>
> The protocol specification describes this. The implementation in
> src/modules/rlm_eap/ contains diagrams of the packets it expects to
> receive.
>
> Alan DeKok.
>
>
Thank you Alan, but now I have a new problem. I have been reading the
src/modules/rlm_eap/ to understand my problem but I don't find the
issue. In TLS establishment, the public key in the server.cert is 128
bytes length. I generate a random string of 46 bytes and the protocol
version (TLS 1.0 (0x03, 0x01)) and I use the SSL function
RSA_public_encrypt() with server's public key to encrypt the
PreMasterSecret. As a result I get a 128 length string. As I send this
data to the server, I get a "tls rsa encrypted length is wrong:
s3_srvr.c: 1450:"
Can anybody please tell me where can be my problem? Here is my code
for exemple.
void Client_Key_Exchange (SSLData *ClientSSLData, unsigned short
*length, char *HandshakeMessages, unsigned short *length_Hndshk, char
*buff)
{
char *PreMasterSecret = (char*) _MEMORY_Allocate (58 ,
true);
char *EncryptedPreMasterSecret = (char*) _MEMORY_Allocate (128, true);
char *temp = (char*) _MEMORY_Allocate
(58 , true);
unsigned char *tmpCert = _MEMORY_Allocate
(ClientSSLData->certificate_len + 128, true);
_RANDOM_MakeCharString (temp, 46);
PreMasterSecret [0] = 0x03;
PreMasterSecret [1] = 0x01;
for (register int i = 0; i<46; i++)
{
PreMasterSecret[i+2] = temp [i];
ClientSSLData->PreMasterSecret[i] = PreMasterSecret[i];
}
for (i = 0; i < ClientSSLData->certificate_len; i++)
tmpCert[i] =(unsigned char) ClientSSLData->certificate[i];
//----- OpenSSL Functions -----
RSA *server_public_key;
X509 *cert = X509_new ();
EVP_PKEY *evp = EVP_PKEY_new ();
X509 *err = d2i_X509 (&cert, (unsigned char**) &tmpCert,
(ClientSSLData->certificate_len) );
//----- d2i_509 Function retrives tmpCert pointer advanced the number
of bytes read -----
tmpCert = tmpCert - (ClientSSLData->certificate_len);
//----- We get the public key from the Server certificate -----
evp = X509_get_pubkey(cert);
server_public_key = (RSA *) evp->pkey.ptr;
int rsasize = RSA_size(server_public_key);
//----- We get the PreMasterSecret encrypted -----
int Encrypted_len = RSA_public_encrypt(48, (BYTE*) PreMasterSecret,
(unsigned char*)EncryptedPreMasterSecret, server_public_key,
RSA_PKCS1_PADDING);
ClientSSLData->bufferSSL[(*length)++] = 0x16; // Handshake
Message
ClientSSLData->bufferSSL[(*length)++] = 0x03; // Version
ClientSSLData->bufferSSL[(*length)++] = 0x01; // Version
ClientSSLData->bufferSSL[(*length)++] = (Encrypted_len + 6) / 256;
// Length
ClientSSLData->bufferSSL[(*length)++] = (Encrypted_len + 6) % 256;
// Length
ClientSSLData->bufferSSL[(*length)++] = 0x10; // Client key
exchange
ClientSSLData->bufferSSL[(*length)++] = 0x00;
// Length
ClientSSLData->bufferSSL[(*length)++] = (Encrypted_len ) / 256;
// Length
ClientSSLData->bufferSSL[(*length)++] = (Encrypted_len ) % 256;
// Length
//----- Public key exchange -----
for (i = 0; i < Encrypted_len; i++)
{
buff[i] = EncryptedPreMasterSecret[i];
HandshakeMessages[(*length_Hndshk)++] =
EncryptedPreMasterSecret[i];
}
free (PreMasterSecret);
free (EncryptedPreMasterSecret);
free (temp);
free (tmpCert);
}
Thank you for your help. Juan Daniel MORENO
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
