void wtls_pdu_destroy(wtls_PDU *pdu) {
if (pdu == NULL)
return;
switch (pdu->type) {
case ChangeCipher_PDU:
/* no memory was allocated for ChangeCipher_PDU */
break;
case Alert_PDU:
octstr_destroy(pdu->u.alert.chksum );
break;
case Handshake_PDU:
switch (pdu->u.handshake.msg_type) {
case hello_request:
break;
case client_hello:
destroy_random(pdu->u.handshake.client_hello->random);
octstr_destroy(pdu->u.handshake.client_hello->session_id);
destroy_key_list(pdu->u.handshake.client_hello->client_key_ids);
destroy_key_list(pdu->u.handshake.client_hello->trusted_key_ids);
destroy_ciphersuite_list(pdu->u.handshake.client_hello->ciphersuites);
destroy_compression_method_list(pdu->u.handshake.client_hello->comp_methods);
/* destroy the client_hello struct */
gw_free(pdu->u.handshake.client_hello);
break;
case server_hello:
destroy_random(pdu->u.handshake.server_hello->random);
octstr_destroy(pdu->u.handshake.server_hello->session_id);
/* destroy the server_hello struct */
gw_free(pdu->u.handshake.server_hello);
break;
case certificate:
switch (pdu->u.handshake.certificate->certificateformat) {
case WTLSCert:
destroy_wtls_certificate(pdu->u.handshake.certificate->wtls_certificate);
break;
case X509Cert:
octstr_destroy(pdu->u.handshake.certificate->x509_certificate);
break;
case X968Cert:
octstr_destroy(pdu->u.handshake.certificate->x968_certificate);
break;
}
gw_free(pdu->u.handshake.certificate);
break;
case server_key_exchange:
destroy_param_spec(pdu->u.handshake.server_key_exchange->param_spec);
switch (client_key_exchange_algo) {
case rsa_anon:
destroy_rsa_pubkey(pdu->u.handshake.server_key_exchange->rsa_params);
break;
case dh_anon:
destroy_dh_pubkey(pdu->u.handshake.server_key_exchange->dh_params);
break;
case ecdh_anon:
destroy_ec_pubkey(pdu->u.handshake.server_key_exchange->ecdh_params);
break;
}
gw_free(pdu->u.handshake.server_key_exchange);
break;
case client_key_exchange:
switch (client_key_exchange_algo) {
case rsa:
case rsa_anon:
destroy_rsa_encrypted_secret(pdu->u.handshake.client_key_exchange->rsa_params);
break;
case dh_anon:
destroy_dh_pubkey(pdu->u.handshake.client_key_exchange->dh_anon_params);
break;
case ecdh_anon:
case ecdh_ecdsa:
destroy_ec_pubkey(pdu->u.handshake.client_key_exchange->ecdh_params);
break;
}
gw_free(pdu->u.handshake.client_key_exchange);
break;
case server_hello_done:
/* nothing to do here */
break;
}
break;
case Application_PDU:
octstr_destroy(pdu->u.application.data);
break;
}
gw_free(pdu);
}
static void exchange_keys(WAPEvent * event, WTLSMachine * wtls_machine)
{
RSAPublicKey *public_key = NULL;
Octstr *checking_data = NULL;
/* The Wap PDUs we have to dispatch */
wtls_PDU *changeCipherSpecPDU;
wtls_PDU *finishedPDU;
/* The PDUs we have to process */
wtls_Payload *tempPayload;
wtls_PDU *clientKeyXchgPDU;
wtls_PDU *changeCipherSpec_incoming_PDU;
wtls_PDU *finished_incoming_PDU;
/* For decrypting/encrypting data */
Octstr *concatenatedRandoms = NULL;
Octstr *encryptedData = NULL;
Octstr *decryptedData = NULL;
Octstr *labelVerify = NULL;
Octstr *labelMaster = NULL;
/* Process the incoming event : ClientKeyExchange */
tempPayload =
(wtls_Payload *) gwlist_search(event->u.T_Unitdata_Ind.pdu_list,
(void *)client_key_exchange,
match_handshake_type);
if (!tempPayload) {
error(0, "Missing client_key_exchange. Aborting...");
fatalAlert(event, unexpected_message);
return;
}
/* Keep the data so we can send it back */
octstr_insert(wtls_machine->handshake_data, tempPayload->data,
octstr_len(wtls_machine->handshake_data));
clientKeyXchgPDU = wtls_pdu_unpack(tempPayload, wtls_machine);
wtls_pdu_dump(clientKeyXchgPDU, 0);
/* Decrypt the client key exchange PDU */
encryptedData =
clientKeyXchgPDU->u.handshake.client_key_exchange->rsa_params->
encrypted_secret;
decryptedData =
wtls_decrypt_key(wtls_machine->key_algorithm, encryptedData);
if (!decryptedData) {
error(0,
"Key Exchange failed. Couldn't decrypt client's secret (%d)."
