2 * Copyright (C) 2001, 2004, 2005, 2006, 2008, 2010 Free Software
5 * Author: Nikos Mavrogiannopoulos
7 * This file is part of GnuTLS.
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
26 /* Functions to parse the SSLv2.0 hello message.
29 #include "gnutls_int.h"
30 #include "gnutls_errors.h"
31 #include "gnutls_dh.h"
33 #include "gnutls_algorithms.h"
34 #include "gnutls_compress.h"
35 #include "gnutls_cipher.h"
36 #include "gnutls_buffers.h"
37 #include "gnutls_kx.h"
38 #include "gnutls_handshake.h"
39 #include "gnutls_num.h"
40 #include "gnutls_hash_int.h"
41 #include "gnutls_db.h"
42 #include "gnutls_extensions.h"
43 #include "gnutls_auth.h"
44 #include "gnutls_v2_compat.h"
45 #include "gnutls_constate.h"
47 /* This selects the best supported ciphersuite from the ones provided */
49 _gnutls_handshake_select_v2_suite (gnutls_session_t session
,
50 opaque
* data
, int datalen
)
56 _gnutls_handshake_log ("HSK[%p]: Parsing a version 2.0 client hello.\n",
59 _data
= gnutls_malloc (datalen
);
63 return GNUTLS_E_MEMORY_ERROR
;
69 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH
;
73 for (j
= 0; j
< datalen
; j
+= 3)
77 memcpy (&_data
[i
], &data
[j
+ 1], 2);
83 ret
= _gnutls_server_select_suite (session
, _data
, _datalen
);
91 /* Read a v2 client hello. Some browsers still use that beast!
92 * However they set their version to 3.0 or 3.1.
95 _gnutls_read_client_hello_v2 (gnutls_session_t session
, opaque
* data
,
98 uint16_t session_id_len
= 0;
101 uint16_t sizeOfSuites
;
102 gnutls_protocol_t adv_version
;
103 opaque rnd
[GNUTLS_RANDOM_SIZE
];
107 opaque session_id
[TLS_MAX_SESSION_ID_SIZE
];
109 /* we only want to get here once - only in client hello */
110 session
->internals
.v2_hello
= 0;
114 _gnutls_handshake_log
115 ("HSK[%p]: SSL 2.0 Hello: Client's version: %d.%d\n", session
,
116 data
[pos
], data
[pos
+ 1]);
118 set_adv_version (session
, data
[pos
], data
[pos
+ 1]);
120 adv_version
= _gnutls_version_get (data
[pos
], data
[pos
+ 1]);
122 ret
= _gnutls_negotiate_version (session
, adv_version
);
131 /* Read uint16_t cipher_spec_length */
133 sizeOfSuites
= _gnutls_read_uint16 (&data
[pos
]);
136 /* read session id length */
138 session_id_len
= _gnutls_read_uint16 (&data
[pos
]);
141 if (session_id_len
> TLS_MAX_SESSION_ID_SIZE
)
144 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH
;
147 /* read challenge length */
149 challenge
= _gnutls_read_uint16 (&data
[pos
]);
152 if (challenge
< 16 || challenge
> GNUTLS_RANDOM_SIZE
)
155 return GNUTLS_E_UNSUPPORTED_VERSION_PACKET
;
158 /* call the user hello callback
160 ret
= _gnutls_user_hello_func (session
, adv_version
);
167 /* find an appropriate cipher suite */
169 DECR_LEN (len
, sizeOfSuites
);
170 ret
= _gnutls_handshake_select_v2_suite (session
, &data
[pos
], sizeOfSuites
);
179 /* check if the credentials (username, public key etc.) are ok
181 if (_gnutls_get_kx_cred
183 _gnutls_cipher_suite_get_kx_algo (&session
->
184 security_parameters
.current_cipher_suite
),
185 &err
) == NULL
&& err
!= 0)
188 return GNUTLS_E_INSUFFICIENT_CREDENTIALS
;
191 /* set the mod_auth_st to the appropriate struct
192 * according to the KX algorithm. This is needed since all the
193 * handshake functions are read from there;
195 session
->internals
.auth_struct
=
196 _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
198 security_parameters
.current_cipher_suite
));
199 if (session
->internals
.auth_struct
== NULL
)
202 _gnutls_handshake_log
203 ("HSK[%p]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
207 return GNUTLS_E_INTERNAL_ERROR
;
212 /* read random new values -skip session id for now */
213 DECR_LEN (len
, session_id_len
); /* skip session id for now */
214 memcpy (session_id
, &data
[pos
], session_id_len
);
215 pos
+= session_id_len
;
217 DECR_LEN (len
, challenge
);
218 memset (rnd
, 0, GNUTLS_RANDOM_SIZE
);
220 memcpy (&rnd
[GNUTLS_RANDOM_SIZE
- challenge
], &data
[pos
], challenge
);
222 _gnutls_set_client_random (session
, rnd
);
224 /* generate server random value */
226 _gnutls_tls_create_random (rnd
);
227 _gnutls_set_server_random (session
, rnd
);
229 session
->security_parameters
.timestamp
= gnutls_time (NULL
);
234 DECR_LEN (len
, session_id_len
);
235 ret
= _gnutls_server_restore_session (session
, session_id
, session_id_len
);
239 /* get the new random values */
240 memcpy (session
->internals
.resumed_security_parameters
.server_random
,
241 session
->security_parameters
.server_random
, GNUTLS_RANDOM_SIZE
);
242 memcpy (session
->internals
.resumed_security_parameters
.client_random
,
243 session
->security_parameters
.client_random
, GNUTLS_RANDOM_SIZE
);
245 session
->internals
.resumed
= RESUME_TRUE
;
250 _gnutls_generate_session_id (session
->security_parameters
.session_id
,
252 security_parameters
.session_id_size
);
253 session
->internals
.resumed
= RESUME_FALSE
;
256 session
->internals
.compression_method
= GNUTLS_COMP_NULL
;
257 _gnutls_epoch_set_compression (session
, EPOCH_NEXT
, session
->internals
.compression_method
);