📄 hdskkyex.c
字号:
memcpy(ctx->dhPeerPublic.data, publicVal, ctx->dhPeerPublic.length);
if (message.length != 6 + totalLength)
return ERR(SSLProtocolErr);
params.exponentBits = 8 * ctx->dhPeerPublic.length - 1;
if ((rsaErr = B_CreateAlgorithmObject(&ctx->peerDHParams)) != 0)
return SSLUnknownErr;
if ((rsaErr = B_SetAlgorithmInfo(ctx->peerDHParams, AI_DHKeyAgree, (POINTER)¶ms)) != 0)
return SSLUnknownErr;
if ((rsaErr = B_KeyAgreeInit(ctx->peerDHParams, (B_KEY_OBJ) 0, chooser, NO_SURR)) != 0)
return SSLUnknownErr;
}
#endif
return SSLNoErr;
}
SSLErr
SSLProcessKeyExchange(SSLBuffer keyExchange, SSLContext *ctx)
{ SSLErr err;
switch (ctx->selectedCipherSpec->keyExchangeMethod)
{ case SSL_RSA:
case SSL_RSA_EXPORT:
if (ERR(err = SSLDecodeRSAKeyExchange(keyExchange, ctx)) != 0)
return err;
break;
case SSL_DH_anon:
if (ERR(err = SSLDecodeDHanonKeyExchange(keyExchange, ctx)) != 0)
return err;
break;
default:
return ERR(SSLUnsupportedErr);
}
return SSLNoErr;
}
static SSLErr
SSLDecodeRSAKeyExchange(SSLBuffer keyExchange, SSLContext *ctx)
{ SSLErr err;
SSLBuffer result;
unsigned int outputLen, localKeyModulusLen;
SSLRSAPrivateKey *key;
SSLProtocolVersion version;
if (ctx->selectedCipherSpec->keyExchangeMethod == SSL_RSA_EXPORT)
key = &ctx->exportKey;
else
key = &ctx->localKey;
result.data = 0;
#if RSAREF
localKeyModulusLen = (key->bits + 7)/8;
#elif BSAFE
{ A_RSA_KEY *keyInfo;
int rsaResult;
if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, *key, KI_RSAPublic)) != 0)
return SSLUnknownErr;
localKeyModulusLen = keyInfo->modulus.len;
}
#endif /* RSAREF / BSAFE */
if (keyExchange.length != localKeyModulusLen)
return ERR(SSLProtocolErr);
#if RSAREF
if (ERR(err = SSLAllocBuffer(&result, localKeyModulusLen, &ctx->sysCtx)) != 0)
return err;
if ((RSAPrivateDecrypt(result.data, &outputLen, keyExchange.data, keyExchange.length, key)) != 0)
{ ERR(err = SSLUnknownErr);
goto fail;
}
#elif BSAFE
{ B_ALGORITHM_OBJ rsa;
B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_DECRYPT, &AM_RSA_CRT_DECRYPT, 0 };
int rsaResult;
unsigned int decryptLen;
/* Allocate room for the premaster secret; BSAFE makes sure we don't decode too much data */
if (ERR(err = SSLAllocBuffer(&result, 48, &ctx->sysCtx)) != 0)
return err;
if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0)
return SSLUnknownErr;
if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPrivate, 0)) != 0)
return SSLUnknownErr;
if ((rsaResult = B_DecryptInit(rsa, ctx->localKey, chooser, NO_SURR)) != 0)
return SSLUnknownErr;
if ((rsaResult = B_DecryptUpdate(rsa, result.data, &decryptLen, 48,
keyExchange.data, keyExchange.length, 0, NO_SURR)) != 0)
return SSLUnknownErr;
outputLen = decryptLen;
if ((rsaResult = B_DecryptFinal(rsa, result.data+outputLen,
&decryptLen, 48-outputLen, 0, NO_SURR)) != 0)
return SSLUnknownErr;
outputLen += decryptLen;
B_DestroyAlgorithmObject(&rsa);
}
#endif
if (outputLen != 48)
{ ERR(err = SSLProtocolErr);
goto fail;
}
result.length = outputLen;
version = (SSLProtocolVersion)SSLDecodeInt(result.data, 2);
/* Modify this check to check against our maximum version with protocol revisions */
if (version > ctx->protocolVersion && version < SSL_Version_3_0)
{ ERR(err = SSLProtocolErr);
goto fail;
}
if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret, 48, &ctx->sysCtx)) != 0)
goto fail;
memcpy(ctx->preMasterSecret.data, result.data, 48);
err = SSLNoErr;
fail:
ERR(SSLFreeBuffer(&result, &ctx->sysCtx));
return err;
}
static SSLErr
SSLDecodeDHanonKeyExchange(SSLBuffer keyExchange, SSLContext *ctx)
{ SSLErr err;
unsigned int publicLen;
int rsaResult;
publicLen = SSLDecodeInt(keyExchange.data, 2);
#if RSAREF
if (keyExchange.length != publicLen + 2 ||
publicLen != ctx->dhAnonParams.primeLen)
return ERR(SSLProtocolErr);
if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret, ctx->dhAnonParams.primeLen, &ctx->sysCtx)) != 0)
return err;
if ((rsaResult = R_ComputeDHAgreedKey (ctx->preMasterSecret.data, ctx->dhPeerPublic.data,
