mbed TLS upgraded to 2.6.0
Fork of mbedtls by
library/ssl_tls.c@1:9ebc941037d5, 2017-09-29 (annotated)
- Committer:
- Jasper Wallace
- Date:
- Fri Sep 29 18:41:59 2017 +0100
- Revision:
- 1:9ebc941037d5
- Parent:
- 0:cdf462088d13
- Child:
- 2:bbdeda018a3c
Update to mbedtls 2.4.2, security fixes
Changes to mbedtls sources made:
in include/mbedtls/config.h comment out:
#define MBEDTLS_FS_IO
#define MBEDTLS_NET_C
#define MBEDTLS_TIMING_C
uncomment:
#define MBEDTLS_NO_PLATFORM_ENTROPY
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
markrad | 0:cdf462088d13 | 1 | /* |
markrad | 0:cdf462088d13 | 2 | * SSLv3/TLSv1 shared functions |
markrad | 0:cdf462088d13 | 3 | * |
markrad | 0:cdf462088d13 | 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
markrad | 0:cdf462088d13 | 5 | * SPDX-License-Identifier: Apache-2.0 |
markrad | 0:cdf462088d13 | 6 | * |
markrad | 0:cdf462088d13 | 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
markrad | 0:cdf462088d13 | 8 | * not use this file except in compliance with the License. |
markrad | 0:cdf462088d13 | 9 | * You may obtain a copy of the License at |
markrad | 0:cdf462088d13 | 10 | * |
markrad | 0:cdf462088d13 | 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
markrad | 0:cdf462088d13 | 12 | * |
markrad | 0:cdf462088d13 | 13 | * Unless required by applicable law or agreed to in writing, software |
markrad | 0:cdf462088d13 | 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
markrad | 0:cdf462088d13 | 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
markrad | 0:cdf462088d13 | 16 | * See the License for the specific language governing permissions and |
markrad | 0:cdf462088d13 | 17 | * limitations under the License. |
markrad | 0:cdf462088d13 | 18 | * |
markrad | 0:cdf462088d13 | 19 | * This file is part of mbed TLS (https://tls.mbed.org) |
markrad | 0:cdf462088d13 | 20 | */ |
markrad | 0:cdf462088d13 | 21 | /* |
markrad | 0:cdf462088d13 | 22 | * The SSL 3.0 specification was drafted by Netscape in 1996, |
markrad | 0:cdf462088d13 | 23 | * and became an IETF standard in 1999. |
markrad | 0:cdf462088d13 | 24 | * |
markrad | 0:cdf462088d13 | 25 | * http://wp.netscape.com/eng/ssl3/ |
markrad | 0:cdf462088d13 | 26 | * http://www.ietf.org/rfc/rfc2246.txt |
markrad | 0:cdf462088d13 | 27 | * http://www.ietf.org/rfc/rfc4346.txt |
markrad | 0:cdf462088d13 | 28 | */ |
markrad | 0:cdf462088d13 | 29 | |
markrad | 0:cdf462088d13 | 30 | #if !defined(MBEDTLS_CONFIG_FILE) |
markrad | 0:cdf462088d13 | 31 | #include "mbedtls/config.h" |
markrad | 0:cdf462088d13 | 32 | #else |
markrad | 0:cdf462088d13 | 33 | #include MBEDTLS_CONFIG_FILE |
markrad | 0:cdf462088d13 | 34 | #endif |
markrad | 0:cdf462088d13 | 35 | |
markrad | 0:cdf462088d13 | 36 | #if defined(MBEDTLS_SSL_TLS_C) |
markrad | 0:cdf462088d13 | 37 | |
markrad | 0:cdf462088d13 | 38 | #if defined(MBEDTLS_PLATFORM_C) |
markrad | 0:cdf462088d13 | 39 | #include "mbedtls/platform.h" |
markrad | 0:cdf462088d13 | 40 | #else |
markrad | 0:cdf462088d13 | 41 | #include <stdlib.h> |
markrad | 0:cdf462088d13 | 42 | #define mbedtls_calloc calloc |
markrad | 0:cdf462088d13 | 43 | #define mbedtls_free free |
markrad | 0:cdf462088d13 | 44 | #endif |
markrad | 0:cdf462088d13 | 45 | |
markrad | 0:cdf462088d13 | 46 | #include "mbedtls/debug.h" |
markrad | 0:cdf462088d13 | 47 | #include "mbedtls/ssl.h" |
markrad | 0:cdf462088d13 | 48 | #include "mbedtls/ssl_internal.h" |
markrad | 0:cdf462088d13 | 49 | |
markrad | 0:cdf462088d13 | 50 | #include <string.h> |
markrad | 0:cdf462088d13 | 51 | |
markrad | 0:cdf462088d13 | 52 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 53 | #include "mbedtls/oid.h" |
markrad | 0:cdf462088d13 | 54 | #endif |
markrad | 0:cdf462088d13 | 55 | |
markrad | 0:cdf462088d13 | 56 | /* Implementation that should never be optimized out by the compiler */ |
markrad | 0:cdf462088d13 | 57 | static void mbedtls_zeroize( void *v, size_t n ) { |
markrad | 0:cdf462088d13 | 58 | volatile unsigned char *p = v; while( n-- ) *p++ = 0; |
markrad | 0:cdf462088d13 | 59 | } |
markrad | 0:cdf462088d13 | 60 | |
markrad | 0:cdf462088d13 | 61 | /* Length of the "epoch" field in the record header */ |
markrad | 0:cdf462088d13 | 62 | static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 63 | { |
markrad | 0:cdf462088d13 | 64 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 65 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 66 | return( 2 ); |
markrad | 0:cdf462088d13 | 67 | #else |
markrad | 0:cdf462088d13 | 68 | ((void) ssl); |
markrad | 0:cdf462088d13 | 69 | #endif |
markrad | 0:cdf462088d13 | 70 | return( 0 ); |
markrad | 0:cdf462088d13 | 71 | } |
markrad | 0:cdf462088d13 | 72 | |
markrad | 0:cdf462088d13 | 73 | /* |
markrad | 0:cdf462088d13 | 74 | * Start a timer. |
markrad | 0:cdf462088d13 | 75 | * Passing millisecs = 0 cancels a running timer. |
markrad | 0:cdf462088d13 | 76 | */ |
markrad | 0:cdf462088d13 | 77 | static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ) |
markrad | 0:cdf462088d13 | 78 | { |
markrad | 0:cdf462088d13 | 79 | if( ssl->f_set_timer == NULL ) |
markrad | 0:cdf462088d13 | 80 | return; |
markrad | 0:cdf462088d13 | 81 | |
markrad | 0:cdf462088d13 | 82 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) ); |
markrad | 0:cdf462088d13 | 83 | ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs ); |
markrad | 0:cdf462088d13 | 84 | } |
markrad | 0:cdf462088d13 | 85 | |
markrad | 0:cdf462088d13 | 86 | /* |
markrad | 0:cdf462088d13 | 87 | * Return -1 is timer is expired, 0 if it isn't. |
markrad | 0:cdf462088d13 | 88 | */ |
markrad | 0:cdf462088d13 | 89 | static int ssl_check_timer( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 90 | { |
markrad | 0:cdf462088d13 | 91 | if( ssl->f_get_timer == NULL ) |
markrad | 0:cdf462088d13 | 92 | return( 0 ); |
markrad | 0:cdf462088d13 | 93 | |
markrad | 0:cdf462088d13 | 94 | if( ssl->f_get_timer( ssl->p_timer ) == 2 ) |
markrad | 0:cdf462088d13 | 95 | { |
markrad | 0:cdf462088d13 | 96 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) ); |
markrad | 0:cdf462088d13 | 97 | return( -1 ); |
markrad | 0:cdf462088d13 | 98 | } |
markrad | 0:cdf462088d13 | 99 | |
markrad | 0:cdf462088d13 | 100 | return( 0 ); |
markrad | 0:cdf462088d13 | 101 | } |
markrad | 0:cdf462088d13 | 102 | |
markrad | 0:cdf462088d13 | 103 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 104 | /* |
markrad | 0:cdf462088d13 | 105 | * Double the retransmit timeout value, within the allowed range, |
markrad | 0:cdf462088d13 | 106 | * returning -1 if the maximum value has already been reached. |
markrad | 0:cdf462088d13 | 107 | */ |
markrad | 0:cdf462088d13 | 108 | static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 109 | { |
markrad | 0:cdf462088d13 | 110 | uint32_t new_timeout; |
markrad | 0:cdf462088d13 | 111 | |
markrad | 0:cdf462088d13 | 112 | if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max ) |
markrad | 0:cdf462088d13 | 113 | return( -1 ); |
markrad | 0:cdf462088d13 | 114 | |
markrad | 0:cdf462088d13 | 115 | new_timeout = 2 * ssl->handshake->retransmit_timeout; |
markrad | 0:cdf462088d13 | 116 | |
markrad | 0:cdf462088d13 | 117 | /* Avoid arithmetic overflow and range overflow */ |
markrad | 0:cdf462088d13 | 118 | if( new_timeout < ssl->handshake->retransmit_timeout || |
markrad | 0:cdf462088d13 | 119 | new_timeout > ssl->conf->hs_timeout_max ) |
markrad | 0:cdf462088d13 | 120 | { |
markrad | 0:cdf462088d13 | 121 | new_timeout = ssl->conf->hs_timeout_max; |
markrad | 0:cdf462088d13 | 122 | } |
markrad | 0:cdf462088d13 | 123 | |
markrad | 0:cdf462088d13 | 124 | ssl->handshake->retransmit_timeout = new_timeout; |
markrad | 0:cdf462088d13 | 125 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", |
markrad | 0:cdf462088d13 | 126 | ssl->handshake->retransmit_timeout ) ); |
markrad | 0:cdf462088d13 | 127 | |
markrad | 0:cdf462088d13 | 128 | return( 0 ); |
markrad | 0:cdf462088d13 | 129 | } |
markrad | 0:cdf462088d13 | 130 | |
markrad | 0:cdf462088d13 | 131 | static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 132 | { |
markrad | 0:cdf462088d13 | 133 | ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; |
markrad | 0:cdf462088d13 | 134 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", |
markrad | 0:cdf462088d13 | 135 | ssl->handshake->retransmit_timeout ) ); |
markrad | 0:cdf462088d13 | 136 | } |
markrad | 0:cdf462088d13 | 137 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 138 | |
markrad | 0:cdf462088d13 | 139 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
markrad | 0:cdf462088d13 | 140 | /* |
markrad | 0:cdf462088d13 | 141 | * Convert max_fragment_length codes to length. |
markrad | 0:cdf462088d13 | 142 | * RFC 6066 says: |
markrad | 0:cdf462088d13 | 143 | * enum{ |
markrad | 0:cdf462088d13 | 144 | * 2^9(1), 2^10(2), 2^11(3), 2^12(4), (255) |
markrad | 0:cdf462088d13 | 145 | * } MaxFragmentLength; |
markrad | 0:cdf462088d13 | 146 | * and we add 0 -> extension unused |
markrad | 0:cdf462088d13 | 147 | */ |
markrad | 0:cdf462088d13 | 148 | static unsigned int mfl_code_to_length[MBEDTLS_SSL_MAX_FRAG_LEN_INVALID] = |
markrad | 0:cdf462088d13 | 149 | { |
markrad | 0:cdf462088d13 | 150 | MBEDTLS_SSL_MAX_CONTENT_LEN, /* MBEDTLS_SSL_MAX_FRAG_LEN_NONE */ |
markrad | 0:cdf462088d13 | 151 | 512, /* MBEDTLS_SSL_MAX_FRAG_LEN_512 */ |
markrad | 0:cdf462088d13 | 152 | 1024, /* MBEDTLS_SSL_MAX_FRAG_LEN_1024 */ |
markrad | 0:cdf462088d13 | 153 | 2048, /* MBEDTLS_SSL_MAX_FRAG_LEN_2048 */ |
markrad | 0:cdf462088d13 | 154 | 4096, /* MBEDTLS_SSL_MAX_FRAG_LEN_4096 */ |
markrad | 0:cdf462088d13 | 155 | }; |
markrad | 0:cdf462088d13 | 156 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
markrad | 0:cdf462088d13 | 157 | |
markrad | 0:cdf462088d13 | 158 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 159 | static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session *src ) |
markrad | 0:cdf462088d13 | 160 | { |
markrad | 0:cdf462088d13 | 161 | mbedtls_ssl_session_free( dst ); |
markrad | 0:cdf462088d13 | 162 | memcpy( dst, src, sizeof( mbedtls_ssl_session ) ); |
markrad | 0:cdf462088d13 | 163 | |
markrad | 0:cdf462088d13 | 164 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 165 | if( src->peer_cert != NULL ) |
markrad | 0:cdf462088d13 | 166 | { |
markrad | 0:cdf462088d13 | 167 | int ret; |
markrad | 0:cdf462088d13 | 168 | |
markrad | 0:cdf462088d13 | 169 | dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) ); |
markrad | 0:cdf462088d13 | 170 | if( dst->peer_cert == NULL ) |
markrad | 0:cdf462088d13 | 171 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 172 | |
markrad | 0:cdf462088d13 | 173 | mbedtls_x509_crt_init( dst->peer_cert ); |
markrad | 0:cdf462088d13 | 174 | |
markrad | 0:cdf462088d13 | 175 | if( ( ret = mbedtls_x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p, |
markrad | 0:cdf462088d13 | 176 | src->peer_cert->raw.len ) ) != 0 ) |
markrad | 0:cdf462088d13 | 177 | { |
markrad | 0:cdf462088d13 | 178 | mbedtls_free( dst->peer_cert ); |
markrad | 0:cdf462088d13 | 179 | dst->peer_cert = NULL; |
markrad | 0:cdf462088d13 | 180 | return( ret ); |
markrad | 0:cdf462088d13 | 181 | } |
markrad | 0:cdf462088d13 | 182 | } |
markrad | 0:cdf462088d13 | 183 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
markrad | 0:cdf462088d13 | 184 | |
markrad | 0:cdf462088d13 | 185 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 186 | if( src->ticket != NULL ) |
markrad | 0:cdf462088d13 | 187 | { |
markrad | 0:cdf462088d13 | 188 | dst->ticket = mbedtls_calloc( 1, src->ticket_len ); |
markrad | 0:cdf462088d13 | 189 | if( dst->ticket == NULL ) |
markrad | 0:cdf462088d13 | 190 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 191 | |
markrad | 0:cdf462088d13 | 192 | memcpy( dst->ticket, src->ticket, src->ticket_len ); |
markrad | 0:cdf462088d13 | 193 | } |
markrad | 0:cdf462088d13 | 194 | #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 195 | |
markrad | 0:cdf462088d13 | 196 | return( 0 ); |
markrad | 0:cdf462088d13 | 197 | } |
markrad | 0:cdf462088d13 | 198 | #endif /* MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 199 | |
markrad | 0:cdf462088d13 | 200 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 201 | int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 202 | const unsigned char *key_enc, const unsigned char *key_dec, |
markrad | 0:cdf462088d13 | 203 | size_t keylen, |
markrad | 0:cdf462088d13 | 204 | const unsigned char *iv_enc, const unsigned char *iv_dec, |
markrad | 0:cdf462088d13 | 205 | size_t ivlen, |
markrad | 0:cdf462088d13 | 206 | const unsigned char *mac_enc, const unsigned char *mac_dec, |
markrad | 0:cdf462088d13 | 207 | size_t maclen ) = NULL; |
markrad | 0:cdf462088d13 | 208 | int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL; |
markrad | 0:cdf462088d13 | 209 | int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL; |
markrad | 0:cdf462088d13 | 210 | int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL; |
markrad | 0:cdf462088d13 | 211 | int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL; |
markrad | 0:cdf462088d13 | 212 | int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL; |
markrad | 0:cdf462088d13 | 213 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
markrad | 0:cdf462088d13 | 214 | |
markrad | 0:cdf462088d13 | 215 | /* |
markrad | 0:cdf462088d13 | 216 | * Key material generation |
markrad | 0:cdf462088d13 | 217 | */ |
markrad | 0:cdf462088d13 | 218 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 219 | static int ssl3_prf( const unsigned char *secret, size_t slen, |
markrad | 0:cdf462088d13 | 220 | const char *label, |
markrad | 0:cdf462088d13 | 221 | const unsigned char *random, size_t rlen, |
markrad | 0:cdf462088d13 | 222 | unsigned char *dstbuf, size_t dlen ) |
markrad | 0:cdf462088d13 | 223 | { |
markrad | 0:cdf462088d13 | 224 | size_t i; |
markrad | 0:cdf462088d13 | 225 | mbedtls_md5_context md5; |
markrad | 0:cdf462088d13 | 226 | mbedtls_sha1_context sha1; |
