![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to tls.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / net|
Return to tls.c CVS log | Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / net |
1.1 ! root 1: /* ! 2: * Copyright (C) 2007 Michael Brown <[email protected]>. ! 3: * ! 4: * This program is free software; you can redistribute it and/or ! 5: * modify it under the terms of the GNU General Public License as ! 6: * published by the Free Software Foundation; either version 2 of the ! 7: * License, or any later version. ! 8: * ! 9: * This program is distributed in the hope that it will be useful, but ! 10: * WITHOUT ANY WARRANTY; without even the implied warranty of ! 11: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ! 12: * General Public License for more details. ! 13: * ! 14: * You should have received a copy of the GNU General Public License ! 15: * along with this program; if not, write to the Free Software ! 16: * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ! 17: */ ! 18: ! 19: FILE_LICENCE ( GPL2_OR_LATER ); ! 20: ! 21: /** ! 22: * @file ! 23: * ! 24: * Transport Layer Security Protocol ! 25: */ ! 26: ! 27: #include <stdint.h> ! 28: #include <stdlib.h> ! 29: #include <stdarg.h> ! 30: #include <string.h> ! 31: #include <errno.h> ! 32: #include <byteswap.h> ! 33: #include <ipxe/hmac.h> ! 34: #include <ipxe/md5.h> ! 35: #include <ipxe/sha1.h> ! 36: #include <ipxe/aes.h> ! 37: #include <ipxe/rsa.h> ! 38: #include <ipxe/iobuf.h> ! 39: #include <ipxe/xfer.h> ! 40: #include <ipxe/open.h> ! 41: #include <ipxe/asn1.h> ! 42: #include <ipxe/x509.h> ! 43: #include <ipxe/tls.h> ! 44: ! 45: static int tls_send_plaintext ( struct tls_session *tls, unsigned int type, ! 46: const void *data, size_t len ); ! 47: static void tls_clear_cipher ( struct tls_session *tls, ! 48: struct tls_cipherspec *cipherspec ); ! 49: ! 50: /****************************************************************************** ! 51: * ! 52: * Utility functions ! 53: * ! 54: ****************************************************************************** ! 55: */ ! 56: ! 57: /** ! 58: * Extract 24-bit field value ! 59: * ! 60: * @v field24 24-bit field ! 61: * @ret value Field value ! 62: * ! 63: * TLS uses 24-bit integers in several places, which are awkward to ! 64: * parse in C. ! 65: */ ! 66: static unsigned long tls_uint24 ( uint8_t field24[3] ) { ! 67: return ( ( field24[0] << 16 ) + ( field24[1] << 8 ) + field24[2] ); ! 68: } ! 69: ! 70: /****************************************************************************** ! 71: * ! 72: * Cleanup functions ! 73: * ! 74: ****************************************************************************** ! 75: */ ! 76: ! 77: /** ! 78: * Free TLS session ! 79: * ! 80: * @v refcnt Reference counter ! 81: */ ! 82: static void free_tls ( struct refcnt *refcnt ) { ! 83: struct tls_session *tls = ! 84: container_of ( refcnt, struct tls_session, refcnt ); ! 85: ! 86: /* Free dynamically-allocated resources */ ! 87: tls_clear_cipher ( tls, &tls->tx_cipherspec ); ! 88: tls_clear_cipher ( tls, &tls->tx_cipherspec_pending ); ! 89: tls_clear_cipher ( tls, &tls->rx_cipherspec ); ! 90: tls_clear_cipher ( tls, &tls->rx_cipherspec_pending ); ! 91: x509_free_rsa_public_key ( &tls->rsa ); ! 92: free ( tls->rx_data ); ! 93: ! 94: /* Free TLS structure itself */ ! 95: free ( tls ); ! 96: } ! 97: ! 98: /** ! 99: * Finish with TLS session ! 100: * ! 101: * @v tls TLS session ! 102: * @v rc Status code ! 103: */ ! 104: static void tls_close ( struct tls_session *tls, int rc ) { ! 105: ! 106: /* Remove process */ ! 107: process_del ( &tls->process ); ! 108: ! 109: /* Close ciphertext and plaintext streams */ ! 110: intf_shutdown ( &tls->cipherstream, rc ); ! 111: intf_shutdown ( &tls->plainstream, rc ); ! 112: } ! 113: ! 114: /****************************************************************************** ! 115: * ! 116: * Random number generation ! 117: * ! 118: ****************************************************************************** ! 119: */ ! 120: ! 121: /** ! 122: * Generate random data ! 123: * ! 124: * @v data Buffer to fill ! 125: * @v len Length of buffer ! 126: */ ! 127: static void tls_generate_random ( void *data, size_t len ) { ! 128: /* FIXME: Some real random data source would be nice... */ ! 129: memset ( data, 0x01, len ); ! 130: } ! 131: ! 132: /** ! 133: * Update HMAC with a list of ( data, len ) pairs ! 134: * ! 135: * @v digest Hash function to use ! 136: * @v digest_ctx Digest context ! 137: * @v args ( data, len ) pairs of data, terminated by NULL ! 138: */ ! 139: static void tls_hmac_update_va ( struct digest_algorithm *digest, ! 140: void *digest_ctx, va_list args ) { ! 141: void *data; ! 142: size_t len; ! 143: ! 144: while ( ( data = va_arg ( args, void * ) ) ) { ! 145: len = va_arg ( args, size_t ); ! 146: hmac_update ( digest, digest_ctx, data, len ); ! 147: } ! 148: } ! 149: ! 150: /** ! 151: * Generate secure pseudo-random data using a single hash function ! 152: * ! 153: * @v tls TLS session ! 154: * @v digest Hash function to use ! 155: * @v secret Secret ! 156: * @v secret_len Length of secret ! 157: * @v out Output buffer ! 158: * @v out_len Length of output buffer ! 159: * @v seeds ( data, len ) pairs of seed data, terminated by NULL ! 160: */ ! 161: static void tls_p_hash_va ( struct tls_session *tls, ! 162: struct digest_algorithm *digest, ! 163: void *secret, size_t secret_len, ! 164: void *out, size_t out_len, ! 165: va_list seeds ) { ! 166: uint8_t secret_copy[secret_len]; ! 167: uint8_t digest_ctx[digest->ctxsize]; ! 168: uint8_t digest_ctx_partial[digest->ctxsize]; ! 169: uint8_t a[digest->digestsize]; ! 170: uint8_t out_tmp[digest->digestsize]; ! 171: size_t frag_len = digest->digestsize; ! 172: va_list tmp; ! 173: ! 174: /* Copy the secret, in case HMAC modifies it */ ! 175: memcpy ( secret_copy, secret, secret_len ); ! 176: secret = secret_copy; ! 177: DBGC2 ( tls, "TLS %p %s secret:\n", tls, digest->name ); ! 178: DBGC2_HD ( tls, secret, secret_len ); ! 179: ! 180: /* Calculate A(1) */ ! 181: hmac_init ( digest, digest_ctx, secret, &secret_len ); ! 182: va_copy ( tmp, seeds ); ! 183: tls_hmac_update_va ( digest, digest_ctx, tmp ); ! 184: va_end ( tmp ); ! 185: hmac_final ( digest, digest_ctx, secret, &secret_len, a ); ! 186: DBGC2 ( tls, "TLS %p %s A(1):\n", tls, digest->name ); ! 187: DBGC2_HD ( tls, &a, sizeof ( a ) ); ! 188: ! 189: /* Generate as much data as required */ ! 190: while ( out_len ) { ! 191: /* Calculate output portion */ ! 192: hmac_init ( digest, digest_ctx, secret, &secret_len ); ! 193: hmac_update ( digest, digest_ctx, a, sizeof ( a ) ); ! 194: memcpy ( digest_ctx_partial, digest_ctx, digest->ctxsize ); ! 195: va_copy ( tmp, seeds ); ! 196: tls_hmac_update_va ( digest, digest_ctx, tmp ); ! 197: va_end ( tmp ); ! 198: hmac_final ( digest, digest_ctx, ! 199: secret, &secret_len, out_tmp ); ! 200: ! 201: /* Copy output */ ! 202: if ( frag_len > out_len ) ! 203: frag_len = out_len; ! 204: memcpy ( out, out_tmp, frag_len ); ! 205: DBGC2 ( tls, "TLS %p %s output:\n", tls, digest->name ); ! 206: DBGC2_HD ( tls, out, frag_len ); ! 207: ! 208: /* Calculate A(i) */ ! 209: hmac_final ( digest, digest_ctx_partial, ! 210: secret, &secret_len, a ); ! 211: DBGC2 ( tls, "TLS %p %s A(n):\n", tls, digest->name ); ! 