|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 // This is enumeration of EAPOL source code. |
|
20 #if defined(USE_EAP_MINIMUM_RELEASE_TRACES) |
|
21 #undef EAP_FILE_NUMBER_ENUM |
|
22 #define EAP_FILE_NUMBER_ENUM 130 |
|
23 #undef EAP_FILE_NUMBER_DATE |
|
24 #define EAP_FILE_NUMBER_DATE 1127594498 |
|
25 #endif //#if defined(USE_EAP_MINIMUM_RELEASE_TRACES) |
|
26 |
|
27 |
|
28 |
|
29 #include "eap_tools.h" |
|
30 #include "eap_array.h" |
|
31 #include "eap_array_algorithms.h" |
|
32 #include "tls_handshake_message.h" |
|
33 #include "tls_record_header.h" |
|
34 #include "eap_crypto_api.h" |
|
35 #include "eap_automatic_variable.h" |
|
36 |
|
37 /** @file */ |
|
38 |
|
39 //-------------------------------------------------- |
|
40 |
|
41 EAP_FUNC_EXPORT tls_handshake_message_c::~tls_handshake_message_c() |
|
42 { |
|
43 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
44 |
|
45 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
46 } |
|
47 |
|
48 //-------------------------------------------------- |
|
49 |
|
50 EAP_FUNC_EXPORT tls_handshake_message_c::tls_handshake_message_c( |
|
51 abs_eap_am_tools_c * const tools, |
|
52 abs_tls_message_hash_c * const message_hash, |
|
53 const bool is_client) |
|
54 : m_am_tools(tools) |
|
55 , m_message_hash(message_hash) |
|
56 , m_tls_handshake_message_buffer(tools) |
|
57 , m_unix_time(tools) |
|
58 , m_random_value(tools) |
|
59 , m_session_id(tools) |
|
60 , m_cipher_suites(tools) |
|
61 , m_compression_methods(tools) |
|
62 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
63 , m_tls_extensions(tools) |
|
64 #endif // #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
65 , m_certificate_chain(tools) |
|
66 , m_certificate_authorities(tools) |
|
67 , m_certificate_types(tools) |
|
68 , m_encrypted_premaster_secret(tools) |
|
69 , m_public_dhe_key(tools) |
|
70 , m_dhe_prime(tools) |
|
71 , m_dhe_group_generator(tools) |
|
72 , m_signed_message_hash(tools) |
|
73 , m_finished_data(tools) |
|
74 , m_selected_cipher_suite(tls_cipher_suites_none) |
|
75 , m_selected_compression_method(tls_compression_method_none) |
|
76 , m_handshake_type(tls_handshake_type_none) |
|
77 , m_is_analysed(false) |
|
78 , m_is_valid(false) |
|
79 , m_is_client(is_client) |
|
80 { |
|
81 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
82 |
|
83 set_is_valid(); |
|
84 |
|
85 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
86 } |
|
87 |
|
88 //-------------------------------------------------- |
|
89 |
|
90 EAP_FUNC_EXPORT void tls_handshake_message_c::set_is_valid() |
|
91 { |
|
92 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
93 |
|
94 m_is_valid = true; |
|
95 |
|
96 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
97 } |
|
98 |
|
99 //-------------------------------------------------- |
|
100 |
|
101 EAP_FUNC_EXPORT bool tls_handshake_message_c::get_is_valid() |
|
102 { |
|
103 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
104 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
105 return m_is_valid; |
|
106 } |
|
107 |
|
108 //-------------------------------------------------- |
|
109 |
|
110 EAP_FUNC_EXPORT void tls_handshake_message_c::set_is_analysed() |
|
111 { |
|
112 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
113 |
|
114 m_is_analysed = true; |
|
115 |
|
116 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
117 } |
|
118 |
|
119 //-------------------------------------------------- |
|
120 |
|
121 EAP_FUNC_EXPORT bool tls_handshake_message_c::get_is_analysed() |
|
122 { |
|
123 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
124 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
125 return m_is_analysed; |
|
126 } |
|
127 |
|
128 //-------------------------------------------------- |
|
129 |
|
130 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_handshake_type(tls_handshake_type_e type) |
|
131 { |
|
132 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
133 |
|
134 m_handshake_type = type; |
|
135 |
|
136 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
137 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
138 } |
|
139 |
|
140 //-------------------------------------------------- |
|
141 |
|
142 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_handshake_header_copy( |
|
143 const tls_handshake_header_c * const tls_handshake_header) |
|
144 { |
|
145 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
146 |
|
147 m_handshake_type = tls_handshake_header->get_handshake_type(); |
|
148 |
|
149 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
150 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
151 } |
|
152 |
|
153 //-------------------------------------------------- |
|
154 |
|
155 EAP_FUNC_EXPORT tls_handshake_type_e tls_handshake_message_c::get_handshake_type() const |
|
156 { |
|
157 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
158 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
159 return m_handshake_type; |
|
160 } |
|
161 |
|
162 //-------------------------------------------------- |
|
163 |
|
164 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_cipher_suites( |
|
165 EAP_TEMPLATE_CONST eap_array_c<u16_t> * const cipher_suites) |
|
166 { |
|
167 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
168 |
|
169 m_cipher_suites.reset(); |
|
170 |
|
171 eap_status_e status = copy_simple<u16_t>( |
|
172 cipher_suites, |
|
173 &m_cipher_suites, |
|
174 m_am_tools, |
|
175 false); |
|
176 |
|
177 if (status != eap_status_ok) |
|
178 { |
|
179 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
180 return EAP_STATUS_RETURN(m_am_tools, status); |
|
181 } |
|
182 |
|
183 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
184 return EAP_STATUS_RETURN(m_am_tools, status); |
|
185 } |
|
186 |
|
187 //-------------------------------------------------- |
|
188 |
|
189 EAP_FUNC_EXPORT EAP_TEMPLATE_CONST eap_array_c<u16_t> * tls_handshake_message_c::get_cipher_suites() EAP_TEMPLATE_CONST |
|
190 { |
|
191 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
192 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
193 return &m_cipher_suites; |
|
194 } |
|
195 |
|
196 //-------------------------------------------------- |
|
197 |
|
198 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_compression_methods( |
|
199 EAP_TEMPLATE_CONST eap_array_c<u8_t> * const compression_methods) |
|
200 { |
|
201 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
202 |
|
203 eap_status_e status = copy_simple<u8_t>( |
|
204 compression_methods, |
|
205 &m_compression_methods, |
|
206 m_am_tools, |
|
207 false); |
|
208 |
|
209 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
210 return EAP_STATUS_RETURN(m_am_tools, status); |
|
211 } |
|
212 |
|
213 //-------------------------------------------------- |
|
214 |
|
215 EAP_FUNC_EXPORT EAP_TEMPLATE_CONST eap_array_c<u8_t> * tls_handshake_message_c::get_compression_methods() EAP_TEMPLATE_CONST |
|
216 { |
|
217 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
218 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
219 return &m_compression_methods; |
|
220 } |
|
221 |
|
222 //-------------------------------------------------- |
|
223 |
|
224 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
225 |
|
226 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_tls_extensions( |
|
227 EAP_TEMPLATE_CONST eap_array_c<tls_extension_c> * const tls_extensionss) |
|
228 { |
|
229 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
230 |
|
231 eap_status_e status = copy<tls_extension_c>( |
|
232 tls_extensionss, |
|
233 &m_tls_extensions, |
|
234 m_am_tools, |
|
235 false); |
|
236 |
|
237 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
238 return EAP_STATUS_RETURN(m_am_tools, status); |
|
239 } |
|
240 |
|
241 #endif // #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