markrad | 0:cdf462088d13 | 227 | unsigned char padding[16]; |
markrad | 0:cdf462088d13 | 228 | unsigned char sha1sum[20]; |
markrad | 0:cdf462088d13 | 229 | ((void)label); |
markrad | 0:cdf462088d13 | 230 | |
markrad | 0:cdf462088d13 | 231 | mbedtls_md5_init( &md5 ); |
markrad | 0:cdf462088d13 | 232 | mbedtls_sha1_init( &sha1 ); |
markrad | 0:cdf462088d13 | 233 | |
markrad | 0:cdf462088d13 | 234 | /* |
markrad | 0:cdf462088d13 | 235 | * SSLv3: |
markrad | 0:cdf462088d13 | 236 | * block = |
markrad | 0:cdf462088d13 | 237 | * MD5( secret + SHA1( 'A' + secret + random ) ) + |
markrad | 0:cdf462088d13 | 238 | * MD5( secret + SHA1( 'BB' + secret + random ) ) + |
markrad | 0:cdf462088d13 | 239 | * MD5( secret + SHA1( 'CCC' + secret + random ) ) + |
markrad | 0:cdf462088d13 | 240 | * ... |
markrad | 0:cdf462088d13 | 241 | */ |
markrad | 0:cdf462088d13 | 242 | for( i = 0; i < dlen / 16; i++ ) |
markrad | 0:cdf462088d13 | 243 | { |
markrad | 0:cdf462088d13 | 244 | memset( padding, (unsigned char) ('A' + i), 1 + i ); |
markrad | 0:cdf462088d13 | 245 | |
markrad | 0:cdf462088d13 | 246 | mbedtls_sha1_starts( &sha1 ); |
markrad | 0:cdf462088d13 | 247 | mbedtls_sha1_update( &sha1, padding, 1 + i ); |
markrad | 0:cdf462088d13 | 248 | mbedtls_sha1_update( &sha1, secret, slen ); |
markrad | 0:cdf462088d13 | 249 | mbedtls_sha1_update( &sha1, random, rlen ); |
markrad | 0:cdf462088d13 | 250 | mbedtls_sha1_finish( &sha1, sha1sum ); |
markrad | 0:cdf462088d13 | 251 | |
markrad | 0:cdf462088d13 | 252 | mbedtls_md5_starts( &md5 ); |
markrad | 0:cdf462088d13 | 253 | mbedtls_md5_update( &md5, secret, slen ); |
markrad | 0:cdf462088d13 | 254 | mbedtls_md5_update( &md5, sha1sum, 20 ); |
markrad | 0:cdf462088d13 | 255 | mbedtls_md5_finish( &md5, dstbuf + i * 16 ); |
markrad | 0:cdf462088d13 | 256 | } |
markrad | 0:cdf462088d13 | 257 | |
markrad | 0:cdf462088d13 | 258 | mbedtls_md5_free( &md5 ); |
markrad | 0:cdf462088d13 | 259 | mbedtls_sha1_free( &sha1 ); |
markrad | 0:cdf462088d13 | 260 | |
markrad | 0:cdf462088d13 | 261 | mbedtls_zeroize( padding, sizeof( padding ) ); |
markrad | 0:cdf462088d13 | 262 | mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); |
markrad | 0:cdf462088d13 | 263 | |
markrad | 0:cdf462088d13 | 264 | return( 0 ); |
markrad | 0:cdf462088d13 | 265 | } |
markrad | 0:cdf462088d13 | 266 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 267 | |
markrad | 0:cdf462088d13 | 268 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 269 | static int tls1_prf( const unsigned char *secret, size_t slen, |
markrad | 0:cdf462088d13 | 270 | const char *label, |
markrad | 0:cdf462088d13 | 271 | const unsigned char *random, size_t rlen, |
markrad | 0:cdf462088d13 | 272 | unsigned char *dstbuf, size_t dlen ) |
markrad | 0:cdf462088d13 | 273 | { |
markrad | 0:cdf462088d13 | 274 | size_t nb, hs; |
markrad | 0:cdf462088d13 | 275 | size_t i, j, k; |
markrad | 0:cdf462088d13 | 276 | const unsigned char *S1, *S2; |
markrad | 0:cdf462088d13 | 277 | unsigned char tmp[128]; |
markrad | 0:cdf462088d13 | 278 | unsigned char h_i[20]; |
markrad | 0:cdf462088d13 | 279 | const mbedtls_md_info_t *md_info; |
markrad | 0:cdf462088d13 | 280 | mbedtls_md_context_t md_ctx; |
markrad | 0:cdf462088d13 | 281 | int ret; |
markrad | 0:cdf462088d13 | 282 | |
markrad | 0:cdf462088d13 | 283 | mbedtls_md_init( &md_ctx ); |
markrad | 0:cdf462088d13 | 284 | |
markrad | 0:cdf462088d13 | 285 | if( sizeof( tmp ) < 20 + strlen( label ) + rlen ) |
markrad | 0:cdf462088d13 | 286 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 287 | |
markrad | 0:cdf462088d13 | 288 | hs = ( slen + 1 ) / 2; |
markrad | 0:cdf462088d13 | 289 | S1 = secret; |
markrad | 0:cdf462088d13 | 290 | S2 = secret + slen - hs; |
markrad | 0:cdf462088d13 | 291 | |
markrad | 0:cdf462088d13 | 292 | nb = strlen( label ); |
markrad | 0:cdf462088d13 | 293 | memcpy( tmp + 20, label, nb ); |
markrad | 0:cdf462088d13 | 294 | memcpy( tmp + 20 + nb, random, rlen ); |
markrad | 0:cdf462088d13 | 295 | nb += rlen; |
markrad | 0:cdf462088d13 | 296 | |
markrad | 0:cdf462088d13 | 297 | /* |
markrad | 0:cdf462088d13 | 298 | * First compute P_md5(secret,label+random)[0..dlen] |
markrad | 0:cdf462088d13 | 299 | */ |
markrad | 0:cdf462088d13 | 300 | if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL ) |
markrad | 0:cdf462088d13 | 301 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 302 | |
markrad | 0:cdf462088d13 | 303 | if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
markrad | 0:cdf462088d13 | 304 | return( ret ); |
markrad | 0:cdf462088d13 | 305 | |
markrad | 0:cdf462088d13 | 306 | mbedtls_md_hmac_starts( &md_ctx, S1, hs ); |
markrad | 0:cdf462088d13 | 307 | mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); |
markrad | 0:cdf462088d13 | 308 | mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); |
markrad | 0:cdf462088d13 | 309 | |
markrad | 0:cdf462088d13 | 310 | for( i = 0; i < dlen; i += 16 ) |
markrad | 0:cdf462088d13 | 311 | { |
markrad | 0:cdf462088d13 | 312 | mbedtls_md_hmac_reset ( &md_ctx ); |
markrad | 0:cdf462088d13 | 313 | mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb ); |
markrad | 0:cdf462088d13 | 314 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
markrad | 0:cdf462088d13 | 315 | |
markrad | 0:cdf462088d13 | 316 | mbedtls_md_hmac_reset ( &md_ctx ); |
markrad | 0:cdf462088d13 | 317 | mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 ); |
markrad | 0:cdf462088d13 | 318 | mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); |
markrad | 0:cdf462088d13 | 319 | |
markrad | 0:cdf462088d13 | 320 | k = ( i + 16 > dlen ) ? dlen % 16 : 16; |
markrad | 0:cdf462088d13 | 321 | |
markrad | 0:cdf462088d13 | 322 | for( j = 0; j < k; j++ ) |
markrad | 0:cdf462088d13 | 323 | dstbuf[i + j] = h_i[j]; |
markrad | 0:cdf462088d13 | 324 | } |
markrad | 0:cdf462088d13 | 325 | |
markrad | 0:cdf462088d13 | 326 | mbedtls_md_free( &md_ctx ); |
markrad | 0:cdf462088d13 | 327 | |
markrad | 0:cdf462088d13 | 328 | /* |
markrad | 0:cdf462088d13 | 329 | * XOR out with P_sha1(secret,label+random)[0..dlen] |
markrad | 0:cdf462088d13 | 330 | */ |
markrad | 0:cdf462088d13 | 331 | if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) |
markrad | 0:cdf462088d13 | 332 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 333 | |
markrad | 0:cdf462088d13 | 334 | if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
markrad | 0:cdf462088d13 | 335 | return( ret ); |
markrad | 0:cdf462088d13 | 336 | |
markrad | 0:cdf462088d13 | 337 | mbedtls_md_hmac_starts( &md_ctx, S2, hs ); |
markrad | 0:cdf462088d13 | 338 | mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); |
markrad | 0:cdf462088d13 | 339 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
markrad | 0:cdf462088d13 | 340 | |
markrad | 0:cdf462088d13 | 341 | for( i = 0; i < dlen; i += 20 ) |
markrad | 0:cdf462088d13 | 342 | { |
markrad | 0:cdf462088d13 | 343 | mbedtls_md_hmac_reset ( &md_ctx ); |
markrad | 0:cdf462088d13 | 344 | mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb ); |
markrad | 0:cdf462088d13 | 345 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
markrad | 0:cdf462088d13 | 346 | |
markrad | 0:cdf462088d13 | 347 | mbedtls_md_hmac_reset ( &md_ctx ); |
markrad | 0:cdf462088d13 | 348 | mbedtls_md_hmac_update( &md_ctx, tmp, 20 ); |
markrad | 0:cdf462088d13 | 349 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
markrad | 0:cdf462088d13 | 350 | |
markrad | 0:cdf462088d13 | 351 | k = ( i + 20 > dlen ) ? dlen % 20 : 20; |
markrad | 0:cdf462088d13 | 352 | |
markrad | 0:cdf462088d13 | 353 | for( j = 0; j < k; j++ ) |
markrad | 0:cdf462088d13 | 354 | dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] ); |
markrad | 0:cdf462088d13 | 355 | } |
markrad | 0:cdf462088d13 | 356 | |
markrad | 0:cdf462088d13 | 357 | mbedtls_md_free( &md_ctx ); |
markrad | 0:cdf462088d13 | 358 | |
markrad | 0:cdf462088d13 | 359 | mbedtls_zeroize( tmp, sizeof( tmp ) ); |
markrad | 0:cdf462088d13 | 360 | mbedtls_zeroize( h_i, sizeof( h_i ) ); |
markrad | 0:cdf462088d13 | 361 | |
markrad | 0:cdf462088d13 | 362 | return( 0 ); |
markrad | 0:cdf462088d13 | 363 | } |
markrad | 0:cdf462088d13 | 364 | #endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */ |
markrad | 0:cdf462088d13 | 365 | |
markrad | 0:cdf462088d13 | 366 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 367 | static int tls_prf_generic( mbedtls_md_type_t md_type, |
markrad | 0:cdf462088d13 | 368 | const unsigned char *secret, size_t slen, |
markrad | 0:cdf462088d13 | 369 | const char *label, |
markrad | 0:cdf462088d13 | 370 | const unsigned char *random, size_t rlen, |
markrad | 0:cdf462088d13 | 371 | unsigned char *dstbuf, size_t dlen ) |
markrad | 0:cdf462088d13 | 372 | { |
markrad | 0:cdf462088d13 | 373 | size_t nb; |
markrad | 0:cdf462088d13 | 374 | size_t i, j, k, md_len; |
markrad | 0:cdf462088d13 | 375 | unsigned char tmp[128]; |
markrad | 0:cdf462088d13 | 376 | unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; |
markrad | 0:cdf462088d13 | 377 | const mbedtls_md_info_t *md_info; |
markrad | 0:cdf462088d13 | 378 | mbedtls_md_context_t md_ctx; |
markrad | 0:cdf462088d13 | 379 | int ret; |
markrad | 0:cdf462088d13 | 380 | |
markrad | 0:cdf462088d13 | 381 | mbedtls_md_init( &md_ctx ); |
markrad | 0:cdf462088d13 | 382 | |
markrad | 0:cdf462088d13 | 383 | if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL ) |
markrad | 0:cdf462088d13 | 384 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 385 | |
markrad | 0:cdf462088d13 | 386 | md_len = mbedtls_md_get_size( md_info ); |
markrad | 0:cdf462088d13 | 387 | |
markrad | 0:cdf462088d13 | 388 | if( sizeof( tmp ) < md_len + strlen( label ) + rlen ) |
markrad | 0:cdf462088d13 | 389 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 390 | |
markrad | 0:cdf462088d13 | 391 | nb = strlen( label ); |
markrad | 0:cdf462088d13 | 392 | memcpy( tmp + md_len, label, nb ); |
markrad | 0:cdf462088d13 | 393 | memcpy( tmp + md_len + nb, random, rlen ); |
markrad | 0:cdf462088d13 | 394 | nb += rlen; |
markrad | 0:cdf462088d13 | 395 | |
markrad | 0:cdf462088d13 | 396 | /* |
markrad | 0:cdf462088d13 | 397 | * Compute P_<hash>(secret, label + random)[0..dlen] |
markrad | 0:cdf462088d13 | 398 | */ |
markrad | 0:cdf462088d13 | 399 | if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
markrad | 0:cdf462088d13 | 400 | return( ret ); |
markrad | 0:cdf462088d13 | 401 | |
markrad | 0:cdf462088d13 | 402 | mbedtls_md_hmac_starts( &md_ctx, secret, slen ); |
markrad | 0:cdf462088d13 | 403 | mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb ); |
markrad | 0:cdf462088d13 | 404 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
markrad | 0:cdf462088d13 | 405 | |
markrad | 0:cdf462088d13 | 406 | for( i = 0; i < dlen; i += md_len ) |
markrad | 0:cdf462088d13 | 407 | { |
markrad | 0:cdf462088d13 | 408 | mbedtls_md_hmac_reset ( &md_ctx ); |
markrad | 0:cdf462088d13 | 409 | mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb ); |
markrad | 0:cdf462088d13 | 410 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
markrad | 0:cdf462088d13 | 411 | |
markrad | 0:cdf462088d13 | 412 | mbedtls_md_hmac_reset ( &md_ctx ); |
markrad | 0:cdf462088d13 | 413 | mbedtls_md_hmac_update( &md_ctx, tmp, md_len ); |
markrad | 0:cdf462088d13 | 414 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
markrad | 0:cdf462088d13 | 415 | |
markrad | 0:cdf462088d13 | 416 | k = ( i + md_len > dlen ) ? dlen % md_len : md_len; |
markrad | 0:cdf462088d13 | 417 | |
markrad | 0:cdf462088d13 | 418 | for( j = 0; j < k; j++ ) |
markrad | 0:cdf462088d13 | 419 | dstbuf[i + j] = h_i[j]; |
markrad | 0:cdf462088d13 | 420 | } |
markrad | 0:cdf462088d13 | 421 | |
markrad | 0:cdf462088d13 | 422 | mbedtls_md_free( &md_ctx ); |
markrad | 0:cdf462088d13 | 423 | |
markrad | 0:cdf462088d13 | 424 | mbedtls_zeroize( tmp, sizeof( tmp ) ); |
markrad | 0:cdf462088d13 | 425 | mbedtls_zeroize( h_i, sizeof( h_i ) ); |
markrad | 0:cdf462088d13 | 426 | |
markrad | 0:cdf462088d13 | 427 | return( 0 ); |
markrad | 0:cdf462088d13 | 428 | } |
markrad | 0:cdf462088d13 | 429 | |
markrad | 0:cdf462088d13 | 430 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 431 | static int tls_prf_sha256( const unsigned char *secret, size_t slen, |
markrad | 0:cdf462088d13 | 432 | const char *label, |
markrad | 0:cdf462088d13 | 433 | const unsigned char *random, size_t rlen, |
markrad | 0:cdf462088d13 | 434 | unsigned char *dstbuf, size_t dlen ) |
markrad | 0:cdf462088d13 | 435 | { |
markrad | 0:cdf462088d13 | 436 | return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen, |
markrad | 0:cdf462088d13 | 437 | label, random, rlen, dstbuf, dlen ) ); |
markrad | 0:cdf462088d13 | 438 | } |
markrad | 0:cdf462088d13 | 439 | #endif /* MBEDTLS_SHA256_C */ |
markrad | 0:cdf462088d13 | 440 | |
markrad | 0:cdf462088d13 | 441 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 442 | static int tls_prf_sha384( const unsigned char *secret, size_t slen, |
markrad | 0:cdf462088d13 | 443 | const char *label, |
markrad | 0:cdf462088d13 | 444 | const unsigned char *random, size_t rlen, |
markrad | 0:cdf462088d13 | 445 | unsigned char *dstbuf, size_t dlen ) |
markrad | 0:cdf462088d13 | 446 | { |
markrad | 0:cdf462088d13 | 447 | return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen, |
markrad | 0:cdf462088d13 | 448 | label, random, rlen, dstbuf, dlen ) ); |
markrad | 0:cdf462088d13 | 449 | } |
markrad | 0:cdf462088d13 | 450 | #endif /* MBEDTLS_SHA512_C */ |
markrad | 0:cdf462088d13 | 451 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 452 | |
markrad | 0:cdf462088d13 | 453 | static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); |
markrad | 0:cdf462088d13 | 454 | |
markrad | 0:cdf462088d13 | 455 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 456 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 457 | static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t ); |
markrad | 0:cdf462088d13 | 458 | #endif |
markrad | 0:cdf462088d13 | 459 | |
