/*
* Some browsers use a hybrid SSLv2 "client hello"
*/
int process_sslv23_client_hello(SSL *ssl) {
uint8_t *buf = ssl->bm_data;
int bytes_needed = ((buf[0] & 0x7f) << 8) + buf[1];
int ret = SSL_OK;
/* we have already read 3 extra bytes so far */
// int read_len = SOCKET_READ(ssl->client_fd, buf, bytes_needed-3);
int read_len = pbuf_copy_partial(ssl->ssl_pbuf, buf, bytes_needed - 3, 0);
int cs_len = buf[1];
int id_len = buf[3];
int ch_len = buf[5];
int i, j, offset = 8; /* start at first cipher */
int random_offset = 0;
DISPLAY_BYTES(ssl, "received %d bytes", buf, read_len, read_len);
add_packet(ssl, buf, read_len);
/* connection has gone, so die */
if (bytes_needed < 0) {
return SSL_ERROR_CONN_LOST;
}
/* now work out what cipher suite we are going to use */
for (j = 0; j < NUM_PROTOCOLS; j++) {
for (i = 0; i < cs_len; i += 3) {
if (ssl_prot_prefs[j] == buf[offset + i]) {
ssl->cipher = ssl_prot_prefs[j];
goto server_hello;
}
}
}
/* ouch! protocol is not supported */
ret = SSL_ERROR_NO_CIPHER;
goto error;
server_hello:
/* get the session id */
offset += cs_len - 2; /* we've gone 2 bytes past the end */
#ifndef CONFIG_SSL_SKELETON_MODE
ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
#endif
/* get the client random data */
offset += id_len;
/* random can be anywhere between 16 and 32 bytes long - so it is padded
* with 0's to the left */
if (ch_len == 0x10) {
random_offset += 0x10;
}
memcpy(&ssl->dc->client_random[random_offset], &buf[offset], ch_len);
ret = send_server_hello_sequence(ssl);
error:
return ret;
}
/*
* Process a client hello message.
*/
static int process_client_hello(SSL *ssl)
{
uint8_t *buf = ssl->bm_data;
uint8_t *record_buf = ssl->hmac_header;
int pkt_size = ssl->bm_index;
int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
int version = (record_buf[1] << 4) + record_buf[2];
int ret = SSL_OK;
/* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
if (version < 0x31)
{
ret = SSL_ERROR_INVALID_VERSION;
ssl_display_error(ret);
goto error;
}
memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
/* process the session id */
id_len = buf[offset++];
if (id_len > SSL_SESSION_ID_SIZE)
{
return SSL_ERROR_INVALID_SESSION;
}
#ifndef CONFIG_SSL_SKELETON_MODE
ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
#endif
offset += id_len;
cs_len = (buf[offset]<<8) + buf[offset+1];
offset += 3; /* add 1 due to all cipher suites being 8 bit */
PARANOIA_CHECK(pkt_size, offset);
/* work out what cipher suite we are going to use */
for (j = 0; j < NUM_PROTOCOLS; j++)
{
for (i = 0; i < cs_len; i += 2)
{
if (ssl_prot_prefs[j] == buf[offset+i]) /* got a match? */
{
ssl->cipher = ssl_prot_prefs[j];
goto do_state;
}
}
}
/* ouch! protocol is not supported */
ret = SSL_ERROR_NO_CIPHER;
do_state:
error:
return ret;
}
/*
* Process a client hello message.
*/
static int ICACHE_FLASH_ATTR process_client_hello(SSL *ssl) {
uint8_t *buf = ssl->bm_data;
uint8_t *record_buf = ssl->hmac_header;
int pkt_size = ssl->bm_index;
int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
int ret = SSL_OK;
uint8_t version = (buf[4] << 4) + buf[5];
ssl->version = ssl->client_version = version;
if (version > SSL_PROTOCOL_VERSION_MAX) {
/* use client's version instead */
ssl->version = SSL_PROTOCOL_VERSION_MAX;
} else if (version < SSL_PROTOCOL_MIN_VERSION) { /* old version supported? */
ret = SSL_ERROR_INVALID_VERSION;
//ssl_display_error(ret);
goto error;
}
os_memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
/* process the session id */
id_len = buf[offset++];
if (id_len > SSL_SESSION_ID_SIZE) {
return SSL_ERROR_INVALID_SESSION;
}
#ifndef CONFIG_SSL_SKELETON_MODE
ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
#endif
offset += id_len;
cs_len = (buf[offset] << 8) + buf[offset + 1];
offset += 2; /* add 1 due to all cipher suites being 8 bit */
PARANOIA_CHECK(pkt_size, offset);
/* work out what cipher suite we are going to use - client defines
the preference */
for (i = 0; i < cs_len; i += 2) {
for (j = 0; j < NUM_PROTOCOLS; j++) {
if (ssl_prot_prefs[j] == ((buf[offset + i] << 8) + buf[offset + i + 1])) { /* got a match? */
ssl->cipher = ssl_prot_prefs[j];
goto do_state;
}
}
}
/* ouch! protocol is not supported */
ret = SSL_ERROR_NO_CIPHER;
do_state:
error:
return ret;
}
/*
* Process the server hello.
