/* Read a v2 client hello. Some browsers still use that beast!
* However they set their version to 3.0 or 3.1.
*/
int
_gnutls_read_client_hello_v2(gnutls_session_t session, uint8_t * data,
unsigned int datalen)
{
uint16_t session_id_len = 0;
int pos = 0;
int ret = 0, sret = 0;
uint16_t sizeOfSuites;
gnutls_protocol_t adv_version;
uint8_t rnd[GNUTLS_RANDOM_SIZE];
int len = datalen;
uint16_t challenge;
uint8_t session_id[GNUTLS_MAX_SESSION_ID_SIZE];
DECR_LEN(len, 2);
_gnutls_handshake_log
("HSK[%p]: SSL 2.0 Hello: Client's version: %d.%d\n", session,
data[pos], data[pos + 1]);
set_adv_version(session, data[pos], data[pos + 1]);
adv_version = _gnutls_version_get(data[pos], data[pos + 1]);
ret = _gnutls_negotiate_version(session, adv_version);
if (ret < 0) {
gnutls_assert();
return ret;
}
pos += 2;
/* Read uint16_t cipher_spec_length */
DECR_LEN(len, 2);
sizeOfSuites = _gnutls_read_uint16(&data[pos]);
pos += 2;
/* read session id length */
DECR_LEN(len, 2);
session_id_len = _gnutls_read_uint16(&data[pos]);
pos += 2;
if (session_id_len > GNUTLS_MAX_SESSION_ID_SIZE) {
gnutls_assert();
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
/* read challenge length */
DECR_LEN(len, 2);
challenge = _gnutls_read_uint16(&data[pos]);
pos += 2;
if (challenge < 16 || challenge > GNUTLS_RANDOM_SIZE) {
gnutls_assert();
return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
}
/* call the user hello callback
*/
ret = _gnutls_user_hello_func(session, adv_version);
if (ret < 0) {
if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) {
sret = GNUTLS_E_INT_RET_0;
} else {
gnutls_assert();
return ret;
}
}
/* find an appropriate cipher suite */
DECR_LEN(len, sizeOfSuites);
ret =
_gnutls_handshake_select_v2_suite(session, &data[pos],
sizeOfSuites);
pos += sizeOfSuites;
if (ret < 0) {
gnutls_assert();
return ret;
}
/* check if the credentials (username, public key etc.) are ok
*/
if (_gnutls_get_kx_cred
(session,
_gnutls_cipher_suite_get_kx_algo(session->security_parameters.
cipher_suite)) == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
/* set the mod_auth_st to the appropriate struct
* according to the KX algorithm. This is needed since all the
* handshake functions are read from there;
*/
session->internals.auth_struct =
_gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo
(session->security_parameters.
cipher_suite));
if (session->internals.auth_struct == NULL) {
_gnutls_handshake_log
("HSK[%p]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
session);
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
/* read random new values -skip session id for now */
DECR_LEN(len, session_id_len); /* skip session id for now */
memcpy(session_id, &data[pos], session_id_len);
pos += session_id_len;
DECR_LEN(len, challenge);
memset(rnd, 0, GNUTLS_RANDOM_SIZE);
memcpy(&rnd[GNUTLS_RANDOM_SIZE - challenge], &data[pos],
challenge);
ret = _gnutls_set_client_random(session, rnd);
if (ret < 0)
return gnutls_assert_val(ret);
/* generate server random value */
ret = _gnutls_set_server_random(session, NULL);
if (ret < 0)
return gnutls_assert_val(ret);
session->security_parameters.timestamp = gnutls_time(NULL);
/* RESUME SESSION */
DECR_LEN(len, session_id_len);
ret =
_gnutls_server_restore_session(session, session_id,
session_id_len);
if (ret == 0) { /* resumed! */
/* get the new random values */
memcpy(session->internals.resumed_security_parameters.
server_random,
session->security_parameters.server_random,
GNUTLS_RANDOM_SIZE);
memcpy(session->internals.resumed_security_parameters.
client_random,
session->security_parameters.client_random,
GNUTLS_RANDOM_SIZE);
session->internals.resumed = RESUME_TRUE;
return 0;
} else {
_gnutls_generate_session_id(session->security_parameters.
session_id,
&session->security_parameters.
session_id_size);
session->internals.resumed = RESUME_FALSE;
}
_gnutls_epoch_set_compression(session, EPOCH_NEXT,
GNUTLS_COMP_NULL);
session->security_parameters.compression_method = GNUTLS_COMP_NULL;
return sret;
}
/* Read a v2 client hello. Some browsers still use that beast!
