Home Explore Help
Register Sign In
RISCI_ATOM
/
harvey
mirror of https://github.com/Harvey-OS/harvey.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 2fe38ee93a
Branches Tags
harvey
/
sys
/
src
/
9
/
port
/
devtls.c

devtls.c 44 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181 
  1. /*
    2. 

  2.  *  devtls - record layer for transport layer security 1.0 and secure sockets layer 3.0
    3. 

  3.  */
    4. 

  4. #include	"u.h"
    5. 

  5. #include	"../port/lib.h"
    6. 

  6. #include	"mem.h"
    7. 

  7. #include	"dat.h"
    8. 

  8. #include	"fns.h"
    9. 

  9. #include	"../port/error.h"
    10. 

  10. 

  11. #include	<libsec.h>
    12. 

  12. 

  13. typedef struct OneWay	OneWay;
    14. 

  14. typedef struct Secret		Secret;
    15. 

  15. typedef struct TlsRec	TlsRec;
    16. 

  16. typedef struct TlsErrs	TlsErrs;
    17. 

  17. 

  18. enum {
    19. 

  19. 	Statlen=	1024,		/* max. length of status or stats message */
    20. 

  20. 	/* buffer limits */
    21. 

  21. 	MaxRecLen		= 1<<14,	/* max payload length of a record layer message */
    22. 

  22. 	MaxCipherRecLen	= MaxRecLen + 2048,
    23. 

  23. 	RecHdrLen		= 5,
    24. 

  24. 	MaxMacLen		= SHA1dlen,
    25. 

  25. 

  26. 	/* protocol versions we can accept */
    27. 

  27. 	TLSVersion		= 0x0301,
    28. 

  28. 	SSL3Version		= 0x0300,
    29. 

  29. 	ProtocolVersion	= 0x0301,	/* maximum version we speak */
    30. 

  30. 	MinProtoVersion	= 0x0300,	/* limits on version we accept */
    31. 

  31. 	MaxProtoVersion	= 0x03ff,
    32. 

  32. 

  33. 	/* connection states */
    34. 

  34. 	SHandshake	= 1 << 0,	/* doing handshake */
    35. 

  35. 	SOpen		= 1 << 1,	/* application data can be sent */
    36. 

  36. 	SRClose		= 1 << 2,	/* remote side has closed down */
    37. 

  37. 	SLClose		= 1 << 3,	/* sent a close notify alert */
    38. 

  38. 	SAlert		= 1 << 5,	/* sending or sent a fatal alert */
    39. 

  39. 	SError		= 1 << 6,	/* some sort of error has occured */
    40. 

  40. 	SClosed		= 1 << 7,	/* it is all over */
    41. 

  41. 

  42. 	/* record types */
    43. 

  43. 	RChangeCipherSpec = 20,
    44. 

  44. 	RAlert,
    45. 

  45. 	RHandshake,
    46. 

  46. 	RApplication,
    47. 

  47. 

  48. 	SSL2ClientHello = 1,
    49. 

  49. 	HSSL2ClientHello = 9,  /* local convention;  see tlshand.c */
    50. 

  50. 

  51. 	/* alerts */
    52. 

  52. 	ECloseNotify 			= 0,
    53. 

  53. 	EUnexpectedMessage 	= 10,
    54. 

  54. 	EBadRecordMac 		= 20,
    55. 

  55. 	EDecryptionFailed 		= 21,
    56. 

  56. 	ERecordOverflow 		= 22,
    57. 

  57. 	EDecompressionFailure 	= 30,
    58. 

  58. 	EHandshakeFailure 		= 40,
    59. 

  59. 	ENoCertificate 			= 41,
    60. 

  60. 	EBadCertificate 		= 42,
    61. 

  61. 	EUnsupportedCertificate 	= 43,
    62. 

  62. 	ECertificateRevoked 		= 44,
    63. 

  63. 	ECertificateExpired 		= 45,
    64. 

  64. 	ECertificateUnknown 	= 46,
    65. 

  65. 	EIllegalParameter 		= 47,
    66. 

  66. 	EUnknownCa 			= 48,
    67. 

  67. 	EAccessDenied 		= 49,
    68. 

  68. 	EDecodeError 			= 50,
    69. 

  69. 	EDecryptError 			= 51,
    70. 

  70. 	EExportRestriction 		= 60,
    71. 

  71. 	EProtocolVersion 		= 70,
    72. 

  72. 	EInsufficientSecurity 	= 71,
    73. 

  73. 	EInternalError 			= 80,
    74. 

  74. 	EUserCanceled 			= 90,
    75. 

  75. 	ENoRenegotiation 		= 100,
    76. 

  76. 

  77. 	EMAX = 256
    78. 

  78. };
    79. 

  79. 

  80. struct Secret
    81. 

  81. {
    82. 

  82. 	char		*encalg;	/* name of encryption alg */
    83. 

  83. 	char		*hashalg;	/* name of hash alg */
    84. 

  84. 	int		(*enc)(Secret*, uchar*, int);
    85. 

  85. 	int		(*dec)(Secret*, uchar*, int);
    86. 

  86. 	int		(*unpad)(uchar*, int, int);
    87. 

  87. 	DigestState	*(*mac)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
    88. 

  88. 	int		block;		/* encryption block len, 0 if none */
    89. 

  89. 	int		maclen;
    90. 

  90. 	void		*enckey;
    91. 

  91. 	uchar	mackey[MaxMacLen];
    92. 

  92. };
    93. 

  93. 

  94. struct OneWay
    95. 

  95. {
    96. 

  96. 	QLock		io;		/* locks io access */
    97. 

  97. 	QLock		seclock;	/* locks secret paramaters */
    98. 

  98. 	ulong		seq;
    99. 

  99. 	Secret		*sec;		/* cipher in use */
    100. 

  100. 	Secret		*new;		/* cipher waiting for enable */
    101. 

  101. };
    102. 

  102. 

  103. struct TlsRec
    104. 

  104. {
    105. 

  105. 	Chan	*c;				/* io channel */
    106. 

  106. 	int		ref;				/* serialized by tdlock for atomic destroy */
    107. 

  107. 	int		version;			/* version of the protocol we are speaking */
    108. 

  108. 	char		verset;			/* version has been set */
    109. 

  109. 	char		opened;			/* opened command every issued? */
    110. 

  110. 	char		err[ERRMAX];		/* error message to return to handshake requests */
    111. 

  111. 	vlong	handin;			/* bytes communicated by the record layer */
    112. 

  112. 	vlong	handout;
    113. 

  113. 	vlong	datain;
    114. 

  114. 	vlong	dataout;
    115. 

  115. 

  116. 	Lock		statelk;
    117. 

  117. 	int		state;
    118. 

  118. 	int		debug;
    119. 

  119. 

  120. 	/* record layer mac functions for different protocol versions */
    121. 

  121. 	void		(*packMac)(Secret*, uchar*, uchar*, uchar*, uchar*, int, uchar*);
    122. 

  122. 

  123. 	/* input side -- protected by in.io */
    124. 

  124. 	OneWay		in;
    125. 

  125. 	Block		*processed;	/* next bunch of application data */
    126. 

  126. 	Block		*unprocessed;	/* data read from c but not parsed into records */
    127. 

  127. 

  128. 	/* handshake queue */
    129. 

  129. 	Lock		hqlock;			/* protects hqref, alloc & free of handq, hprocessed */
    130. 

  130. 	int		hqref;
    131. 

  131. 	Queue		*handq;		/* queue of handshake messages */
    132. 

  132. 	Block		*hprocessed;	/* remainder of last block read from handq */
    133. 

  133. 	QLock		hqread;		/* protects reads for hprocessed, handq */
    134. 

  134. 

  135. 	/* output side */
    136. 

  136. 	OneWay		out;
    137. 

  137. 

  138. 	/* protections */
    139. 

  139. 	char		*user;
    140. 

  140. 	int		perm;
    141. 

  141. };
    142. 

  142. 

  143. struct TlsErrs{
    144. 

  144. 	int	err;
    145. 

  145. 	int	sslerr;
    146. 

  146. 	int	tlserr;
    147. 

  147. 	int	fatal;
    148. 

  148. 	char	*msg;
    149. 

  149. };
    150. 

  150. 

  151. static TlsErrs tlserrs[] = {
    152. 

  152. 	{ECloseNotify,			ECloseNotify,			ECloseNotify,			0, 	"close notify"},
    153. 

  153. 	{EUnexpectedMessage,	EUnexpectedMessage,	EUnexpectedMessage, 	1, "unexpected message"},
    154. 

  154. 	{EBadRecordMac,		EBadRecordMac,		EBadRecordMac, 		1, "bad record mac"},
    155. 

  155. 	{EDecryptionFailed,		EIllegalParameter,		EDecryptionFailed,		1, "decryption failed"},
    156. 

  156. 	{ERecordOverflow,		EIllegalParameter,		ERecordOverflow,		1, "record too long"},
    157. 

  157. 	{EDecompressionFailure,	EDecompressionFailure,	EDecompressionFailure,	1, "decompression failed"},
    158. 

  158. 	{EHandshakeFailure,		EHandshakeFailure,		EHandshakeFailure,		1, "could not negotiate acceptable security parameters"},
    159. 

  159. 	{ENoCertificate,		ENoCertificate,			ECertificateUnknown,	1, "no appropriate certificate available"},
    160. 

  160. 	{EBadCertificate,		EBadCertificate,		EBadCertificate,		1, "corrupted or invalid certificate"},
    161. 

  161. 	{EUnsupportedCertificate,	EUnsupportedCertificate,	EUnsupportedCertificate,	1, "unsupported certificate type"},
    162. 

  162. 	{ECertificateRevoked,	ECertificateRevoked,		ECertificateRevoked,		1, "revoked certificate"},
    163. 

  163. 	{ECertificateExpired,		ECertificateExpired,		ECertificateExpired,		1, "expired certificate"},
    164. 

  164. 	{ECertificateUnknown,	ECertificateUnknown,	ECertificateUnknown,	1, "unacceptable certificate"},
    165. 

  165. 	{EIllegalParameter,		EIllegalParameter,		EIllegalParameter,		1, "illegal parameter"},
    166. 

  166. 	{EUnknownCa,			EHandshakeFailure,		EUnknownCa,			1, "unknown certificate authority"},
    167. 

  167. 	{EAccessDenied,		EHandshakeFailure,		EAccessDenied,		1, "access denied"},
    168. 

  168. 	{EDecodeError,			EIllegalParameter,		EDecodeError,			1, "error decoding message"},
    169. 

  169. 	{EDecryptError,			EIllegalParameter,		EDecryptError,			1, "error decrypting message"},
    170. 

  170. 	{EExportRestriction,		EHandshakeFailure,		EExportRestriction,		1, "export restriction violated"},
    171. 

  171. 	{EProtocolVersion,		EIllegalParameter,		EProtocolVersion,		1, "protocol version not supported"},
    172. 

  172. 	{EInsufficientSecurity,	EHandshakeFailure,		EInsufficientSecurity,	1, "stronger security routines required"},
    173. 

  173. 	{EInternalError,			EHandshakeFailure,		EInternalError,			1, "internal error"},
    174. 

  174. 	{EUserCanceled,		ECloseNotify,			EUserCanceled,			0, "handshake canceled by user"},
    175. 

  175. 	{ENoRenegotiation,		EUnexpectedMessage,	ENoRenegotiation,		0, "no renegotiation"},
    176. 

  176. };
    177. 

  177. 

  178. enum
    179. 

  179. {
    180. 

  180. 	/* max. open tls connections */
    181. 

  181. 	MaxTlsDevs	= 1024
    182. 

  182. };
    183. 

  183. 

  184. static	Lock	tdlock;
    185. 

  185. static	int	tdhiwat;
    186. 

  186. static	int	maxtlsdevs = 128;
    187. 

  187. static	TlsRec	**tlsdevs;
    188. 

  188. static	char	**trnames;
    189. 

  189. static	char	*encalgs;
    190. 

  190. static	char	*hashalgs;
    191. 

  191. 

  192. enum{
    193. 

  193. 	Qtopdir		= 1,	/* top level directory */
    194. 

  194. 	Qprotodir,
    195. 

  195. 	Qclonus,
    196. 

  196. 	Qencalgs,
    197. 

  197. 	Qhashalgs,
    198. 

  198. 	Qconvdir,		/* directory for a conversation */
    199. 

  199. 	Qdata,
    200. 

  200. 	Qctl,
    201. 

  201. 	Qhand,
    202. 

  202. 	Qstatus,
    203. 

  203. 	Qstats,
    204. 

  204. };
    205. 

  205. 

  206. #define TYPE(x) 	((x).path & 0xf)
    207. 

  207. #define CONV(x) 	(((x).path >> 5)&(MaxTlsDevs-1))
    208. 

  208. #define QID(c, y) 	(((c)<<5) | (y))
    209. 

  209. 

  210. static void	checkstate(TlsRec *, int, int);
    211. 

  211. static void	ensure(TlsRec*, Block**, int);
    212. 

  212. static void	consume(Block**, uchar*, int);
    213. 

  213. static Chan*	buftochan(char*);
    214. 

  214. static void	tlshangup(TlsRec*);
    215. 

  215. static void	tlsError(TlsRec*, char *);
    216. 

  216. static void	alertHand(TlsRec*, char *);
    217. 

  217. static TlsRec	*newtls(Chan *c);
    218. 

  218. static TlsRec	*mktlsrec(void);
    219. 

  219. static DigestState*sslmac_md5(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s);
    220. 

  220. static DigestState*sslmac_sha1(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s);
    221. 

  221. static DigestState*nomac(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s);
    222. 

  222. static void	sslPackMac(Secret *sec, uchar *mackey, uchar *seq, uchar *header, uchar *body, int len, uchar *mac);
    223. 

  223. static void	tlsPackMac(Secret *sec, uchar *mackey, uchar *seq, uchar *header, uchar *body, int len, uchar *mac);
    224. 