markrad | 0:cdf462088d13 | 460 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 461 | static void ssl_calc_verify_ssl( mbedtls_ssl_context *, unsigned char * ); |
markrad | 0:cdf462088d13 | 462 | static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int ); |
markrad | 0:cdf462088d13 | 463 | #endif |
markrad | 0:cdf462088d13 | 464 | |
markrad | 0:cdf462088d13 | 465 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 466 | static void ssl_calc_verify_tls( mbedtls_ssl_context *, unsigned char * ); |
markrad | 0:cdf462088d13 | 467 | static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int ); |
markrad | 0:cdf462088d13 | 468 | #endif |
markrad | 0:cdf462088d13 | 469 | |
markrad | 0:cdf462088d13 | 470 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 471 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 472 | static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); |
markrad | 0:cdf462088d13 | 473 | static void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *,unsigned char * ); |
markrad | 0:cdf462088d13 | 474 | static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); |
markrad | 0:cdf462088d13 | 475 | #endif |
markrad | 0:cdf462088d13 | 476 | |
markrad | 0:cdf462088d13 | 477 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 478 | static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); |
markrad | 0:cdf462088d13 | 479 | static void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *, unsigned char * ); |
markrad | 0:cdf462088d13 | 480 | static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); |
markrad | 0:cdf462088d13 | 481 | #endif |
markrad | 0:cdf462088d13 | 482 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 483 | |
markrad | 0:cdf462088d13 | 484 | int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 485 | { |
markrad | 0:cdf462088d13 | 486 | int ret = 0; |
markrad | 0:cdf462088d13 | 487 | unsigned char tmp[64]; |
markrad | 0:cdf462088d13 | 488 | unsigned char keyblk[256]; |
markrad | 0:cdf462088d13 | 489 | unsigned char *key1; |
markrad | 0:cdf462088d13 | 490 | unsigned char *key2; |
markrad | 0:cdf462088d13 | 491 | unsigned char *mac_enc; |
markrad | 0:cdf462088d13 | 492 | unsigned char *mac_dec; |
markrad | 0:cdf462088d13 | 493 | size_t iv_copy_len; |
markrad | 0:cdf462088d13 | 494 | const mbedtls_cipher_info_t *cipher_info; |
markrad | 0:cdf462088d13 | 495 | const mbedtls_md_info_t *md_info; |
markrad | 0:cdf462088d13 | 496 | |
markrad | 0:cdf462088d13 | 497 | mbedtls_ssl_session *session = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 498 | mbedtls_ssl_transform *transform = ssl->transform_negotiate; |
markrad | 0:cdf462088d13 | 499 | mbedtls_ssl_handshake_params *handshake = ssl->handshake; |
markrad | 0:cdf462088d13 | 500 | |
markrad | 0:cdf462088d13 | 501 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); |
markrad | 0:cdf462088d13 | 502 | |
markrad | 0:cdf462088d13 | 503 | cipher_info = mbedtls_cipher_info_from_type( transform->ciphersuite_info->cipher ); |
markrad | 0:cdf462088d13 | 504 | if( cipher_info == NULL ) |
markrad | 0:cdf462088d13 | 505 | { |
markrad | 0:cdf462088d13 | 506 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found", |
markrad | 0:cdf462088d13 | 507 | transform->ciphersuite_info->cipher ) ); |
markrad | 0:cdf462088d13 | 508 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 509 | } |
markrad | 0:cdf462088d13 | 510 | |
markrad | 0:cdf462088d13 | 511 | md_info = mbedtls_md_info_from_type( transform->ciphersuite_info->mac ); |
markrad | 0:cdf462088d13 | 512 | if( md_info == NULL ) |
markrad | 0:cdf462088d13 | 513 | { |
markrad | 0:cdf462088d13 | 514 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found", |
markrad | 0:cdf462088d13 | 515 | transform->ciphersuite_info->mac ) ); |
markrad | 0:cdf462088d13 | 516 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 517 | } |
markrad | 0:cdf462088d13 | 518 | |
markrad | 0:cdf462088d13 | 519 | /* |
markrad | 0:cdf462088d13 | 520 | * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions |
markrad | 0:cdf462088d13 | 521 | */ |
markrad | 0:cdf462088d13 | 522 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 523 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 524 | { |
markrad | 0:cdf462088d13 | 525 | handshake->tls_prf = ssl3_prf; |
markrad | 0:cdf462088d13 | 526 | handshake->calc_verify = ssl_calc_verify_ssl; |
markrad | 0:cdf462088d13 | 527 | handshake->calc_finished = ssl_calc_finished_ssl; |
markrad | 0:cdf462088d13 | 528 | } |
markrad | 0:cdf462088d13 | 529 | else |
markrad | 0:cdf462088d13 | 530 | #endif |
markrad | 0:cdf462088d13 | 531 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 532 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 533 | { |
markrad | 0:cdf462088d13 | 534 | handshake->tls_prf = tls1_prf; |
markrad | 0:cdf462088d13 | 535 | handshake->calc_verify = ssl_calc_verify_tls; |
markrad | 0:cdf462088d13 | 536 | handshake->calc_finished = ssl_calc_finished_tls; |
markrad | 0:cdf462088d13 | 537 | } |
markrad | 0:cdf462088d13 | 538 | else |
markrad | 0:cdf462088d13 | 539 | #endif |
markrad | 0:cdf462088d13 | 540 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 541 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 542 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && |
markrad | 0:cdf462088d13 | 543 | transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) |
markrad | 0:cdf462088d13 | 544 | { |
markrad | 0:cdf462088d13 | 545 | handshake->tls_prf = tls_prf_sha384; |
markrad | 0:cdf462088d13 | 546 | handshake->calc_verify = ssl_calc_verify_tls_sha384; |
markrad | 0:cdf462088d13 | 547 | handshake->calc_finished = ssl_calc_finished_tls_sha384; |
markrad | 0:cdf462088d13 | 548 | } |
markrad | 0:cdf462088d13 | 549 | else |
markrad | 0:cdf462088d13 | 550 | #endif |
markrad | 0:cdf462088d13 | 551 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 552 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 553 | { |
markrad | 0:cdf462088d13 | 554 | handshake->tls_prf = tls_prf_sha256; |
markrad | 0:cdf462088d13 | 555 | handshake->calc_verify = ssl_calc_verify_tls_sha256; |
markrad | 0:cdf462088d13 | 556 | handshake->calc_finished = ssl_calc_finished_tls_sha256; |
markrad | 0:cdf462088d13 | 557 | } |
markrad | 0:cdf462088d13 | 558 | else |
markrad | 0:cdf462088d13 | 559 | #endif |
markrad | 0:cdf462088d13 | 560 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 561 | { |
markrad | 0:cdf462088d13 | 562 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 563 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 564 | } |
markrad | 0:cdf462088d13 | 565 | |
markrad | 0:cdf462088d13 | 566 | /* |
markrad | 0:cdf462088d13 | 567 | * SSLv3: |
markrad | 0:cdf462088d13 | 568 | * master = |
markrad | 0:cdf462088d13 | 569 | * MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) + |
markrad | 0:cdf462088d13 | 570 | * MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) + |
markrad | 0:cdf462088d13 | 571 | * MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) ) |
markrad | 0:cdf462088d13 | 572 | * |
markrad | 0:cdf462088d13 | 573 | * TLSv1+: |
markrad | 0:cdf462088d13 | 574 | * master = PRF( premaster, "master secret", randbytes )[0..47] |
markrad | 0:cdf462088d13 | 575 | */ |
markrad | 0:cdf462088d13 | 576 | if( handshake->resume == 0 ) |
markrad | 0:cdf462088d13 | 577 | { |
markrad | 0:cdf462088d13 | 578 | MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster, |
markrad | 0:cdf462088d13 | 579 | handshake->pmslen ); |
markrad | 0:cdf462088d13 | 580 | |
markrad | 0:cdf462088d13 | 581 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
markrad | 0:cdf462088d13 | 582 | if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) |
markrad | 0:cdf462088d13 | 583 | { |
markrad | 0:cdf462088d13 | 584 | unsigned char session_hash[48]; |
markrad | 0:cdf462088d13 | 585 | size_t hash_len; |
markrad | 0:cdf462088d13 | 586 | |
markrad | 0:cdf462088d13 | 587 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using extended master secret" ) ); |
markrad | 0:cdf462088d13 | 588 | |
markrad | 0:cdf462088d13 | 589 | ssl->handshake->calc_verify( ssl, session_hash ); |
markrad | 0:cdf462088d13 | 590 | |
markrad | 0:cdf462088d13 | 591 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 592 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 593 | { |
markrad | 0:cdf462088d13 | 594 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 595 | if( ssl->transform_negotiate->ciphersuite_info->mac == |
markrad | 0:cdf462088d13 | 596 | MBEDTLS_MD_SHA384 ) |
markrad | 0:cdf462088d13 | 597 | { |
markrad | 0:cdf462088d13 | 598 | hash_len = 48; |
markrad | 0:cdf462088d13 | 599 | } |
markrad | 0:cdf462088d13 | 600 | else |
markrad | 0:cdf462088d13 | 601 | #endif |
markrad | 0:cdf462088d13 | 602 | hash_len = 32; |
markrad | 0:cdf462088d13 | 603 | } |
markrad | 0:cdf462088d13 | 604 | else |
markrad | 0:cdf462088d13 | 605 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 606 | hash_len = 36; |
markrad | 0:cdf462088d13 | 607 | |
markrad | 0:cdf462088d13 | 608 | MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len ); |
markrad | 0:cdf462088d13 | 609 | |
markrad | 0:cdf462088d13 | 610 | ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, |
markrad | 0:cdf462088d13 | 611 | "extended master secret", |
markrad | 0:cdf462088d13 | 612 | session_hash, hash_len, |
markrad | 0:cdf462088d13 | 613 | session->master, 48 ); |
markrad | 0:cdf462088d13 | 614 | if( ret != 0 ) |
markrad | 0:cdf462088d13 | 615 | { |
markrad | 0:cdf462088d13 | 616 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
markrad | 0:cdf462088d13 | 617 | return( ret ); |
markrad | 0:cdf462088d13 | 618 | } |
markrad | 0:cdf462088d13 | 619 | |
markrad | 0:cdf462088d13 | 620 | } |
markrad | 0:cdf462088d13 | 621 | else |
markrad | 0:cdf462088d13 | 622 | #endif |
markrad | 0:cdf462088d13 | 623 | ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, |
markrad | 0:cdf462088d13 | 624 | "master secret", |
markrad | 0:cdf462088d13 | 625 | handshake->randbytes, 64, |
markrad | 0:cdf462088d13 | 626 | session->master, 48 ); |
markrad | 0:cdf462088d13 | 627 | if( ret != 0 ) |
markrad | 0:cdf462088d13 | 628 | { |
markrad | 0:cdf462088d13 | 629 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
markrad | 0:cdf462088d13 | 630 | return( ret ); |
markrad | 0:cdf462088d13 | 631 | } |
markrad | 0:cdf462088d13 | 632 | |
markrad | 0:cdf462088d13 | 633 | mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) ); |
markrad | 0:cdf462088d13 | 634 | } |
markrad | 0:cdf462088d13 | 635 | else |
markrad | 0:cdf462088d13 | 636 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); |
markrad | 0:cdf462088d13 | 637 | |
markrad | 0:cdf462088d13 | 638 | /* |
markrad | 0:cdf462088d13 | 639 | * Swap the client and server random values. |
markrad | 0:cdf462088d13 | 640 | */ |
markrad | 0:cdf462088d13 | 641 | memcpy( tmp, handshake->randbytes, 64 ); |
markrad | 0:cdf462088d13 | 642 | memcpy( handshake->randbytes, tmp + 32, 32 ); |
markrad | 0:cdf462088d13 | 643 | memcpy( handshake->randbytes + 32, tmp, 32 ); |
markrad | 0:cdf462088d13 | 644 | mbedtls_zeroize( tmp, sizeof( tmp ) ); |
markrad | 0:cdf462088d13 | 645 | |
markrad | 0:cdf462088d13 | 646 | /* |
markrad | 0:cdf462088d13 | 647 | * SSLv3: |
markrad | 0:cdf462088d13 | 648 | * key block = |
markrad | 0:cdf462088d13 | 649 | * MD5( master + SHA1( 'A' + master + randbytes ) ) + |
markrad | 0:cdf462088d13 | 650 | * MD5( master + SHA1( 'BB' + master + randbytes ) ) + |
markrad | 0:cdf462088d13 | 651 | * MD5( master + SHA1( 'CCC' + master + randbytes ) ) + |
markrad | 0:cdf462088d13 | 652 | * MD5( master + SHA1( 'DDDD' + master + randbytes ) ) + |
markrad | 0:cdf462088d13 | 653 | * ... |
markrad | 0:cdf462088d13 | 654 | * |
markrad | 0:cdf462088d13 | 655 | * TLSv1: |
markrad | 0:cdf462088d13 | 656 | * key block = PRF( master, "key expansion", randbytes ) |
markrad | 0:cdf462088d13 | 657 | */ |
markrad | 0:cdf462088d13 | 658 | ret = handshake->tls_prf( session->master, 48, "key expansion", |
markrad | 0:cdf462088d13 | 659 | handshake->randbytes, 64, keyblk, 256 ); |
markrad | 0:cdf462088d13 | 660 | if( ret != 0 ) |
markrad | 0:cdf462088d13 | 661 | { |
markrad | 0:cdf462088d13 | 662 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
markrad | 0:cdf462088d13 | 663 | return( ret ); |
markrad | 0:cdf462088d13 | 664 | } |
markrad | 0:cdf462088d13 | 665 | |
markrad | 0:cdf462088d13 | 666 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", |
markrad | 0:cdf462088d13 | 667 | mbedtls_ssl_get_ciphersuite_name( session->ciphersuite ) ) ); |
markrad | 0:cdf462088d13 | 668 | MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", session->master, 48 ); |
markrad | 0:cdf462088d13 | 669 | MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 ); |
markrad | 0:cdf462088d13 | 670 | MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); |
markrad | 0:cdf462088d13 | 671 | |
markrad | 0:cdf462088d13 | 672 | mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) ); |
markrad | 0:cdf462088d13 | 673 | |
markrad | 0:cdf462088d13 | 674 | /* |
markrad | 0:cdf462088d13 | 675 | * Determine the appropriate key, IV and MAC length. |
markrad | 0:cdf462088d13 | 676 | */ |
markrad | 0:cdf462088d13 | 677 | |
markrad | 0:cdf462088d13 | 678 | transform->keylen = cipher_info->key_bitlen / 8; |
markrad | 0:cdf462088d13 | 679 | |
markrad | 0:cdf462088d13 | 680 | if( cipher_info->mode == MBEDTLS_MODE_GCM || |
markrad | 0:cdf462088d13 | 681 | cipher_info->mode == MBEDTLS_MODE_CCM ) |
markrad | 0:cdf462088d13 | 682 | { |
markrad | 0:cdf462088d13 | 683 | transform->maclen = 0; |
markrad | 0:cdf462088d13 | 684 | |
markrad | 0:cdf462088d13 | 685 | transform->ivlen = 12; |
markrad | 0:cdf462088d13 | 686 | transform->fixed_ivlen = 4; |
markrad | 0:cdf462088d13 | 687 | |
markrad | 0:cdf462088d13 | 688 | /* Minimum length is expicit IV + tag */ |
markrad | 0:cdf462088d13 | 689 | transform->minlen = transform->ivlen - transform->fixed_ivlen |
markrad | 0:cdf462088d13 | 690 | + ( transform->ciphersuite_info->flags & |
markrad | 0:cdf462088d13 | 691 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16 ); |
markrad | 0:cdf462088d13 | 692 | } |
markrad | 0:cdf462088d13 | 693 | else |
markrad | 0:cdf462088d13 | 694 | { |
markrad | 0:cdf462088d13 | 695 | /* Initialize HMAC contexts */ |
markrad | 0:cdf462088d13 | 696 | if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 || |
markrad | 0:cdf462088d13 | 697 | ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 ) |
markrad | 0:cdf462088d13 | 698 | { |
markrad | 0:cdf462088d13 | 699 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); |
markrad | 0:cdf462088d13 | 700 | return( ret ); |
markrad | 0:cdf462088d13 | 701 | } |
markrad | 0:cdf462088d13 | 702 | |
markrad | 0:cdf462088d13 | 703 | /* Get MAC length */ |
markrad | 0:cdf462088d13 | 704 | transform->maclen = mbedtls_md_get_size( md_info ); |
markrad | 0:cdf462088d13 | 705 | |
markrad | 0:cdf462088d13 | 706 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
markrad | 0:cdf462088d13 | 707 | /* |
markrad | 0:cdf462088d13 | 708 | * If HMAC is to be truncated, we shall keep the leftmost bytes, |
markrad | 0:cdf462088d13 | 709 | * (rfc 6066 page 13 or rfc 2104 section 4), |
markrad | 0:cdf462088d13 | 710 | * so we only need to adjust the length here. |
markrad | 0:cdf462088d13 | 711 | */ |
markrad | 0:cdf462088d13 | 712 | if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) |
markrad | 0:cdf462088d13 | 713 | transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN; |
markrad | 0:cdf462088d13 | 714 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
markrad | 0:cdf462088d13 | 715 | |
markrad | 0:cdf462088d13 | 716 | /* IV length */ |
markrad | 0:cdf462088d13 | 717 | transform->ivlen = cipher_info->iv_size; |
markrad | 0:cdf462088d13 | 718 | |
markrad | 0:cdf462088d13 | 719 | /* Minimum length */ |
markrad | 0:cdf462088d13 | 720 | if( cipher_info->mode == MBEDTLS_MODE_STREAM ) |
markrad | 0:cdf462088d13 | 721 | transform->minlen = transform->maclen; |
markrad | 0:cdf462088d13 | 722 | else |
markrad | 0:cdf462088d13 | 723 | { |
markrad | 0:cdf462088d13 | 724 | /* |
markrad | 0:cdf462088d13 | 725 | * GenericBlockCipher: |
markrad | 0:cdf462088d13 | 726 | * 1. if EtM is in use: one block plus MAC |
markrad | 0:cdf462088d13 | 727 | * otherwise: * first multiple of blocklen greater than maclen |
markrad | 0:cdf462088d13 | 728 | * 2. IV except for SSL3 and TLS 1.0 |
markrad | 0:cdf462088d13 | 729 | */ |
markrad | 0:cdf462088d13 | 730 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 731 | if( session->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) |
markrad | 0:cdf462088d13 | 732 | { |
markrad | 0:cdf462088d13 | 733 | transform->minlen = transform->maclen |
markrad | 0:cdf462088d13 | 734 | + cipher_info->block_size; |
markrad | 0:cdf462088d13 | 735 | } |
markrad | 0:cdf462088d13 | 736 | else |
markrad | 0:cdf462088d13 | 737 | #endif |
markrad | 0:cdf462088d13 | 738 | { |
markrad | 0:cdf462088d13 | 739 | transform->minlen = transform->maclen |
markrad | 0:cdf462088d13 | 740 | + cipher_info->block_size |
markrad | 0:cdf462088d13 | 741 | - transform->maclen % cipher_info->block_size; |
markrad | 0:cdf462088d13 | 742 | } |
markrad | 0:cdf462088d13 | 743 | |
markrad | 0:cdf462088d13 | 744 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
markrad | 0:cdf462088d13 | 745 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || |
markrad | 0:cdf462088d13 | 746 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 ) |
markrad | 0:cdf462088d13 | 747 | ; /* No need to adjust minlen */ |
markrad | 0:cdf462088d13 | 748 | else |
markrad | 0:cdf462088d13 | 749 | #endif |
markrad | 0:cdf462088d13 | 750 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 751 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 || |
markrad | 0:cdf462088d13 | 752 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 753 | { |
markrad | 0:cdf462088d13 | 754 | transform->minlen += transform->ivlen; |
markrad | 0:cdf462088d13 | 755 | } |
markrad | 0:cdf462088d13 | 756 | else |
markrad | 0:cdf462088d13 | 757 | #endif |
markrad | 0:cdf462088d13 | 758 | { |
markrad | 0:cdf462088d13 | 759 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 760 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 761 | } |
markrad | 0:cdf462088d13 | 762 | } |
markrad | 0:cdf462088d13 | 763 | } |
markrad | 0:cdf462088d13 | 764 | |
markrad | 0:cdf462088d13 | 765 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d", |
markrad | 0:cdf462088d13 | 766 | transform->keylen, transform->minlen, transform->ivlen, |
markrad | 0:cdf462088d13 | 767 | transform->maclen ) ); |
markrad | 0:cdf462088d13 | 768 | |
markrad | 0:cdf462088d13 | 769 | /* |
markrad | 0:cdf462088d13 | 770 | * Finally setup the cipher contexts, IVs and MAC secrets. |
markrad | 0:cdf462088d13 | 771 | */ |
markrad | 0:cdf462088d13 | 772 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 773 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 774 | { |
markrad | 0:cdf462088d13 | 775 | key1 = keyblk + transform->maclen * 2; |
markrad | 0:cdf462088d13 | 776 | key2 = keyblk + transform->maclen * 2 + transform->keylen; |
markrad | 0:cdf462088d13 | 777 | |
markrad | 0:cdf462088d13 | 778 | mac_enc = keyblk; |
markrad | 0:cdf462088d13 | 779 | mac_dec = keyblk + transform->maclen; |
markrad | 0:cdf462088d13 | 780 | |
markrad | 0:cdf462088d13 | 781 | /* |
markrad | 0:cdf462088d13 | 782 | * This is not used in TLS v1.1. |
markrad | 0:cdf462088d13 | 783 | */ |
markrad | 0:cdf462088d13 | 784 | iv_copy_len = ( transform->fixed_ivlen ) ? |
markrad | 0:cdf462088d13 | 785 | transform->fixed_ivlen : transform->ivlen; |
markrad | 0:cdf462088d13 | 786 | memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len ); |
markrad | 0:cdf462088d13 | 787 | memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len, |
markrad | 0:cdf462088d13 | 788 | iv_copy_len ); |
markrad | 0:cdf462088d13 | 789 | } |
markrad | 0:cdf462088d13 | 790 | else |
markrad | 0:cdf462088d13 | 791 | #endif /* MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 792 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 793 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 794 | { |
markrad | 0:cdf462088d13 | 795 | key1 = keyblk + transform->maclen * 2 + transform->keylen; |
markrad | 0:cdf462088d13 | 796 | key2 = keyblk + transform->maclen * 2; |
markrad | 0:cdf462088d13 | 797 | |
markrad | 0:cdf462088d13 | 798 | mac_enc = keyblk + transform->maclen; |
markrad | 0:cdf462088d13 | 799 | mac_dec = keyblk; |
markrad | 0:cdf462088d13 | 800 | |
markrad | 0:cdf462088d13 | 801 | /* |
markrad | 0:cdf462088d13 | 802 | * This is not used in TLS v1.1. |
markrad | 0:cdf462088d13 | 803 | */ |
markrad | 0:cdf462088d13 | 804 | iv_copy_len = ( transform->fixed_ivlen ) ? |
markrad | 0:cdf462088d13 | 805 | transform->fixed_ivlen : transform->ivlen; |
markrad | 0:cdf462088d13 | 806 | memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len ); |
markrad | 0:cdf462088d13 | 807 | memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len, |
markrad | 0:cdf462088d13 | 808 | iv_copy_len ); |
markrad | 0:cdf462088d13 | 809 | } |
markrad | 0:cdf462088d13 | 810 | else |
markrad | 0:cdf462088d13 | 811 | #endif /* MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 812 | { |
markrad | 0:cdf462088d13 | 813 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 814 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 815 | } |
markrad | 0:cdf462088d13 | 816 | |
markrad | 0:cdf462088d13 | 817 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 818 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 819 | { |
markrad | 0:cdf462088d13 | 820 | if( transform->maclen > sizeof transform->mac_enc ) |
markrad | 0:cdf462088d13 | 821 | { |
markrad | 0:cdf462088d13 | 822 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 823 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 824 | } |
markrad | 0:cdf462088d13 | 825 | |
markrad | 0:cdf462088d13 | 826 | memcpy( transform->mac_enc, mac_enc, transform->maclen ); |
markrad | 0:cdf462088d13 | 827 | memcpy( transform->mac_dec, mac_dec, transform->maclen ); |
markrad | 0:cdf462088d13 | 828 | } |
markrad | 0:cdf462088d13 | 829 | else |
markrad | 0:cdf462088d13 | 830 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 831 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 832 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 833 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
markrad | 0:cdf462088d13 | 834 | { |
markrad | 0:cdf462088d13 | 835 | mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen ); |
markrad | 0:cdf462088d13 | 836 | mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen ); |
markrad | 0:cdf462088d13 | 837 | } |
markrad | 0:cdf462088d13 | 838 | else |
markrad | 0:cdf462088d13 | 839 | #endif |
markrad | 0:cdf462088d13 | 840 | { |
markrad | 0:cdf462088d13 | 841 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 842 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 843 | } |
markrad | 0:cdf462088d13 | 844 | |
markrad | 0:cdf462088d13 | 845 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 846 | if( mbedtls_ssl_hw_record_init != NULL ) |
markrad | 0:cdf462088d13 | 847 | { |
markrad | 0:cdf462088d13 | 848 | int ret = 0; |
markrad | 0:cdf462088d13 | 849 | |
markrad | 0:cdf462088d13 | 850 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) ); |
markrad | 0:cdf462088d13 | 851 | |
markrad | 0:cdf462088d13 | 852 | if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen, |
markrad | 0:cdf462088d13 | 853 | transform->iv_enc, transform->iv_dec, |
markrad | 0:cdf462088d13 | 854 | iv_copy_len, |
markrad | 0:cdf462088d13 | 855 | mac_enc, mac_dec, |
markrad | 0:cdf462088d13 | 856 | transform->maclen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 857 | { |
markrad | 0:cdf462088d13 | 858 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret ); |
markrad | 0:cdf462088d13 | 859 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 860 | } |
markrad | 0:cdf462088d13 | 861 | } |
markrad | 0:cdf462088d13 | 862 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
markrad | 0:cdf462088d13 | 863 | |
markrad | 0:cdf462088d13 | 864 | #if defined(MBEDTLS_SSL_EXPORT_KEYS) |
markrad | 0:cdf462088d13 | 865 | if( ssl->conf->f_export_keys != NULL ) |
markrad | 0:cdf462088d13 | 866 | { |
markrad | 0:cdf462088d13 | 867 | ssl->conf->f_export_keys( ssl->conf->p_export_keys, |
markrad | 0:cdf462088d13 | 868 | session->master, keyblk, |
markrad | 0:cdf462088d13 | 869 | transform->maclen, transform->keylen, |
markrad | 0:cdf462088d13 | 870 | iv_copy_len ); |
markrad | 0:cdf462088d13 | 871 | } |
markrad | 0:cdf462088d13 | 872 | #endif |
markrad | 0:cdf462088d13 | 873 | |
markrad | 0:cdf462088d13 | 874 | if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, |
markrad | 0:cdf462088d13 | 875 | cipher_info ) ) != 0 ) |
markrad | 0:cdf462088d13 | 876 | { |
markrad | 0:cdf462088d13 | 877 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); |
markrad | 0:cdf462088d13 | 878 | return( ret ); |
markrad | 0:cdf462088d13 | 879 | } |
markrad | 0:cdf462088d13 | 880 | |
markrad | 0:cdf462088d13 | 881 | if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, |
markrad | 0:cdf462088d13 | 882 | cipher_info ) ) != 0 ) |
markrad | 0:cdf462088d13 | 883 | { |
markrad | 0:cdf462088d13 | 884 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); |
markrad | 0:cdf462088d13 | 885 | return( ret ); |
markrad | 0:cdf462088d13 | 886 | } |
markrad | 0:cdf462088d13 | 887 | |
markrad | 0:cdf462088d13 | 888 | if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, |
markrad | 0:cdf462088d13 | 889 | cipher_info->key_bitlen, |
markrad | 0:cdf462088d13 | 890 | MBEDTLS_ENCRYPT ) ) != 0 ) |
markrad | 0:cdf462088d13 | 891 | { |
markrad | 0:cdf462088d13 | 892 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); |
markrad | 0:cdf462088d13 | 893 | return( ret ); |
markrad | 0:cdf462088d13 | 894 | } |
markrad | 0:cdf462088d13 | 895 | |
markrad | 0:cdf462088d13 | 896 | if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, |
markrad | 0:cdf462088d13 | 897 | cipher_info->key_bitlen, |
markrad | 0:cdf462088d13 | 898 | MBEDTLS_DECRYPT ) ) != 0 ) |
markrad | 0:cdf462088d13 | 899 | { |
markrad | 0:cdf462088d13 | 900 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); |
markrad | 0:cdf462088d13 | 901 | return( ret ); |
markrad | 0:cdf462088d13 | 902 | } |
markrad | 0:cdf462088d13 | 903 | |
markrad | 0:cdf462088d13 | 904 | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
markrad | 0:cdf462088d13 | 905 | if( cipher_info->mode == MBEDTLS_MODE_CBC ) |
markrad | 0:cdf462088d13 | 906 | { |
markrad | 0:cdf462088d13 | 907 | if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc, |
markrad | 0:cdf462088d13 | 908 | MBEDTLS_PADDING_NONE ) ) != 0 ) |
markrad | 0:cdf462088d13 | 909 | { |
markrad | 0:cdf462088d13 | 910 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); |
markrad | 0:cdf462088d13 | 911 | return( ret ); |
markrad | 0:cdf462088d13 | 912 | } |
markrad | 0:cdf462088d13 | 913 | |
markrad | 0:cdf462088d13 | 914 | if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec, |
markrad | 0:cdf462088d13 | 915 | MBEDTLS_PADDING_NONE ) ) != 0 ) |
markrad | 0:cdf462088d13 | 916 | { |
markrad | 0:cdf462088d13 | 917 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); |
markrad | 0:cdf462088d13 | 918 | return( ret ); |
markrad | 0:cdf462088d13 | 919 | } |
markrad | 0:cdf462088d13 | 920 | } |
markrad | 0:cdf462088d13 | 921 | #endif /* MBEDTLS_CIPHER_MODE_CBC */ |
markrad | 0:cdf462088d13 | 922 | |
markrad | 0:cdf462088d13 | 923 | mbedtls_zeroize( keyblk, sizeof( keyblk ) ); |
markrad | 0:cdf462088d13 | 924 | |
markrad | 0:cdf462088d13 | 925 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 926 | // Initialize compression |
markrad | 0:cdf462088d13 | 927 | // |
markrad | 0:cdf462088d13 | 928 | if( session->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
