search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "tls: add Server Key Exchange message"
[siplcs.git] / src / core / sipe-tls.c
blob0a1b4145ab26ae9871e92216ece83edb835879fd
1 /**
2 * @file sipe-tls.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2011-2015 SIPE Project <http://sipe.sourceforge.net/>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 *
24 * TLS Protocol Version 1.0/1.1/1.2 - Handshake Messages
25 *
26 * TLS-DSK uses the handshake messages during authentication and session key
27 * exchange. This module *ONLY* implements this part of the TLS specification!
28 *
29 * Specification references:
30 *
31 * - RFC2246: http://www.ietf.org/rfc/rfc2246.txt
32 * - RFC3546: http://www.ietf.org/rfc/rfc3546.txt
33 * - RFC4346: http://www.ietf.org/rfc/rfc4346.txt
34 */
35
36 #include <stdlib.h>
37 #include <string.h>
38 #include <stdarg.h>
39
40 #include <glib.h>
41
42 #include "sipe-common.h"
43 #include "sipe-backend.h"
44 #include "sipe-cert-crypto.h"
45 #include "sipe-crypt.h"
46 #include "sipe-digest.h"
47 #include "sipe-svc.h"
48 #include "sipe-tls.h"
49
50 /*
51 * Private part of TLS state tracking
52 */
53 enum tls_handshake_state {
54 TLS_HANDSHAKE_STATE_START,
55 TLS_HANDSHAKE_STATE_SERVER_HELLO,
56 TLS_HANDSHAKE_STATE_FINISHED,
57 TLS_HANDSHAKE_STATE_COMPLETED,
58 TLS_HANDSHAKE_STATE_FAILED
59 };
60
61 struct tls_internal_state {
62 struct sipe_tls_state common;
63 gpointer certificate;
64 enum tls_handshake_state state;
65 guchar *msg_current;
66 gsize msg_remainder;
67 GHashTable *data;
68 GString *debug;
69 guint cipher_type;
70 gpointer md5_context;
71 gpointer sha1_context;
72 gpointer server_certificate;
73 struct sipe_tls_random client_random;
74 struct sipe_tls_random server_random;
75 struct sipe_tls_random pre_master_secret;
76 gsize mac_length;
77 gsize key_length;
78 guchar *master_secret;
79 guchar *key_block;
80 guchar *tls_dsk_key_block;
81 const guchar *client_write_mac_secret;
82 const guchar *server_write_mac_secret;
83 const guchar *client_write_secret;
84 const guchar *server_write_secret;
85 void (*mac_func)(const guchar *key, gsize key_length,
86 const guchar *data, gsize data_length,
87 guchar *digest);
88 gpointer cipher_context;
89 guint64 sequence_number;
90 gboolean encrypted;
91 };
92
93 /*
94 * TLS messages & layout descriptors
95 */
96
97 /* constants */
98 #define TLS_VECTOR_MAX8 255 /* 2^8 - 1 */
99 #define TLS_VECTOR_MAX16 65535 /* 2^16 - 1 */
100 #define TLS_VECTOR_MAX24 16777215 /* 2^24 - 1 */
101
102 #define TLS_PROTOCOL_VERSION_1_0 0x0301
103 #define TLS_PROTOCOL_VERSION_1_1 0x0302
104 #define TLS_PROTOCOL_VERSION_1_2 0x0303
105
106 /* CipherSuites */
107 #define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003
108 #define TLS_RSA_WITH_RC4_128_MD5 0x0004
109 #define TLS_RSA_WITH_RC4_128_SHA 0x0005
110 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F
111 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
112
113 /* CompressionMethods */
114 #define TLS_COMP_METHOD_NULL 0
115
116 /* various array lengths */
117 #define TLS_ARRAY_RANDOM_LENGTH 32
118 #define TLS_ARRAY_MASTER_SECRET_LENGTH 48
119 #define TLS_ARRAY_VERIFY_LENGTH 12
120
121 #define TLS_RECORD_HEADER_LENGTH 5
122 #define TLS_RECORD_OFFSET_TYPE 0
123 #define TLS_RECORD_TYPE_CHANGE_CIPHER_SPEC 20
124 #define TLS_RECORD_TYPE_HANDSHAKE 22
125 #define TLS_RECORD_OFFSET_VERSION 1
126 #define TLS_RECORD_OFFSET_LENGTH 3
127
128 #define TLS_HANDSHAKE_HEADER_LENGTH 4
129 #define TLS_HANDSHAKE_OFFSET_TYPE 0
130 #define TLS_HANDSHAKE_TYPE_CLIENT_HELLO 1
131 #define TLS_HANDSHAKE_TYPE_SERVER_HELLO 2
132 #define TLS_HANDSHAKE_TYPE_CERTIFICATE 11
133 #define TLS_HANDSHAKE_TYPE_CERTIFICATE_REQ 13
134 #define TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE 14
135 #define TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY 15
136 #define TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE 16
137 #define TLS_HANDSHAKE_TYPE_FINISHED 20
138 #define TLS_HANDSHAKE_OFFSET_LENGTH 1
139
140 struct layout_descriptor;
141 typedef gboolean parse_func(struct tls_internal_state *state,
142 const struct layout_descriptor *desc);
143
144 /* Defines the strictest alignment requirement */
145 struct tls_compile_integer;
146 typedef void compile_func(struct tls_internal_state *state,
147 const struct layout_descriptor *desc,
148 const struct tls_compile_integer *data);
149
150 struct layout_descriptor {
151 const gchar *label;
152 parse_func *parser;
153 compile_func *compiler;
154 gsize min; /* 0 for fixed/array */
155 gsize max;
156 gsize offset;
157 };
158
159 #define TLS_LAYOUT_DESCRIPTOR_END { NULL, NULL, NULL, 0, 0, 0 }
160 #define TLS_LAYOUT_IS_VALID(desc) (desc->label)
161
162 struct msg_descriptor {
163 const struct msg_descriptor *next;
164 const gchar *description;
165 const struct layout_descriptor *layouts;
166 guint type;
167 };
168
169 /* parsed data */
170 struct tls_parsed_integer {
171 guint value;
172 };
173
174 struct tls_parsed_array {
175 gsize length; /* bytes */
176 const guchar data[0];
177 };
178
179 /* compile data */
180 struct tls_compile_integer {
181 gsize value;
182 };
183
184 struct tls_compile_array {
185 gsize elements; /* unused */
186 guchar placeholder[];
187 };
188
189 struct tls_compile_random {
190 gsize elements; /* unused */
191 guchar random[TLS_ARRAY_RANDOM_LENGTH];
192 };
193
194 struct tls_compile_verify {
195 gsize elements; /* unused */
196 guchar verify[TLS_ARRAY_VERIFY_LENGTH];
197 };
198
199 struct tls_compile_vector {
200 gsize elements; /* VECTOR */
201 guint placeholder[];
202 };
203
204 struct tls_compile_sessionid {
205 gsize elements; /* VECTOR */
206 };
207
208 struct tls_compile_cipher {
209 gsize elements; /* VECTOR */
210 guint suites[5];
211 };
212
213 struct tls_compile_compression {
214 gsize elements; /* VECTOR */
215 guint methods[1];
216 };
217
218 /* compiled message */
219 struct tls_compiled_message {
220 gsize size;
221 guchar data[];
222 };
223
224 /*
225 * Random byte buffers
226 */
227 void sipe_tls_fill_random(struct sipe_tls_random *random,
228 guint bits)
229 {
230 guint bytes = ((bits + 15) / 16) * 2;
231 guint16 *p = g_malloc(bytes);
232
233 SIPE_DEBUG_INFO("sipe_tls_fill_random: %d bits -> %d bytes",
234 bits, bytes);
235
236 random->buffer = (guint8*) p;
237 random->length = bytes;
238
239 for (bytes /= 2; bytes; bytes--)
240 *p++ = rand() & 0xFFFF;
241 }
242
243 void sipe_tls_free_random(struct sipe_tls_random *random)
244 {
245 g_free(random->buffer);
246 }
247
248 /*
249 * TLS message debugging
250 */
251 static void debug_hex(struct tls_internal_state *state,
252 gsize alternative_length)
253 {
254 GString *str = state->debug;
255 const guchar *bytes;
256 gsize length;
257 gint count;
258
259 if (!str) return;
260
261 bytes = state->msg_current;
262 length = alternative_length ? alternative_length : state->msg_remainder;
263 count = -1;
264
265 while (length-- > 0) {
266 if (++count == 0) {
267 /* do nothing */;
268 } else if ((count % 16) == 0) {
269 g_string_append(str, "\n");
270 } else if ((count % 8) == 0) {
271 g_string_append(str, " ");
272 }
273 g_string_append_printf(str, " %02X", *bytes++);
274 }
275 g_string_append(str, "\n");
276 }
277
278 #define debug_print(state, string) \
279 if (state->debug) g_string_append(state->debug, string)
280 #define debug_printf(state, format, ...) \
281 if (state->debug) g_string_append_printf(state->debug, format, __VA_ARGS__)
282
283 /* Analyzer only needs the debugging functions */
284 #ifndef _SIPE_COMPILING_ANALYZER
285
286 static void debug_secrets(struct tls_internal_state *state,
287 const gchar *label,