  224. static void	put64(uchar *p, vlong x);
    225. 

  225. static void	put32(uchar *p, u32int);
    226. 

  226. static void	put24(uchar *p, int);
    227. 

  227. static void	put16(uchar *p, int);
    228. 

  228. static u32int	get32(uchar *p);
    229. 

  229. static int	get16(uchar *p);
    230. 

  230. static void	tlsSetState(TlsRec *tr, int new, int old);
    231. 

  231. static void	rcvAlert(TlsRec *tr, int err);
    232. 

  232. static void	sendAlert(TlsRec *tr, int err);
    233. 

  233. static void	rcvError(TlsRec *tr, int err, char *msg, ...);
    234. 

  234. static int	rc4enc(Secret *sec, uchar *buf, int n);
    235. 

  235. static int	des3enc(Secret *sec, uchar *buf, int n);
    236. 

  236. static int	des3dec(Secret *sec, uchar *buf, int n);
    237. 

  237. static int	noenc(Secret *sec, uchar *buf, int n);
    238. 

  238. static int	sslunpad(uchar *buf, int n, int block);
    239. 

  239. static int	tlsunpad(uchar *buf, int n, int block);
    240. 

  240. static void	freeSec(Secret *sec);
    241. 

  241. static char	*tlsstate(int s);
    242. 

  242. static void	pdump(int, void*, char*);
    243. 

  243. 

  244. #pragma	varargck	argpos	rcvError	3
    245. 

  245. 

  246. static char *tlsnames[] = {
    247. 

  247. [Qclonus]		"clone",
    248. 

  248. [Qencalgs]	"encalgs",
    249. 

  249. [Qhashalgs]	"hashalgs",
    250. 

  250. [Qdata]		"data",
    251. 

  251. [Qctl]		"ctl",
    252. 

  252. [Qhand]		"hand",
    253. 

  253. [Qstatus]		"status",
    254. 

  254. [Qstats]		"stats",
    255. 

  255. };
    256. 

  256. 

  257. static int convdir[] = { Qctl, Qdata, Qhand, Qstatus, Qstats };
    258. 

  258. 

  259. static int
    260. 

  260. tlsgen(Chan *c, char*, Dirtab *, int, int s, Dir *dp)
    261. 

  261. {
    262. 

  262. 	Qid q;
    263. 

  263. 	TlsRec *tr;
    264. 

  264. 	char *name, *nm;
    265. 

  265. 	int perm, t;
    266. 

  266. 

  267. 	q.vers = 0;
    268. 

  268. 	q.type = QTFILE;
    269. 

  269. 

  270. 	t = TYPE(c->qid);
    271. 

  271. 	switch(t) {
    272. 

  272. 	case Qtopdir:
    273. 

  273. 		if(s == DEVDOTDOT){
    274. 

  274. 			q.path = QID(0, Qtopdir);
    275. 

  275. 			q.type = QTDIR;
    276. 

  276. 			devdir(c, q, "#a", 0, eve, 0555, dp);
    277. 

  277. 			return 1;
    278. 

  278. 		}
    279. 

  279. 		if(s > 0)
    280. 

  280. 			return -1;
    281. 

  281. 		q.path = QID(0, Qprotodir);
    282. 

  282. 		q.type = QTDIR;
    283. 

  283. 		devdir(c, q, "tls", 0, eve, 0555, dp);
    284. 

  284. 		return 1;
    285. 

  285. 	case Qprotodir:
    286. 

  286. 		if(s == DEVDOTDOT){
    287. 

  287. 			q.path = QID(0, Qtopdir);
    288. 

  288. 			q.type = QTDIR;
    289. 

  289. 			devdir(c, q, ".", 0, eve, 0555, dp);
    290. 

  290. 			return 1;
    291. 

  291. 		}
    292. 

  292. 		if(s < 3){
    293. 

  293. 			switch(s) {
    294. 

  294. 			default:
    295. 

  295. 				return -1;
    296. 

  296. 			case 0:
    297. 

  297. 				q.path = QID(0, Qclonus);
    298. 

  298. 				break;
    299. 

  299. 			case 1:
    300. 

  300. 				q.path = QID(0, Qencalgs);
    301. 

  301. 				break;
    302. 

  302. 			case 2:
    303. 

  303. 				q.path = QID(0, Qhashalgs);
    304. 

  304. 				break;
    305. 

  305. 			}
    306. 

  306. 			perm = 0444;
    307. 

  307. 			if(TYPE(q) == Qclonus)
    308. 

  308. 				perm = 0555;
    309. 

  309. 			devdir(c, q, tlsnames[TYPE(q)], 0, eve, perm, dp);
    310. 

  310. 			return 1;
    311. 

  311. 		}
    312. 

  312. 		s -= 3;
    313. 

  313. 		if(s >= tdhiwat)
    314. 

  314. 			return -1;
    315. 

  315. 		q.path = QID(s, Qconvdir);
    316. 

  316. 		q.type = QTDIR;
    317. 

  317. 		lock(&tdlock);
    318. 

  318. 		tr = tlsdevs[s];
    319. 

  319. 		if(tr != nil)
    320. 

  320. 			nm = tr->user;
    321. 

  321. 		else
    322. 

  322. 			nm = eve;
    323. 

  323. 		if((name = trnames[s]) == nil){
    324. 

  324. 			name = trnames[s] = smalloc(16);
    325. 

  325. 			sprint(name, "%d", s);
    326. 

  326. 		}
    327. 

  327. 		devdir(c, q, name, 0, nm, 0555, dp);
    328. 

  328. 		unlock(&tdlock);
    329. 

  329. 		return 1;
    330. 

  330. 	case Qconvdir:
    331. 

  331. 		if(s == DEVDOTDOT){
    332. 

  332. 			q.path = QID(0, Qprotodir);
    333. 

  333. 			q.type = QTDIR;
    334. 

  334. 			devdir(c, q, "tls", 0, eve, 0555, dp);
    335. 

  335. 			return 1;
    336. 

  336. 		}
    337. 

  337. 		if(s < 0 || s >= nelem(convdir))
    338. 

  338. 			return -1;
    339. 

  339. 		lock(&tdlock);
    340. 

  340. 		tr = tlsdevs[CONV(c->qid)];
    341. 

  341. 		if(tr != nil){
    342. 

  342. 			nm = tr->user;
    343. 

  343. 			perm = tr->perm;
    344. 

  344. 		}else{
    345. 

  345. 			perm = 0;
    346. 

  346. 			nm = eve;
    347. 

  347. 		}
    348. 

  348. 		t = convdir[s];
    349. 

  349. 		if(t == Qstatus || t == Qstats)
    350. 

  350. 			perm &= 0444;
    351. 

  351. 		q.path = QID(CONV(c->qid), t);
    352. 

  352. 		devdir(c, q, tlsnames[t], 0, nm, perm, dp);
    353. 

  353. 		unlock(&tdlock);
    354. 

  354. 		return 1;
    355. 

  355. 	case Qclonus:
    356. 

  356. 	case Qencalgs:
    357. 

  357. 	case Qhashalgs:
    358. 

  358. 		perm = 0444;
    359. 

  359. 		if(t == Qclonus)
    360. 

  360. 			perm = 0555;
    361. 

  361. 		devdir(c, c->qid, tlsnames[t], 0, eve, perm, dp);
    362. 

  362. 		return 1;
    363. 

  363. 	default:
    364. 

  364. 		lock(&tdlock);
    365. 

  365. 		tr = tlsdevs[CONV(c->qid)];
    366. 

  366. 		if(tr != nil){
    367. 

  367. 			nm = tr->user;
    368. 

  368. 			perm = tr->perm;
    369. 

  369. 		}else{
    370. 

  370. 			perm = 0;
    371. 

  371. 			nm = eve;
    372. 

  372. 		}
    373. 

  373. 		if(t == Qstatus || t == Qstats)
    374. 

  374. 			perm &= 0444;
    375. 

  375. 		devdir(c, c->qid, tlsnames[t], 0, nm, perm, dp);
    376. 

  376. 		unlock(&tdlock);
    377. 

  377. 		return 1;
    378. 

  378. 	}
    379. 

  379. 	return -1;
    380. 

  380. }
    381. 

  381. 

  382. static Chan*
    383. 

  383. tlsattach(char *spec)
    384. 

  384. {
    385. 

  385. 	Chan *c;
    386. 

  386. 

  387. 	c = devattach('a', spec);
    388. 

  388. 	c->qid.path = QID(0, Qtopdir);
    389. 

  389. 	c->qid.type = QTDIR;
    390. 

  390. 	c->qid.vers = 0;
    391. 

  391. 	return c;
    392. 

  392. }
    393. 

  393. 

  394. static Walkqid*
    395. 

  395. tlswalk(Chan *c, Chan *nc, char **name, int nname)
    396. 

  396. {
    397. 

  397. 	return devwalk(c, nc, name, nname, nil, 0, tlsgen);
    398. 

  398. }
    399. 

  399. 

  400. static int
    401. 

  401. tlsstat(Chan *c, uchar *db, int n)
    402. 

  402. {
    403. 

  403. 	return devstat(c, db, n, nil, 0, tlsgen);
    404. 

  404. }
    405. 

  405. 

  406. static Chan*
    407. 

  407. tlsopen(Chan *c, int omode)
    408. 

  408. {
    409. 

  409. 	TlsRec *tr, **pp;
    410. 

  410. 	int t, perm;
    411. 

  411. 

  412. 	perm = 0;
    413. 

  413. 	omode &= 3;
    414. 

  414. 	switch(omode) {
    415. 

  415. 	case OREAD:
    416. 

  416. 		perm = 4;
    417. 

  417. 		break;
    418. 

  418. 	case OWRITE:
    419. 

  419. 		perm = 2;
    420. 

  420. 		break;
    421. 

  421. 	case ORDWR:
    422. 

  422. 		perm = 6;
    423. 

  423. 		break;
    424. 

  424. 	}
    425. 

  425. 

  426. 	t = TYPE(c->qid);
    427. 

  427. 	switch(t) {
    428. 

  428. 	default:
    429. 

  429. 		panic("tlsopen");
    430. 

  430. 	case Qtopdir:
    431. 

  431. 	case Qprotodir:
    432. 

  432. 	case Qconvdir:
    433. 

  433. 		if(omode != OREAD)
    434. 

  434. 			error(Eperm);
    435. 

  435. 		break;
    436. 

  436. 	case Qclonus:
    437. 

  437. 		tr = newtls(c);
    438. 

  438. 		if(tr == nil)
    439. 

  439. 			error(Enodev);
    440. 

  440. 		break;
    441. 

  441. 	case Qctl:
    442. 

  442. 	case Qdata:
    443. 

  443. 	case Qhand:
    444. 

  444. 	case Qstatus:
    445. 

  445. 	case Qstats:
    446. 

  446. 		if((t == Qstatus || t == Qstats) && omode != OREAD)
    447. 

  447. 			error(Eperm);
    448. 

  448. 		if(waserror()) {
    449. 

  449. 			unlock(&tdlock);
    450. 

  450. 			nexterror();
    451. 

  451. 		}
    452. 

  452. 		lock(&tdlock);
    453. 

  453. 		pp = &tlsdevs[CONV(c->qid)];
    454. 

  454. 		tr = *pp;
    455. 

  455. 		if(tr == nil)
    456. 

  456. 			error("must open connection using clone");
    457. 

  457. 		if((perm & (tr->perm>>6)) != perm
    458. 

  458. 		&& (strcmp(up->user, tr->user) != 0
    459. 

  459. 		    || (perm & tr->perm) != perm))
    460. 

  460. 			error(Eperm);
    461. 

  461. 		if(t == Qhand){
    462. 

  462. 			if(waserror()){
    463. 

  463. 				unlock(&tr->hqlock);
    464. 

  464. 				nexterror();
    465. 

  465. 			}
    466. 

  466. 			lock(&tr->hqlock);
    467. 

  467. 			if(tr->handq != nil)
    468. 

  468. 				error(Einuse);
    469. 

  469. 			tr->handq = qopen(2 * MaxCipherRecLen, 0, nil, nil);
    470. 

  470. 			if(tr->handq == nil)
    471. 

  471. 				error("cannot allocate handshake queue");
    472. 

  472. 			tr->hqref = 1;
    473. 

  473. 			unlock(&tr->hqlock);
    474. 

  474. 			poperror();
    475. 

  475. 		}
    476. 

  476. 		tr->ref++;
    477. 

  477. 		unlock(&tdlock);
    478. 

  478. 		poperror();
    479. 

  479. 		break;
    480. 

  480. 	case Qencalgs:
    481. 

  481. 	case Qhashalgs:
    482. 

  482. 		if(omode != OREAD)
    483. 

  483. 			error(Eperm);
    484. 

  484. 		break;
    485. 

  485. 	}
    486. 

  486. 	c->mode = openmode(omode);
    487. 

  487. 	c->flag |= COPEN;
    488. 

  488. 	c->offset = 0;
    489. 

  489. 	c->iounit = qiomaxatomic;
    490. 

  490. 	return c;
    491. 

  491. }
    492. 

  492. 

  493. static int
    494. 

  494. tlswstat(Chan *c, uchar *dp, int n)
    495. 

  495. {
    496. 

  496. 	Dir *d;
    497. 

  497. 	TlsRec *tr;
    498. 

  498. 	int rv;
    499. 

  499. 

  500. 	d = nil;
    501. 

  501. 	if(waserror()){
    502. 

  502. 		free(d);
    503. 

  503. 		unlock(&tdlock);
    504. 

  504. 		nexterror();
    505. 

  505. 	}
    506. 

  506. 

  507. 	lock(&tdlock);
    508. 

  508. 	tr = tlsdevs[CONV(c->qid)];
    509. 

  509. 	if(tr == nil)
    510. 

  510. 		error(Ebadusefd);
    511. 

  511. 	if(strcmp(tr->user, up->user) != 0)
    512. 

  512. 		error(Eperm);
    513. 

