mirror of
https://github.com/esp8266/Arduino.git
synced 2025-06-16 11:21:18 +03:00
* Tightened up the buffer sizes
* Removed support for TLS1.0. git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@267 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich
committed by
Yasuki Ikeuchi
Yasuki Ikeuchi
parent
871a70e495
commit
f599ff830e
78
ssl/tls1.c
78
ssl/tls1.c
@ -704,39 +704,27 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
|
||||
*/
|
||||
static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
|
||||
{
|
||||
uint8_t hmac_buf[128];
|
||||
uint8_t hmac_buf[SHA256_SIZE]; // size of largest digest
|
||||
int hmac_offset;
|
||||
|
||||
if (ssl->cipher_info->padding_size)
|
||||
{
|
||||
int last_blk_size = buf[read_len-1], i;
|
||||
hmac_offset = read_len-last_blk_size-ssl->cipher_info->digest_size-1;
|
||||
int last_blk_size = buf[read_len-1], i;
|
||||
hmac_offset = read_len-last_blk_size-ssl->cipher_info->digest_size-1;
|
||||
|
||||
/* guard against a timing attack - make sure we do the digest */
|
||||
if (hmac_offset < 0)
|
||||
{
|
||||
hmac_offset = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* already looked at last byte */
|
||||
for (i = 1; i < last_blk_size; i++)
|
||||
{
|
||||
if (buf[read_len-i] != last_blk_size)
|
||||
{
|
||||
hmac_offset = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
/* guard against a timing attack - make sure we do the digest */
|
||||
if (hmac_offset < 0)
|
||||
{
|
||||
hmac_offset = 0;
|
||||
}
|
||||
else /* stream cipher */
|
||||
else
|
||||
{
|
||||
hmac_offset = read_len - ssl->cipher_info->digest_size;
|
||||
|
||||
if (hmac_offset < 0)
|
||||
/* already looked at last byte */
|
||||
for (i = 1; i < last_blk_size; i++)
|
||||
{
|
||||
hmac_offset = 0;
|
||||
if (buf[read_len-i] != last_blk_size)
|
||||
{
|
||||
hmac_offset = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -759,7 +747,7 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
|
||||
*/
|
||||
void add_packet(SSL *ssl, const uint8_t *pkt, int len)
|
||||
{
|
||||
// TLS1.2
|
||||
// TLS1.2+
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 || ssl->version == 0)
|
||||
{
|
||||
SHA256_Update(&ssl->dc->sha256_ctx, pkt, len);
|
||||
@ -780,7 +768,7 @@ void add_packet(SSL *ssl, const uint8_t *pkt, int len)
|
||||
static void p_hash_md5(const uint8_t *sec, int sec_len,
|
||||
uint8_t *seed, int seed_len, uint8_t *out, int olen)
|
||||
{
|
||||
uint8_t a1[128];
|
||||
uint8_t a1[MD5_SIZE+77];
|
||||
|
||||
/* A(1) */
|
||||
hmac_md5(seed, seed_len, sec, sec_len, a1);
|
||||
@ -808,7 +796,7 @@ static void p_hash_md5(const uint8_t *sec, int sec_len,
|
||||
static void p_hash_sha1(const uint8_t *sec, int sec_len,
|
||||
uint8_t *seed, int seed_len, uint8_t *out, int olen)
|
||||
{
|
||||
uint8_t a1[128];
|
||||
uint8_t a1[SHA1_SIZE+77];
|
||||
|
||||
/* A(1) */
|
||||
hmac_sha1(seed, seed_len, sec, sec_len, a1);
|
||||
@ -836,7 +824,7 @@ static void p_hash_sha1(const uint8_t *sec, int sec_len,
|
||||
static void p_hash_sha256(const uint8_t *sec, int sec_len,
|
||||
uint8_t *seed, int seed_len, uint8_t *out, int olen)
|
||||
{
|
||||
uint8_t a1[128];
|
||||
uint8_t a1[SHA256_SIZE+77];
|
||||
|
||||
/* A(1) */
|
||||
hmac_sha256(seed, seed_len, sec, sec_len, a1);
|
||||
@ -865,7 +853,7 @@ static void prf(SSL *ssl, const uint8_t *sec, int sec_len,
|
||||
uint8_t *seed, int seed_len,
|
||||
uint8_t *out, int olen)
|
||||
{
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
|
||||
{
|
||||
p_hash_sha256(sec, sec_len, seed, seed_len, out, olen);
|
||||
}
|
||||
@ -895,7 +883,7 @@ static void prf(SSL *ssl, const uint8_t *sec, int sec_len,
|
||||
*/
|
||||
void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
|
||||
{
|
||||
uint8_t buf[128];