242 |
|
243 //-------------------------------------------------- |
|
244 |
|
245 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
246 |
|
247 EAP_FUNC_EXPORT EAP_TEMPLATE_CONST eap_array_c<tls_extension_c> * tls_handshake_message_c::get_tls_extensions() EAP_TEMPLATE_CONST |
|
248 { |
|
249 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
250 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
251 return &m_tls_extensions; |
|
252 } |
|
253 |
|
254 #endif // #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
255 |
|
256 //-------------------------------------------------- |
|
257 |
|
258 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_random_value( |
|
259 const eap_variable_data_c * const random_value) |
|
260 { |
|
261 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
262 |
|
263 eap_status_e status = m_random_value.set_copy_of_buffer(random_value); |
|
264 |
|
265 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
266 return EAP_STATUS_RETURN(m_am_tools, status); |
|
267 } |
|
268 |
|
269 //-------------------------------------------------- |
|
270 |
|
271 EAP_FUNC_EXPORT const eap_variable_data_c * tls_handshake_message_c::get_random_value() const |
|
272 { |
|
273 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
274 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
275 return &m_random_value; |
|
276 } |
|
277 |
|
278 //-------------------------------------------------- |
|
279 |
|
280 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_session_id( |
|
281 const eap_variable_data_c * const session_id) |
|
282 { |
|
283 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
284 |
|
285 eap_status_e status = m_session_id.set_copy_of_buffer(session_id); |
|
286 |
|
287 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
288 return EAP_STATUS_RETURN(m_am_tools, status); |
|
289 } |
|
290 |
|
291 //-------------------------------------------------- |
|
292 |
|
293 EAP_FUNC_EXPORT const eap_variable_data_c * tls_handshake_message_c::get_session_id() const |
|
294 { |
|
295 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
296 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
297 return &m_session_id; |
|
298 } |
|
299 |
|
300 //-------------------------------------------------- |
|
301 |
|
302 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_certificate_chain( |
|
303 EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_chain) |
|
304 { |
|
305 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
306 |
|
307 eap_status_e status = copy<eap_variable_data_c>( |
|
308 certificate_chain, |
|
309 &m_certificate_chain, |
|
310 m_am_tools, |
|
311 false); |
|
312 |
|
313 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
314 return EAP_STATUS_RETURN(m_am_tools, status); |
|
315 } |
|
316 |
|
317 //-------------------------------------------------- |
|
318 |
|
319 EAP_FUNC_EXPORT EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * tls_handshake_message_c::get_certificate_chain() EAP_TEMPLATE_CONST |
|
320 { |
|
321 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
322 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
323 return &m_certificate_chain; |
|
324 } |
|
325 |
|
326 //-------------------------------------------------- |
|
327 |
|
328 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_certificate_authorities( |
|
329 EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_authorities) |
|
330 { |
|
331 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
332 |
|
333 eap_status_e status = copy<eap_variable_data_c>( |
|
334 certificate_authorities, |
|
335 &m_certificate_authorities, |
|
336 m_am_tools, |
|
337 false); |
|
338 |
|
339 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
340 return EAP_STATUS_RETURN(m_am_tools, status); |
|
341 } |
|
342 |
|
343 //-------------------------------------------------- |
|
344 |
|
345 EAP_FUNC_EXPORT EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * tls_handshake_message_c::get_certificate_authorities() EAP_TEMPLATE_CONST |
|
346 { |
|
347 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
348 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
349 return &m_certificate_authorities; |
|
350 } |
|
351 |
|
352 //-------------------------------------------------- |
|
353 |
|
354 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_certificate_types( |
|
355 EAP_TEMPLATE_CONST eap_array_c<u8_t> * const certificate_types) |
|
356 { |
|
357 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
358 |
|
359 eap_status_e status = copy_simple<u8_t>( |
|
360 certificate_types, |
|
361 &m_certificate_types, |
|
362 m_am_tools, |
|
363 false); |
|
364 |
|
365 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
366 return EAP_STATUS_RETURN(m_am_tools, status); |
|
367 } |
|
368 |
|
369 //-------------------------------------------------- |
|
370 |
|
371 EAP_FUNC_EXPORT EAP_TEMPLATE_CONST eap_array_c<u8_t> * tls_handshake_message_c::get_certificate_types() EAP_TEMPLATE_CONST |
|
372 { |
|
373 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
374 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
375 return &m_certificate_types; |
|
376 } |
|
377 |
|
378 //-------------------------------------------------- |
|
379 |
|
380 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_selected_cipher_suite(const tls_cipher_suites_e selected_cipher_suite) |
|
381 { |
|
382 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
383 |
|
384 m_selected_cipher_suite = selected_cipher_suite; |
|
385 |
|
386 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
387 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
388 } |
|
389 |
|
390 EAP_FUNC_EXPORT tls_cipher_suites_e tls_handshake_message_c::get_selected_cipher_suite() const |
|
391 { |
|
392 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
393 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
394 return m_selected_cipher_suite; |
|
395 } |
|
396 |
|
397 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_selected_compression_method(const tls_compression_method_e selected_compression_method) |
|
398 { |
|
399 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
400 |
|
401 m_selected_compression_method = selected_compression_method; |
|
402 |
|
403 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
404 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
405 } |
|
406 |
|
407 EAP_FUNC_EXPORT tls_compression_method_e tls_handshake_message_c::get_selected_compression_method() const |
|
408 { |
|
409 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
410 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
411 return m_selected_compression_method; |
|
412 } |
|
413 |
|
414 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_public_dhe_key(const eap_variable_data_c * const public_dhe_key) |
|
415 { |
|
416 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
417 |
|
418 eap_status_e status = m_public_dhe_key.set_copy_of_buffer(public_dhe_key); |
|
419 |
|
420 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
421 return EAP_STATUS_RETURN(m_am_tools, status); |
|
422 } |
|
423 |
|
424 EAP_FUNC_EXPORT const eap_variable_data_c * tls_handshake_message_c::get_public_dhe_key() const |
|
425 { |
|
426 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
427 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
428 return &m_public_dhe_key; |
|
429 } |
|
430 |
|
431 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_encrypted_premaster_secret(const eap_variable_data_c * const encrypted_premaster_secret) |
|
432 { |
|
433 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
434 |
|
435 eap_status_e status = m_encrypted_premaster_secret.set_copy_of_buffer(encrypted_premaster_secret); |
|
436 |
|
437 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
438 return EAP_STATUS_RETURN(m_am_tools, status); |