212: DBGC2_HD ( tls, &a, sizeof ( a ) ); ! 213: ! 214: out += frag_len; ! 215: out_len -= frag_len; ! 216: } ! 217: } ! 218: ! 219: /** ! 220: * Generate secure pseudo-random data ! 221: * ! 222: * @v tls TLS session ! 223: * @v secret Secret ! 224: * @v secret_len Length of secret ! 225: * @v out Output buffer ! 226: * @v out_len Length of output buffer ! 227: * @v ... ( data, len ) pairs of seed data, terminated by NULL ! 228: */ ! 229: static void tls_prf ( struct tls_session *tls, void *secret, size_t secret_len, ! 230: void *out, size_t out_len, ... ) { ! 231: va_list seeds; ! 232: va_list tmp; ! 233: size_t subsecret_len; ! 234: void *md5_secret; ! 235: void *sha1_secret; ! 236: uint8_t out_md5[out_len]; ! 237: uint8_t out_sha1[out_len]; ! 238: unsigned int i; ! 239: ! 240: va_start ( seeds, out_len ); ! 241: ! 242: /* Split secret into two, with an overlap of up to one byte */ ! 243: subsecret_len = ( ( secret_len + 1 ) / 2 ); ! 244: md5_secret = secret; ! 245: sha1_secret = ( secret + secret_len - subsecret_len ); ! 246: ! 247: /* Calculate MD5 portion */ ! 248: va_copy ( tmp, seeds ); ! 249: tls_p_hash_va ( tls, &md5_algorithm, md5_secret, subsecret_len, ! 250: out_md5, out_len, seeds ); ! 251: va_end ( tmp ); ! 252: ! 253: /* Calculate SHA1 portion */ ! 254: va_copy ( tmp, seeds ); ! 255: tls_p_hash_va ( tls, &sha1_algorithm, sha1_secret, subsecret_len, ! 256: out_sha1, out_len, seeds ); ! 257: va_end ( tmp ); ! 258: ! 259: /* XOR the two portions together into the final output buffer */ ! 260: for ( i = 0 ; i < out_len ; i++ ) { ! 261: *( ( uint8_t * ) out + i ) = ( out_md5[i] ^ out_sha1[i] ); ! 262: } ! 263: ! 264: va_end ( seeds ); ! 265: } ! 266: ! 267: /** ! 268: * Generate secure pseudo-random data ! 269: * ! 270: * @v secret Secret ! 271: * @v secret_len Length of secret ! 272: * @v out Output buffer ! 273: * @v out_len Length of output buffer ! 274: * @v label String literal label ! 275: * @v ... ( data, len ) pairs of seed data ! 276: */ ! 277: #define tls_prf_label( tls, secret, secret_len, out, out_len, label, ... ) \ ! 278: tls_prf ( (tls), (secret), (secret_len), (out), (out_len), \ ! 279: label, ( sizeof ( label ) - 1 ), __VA_ARGS__, NULL ) ! 280: ! 281: /****************************************************************************** ! 282: * ! 283: * Secret management ! 284: * ! 285: ****************************************************************************** ! 286: */ ! 287: ! 288: /** ! 289: * Generate master secret ! 290: * ! 291: * @v tls TLS session ! 292: * ! 293: * The pre-master secret and the client and server random values must ! 294: * already be known. ! 295: */ ! 296: static void tls_generate_master_secret ( struct tls_session *tls ) { ! 297: DBGC ( tls, "TLS %p pre-master-secret:\n", tls ); ! 298: DBGC_HD ( tls, &tls->pre_master_secret, ! 299: sizeof ( tls->pre_master_secret ) ); ! 300: DBGC ( tls, "TLS %p client random bytes:\n", tls ); ! 301: DBGC_HD ( tls, &tls->client_random, sizeof ( tls->client_random ) ); ! 302: DBGC ( tls, "TLS %p server random bytes:\n", tls ); ! 303: DBGC_HD ( tls, &tls->server_random, sizeof ( tls->server_random ) ); ! 304: ! 305: tls_prf_label ( tls, &tls->pre_master_secret, ! 306: sizeof ( tls->pre_master_secret ), ! 307: &tls->master_secret, sizeof ( tls->master_secret ), ! 308: "master secret", ! 309: &tls->client_random, sizeof ( tls->client_random ), ! 310: &tls->server_random, sizeof ( tls->server_random ) ); ! 311: ! 312: DBGC ( tls, "TLS %p generated master secret:\n", tls ); ! 313: DBGC_HD ( tls, &tls->master_secret, sizeof ( tls->master_secret ) ); ! 314: } ! 315: ! 316: /** ! 317: * Generate key material ! 318: * ! 319: * @v tls TLS session ! 320: * ! 321: * The master secret must already be known. ! 322: */ ! 323: static int tls_generate_keys ( struct tls_session *tls ) { ! 324: struct tls_cipherspec *tx_cipherspec = &tls->tx_cipherspec_pending; ! 325: struct tls_cipherspec *rx_cipherspec = &tls->rx_cipherspec_pending; ! 326: size_t hash_size = tx_cipherspec->digest->digestsize; ! 327: size_t key_size = tx_cipherspec->key_len; ! 328: size_t iv_size = tx_cipherspec->cipher->blocksize; ! 329: size_t total = ( 2 * ( hash_size + key_size + iv_size ) ); ! 330: uint8_t key_block[total]; ! 331: uint8_t *key; ! 332: int rc; ! 333: ! 334: /* Generate key block */ ! 335: tls_prf_label ( tls, &tls->master_secret, sizeof ( tls->master_secret ), ! 336: key_block, sizeof ( key_block ), "key expansion", ! 337: &tls->server_random, sizeof ( tls->server_random ), ! 338: &tls->client_random, sizeof ( tls->client_random ) ); ! 339: ! 340: /* Split key block into portions */ ! 341: key = key_block; ! 342: ! 343: /* TX MAC secret */ ! 344: memcpy ( tx_cipherspec->mac_secret, key, hash_size ); ! 345: DBGC ( tls, "TLS %p TX MAC secret:\n", tls ); ! 346: DBGC_HD ( tls, key, hash_size ); ! 347: key += hash_size; ! 348: ! 349: /* RX MAC secret */ ! 350: memcpy ( rx_cipherspec->mac_secret, key, hash_size ); ! 351: DBGC ( tls, "TLS %p RX MAC secret:\n", tls ); ! 352: DBGC_HD ( tls, key, hash_size ); ! 353: key += hash_size; ! 354: ! 355: /* TX key */ ! 356: if ( ( rc = cipher_setkey ( tx_cipherspec->cipher, ! 357: tx_cipherspec->cipher_ctx, ! 358: key, key_size ) ) != 0 ) { ! 359: DBGC ( tls, "TLS %p could not set TX key: %s\n", ! 360: tls, strerror ( rc ) ); ! 361: return rc; ! 362: } ! 363: DBGC ( tls, "TLS %p TX key:\n", tls ); ! 364: DBGC_HD ( tls, key, key_size ); ! 365: key += key_size; ! 366: ! 367: /* RX key */ ! 368: if ( ( rc = cipher_setkey ( rx_cipherspec->cipher, ! 369: rx_cipherspec->cipher_ctx, ! 370: key, key_size ) ) != 0 ) { ! 371: DBGC ( tls, "TLS %p could not set TX key: %s\n", ! 372: tls, strerror ( rc ) ); ! 373: return rc; ! 374: } ! 375: DBGC ( tls, "TLS %p RX key:\n", tls ); ! 376: DBGC_HD ( tls, key, key_size ); ! 377: key += key_size; ! 378: ! 379: /* TX initialisation vector */ ! 380: cipher_setiv ( tx_cipherspec->cipher, tx_cipherspec->cipher_ctx, key ); ! 381: DBGC ( tls, "TLS %p TX IV:\n", tls ); ! 382: DBGC_HD ( tls, key, iv_size ); ! 383: key += iv_size; ! 384: ! 385: /* RX initialisation vector */ ! 386: cipher_setiv ( rx_cipherspec->cipher, rx_cipherspec->cipher_ctx, key ); ! 387: DBGC ( tls, "TLS %p RX IV:\n", tls ); ! 388: DBGC_HD ( tls, key, iv_size ); ! 389: key += iv_size; ! 390: ! 391: assert ( ( key_block + total ) == key ); ! 392: ! 393: return 0; ! 394: } ! 395: ! 396: /****************************************************************************** ! 397: * ! 398: * Cipher suite management ! 399: * ! 400: ****************************************************************************** ! 401: */ ! 402: ! 403: /** ! 404: * Clear cipher suite ! 405: * ! 406: * @v cipherspec TLS cipher specification ! 407: */ ! 408: static void tls_clear_cipher ( struct tls_session *tls __unused, ! 409: struct tls_cipherspec *cipherspec ) { ! 410: free ( cipherspec->dynamic ); ! 411: memset ( cipherspec, 0, sizeof ( cipherspec ) ); ! 412: cipherspec->pubkey = &pubkey_null; ! 413: cipherspec->cipher = &cipher_null; ! 414: cipherspec->digest = &digest_null; ! 415: } ! 416: ! 417: /** ! 418: * Set cipher suite ! 419: * ! 420: * @v tls TLS session ! 421: * @v cipherspec TLS cipher specification ! 422: * @v pubkey Public-key encryption elgorithm ! 423: * @v cipher Bulk encryption cipher algorithm ! 424: * @v digest MAC digest algorithm ! 