|
||||
uint8_t buf[77];
|
||||
//print_blob("premaster secret", premaster_secret, 48);
|
||||
strcpy((char *)buf, "master secret");
|
||||
memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
|
||||
@ -916,7 +904,7 @@ static void generate_key_block(SSL *ssl,
|
||||
uint8_t *client_random, uint8_t *server_random,
|
||||
uint8_t *master_secret, uint8_t *key_block, int key_block_size)
|
||||
{
|
||||
uint8_t buf[128];
|
||||
uint8_t buf[77];
|
||||
strcpy((char *)buf, "key expansion");
|
||||
memcpy(&buf[13], server_random, SSL_RANDOM_SIZE);
|
||||
memcpy(&buf[45], client_random, SSL_RANDOM_SIZE);
|
||||
@ -930,7 +918,7 @@ static void generate_key_block(SSL *ssl,
|
||||
*/
|
||||
int finished_digest(SSL *ssl, const char *label, uint8_t *digest)
|
||||
{
|
||||
uint8_t mac_buf[128];
|
||||
uint8_t mac_buf[SHA1_SIZE+MD5_SIZE+15];
|
||||
uint8_t *q = mac_buf;
|
||||
int dgst_len;
|
||||
|
||||
@ -940,7 +928,7 @@ int finished_digest(SSL *ssl, const char *label, uint8_t *digest)
|
||||
q += strlen(label);
|
||||
}
|
||||
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
|
||||
{
|
||||
SHA256_CTX sha256_ctx = ssl->dc->sha256_ctx; // interim copy
|
||||
SHA256_Final(q, &sha256_ctx);
|
||||
@ -1140,8 +1128,7 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
|
||||
&ssl->bm_data[msg_length]);
|
||||
msg_length += ssl->cipher_info->digest_size;
|
||||
|
||||
/* add padding? */
|
||||
if (ssl->cipher_info->padding_size)
|
||||
/* add padding */
|
||||
{
|
||||
int last_blk_size = msg_length%ssl->cipher_info->padding_size;
|
||||
int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
|
||||
@ -1158,8 +1145,6 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
|
||||
increment_write_sequence(ssl);
|
||||
|
||||
/* add the explicit IV for TLS1.1 */
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1 &&
|
||||
ssl->cipher_info->iv_size)
|
||||
{
|
||||
uint8_t iv_size = ssl->cipher_info->iv_size;
|
||||
uint8_t *t_buf = malloc(msg_length + iv_size);
|
||||
@ -1373,13 +1358,8 @@ int basic_read(SSL *ssl, uint8_t **in_data)
|
||||
if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
|
||||
{
|
||||
ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
|
||||
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1 &&
|
||||
ssl->cipher_info->iv_size)
|
||||
{
|
||||
buf += ssl->cipher_info->iv_size;
|
||||
read_len -= ssl->cipher_info->iv_size;
|
||||
}
|
||||
buf += ssl->cipher_info->iv_size;
|
||||
read_len -= ssl->cipher_info->iv_size;
|
||||
|
||||
read_len = verify_digest(ssl,
|
||||
is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
|
||||
@ -1564,7 +1544,7 @@ int send_change_cipher_spec(SSL *ssl)
|
||||
*/
|
||||
int send_finished(SSL *ssl)
|
||||
{
|
||||
uint8_t buf[128] = {
|
||||
uint8_t buf[SHA1_SIZE+MD5_SIZE+15+4] = {
|
||||
HS_FINISHED, 0, 0, SSL_FINISHED_HASH_SIZE };
|
||||
|
||||
/* now add the finished digest mac (12 bytes) */
|
||||
@ -1725,9 +1705,11 @@ int send_certificate(SSL *ssl)
|
||||
buf[1] = 0;
|
||||
buf[4] = 0;
|
||||
|
||||
/* spec says we must check if the hash/sig algorithm is OK */
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 &&
|
||||
((ret = check_certificate_chain(ssl)) != SSL_OK))
|
||||
{
|
||||
ret = SSL_ERROR_INVALID_CERT_HASH_ALG;
|
||||
goto error;
|
||||
}
|
||||
|
||||
|
||||
@ -47,9 +47,8 @@ extern "C" {
|
||||
#include "crypto.h"
|
||||
#include "crypto_misc.h"
|
||||
|
||||
#define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */
|
||||
#define SSL_PROTOCOL_MIN_VERSION 0x32 /* TLS v1.1 */
|
||||
#define SSL_PROTOCOL_VERSION_MAX 0x33 /* TLS v1.2 */
|
||||
#define SSL_PROTOCOL_VERSION_TLS1_1 0x32 /* TLS v1.1 */
|
||||
#define SSL_PROTOCOL_VERSION_TLS1_2 0x33 /* TLS v1.2 */
|
||||
#define SSL_RANDOM_SIZE 32