|
439 } |
|
440 |
|
441 EAP_FUNC_EXPORT const eap_variable_data_c * tls_handshake_message_c::get_encrypted_premaster_secret() const |
|
442 { |
|
443 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
444 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
445 return &m_encrypted_premaster_secret; |
|
446 } |
|
447 |
|
448 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_dhe_prime(const eap_variable_data_c * const dhe_prime) |
|
449 { |
|
450 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
451 |
|
452 eap_status_e status = m_dhe_prime.set_copy_of_buffer(dhe_prime); |
|
453 |
|
454 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
455 return EAP_STATUS_RETURN(m_am_tools, status); |
|
456 } |
|
457 |
|
458 EAP_FUNC_EXPORT const eap_variable_data_c * tls_handshake_message_c::get_dhe_prime() const |
|
459 { |
|
460 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
461 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
462 return &m_dhe_prime; |
|
463 } |
|
464 |
|
465 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_dhe_group_generator(const eap_variable_data_c * const dhe_group_generator) |
|
466 { |
|
467 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
468 |
|
469 eap_status_e status = m_dhe_group_generator.set_copy_of_buffer(dhe_group_generator); |
|
470 |
|
471 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
472 return EAP_STATUS_RETURN(m_am_tools, status); |
|
473 } |
|
474 |
|
475 EAP_FUNC_EXPORT const eap_variable_data_c * tls_handshake_message_c::get_dhe_group_generator() const |
|
476 { |
|
477 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
478 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
479 return &m_dhe_group_generator; |
|
480 } |
|
481 |
|
482 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_signed_message_hash(const eap_variable_data_c * const signed_message_hash) |
|
483 { |
|
484 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
485 |
|
486 eap_status_e status = m_signed_message_hash.set_copy_of_buffer(signed_message_hash); |
|
487 |
|
488 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
489 return EAP_STATUS_RETURN(m_am_tools, status); |
|
490 } |
|
491 |
|
492 EAP_FUNC_EXPORT const eap_variable_data_c * tls_handshake_message_c::get_signed_message_hash() const |
|
493 { |
|
494 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
495 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
496 return &m_signed_message_hash; |
|
497 } |
|
498 |
|
499 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::set_finished_data(const eap_variable_data_c * const finished_data) |
|
500 { |
|
501 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
502 |
|
503 eap_status_e status = m_finished_data.set_copy_of_buffer(finished_data); |
|
504 |
|
505 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
506 return EAP_STATUS_RETURN(m_am_tools, status); |
|
507 } |
|
508 |
|
509 EAP_FUNC_EXPORT const eap_variable_data_c * tls_handshake_message_c::get_finished_data() const |
|
510 { |
|
511 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
512 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
513 return &m_finished_data; |
|
514 } |
|
515 |
|
516 //-------------------------------------------------- |
|
517 |
|
518 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::u16_t_to_network_order( |
|
519 u16_t * const value, |
|
520 abs_eap_am_tools_c * const m_am_tools) |
|
521 { |
|
522 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
523 EAP_UNREFERENCED_PARAMETER(m_am_tools); |
|
524 |
|
525 *value = eap_htons(*value); |
|
526 |
|
527 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
528 } |
|
529 |
|
530 |
|
531 //-------------------------------------------------- |
|
532 |
|
533 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::create_message_data() |
|
534 { |
|
535 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
536 |
|
537 eap_status_e status = eap_status_ok; |
|
538 |
|
539 m_tls_handshake_message_buffer.reset(); |
|
540 status = m_tls_handshake_message_buffer.set_buffer_length(TLS_PEAP_DEFAULT_RECORD_LENGTH); |
|
541 if (status != eap_status_ok) |
|
542 { |
|
543 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
544 return EAP_STATUS_RETURN(m_am_tools, status); |
|
545 } |
|
546 |
|
547 const u32_t offset_of_tmp_tls_handshake_header = m_tls_handshake_message_buffer.get_data_length(); |
|
548 |
|
549 m_tls_handshake_message_buffer.set_data_length( |
|
550 m_tls_handshake_message_buffer.get_data_length() + tls_handshake_header_c::get_header_length()); |
|
551 |
|
552 tls_handshake_header_c tmp_tls_handshake_header_on_tls_message_buffer( |
|
553 m_am_tools, |
|
554 m_tls_handshake_message_buffer.get_data_offset( |
|
555 offset_of_tmp_tls_handshake_header, tls_handshake_header_c::get_header_length()), |
|
556 tls_handshake_header_c::get_header_length()); |
|
557 |
|
558 if (tmp_tls_handshake_header_on_tls_message_buffer.get_is_valid() == false) |
|
559 { |
|
560 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
561 return EAP_STATUS_RETURN(m_am_tools, eap_status_too_long_message); |
|
562 } |
|
563 |
|
564 tmp_tls_handshake_header_on_tls_message_buffer.reset_header(0ul); |
|
565 tmp_tls_handshake_header_on_tls_message_buffer.set_handshake_type(get_handshake_type()); |
|
566 |
|
567 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("\n"))); |
|
568 EAP_TRACE_DEBUG( |
|
569 m_am_tools, |
|
570 TRACE_FLAGS_DEFAULT, |
|
571 (EAPL("TLS: %s: data_function: tls_handshake_message_c::create_message_data(): %s\n"), |
|
572 (m_is_client == true ? "client": "server"), |
|
573 tmp_tls_handshake_header_on_tls_message_buffer.get_tls_handshake_string())); |
|
574 |
|
575 EAP_TRACE_DATA_DEBUG( |
|
576 m_am_tools, |
|
577 TRACE_FLAGS_DEFAULT, |
|
578 (EAPL("TLS-handshake tls_handshake_header"), |
|
579 tmp_tls_handshake_header_on_tls_message_buffer.get_header_buffer( |
|
580 tls_handshake_header_c::get_header_length()), |
|
581 tls_handshake_header_c::get_header_length())); |
|
582 |
|
583 const u32_t handshake_data_length_start = m_tls_handshake_message_buffer.get_data_length(); |
|
584 |
|
585 if (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_client_hello |
|
586 || tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_server_hello) |
|
587 { |
|
588 u16_t version = eap_htons(tls_version_3_1); |
|
589 |
|
590 status = m_tls_handshake_message_buffer.add_data( |
|
591 &version, |
|
592 sizeof(version)); |
|
593 if (status != eap_status_ok) |
|
594 { |
|
595 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
596 return EAP_STATUS_RETURN(m_am_tools, status); |
|
597 } |
|
598 |
|
599 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake version"), |
|
600 &version, |
|
601 sizeof(version))); |
|
602 } |
|
603 |
|
604 if (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_client_hello |
|
605 || tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_server_hello) |
|
606 { |
|
607 if (m_random_value.get_is_valid_data() == false) |
|
608 { |
|
609 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
610 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
611 } |
|
612 else |
|
613 { |
|
614 status = m_tls_handshake_message_buffer.add_data( |
|
615 m_random_value.get_data(m_random_value.get_data_length()), |
|
616 m_random_value.get_data_length()); |
|
617 if (status != eap_status_ok) |
|
618 { |
|
619 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
620 return EAP_STATUS_RETURN(m_am_tools, status); |
|
621 } |
|
622 |
|
623 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake random"), |
|
624 m_random_value.get_data(m_random_value.get_data_length()), |
|
625 m_random_value.get_data_length())); |
|
626 } |
|
627 } |
|
628 |
|
629 if (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_client_hello |
|
630 || tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_server_hello) |