288 const guchar *secret,
289 gsize secret_length)
290 {
291 if (state->debug && secret) {
292 g_string_append_printf(state->debug, "%s (%3" G_GSIZE_FORMAT ") = ",
293 label, secret_length);
294 while (secret_length--)
295 g_string_append_printf(state->debug, "%02X", *secret++);
296 SIPE_DEBUG_INFO_NOFORMAT(state->debug->str);
297 g_string_truncate(state->debug, 0);
298 }
299 }
300
301 /*
302 * TLS Pseudorandom Function (PRF) - RFC2246, Section 5
303 */
304 static guchar *sipe_tls_p_md5(const guchar *secret,
305 gsize secret_length,
306 const guchar *seed,
307 gsize seed_length,
308 gsize output_length)
309 {
310 guchar *output = NULL;
311
312 /*
313 * output_length == 0 -> illegal
314 * output_length == 1..16 -> iterations = 1
315 * output_length == 17..32 -> iterations = 2
316 */
317 if (secret && seed && (output_length > 0)) {
318 guint iterations = (output_length + SIPE_DIGEST_HMAC_MD5_LENGTH - 1) / SIPE_DIGEST_HMAC_MD5_LENGTH;
319 guchar *concat = g_malloc(SIPE_DIGEST_HMAC_MD5_LENGTH + seed_length);
320 guchar A[SIPE_DIGEST_HMAC_MD5_LENGTH];
321 guchar *p;
322
323 SIPE_DEBUG_INFO("p_md5: secret %" G_GSIZE_FORMAT " bytes, seed %" G_GSIZE_FORMAT " bytes",
324 secret_length, seed_length);
325 SIPE_DEBUG_INFO("p_md5: output %" G_GSIZE_FORMAT " bytes -> %d iterations",
326 output_length, iterations);
327
328 /* A(1) = HMAC_MD5(secret, A(0)), A(0) = seed */
329 sipe_digest_hmac_md5(secret, secret_length,
330 seed, seed_length,
331 A);
332
333 /* Each iteration adds SIPE_DIGEST_HMAC_MD5_LENGTH bytes */
334 p = output = g_malloc(iterations * SIPE_DIGEST_HMAC_MD5_LENGTH);
335
336 while (iterations-- > 0) {
337 /* P_MD5(i) = HMAC_MD5(secret, A(i) + seed), i = 1, 2, ... */
338 guchar P[SIPE_DIGEST_HMAC_MD5_LENGTH];
339 memcpy(concat, A, SIPE_DIGEST_HMAC_MD5_LENGTH);
340 memcpy(concat + SIPE_DIGEST_HMAC_MD5_LENGTH, seed, seed_length);
341 sipe_digest_hmac_md5(secret, secret_length,
342 concat, SIPE_DIGEST_HMAC_MD5_LENGTH + seed_length,
343 P);
344 memcpy(p, P, SIPE_DIGEST_HMAC_MD5_LENGTH);
345 p += SIPE_DIGEST_HMAC_MD5_LENGTH;
346
347 /* A(i+1) = HMAC_MD5(secret, A(i)) */
348 sipe_digest_hmac_md5(secret, secret_length,
349 A, SIPE_DIGEST_HMAC_MD5_LENGTH,
350 A);
351 }
352 g_free(concat);
353 }
354
355 return(output);
356 }
357
358 guchar *sipe_tls_p_sha1(const guchar *secret,
359 gsize secret_length,
360 const guchar *seed,
361 gsize seed_length,
362 gsize output_length)
363 {
364 guchar *output = NULL;
365
366 /*
367 * output_length == 0 -> illegal
368 * output_length == 1..20 -> iterations = 1
369 * output_length == 21..40 -> iterations = 2
370 */
371 if (secret && seed && (output_length > 0)) {
372 guint iterations = (output_length + SIPE_DIGEST_HMAC_SHA1_LENGTH - 1) / SIPE_DIGEST_HMAC_SHA1_LENGTH;
373 guchar *concat = g_malloc(SIPE_DIGEST_HMAC_SHA1_LENGTH + seed_length);
374 guchar A[SIPE_DIGEST_HMAC_SHA1_LENGTH];
375 guchar *p;
376
377 SIPE_DEBUG_INFO("p_sha1: secret %" G_GSIZE_FORMAT " bytes, seed %" G_GSIZE_FORMAT " bytes",
378 secret_length, seed_length);
379 SIPE_DEBUG_INFO("p_sha1: output %" G_GSIZE_FORMAT " bytes -> %d iterations",
380 output_length, iterations);
381
382 /* A(1) = HMAC_SHA1(secret, A(0)), A(0) = seed */
383 sipe_digest_hmac_sha1(secret, secret_length,
384 seed, seed_length,
385 A);
386
387 /* Each iteration adds SIPE_DIGEST_HMAC_SHA1_LENGTH bytes */
388 p = output = g_malloc(iterations * SIPE_DIGEST_HMAC_SHA1_LENGTH);
389
390 while (iterations-- > 0) {
391 /* P_SHA1(i) = HMAC_SHA1(secret, A(i) + seed), i = 1, 2, ... */
392 guchar P[SIPE_DIGEST_HMAC_SHA1_LENGTH];
393 memcpy(concat, A, SIPE_DIGEST_HMAC_SHA1_LENGTH);
394 memcpy(concat + SIPE_DIGEST_HMAC_SHA1_LENGTH, seed, seed_length);
395 sipe_digest_hmac_sha1(secret, secret_length,
396 concat, SIPE_DIGEST_HMAC_SHA1_LENGTH + seed_length,
397 P);
398 memcpy(p, P, SIPE_DIGEST_HMAC_SHA1_LENGTH);
399 p += SIPE_DIGEST_HMAC_SHA1_LENGTH;
400
401 /* A(i+1) = HMAC_SHA1(secret, A(i)) */
402 sipe_digest_hmac_sha1(secret, secret_length,
403 A, SIPE_DIGEST_HMAC_SHA1_LENGTH,
404 A);
405 }
406 g_free(concat);
407 }
408
409 return(output);
410 }
411
412 static guchar *sipe_tls_prf(SIPE_UNUSED_PARAMETER struct tls_internal_state *state,
413 const guchar *secret,
414 gsize secret_length,
415 const guchar *label,
416 gsize label_length,
417 const guchar *seed,
418 gsize seed_length,
419 gsize output_length)
420 {
421 gsize half = (secret_length + 1) / 2;
422 gsize newseed_length = label_length + seed_length;
423 /* secret: used as S1; secret2: last half of original secret (S2) */
424 guchar *secret2 = g_memdup(secret + secret_length - half, half);
425 guchar *newseed = g_malloc(newseed_length);
426 guchar *md5, *dest;
427 guchar *sha1, *src;
428 gsize count;
429
430 /* make Coverity happy - lengths could be 0 */
431 if (!secret2 || !newseed) {
432 g_free(secret2);
433 g_free(newseed);
434 return(NULL);
435 }
436
437 /*
438 * PRF(secret, label, seed) = P_MD5(S1, label + seed) XOR
439 * P_SHA-1(S2, label + seed);
440 */
441 memcpy(newseed, label, label_length);
442 memcpy(newseed + label_length, seed, seed_length);
443 #undef __SIPE_TLS_CRYPTO_DEBUG
444 #ifdef __SIPE_TLS_CRYPTO_DEBUG
445 debug_secrets(state, "sipe_tls_prf: secret ",
446 secret, secret_length);
447 debug_secrets(state, "sipe_tls_prf: combined seed ",
448 newseed, newseed_length);
449 SIPE_DEBUG_INFO("total seed length %" G_GSIZE_FORMAT,
450 newseed_length);
451 debug_secrets(state, "sipe_tls_prf: S1 ",
452 secret, half);
453 debug_secrets(state, "sipe_tls_prf: S2 ",
454 secret2, half);
455 #endif
456 md5 = sipe_tls_p_md5(secret, half, newseed, newseed_length, output_length);
457 sha1 = sipe_tls_p_sha1(secret2, half, newseed, newseed_length, output_length);
458 #ifdef __SIPE_TLS_CRYPTO_DEBUG
459 debug_secrets(state, "sipe_tls_prf: P_md5() ",
460 md5, output_length);
461 debug_secrets(state, "sipe_tls_prf: P_sha1() ",
462 sha1, output_length);
463 #endif
464 for (dest = md5, src = sha1, count = output_length;
465 count > 0;
466 count--)
467 *dest++ ^= *src++;
468
469 g_free(sha1);
470 g_free(newseed);
471 g_free(secret2);
472
473 #ifdef __SIPE_TLS_CRYPTO_DEBUG
474 debug_secrets(state, "sipe_tls_prf: PRF() ",
475 md5, output_length);
476 #endif
477
478 return(md5);
479 }
480
481 #endif /* !_SIPE_COMPILING_ANALYZER */
482
483 /*
484 * TLS data parsers
485 *
486 * Low-level data conversion routines
487 *
488 * - host alignment agnostic, i.e. can fetch a word from uneven address
489 * - TLS -> host endianess conversion
490 * - no length check, caller has to do it
491 * - don't modify state
492 */
493 static guint lowlevel_integer_to_host(const guchar *bytes,
494 gsize length)
495 {
496 guint sum = 0;
497 while (length--) sum = (sum << 8) + *bytes++;
498 return(sum);
499 }
500
501 /*
502 * Generic data type parser routines
503 */
504 static gboolean msg_remainder_check(struct tls_internal_state *state,
505 const gchar *label,
506 gsize length)
507 {
508 if (length > state->msg_remainder) {
509 SIPE_DEBUG_ERROR("msg_remainder_check: '%s' expected %" G_GSIZE_FORMAT " bytes, remaining %" G_GSIZE_FORMAT,
510 label, length, state->msg_remainder);
511 return(FALSE);
512 }
513 return(TRUE);
514 }
515
516 static gboolean parse_integer_quiet(struct tls_internal_state *state,
517 const gchar *label,
518 gsize length,
519 guint *result)
520 {
521 if (!msg_remainder_check(state, label, length)) return(FALSE);
522 *result = lowlevel_integer_to_host(state->msg_current, length);
523 state->msg_current += length;
524 state->msg_remainder -= length;
525 return(TRUE);
526 }
527
528 static gboolean parse_integer(struct tls_internal_state *state,
529 const struct layout_descriptor *desc)