markrad | 0:cdf462088d13 | 929 | { |
markrad | 0:cdf462088d13 | 930 | if( ssl->compress_buf == NULL ) |
markrad | 0:cdf462088d13 | 931 | { |
markrad | 0:cdf462088d13 | 932 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) ); |
markrad | 0:cdf462088d13 | 933 | ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_BUFFER_LEN ); |
markrad | 0:cdf462088d13 | 934 | if( ssl->compress_buf == NULL ) |
markrad | 0:cdf462088d13 | 935 | { |
markrad | 0:cdf462088d13 | 936 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", |
markrad | 0:cdf462088d13 | 937 | MBEDTLS_SSL_BUFFER_LEN ) ); |
markrad | 0:cdf462088d13 | 938 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 939 | } |
markrad | 0:cdf462088d13 | 940 | } |
markrad | 0:cdf462088d13 | 941 | |
markrad | 0:cdf462088d13 | 942 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) ); |
markrad | 0:cdf462088d13 | 943 | |
markrad | 0:cdf462088d13 | 944 | memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) ); |
markrad | 0:cdf462088d13 | 945 | memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) ); |
markrad | 0:cdf462088d13 | 946 | |
markrad | 0:cdf462088d13 | 947 | if( deflateInit( &transform->ctx_deflate, |
markrad | 0:cdf462088d13 | 948 | Z_DEFAULT_COMPRESSION ) != Z_OK || |
markrad | 0:cdf462088d13 | 949 | inflateInit( &transform->ctx_inflate ) != Z_OK ) |
markrad | 0:cdf462088d13 | 950 | { |
markrad | 0:cdf462088d13 | 951 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) ); |
markrad | 0:cdf462088d13 | 952 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
markrad | 0:cdf462088d13 | 953 | } |
markrad | 0:cdf462088d13 | 954 | } |
markrad | 0:cdf462088d13 | 955 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
markrad | 0:cdf462088d13 | 956 | |
markrad | 0:cdf462088d13 | 957 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); |
markrad | 0:cdf462088d13 | 958 | |
markrad | 0:cdf462088d13 | 959 | return( 0 ); |
markrad | 0:cdf462088d13 | 960 | } |
markrad | 0:cdf462088d13 | 961 | |
markrad | 0:cdf462088d13 | 962 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 963 | void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] ) |
markrad | 0:cdf462088d13 | 964 | { |
markrad | 0:cdf462088d13 | 965 | mbedtls_md5_context md5; |
markrad | 0:cdf462088d13 | 966 | mbedtls_sha1_context sha1; |
markrad | 0:cdf462088d13 | 967 | unsigned char pad_1[48]; |
markrad | 0:cdf462088d13 | 968 | unsigned char pad_2[48]; |
markrad | 0:cdf462088d13 | 969 | |
markrad | 0:cdf462088d13 | 970 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) ); |
markrad | 0:cdf462088d13 | 971 | |
markrad | 0:cdf462088d13 | 972 | mbedtls_md5_init( &md5 ); |
markrad | 0:cdf462088d13 | 973 | mbedtls_sha1_init( &sha1 ); |
markrad | 0:cdf462088d13 | 974 | |
markrad | 0:cdf462088d13 | 975 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 976 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 977 | |
markrad | 0:cdf462088d13 | 978 | memset( pad_1, 0x36, 48 ); |
markrad | 0:cdf462088d13 | 979 | memset( pad_2, 0x5C, 48 ); |
markrad | 0:cdf462088d13 | 980 | |
markrad | 0:cdf462088d13 | 981 | mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); |
markrad | 0:cdf462088d13 | 982 | mbedtls_md5_update( &md5, pad_1, 48 ); |
markrad | 0:cdf462088d13 | 983 | mbedtls_md5_finish( &md5, hash ); |
markrad | 0:cdf462088d13 | 984 | |
markrad | 0:cdf462088d13 | 985 | mbedtls_md5_starts( &md5 ); |
markrad | 0:cdf462088d13 | 986 | mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); |
markrad | 0:cdf462088d13 | 987 | mbedtls_md5_update( &md5, pad_2, 48 ); |
markrad | 0:cdf462088d13 | 988 | mbedtls_md5_update( &md5, hash, 16 ); |
markrad | 0:cdf462088d13 | 989 | mbedtls_md5_finish( &md5, hash ); |
markrad | 0:cdf462088d13 | 990 | |
markrad | 0:cdf462088d13 | 991 | mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); |
markrad | 0:cdf462088d13 | 992 | mbedtls_sha1_update( &sha1, pad_1, 40 ); |
markrad | 0:cdf462088d13 | 993 | mbedtls_sha1_finish( &sha1, hash + 16 ); |
markrad | 0:cdf462088d13 | 994 | |
markrad | 0:cdf462088d13 | 995 | mbedtls_sha1_starts( &sha1 ); |
markrad | 0:cdf462088d13 | 996 | mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); |
markrad | 0:cdf462088d13 | 997 | mbedtls_sha1_update( &sha1, pad_2, 40 ); |
markrad | 0:cdf462088d13 | 998 | mbedtls_sha1_update( &sha1, hash + 16, 20 ); |
markrad | 0:cdf462088d13 | 999 | mbedtls_sha1_finish( &sha1, hash + 16 ); |
markrad | 0:cdf462088d13 | 1000 | |
markrad | 0:cdf462088d13 | 1001 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); |
markrad | 0:cdf462088d13 | 1002 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
markrad | 0:cdf462088d13 | 1003 | |
markrad | 0:cdf462088d13 | 1004 | mbedtls_md5_free( &md5 ); |
markrad | 0:cdf462088d13 | 1005 | mbedtls_sha1_free( &sha1 ); |
markrad | 0:cdf462088d13 | 1006 | |
markrad | 0:cdf462088d13 | 1007 | return; |
markrad | 0:cdf462088d13 | 1008 | } |
markrad | 0:cdf462088d13 | 1009 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 1010 | |
markrad | 0:cdf462088d13 | 1011 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 1012 | void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] ) |
markrad | 0:cdf462088d13 | 1013 | { |
markrad | 0:cdf462088d13 | 1014 | mbedtls_md5_context md5; |
markrad | 0:cdf462088d13 | 1015 | mbedtls_sha1_context sha1; |
markrad | 0:cdf462088d13 | 1016 | |
markrad | 0:cdf462088d13 | 1017 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) ); |
markrad | 0:cdf462088d13 | 1018 | |
markrad | 0:cdf462088d13 | 1019 | mbedtls_md5_init( &md5 ); |
markrad | 0:cdf462088d13 | 1020 | mbedtls_sha1_init( &sha1 ); |
markrad | 0:cdf462088d13 | 1021 | |
markrad | 0:cdf462088d13 | 1022 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 1023 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 1024 | |
markrad | 0:cdf462088d13 | 1025 | mbedtls_md5_finish( &md5, hash ); |
markrad | 0:cdf462088d13 | 1026 | mbedtls_sha1_finish( &sha1, hash + 16 ); |
markrad | 0:cdf462088d13 | 1027 | |
markrad | 0:cdf462088d13 | 1028 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); |
markrad | 0:cdf462088d13 | 1029 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
markrad | 0:cdf462088d13 | 1030 | |
markrad | 0:cdf462088d13 | 1031 | mbedtls_md5_free( &md5 ); |
markrad | 0:cdf462088d13 | 1032 | mbedtls_sha1_free( &sha1 ); |
markrad | 0:cdf462088d13 | 1033 | |
markrad | 0:cdf462088d13 | 1034 | return; |
markrad | 0:cdf462088d13 | 1035 | } |
markrad | 0:cdf462088d13 | 1036 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
markrad | 0:cdf462088d13 | 1037 | |
markrad | 0:cdf462088d13 | 1038 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1039 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 1040 | void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] ) |
markrad | 0:cdf462088d13 | 1041 | { |
markrad | 0:cdf462088d13 | 1042 | mbedtls_sha256_context sha256; |
markrad | 0:cdf462088d13 | 1043 | |
markrad | 0:cdf462088d13 | 1044 | mbedtls_sha256_init( &sha256 ); |
markrad | 0:cdf462088d13 | 1045 | |
markrad | 0:cdf462088d13 | 1046 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); |
markrad | 0:cdf462088d13 | 1047 | |
markrad | 0:cdf462088d13 | 1048 | mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); |
markrad | 0:cdf462088d13 | 1049 | mbedtls_sha256_finish( &sha256, hash ); |
markrad | 0:cdf462088d13 | 1050 | |
markrad | 0:cdf462088d13 | 1051 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 ); |
markrad | 0:cdf462088d13 | 1052 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
markrad | 0:cdf462088d13 | 1053 | |
markrad | 0:cdf462088d13 | 1054 | mbedtls_sha256_free( &sha256 ); |
markrad | 0:cdf462088d13 | 1055 | |
markrad | 0:cdf462088d13 | 1056 | return; |
markrad | 0:cdf462088d13 | 1057 | } |
markrad | 0:cdf462088d13 | 1058 | #endif /* MBEDTLS_SHA256_C */ |
markrad | 0:cdf462088d13 | 1059 | |
markrad | 0:cdf462088d13 | 1060 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 1061 | void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] ) |
markrad | 0:cdf462088d13 | 1062 | { |
markrad | 0:cdf462088d13 | 1063 | mbedtls_sha512_context sha512; |
markrad | 0:cdf462088d13 | 1064 | |
markrad | 0:cdf462088d13 | 1065 | mbedtls_sha512_init( &sha512 ); |
markrad | 0:cdf462088d13 | 1066 | |
markrad | 0:cdf462088d13 | 1067 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); |
markrad | 0:cdf462088d13 | 1068 | |
markrad | 0:cdf462088d13 | 1069 | mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); |
markrad | 0:cdf462088d13 | 1070 | mbedtls_sha512_finish( &sha512, hash ); |
markrad | 0:cdf462088d13 | 1071 | |
markrad | 0:cdf462088d13 | 1072 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 ); |
markrad | 0:cdf462088d13 | 1073 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
markrad | 0:cdf462088d13 | 1074 | |
markrad | 0:cdf462088d13 | 1075 | mbedtls_sha512_free( &sha512 ); |
markrad | 0:cdf462088d13 | 1076 | |
markrad | 0:cdf462088d13 | 1077 | return; |
markrad | 0:cdf462088d13 | 1078 | } |
markrad | 0:cdf462088d13 | 1079 | #endif /* MBEDTLS_SHA512_C */ |
markrad | 0:cdf462088d13 | 1080 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 1081 | |
markrad | 0:cdf462088d13 | 1082 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
markrad | 0:cdf462088d13 | 1083 | int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) |
markrad | 0:cdf462088d13 | 1084 | { |
markrad | 0:cdf462088d13 | 1085 | unsigned char *p = ssl->handshake->premaster; |
markrad | 0:cdf462088d13 | 1086 | unsigned char *end = p + sizeof( ssl->handshake->premaster ); |
markrad | 0:cdf462088d13 | 1087 | const unsigned char *psk = ssl->conf->psk; |
markrad | 0:cdf462088d13 | 1088 | size_t psk_len = ssl->conf->psk_len; |
markrad | 0:cdf462088d13 | 1089 | |
markrad | 0:cdf462088d13 | 1090 | /* If the psk callback was called, use its result */ |
markrad | 0:cdf462088d13 | 1091 | if( ssl->handshake->psk != NULL ) |
markrad | 0:cdf462088d13 | 1092 | { |
markrad | 0:cdf462088d13 | 1093 | psk = ssl->handshake->psk; |
markrad | 0:cdf462088d13 | 1094 | psk_len = ssl->handshake->psk_len; |
markrad | 0:cdf462088d13 | 1095 | } |
markrad | 0:cdf462088d13 | 1096 | |
markrad | 0:cdf462088d13 | 1097 | /* |
markrad | 0:cdf462088d13 | 1098 | * PMS = struct { |
markrad | 0:cdf462088d13 | 1099 | * opaque other_secret<0..2^16-1>; |
markrad | 0:cdf462088d13 | 1100 | * opaque psk<0..2^16-1>; |
markrad | 0:cdf462088d13 | 1101 | * }; |
markrad | 0:cdf462088d13 | 1102 | * with "other_secret" depending on the particular key exchange |
markrad | 0:cdf462088d13 | 1103 | */ |
markrad | 0:cdf462088d13 | 1104 | #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) |
markrad | 0:cdf462088d13 | 1105 | if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK ) |
markrad | 0:cdf462088d13 | 1106 | { |
markrad | 0:cdf462088d13 | 1107 | if( end - p < 2 ) |
markrad | 0:cdf462088d13 | 1108 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 1109 | |
markrad | 0:cdf462088d13 | 1110 | *(p++) = (unsigned char)( psk_len >> 8 ); |
markrad | 0:cdf462088d13 | 1111 | *(p++) = (unsigned char)( psk_len ); |
markrad | 0:cdf462088d13 | 1112 | |
markrad | 0:cdf462088d13 | 1113 | if( end < p || (size_t)( end - p ) < psk_len ) |
markrad | 0:cdf462088d13 | 1114 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 1115 | |
markrad | 0:cdf462088d13 | 1116 | memset( p, 0, psk_len ); |
markrad | 0:cdf462088d13 | 1117 | p += psk_len; |
markrad | 0:cdf462088d13 | 1118 | } |
markrad | 0:cdf462088d13 | 1119 | else |
markrad | 0:cdf462088d13 | 1120 | #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ |
markrad | 0:cdf462088d13 | 1121 | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) |
markrad | 0:cdf462088d13 | 1122 | if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) |
markrad | 0:cdf462088d13 | 1123 | { |
markrad | 0:cdf462088d13 | 1124 | /* |
markrad | 0:cdf462088d13 | 1125 | * other_secret already set by the ClientKeyExchange message, |
markrad | 0:cdf462088d13 | 1126 | * and is 48 bytes long |
markrad | 0:cdf462088d13 | 1127 | */ |
markrad | 0:cdf462088d13 | 1128 | *p++ = 0; |
markrad | 0:cdf462088d13 | 1129 | *p++ = 48; |
markrad | 0:cdf462088d13 | 1130 | p += 48; |
markrad | 0:cdf462088d13 | 1131 | } |
markrad | 0:cdf462088d13 | 1132 | else |
markrad | 0:cdf462088d13 | 1133 | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ |
markrad | 0:cdf462088d13 | 1134 | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) |
markrad | 0:cdf462088d13 | 1135 | if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) |
markrad | 0:cdf462088d13 | 1136 | { |
markrad | 0:cdf462088d13 | 1137 | int ret; |
markrad | 0:cdf462088d13 | 1138 | size_t len; |
markrad | 0:cdf462088d13 | 1139 | |
markrad | 0:cdf462088d13 | 1140 | /* Write length only when we know the actual value */ |
markrad | 0:cdf462088d13 | 1141 | if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, |
markrad | 0:cdf462088d13 | 1142 | p + 2, end - ( p + 2 ), &len, |
markrad | 0:cdf462088d13 | 1143 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1144 | { |
markrad | 0:cdf462088d13 | 1145 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); |
markrad | 0:cdf462088d13 | 1146 | return( ret ); |
markrad | 0:cdf462088d13 | 1147 | } |
markrad | 0:cdf462088d13 | 1148 | *(p++) = (unsigned char)( len >> 8 ); |
markrad | 0:cdf462088d13 | 1149 | *(p++) = (unsigned char)( len ); |
markrad | 0:cdf462088d13 | 1150 | p += len; |
markrad | 0:cdf462088d13 | 1151 | |
markrad | 0:cdf462088d13 | 1152 | MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); |
markrad | 0:cdf462088d13 | 1153 | } |
markrad | 0:cdf462088d13 | 1154 | else |
markrad | 0:cdf462088d13 | 1155 | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ |
markrad | 0:cdf462088d13 | 1156 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
markrad | 0:cdf462088d13 | 1157 | if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) |
markrad | 0:cdf462088d13 | 1158 | { |
markrad | 0:cdf462088d13 | 1159 | int ret; |