|
631 { |
|
632 u8_t session_id_length = 0ul; |
|
633 |
|
634 if (m_session_id.get_is_valid_data() == true |
|
635 && m_session_id.get_data_length() > 0ul) |
|
636 { |
|
637 session_id_length = static_cast<u8_t>(m_session_id.get_data_length()); |
|
638 } |
|
639 |
|
640 status = m_tls_handshake_message_buffer.add_data( |
|
641 &session_id_length, |
|
642 sizeof(session_id_length)); |
|
643 if (status != eap_status_ok) |
|
644 { |
|
645 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
646 return EAP_STATUS_RETURN(m_am_tools, status); |
|
647 } |
|
648 |
|
649 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake session_id_length"), |
|
650 &session_id_length, |
|
651 sizeof(session_id_length))); |
|
652 |
|
653 if (m_session_id.get_is_valid_data() == true |
|
654 && m_session_id.get_data_length() > 0ul) |
|
655 { |
|
656 status = m_tls_handshake_message_buffer.add_data( |
|
657 m_session_id.get_data(m_session_id.get_data_length()), |
|
658 m_session_id.get_data_length()); |
|
659 if (status != eap_status_ok) |
|
660 { |
|
661 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
662 return EAP_STATUS_RETURN(m_am_tools, status); |
|
663 } |
|
664 |
|
665 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake session_id"), |
|
666 m_session_id.get_data(m_session_id.get_data_length()), |
|
667 m_session_id.get_data_length())); |
|
668 } |
|
669 } |
|
670 |
|
671 if (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_client_hello) |
|
672 { |
|
673 u16_t data_size = static_cast<u16_t>(m_cipher_suites.get_object_count() * sizeof(u16_t)); |
|
674 u16_t data_size_network_order = eap_htons(data_size); |
|
675 |
|
676 status = m_tls_handshake_message_buffer.add_data( |
|
677 &data_size_network_order, |
|
678 sizeof(data_size_network_order)); |
|
679 if (status != eap_status_ok) |
|
680 { |
|
681 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
682 return EAP_STATUS_RETURN(m_am_tools, status); |
|
683 } |
|
684 |
|
685 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake cipher_suite_length"), |
|
686 &data_size_network_order, |
|
687 sizeof(data_size_network_order))); |
|
688 |
|
689 if (m_cipher_suites.get_object_count() > 0ul) |
|
690 { |
|
691 // Copy cipher suites and change them to network order. |
|
692 eap_array_c<u16_t> * const tmp_cipher_suites = new eap_array_c<u16_t>(m_am_tools); |
|
693 |
|
694 eap_automatic_variable_c<eap_array_c<u16_t> > automatic_tmp_cipher_suites(m_am_tools, tmp_cipher_suites); |
|
695 |
|
696 if (tmp_cipher_suites == 0) |
|
697 { |
|
698 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
699 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
700 } |
|
701 |
|
702 status = copy_simple<u16_t>( |
|
703 &m_cipher_suites, |
|
704 tmp_cipher_suites, |
|
705 m_am_tools, |
|
706 false); |
|
707 if (status != eap_status_ok) |
|
708 { |
|
709 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
710 return EAP_STATUS_RETURN(m_am_tools, status); |
|
711 } |
|
712 |
|
713 status = for_each<u16_t>(tmp_cipher_suites, u16_t_to_network_order, m_am_tools, false); |
|
714 if (status != eap_status_ok) |
|
715 { |
|
716 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
717 return EAP_STATUS_RETURN(m_am_tools, status); |
|
718 } |
|
719 |
|
720 status = add_simple_data(tmp_cipher_suites, &m_tls_handshake_message_buffer, m_am_tools); |
|
721 if (status != eap_status_ok) |
|
722 { |
|
723 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
724 return EAP_STATUS_RETURN(m_am_tools, status); |
|
725 } |
|
726 } |
|
727 } |
|
728 |
|
729 if (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_server_hello) |
|
730 { |
|
731 u16_t selected_cipher_suite_network_order = eap_htons(static_cast<u8_t>(m_selected_cipher_suite)); |
|
732 |
|
733 status = m_tls_handshake_message_buffer.add_data( |
|
734 &selected_cipher_suite_network_order, |
|
735 sizeof(selected_cipher_suite_network_order)); |
|
736 if (status != eap_status_ok) |
|
737 { |
|
738 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
739 return EAP_STATUS_RETURN(m_am_tools, status); |
|
740 } |
|
741 |
|
742 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake selected_cipher_suite"), |
|
743 &selected_cipher_suite_network_order, |
|
744 sizeof(selected_cipher_suite_network_order))); |
|
745 |
|
746 u8_t selected_compression_method_network_order = static_cast<u8_t>(m_selected_compression_method); |
|
747 |
|
748 status = m_tls_handshake_message_buffer.add_data( |
|
749 &selected_compression_method_network_order, |
|
750 sizeof(selected_compression_method_network_order)); |
|
751 if (status != eap_status_ok) |
|
752 { |
|
753 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
754 return EAP_STATUS_RETURN(m_am_tools, status); |
|
755 } |
|
756 |
|
757 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake selected_compression_method"), |
|
758 &selected_compression_method_network_order, |
|
759 sizeof(selected_compression_method_network_order))); |
|
760 } |
|
761 |
|
762 if (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_client_hello) |
|
763 { |
|
764 u8_t data_size = static_cast<u8_t>(m_compression_methods.get_object_count() * sizeof(u8_t)); |
|
765 |
|
766 status = m_tls_handshake_message_buffer.add_data( |
|
767 &data_size, |
|
768 sizeof(data_size)); |
|
769 if (status != eap_status_ok) |
|
770 { |
|
771 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
772 return EAP_STATUS_RETURN(m_am_tools, status); |
|
773 } |
|
774 |
|
775 EAP_TRACE_DATA_DEBUG( |
|
776 m_am_tools, |
|
777 TRACE_FLAGS_DEFAULT, |
|
778 (EAPL("TLS-handshake compression_methods length"), |
|
779 &data_size, |
|
780 sizeof(data_size))); |
|
781 |
|
782 if (m_compression_methods.get_object_count() > 0ul) |
|
783 { |
|
784 status = add_simple_data(&m_compression_methods, &m_tls_handshake_message_buffer, m_am_tools); |
|
785 if (status != eap_status_ok) |
|
786 { |
|
787 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
788 return EAP_STATUS_RETURN(m_am_tools, status); |
|
789 } |
|
790 } |
|
791 } |
|
792 |
|
793 |
|
794 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
795 |
|
796 if (m_tls_extensions.get_object_count() > 0 |
|
797 && (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_client_hello |
|
798 || tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_server_hello)) |
|
799 { |
|
800 u32_t data_size(0ul); |
|
801 u32_t ind(0ul); |
|
802 |
|
803 for (ind = 0ul; ind < m_tls_extensions.get_object_count(); ++ind) |
|
804 { |
|
805 const tls_extension_c * const extension = m_tls_extensions.get_object(ind); |
|
806 if (extension == 0) |
|
807 { |
|
808 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
809 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
|
810 } |
|
811 |
|
812 // Session ticket is always empty in ServerHello message. |
|
813 const bool add_extension_data = |
|
814 ((extension->get_type() == tls_extension_type_session_ticket |
|
815 && tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_server_hello)) |
|
816 == false; |
|
817 |
|
818 // Extension list is formatted as: |
|
819 // 0 1 2 3 |
|
820 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
|
821 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
822 // | extension list length | |
|
823 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
824 // | extension 1 type | extension 1 data length | |
|
825 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
826 // | extension 1 data ... |
|
827 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
828 // | extension 2 type | extension 2 data length | |
|
829 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
830 // | extension 2 data ... |
|
831 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
832 |
|
833 data_size += 2 * sizeof(u16_t); |
|
834 |
|
835 if (add_extension_data == true) |
|
836 { |
|
837 data_size += extension->get_data_length(); |
|
838 } |
|
839 |
|
840 } // for() |
|
841 |
|
842 |
|
843 EAP_TRACE_DEBUG( |
|
844 m_am_tools, |
|
845 TRACE_FLAGS_DEFAULT, |
|
846 (EAPL("TLS-handshake extensions list length = %d\n"), |
|
847 data_size)); |
|
848 |
|
849 if (data_size > 0x0000ffff) |
|
850 { |
|
851 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
852 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
|
853 } |
|
854 |
|
855 u8_t data_size_array[2]; |
|
856 data_size_array[0] = static_cast<u8_t>((data_size & 0x0000ff00) >> 8); |
|
857 data_size_array[1] = static_cast<u8_t>(data_size & 0x000000ff); |
|
858 |
|
859 status = m_tls_handshake_message_buffer.add_data( |
|
860 &data_size_array, |
|
861 sizeof(data_size_array)); |
|
862 if (status != eap_status_ok) |
|
863 { |
|
864 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
865 return EAP_STATUS_RETURN(m_am_tools, status); |
|
866 } |
|
867 |
|
868 for (ind = 0ul; ind < m_tls_extensions.get_object_count(); ++ind) |
|
869 { |
|
870 const tls_extension_c * const extension = m_tls_extensions.get_object(ind); |
|
871 if (extension == 0) |
|
872 { |
|
873 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
874 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
|
875 } |
|
876 |
|
877 // Session ticket is always empty in ServerHello message. |
|
878 const bool add_extension_data = |
|
879 ((extension->get_type() == tls_extension_type_session_ticket |
|
880 && tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_server_hello)) |
|
881 == false; |
|
882 |
|
883 tls_extension_type_e type = extension->get_type(); |
|
884 u16_t network_order_type(eap_htons(type)); |
|
885 |
|
886 status = m_tls_handshake_message_buffer.add_data( |
|
887 &network_order_type, |
|
888 sizeof(network_order_type)); |
|
889 if (status != eap_status_ok) |
|
890 { |
|
891 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
892 return EAP_STATUS_RETURN(m_am_tools, status); |
|
893 } |
|
894 |
|
895 |
|
896 if (add_extension_data == true) |
|
897 { |
|
898 data_size = extension->get_data_length(); |
|
899 } |
|
900 else |
|
901 { |
|
902 data_size = 0ul; |
|
903 } |
|
904 |
|
905 data_size_array[0] = static_cast<u8_t>((data_size & 0x0000ff00) >> 8); |
|
906 data_size_array[1] = static_cast<u8_t>(data_size & 0x000000ff); |
|
907 |
|
908 status = m_tls_handshake_message_buffer.add_data( |
|
909 &data_size_array, |
|
910 sizeof(data_size_array)); |
|
911 if (status != eap_status_ok) |
|
912 { |
|
913 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
914 return EAP_STATUS_RETURN(m_am_tools, status); |
|
915 } |
|
916 |
|
917 EAP_TRACE_DEBUG( |
|
918 m_am_tools, |
|
919 TRACE_FLAGS_DEFAULT, |
|
920 (EAPL("TLS-handshake extension type = %s, length = %d\n"), |
|
921 extension->get_type_string(extension->get_type()), |
|
922 data_size)); |
|
923 |
|
924 if (add_extension_data == true) |
|
925 { |
|
926 EAP_TRACE_DATA_DEBUG( |
|
927 m_am_tools, |
|
928 TRACE_FLAGS_DEFAULT, |
|
929 (EAPL("TLS-handshake extension data"), |
|
930 extension->get_data(), |
|
931 extension->get_data_length())); |
|
932 |
|
933 status = m_tls_handshake_message_buffer.add_data( |
|
934 extension); |
|
935 if (status != eap_status_ok) |
|
936 { |
|
937 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
938 return EAP_STATUS_RETURN(m_am_tools, status); |
|
939 } |
|
940 } |
|
941 } // for() |
|
942 } |
|
943 |
|
944 #endif // #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
945 |
|
946 |
|
947 if (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_certificate) |
|
948 { |
|
949 u32_t data_size = 0ul; |
|
950 u32_t ind = 0ul; |
|
951 |
|
952 for (ind = 0ul; ind < m_certificate_chain.get_object_count(); ind++) |
|
953 { |
|
954 const eap_variable_data_c * const certificate = m_certificate_chain.get_object(ind); |
|
955 if (certificate == 0 |
|
956 || certificate->get_is_valid_data() == false) |
|
957 { |
|
958 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
959 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
|
960 } |
|
961 |
|
962 // Data size includes certificate length field and certificate data. |
|
963 data_size += (3ul + certificate->get_data_length()); |
|
964 } |
|
965 |
|
966 if (data_size > 0x00ffffff) |
|
967 { |
|
968 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
969 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
|
970 } |
|
971 |
|
972 u8_t data_size_array[3]; |
|
973 data_size_array[0] = static_cast<u8_t>((data_size & 0x00ff0000) >> 16); |
|
974 data_size_array[1] = static_cast<u8_t>((data_size & 0x0000ff00) >> 8); |
|
975 data_size_array[2] = static_cast<u8_t>(data_size & 0x000000ff); |
|
976 |
|
977 status = m_tls_handshake_message_buffer.add_data( |
|
978 data_size_array, |
|
979 sizeof(data_size_array)); |
|
980 if (status != eap_status_ok) |
|
981 { |
|
982 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
983 return EAP_STATUS_RETURN(m_am_tools, status); |
|
984 } |
|
985 |
|
986 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake certificate_chain length"), |
|
987 data_size_array, |
|
988 sizeof(data_size_array))); |
|
989 |
|
990 |
|
991 for (ind = 0ul; ind < m_certificate_chain.get_object_count(); ind++) |
|
992 { |
|
993 const eap_variable_data_c * const certificate = m_certificate_chain.get_object(ind); |
|
994 if (certificate == 0 |
|
995 || certificate->get_is_valid_data() == false) |
|
996 { |
|
997 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
998 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
|
999 } |
|
1000 |
|
1001 data_size = certificate->get_data_length(); |
|
1002 u8_t data_size_array[3]; |
|
1003 data_size_array[0] = static_cast<u8_t>((data_size & 0x00ff0000) >> 16); |
|
1004 data_size_array[1] = static_cast<u8_t>((data_size & 0x0000ff00) >> 8); |
|
1005 data_size_array[2] = static_cast<u8_t>(data_size & 0x000000ff); |
|
1006 |
|
1007 status = m_tls_handshake_message_buffer.add_data( |
|
1008 data_size_array, |
|
1009 sizeof(data_size_array)); |
|
1010 if (status != eap_status_ok) |
|
1011 { |
|
1012 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1013 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1014 } |
|
1015 |
|
1016 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake certificate length"), |
|
1017 data_size_array, |
|
1018 sizeof(data_size_array))); |
|
1019 |
|
1020 status = m_tls_handshake_message_buffer.add_data( |
|
1021 certificate->get_data(certificate->get_data_length()), |
|
1022 certificate->get_data_length()); |
|
1023 if (status != eap_status_ok) |
|
1024 { |
|
1025 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1026 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1027 } |
|
1028 |
|
1029 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake certificate"), |
|
1030 certificate->get_data(certificate->get_data_length()), |
|
1031 certificate->get_data_length())); |
|
1032 } |
|
1033 } |
|
1034 |
|
1035 |
|
1036 if (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_server_key_exchange) |
|
1037 { |
|
1038 if (m_dhe_prime.get_is_valid_data() == true) |
|
1039 { |
|
1040 u16_t dhe_prime_length_network_order = eap_htons(static_cast<u16_t>(m_dhe_prime.get_data_length())); |
|
1041 |
|
1042 status = m_tls_handshake_message_buffer.add_data( |
|
1043 &dhe_prime_length_network_order, |
|
1044 sizeof(dhe_prime_length_network_order)); |
|
1045 if (status != eap_status_ok) |
|
1046 { |
|
1047 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1048 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1049 } |
|
1050 |
|
1051 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake dhe_prime_length"), |
|
1052 &dhe_prime_length_network_order, |
|
1053 sizeof(dhe_prime_length_network_order))); |
|
1054 |
|
1055 status = m_tls_handshake_message_buffer.add_data( |
|
1056 m_dhe_prime.get_data(m_dhe_prime.get_data_length()), |
