| OLD | NEW |
| 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
| 2 /* | 2 /* |
| 3 * SSL3 Protocol | 3 * SSL3 Protocol |
| 4 * | 4 * |
| 5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
| 6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 8 | 8 |
| 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
| 10 | 10 |
| (...skipping 7576 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 7587 } | 7587 } |
| 7588 } | 7588 } |
| 7589 | 7589 |
| 7590 rv = ssl3_SendFinished(ss, 0); | 7590 rv = ssl3_SendFinished(ss, 0); |
| 7591 if (rv != SECSuccess) { | 7591 if (rv != SECSuccess) { |
| 7592 goto loser; /* err code was set. */ | 7592 goto loser; /* err code was set. */ |
| 7593 } | 7593 } |
| 7594 | 7594 |
| 7595 ssl_ReleaseXmitBufLock(ss); /*******************************/ | 7595 ssl_ReleaseXmitBufLock(ss); /*******************************/ |
| 7596 | 7596 |
| 7597 if (!ss->ssl3.hs.isResuming && |
| 7598 ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) { |
| 7599 /* If we are negotiating ChannelID on a full handshake then we record |
| 7600 * the handshake hashes in |sid| at this point. They will be needed in |
| 7601 * the event that we resume this session and use ChannelID on the |
| 7602 * resumption handshake. */ |
| 7603 SSL3Hashes hashes; |
| 7604 SECItem *originalHandshakeHash = |
| 7605 &ss->sec.ci.sid->u.ssl3.originalHandshakeHash; |
| 7606 PORT_Assert(ss->sec.ci.sid->cached == never_cached); |
| 7607 |
| 7608 ssl_GetSpecReadLock(ss); |
| 7609 PORT_Assert(ss->version > SSL_LIBRARY_VERSION_3_0); |
| 7610 rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0); |
| 7611 ssl_ReleaseSpecReadLock(ss); |
| 7612 if (rv != SECSuccess) { |
| 7613 return rv; |
| 7614 } |
| 7615 |
| 7616 PORT_Assert(originalHandshakeHash->len == 0); |
| 7617 originalHandshakeHash->data = PORT_Alloc(hashes.len); |
| 7618 if (!originalHandshakeHash->data) |
| 7619 return SECFailure; |
| 7620 originalHandshakeHash->len = hashes.len; |
| 7621 memcpy(originalHandshakeHash->data, hashes.u.raw, hashes.len); |
| 7622 } |
| 7623 |
| 7597 if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) | 7624 if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) |
| 7598 ss->ssl3.hs.ws = wait_new_session_ticket; | 7625 ss->ssl3.hs.ws = wait_new_session_ticket; |
| 7599 else | 7626 else |
| 7600 ss->ssl3.hs.ws = wait_change_cipher; | 7627 ss->ssl3.hs.ws = wait_change_cipher; |
| 7601 | 7628 |
| 7602 if (ss->handshakeCallback && | 7629 if (ss->handshakeCallback && |
| 7603 (ss->ssl3.hs.canFalseStart && !ss->canFalseStartCallback)) { | 7630 (ss->ssl3.hs.canFalseStart && !ss->canFalseStartCallback)) { |
| 7604 /* Call the handshake callback here for backwards compatibility with | 7631 /* Call the handshake callback here for backwards compatibility with |
| 7605 * applications that were using false start before | 7632 * applications that were using false start before |
| 7606 * canFalseStartCallback was added. Note that we do this after calling | 7633 * canFalseStartCallback was added. Note that we do this after calling |
| (...skipping 2976 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10583 return; | 10610 return; |
| 10584 } | 10611 } |
| 10585 | 10612 |
| 10586 /* called from ssl3_SendClientSecondRound | 10613 /* called from ssl3_SendClientSecondRound |
| 10587 * ssl3_HandleFinished | 10614 * ssl3_HandleFinished |
| 10588 */ | 10615 */ |
| 10589 static SECStatus | 10616 static SECStatus |
| 10590 ssl3_SendEncryptedExtensions(sslSocket *ss) | 10617 ssl3_SendEncryptedExtensions(sslSocket *ss) |
| 10591 { | 10618 { |
| 10592 static const char CHANNEL_ID_MAGIC[] = "TLS Channel ID signature"; | 10619 static const char CHANNEL_ID_MAGIC[] = "TLS Channel ID signature"; |
| 10620 static const char CHANNEL_ID_RESUMPTION_MAGIC[] = "Resumption"; |
| 10593 /* This is the ASN.1 prefix for a P-256 public key. Specifically it's: | 10621 /* This is the ASN.1 prefix for a P-256 public key. Specifically it's: |
| 10594 * SEQUENCE | 10622 * SEQUENCE |
| 10595 * SEQUENCE | 10623 * SEQUENCE |
| 10596 * OID id-ecPublicKey | 10624 * OID id-ecPublicKey |
| 10597 * OID prime256v1 | 10625 * OID prime256v1 |
| 10598 * BIT STRING, length 66, 0 trailing bits: 0x04 | 10626 * BIT STRING, length 66, 0 trailing bits: 0x04 |
| 10599 * | 10627 * |
| 10600 * The 0x04 in the BIT STRING is the prefix for an uncompressed, X9.62 | 10628 * The 0x04 in the BIT STRING is the prefix for an uncompressed, X9.62 |
| 10601 * public key. Following that are the two field elements as 32-byte, | 10629 * public key. Following that are the two field elements as 32-byte, |
| 10602 * big-endian numbers, as required by the Channel ID. */ | 10630 * big-endian numbers, as required by the Channel ID. */ |
| 10603 static const unsigned char P256_SPKI_PREFIX[] = { | 10631 static const unsigned char P256_SPKI_PREFIX[] = { |
| 10604 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, | 10632 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, |
| 10605 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, | 10633 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, |
| 10606 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, | 10634 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, |