425: * @v key_len Key length ! 426: * @ret rc Return status code ! 427: */ ! 428: static int tls_set_cipher ( struct tls_session *tls, ! 429: struct tls_cipherspec *cipherspec, ! 430: struct pubkey_algorithm *pubkey, ! 431: struct cipher_algorithm *cipher, ! 432: struct digest_algorithm *digest, ! 433: size_t key_len ) { ! 434: size_t total; ! 435: void *dynamic; ! 436: ! 437: /* Clear out old cipher contents, if any */ ! 438: tls_clear_cipher ( tls, cipherspec ); ! 439: ! 440: /* Allocate dynamic storage */ ! 441: total = ( pubkey->ctxsize + 2 * cipher->ctxsize + digest->digestsize ); ! 442: dynamic = malloc ( total ); ! 443: if ( ! dynamic ) { ! 444: DBGC ( tls, "TLS %p could not allocate %zd bytes for crypto " ! 445: "context\n", tls, total ); ! 446: return -ENOMEM; ! 447: } ! 448: memset ( dynamic, 0, total ); ! 449: ! 450: /* Assign storage */ ! 451: cipherspec->dynamic = dynamic; ! 452: cipherspec->pubkey_ctx = dynamic; dynamic += pubkey->ctxsize; ! 453: cipherspec->cipher_ctx = dynamic; dynamic += cipher->ctxsize; ! 454: cipherspec->cipher_next_ctx = dynamic; dynamic += cipher->ctxsize; ! 455: cipherspec->mac_secret = dynamic; dynamic += digest->digestsize; ! 456: assert ( ( cipherspec->dynamic + total ) == dynamic ); ! 457: ! 458: /* Store parameters */ ! 459: cipherspec->pubkey = pubkey; ! 460: cipherspec->cipher = cipher; ! 461: cipherspec->digest = digest; ! 462: cipherspec->key_len = key_len; ! 463: ! 464: return 0; ! 465: } ! 466: ! 467: /** ! 468: * Select next cipher suite ! 469: * ! 470: * @v tls TLS session ! 471: * @v cipher_suite Cipher suite specification ! 472: * @ret rc Return status code ! 473: */ ! 474: static int tls_select_cipher ( struct tls_session *tls, ! 475: unsigned int cipher_suite ) { ! 476: struct pubkey_algorithm *pubkey = &pubkey_null; ! 477: struct cipher_algorithm *cipher = &cipher_null; ! 478: struct digest_algorithm *digest = &digest_null; ! 479: unsigned int key_len = 0; ! 480: int rc; ! 481: ! 482: switch ( cipher_suite ) { ! 483: case htons ( TLS_RSA_WITH_AES_128_CBC_SHA ): ! 484: key_len = ( 128 / 8 ); ! 485: cipher = &aes_cbc_algorithm; ! 486: digest = &sha1_algorithm; ! 487: break; ! 488: case htons ( TLS_RSA_WITH_AES_256_CBC_SHA ): ! 489: key_len = ( 256 / 8 ); ! 490: cipher = &aes_cbc_algorithm; ! 491: digest = &sha1_algorithm; ! 492: break; ! 493: default: ! 494: DBGC ( tls, "TLS %p does not support cipher %04x\n", ! 495: tls, ntohs ( cipher_suite ) ); ! 496: return -ENOTSUP; ! 497: } ! 498: ! 499: /* Set ciphers */ ! 500: if ( ( rc = tls_set_cipher ( tls, &tls->tx_cipherspec_pending, pubkey, ! 501: cipher, digest, key_len ) ) != 0 ) ! 502: return rc; ! 503: if ( ( rc = tls_set_cipher ( tls, &tls->rx_cipherspec_pending, pubkey, ! 504: cipher, digest, key_len ) ) != 0 ) ! 505: return rc; ! 506: ! 507: DBGC ( tls, "TLS %p selected %s-%s-%d-%s\n", tls, ! 508: pubkey->name, cipher->name, ( key_len * 8 ), digest->name ); ! 509: ! 510: return 0; ! 511: } ! 512: ! 513: /** ! 514: * Activate next cipher suite ! 515: * ! 516: * @v tls TLS session ! 517: * @v pending Pending cipher specification ! 518: * @v active Active cipher specification to replace ! 519: * @ret rc Return status code ! 520: */ ! 521: static int tls_change_cipher ( struct tls_session *tls, ! 522: struct tls_cipherspec *pending, ! 523: struct tls_cipherspec *active ) { ! 524: ! 525: /* Sanity check */ ! 526: if ( /* FIXME (when pubkey is not hard-coded to RSA): ! 527: * ( pending->pubkey == &pubkey_null ) || */ ! 528: ( pending->cipher == &cipher_null ) || ! 529: ( pending->digest == &digest_null ) ) { ! 530: DBGC ( tls, "TLS %p refusing to use null cipher\n", tls ); ! 531: return -ENOTSUP; ! 532: } ! 533: ! 534: tls_clear_cipher ( tls, active ); ! 535: memswap ( active, pending, sizeof ( *active ) ); ! 536: return 0; ! 537: } ! 538: ! 539: /****************************************************************************** ! 540: * ! 541: * Handshake verification ! 542: * ! 543: ****************************************************************************** ! 544: */ ! 545: ! 546: /** ! 547: * Add handshake record to verification hash ! 548: * ! 549: * @v tls TLS session ! 550: * @v data Handshake record ! 551: * @v len Length of handshake record ! 552: */ ! 553: static void tls_add_handshake ( struct tls_session *tls, ! 554: const void *data, size_t len ) { ! 555: ! 556: digest_update ( &md5_algorithm, tls->handshake_md5_ctx, data, len ); ! 557: digest_update ( &sha1_algorithm, tls->handshake_sha1_ctx, data, len ); ! 558: } ! 559: ! 560: /** ! 561: * Calculate handshake verification hash ! 562: * ! 563: * @v tls TLS session ! 564: * @v out Output buffer ! 565: * ! 566: * Calculates the MD5+SHA1 digest over all handshake messages seen so ! 567: * far. ! 568: */ ! 569: static void tls_verify_handshake ( struct tls_session *tls, void *out ) { ! 570: struct digest_algorithm *md5 = &md5_algorithm; ! 571: struct digest_algorithm *sha1 = &sha1_algorithm; ! 572: uint8_t md5_ctx[md5->ctxsize]; ! 573: uint8_t sha1_ctx[sha1->ctxsize]; ! 574: void *md5_digest = out; ! 575: void *sha1_digest = ( out + md5->digestsize ); ! 576: ! 577: memcpy ( md5_ctx, tls->handshake_md5_ctx, sizeof ( md5_ctx ) ); ! 578: memcpy ( sha1_ctx, tls->handshake_sha1_ctx, sizeof ( sha1_ctx ) ); ! 579: digest_final ( md5, md5_ctx, md5_digest ); ! 580: digest_final ( sha1, sha1_ctx, sha1_digest ); ! 581: } ! 582: ! 583: /****************************************************************************** ! 584: * ! 585: * Record handling ! 586: * ! 587: ****************************************************************************** ! 588: */ ! 589: ! 590: /** ! 591: * Transmit Handshake record ! 592: * ! 593: * @v tls TLS session ! 594: * @v data Plaintext record ! 595: * @v len Length of plaintext record ! 596: * @ret rc Return status code ! 597: */ ! 598: static int tls_send_handshake ( struct tls_session *tls, ! 599: void *data, size_t len ) { ! 600: ! 601: /* Add to handshake digest */ ! 602: tls_add_handshake ( tls, data, len ); ! 603: ! 604: /* Send record */ ! 605: return tls_send_plaintext ( tls, TLS_TYPE_HANDSHAKE, data, len ); ! 606: } ! 607: ! 608: /** ! 609: * Transmit Client Hello record ! 610: * ! 611: * @v tls TLS session ! 612: * @ret rc Return status code ! 613: */ ! 614: static int tls_send_client_hello ( struct tls_session *tls ) { ! 615: struct { ! 616: uint32_t type_length; ! 617: uint16_t version; ! 618: uint8_t random[32]; ! 619: uint8_t session_id_len; ! 620: uint16_t cipher_suite_len; ! 621: uint16_t cipher_suites[2]; ! 622: uint8_t compression_methods_len; ! 623: uint8_t compression_methods[1]; ! 624: } __attribute__ (( packed )) hello; ! 625: ! 626: memset ( &hello, 0, sizeof ( hello ) ); ! 627: hello.type_length = ( cpu_to_le32 ( TLS_CLIENT_HELLO ) | ! 628: htonl ( sizeof ( hello ) - ! 629: sizeof ( hello.type_length ) ) ); ! 630: hello.version = htons ( TLS_VERSION_TLS_1_0 ); ! 631: memcpy ( &hello.random, &tls->client_random, sizeof ( hello.random ) ); ! 632: hello.cipher_suite_len = htons ( sizeof ( hello.cipher_suites ) ); ! 633: hello.cipher_suites[0] = htons ( TLS_RSA_WITH_AES_128_CBC_SHA ); ! 634: hello.cipher_suites[1] = htons ( TLS_RSA_WITH_AES_256_CBC_SHA ); ! 635: hello.compression_methods_len = sizeof ( hello.compression_methods ); ! 636: ! 637: return tls_send_handshake ( tls, &hello, sizeof ( hello ) ); ! 