|
1057 m_dhe_prime.get_data_length()); |
|
1058 if (status != eap_status_ok) |
|
1059 { |
|
1060 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1061 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1062 } |
|
1063 |
|
1064 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake dhe_prime"), |
|
1065 m_dhe_prime.get_data(m_dhe_prime.get_data_length()), |
|
1066 m_dhe_prime.get_data_length())); |
|
1067 } |
|
1068 else if (m_dhe_group_generator.get_is_valid_data() == true |
|
1069 || m_public_dhe_key.get_is_valid_data() == true |
|
1070 || m_signed_message_hash.get_is_valid_data() == true) |
|
1071 { |
|
1072 // all parameters m_dhe_prime, m_dhe_group_generator and m_public_dhe_key are needed. |
|
1073 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1074 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_general_error); |
|
1075 } |
|
1076 |
|
1077 if (m_dhe_group_generator.get_is_valid_data() == true) |
|
1078 { |
|
1079 u16_t dhe_group_generator_length_network_order = eap_htons(static_cast<u16_t>(m_dhe_group_generator.get_data_length())); |
|
1080 |
|
1081 status = m_tls_handshake_message_buffer.add_data( |
|
1082 &dhe_group_generator_length_network_order, |
|
1083 sizeof(dhe_group_generator_length_network_order)); |
|
1084 if (status != eap_status_ok) |
|
1085 { |
|
1086 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1087 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1088 } |
|
1089 |
|
1090 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake dhe_group_generator_length"), |
|
1091 &dhe_group_generator_length_network_order, |
|
1092 sizeof(dhe_group_generator_length_network_order))); |
|
1093 |
|
1094 status = m_tls_handshake_message_buffer.add_data( |
|
1095 m_dhe_group_generator.get_data(m_dhe_group_generator.get_data_length()), |
|
1096 m_dhe_group_generator.get_data_length()); |
|
1097 if (status != eap_status_ok) |
|
1098 { |
|
1099 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1100 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1101 } |
|
1102 |
|
1103 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake dhe_group_generator"), |
|
1104 m_dhe_group_generator.get_data(m_dhe_group_generator.get_data_length()), |
|
1105 m_dhe_group_generator.get_data_length())); |
|
1106 } |
|
1107 else if (m_dhe_prime.get_is_valid_data() == true |
|
1108 || m_public_dhe_key.get_is_valid_data() == true |
|
1109 || m_signed_message_hash.get_is_valid_data() == true) |
|
1110 { |
|
1111 // all parameters m_dhe_prime, m_dhe_group_generator and m_public_dhe_key are needed. |
|
1112 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1113 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_general_error); |
|
1114 } |
|
1115 |
|
1116 if (m_public_dhe_key.get_is_valid_data() == true) |
|
1117 { |
|
1118 u16_t public_dhe_key_length_network_order = eap_htons(static_cast<u16_t>(m_public_dhe_key.get_data_length())); |
|
1119 |
|
1120 status = m_tls_handshake_message_buffer.add_data( |
|
1121 &public_dhe_key_length_network_order, |
|
1122 sizeof(public_dhe_key_length_network_order)); |
|
1123 if (status != eap_status_ok) |
|
1124 { |
|
1125 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1126 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1127 } |
|
1128 |
|
1129 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake public_dhe_key_length"), |
|
1130 &public_dhe_key_length_network_order, |
|
1131 sizeof(public_dhe_key_length_network_order))); |
|
1132 |
|
1133 status = m_tls_handshake_message_buffer.add_data( |
|
1134 m_public_dhe_key.get_data(m_public_dhe_key.get_data_length()), |
|
1135 m_public_dhe_key.get_data_length()); |
|
1136 if (status != eap_status_ok) |
|
1137 { |
|
1138 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1139 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1140 } |
|
1141 |
|
1142 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake public_dhe_key"), |
|
1143 m_public_dhe_key.get_data(m_public_dhe_key.get_data_length()), |
|
1144 m_public_dhe_key.get_data_length())); |
|
1145 } |
|
1146 else if (m_dhe_prime.get_is_valid_data() == true |
|
1147 || m_dhe_group_generator.get_is_valid_data() == true |
|
1148 || m_signed_message_hash.get_is_valid_data() == true) |
|
1149 { |
|
1150 // all parameters m_dhe_prime, m_dhe_group_generator and m_public_dhe_key are needed. |
|
1151 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1152 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_general_error); |
|
1153 } |
|
1154 |
|
1155 if (m_signed_message_hash.get_is_valid_data() == true) |
|
1156 { |
|
1157 if (m_signed_message_hash.get_data_length() == 0) |
|
1158 { |
|
1159 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1160 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
|
1161 } |
|
1162 |
|
1163 status = m_tls_handshake_message_buffer.add_data( |
|
1164 m_signed_message_hash.get_data(m_signed_message_hash.get_data_length()), |
|
1165 m_signed_message_hash.get_data_length()); |
|
1166 if (status != eap_status_ok) |
|
1167 { |
|
1168 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1169 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1170 } |
|
1171 |
|
1172 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake signed_message_hash"), |
|
1173 m_signed_message_hash.get_data(m_signed_message_hash.get_data_length()), |
|
1174 m_signed_message_hash.get_data_length())); |
|
1175 } |
|
1176 } |
|
1177 |
|
1178 |
|
1179 if (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_client_key_exchange) |
|
1180 { |
|
1181 if (m_encrypted_premaster_secret.get_is_valid_data() == true) |
|
1182 { |
|
1183 u16_t length_of_encrypted_premaster_secret_network_order |
|
1184 = eap_htons(static_cast<u16_t>(m_encrypted_premaster_secret.get_data_length())); |
|
1185 |
|
1186 status = m_tls_handshake_message_buffer.add_data( |
|
1187 &length_of_encrypted_premaster_secret_network_order, |
|
1188 sizeof(length_of_encrypted_premaster_secret_network_order)); |
|
1189 if (status != eap_status_ok) |
|
1190 { |
|
1191 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1192 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1193 } |
|
1194 |
|
1195 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake encrypted premaster_secret"), |
|
1196 &length_of_encrypted_premaster_secret_network_order, |
|
1197 sizeof(length_of_encrypted_premaster_secret_network_order))); |
|
1198 |
|
1199 status = m_tls_handshake_message_buffer.add_data( |
|
1200 m_encrypted_premaster_secret.get_data(m_encrypted_premaster_secret.get_data_length()), |
|
1201 m_encrypted_premaster_secret.get_data_length()); |
|
1202 if (status != eap_status_ok) |
|
1203 { |
|
1204 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1205 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1206 } |
|
1207 |
|
1208 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake encrypted premaster_secret"), |
|
1209 m_encrypted_premaster_secret.get_data(m_encrypted_premaster_secret.get_data_length()), |
|
1210 m_encrypted_premaster_secret.get_data_length())); |
|
1211 } |
|
1212 else if (m_encrypted_premaster_secret.get_is_valid_data() == false |
|
1213 && m_public_dhe_key.get_is_valid_data() == false) |
|
1214 { |
|
1215 // Either parameters m_encrypted_premaster_secret or m_public_dhe_key is needed. |
|
1216 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1217 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_general_error); |
|
1218 } |
|
1219 |
|
1220 if (m_public_dhe_key.get_is_valid_data() == true) |
|
1221 { |
|
1222 u16_t length_of_public_dhe_key_length_network_order = eap_htons(static_cast<u16_t>(m_public_dhe_key.get_data_length())); |
|
1223 |
|
1224 status = m_tls_handshake_message_buffer.add_data( |
|
1225 &length_of_public_dhe_key_length_network_order, |
|
1226 sizeof(length_of_public_dhe_key_length_network_order)); |
|
