开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > 通讯/手机编程 > 手机WAP编程 > 查看源码
wtls_statesupport.c
资源名称:gateway-1.2.1 [点击查看]
上传用户:gzpyjq
上传日期:2013-01-31
资源大小:1852k
文件大小:29k
源码类别:

手机WAP编程

开发平台:

WINDOWS

wtls_statesupport.c:源码内容
  1. /* 
  2.  * wtls_statesupport.c
  3.  * 
  4.  * 2001  Nick Clarey, Yann Muller for 3G LAB
  5.  */
  7. #include "gwlib/gwlib.h"
  9. #if (HAVE_WTLS_OPENSSL)
  11. #include <openssl/x509.h>
  12. #ifndef NO_RC5
  13. #include <openssl/rc5.h>
  14. #else
  15. #error "your OpenSSL installation lacks RC5 algorithm support"
  16. #endif
  18. #include "wtls_statesupport.h"
  20. #define BLOCKLENGTH 64
  21. #define INNERPAD 0x36
  22. #define OUTERPAD 0x5C
  24. extern X509* x509_cert;
  25. extern RSA* private_key;
  26. extern KeyExchangeSuite client_key_exchange_algo;
  27. extern PublicKeyAlgorithm public_key_algo;
  28. extern SignatureAlgorithm signature_algo;
  30. Octstr* wtls_hmac_hash(Octstr* key, Octstr* data, WTLSMachine* wtls_machine);
  31. Octstr* wtls_hash(Octstr* inputData, WTLSMachine* wtls_machine);
  32. Octstr* wtls_encrypt_rc5(Octstr* data, WTLSMachine* wtls_machine);
  33. Octstr* wtls_decrypt_rc5(Octstr* encryptedData, WTLSMachine* wtls_machine);
  36. /* Add here the supported KeyExchangeSuites 
  37.    used by wtls_choose_clientkeyid */
  38. KeyExchangeSuite supportedKeyExSuite[] = { rsa_anon };
  40. Octstr* wtls_decrypt(Octstr* buffer, WTLSMachine* wtls_machine)
  41. {
  42.         return wtls_decrypt_rc5(buffer,wtls_machine);
  43. }
  45. /* This function will convert our buffer into a completed GenericBlockCipher */
  46. Octstr* wtls_encrypt(Octstr* buffer, WTLSMachine* wtls_machine, int recordType)
  47. {
  48.         Octstr* bufferCopy;
  49.         Octstr* encryptedContent;
  50.         Octstr* contentMac;
  51.         Octstr* padding;
  52.         Octstr* tempData;
  54.         unsigned char* tempPadding;
  55.         
  56.         int paddingLength, contentLength, macSize, blockLength,
  57.                 sequenceNumber, bufferLength;
  58.         int i;
  60.         /* Copy our buffer */
  61.         bufferCopy = octstr_duplicate(buffer);
  62.         
  63.         /* Get the MAC of the content */
  64.         sequenceNumber = wtls_machine->server_seq_num;
  65.         bufferLength  = octstr_len(buffer);
  67.         /* Copy the buffer in preparation for MAC calculation */
  68.         tempData = octstr_create("");
  69.         pack_int16(tempData, 0, sequenceNumber);
  70.         octstr_append_char(tempData, recordType);
  71.         pack_int16(tempData, octstr_len(tempData), bufferLength);        
  72.         octstr_append(tempData, buffer);
  74.         /* Calculate the MAC */
  75.         contentMac = wtls_hmac_hash(wtls_machine->server_write_MAC_secret, tempData ,wtls_machine);
  77.         /* Calculate the padding length */
  78.         contentLength = octstr_len(bufferCopy);
  79.         macSize = hash_table[wtls_machine->mac_algorithm].mac_size;
  80.         blockLength = bulk_table[wtls_machine->bulk_cipher_algorithm].block_size;
  82.         paddingLength = (contentLength + macSize + 1) % (blockLength);
  84.         /* Append the MAC to the bufferCopy */
  85.         octstr_append(bufferCopy,contentMac);
  86.         
  87.         if (paddingLength > 0) {
  88.                 /* Pad with the paddingLength itself paddingLength times. Confused yet? */
  89.                 tempPadding = gw_malloc(paddingLength);
  90.                 for (i=0;i < paddingLength; i++) {
  91.                         /* You're probably really spaced out around now...