| 10607 0x42, 0x00, 0x04 | 10635 0x42, 0x00, 0x04 |
| 10608 }; | 10636 }; |
| 10609 /* ChannelIDs are always 128 bytes long: 64 bytes of P-256 public key and 64 | 10637 /* ChannelIDs are always 128 bytes long: 64 bytes of P-256 public key and 64 |
| 10610 * bytes of ECDSA signature. */ | 10638 * bytes of ECDSA signature. */ |
| 10611 static const int CHANNEL_ID_PUBLIC_KEY_LENGTH = 64; | 10639 static const int CHANNEL_ID_PUBLIC_KEY_LENGTH = 64; |
| 10612 static const int CHANNEL_ID_LENGTH = 128; | 10640 static const int CHANNEL_ID_LENGTH = 128; |
| 10613 | 10641 |
| 10614 SECStatus rv = SECFailure; | 10642 SECStatus rv = SECFailure; |
| 10615 SECItem *spki = NULL; | 10643 SECItem *spki = NULL; |
| 10616 SSL3Hashes hashes; | 10644 SSL3Hashes hashes; |
| 10617 const unsigned char *pub_bytes; | 10645 const unsigned char *pub_bytes; |
| 10618 unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + sizeof(SSL3Hashes)]; | 10646 unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + |
| 10647 sizeof(CHANNEL_ID_RESUMPTION_MAGIC) + |
| 10648 sizeof(SSL3Hashes)*2]; |
| 10649 size_t signed_data_len; |
| 10619 unsigned char digest[SHA256_LENGTH]; | 10650 unsigned char digest[SHA256_LENGTH]; |
| 10620 SECItem digest_item; | 10651 SECItem digest_item; |
| 10621 unsigned char signature[64]; | 10652 unsigned char signature[64]; |
| 10622 SECItem signature_item; | 10653 SECItem signature_item; |
| 10623 | 10654 |
| 10624 PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); | 10655 PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
| 10625 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 10656 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
| 10626 | 10657 |
| 10627 if (ss->ssl3.channelID == NULL) | 10658 if (ss->ssl3.channelID == NULL) |
| 10628 return SECSuccess; | 10659 return SECSuccess; |
| (...skipping 29 matching lines...) Expand all Loading... |
| 10658 | 10689 |
| 10659 if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH || | 10690 if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH || |
| 10660 memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX) != 0)) { | 10691 memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX) != 0)) { |
| 10661 PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); | 10692 PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); |
| 10662 rv = SECFailure; | 10693 rv = SECFailure; |
| 10663 goto loser; | 10694 goto loser; |
| 10664 } | 10695 } |
| 10665 | 10696 |
| 10666 pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX); | 10697 pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX); |
| 10667 | 10698 |
| 10668 memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC)); | 10699 signed_data_len = 0; |
| 10669 memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), hashes.u.raw, hashes.len); | 10700 memcpy(signed_data + signed_data_len, CHANNEL_ID_MAGIC, |
| 10701 sizeof(CHANNEL_ID_MAGIC)); |
| 10702 signed_data_len += sizeof(CHANNEL_ID_MAGIC); |
| 10703 if (ss->ssl3.hs.isResuming) { |
| 10704 SECItem *originalHandshakeHash = |
| 10705 &ss->sec.ci.sid->u.ssl3.originalHandshakeHash; |
| 10706 PORT_Assert(originalHandshakeHash->len > 0); |
| 10670 | 10707 |
| 10671 rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, | 10708 memcpy(signed_data + signed_data_len, CHANNEL_ID_RESUMPTION_MAGIC, |
| 10672 » » sizeof(CHANNEL_ID_MAGIC) + hashes.len); | 10709 sizeof(CHANNEL_ID_RESUMPTION_MAGIC)); |
| 10710 signed_data_len += sizeof(CHANNEL_ID_RESUMPTION_MAGIC); |
| 10711 memcpy(signed_data + signed_data_len, originalHandshakeHash->data, |
| 10712 originalHandshakeHash->len); |
| 10713 signed_data_len += originalHandshakeHash->len; |
| 10714 } |
| 10715 memcpy(signed_data + signed_data_len, hashes.u.raw, hashes.len); |
| 10716 signed_data_len += hashes.len; |
| 10717 |
| 10718 rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, signed_data_len); |
| 10673 if (rv != SECSuccess) | 10719 if (rv != SECSuccess) |
| 10674 goto loser; | 10720 goto loser; |
| 10675 | 10721 |
| 10676 digest_item.data = digest; | 10722 digest_item.data = digest; |
| 10677 digest_item.len = sizeof(digest); | 10723 digest_item.len = sizeof(digest); |
| 10678 | 10724 |
| 10679 signature_item.data = signature; | 10725 signature_item.data = signature; |
| 10680 signature_item.len = sizeof(signature); | 10726 signature_item.len = sizeof(signature); |
| 10681 | 10727 |
| 10682 rv = PK11_Sign(ss->ssl3.channelID, &signature_item, &digest_item); | 10728 rv = PK11_Sign(ss->ssl3.channelID, &signature_item, &digest_item); |
| (...skipping 1907 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 12590 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12636 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
| 12591 } | 12637 } |
| 12592 } | 12638 } |
| 12593 | 12639 |
| 12594 ss->ssl3.initialized = PR_FALSE; | 12640 ss->ssl3.initialized = PR_FALSE; |
| 12595 | 12641 |
| 12596 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12642 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
| 12597 } | 12643 } |
| 12598 | 12644 |
| 12599 /* End of ssl3con.c */ | 12645 /* End of ssl3con.c */ |
| OLD | NEW |