markrad | 0:cdf462088d13 | 1160 | size_t zlen; |
markrad | 0:cdf462088d13 | 1161 | |
markrad | 0:cdf462088d13 | 1162 | if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, |
markrad | 0:cdf462088d13 | 1163 | p + 2, end - ( p + 2 ), |
markrad | 0:cdf462088d13 | 1164 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1165 | { |
markrad | 0:cdf462088d13 | 1166 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); |
markrad | 0:cdf462088d13 | 1167 | return( ret ); |
markrad | 0:cdf462088d13 | 1168 | } |
markrad | 0:cdf462088d13 | 1169 | |
markrad | 0:cdf462088d13 | 1170 | *(p++) = (unsigned char)( zlen >> 8 ); |
markrad | 0:cdf462088d13 | 1171 | *(p++) = (unsigned char)( zlen ); |
markrad | 0:cdf462088d13 | 1172 | p += zlen; |
markrad | 0:cdf462088d13 | 1173 | |
markrad | 0:cdf462088d13 | 1174 | MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); |
markrad | 0:cdf462088d13 | 1175 | } |
markrad | 0:cdf462088d13 | 1176 | else |
markrad | 0:cdf462088d13 | 1177 | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ |
markrad | 0:cdf462088d13 | 1178 | { |
markrad | 0:cdf462088d13 | 1179 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1180 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1181 | } |
markrad | 0:cdf462088d13 | 1182 | |
markrad | 0:cdf462088d13 | 1183 | /* opaque psk<0..2^16-1>; */ |
markrad | 0:cdf462088d13 | 1184 | if( end - p < 2 ) |
markrad | 0:cdf462088d13 | 1185 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 1186 | |
markrad | 0:cdf462088d13 | 1187 | *(p++) = (unsigned char)( psk_len >> 8 ); |
markrad | 0:cdf462088d13 | 1188 | *(p++) = (unsigned char)( psk_len ); |
markrad | 0:cdf462088d13 | 1189 | |
markrad | 0:cdf462088d13 | 1190 | if( end < p || (size_t)( end - p ) < psk_len ) |
markrad | 0:cdf462088d13 | 1191 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 1192 | |
markrad | 0:cdf462088d13 | 1193 | memcpy( p, psk, psk_len ); |
markrad | 0:cdf462088d13 | 1194 | p += psk_len; |
markrad | 0:cdf462088d13 | 1195 | |
markrad | 0:cdf462088d13 | 1196 | ssl->handshake->pmslen = p - ssl->handshake->premaster; |
markrad | 0:cdf462088d13 | 1197 | |
markrad | 0:cdf462088d13 | 1198 | return( 0 ); |
markrad | 0:cdf462088d13 | 1199 | } |
markrad | 0:cdf462088d13 | 1200 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
markrad | 0:cdf462088d13 | 1201 | |
markrad | 0:cdf462088d13 | 1202 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 1203 | /* |
markrad | 0:cdf462088d13 | 1204 | * SSLv3.0 MAC functions |
markrad | 0:cdf462088d13 | 1205 | */ |
markrad | 0:cdf462088d13 | 1206 | static void ssl_mac( mbedtls_md_context_t *md_ctx, unsigned char *secret, |
markrad | 0:cdf462088d13 | 1207 | unsigned char *buf, size_t len, |
markrad | 0:cdf462088d13 | 1208 | unsigned char *ctr, int type ) |
markrad | 0:cdf462088d13 | 1209 | { |
markrad | 0:cdf462088d13 | 1210 | unsigned char header[11]; |
markrad | 0:cdf462088d13 | 1211 | unsigned char padding[48]; |
markrad | 0:cdf462088d13 | 1212 | int padlen; |
markrad | 0:cdf462088d13 | 1213 | int md_size = mbedtls_md_get_size( md_ctx->md_info ); |
markrad | 0:cdf462088d13 | 1214 | int md_type = mbedtls_md_get_type( md_ctx->md_info ); |
markrad | 0:cdf462088d13 | 1215 | |
markrad | 0:cdf462088d13 | 1216 | /* Only MD5 and SHA-1 supported */ |
markrad | 0:cdf462088d13 | 1217 | if( md_type == MBEDTLS_MD_MD5 ) |
markrad | 0:cdf462088d13 | 1218 | padlen = 48; |
markrad | 0:cdf462088d13 | 1219 | else |
markrad | 0:cdf462088d13 | 1220 | padlen = 40; |
markrad | 0:cdf462088d13 | 1221 | |
markrad | 0:cdf462088d13 | 1222 | memcpy( header, ctr, 8 ); |
markrad | 0:cdf462088d13 | 1223 | header[ 8] = (unsigned char) type; |
markrad | 0:cdf462088d13 | 1224 | header[ 9] = (unsigned char)( len >> 8 ); |
markrad | 0:cdf462088d13 | 1225 | header[10] = (unsigned char)( len ); |
markrad | 0:cdf462088d13 | 1226 | |
markrad | 0:cdf462088d13 | 1227 | memset( padding, 0x36, padlen ); |
markrad | 0:cdf462088d13 | 1228 | mbedtls_md_starts( md_ctx ); |
markrad | 0:cdf462088d13 | 1229 | mbedtls_md_update( md_ctx, secret, md_size ); |
markrad | 0:cdf462088d13 | 1230 | mbedtls_md_update( md_ctx, padding, padlen ); |
markrad | 0:cdf462088d13 | 1231 | mbedtls_md_update( md_ctx, header, 11 ); |
markrad | 0:cdf462088d13 | 1232 | mbedtls_md_update( md_ctx, buf, len ); |
markrad | 0:cdf462088d13 | 1233 | mbedtls_md_finish( md_ctx, buf + len ); |
markrad | 0:cdf462088d13 | 1234 | |
markrad | 0:cdf462088d13 | 1235 | memset( padding, 0x5C, padlen ); |
markrad | 0:cdf462088d13 | 1236 | mbedtls_md_starts( md_ctx ); |
markrad | 0:cdf462088d13 | 1237 | mbedtls_md_update( md_ctx, secret, md_size ); |
markrad | 0:cdf462088d13 | 1238 | mbedtls_md_update( md_ctx, padding, padlen ); |
markrad | 0:cdf462088d13 | 1239 | mbedtls_md_update( md_ctx, buf + len, md_size ); |
markrad | 0:cdf462088d13 | 1240 | mbedtls_md_finish( md_ctx, buf + len ); |
markrad | 0:cdf462088d13 | 1241 | } |
markrad | 0:cdf462088d13 | 1242 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 1243 | |
markrad | 0:cdf462088d13 | 1244 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ |
markrad | 0:cdf462088d13 | 1245 | ( defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
markrad | 0:cdf462088d13 | 1246 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) ) |
markrad | 0:cdf462088d13 | 1247 | #define SSL_SOME_MODES_USE_MAC |
markrad | 0:cdf462088d13 | 1248 | #endif |
markrad | 0:cdf462088d13 | 1249 | |
markrad | 0:cdf462088d13 | 1250 | /* |
markrad | 0:cdf462088d13 | 1251 | * Encryption/decryption functions |
markrad | 0:cdf462088d13 | 1252 | */ |
markrad | 0:cdf462088d13 | 1253 | static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 1254 | { |
markrad | 0:cdf462088d13 | 1255 | mbedtls_cipher_mode_t mode; |
markrad | 0:cdf462088d13 | 1256 | int auth_done = 0; |
markrad | 0:cdf462088d13 | 1257 | |
markrad | 0:cdf462088d13 | 1258 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); |
markrad | 0:cdf462088d13 | 1259 | |
markrad | 0:cdf462088d13 | 1260 | if( ssl->session_out == NULL || ssl->transform_out == NULL ) |
markrad | 0:cdf462088d13 | 1261 | { |
markrad | 0:cdf462088d13 | 1262 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1263 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1264 | } |
markrad | 0:cdf462088d13 | 1265 | |
markrad | 0:cdf462088d13 | 1266 | mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ); |
markrad | 0:cdf462088d13 | 1267 | |
markrad | 0:cdf462088d13 | 1268 | MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload", |
markrad | 0:cdf462088d13 | 1269 | ssl->out_msg, ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 1270 | |
markrad | 0:cdf462088d13 | 1271 | /* |
markrad | 0:cdf462088d13 | 1272 | * Add MAC before if needed |
markrad | 0:cdf462088d13 | 1273 | */ |
markrad | 0:cdf462088d13 | 1274 | #if defined(SSL_SOME_MODES_USE_MAC) |
markrad | 0:cdf462088d13 | 1275 | if( mode == MBEDTLS_MODE_STREAM || |
markrad | 0:cdf462088d13 | 1276 | ( mode == MBEDTLS_MODE_CBC |
markrad | 0:cdf462088d13 | 1277 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 1278 | && ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED |
markrad | 0:cdf462088d13 | 1279 | #endif |
markrad | 0:cdf462088d13 | 1280 | ) ) |
markrad | 0:cdf462088d13 | 1281 | { |
markrad | 0:cdf462088d13 | 1282 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 1283 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 1284 | { |
markrad | 0:cdf462088d13 | 1285 | ssl_mac( &ssl->transform_out->md_ctx_enc, |
markrad | 0:cdf462088d13 | 1286 | ssl->transform_out->mac_enc, |
markrad | 0:cdf462088d13 | 1287 | ssl->out_msg, ssl->out_msglen, |
markrad | 0:cdf462088d13 | 1288 | ssl->out_ctr, ssl->out_msgtype ); |
markrad | 0:cdf462088d13 | 1289 | } |
markrad | 0:cdf462088d13 | 1290 | else |
markrad | 0:cdf462088d13 | 1291 | #endif |
markrad | 0:cdf462088d13 | 1292 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 1293 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1294 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
markrad | 0:cdf462088d13 | 1295 | { |
markrad | 0:cdf462088d13 | 1296 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1297 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 ); |
markrad | 0:cdf462088d13 | 1298 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 ); |
markrad | 0:cdf462088d13 | 1299 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, |
markrad | 0:cdf462088d13 | 1300 | ssl->out_msg, ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 1301 | mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, |
markrad | 0:cdf462088d13 | 1302 | ssl->out_msg + ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 1303 | mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); |
markrad | 0:cdf462088d13 | 1304 | } |
markrad | 0:cdf462088d13 | 1305 | else |
markrad | 0:cdf462088d13 | 1306 | #endif |
markrad | 0:cdf462088d13 | 1307 | { |
markrad | 0:cdf462088d13 | 1308 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1309 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1310 | } |
markrad | 0:cdf462088d13 | 1311 | |
markrad | 0:cdf462088d13 | 1312 | MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", |
markrad | 0:cdf462088d13 | 1313 | ssl->out_msg + ssl->out_msglen, |
markrad | 0:cdf462088d13 | 1314 | ssl->transform_out->maclen ); |
markrad | 0:cdf462088d13 | 1315 | |
markrad | 0:cdf462088d13 | 1316 | ssl->out_msglen += ssl->transform_out->maclen; |
markrad | 0:cdf462088d13 | 1317 | auth_done++; |
markrad | 0:cdf462088d13 | 1318 | } |
markrad | 0:cdf462088d13 | 1319 | #endif /* AEAD not the only option */ |
markrad | 0:cdf462088d13 | 1320 | |
markrad | 0:cdf462088d13 | 1321 | /* |
markrad | 0:cdf462088d13 | 1322 | * Encrypt |
markrad | 0:cdf462088d13 | 1323 | */ |
markrad | 0:cdf462088d13 | 1324 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) |
markrad | 0:cdf462088d13 | 1325 | if( mode == MBEDTLS_MODE_STREAM ) |
markrad | 0:cdf462088d13 | 1326 | { |
markrad | 0:cdf462088d13 | 1327 | int ret; |
markrad | 0:cdf462088d13 | 1328 | size_t olen = 0; |
markrad | 0:cdf462088d13 | 1329 | |
markrad | 0:cdf462088d13 | 1330 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
markrad | 0:cdf462088d13 | 1331 | "including %d bytes of padding", |
markrad | 0:cdf462088d13 | 1332 | ssl->out_msglen, 0 ) ); |
markrad | 0:cdf462088d13 | 1333 | |
markrad | 0:cdf462088d13 | 1334 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, |
markrad | 0:cdf462088d13 | 1335 | ssl->transform_out->iv_enc, |
markrad | 0:cdf462088d13 | 1336 | ssl->transform_out->ivlen, |
markrad | 0:cdf462088d13 | 1337 | ssl->out_msg, ssl->out_msglen, |
markrad | 0:cdf462088d13 | 1338 | ssl->out_msg, &olen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1339 | { |
markrad | 0:cdf462088d13 | 1340 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
markrad | 0:cdf462088d13 | 1341 | return( ret ); |
markrad | 0:cdf462088d13 | 1342 | } |
markrad | 0:cdf462088d13 | 1343 | |
markrad | 0:cdf462088d13 | 1344 | if( ssl->out_msglen != olen ) |
markrad | 0:cdf462088d13 | 1345 | { |
markrad | 0:cdf462088d13 | 1346 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1347 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1348 | } |
markrad | 0:cdf462088d13 | 1349 | } |
markrad | 0:cdf462088d13 | 1350 | else |
markrad | 0:cdf462088d13 | 1351 | #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ |
markrad | 0:cdf462088d13 | 1352 | #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) |
markrad | 0:cdf462088d13 | 1353 | if( mode == MBEDTLS_MODE_GCM || |
markrad | 0:cdf462088d13 | 1354 | mode == MBEDTLS_MODE_CCM ) |
markrad | 0:cdf462088d13 | 1355 | { |
markrad | 0:cdf462088d13 | 1356 | int ret; |
markrad | 0:cdf462088d13 | 1357 | size_t enc_msglen, olen; |
markrad | 0:cdf462088d13 | 1358 | unsigned char *enc_msg; |
markrad | 0:cdf462088d13 | 1359 | unsigned char add_data[13]; |
markrad | 0:cdf462088d13 | 1360 | unsigned char taglen = ssl->transform_out->ciphersuite_info->flags & |
markrad | 0:cdf462088d13 | 1361 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; |
markrad | 0:cdf462088d13 | 1362 | |
markrad | 0:cdf462088d13 | 1363 | memcpy( add_data, ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1364 | add_data[8] = ssl->out_msgtype; |
markrad | 0:cdf462088d13 | 1365 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
markrad | 0:cdf462088d13 | 1366 | ssl->conf->transport, add_data + 9 ); |
markrad | 0:cdf462088d13 | 1367 | add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF; |
markrad | 0:cdf462088d13 | 1368 | add_data[12] = ssl->out_msglen & 0xFF; |
markrad | 0:cdf462088d13 | 1369 | |
markrad | 0:cdf462088d13 | 1370 | MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", |
markrad | 0:cdf462088d13 | 1371 | add_data, 13 ); |
markrad | 0:cdf462088d13 | 1372 | |
markrad | 0:cdf462088d13 | 1373 | /* |
markrad | 0:cdf462088d13 | 1374 | * Generate IV |
markrad | 0:cdf462088d13 | 1375 | */ |
markrad | 0:cdf462088d13 | 1376 | if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 ) |
markrad | 0:cdf462088d13 | 1377 | { |
markrad | 0:cdf462088d13 | 1378 | /* Reminder if we ever add an AEAD mode with a different size */ |
markrad | 0:cdf462088d13 | 1379 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1380 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1381 | } |
markrad | 0:cdf462088d13 | 1382 | |
markrad | 0:cdf462088d13 | 1383 | memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, |
markrad | 0:cdf462088d13 | 1384 | ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1385 | memcpy( ssl->out_iv, ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1386 | |
markrad | 0:cdf462088d13 | 1387 | MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv, |
markrad | 0:cdf462088d13 | 1388 | ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); |
markrad | 0:cdf462088d13 | 1389 | |
markrad | 0:cdf462088d13 | 1390 | /* |
markrad | 0:cdf462088d13 | 1391 | * Fix pointer positions and message length with added IV |