  92.                            see section 9.2.3.3 for more details... */
  93.                         tempPadding[i] = paddingLength;
  94.                 }
  95.                 octstr_append_data(bufferCopy, tempPadding, paddingLength);
  96.         }
  97.         /* Add the length byte */
  98.         octstr_append_char(bufferCopy, paddingLength);                
  100.         /* Encrypt the content */
  101.         encryptedContent =  wtls_encrypt_rc5(bufferCopy,wtls_machine);
  103.         return encryptedContent;
  104. }
  106. /* P_hash as described in WAP WTLS section 11.3.2 */
  107. Octstr* wtls_P_hash(Octstr* secret, Octstr* seed, int byteLength, WTLSMachine* wtls_machine)
  108. {
  109. Octstr *a;
  110. Octstr *aPrev;
  111. Octstr *aPlusSeed;
  112. Octstr *hashTemp;
  113. Octstr *hashedData;
  115. hashedData = octstr_create("");
  117. /* start with A(1) = HMAC_hash(secret, seed) */
  118. aPrev = octstr_duplicate(seed);
  119. do {
  120. /* A(i) */
  121. a = wtls_hmac_hash(secret, aPrev, wtls_machine);
  122. aPlusSeed = octstr_cat(a, seed);
  123. /* HMAC */
  124. hashTemp = wtls_hmac_hash(secret, aPlusSeed, wtls_machine);
  125. octstr_append(hashedData, hashTemp);
  126. octstr_destroy(hashTemp);
  127. /* Update a(i-1) */
  128. octstr_destroy(aPrev);
  129. aPrev = a;
  130. } while(octstr_len(hashedData) < byteLength);
  132. gw_free(aPlusSeed);
  134. return hashedData;
  135. }
  137. /* Pseudo Random Function (PRF) as described in WAP WTLS section 11.3.2 */
  138. Octstr* wtls_calculate_prf(Octstr* secret, Octstr* label,
  139.                            Octstr* seed, int byteLength, WTLSMachine* wtls_machine)
  140. {
  141.         Octstr* returnOctstr;
  142.      Octstr *labelPlusSeed;
  144.      /* Create label + seed */
  145. labelPlusSeed = octstr_cat(label, seed);
  147. /* PRF(secret, label, seed) = P_hash(secret, label + seed) */
  148. returnOctstr = wtls_P_hash(secret, labelPlusSeed, byteLength, wtls_machine);
  150.      /* Return the first nbytes of the hashed data */
  151. octstr_truncate(returnOctstr, byteLength);
  152.  
  153.      gw_free(labelPlusSeed);
  154.      return returnOctstr;
  156. }
  158. /* MAC calculation */
  159. Octstr* wtls_hmac_hash(Octstr* key, Octstr* data, WTLSMachine* wtls_machine)
  160. {
  161.     static unsigned char final_mac[1024];
  162.     unsigned char *mac, *buffer, *keyString;
  163. int mac_len, bufferlen, keylen;
  164. Octstr *returnOctstr;
  166. buffer = octstr_get_cstr(data);
  167. bufferlen = octstr_len(data);
  168.     keyString = octstr_get_cstr(key);
  169. keylen = octstr_len(key);
  171. mac = final_mac;
  173.     switch (wtls_machine->mac_algorithm) {
  174. case SHA_0:
  175. /* no keyed MAC is calculated */
  176. /* So what do we return ? */
  177. break;
  178. case SHA_40:
  179. case SHA_80:
  180. case SHA_NOLIMIT:
  181.      HMAC(EVP_sha1(), keyString, keylen,
  182.  buffer, bufferlen,
  183.           mac, &mac_len);
  184. break;
  185. case SHA_XOR_40:
  186. // dunno yet
  187. break;
  188. case MD5_40:
  189. case MD5_80:
  190. case MD5_NOLIMIT:
  191.      HMAC(EVP_md5(), keyString, keylen,
  192.  buffer, bufferlen,
  193.           mac, &mac_len);
  194. break;
  195. }
  197.     returnOctstr = octstr_create_from_data(mac, mac_len);
  198. }
  201. /* Not to be confused with octstr_hash, this applies the currently set hashing
  202.    algorithm from wtls_machine to the supplied input data, returning a hashed
  203.    Octstr. If it fails, it will return a NULL pointer */
  204. Octstr* wtls_hash(Octstr* inputData, WTLSMachine* wtls_machine)
  205. {
  206.         int inputDataLength;
  207.         int outputDataLength;
  208.         unsigned char* outputDataTemp;
  209.         unsigned char* inputDataTemp;
  210.         unsigned char* tempPointer;
  211.         Octstr* outputData;
  213.         inputDataLength = octstr_len(inputData);
  214.         outputDataLength = hash_table[wtls_machine->mac_algorithm].key_size;
  215.         inputDataTemp = gw_malloc(inputDataLength);
  216.         outputDataTemp = gw_malloc(outputDataLength);
  218.         /* Copy the contents of inputData into inputDataTemp, ready for hashing */
  219.         tempPointer = octstr_get_cstr(inputData);
  220.         memcpy((void*) inputDataTemp, (void*)tempPointer, inputDataLength);
  221.         
