lib/gnutls_v2_compat.c

   1 /*
   2  * Copyright (C) 2001, 2004, 2005, 2006, 2008, 2010 Free Software
   3  * Foundation, Inc.
   4  *
   5  * Author: Nikos Mavrogiannopoulos
   6  *
   7  * This file is part of GNUTLS.
   8  *
   9  * The GNUTLS library is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * as published by the Free Software Foundation; either version 2.1 of
  12  * the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful, but
  15  * WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public
  20  * License along with this library; if not, write to the Free Software
  21  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  22  * USA
  23  *
  24  */
  25
  26 /* Functions to parse the SSLv2.0 hello message.
  27  */
  28
  29 #include "gnutls_int.h"
  30 #include "gnutls_errors.h"
  31 #include "gnutls_dh.h"
  32 #include "debug.h"
  33 #include "gnutls_algorithms.h"
  34 #include "gnutls_compress.h"
  35 #include "gnutls_cipher.h"
  36 #include "gnutls_buffers.h"
  37 #include "gnutls_kx.h"
  38 #include "gnutls_handshake.h"
  39 #include "gnutls_num.h"
  40 #include "gnutls_hash_int.h"
  41 #include "gnutls_db.h"
  42 #include "gnutls_extensions.h"
  43 #include "gnutls_auth.h"
  44 #include "gnutls_v2_compat.h"
  45
  46 /* This selects the best supported ciphersuite from the ones provided */
  47 static int
  48 _gnutls_handshake_select_v2_suite (gnutls_session_t session,
  49                                    opaque * data, int datalen)
  50 {
  51   int i, j, ret;
  52   opaque *_data;
  53   int _datalen;
  54
  55   _gnutls_handshake_log ("HSK[%p]: Parsing a version 2.0 client hello.\n",
  56                          session);
  57
  58   _data = gnutls_malloc (datalen);
  59   if (_data == NULL)
  60     {
  61       gnutls_assert ();
  62       return GNUTLS_E_MEMORY_ERROR;
  63     }
  64
  65   if (datalen % 3 != 0)
  66     {
  67       gnutls_assert ();
  68       return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
  69     }
  70
  71   i = _datalen = 0;
  72   for (j = 0; j < datalen; j += 3)
  73     {
  74       if (data[j] == 0)
  75         {
  76           memcpy (&_data[i], &data[j + 1], 2);
  77           i += 2;
  78           _datalen += 2;
  79         }
  80     }
  81
  82   ret = _gnutls_server_select_suite (session, _data, _datalen);
  83   gnutls_free (_data);
  84
  85   return ret;
  86
  87 }
  88
  89
  90 /* Read a v2 client hello. Some browsers still use that beast!
  91  * However they set their version to 3.0 or 3.1.
  92  */
  93 int
  94 _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data,
  95                               int datalen)
  96 {
  97   uint16_t session_id_len = 0;
  98   int pos = 0;
  99   int ret = 0;
 100   uint16_t sizeOfSuites;
 101   gnutls_protocol_t adv_version;
 102   opaque rnd[GNUTLS_RANDOM_SIZE];
 103   int len = datalen;
 104   int err;
 105   uint16_t challenge;
 106   opaque session_id[TLS_MAX_SESSION_ID_SIZE];
 107
 108   /* we only want to get here once - only in client hello */
 109   session->internals.v2_hello = 0;
 110
 111   DECR_LEN (len, 2);
 112
 113   _gnutls_handshake_log
 114     ("HSK[%p]: SSL 2.0 Hello: Client's version: %d.%d\n", session,
 115      data[pos], data[pos + 1]);
 116
 117   set_adv_version (session, data[pos], data[pos + 1]);
 118
 119   adv_version = _gnutls_version_get (data[pos], data[pos + 1]);
 120
 121   ret = _gnutls_negotiate_version (session, adv_version);
 122   if (ret < 0)
 123     {
 124       gnutls_assert ();
 125       return ret;
 126     }
 127
 128   pos += 2;
 129
 130   /* Read uint16_t cipher_spec_length */
 131   DECR_LEN (len, 2);
 132   sizeOfSuites = _gnutls_read_uint16 (&data[pos]);
 133   pos += 2;
 134
 135   /* read session id length */
 136   DECR_LEN (len, 2);
 137   session_id_len = _gnutls_read_uint16 (&data[pos]);
 138   pos += 2;
 139
