/*
* Do the handshaking from the beginning.
*/
int ICACHE_FLASH_ATTR do_client_connect(SSL *ssl)
{
int ret = SSL_OK;
send_client_hello(ssl); /* send the client hello */
ssl->bm_read_index = 0;
ssl->next_state = HS_SERVER_HELLO;
ssl->hs_status = SSL_NOT_OK; /* not connected */
/* sit in a loop until it all looks good */
if (!IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS))
{
while (ssl->hs_status != SSL_OK)
{
// esp_ssl_sleep(100);
ret = ssl_read(ssl, NULL);
ssl_printf("%s %d %d\n", __func__, __LINE__,ret);
if (ret < SSL_OK)
break;
}
ssl->hs_status = ret; /* connected? */
}
return ret;
}
/*
* Do the handshaking from the beginning.
*/
int do_client_connect(SSL *ssl)
{
int ret = SSL_OK;
send_client_hello(ssl); /* send the client hello */
ssl->bm_read_index = 0;
ssl->next_state = HS_SERVER_HELLO;
ssl->hs_status = SSL_NOT_OK; /* not connected */
/* sit in a loop until it all looks good */
if (!IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS))
{
while (ssl->hs_status != SSL_OK)
{
ret = ssl_read(ssl, NULL);
if (ret < SSL_OK)
break;
}
ssl->hs_status = ret; /* connected? */
}
return ret;
}
/**
* Negotiate TLS parameters on an already-established socket.
*/
int tls_connect( int connection,
TLSParameters *parameters )
{
init_parameters( parameters );
new_md5_digest( ¶meters->md5_handshake_digest );
new_sha1_digest( ¶meters->sha1_handshake_digest );
// Step 1. Send the TLS handshake "client hello" message
if ( send_client_hello( connection, parameters ) < 0 )
{
perror( "Unable to send client hello" );
return 1;
}
// Step 2. Receive the server hello response
parameters->server_hello_done = 0;
while ( !parameters->server_hello_done )
{
if ( receive_tls_msg( connection, NULL, 0, parameters ) < 0 )
{
perror( "Unable to receive server hello" );
return 2;
}
}
// Step 3. Send client key exchange, change cipher spec (7.1) and encrypted
// handshake message
if ( !( send_client_key_exchange( connection, parameters ) ) )
{
perror( "Unable to send client key exchange" );
return 3;
}
if ( !( send_change_cipher_spec( connection, parameters ) ) )
{
perror( "Unable to send client change cipher spec" );
return 4;
}
// This message will be encrypted using the newly negotiated keys
if ( !( send_finished( connection, parameters ) ) )
{
perror( "Unable to send client finished" );
return 5;
}
parameters->server_finished = 0;
while ( !parameters->server_finished )
{
if ( receive_tls_msg( connection, NULL, 0, parameters ) < 0 )
{
perror( "Unable to receive server finished" );
return 6;
}
}
return 0;
}
void TLSClient_Impl::progress_conversation()
{
try
{
bool should_continue;
do
{
should_continue = false;
switch (conversation_state)
{
case cl_tls_state_send_client_hello:
should_continue = send_client_hello();
break;
case cl_tls_state_receive_server_hello:
break;
case cl_tls_state_receive_certificate:
break;
//FIXME: Implement "7.4.3. Server key exchange message"
case cl_tls_state_receive_server_hello_done:
break;
// FIXME: Should be send a "client certificate message" ?
case cl_tls_state_send_client_key_exchange:
should_continue = send_client_key_exchange();
break;
case cl_tls_state_send_change_cipher_spec:
should_continue = send_change_cipher_spec();
break;
case cl_tls_state_send_finished:
should_continue = send_finished();
break;
case cl_tls_state_receive_change_cipher_spec:
break;
case cl_tls_state_receive_finished:
break;
case cl_tls_state_connected:
should_continue = send_application_data();
break;
case cl_tls_state_error:
return; // TBD: Should we rather throw an exception when the conversation is in error state?
default:
throw Exception("Unknown TLSClient conversation state");
}
if (receive_record())
should_continue = true;
} while (should_continue);
}
catch (...)
{
conversation_state = cl_tls_state_error;
throw;
}
}
static void handle_new_client()
{
int fd = do_accept(qrexec_daemon_unix_socket_fd);
if (fd >= MAX_CLIENTS) {
fprintf(stderr, "too many clients ?\n");
exit(1);
}
if (send_client_hello(fd) < 0) {
close(fd);
clients[fd].state = CLIENT_INVALID;
return;
}
clients[fd].state = CLIENT_HELLO;
if (fd > max_client_fd)
max_client_fd = fd;
}