  513. 

  514. 	d = smalloc(n + sizeof *d);
    515. 

  515. 	rv = convM2D(dp, n, &d[0], (char*) &d[1]);
    516. 

  516. 	if(rv == 0)
    517. 

  517. 		error(Eshortstat);
    518. 

  518. 	if(!emptystr(d->uid))
    519. 

  519. 		kstrdup(&tr->user, d->uid);
    520. 

  520. 	if(d->mode != ~0UL)
    521. 

  521. 		tr->perm = d->mode;
    522. 

  522. 

  523. 	free(d);
    524. 

  524. 	poperror();
    525. 

  525. 	unlock(&tdlock);
    526. 

  526. 

  527. 	return rv;
    528. 

  528. }
    529. 

  529. 

  530. static void
    531. 

  531. dechandq(TlsRec *tr)
    532. 

  532. {
    533. 

  533. 	lock(&tr->hqlock);
    534. 

  534. 	if(--tr->hqref == 0){
    535. 

  535. 		if(tr->handq != nil){
    536. 

  536. 			qfree(tr->handq);
    537. 

  537. 			tr->handq = nil;
    538. 

  538. 		}
    539. 

  539. 		if(tr->hprocessed != nil){
    540. 

  540. 			freeb(tr->hprocessed);
    541. 

  541. 			tr->hprocessed = nil;
    542. 

  542. 		}
    543. 

  543. 	}
    544. 

  544. 	unlock(&tr->hqlock);
    545. 

  545. }
    546. 

  546. 

  547. static void
    548. 

  548. tlsclose(Chan *c)
    549. 

  549. {
    550. 

  550. 	TlsRec *tr;
    551. 

  551. 	int t;
    552. 

  552. 

  553. 	t = TYPE(c->qid);
    554. 

  554. 	switch(t) {
    555. 

  555. 	case Qctl:
    556. 

  556. 	case Qdata:
    557. 

  557. 	case Qhand:
    558. 

  558. 	case Qstatus:
    559. 

  559. 	case Qstats:
    560. 

  560. 		if((c->flag & COPEN) == 0)
    561. 

  561. 			break;
    562. 

  562. 

  563. 		tr = tlsdevs[CONV(c->qid)];
    564. 

  564. 		if(tr == nil)
    565. 

  565. 			break;
    566. 

  566. 

  567. 		if(t == Qhand)
    568. 

  568. 			dechandq(tr);
    569. 

  569. 

  570. 		lock(&tdlock);
    571. 

  571. 		if(--tr->ref > 0) {
    572. 

  572. 			unlock(&tdlock);
    573. 

  573. 			return;
    574. 

  574. 		}
    575. 

  575. 		tlsdevs[CONV(c->qid)] = nil;
    576. 

  576. 		unlock(&tdlock);
    577. 

  577. 

  578. 		if(tr->c != nil && !waserror()){
    579. 

  579. 			checkstate(tr, 0, SOpen|SHandshake|SRClose);
    580. 

  580. 			sendAlert(tr, ECloseNotify);
    581. 

  581. 			poperror();
    582. 

  582. 		}
    583. 

  583. 		tlshangup(tr);
    584. 

  584. 		if(tr->c != nil)
    585. 

  585. 			cclose(tr->c);
    586. 

  586. 		freeSec(tr->in.sec);
    587. 

  587. 		freeSec(tr->in.new);
    588. 

  588. 		freeSec(tr->out.sec);
    589. 

  589. 		freeSec(tr->out.new);
    590. 

  590. 		free(tr->user);
    591. 

  591. 		free(tr);
    592. 

  592. 		break;
    593. 

  593. 	}
    594. 

  594. }
    595. 

  595. 

  596. /*
    597. 

  597.  *  make sure we have at least 'n' bytes in list 'l'
    598. 

  598.  */
    599. 

  599. static void
    600. 

  600. ensure(TlsRec *s, Block **l, int n)
    601. 

  601. {
    602. 

  602. 	int sofar, i;
    603. 

  603. 	Block *b, *bl;
    604. 

  604. 

  605. 	sofar = 0;
    606. 

  606. 	for(b = *l; b; b = b->next){
    607. 

  607. 		sofar += BLEN(b);
    608. 

  608. 		if(sofar >= n)
    609. 

  609. 			return;
    610. 

  610. 		l = &b->next;
    611. 

  611. 	}
    612. 

  612. 

  613. 	while(sofar < n){
    614. 

  614. 		bl = devtab[s->c->type]->bread(s->c, MaxCipherRecLen + RecHdrLen, 0);
    615. 

  615. 		if(bl == 0)
    616. 

  616. 			error(Ehungup);
    617. 

  617. 		*l = bl;
    618. 

  618. 		i = 0;
    619. 

  619. 		for(b = bl; b; b = b->next){
    620. 

  620. 			i += BLEN(b);
    621. 

  621. 			l = &b->next;
    622. 

  622. 		}
    623. 

  623. 		if(i == 0)
    624. 

  624. 			error(Ehungup);
    625. 

  625. 		sofar += i;
    626. 

  626. 	}
    627. 

  627. if(s->debug) pprint("ensure read %d\n", sofar);
    628. 

  628. }
    629. 

  629. 

  630. /*
    631. 

  631.  *  copy 'n' bytes from 'l' into 'p' and free
    632. 

  632.  *  the bytes in 'l'
    633. 

  633.  */
    634. 

  634. static void
    635. 

  635. consume(Block **l, uchar *p, int n)
    636. 

  636. {
    637. 

  637. 	Block *b;
    638. 

  638. 	int i;
    639. 

  639. 

  640. 	for(; *l && n > 0; n -= i){
    641. 

  641. 		b = *l;
    642. 

  642. 		i = BLEN(b);
    643. 

  643. 		if(i > n)
    644. 

  644. 			i = n;
    645. 

  645. 		memmove(p, b->rp, i);
    646. 

  646. 		b->rp += i;
    647. 

  647. 		p += i;
    648. 

  648. 		if(BLEN(b) < 0)
    649. 

  649. 			panic("consume");
    650. 

  650. 		if(BLEN(b))
    651. 

  651. 			break;
    652. 

  652. 		*l = b->next;
    653. 

  653. 		freeb(b);
    654. 

  654. 	}
    655. 

  655. }
    656. 

  656. 

  657. /*
    658. 

  658.  *  give back n bytes
    659. 

  659.  */
    660. 

  660. static void
    661. 

  661. regurgitate(TlsRec *s, uchar *p, int n)
    662. 

  662. {
    663. 

  663. 	Block *b;
    664. 

  664. 

  665. 	if(n <= 0)
    666. 

  666. 		return;
    667. 

  667. 	b = s->unprocessed;
    668. 

  668. 	if(s->unprocessed == nil || b->rp - b->base < n) {
    669. 

  669. 		b = allocb(n);
    670. 

  670. 		memmove(b->wp, p, n);
    671. 

  671. 		b->wp += n;
    672. 

  672. 		b->next = s->unprocessed;
    673. 

  673. 		s->unprocessed = b;
    674. 

  674. 	} else {
    675. 

  675. 		b->rp -= n;
    676. 

  676. 		memmove(b->rp, p, n);
    677. 

  677. 	}
    678. 

  678. }
    679. 

  679. 

  680. /*
    681. 

  681.  *  remove at most n bytes from the queue
    682. 

  682.  */
    683. 

  683. static Block*
    684. 

  684. qgrab(Block **l, int n)
    685. 

  685. {
    686. 

  686. 	Block *bb, *b;
    687. 

  687. 	int i;
    688. 

  688. 

  689. 	b = *l;
    690. 

  690. 	if(BLEN(b) == n){
    691. 

  691. 		*l = b->next;
    692. 

  692. 		b->next = nil;
    693. 

  693. 		return b;
    694. 

  694. 	}
    695. 

  695. 

  696. 	i = 0;
    697. 

  697. 	for(bb = b; bb != nil && i < n; bb = bb->next)
    698. 

  698. 		i += BLEN(bb);
    699. 

  699. 	if(i > n)
    700. 

  700. 		i = n;
    701. 

  701. 

  702. 	bb = allocb(i);
    703. 

  703. 	consume(l, bb->wp, i);
    704. 

  704. 	bb->wp += i;
    705. 

  705. 	return bb;
    706. 

  706. }
    707. 

  707. 

  708. static void
    709. 

  709. tlsclosed(TlsRec *tr, int new)
    710. 

  710. {
    711. 

  711. 	lock(&tr->statelk);
    712. 

  712. 	if(tr->state == SOpen || tr->state == SHandshake)
    713. 

  713. 		tr->state = new;
    714. 

  714. 	else if((new | tr->state) == (SRClose|SLClose))
    715. 

  715. 		tr->state = SClosed;
    716. 

  716. 	unlock(&tr->statelk);
    717. 

  717. 	alertHand(tr, "close notify");
    718. 

  718. }
    719. 

  719. 

  720. /*
    721. 

  721.  *  read and process one tls record layer message
    722. 

  722.  *  must be called with tr->in.io held
    723. 

  723.  *  We can't let Eintrs lose data, since doing so will get
    724. 

  724.  *  us out of sync with the sender and break the reliablity
    725. 

  725.  *  of the channel.  Eintr only happens during the reads in
    726. 

  726.  *  consume.  Therefore we put back any bytes consumed before
    727. 

  727.  *  the last call to ensure.
    728. 

  728.  */
    729. 

  729. static void
    730. 

  730. tlsrecread(TlsRec *tr)
    731. 

  731. {
    732. 

  732. 	OneWay *volatile in;
    733. 

  733. 	Block *volatile b;
    734. 

  734. 	uchar *p, seq[8], header[RecHdrLen], hmac[MD5dlen];
    735. 

  735. 	int volatile nconsumed;
    736. 

  736. 	int len, type, ver, unpad_len;
    737. 

  737. 

  738. 	nconsumed = 0;
    739. 

  739. 	if(waserror()){
    740. 

  740. 		if(strcmp(up->errstr, Eintr) == 0 && !waserror()){
    741. 

  741. 			regurgitate(tr, header, nconsumed);
    742. 

  742. 			poperror();
    743. 

  743. 		}else
    744. 

  744. 			tlsError(tr, "channel error");
    745. 

  745. 		nexterror();
    746. 

  746. 	}
    747. 

  747. 	ensure(tr, &tr->unprocessed, RecHdrLen);
    748. 

  748. 	consume(&tr->unprocessed, header, RecHdrLen);
    749. 

  749. if(tr->debug)pprint("consumed %d header\n", RecHdrLen);
    750. 

  750. 	nconsumed = RecHdrLen;
    751. 

  751. 

  752. 	if((tr->handin == 0) && (header[0] & 0x80)){
    753. 

  753. 		/* Cope with an SSL3 ClientHello expressed in SSL2 record format.
    754. 

  754. 			This is sent by some clients that we must interoperate
    755. 

  755. 			with, such as Java's JSSE and Microsoft's Internet Explorer. */
    756. 

  756. 		len = (get16(header) & ~0x8000) - 3;
    757. 

  757. 		type = header[2];
    758. 

  758. 		ver = get16(header + 3);
    759. 

  759. 		if(type != SSL2ClientHello || len < 22)
    760. 

  760. 			rcvError(tr, EProtocolVersion, "invalid initial SSL2-like message");
    761. 

  761. 	}else{  /* normal SSL3 record format */
    762. 

  762. 		type = header[0];
    763. 

  763. 		ver = get16(header+1);
    764. 

  764. 		len = get16(header+3);
    765. 

  765. 	}
    766. 

  766. 	if(ver != tr->version && (tr->verset || ver < MinProtoVersion || ver > MaxProtoVersion))
    767. 

  767. 		rcvError(tr, EProtocolVersion, "devtls expected ver=%x%s, saw (len=%d) type=%x ver=%x '%.12s'",
    768. 

  768. 			tr->version, tr->verset?"/set":"", len, type, ver, (char*)header);
    769. 

  769. 	if(len > MaxCipherRecLen || len < 0)
    770. 

  770. 		rcvError(tr, ERecordOverflow, "record message too long %d", len);
    771. 

  771. 	ensure(tr, &tr->unprocessed, len);
    772. 

  772. 	nconsumed = 0;
    773. 

  773. 	poperror();
    774. 

  774. 

  775. 	/*
    776. 

  776. 	 * If an Eintr happens after this, we'll get out of sync.
    777. 

  777. 	 * Make sure nothing we call can sleep.
    778. 

  778. 	 * Errors are ok, as they kill the connection.
    779. 

  779. 	 * Luckily, allocb won't sleep, it'll just error out.
    780. 

  780. 	 */
    781. 

  781. 	b = nil;
    782. 

  782. 	if(waserror()){
    783. 

  783. 		if(b != nil)
    784. 

  784. 			freeb(b);
    785. 

  785. 		tlsError(tr, "channel error");
    786. 

  786. 		nexterror();
    787. 

  787. 	}
    788. 

  788. 	b = qgrab(&tr->unprocessed, len);
    789. 

  789. if(tr->debug) pprint("consumed unprocessed %d\n", len);
    790. 

  790. 

  791. 	in = &tr->in;
    792. 

  792. 	if(waserror()){
    793. 

  793. 		qunlock(&in->seclock);
    794. 

  794. 		nexterror();
    795. 

  795. 	}
    796. 

  796. 	qlock(&in->seclock);
    797. 

  797. 	p = b->rp;
    798. 

  798. 	if(in->sec != nil) {
    799. 

  799. 		/* to avoid Canvel-Hiltgen-Vaudenay-Vuagnoux attack, all errors here
    800. 

  800. 		        should look alike, including timing of the response. */
    801. 

  801. 		unpad_len = (*in->sec->dec)(in->sec, p, len);
    802. 

  802. 		if(unpad_len >= in->sec->maclen)
    803. 

  803. 			len = unpad_len - in->sec->maclen;
    804. 

  804. if(tr->debug) pprint("decrypted %d\n", unpad_len);
    805. 

  805. if(tr->debug) pdump(unpad_len, p, "decrypted:");
    806. 

  806. 

  807. 		/* update length */
    808. 

  808. 		put16(header+3, len);
    809. 

  809. 		put64(seq, in->seq);
    810. 

  810. 		in->seq++;
    811. 

  811. 		(*tr->packMac)(in->sec, in->sec->mackey, seq, header, p, len, hmac);
    812. 

  812. 		if(unpad_len < in->sec->maclen)
    813. 

  813. 			rcvError(tr, EBadRecordMac, "short record mac");
    814. 

  814. 		if(memcmp(hmac, p+len, in->sec->maclen) != 0)
    815. 

  815. 			rcvError(tr, EBadRecordMac, "record mac mismatch");
    816. 

  816. 		b->wp = b->rp + len;
    817. 

  817. 	}
    818. 

  818. 	qunlock(&in->seclock);
    819. 

  819. 	poperror();
    820. 

  820. 	if(len < 0)
    821. 

  821. 		rcvError(tr, EDecodeError, "runt record message");
    822. 

  822. 

  823. 	switch(type) {
    824. 

  824. 	default:
    825. 

  825. 		rcvError(tr, EIllegalParameter, "invalid record message 0x%x", type);
    826. 

  826. 		break;
    827. 

  827. 	case RChangeCipherSpec:
    828. 

  828. 		if(len != 1 || p[0] != 1)
    829. 

  829. 			rcvError(tr, EDecodeError, "invalid change cipher spec");
    830. 

  830. 		qlock(&in->seclock);
    831. 

  831. 		if(in->new == nil){
    832. 

  832. 			qunlock(&in->seclock);
    833. 

  833. 			rcvError(tr, EUnexpectedMessage, "unexpected change cipher spec");
    834. 

  834. 		}
    835. 

  835. 		freeSec(in->sec);
    836. 

  836. 		in->sec = in->new;
    837. 

  837. 		in->new = nil;
    838. 

  838. 		in->seq = 0;
    839. 

  839. 		qunlock(&in->seclock);
    840. 

  840. 		break;
    841. 

  841. 	case RAlert:
    842. 

  842. 		if(len != 2)
    843. 

  843. 			rcvError(tr, EDecodeError, "invalid alert");
    844. 

  844. 		if(p[0] == 2)
    845. 

  845. 			rcvAlert(tr, p[1]);
    846. 

  846. 		if(p[0] != 1)
    847. 

  847. 			rcvError(tr, EIllegalParameter, "invalid alert fatal code");
    848. 

  848. 

  849. 		/*
    850. 

  850. 		 * propate non-fatal alerts to handshaker
    851. 

  851. 		 */
    852. 

  852. 		if(p[1] == ECloseNotify) {
    853. 

  853. 			tlsclosed(tr, SRClose);
    854. 

  854. 			if(tr->opened)
    855. 

  855. 				error("tls hungup");
    856. 

  856. 			error("close notify");
    857. 

  857. 		}
    858. 

  858. 		if(p[1] == ENoRenegotiation)
    859. 

  859. 			alertHand(tr, "no renegotiation");
    860. 

  860. 		else if(p[1] == EUserCanceled)
    861. 

  861. 			alertHand(tr, "handshake canceled by user");
    862. 

  862. 		else
    863. 

  863. 			rcvError(tr, EIllegalParameter, "invalid alert code");
    864. 

  864. 		break;
    865. 

  865. 	case RHandshake:
    866. 

  866. 		/*
    867. 

  867. 		 * don't worry about dropping the block
    868. 

  868. 		 * qbwrite always queues even if flow controlled and interrupted.
    869. 

  869. 		 *
    870. 

  870. 		 * if there isn't any handshaker, ignore the request,
    871. 

  871. 		 * but notify the other side we are doing so.
    872. 

  872. 		 */
    873. 

  873. 		lock(&tr->hqlock);
    874. 

  874. 		if(tr->handq != nil){
    875. 

  875. 			tr->hqref++;
    876. 

  876. 			unlock(&tr->hqlock);
    877. 

  877. 			if(waserror()){
    878. 

  878. 				dechandq(tr);
    879. 

  879. 				nexterror();
    880. 

  880. 			}
    881. 

  881. 			b = padblock(b, 1);
    882. 

  882. 			*b->rp = RHandshake;
    883. 

  883. 			qbwrite(tr->handq, b);
    884. 

  884. 			b = nil;
    885. 

  885. 			poperror();
    886. 

  886. 			dechandq(tr);
    887. 

  887. 		}else{
    888. 

  888. 			unlock(&tr->hqlock);
    889. 

  889. 			if(tr->verset && tr->version != SSL3Version && !waserror()){
    890. 

  890. 				sendAlert(tr, ENoRenegotiation);
    891. 

  891. 				poperror();
    892. 

  892. 			}
    893. 

  893. 		}
    894. 

  894. 		break;
    895. 

  895. 	case SSL2ClientHello:
    896. 

  896. 		lock(&tr->hqlock);
    897. 

  897. 		if(tr->handq != nil){
    898. 

  898. 			tr->hqref++;
    899. 

  899. 			unlock(&tr->hqlock);
    900. 

  900. 			if(waserror()){
    901. 

  901. 				dechandq(tr);
    902. 

  902. 				nexterror();
    903. 

  903. 			}
    904. 

  904. 			/* Pass the SSL2 format data, so that the handshake code can compute
    905. 

  905. 				the correct checksums.  HSSL2ClientHello = HandshakeType 9 is
    906. 

  906. 				unused in RFC2246. */
    907. 

  907. 			b = padblock(b, 8);
    908. 

  908. 			b->rp[0] = RHandshake;
    909. 

  909. 			b->rp[1] = HSSL2ClientHello;
    910. 

  910. 			put24(&b->rp[2], len+3);
    911. 

  911. 			b->rp[5] = SSL2ClientHello;
    912. 

  912. 			put16(&b->rp[6], ver);
    913. 

  913. 			qbwrite(tr->handq, b);
    914. 

  914. 			b = nil;
    915. 

  915. 			poperror();
    916. 

  916. 			dechandq(tr);
    917. 

  917. 		}else{
    918. 

  918. 			unlock(&tr->hqlock);
    919. 

  919. 			if(tr->verset && tr->version != SSL3Version && !waserror()){
    920. 

  920. 				sendAlert(tr, ENoRenegotiation);
    921. 

  921. 				poperror();
    922. 

  922. 			}
    923. 

  923. 		}
    924. 

  924. 		break;
    925. 

  925. 	case RApplication:
    926. 

  926. 		if(!tr->opened)
    927. 

  927. 			rcvError(tr, EUnexpectedMessage, "application message received before handshake completed");
    928. 

  928. 		if(BLEN(b) > 0){
    929. 

  929. 			tr->processed = b;
    930. 

  930. 			b = nil;
    931. 

  931. 		}
    932. 

  932. 		break;
    933. 

  933. 	}
    934. 

  934. 	if(b != nil)
    935. 

  935. 		freeb(b);
    936. 

  936. 	poperror();
    937. 

  937. }
    938. 

  938. 

  939. /*
    940. 

  940.  * got a fatal alert message
    941. 

  941.  */
    942. 

  942. static void
    943. 

  943. rcvAlert(TlsRec *tr, int err)
    944. 

  944. {
    945. 

  945. 	char *s;
    946. 

  946. 	int i;
    947. 

  947. 

  948. 	s = "unknown error";
    949. 

  949. 	for(i=0; i < nelem(tlserrs); i++){
    950. 

  950. 		if(tlserrs[i].err == err){
    951. 

  951. 			s = tlserrs[i].msg;
    952. 

  952. 			break;
    953. 

  953. 		}
    954. 

  954. 	}
    955. 

  955. if(tr->debug) pprint("rcvAlert: %s\n", s);
    956. 

  956. 

  957. 	tlsError(tr, s);
    958. 

  958. 	if(!tr->opened)
    959. 

  959. 		error(s);
    960. 

  960. 	error("tls error");
    961. 

  961. }
    962. 

  962. 

  963. /*
    964. 

  964.  * found an error while decoding the input stream
    965. 

  965.  */
    966. 

  966. static void
    967. 

  967. rcvError(TlsRec *tr, int err, char *fmt, ...)
    968. 

  968. {
    969. 

  969. 	char msg[ERRMAX];
    970. 

  970. 	va_list arg;
    971. 

  971. 

  972. 	va_start(arg, fmt);
    973. 

  973. 	vseprint(msg, msg+sizeof(msg), fmt, arg);
    974. 

  974. 	va_end(arg);
    975. 

  975. if(tr->debug) pprint("rcvError: %s\n", msg);
    976. 

  976. 

  977. 	sendAlert(tr, err);
    978. 

  978. 

  979. 	if(!tr->opened)
    980. 

  980. 		error(msg);
    981. 

  981. 	error("tls error");
    982. 

  982. }
    983. 

  983. 

  984. /*
    985. 

  985.  * make sure the next hand operation returns with a 'msg' error
    986. 

  986.  */
    987. 

  987. static void
    988. 

  988. alertHand(TlsRec *tr, char *msg)
    989. 

  989. {
    990. 

  990. 	Block *b;
    991. 

  991. 	int n;
    992. 

  992. 

  993. 	lock(&tr->hqlock);
    994. 

  994. 	if(tr->handq == nil){
    995. 

  995. 		unlock(&tr->hqlock);
    996. 

  996. 		return;
    997. 

  997. 	}
    998. 

  998. 	tr->hqref++;
    999. 

  999. 	unlock(&tr->hqlock);
    1000. 

  1000. 

  1001. 	n = strlen(msg);
    1002. 

  1002. 	if(waserror()){
    1003. 

  1003. 		dechandq(tr);
    1004. 

  1004. 		nexterror();
    1005. 

  1005. 	}
    1006. 

  1006. 	b = allocb(n + 2);
    1007. 

  1007. 	*b->wp++ = RAlert;
    1008. 

  1008. 	memmove(b->wp, msg, n + 1);
    1009. 

  1009. 	b->wp += n + 1;
    1010. 

  1010. 

  1011. 	qbwrite(tr->handq, b);
    1012. 

  1012. 

  1013. 	poperror();
    1014. 

  1014. 	dechandq(tr);
    1015. 

  1015. }
    1016. 

  1016. 

  1017. static void
    1018. 

  1018. checkstate(TlsRec *tr, int ishand, int ok)
    1019. 

  1019. {
    1020. 

  1020. 	int state;
    1021. 

  1021. 

  1022. 	lock(&tr->statelk);
    1023. 

  1023. 	state = tr->state;
    1024. 

  1024. 	unlock(&tr->statelk);
    1025. 

  1025. 	if(state & ok)
    1026. 

  1026. 		return;
    1027. 

  1027. 	switch(state){
    1028. 

  1028. 	case SHandshake:
    1029. 

  1029. 	case SOpen:
    1030. 

  1030. 		break;
    1031. 

  1031. 	case SError:
    1032. 

  1032. 	case SAlert:
    1033. 

  1033. 		if(ishand)
    1034. 

  1034. 			error(tr->err);
    1035. 

  1035. 		error("tls error");
    1036. 

  1036. 	case SRClose:
    1037. 

  1037. 	case SLClose:
    1038. 

  1038. 	case SClosed:
    1039. 

  1039. 		error("tls hungup");
    1040. 

  1040. 	}
    1041. 

  1041. 	error("tls improperly configured");
    1042. 

  1042. }
    1043. 

  1043. 

  1044. static Block*
    1045. 

  1045. tlsbread(Chan *c, long n, ulong offset)
    1046. 

  1046. {
    1047. 

  1047. 	int ty;
    1048. 

  1048. 	Block *b;
    1049. 

  1049. 	TlsRec *volatile tr;
    1050. 

  1050. 

  1051. 	ty = TYPE(c->qid);
    1052. 

  1052. 	switch(ty) {
    1053. 

  1053. 	default:
    1054. 

  1054. 		return devbread(c, n, offset);
    1055. 

  1055. 	case Qhand:
    1056. 

  1056. 	case Qdata:
    1057. 

  1057. 		break;
    1058. 

  1058. 	}
    1059. 

  1059. 

  1060. 	tr = tlsdevs[CONV(c->qid)];
    1061. 

  1061. 	if(tr == nil)
    1062. 

  1062. 		panic("tlsbread");
    1063. 

  1063. 

  1064. 	if(waserror()){
    1065. 

  1065. 		qunlock(&tr->in.io);
    1066. 

  1066. 		nexterror();
    1067. 

  1067. 	}
    1068. 

  1068. 	qlock(&tr->in.io);
    1069. 

  1069. 	if(ty == Qdata){
    1070. 

  1070. 		checkstate(tr, 0, SOpen);
    1071. 

  1071. 		while(tr->processed == nil)
    1072. 

  1072. 			tlsrecread(tr);
    1073. 

  1073. 

  1074. 		/* return at most what was asked for */
    1075. 

  1075. 		b = qgrab(&tr->processed, n);
    1076. 

  1076. if(tr->debug) pprint("consumed processed %d\n", BLEN(b));
    1077. 

  1077. if(tr->debug) pdump(BLEN(b), b->rp, "consumed:");
    1078. 

  1078. 		qunlock(&tr->in.io);
    1079. 

  1079. 		poperror();
    1080. 

  1080. 		tr->datain += BLEN(b);
    1081. 

  1081. 	}else{
    1082. 

  1082. 		checkstate(tr, 1, SOpen|SHandshake|SLClose);
    1083. 

  1083. 

  1084. 		/*
    1085. 

  1085. 		 * it's ok to look at state without the lock
    1086. 

  1086. 		 * since it only protects reading records,
    1087. 

  1087. 		 * and we have that tr->in.io held.
    1088. 

  1088. 		 */
    1089. 

  1089. 		while(!tr->opened && tr->hprocessed == nil && !qcanread(tr->handq))
    1090. 