* However they set their version to 3.0 or 3.1.
*/
int
_gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data,
int datalen)
{
uint16_t session_id_len = 0;
int pos = 0;
int ret = 0;
uint16_t sizeOfSuites;
gnutls_protocol_t version;
opaque rnd[TLS_RANDOM_SIZE];
int len = datalen;
int err;
uint16_t challenge;
opaque session_id[TLS_MAX_SESSION_ID_SIZE];
gnutls_protocol_t ver;
/* we only want to get here once - only in client hello */
session->internals.v2_hello = 0;
DECR_LEN (len, 2);
_gnutls_handshake_log
("HSK[%x]: SSL 2.0 Hello: Client's version: %d.%d\n", session,
data[pos], data[pos + 1]);
set_adv_version (session, data[pos], data[pos + 1]);
version = _gnutls_version_get (data[pos], data[pos + 1]);
/* if we do not support that version
*/
if (_gnutls_version_is_supported (session, version) == 0)
{
ver = _gnutls_version_lowest (session);
}
else
{
ver = version;
}
_gnutls_set_current_version (session, ver);
pos += 2;
/* Read uint16_t cipher_spec_length */
DECR_LEN (len, 2);
sizeOfSuites = _gnutls_read_uint16 (&data[pos]);
pos += 2;
/* read session id length */
DECR_LEN (len, 2);
session_id_len = _gnutls_read_uint16 (&data[pos]);
pos += 2;
if (session_id_len > TLS_MAX_SESSION_ID_SIZE)
{
gnutls_assert ();
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
/* read challenge length */
DECR_LEN (len, 2);
challenge = _gnutls_read_uint16 (&data[pos]);
pos += 2;
if (challenge < 16 || challenge > TLS_RANDOM_SIZE)
{
gnutls_assert ();
return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
}
/* find an appropriate cipher suite */
DECR_LEN (len, sizeOfSuites);
ret = _gnutls_handshake_select_v2_suite (session, &data[pos], sizeOfSuites);
pos += sizeOfSuites;
if (ret < 0)
{
gnutls_assert ();
return ret;
}
/* check if the credentials (username, public key etc.) are ok
*/
if (_gnutls_get_kx_cred
(session,
_gnutls_cipher_suite_get_kx_algo (&session->security_parameters.
current_cipher_suite),
&err) == NULL && err != 0)
{
gnutls_assert ();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
/* set the mod_auth_st to the appropriate struct
* according to the KX algorithm. This is needed since all the
* handshake functions are read from there;
*/
session->internals.auth_struct =
_gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
(&session->security_parameters.
current_cipher_suite));
if (session->internals.auth_struct == NULL)
{
_gnutls_handshake_log
("HSK[%x]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
session);
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
/* read random new values -skip session id for now */
DECR_LEN (len, session_id_len); /* skip session id for now */
memcpy (session_id, &data[pos], session_id_len);
pos += session_id_len;
DECR_LEN (len, challenge);
memset (rnd, 0, TLS_RANDOM_SIZE);
memcpy (&rnd[TLS_RANDOM_SIZE - challenge], &data[pos], challenge);
_gnutls_set_client_random (session, rnd);
/* generate server random value */
_gnutls_tls_create_random (rnd);
_gnutls_set_server_random (session, rnd);
session->security_parameters.timestamp = time (NULL);
/* RESUME SESSION */
DECR_LEN (len, session_id_len);
ret = _gnutls_server_restore_session (session, session_id, session_id_len);
if (ret == 0)
{ /* resumed! */
/* get the new random values */
memcpy (session->internals.resumed_security_parameters.
server_random, session->security_parameters.server_random,
TLS_RANDOM_SIZE);
memcpy (session->internals.resumed_security_parameters.
client_random, session->security_parameters.client_random,
TLS_RANDOM_SIZE);
session->internals.resumed = RESUME_TRUE;
return 0;
}
else
{
_gnutls_generate_session_id (session->security_parameters.
session_id,
&session->security_parameters.
session_id_size);
session->internals.resumed = RESUME_FALSE;
}
session->internals.compression_method = GNUTLS_COMP_NULL;
return 0;
}