530 {
531 guint value;
532 if (!parse_integer_quiet(state, desc->label, desc->max, &value))
533 return(FALSE);
534 debug_printf(state, "%s/INTEGER%" G_GSIZE_FORMAT " = %d\n",
535 desc->label, desc->max, value);
536 if (state->data) {
537 struct tls_parsed_integer *save = g_new0(struct tls_parsed_integer, 1);
538 save->value = value;
539 g_hash_table_insert(state->data, (gpointer) desc->label, save);
540 }
541 return(TRUE);
542 }
543
544 static gboolean parse_array(struct tls_internal_state *state,
545 const struct layout_descriptor *desc)
546 {
547 if (!msg_remainder_check(state, desc->label, desc->max))
548 return(FALSE);
549 debug_printf(state, "%s/ARRAY[%" G_GSIZE_FORMAT "]\n",
550 desc->label, desc->max);
551 #ifdef _SIPE_COMPILING_ANALYZER
552 if (desc->max)
553 debug_hex(state, desc->max);
554 #endif
555 if (state->data) {
556 struct tls_parsed_array *save = g_malloc0(sizeof(struct tls_parsed_array) +
557 desc->max);
558 save->length = desc->max;
559 memcpy((guchar *)save->data, state->msg_current, desc->max);
560 g_hash_table_insert(state->data, (gpointer) desc->label, save);
561
562 }
563 state->msg_current += desc->max;
564 state->msg_remainder -= desc->max;
565 return(TRUE);
566 }
567
568 static gboolean parse_vector(struct tls_internal_state *state,
569 const struct layout_descriptor *desc)
570 {
571 guint length;
572 if (!parse_integer_quiet(state, desc->label,
573 (desc->max > TLS_VECTOR_MAX16) ? 3 :
574 (desc->max > TLS_VECTOR_MAX8) ? 2 : 1,
575 &length))
576 return(FALSE);
577 if (length < desc->min) {
578 SIPE_DEBUG_ERROR("parse_vector: '%s' too short %d, expected %" G_GSIZE_FORMAT,
579 desc->label, length, desc->min);
580 return(FALSE);
581 }
582 debug_printf(state, "%s/VECTOR<%d>\n", desc->label, length);
583 #ifdef _SIPE_COMPILING_ANALYZER
584 if (length)
585 debug_hex(state, length);
586 #endif
587 if (state->data) {
588 struct tls_parsed_array *save = g_malloc0(sizeof(struct tls_parsed_array) +
589 length);
590 save->length = length;
591 memcpy((guchar *)save->data, state->msg_current, length);
592 g_hash_table_insert(state->data, (gpointer) desc->label, save);
593 }
594 state->msg_current += length;
595 state->msg_remainder -= length;
596 return(TRUE);
597 }
598
599 /*
600 * Specific data type parser routines
601 */
602
603 /* TBD... */
604
605 /*
606 * TLS data compilers
607 *
608 * Low-level data conversion routines
609 *
610 * - host alignment agnostic, i.e. can fetch a word from uneven address
611 * - host -> TLS host endianess conversion
612 * - don't modify state
613 */
614 static void lowlevel_integer_to_tls(guchar *bytes,
615 gsize length,
616 guint value)
617 {
618 while (length--) {
619 bytes[length] = value & 0xFF;
620 value >>= 8;
621 }
622 }
623
624 /*
625 * Generic data type compiler routines
626 */
627 static void compile_integer(struct tls_internal_state *state,
628 const struct layout_descriptor *desc,
629 const struct tls_compile_integer *data)
630 {
631 lowlevel_integer_to_tls(state->msg_current, desc->max, data->value);
632 state->msg_current += desc->max;
633 }
634
635 static void compile_array(struct tls_internal_state *state,
636 const struct layout_descriptor *desc,
637 const struct tls_compile_integer *data)
638 {
639 const struct tls_compile_array *array = (struct tls_compile_array *) data;
640 memcpy(state->msg_current, array->placeholder, desc->max);
641 state->msg_current += desc->max;
642 }
643
644 static void compile_vector(struct tls_internal_state *state,
645 const struct layout_descriptor *desc,
646 const struct tls_compile_integer *data)
647 {
648 const struct tls_compile_vector *vector = (struct tls_compile_vector *) data;
649 gsize length = vector->elements;
650 gsize length_field = (desc->max > TLS_VECTOR_MAX16) ? 3 :
651 (desc->max > TLS_VECTOR_MAX8) ? 2 : 1;
652
653 lowlevel_integer_to_tls(state->msg_current, length_field, length);
654 state->msg_current += length_field;
655 memcpy(state->msg_current, vector->placeholder, length);
656 state->msg_current += length;
657 }
658
659 static void compile_vector_int2(struct tls_internal_state *state,
660 const struct layout_descriptor *desc,
661 const struct tls_compile_integer *data)
662 {
663 const struct tls_compile_vector *vector = (struct tls_compile_vector *) data;
664 gsize elements = vector->elements;
665 gsize length = elements * sizeof(guint16);
666 gsize length_field = (desc->max > TLS_VECTOR_MAX16) ? 3 :
667 (desc->max > TLS_VECTOR_MAX8) ? 2 : 1;
668 const guint *p = vector->placeholder;
669
670 lowlevel_integer_to_tls(state->msg_current, length_field, length);
671 state->msg_current += length_field;
672 while (elements--) {
673 lowlevel_integer_to_tls(state->msg_current, sizeof(guint16), *p++);
674 state->msg_current += sizeof(guint16);
675 }
676 }
677
678 /*
679 * Specific data type compiler routines
680 */
681
682 /* TBD... */
683
684 /*
685 * TLS handshake message layout descriptors
686 */
687 struct ClientHello_host {
688 struct tls_compile_integer protocol_version;
689 struct tls_compile_random random;
690 struct tls_compile_sessionid sessionid;
691 struct tls_compile_cipher cipher;
692 struct tls_compile_compression compression;
693 };
694 #define CLIENTHELLO_OFFSET(a) offsetof(struct ClientHello_host, a)
695
696 static const struct layout_descriptor ClientHello_l[] = {
697 { "Client Protocol Version", parse_integer, compile_integer, 0, 2, CLIENTHELLO_OFFSET(protocol_version) },
698 { "Random", parse_array, compile_array, 0, TLS_ARRAY_RANDOM_LENGTH, CLIENTHELLO_OFFSET(random) },
699 { "SessionID", parse_vector, compile_vector, 0, 32, CLIENTHELLO_OFFSET(sessionid) },
700 { "CipherSuite", parse_vector, compile_vector_int2, 2, TLS_VECTOR_MAX16, CLIENTHELLO_OFFSET(cipher)},
701 { "CompressionMethod", parse_vector, compile_vector, 1, TLS_VECTOR_MAX8, CLIENTHELLO_OFFSET(compression) },
702 TLS_LAYOUT_DESCRIPTOR_END
703 };
704 static const struct msg_descriptor ClientHello_m = {
705 NULL, "Client Hello", ClientHello_l, TLS_HANDSHAKE_TYPE_CLIENT_HELLO
706 };
707
708 static const struct layout_descriptor ServerHello_l[] = {
709 { "Server Protocol Version", parse_integer, NULL, 0, 2, 0 },
710 { "Random", parse_array, NULL, 0, TLS_ARRAY_RANDOM_LENGTH, 0 },
711 { "SessionID", parse_vector, NULL, 0, 32, 0 },
712 { "CipherSuite", parse_integer, NULL, 0, 2, 0 },
713 { "CompressionMethod", parse_integer, NULL, 0, 1, 0 },
714 TLS_LAYOUT_DESCRIPTOR_END
715 };
716 static const struct msg_descriptor ServerHello_m = {
717 &ClientHello_m, "Server Hello", ServerHello_l, TLS_HANDSHAKE_TYPE_SERVER_HELLO
718 };
719
720 struct Certificate_host {
721 struct tls_compile_vector certificate;
722 };
723 #define CERTIFICATE_OFFSET(a) offsetof(struct Certificate_host, a)
724
725 static const struct layout_descriptor Certificate_l[] = {
726 { "Certificate", parse_vector, compile_vector, 0, TLS_VECTOR_MAX24, CERTIFICATE_OFFSET(certificate) },
727 TLS_LAYOUT_DESCRIPTOR_END
728 };
729 static const struct msg_descriptor Certificate_m = {
730 &ServerHello_m, "Certificate", Certificate_l, TLS_HANDSHAKE_TYPE_CERTIFICATE
731 };
732
733 static const struct layout_descriptor CertificateRequest_l[] = {
734 { "CertificateType", parse_vector, NULL, 1, TLS_VECTOR_MAX8, 0 },
735 { "DistinguishedName", parse_vector, NULL, 0, TLS_VECTOR_MAX16, 0 },
736 TLS_LAYOUT_DESCRIPTOR_END
737 };
738 static const struct msg_descriptor CertificateRequest_m = {
739 &Certificate_m, "Certificate Request", CertificateRequest_l, TLS_HANDSHAKE_TYPE_CERTIFICATE_REQ
740 };
741
742 static const struct layout_descriptor ServerHelloDone_l[] = {
743 TLS_LAYOUT_DESCRIPTOR_END
744 };
745 static const struct msg_descriptor ServerHelloDone_m = {
