arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-06-17 22:23:10 +03:00
Code Activity

Server side v1.2 is basically working

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@265 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich
2016-08-11 10:04:13 +00:00
committed by Yasuki Ikeuchi
parent 09619c9340
commit fc6b6b346f
7 changed files with 217 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ssl/crypto_misc.h
View File

@ -125,7 +125,6 @@ const char * x509_display_error(int error);
#define ASN1_EXPLICIT_TAG 0xa0 #define ASN1_EXPLICIT_TAG 0xa0
#define ASN1_V3_DATA 0xa3 #define ASN1_V3_DATA 0xa3
#define SIG_TYPE_MD2 0x02
#define SIG_TYPE_MD5 0x04 #define SIG_TYPE_MD5 0x04
#define SIG_TYPE_SHA1 0x05 #define SIG_TYPE_SHA1 0x05
#define SIG_TYPE_SHA256 0x0b #define SIG_TYPE_SHA256 0x0b

1
ssl/ssl.h
View File

@ -100,6 +100,7 @@ extern "C" {
#define SSL_ERROR_UNSUPPORTED_EXTENSION -264 #define SSL_ERROR_UNSUPPORTED_EXTENSION -264
#define SSL_ERROR_INVALID_SESSION -265 #define SSL_ERROR_INVALID_SESSION -265
#define SSL_ERROR_NO_CIPHER -266 #define SSL_ERROR_NO_CIPHER -266
#define SSL_ERROR_INVALID_CERT_HASH_ALG -267
#define SSL_ERROR_BAD_CERTIFICATE -268 #define SSL_ERROR_BAD_CERTIFICATE -268
#define SSL_ERROR_INVALID_KEY -269 #define SSL_ERROR_INVALID_KEY -269
#define SSL_ERROR_FINISHED_INVALID -271 #define SSL_ERROR_FINISHED_INVALID -271

84
ssl/tls1.c
View File

@ -54,6 +54,7 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void
static int send_raw_packet(SSL *ssl, uint8_t protocol); static int send_raw_packet(SSL *ssl, uint8_t protocol);
static void certificate_free(SSL* ssl); static void certificate_free(SSL* ssl);
static int increase_bm_data_size(SSL *ssl, size_t size); static int increase_bm_data_size(SSL *ssl, size_t size);
static int check_certificate_chain(SSL *ssl);
/** /**
* The server will pick the cipher based on the order that the order that the * The server will pick the cipher based on the order that the order that the
@ -348,6 +349,26 @@ int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
ssl_cert = &ssl_ctx->certs[i]; ssl_cert = &ssl_ctx->certs[i];
ssl_cert->size = len; ssl_cert->size = len;
ssl_cert->buf = (uint8_t *)malloc(len); ssl_cert->buf = (uint8_t *)malloc(len);
switch (cert->sig_type)
{
case SIG_TYPE_SHA1:
ssl_cert->hash_alg = SIG_ALG_SHA1;
break;
case SIG_TYPE_SHA256:
ssl_cert->hash_alg = SIG_ALG_SHA256;
break;
case SIG_TYPE_SHA384:
ssl_cert->hash_alg = SIG_ALG_SHA384;
break;
case SIG_TYPE_SHA512:
ssl_cert->hash_alg = SIG_ALG_SHA512;
break;
}
memcpy(ssl_cert->buf, buf, len); memcpy(ssl_cert->buf, buf, len);
ssl_ctx->chain_length++; ssl_ctx->chain_length++;
len -= offset; len -= offset;
@ -742,18 +763,10 @@ void add_packet(SSL *ssl, const uint8_t *pkt, int len)
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 || ssl->version == 0) if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 || ssl->version == 0)
{ {
SHA256_Update(&ssl->dc->sha256_ctx, pkt, len); SHA256_Update(&ssl->dc->sha256_ctx, pkt, len);
#if 0
uint8_t buf[128];
SHA256_CTX sha256_ctx = ssl->dc->sha256_ctx; // interim copy
SHA256_Final(buf, &sha256_ctx);
print_blob("handshake", buf, 8);
#endif
} }
if (ssl->version < SSL_PROTOCOL_VERSION_TLS1_2 || ssl->version == 0) if (ssl->version < SSL_PROTOCOL_VERSION_TLS1_2)
{ {
uint8_t q[128];
MD5_Update(&ssl->dc->md5_ctx, pkt, len); MD5_Update(&ssl->dc->md5_ctx, pkt, len);
SHA1_Update(&ssl->dc->sha1_ctx, pkt, len); SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
} }
@ -1641,6 +1654,7 @@ int send_alert(SSL *ssl, int error_code)
break; break;
case SSL_X509_ERROR(X509_VFY_ERROR_UNSUPPORTED_DIGEST): case SSL_X509_ERROR(X509_VFY_ERROR_UNSUPPORTED_DIGEST):
case SSL_ERROR_INVALID_CERT_HASH_ALG:
alert_num = SSL_ALERT_UNSUPPORTED_CERTIFICATE; alert_num = SSL_ALERT_UNSUPPORTED_CERTIFICATE;
break; break;
@ -1699,6 +1713,7 @@ error:
*/ */
int send_certificate(SSL *ssl) int send_certificate(SSL *ssl)
{ {
int ret = SSL_OK;
int i = 0; int i = 0;
uint8_t *buf = ssl->bm_data; uint8_t *buf = ssl->bm_data;
int offset = 7; int offset = 7;
@ -1708,6 +1723,12 @@ int send_certificate(SSL *ssl)
buf[1] = 0; buf[1] = 0;
buf[4] = 0; buf[4] = 0;
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 &&
((ret = check_certificate_chain(ssl)) != SSL_OK))
{
goto error;
}
while (i < ssl->ssl_ctx->chain_length) while (i < ssl->ssl_ctx->chain_length)
{ {
SSL_CERT *cert = &ssl->ssl_ctx->certs[i]; SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
@ -1726,7 +1747,10 @@ int send_certificate(SSL *ssl)
buf[2] = chain_length >> 8; /* handshake length */ buf[2] = chain_length >> 8; /* handshake length */
buf[3] = chain_length & 0xff; buf[3] = chain_length & 0xff;
ssl->bm_index = offset; ssl->bm_index = offset;
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset); ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
error:
return ret;
} }
/** /**
@ -1945,6 +1969,42 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
} }
} }
/**
* Check the certificate chain to see if the certs are supported
*/
static int check_certificate_chain(SSL *ssl)
{
int i = 0;
int ret = SSL_OK;
while (i < ssl->ssl_ctx->chain_length)
{
int j = 0;
uint8_t found = 0;
SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
while (j < ssl->num_sig_algs)
{
if (ssl->sig_algs[j++] == cert->hash_alg)
{
found = 1;
break;
}
}
if (!found)
{
ret = SSL_ERROR_INVALID_CERT_HASH_ALG;
goto error;
}
i++;
}
error:
return ret;
}
#ifdef CONFIG_SSL_CERT_VERIFICATION #ifdef CONFIG_SSL_CERT_VERIFICATION
/** /**
* Authenticate a received certificate. * Authenticate a received certificate.
@ -2258,6 +2318,10 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code)
printf("no cipher"); printf("no cipher");
break; break;
case SSL_ERROR_INVALID_CERT_HASH_ALG:
printf("invalid cert hash algorithm");
break;
case SSL_ERROR_CONN_LOST: case SSL_ERROR_CONN_LOST:
printf("connection lost"); printf("connection lost");
break; break;

