2 * Copyright (C) 2000,2001 Nikos Mavroyanopoulos
4 * This file is part of GNUTLS.
6 * GNUTLS is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * GNUTLS is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
21 #include "gnutls_int.h"
22 #include "gnutls_handshake.h"
23 #include "gnutls_kx.h"
24 #include "gnutls_dh.h"
25 #include "gnutls_errors.h"
26 #include "gnutls_algorithms.h"
28 #include "gnutls_gcry.h"
29 #include <gnutls_record.h>
31 /* This file contains important thing for the TLS handshake procedure.
34 #define MASTER_SECRET "master secret"
35 static int generate_normal_master( GNUTLS_STATE state
);
37 int _gnutls_generate_master( GNUTLS_STATE state
) {
38 if (state
->gnutls_internals
.resumed
==RESUME_FALSE
)
39 return generate_normal_master(state
);
43 static int generate_normal_master( GNUTLS_STATE state
) {
45 opaque
* premaster
, *master
;
47 char random
[2*TLS_RANDOM_SIZE
];
49 memcpy(random
, state
->security_parameters
.client_random
, TLS_RANDOM_SIZE
);
50 memcpy(&random
[TLS_RANDOM_SIZE
], state
->security_parameters
.server_random
, TLS_RANDOM_SIZE
);
52 /* generate premaster */
53 premaster_size
= state
->gnutls_key
->key
.size
;
54 premaster
= state
->gnutls_key
->key
.data
;
57 _gnutls_log( "PREMASTER SECRET[%d]: %s\n", premaster_size
, _gnutls_bin2hex(premaster
, premaster_size
));
58 _gnutls_log( "CLIENT RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(state
->security_parameters
.client_random
,32));
59 _gnutls_log( "SERVER RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(state
->security_parameters
.server_random
,32));
62 if ( state
->connection_state
.version
== GNUTLS_SSL3
) {
64 gnutls_ssl3_generate_random( premaster
, premaster_size
,
65 random
, 2*TLS_RANDOM_SIZE
, TLS_MASTER_SIZE
);
69 gnutls_PRF( premaster
, premaster_size
,
70 MASTER_SECRET
, strlen(MASTER_SECRET
),
71 random
, 2*TLS_RANDOM_SIZE
, TLS_MASTER_SIZE
);
73 secure_free(premaster
);
74 state
->gnutls_key
->key
.size
= 0;
75 state
->gnutls_key
->key
.data
= NULL
;
77 if (master
==NULL
) return GNUTLS_E_MEMORY_ERROR
;
80 _gnutls_log( "MASTER SECRET: %s\n", _gnutls_bin2hex(master
, TLS_MASTER_SIZE
));
82 memcpy(state
->security_parameters
.master_secret
, master
, TLS_MASTER_SIZE
);
88 /* This is called when we want to receive the key exchange message of the
89 * server. It does nothing if this type of message is not required
90 * by the selected ciphersuite.
92 int _gnutls_send_server_kx_message(SOCKET cd
, GNUTLS_STATE state
)
98 if (state
->gnutls_internals
.auth_struct
->gnutls_generate_server_kx
==NULL
)
101 #ifdef HANDSHAKE_DEBUG
102 _gnutls_log( "Sending server KX message\n");
106 data_size
= state
->gnutls_internals
.auth_struct
->gnutls_generate_server_kx( state
, &data
);
113 ret
= _gnutls_send_handshake(cd
, state
, data
, data_size
, GNUTLS_SERVER_KEY_EXCHANGE
);
123 /* This function sends a certificate request message to the
126 int _gnutls_send_server_certificate_request(SOCKET cd
, GNUTLS_STATE state
)
132 if (state
->gnutls_internals
.auth_struct
->gnutls_generate_server_certificate_request
==NULL
)
135 if (state
->gnutls_internals
.send_cert_req
<= 0)
138 #ifdef HANDSHAKE_DEBUG
139 _gnutls_log( "Sending server Certificate request message\n");
143 data_size
= state
->gnutls_internals
.auth_struct
->gnutls_generate_server_certificate_request( state
, &data
);
150 ret
= _gnutls_send_handshake(cd
, state
, data
, data_size
, GNUTLS_CERTIFICATE_REQUEST
);
160 /* Currently only used in SRP */
161 int _gnutls_send_server_kx_message2(SOCKET cd
, GNUTLS_STATE state
)
167 if (state
->gnutls_internals
.auth_struct
->gnutls_generate_server_kx2
!= NULL
) {
168 data_size
= state
->gnutls_internals
.auth_struct
->gnutls_generate_server_kx2( state
, &data
);
170 #ifdef HANDSHAKE_DEBUG
171 _gnutls_log( "Sending server KX message2\n");
179 ret
= _gnutls_send_handshake(cd
, state
, data
, data_size
, GNUTLS_SERVER_KEY_EXCHANGE
);
190 /* This is the function for the client to send the key
193 int _gnutls_send_client_kx_message(SOCKET cd
, GNUTLS_STATE state
)
199 if (state
->gnutls_internals
.auth_struct
->gnutls_generate_client_kx
==NULL
)
202 #ifdef HANDSHAKE_DEBUG
203 _gnutls_log( "Sending client KX message\n");
206 data_size
= state
->gnutls_internals
.auth_struct
->gnutls_generate_client_kx( state
, &data
);
212 ret
= _gnutls_send_handshake(cd
, state
, data
, data_size
, GNUTLS_CLIENT_KEY_EXCHANGE
);
223 /* Only used in SRP currently
225 int _gnutls_send_client_kx_message0(SOCKET cd
, GNUTLS_STATE state
)
231 if ( state
->gnutls_internals
.auth_struct
->gnutls_generate_client_kx0
== NULL
)
234 #ifdef HANDSHAKE_DEBUG
235 _gnutls_log( "Sending client KX message0\n");
238 data_size
= state
->gnutls_internals
.auth_struct
->gnutls_generate_client_kx0( state
, &data
);
244 ret
= _gnutls_send_handshake(cd
, state
, data
, data_size
, GNUTLS_CLIENT_KEY_EXCHANGE
);
251 /* This is the function for the client to send the certificate
254 int _gnutls_send_client_certificate_verify(SOCKET cd
, GNUTLS_STATE state
)
260 /* This is a packet that is only sent by the client
262 if (state
->security_parameters
.entity
==GNUTLS_SERVER
) return 0;
264 /* if certificate verify is not needed just exit
266 if (state
->gnutls_key
->certificate_requested
==0) {
270 if (state
->gnutls_internals
.auth_struct
->gnutls_generate_client_cert_vrfy
==NULL
) {
272 return 0; /* this algorithm does not support cli_cert_vrfy
276 #ifdef HANDSHAKE_DEBUG
277 _gnutls_log( "Sending client certificate verify message\n");
279 data_size
= state
->gnutls_internals
.auth_struct
->gnutls_generate_client_cert_vrfy( state
, &data
);
288 _gnutls_send_handshake(cd
, state
, data
,
290 GNUTLS_CERTIFICATE_VERIFY
);
297 int _gnutls_recv_server_kx_message(SOCKET cd
, GNUTLS_STATE state
)
303 if (state
->gnutls_internals
.auth_struct
->gnutls_process_server_kx
!=NULL
) {
305 #ifdef HANDSHAKE_DEBUG
306 _gnutls_log( "Receiving Server KX message\n");
310 _gnutls_recv_handshake(cd
, state
, &data
,
312 GNUTLS_SERVER_KEY_EXCHANGE
, MANDATORY_PACKET
);
317 ret
= state
->gnutls_internals
.auth_struct
->gnutls_process_server_kx( state
, data
, datasize
);
326 int _gnutls_recv_server_certificate_request(SOCKET cd
, GNUTLS_STATE state
)
332 if (state
->gnutls_internals
.auth_struct
->gnutls_process_server_certificate_request
!=NULL
) {
334 #ifdef HANDSHAKE_DEBUG
335 _gnutls_log( "Receiving Server Certificate request message\n");
339 _gnutls_recv_handshake(cd
, state
, &data
,
341 GNUTLS_CERTIFICATE_REQUEST
, OPTIONAL_PACKET
);
345 if (ret
==0 && datasize
== 0)
346 return 0; /* ignored */
348 ret
= state
->gnutls_internals
.auth_struct
->gnutls_process_server_certificate_request( state
, data
, datasize
);
357 int _gnutls_recv_server_kx_message2(SOCKET cd
, GNUTLS_STATE state
)
364 if (state
->gnutls_internals
.auth_struct
->gnutls_process_server_kx2
!= NULL
) {
366 #ifdef HANDSHAKE_DEBUG
367 _gnutls_log( "Receiving Server KX message2\n");
371 _gnutls_recv_handshake(cd
, state
, &data
,
373 GNUTLS_SERVER_KEY_EXCHANGE
, MANDATORY_PACKET
);
378 ret
= state
->gnutls_internals
.auth_struct
->gnutls_process_server_kx2( state
, data
, datasize
);
387 int _gnutls_recv_client_kx_message(SOCKET cd
, GNUTLS_STATE state
)
394 /* Do key exchange only if the algorithm permits it */
395 if (state
->gnutls_internals
.auth_struct
->gnutls_process_client_kx
!= NULL
) {
397 #ifdef HANDSHAKE_DEBUG
398 _gnutls_log( "Receiving client KX message\n");
402 _gnutls_recv_handshake(cd
, state
, &data
,
404 GNUTLS_CLIENT_KEY_EXCHANGE
, MANDATORY_PACKET
);
408 ret
= state
->gnutls_internals
.auth_struct
->gnutls_process_client_kx( state
, data
, datasize
);
418 /* only used in SRP */
419 int _gnutls_recv_client_kx_message0(SOCKET cd
, GNUTLS_STATE state
)
425 /* Do key exchange only if the algorithm permits it */
426 if (state
->gnutls_internals
.auth_struct
->gnutls_process_client_kx0
!= NULL
) {
428 #ifdef HANDSHAKE_DEBUG
429 _gnutls_log( "Receiving client KX message0\n");