  222.         /* Hash away! */
  223.         // Here's where we need to hash on the selected algorithm, not just the SHA-1 algorithm
  224. //debug("wtls", 0, "mac algo %d", wtls_machine->mac_algorithm);
  225.         switch (wtls_machine->mac_algorithm) {
  226. case SHA_0:
  227. /* no keyed MAC is calculated */
  228. // So what do we return ?
  229. break;
  230. case SHA_40:
  231. case SHA_80:
  232. case SHA_NOLIMIT:
  233. tempPointer = SHA1(inputDataTemp, inputDataLength, outputDataTemp);
  234. break;
  235. case SHA_XOR_40:
  236. // dunno yet
  237. break;
  238. case MD5_40:
  239. case MD5_80:
  240. case MD5_NOLIMIT:
  241. tempPointer = MD5(inputDataTemp, inputDataLength, outputDataTemp);
  242. break;
  243. }
  244.         if (tempPointer == NULL){
  245.                 /* Pop out an error */
  246.         }
  248.         /* Get our output data setup */
  249.         outputData = octstr_create_from_data(outputDataTemp,outputDataLength);
  250.         
  251. /* some algorithms don't use the full length of H */
  252.         octstr_truncate(outputData, hash_table[wtls_machine->mac_algorithm].mac_size);
  254.         /* Delete our allocated memory */
  255.         gw_free(outputDataTemp);
  256.         gw_free(inputDataTemp);
  257.         outputDataTemp = NULL;
  258.         inputDataTemp = NULL;
  259.         
  260.         /* Return the outputData */
  261.         return outputData;
  262. }
  264. Octstr* wtls_decrypt_rc5(Octstr* data, WTLSMachine* wtls_machine)
  265. {
  266.         Octstr* encryptedData;
  267.         Octstr* decryptedData;
  268.         Octstr* duplicatedIv;
  269.         unsigned char* output;
  270.         unsigned char* input;
  271.         unsigned char* iv;
  272.         unsigned char* keyData;
  273.         int keyLen;
  274.         int ivLen;
  275.         int dataLen;
  276.         
  277.         RC5_32_KEY* key = NULL;
  278.         ivLen = bulk_table[wtls_machine->bulk_cipher_algorithm].iv_size;
  279.         duplicatedIv = octstr_duplicate(wtls_machine->client_write_IV);
  280.         iv = octstr_get_cstr(duplicatedIv);
  282.         keyLen = bulk_table[wtls_machine->bulk_cipher_algorithm].key_material;
  283.         keyData = octstr_get_cstr(wtls_machine->client_write_enc_key);
  285.         dataLen = octstr_len(data);
  286.         input = octstr_get_cstr(data);
  287.         
  288.         key = gw_malloc (sizeof(RC5_32_KEY));
  289.         
  290.         /* Key generation */
  291.         RC5_32_set_key(key, keyLen, keyData,  RC5_16_ROUNDS);
  292.         
  293.         /* Malloc our output */
  294.         output = gw_malloc (dataLen);
  295.         
  296.         /* Encrypt the string */
  297.          debug("wtls_statesupport",0,"About to decrypt: dataLen = %d, iv = %x", dataLen, iv);
  298.          octstr_dump(data,0);
  299.          RC5_32_cbc_encrypt(input, output, dataLen, key, iv, RC5_DECRYPT);
  300.          debug("wtls_statesupport",0,"Decrypted");
  301.          decryptedData = octstr_create_from_data(output, dataLen);
  302.          octstr_dump(decryptedData,0);         
  304.          /* Encrypt it just to test */
  305.          gw_free(output);
  306.          output = NULL;
  307.          output = gw_malloc (dataLen);
  308.          
  309.           /* Ensure that we preserve the iv */
  310.          octstr_destroy(duplicatedIv);
  311.          duplicatedIv = octstr_duplicate(wtls_machine->client_write_IV);
  312.          iv = octstr_get_cstr(duplicatedIv);
  314.          octstr_get_many_chars(iv, wtls_machine->client_write_IV,0,ivLen);         
  315.          input = octstr_get_cstr(decryptedData);
  316.         
  317.          RC5_32_cbc_encrypt(input, output, dataLen, key, iv, RC5_ENCRYPT);
  318.          encryptedData = octstr_create_from_data(output, dataLen);
  319.          
  320.          gw_free(output);
  321.          output = NULL;
  322.          octstr_destroy(duplicatedIv);
  323.          return decryptedData;
  324. }
  326. Octstr* wtls_encrypt_rc5(Octstr* data, WTLSMachine* wtls_machine)
  327. {
  328.         Octstr* encryptedData;
  329.         Octstr* decryptedData;
  330.         Octstr* duplicatedIv;
  331.         unsigned char* output;
  332.         unsigned char* input;
  333.         unsigned char* iv;
  334.         unsigned char* keyData;
  335.         int keyLen;
  336.         int ivLen;
  337.         int dataLen;
  338.         