  1090. 			tlsrecread(tr);
    1091. 

  1091. 

  1092. 		qunlock(&tr->in.io);
    1093. 

  1093. 		poperror();
    1094. 

  1094. 

  1095. 		if(waserror()){
    1096. 

  1096. 			qunlock(&tr->hqread);
    1097. 

  1097. 			nexterror();
    1098. 

  1098. 		}
    1099. 

  1099. 		qlock(&tr->hqread);
    1100. 

  1100. 		if(tr->hprocessed == nil){
    1101. 

  1101. 			b = qbread(tr->handq, MaxRecLen + 1);
    1102. 

  1102. 			if(*b->rp++ == RAlert){
    1103. 

  1103. 				kstrcpy(up->errstr, (char*)b->rp, ERRMAX);
    1104. 

  1104. 				freeb(b);
    1105. 

  1105. 				nexterror();
    1106. 

  1106. 			}
    1107. 

  1107. 			tr->hprocessed = b;
    1108. 

  1108. 		}
    1109. 

  1109. 		b = qgrab(&tr->hprocessed, n);
    1110. 

  1110. 		poperror();
    1111. 

  1111. 		qunlock(&tr->hqread);
    1112. 

  1112. 		tr->handin += BLEN(b);
    1113. 

  1113. 	}
    1114. 

  1114. 

  1115. 	return b;
    1116. 

  1116. }
    1117. 

  1117. 

  1118. static long
    1119. 

  1119. tlsread(Chan *c, void *a, long n, vlong off)
    1120. 

  1120. {
    1121. 

  1121. 	Block *volatile b;
    1122. 

  1122. 	Block *nb;
    1123. 

  1123. 	uchar *va;
    1124. 

  1124. 	int i, ty;
    1125. 

  1125. 	char *buf, *s, *e;
    1126. 

  1126. 	ulong offset = off;
    1127. 

  1127. 	TlsRec * tr;
    1128. 

  1128. 

  1129. 	if(c->qid.type & QTDIR)
    1130. 

  1130. 		return devdirread(c, a, n, 0, 0, tlsgen);
    1131. 

  1131. 

  1132. 	tr = tlsdevs[CONV(c->qid)];
    1133. 

  1133. 	ty = TYPE(c->qid);
    1134. 

  1134. 	switch(ty) {
    1135. 

  1135. 	default:
    1136. 

  1136. 		error(Ebadusefd);
    1137. 

  1137. 	case Qstatus:
    1138. 

  1138. 		buf = smalloc(Statlen);
    1139. 

  1139. 		qlock(&tr->in.seclock);
    1140. 

  1140. 		qlock(&tr->out.seclock);
    1141. 

  1141. 		s = buf;
    1142. 

  1142. 		e = buf + Statlen;
    1143. 

  1143. 		s = seprint(s, e, "State: %s\n", tlsstate(tr->state));
    1144. 

  1144. 		s = seprint(s, e, "Version: 0x%x\n", tr->version);
    1145. 

  1145. 		if(tr->in.sec != nil)
    1146. 

  1146. 			s = seprint(s, e, "EncIn: %s\nHashIn: %s\n", tr->in.sec->encalg, tr->in.sec->hashalg);
    1147. 

  1147. 		if(tr->in.new != nil)
    1148. 

  1148. 			s = seprint(s, e, "NewEncIn: %s\nNewHashIn: %s\n", tr->in.new->encalg, tr->in.new->hashalg);
    1149. 

  1149. 		if(tr->out.sec != nil)
    1150. 

  1150. 			s = seprint(s, e, "EncOut: %s\nHashOut: %s\n", tr->out.sec->encalg, tr->out.sec->hashalg);
    1151. 

  1151. 		if(tr->out.new != nil)
    1152. 

  1152. 			seprint(s, e, "NewEncOut: %s\nNewHashOut: %s\n", tr->out.new->encalg, tr->out.new->hashalg);
    1153. 

  1153. 		qunlock(&tr->in.seclock);
    1154. 

  1154. 		qunlock(&tr->out.seclock);
    1155. 

  1155. 		n = readstr(offset, a, n, buf);
    1156. 

  1156. 		free(buf);
    1157. 

  1157. 		return n;
    1158. 

  1158. 	case Qstats:
    1159. 

  1159. 		buf = smalloc(Statlen);
    1160. 

  1160. 		s = buf;
    1161. 

  1161. 		e = buf + Statlen;
    1162. 

  1162. 		s = seprint(s, e, "DataIn: %lld\n", tr->datain);
    1163. 

  1163. 		s = seprint(s, e, "DataOut: %lld\n", tr->dataout);
    1164. 

  1164. 		s = seprint(s, e, "HandIn: %lld\n", tr->handin);
    1165. 

  1165. 		seprint(s, e, "HandOut: %lld\n", tr->handout);
    1166. 

  1166. 		n = readstr(offset, a, n, buf);
    1167. 

  1167. 		free(buf);
    1168. 

  1168. 		return n;
    1169. 

  1169. 	case Qctl:
    1170. 

  1170. 		buf = smalloc(Statlen);
    1171. 

  1171. 		snprint(buf, Statlen, "%llud", CONV(c->qid));
    1172. 

  1172. 		n = readstr(offset, a, n, buf);
    1173. 

  1173. 		free(buf);
    1174. 

  1174. 		return n;
    1175. 

  1175. 	case Qdata:
    1176. 

  1176. 	case Qhand:
    1177. 

  1177. 		b = tlsbread(c, n, offset);
    1178. 

  1178. 		break;
    1179. 

  1179. 	case Qencalgs:
    1180. 

  1180. 		return readstr(offset, a, n, encalgs);
    1181. 

  1181. 	case Qhashalgs:
    1182. 

  1182. 		return readstr(offset, a, n, hashalgs);
    1183. 

  1183. 	}
    1184. 

  1184. 

  1185. 	if(waserror()){
    1186. 

  1186. 		freeblist(b);
    1187. 

  1187. 		nexterror();
    1188. 

  1188. 	}
    1189. 

  1189. 

  1190. 	n = 0;
    1191. 

  1191. 	va = a;
    1192. 

  1192. 	for(nb = b; nb; nb = nb->next){
    1193. 

  1193. 		i = BLEN(nb);
    1194. 

  1194. 		memmove(va+n, nb->rp, i);
    1195. 

  1195. 		n += i;
    1196. 

  1196. 	}
    1197. 

  1197. 

  1198. 	freeblist(b);
    1199. 

  1199. 	poperror();
    1200. 

  1200. 

  1201. 	return n;
    1202. 

  1202. }
    1203. 

  1203. 

  1204. /*
    1205. 

  1205.  *  write a block in tls records
    1206. 

  1206.  */
    1207. 

  1207. static void
    1208. 

  1208. tlsrecwrite(TlsRec *tr, int type, Block *b)
    1209. 

  1209. {
    1210. 

  1210. 	Block *volatile bb;
    1211. 

  1211. 	Block *nb;
    1212. 

  1212. 	uchar *p, seq[8];
    1213. 

  1213. 	OneWay *volatile out;
    1214. 

  1214. 	int n, maclen, pad, ok;
    1215. 

  1215. 

  1216. 	out = &tr->out;
    1217. 

  1217. 	bb = b;
    1218. 

  1218. 	if(waserror()){
    1219. 

  1219. 		qunlock(&out->io);
    1220. 

  1220. 		if(bb != nil)
    1221. 

  1221. 			freeb(bb);
    1222. 

  1222. 		nexterror();
    1223. 

  1223. 	}
    1224. 

  1224. 	qlock(&out->io);
    1225. 

  1225. if(tr->debug)pprint("send %d\n", BLEN(b));
    1226. 

  1226. if(tr->debug)pdump(BLEN(b), b->rp, "sent:");
    1227. 

  1227. 

  1228. 

  1229. 	ok = SHandshake|SOpen|SRClose;
    1230. 

  1230. 	if(type == RAlert)
    1231. 

  1231. 		ok |= SAlert;
    1232. 

  1232. 	while(bb != nil){
    1233. 

  1233. 		checkstate(tr, type != RApplication, ok);
    1234. 

  1234. 

  1235. 		/*
    1236. 

  1236. 		 * get at most one maximal record's input,
    1237. 

  1237. 		 * with padding on the front for header and
    1238. 

  1238. 		 * back for mac and maximal block padding.
    1239. 

  1239. 		 */
    1240. 

  1240. 		if(waserror()){
    1241. 

  1241. 			qunlock(&out->seclock);
    1242. 

  1242. 			nexterror();
    1243. 

  1243. 		}
    1244. 

  1244. 		qlock(&out->seclock);
    1245. 

  1245. 		maclen = 0;
    1246. 

  1246. 		pad = 0;
    1247. 

  1247. 		if(out->sec != nil){
    1248. 

  1248. 			maclen = out->sec->maclen;
    1249. 

  1249. 			pad = maclen + out->sec->block;
    1250. 

  1250. 		}
    1251. 

  1251. 		n = BLEN(bb);
    1252. 

  1252. 		if(n > MaxRecLen){
    1253. 

  1253. 			n = MaxRecLen;
    1254. 

  1254. 			nb = allocb(n + pad + RecHdrLen);
    1255. 

  1255. 			memmove(nb->wp + RecHdrLen, bb->rp, n);
    1256. 

  1256. 			bb->rp += n;
    1257. 

  1257. 		}else{
    1258. 

  1258. 			/*
    1259. 

  1259. 			 * carefully reuse bb so it will get freed if we're out of memory
    1260. 

  1260. 			 */
    1261. 

  1261. 			bb = padblock(bb, RecHdrLen);
    1262. 

  1262. 			if(pad)
    1263. 

  1263. 				nb = padblock(bb, -pad);
    1264. 

  1264. 			else
    1265. 

  1265. 				nb = bb;
    1266. 

  1266. 			bb = nil;
    1267. 

  1267. 		}
    1268. 

  1268. 

  1269. 		p = nb->rp;
    1270. 

  1270. 		p[0] = type;
    1271. 

  1271. 		put16(p+1, tr->version);
    1272. 

  1272. 		put16(p+3, n);
    1273. 

  1273. 

  1274. 		if(out->sec != nil){
    1275. 

  1275. 			put64(seq, out->seq);
    1276. 

  1276. 			out->seq++;
    1277. 

  1277. 			(*tr->packMac)(out->sec, out->sec->mackey, seq, p, p + RecHdrLen, n, p + RecHdrLen + n);
    1278. 

  1278. 			n += maclen;
    1279. 

  1279. 

  1280. 			/* encrypt */
    1281. 

  1281. 			n = (*out->sec->enc)(out->sec, p + RecHdrLen, n);
    1282. 

  1282. 			nb->wp = p + RecHdrLen + n;
    1283. 

  1283. 

  1284. 			/* update length */
    1285. 

  1285. 			put16(p+3, n);
    1286. 

  1286. 		}
    1287. 

  1287. 		if(type == RChangeCipherSpec){
    1288. 

  1288. 			if(out->new == nil)
    1289. 

  1289. 				error("change cipher without a new cipher");
    1290. 

  1290. 			freeSec(out->sec);
    1291. 

  1291. 			out->sec = out->new;
    1292. 

  1292. 			out->new = nil;
    1293. 

  1293. 			out->seq = 0;
    1294. 

  1294. 		}
    1295. 

  1295. 		qunlock(&out->seclock);
    1296. 

  1296. 		poperror();
    1297. 

  1297. 

  1298. 		/*
    1299. 

  1299. 		 * if bwrite error's, we assume the block is queued.
    1300. 

  1300. 		 * if not, we're out of sync with the receiver and will not recover.
    1301. 

  1301. 		 */
    1302. 

  1302. 		if(waserror()){
    1303. 

  1303. 			if(strcmp(up->errstr, "interrupted") != 0)
    1304. 

  1304. 				tlsError(tr, "channel error");
    1305. 

  1305. 			nexterror();
    1306. 

  1306. 		}
    1307. 

  1307. 		devtab[tr->c->type]->bwrite(tr->c, nb, 0);
    1308. 

  1308. 		poperror();
    1309. 

  1309. 	}
    1310. 

  1310. 	qunlock(&out->io);
    1311. 

  1311. 	poperror();
    1312. 

  1312. }
    1313. 

  1313. 

  1314. static long
    1315. 

  1315. tlsbwrite(Chan *c, Block *b, ulong offset)
    1316. 

  1316. {
    1317. 

  1317. 	int ty;
    1318. 

  1318. 	ulong n;
    1319. 

  1319. 	TlsRec *tr;
    1320. 

  1320. 

  1321. 	n = BLEN(b);
    1322. 

  1322. 

  1323. 	tr = tlsdevs[CONV(c->qid)];
    1324. 

  1324. 	if(tr == nil)
    1325. 

  1325. 		panic("tlsbread");
    1326. 

  1326. 

  1327. 	ty = TYPE(c->qid);
    1328. 

  1328. 	switch(ty) {
    1329. 

  1329. 	default:
    1330. 

  1330. 		return devbwrite(c, b, offset);
    1331. 

  1331. 	case Qhand:
    1332. 

  1332. 		tlsrecwrite(tr, RHandshake, b);
    1333. 

  1333. 		tr->handout += n;
    1334. 

  1334. 		break;
    1335. 

  1335. 	case Qdata:
    1336. 

  1336. 		checkstate(tr, 0, SOpen);
    1337. 

  1337. 		tlsrecwrite(tr, RApplication, b);
    1338. 

  1338. 		tr->dataout += n;
    1339. 

  1339. 		break;
    1340. 

  1340. 	}
    1341. 

  1341. 

  1342. 	return n;
    1343. 

  1343. }
    1344. 

  1344. 

  1345. typedef struct Hashalg Hashalg;
    1346. 

  1346. struct Hashalg
    1347. 

  1347. {
    1348. 

  1348. 	char	*name;
    1349. 

  1349. 	int	maclen;
    1350. 

  1350. 	void	(*initkey)(Hashalg *, int, Secret *, uchar*);
    1351. 

