diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2017-01-20 14:12:10 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2017-01-20 14:12:10 +0100 |
| commit | a0aae9f71442366ec429657c437fd7dd815978fd (patch) | |
| tree | 3c9cee2b6b6191e6e310bbdb681b6ed8ddb2d509 /networking/tls.c | |
| parent | abbf17abccbf832365d9acf1c280369ba7d5f8b2 (diff) | |
| download | busybox-w32-a0aae9f71442366ec429657c437fd7dd815978fd.tar.gz busybox-w32-a0aae9f71442366ec429657c437fd7dd815978fd.tar.bz2 busybox-w32-a0aae9f71442366ec429657c437fd7dd815978fd.zip | |
tls: decode alerts and in particular, EOF alert.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking/tls.c')
| -rw-r--r-- | networking/tls.c | 292 |
1 files changed, 74 insertions, 218 deletions
diff --git a/networking/tls.c b/networking/tls.c index 71be2def8..e037eba69 100644 --- a/networking/tls.c +++ b/networking/tls.c | |||
| @@ -28,6 +28,7 @@ | |||
| 28 | #define TLS_DEBUG 1 | 28 | #define TLS_DEBUG 1 |
| 29 | #define TLS_DEBUG_HASH 1 | 29 | #define TLS_DEBUG_HASH 1 |
| 30 | #define TLS_DEBUG_DER 0 | 30 | #define TLS_DEBUG_DER 0 |
| 31 | #define TLS_DEBUG_FIXED_SECRETS 0 | ||
| 31 | 32 | ||
| 32 | #if TLS_DEBUG | 33 | #if TLS_DEBUG |
| 33 | # define dbg(...) fprintf(stderr, __VA_ARGS__) | 34 | # define dbg(...) fprintf(stderr, __VA_ARGS__) |
| @@ -152,7 +153,6 @@ | |||
| 152 | // and against wolfssl-3.9.10-stable/examples/server/server.c: | 153 | // and against wolfssl-3.9.10-stable/examples/server/server.c: |
| 153 | //#define CIPHER_ID TLS_RSA_WITH_NULL_SHA256 // for testing (does everything except encrypting) | 154 | //#define CIPHER_ID TLS_RSA_WITH_NULL_SHA256 // for testing (does everything except encrypting) |
| 154 | // works against wolfssl-3.9.10-stable/examples/server/server.c | 155 | // works against wolfssl-3.9.10-stable/examples/server/server.c |
| 155 | // (getting back and decrypt ok first application data message) | ||
| 156 | #define CIPHER_ID TLS_RSA_WITH_AES_256_CBC_SHA256 // ok, no SERVER_KEY_EXCHANGE | 156 | #define CIPHER_ID TLS_RSA_WITH_AES_256_CBC_SHA256 // ok, no SERVER_KEY_EXCHANGE |
| 157 | 157 | ||
| 158 | enum { | 158 | enum { |
| @@ -163,6 +163,8 @@ enum { | |||
| 163 | AES128_KEYSIZE = 16, | 163 | AES128_KEYSIZE = 16, |
| 164 | AES256_KEYSIZE = 32, | 164 | AES256_KEYSIZE = 32, |
| 165 | 165 | ||
| 166 | RECHDR_LEN = 5, | ||
| 167 | |||
| 166 | MAX_TLS_RECORD = (1 << 14), | 168 | MAX_TLS_RECORD = (1 << 14), |
| 167 | OUTBUF_PFX = 8 + AES_BLOCKSIZE, /* header + IV */ | 169 | OUTBUF_PFX = 8 + AES_BLOCKSIZE, /* header + IV */ |
| 168 | OUTBUF_SFX = SHA256_OUTSIZE + AES_BLOCKSIZE, /* MAC + padding */ | 170 | OUTBUF_SFX = SHA256_OUTSIZE + AES_BLOCKSIZE, /* MAC + padding */ |
| @@ -257,15 +259,15 @@ static void dump_tls_record(const void *vp, int len) | |||
| 257 | 259 | ||
| 258 | while (len > 0) { | 260 | while (len > 0) { |
| 259 | unsigned xhdr_len; | 261 | unsigned xhdr_len; |
| 260 | if (len < 5) { | 262 | if (len < RECHDR_LEN) { |
| 261 | dump_hex("< |%s|\n", p, len); | 263 | dump_hex("< |%s|\n", p, len); |
| 262 | return; | 264 | return; |
| 263 | } | 265 | } |
| 264 | xhdr_len = 0x100*p[3] + p[4]; | 266 | xhdr_len = 0x100*p[3] + p[4]; |
| 265 | dbg("< hdr_type:%u ver:%u.%u len:%u", p[0], p[1], p[2], xhdr_len); | 267 | dbg("< hdr_type:%u ver:%u.%u len:%u", p[0], p[1], p[2], xhdr_len); |
| 266 | p += 5; | 268 | p += RECHDR_LEN; |
| 267 | len -= 5; | 269 | len -= RECHDR_LEN; |
| 268 | if (len >= 4 && p[-5] == RECORD_TYPE_HANDSHAKE) { | 270 | if (len >= 4 && p[-RECHDR_LEN] == RECORD_TYPE_HANDSHAKE) { |
| 269 | unsigned len24 = get24be(p + 1); | 271 | unsigned len24 = get24be(p + 1); |
| 270 | dbg(" type:%u len24:%u", p[0], len24); | 272 | dbg(" type:%u len24:%u", p[0], len24); |
| 271 | } | 273 | } |
| @@ -524,9 +526,9 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type) | |||
| 524 | uint8_t *buf = tls->outbuf + OUTBUF_PFX; | 526 | uint8_t *buf = tls->outbuf + OUTBUF_PFX; |