*/
static int ICACHE_FLASH_ATTR process_server_hello(SSL *ssl)
{
uint8_t *buf = ssl->bm_data;
int pkt_size = ssl->bm_index;
int num_sessions = ssl->ssl_ctx->num_sessions;
uint8_t sess_id_size;
int offset, ret = SSL_OK;
/* check that we are talking to a TLSv1 server */
uint8_t version = (buf[4] << 4) + buf[5];
if (version > SSL_PROTOCOL_VERSION_MAX)
{
version = SSL_PROTOCOL_VERSION_MAX;
}
else if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
{
ret = SSL_ERROR_INVALID_VERSION;
//ssl_display_error(ret);
goto error;
}
ssl->version = version;
/* get the server random value */
memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
sess_id_size = buf[offset++];
if (sess_id_size > SSL_SESSION_ID_SIZE)
{
ret = SSL_ERROR_INVALID_SESSION;
goto error;
}
if (num_sessions)
{
ssl->session = ssl_session_update(num_sessions,
ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
memcpy(ssl->session->session_id, &buf[offset], sess_id_size);
/* pad the rest with 0's */
if (sess_id_size < SSL_SESSION_ID_SIZE)
{
memset(&ssl->session->session_id[sess_id_size], 0,
SSL_SESSION_ID_SIZE-sess_id_size);
}
}
memcpy(ssl->session_id, &buf[offset], sess_id_size);
ssl->sess_id_size = sess_id_size;
offset += sess_id_size;
/* get the real cipher we are using */
ssl->cipher = buf[++offset];
ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ?
HS_FINISHED : HS_CERTIFICATE;
offset++; // skip the compr
PARANOIA_CHECK(pkt_size, offset);
ssl->dc->bm_proc_index = offset+1;
error:
return ret;
}
/*
* Process a client hello message.
*/
static int process_client_hello(SSL *ssl)
{
uint8_t *buf = ssl->bm_data;
int pkt_size = ssl->bm_index;
int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
int ret = SSL_OK;
uint8_t version = (buf[4] << 4) + buf[5];
ssl->version = ssl->client_version = version;
if (version > SSL_PROTOCOL_VERSION_MAX)
{
/* use client's version instead */
ssl->version = SSL_PROTOCOL_VERSION_MAX;
}
else if (version < SSL_PROTOCOL_MIN_VERSION) /* old version supported? */
{
ret = SSL_ERROR_INVALID_VERSION;
#ifdef CONFIG_SSL_DIAGNOSTICS
ssl_display_error(ret);
#endif
goto error;
}
memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
/* process the session id */
id_len = buf[offset++];
if (id_len > SSL_SESSION_ID_SIZE)
{
return SSL_ERROR_INVALID_SESSION;
}
#ifndef CONFIG_SSL_SKELETON_MODE
ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
#endif
offset += id_len;
cs_len = (buf[offset]<<8) + buf[offset+1];
offset += 3; /* add 1 due to all cipher suites being 8 bit */
PARANOIA_CHECK(pkt_size, offset + cs_len);
/* work out what cipher suite we are going to use - client defines
the preference */
for (i = 0; i < cs_len; i += 2)
{
for (j = 0; j < NUM_PROTOCOLS; j++)
{
if (ssl_prot_prefs[j] == buf[offset+i]) /* got a match? */
{
ssl->cipher = ssl_prot_prefs[j];
goto do_compression;
}
}
}
/* ouch! protocol is not supported */
return SSL_ERROR_NO_CIPHER;
/* completely ignore compression */
do_compression:
offset += cs_len;
id_len = buf[offset++];
offset += id_len;
PARANOIA_CHECK(pkt_size, offset + id_len);
if (offset == pkt_size)
{
/* no extensions */
goto error;
}
/* extension size */
id_len = buf[offset++] << 8;
id_len += buf[offset++];
PARANOIA_CHECK(pkt_size, offset + id_len);
// Check for extensions from the client - only the signature algorithm
// is supported
while (offset < pkt_size)
{
int ext = buf[offset++] << 8;
ext += buf[offset++];
int ext_len = buf[offset++] << 8;
ext_len += buf[offset++];
PARANOIA_CHECK(pkt_size, offset + ext_len);
if (ext == SSL_EXT_SIG_ALG)
{
while (ext_len > 0)
{
uint8_t hash_alg = buf[offset++];
uint8_t sig_alg = buf[offset++];
ext_len -= 2;
if (sig_alg == SIG_ALG_RSA &&
(hash_alg == SIG_ALG_SHA1 ||
hash_alg == SIG_ALG_SHA256 ||
hash_alg == SIG_ALG_SHA384 ||
hash_alg == SIG_ALG_SHA512))
{
ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
}
}
}
else
{
offset += ext_len;
}
}
/* default is RSA/SHA1 */
if (ssl->num_sig_algs == 0)
{
ssl->sig_algs[ssl->num_sig_algs++] = SIG_ALG_SHA1;
}
error:
return ret;
}