638: } ! 639: ! 640: /** ! 641: * Transmit Client Key Exchange record ! 642: * ! 643: * @v tls TLS session ! 644: * @ret rc Return status code ! 645: */ ! 646: static int tls_send_client_key_exchange ( struct tls_session *tls ) { ! 647: /* FIXME: Hack alert */ ! 648: RSA_CTX *rsa_ctx; ! 649: RSA_pub_key_new ( &rsa_ctx, tls->rsa.modulus, tls->rsa.modulus_len, ! 650: tls->rsa.exponent, tls->rsa.exponent_len ); ! 651: struct { ! 652: uint32_t type_length; ! 653: uint16_t encrypted_pre_master_secret_len; ! 654: uint8_t encrypted_pre_master_secret[rsa_ctx->num_octets]; ! 655: } __attribute__ (( packed )) key_xchg; ! 656: ! 657: memset ( &key_xchg, 0, sizeof ( key_xchg ) ); ! 658: key_xchg.type_length = ( cpu_to_le32 ( TLS_CLIENT_KEY_EXCHANGE ) | ! 659: htonl ( sizeof ( key_xchg ) - ! 660: sizeof ( key_xchg.type_length ) ) ); ! 661: key_xchg.encrypted_pre_master_secret_len ! 662: = htons ( sizeof ( key_xchg.encrypted_pre_master_secret ) ); ! 663: ! 664: /* FIXME: Hack alert */ ! 665: DBGC ( tls, "RSA encrypting plaintext, modulus, exponent:\n" ); ! 666: DBGC_HD ( tls, &tls->pre_master_secret, ! 667: sizeof ( tls->pre_master_secret ) ); ! 668: DBGC_HD ( tls, tls->rsa.modulus, tls->rsa.modulus_len ); ! 669: DBGC_HD ( tls, tls->rsa.exponent, tls->rsa.exponent_len ); ! 670: RSA_encrypt ( rsa_ctx, ( const uint8_t * ) &tls->pre_master_secret, ! 671: sizeof ( tls->pre_master_secret ), ! 672: key_xchg.encrypted_pre_master_secret, 0 ); ! 673: DBGC ( tls, "RSA encrypt done. Ciphertext:\n" ); ! 674: DBGC_HD ( tls, &key_xchg.encrypted_pre_master_secret, ! 675: sizeof ( key_xchg.encrypted_pre_master_secret ) ); ! 676: RSA_free ( rsa_ctx ); ! 677: ! 678: ! 679: return tls_send_handshake ( tls, &key_xchg, sizeof ( key_xchg ) ); ! 680: } ! 681: ! 682: /** ! 683: * Transmit Change Cipher record ! 684: * ! 685: * @v tls TLS session ! 686: * @ret rc Return status code ! 687: */ ! 688: static int tls_send_change_cipher ( struct tls_session *tls ) { ! 689: static const uint8_t change_cipher[1] = { 1 }; ! 690: return tls_send_plaintext ( tls, TLS_TYPE_CHANGE_CIPHER, ! 691: change_cipher, sizeof ( change_cipher ) ); ! 692: } ! 693: ! 694: /** ! 695: * Transmit Finished record ! 696: * ! 697: * @v tls TLS session ! 698: * @ret rc Return status code ! 699: */ ! 700: static int tls_send_finished ( struct tls_session *tls ) { ! 701: struct { ! 702: uint32_t type_length; ! 703: uint8_t verify_data[12]; ! 704: } __attribute__ (( packed )) finished; ! 705: uint8_t digest[MD5_DIGEST_SIZE + SHA1_DIGEST_SIZE]; ! 706: ! 707: memset ( &finished, 0, sizeof ( finished ) ); ! 708: finished.type_length = ( cpu_to_le32 ( TLS_FINISHED ) | ! 709: htonl ( sizeof ( finished ) - ! 710: sizeof ( finished.type_length ) ) ); ! 711: tls_verify_handshake ( tls, digest ); ! 712: tls_prf_label ( tls, &tls->master_secret, sizeof ( tls->master_secret ), ! 713: finished.verify_data, sizeof ( finished.verify_data ), ! 714: "client finished", digest, sizeof ( digest ) ); ! 715: ! 716: return tls_send_handshake ( tls, &finished, sizeof ( finished ) ); ! 717: } ! 718: ! 719: /** ! 720: * Receive new Change Cipher record ! 721: * ! 722: * @v tls TLS session ! 723: * @v data Plaintext record ! 724: * @v len Length of plaintext record ! 725: * @ret rc Return status code ! 726: */ ! 727: static int tls_new_change_cipher ( struct tls_session *tls, ! 728: void *data, size_t len ) { ! 729: int rc; ! 730: ! 731: if ( ( len != 1 ) || ( *( ( uint8_t * ) data ) != 1 ) ) { ! 732: DBGC ( tls, "TLS %p received invalid Change Cipher\n", tls ); ! 733: DBGC_HD ( tls, data, len ); ! 734: return -EINVAL; ! 735: } ! 736: ! 737: if ( ( rc = tls_change_cipher ( tls, &tls->rx_cipherspec_pending, ! 738: &tls->rx_cipherspec ) ) != 0 ) { ! 739: DBGC ( tls, "TLS %p could not activate RX cipher: %s\n", ! 740: tls, strerror ( rc ) ); ! 741: return rc; ! 742: } ! 743: tls->rx_seq = ~( ( uint64_t ) 0 ); ! 744: ! 745: return 0; ! 746: } ! 747: ! 748: /** ! 749: * Receive new Alert record ! 750: * ! 751: * @v tls TLS session ! 752: * @v data Plaintext record ! 753: * @v len Length of plaintext record ! 754: * @ret rc Return status code ! 755: */ ! 756: static int tls_new_alert ( struct tls_session *tls, void *data, size_t len ) { ! 757: struct { ! 758: uint8_t level; ! 759: uint8_t description; ! 760: char next[0]; ! 761: } __attribute__ (( packed )) *alert = data; ! 762: void *end = alert->next; ! 763: ! 764: /* Sanity check */ ! 765: if ( end != ( data + len ) ) { ! 766: DBGC ( tls, "TLS %p received overlength Alert\n", tls ); ! 767: DBGC_HD ( tls, data, len ); ! 768: return -EINVAL; ! 769: } ! 770: ! 771: switch ( alert->level ) { ! 772: case TLS_ALERT_WARNING: ! 773: DBGC ( tls, "TLS %p received warning alert %d\n", ! 774: tls, alert->description ); ! 775: return 0; ! 776: case TLS_ALERT_FATAL: ! 777: DBGC ( tls, "TLS %p received fatal alert %d\n", ! 778: tls, alert->description ); ! 779: return -EPERM; ! 780: default: ! 781: DBGC ( tls, "TLS %p received unknown alert level %d" ! 782: "(alert %d)\n", tls, alert->level, alert->description ); ! 783: return -EIO; ! 784: } ! 785: } ! 786: ! 787: /** ! 788: * Receive new Server Hello handshake record ! 789: * ! 790: * @v tls TLS session ! 791: * @v data Plaintext handshake record ! 792: * @v len Length of plaintext handshake record ! 793: * @ret rc Return status code ! 794: */ ! 795: static int tls_new_server_hello ( struct tls_session *tls, ! 796: void *data, size_t len ) { ! 797: struct { ! 798: uint16_t version; ! 799: uint8_t random[32]; ! 800: uint8_t session_id_len; ! 801: char next[0]; ! 802: } __attribute__ (( packed )) *hello_a = data; ! 803: struct { ! 804: uint8_t session_id[hello_a->session_id_len]; ! 805: uint16_t cipher_suite; ! 806: uint8_t compression_method; ! 807: char next[0]; ! 808: } __attribute__ (( packed )) *hello_b = ( void * ) &hello_a->next; ! 809: void *end = hello_b->next; ! 810: int rc; ! 811: ! 812: /* Sanity check */ ! 813: if ( end != ( data + len ) ) { ! 814: DBGC ( tls, "TLS %p received overlength Server Hello\n", tls ); ! 815: DBGC_HD ( tls, data, len ); ! 816: return -EINVAL; ! 817: } ! 818: ! 819: /* Check protocol version */ ! 820: if ( ntohs ( hello_a->version ) < TLS_VERSION_TLS_1_0 ) { ! 821: DBGC ( tls, "TLS %p does not support protocol version %d.%d\n", ! 822: tls, ( ntohs ( hello_a->version ) >> 8 ), ! 823: ( ntohs ( hello_a->version ) & 0xff ) ); ! 824: return -ENOTSUP; ! 825: } ! 826: ! 827: /* Copy out server random bytes */ ! 828: memcpy ( &tls->server_random, &hello_a->random, ! 829: sizeof ( tls->server_random ) ); ! 830: ! 831: /* Select cipher suite */ ! 832: if ( ( rc = tls_select_cipher ( tls, hello_b->cipher_suite ) ) != 0 ) ! 833: return rc; ! 834: ! 835: /* Generate secrets */ ! 836: tls_generate_master_secret ( tls ); ! 837: if ( ( rc = tls_generate_keys ( tls ) ) != 0 ) ! 838: return rc; ! 839: ! 840: return 0; ! 841: } ! 842: ! 843: /** ! 844: * Receive new Certificate handshake record ! 845: * ! 846: * @v tls TLS session ! 847: * @v data Plaintext handshake record ! 848: * @v len Length of plaintext handshake record ! 849: * @ret rc Return status code ! 850: */ ! 851: static int tls_new_certificate ( struct tls_session *tls, ! 852: void *data, size_t len ) { ! 853: struct { ! 854: uint8_t length[3]; ! 855: uint8_t certificates[0]; ! 856: } __attribute__ (( packed )) *certificate = data; ! 