@@ -112,7 +112,7 @@ struct tls_mac_algorithm {
struct tls_cipher_suite {
uint8_t id[2];
const char *name;
- int verify_data_length;
+ size_t verify_data_length;
struct tls_bulk_encryption_algorithm *encryption;
struct tls_signature_algorithm *signature;
@@ -1262,7 +1262,6 @@ static struct tls_mac_algorithm tls_sha = {
static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
.id = { 0x00, 0x0a },
.name = "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_3des_ede,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1270,7 +1269,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_dhe_rsa_with_3des_ede_cbc_sha = {
.id = { 0x00, 0x16 },
.name = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_3des_ede,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1278,7 +1276,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_rsa_with_aes_128_cbc_sha = {
.id = { 0x00, 0x2f },
.name = "TLS_RSA_WITH_AES_128_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1286,7 +1283,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_dhe_rsa_with_aes_128_cbc_sha = {
.id = { 0x00, 0x33 },
.name = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1294,7 +1290,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_rsa_with_aes_256_cbc_sha = {
.id = { 0x00, 0x35 },
.name = "TLS_RSA_WITH_AES_256_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1302,7 +1297,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_dhe_rsa_with_aes_256_cbc_sha = {
.id = { 0x00, 0x39 },
.name = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1310,7 +1304,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_rsa_with_aes_128_cbc_sha256 = {
.id = { 0x00, 0x3c },
.name = "TLS_RSA_WITH_AES_128_CBC_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha256,
.signature = &tls_rsa_signature,
@@ -1318,7 +1311,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_rsa_with_aes_256_cbc_sha256 = {
.id = { 0x00, 0x3d },
.name = "TLS_RSA_WITH_AES_256_CBC_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha256,
.signature = &tls_rsa_signature,
@@ -1326,7 +1318,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_dhe_rsa_with_aes_128_cbc_sha256 = {
.id = { 0x00, 0x67 },
.name = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha256,
.signature = &tls_rsa_signature,
@@ -1334,7 +1325,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_dhe_rsa_with_aes_256_cbc_sha256 = {
.id = { 0x00, 0x6b },
.name = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha256,
.signature = &tls_rsa_signature,
@@ -1342,14 +1332,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_rsa_with_aes_128_gcm_sha256 = {
.id = { 0x00, 0x9c },
.name = "TLS_RSA_WITH_AES_128_GCM_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128_gcm,
.signature = &tls_rsa_signature,
.key_xchg = &tls_rsa_key_xchg,
}, tls_rsa_with_aes_256_gcm_sha384 = {
.id = { 0x00, 0x9d },
.name = "TLS_RSA_WITH_AES_256_GCM_SHA384",
- .verify_data_length = 12,
.encryption = &tls_aes256_gcm,
.prf_hmac = L_CHECKSUM_SHA384,
.signature = &tls_rsa_signature,
@@ -1357,14 +1345,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_dhe_rsa_with_aes_128_gcm_sha256 = {
.id = { 0x00, 0x9e },
.name = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128_gcm,
.signature = &tls_rsa_signature,
.key_xchg = &tls_dhe,
}, tls_dhe_rsa_with_aes_256_gcm_sha384 = {
.id = { 0x00, 0x9f },
.name = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
- .verify_data_length = 12,
.encryption = &tls_aes256_gcm,
.prf_hmac = L_CHECKSUM_SHA384,
.signature = &tls_rsa_signature,
@@ -1372,7 +1358,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_rsa_with_3des_ede_cbc_sha = {
.id = { 0xc0, 0x12 },
.name = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_3des_ede,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1380,7 +1365,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_rsa_with_aes_128_cbc_sha = {
.id = { 0xc0, 0x13 },
.name = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1388,7 +1372,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_rsa_with_aes_256_cbc_sha = {
.id = { 0xc0, 0x14 },
.name = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1396,7 +1379,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_rsa_with_aes_128_cbc_sha256 = {