746 &CertificateRequest_m, "Server Hello Done", ServerHelloDone_l, TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE
747 };
748
749 struct ClientKeyExchange_host {
750 struct tls_compile_vector secret;
751 };
752 #define CLIENTKEYEXCHANGE_OFFSET(a) offsetof(struct ClientKeyExchange_host, a)
753
754 static const struct layout_descriptor ClientKeyExchange_l[] = {
755 { "Exchange Keys", parse_vector, compile_vector, 0, TLS_VECTOR_MAX16, CLIENTKEYEXCHANGE_OFFSET(secret) },
756 TLS_LAYOUT_DESCRIPTOR_END
757 };
758 static const struct msg_descriptor ClientKeyExchange_m = {
759 &ServerHelloDone_m, "Client Key Exchange", ClientKeyExchange_l, TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE
760 };
761
762 struct CertificateVerify_host {
763 struct tls_compile_vector signature;
764 };
765 #define CERTIFICATEVERIFY_OFFSET(a) offsetof(struct CertificateVerify_host, a)
766
767 static const struct layout_descriptor CertificateVerify_l[] = {
768 { "Signature", parse_vector, compile_vector, 0, TLS_VECTOR_MAX16, CERTIFICATEVERIFY_OFFSET(signature) },
769 TLS_LAYOUT_DESCRIPTOR_END
770 };
771 static const struct msg_descriptor CertificateVerify_m = {
772 &ClientKeyExchange_m, "Certificate Verify", CertificateVerify_l, TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY
773 };
774
775 struct Finished_host {
776 struct tls_compile_verify verify;
777 };
778 #define FINISHED_OFFSET(a) offsetof(struct Finished_host, a)
779
780 static const struct layout_descriptor Finished_l[] = {
781 { "Verify Data", parse_array, compile_array, 0, TLS_ARRAY_VERIFY_LENGTH, FINISHED_OFFSET(verify) },
782 TLS_LAYOUT_DESCRIPTOR_END
783 };
784 static const struct msg_descriptor Finished_m = {
785 &CertificateVerify_m, "Finished", Finished_l, TLS_HANDSHAKE_TYPE_FINISHED
786 };
787
788 #define HANDSHAKE_MSG_DESCRIPTORS &Finished_m
789
790 /*
791 * TLS message parsers
792 */
793 static gboolean handshake_parse(struct tls_internal_state *state)
794 {
795 const guchar *bytes = state->msg_current;
796 gsize length = state->msg_remainder;
797 gboolean success = FALSE;
798
799 while (length > 0) {
800 const struct msg_descriptor *desc;
801 gsize msg_length;
802 guint msg_type;
803
804 /* header check */
805 if (length < TLS_HANDSHAKE_HEADER_LENGTH) {
806 debug_print(state, "CORRUPTED HANDSHAKE HEADER");
807 break;
808 }
809
810 /* msg length check */
811 msg_length = lowlevel_integer_to_host(bytes + TLS_HANDSHAKE_OFFSET_LENGTH,
812 3);
813 if (msg_length > length) {
814 debug_print(state, "HANDSHAKE MESSAGE TOO LONG");
815 break;
816 }
817
818 /* msg type */
819 msg_type = bytes[TLS_HANDSHAKE_OFFSET_TYPE];
820 for (desc = HANDSHAKE_MSG_DESCRIPTORS;
821 desc;
822 desc = desc->next)
823 if (msg_type == desc->type)
824 break;
825
826 debug_printf(state, "TLS handshake (%" G_GSIZE_FORMAT " bytes) (%d)",
827 msg_length, msg_type);
828
829 state->msg_current = (guchar *) bytes + TLS_HANDSHAKE_HEADER_LENGTH;
830 state->msg_remainder = msg_length;
831
832 if (desc && desc->layouts) {
833 const struct layout_descriptor *ldesc = desc->layouts;
834
835 debug_printf(state, "%s\n", desc->description);
836 while (TLS_LAYOUT_IS_VALID(ldesc)) {
837 success = ldesc->parser(state, ldesc);
838 if (!success)
839 break;
840 ldesc++;
841 }
842 if (!success)
843 break;
844 } else {
845 debug_print(state, "ignored\n");
846 debug_hex(state, 0);
847 }
848
849 /* next message */
850 bytes += TLS_HANDSHAKE_HEADER_LENGTH + msg_length;
851 length -= TLS_HANDSHAKE_HEADER_LENGTH + msg_length;
852 if (length > 0) {
853 debug_print(state, "------\n");
854 } else {
855 success = TRUE;
856 }
857 }
858
859 return(success);
860 }
861
862 static void free_parse_data(struct tls_internal_state *state)
863 {
864 if (state->data) {
865 g_hash_table_destroy(state->data);
866 state->data = NULL;
867 }
868 }
869
870 static gboolean tls_record_parse(struct tls_internal_state *state,
871 gboolean incoming)
872 {
873 const guchar *bytes = incoming ? state->common.in_buffer : state->common.out_buffer;
874 gsize length = incoming ? state->common.in_length : state->common.out_length;
875 guint version;
876 const gchar *version_str;
877 gsize record_length;
878 gboolean success = TRUE;
879
880 /* reject empty incoming messages */
881 if (incoming && (length == 0)) {
882 SIPE_DEBUG_ERROR_NOFORMAT("tls_record_parse: empty TLS message received");
883 return(FALSE);
884 }
885
886 #ifndef _SIPE_COMPILING_ANALYZER
887 debug_printf(state, "TLS MESSAGE %s\n", incoming ? "INCOMING" : "OUTGOING");
888 #endif
889
890 /* Collect parser data for incoming messages */
891 if (incoming)
892 state->data = g_hash_table_new_full(g_str_hash, g_str_equal,
893 NULL, g_free);
894
895 while (success && (length > 0)) {
896
897 /* truncated header check */
898 if (length < TLS_RECORD_HEADER_LENGTH) {
899 SIPE_DEBUG_ERROR("tls_record_parse: too short TLS record header (%" G_GSIZE_FORMAT " bytes)",
900 length);
901 success = FALSE;
902 break;
903 }
904
905 /* protocol version check */
906 version = lowlevel_integer_to_host(bytes + TLS_RECORD_OFFSET_VERSION, 2);
907 if (version < TLS_PROTOCOL_VERSION_1_0) {
908 SIPE_DEBUG_ERROR_NOFORMAT("tls_record_parse: SSL1/2/3 not supported");
909 success = FALSE;
910 break;
911 }
912 switch (version) {
913 case TLS_PROTOCOL_VERSION_1_0:
914 version_str = "1.0 (RFC2246)";
915 break;
916 case TLS_PROTOCOL_VERSION_1_1:
917 version_str = "1.1 (RFC4346)";
918 break;
919 case TLS_PROTOCOL_VERSION_1_2:
920 version_str = "1.2 (RFC5246)";
921 break;
922 default:
923 version_str = "<future protocol version>";
924 break;
925 }
926
927 /* record length check */
928 record_length = TLS_RECORD_HEADER_LENGTH +
929 lowlevel_integer_to_host(bytes + TLS_RECORD_OFFSET_LENGTH, 2);
930 if (record_length > length) {
931 SIPE_DEBUG_ERROR_NOFORMAT("tls_record_parse: record too long");
932 success = FALSE;
933 break;
934 }
935
936 /* TLS record header OK */
937 debug_printf(state, "TLS %s record (%" G_GSIZE_FORMAT " bytes)\n",
938 version_str, record_length);
939 state->msg_current = (guchar *) bytes + TLS_RECORD_HEADER_LENGTH;
940 state->msg_remainder = record_length - TLS_RECORD_HEADER_LENGTH;
941
942 /* Analyzer only needs the debugging functions */
943 #ifndef _SIPE_COMPILING_ANALYZER
944 /* Add incoming message contents to digest contexts */
945 if (incoming) {
946 sipe_digest_md5_update(state->md5_context,
947 state->msg_current,
948 state->msg_remainder);
949 sipe_digest_sha1_update(state->sha1_context,
950 state->msg_current,
951 state->msg_remainder);
952 }
953 #endif /* !_SIPE_COMPILING_ANALYZER */
954
955 switch (bytes[TLS_RECORD_OFFSET_TYPE]) {
956 case TLS_RECORD_TYPE_CHANGE_CIPHER_SPEC:
957 debug_print(state, "Change Cipher Spec\n");
958 if (incoming) state->encrypted = TRUE;
959 break;
960
961 case TLS_RECORD_TYPE_HANDSHAKE:
962 if (incoming && state->encrypted) {
963 debug_print(state, "Encrypted handshake message\n");
964 debug_hex(state, 0);
965 } else {
966 success = handshake_parse(state);
967 }
968 break;
969
970 default:
971 debug_print(state, "Unsupported TLS message\n");
972 debug_hex(state, 0);
973 break;
974 }
975
976 /* next fragment */
977 bytes += record_length;
978 length -= record_length;
979 }
980
981 if (!success)
982 free_parse_data(state);
983
984 if (state->debug) {
985 SIPE_DEBUG_INFO_NOFORMAT(state->debug->str);
986 g_string_truncate(state->debug, 0);
987 }
988
989 return(success);
990 }
991
992 /* Analyzer only needs the debugging functions */
993 #ifndef _SIPE_COMPILING_ANALYZER
994
995 /*
996 * TLS message compiler
997 */
998 static void compile_tls_record(struct tls_internal_state *state,
999 ...)