857: struct { ! 858: uint8_t length[3]; ! 859: uint8_t certificate[0]; ! 860: } __attribute__ (( packed )) *element = ! 861: ( ( void * ) certificate->certificates ); ! 862: size_t elements_len = tls_uint24 ( certificate->length ); ! 863: void *end = ( certificate->certificates + elements_len ); ! 864: struct asn1_cursor cursor; ! 865: int rc; ! 866: ! 867: /* Sanity check */ ! 868: if ( end != ( data + len ) ) { ! 869: DBGC ( tls, "TLS %p received overlength Server Certificate\n", ! 870: tls ); ! 871: DBGC_HD ( tls, data, len ); ! 872: return -EINVAL; ! 873: } ! 874: ! 875: /* Traverse certificate chain */ ! 876: do { ! 877: cursor.data = element->certificate; ! 878: cursor.len = tls_uint24 ( element->length ); ! 879: if ( ( cursor.data + cursor.len ) > end ) { ! 880: DBGC ( tls, "TLS %p received corrupt Server " ! 881: "Certificate\n", tls ); ! 882: DBGC_HD ( tls, data, len ); ! 883: return -EINVAL; ! 884: } ! 885: ! 886: // HACK ! 887: if ( ( rc = x509_rsa_public_key ( &cursor, ! 888: &tls->rsa ) ) != 0 ) { ! 889: DBGC ( tls, "TLS %p cannot determine RSA public key: " ! 890: "%s\n", tls, strerror ( rc ) ); ! 891: return rc; ! 892: } ! 893: return 0; ! 894: ! 895: element = ( cursor.data + cursor.len ); ! 896: } while ( element != end ); ! 897: ! 898: return -EINVAL; ! 899: } ! 900: ! 901: /** ! 902: * Receive new Server Hello Done handshake record ! 903: * ! 904: * @v tls TLS session ! 905: * @v data Plaintext handshake record ! 906: * @v len Length of plaintext handshake record ! 907: * @ret rc Return status code ! 908: */ ! 909: static int tls_new_server_hello_done ( struct tls_session *tls, ! 910: void *data, size_t len ) { ! 911: struct { ! 912: char next[0]; ! 913: } __attribute__ (( packed )) *hello_done = data; ! 914: void *end = hello_done->next; ! 915: ! 916: /* Sanity check */ ! 917: if ( end != ( data + len ) ) { ! 918: DBGC ( tls, "TLS %p received overlength Server Hello Done\n", ! 919: tls ); ! 920: DBGC_HD ( tls, data, len ); ! 921: return -EINVAL; ! 922: } ! 923: ! 924: /* Check that we are ready to send the Client Key Exchange */ ! 925: if ( tls->tx_state != TLS_TX_NONE ) { ! 926: DBGC ( tls, "TLS %p received Server Hello Done while in " ! 927: "TX state %d\n", tls, tls->tx_state ); ! 928: return -EIO; ! 929: } ! 930: ! 931: /* Start sending the Client Key Exchange */ ! 932: tls->tx_state = TLS_TX_CLIENT_KEY_EXCHANGE; ! 933: ! 934: return 0; ! 935: } ! 936: ! 937: /** ! 938: * Receive new Finished handshake record ! 939: * ! 940: * @v tls TLS session ! 941: * @v data Plaintext handshake record ! 942: * @v len Length of plaintext handshake record ! 943: * @ret rc Return status code ! 944: */ ! 945: static int tls_new_finished ( struct tls_session *tls, ! 946: void *data, size_t len ) { ! 947: ! 948: /* FIXME: Handle this properly */ ! 949: tls->tx_state = TLS_TX_DATA; ! 950: ( void ) data; ! 951: ( void ) len; ! 952: return 0; ! 953: } ! 954: ! 955: /** ! 956: * Receive new Handshake record ! 957: * ! 958: * @v tls TLS session ! 959: * @v data Plaintext record ! 960: * @v len Length of plaintext record ! 961: * @ret rc Return status code ! 962: */ ! 963: static int tls_new_handshake ( struct tls_session *tls, ! 964: void *data, size_t len ) { ! 965: void *end = ( data + len ); ! 966: int rc; ! 967: ! 968: while ( data != end ) { ! 969: struct { ! 970: uint8_t type; ! 971: uint8_t length[3]; ! 972: uint8_t payload[0]; ! 973: } __attribute__ (( packed )) *handshake = data; ! 974: void *payload = &handshake->payload; ! 975: size_t payload_len = tls_uint24 ( handshake->length ); ! 976: void *next = ( payload + payload_len ); ! 977: ! 978: /* Sanity check */ ! 979: if ( next > end ) { ! 980: DBGC ( tls, "TLS %p received overlength Handshake\n", ! 981: tls ); ! 982: DBGC_HD ( tls, data, len ); ! 983: return -EINVAL; ! 984: } ! 985: ! 986: switch ( handshake->type ) { ! 987: case TLS_SERVER_HELLO: ! 988: rc = tls_new_server_hello ( tls, payload, payload_len ); ! 989: break; ! 990: case TLS_CERTIFICATE: ! 991: rc = tls_new_certificate ( tls, payload, payload_len ); ! 992: break; ! 993: case TLS_SERVER_HELLO_DONE: ! 994: rc = tls_new_server_hello_done ( tls, payload, ! 995: payload_len ); ! 996: break; ! 997: case TLS_FINISHED: ! 998: rc = tls_new_finished ( tls, payload, payload_len ); ! 999: break; ! 1000: default: ! 1001: DBGC ( tls, "TLS %p ignoring handshake type %d\n", ! 1002: tls, handshake->type ); ! 1003: rc = 0; ! 1004: break; ! 1005: } ! 1006: ! 1007: /* Add to handshake digest (except for Hello Requests, ! 1008: * which are explicitly excluded). ! 1009: */ ! 1010: if ( handshake->type != TLS_HELLO_REQUEST ) ! 1011: tls_add_handshake ( tls, data, ! 1012: sizeof ( *handshake ) + ! 1013: payload_len ); ! 1014: ! 1015: /* Abort on failure */ ! 1016: if ( rc != 0 ) ! 1017: return rc; ! 1018: ! 1019: /* Move to next handshake record */ ! 1020: data = next; ! 1021: } ! 1022: ! 1023: return 0; ! 1024: } ! 1025: ! 1026: /** ! 1027: * Receive new record ! 1028: * ! 1029: * @v tls TLS session ! 1030: * @v type Record type ! 1031: * @v data Plaintext record ! 1032: * @v len Length of plaintext record ! 1033: * @ret rc Return status code ! 1034: */ ! 1035: static int tls_new_record ( struct tls_session *tls, ! 1036: unsigned int type, void *data, size_t len ) { ! 1037: ! 1038: switch ( type ) { ! 1039: case TLS_TYPE_CHANGE_CIPHER: ! 1040: return tls_new_change_cipher ( tls, data, len ); ! 1041: case TLS_TYPE_ALERT: ! 1042: return tls_new_alert ( tls, data, len ); ! 1043: case TLS_TYPE_HANDSHAKE: ! 1044: return tls_new_handshake ( tls, data, len ); ! 1045: case TLS_TYPE_DATA: ! 1046: return xfer_deliver_raw ( &tls->plainstream, data, len ); ! 1047: default: ! 1048: /* RFC4346 says that we should just ignore unknown ! 1049: * record types. ! 1050: */ ! 1051: DBGC ( tls, "TLS %p ignoring record type %d\n", tls, type ); ! 1052: return 0; ! 1053: } ! 1054: } ! 1055: ! 1056: /****************************************************************************** ! 1057: * ! 1058: * Record encryption/decryption ! 1059: * ! 1060: ****************************************************************************** ! 1061: */ ! 1062: ! 1063: /** ! 1064: * Calculate HMAC ! 1065: * ! 1066: * @v tls TLS session ! 1067: * @v cipherspec Cipher specification ! 1068: * @v seq Sequence number ! 1069: * @v tlshdr TLS header ! 1070: * @v data Data ! 1071: * @v len Length of data ! 1072: * @v mac HMAC to fill in ! 1073: */ ! 1074: static void tls_hmac ( struct tls_session *tls __unused, ! 1075: struct tls_cipherspec *cipherspec, ! 1076: uint64_t seq, struct tls_header *tlshdr, ! 1077: const void *data, size_t len, void *hmac ) { ! 1078: struct digest_algorithm *digest = cipherspec->digest; ! 1079: uint8_t digest_ctx[digest->ctxsize]; ! 1080: ! 1081: hmac_init ( digest, digest_ctx, cipherspec->mac_secret, ! 1082: &digest->digestsize ); ! 1083: seq = cpu_to_be64 ( seq ); ! 1084: hmac_update ( digest, digest_ctx, &seq, sizeof ( seq ) ); ! 1085: hmac_update ( digest, digest_ctx, tlshdr, sizeof ( *tlshdr ) ); ! 1086: hmac_update ( digest, digest_ctx, data, len ); ! 1087: hmac_final ( digest, digest_ctx, cipherspec->mac_secret, ! 1088: &digest->digestsize, hmac ); ! 1089: } ! 1090: ! 1091: /** ! 1092: * Allocate and assemble stream-ciphered record from data and MAC portions ! 1093: * ! 