/* This function is to be called after handshake, when master_secret,
* client_random and server_random have been initialized.
* This function creates the keys and stores them into pending session.
* (session->cipher_specs)
*/
static int
_gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
int hash_size, int IV_size, int key_size, int export_flag)
{
/* FIXME: This function is too long
*/
opaque rnd[2 * GNUTLS_RANDOM_SIZE];
opaque rrnd[2 * GNUTLS_RANDOM_SIZE];
int pos, ret;
int block_size;
char buf[65];
/* avoid using malloc */
opaque key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE +
2 * MAX_CIPHER_BLOCK_SIZE];
record_state_st *client_write, *server_write;
client_write =
session->security_parameters.entity ==
GNUTLS_CLIENT ? ¶ms->write : ¶ms->read;
server_write =
session->security_parameters.entity ==
GNUTLS_SERVER ? ¶ms->write : ¶ms->read;
block_size = 2 * hash_size + 2 * key_size;
if (export_flag == 0)
block_size += 2 * IV_size;
memcpy (rnd, session->security_parameters.server_random,
GNUTLS_RANDOM_SIZE);
memcpy (&rnd[GNUTLS_RANDOM_SIZE],
session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
memcpy (rrnd, session->security_parameters.client_random,
GNUTLS_RANDOM_SIZE);
memcpy (&rrnd[GNUTLS_RANDOM_SIZE],
session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
if (session->security_parameters.version == GNUTLS_SSL3)
{ /* SSL 3 */
ret =
_gnutls_ssl3_generate_random
(session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd,
2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
}
else
{ /* TLS 1.0 */
ret =
_gnutls_PRF (session, session->security_parameters.master_secret,
GNUTLS_MASTER_SIZE, keyexp, keyexp_length,
rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
}
if (ret < 0)
return gnutls_assert_val (ret);
_gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size,
_gnutls_bin2hex (key_block, block_size, buf,
sizeof (buf), NULL));
pos = 0;
if (hash_size > 0)
{
if (_gnutls_sset_datum
(&client_write->mac_secret, &key_block[pos], hash_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += hash_size;
if (_gnutls_sset_datum
(&server_write->mac_secret, &key_block[pos], hash_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += hash_size;
}
if (key_size > 0)
{
opaque key1[EXPORT_FINAL_KEY_SIZE];
opaque key2[EXPORT_FINAL_KEY_SIZE];
opaque *client_write_key, *server_write_key;
int client_write_key_size, server_write_key_size;
if (export_flag == 0)
{
client_write_key = &key_block[pos];
client_write_key_size = key_size;
pos += key_size;
server_write_key = &key_block[pos];
server_write_key_size = key_size;
pos += key_size;
}
else
{ /* export */
client_write_key = key1;
server_write_key = key2;
/* generate the final keys */
if (session->security_parameters.version == GNUTLS_SSL3)
{ /* SSL 3 */
ret =
_gnutls_ssl3_hash_md5 (&key_block[pos],
key_size, rrnd,
2 * GNUTLS_RANDOM_SIZE,
EXPORT_FINAL_KEY_SIZE,
client_write_key);
}
else
{ /* TLS 1.0 */
ret =
_gnutls_PRF (session, &key_block[pos], key_size,
cliwrite, cliwrite_length,
rrnd,
2 * GNUTLS_RANDOM_SIZE,
EXPORT_FINAL_KEY_SIZE, client_write_key);
}
if (ret < 0)
return gnutls_assert_val (ret);
client_write_key_size = EXPORT_FINAL_KEY_SIZE;
pos += key_size;
if (session->security_parameters.version == GNUTLS_SSL3)
{ /* SSL 3 */
ret =
_gnutls_ssl3_hash_md5 (&key_block[pos], key_size,
rnd, 2 * GNUTLS_RANDOM_SIZE,
EXPORT_FINAL_KEY_SIZE,
server_write_key);
}
else
{ /* TLS 1.0 */
ret =
_gnutls_PRF (session, &key_block[pos], key_size,
servwrite, servwrite_length,
rrnd, 2 * GNUTLS_RANDOM_SIZE,
EXPORT_FINAL_KEY_SIZE, server_write_key);
}
if (ret < 0)
return gnutls_assert_val (ret);
server_write_key_size = EXPORT_FINAL_KEY_SIZE;
pos += key_size;
}
if (_gnutls_sset_datum
(&client_write->key, client_write_key, client_write_key_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
_gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
client_write_key_size,
_gnutls_bin2hex (client_write_key,
client_write_key_size, buf,
sizeof (buf), NULL));
if (_gnutls_sset_datum
(&server_write->key, server_write_key, server_write_key_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
_gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n",
server_write_key_size,
_gnutls_bin2hex (server_write_key,
server_write_key_size, buf,
sizeof (buf), NULL));
}
/* IV generation in export and non export ciphers.