1000 {
1001 gsize total_size = 0;
1002 guchar *current;
1003 va_list ap;
1004
1005 /* calculate message size */
1006 va_start(ap, state);
1007 while (1) {
1008 const struct tls_compiled_message *msg = va_arg(ap, struct tls_compiled_message *);
1009 if (!msg) break;
1010 total_size += msg->size;
1011 }
1012 va_end(ap);
1013
1014 SIPE_DEBUG_INFO("compile_tls_record: total size %" G_GSIZE_FORMAT,
1015 total_size);
1016
1017 state->common.out_buffer = current = g_malloc(total_size + TLS_RECORD_HEADER_LENGTH);
1018 state->common.out_length = total_size + TLS_RECORD_HEADER_LENGTH;
1019
1020 /* add TLS record header */
1021 current[TLS_RECORD_OFFSET_TYPE] = TLS_RECORD_TYPE_HANDSHAKE;
1022 lowlevel_integer_to_tls(current + TLS_RECORD_OFFSET_VERSION, 2,
1023 TLS_PROTOCOL_VERSION_1_0);
1024 lowlevel_integer_to_tls(current + TLS_RECORD_OFFSET_LENGTH, 2,
1025 total_size);
1026 current += TLS_RECORD_HEADER_LENGTH;
1027
1028 /* copy messages */
1029 va_start(ap, state);
1030 while (1) {
1031 const struct tls_compiled_message *msg = va_arg(ap, struct tls_compiled_message *);
1032 if (!msg) break;
1033
1034 memcpy(current, msg->data, msg->size);
1035 current += msg->size;
1036 }
1037 va_end(ap);
1038 }
1039
1040 static void compile_encrypted_tls_record(struct tls_internal_state *state,
1041 const struct tls_compiled_message *msg)
1042 {
1043 guchar *plaintext;
1044 gsize plaintext_length;
1045 guchar *mac;
1046 gsize mac_length;
1047 guchar *message;
1048 guchar *encrypted;
1049 gsize encrypted_length;
1050
1051 /* Create plaintext TLS record */
1052 compile_tls_record(state, msg, NULL);
1053 plaintext = state->common.out_buffer;
1054 plaintext_length = state->common.out_length;
1055 if (plaintext_length == 0) /* make Coverity happy */
1056 return;
1057
1058 /* Prepare encryption buffer */
1059 encrypted_length = plaintext_length + state->mac_length;
1060 SIPE_DEBUG_INFO("compile_encrypted_tls_record: total size %" G_GSIZE_FORMAT,
1061 encrypted_length - TLS_RECORD_HEADER_LENGTH);
1062 message = g_malloc(encrypted_length);
1063 memcpy(message, plaintext, plaintext_length);
1064 lowlevel_integer_to_tls(message + TLS_RECORD_OFFSET_LENGTH, 2,
1065 encrypted_length - TLS_RECORD_HEADER_LENGTH);
1066
1067 /*
1068 * Calculate MAC
1069 *
1070 * HMAC_hash(client_write_mac_secret,
1071 * sequence_number + type + version + length + fragment)
1072 * \--- == original TLS record ---/
1073 */
1074 mac_length = sizeof(guint64) + plaintext_length;
1075 mac = g_malloc(mac_length);
1076 lowlevel_integer_to_tls(mac,
1077 sizeof(guint64),
1078 state->sequence_number++);
1079 memcpy(mac + sizeof(guint64), plaintext, plaintext_length);
1080 g_free(plaintext);
1081 state->mac_func(state->client_write_mac_secret,
1082 state->mac_length,
1083 mac,
1084 mac_length,
1085 message + plaintext_length);
1086 g_free(mac);
1087
1088 /* Encrypt message + MAC */
1089 encrypted = g_malloc(encrypted_length);
1090 memcpy(encrypted, message, TLS_RECORD_HEADER_LENGTH);
1091 sipe_crypt_tls_stream(state->cipher_context,
1092 message + TLS_RECORD_HEADER_LENGTH,
1093 encrypted_length - TLS_RECORD_HEADER_LENGTH,
1094 encrypted + TLS_RECORD_HEADER_LENGTH);
1095 g_free(message);
1096
1097 /* swap buffers */
1098 state->common.out_buffer = encrypted;
1099 state->common.out_length = encrypted_length;
1100 }
1101
1102 static struct tls_compiled_message *compile_handshake_msg(struct tls_internal_state *state,
1103 const struct msg_descriptor *desc,
1104 gpointer data,
1105 gsize size)
1106 {
1107 /*
1108 * Estimate the size of the compiled message
1109 *
1110 * The data structures in the host format have zero or more padding
1111 * bytes added by the compiler to ensure correct element alignments.
1112 * So the sizeof() of the data structure is always equal or greater
1113 * than the space needed for the compiled data. By adding the space
1114 * required for the headers we arrive at a safe estimate
1115 *
1116 * Therefore we don't need space checks in the compiler functions
1117 */
1118 gsize total_size = sizeof(struct tls_compiled_message) +
1119 size + TLS_HANDSHAKE_HEADER_LENGTH;
1120 struct tls_compiled_message *msg = g_malloc(total_size);
1121 guchar *handshake = msg->data;
1122 const struct layout_descriptor *ldesc = desc->layouts;
1123 gsize length;
1124
1125 SIPE_DEBUG_INFO("compile_handshake_msg: buffer size %" G_GSIZE_FORMAT,
1126 total_size);
1127
1128 /* add TLS handshake header */
1129 handshake[TLS_HANDSHAKE_OFFSET_TYPE] = desc->type;
1130 state->msg_current = handshake + TLS_HANDSHAKE_HEADER_LENGTH;
1131
1132 while (TLS_LAYOUT_IS_VALID(ldesc)) {
1133 /*
1134 * Avoid "cast increases required alignment" errors
1135 *
1136 * (void *) tells the compiler that we know what we're
1137 * doing, i.e. we know that the calculated address
1138 * points to correctly aligned data.