1094: * @v tls TLS session ! 1095: * @ret data Data ! 1096: * @ret len Length of data ! 1097: * @ret digest MAC digest ! 1098: * @ret plaintext_len Length of plaintext record ! 1099: * @ret plaintext Allocated plaintext record ! 1100: */ ! 1101: static void * __malloc tls_assemble_stream ( struct tls_session *tls, ! 1102: const void *data, size_t len, ! 1103: void *digest, size_t *plaintext_len ) { ! 1104: size_t mac_len = tls->tx_cipherspec.digest->digestsize; ! 1105: void *plaintext; ! 1106: void *content; ! 1107: void *mac; ! 1108: ! 1109: /* Calculate stream-ciphered struct length */ ! 1110: *plaintext_len = ( len + mac_len ); ! 1111: ! 1112: /* Allocate stream-ciphered struct */ ! 1113: plaintext = malloc ( *plaintext_len ); ! 1114: if ( ! plaintext ) ! 1115: return NULL; ! 1116: content = plaintext; ! 1117: mac = ( content + len ); ! 1118: ! 1119: /* Fill in stream-ciphered struct */ ! 1120: memcpy ( content, data, len ); ! 1121: memcpy ( mac, digest, mac_len ); ! 1122: ! 1123: return plaintext; ! 1124: } ! 1125: ! 1126: /** ! 1127: * Allocate and assemble block-ciphered record from data and MAC portions ! 1128: * ! 1129: * @v tls TLS session ! 1130: * @ret data Data ! 1131: * @ret len Length of data ! 1132: * @ret digest MAC digest ! 1133: * @ret plaintext_len Length of plaintext record ! 1134: * @ret plaintext Allocated plaintext record ! 1135: */ ! 1136: static void * tls_assemble_block ( struct tls_session *tls, ! 1137: const void *data, size_t len, ! 1138: void *digest, size_t *plaintext_len ) { ! 1139: size_t blocksize = tls->tx_cipherspec.cipher->blocksize; ! 1140: size_t iv_len = blocksize; ! 1141: size_t mac_len = tls->tx_cipherspec.digest->digestsize; ! 1142: size_t padding_len; ! 1143: void *plaintext; ! 1144: void *iv; ! 1145: void *content; ! 1146: void *mac; ! 1147: void *padding; ! 1148: ! 1149: /* FIXME: TLSv1.1 has an explicit IV */ ! 1150: iv_len = 0; ! 1151: ! 1152: /* Calculate block-ciphered struct length */ ! 1153: padding_len = ( ( blocksize - 1 ) & -( iv_len + len + mac_len + 1 ) ); ! 1154: *plaintext_len = ( iv_len + len + mac_len + padding_len + 1 ); ! 1155: ! 1156: /* Allocate block-ciphered struct */ ! 1157: plaintext = malloc ( *plaintext_len ); ! 1158: if ( ! plaintext ) ! 1159: return NULL; ! 1160: iv = plaintext; ! 1161: content = ( iv + iv_len ); ! 1162: mac = ( content + len ); ! 1163: padding = ( mac + mac_len ); ! 1164: ! 1165: /* Fill in block-ciphered struct */ ! 1166: memset ( iv, 0, iv_len ); ! 1167: memcpy ( content, data, len ); ! 1168: memcpy ( mac, digest, mac_len ); ! 1169: memset ( padding, padding_len, ( padding_len + 1 ) ); ! 1170: ! 1171: return plaintext; ! 1172: } ! 1173: ! 1174: /** ! 1175: * Send plaintext record ! 1176: * ! 1177: * @v tls TLS session ! 1178: * @v type Record type ! 1179: * @v data Plaintext record ! 1180: * @v len Length of plaintext record ! 1181: * @ret rc Return status code ! 1182: */ ! 1183: static int tls_send_plaintext ( struct tls_session *tls, unsigned int type, ! 1184: const void *data, size_t len ) { ! 1185: struct tls_header plaintext_tlshdr; ! 1186: struct tls_header *tlshdr; ! 1187: struct tls_cipherspec *cipherspec = &tls->tx_cipherspec; ! 1188: void *plaintext = NULL; ! 1189: size_t plaintext_len; ! 1190: struct io_buffer *ciphertext = NULL; ! 1191: size_t ciphertext_len; ! 1192: size_t mac_len = cipherspec->digest->digestsize; ! 1193: uint8_t mac[mac_len]; ! 1194: int rc; ! 1195: ! 1196: /* Construct header */ ! 1197: plaintext_tlshdr.type = type; ! 1198: plaintext_tlshdr.version = htons ( TLS_VERSION_TLS_1_0 ); ! 1199: plaintext_tlshdr.length = htons ( len ); ! 1200: ! 1201: /* Calculate MAC */ ! 1202: tls_hmac ( tls, cipherspec, tls->tx_seq, &plaintext_tlshdr, ! 1203: data, len, mac ); ! 1204: ! 1205: /* Allocate and assemble plaintext struct */ ! 1206: if ( is_stream_cipher ( cipherspec->cipher ) ) { ! 1207: plaintext = tls_assemble_stream ( tls, data, len, mac, ! 1208: &plaintext_len ); ! 1209: } else { ! 1210: plaintext = tls_assemble_block ( tls, data, len, mac, ! 1211: &plaintext_len ); ! 1212: } ! 1213: if ( ! plaintext ) { ! 1214: DBGC ( tls, "TLS %p could not allocate %zd bytes for " ! 1215: "plaintext\n", tls, plaintext_len ); ! 1216: rc = -ENOMEM; ! 1217: goto done; ! 1218: } ! 1219: ! 1220: DBGC2 ( tls, "Sending plaintext data:\n" ); ! 1221: DBGC2_HD ( tls, plaintext, plaintext_len ); ! 1222: ! 1223: /* Allocate ciphertext */ ! 1224: ciphertext_len = ( sizeof ( *tlshdr ) + plaintext_len ); ! 1225: ciphertext = xfer_alloc_iob ( &tls->cipherstream, ciphertext_len ); ! 1226: if ( ! ciphertext ) { ! 1227: DBGC ( tls, "TLS %p could not allocate %zd bytes for " ! 1228: "ciphertext\n", tls, ciphertext_len ); ! 1229: rc = -ENOMEM; ! 1230: goto done; ! 1231: } ! 1232: ! 1233: /* Assemble ciphertext */ ! 1234: tlshdr = iob_put ( ciphertext, sizeof ( *tlshdr ) ); ! 1235: tlshdr->type = type; ! 1236: tlshdr->version = htons ( TLS_VERSION_TLS_1_0 ); ! 1237: tlshdr->length = htons ( plaintext_len ); ! 1238: memcpy ( cipherspec->cipher_next_ctx, cipherspec->cipher_ctx, ! 1239: cipherspec->cipher->ctxsize ); ! 1240: cipher_encrypt ( cipherspec->cipher, cipherspec->cipher_next_ctx, ! 1241: plaintext, iob_put ( ciphertext, plaintext_len ), ! 1242: plaintext_len ); ! 1243: ! 1244: /* Free plaintext as soon as possible to conserve memory */ ! 1245: free ( plaintext ); ! 1246: plaintext = NULL; ! 1247: ! 1248: /* Send ciphertext */ ! 1249: if ( ( rc = xfer_deliver_iob ( &tls->cipherstream, ! 1250: iob_disown ( ciphertext ) ) ) != 0 ) { ! 1251: DBGC ( tls, "TLS %p could not deliver ciphertext: %s\n", ! 1252: tls, strerror ( rc ) ); ! 1253: goto done; ! 1254: } ! 1255: ! 1256: /* Update TX state machine to next record */ ! 1257: tls->tx_seq += 1; ! 1258: memcpy ( tls->tx_cipherspec.cipher_ctx, ! 1259: tls->tx_cipherspec.cipher_next_ctx, ! 1260: tls->tx_cipherspec.cipher->ctxsize ); ! 1261: ! 1262: done: ! 1263: free ( plaintext ); ! 1264: free_iob ( ciphertext ); ! 1265: return rc; ! 1266: } ! 1267: ! 1268: /** ! 1269: * Split stream-ciphered record into data and MAC portions ! 1270: * ! 1271: * @v tls TLS session ! 1272: * @v plaintext Plaintext record ! 1273: * @v plaintext_len Length of record ! 1274: * @ret data Data ! 1275: * @ret len Length of data ! 1276: * @ret digest MAC digest ! 1277: * @ret rc Return status code ! 1278: */ ! 1279: static int tls_split_stream ( struct tls_session *tls, ! 1280: void *plaintext, size_t plaintext_len, ! 1281: void **data, size_t *len, void **digest ) { ! 1282: void *content; ! 1283: size_t content_len; ! 1284: void *mac; ! 1285: size_t mac_len; ! 1286: ! 1287: /* Decompose stream-ciphered data */ ! 1288: mac_len = tls->rx_cipherspec.digest->digestsize; ! 1289: if ( plaintext_len < mac_len ) { ! 1290: DBGC ( tls, "TLS %p received underlength record\n", tls ); ! 1291: DBGC_HD ( tls, plaintext, plaintext_len ); ! 1292: return -EINVAL; ! 1293: } ! 1294: content_len = ( plaintext_len - mac_len ); ! 1295: content = plaintext; ! 1296: mac = ( content + content_len ); ! 1297: ! 1298: /* Fill in return values */ ! 1299: *data = content; ! 1300: *len = content_len; ! 1301: *digest = mac; ! 1302: ! 1303: return 0; ! 1304: } ! 1305: ! 1306: /** ! 1307: * Split block-ciphered record into data and MAC portions ! 1308: * ! 1309: * @v tls TLS session ! 1310: * @v plaintext Plaintext record ! 