| 525 | struct record_hdr *xhdr; | 527 | struct record_hdr *xhdr; |
| 526 | 528 | ||
| 527 | xhdr = (void*)(buf - sizeof(*xhdr)); | 529 | xhdr = (void*)(buf - RECHDR_LEN); |
| 528 | if (CIPHER_ID != TLS_RSA_WITH_NULL_SHA256) | 530 | if (CIPHER_ID != TLS_RSA_WITH_NULL_SHA256) |
| 529 | xhdr = (void*)(buf - sizeof(*xhdr) - AES_BLOCKSIZE); /* place for IV */ | 531 | xhdr = (void*)(buf - RECHDR_LEN - AES_BLOCKSIZE); /* place for IV */ |
| 530 | 532 | ||
| 531 | xhdr->type = type; | 533 | xhdr->type = type; |
| 532 | xhdr->proto_maj = TLS_MAJ; | 534 | xhdr->proto_maj = TLS_MAJ; |
| @@ -540,7 +542,7 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type) | |||
| 540 | hmac_sha256(buf + size, | 542 | hmac_sha256(buf + size, |
| 541 | tls->client_write_MAC_key, sizeof(tls->client_write_MAC_key), | 543 | tls->client_write_MAC_key, sizeof(tls->client_write_MAC_key), |
| 542 | &tls->write_seq64_be, sizeof(tls->write_seq64_be), | 544 | &tls->write_seq64_be, sizeof(tls->write_seq64_be), |
| 543 | xhdr, sizeof(*xhdr), | 545 | xhdr, RECHDR_LEN, |
| 544 | buf, size, | 546 | buf, size, |
| 545 | NULL); | 547 | NULL); |
| 546 | tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be)); | 548 | tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be)); |
| @@ -551,8 +553,8 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type) | |||
| 551 | /* No encryption, only signing */ | 553 | /* No encryption, only signing */ |
| 552 | xhdr->len16_hi = size >> 8; | 554 | xhdr->len16_hi = size >> 8; |
| 553 | xhdr->len16_lo = size & 0xff; | 555 | xhdr->len16_lo = size & 0xff; |
| 554 | dump_hex(">> %s\n", xhdr, sizeof(*xhdr) + size); | 556 | dump_hex(">> %s\n", xhdr, RECHDR_LEN + size); |
| 555 | xwrite(tls->fd, xhdr, sizeof(*xhdr) + size); | 557 | xwrite(tls->fd, xhdr, RECHDR_LEN + size); |
| 556 | dbg("wrote %u bytes (NULL crypt, SHA256 hash)\n", size); | 558 | dbg("wrote %u bytes (NULL crypt, SHA256 hash)\n", size); |
| 557 | return; | 559 | return; |
| 558 | } | 560 | } |
| @@ -639,9 +641,9 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type) | |||
| 639 | size += AES_BLOCKSIZE; /* + IV */ | 641 | size += AES_BLOCKSIZE; /* + IV */ |
| 640 | xhdr->len16_hi = size >> 8; | 642 | xhdr->len16_hi = size >> 8; |
| 641 | xhdr->len16_lo = size & 0xff; | 643 | xhdr->len16_lo = size & 0xff; |
| 642 | dump_hex(">> %s\n", xhdr, sizeof(*xhdr) + size); | 644 | dump_hex(">> %s\n", xhdr, RECHDR_LEN + size); |
| 643 | xwrite(tls->fd, xhdr, sizeof(*xhdr) + size); | 645 | xwrite(tls->fd, xhdr, RECHDR_LEN + size); |
| 644 | dbg("wrote %u bytes\n", (int)sizeof(*xhdr) + size); | 646 | dbg("wrote %u bytes\n", (int)RECHDR_LEN + size); |
| 645 | } | 647 | } |
| 646 | } | 648 | } |
| 647 | 649 | ||
| @@ -649,16 +651,16 @@ static void xwrite_and_update_handshake_hash(tls_state_t *tls, unsigned size) | |||
| 649 | { | 651 | { |
| 650 | if (!tls->encrypt_on_write) { | 652 | if (!tls->encrypt_on_write) { |
| 651 | uint8_t *buf = tls->outbuf + OUTBUF_PFX; | 653 | uint8_t *buf = tls->outbuf + OUTBUF_PFX; |
| 652 | struct record_hdr *xhdr = (void*)(buf - sizeof(*xhdr)); | 654 | struct record_hdr *xhdr = (void*)(buf - RECHDR_LEN); |
| 653 | 655 | ||
| 654 | xhdr->type = RECORD_TYPE_HANDSHAKE; | 656 | xhdr->type = RECORD_TYPE_HANDSHAKE; |
| 655 | xhdr->proto_maj = TLS_MAJ; | 657 | xhdr->proto_maj = TLS_MAJ; |
| 656 | xhdr->proto_min = TLS_MIN; | 658 | xhdr->proto_min = TLS_MIN; |
| 657 | xhdr->len16_hi = size >> 8; | 659 | xhdr->len16_hi = size >> 8; |
| 658 | xhdr->len16_lo = size & 0xff; | 660 | xhdr->len16_lo = size & 0xff; |
| 659 | dump_hex(">> %s\n", xhdr, sizeof(*xhdr) + size); | 661 | dump_hex(">> %s\n", xhdr, RECHDR_LEN + size); |
| 660 | xwrite(tls->fd, xhdr, sizeof(*xhdr) + size); | 662 | xwrite(tls->fd, xhdr, RECHDR_LEN + size); |
| 661 | dbg("wrote %u bytes\n", (int)sizeof(*xhdr) + size); | 663 | dbg("wrote %u bytes\n", (int)RECHDR_LEN + size); |
| 662 | /* Handshake hash does not include record headers */ | 664 | /* Handshake hash does not include record headers */ |