ctx->dhPrivate.data, ctx->dhPrivate.length, &ctx->dhAnonParams)) != 0)
{ err = SSLUnknownErr;
return err;
}
#elif BSAFE
{ unsigned int amount;
if (keyExchange.length != publicLen + 2)
return ERR(SSLProtocolErr);
if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret, 128, &ctx->sysCtx)) != 0)
return err;
if ((rsaResult = B_KeyAgreePhase2(ctx->dhAnonParams, ctx->preMasterSecret.data,
&amount, 128, keyExchange.data+2, publicLen, NO_SURR)) != 0)
return err;
ctx->preMasterSecret.length = amount;
}
#endif
return SSLNoErr;
}
SSLErr
SSLEncodeKeyExchange(SSLRecord *keyExchange, SSLContext *ctx)
{ SSLErr err;
ASSERT(ctx->protocolSide == SSL_ClientSide);
switch (ctx->selectedCipherSpec->keyExchangeMethod)
{ case SSL_RSA:
case SSL_RSA_EXPORT:
if (ERR(err = SSLEncodeRSAKeyExchange(keyExchange, ctx)) != 0)
return err;
break;
case SSL_DH_anon:
if (ERR(err = SSLEncodeDHanonKeyExchange(keyExchange, ctx)) != 0)
return err;
break;
default:
return ERR(SSLUnsupportedErr);
}
return SSLNoErr;
}
static SSLErr
SSLEncodeRSAKeyExchange(SSLRecord *keyExchange, SSLContext *ctx)
{ SSLErr err;
unsigned int outputLen, peerKeyModulusLen;
SSLRandomCtx rsaRandom;
int rsaResult;
if (ERR(err = SSLEncodeRSAPremasterSecret(ctx)) != 0)
return err;
if (ERR(err = ReadyRandom(&rsaRandom, ctx)) != 0)
return err;
keyExchange->contentType = SSL_handshake;
keyExchange->protocolVersion = SSL_Version_3_0;
#if RSAREF
peerKeyModulusLen = (ctx->peerKey.bits + 7)/8;
#elif BSAFE
{ A_RSA_KEY *keyInfo;
if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, ctx->peerKey, KI_RSAPublic)) != 0)
return SSLUnknownErr;
peerKeyModulusLen = keyInfo->modulus.len;
}
#endif /* RSAREF / BSAFE */
if (ERR(err = SSLAllocBuffer(&keyExchange->contents,peerKeyModulusLen + 4,&ctx->sysCtx)) != 0)
{
#if RSAREF
R_RandomFinal(&rsaRandom);
#elif BSAFE
B_DestroyAlgorithmObject(&rsaRandom);
#endif
return err;
}
keyExchange->contents.data[0] = SSL_client_key_exchange;
SSLEncodeInt(keyExchange->contents.data + 1, peerKeyModulusLen, 3);
#if RSAREF
if ((rsaResult = RSAPublicEncrypt(keyExchange->contents.data+4, &outputLen,
ctx->preMasterSecret.data, 48,
&ctx->peerKey,&rsaRandom)) != 0)
{ R_RandomFinal(&rsaRandom);
return ERR(SSLUnknownErr);
}
R_RandomFinal(&rsaRandom);
#elif BSAFE
{ B_ALGORITHM_OBJ rsa;
B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_ENCRYPT, 0 };
int rsaResult;
unsigned int encryptedOut;
if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0)
return SSLUnknownErr;
if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPublic, 0)) != 0)
return SSLUnknownErr;
if ((rsaResult = B_EncryptInit(rsa, ctx->peerKey, chooser, NO_SURR)) != 0)
return SSLUnknownErr;
if ((rsaResult = B_EncryptUpdate(rsa, keyExchange->contents.data+4,
&encryptedOut, peerKeyModulusLen, ctx->preMasterSecret.data, 48, rsaRandom, NO_SURR)) != 0)
return SSLUnknownErr;
outputLen = encryptedOut;
if ((rsaResult = B_EncryptFinal(rsa, keyExchange->contents.data+4+outputLen,
&encryptedOut, peerKeyModulusLen-outputLen, rsaRandom, NO_SURR)) != 0)
return SSLUnknownErr;
outputLen += encryptedOut;
B_DestroyAlgorithmObject(&rsa);
}
B_DestroyAlgorithmObject(&rsaRandom);
#endif
ASSERT(outputLen + 4 == keyExchange->contents.length);
return SSLNoErr;
}
static SSLErr
SSLEncodeDHanonKeyExchange(SSLRecord *keyExchange, SSLContext *ctx)
{ SSLErr err;
unsigned int outputLen;
if (ERR(err = SSLEncodeDHPremasterSecret(ctx)) != 0)
return err;
outputLen = ctx->dhExchangePublic.length + 2;
keyExchange->contentType = SSL_handshake;
keyExchange->protocolVersion = SSL_Version_3_0;
if (ERR(err = SSLAllocBuffer(&keyExchange->contents,outputLen + 4,&ctx->sysCtx)) != 0)
return err;
keyExchange->contents.data[0] = SSL_client_key_exchange;
SSLEncodeInt(keyExchange->contents.data+1, ctx->dhExchangePublic.length+2, 3);
SSLEncodeInt(keyExchange->contents.data+4, ctx->dhExchangePublic.length, 2);
memcpy(keyExchange->contents.data+6, ctx->dhExchangePublic.data, ctx->dhExchangePublic.length);
return SSLNoErr;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -