Implemented input record decryption and verification

7 files changed, 122 insertions, 16 deletions

diff --git a/src/charon/plugins/eap_tls/eap_tls.c b/src/charon/plugins/eap_tls/eap_tls.c
index 589096df0..3518dfca1 100644
--- a/src/charon/plugins/eap_tls/eap_tls.c
+++ b/src/charon/plugins/eap_tls/eap_tls.c
@@ -318,6 +318,7 @@ METHOD(eap_method_t, process, status_t,
 	status_t status;
 
 	data = in->get_data(in);
+
 	pkt = (eap_tls_packet_t*)data.ptr;
 	if (data.len < sizeof(eap_tls_packet_t) ||
 		untoh16(&pkt->length) != data.len)
diff --git a/src/charon/plugins/eap_tls/tls/tls_crypto.c b/src/charon/plugins/eap_tls/tls/tls_crypto.c
index 829d29a89..e0977216e 100644
--- a/src/charon/plugins/eap_tls/tls/tls_crypto.c
+++ b/src/charon/plugins/eap_tls/tls/tls_crypto.c
@@ -363,7 +363,7 @@ METHOD(tls_crypto_t, derive_master_secret, void,
 	if (this->crypter_out)
 	{
 		eks = this->crypter_out->get_key_size(this->crypter_out);
-		if (this->tls->get_version(this->tls) < TLS_1_2)
+		if (this->tls->get_version(this->tls) < TLS_1_1)
 		{
 			ivs = this->crypter_out->get_block_size(this->crypter_out);
 		}
diff --git a/src/charon/plugins/eap_tls/tls/tls_fragmentation.c b/src/charon/plugins/eap_tls/tls/tls_fragmentation.c
index 83295e229..7a99c9235 100644
--- a/src/charon/plugins/eap_tls/tls/tls_fragmentation.c
+++ b/src/charon/plugins/eap_tls/tls/tls_fragmentation.c
@@ -141,8 +141,12 @@ METHOD(tls_fragmentation_t, process, status_t,
 	switch (type)
 	{
 		case TLS_CHANGE_CIPHER_SPEC:
-			this->handshake->change_cipherspec(this->handshake);
-			status = NEED_MORE;
+			if (this->handshake->change_cipherspec(this->handshake))
+			{
+				status = NEED_MORE;
+				break;
+			}
+			status = FAILED;
 			break;
 		case TLS_ALERT:
 			/* TODO: handle Alert */
diff --git a/src/charon/plugins/eap_tls/tls/tls_handshake.h b/src/charon/plugins/eap_tls/tls/tls_handshake.h
index e32f3e5ee..113974042 100644
--- a/src/charon/plugins/eap_tls/tls/tls_handshake.h
+++ b/src/charon/plugins/eap_tls/tls/tls_handshake.h
@@ -68,8 +68,10 @@ struct tls_handshake_t {
 
 	/**
 	 * Change the cipher spec for incoming messages.
+	 *
+	 * @return			TRUE if cipher spec changed
 	 */
-	void (*change_cipherspec)(tls_handshake_t *this);
+	bool (*change_cipherspec)(tls_handshake_t *this);
 
 	/**
 	 * Destroy a tls_handshake_t.
diff --git a/src/charon/plugins/eap_tls/tls/tls_peer.c b/src/charon/plugins/eap_tls/tls/tls_peer.c
index f742cafd0..97052b556 100644
--- a/src/charon/plugins/eap_tls/tls/tls_peer.c
+++ b/src/charon/plugins/eap_tls/tls/tls_peer.c
@@ -28,8 +28,9 @@ typedef enum {
 	STATE_CERT_SENT,
 	STATE_KEY_EXCHANGE_SENT,
 	STATE_VERIFY_SENT,
-	STATE_CIPHERSPEC_CHANGED,
+	STATE_CIPHERSPEC_CHANGED_OUT,
 	STATE_FINISHED_SENT,
+	STATE_CIPHERSPEC_CHANGED_IN,
 } peer_state_t;
 