| 663 | sha256_hash_dbg(">> sha256:%s", &tls->handshake_sha256_ctx, buf, size); | 665 | sha256_hash_dbg(">> sha256:%s", &tls->handshake_sha256_ctx, buf, size); |
| 664 | return; | 666 | return; |
| @@ -673,15 +675,16 @@ static int xread_tls_block(tls_state_t *tls) | |||
| 673 | int total; | 675 | int total; |
| 674 | int target; | 676 | int target; |
| 675 | 677 | ||
| 678 | again: | ||
| 676 | dbg("insize:%u tail:%u\n", tls->insize, tls->tail); | 679 | dbg("insize:%u tail:%u\n", tls->insize, tls->tail); |
| 677 | memmove(tls->inbuf, tls->inbuf + tls->insize, tls->tail); | 680 | memmove(tls->inbuf, tls->inbuf + tls->insize, tls->tail); |
| 678 | errno = 0; | 681 | errno = 0; |
| 679 | total = tls->tail; | 682 | total = tls->tail; |
| 680 | target = sizeof(tls->inbuf); | 683 | target = sizeof(tls->inbuf); |
| 681 | for (;;) { | 684 | for (;;) { |
| 682 | if (total >= sizeof(*xhdr) && target == sizeof(tls->inbuf)) { | 685 | if (total >= RECHDR_LEN && target == sizeof(tls->inbuf)) { |
| 683 | xhdr = (void*)tls->inbuf; | 686 | xhdr = (void*)tls->inbuf; |
| 684 | target = sizeof(*xhdr) + (0x100 * xhdr->len16_hi + xhdr->len16_lo); | 687 | target = RECHDR_LEN + (0x100 * xhdr->len16_hi + xhdr->len16_lo); |
| 685 | if (target >= sizeof(tls->inbuf)) { | 688 | if (target >= sizeof(tls->inbuf)) { |
| 686 | /* malformed input (too long): yell and die */ | 689 | /* malformed input (too long): yell and die */ |
| 687 | tls->tail = 0; | 690 | tls->tail = 0; |
| @@ -694,18 +697,29 @@ static int xread_tls_block(tls_state_t *tls) | |||
| 694 | if (total - target >= 0) | 697 | if (total - target >= 0) |
| 695 | break; | 698 | break; |
| 696 | sz = safe_read(tls->fd, tls->inbuf + total, sizeof(tls->inbuf) - total); | 699 | sz = safe_read(tls->fd, tls->inbuf + total, sizeof(tls->inbuf) - total); |
| 697 | if (sz <= 0) | 700 | if (sz <= 0) { |
| 698 | bb_perror_msg_and_die("short read"); | 701 | if (sz == 0 && total == 0) { |
| 702 | /* "Abrupt" EOF, no TLS shutdown (seen from kernel.org) */ | ||
| 703 | dbg("EOF (without TLS shutdown) from peer\n"); | ||
| 704 | tls->tail = 0; | ||
| 705 | tls->insize = 0; | ||
| 706 | goto end; | ||
| 707 | } | ||
| 708 | bb_perror_msg_and_die("short read, have only %d", total); | ||
| 709 | } | ||
| 710 | dbg("read():%d\n", sz); | ||
| 699 | total += sz; | 711 | total += sz; |
| 700 | } | 712 | } |
| 701 | tls->tail = total - target; | 713 | tls->tail = total - target; |
| 702 | tls->insize = target; | 714 | tls->insize = target; |
| 703 | sz = target - sizeof(*xhdr); | 715 | dbg("new insize:%u tail:%u\n", tls->insize, tls->tail); |
| 716 | |||
| 717 | sz = target - RECHDR_LEN; | ||
| 704 | 718 | ||
| 705 | /* Needs to be decrypted? */ | 719 | /* Needs to be decrypted? */ |
| 706 | if (tls->min_encrypted_len_on_read > SHA256_OUTSIZE) { | 720 | if (tls->min_encrypted_len_on_read > SHA256_OUTSIZE) { |
| 707 | psCipherContext_t ctx; | 721 | psCipherContext_t ctx; |
| 708 | uint8_t *p = tls->inbuf + sizeof(*xhdr); | 722 | uint8_t *p = tls->inbuf + RECHDR_LEN; |
| 709 | int padding_len; | 723 | int padding_len; |
| 710 | 724 | ||
| 711 | if (sz & (AES_BLOCKSIZE-1) | 725 | if (sz & (AES_BLOCKSIZE-1) |
| @@ -731,7 +745,7 @@ static int xread_tls_block(tls_state_t *tls) | |||
| 731 | } | 745 | } |
| 732 | if (sz != 0) { | 746 | if (sz != 0) { |
| 733 | /* Skip IV */ | 747 | /* Skip IV */ |
| 734 | memmove(tls->inbuf + 5, tls->inbuf + 5 + AES_BLOCKSIZE, sz); | 748 | memmove(tls->inbuf + RECHDR_LEN, tls->inbuf + RECHDR_LEN + AES_BLOCKSIZE, sz); |
| 735 | } | 749 | } |
| 736 | } else { | 750 | } else { |
| 737 | /* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */ | 751 | /* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */ |
| @@ -739,13 +753,33 @@ static int xread_tls_block(tls_state_t *tls) | |||
| 739 | sz -= tls->min_encrypted_len_on_read; | 753 | sz -= tls->min_encrypted_len_on_read; |
| 740 | } | 754 | } |
| 741 | 755 | ||