  1351. };
    1352. 

  1352. 

  1353. static void
    1354. 

  1354. initmd5key(Hashalg *ha, int version, Secret *s, uchar *p)
    1355. 

  1355. {
    1356. 

  1356. 	s->maclen = ha->maclen;
    1357. 

  1357. 	if(version == SSL3Version)
    1358. 

  1358. 		s->mac = sslmac_md5;
    1359. 

  1359. 	else
    1360. 

  1360. 		s->mac = hmac_md5;
    1361. 

  1361. 	memmove(s->mackey, p, ha->maclen);
    1362. 

  1362. }
    1363. 

  1363. 

  1364. static void
    1365. 

  1365. initclearmac(Hashalg *, int, Secret *s, uchar *)
    1366. 

  1366. {
    1367. 

  1367. 	s->maclen = 0;
    1368. 

  1368. 	s->mac = nomac;
    1369. 

  1369. }
    1370. 

  1370. 

  1371. static void
    1372. 

  1372. initsha1key(Hashalg *ha, int version, Secret *s, uchar *p)
    1373. 

  1373. {
    1374. 

  1374. 	s->maclen = ha->maclen;
    1375. 

  1375. 	if(version == SSL3Version)
    1376. 

  1376. 		s->mac = sslmac_sha1;
    1377. 

  1377. 	else
    1378. 

  1378. 		s->mac = hmac_sha1;
    1379. 

  1379. 	memmove(s->mackey, p, ha->maclen);
    1380. 

  1380. }
    1381. 

  1381. 

  1382. static Hashalg hashtab[] =
    1383. 

  1383. {
    1384. 

  1384. 	{ "clear", 0, initclearmac, },
    1385. 

  1385. 	{ "md5", MD5dlen, initmd5key, },
    1386. 

  1386. 	{ "sha1", SHA1dlen, initsha1key, },
    1387. 

  1387. 	{ 0 }
    1388. 

  1388. };
    1389. 

  1389. 

  1390. static Hashalg*
    1391. 

  1391. parsehashalg(char *p)
    1392. 

  1392. {
    1393. 

  1393. 	Hashalg *ha;
    1394. 

  1394. 

  1395. 	for(ha = hashtab; ha->name; ha++)
    1396. 

  1396. 		if(strcmp(p, ha->name) == 0)
    1397. 

  1397. 			return ha;
    1398. 

  1398. 	error("unsupported hash algorithm");
    1399. 

  1399. 	return nil;
    1400. 

  1400. }
    1401. 

  1401. 

  1402. typedef struct Encalg Encalg;
    1403. 

  1403. struct Encalg
    1404. 

  1404. {
    1405. 

  1405. 	char	*name;
    1406. 

  1406. 	int	keylen;
    1407. 

  1407. 	int	ivlen;
    1408. 

  1408. 	void	(*initkey)(Encalg *ea, Secret *, uchar*, uchar*);
    1409. 

  1409. };
    1410. 

  1410. 

  1411. static void
    1412. 

  1412. initRC4key(Encalg *ea, Secret *s, uchar *p, uchar *)
    1413. 

  1413. {
    1414. 

  1414. 	s->enckey = smalloc(sizeof(RC4state));
    1415. 

  1415. 	s->enc = rc4enc;
    1416. 

  1416. 	s->dec = rc4enc;
    1417. 

  1417. 	s->block = 0;
    1418. 

  1418. 	setupRC4state(s->enckey, p, ea->keylen);
    1419. 

  1419. }
    1420. 

  1420. 

  1421. static void
    1422. 

  1422. initDES3key(Encalg *, Secret *s, uchar *p, uchar *iv)
    1423. 

  1423. {
    1424. 

  1424. 	s->enckey = smalloc(sizeof(DES3state));
    1425. 

  1425. 	s->enc = des3enc;
    1426. 

  1426. 	s->dec = des3dec;
    1427. 

  1427. 	s->block = 8;
    1428. 

  1428. 	setupDES3state(s->enckey, (uchar(*)[8])p, iv);
    1429. 

  1429. }
    1430. 

  1430. 

  1431. static void
    1432. 

  1432. initclearenc(Encalg *, Secret *s, uchar *, uchar *)
    1433. 

  1433. {
    1434. 

  1434. 	s->enc = noenc;
    1435. 

  1435. 	s->dec = noenc;
    1436. 

  1436. 	s->block = 0;
    1437. 

  1437. }
    1438. 

  1438. 

  1439. static Encalg encrypttab[] =
    1440. 

  1440. {
    1441. 

  1441. 	{ "clear", 0, 0, initclearenc },
    1442. 

  1442. 	{ "rc4_128", 128/8, 0, initRC4key },
    1443. 

  1443. 	{ "3des_ede_cbc", 3 * 8, 8, initDES3key },
    1444. 

  1444. 	{ 0 }
    1445. 

  1445. };
    1446. 

  1446. 

  1447. static Encalg*
    1448. 

  1448. parseencalg(char *p)
    1449. 

  1449. {
    1450. 

  1450. 	Encalg *ea;
    1451. 

  1451. 

  1452. 	for(ea = encrypttab; ea->name; ea++)
    1453. 

  1453. 		if(strcmp(p, ea->name) == 0)
    1454. 

  1454. 			return ea;
    1455. 

  1455. 	error("unsupported encryption algorithm");
    1456. 

  1456. 	return nil;
    1457. 

  1457. }
    1458. 

  1458. 

  1459. static long
    1460. 

  1460. tlswrite(Chan *c, void *a, long n, vlong off)
    1461. 

  1461. {
    1462. 

  1462. 	Encalg *ea;
    1463. 

  1463. 	Hashalg *ha;
    1464. 

  1464. 	TlsRec *volatile tr;
    1465. 

  1465. 	Secret *volatile tos, *volatile toc;
    1466. 

  1466. 	Block *volatile b;
    1467. 

  1467. 	Cmdbuf *volatile cb;
    1468. 

  1468. 	int m, ty;
    1469. 

  1469. 	char *p, *e;
    1470. 

  1470. 	uchar *volatile x;
    1471. 

  1471. 	ulong offset = off;
    1472. 

  1472. 

  1473. 	tr = tlsdevs[CONV(c->qid)];
    1474. 

  1474. 	if(tr == nil)
    1475. 

  1475. 		panic("tlswrite");
    1476. 

  1476. 

  1477. 	ty = TYPE(c->qid);
    1478. 

  1478. 	switch(ty){
    1479. 

  1479. 	case Qdata:
    1480. 

  1480. 	case Qhand:
    1481. 

  1481. 		p = a;
    1482. 

  1482. 		e = p + n;
    1483. 

  1483. 		do{
    1484. 

  1484. 			m = e - p;
    1485. 

  1485. 			if(m > MaxRecLen)
    1486. 

  1486. 				m = MaxRecLen;
    1487. 

  1487. 

  1488. 			b = allocb(m);
    1489. 

  1489. 			if(waserror()){
    1490. 

  1490. 				freeb(b);
    1491. 

  1491. 				nexterror();
    1492. 

  1492. 			}
    1493. 

  1493. 			memmove(b->wp, p, m);
    1494. 

  1494. 			poperror();
    1495. 

  1495. 			b->wp += m;
    1496. 

  1496. 

  1497. 			tlsbwrite(c, b, offset);
    1498. 

  1498. 

  1499. 			p += m;
    1500. 

  1500. 		}while(p < e);
    1501. 

  1501. 		return n;
    1502. 

  1502. 	case Qctl:
    1503. 

  1503. 		break;
    1504. 

  1504. 	default:
    1505. 

  1505. 		error(Ebadusefd);
    1506. 

  1506. 		return -1;
    1507. 

  1507. 	}
    1508. 

  1508. 

  1509. 	cb = parsecmd(a, n);
    1510. 

  1510. 	if(waserror()){
    1511. 

  1511. 		free(cb);
    1512. 

  1512. 		nexterror();
    1513. 

  1513. 	}
    1514. 

  1514. 	if(cb->nf < 1)
    1515. 

  1515. 		error("short control request");
    1516. 

  1516. 

  1517. 	/* mutex with operations using what we're about to change */
    1518. 

  1518. 	if(waserror()){
    1519. 

  1519. 		qunlock(&tr->in.seclock);
    1520. 

  1520. 		qunlock(&tr->out.seclock);
    1521. 

  1521. 		nexterror();
    1522. 

  1522. 	}
    1523. 

  1523. 	qlock(&tr->in.seclock);
    1524. 

  1524. 	qlock(&tr->out.seclock);
    1525. 

  1525. 

  1526. 	if(strcmp(cb->f[0], "fd") == 0){
    1527. 

  1527. 		if(cb->nf != 3)
    1528. 

  1528. 			error("usage: fd open-fd version");
    1529. 

  1529. 		if(tr->c != nil)
    1530. 

  1530. 			error(Einuse);
    1531. 

  1531. 		m = strtol(cb->f[2], nil, 0);
    1532. 

  1532. 		if(m < MinProtoVersion || m > MaxProtoVersion)
    1533. 

  1533. 			error("unsupported version");
    1534. 

  1534. 		tr->c = buftochan(cb->f[1]);
    1535. 

  1535. 		tr->version = m;
    1536. 

  1536. 		tlsSetState(tr, SHandshake, SClosed);
    1537. 

  1537. 	}else if(strcmp(cb->f[0], "version") == 0){
    1538. 

  1538. 		if(cb->nf != 2)
    1539. 

  1539. 			error("usage: version vers");
    1540. 

  1540. 		if(tr->c == nil)
    1541. 

  1541. 			error("must set fd before version");
    1542. 

  1542. 		if(tr->verset)
    1543. 

  1543. 			error("version already set");
    1544. 

  1544. 		m = strtol(cb->f[1], nil, 0);
    1545. 

  1545. 		if(m == SSL3Version)
    1546. 

  1546. 			tr->packMac = sslPackMac;
    1547. 

  1547. 		else if(m == TLSVersion)
    1548. 

  1548. 			tr->packMac = tlsPackMac;
    1549. 

  1549. 		else
    1550. 

  1550. 			error("unsupported version");
    1551. 

  1551. 		tr->verset = 1;
    1552. 

  1552. 		tr->version = m;
    1553. 

  1553. 	}else if(strcmp(cb->f[0], "secret") == 0){
    1554. 

  1554. 		if(cb->nf != 5)
    1555. 

  1555. 			error("usage: secret hashalg encalg isclient secretdata");
    1556. 

  1556. 		if(tr->c == nil || !tr->verset)
    1557. 

  1557. 			error("must set fd and version before secrets");
    1558. 

  1558. 

  1559. 		if(tr->in.new != nil){
    1560. 

  1560. 			freeSec(tr->in.new);
    1561. 

  1561. 			tr->in.new = nil;
    1562. 

  1562. 		}
    1563. 

  1563. 		if(tr->out.new != nil){
    1564. 

  1564. 			freeSec(tr->out.new);
    1565. 

  1565. 			tr->out.new = nil;
    1566. 

  1566. 		}
    1567. 

  1567. 

  1568. 		ha = parsehashalg(cb->f[1]);
    1569. 

  1569. 		ea = parseencalg(cb->f[2]);
    1570. 

  1570. 

  1571. 		p = cb->f[4];
    1572. 

  1572. 		m = (strlen(p)*3)/2;
    1573. 

  1573. 		x = smalloc(m);
    1574. 

  1574. 		tos = nil;
    1575. 

  1575. 		toc = nil;
    1576. 

  1576. 		if(waserror()){
    1577. 

  1577. 			freeSec(tos);
    1578. 

  1578. 			freeSec(toc);
    1579. 

  1579. 			free(x);
    1580. 

  1580. 			nexterror();
    1581. 

  1581. 		}
    1582. 

  1582. 		m = dec64(x, m, p, strlen(p));
    1583. 

  1583. 		if(m < 2 * ha->maclen + 2 * ea->keylen + 2 * ea->ivlen)
    1584. 

  1584. 			error("not enough secret data provided");
    1585. 

  1585. 

  1586. 		tos = smalloc(sizeof(Secret));
    1587. 

  1587. 		toc = smalloc(sizeof(Secret));
    1588. 

  1588. 		if(!ha->initkey || !ea->initkey)
    1589. 

  1589. 			error("misimplemented secret algorithm");
    1590. 

  1590. 		(*ha->initkey)(ha, tr->version, tos, &x[0]);
    1591. 

  1591. 		(*ha->initkey)(ha, tr->version, toc, &x[ha->maclen]);
    1592. 

  1592. 		(*ea->initkey)(ea, tos, &x[2 * ha->maclen], &x[2 * ha->maclen + 2 * ea->keylen]);
    1593. 

  1593. 		(*ea->initkey)(ea, toc, &x[2 * ha->maclen + ea->keylen], &x[2 * ha->maclen + 2 * ea->keylen + ea->ivlen]);
    1594. 

  1594. 

  1595. 		if(!tos->mac || !tos->enc || !tos->dec
    1596. 

  1596. 		|| !toc->mac || !toc->enc || !toc->dec)
    1597. 

  1597. 			error("missing algorithm implementations");
    1598. 

  1598. 		if(strtol(cb->f[3], nil, 0) == 0){
    1599. 

  1599. 			tr->in.new = tos;
    1600. 

  1600. 			tr->out.new = toc;
    1601. 

  1601. 		}else{
    1602. 

  1602. 			tr->in.new = toc;
    1603. 

  1603. 			tr->out.new = tos;
    1604. 

  1604. 		}
    1605. 

  1605. 		if(tr->version == SSL3Version){
    1606. 

  1606. 			toc->unpad = sslunpad;
    1607. 

  1607. 			tos->unpad = sslunpad;
    1608. 

  1608. 		}else{
    1609. 

  1609. 			toc->unpad = tlsunpad;
    1610. 

  1610. 			tos->unpad = tlsunpad;
    1611. 

  1611. 		}
    1612. 

  1612. 		toc->encalg = ea->name;
    1613. 