1227 if (status != eap_status_ok) |
|
1228 { |
|
1229 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1230 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1231 } |
|
1232 |
|
1233 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake public_dhe_key_length"), |
|
1234 &length_of_public_dhe_key_length_network_order, |
|
1235 sizeof(length_of_public_dhe_key_length_network_order))); |
|
1236 |
|
1237 status = m_tls_handshake_message_buffer.add_data( |
|
1238 m_public_dhe_key.get_data(m_public_dhe_key.get_data_length()), |
|
1239 m_public_dhe_key.get_data_length()); |
|
1240 if (status != eap_status_ok) |
|
1241 { |
|
1242 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1243 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1244 } |
|
1245 |
|
1246 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake public_dhe_key"), |
|
1247 m_public_dhe_key.get_data(m_public_dhe_key.get_data_length()), |
|
1248 m_public_dhe_key.get_data_length())); |
|
1249 } |
|
1250 else if (m_encrypted_premaster_secret.get_is_valid_data() == false |
|
1251 && m_public_dhe_key.get_is_valid_data() == false) |
|
1252 { |
|
1253 // Either parameters m_encrypted_premaster_secret or m_public_dhe_key is needed. |
|
1254 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1255 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_general_error); |
|
1256 } |
|
1257 } |
|
1258 |
|
1259 |
|
1260 if (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_certificate_request) |
|
1261 { |
|
1262 u32_t data_size = m_certificate_types.get_object_count() * sizeof(u8_t); |
|
1263 |
|
1264 if (data_size > 0x000000ff) |
|
1265 { |
|
1266 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1267 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
|
1268 } |
|
1269 |
|
1270 u8_t data_size_u8_t = static_cast<u8_t>(data_size & 0x000000ff); |
|
1271 |
|
1272 status = m_tls_handshake_message_buffer.add_data( |
|
1273 &data_size_u8_t, |
|
1274 sizeof(data_size_u8_t)); |
|
1275 if (status != eap_status_ok) |
|
1276 { |
|
1277 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1278 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1279 } |
|
1280 |
|
1281 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake certificate_types length"), |
|
1282 &data_size_u8_t, |
|
1283 sizeof(data_size_u8_t))); |
|
1284 |
|
1285 if (data_size_u8_t > 0ul) |
|
1286 { |
|
1287 status = add_simple_data(&m_certificate_types, &m_tls_handshake_message_buffer, m_am_tools); |
|
1288 if (status != eap_status_ok) |
|
1289 { |
|
1290 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1291 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1292 } |
|
1293 } |
|
1294 } |
|
1295 |
|
1296 if (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_certificate_request) |
|
1297 { |
|
1298 u32_t data_size = 0ul; |
|
1299 u32_t ind = 0ul; |
|
1300 |
|
1301 for (ind = 0ul; ind < m_certificate_authorities.get_object_count(); ind++) |
|
1302 { |
|
1303 const eap_variable_data_c * const certificate_authority = m_certificate_authorities.get_object(ind); |
|
1304 if (certificate_authority == 0 |
|
1305 || certificate_authority->get_is_valid_data() == false) |
|
1306 { |
|
1307 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1308 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
|
1309 } |
|
1310 data_size += certificate_authority->get_data_length(); |
|
1311 } |
|
1312 |
|
1313 if (data_size > 0x0000ffff) |
|
1314 { |
|
1315 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1316 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
|
1317 } |
|
1318 |
|
1319 u8_t data_size_array[2]; |
|
1320 data_size_array[0] = static_cast<u8_t>((data_size & 0x0000ff00) >> 8); |
|
1321 data_size_array[1] = static_cast<u8_t>(data_size & 0x000000ff); |
|
1322 |
|
1323 status = m_tls_handshake_message_buffer.add_data( |
|
1324 data_size_array, |
|
1325 sizeof(data_size_array)); |
|
1326 if (status != eap_status_ok) |
|
1327 { |
|
1328 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1329 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1330 } |
|
1331 |
|
1332 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake certificate_authorities length"), |
|
1333 data_size_array, |
|
1334 sizeof(data_size_array))); |
|
1335 |
|
1336 |
|
1337 for (ind = 0ul; ind < m_certificate_authorities.get_object_count(); ind++) |
|
1338 { |
|
1339 const eap_variable_data_c * const certificate_authority = m_certificate_authorities.get_object(ind); |
|
1340 if (certificate_authority == 0 |
|
1341 || certificate_authority->get_is_valid_data() == false) |
|
1342 { |
|
1343 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1344 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
|
1345 } |
|
1346 |
|
1347 data_size = certificate_authority->get_data_length(); |
|
1348 u8_t data_size_array[2]; |
|
1349 data_size_array[0] = static_cast<u8_t>((data_size & 0x0000ff00) >> 8); |
|
1350 data_size_array[1] = static_cast<u8_t>(data_size & 0x000000ff); |
|
1351 |
|
1352 status = m_tls_handshake_message_buffer.add_data( |
|
1353 data_size_array, |
|
1354 sizeof(data_size_array)); |
|
1355 if (status != eap_status_ok) |
|
1356 { |
|
1357 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1358 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1359 } |
|
1360 |
|
1361 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake certificate_authority length"), |
|
1362 data_size_array, |
|
1363 sizeof(data_size_array))); |
|
1364 |
|
1365 status = m_tls_handshake_message_buffer.add_data( |
|
1366 certificate_authority->get_data(certificate_authority->get_data_length()), |
|
1367 certificate_authority->get_data_length()); |
|
1368 if (status != eap_status_ok) |
|
1369 { |
|
1370 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1371 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1372 } |
|
1373 |
|
1374 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake certificate_authority"), |
|
1375 certificate_authority->get_data(certificate_authority->get_data_length()), |
|
1376 certificate_authority->get_data_length())); |
|
1377 } |
|
1378 } |
|
1379 |
|
1380 if (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_certificate_verify) |
|
1381 { |
|
1382 u16_t length_of_certificate_verify_network_order = eap_htons(static_cast<u16_t>(m_signed_message_hash.get_data_length())); |
|
1383 |
|
1384 status = m_tls_handshake_message_buffer.add_data( |
|
1385 &length_of_certificate_verify_network_order, |
|
1386 sizeof(length_of_certificate_verify_network_order)); |
|
1387 if (status != eap_status_ok) |
|
1388 { |
|
1389 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1390 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1391 } |
|
1392 |
|
1393 EAP_TRACE_DATA_DEBUG( |
|
1394 m_am_tools, |
|
1395 TRACE_FLAGS_DEFAULT, |
|
1396 (EAPL("TLS-handshake certificate_verify"), |
|
1397 &length_of_certificate_verify_network_order, |
|
1398 sizeof(length_of_certificate_verify_network_order))); |
|
1399 |
|
1400 status = m_tls_handshake_message_buffer.add_data( |
|
1401 m_signed_message_hash.get_data(m_signed_message_hash.get_data_length()), |
|
1402 m_signed_message_hash.get_data_length()); |
|
1403 if (status != eap_status_ok) |
|
1404 { |
|
1405 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1406 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1407 } |
|
1408 |
|
1409 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake signed_message_hash"), |
|
1410 m_signed_message_hash.get_data(m_signed_message_hash.get_data_length()), |
|
1411 m_signed_message_hash.get_data_length())); |
|
1412 |
|
1413 } |
|
1414 |
|
1415 if (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_finished) |
|
1416 { |
|
1417 eap_variable_data_c signed_message_hash(m_am_tools); |
|
1418 |
|
1419 status = m_message_hash->message_hash_save_finished(m_is_client); |
|
1420 if (status != eap_status_ok) |