 /**
@@ -270,6 +271,14 @@ static status_t process_hello_done(private_tls_peer_t *this,
 	return NEED_MORE;
 }
 
+/**
+ * Process finished message
+ */
+static status_t process_finished(private_tls_peer_t *this, tls_reader_t *reader)
+{
+	return FAILED;
+}
+
 METHOD(tls_handshake_t, process, status_t,
 	private_tls_peer_t *this, tls_handshake_type_t type, tls_reader_t *reader)
 {
@@ -290,6 +299,15 @@ METHOD(tls_handshake_t, process, status_t,
 					break;
 			}
 			break;
+		case STATE_CIPHERSPEC_CHANGED_IN:
+			switch (type)
+			{
+				case TLS_FINISHED:
+					return process_finished(this, reader);
+				default:
+					break;
+			}
+			break;
 		default:
 			break;
 	}
@@ -568,6 +586,7 @@ static status_t send_finished(private_tls_peer_t *this,
 
 	*type = TLS_FINISHED;
 	this->state = STATE_FINISHED_SENT;
+	append_handshake(this, *type, writer->get_buf(writer));
 	return NEED_MORE;
 }
 
@@ -584,7 +603,7 @@ METHOD(tls_handshake_t, build, status_t,
 			return send_key_exchange(this, type, writer);
 		case STATE_KEY_EXCHANGE_SENT:
 			return send_certificate_verify(this, type, writer);
-		case STATE_CIPHERSPEC_CHANGED:
+		case STATE_CIPHERSPEC_CHANGED_OUT:
 			return send_finished(this, type, writer);
 		default:
 			return INVALID_STATE;
@@ -597,16 +616,22 @@ METHOD(tls_handshake_t, cipherspec_changed, bool,
 	if (this->state == STATE_VERIFY_SENT)
 	{
 		this->crypto->change_cipher(this->crypto, FALSE);
-		this->state = STATE_CIPHERSPEC_CHANGED;
+		this->state = STATE_CIPHERSPEC_CHANGED_OUT;
 		return TRUE;
 	}
 	return FALSE;
 }
 
-METHOD(tls_handshake_t, change_cipherspec, void,
+METHOD(tls_handshake_t, change_cipherspec, bool,
 	private_tls_peer_t *this)
 {
-
+	if (this->state == STATE_FINISHED_SENT)
+	{
+		this->crypto->change_cipher(this->crypto, TRUE);
+		this->state = STATE_CIPHERSPEC_CHANGED_IN;
+		return TRUE;
+	}
+	return FALSE;
 }
 