1139 */
1140 ldesc->compiler(state, ldesc,
1141 (void *) ((guchar *) data + ldesc->offset));
1142 ldesc++;
1143 }
1144
1145 length = state->msg_current - handshake - TLS_HANDSHAKE_HEADER_LENGTH;
1146 lowlevel_integer_to_tls(handshake + TLS_HANDSHAKE_OFFSET_LENGTH,
1147 3, length);
1148 SIPE_DEBUG_INFO("compile_handshake_msg: (%d)%s, size %" G_GSIZE_FORMAT,
1149 desc->type, desc->description, length);
1150
1151 msg->size = length + TLS_HANDSHAKE_HEADER_LENGTH;
1152
1153 /* update digest contexts */
1154 sipe_digest_md5_update(state->md5_context, handshake, msg->size);
1155 sipe_digest_sha1_update(state->sha1_context, handshake, msg->size);
1156
1157 return(msg);
1158 }
1159
1160 /*
1161 * Specific TLS data verficiation & message compilers
1162 */
1163 static struct tls_compiled_message *tls_client_certificate(struct tls_internal_state *state)
1164 {
1165 struct Certificate_host *certificate;
1166 gsize certificate_length = sipe_cert_crypto_raw_length(state->certificate);
1167 struct tls_compiled_message *msg;
1168
1169 /* setup our response */
1170 /* Client Certificate is VECTOR_MAX24 of VECTOR_MAX24s */
1171 certificate = g_malloc0(sizeof(struct Certificate_host) + 3 +
1172 certificate_length);
1173 certificate->certificate.elements = certificate_length + 3;
1174 lowlevel_integer_to_tls((guchar *) certificate->certificate.placeholder, 3,
1175 certificate_length);
1176 memcpy((guchar *) certificate->certificate.placeholder + 3,
1177 sipe_cert_crypto_raw(state->certificate),
1178 certificate_length);
1179
1180 msg = compile_handshake_msg(state, &Certificate_m, certificate,
1181 sizeof(struct Certificate_host) + certificate_length + 3);
1182 g_free(certificate);
1183
1184 return(msg);
1185 }
1186
1187 static gboolean check_cipher_suite(struct tls_internal_state *state)
1188 {
1189 struct tls_parsed_integer *cipher_suite = g_hash_table_lookup(state->data,
1190 "CipherSuite");
1191 const gchar *label_mac = NULL;
1192 const gchar *label_cipher = NULL;
1193
1194 if (!cipher_suite) {
1195 SIPE_DEBUG_ERROR_NOFORMAT("check_cipher_suite: server didn't specify the cipher suite");
1196 return(FALSE);
1197 }
1198
1199 switch (cipher_suite->value) {
1200 case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
1201 state->mac_length = SIPE_DIGEST_HMAC_MD5_LENGTH;
1202 state->key_length = 40 / 8;
1203 state->mac_func = sipe_digest_hmac_md5;
1204 label_mac = "MD5";
1205 label_cipher = "RC4";
1206 state->common.algorithm = SIPE_TLS_DIGEST_ALGORITHM_MD5;
1207 state->cipher_type = SIPE_CRYPT_STREAM_RC4;
1208 break;
1209
1210 case TLS_RSA_WITH_RC4_128_MD5:
1211 state->mac_length = SIPE_DIGEST_HMAC_MD5_LENGTH;
1212 state->key_length = 128 / 8;
1213 state->mac_func = sipe_digest_hmac_md5;
1214 label_mac = "MD5";
1215 label_cipher = "RC4";
1216 state->common.algorithm = SIPE_TLS_DIGEST_ALGORITHM_MD5;
1217 state->cipher_type = SIPE_CRYPT_STREAM_RC4;
1218 break;
1219
1220 case TLS_RSA_WITH_RC4_128_SHA:
1221 state->mac_length = SIPE_DIGEST_HMAC_SHA1_LENGTH;
1222 state->key_length = 128 / 8;
1223 state->mac_func = sipe_digest_hmac_sha1;
1224 label_mac = "SHA-1";
1225 label_cipher = "RC4";
1226 state->common.algorithm = SIPE_TLS_DIGEST_ALGORITHM_SHA1;
1227 state->cipher_type = SIPE_CRYPT_STREAM_RC4;
1228 break;
1229
1230 case TLS_RSA_WITH_AES_128_CBC_SHA:
1231 state->mac_length = SIPE_DIGEST_HMAC_SHA1_LENGTH;
1232 state->key_length = 128 / 8;
1233 state->mac_func = sipe_digest_hmac_sha1;
1234 label_mac = "SHA-1";
1235 label_cipher = "AES-CBC";
1236 state->common.algorithm = SIPE_TLS_DIGEST_ALGORITHM_SHA1;
1237 state->cipher_type = SIPE_CRYPT_STREAM_AES_CBC;
1238 break;
1239
1240 case TLS_RSA_WITH_AES_256_CBC_SHA:
1241 state->mac_length = SIPE_DIGEST_HMAC_SHA1_LENGTH;
1242 state->key_length = 256 / 8;
1243 state->mac_func = sipe_digest_hmac_sha1;
1244 label_mac = "SHA-1";
1245 label_cipher = "AES-CBC";
1246 state->common.algorithm = SIPE_TLS_DIGEST_ALGORITHM_SHA1;
1247 state->cipher_type = SIPE_CRYPT_STREAM_AES_CBC;
1248 break;
1249
1250 default:
1251 SIPE_DEBUG_ERROR("check_cipher_suite: unsupported cipher suite %d",
1252 cipher_suite->value);
1253 break;
1254 }
1255
1256 if (label_cipher && label_mac)
1257 SIPE_DEBUG_INFO("check_cipher_suite: KEY(stream cipher %s) %" G_GSIZE_FORMAT ", MAC(%s) %" G_GSIZE_FORMAT,
1258 label_cipher, state->key_length,
1259 label_mac, state->mac_length);
1260
1261 return(label_cipher && label_mac);
1262 }
1263
1264 static void tls_calculate_secrets(struct tls_internal_state *state)
1265 {
1266 gsize length = 2 * (state->mac_length + state->key_length);
1267 guchar *random;
1268
1269 /* Generate pre-master secret */
1270 sipe_tls_fill_random(&state->pre_master_secret,
1271 TLS_ARRAY_MASTER_SECRET_LENGTH * 8); /* bits */
1272 lowlevel_integer_to_tls(state->pre_master_secret.buffer, 2,
1273 TLS_PROTOCOL_VERSION_1_0);
1274 debug_secrets(state, "tls_calculate_secrets: pre-master secret",
1275 state->pre_master_secret.buffer,
1276 state->pre_master_secret.length);
1277
1278 /*
1279 * Calculate master secret
1280 *
1281 * master_secret = PRF(pre_master_secret,
1282 * "master secret",
1283 * ClientHello.random + ServerHello.random)
1284 */
1285 random = g_malloc(TLS_ARRAY_RANDOM_LENGTH * 2);
1286 memcpy(random,
1287 state->client_random.buffer,
1288 TLS_ARRAY_RANDOM_LENGTH);
1289 memcpy(random + TLS_ARRAY_RANDOM_LENGTH,
1290 state->server_random.buffer,
1291 TLS_ARRAY_RANDOM_LENGTH);
1292 state->master_secret = sipe_tls_prf(state,
1293 state->pre_master_secret.buffer,
1294 state->pre_master_secret.length,
1295 (guchar *) "master secret",
1296 13,
1297 random,
1298 TLS_ARRAY_RANDOM_LENGTH * 2,
1299 TLS_ARRAY_MASTER_SECRET_LENGTH);
1300 debug_secrets(state, "tls_calculate_secrets: master secret ",
1301 state->master_secret,
1302 TLS_ARRAY_MASTER_SECRET_LENGTH);
1303
1304 /*
1305 * Calculate session key material
1306 *
1307 * key_block = PRF(master_secret,
1308 * "key expansion",
1309 * ServerHello.random + ClientHello.random)
1310 */
1311 SIPE_DEBUG_INFO("tls_calculate_secrets: key_block length %" G_GSIZE_FORMAT,
1312 length);
1313 memcpy(random,
1314 state->server_random.buffer,
1315 TLS_ARRAY_RANDOM_LENGTH);
1316 memcpy(random + TLS_ARRAY_RANDOM_LENGTH,
1317 state->client_random.buffer,
1318 TLS_ARRAY_RANDOM_LENGTH);
1319 state->key_block = sipe_tls_prf(state,
1320 state->master_secret,
1321 TLS_ARRAY_MASTER_SECRET_LENGTH,
1322 (guchar *) "key expansion",
1323 13,
1324 random,
1325 TLS_ARRAY_RANDOM_LENGTH * 2,
1326 length);
1327 g_free(random);
1328 debug_secrets(state, "tls_calculate_secrets: key block ",
1329 state->key_block, length);
1330
1331 /* partition key block */
1332 state->client_write_mac_secret = state->key_block;
1333 state->server_write_mac_secret = state->key_block + state->mac_length;
1334 state->client_write_secret = state->key_block + 2 * state->mac_length;
1335 state->server_write_secret = state->key_block + 2 * state->mac_length + state->key_length;
1336
1337 /* initialize cipher context */
1338 state->cipher_context = sipe_crypt_tls_start(state->cipher_type,
1339 state->client_write_secret,
1340 state->key_length);
1341 }
1342
1343 #if 0 /* NOT NEEDED? */
1344 /* signing */
1345 static guchar *tls_pkcs1_private_padding(SIPE_UNUSED_PARAMETER struct tls_internal_state *state,
1346 const guchar *data,
1347 gsize data_length,
1348 gsize buffer_length)
1349 {
1350 gsize pad_length;
1351 guchar *pad_buffer;
1352
1353 if (data_length + 3 > buffer_length) ||
1354 (buffer_length == 0)) /* this is dead code, but makes Coverity happy */)
1355 return(NULL);
1356
1357 pad_length = buffer_length - data_length - 3;
1358 pad_buffer = g_malloc(buffer_length);
1359
1360 /* PKCS1 private key block padding */
1361 pad_buffer[0] = 0; /* +1 */
1362 pad_buffer[1] = 1; /* +2 */
1363 memset(pad_buffer + 2, 0xFF, pad_length);
1364 pad_buffer[2 + pad_length] = 0; /* +3 */
1365 memcpy(pad_buffer + 3 + pad_length, data, data_length);
1366
1367 #ifdef __SIPE_TLS_CRYPTO_DEBUG