6
ssl/tls1.h
View File

@ -82,10 +82,9 @@ extern "C" {
#define NUM_PROTOCOLS 4 #define NUM_PROTOCOLS 4
#define MAX_SIG_ALGORITHMS 4
#define SIG_ALG_EXTENSION 0x0d #define SIG_ALG_EXTENSION 0x0d
#define SIG_ALG_MD5 1
#define SIG_ALG_SHA1 2 #define SIG_ALG_SHA1 2
#define SIG_ALG_SHA224 3
#define SIG_ALG_SHA256 4 #define SIG_ALG_SHA256 4
#define SIG_ALG_SHA384 5 #define SIG_ALG_SHA384 5
#define SIG_ALG_SHA512 6 #define SIG_ALG_SHA512 6
@ -150,6 +149,7 @@ typedef struct
{ {
uint8_t *buf; uint8_t *buf;
int size; int size;
uint8_t hash_alg;
} SSL_CERT; } SSL_CERT;
typedef struct typedef struct
@ -188,6 +188,8 @@ struct _SSL
uint16_t bm_index; uint16_t bm_index;
uint16_t bm_read_index; uint16_t bm_read_index;
size_t max_plain_length; size_t max_plain_length;
uint8_t sig_algs[MAX_SIG_ALGORITHMS];
uint8_t num_sig_algs;
struct _SSL *next; /* doubly linked list */ struct _SSL *next; /* doubly linked list */
struct _SSL *prev; struct _SSL *prev;
struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */ struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */

55
ssl/tls1_clnt.c
View File

@ -38,9 +38,15 @@
#ifdef CONFIG_SSL_ENABLE_CLIENT /* all commented out if no client */ #ifdef CONFIG_SSL_ENABLE_CLIENT /* all commented out if no client */
/* support sha512/384/256/1 rsa */ /* support sha512/384/256/1 rsa */
static const uint8_t g_sig_alg[] = { 0x00, 0x08, static const uint8_t g_sig_alg[] = {
0x00, SIG_ALG_EXTENSION, 0x00, 0x04, 0x00, 0x02, 0x00, 0x0e,
SIG_ALG_SHA256, SIG_ALG_RSA }; 0x00, SIG_ALG_EXTENSION,
0x00, 0x0a, 0x00, 0x08,
SIG_ALG_SHA256, SIG_ALG_RSA,
SIG_ALG_SHA512, SIG_ALG_RSA,
SIG_ALG_SHA384, SIG_ALG_RSA,
SIG_ALG_SHA1, SIG_ALG_RSA
};
static const uint8_t g_asn1_sha256[] = static const uint8_t g_asn1_sha256[] =
{ {
@ -238,7 +244,8 @@ static int send_client_hello(SSL *ssl)
buf[offset++] = 1; /* no compression */ buf[offset++] = 1; /* no compression */
buf[offset++] = 0; buf[offset++] = 0;
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2 /* send the signature algorithm extension for TLS 1.2+ */
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)
{ {
memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg)); memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg));
offset += sizeof(g_sig_alg); offset += sizeof(g_sig_alg);
@ -371,17 +378,47 @@ static int process_cert_req(SSL *ssl)
{ {
uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index]; uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
int ret = SSL_OK; int ret = SSL_OK;
int offset = (buf[2] << 4) + buf[3]; int cert_req_size = (buf[2]<<8) + buf[3];
int offset = 4;
int pkt_size = ssl->bm_index; int pkt_size = ssl->bm_index;
uint8_t cert_type_len, sig_alg_len;
PARANOIA_CHECK(pkt_size, offset + cert_req_size);
ssl->dc->bm_proc_index = cert_req_size;
/* don't do any processing - we will send back an RSA certificate anyway */ /* don't do any processing - we will send back an RSA certificate anyway */
ssl->next_state = HS_SERVER_HELLO_DONE; ssl->next_state = HS_SERVER_HELLO_DONE;
SET_SSL_FLAG(SSL_HAS_CERT_REQ); SET_SSL_FLAG(SSL_HAS_CERT_REQ);
ssl->dc->bm_proc_index += offset;
PARANOIA_CHECK(pkt_size, offset);
// don't care about sig/hash algorithm, let server take care of that if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
// (only SHA256/RSA supported) {
// supported certificate types
cert_type_len = buf[offset++];
PARANOIA_CHECK(pkt_size, offset + cert_type_len);
offset += cert_type_len;
// supported signature algorithms
sig_alg_len = buf[offset++] << 8;
sig_alg_len += buf[offset++];
PARANOIA_CHECK(pkt_size, offset + sig_alg_len);
while (sig_alg_len > 0)
{
uint8_t hash_alg = buf[offset++];
uint8_t sig_alg = buf[offset++];
sig_alg_len -= 2;
if (sig_alg == SIG_ALG_RSA &&
(hash_alg == SIG_ALG_SHA1 ||
hash_alg == SIG_ALG_SHA256 ||
hash_alg == SIG_ALG_SHA384 ||
hash_alg == SIG_ALG_SHA512))
{
ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
}
}
}
error: error:
return ret; return ret;
} }