  339.         RC5_32_KEY* key = NULL;
  340.         ivLen = bulk_table[wtls_machine->bulk_cipher_algorithm].iv_size;
  341.         duplicatedIv = octstr_duplicate(wtls_machine->server_write_IV);
  342.         iv = octstr_get_cstr(duplicatedIv);
  344.         keyLen = bulk_table[wtls_machine->bulk_cipher_algorithm].key_material;
  345.         keyData = octstr_get_cstr(wtls_machine->server_write_enc_key);
  347.         dataLen = octstr_len(data);
  348.         input = octstr_get_cstr(data);
  349.         
  350.         key = gw_malloc (sizeof(RC5_32_KEY));
  351.         
  352.         /* Key generation */
  353.         debug("wtls_statesupport",0,"Key generation");
  354.         RC5_32_set_key(key, keyLen, keyData,  RC5_16_ROUNDS);
  355.         
  356.         /* Malloc our output */
  357.         output = gw_malloc (dataLen);
  358.         
  359.         /* Encrypt the string */
  360.          RC5_32_cbc_encrypt(input, output, dataLen, key, iv, RC5_ENCRYPT);
  361.          encryptedData = octstr_create_from_data(output, dataLen);
  363.          /* Decrypt it just to test */
  364.          gw_free(output);
  365.          output = NULL;
  366.          output = gw_malloc (dataLen);
  367.          
  368.           /* Ensure that we preserve the iv */
  369.          octstr_destroy(duplicatedIv);
  370.          duplicatedIv = octstr_duplicate(wtls_machine->server_write_IV);
  371.          iv = octstr_get_cstr(duplicatedIv);
  373.          octstr_get_many_chars(iv, wtls_machine->server_write_IV,0,ivLen);         
  374.          input = octstr_get_cstr(encryptedData);
  375.         
  376.          RC5_32_cbc_encrypt(input, output, dataLen, key, iv, RC5_DECRYPT);
  377.          decryptedData = octstr_create_from_data(output, dataLen);
  379.          gw_free(output);
  380.          output = NULL;
  381.          octstr_destroy(duplicatedIv);
  382.          return encryptedData;
  383. }
  385. Octstr* wtls_decrypt_rsa(Octstr* encryptedData)
  386. {
  387.         int numBytesWritten=0,numBytesToRead=0;
  388.         Octstr *decryptedData=0;
  389.         unsigned char* tempDecryptionBuffer=0;
  390.         char* tempEncryptionPointer=0;
  391.         
  392.         /* Allocate some memory for our decryption buffer */
  393.         tempDecryptionBuffer = gw_malloc(RSA_size(private_key));
  395.         /* Calculate the number of bytes to read from encryptedData when decrypting */
  396.         numBytesToRead = octstr_len(encryptedData);
  398.         /* Don't write to this pointer. Ever ever ever. */
  399.         tempEncryptionPointer = octstr_get_cstr(encryptedData);
  400.         
  401.         /* Decrypt the data in encryptedData */
  402.         numBytesWritten = RSA_private_decrypt(numBytesToRead, tempEncryptionPointer,
  403.                                               tempDecryptionBuffer, private_key, RSA_PKCS1_PADDING);
  405. if(numBytesWritten == -1) {
  406. tempEncryptionPointer += 2;
  407. numBytesToRead -= 2;
  408.         numBytesWritten = RSA_private_decrypt(numBytesToRead, tempEncryptionPointer,
  409.                                               tempDecryptionBuffer, private_key, RSA_PKCS1_PADDING);
  410. }
  411.  
  412.         /* Move the tempDecryptionBuffer to an Octstr */
  413.         decryptedData = octstr_create_from_data(tempDecryptionBuffer,numBytesWritten);
  415.         /* Deallocate the tempDecryptionBuffer */
  416.         gw_free(tempDecryptionBuffer);
  417.         tempDecryptionBuffer = NULL;
  419. debug("wtls",0, "Decrypted secret");
  420. octstr_dump(   decryptedData, 0);
  421.      