" Aborting...", wtls_machine->key_algorithm);
wtls_pdu_destroy(clientKeyXchgPDU);
fatalAlert(event, decryption_failed);
return;
}
public_key = wtls_get_rsapublickey();
pack_int16(decryptedData, octstr_len(decryptedData),
octstr_len(public_key->rsa_exponent));
octstr_insert(decryptedData, public_key->rsa_exponent,
octstr_len(decryptedData));
pack_int16(decryptedData, octstr_len(decryptedData),
octstr_len(public_key->rsa_modulus));
octstr_insert(decryptedData, public_key->rsa_modulus,
octstr_len(decryptedData));
/* Concatenate our random data */
concatenatedRandoms = octstr_cat(wtls_machine->client_random,
wtls_machine->server_random);
/* Generate our master secret */
labelMaster = octstr_create("master secret");
wtls_machine->master_secret = wtls_calculate_prf(decryptedData,
labelMaster,
concatenatedRandoms,
20, wtls_machine);
/* Process the incoming event : ChangeCipherSpec */
tempPayload =
(wtls_Payload *) gwlist_search(event->u.T_Unitdata_Ind.pdu_list,
(void *)ChangeCipher_PDU,
match_pdu_type);
if (!tempPayload) {
error(0, "Missing change_cipher. Aborting...");
octstr_destroy(labelMaster);
octstr_destroy(concatenatedRandoms);
destroy_rsa_pubkey(public_key);
octstr_destroy(decryptedData);
octstr_destroy(encryptedData);
fatalAlert(event, unexpected_message);
return;
}
changeCipherSpec_incoming_PDU = wtls_pdu_unpack(tempPayload,
wtls_machine);
octstr_dump(wtls_machine->client_write_MAC_secret, 0);
wtls_pdu_dump(changeCipherSpec_incoming_PDU, 0);
if (changeCipherSpec_incoming_PDU->u.cc.change == 1) {
debug("wtls", 0, "Need to decrypt the PDUs from now on...");
wtls_decrypt_pdu_list(wtls_machine,
event->u.T_Unitdata_Ind.pdu_list);
}
/* Process the incoming event : Finished */
tempPayload =
(wtls_Payload *) gwlist_search(event->u.T_Unitdata_Ind.pdu_list,
(void *)finished,
match_handshake_type);
if (!tempPayload) {
error(0, "Failed to decrypt finished PDU. Aborting...");
wtls_pdu_destroy(changeCipherSpec_incoming_PDU);
octstr_destroy(labelMaster);
octstr_destroy(concatenatedRandoms);
destroy_rsa_pubkey(public_key);
octstr_destroy(decryptedData);
octstr_destroy(encryptedData);
fatalAlert(event, decrypt_error);
return;
}
finished_incoming_PDU = wtls_pdu_unpack(tempPayload, wtls_machine);
debug("wtls", 0, "Client Finished PDU:");
wtls_pdu_dump(finished_incoming_PDU, 0);
/* Check the verify_data */
labelVerify = octstr_create("client finished");
checking_data = wtls_calculate_prf(wtls_machine->master_secret,
labelVerify,
(Octstr *) wtls_hash(wtls_machine->
handshake_data,
wtls_machine),
12, wtls_machine);
if (octstr_compare
(finished_incoming_PDU->u.handshake.finished->verify_data,
checking_data) == 0) {
wtls_machine->encrypted = 1;
debug("wtls", 0, "DATA VERIFICATION OK");
}
/* Keep the data so we can send it back in the next message
* octstr_insert(wtls_machine->handshake_data, tempPayload->data,
* octstr_len(wtls_machine->handshake_data));
*/
// temporary fix
octstr_truncate(tempPayload->data, 15);
octstr_insert(wtls_machine->handshake_data, tempPayload->data,
octstr_len(wtls_machine->handshake_data));
/* Create a new PDU List containing a ChangeCipherSpec and a Finished */
changeCipherSpecPDU = wtls_pdu_create(ChangeCipher_PDU);
changeCipherSpecPDU->u.cc.change = 1;
changeCipherSpecPDU->rlen = 1;
changeCipherSpecPDU->snMode =
wtls_machine->sequence_number_mode ? 1 : 0;
/* Generate our verify data */
finishedPDU = wtls_pdu_create(Handshake_PDU);
finishedPDU->u.handshake.msg_type = finished;
finishedPDU->cipher = 1;
finishedPDU->rlen = 1;
finishedPDU->snMode = wtls_machine->sequence_number_mode ? 1 : 0;;
finishedPDU->u.handshake.finished = gw_malloc(sizeof(Finished));
octstr_destroy(labelVerify);
labelVerify = octstr_create("server finished");
finishedPDU->u.handshake.finished->verify_data = wtls_calculate_prf
(wtls_machine->master_secret, labelVerify, (Octstr *) wtls_hash
(wtls_machine->handshake_data, wtls_machine), 12, wtls_machine);
/* Reset the accumulated Handshake data */
octstr_destroy(wtls_machine->handshake_data);
wtls_machine->handshake_data = octstr_create("");
/* Add the pdus to our list */
add_pdu(wtls_machine, changeCipherSpecPDU);
add_pdu(wtls_machine, finishedPDU);
/* Send it off */
send_queuedpdus(wtls_machine);
octstr_destroy(labelMaster);
octstr_destroy(labelVerify);
octstr_destroy(decryptedData);
octstr_destroy(encryptedData);
octstr_destroy(concatenatedRandoms);
wtls_pdu_destroy(finished_incoming_PDU);
wtls_pdu_destroy(changeCipherSpec_incoming_PDU);
wtls_pdu_destroy(finishedPDU);
wtls_pdu_destroy(changeCipherSpecPDU);
octstr_destroy(checking_data);
destroy_rsa_pubkey(public_key);
}