| 756 | //dump_hex("<< %s\n", tls->inbuf, RECHDR_LEN + sz); | ||
| 757 | |||
| 758 | xhdr = (void*)tls->inbuf; | ||
| 759 | if (xhdr->type == RECORD_TYPE_ALERT && sz >= 2) { | ||
| 760 | uint8_t *p = tls->inbuf + RECHDR_LEN; | ||
| 761 | dbg("ALERT size:%d level:%d description:%d\n", sz, p[0], p[1]); | ||
| 762 | if (p[0] == 1) { /*warning */ | ||
| 763 | if (p[1] == 0) { /* warning, close_notify: EOF */ | ||
| 764 | dbg("EOF (TLS encoded) from peer\n"); | ||
| 765 | sz = 0; | ||
| 766 | goto end; | ||
| 767 | } | ||
| 768 | /* discard it, get next record */ | ||
| 769 | goto again; | ||
| 770 | } | ||
| 771 | /* p[0] == 1: fatal error, others: not defined in protocol */ | ||
| 772 | sz = 0; | ||
| 773 | goto end; | ||
| 774 | } | ||
| 775 | |||
| 742 | /* RFC 5246 is not saying it explicitly, but sha256 hash | 776 | /* RFC 5246 is not saying it explicitly, but sha256 hash |
| 743 | * in our FINISHED record must include data of incoming packets too! | 777 | * in our FINISHED record must include data of incoming packets too! |
| 744 | */ | 778 | */ |
| 745 | if (tls->inbuf[0] == RECORD_TYPE_HANDSHAKE) { | 779 | if (tls->inbuf[0] == RECORD_TYPE_HANDSHAKE) { |
| 746 | sha256_hash_dbg("<< sha256:%s", &tls->handshake_sha256_ctx, tls->inbuf + 5, sz); | 780 | sha256_hash_dbg("<< sha256:%s", &tls->handshake_sha256_ctx, tls->inbuf + RECHDR_LEN, sz); |
| 747 | } | 781 | } |
| 748 | 782 | end: | |
| 749 | dbg("got block len:%u\n", sz); | 783 | dbg("got block len:%u\n", sz); |
| 750 | return sz; | 784 | return sz; |
| 751 | } | 785 | } |
| @@ -1017,7 +1051,8 @@ static void send_client_hello(tls_state_t *tls) | |||
| 1017 | record->proto_maj = TLS_MAJ; /* the "requested" version of the protocol, */ | 1051 | record->proto_maj = TLS_MAJ; /* the "requested" version of the protocol, */ |
| 1018 | record->proto_min = TLS_MIN; /* can be higher than one in record headers */ | 1052 | record->proto_min = TLS_MIN; /* can be higher than one in record headers */ |
| 1019 | tls_get_random(record->rand32, sizeof(record->rand32)); | 1053 | tls_get_random(record->rand32, sizeof(record->rand32)); |
| 1020 | memset(record->rand32, 0x11, sizeof(record->rand32)); | 1054 | if (TLS_DEBUG_FIXED_SECRETS) |
| 1055 | memset(record->rand32, 0x11, sizeof(record->rand32)); | ||
| 1021 | memcpy(tls->client_and_server_rand32, record->rand32, sizeof(record->rand32)); | 1056 | memcpy(tls->client_and_server_rand32, record->rand32, sizeof(record->rand32)); |
| 1022 | record->session_id_len = 0; | 1057 | record->session_id_len = 0; |
| 1023 | record->cipherid_len16_hi = 0; | 1058 | record->cipherid_len16_hi = 0; |
| @@ -1027,7 +1062,6 @@ memset(record->rand32, 0x11, sizeof(record->rand32)); | |||
| 1027 | record->comprtypes_len = 1; | 1062 | record->comprtypes_len = 1; |
| 1028 | record->comprtypes[0] = 0; | 1063 | record->comprtypes[0] = 0; |
| 1029 | 1064 | ||
| 1030 | //dbg (make it repeatable): memset(record.rand32, 0x11, sizeof(record.rand32)); | ||
| 1031 | dbg(">> CLIENT_HELLO\n"); | 1065 | dbg(">> CLIENT_HELLO\n"); |
| 1032 | xwrite_and_update_handshake_hash(tls, sizeof(*record)); | 1066 | xwrite_and_update_handshake_hash(tls, sizeof(*record)); |
| 1033 | } | 1067 | } |
| @@ -1135,7 +1169,8 @@ static void send_client_key_exchange(tls_state_t *tls) | |||
| 1135 | int len; | 1169 | int len; |
| 1136 | 1170 | ||
| 1137 | tls_get_random(rsa_premaster, sizeof(rsa_premaster)); | 1171 | tls_get_random(rsa_premaster, sizeof(rsa_premaster)); |
| 1138 | memset(rsa_premaster, 0x44, sizeof(rsa_premaster)); | 1172 | if (TLS_DEBUG_FIXED_SECRETS) |
| 1173 | memset(rsa_premaster, 0x44, sizeof(rsa_premaster)); | ||
| 1139 | // RFC 5246 | 1174 | // RFC 5246 |
| 1140 | // "Note: The version number in the PreMasterSecret is the version | 1175 | // "Note: The version number in the PreMasterSecret is the version |
| 1141 | // offered by the client in the ClientHello.client_version, not the | 1176 | // offered by the client in the ClientHello.client_version, not the |