markrad | 0:cdf462088d13 | 1392 | */ |
markrad | 0:cdf462088d13 | 1393 | enc_msg = ssl->out_msg; |
markrad | 0:cdf462088d13 | 1394 | enc_msglen = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 1395 | ssl->out_msglen += ssl->transform_out->ivlen - |
markrad | 0:cdf462088d13 | 1396 | ssl->transform_out->fixed_ivlen; |
markrad | 0:cdf462088d13 | 1397 | |
markrad | 0:cdf462088d13 | 1398 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
markrad | 0:cdf462088d13 | 1399 | "including %d bytes of padding", |
markrad | 0:cdf462088d13 | 1400 | ssl->out_msglen, 0 ) ); |
markrad | 0:cdf462088d13 | 1401 | |
markrad | 0:cdf462088d13 | 1402 | /* |
markrad | 0:cdf462088d13 | 1403 | * Encrypt and authenticate |
markrad | 0:cdf462088d13 | 1404 | */ |
markrad | 0:cdf462088d13 | 1405 | if( ( ret = mbedtls_cipher_auth_encrypt( &ssl->transform_out->cipher_ctx_enc, |
markrad | 0:cdf462088d13 | 1406 | ssl->transform_out->iv_enc, |
markrad | 0:cdf462088d13 | 1407 | ssl->transform_out->ivlen, |
markrad | 0:cdf462088d13 | 1408 | add_data, 13, |
markrad | 0:cdf462088d13 | 1409 | enc_msg, enc_msglen, |
markrad | 0:cdf462088d13 | 1410 | enc_msg, &olen, |
markrad | 0:cdf462088d13 | 1411 | enc_msg + enc_msglen, taglen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1412 | { |
markrad | 0:cdf462088d13 | 1413 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret ); |
markrad | 0:cdf462088d13 | 1414 | return( ret ); |
markrad | 0:cdf462088d13 | 1415 | } |
markrad | 0:cdf462088d13 | 1416 | |
markrad | 0:cdf462088d13 | 1417 | if( olen != enc_msglen ) |
markrad | 0:cdf462088d13 | 1418 | { |
markrad | 0:cdf462088d13 | 1419 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1420 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1421 | } |
markrad | 0:cdf462088d13 | 1422 | |
markrad | 0:cdf462088d13 | 1423 | ssl->out_msglen += taglen; |
markrad | 0:cdf462088d13 | 1424 | auth_done++; |
markrad | 0:cdf462088d13 | 1425 | |
markrad | 0:cdf462088d13 | 1426 | MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen ); |
markrad | 0:cdf462088d13 | 1427 | } |
markrad | 0:cdf462088d13 | 1428 | else |
markrad | 0:cdf462088d13 | 1429 | #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ |
markrad | 0:cdf462088d13 | 1430 | #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
markrad | 0:cdf462088d13 | 1431 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) |
markrad | 0:cdf462088d13 | 1432 | if( mode == MBEDTLS_MODE_CBC ) |
markrad | 0:cdf462088d13 | 1433 | { |
markrad | 0:cdf462088d13 | 1434 | int ret; |
markrad | 0:cdf462088d13 | 1435 | unsigned char *enc_msg; |
markrad | 0:cdf462088d13 | 1436 | size_t enc_msglen, padlen, olen = 0, i; |
markrad | 0:cdf462088d13 | 1437 | |
markrad | 0:cdf462088d13 | 1438 | padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) % |
markrad | 0:cdf462088d13 | 1439 | ssl->transform_out->ivlen; |
markrad | 0:cdf462088d13 | 1440 | if( padlen == ssl->transform_out->ivlen ) |
markrad | 0:cdf462088d13 | 1441 | padlen = 0; |
markrad | 0:cdf462088d13 | 1442 | |
markrad | 0:cdf462088d13 | 1443 | for( i = 0; i <= padlen; i++ ) |
markrad | 0:cdf462088d13 | 1444 | ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen; |
markrad | 0:cdf462088d13 | 1445 | |
markrad | 0:cdf462088d13 | 1446 | ssl->out_msglen += padlen + 1; |
markrad | 0:cdf462088d13 | 1447 | |
markrad | 0:cdf462088d13 | 1448 | enc_msglen = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 1449 | enc_msg = ssl->out_msg; |
markrad | 0:cdf462088d13 | 1450 | |
markrad | 0:cdf462088d13 | 1451 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1452 | /* |
markrad | 0:cdf462088d13 | 1453 | * Prepend per-record IV for block cipher in TLS v1.1 and up as per |
markrad | 0:cdf462088d13 | 1454 | * Method 1 (6.2.3.2. in RFC4346 and RFC5246) |
markrad | 0:cdf462088d13 | 1455 | */ |
markrad | 0:cdf462088d13 | 1456 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 1457 | { |
markrad | 0:cdf462088d13 | 1458 | /* |
markrad | 0:cdf462088d13 | 1459 | * Generate IV |
markrad | 0:cdf462088d13 | 1460 | */ |
markrad | 0:cdf462088d13 | 1461 | ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc, |
markrad | 0:cdf462088d13 | 1462 | ssl->transform_out->ivlen ); |
markrad | 0:cdf462088d13 | 1463 | if( ret != 0 ) |
markrad | 0:cdf462088d13 | 1464 | return( ret ); |
markrad | 0:cdf462088d13 | 1465 | |
markrad | 0:cdf462088d13 | 1466 | memcpy( ssl->out_iv, ssl->transform_out->iv_enc, |
markrad | 0:cdf462088d13 | 1467 | ssl->transform_out->ivlen ); |
markrad | 0:cdf462088d13 | 1468 | |
markrad | 0:cdf462088d13 | 1469 | /* |
markrad | 0:cdf462088d13 | 1470 | * Fix pointer positions and message length with added IV |
markrad | 0:cdf462088d13 | 1471 | */ |
markrad | 0:cdf462088d13 | 1472 | enc_msg = ssl->out_msg; |
markrad | 0:cdf462088d13 | 1473 | enc_msglen = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 1474 | ssl->out_msglen += ssl->transform_out->ivlen; |
markrad | 0:cdf462088d13 | 1475 | } |
markrad | 0:cdf462088d13 | 1476 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 1477 | |
markrad | 0:cdf462088d13 | 1478 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
markrad | 0:cdf462088d13 | 1479 | "including %d bytes of IV and %d bytes of padding", |
markrad | 0:cdf462088d13 | 1480 | ssl->out_msglen, ssl->transform_out->ivlen, |
markrad | 0:cdf462088d13 | 1481 | padlen + 1 ) ); |
markrad | 0:cdf462088d13 | 1482 | |
markrad | 0:cdf462088d13 | 1483 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, |
markrad | 0:cdf462088d13 | 1484 | ssl->transform_out->iv_enc, |
markrad | 0:cdf462088d13 | 1485 | ssl->transform_out->ivlen, |
markrad | 0:cdf462088d13 | 1486 | enc_msg, enc_msglen, |
markrad | 0:cdf462088d13 | 1487 | enc_msg, &olen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1488 | { |
markrad | 0:cdf462088d13 | 1489 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
markrad | 0:cdf462088d13 | 1490 | return( ret ); |
markrad | 0:cdf462088d13 | 1491 | } |
markrad | 0:cdf462088d13 | 1492 | |
markrad | 0:cdf462088d13 | 1493 | if( enc_msglen != olen ) |
markrad | 0:cdf462088d13 | 1494 | { |
markrad | 0:cdf462088d13 | 1495 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1496 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1497 | } |
markrad | 0:cdf462088d13 | 1498 | |
markrad | 0:cdf462088d13 | 1499 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
markrad | 0:cdf462088d13 | 1500 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 1501 | { |
markrad | 0:cdf462088d13 | 1502 | /* |
markrad | 0:cdf462088d13 | 1503 | * Save IV in SSL3 and TLS1 |
markrad | 0:cdf462088d13 | 1504 | */ |
markrad | 0:cdf462088d13 | 1505 | memcpy( ssl->transform_out->iv_enc, |
markrad | 0:cdf462088d13 | 1506 | ssl->transform_out->cipher_ctx_enc.iv, |
markrad | 0:cdf462088d13 | 1507 | ssl->transform_out->ivlen ); |
markrad | 0:cdf462088d13 | 1508 | } |
markrad | 0:cdf462088d13 | 1509 | #endif |
markrad | 0:cdf462088d13 | 1510 | |
markrad | 0:cdf462088d13 | 1511 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 1512 | if( auth_done == 0 ) |
markrad | 0:cdf462088d13 | 1513 | { |
markrad | 0:cdf462088d13 | 1514 | /* |
markrad | 0:cdf462088d13 | 1515 | * MAC(MAC_write_key, seq_num + |
markrad | 0:cdf462088d13 | 1516 | * TLSCipherText.type + |
markrad | 0:cdf462088d13 | 1517 | * TLSCipherText.version + |
markrad | 0:cdf462088d13 | 1518 | * length_of( (IV +) ENC(...) ) + |
markrad | 0:cdf462088d13 | 1519 | * IV + // except for TLS 1.0 |
markrad | 0:cdf462088d13 | 1520 | * ENC(content + padding + padding_length)); |
markrad | 0:cdf462088d13 | 1521 | */ |
markrad | 0:cdf462088d13 | 1522 | unsigned char pseudo_hdr[13]; |
markrad | 0:cdf462088d13 | 1523 | |
markrad | 0:cdf462088d13 | 1524 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); |
markrad | 0:cdf462088d13 | 1525 | |
markrad | 0:cdf462088d13 | 1526 | memcpy( pseudo_hdr + 0, ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1527 | memcpy( pseudo_hdr + 8, ssl->out_hdr, 3 ); |
markrad | 0:cdf462088d13 | 1528 | pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF ); |
markrad | 0:cdf462088d13 | 1529 | pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen ) & 0xFF ); |
markrad | 0:cdf462088d13 | 1530 | |
markrad | 0:cdf462088d13 | 1531 | MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 ); |
markrad | 0:cdf462088d13 | 1532 | |
markrad | 0:cdf462088d13 | 1533 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 ); |
markrad | 0:cdf462088d13 | 1534 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, |
markrad | 0:cdf462088d13 | 1535 | ssl->out_iv, ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 1536 | mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, |
markrad | 0:cdf462088d13 | 1537 | ssl->out_iv + ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 1538 | mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); |
markrad | 0:cdf462088d13 | 1539 | |
markrad | 0:cdf462088d13 | 1540 | ssl->out_msglen += ssl->transform_out->maclen; |
markrad | 0:cdf462088d13 | 1541 | auth_done++; |
markrad | 0:cdf462088d13 | 1542 | } |
markrad | 0:cdf462088d13 | 1543 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
markrad | 0:cdf462088d13 | 1544 | } |
markrad | 0:cdf462088d13 | 1545 | else |
markrad | 0:cdf462088d13 | 1546 | #endif /* MBEDTLS_CIPHER_MODE_CBC && |
markrad | 0:cdf462088d13 | 1547 | ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ |
markrad | 0:cdf462088d13 | 1548 | { |
markrad | 0:cdf462088d13 | 1549 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1550 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1551 | } |
markrad | 0:cdf462088d13 | 1552 | |
markrad | 0:cdf462088d13 | 1553 | /* Make extra sure authentication was performed, exactly once */ |
markrad | 0:cdf462088d13 | 1554 | if( auth_done != 1 ) |
markrad | 0:cdf462088d13 | 1555 | { |
markrad | 0:cdf462088d13 | 1556 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1557 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1558 | } |
markrad | 0:cdf462088d13 | 1559 | |
markrad | 0:cdf462088d13 | 1560 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) ); |
markrad | 0:cdf462088d13 | 1561 | |
markrad | 0:cdf462088d13 | 1562 | return( 0 ); |
markrad | 0:cdf462088d13 | 1563 | } |
markrad | 0:cdf462088d13 | 1564 | |
markrad | 0:cdf462088d13 | 1565 | #define SSL_MAX_MAC_SIZE 48 |
markrad | 0:cdf462088d13 | 1566 | |
markrad | 0:cdf462088d13 | 1567 | static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 1568 | { |
markrad | 0:cdf462088d13 | 1569 | size_t i; |
markrad | 0:cdf462088d13 | 1570 | mbedtls_cipher_mode_t mode; |
markrad | 0:cdf462088d13 | 1571 | int auth_done = 0; |
markrad | 0:cdf462088d13 | 1572 | #if defined(SSL_SOME_MODES_USE_MAC) |
markrad | 0:cdf462088d13 | 1573 | size_t padlen = 0, correct = 1; |
markrad | 0:cdf462088d13 | 1574 | #endif |
markrad | 0:cdf462088d13 | 1575 | |
markrad | 0:cdf462088d13 | 1576 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) ); |
markrad | 0:cdf462088d13 | 1577 | |
markrad | 0:cdf462088d13 | 1578 | if( ssl->session_in == NULL || ssl->transform_in == NULL ) |
markrad | 0:cdf462088d13 | 1579 | { |
markrad | 0:cdf462088d13 | 1580 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1581 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1582 | } |
markrad | 0:cdf462088d13 | 1583 | |
markrad | 0:cdf462088d13 | 1584 | mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec ); |
markrad | 0:cdf462088d13 | 1585 | |
markrad | 0:cdf462088d13 | 1586 | if( ssl->in_msglen < ssl->transform_in->minlen ) |
markrad | 0:cdf462088d13 | 1587 | { |
markrad | 0:cdf462088d13 | 1588 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)", |
markrad | 0:cdf462088d13 | 1589 | ssl->in_msglen, ssl->transform_in->minlen ) ); |
markrad | 0:cdf462088d13 | 1590 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 1591 | } |
markrad | 0:cdf462088d13 | 1592 | |
markrad | 0:cdf462088d13 | 1593 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) |
markrad | 0:cdf462088d13 | 1594 | if( mode == MBEDTLS_MODE_STREAM ) |
markrad | 0:cdf462088d13 | 1595 | { |
markrad | 0:cdf462088d13 | 1596 | int ret; |
markrad | 0:cdf462088d13 | 1597 | size_t olen = 0; |
markrad | 0:cdf462088d13 | 1598 | |
markrad | 0:cdf462088d13 | 1599 | padlen = 0; |
markrad | 0:cdf462088d13 | 1600 | |
markrad | 0:cdf462088d13 | 1601 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, |
markrad | 0:cdf462088d13 | 1602 | ssl->transform_in->iv_dec, |
markrad | 0:cdf462088d13 | 1603 | ssl->transform_in->ivlen, |
markrad | 0:cdf462088d13 | 1604 | ssl->in_msg, ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1605 | ssl->in_msg, &olen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1606 | { |
markrad | 0:cdf462088d13 | 1607 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
markrad | 0:cdf462088d13 | 1608 | return( ret ); |
markrad | 0:cdf462088d13 | 1609 | } |
markrad | 0:cdf462088d13 | 1610 | |
markrad | 0:cdf462088d13 | 1611 | if( ssl->in_msglen != olen ) |
markrad | 0:cdf462088d13 | 1612 | { |
markrad | 0:cdf462088d13 | 1613 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1614 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1615 | } |
markrad | 0:cdf462088d13 | 1616 | } |
markrad | 0:cdf462088d13 | 1617 | else |
markrad | 0:cdf462088d13 | 1618 | #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ |
markrad | 0:cdf462088d13 | 1619 | #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) |
markrad | 0:cdf462088d13 | 1620 | if( mode == MBEDTLS_MODE_GCM || |
markrad | 0:cdf462088d13 | 1621 | mode == MBEDTLS_MODE_CCM ) |
markrad | 0:cdf462088d13 | 1622 | { |
markrad | 0:cdf462088d13 | 1623 | int ret; |
markrad | 0:cdf462088d13 | 1624 | size_t dec_msglen, olen; |
markrad | 0:cdf462088d13 | 1625 | unsigned char *dec_msg; |
markrad | 0:cdf462088d13 | 1626 | unsigned char *dec_msg_result; |
markrad | 0:cdf462088d13 | 1627 | unsigned char add_data[13]; |
markrad | 0:cdf462088d13 | 1628 | unsigned char taglen = ssl->transform_in->ciphersuite_info->flags & |