  1613. 		toc->hashalg = ha->name;
    1614. 

  1614. 		tos->encalg = ea->name;
    1615. 

  1615. 		tos->hashalg = ha->name;
    1616. 

  1616. 

  1617. 		free(x);
    1618. 

  1618. 		poperror();
    1619. 

  1619. 	}else if(strcmp(cb->f[0], "changecipher") == 0){
    1620. 

  1620. 		if(cb->nf != 1)
    1621. 

  1621. 			error("usage: changecipher");
    1622. 

  1622. 		if(tr->out.new == nil)
    1623. 

  1623. 			error("cannot change cipher spec without setting secret");
    1624. 

  1624. 

  1625. 		qunlock(&tr->in.seclock);
    1626. 

  1626. 		qunlock(&tr->out.seclock);
    1627. 

  1627. 		poperror();
    1628. 

  1628. 		free(cb);
    1629. 

  1629. 		poperror();
    1630. 

  1630. 

  1631. 		/*
    1632. 

  1632. 		 * the real work is done as the message is written
    1633. 

  1633. 		 * so the stream is encrypted in sync.
    1634. 

  1634. 		 */
    1635. 

  1635. 		b = allocb(1);
    1636. 

  1636. 		*b->wp++ = 1;
    1637. 

  1637. 		tlsrecwrite(tr, RChangeCipherSpec, b);
    1638. 

  1638. 		return n;
    1639. 

  1639. 	}else if(strcmp(cb->f[0], "opened") == 0){
    1640. 

  1640. 		if(cb->nf != 1)
    1641. 

  1641. 			error("usage: opened");
    1642. 

  1642. 		if(tr->in.sec == nil || tr->out.sec == nil)
    1643. 

  1643. 			error("cipher must be configured before enabling data messages");
    1644. 

  1644. 		lock(&tr->statelk);
    1645. 

  1645. 		if(tr->state != SHandshake && tr->state != SOpen){
    1646. 

  1646. 			unlock(&tr->statelk);
    1647. 

  1647. 			error("cannot enable data messages");
    1648. 

  1648. 		}
    1649. 

  1649. 		tr->state = SOpen;
    1650. 

  1650. 		unlock(&tr->statelk);
    1651. 

  1651. 		tr->opened = 1;
    1652. 

  1652. 	}else if(strcmp(cb->f[0], "alert") == 0){
    1653. 

  1653. 		if(cb->nf != 2)
    1654. 

  1654. 			error("usage: alert n");
    1655. 

  1655. 		if(tr->c == nil)
    1656. 

  1656. 			error("must set fd before sending alerts");
    1657. 

  1657. 		m = strtol(cb->f[1], nil, 0);
    1658. 

  1658. 

  1659. 		qunlock(&tr->in.seclock);
    1660. 

  1660. 		qunlock(&tr->out.seclock);
    1661. 

  1661. 		poperror();
    1662. 

  1662. 		free(cb);
    1663. 

  1663. 		poperror();
    1664. 

  1664. 

  1665. 		sendAlert(tr, m);
    1666. 

  1666. 

  1667. 		if(m == ECloseNotify)
    1668. 

  1668. 			tlsclosed(tr, SLClose);
    1669. 

  1669. 

  1670. 		return n;
    1671. 

  1671. 	} else if(strcmp(cb->f[0], "debug") == 0){
    1672. 

  1672. 		if(cb->nf == 2){
    1673. 

  1673. 			if(strcmp(cb->f[1], "on") == 0)
    1674. 

  1674. 				tr->debug = 1;
    1675. 

  1675. 			else
    1676. 

  1676. 				tr->debug = 0;
    1677. 

  1677. 		} else
    1678. 

  1678. 			tr->debug = 1;
    1679. 

  1679. 	} else
    1680. 

  1680. 		error(Ebadarg);
    1681. 

  1681. 

  1682. 	qunlock(&tr->in.seclock);
    1683. 

  1683. 	qunlock(&tr->out.seclock);
    1684. 

  1684. 	poperror();
    1685. 

  1685. 	free(cb);
    1686. 

  1686. 	poperror();
    1687. 

  1687. 

  1688. 	return n;
    1689. 

  1689. }
    1690. 

  1690. 

  1691. static void
    1692. 

  1692. tlsinit(void)
    1693. 

  1693. {
    1694. 

  1694. 	struct Encalg *e;
    1695. 

  1695. 	struct Hashalg *h;
    1696. 

  1696. 	int n;
    1697. 

  1697. 	char *cp;
    1698. 

  1698. 	static int already;
    1699. 

  1699. 

  1700. 	if(!already){
    1701. 

  1701. 		fmtinstall('H', encodefmt);
    1702. 

  1702. 		already = 1;
    1703. 

  1703. 	}
    1704. 

  1704. 

  1705. 	tlsdevs = smalloc(sizeof(TlsRec*) * maxtlsdevs);
    1706. 

  1706. 	trnames = smalloc((sizeof *trnames) * maxtlsdevs);
    1707. 

  1707. 

  1708. 	n = 1;
    1709. 

  1709. 	for(e = encrypttab; e->name != nil; e++)
    1710. 

  1710. 		n += strlen(e->name) + 1;
    1711. 

  1711. 	cp = encalgs = smalloc(n);
    1712. 

  1712. 	for(e = encrypttab;;){
    1713. 

  1713. 		strcpy(cp, e->name);
    1714. 

  1714. 		cp += strlen(e->name);
    1715. 

  1715. 		e++;
    1716. 

  1716. 		if(e->name == nil)
    1717. 

  1717. 			break;
    1718. 

  1718. 		*cp++ = ' ';
    1719. 

  1719. 	}
    1720. 

  1720. 	*cp = 0;
    1721. 

  1721. 

  1722. 	n = 1;
    1723. 

  1723. 	for(h = hashtab; h->name != nil; h++)
    1724. 

  1724. 		n += strlen(h->name) + 1;
    1725. 

  1725. 	cp = hashalgs = smalloc(n);
    1726. 

  1726. 	for(h = hashtab;;){
    1727. 

  1727. 		strcpy(cp, h->name);
    1728. 

  1728. 		cp += strlen(h->name);
    1729. 

  1729. 		h++;
    1730. 

  1730. 		if(h->name == nil)
    1731. 

  1731. 			break;
    1732. 

  1732. 		*cp++ = ' ';
    1733. 

  1733. 	}
    1734. 

  1734. 	*cp = 0;
    1735. 

  1735. }
    1736. 

  1736. 

  1737. Dev tlsdevtab = {
    1738. 

  1738. 	'a',
    1739. 

  1739. 	"tls",
    1740. 

  1740. 

  1741. 	devreset,
    1742. 

  1742. 	tlsinit,
    1743. 

  1743. 	devshutdown,
    1744. 

  1744. 	tlsattach,
    1745. 

  1745. 	tlswalk,
    1746. 

  1746. 	tlsstat,
    1747. 

  1747. 	tlsopen,
    1748. 

  1748. 	devcreate,
    1749. 

  1749. 	tlsclose,
    1750. 

  1750. 	tlsread,
    1751. 

  1751. 	tlsbread,
    1752. 

  1752. 	tlswrite,
    1753. 

  1753. 	tlsbwrite,
    1754. 

  1754. 	devremove,
    1755. 

  1755. 	tlswstat,
    1756. 

  1756. };
    1757. 

  1757. 

  1758. /* get channel associated with an fd */
    1759. 

  1759. static Chan*
    1760. 

  1760. buftochan(char *p)
    1761. 

  1761. {
    1762. 

  1762. 	Chan *c;
    1763. 

  1763. 	int fd;
    1764. 

  1764. 

  1765. 	if(p == 0)
    1766. 

  1766. 		error(Ebadarg);
    1767. 

  1767. 	fd = strtoul(p, 0, 0);
    1768. 

  1768. 	if(fd < 0)
    1769. 

  1769. 		error(Ebadarg);
    1770. 

  1770. 	c = fdtochan(fd, -1, 0, 1);	/* error check and inc ref */
    1771. 

  1771. 	return c;
    1772. 

  1772. }
    1773. 

  1773. 

  1774. static void
    1775. 

  1775. sendAlert(TlsRec *tr, int err)
    1776. 

  1776. {
    1777. 

  1777. 	Block *b;
    1778. 

  1778. 	int i, fatal;
    1779. 

  1779. 	char *msg;
    1780. 

  1780. 

  1781. if(tr->debug)pprint("sendAlert %d\n", err);
    1782. 

  1782. 	fatal = 1;
    1783. 

  1783. 	msg = "tls unknown alert";
    1784. 

  1784. 	for(i=0; i < nelem(tlserrs); i++) {
    1785. 

  1785. 		if(tlserrs[i].err == err) {
    1786. 

  1786. 			msg = tlserrs[i].msg;
    1787. 

  1787. 			if(tr->version == SSL3Version)
    1788. 

  1788. 				err = tlserrs[i].sslerr;
    1789. 

  1789. 			else
    1790. 

  1790. 				err = tlserrs[i].tlserr;
    1791. 

  1791. 			fatal = tlserrs[i].fatal;
    1792. 

  1792. 			break;
    1793. 

  1793. 		}
    1794. 

  1794. 	}
    1795. 

  1795. 

  1796. 	if(!waserror()){
    1797. 

  1797. 		b = allocb(2);
    1798. 

  1798. 		*b->wp++ = fatal + 1;
    1799. 

  1799. 		*b->wp++ = err;
    1800. 

  1800. 		if(fatal)
    1801. 

  1801. 			tlsSetState(tr, SAlert, SOpen|SHandshake|SRClose);
    1802. 

  1802. 		tlsrecwrite(tr, RAlert, b);
    1803. 

  1803. 		poperror();
    1804. 

  1804. 	}
    1805. 

  1805. 	if(fatal)
    1806. 

  1806. 		tlsError(tr, msg);
    1807. 

  1807. }
    1808. 

  1808. 

  1809. static void
    1810. 

  1810. tlsError(TlsRec *tr, char *msg)
    1811. 

  1811. {
    1812. 

  1812. 	int s;
    1813. 

  1813. 

  1814. if(tr->debug)pprint("tleError %s\n", msg);
    1815. 

  1815. 	lock(&tr->statelk);
    1816. 

  1816. 	s = tr->state;
    1817. 

  1817. 	tr->state = SError;
    1818. 

  1818. 	if(s != SError){
    1819. 

  1819. 		strncpy(tr->err, msg, ERRMAX - 1);
    1820. 

  1820. 		tr->err[ERRMAX - 1] = '\0';
    1821. 

  1821. 	}
    1822. 

  1822. 	unlock(&tr->statelk);
    1823. 

  1823. 	if(s != SError)
    1824. 

  1824. 		alertHand(tr, msg);
    1825. 

  1825. }
    1826. 

  1826. 

  1827. static void
    1828. 

  1828. tlsSetState(TlsRec *tr, int new, int old)
    1829. 

  1829. {
    1830. 

  1830. 	lock(&tr->statelk);
    1831. 

  1831. 	if(tr->state & old)
    1832. 

  1832. 		tr->state = new;
    1833. 

  1833. 	unlock(&tr->statelk);
    1834. 

  1834. }
    1835. 

  1835. 

  1836. /* hand up a digest connection */
    1837. 

  1837. static void
    1838. 

  1838. tlshangup(TlsRec *tr)
    1839. 

  1839. {
    1840. 

  1840. 	Block *b;
    1841. 

  1841. 

  1842. 	qlock(&tr->in.io);
    1843. 

  1843. 	for(b = tr->processed; b; b = tr->processed){
    1844. 

  1844. 		tr->processed = b->next;
    1845. 

  1845. 		freeb(b);
    1846. 

  1846. 	}
    1847. 

  1847. 	if(tr->unprocessed != nil){
    1848. 

  1848. 		freeb(tr->unprocessed);
    1849. 

  1849. 		tr->unprocessed = nil;
    1850. 

  1850. 	}
    1851. 

  1851. 	qunlock(&tr->in.io);
    1852. 

  1852. 

  1853. 	tlsSetState(tr, SClosed, ~0);
    1854. 

  1854. }
    1855. 

  1855. 

  1856. static TlsRec*
    1857. 

  1857. newtls(Chan *ch)
    1858. 

  1858. {
    1859. 

  1859. 	TlsRec **pp, **ep, **np;
    1860. 

  1860. 	char **nmp;
    1861. 

  1861. 	int t, newmax;
    1862. 

  1862. 

  1863. 	if(waserror()) {
    1864. 

  1864. 		unlock(&tdlock);
    1865. 

  1865. 		nexterror();
    1866. 

  1866. 	}
    1867. 

  1867. 	lock(&tdlock);
    1868. 

  1868. 	ep = &tlsdevs[maxtlsdevs];
    1869. 

  1869. 	for(pp = tlsdevs; pp < ep; pp++)
    1870. 

  1870. 		if(*pp == nil)
    1871. 

  1871. 			break;
    1872. 

  1872. 	if(pp >= ep) {
    1873. 

  1873. 		if(maxtlsdevs >= MaxTlsDevs) {
    1874. 

  1874. 			unlock(&tdlock);
    1875. 

  1875. 			poperror();
    1876. 

  1876. 			return nil;
    1877. 

  1877. 		}
    1878. 

  1878. 		newmax = 2 * maxtlsdevs;
    1879. 

  1879. 		if(newmax > MaxTlsDevs)
    1880. 

  1880. 			newmax = MaxTlsDevs;
    1881. 

  1881. 		np = smalloc(sizeof(TlsRec*) * newmax);
    1882. 

  1882. 		memmove(np, tlsdevs, sizeof(TlsRec*) * maxtlsdevs);
    1883. 

  1883. 		tlsdevs = np;
    1884. 

  1884. 		pp = &tlsdevs[maxtlsdevs];
    1885. 

  1885. 		memset(pp, 0, sizeof(TlsRec*)*(newmax - maxtlsdevs));
    1886. 

  1886. 