| @@ -1348,7 +1383,7 @@ static void tls_handshake(tls_state_t *tls) | |||
| 1348 | get_server_cert(tls); | 1383 | get_server_cert(tls); |
| 1349 | 1384 | ||
| 1350 | len = xread_tls_handshake_block(tls, 4); | 1385 | len = xread_tls_handshake_block(tls, 4); |
| 1351 | if (tls->inbuf[5] == HANDSHAKE_SERVER_KEY_EXCHANGE) { | 1386 | if (tls->inbuf[RECHDR_LEN] == HANDSHAKE_SERVER_KEY_EXCHANGE) { |
| 1352 | // 459 bytes: | 1387 | // 459 bytes: |
| 1353 | // 0c 00|01|c7 03|00|17|41|04|87|94|2e|2f|68|d0|c9|f4|97|a8|2d|ef|ed|67|ea|c6|f3|b3|56|47|5d|27|b6|bd|ee|70|25|30|5e|b0|8e|f6|21|5a... | 1388 | // 0c 00|01|c7 03|00|17|41|04|87|94|2e|2f|68|d0|c9|f4|97|a8|2d|ef|ed|67|ea|c6|f3|b3|56|47|5d|27|b6|bd|ee|70|25|30|5e|b0|8e|f6|21|5a... |
| 1354 | //SvKey len=455^ | 1389 | //SvKey len=455^ |
| @@ -1359,7 +1394,7 @@ static void tls_handshake(tls_state_t *tls) | |||
| 1359 | xread_tls_handshake_block(tls, 4); | 1394 | xread_tls_handshake_block(tls, 4); |
| 1360 | } | 1395 | } |
| 1361 | 1396 | ||
| 1362 | // if (tls->inbuf[5] == HANDSHAKE_CERTIFICATE_REQUEST) { | 1397 | // if (tls->inbuf[RECHDR_LEN] == HANDSHAKE_CERTIFICATE_REQUEST) { |
| 1363 | // dbg("<< CERTIFICATE_REQUEST\n"); | 1398 | // dbg("<< CERTIFICATE_REQUEST\n"); |
| 1364 | //RFC 5246: (in response to this,) "If no suitable certificate is available, | 1399 | //RFC 5246: (in response to this,) "If no suitable certificate is available, |
| 1365 | // the client MUST send a certificate message containing no | 1400 | // the client MUST send a certificate message containing no |
| @@ -1371,7 +1406,7 @@ static void tls_handshake(tls_state_t *tls) | |||
| 1371 | // xread_tls_handshake_block(tls, 4); | 1406 | // xread_tls_handshake_block(tls, 4); |
| 1372 | // } | 1407 | // } |
| 1373 | 1408 | ||
| 1374 | if (tls->inbuf[5] != HANDSHAKE_SERVER_HELLO_DONE) | 1409 | if (tls->inbuf[RECHDR_LEN] != HANDSHAKE_SERVER_HELLO_DONE) |
| 1375 | tls_error_die(tls); | 1410 | tls_error_die(tls); |
| 1376 | // 0e 000000 (len:0) | 1411 | // 0e 000000 (len:0) |
| 1377 | dbg("<< SERVER_HELLO_DONE\n"); | 1412 | dbg("<< SERVER_HELLO_DONE\n"); |
| @@ -1398,7 +1433,7 @@ static void tls_handshake(tls_state_t *tls) | |||
| 1398 | 1433 | ||
| 1399 | /* Get (encrypted) FINISHED from the server */ | 1434 | /* Get (encrypted) FINISHED from the server */ |
| 1400 | len = xread_tls_block(tls); | 1435 | len = xread_tls_block(tls); |
| 1401 | if (len < 4 || tls->inbuf[5] != HANDSHAKE_FINISHED) | 1436 | if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED) |
| 1402 | tls_error_die(tls); | 1437 | tls_error_die(tls); |
| 1403 | dbg("<< FINISHED\n"); | 1438 | dbg("<< FINISHED\n"); |
| 1404 | /* application data can be sent/received */ | 1439 | /* application data can be sent/received */ |
| @@ -1454,7 +1489,10 @@ int tls_main(int argc UNUSED_PARAM, char **argv) | |||
| 1454 | bb_perror_msg_and_die("select"); | 1489 | bb_perror_msg_and_die("select"); |
| 1455 | 1490 | ||
| 1456 | if (FD_ISSET(STDIN_FILENO, &testfds)) { | 1491 | if (FD_ISSET(STDIN_FILENO, &testfds)) { |
| 1457 | void *buf = tls_get_outbuf(tls, COMMON_BUFSIZE); | 1492 | void *buf; |
| 1493 | |||
| 1494 | dbg("STDIN HAS DATA\n"); | ||
| 1495 | buf = tls_get_outbuf(tls, COMMON_BUFSIZE); | ||
| 1458 | nread = safe_read(STDIN_FILENO, buf, COMMON_BUFSIZE); | 1496 | nread = safe_read(STDIN_FILENO, buf, COMMON_BUFSIZE); |
| 1459 | if (nread < 1) { | 1497 | if (nread < 1) { |
| 1460 | //&& errno != EAGAIN | 1498 | //&& errno != EAGAIN |
| @@ -1466,196 +1504,14 @@ int tls_main(int argc UNUSED_PARAM, char **argv) | |||
| 1466 | tls_xwrite(tls, nread); | 1504 | tls_xwrite(tls, nread); |
| 1467 | } | 1505 | } |
| 1468 | if (FD_ISSET(cfd, &testfds)) { | 1506 | if (FD_ISSET(cfd, &testfds)) { |
| 1507 | dbg("NETWORK HAS DATA\n"); | ||
| 1469 | nread = xread_tls_block(tls); | 1508 | nread = xread_tls_block(tls); |
| 1470 | if (nread < 1) | 1509 | if (nread < 1) |