*/
if (IV_size > 0 && export_flag == 0)
{
if (_gnutls_sset_datum
(&client_write->IV, &key_block[pos], IV_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += IV_size;
if (_gnutls_sset_datum
(&server_write->IV, &key_block[pos], IV_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += IV_size;
}
else if (IV_size > 0 && export_flag != 0)
{
opaque iv_block[MAX_CIPHER_BLOCK_SIZE * 2];
if (session->security_parameters.version == GNUTLS_SSL3)
{ /* SSL 3 */
ret = _gnutls_ssl3_hash_md5 ("", 0,
rrnd, GNUTLS_RANDOM_SIZE * 2,
IV_size, iv_block);
if (ret < 0)
return gnutls_assert_val (ret);
ret = _gnutls_ssl3_hash_md5 ("", 0, rnd,
GNUTLS_RANDOM_SIZE * 2,
IV_size, &iv_block[IV_size]);
}
else
{ /* TLS 1.0 */
ret = _gnutls_PRF (session, "", 0,
ivblock, ivblock_length, rrnd,
2 * GNUTLS_RANDOM_SIZE, IV_size * 2, iv_block);
}
if (ret < 0)
return gnutls_assert_val (ret);
if (_gnutls_sset_datum (&client_write->IV, iv_block, IV_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
if (_gnutls_sset_datum
(&server_write->IV, &iv_block[IV_size], IV_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
}
return 0;
}
/* This function is to be called after handshake, when master_secret,
* client_random and server_random have been initialized.
* This function creates the keys and stores them into pending session.
* (session->cipher_specs)
*/
int
_gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
int key_size, int export_flag)
{
/* FIXME: This function is too long
*/
opaque *key_block;
opaque rnd[2 * TLS_RANDOM_SIZE];
opaque rrnd[2 * TLS_RANDOM_SIZE];
int pos, ret;
int block_size;
char buf[65];
if (session->cipher_specs.generated_keys != 0)
{
/* keys have already been generated.
* reset generated_keys and exit normally.
*/
session->cipher_specs.generated_keys = 0;
return 0;
}
block_size = 2 * hash_size + 2 * key_size;
if (export_flag == 0)
block_size += 2 * IV_size;
key_block = gnutls_secure_malloc (block_size);
if (key_block == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
memcpy (rnd, session->security_parameters.server_random, TLS_RANDOM_SIZE);
memcpy (&rnd[TLS_RANDOM_SIZE],
session->security_parameters.client_random, TLS_RANDOM_SIZE);
memcpy (rrnd, session->security_parameters.client_random, TLS_RANDOM_SIZE);
memcpy (&rrnd[TLS_RANDOM_SIZE],
session->security_parameters.server_random, TLS_RANDOM_SIZE);
if (session->security_parameters.version == GNUTLS_SSL3)
{ /* SSL 3 */
ret =
_gnutls_ssl3_generate_random (session->
security_parameters.
master_secret,
TLS_MASTER_SIZE, rnd,
2 * TLS_RANDOM_SIZE,
block_size, key_block);
}
else
{ /* TLS 1.0 */
ret =
_gnutls_PRF (session, session->security_parameters.master_secret,
TLS_MASTER_SIZE, keyexp, keyexp_length,
rnd, 2 * TLS_RANDOM_SIZE, block_size, key_block);
}
if (ret < 0)
{
gnutls_assert ();
gnutls_free (key_block);
return ret;
}
_gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size,
_gnutls_bin2hex (key_block, block_size, buf,
sizeof (buf)));
pos = 0;
if (hash_size > 0)
{
if (_gnutls_sset_datum
(&session->cipher_specs.client_write_mac_secret,
&key_block[pos], hash_size) < 0)
{
gnutls_free (key_block);
return GNUTLS_E_MEMORY_ERROR;
}
pos += hash_size;
if (_gnutls_sset_datum
(&session->cipher_specs.server_write_mac_secret,
&key_block[pos], hash_size) < 0)
{
gnutls_free (key_block);
return GNUTLS_E_MEMORY_ERROR;
}
pos += hash_size;
}
if (key_size > 0)
{
opaque *client_write_key, *server_write_key;
int client_write_key_size, server_write_key_size;
int free_keys = 0;
if (export_flag == 0)
{
client_write_key = &key_block[pos];
client_write_key_size = key_size;
pos += key_size;
server_write_key = &key_block[pos];
server_write_key_size = key_size;
pos += key_size;
}
else
{ /* export */
free_keys = 1;
client_write_key = gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE);
if (client_write_key == NULL)
{
gnutls_assert ();
gnutls_free (key_block);
return GNUTLS_E_MEMORY_ERROR;
}
server_write_key = gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE);
if (server_write_key == NULL)
{
gnutls_assert ();
gnutls_free (key_block);
gnutls_free (client_write_key);
return GNUTLS_E_MEMORY_ERROR;
}
/* generate the final keys */
if (session->security_parameters.version == GNUTLS_SSL3)
{ /* SSL 3 */
ret =
_gnutls_ssl3_hash_md5 (&key_block[pos],
key_size, rrnd,
2 * TLS_RANDOM_SIZE,
EXPORT_FINAL_KEY_SIZE,
client_write_key);
}
else
{ /* TLS 1.0 */
ret =
_gnutls_PRF (session, &key_block[pos], key_size,
cliwrite, cliwrite_length,
rrnd,
2 * TLS_RANDOM_SIZE,
EXPORT_FINAL_KEY_SIZE, client_write_key);
}
if (ret < 0)
{
gnutls_assert ();
gnutls_free (key_block);
gnutls_free (server_write_key);
gnutls_free (client_write_key);
return ret;
}
client_write_key_size = EXPORT_FINAL_KEY_SIZE;
pos += key_size;
if (session->security_parameters.version == GNUTLS_SSL3)
{ /* SSL 3 */
ret =
_gnutls_ssl3_hash_md5 (&key_block[pos], key_size,
rnd, 2 * TLS_RANDOM_SIZE,
EXPORT_FINAL_KEY_SIZE,
server_write_key);
}
else
{ /* TLS 1.0 */
ret =
_gnutls_PRF (session, &key_block[pos], key_size,
servwrite, servwrite_length,
rrnd, 2 * TLS_RANDOM_SIZE,
EXPORT_FINAL_KEY_SIZE, server_write_key);
}
if (ret < 0)
{
gnutls_assert ();
gnutls_free (key_block);
gnutls_free (server_write_key);
gnutls_free (client_write_key);
return ret;
}
server_write_key_size = EXPORT_FINAL_KEY_SIZE;
pos += key_size;
}
if (_gnutls_sset_datum
(&session->cipher_specs.client_write_key,
client_write_key, client_write_key_size) < 0)
{
gnutls_free (key_block);
gnutls_free (server_write_key);
gnutls_free (client_write_key);
return GNUTLS_E_MEMORY_ERROR;
}
_gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
client_write_key_size,
_gnutls_bin2hex (client_write_key,
client_write_key_size, buf,
sizeof (buf)));
if (_gnutls_sset_datum
(&session->cipher_specs.server_write_key,
server_write_key, server_write_key_size) < 0)
{
gnutls_free (key_block);
gnutls_free (server_write_key);
gnutls_free (client_write_key);
return GNUTLS_E_MEMORY_ERROR;
}
_gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n",
server_write_key_size,
_gnutls_bin2hex (server_write_key,
server_write_key_size, buf,
sizeof (buf)));
if (free_keys != 0)
{
gnutls_free (server_write_key);
gnutls_free (client_write_key);
}
}
/* IV generation in export and non export ciphers.
*/
if (IV_size > 0 && export_flag == 0)
{
if (_gnutls_sset_datum
(&session->cipher_specs.client_write_IV, &key_block[pos],
IV_size) < 0)
{
gnutls_free (key_block);
return GNUTLS_E_MEMORY_ERROR;
}
pos += IV_size;
if (_gnutls_sset_datum
(&session->cipher_specs.server_write_IV, &key_block[pos],
IV_size) < 0)
{
gnutls_free (key_block);
return GNUTLS_E_MEMORY_ERROR;
}
pos += IV_size;
}
else if (IV_size > 0 && export_flag != 0)
{
opaque *iv_block = gnutls_alloca (IV_size * 2);
if (iv_block == NULL)
{
gnutls_assert ();
gnutls_free (key_block);
return GNUTLS_E_MEMORY_ERROR;
}
if (session->security_parameters.version == GNUTLS_SSL3)
{ /* SSL 3 */
ret = _gnutls_ssl3_hash_md5 ("", 0,
rrnd, TLS_RANDOM_SIZE * 2,
IV_size, iv_block);
if (ret < 0)
{
gnutls_assert ();
gnutls_free (key_block);
gnutls_afree (iv_block);
return ret;
}
ret = _gnutls_ssl3_hash_md5 ("", 0, rnd,
TLS_RANDOM_SIZE * 2,
IV_size, &iv_block[IV_size]);
}
else
{ /* TLS 1.0 */
ret = _gnutls_PRF (session, "", 0,
ivblock, ivblock_length, rrnd,
2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block);
}
if (ret < 0)
{
gnutls_assert ();
gnutls_afree (iv_block);
gnutls_free (key_block);
return ret;
}
if (_gnutls_sset_datum
(&session->cipher_specs.client_write_IV, iv_block, IV_size) < 0)
{
gnutls_afree (iv_block);
gnutls_free (key_block);
return GNUTLS_E_MEMORY_ERROR;
}
if (_gnutls_sset_datum
(&session->cipher_specs.server_write_IV,
&iv_block[IV_size], IV_size) < 0)
{
gnutls_afree (iv_block);
gnutls_free (key_block);
return GNUTLS_E_MEMORY_ERROR;
}
gnutls_afree (iv_block);
}
gnutls_free (key_block);
session->cipher_specs.generated_keys = 1;
return 0;
}