|
||||
#define SSL_SECRET_SIZE 48
|
||||
|
||||
@ -37,14 +37,14 @@
|
||||
|
||||
#ifdef CONFIG_SSL_ENABLE_CLIENT /* all commented out if no client */
|
||||
|
||||
/* support sha512/384/256/1 rsa */
|
||||
/* support sha512/384/256/1 RSA */
|
||||
static const uint8_t g_sig_alg[] = {
|
||||
0x00, 0x0e,
|
||||
0x00, SIG_ALG_EXTENSION,
|
||||
0x00, 0x0a, 0x00, 0x08,
|
||||
SIG_ALG_SHA256, SIG_ALG_RSA,
|
||||
SIG_ALG_SHA512, SIG_ALG_RSA,
|
||||
SIG_ALG_SHA384, SIG_ALG_RSA,
|
||||
SIG_ALG_SHA256, SIG_ALG_RSA,
|
||||
SIG_ALG_SHA1, SIG_ALG_RSA
|
||||
};
|
||||
|
||||
@ -245,7 +245,7 @@ static int send_client_hello(SSL *ssl)
|
||||
buf[offset++] = 0;
|
||||
|
||||
/* send the signature algorithm extension for TLS 1.2+ */
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)
|
||||
{
|
||||
memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg));
|
||||
offset += sizeof(g_sig_alg);
|
||||
@ -390,7 +390,7 @@ static int process_cert_req(SSL *ssl)
|
||||
ssl->next_state = HS_SERVER_HELLO_DONE;
|
||||
SET_SSL_FLAG(SSL_HAS_CERT_REQ);
|
||||
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
|
||||
{
|
||||
// supported certificate types
|
||||
cert_type_len = buf[offset++];
|
||||
@ -429,7 +429,7 @@ error:
|
||||
static int send_cert_verify(SSL *ssl)
|
||||
{
|
||||
uint8_t *buf = ssl->bm_data;
|
||||
uint8_t dgst[128];
|
||||
uint8_t dgst[SHA1_SIZE+MD5_SIZE+15];
|
||||
RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
|
||||
int n = 0, ret;
|
||||
int offset = 0;
|
||||
@ -443,7 +443,7 @@ static int send_cert_verify(SSL *ssl)
|
||||
buf[0] = HS_CERT_VERIFY;
|
||||
buf[1] = 0;
|
||||
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
|
||||
{
|
||||
buf[4] = SIG_ALG_SHA256;
|
||||
buf[5] = SIG_ALG_RSA;
|
||||
@ -476,7 +476,7 @@ static int send_cert_verify(SSL *ssl)
|
||||
buf[offset+1] = n & 0xff;
|
||||
n += 2;
|
||||
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
|
||||
{
|
||||
n += 2; // sig/alg
|
||||
offset -= 2;
|
||||
|
||||
@ -433,7 +433,7 @@ static const uint8_t g_cert_request_v1[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
|
||||
*/
|
||||
static int send_certificate_request(SSL *ssl)
|
||||
{
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
|
||||
{
|
||||
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
|
||||
g_cert_request, sizeof(g_cert_request));
|
||||
@ -454,7 +454,7 @@ static int process_cert_verify(SSL *ssl)
|
||||
uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
|
||||
int pkt_size = ssl->bm_index;
|
||||
uint8_t dgst_buf[MAX_KEY_BYTE_SIZE];
|
||||
uint8_t dgst[128];
|
||||
uint8_t dgst[MD5_SIZE + SHA1_SIZE];
|
||||
X509_CTX *x509_ctx = ssl->x509_ctx;
|
||||
int ret = SSL_OK;
|
||||
int offset = 6;
|
||||
@ -463,14 +463,14 @@ static int process_cert_verify(SSL *ssl)
|
||||
|
||||
DISPLAY_RSA(ssl, x509_ctx->rsa_ctx);
|
||||
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
|
||||
{
|
||||
// TODO: need to be able to handle another hash type here
|
||||
// TODO: should really need to be able to handle other algorihms. An
|
||||
// assumption is made on RSA/SHA256 and appears to be OK.
|
||||
//uint8_t hash_alg = buf[4];
|
||||
//uint8_t sig_alg = buf[5];
|
||||
offset = 8;
|
||||
rsa_len = (buf[6] << 8) + buf[7];
|
||||
//printf("YO, GOT %d %d\n", hash_alg, sig_alg);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -485,7 +485,7 @@ static int process_cert_verify(SSL *ssl)
|
||||
sizeof(dgst_buf), 0);
|
||||
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
|
||||
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
|
||||
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
|
||||
{
|
||||
if (memcmp(dgst_buf, g_asn1_sha256, sizeof(g_asn1_sha256)))
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user