search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
server side client authentication works
[gnutls.git] / lib / gnutls_kx.c
blob24ad5376bdbb9a4646733002f235a5857cb1adac
1 /*
2 * Copyright (C) 2000,2001 Nikos Mavroyanopoulos
3 *
4 * This file is part of GNUTLS.
5 *
6 * GNUTLS is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * GNUTLS is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21 #include "gnutls_int.h"
22 #include "gnutls_handshake.h"
23 #include "gnutls_kx.h"
24 #include "gnutls_dh.h"
25 #include "gnutls_errors.h"
26 #include "gnutls_algorithms.h"
27 #include "debug.h"
28 #include "gnutls_gcry.h"
29 #include <gnutls_record.h>
30
31 /* This file contains important thing for the TLS handshake procedure.
32 */
33
34 #define MASTER_SECRET "master secret"
35 static int generate_normal_master( GNUTLS_STATE state);
36
37 int _gnutls_generate_master( GNUTLS_STATE state) {
38 if (state->gnutls_internals.resumed==RESUME_FALSE)
39 return generate_normal_master(state);
40 return 0;
41 }
42
43 static int generate_normal_master( GNUTLS_STATE state) {
44 int premaster_size;
45 opaque* premaster, *master;
46 int ret = 0;
47 char random[2*TLS_RANDOM_SIZE];
48
49 memcpy(random, state->security_parameters.client_random, TLS_RANDOM_SIZE);
50 memcpy(&random[TLS_RANDOM_SIZE], state->security_parameters.server_random, TLS_RANDOM_SIZE);
51
52 /* generate premaster */
53 premaster_size = state->gnutls_key->key.size;
54 premaster = state->gnutls_key->key.data;
55
56 #ifdef HARD_DEBUG
57 _gnutls_log( "PREMASTER SECRET[%d]: %s\n", premaster_size, _gnutls_bin2hex(premaster, premaster_size));
58 _gnutls_log( "CLIENT RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(state->security_parameters.client_random,32));
59 _gnutls_log( "SERVER RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(state->security_parameters.server_random,32));
60 #endif
61
62 if ( state->connection_state.version == GNUTLS_SSL3) {
63 master =
64 gnutls_ssl3_generate_random( premaster, premaster_size,
65 random, 2*TLS_RANDOM_SIZE, TLS_MASTER_SIZE);
66
67 } else {
68 master =
69 gnutls_PRF( premaster, premaster_size,
70 MASTER_SECRET, strlen(MASTER_SECRET),
71 random, 2*TLS_RANDOM_SIZE, TLS_MASTER_SIZE);
72 }
73 secure_free(premaster);
74 state->gnutls_key->key.size = 0;
75 state->gnutls_key->key.data = NULL;
76
77 if (master==NULL) return GNUTLS_E_MEMORY_ERROR;
78
79 #ifdef HARD_DEBUG
80 _gnutls_log( "MASTER SECRET: %s\n", _gnutls_bin2hex(master, TLS_MASTER_SIZE));
81 #endif
82 memcpy(state->security_parameters.master_secret, master, TLS_MASTER_SIZE);
83 secure_free(master);
84 return ret;
85 }
86
87
88 /* This is called when we want to receive the key exchange message of the
89 * server. It does nothing if this type of message is not required
90 * by the selected ciphersuite.
91 */
92 int _gnutls_send_server_kx_message(SOCKET cd, GNUTLS_STATE state)
93 {
94 uint8 *data = NULL;
95 int data_size = 0;
96 int ret = 0;
97
98 if (state->gnutls_internals.auth_struct->gnutls_generate_server_kx==NULL)
99 return 0;
100
101 #ifdef HANDSHAKE_DEBUG
102 _gnutls_log( "Sending server KX message\n");
103 #endif
104
105
106 data_size = state->gnutls_internals.auth_struct->gnutls_generate_server_kx( state, &data);
107
108 if (data_size < 0) {
109 gnutls_assert();
110 return data_size;
111 }
112
113 ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_SERVER_KEY_EXCHANGE);
114 gnutls_free(data);
115
116 if (ret < 0) {
117 gnutls_assert();
118 return ret;
119 }
120 return data_size;
121 }
122
123 /* This function sends a certificate request message to the
124 * client.