.id = { 0xc0, 0x27 },
.name = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha256,
.signature = &tls_rsa_signature,
@@ -1404,7 +1386,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_rsa_with_aes_256_cbc_sha384 = {
.id = { 0xc0, 0x28 },
.name = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha384,
.prf_hmac = L_CHECKSUM_SHA384,
@@ -1413,14 +1394,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_rsa_with_aes_128_gcm_sha256 = {
.id = { 0xc0, 0x2f },
.name = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128_gcm,
.signature = &tls_rsa_signature,
.key_xchg = &tls_ecdhe,
}, tls_ecdhe_rsa_with_aes_256_gcm_sha384 = {
.id = { 0xc0, 0x30 },
.name = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
- .verify_data_length = 12,
.encryption = &tls_aes256_gcm,
.prf_hmac = L_CHECKSUM_SHA384,
.signature = &tls_rsa_signature,
@@ -1428,7 +1407,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_ecdsa_with_3des_ede_cbc_sha = {
.id = { 0xc0, 0x08 },
.name = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_3des_ede,
.mac = &tls_sha,
.signature = &tls_ecdsa_signature,
@@ -1436,7 +1414,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_ecdsa_with_aes_128_cbc_sha = {
.id = { 0xc0, 0x09 },
.name = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha,
.signature = &tls_ecdsa_signature,
@@ -1444,7 +1421,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_ecdsa_with_aes_256_cbc_sha = {
.id = { 0xc0, 0x0a },
.name = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha,
.signature = &tls_ecdsa_signature,
@@ -1452,14 +1428,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256 = {
.id = { 0xc0, 0x2b },
.name = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128_gcm,
.signature = &tls_ecdsa_signature,
.key_xchg = &tls_ecdhe,
}, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384 = {
.id = { 0xc0, 0x2c },
.name = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
- .verify_data_length = 12,
.encryption = &tls_aes256_gcm,
.prf_hmac = L_CHECKSUM_SHA384,
.signature = &tls_ecdsa_signature,
@@ -1370,11 +1370,25 @@ static void tls_send_change_cipher_spec(struct l_tls *tls)
tls_tx_record(tls, TLS_CT_CHANGE_CIPHER_SPEC, &buf, 1);
}
+static size_t tls_verify_data_length(struct l_tls *tls, unsigned int index)
+{
+ /*
+ * RFC 5246, Section 7.4.9:
+ *
+ * In previous versions of TLS, the verify_data was always 12 octets
+ * long. In the current version of TLS, it depends on the cipher
+ * suite. Any cipher suite which does not explicitly specify
+ * verify_data_length has a verify_data_length equal to 12.
+ */
+ return maxsize(tls->cipher_suite[index]->verify_data_length, 12);
+}
+
static void tls_send_finished(struct l_tls *tls)
{
uint8_t buf[512];
uint8_t *ptr = buf + TLS_HANDSHAKE_HEADER_SIZE;
uint8_t seed[HANDSHAKE_HASH_MAX_SIZE * 2];
+ size_t vdl = tls_verify_data_length(tls, 1);
size_t seed_len;
if (tls->negotiated_version >= L_TLS_V12) {
@@ -1391,8 +1405,8 @@ static void tls_send_finished(struct l_tls *tls)
tls->server ? "server finished" :
"client finished",
seed, seed_len,
- ptr, tls->cipher_suite[1]->verify_data_length);
- ptr += tls->cipher_suite[1]->verify_data_length;
+ ptr, vdl);
+ ptr += vdl;
tls_tx_handshake(tls, TLS_FINISHED, buf, ptr - buf);
}
@@ -1400,14 +1414,14 @@ static void tls_send_finished(struct l_tls *tls)
static bool tls_verify_finished(struct l_tls *tls, const uint8_t *received,
size_t len)
{
- uint8_t expected[tls->cipher_suite[0]->verify_data_length];
+ size_t vdl = tls_verify_data_length(tls, 0);
+ uint8_t expected[vdl];
uint8_t *seed;
size_t seed_len;
- if (len != (size_t) tls->cipher_suite[0]->verify_data_length) {
+ if (len != vdl) {
TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0,
- "TLS_FINISHED length not %i",
- tls->cipher_suite[0]->verify_data_length);
+ "TLS_FINISHED length not %zu", vdl);
return false;
}
@@ -1428,8 +1442,7 @@ static bool tls_verify_finished(struct l_tls *tls, const uint8_t *received,
tls->server ? "client finished" :
"server finished",
seed, seed_len,
- expected,
- tls->cipher_suite[0]->verify_data_length);
+ expected, vdl);
if (memcmp(received, expected, len)) {
TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0,