  422.         /* Return the decrypted data */
  423.         return decryptedData;
  424. }
  426. void wtls_decrypt_pdu_list(WTLSMachine *wtls_machine, List *pdu_list)
  427. {
  428. int i, listlen;
  429.     Octstr* decryptedData = NULL;
  430. wtls_Payload *payload;
  432. listlen = list_len(pdu_list);
  433. for( i=0; i<listlen; i++) {
  434. payload = (wtls_Payload *)list_get(pdu_list, i);
  436. if(payload->cipher) {
  437. debug("wtls", 0, "Decrypting PDU %d", i);
  438.             decryptedData = wtls_decrypt(payload->data, wtls_machine);
  439. /* replace the data */
  440. octstr_destroy(payload->data);
  441. payload->data = decryptedData;
  442. }
  443. else {
  444. debug("wtls", 0, "PDU %d is not encrypted.", i);
  445. }
  446. }
  447. }
  450. RSAPublicKey* wtls_get_rsapublickey(void)
  451. {
  452.         RSA* rsaStructure=0;
  453.         EVP_PKEY* publicKey=0;
  454.         BIGNUM *modulus=0,*exponent=0;
  455.         unsigned char* tempModulusStorage=0,*tempExponentStorage=0;
  456.         int numbytes=0;
  457.         RSAPublicKey* returnStructure=0;
  458.         Octstr *octstrModulus=0, *octstrExponent=0;
  459.         
  460.         /* First, we need to extract the RSA structure from the X509 Cert */
  461.         /* Get the EVP_PKEY structure from the X509 cert */
  462.         publicKey = X509_PUBKEY_get(x509_cert->cert_info->key);
  463.         
  464.         /* Take said EVP_PKEY structure and get the RSA component */
  465.         if (EVP_PKEY_type(publicKey->type) != EVP_PKEY_RSA)
  466.         {
  467.                 return NULL;
  468.         }
  469.         else
  470.         {
  471.                 rsaStructure = publicKey->pkey.rsa;
  472.         }
  473.         
  474.         /* Then we need to grab the exponent component from the cert */
  475.         exponent = rsaStructure->e;
  476.         
  477.         /* We need to allocate sufficient memory to hold the exponent */
  478.         numbytes = BN_num_bytes(exponent);
  479.         tempExponentStorage = gw_malloc(numbytes);
  480.         
  481.         /* Then we get the exponent */
  482.         numbytes = BN_bn2bin(exponent, tempExponentStorage);
  483.         
  484.         /* And finally we convert the exponent to an Octstr */
  485.         octstrExponent = octstr_create_from_data(tempExponentStorage,numbytes);
  487.         /* Then we need to grab the modulus component from the cert */
  488.         modulus = rsaStructure->n;
  489.         
  490.         /* We need to allocate sufficient memory to hold the modulus */
  491.         numbytes = BN_num_bytes(modulus);
  492.         tempModulusStorage = gw_malloc(numbytes);
  493.         
  494.         /* Then we get the modulus */
  495.         numbytes = BN_bn2bin(modulus, tempModulusStorage);
  496.         
  497.         /* And finally we convert the modulus to an Octstr */
  498.         octstrModulus = octstr_create_from_data(tempModulusStorage,numbytes);
  500.         /* Put the components into our return structure */
  501.         returnStructure = gw_malloc(sizeof(RSAPublicKey));
  502.         returnStructure->rsa_exponent = octstrExponent;
  503.         returnStructure->rsa_modulus = octstrModulus;
  504.         
  505.         /* And deallocate the memory allocated for holding the modulus */
  506.         gw_free(tempModulusStorage);
  507.         gw_free(tempExponentStorage);
  508.         tempModulusStorage = NULL;
  509.         tempExponentStorage = NULL;
  510.         
  511.         return returnStructure;
  512. }
  514. Octstr* wtls_get_certificate(void)
  515. {
  516.         unsigned char** pp;
  517.         unsigned char* ppStart;
  518.         int amountWritten = 1260;
  519.         Octstr* returnOctstr;
  520.         
  521.         debug("wtls_get_certificate",0,"x509_cert : %x", x509_cert);
  522.         /* Convert the x509 certificate to DER-encoding */
  523.         amountWritten =i2d_X509(x509_cert, NULL);
  524.         debug("wtls_get_certificate",0,"amountWritten : %d", amountWritten);
  526.         /* Allocate some memory for *pp */
  527.         pp = (unsigned char**) gw_malloc(sizeof(unsigned char**));
  528.         
  529.         /* Allocate the memory and call the same function again?!!?
  530.            What an original idea :-/ */
  531.         ppStart = (unsigned char *) gw_malloc (sizeof(unsigned char)*amountWritten);
  532.         debug("wtls_get_certificate",0,"x509_cert_DER_pre : %x", *pp);
  533.         *pp = ppStart;
  534.         amountWritten =i2d_X509(x509_cert, pp);
  536.         /* And we do this, because otherwise *pp is pointing to the end of the buffer. Yay */
  537.         *pp = ppStart;
  538.         debug("wtls_get_certificate",0,"x509_cert_DER_post : %x", *pp);
  539.         
  540.         /* Convert the DER-encoded char string to an octstr */
  541.         returnOctstr = octstr_create_from_data(*pp,amountWritten);
  543.         /* Destroy the memory allocated temporarily above */
  544.         gw_free(*pp);
  545.         *pp = NULL;
  546.         
  547.         /* Destroy the memory allocated for pp as well */
  548.         gw_free(pp);
  549.         pp = NULL;
  550.         
  551.         /* Return the octstr */
  552.         return returnOctstr;
  553. }
  555. /* Chooses a CipherSuite from the list provided by the client.
  556.    Returns NULL if none is acceptable. */
  557. CipherSuite* wtls_choose_ciphersuite(List* ciphersuites) {
  558.         CipherSuite* returnSuite = NULL;
  559.         CipherSuite* currentCS = NULL;
  560. int i = 0;
  561.         int listLen;
  563. listLen = list_len(ciphersuites);
  565.         //returnSuite = gw_malloc(sizeof(CipherSuite));
  567. /* the first CS in the list */
  568. do {
  569. /* the next CS in the list */
  570. currentCS = list_get(ciphersuites, i);
  571. /* Check if we support this BulkCipher */
  572. if(currentCS->bulk_cipher_algo >= RC5_CBC_40 &&
  573.    currentCS->bulk_cipher_algo <= IDEA_CBC) {
  575. /* Check if we support this MAC algsorithm */
  576. if(currentCS->mac_algo >= SHA_0 &&
  577.    currentCS->mac_algo <= MD5_NOLIMIT) {
  578. /* We can use this CipherSuite then */
  579. returnSuite = currentCS;
  580. }
  581. }
  582. i++;
  583. } while(returnSuite == NULL && i < listLen);
  585.         return returnSuite;
  586. }
  588. int isSupportedKeyEx(int keyExId) {
  589. int maxSupported;
  590. int i;
  591. int retCode = 0;
  593. maxSupported = sizeof(supportedKeyExSuite) / sizeof(KeyExchangeSuite);
  595. for(i = 0; i<maxSupported; i++) {
  596. if(keyExId == supportedKeyExSuite[i]) {
  597. retCode = 1;
  598. }
  599. }
  600. return retCode;
  601. }
  603. int wtls_choose_clientkeyid(List* clientKeyIds) {
  604. int returnKey = 0;
  605. KeyExchangeId *currentKeyId = NULL;
  606. int i = 0;
  607. int listLen;
  609. listLen = list_len(clientKeyIds);
  610. debug("wtls", 0, "listLen = %d", listLen);
  612. do {
  613. currentKeyId = list_get(clientKeyIds, i);
  614. debug("wtls", 0, "Key %d", i);
  615. dump_key_exchange_id("wtls", 0, currentKeyId);
  617. /* check if the current key suite is supported */
  618. if(isSupportedKeyEx(currentKeyId->key_exchange_suite)) {
  619. returnKey = i+1;
  620. }
  621. i++;
  623. } while(returnKey == 0 && i < listLen);
  625.         return returnKey;
  626. }
  628. int wtls_choose_snmode(int snmode)
  629. {
  630.         return 2;
  631. }
  633. int wtls_choose_krefresh(int krefresh)
  634. {
  635.         return 2;
  636. }
  638. Random* wtls_get_random(void)
  639. {
  640.         Random* randomData;
  641.         randomData = gw_malloc(sizeof(Random));
  642.         randomData->gmt_unix_time = 0x0000;
  644.         /* Yeah, I know, it's not very random */
  645.         randomData->random_bytes = octstr_create("000000000000");
  646.         return randomData;
  647. }
  650. int clienthellos_are_identical (List* pdu_list, List* last_received_packet)
  651. {
  652.         return 0;
  653. }
  655. int certifcateverifys_are_identical (List* pdu_list, List* last_received_packet)
  656. {
  657.         return 0;
  658. }
  659. int certificates_are_identical (List* pdu_list, List* last_received_packet)
  660. {
  661.         return 0;
  662. }
  663. int clientkeyexchanges_are_identical (List* pdu_list, List* last_received_packet)
  664. {
  665.         return 0;
  666. }
  667. int changecipherspecs_are_identical (List* pdu_list, List* last_received_packet)
  668. {
  669.         return 0;
  670. }
  671. int finisheds_are_indentical (List* pdu_list, List* last_received_packet)
  672. {
  673.         return 0;
  674. }
  676. int packet_contains_changecipherspec (List* pdu_list)
  677. {
  678.         return 0;
  679. }
  681. int packet_contains_finished (List* pdu_list)
  682. {
  683.         return 0;
  684. }
  686. int packet_contains_optional_stuff (List* pdu_list)
  687. {
  688.         return 0;
  689. }
  691. int packet_contains_userdata (List* pdu_list)
  692. {
  693. /* FIXME: need to check if it is really Userdata !! */
  694.         return 1;
  695. }
  697. int packet_contains_clienthello (List* pdu_list)