125 */
126 int _gnutls_send_server_certificate_request(SOCKET cd, GNUTLS_STATE state)
127 {
128 uint8 *data = NULL;
129 int data_size = 0;
130 int ret = 0;
131
132 if (state->gnutls_internals.auth_struct->gnutls_generate_server_certificate_request==NULL)
133 return 0;
134
135 if (state->gnutls_internals.send_cert_req <= 0)
136 return 0;
137
138 #ifdef HANDSHAKE_DEBUG
139 _gnutls_log( "Sending server Certificate request message\n");
140 #endif
141
142
143 data_size = state->gnutls_internals.auth_struct->gnutls_generate_server_certificate_request( state, &data);
144
145 if (data_size < 0) {
146 gnutls_assert();
147 return data_size;
148 }
149
150 ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_CERTIFICATE_REQUEST);
151 gnutls_free(data);
152
153 if (ret < 0) {
154 gnutls_assert();
155 return ret;
156 }
157 return data_size;
158 }
159
160 /* Currently only used in SRP */
161 int _gnutls_send_server_kx_message2(SOCKET cd, GNUTLS_STATE state)
162 {
163 uint8 *data = NULL;
164 int data_size = 0;
165 int ret = 0;
166
167 if (state->gnutls_internals.auth_struct->gnutls_generate_server_kx2 != NULL) {
168 data_size = state->gnutls_internals.auth_struct->gnutls_generate_server_kx2( state, &data);
169
170 #ifdef HANDSHAKE_DEBUG
171 _gnutls_log( "Sending server KX message2\n");
172 #endif
173
174 if (data_size<0) {
175 gnutls_assert();
176 return data_size;
177 }
178
179 ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_SERVER_KEY_EXCHANGE);
180 gnutls_free(data);
181 if (ret<0) {
182 gnutls_assert();
183 return ret;
184 }
185
186 }
187 return data_size;
188 }
189
190 /* This is the function for the client to send the key
191 * exchange message
192 */
193 int _gnutls_send_client_kx_message(SOCKET cd, GNUTLS_STATE state)
194 {
195 uint8 *data;
196 int data_size;
197 int ret = 0;
198
199 if (state->gnutls_internals.auth_struct->gnutls_generate_client_kx==NULL)
200 return 0;
201
202 #ifdef HANDSHAKE_DEBUG
203 _gnutls_log( "Sending client KX message\n");
204 #endif
205
206 data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_kx( state, &data);
207 if (data_size < 0) {
208 gnutls_assert();
209 return data_size;
210 }
211
212 ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_CLIENT_KEY_EXCHANGE);
213 gnutls_free(data);
214
215 if (ret<0) {
216 gnutls_assert();
217 return ret;
218 }
219
220 return ret;
221 }
222
223 /* Only used in SRP currently
224 */
225 int _gnutls_send_client_kx_message0(SOCKET cd, GNUTLS_STATE state)
226 {
227 uint8 *data;
228 int data_size;
229 int ret = 0;
230
231 if ( state->gnutls_internals.auth_struct->gnutls_generate_client_kx0 == NULL)
232 return 0;
233
234 #ifdef HANDSHAKE_DEBUG
235 _gnutls_log( "Sending client KX message0\n");
236 #endif
237
238 data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_kx0( state, &data);
239 if (data_size < 0) {
240 gnutls_assert();
241 return data_size;
242 }
243
244 ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_CLIENT_KEY_EXCHANGE);
245 gnutls_free(data);
246
247 return ret;
248 }
249
250
251 /* This is the function for the client to send the certificate
252 * verify message
253 */
254 int _gnutls_send_client_certificate_verify(SOCKET cd, GNUTLS_STATE state)
255 {
256 uint8 *data;
257 int ret = 0;
258 int data_size;
259
260 /* This is a packet that is only sent by the client
261 */
262 if (state->security_parameters.entity==GNUTLS_SERVER) return 0;
263
264 /* if certificate verify is not needed just exit
265 */
