mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-18 14:42:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Split parts of ssl_parse_client_key_exchange() into separate functions

Browse Source 
Made ssl_parse_client_dh_public(), ssl_parse_cient_ecdh_public() and
ssl_parse_encrypted_pms_secret() in preparation for PSK-related code
This commit is contained in:
Paul Bakker 2013-04-17 17:19:09 +02:00
parent d4a56ec6bf
commit 70df2fbaa5
1 changed files with 167 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
library/ssl_srv.c
View File

@ -1382,38 +1382,13 @@ static int ssl_write_server_hello_done( ssl_context *ssl )
return( 0 );
}
static int ssl_parse_client_key_exchange( ssl_context *ssl )
static int ssl_parse_client_dh_public( ssl_context *ssl )
{
int ret;
size_t i, n = 0;
#if defined(POLARSSL_DHM_C) || defined(POLARSSL_ECDH_C)
const ssl_ciphersuite_t *ciphersuite_info;
ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
#endif
SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
if( ( ret = ssl_read_record( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_read_record", ret );
return( ret );
}
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
if( ssl->in_msg[0] != SSL_HS_CLIENT_KEY_EXCHANGE )
{
SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_DHM_C)
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA )
{
size_t n;
/*
* Receive G^Y mod P, premaster = (G^Y)^X mod P
*/
@ -1446,12 +1421,18 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
}
SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
#endif /* POLARSSL_DHM_C */
return( ret );
}
else
#endif
#if defined(POLARSSL_ECDH_C)
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA )
static int ssl_parse_client_ecdh_public( ssl_context *ssl )
{
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_ECDH_C)
size_t n;
/*
* Receive client public key and calculate premaster
*/
@ -1483,10 +1464,16 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
}
SSL_DEBUG_MPI( 3, "ECDH: z ", &ssl->handshake->ecdh_ctx.z );
#endif /* POLARSSL_ECDH_C */
return( ret );
}
else
#endif
static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
{
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
size_t i, n = 0;
if( ssl->rsa_key == NULL )
{
SSL_DEBUG_MSG( 1, ( "got no private key" ) );
@ -1545,6 +1532,60 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
if( ret != 0 )
return( ret );
}
return( ret );
}
static int ssl_parse_client_key_exchange( ssl_context *ssl )
{
int ret;
const ssl_ciphersuite_t *ciphersuite_info;
ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
if( ( ret = ssl_read_record( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_read_record", ret );
return( ret );
}
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
if( ssl->in_msg[0] != SSL_HS_CLIENT_KEY_EXCHANGE )
{
SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA )
{
if( ( ret = ssl_parse_client_dh_public( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret );
return( ret );
}
}
else if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA )
{
if( ( ret = ssl_parse_client_ecdh_public( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, ( "ssl_parse_client_ecdh_public" ), ret );
return( ret );
}
}
else
{
if( ( ret = ssl_parse_encrypted_pms_secret( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, ( "ssl_parse_client_ecdh_public" ), ret );
return( ret );
}
}
if( ( ret = ssl_derive_keys( ssl ) ) != 0 )