102
ssl/tls1_svr.c
View File

@ -35,6 +35,11 @@
#include "ssl.h" #include "ssl.h"
static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 }; static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 };
static const uint8_t g_asn1_sha256[] =
{
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
};
static int process_client_hello(SSL *ssl); static int process_client_hello(SSL *ssl);
static int send_server_hello_sequence(SSL *ssl); static int send_server_hello_sequence(SSL *ssl);
@ -154,7 +159,7 @@ static int process_client_hello(SSL *ssl)
cs_len = (buf[offset]<<8) + buf[offset+1]; cs_len = (buf[offset]<<8) + buf[offset+1];
offset += 3; /* add 1 due to all cipher suites being 8 bit */ offset += 3; /* add 1 due to all cipher suites being 8 bit */
PARANOIA_CHECK(pkt_size, offset); PARANOIA_CHECK(pkt_size, offset + cs_len);
/* work out what cipher suite we are going to use - client defines /* work out what cipher suite we are going to use - client defines
the preference */ the preference */
@ -165,7 +170,7 @@ static int process_client_hello(SSL *ssl)
if (ssl_prot_prefs[j] == buf[offset+i]) /* got a match? */ if (ssl_prot_prefs[j] == buf[offset+i]) /* got a match? */
{ {
ssl->cipher = ssl_prot_prefs[j]; ssl->cipher = ssl_prot_prefs[j];
goto do_extensions; goto do_compression;
} }
} }
} }
@ -173,8 +178,57 @@ static int process_client_hello(SSL *ssl)
/* ouch! protocol is not supported */ /* ouch! protocol is not supported */
return SSL_ERROR_NO_CIPHER; return SSL_ERROR_NO_CIPHER;
do_extensions: /* completely ignore compression */
PARANOIA_CHECK(pkt_size, offset); do_compression:
offset += cs_len;
id_len = buf[offset++];
offset += id_len;
PARANOIA_CHECK(pkt_size, offset + id_len);
/* extension size */
id_len = buf[offset++] << 8;
id_len += buf[offset++];
PARANOIA_CHECK(pkt_size, offset + id_len);
// Check for extensions from the client - only the signature algorithm
// is supported
while (offset < pkt_size)
{
int ext = buf[offset++] << 8;
ext += buf[offset++];
int ext_len = buf[offset++] << 8;
ext_len += buf[offset++];
PARANOIA_CHECK(pkt_size, offset + ext_len);
if (ext == SIG_ALG_EXTENSION)
{
while (ext_len > 0)
{
uint8_t hash_alg = buf[offset++];
uint8_t sig_alg = buf[offset++];
ext_len -= 2;
if (sig_alg == SIG_ALG_RSA &&
(hash_alg == SIG_ALG_SHA1 ||
hash_alg == SIG_ALG_SHA256 ||
hash_alg == SIG_ALG_SHA384 ||
hash_alg == SIG_ALG_SHA512))
{
ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
}
}
}
else
{
offset += ext_len;
}
}
/* default is RSA/SHA1 */
if (ssl->num_sig_algs == 0)
{
ssl->sig_algs[ssl->num_sig_algs++] = SIG_ALG_SHA1;
}
error: error:
return ret; return ret;
@ -355,7 +409,16 @@ error:
} }
#ifdef CONFIG_SSL_CERT_VERIFICATION #ifdef CONFIG_SSL_CERT_VERIFICATION
static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 }; static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0,
0, 0x0e,
1, 1, // rsa sign
0x00, 0x08,
SIG_ALG_SHA256, SIG_ALG_RSA,
SIG_ALG_SHA512, SIG_ALG_RSA,
SIG_ALG_SHA384, SIG_ALG_RSA,
SIG_ALG_SHA1, SIG_ALG_RSA,
0, 0
};
/* /*
* Send the certificate request message. * Send the certificate request message.
@ -378,28 +441,47 @@ static int process_cert_verify(SSL *ssl)
uint8_t dgst[128]; uint8_t dgst[128];
X509_CTX *x509_ctx = ssl->x509_ctx; X509_CTX *x509_ctx = ssl->x509_ctx;
int ret = SSL_OK; int ret = SSL_OK;
int offset = 6;
uint8_t hash_alg;
uint8_t sig_alg;
int rsa_len;
int n; int n;
PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6);
DISPLAY_RSA(ssl, x509_ctx->rsa_ctx); DISPLAY_RSA(ssl, x509_ctx->rsa_ctx);
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
{
hash_alg = buf[4];
sig_alg = buf[5];
offset = 8;
rsa_len = (buf[6] << 8) + buf[7];
}
else
{
rsa_len = (buf[4] << 8) + buf[5];
}
PARANOIA_CHECK(pkt_size, offset + rsa_len);
/* rsa_ctx->bi_ctx is not thread-safe */ /* rsa_ctx->bi_ctx is not thread-safe */
SSL_CTX_LOCK(ssl->ssl_ctx->mutex); SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, sizeof(dgst_buf), 0); n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[offset], dgst_buf,
sizeof(dgst_buf), 0);
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex); SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2 if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
{ {
if (n != SHA256_SIZE) if (memcmp(dgst_buf, g_asn1_sha256, sizeof(g_asn1_sha256)))
{ {
ret = SSL_ERROR_INVALID_KEY; ret = SSL_ERROR_INVALID_KEY;
goto end_cert_vfy; goto error;
} }
finished_digest(ssl, NULL, dgst); /* calculate the digest */ finished_digest(ssl, NULL, dgst); /* calculate the digest */
if (memcmp(dgst_buf, dgst, SHA256_SIZE)) if (memcmp(&dgst_buf[sizeof(g_asn1_sha256)], dgst, SHA256_SIZE))
{ {
ret = SSL_ERROR_INVALID_KEY; ret = SSL_ERROR_INVALID_KEY;
goto error;
} }
} }
else // TLS1.0/1.1 else // TLS1.0/1.1

3
ssl/x509.c
View File

@ -524,9 +524,6 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
printf("Sig Type:\t\t\t"); printf("Sig Type:\t\t\t");
switch (cert->sig_type) switch (cert->sig_type)
{ {
case SIG_TYPE_MD2:
printf("MD2\n");
break;
case SIG_TYPE_MD5: case SIG_TYPE_MD5:
printf("MD5\n"); printf("MD5\n");
break; break;