266 if (state->gnutls_key->certificate_requested==0) {
267 return 0;
268 }
269
270 if (state->gnutls_internals.auth_struct->gnutls_generate_client_cert_vrfy==NULL) {
271 gnutls_assert();
272 return 0; /* this algorithm does not support cli_cert_vrfy
273 */
274 }
275
276 #ifdef HANDSHAKE_DEBUG
277 _gnutls_log( "Sending client certificate verify message\n");
278 #endif
279 data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_cert_vrfy( state, &data);
280 if (data_size < 0) {
281 gnutls_assert();
282 return data_size;
283 }
284 if (data_size == 0)
285 return 0;
286
287 ret =
288 _gnutls_send_handshake(cd, state, data,
289 data_size,
290 GNUTLS_CERTIFICATE_VERIFY);
291 gnutls_free(data);
292
293 return ret;
294 }
295
296
297 int _gnutls_recv_server_kx_message(SOCKET cd, GNUTLS_STATE state)
298 {
299 uint8 *data;
300 int datasize;
301 int ret = 0;
302
303 if (state->gnutls_internals.auth_struct->gnutls_process_server_kx!=NULL) {
304
305 #ifdef HANDSHAKE_DEBUG
306 _gnutls_log( "Receiving Server KX message\n");
307 #endif
308
309 ret =
310 _gnutls_recv_handshake(cd, state, &data,
311 &datasize,
312 GNUTLS_SERVER_KEY_EXCHANGE, MANDATORY_PACKET);
313 if (ret < 0)
314 return ret;
315
316
317 ret = state->gnutls_internals.auth_struct->gnutls_process_server_kx( state, data, datasize);
318 gnutls_free(data);
319 if (ret < 0)
320 return ret;
321
322 }
323 return ret;
324 }
325
326 int _gnutls_recv_server_certificate_request(SOCKET cd, GNUTLS_STATE state)
327 {
328 uint8 *data;
329 int datasize;
330 int ret = 0;
331
332 if (state->gnutls_internals.auth_struct->gnutls_process_server_certificate_request!=NULL) {
333
334 #ifdef HANDSHAKE_DEBUG
335 _gnutls_log( "Receiving Server Certificate request message\n");
336 #endif
337
338 ret =
339 _gnutls_recv_handshake(cd, state, &data,
340 &datasize,
341 GNUTLS_CERTIFICATE_REQUEST, OPTIONAL_PACKET);
342 if (ret < 0)
343 return ret;
344
345 if (ret==0 && datasize == 0)
346 return 0; /* ignored */
347
348 ret = state->gnutls_internals.auth_struct->gnutls_process_server_certificate_request( state, data, datasize);
349 gnutls_free(data);
350 if (ret < 0)
351 return ret;
352
353 }
354 return ret;
355 }
356
357 int _gnutls_recv_server_kx_message2(SOCKET cd, GNUTLS_STATE state)
358 {
359 uint8 *data;
360 int datasize;
361 int ret = 0;
362
363
364 if (state->gnutls_internals.auth_struct->gnutls_process_server_kx2 != NULL) {
365
366 #ifdef HANDSHAKE_DEBUG
367 _gnutls_log( "Receiving Server KX message2\n");
368 #endif
369
370 ret =
371 _gnutls_recv_handshake(cd, state, &data,
372 &datasize,
373 GNUTLS_SERVER_KEY_EXCHANGE, MANDATORY_PACKET);
374 if (ret < 0)
375 return ret;
376
377
378 ret = state->gnutls_internals.auth_struct->gnutls_process_server_kx2( state, data, datasize);
379 gnutls_free(data);
380 if (ret < 0)
381 return ret;
382
383 }
384 return ret;
385 }
386
387 int _gnutls_recv_client_kx_message(SOCKET cd, GNUTLS_STATE state)
388 {
389 uint8 *data;
390 int datasize;
391 int ret = 0;
392
393
394 /* Do key exchange only if the algorithm permits it */
395 if (state->gnutls_internals.auth_struct->gnutls_process_client_kx != NULL) {
396
397 #ifdef HANDSHAKE_DEBUG
398 _gnutls_log( "Receiving client KX message\n");
399 #endif
400
401 ret =
402 _gnutls_recv_handshake(cd, state, &data,
403 &datasize,
404 GNUTLS_CLIENT_KEY_EXCHANGE, MANDATORY_PACKET);
405 if (ret < 0)
406 return ret;
407
408 ret = state->gnutls_internals.auth_struct->gnutls_process_client_kx( state, data, datasize);