| 1471 | //if eof, just close stdout, but not exit! | 1510 | //if eof, just close stdout, but not exit! |
| 1472 | return EXIT_SUCCESS; | 1511 | return EXIT_SUCCESS; |
| 1473 | xwrite(STDOUT_FILENO, tls->inbuf + 5, nread); | 1512 | xwrite(STDOUT_FILENO, tls->inbuf + RECHDR_LEN, nread); |
| 1474 | } | 1513 | } |
| 1475 | } | 1514 | } |
| 1476 | 1515 | ||
| 1477 | return EXIT_SUCCESS; | 1516 | return EXIT_SUCCESS; |
| 1478 | } | 1517 | } |
| 1479 | /* Unencryped SHA256 example: | ||
| 1480 | * s_client says: | ||
| 1481 | |||
| 1482 | write to 0x1d750b0 [0x1e6f153] (99 bytes => 99 (0x63)) | ||
| 1483 | 0000 - 16 03 01 005e 01 00005a 0303 [4d ef 5c 82 3e ....^...Z..M.\.> >> ClHello | ||
| 1484 | 0010 - bf a6 ee f1 1e 04 d1 5c-99 20 86 13 e9 0a cf 58 .......\. .....X | ||
| 1485 | 0020 - 75 b1 bd 7a e6 d6 44 f3-d3 a1 52] 00 0004 003b u..z..D...R....; 003b = TLS_RSA_WITH_NULL_SHA256 | ||
| 1486 | 0030 - 00ff TLS_EMPTY_RENEGOTIATION_INFO_SCSV | ||
| 1487 | 0100 compr=none | ||
| 1488 | 002d, 0023 0000, 000d 0020 [00 1e .....-.#..... .. extlen, SessionTicketTLS 0 bytes, SignatureAlgorithms 32 bytes | ||
| 1489 | 0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02 ................ | ||
| 1490 | 0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03] 000f ................ Heart Beat 1 byte | ||
| 1491 | 0060 - 0001 01 ... | ||
| 1492 | |||
| 1493 | read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) | ||
| 1494 | 0000 - 16 03 03 00 3a ....: | ||
| 1495 | read from 0x1d750b0 [0x1e6ac08] (58 bytes => 58 (0x3A)) | ||
| 1496 | 0000 - 02 000036 0303 [f2 61-ae c8 58 e3 51 42 32 93 ...6...a..X.QB2. << SvHello | ||
| 1497 | 0010 - c5 62 e4 f5 06 93 81 65-aa f7 df 74 af 7c 98 b4 .b.....e...t.|.. | ||
| 1498 | 0020 - 3e a7 35 c3 25 69] 00,003b,00.................. >.5.%i..;....... - no session id! "The server | ||
| 1499 | may return an empty session_id to indicate that the session will | ||
| 1500 | not be cached and therefore cannot be resumed." | ||
| 1501 | 003b = TLS_RSA_WITH_NULL_SHA256 accepted, 00 - no compr | ||
| 1502 | 000e ff01 0001 extlen, 0xff01=RenegotiationInfo 1 byte | ||
| 1503 | 0030 - 00, 0023 0000, SessionTicketTLS 0 bytes | ||
| 1504 | 000f 0001 01 ..#....... Heart Beat 1 byte | ||
| 1505 | |||
| 1506 | read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) | ||
| 1507 | 0000 - 16 03 03 04 0b ..... | ||
| 1508 | read from 0x1d750b0 [0x1e6ac08] (1035 bytes => 1035 (0x40B)) | ||
| 1509 | 0000 - 0b 00 04 07 00 04 04 00-04 01 30 82 03 fd 30 82 ..........0...0. << Cert | ||
| 1510 | 0010 - 02 65 a0 03 02 01 02 02-09 00 d9 d9 8d b8 94 ad .e.............. | ||
| 1511 | 0020 - 2e 2b 30 0d 06 09 2a 86-48 86 f7 0d 01 01 0b 05 .+0...*.H....... | ||
| 1512 | 0030 - 00 30 14 31 12 30 10 06-03 55 04 03 0c 09 6c 6f .0.1.0...U....lo | ||
| 1513 | 0040 - 63 61 6c 68 6f 73 74 30-20 17 0d 31 37 30 31 31 calhost0 ..17011 | ||
| 1514 | ..."......."......."......."......."......."......."......."......."..... | ||
| 1515 | 03f0 - 11 8a cd c5 a3 0a 22 43-d5 13 f9 a5 8a 06 f9 00 ......"C........ | ||
| 1516 | 0400 - 3c f7 86 4e e8 a5 d8 5b-92 37 f5 <..N...[.7. | ||
| 1517 | depth=0 CN = localhost | ||
| 1518 | verify error:num=18:self signed certificate | ||
| 1519 | verify return:1 | ||
| 1520 | depth=0 CN = localhost | ||
| 1521 | verify return:1 | ||
| 1522 | |||
| 1523 | read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) | ||
| 1524 | 0000 - 16 03 03 00 04 ..... | ||
| 1525 | |||
| 1526 | read from 0x1d750b0 [0x1e6ac08] (4 bytes => 4 (0x4)) << SvDone | ||
| 1527 | 0000 - 0e . | ||
| 1528 | 0004 - <SPACES/NULS> | ||
| 1529 | |||
| 1530 | write to 0x1d750b0 [0x1e74620] (395 bytes => 395 (0x18B)) >> ClDone | ||
| 1531 | 0000 - 16 03 03 01 86 10 00 01-82 01 80 88 f0 87 5d b0 ..............]. | ||
| 1532 | 0010 - ea df 3b 4d e2 35 f3 99-e6 d4 29 87 36 86 ea 30 ..;M.5....).6..0 | ||
| 1533 | 0020 - 38 80 c7 37 66 7f 5b e7-23 38 7e 87 24 66 82 81 8..7f.[.#8~.$f.. | ||
| 1534 | 0030 - e4 ba 6c 2a 0c 92 a8 b9-39 c1 55 16 32 88 14 cd ..l*....9.U.2... | ||