1368 debug_secrets(state, "tls_pkcs1_private_padding: ",
1369 pad_buffer, buffer_length);
1370 #endif
1371
1372 return(pad_buffer);
1373 }
1374 #endif
1375
1376 /* encryption */
1377 static guchar *tls_pkcs1_public_padding(SIPE_UNUSED_PARAMETER struct tls_internal_state *state,
1378 const guchar *data,
1379 gsize data_length,
1380 gsize buffer_length)
1381 {
1382 gsize pad_length, random_count;
1383 guchar *pad_buffer, *random;
1384
1385 if ((data_length + 3 > buffer_length) ||
1386 (buffer_length == 0)) /* this is dead code, but makes Coverity happy */
1387 return(NULL);
1388
1389 pad_length = buffer_length - data_length - 3;
1390 pad_buffer = g_malloc(buffer_length);
1391
1392 /* PKCS1 public key block padding */
1393 pad_buffer[0] = 0; /* +1 */
1394 pad_buffer[1] = 2; /* +2 */
1395 for (random = pad_buffer + 2, random_count = pad_length;
1396 random_count > 0;
1397 random_count--) {
1398 guchar byte;
1399 /* non-zero random byte */
1400 while ((byte = rand() & 0xFF) == 0);
1401 *random++ = byte;
1402 }
1403 pad_buffer[2 + pad_length] = 0; /* +3 */
1404 memcpy(pad_buffer + 3 + pad_length, data, data_length);
1405
1406 #ifdef __SIPE_TLS_CRYPTO_DEBUG
1407 debug_secrets(state, "tls_pkcs1_private_padding: ",
1408 pad_buffer, buffer_length);
1409 #endif
1410
1411 return(pad_buffer);
1412 }
1413
1414 static struct tls_compiled_message *tls_client_key_exchange(struct tls_internal_state *state)
1415 {
1416 struct tls_parsed_array *server_random;
1417 struct tls_parsed_array *server_certificate;
1418 struct ClientKeyExchange_host *exchange;
1419 gsize server_certificate_length;
1420 guchar *padded;
1421 struct tls_compiled_message *msg;
1422
1423 /* check for required data fields */
1424 if (!check_cipher_suite(state))
1425 return(NULL);
1426 server_random = g_hash_table_lookup(state->data, "Random");
1427 if (!server_random) {
1428 SIPE_DEBUG_ERROR_NOFORMAT("tls_client_key_exchange: no server random");
1429 return(NULL);
1430 }
1431 server_certificate = g_hash_table_lookup(state->data, "Certificate");
1432 /* Server Certificate is VECTOR_MAX24 of VECTOR_MAX24s */
1433 if (!server_certificate || (server_certificate->length < 3)) {
1434 SIPE_DEBUG_ERROR_NOFORMAT("tls_client_key_exchange: no server certificate");
1435 return(FALSE);
1436 }
1437 SIPE_DEBUG_INFO("tls_client_key_exchange: server certificate list %" G_GSIZE_FORMAT" bytes",
1438 server_certificate->length);
1439 /* first certificate is the server certificate */
1440 server_certificate_length = lowlevel_integer_to_host(server_certificate->data,
1441 3);
1442 SIPE_DEBUG_INFO("tls_client_key_exchange: server certificate %" G_GSIZE_FORMAT" bytes",
1443 server_certificate_length);
1444 if ((server_certificate_length + 3) > server_certificate->length) {
1445 SIPE_DEBUG_ERROR_NOFORMAT("tls_client_key_exchange: truncated server certificate");
1446 }
1447 state->server_certificate = sipe_cert_crypto_import(server_certificate->data + 3,
1448 server_certificate_length);
1449 if (!state->server_certificate) {
1450 SIPE_DEBUG_ERROR_NOFORMAT("tls_client_key_exchange: corrupted server certificate");
1451 return(FALSE);
1452 }
1453 /* server public key modulus length */
1454 server_certificate_length = sipe_cert_crypto_modulus_length(state->server_certificate);
1455 if (server_certificate_length < TLS_ARRAY_MASTER_SECRET_LENGTH) {
1456 SIPE_DEBUG_ERROR("tls_client_key_exchange: server public key strength too low (%" G_GSIZE_FORMAT ")",
1457 server_certificate_length);
1458 return(FALSE);
1459 }
1460 SIPE_DEBUG_INFO("tls_client_key_exchange: server public key strength = %" G_GSIZE_FORMAT,
1461 server_certificate_length);
1462
1463 /* found all the required fields */
1464 state->server_random.length = server_random->length;
1465 state->server_random.buffer = g_memdup(server_random->data,
1466 server_random->length);
1467 tls_calculate_secrets(state);
1468
1469 /* ClientKeyExchange */
1470 padded = tls_pkcs1_public_padding(state,
1471 state->pre_master_secret.buffer,
1472 state->pre_master_secret.length,
1473 server_certificate_length);
1474 if (!padded) {
1475 SIPE_DEBUG_ERROR_NOFORMAT("tls_client_key_exchange: padding of pre-master secret failed");
1476 return(NULL);
1477 }
1478 exchange = g_malloc0(sizeof(struct ClientKeyExchange_host) +
1479 server_certificate_length);
1480 exchange->secret.elements = server_certificate_length;
1481 if (!sipe_crypt_rsa_encrypt(sipe_cert_crypto_public_key(state->server_certificate),
1482 server_certificate_length,
1483 padded,
1484 (guchar *) exchange->secret.placeholder)) {
1485 SIPE_DEBUG_ERROR_NOFORMAT("tls_client_key_exchange: encryption of pre-master secret failed");
1486 g_free(exchange);
1487 g_free(padded);
1488 return(NULL);
1489 }
1490 g_free(padded);
1491
1492 #ifdef __SIPE_TLS_CRYPTO_DEBUG
1493 debug_secrets(state, "tls_client_key_exchange: secret (encr) ",
1494 (guchar *) exchange->secret.placeholder,
1495 server_certificate_length);
1496 #endif
1497
1498 msg = compile_handshake_msg(state, &ClientKeyExchange_m, exchange,
1499 sizeof(struct ClientKeyExchange_host) + server_certificate_length);
1500 g_free(exchange);
1501
1502 return(msg);
1503 }
1504
1505 static struct tls_compiled_message *tls_certificate_verify(struct tls_internal_state *state)
1506 {
1507 struct CertificateVerify_host *verify;
1508 struct tls_compiled_message *msg;
1509 guchar *digests = g_malloc(SIPE_DIGEST_MD5_LENGTH + SIPE_DIGEST_SHA1_LENGTH);
1510 guchar *signature;
1511 gsize length;
1512
1513 /* calculate digests */
1514 sipe_digest_md5_end(state->md5_context, digests);
1515 sipe_digest_sha1_end(state->sha1_context, digests + SIPE_DIGEST_MD5_LENGTH);
1516
1517 /* sign digests */
1518 signature = sipe_crypt_rsa_sign(sipe_cert_crypto_private_key(state->certificate),
1519 digests,
1520 SIPE_DIGEST_MD5_LENGTH + SIPE_DIGEST_SHA1_LENGTH,
1521 &length);
1522 g_free(digests);
1523 if (!signature) {
1524 SIPE_DEBUG_ERROR_NOFORMAT("tls_certificate_verify: signing of handshake digests failed");
1525 return(NULL);
1526 }
1527
1528 /* CertificateVerify */
1529 verify = g_malloc0(sizeof(struct CertificateVerify_host) +
1530 length);
1531 verify->signature.elements = length;
1532 memcpy(verify->signature.placeholder, signature, length);
1533 g_free(signature);
1534
1535 msg = compile_handshake_msg(state, &CertificateVerify_m, verify,
1536 sizeof(struct CertificateVerify_host) + length);
1537 g_free(verify);
1538
1539 return(msg);
1540 }
1541
1542 static struct tls_compiled_message *tls_client_finished(struct tls_internal_state *state)
1543 {
1544 guchar *digests = g_malloc(SIPE_DIGEST_MD5_LENGTH + SIPE_DIGEST_SHA1_LENGTH);
1545 guchar *verify;
1546 struct tls_compiled_message *cmsg;
1547 struct Finished_host msg;
1548
1549 /* calculate digests */
1550 sipe_digest_md5_end(state->md5_context, digests);
1551 sipe_digest_sha1_end(state->sha1_context, digests + SIPE_DIGEST_MD5_LENGTH);
1552
1553 /*
1554 * verify_data = PRF(master_secret, "client finished",
1555 * MD5(handshake_messages) +
1556 * SHA-1(handshake_messages)) [0..11];
1557 */
1558 verify = sipe_tls_prf(state,
1559 state->master_secret,
1560 TLS_ARRAY_MASTER_SECRET_LENGTH,
1561 (guchar *) "client finished",
1562 15,
1563 digests,
1564 SIPE_DIGEST_MD5_LENGTH + SIPE_DIGEST_SHA1_LENGTH,
1565 TLS_ARRAY_VERIFY_LENGTH);
1566 g_free(digests);
1567 memcpy(msg.verify.verify, verify, TLS_ARRAY_VERIFY_LENGTH);
1568 g_free(verify);
1569
1570 cmsg = compile_handshake_msg(state, &Finished_m, &msg, sizeof(msg));
1571
1572 return(cmsg);
1573 }
1574
1575 /*
1576 * TLS state handling
1577 */
1578
1579 static gboolean tls_client_hello(struct tls_internal_state *state)
1580 {
1581 guint32 now = time(NULL);
1582 guint32 now_N = GUINT32_TO_BE(now);
1583 struct ClientHello_host msg = {
1584 { TLS_PROTOCOL_VERSION_1_0 },
1585 { 0, { 0 } },
1586 { 0 /* empty SessionID */ },
1587 { 5,
1588 {
1589 TLS_RSA_WITH_RC4_128_MD5,
1590 TLS_RSA_WITH_RC4_128_SHA,
1591 TLS_RSA_WITH_AES_128_CBC_SHA,