409 gnutls_free(data);
410 if (ret < 0)
411 return ret;
412
413 }
414
415 return ret;
416 }
417
418 /* only used in SRP */
419 int _gnutls_recv_client_kx_message0(SOCKET cd, GNUTLS_STATE state)
420 {
421 uint8 *data;
422 int datasize;
423 int ret = 0;
424
425 /* Do key exchange only if the algorithm permits it */
426 if (state->gnutls_internals.auth_struct->gnutls_process_client_kx0 != NULL) {
427
428 #ifdef HANDSHAKE_DEBUG
429 _gnutls_log( "Receiving client KX message0\n");
430 #endif
431
432 ret =
433 _gnutls_recv_handshake(cd, state, &data,
434 &datasize,
435 GNUTLS_CLIENT_KEY_EXCHANGE, MANDATORY_PACKET);
436 if (ret < 0)
437 return ret;
438
439 ret = state->gnutls_internals.auth_struct->gnutls_process_client_kx0( state, data, datasize);
440 gnutls_free(data);
441 if (ret < 0)
442 return ret;
443
444 }
445 return ret;
446 }
447
448 /* This is called when we want send our certificate
449 */
450 int _gnutls_send_client_certificate(SOCKET cd, GNUTLS_STATE state)
451 {
452 uint8 *data = NULL;
453 int data_size = 0;
454 int ret = 0;
455
456
457 if (state->gnutls_key->certificate_requested == 0)
458 return 0;
459
460 if (state->gnutls_internals.auth_struct->gnutls_generate_client_certificate==NULL)
461 return 0;
462
463 #ifdef HANDSHAKE_DEBUG
464 _gnutls_log( "Sending client certificate message\n");
465 #endif
466
467 data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_certificate( state, &data);
468
469 if (data_size < 0) {
470 gnutls_assert();
471 return data_size;
472 }
473
474 ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_CERTIFICATE);
475 gnutls_free(data);
476
477 if (ret<0) {
478 gnutls_assert();
479 return ret;
480 }
481
482 return data_size;
483 }
484
485
486 /* This is called when we want send our certificate
487 */
488 int _gnutls_send_server_certificate(SOCKET cd, GNUTLS_STATE state)
489 {
490 uint8 *data = NULL;
491 int data_size = 0;
492 int ret = 0;
493
494
495 if (state->gnutls_internals.auth_struct->gnutls_generate_server_certificate==NULL)
496 return 0;
497
498 #ifdef HANDSHAKE_DEBUG
499 _gnutls_log( "Sending certificate message\n");
500 #endif
501
502 data_size = state->gnutls_internals.auth_struct->gnutls_generate_server_certificate( state, &data);
503
504 if (data_size < 0) {
505 gnutls_assert();
506 return data_size;
507 }
508
509 ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_CERTIFICATE);
510 gnutls_free(data);
511
512 if (ret<0) {
513 gnutls_assert();
514 return ret;
515 }
516
517 return data_size;
518 }
519
520
521 int _gnutls_recv_client_certificate(SOCKET cd, GNUTLS_STATE state)
522 {
523 int datasize;
524 opaque * data;
525 int ret = 0;
526 int optional;
527
528 if (state->gnutls_internals.auth_struct->gnutls_process_client_certificate!=NULL) {
529
530 /* if we have not requested a certificate then just return
531 */
532 if ( state->gnutls_internals.send_cert_req == 0) {
533 return 0;
534 }
535
536 if ( state->gnutls_internals.send_cert_req == GNUTLS_CERT_REQUIRE)
537 optional = MANDATORY_PACKET;
538 else
539 optional = OPTIONAL_PACKET;
540
541 ret =
542 _gnutls_recv_handshake(cd, state, &data,
543 &datasize,
544 GNUTLS_CERTIFICATE, optional);
545 if (ret < 0) {
546 if (optional == OPTIONAL_PACKET &&
547 ret==GNUTLS_E_WARNING_ALERT_RECEIVED &&
548 gnutls_get_last_alert(state)==GNUTLS_NETSCAPE_NO_CLIENT_CERTIFICATE) {
549
550 /* netscape does not send an empty certificate,
551 * but this alert. So we just ignore it.