| 1535 | 0040 - 95 8c 82 49 a1 c7 f9 9b-e5 8f f6 5e 7e ee 91 b3 ...I.......^~... | ||
| 1536 | 0050 - 2c 92 e7 a3 02 f8 9f 56-04 45 39 df a7 d6 1a 16 ,......V.E9..... | ||
| 1537 | 0060 - 67 5c a4 f8 87 8a c4 c8-6c 6f c6 f0 9b c9 b4 87 g\......lo...... | ||
| 1538 | 0070 - 36 43 c1 67 9f b3 aa 11-34 b0 c2 fc 1f d9 e1 ff 6C.g....4....... | ||
| 1539 | 0080 - fb e1 89 db 91 58 ec cc-aa 16 19 9a 91 74 e2 46 .....X.......t.F | ||
| 1540 | 0090 - 22 a7 a7 f7 9e 3c 97 82-2c e4 21 b3 fa ef ba 3f "....<..,.!....? | ||
| 1541 | 00a0 - 57 48 e4 b2 84 b7 c2 81-92 a9 f1 03 68 f4 e6 0c WH..........h... | ||
| 1542 | 00b0 - fd 54 87 f5 e9 a0 5d e6-5f 0e bd 80 86 27 ab 0e .T....]._....'.. | ||
| 1543 | 00c0 - cf 92 4f bd fc 24 b9 54-72 5f 58 df 6b 2b 1d 97 ..O..$.Tr_X.k+.. | ||
| 1544 | 00d0 - 00 60 fe 95 b0 aa d6 c7-c1 3a f9 2e 7c 92 a9 6d .`.......:..|..m | ||
| 1545 | 00e0 - 28 a3 ef 3e c1 e6 2d 2d-e8 db 81 ea 51 02 3f 64 (..>..--....Q.?d | ||
| 1546 | 00f0 - a8 66 14 c1 4b 17 1f 55-c6 5b 3b 38 c3 6a 61 a8 .f..K..U.[;8.ja. | ||
| 1547 | 0100 - f7 ad 65 7d cb 14 6d b3-0f 76 19 25 8e ed bd 53 ..e}..m..v.%...S | ||
| 1548 | 0110 - 35 a9 a1 34 00 9d 07 81-84 51 35 e0 83 83 e3 a6 5..4.....Q5..... | ||
| 1549 | 0120 - c7 77 4c 61 e4 78 9c cb-f5 92 4e d6 dd c4 c2 2b .wLa.x....N....+ | ||
| 1550 | 0130 - 75 9e 72 a6 7f 81 6a 1c-fc 4a 51 91 81 b4 cc 33 u.r...j..JQ....3 | ||
| 1551 | 0140 - 1c 8b 0a b6 94 8b 16 1b-86 2f 31 5e 31 e1 57 14 ........./1^1.W. | ||
| 1552 | 0150 - 2e b5 09 5d cf 6f ea b2-94 e9 5c cc b9 fc 24 a0 ...].o....\...$. | ||
| 1553 | 0160 - b7 f1 f4 9d 95 46 4f 08-5c 45 c6 2f 9f 7d 76 09 .....FO.\E./.}v. | ||
| 1554 | 0170 - 6a af 50 2c 89 76 82 5f-e8 34 d8 4b 84 b6 34 18 j.P,.v._.4.K..4. | ||
| 1555 | 0180 - 85 95 4a 3f 0f 28 88 3a-71 32 90 ..J?.(.:q2. | ||
| 1556 | |||
| 1557 | write to 0x1d750b0 [0x1e74620] (6 bytes => 6 (0x6)) | ||
| 1558 | 0000 - 14 03 03 00 01 01 ...... >> CHANGE_CIPHER_SPEC | ||
| 1559 | |||
| 1560 | write to 0x1d750b0 [0x1e74620] (53 bytes => 53 (0x35)) | ||
| 1561 | 0000 - 16 03 03 0030 14 00000c [ed b9 e1 33 36 0b 76 ....0.......36.v >> FINISHED (0x14) [PRF 12 bytes|SHA256_OUTSIZE 32 bytes] | ||
| 1562 | 0010 - c0 d1 d4 0b a3|73 ec a8-fa b5 cb 12 b6 4c 2a b1 .....s.......L*. | ||
| 1563 | 0020 - fb 42 7f 73 0d 06 1c 87-56 f0 db df e6 6a 25 aa .B.s....V....j%. | ||
| 1564 | 0030 - fc 42 38 cb 0b] .B8.. | ||
| 1565 | |||
| 1566 | read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) | ||
| 1567 | 0000 - 16 03 03 00 aa ..... | ||
| 1568 | read from 0x1d750b0 [0x1e6ac08] (170 bytes => 170 (0xAA)) | ||
| 1569 | 0000 - 04 00 00 a6 00 00 1c 20-00 a0 dd f4 52 01 54 8d ....... ....R.T. << NEW_SESSION_TICKET | ||
| 1570 | 0010 - f8 a6 f9 2d 7d 19 20 5b-14 44 d3 2d 7b f2 ca e8 ...-}. [.D.-{... | ||
| 1571 | 0020 - 01 4e 94 7b fe 12 59 3a-00 2e 7e cf 74 43 7a f7 .N.{..Y:..~.tCz. | ||
| 1572 | 0030 - 9e cc 70 80 70 7c e3 a5-c6 9d 85 2c 36 19 4c 5c ..p.p|.....,6.L\ | ||
| 1573 | 0040 - ba 3b c3 e5 69 dc f3 a4-47 38 11 c9 7d 1a b0 6e .;..i...G8..}..n | ||
| 1574 | 0050 - d8 49 a0 a8 e4 de 70 a8-d0 6b e4 7a b7 65 25 df .I....p..k.z.e%. | ||
| 1575 | 0060 - 1b 5f 64 0f 89 69 02 72-fe eb d3 7a af 51 78 0e ._d..i.r...z.Qx. | ||
| 1576 | 0070 - de 17 06 a5 f0 47 9d e0-04 d4 b1 1e be 7e ed bd .....G.......~.. | ||
| 1577 | 0080 - 27 8f 5d e8 ac f6 45 aa-e0 12 93 41 5f a8 4b b9 '.]...E....A_.K. | ||
| 1578 | 0090 - bd 43 8f a1 23 51 af 92-77 8f 38 23 3e 2e c2 f0 .C..#Q..w.8#>... | ||
| 1579 | 00a0 - a3 74 fa 83 94 ce 19 8a-5b 5b .t......[[ | ||
| 1580 | |||
| 1581 | read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) | ||
| 1582 | 0000 - 14 03 03 00 01 ..... << CHANGE_CIPHER_SPEC | ||
| 1583 | read from 0x1d750b0 [0x1e6ac08] (1 bytes => 1 (0x1)) | ||
| 1584 | 0000 - 01 . | ||
| 1585 | |||
| 1586 | read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) | ||
| 1587 | 0000 - 16 03 03 00 30 ....0 | ||
| 1588 | read from 0x1d750b0 [0x1e6ac08] (48 bytes => 48 (0x30)) | ||