  1887. 		nmp = smalloc(sizeof *nmp * newmax);
    1888. 

  1888. 		memmove(nmp, trnames, sizeof *nmp * maxtlsdevs);
    1889. 

  1889. 		trnames = nmp;
    1890. 

  1890. 

  1891. 		maxtlsdevs = newmax;
    1892. 

  1892. 	}
    1893. 

  1893. 	*pp = mktlsrec();
    1894. 

  1894. 	if(pp - tlsdevs >= tdhiwat)
    1895. 

  1895. 		tdhiwat++;
    1896. 

  1896. 	t = TYPE(ch->qid);
    1897. 

  1897. 	if(t == Qclonus)
    1898. 

  1898. 		t = Qctl;
    1899. 

  1899. 	ch->qid.path = QID(pp - tlsdevs, t);
    1900. 

  1900. 	ch->qid.vers = 0;
    1901. 

  1901. 	unlock(&tdlock);
    1902. 

  1902. 	poperror();
    1903. 

  1903. 	return *pp;
    1904. 

  1904. }
    1905. 

  1905. 

  1906. static TlsRec *
    1907. 

  1907. mktlsrec(void)
    1908. 

  1908. {
    1909. 

  1909. 	TlsRec *tr;
    1910. 

  1910. 

  1911. 	tr = mallocz(sizeof(*tr), 1);
    1912. 

  1912. 	if(tr == nil)
    1913. 

  1913. 		error(Enomem);
    1914. 

  1914. 	tr->state = SClosed;
    1915. 

  1915. 	tr->ref = 1;
    1916. 

  1916. 	kstrdup(&tr->user, up->user);
    1917. 

  1917. 	tr->perm = 0660;
    1918. 

  1918. 	return tr;
    1919. 

  1919. }
    1920. 

  1920. 

  1921. static char*
    1922. 

  1922. tlsstate(int s)
    1923. 

  1923. {
    1924. 

  1924. 	switch(s){
    1925. 

  1925. 	case SHandshake:
    1926. 

  1926. 		return "Handshaking";
    1927. 

  1927. 	case SOpen:
    1928. 

  1928. 		return "Established";
    1929. 

  1929. 	case SRClose:
    1930. 

  1930. 		return "RemoteClosed";
    1931. 

  1931. 	case SLClose:
    1932. 

  1932. 		return "LocalClosed";
    1933. 

  1933. 	case SAlert:
    1934. 

  1934. 		return "Alerting";
    1935. 

  1935. 	case SError:
    1936. 

  1936. 		return "Errored";
    1937. 

  1937. 	case SClosed:
    1938. 

  1938. 		return "Closed";
    1939. 

  1939. 	}
    1940. 

  1940. 	return "Unknown";
    1941. 

  1941. }
    1942. 

  1942. 

  1943. static void
    1944. 

  1944. freeSec(Secret *s)
    1945. 

  1945. {
    1946. 

  1946. 	if(s != nil){
    1947. 

  1947. 		free(s->enckey);
    1948. 

  1948. 		free(s);
    1949. 

  1949. 	}
    1950. 

  1950. }
    1951. 

  1951. 

  1952. static int
    1953. 

  1953. noenc(Secret *, uchar *, int n)
    1954. 

  1954. {
    1955. 

  1955. 	return n;
    1956. 

  1956. }
    1957. 

  1957. 

  1958. static int
    1959. 

  1959. rc4enc(Secret *sec, uchar *buf, int n)
    1960. 

  1960. {
    1961. 

  1961. 	rc4(sec->enckey, buf, n);
    1962. 

  1962. 	return n;
    1963. 

  1963. }
    1964. 

  1964. 

  1965. static int
    1966. 

  1966. tlsunpad(uchar *buf, int n, int block)
    1967. 

  1967. {
    1968. 

  1968. 	int pad, nn;
    1969. 

  1969. 

  1970. 	pad = buf[n - 1];
    1971. 

  1971. 	nn = n - 1 - pad;
    1972. 

  1972. 	if(nn <= 0 || n % block)
    1973. 

  1973. 		return -1;
    1974. 

  1974. 	while(--n > nn)
    1975. 

  1975. 		if(pad != buf[n - 1])
    1976. 

  1976. 			return -1;
    1977. 

  1977. 	return nn;
    1978. 

  1978. }
    1979. 

  1979. 

  1980. static int
    1981. 

  1981. sslunpad(uchar *buf, int n, int block)
    1982. 

  1982. {
    1983. 

  1983. 	int pad, nn;
    1984. 

  1984. 

  1985. 	pad = buf[n - 1];
    1986. 

  1986. 	nn = n - 1 - pad;
    1987. 

  1987. 	if(nn <= 0 || n % block)
    1988. 

  1988. 		return -1;
    1989. 

  1989. 	return nn;
    1990. 

  1990. }
    1991. 

  1991. 

  1992. static int
    1993. 

  1993. blockpad(uchar *buf, int n, int block)
    1994. 

  1994. {
    1995. 

  1995. 	int pad, nn;
    1996. 

  1996. 

  1997. 	nn = n + block;
    1998. 

  1998. 	nn -= nn % block;
    1999. 

  1999. 	pad = nn - (n + 1);
    2000. 

  2000. 	while(n < nn)
    2001. 

  2001. 		buf[n++] = pad;
    2002. 

  2002. 	return nn;
    2003. 

  2003. }
    2004. 

  2004. 		
    2005. 

  2005. static int
    2006. 

  2006. des3enc(Secret *sec, uchar *buf, int n)
    2007. 

  2007. {
    2008. 

  2008. 	n = blockpad(buf, n, 8);
    2009. 

  2009. 	des3CBCencrypt(buf, n, sec->enckey);
    2010. 

  2010. 	return n;
    2011. 

  2011. }
    2012. 

  2012. 

  2013. static int
    2014. 

  2014. des3dec(Secret *sec, uchar *buf, int n)
    2015. 

  2015. {
    2016. 

  2016. 	des3CBCdecrypt(buf, n, sec->enckey);
    2017. 

  2017. 	return (*sec->unpad)(buf, n, 8);
    2018. 

  2018. }
    2019. 

  2019. static DigestState*
    2020. 

  2020. nomac(uchar *, ulong, uchar *, ulong, uchar *, DigestState *)
    2021. 

  2021. {
    2022. 

  2022. 	return nil;
    2023. 

  2023. }
    2024. 

  2024. 

  2025. /*
    2026. 

  2026.  * sslmac: mac calculations for ssl 3.0 only; tls 1.0 uses the standard hmac.
    2027. 

  2027.  */
    2028. 

  2028. static DigestState*
    2029. 

  2029. sslmac_x(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s,
    2030. 

  2030. 	DigestState*(*x)(uchar*, ulong, uchar*, DigestState*), int xlen, int padlen)
    2031. 

  2031. {
    2032. 

  2032. 	int i;
    2033. 

  2033. 	uchar pad[48], innerdigest[20];
    2034. 

  2034. 

  2035. 	if(xlen > sizeof(innerdigest)
    2036. 

  2036. 	|| padlen > sizeof(pad))
    2037. 

  2037. 		return nil;
    2038. 

  2038. 

  2039. 	if(klen>64)
    2040. 

  2040. 		return nil;
    2041. 

  2041. 

  2042. 	/* first time through */
    2043. 

  2043. 	if(s == nil){
    2044. 

  2044. 		for(i=0; i<padlen; i++)
    2045. 

  2045. 			pad[i] = 0x36;
    2046. 

  2046. 		s = (*x)(key, klen, nil, nil);
    2047. 

  2047. 		s = (*x)(pad, padlen, nil, s);
    2048. 

  2048. 		if(s == nil)
    2049. 

  2049. 			return nil;
    2050. 

  2050. 	}
    2051. 

  2051. 

  2052. 	s = (*x)(p, len, nil, s);
    2053. 

  2053. 	if(digest == nil)
    2054. 

  2054. 		return s;
    2055. 

  2055. 

  2056. 	/* last time through */
    2057. 

  2057. 	for(i=0; i<padlen; i++)
    2058. 

  2058. 		pad[i] = 0x5c;
    2059. 

  2059. 	(*x)(nil, 0, innerdigest, s);
    2060. 

  2060. 	s = (*x)(key, klen, nil, nil);
    2061. 

  2061. 	s = (*x)(pad, padlen, nil, s);
    2062. 

  2062. 	(*x)(innerdigest, xlen, digest, s);
    2063. 

  2063. 	return nil;
    2064. 

  2064. }
    2065. 

  2065. 

  2066. static DigestState*
    2067. 

  2067. sslmac_sha1(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s)
    2068. 

  2068. {
    2069. 

  2069. 	return sslmac_x(p, len, key, klen, digest, s, sha1, SHA1dlen, 40);
    2070. 

  2070. }
    2071. 

  2071. 

  2072. static DigestState*
    2073. 

  2073. sslmac_md5(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s)
    2074. 

  2074. {
    2075. 

  2075. 	return sslmac_x(p, len, key, klen, digest, s, md5, MD5dlen, 48);
    2076. 

  2076. }
    2077. 

  2077. 

  2078. static void
    2079. 

  2079. sslPackMac(Secret *sec, uchar *mackey, uchar *seq, uchar *header, uchar *body, int len, uchar *mac)
    2080. 

  2080. {
    2081. 

  2081. 	DigestState *s;
    2082. 

  2082. 	uchar buf[11];
    2083. 

  2083. 

  2084. 	memmove(buf, seq, 8);
    2085. 

  2085. 	buf[8] = header[0];
    2086. 

  2086. 	buf[9] = header[3];
    2087. 

  2087. 	buf[10] = header[4];
    2088. 

  2088. 

  2089. 	s = (*sec->mac)(buf, 11, mackey, sec->maclen, 0, 0);
    2090. 

  2090. 	(*sec->mac)(body, len, mackey, sec->maclen, mac, s);
    2091. 

  2091. }
    2092. 

  2092. 

  2093. static void
    2094. 

  2094. tlsPackMac(Secret *sec, uchar *mackey, uchar *seq, uchar *header, uchar *body, int len, uchar *mac)
    2095. 

  2095. {
    2096. 

  2096. 	DigestState *s;
    2097. 

  2097. 	uchar buf[13];
    2098. 

  2098. 

  2099. 	memmove(buf, seq, 8);
    2100. 

  2100. 	memmove(&buf[8], header, 5);
    2101. 

  2101. 

  2102. 	s = (*sec->mac)(buf, 13, mackey, sec->maclen, 0, 0);
    2103. 

  2103. 	(*sec->mac)(body, len, mackey, sec->maclen, mac, s);
    2104. 

  2104. }
    2105. 

  2105. 

  2106. static void
    2107. 

  2107. put32(uchar *p, u32int x)
    2108. 

  2108. {
    2109. 

  2109. 	p[0] = x>>24;
    2110. 

  2110. 	p[1] = x>>16;
    2111. 

  2111. 	p[2] = x>>8;
    2112. 

  2112. 	p[3] = x;
    2113. 

  2113. }
    2114. 

  2114. 

  2115. static void
    2116. 

  2116. put64(uchar *p, vlong x)
    2117. 

  2117. {
    2118. 

  2118. 	put32(p, (u32int)(x >> 32));
    2119. 

  2119. 	put32(p+4, (u32int)x);
    2120. 

  2120. }
    2121. 

  2121. 

  2122. static void
    2123. 

  2123. put24(uchar *p, int x)
    2124. 

  2124. {
    2125. 

  2125. 	p[0] = x>>16;
    2126. 

  2126. 	p[1] = x>>8;
    2127. 

  2127. 	p[2] = x;
    2128. 

  2128. }
    2129. 

  2129. 

  2130. static void
    2131. 

  2131. put16(uchar *p, int x)
    2132. 

  2132. {
    2133. 

  2133. 	p[0] = x>>8;
    2134. 

  2134. 	p[1] = x;
    2135. 

  2135. }
    2136. 

  2136. 

  2137. static u32int
    2138. 

  2138. get32(uchar *p)
    2139. 

  2139. {
    2140. 

  2140. 	return (p[0]<<24)|(p[1]<<16)|(p[2]<<8)|p[3];
    2141. 

  2141. }
    2142. 

  2142. 

  2143. static int
    2144. 

  2144. get16(uchar *p)
    2145. 

  2145. {
    2146. 

  2146. 	return (p[0]<<8)|p[1];
    2147. 

  2147. }
    2148. 

  2148. 

  2149. static char *charmap = "0123456789abcdef";
    2150. 

  2150. 

  2151. static void
    2152. 

  2152. pdump(int len, void *a, char *tag)
    2153. 

  2153. {
    2154. 

  2154. 	uchar *p;
    2155. 

  2155. 	int i;
    2156. 

  2156. 	char buf[65+32];
    2157. 

  2157. 	char *q;
    2158. 

  2158. 

  2159. 	p = a;
    2160. 

  2160. 	strcpy(buf, tag);
    2161. 

  2161. 	while(len > 0){
    2162. 

  2162. 		q = buf + strlen(tag);
    2163. 

  2163. 		for(i = 0; len > 0 && i < 32; i++){
    2164. 

  2164. 			if(*p >= ' ' && *p < 0x7f){
    2165. 

  2165. 				*q++ = ' ';
    2166. 

  2166. 				*q++ = *p;
    2167. 

  2167. 			} else {
    2168. 

  2168. 				*q++ = charmap[*p>>4];
    2169. 

  2169. 				*q++ = charmap[*p & 0xf];
    2170. 

  2170. 			}
    2171. 

  2171. 			len--;
    2172. 

  2172. 			p++;
    2173. 

  2173. 		}
    2174. 

  2174. 		*q = 0;
    2175. 

  2175. 

  2176. 		if(len > 0)
    2177. 

  2177. 			pprint("%s...\n", buf);
    2178. 

  2178. 		else
    2179. 

  2179. 			pprint("%s\n", buf);
    2180. 

  2180. 	}
    2181. 

  2181. }
    2182.