 140   if (session_id_len > TLS_MAX_SESSION_ID_SIZE)
 141     {
 142       gnutls_assert ();
 143       return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
 144     }
 145
 146   /* read challenge length */
 147   DECR_LEN (len, 2);
 148   challenge = _gnutls_read_uint16 (&data[pos]);
 149   pos += 2;
 150
 151   if (challenge < 16 || challenge > GNUTLS_RANDOM_SIZE)
 152     {
 153       gnutls_assert ();
 154       return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
 155     }
 156
 157   /* call the user hello callback
 158    */
 159   ret = _gnutls_user_hello_func (session, adv_version);
 160   if (ret < 0)
 161     {
 162       gnutls_assert ();
 163       return ret;
 164     }
 165
 166   /* find an appropriate cipher suite */
 167
 168   DECR_LEN (len, sizeOfSuites);
 169   ret = _gnutls_handshake_select_v2_suite (session, &data[pos], sizeOfSuites);
 170
 171   pos += sizeOfSuites;
 172   if (ret < 0)
 173     {
 174       gnutls_assert ();
 175       return ret;
 176     }
 177
 178   /* check if the credentials (username, public key etc.) are ok
 179    */
 180   if (_gnutls_get_kx_cred
 181       (session,
 182        _gnutls_cipher_suite_get_kx_algo (&session->security_parameters.
 183                                          current_cipher_suite), &err) == NULL
 184       && err != 0)
 185     {
 186       gnutls_assert ();
 187       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 188     }
 189
 190   /* set the mod_auth_st to the appropriate struct
 191    * according to the KX algorithm. This is needed since all the
 192    * handshake functions are read from there;
 193    */
 194   session->internals.auth_struct =
 195     _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
 196                             (&session->security_parameters.
 197                              current_cipher_suite));
 198   if (session->internals.auth_struct == NULL)
 199     {
 200
 201       _gnutls_handshake_log
 202         ("HSK[%p]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
 203          session);
 204
 205       gnutls_assert ();
 206       return GNUTLS_E_INTERNAL_ERROR;
 207     }
 208
 209
 210
 211   /* read random new values -skip session id for now */
 212   DECR_LEN (len, session_id_len);       /* skip session id for now */
 213   memcpy (session_id, &data[pos], session_id_len);
 214   pos += session_id_len;
 215
 216   DECR_LEN (len, challenge);
 217   memset (rnd, 0, GNUTLS_RANDOM_SIZE);
 218
 219   memcpy (&rnd[GNUTLS_RANDOM_SIZE - challenge], &data[pos], challenge);
 220
 221   _gnutls_set_client_random (session, rnd);
 222
 223   /* generate server random value */
 224
 225   _gnutls_tls_create_random (rnd);
 226   _gnutls_set_server_random (session, rnd);
 227
 228   session->security_parameters.timestamp = time (NULL);
 229
 230
 231   /* RESUME SESSION */
 232
 233   DECR_LEN (len, session_id_len);
 234   ret = _gnutls_server_restore_session (session, session_id, session_id_len);
 235
 236   if (ret == 0)
 237     {                           /* resumed! */
 238       /* get the new random values */
 239       memcpy (session->internals.resumed_security_parameters.server_random,
 240               session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
 241       memcpy (session->internals.resumed_security_parameters.client_random,
 242               session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
 243
 244       session->internals.resumed = RESUME_TRUE;
 245       return 0;
 246     }
 247   else
 248     {
 249       _gnutls_generate_session_id (session->security_parameters.session_id,
 250                                    &session->security_parameters.
 251                                    session_id_size);
 252       session->internals.resumed = RESUME_FALSE;
 253     }
 254
 255   session->internals.compression_method = GNUTLS_COMP_NULL;
 256
 257   return 0;
 258 }