552 */
553 gnutls_assert();
554 return 0;
555 }
556 /* certificate was required */
557 gnutls_send_alert( cd, state, GNUTLS_FATAL, GNUTLS_BAD_CERTIFICATE);
558 gnutls_assert();
559 return ret;
560 }
561
562 if (ret == 0 && datasize == 0 && optional == OPTIONAL_PACKET) {
563 /* well I'm not sure we should accept this
564 * behaviour.
565 */
566 gnutls_assert();
567 return 0;
568 }
569
570
571 ret = state->gnutls_internals.auth_struct->gnutls_process_client_certificate( state, data, datasize);
572 gnutls_free(data);
573 if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND) {
574 gnutls_assert();
575 return ret;
576 }
577
578 /* ok we should expect a certificate verify message now
579 */
580 if (ret==GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET)
581 ret = 0;
582 else
583 state->gnutls_key->certificate_requested = 1;
584
585 }
586
587 return ret;
588 }
589
590 int _gnutls_recv_server_certificate(SOCKET cd, GNUTLS_STATE state)
591 {
592 int datasize;
593 opaque * data;
594 int ret = 0;
595
596 if (state->gnutls_internals.auth_struct->gnutls_process_server_certificate!=NULL) {
597
598 ret =
599 _gnutls_recv_handshake(cd, state, &data,
600 &datasize,
601 GNUTLS_CERTIFICATE, MANDATORY_PACKET);
602 if (ret < 0) {
603 gnutls_assert();
604 return ret;
605 }
606
607 ret = state->gnutls_internals.auth_struct->gnutls_process_server_certificate( state, data, datasize);
608 gnutls_free(data);
609 if (ret < 0) {
610 gnutls_assert();
611 return ret;
612 }
613 }
614
615 return ret;
616 }
617
618
619 /* Recv the client certificate verify. This packet may not
620 * arrive if the peer did not send us a certificate.
621 */
622 int _gnutls_recv_client_certificate_verify_message(SOCKET cd, GNUTLS_STATE state)
623 {
624 uint8 *data;
625 int datasize;
626 int ret = 0;
627
628
629 if (state->gnutls_internals.auth_struct->gnutls_process_client_cert_vrfy != NULL) {
630
631 #ifdef HANDSHAKE_DEBUG
632 _gnutls_log( "Receiving client certificate verify message\n");
633 #endif
634
635 if ( state->gnutls_internals.send_cert_req == 0 ||
636 state->gnutls_key->certificate_requested == 0) {
637 return 0;
638 }
639
640 ret =
641 _gnutls_recv_handshake(cd, state, &data,
642 &datasize,
643 GNUTLS_CERTIFICATE_VERIFY, OPTIONAL_PACKET);
644 if (ret < 0)
645 return ret;
646
647 if (ret==0 && datasize == 0 && state->gnutls_internals.send_cert_req == GNUTLS_CERT_REQUIRE) {
648 /* certificate was required */
649 gnutls_send_alert( cd, state, GNUTLS_FATAL, GNUTLS_BAD_CERTIFICATE);
650 gnutls_assert();
651 return GNUTLS_E_NO_CERTIFICATE_FOUND;
652 }
653
654 ret = state->gnutls_internals.auth_struct->gnutls_process_client_cert_vrfy( state, data, datasize);
655 gnutls_free(data);
656 if (ret < 0)
657 return ret;
658
659 }
660
661 return ret;
662 }
Implementation of the SSL/TLS protocol