 METHOD(tls_handshake_t, destroy, void,
diff --git a/src/charon/plugins/eap_tls/tls/tls_protection.c b/src/charon/plugins/eap_tls/tls/tls_protection.c
index d0bb1e030..75fae0a71 100644
--- a/src/charon/plugins/eap_tls/tls/tls_protection.c
+++ b/src/charon/plugins/eap_tls/tls/tls_protection.c
@@ -106,7 +106,82 @@ static chunk_t sigheader(u_int32_t seq, u_int8_t type,
 METHOD(tls_protection_t, process, status_t,
 	private_tls_protection_t *this, tls_content_type_t type, chunk_t data)
 {
-	this->seq_in++;
+	if (this->crypter_in)
+	{
+		chunk_t iv, next_iv = chunk_empty;
+		u_int8_t bs, padding_length;
+
+		bs = this->crypter_in->get_block_size(this->crypter_in);
+		if (data.len < bs || data.len % bs)
+		{
+			DBG1(DBG_IKE, "encrypted TLS record not multiple of block size");
+			return FAILED;
+		}
+		if (this->iv_in.len)
+		{	/* < TLSv1.1 uses IV from key derivation/last block */
+			iv = this->iv_in;
+			next_iv = chunk_clone(chunk_create(data.ptr + data.len - bs, bs));
+		}
+		else
+		{	/* TLSv1.1 uses random IVs, prepended to record */
+			iv = chunk_create(data.ptr, bs);
+			data = chunk_skip(data, bs);
+			if (data.len < bs)
+			{
+				DBG1(DBG_IKE, "TLS record too short to decrypt");
+				return FAILED;
+			}
+		}
+		this->crypter_in->decrypt(this->crypter_in, data, iv, NULL);
+
+		if (next_iv.len)
+		{	/* next record IV is last ciphertext block of this record */
+			memcpy(this->iv_in.ptr, next_iv.ptr, next_iv.len);
+			free(next_iv.ptr);
+		}
+
+		padding_length = data.ptr[data.len - 1];
+		if (padding_length >= data.len)
+		{
+			DBG1(DBG_IKE, "invalid TLS record padding");
+			return FAILED;
+		}
+		data.len -= padding_length + 1;
+	}
+	if (this->signer_in)
+	{
+		chunk_t mac, macdata, header;
+		u_int8_t bs;
+
+		bs = this->signer_in->get_block_size(this->signer_in);
+		if (data.len <= bs)
+		{
+			DBG1(DBG_IKE, "TLS record too short to verify MAC");
+			return FAILED;
+		}
+		mac = chunk_skip(data, data.len - bs);
+		data.len -= bs;
+
+		header = sigheader(this->seq_in, type,
+						   this->tls->get_version(this->tls), data.len);
+		macdata = chunk_cat("mc", header, data);
+		if (!this->signer_in->verify_signature(this->signer_in, macdata, mac))
+		{
+			DBG1(DBG_IKE, "TLS record MAC verification failed");
+			free(macdata.ptr);
+			return FAILED;
+		}
+		free(macdata.ptr);
+	}
+
+	if (type == TLS_CHANGE_CIPHER_SPEC)
+	{
+		this->seq_in = 0;
+	}
+	else
+	{
+		this->seq_in++;
+	}
 	return this->compression->process(this->compression, type, data);
 }
 
@@ -145,11 +220,11 @@ METHOD(tls_protection_t, build, status_t,
 				memset(padding.ptr, padding_length, padding.len);
 
 				if (this->iv_out.len)
-				{	/* < TLSv1.2 uses IV from key derivation/last block */
+				{	/* < TLSv1.1 uses IV from key derivation/last block */
 					iv = this->iv_out;
 				}
 				else
-				{	/* TLSv1.2 uses random IVs, prepended to record */
+				{	/* TLSv1.1 uses random IVs, prepended to record */
 					if (!this->rng)
 					{
 						DBG1(DBG_IKE, "no RNG supported to generate TLS IV");
@@ -162,8 +237,7 @@ METHOD(tls_protection_t, build, status_t,
 				*data = chunk_cat("mmcc", *data, mac, padding,
 								  chunk_from_thing(padding_length));
 				/* encrypt inline */
-				this->crypter_out->encrypt(this->crypter_out, *data,
-										   this->iv_out, NULL);
+				this->crypter_out->encrypt(this->crypter_out, *data, iv, NULL);
 
 				if (this->iv_out.len)
 				{	/* next record IV is last ciphertext block of this record */
diff --git a/src/charon/plugins/eap_tls/tls/tls_server.c b/src/charon/plugins/eap_tls/tls/tls_server.c
index a5dcdd061..8d5e016db 100644
--- a/src/charon/plugins/eap_tls/tls/tls_server.c
+++ b/src/charon/plugins/eap_tls/tls/tls_server.c
@@ -69,10 +69,10 @@ METHOD(tls_handshake_t, cipherspec_changed, bool,
 	return FALSE;
 }
 
-METHOD(tls_handshake_t, change_cipherspec, void,
+METHOD(tls_handshake_t, change_cipherspec, bool,
 	private_tls_server_t *this)
 {
-
+	return FALSE;
 }
 
 METHOD(tls_handshake_t, destroy, void,