  698. {
  699.         return 0;
  700. }
  702. int is_critical_alert (List* pdu_list)
  703. {
  704.         return 0;
  705. }
  707. int is_warning_alert (List* pdu_list)
  708. {
  709.         return 0;
  710. }
  713. /* go through the list of wtls_Payloads and add the data of any 
  714.    handshake message to wtls_machine->handshake_data */
  715. void add_all_handshake_data(WTLSMachine *wtls_machine, List *pdu_list)
  716. {
  717. long i, listlen;
  718. wtls_Payload *payload;
  720. gw_assert(pdu_list != NULL);
  722. listlen = list_len(pdu_list);
  723. debug("wtls", 0,"adding handshake data from %d PDU(s)", listlen);
  724. for(i=0; i<listlen; i++) {
  725. payload = (wtls_Payload *)list_get(pdu_list, i);
  726. if(payload->type == Handshake_PDU) {
  727.             octstr_insert(wtls_machine->handshake_data, payload->data,
  728.                           octstr_len(wtls_machine->handshake_data));
  729. debug("wtls", 0, "Data from PDU %d:", i);
  730. octstr_dump(payload->data, 2);
  731. }
  732. }
  733. }
  735. void calculate_server_key_block(WTLSMachine *wtls_machine)
  736. {
  737.     Octstr* concatenatedRandoms=0;
  738.     Octstr* labelMaster=0;
  739.     Octstr* key_block;
  740.     Octstr* final_server_write_enc_key = NULL;
  741.     Octstr* final_server_write_IV = NULL;
  742.     Octstr* emptySecret = NULL;
  744.     /* Concatenate our random data */
  745.     concatenatedRandoms = octstr_create("");
  746.     pack_int16(concatenatedRandoms, 0, wtls_machine->server_seq_num);
  747.     octstr_append(concatenatedRandoms, wtls_machine->server_random);
  748.     octstr_append(concatenatedRandoms, wtls_machine->client_random);
  750.     /* Calculate the key_block */
  751.     labelMaster = octstr_create("server expansion");
  752.     key_block = wtls_calculate_prf(wtls_machine->master_secret, labelMaster,
  753.                                    concatenatedRandoms,
  754.                                    hash_table[wtls_machine->mac_algorithm].key_size
  755.                                    + bulk_table[wtls_machine->bulk_cipher_algorithm].key_material
  756.                                    + bulk_table[wtls_machine->bulk_cipher_algorithm].iv_size,
  757.                                    wtls_machine );
  759.     octstr_destroy(labelMaster);
  760.     labelMaster = NULL;
  761.     octstr_destroy(concatenatedRandoms);
  762.     concatenatedRandoms = NULL;
  764.     /* Break the key_block in its 3 parts */
  765.     wtls_machine->server_write_MAC_secret = octstr_copy(key_block, 0, hash_table[wtls_machine->mac_algorithm].key_size);
  766.     octstr_delete(key_block, 0, hash_table[wtls_machine->mac_algorithm].key_size);
  767.     wtls_machine->server_write_enc_key = octstr_copy(key_block, 0, bulk_table[wtls_machine->bulk_cipher_algorithm].key_material);
  768.     octstr_delete(key_block, 0, bulk_table[wtls_machine->bulk_cipher_algorithm].key_material);
  769.     wtls_machine->server_write_IV = octstr_copy(key_block, 0, bulk_table[wtls_machine->bulk_cipher_algorithm].iv_size);
  771.     /* Additional calculations for exportable encryption algos */
  772.     if(bulk_table[wtls_machine->bulk_cipher_algorithm].is_exportable == EXPORTABLE) {
  773.         concatenatedRandoms = octstr_cat(wtls_machine->client_random, wtls_machine->server_random);
  774.         labelMaster = octstr_create("server write key");
  775.         final_server_write_enc_key = wtls_calculate_prf(wtls_machine->server_write_enc_key, labelMaster,
  776.                                                 concatenatedRandoms,
  777.                                                 bulk_table[wtls_machine->bulk_cipher_algorithm].key_material,
  778.                                                 wtls_machine);
  779.         octstr_destroy(labelMaster);
  780.         labelMaster = NULL;
  781.         octstr_destroy(concatenatedRandoms);
  782.         concatenatedRandoms = NULL;
  784.         octstr_destroy(wtls_machine->server_write_enc_key);
  785.         wtls_machine->server_write_enc_key = final_server_write_enc_key;
  786.         final_server_write_enc_key = NULL;
  788.         concatenatedRandoms = octstr_create("");
  789.         octstr_append_char(concatenatedRandoms, wtls_machine->server_seq_num);
  790.         octstr_append(concatenatedRandoms, wtls_machine->client_random);
