + default: break; + } + return "unknown handshake type"; +} +#endif + size_t tls_queue_packet(struct TLSPacket *packet) { + ENTER; if (!packet) { + LEAVE; return -1; } struct TLSContext *context = packet->context; if (!context) { + LEAVE; return -1; } + DEBUG_PRINTLN("sending packet type %d %s\n", (int)packet->buf[0], + packet_content_type(packet->buf[0])); + if (packet->buf[0] == 22) { + DEBUG_PRINTLN("handshake type %d %s\n", (int)packet->buf[5], + packet_handshake_type(packet->buf[5]) + ); + } tls_buffer_append(&context->output_buffer, packet->buf, packet->len); tls_destroy_packet(packet); + LEAVE; return context->output_buffer.len; } static void tls_send_change_cipher_spec(struct TLSContext *context) { + ENTER; struct TLSPacket *packet = tls_create_packet(context, TLS_CHANGE_CIPHER, context->version, 64); @@ -231,6 +277,7 @@ static void tls_send_change_cipher_spec(struct TLSContext *context) { tls_packet_update(packet); context->local_sequence_number = 0; tls_queue_packet(packet); + LEAVE; return; } @@ -277,6 +324,7 @@ static void tls_send_certificate(struct TLSContext *context) { int certificates_count; struct TLSCertificate **certificates; + ENTER; if (context->is_server) { certificates_count = context->certificates_count; certificates = context->certificates; @@ -364,6 +412,7 @@ static void tls_send_certificate(struct TLSContext *context) { } tls_packet_update(packet); tls_queue_packet(packet); + LEAVE; return; } @@ -1237,10 +1286,11 @@ static void tls_prf(struct TLSContext *context, } static void tls_send_finished(struct TLSContext *context) { + ENTER; struct TLSPacket *packet = tls_create_packet(context, TLS_HANDSHAKE, context->version, TLS_MIN_FINISHED_OPAQUE_LEN + 64); - tls_packet_uint8(packet, 0x14); + tls_packet_uint8(packet, 20); if (context->tlsver == TLS_VERSION13) { tls_packet_uint24(packet, tls_mac_length(context)); @@ -1270,6 +1320,7 @@ static void tls_send_finished(struct TLSContext *context) { /* TODO probably need to terminate */ tls_destroy_packet(packet); + LEAVE; return; } @@ -1309,6 +1360,7 @@ static void tls_send_finished(struct TLSContext *context) { tls_packet_update(packet); DEBUG_DUMP_HEX_LABEL("VERIFY DATA", out, out_size); tls_queue_packet(packet); + LEAVE; return; } @@ -3330,6 +3382,7 @@ int tls_parse_certificate(struct TLSContext *context, res += certificate_size; } if (!valid_certificate) { + MARK; return TLS_UNSUPPORTED_CERTIFICATE; } if (res != buf_len) { @@ -3531,6 +3584,7 @@ int tls_parse_server_key_exchange(struct TLSContext *context, DEBUG_PRINT(" dh_q: "); dh_res = parse_dh(&buf[res], buf_len - res, &dh_g, &dh_g_len); if (dh_res <= 0) { + MARK; return TLS_BROKEN_PACKET; } res += dh_res; @@ -3540,6 +3594,7 @@ int tls_parse_server_key_exchange(struct TLSContext *context, dh_res = parse_dh(&buf[res], buf_len - res, &dh_Ys, &dh_Ys_len); if (dh_res <= 0) { + MARK; return TLS_BROKEN_PACKET; } res += dh_res; @@ -3702,6 +3757,7 @@ static int tls_parse_server_hello_done(const unsigned char *buf, int buf_len) { return TLS_NEED_MORE_DATA; } + MARK; res += size; return res; } @@ -3822,6 +3878,7 @@ int tls_parse_finished(struct TLSContext *context, // fprintf(stderr, "set conn status = %d\n", context->connection_status); + MARK; res += size; return res; } @@ -3949,6 +4006,7 @@ int tls_parse_verify(struct TLSContext *context, const unsigned char *buf, /* TODO This is actually a parse a handshake message */ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf, int buf_len) { + ENTER; int orig_len = buf_len; @@ -4241,7 +4299,6 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf, switch (write_packets) { case 1: if (context->client_verified == 2) { - DEBUG_PRINT("<= Building CERTIFICATE \n"); tls_send_certificate(context); context->client_verified = 0; } @@ -4342,6 +4399,7 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf, buf += payload_size; buf_len -= payload_size; } + LEAVE; return orig_len; } @@ -5270,6 +5328,7 @@ int tls_consume_stream(struct TLSContext *context) { /* This is the only place tls_parse_message is called */ int consumed = tls_parse_message(context, buffer+index, length); if (consumed < 0) { + fprintf(stderr, "parse message error: %d\n", consumed); err_flag = consumed; break; } @@ -5602,6 +5661,7 @@ int tls_connect(struct TLSContext *context) { } MARK; if (tls_established(context)) { + MARK; return 1; } MARK;