1311: * @v plaintext_len Length of record ! 1312: * @ret data Data ! 1313: * @ret len Length of data ! 1314: * @ret digest MAC digest ! 1315: * @ret rc Return status code ! 1316: */ ! 1317: static int tls_split_block ( struct tls_session *tls, ! 1318: void *plaintext, size_t plaintext_len, ! 1319: void **data, size_t *len, ! 1320: void **digest ) { ! 1321: void *iv; ! 1322: size_t iv_len; ! 1323: void *content; ! 1324: size_t content_len; ! 1325: void *mac; ! 1326: size_t mac_len; ! 1327: void *padding; ! 1328: size_t padding_len; ! 1329: unsigned int i; ! 1330: ! 1331: /* Decompose block-ciphered data */ ! 1332: if ( plaintext_len < 1 ) { ! 1333: DBGC ( tls, "TLS %p received underlength record\n", tls ); ! 1334: DBGC_HD ( tls, plaintext, plaintext_len ); ! 1335: return -EINVAL; ! 1336: } ! 1337: iv_len = tls->rx_cipherspec.cipher->blocksize; ! 1338: ! 1339: /* FIXME: TLSv1.1 uses an explicit IV */ ! 1340: iv_len = 0; ! 1341: ! 1342: mac_len = tls->rx_cipherspec.digest->digestsize; ! 1343: padding_len = *( ( uint8_t * ) ( plaintext + plaintext_len - 1 ) ); ! 1344: if ( plaintext_len < ( iv_len + mac_len + padding_len + 1 ) ) { ! 1345: DBGC ( tls, "TLS %p received underlength record\n", tls ); ! 1346: DBGC_HD ( tls, plaintext, plaintext_len ); ! 1347: return -EINVAL; ! 1348: } ! 1349: content_len = ( plaintext_len - iv_len - mac_len - padding_len - 1 ); ! 1350: iv = plaintext; ! 1351: content = ( iv + iv_len ); ! 1352: mac = ( content + content_len ); ! 1353: padding = ( mac + mac_len ); ! 1354: ! 1355: /* Verify padding bytes */ ! 1356: for ( i = 0 ; i < padding_len ; i++ ) { ! 1357: if ( *( ( uint8_t * ) ( padding + i ) ) != padding_len ) { ! 1358: DBGC ( tls, "TLS %p received bad padding\n", tls ); ! 1359: DBGC_HD ( tls, plaintext, plaintext_len ); ! 1360: return -EINVAL; ! 1361: } ! 1362: } ! 1363: ! 1364: /* Fill in return values */ ! 1365: *data = content; ! 1366: *len = content_len; ! 1367: *digest = mac; ! 1368: ! 1369: return 0; ! 1370: } ! 1371: ! 1372: /** ! 1373: * Receive new ciphertext record ! 1374: * ! 1375: * @v tls TLS session ! 1376: * @v tlshdr Record header ! 1377: * @v ciphertext Ciphertext record ! 1378: * @ret rc Return status code ! 1379: */ ! 1380: static int tls_new_ciphertext ( struct tls_session *tls, ! 1381: struct tls_header *tlshdr, void *ciphertext ) { ! 1382: struct tls_header plaintext_tlshdr; ! 1383: struct tls_cipherspec *cipherspec = &tls->rx_cipherspec; ! 1384: size_t record_len = ntohs ( tlshdr->length ); ! 1385: void *plaintext = NULL; ! 1386: void *data; ! 1387: size_t len; ! 1388: void *mac; ! 1389: size_t mac_len = cipherspec->digest->digestsize; ! 1390: uint8_t verify_mac[mac_len]; ! 1391: int rc; ! 1392: ! 1393: /* Allocate buffer for plaintext */ ! 1394: plaintext = malloc ( record_len ); ! 1395: if ( ! plaintext ) { ! 1396: DBGC ( tls, "TLS %p could not allocate %zd bytes for " ! 1397: "decryption buffer\n", tls, record_len ); ! 1398: rc = -ENOMEM; ! 1399: goto done; ! 1400: } ! 1401: ! 1402: /* Decrypt the record */ ! 1403: cipher_decrypt ( cipherspec->cipher, cipherspec->cipher_ctx, ! 1404: ciphertext, plaintext, record_len ); ! 1405: ! 1406: /* Split record into content and MAC */ ! 1407: if ( is_stream_cipher ( cipherspec->cipher ) ) { ! 1408: if ( ( rc = tls_split_stream ( tls, plaintext, record_len, ! 1409: &data, &len, &mac ) ) != 0 ) ! 1410: goto done; ! 1411: } else { ! 1412: if ( ( rc = tls_split_block ( tls, plaintext, record_len, ! 1413: &data, &len, &mac ) ) != 0 ) ! 1414: goto done; ! 1415: } ! 1416: ! 1417: /* Verify MAC */ ! 1418: plaintext_tlshdr.type = tlshdr->type; ! 1419: plaintext_tlshdr.version = tlshdr->version; ! 1420: plaintext_tlshdr.length = htons ( len ); ! 1421: tls_hmac ( tls, cipherspec, tls->rx_seq, &plaintext_tlshdr, ! 1422: data, len, verify_mac); ! 1423: if ( memcmp ( mac, verify_mac, mac_len ) != 0 ) { ! 1424: DBGC ( tls, "TLS %p failed MAC verification\n", tls ); ! 1425: DBGC_HD ( tls, plaintext, record_len ); ! 1426: goto done; ! 1427: } ! 1428: ! 1429: DBGC2 ( tls, "Received plaintext data:\n" ); ! 1430: DBGC2_HD ( tls, data, len ); ! 1431: ! 1432: /* Process plaintext record */ ! 1433: if ( ( rc = tls_new_record ( tls, tlshdr->type, data, len ) ) != 0 ) ! 1434: goto done; ! 1435: ! 1436: rc = 0; ! 1437: done: ! 1438: free ( plaintext ); ! 1439: return rc; ! 1440: } ! 1441: ! 1442: /****************************************************************************** ! 1443: * ! 1444: * Plaintext stream operations ! 1445: * ! 1446: ****************************************************************************** ! 1447: */ ! 1448: ! 1449: /** ! 1450: * Check flow control window ! 1451: * ! 1452: * @v tls TLS session ! 1453: * @ret len Length of window ! 1454: */ ! 1455: static size_t tls_plainstream_window ( struct tls_session *tls ) { ! 1456: ! 1457: /* Block window unless we are ready to accept data */ ! 1458: if ( tls->tx_state != TLS_TX_DATA ) ! 1459: return 0; ! 1460: ! 1461: return xfer_window ( &tls->cipherstream ); ! 1462: } ! 1463: ! 1464: /** ! 1465: * Deliver datagram as raw data ! 1466: * ! 1467: * @v tls TLS session ! 1468: * @v iobuf I/O buffer ! 1469: * @v meta Data transfer metadata ! 1470: * @ret rc Return status code ! 1471: */ ! 1472: static int tls_plainstream_deliver ( struct tls_session *tls, ! 1473: struct io_buffer *iobuf, ! 1474: struct xfer_metadata *meta __unused ) { ! 1475: int rc; ! 1476: ! 1477: /* Refuse unless we are ready to accept data */ ! 1478: if ( tls->tx_state != TLS_TX_DATA ) { ! 1479: rc = -ENOTCONN; ! 1480: goto done; ! 1481: } ! 1482: ! 1483: if ( ( rc = tls_send_plaintext ( tls, TLS_TYPE_DATA, iobuf->data, ! 1484: iob_len ( iobuf ) ) ) != 0 ) ! 1485: goto done; ! 1486: ! 1487: done: ! 1488: free_iob ( iobuf ); ! 1489: return rc; ! 1490: } ! 1491: ! 1492: /** TLS plaintext stream interface operations */ ! 1493: static struct interface_operation tls_plainstream_ops[] = { ! 1494: INTF_OP ( xfer_deliver, struct tls_session *, tls_plainstream_deliver ), ! 1495: INTF_OP ( xfer_window, struct tls_session *, tls_plainstream_window ), ! 1496: INTF_OP ( intf_close, struct tls_session *, tls_close ), ! 1497: }; ! 1498: ! 1499: /** TLS plaintext stream interface descriptor */ ! 1500: static struct interface_descriptor tls_plainstream_desc = ! 1501: INTF_DESC_PASSTHRU ( struct tls_session, plainstream, ! 1502: tls_plainstream_ops, cipherstream ); ! 1503: ! 1504: /****************************************************************************** ! 1505: * ! 1506: * Ciphertext stream operations ! 1507: * ! 1508: ****************************************************************************** ! 1509: */ ! 1510: ! 1511: /** ! 1512: * Handle received TLS header ! 1513: * ! 1514: * @v tls TLS session ! 1515: * @ret rc Returned status code ! 1516: */ ! 1517: static int tls_newdata_process_header ( struct tls_session *tls ) { ! 1518: size_t data_len = ntohs ( tls->rx_header.length ); ! 1519: ! 1520: /* Allocate data buffer now that we know the length */ ! 1521: assert ( tls->rx_data == NULL ); ! 1522: tls->rx_data = malloc ( data_len ); ! 1523: if ( ! tls->rx_data ) { ! 1524: DBGC ( tls, "TLS %p could not allocate %zd bytes " ! 1525: "for receive buffer\n", tls, data_len ); ! 1526: return -ENOMEM; ! 1527: } ! 1528: ! 1529: /* Move to data state */ ! 1530: tls->rx_state = TLS_RX_DATA; ! 1531: ! 