  791.         octstr_append(concatenatedRandoms, wtls_machine->server_random);
  793.         emptySecret = octstr_create("");
  794.         final_server_write_IV = wtls_calculate_prf(emptySecret, labelMaster,
  795.                                 concatenatedRandoms,
  796.                                 bulk_table[wtls_machine->bulk_cipher_algorithm].iv_size,
  797.                                 wtls_machine);
  798.         octstr_destroy(labelMaster);
  799.         labelMaster = NULL;
  800.         octstr_destroy(concatenatedRandoms);
  801.         concatenatedRandoms = NULL;
  802.     }
  803. }
  805. void calculate_client_key_block(WTLSMachine *wtls_machine) {
  806.     Octstr* concatenatedRandoms=0;
  807.     Octstr* key_block;
  808.     Octstr* final_client_write_enc_key = NULL;
  809.     Octstr* final_client_write_IV = NULL;
  810.     Octstr* emptySecret = NULL;
  811.     Octstr* labelMaster=0;
  813.     /* Concatenate our random data */
  814.     concatenatedRandoms = octstr_create("");
  815.     pack_int16(concatenatedRandoms, 0,wtls_machine->client_seq_num);
  816.     octstr_append(concatenatedRandoms, wtls_machine->server_random);
  817.     octstr_append(concatenatedRandoms, wtls_machine->client_random);
  819.     /* Calculate the key_block */
  820.     labelMaster = octstr_create("client expansion");
  821.     key_block = wtls_calculate_prf(wtls_machine->master_secret, labelMaster,
  822.                                  concatenatedRandoms,
  823.                                  hash_table[wtls_machine->mac_algorithm].key_size
  824.                                  + bulk_table[wtls_machine->bulk_cipher_algorithm].key_material
  825.                                  + bulk_table[wtls_machine->bulk_cipher_algorithm].iv_size,
  826.                                  wtls_machine );
  829.     octstr_destroy(labelMaster);
  830.     labelMaster = NULL;
  831.     octstr_destroy(concatenatedRandoms);
  832.     concatenatedRandoms = NULL;
  834.     /* Break the key_block in its 3 parts */
  835.     wtls_machine->client_write_MAC_secret = octstr_copy(key_block, 0, hash_table[wtls_machine->mac_algorithm].key_size);
  836.     octstr_delete(key_block, 0, hash_table[wtls_machine->mac_algorithm].key_size);
  837.     wtls_machine->client_write_enc_key = octstr_copy(key_block, 0, bulk_table[wtls_machine->bulk_cipher_algorithm].key_material);
  838.     octstr_delete(key_block, 0, bulk_table[wtls_machine->bulk_cipher_algorithm].key_material);
  839.     wtls_machine->client_write_IV = octstr_copy(key_block, 0, bulk_table[wtls_machine->bulk_cipher_algorithm].iv_size);
  841.     /* Additional calculations for exportable encryption algos */
  842.     if(bulk_table[wtls_machine->bulk_cipher_algorithm].is_exportable == EXPORTABLE) {
  843.         concatenatedRandoms = octstr_cat(wtls_machine->client_random, wtls_machine->server_random);
  844.         labelMaster = octstr_create("client write key");
  845.         final_client_write_enc_key = wtls_calculate_prf(wtls_machine->client_write_enc_key, labelMaster,
  846.                                          concatenatedRandoms,
  847.                                          bulk_table[wtls_machine->bulk_cipher_algorithm].key_material,
  848.                                          wtls_machine);
  849.         octstr_destroy(labelMaster);
  850.         labelMaster = NULL;
  852.         octstr_destroy(wtls_machine->client_write_enc_key);
  853.         wtls_machine->client_write_enc_key = final_client_write_enc_key;
  854.         final_client_write_enc_key = NULL;
  856.         octstr_destroy(labelMaster);
  857.         labelMaster = NULL;
  858.         octstr_destroy(concatenatedRandoms);
  859.         concatenatedRandoms = NULL;
  861.         emptySecret = octstr_create("");
  862.         final_client_write_IV = wtls_calculate_prf(emptySecret, labelMaster,
  863.                                 concatenatedRandoms,
  864.                                 bulk_table[wtls_machine->bulk_cipher_algorithm].iv_size,
  865.                                 wtls_machine);
  866.         octstr_destroy(labelMaster);
  867.         labelMaster = NULL;
  868.         octstr_destroy(concatenatedRandoms);
  869.                         concatenatedRandoms = NULL;
  870.     }
  871. }
  873. #endif