433 _gnutls_recv_handshake(cd
, state
, &data
,
435 GNUTLS_CLIENT_KEY_EXCHANGE
, MANDATORY_PACKET
);
439 ret
= state
->gnutls_internals
.auth_struct
->gnutls_process_client_kx0( state
, data
, datasize
);
448 /* This is called when we want send our certificate
450 int _gnutls_send_client_certificate(SOCKET cd
, GNUTLS_STATE state
)
457 if (state
->gnutls_key
->certificate_requested
== 0)
460 if (state
->gnutls_internals
.auth_struct
->gnutls_generate_client_certificate
==NULL
)
463 #ifdef HANDSHAKE_DEBUG
464 _gnutls_log( "Sending client certificate message\n");
467 data_size
= state
->gnutls_internals
.auth_struct
->gnutls_generate_client_certificate( state
, &data
);
474 ret
= _gnutls_send_handshake(cd
, state
, data
, data_size
, GNUTLS_CERTIFICATE
);
486 /* This is called when we want send our certificate
488 int _gnutls_send_server_certificate(SOCKET cd
, GNUTLS_STATE state
)
495 if (state
->gnutls_internals
.auth_struct
->gnutls_generate_server_certificate
==NULL
)
498 #ifdef HANDSHAKE_DEBUG
499 _gnutls_log( "Sending certificate message\n");
502 data_size
= state
->gnutls_internals
.auth_struct
->gnutls_generate_server_certificate( state
, &data
);
509 ret
= _gnutls_send_handshake(cd
, state
, data
, data_size
, GNUTLS_CERTIFICATE
);
521 int _gnutls_recv_client_certificate(SOCKET cd
, GNUTLS_STATE state
)
528 if (state
->gnutls_internals
.auth_struct
->gnutls_process_client_certificate
!=NULL
) {
530 /* if we have not requested a certificate then just return
532 if ( state
->gnutls_internals
.send_cert_req
== 0) {
536 if ( state
->gnutls_internals
.send_cert_req
== GNUTLS_CERT_REQUIRE
)
537 optional
= MANDATORY_PACKET
;
539 optional
= OPTIONAL_PACKET
;
542 _gnutls_recv_handshake(cd
, state
, &data
,
544 GNUTLS_CERTIFICATE
, optional
);
546 if (optional
== OPTIONAL_PACKET
&&
547 ret
==GNUTLS_E_WARNING_ALERT_RECEIVED
&&
548 gnutls_get_last_alert(state
)==GNUTLS_NETSCAPE_NO_CLIENT_CERTIFICATE
) {
550 /* netscape does not send an empty certificate,
551 * but this alert. So we just ignore it.
556 /* certificate was required */
557 gnutls_send_alert( cd
, state
, GNUTLS_FATAL
, GNUTLS_BAD_CERTIFICATE
);
562 if (ret
== 0 && datasize
== 0 && optional
== OPTIONAL_PACKET
) {
563 /* well I'm not sure we should accept this
571 ret
= state
->gnutls_internals
.auth_struct
->gnutls_process_client_certificate( state
, data
, datasize
);
573 if (ret
< 0 && ret
!= GNUTLS_E_NO_CERTIFICATE_FOUND
) {
578 /* ok we should expect a certificate verify message now
580 if (ret
==GNUTLS_E_NO_CERTIFICATE_FOUND
&& optional
== OPTIONAL_PACKET
)
583 state
->gnutls_key
->certificate_requested
= 1;
590 int _gnutls_recv_server_certificate(SOCKET cd
, GNUTLS_STATE state
)
596 if (state
->gnutls_internals
.auth_struct
->gnutls_process_server_certificate
!=NULL
) {
599 _gnutls_recv_handshake(cd
, state
, &data
,
601 GNUTLS_CERTIFICATE
, MANDATORY_PACKET
);
607 ret
= state
->gnutls_internals
.auth_struct
->gnutls_process_server_certificate( state
, data
, datasize
);
619 /* Recv the client certificate verify. This packet may not
620 * arrive if the peer did not send us a certificate.
622 int _gnutls_recv_client_certificate_verify_message(SOCKET cd
, GNUTLS_STATE state
)
629 if (state
->gnutls_internals
.auth_struct
->gnutls_process_client_cert_vrfy
!= NULL
) {
631 #ifdef HANDSHAKE_DEBUG
632 _gnutls_log( "Receiving client certificate verify message\n");
635 if ( state
->gnutls_internals
.send_cert_req
== 0 ||
636 state
->gnutls_key
->certificate_requested
== 0) {
641 _gnutls_recv_handshake(cd
, state
, &data
,
643 GNUTLS_CERTIFICATE_VERIFY
, OPTIONAL_PACKET
);
647 if (ret
==0 && datasize
== 0 && state
->gnutls_internals
.send_cert_req
== GNUTLS_CERT_REQUIRE
) {
648 /* certificate was required */
649 gnutls_send_alert( cd
, state
, GNUTLS_FATAL
, GNUTLS_BAD_CERTIFICATE
);
651 return GNUTLS_E_NO_CERTIFICATE_FOUND
;
654 ret
= state
->gnutls_internals
.auth_struct
->gnutls_process_client_cert_vrfy( state
, data
, datasize
);