1532: return 0; ! 1533: } ! 1534: ! 1535: /** ! 1536: * Handle received TLS data payload ! 1537: * ! 1538: * @v tls TLS session ! 1539: * @ret rc Returned status code ! 1540: */ ! 1541: static int tls_newdata_process_data ( struct tls_session *tls ) { ! 1542: int rc; ! 1543: ! 1544: /* Process record */ ! 1545: if ( ( rc = tls_new_ciphertext ( tls, &tls->rx_header, ! 1546: tls->rx_data ) ) != 0 ) ! 1547: return rc; ! 1548: ! 1549: /* Increment RX sequence number */ ! 1550: tls->rx_seq += 1; ! 1551: ! 1552: /* Free data buffer */ ! 1553: free ( tls->rx_data ); ! 1554: tls->rx_data = NULL; ! 1555: ! 1556: /* Return to header state */ ! 1557: tls->rx_state = TLS_RX_HEADER; ! 1558: ! 1559: return 0; ! 1560: } ! 1561: ! 1562: /** ! 1563: * Receive new ciphertext ! 1564: * ! 1565: * @v tls TLS session ! 1566: * @v iobuf I/O buffer ! 1567: * @v meta Data transfer metadat ! 1568: * @ret rc Return status code ! 1569: */ ! 1570: static int tls_cipherstream_deliver ( struct tls_session *tls, ! 1571: struct io_buffer *iobuf, ! 1572: struct xfer_metadata *xfer __unused ) { ! 1573: size_t frag_len; ! 1574: void *buf; ! 1575: size_t buf_len; ! 1576: int ( * process ) ( struct tls_session *tls ); ! 1577: int rc; ! 1578: ! 1579: while ( iob_len ( iobuf ) ) { ! 1580: /* Select buffer according to current state */ ! 1581: switch ( tls->rx_state ) { ! 1582: case TLS_RX_HEADER: ! 1583: buf = &tls->rx_header; ! 1584: buf_len = sizeof ( tls->rx_header ); ! 1585: process = tls_newdata_process_header; ! 1586: break; ! 1587: case TLS_RX_DATA: ! 1588: buf = tls->rx_data; ! 1589: buf_len = ntohs ( tls->rx_header.length ); ! 1590: process = tls_newdata_process_data; ! 1591: break; ! 1592: default: ! 1593: assert ( 0 ); ! 1594: rc = -EINVAL; ! 1595: goto done; ! 1596: } ! 1597: ! 1598: /* Copy data portion to buffer */ ! 1599: frag_len = ( buf_len - tls->rx_rcvd ); ! 1600: if ( frag_len > iob_len ( iobuf ) ) ! 1601: frag_len = iob_len ( iobuf ); ! 1602: memcpy ( ( buf + tls->rx_rcvd ), iobuf->data, frag_len ); ! 1603: tls->rx_rcvd += frag_len; ! 1604: iob_pull ( iobuf, frag_len ); ! 1605: ! 1606: /* Process data if buffer is now full */ ! 1607: if ( tls->rx_rcvd == buf_len ) { ! 1608: if ( ( rc = process ( tls ) ) != 0 ) { ! 1609: tls_close ( tls, rc ); ! 1610: goto done; ! 1611: } ! 1612: tls->rx_rcvd = 0; ! 1613: } ! 1614: } ! 1615: rc = 0; ! 1616: ! 1617: done: ! 1618: free_iob ( iobuf ); ! 1619: return rc; ! 1620: } ! 1621: ! 1622: /** TLS ciphertext stream interface operations */ ! 1623: static struct interface_operation tls_cipherstream_ops[] = { ! 1624: INTF_OP ( xfer_deliver, struct tls_session *, ! 1625: tls_cipherstream_deliver ), ! 1626: INTF_OP ( intf_close, struct tls_session *, tls_close ), ! 1627: }; ! 1628: ! 1629: /** TLS ciphertext stream interface descriptor */ ! 1630: static struct interface_descriptor tls_cipherstream_desc = ! 1631: INTF_DESC_PASSTHRU ( struct tls_session, cipherstream, ! 1632: tls_cipherstream_ops, plainstream ); ! 1633: ! 1634: /****************************************************************************** ! 1635: * ! 1636: * Controlling process ! 1637: * ! 1638: ****************************************************************************** ! 1639: */ ! 1640: ! 1641: /** ! 1642: * TLS TX state machine ! 1643: * ! 1644: * @v process TLS process ! 1645: */ ! 1646: static void tls_step ( struct process *process ) { ! 1647: struct tls_session *tls = ! 1648: container_of ( process, struct tls_session, process ); ! 1649: int rc; ! 1650: ! 1651: /* Wait for cipherstream to become ready */ ! 1652: if ( ! xfer_window ( &tls->cipherstream ) ) ! 1653: return; ! 1654: ! 1655: switch ( tls->tx_state ) { ! 1656: case TLS_TX_NONE: ! 1657: /* Nothing to do */ ! 1658: break; ! 1659: case TLS_TX_CLIENT_HELLO: ! 1660: /* Send Client Hello */ ! 1661: if ( ( rc = tls_send_client_hello ( tls ) ) != 0 ) { ! 1662: DBGC ( tls, "TLS %p could not send Client Hello: %s\n", ! 1663: tls, strerror ( rc ) ); ! 1664: goto err; ! 1665: } ! 1666: tls->tx_state = TLS_TX_NONE; ! 1667: break; ! 1668: case TLS_TX_CLIENT_KEY_EXCHANGE: ! 1669: /* Send Client Key Exchange */ ! 1670: if ( ( rc = tls_send_client_key_exchange ( tls ) ) != 0 ) { ! 1671: DBGC ( tls, "TLS %p could send Client Key Exchange: " ! 1672: "%s\n", tls, strerror ( rc ) ); ! 1673: goto err; ! 1674: } ! 1675: tls->tx_state = TLS_TX_CHANGE_CIPHER; ! 1676: break; ! 1677: case TLS_TX_CHANGE_CIPHER: ! 1678: /* Send Change Cipher, and then change the cipher in use */ ! 1679: if ( ( rc = tls_send_change_cipher ( tls ) ) != 0 ) { ! 1680: DBGC ( tls, "TLS %p could not send Change Cipher: " ! 1681: "%s\n", tls, strerror ( rc ) ); ! 1682: goto err; ! 1683: } ! 1684: if ( ( rc = tls_change_cipher ( tls, ! 1685: &tls->tx_cipherspec_pending, ! 1686: &tls->tx_cipherspec )) != 0 ){ ! 1687: DBGC ( tls, "TLS %p could not activate TX cipher: " ! 1688: "%s\n", tls, strerror ( rc ) ); ! 1689: goto err; ! 1690: } ! 1691: tls->tx_seq = 0; ! 1692: tls->tx_state = TLS_TX_FINISHED; ! 1693: break; ! 1694: case TLS_TX_FINISHED: ! 1695: /* Send Finished */ ! 1696: if ( ( rc = tls_send_finished ( tls ) ) != 0 ) { ! 1697: DBGC ( tls, "TLS %p could not send Finished: %s\n", ! 1698: tls, strerror ( rc ) ); ! 1699: goto err; ! 1700: } ! 1701: tls->tx_state = TLS_TX_NONE; ! 1702: break; ! 1703: case TLS_TX_DATA: ! 1704: /* Nothing to do */ ! 1705: break; ! 1706: default: ! 1707: assert ( 0 ); ! 1708: } ! 1709: ! 1710: return; ! 1711: ! 1712: err: ! 1713: tls_close ( tls, rc ); ! 1714: } ! 1715: ! 1716: /****************************************************************************** ! 1717: * ! 1718: * Instantiator ! 1719: * ! 1720: ****************************************************************************** ! 1721: */ ! 1722: ! 1723: int add_tls ( struct interface *xfer, struct interface **next ) { ! 1724: struct tls_session *tls; ! 1725: ! 1726: /* Allocate and initialise TLS structure */ ! 1727: tls = malloc ( sizeof ( *tls ) ); ! 1728: if ( ! tls ) ! 1729: return -ENOMEM; ! 1730: memset ( tls, 0, sizeof ( *tls ) ); ! 1731: ref_init ( &tls->refcnt, free_tls ); ! 1732: intf_init ( &tls->plainstream, &tls_plainstream_desc, &tls->refcnt ); ! 1733: intf_init ( &tls->cipherstream, &tls_cipherstream_desc, &tls->refcnt ); ! 1734: tls_clear_cipher ( tls, &tls->tx_cipherspec ); ! 1735: tls_clear_cipher ( tls, &tls->tx_cipherspec_pending ); ! 1736: tls_clear_cipher ( tls, &tls->rx_cipherspec ); ! 1737: tls_clear_cipher ( tls, &tls->rx_cipherspec_pending ); ! 1738: tls->client_random.gmt_unix_time = 0; ! 1739: tls_generate_random ( &tls->client_random.random, ! 1740: ( sizeof ( tls->client_random.random ) ) ); ! 1741: tls->pre_master_secret.version = htons ( TLS_VERSION_TLS_1_0 ); ! 1742: tls_generate_random ( &tls->pre_master_secret.random, ! 1743: ( sizeof ( tls->pre_master_secret.random ) ) ); ! 1744: digest_init ( &md5_algorithm, tls->handshake_md5_ctx ); ! 1745: digest_init ( &sha1_algorithm, tls->handshake_sha1_ctx ); ! 1746: tls->tx_state = TLS_TX_CLIENT_HELLO; ! 1747: process_init ( &tls->process, tls_step, &tls->refcnt ); ! 1748: ! 1749: /* Attach to parent interface, mortalise self, and return */ ! 1750: intf_plug_plug ( &tls->plainstream, xfer ); ! 1751: *next = &tls->cipherstream; ! 1752: ref_put ( &tls->refcnt ); ! 1753: return 0; ! 1754: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.