1592 TLS_RSA_WITH_AES_256_CBC_SHA,
1593 TLS_RSA_EXPORT_WITH_RC4_40_MD5
1594 }
1595 },
1596 { 1,
1597 {
1598 TLS_COMP_METHOD_NULL
1599 }
1600 }
1601 };
1602 struct tls_compiled_message *cmsg;
1603
1604 /* First 4 bytes of client_random is the current timestamp */
1605 sipe_tls_fill_random(&state->client_random,
1606 TLS_ARRAY_RANDOM_LENGTH * 8); /* -> bits */
1607 memcpy(state->client_random.buffer, &now_N, sizeof(now_N));
1608 memcpy(msg.random.random, state->client_random.buffer,
1609 TLS_ARRAY_RANDOM_LENGTH);
1610
1611 cmsg = compile_handshake_msg(state, &ClientHello_m, &msg, sizeof(msg));
1612 compile_tls_record(state, cmsg, NULL);
1613 g_free(cmsg);
1614
1615 if (sipe_backend_debug_enabled())
1616 state->debug = g_string_new("");
1617
1618 state->state = TLS_HANDSHAKE_STATE_SERVER_HELLO;
1619 return(tls_record_parse(state, FALSE));
1620 }
1621
1622 static gboolean tls_server_hello(struct tls_internal_state *state)
1623 {
1624 struct tls_compiled_message *certificate = NULL;
1625 struct tls_compiled_message *exchange = NULL;
1626 struct tls_compiled_message *verify = NULL;
1627 struct tls_compiled_message *finished = NULL;
1628 gboolean success = FALSE;
1629
1630 if (!tls_record_parse(state, TRUE))
1631 return(FALSE);
1632
1633 if (((certificate = tls_client_certificate(state)) != NULL) &&
1634 ((exchange = tls_client_key_exchange(state)) != NULL) &&
1635 ((verify = tls_certificate_verify(state)) != NULL) &&
1636 ((finished = tls_client_finished(state)) != NULL)) {
1637
1638 /* Part 1 */
1639 compile_tls_record(state, certificate, exchange, verify, NULL);
1640
1641 success = tls_record_parse(state, FALSE);
1642 if (success) {
1643 guchar *part1 = state->common.out_buffer;
1644 gsize part1_length = state->common.out_length;
1645 guchar *part3;
1646 gsize part3_length;
1647 guchar *merged;
1648 gsize length;
1649 /* ChangeCipherSpec is always the same */
1650 static const guchar part2[] = {
1651 TLS_RECORD_TYPE_CHANGE_CIPHER_SPEC,
1652 (TLS_PROTOCOL_VERSION_1_0 >> 8) & 0xFF,
1653 TLS_PROTOCOL_VERSION_1_0 & 0xFF,
1654 0x00, 0x01, /* length: 1 byte */
1655 0x01 /* change_cipher_spec(1) */
1656 };
1657
1658 state->common.out_buffer = NULL;
1659
1660 /* Part 3 - this is the first encrypted record */
1661 compile_encrypted_tls_record(state, finished);
1662 part3 = state->common.out_buffer;
1663 part3_length = state->common.out_length;
1664
1665 /* merge TLS records */
1666 length = part1_length + sizeof(part2) + part3_length;
1667 merged = g_malloc(length);
1668
1669 memcpy(merged, part1, part1_length);
1670 memcpy(merged + part1_length, part2, sizeof(part2));
1671 memcpy(merged + part1_length + sizeof(part2), part3, part3_length);
1672 g_free(part3);
1673 g_free(part1);
1674
1675 /* replace output buffer with merged message */
1676 state->common.out_buffer = merged;
1677 state->common.out_length = length;
1678
1679 state->state = TLS_HANDSHAKE_STATE_FINISHED;
1680 }
1681 }
1682
1683 g_free(finished);
1684 g_free(verify);
1685 g_free(exchange);
1686 g_free(certificate);
1687 free_parse_data(state);
1688
1689 return(success);
1690 }
1691
1692 static gboolean tls_finished(struct tls_internal_state *state)
1693 {
1694 guchar *random;
1695
1696 if (!tls_record_parse(state, TRUE))
1697 return(FALSE);
1698
1699 /* we don't need the data */
1700 free_parse_data(state);
1701
1702 /*
1703 * Calculate session keys [MS-SIPAE section 3.2.5.1]
1704 *
1705 * key_material = PRF (master_secret,
1706 * "client EAP encryption",
1707 * ClientHello.random + ServerHello.random)[128]
1708 * = 4 x 32 Bytes
1709 *
1710 * client key = key_material[3rd 32 Bytes]
1711 * server key = key_material[4th 32 Bytes]
1712 */
1713 random = g_malloc(TLS_ARRAY_RANDOM_LENGTH * 2);
1714 memcpy(random,
1715 state->client_random.buffer,
1716 TLS_ARRAY_RANDOM_LENGTH);
1717 memcpy(random + TLS_ARRAY_RANDOM_LENGTH,
1718 state->server_random.buffer,
1719 TLS_ARRAY_RANDOM_LENGTH);
1720 state->tls_dsk_key_block = sipe_tls_prf(state,
1721 state->master_secret,
1722 TLS_ARRAY_MASTER_SECRET_LENGTH,
1723 (guchar *) "client EAP encryption",
1724 21,
1725 random,
1726 TLS_ARRAY_RANDOM_LENGTH * 2,
1727 4 * 32);
1728 g_free(random);
1729
1730 #ifdef __SIPE_TLS_CRYPTO_DEBUG
1731 debug_secrets(state, "tls_finished: TLS-DSK key block ",
1732 state->tls_dsk_key_block, 4 * 32);
1733 #endif
1734
1735 state->common.client_key = state->tls_dsk_key_block + 2 * 32;
1736 state->common.server_key = state->tls_dsk_key_block + 3 * 32;
1737 state->common.key_length = 32;
1738
1739 debug_secrets(state, "tls_finished: TLS-DSK client key ",
1740 state->common.client_key,
1741 state->common.key_length);
1742 debug_secrets(state, "tls_finished: TLS-DSK server key ",
1743 state->common.server_key,
1744 state->common.key_length);
1745
1746 state->common.out_buffer = NULL;
1747 state->common.out_length = 0;
1748 state->state = TLS_HANDSHAKE_STATE_COMPLETED;
1749
1750 return(TRUE);
1751 }
1752
1753 /*
1754 * TLS public API
1755 */
1756
1757 struct sipe_tls_state *sipe_tls_start(gpointer certificate)
1758 {
1759 struct tls_internal_state *state;
1760
1761 if (!certificate)
1762 return(NULL);
1763
1764 state = g_new0(struct tls_internal_state, 1);
1765 state->certificate = certificate;
1766 state->state = TLS_HANDSHAKE_STATE_START;
1767 state->md5_context = sipe_digest_md5_start();
1768 state->sha1_context = sipe_digest_sha1_start();
1769 state->common.algorithm = SIPE_TLS_DIGEST_ALGORITHM_NONE;
1770
1771 return((struct sipe_tls_state *) state);
1772 }
1773
1774 gboolean sipe_tls_next(struct sipe_tls_state *state)
1775 {
1776 /* Avoid "cast increases required alignment" errors */
1777 struct tls_internal_state *internal = (void *) state;
1778 gboolean success = FALSE;
1779
1780 if (!state)
1781 return(FALSE);
1782
1783 state->out_buffer = NULL;
1784
1785 switch (internal->state) {
1786 case TLS_HANDSHAKE_STATE_START:
1787 success = tls_client_hello(internal);
1788 break;
1789
1790 case TLS_HANDSHAKE_STATE_SERVER_HELLO:
1791 success = tls_server_hello(internal);
1792 break;
1793
1794 case TLS_HANDSHAKE_STATE_FINISHED:
1795 success = tls_finished(internal);
1796 break;
1797
1798 case TLS_HANDSHAKE_STATE_COMPLETED:
1799 case TLS_HANDSHAKE_STATE_FAILED:
1800 /* This should not happen */
1801 SIPE_DEBUG_ERROR_NOFORMAT("sipe_tls_next: called in incorrect state!");
1802 break;
1803 }
1804
1805 if (!success) {
1806 internal->state = TLS_HANDSHAKE_STATE_FAILED;
1807 }
1808
1809 return(success);
1810 }
1811
1812 guint sipe_tls_expires(struct sipe_tls_state *state)
1813 {
1814 /* Avoid "cast increases required alignment" errors */
1815 struct tls_internal_state *internal = (void *) state;
1816
1817 if (!state)
1818 return(0);
1819
1820 return(sipe_cert_crypto_expires(internal->certificate));
1821 }
1822
1823 void sipe_tls_free(struct sipe_tls_state *state)
1824 {
1825 if (state) {
1826 /* Avoid "cast increases required alignment" errors */
1827 struct tls_internal_state *internal = (void *) state;
1828
1829 free_parse_data(internal);
1830 if (internal->debug)
1831 g_string_free(internal->debug, TRUE);
1832 g_free(internal->tls_dsk_key_block);
1833 g_free(internal->key_block);
1834 g_free(internal->master_secret);
1835 sipe_tls_free_random(&internal->pre_master_secret);
1836 sipe_tls_free_random(&internal->client_random);
1837 sipe_tls_free_random(&internal->server_random);
1838 if (internal->cipher_context)
1839 sipe_crypt_tls_destroy(internal->cipher_context);
1840 if (internal->md5_context)
1841 sipe_digest_md5_destroy(internal->md5_context);
1842 if (internal->sha1_context)
1843 sipe_digest_sha1_destroy(internal->sha1_context);
1844 sipe_cert_crypto_destroy(internal->server_certificate);
1845 g_free(state->out_buffer);
1846 g_free(state);
1847 }
1848 }
1849
1850 #endif /* !_SIPE_COMPILING_ANALYZER */
1851
1852 /*
1853 Local Variables:
1854 mode: c
1855 c-file-style: "bsd"
1856 indent-tabs-mode: t
1857 tab-width: 8
1858 End:
1859 */
A third-party Pidgin plugin for Microsoft LCS/OCS