| 1589 | 0000 - 14 00000c [06 86 0d 5c-92 0b 63 04 cc b4 f0 00 .......\..c..... << FINISHED (0x14) [PRF 12 bytes|SHA256_OUTSIZE 32 bytes] | ||
| 1590 | 0010 -|49 d6 dd 56 73 e3 d2 e8-22 d6 bd 61 b2 b3 af f0 I..Vs..."..a.... | ||
| 1591 | 0020 - f5 00 8a 80 82 04 33 a7-50 8e ae 3b 4c 8c cf 4a] ......3.P..;L..J | ||
| 1592 | --- | ||
| 1593 | Certificate chain | ||
| 1594 | 0 s:/CN=localhost | ||
| 1595 | i:/CN=localhost | ||
| 1596 | --- | ||
| 1597 | Server certificate | ||
| 1598 | -----BEGIN CERTIFICATE----- | ||
| 1599 | ..."......."......."......."......."......."......."......."......."..... | ||
| 1600 | -----END CERTIFICATE----- | ||
| 1601 | subject=/CN=localhost | ||
| 1602 | issuer=/CN=localhost | ||
| 1603 | --- | ||
| 1604 | No client certificate CA names sent | ||
| 1605 | --- | ||
| 1606 | SSL handshake has read 1346 bytes and written 553 bytes | ||
| 1607 | --- | ||
| 1608 | New, TLSv1/SSLv3, Cipher is NULL-SHA256 | ||
| 1609 | Server public key is 3072 bit | ||
| 1610 | Secure Renegotiation IS supported | ||
| 1611 | Compression: NONE | ||
| 1612 | Expansion: NONE | ||
| 1613 | No ALPN negotiated | ||
| 1614 | SSL-Session: | ||
| 1615 | Protocol : TLSv1.2 | ||
| 1616 | Cipher : NULL-SHA256 | ||
| 1617 | Session-ID: 5D62B36950F3DEB571707CD1B815E9E275041B9DB70D7F3E25C4A6535B13B616 | ||
| 1618 | Session-ID-ctx: | ||
| 1619 | Master-Key: 4D08108C59417E0A41656636C51BA5B83F4EFFF9F4C860987B47B31250E5D1816D00940DBCCC196C2D99C8462C889DF1 | ||
| 1620 | Key-Arg : None | ||
| 1621 | Krb5 Principal: None | ||
| 1622 | PSK identity: None | ||
| 1623 | PSK identity hint: None | ||
| 1624 | TLS session ticket lifetime hint: 7200 (seconds) | ||
| 1625 | TLS session ticket: | ||
| 1626 | 0000 - dd f4 52 01 54 8d f8 a6-f9 2d 7d 19 20 5b 14 44 ..R.T....-}. [.D | ||
| 1627 | 0010 - d3 2d 7b f2 ca e8 01 4e-94 7b fe 12 59 3a 00 2e .-{....N.{..Y:.. | ||
| 1628 | 0020 - 7e cf 74 43 7a f7 9e cc-70 80 70 7c e3 a5 c6 9d ~.tCz...p.p|.... | ||
| 1629 | 0030 - 85 2c 36 19 4c 5c ba 3b-c3 e5 69 dc f3 a4 47 38 .,6.L\.;..i...G8 | ||
| 1630 | 0040 - 11 c9 7d 1a b0 6e d8 49-a0 a8 e4 de 70 a8 d0 6b ..}..n.I....p..k | ||
| 1631 | 0050 - e4 7a b7 65 25 df 1b 5f-64 0f 89 69 02 72 fe eb .z.e%.._d..i.r.. | ||
| 1632 | 0060 - d3 7a af 51 78 0e de 17-06 a5 f0 47 9d e0 04 d4 .z.Qx......G.... | ||
| 1633 | 0070 - b1 1e be 7e ed bd 27 8f-5d e8 ac f6 45 aa e0 12 ...~..'.]...E... | ||
| 1634 | 0080 - 93 41 5f a8 4b b9 bd 43-8f a1 23 51 af 92 77 8f .A_.K..C..#Q..w. | ||
| 1635 | 0090 - 38 23 3e 2e c2 f0 a3 74-fa 83 94 ce 19 8a 5b 5b 8#>....t......[[ | ||
| 1636 | |||
| 1637 | Start Time: 1484574330 | ||
| 1638 | Timeout : 7200 (sec) | ||
| 1639 | Verify return code: 18 (self signed certificate) | ||
| 1640 | --- | ||
| 1641 | read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) | ||
| 1642 | 0000 - 17 03 03 00 21 ....! | ||
| 1643 | read from 0x1d750b0 [0x1e6ac08] (33 bytes => 33 (0x21)) | ||
| 1644 | 0000 - 0a 74 5b 50 02 13 75 a4-27 0a 40 b1 53 74 52 14 .t[P..u.'.@.StR. | ||
| 1645 | 0010 - e7 1e 6a 6c c1 60 2e 93-7e a5 d9 43 1d 8e f6 08 ..jl.`..~..C.... | ||
| 1646 | 0020 - 69 i | ||
| 1647 | |||
| 1648 | read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) | ||
| 1649 | 0000 - 17 03 03 00 21 ....! | ||
| 1650 | read from 0x1d750b0 [0x1e6ac08] (33 bytes => 33 (0x21)) | ||
| 1651 | 0000 - 0a 1b ce 44 98 4f 81 c5-28 7a cc 79 62 db d2 86 ...D.O..(z.yb... | ||
| 1652 | 0010 - 6a 55 a4 c7 73 49 ef 3e-bd 03 99 76 df 65 2a a1 jU..sI.>...v.e*. | ||
| 1653 | 0020 - b6 . | ||
| 1654 | |||
| 1655 | read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) | ||
| 1656 | 0000 - 17 03 03 00 21 ....! | ||
| 1657 | read from 0x1d750b0 [0x1e6ac08] (33 bytes => 33 (0x21)) | ||
| 1658 | 0000 - 0a 67 66 34 ba 68 36 3c-ad 0a c1 f5 c0 5a 50 fe .gf4.h6<.....ZP. | ||
| 1659 | 0010 - 68 cd 04 65 e9 de 6e 98-f9 e2 41 1e 0b 9b 84 06 h..e..n...A..... | ||
| 1660 | 0020 - 64 d | ||
| 1661 | */ | ||