|
1421 { |
|
1422 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1423 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1424 } |
|
1425 |
|
1426 status = m_message_hash->message_hash_create_finished(m_is_client, &signed_message_hash); |
|
1427 if (status != eap_status_ok) |
|
1428 { |
|
1429 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1430 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1431 } |
|
1432 |
|
1433 status = m_tls_handshake_message_buffer.add_data( |
|
1434 signed_message_hash.get_data(signed_message_hash.get_data_length()), |
|
1435 signed_message_hash.get_data_length()); |
|
1436 if (status != eap_status_ok) |
|
1437 { |
|
1438 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1439 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1440 } |
|
1441 |
|
1442 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("TLS-handshake signed_message_hash"), |
|
1443 signed_message_hash.get_data(signed_message_hash.get_data_length()), |
|
1444 signed_message_hash.get_data_length())); |
|
1445 |
|
1446 } |
|
1447 |
|
1448 |
|
1449 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
1450 |
|
1451 if (m_tls_extensions.get_object_count() > 0 |
|
1452 && tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type() == tls_handshake_type_new_session_ticket) |
|
1453 { |
|
1454 const tls_extension_c * const p_new_session_ticket = tls_extension_c::get_tls_extension( |
|
1455 tls_extension_type_session_ticket, |
|
1456 &m_tls_extensions, |
|
1457 m_am_tools); |
|
1458 |
|
1459 if (p_new_session_ticket != 0) |
|
1460 { |
|
1461 u32_t ticket_lifetime_hint_network_order = eap_htonl(p_new_session_ticket->get_lifetime_hint()); |
|
1462 |
|
1463 status = m_tls_handshake_message_buffer.add_data( |
|
1464 &ticket_lifetime_hint_network_order, |
|
1465 sizeof(ticket_lifetime_hint_network_order)); |
|
1466 if (status != eap_status_ok) |
|
1467 { |
|
1468 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1469 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1470 } |
|
1471 |
|
1472 u32_t length_of_opaque_ticket = p_new_session_ticket->get_data_length(); |
|
1473 u16_t length_of_opaque_ticket_network_order = eap_htons(static_cast<u16_t>(length_of_opaque_ticket)); |
|
1474 |
|
1475 status = m_tls_handshake_message_buffer.add_data( |
|
1476 &length_of_opaque_ticket_network_order, |
|
1477 sizeof(length_of_opaque_ticket_network_order)); |
|
1478 if (status != eap_status_ok) |
|
1479 { |
|
1480 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1481 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1482 } |
|
1483 |
|
1484 if (length_of_opaque_ticket > 0ul) |
|
1485 { |
|
1486 status = m_tls_handshake_message_buffer.add_data( |
|
1487 p_new_session_ticket); |
|
1488 if (status != eap_status_ok) |
|
1489 { |
|
1490 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1491 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1492 } |
|
1493 } |
|
1494 } |
|
1495 } |
|
1496 |
|
1497 #endif // #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
1498 |
|
1499 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
1500 |
|
1501 if (status == eap_status_ok) |
|
1502 { |
|
1503 u32_t handshake_data_length = m_tls_handshake_message_buffer.get_data_length() - handshake_data_length_start; |
|
1504 |
|
1505 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("handshake length %d bytes.\n"), |
|
1506 handshake_data_length)); |
|
1507 |
|
1508 if (handshake_data_length <= 0x00ffffff) |
|
1509 { |
|
1510 // NOTE the address of tmp_tls_handshake_header_on_tls_message_buffer must be queried again. |
|
1511 // The whole buffer might be allocated from other address. |
|
1512 tmp_tls_handshake_header_on_tls_message_buffer.set_header_buffer( |
|
1513 m_tls_handshake_message_buffer.get_data_offset( |
|
1514 offset_of_tmp_tls_handshake_header, |
|
1515 tls_handshake_header_c::get_header_length()+handshake_data_length), |
|
1516 tls_handshake_header_c::get_header_length()+handshake_data_length); |
|
1517 if (tmp_tls_handshake_header_on_tls_message_buffer.get_is_valid() == false) |
|
1518 { |
|
1519 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1520 return EAP_STATUS_RETURN(m_am_tools, eap_status_too_long_message); |
|
1521 } |
|
1522 tmp_tls_handshake_header_on_tls_message_buffer.set_data_length(handshake_data_length); |
|
1523 |
|
1524 |
|
1525 switch (tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type()) |
|
1526 { |
|
1527 case tls_handshake_type_hello_request: |
|
1528 // This message is NOT included to TLS-message hash. |
|
1529 break; |
|
1530 case tls_handshake_type_client_hello: |
|
1531 case tls_handshake_type_server_hello: |
|
1532 case tls_handshake_type_certificate: |
|
1533 case tls_handshake_type_server_key_exchange: |
|
1534 case tls_handshake_type_certificate_request: |
|
1535 case tls_handshake_type_server_hello_done: |
|
1536 case tls_handshake_type_certificate_verify: |
|
1537 case tls_handshake_type_client_key_exchange: |
|
1538 case tls_handshake_type_finished: |
|
1539 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
1540 case tls_handshake_type_new_session_ticket: |
|
1541 #endif // #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
1542 { |
|
1543 status = m_message_hash->message_hash_update( |
|
1544 false, |
|
1545 tmp_tls_handshake_header_on_tls_message_buffer.get_handshake_type(), |
|
1546 tmp_tls_handshake_header_on_tls_message_buffer.get_header_buffer( |
|
1547 tmp_tls_handshake_header_on_tls_message_buffer.get_header_length() |
|
1548 + tmp_tls_handshake_header_on_tls_message_buffer.get_data_length()), |
|
1549 tmp_tls_handshake_header_on_tls_message_buffer.get_header_length() |
|
1550 + tmp_tls_handshake_header_on_tls_message_buffer.get_data_length()); |
|
1551 if (status != eap_status_ok) |
|
1552 { |
|
1553 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1554 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1555 } |
|
1556 break; |
|
1557 } |
|
1558 default: |
|
1559 return EAP_STATUS_RETURN(m_am_tools, eap_status_not_supported); |
|
1560 } // switch() |
|
1561 } |
|
1562 } |
|
1563 |
|
1564 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1565 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1566 } |
|
1567 |
|
1568 //-------------------------------------------------- |
|
1569 |
|
1570 EAP_FUNC_EXPORT eap_status_e tls_handshake_message_c::add_message_data( |
|
1571 eap_variable_data_c * const tls_message_buffer) |
|
1572 { |
|
1573 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1574 |
|
1575 EAP_TRACE_DEBUG( |
|
1576 m_am_tools, |
|
1577 TRACE_FLAGS_DEFAULT, |
|
1578 (EAPL("\n"))); |
|
1579 EAP_TRACE_DEBUG( |
|
1580 m_am_tools, |
|
1581 TRACE_FLAGS_DEFAULT, |
|
1582 (EAPL("TLS: %s: data_function: tls_handshake_message_c::add_message_data(): %s\n"), |
|
1583 (m_is_client == true ? "client": "server"), |
|
1584 tls_handshake_header_c::get_tls_handshake_string(get_handshake_type()))); |
|
1585 |
|
1586 eap_status_e status = eap_status_ok; |
|
1587 |
|
1588 if (m_tls_handshake_message_buffer.get_is_valid_data() == false) |
|
1589 { |
|
1590 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1591 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
|
1592 } |
|
1593 |
|
1594 status = tls_message_buffer->add_data( |
|
1595 m_tls_handshake_message_buffer.get_data(m_tls_handshake_message_buffer.get_data_length()), |
|
1596 m_tls_handshake_message_buffer.get_data_length()); |
|
1597 if (status != eap_status_ok) |
|
1598 { |
|
1599 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1600 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1601 } |
|
1602 |
|
1603 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1604 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1605 } |
|
1606 |
|
1607 //-------------------------------------------------- |
|
1608 |
|
1609 |
|
1610 |
|
1611 // End. |