markrad | 0:cdf462088d13 | 1629 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; |
markrad | 0:cdf462088d13 | 1630 | size_t explicit_iv_len = ssl->transform_in->ivlen - |
markrad | 0:cdf462088d13 | 1631 | ssl->transform_in->fixed_ivlen; |
markrad | 0:cdf462088d13 | 1632 | |
markrad | 0:cdf462088d13 | 1633 | if( ssl->in_msglen < explicit_iv_len + taglen ) |
markrad | 0:cdf462088d13 | 1634 | { |
markrad | 0:cdf462088d13 | 1635 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) " |
markrad | 0:cdf462088d13 | 1636 | "+ taglen (%d)", ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1637 | explicit_iv_len, taglen ) ); |
markrad | 0:cdf462088d13 | 1638 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 1639 | } |
markrad | 0:cdf462088d13 | 1640 | dec_msglen = ssl->in_msglen - explicit_iv_len - taglen; |
markrad | 0:cdf462088d13 | 1641 | |
markrad | 0:cdf462088d13 | 1642 | dec_msg = ssl->in_msg; |
markrad | 0:cdf462088d13 | 1643 | dec_msg_result = ssl->in_msg; |
markrad | 0:cdf462088d13 | 1644 | ssl->in_msglen = dec_msglen; |
markrad | 0:cdf462088d13 | 1645 | |
markrad | 0:cdf462088d13 | 1646 | memcpy( add_data, ssl->in_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1647 | add_data[8] = ssl->in_msgtype; |
markrad | 0:cdf462088d13 | 1648 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
markrad | 0:cdf462088d13 | 1649 | ssl->conf->transport, add_data + 9 ); |
markrad | 0:cdf462088d13 | 1650 | add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF; |
markrad | 0:cdf462088d13 | 1651 | add_data[12] = ssl->in_msglen & 0xFF; |
markrad | 0:cdf462088d13 | 1652 | |
markrad | 0:cdf462088d13 | 1653 | MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", |
markrad | 0:cdf462088d13 | 1654 | add_data, 13 ); |
markrad | 0:cdf462088d13 | 1655 | |
markrad | 0:cdf462088d13 | 1656 | memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen, |
markrad | 0:cdf462088d13 | 1657 | ssl->in_iv, |
markrad | 0:cdf462088d13 | 1658 | ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen ); |
markrad | 0:cdf462088d13 | 1659 | |
markrad | 0:cdf462088d13 | 1660 | MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec, |
markrad | 0:cdf462088d13 | 1661 | ssl->transform_in->ivlen ); |
markrad | 0:cdf462088d13 | 1662 | MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen ); |
markrad | 0:cdf462088d13 | 1663 | |
markrad | 0:cdf462088d13 | 1664 | /* |
markrad | 0:cdf462088d13 | 1665 | * Decrypt and authenticate |
markrad | 0:cdf462088d13 | 1666 | */ |
markrad | 0:cdf462088d13 | 1667 | if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec, |
markrad | 0:cdf462088d13 | 1668 | ssl->transform_in->iv_dec, |
markrad | 0:cdf462088d13 | 1669 | ssl->transform_in->ivlen, |
markrad | 0:cdf462088d13 | 1670 | add_data, 13, |
markrad | 0:cdf462088d13 | 1671 | dec_msg, dec_msglen, |
markrad | 0:cdf462088d13 | 1672 | dec_msg_result, &olen, |
markrad | 0:cdf462088d13 | 1673 | dec_msg + dec_msglen, taglen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1674 | { |
markrad | 0:cdf462088d13 | 1675 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret ); |
markrad | 0:cdf462088d13 | 1676 | |
markrad | 0:cdf462088d13 | 1677 | if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ) |
markrad | 0:cdf462088d13 | 1678 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 1679 | |
markrad | 0:cdf462088d13 | 1680 | return( ret ); |
markrad | 0:cdf462088d13 | 1681 | } |
markrad | 0:cdf462088d13 | 1682 | auth_done++; |
markrad | 0:cdf462088d13 | 1683 | |
markrad | 0:cdf462088d13 | 1684 | if( olen != dec_msglen ) |
markrad | 0:cdf462088d13 | 1685 | { |
markrad | 0:cdf462088d13 | 1686 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1687 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1688 | } |
markrad | 0:cdf462088d13 | 1689 | } |
markrad | 0:cdf462088d13 | 1690 | else |
markrad | 0:cdf462088d13 | 1691 | #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ |
markrad | 0:cdf462088d13 | 1692 | #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
markrad | 0:cdf462088d13 | 1693 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) |
markrad | 0:cdf462088d13 | 1694 | if( mode == MBEDTLS_MODE_CBC ) |
markrad | 0:cdf462088d13 | 1695 | { |
markrad | 0:cdf462088d13 | 1696 | /* |
markrad | 0:cdf462088d13 | 1697 | * Decrypt and check the padding |
markrad | 0:cdf462088d13 | 1698 | */ |
markrad | 0:cdf462088d13 | 1699 | int ret; |
markrad | 0:cdf462088d13 | 1700 | unsigned char *dec_msg; |
markrad | 0:cdf462088d13 | 1701 | unsigned char *dec_msg_result; |
markrad | 0:cdf462088d13 | 1702 | size_t dec_msglen; |
markrad | 0:cdf462088d13 | 1703 | size_t minlen = 0; |
markrad | 0:cdf462088d13 | 1704 | size_t olen = 0; |
markrad | 0:cdf462088d13 | 1705 | |
markrad | 0:cdf462088d13 | 1706 | /* |
markrad | 0:cdf462088d13 | 1707 | * Check immediate ciphertext sanity |
markrad | 0:cdf462088d13 | 1708 | */ |
markrad | 0:cdf462088d13 | 1709 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1710 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 1711 | minlen += ssl->transform_in->ivlen; |
markrad | 0:cdf462088d13 | 1712 | #endif |
markrad | 0:cdf462088d13 | 1713 | |
markrad | 0:cdf462088d13 | 1714 | if( ssl->in_msglen < minlen + ssl->transform_in->ivlen || |
markrad | 0:cdf462088d13 | 1715 | ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 ) |
markrad | 0:cdf462088d13 | 1716 | { |
markrad | 0:cdf462088d13 | 1717 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) " |
markrad | 0:cdf462088d13 | 1718 | "+ 1 ) ( + expl IV )", ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1719 | ssl->transform_in->ivlen, |
markrad | 0:cdf462088d13 | 1720 | ssl->transform_in->maclen ) ); |
markrad | 0:cdf462088d13 | 1721 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 1722 | } |
markrad | 0:cdf462088d13 | 1723 | |
markrad | 0:cdf462088d13 | 1724 | dec_msglen = ssl->in_msglen; |
markrad | 0:cdf462088d13 | 1725 | dec_msg = ssl->in_msg; |
markrad | 0:cdf462088d13 | 1726 | dec_msg_result = ssl->in_msg; |
markrad | 0:cdf462088d13 | 1727 | |
markrad | 0:cdf462088d13 | 1728 | /* |
markrad | 0:cdf462088d13 | 1729 | * Authenticate before decrypt if enabled |
markrad | 0:cdf462088d13 | 1730 | */ |
markrad | 0:cdf462088d13 | 1731 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 1732 | if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) |
markrad | 0:cdf462088d13 | 1733 | { |
markrad | 0:cdf462088d13 | 1734 | unsigned char computed_mac[SSL_MAX_MAC_SIZE]; |
markrad | 0:cdf462088d13 | 1735 | unsigned char pseudo_hdr[13]; |
markrad | 0:cdf462088d13 | 1736 | |
markrad | 0:cdf462088d13 | 1737 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); |
markrad | 0:cdf462088d13 | 1738 | |
markrad | 0:cdf462088d13 | 1739 | dec_msglen -= ssl->transform_in->maclen; |
markrad | 0:cdf462088d13 | 1740 | ssl->in_msglen -= ssl->transform_in->maclen; |
markrad | 0:cdf462088d13 | 1741 | |
markrad | 0:cdf462088d13 | 1742 | memcpy( pseudo_hdr + 0, ssl->in_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1743 | memcpy( pseudo_hdr + 8, ssl->in_hdr, 3 ); |
markrad | 0:cdf462088d13 | 1744 | pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF ); |
markrad | 0:cdf462088d13 | 1745 | pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen ) & 0xFF ); |
markrad | 0:cdf462088d13 | 1746 | |
markrad | 0:cdf462088d13 | 1747 | MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 ); |
markrad | 0:cdf462088d13 | 1748 | |
markrad | 0:cdf462088d13 | 1749 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 ); |
markrad | 0:cdf462088d13 | 1750 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, |
markrad | 0:cdf462088d13 | 1751 | ssl->in_iv, ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 1752 | mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, computed_mac ); |
markrad | 0:cdf462088d13 | 1753 | mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); |
markrad | 0:cdf462088d13 | 1754 | |
markrad | 0:cdf462088d13 | 1755 | MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1756 | ssl->transform_in->maclen ); |
markrad | 0:cdf462088d13 | 1757 | MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", computed_mac, |
markrad | 0:cdf462088d13 | 1758 | ssl->transform_in->maclen ); |
markrad | 0:cdf462088d13 | 1759 | |
markrad | 0:cdf462088d13 | 1760 | if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, computed_mac, |
markrad | 0:cdf462088d13 | 1761 | ssl->transform_in->maclen ) != 0 ) |
markrad | 0:cdf462088d13 | 1762 | { |
markrad | 0:cdf462088d13 | 1763 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); |
markrad | 0:cdf462088d13 | 1764 | |
markrad | 0:cdf462088d13 | 1765 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 1766 | } |
markrad | 0:cdf462088d13 | 1767 | auth_done++; |
markrad | 0:cdf462088d13 | 1768 | } |
markrad | 0:cdf462088d13 | 1769 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
markrad | 0:cdf462088d13 | 1770 | |
markrad | 0:cdf462088d13 | 1771 | /* |
markrad | 0:cdf462088d13 | 1772 | * Check length sanity |
markrad | 0:cdf462088d13 | 1773 | */ |
markrad | 0:cdf462088d13 | 1774 | if( ssl->in_msglen % ssl->transform_in->ivlen != 0 ) |
markrad | 0:cdf462088d13 | 1775 | { |
markrad | 0:cdf462088d13 | 1776 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0", |
markrad | 0:cdf462088d13 | 1777 | ssl->in_msglen, ssl->transform_in->ivlen ) ); |
markrad | 0:cdf462088d13 | 1778 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 1779 | } |
markrad | 0:cdf462088d13 | 1780 | |
markrad | 0:cdf462088d13 | 1781 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1782 | /* |
markrad | 0:cdf462088d13 | 1783 | * Initialize for prepended IV for block cipher in TLS v1.1 and up |
markrad | 0:cdf462088d13 | 1784 | */ |
markrad | 0:cdf462088d13 | 1785 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 1786 | { |
markrad | 0:cdf462088d13 | 1787 | dec_msglen -= ssl->transform_in->ivlen; |
markrad | 0:cdf462088d13 | 1788 | ssl->in_msglen -= ssl->transform_in->ivlen; |
markrad | 0:cdf462088d13 | 1789 | |
markrad | 0:cdf462088d13 | 1790 | for( i = 0; i < ssl->transform_in->ivlen; i++ ) |
markrad | 0:cdf462088d13 | 1791 | ssl->transform_in->iv_dec[i] = ssl->in_iv[i]; |
markrad | 0:cdf462088d13 | 1792 | } |
markrad | 0:cdf462088d13 | 1793 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 1794 | |
markrad | 0:cdf462088d13 | 1795 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, |
markrad | 0:cdf462088d13 | 1796 | ssl->transform_in->iv_dec, |
markrad | 0:cdf462088d13 | 1797 | ssl->transform_in->ivlen, |
markrad | 0:cdf462088d13 | 1798 | dec_msg, dec_msglen, |
markrad | 0:cdf462088d13 | 1799 | dec_msg_result, &olen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1800 | { |
markrad | 0:cdf462088d13 | 1801 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
markrad | 0:cdf462088d13 | 1802 | return( ret ); |
markrad | 0:cdf462088d13 | 1803 | } |
markrad | 0:cdf462088d13 | 1804 | |
markrad | 0:cdf462088d13 | 1805 | if( dec_msglen != olen ) |
markrad | 0:cdf462088d13 | 1806 | { |
markrad | 0:cdf462088d13 | 1807 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1808 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1809 | } |
markrad | 0:cdf462088d13 | 1810 | |
markrad | 0:cdf462088d13 | 1811 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
markrad | 0:cdf462088d13 | 1812 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 1813 | { |
markrad | 0:cdf462088d13 | 1814 | /* |
markrad | 0:cdf462088d13 | 1815 | * Save IV in SSL3 and TLS1 |
markrad | 0:cdf462088d13 | 1816 | */ |
markrad | 0:cdf462088d13 | 1817 | memcpy( ssl->transform_in->iv_dec, |
markrad | 0:cdf462088d13 | 1818 | ssl->transform_in->cipher_ctx_dec.iv, |
markrad | 0:cdf462088d13 | 1819 | ssl->transform_in->ivlen ); |
markrad | 0:cdf462088d13 | 1820 | } |
markrad | 0:cdf462088d13 | 1821 | #endif |
markrad | 0:cdf462088d13 | 1822 | |
markrad | 0:cdf462088d13 | 1823 | padlen = 1 + ssl->in_msg[ssl->in_msglen - 1]; |
markrad | 0:cdf462088d13 | 1824 | |
markrad | 0:cdf462088d13 | 1825 | if( ssl->in_msglen < ssl->transform_in->maclen + padlen && |
markrad | 0:cdf462088d13 | 1826 | auth_done == 0 ) |
markrad | 0:cdf462088d13 | 1827 | { |
markrad | 0:cdf462088d13 | 1828 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
markrad | 0:cdf462088d13 | 1829 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)", |
markrad | 0:cdf462088d13 | 1830 | ssl->in_msglen, ssl->transform_in->maclen, padlen ) ); |
markrad | 0:cdf462088d13 | 1831 | #endif |
markrad | 0:cdf462088d13 | 1832 | padlen = 0; |
markrad | 0:cdf462088d13 | 1833 | correct = 0; |
markrad | 0:cdf462088d13 | 1834 | } |
markrad | 0:cdf462088d13 | 1835 | |
markrad | 0:cdf462088d13 | 1836 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 1837 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 1838 | { |
markrad | 0:cdf462088d13 | 1839 | if( padlen > ssl->transform_in->ivlen ) |
markrad | 0:cdf462088d13 | 1840 | { |
markrad | 0:cdf462088d13 | 1841 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
markrad | 0:cdf462088d13 | 1842 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, " |
markrad | 0:cdf462088d13 | 1843 | "should be no more than %d", |
markrad | 0:cdf462088d13 | 1844 | padlen, ssl->transform_in->ivlen ) ); |
markrad | 0:cdf462088d13 | 1845 | #endif |
markrad | 0:cdf462088d13 | 1846 | correct = 0; |
markrad | 0:cdf462088d13 | 1847 | } |
markrad | 0:cdf462088d13 | 1848 | } |
markrad | 0:cdf462088d13 | 1849 | else |
markrad | 0:cdf462088d13 | 1850 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 1851 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 1852 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1853 | if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 1854 | { |
markrad | 0:cdf462088d13 | 1855 | /* |
markrad | 0:cdf462088d13 | 1856 | * TLSv1+: always check the padding up to the first failure |
markrad | 0:cdf462088d13 | 1857 | * and fake check up to 256 bytes of padding |
markrad | 0:cdf462088d13 | 1858 | */ |
markrad | 0:cdf462088d13 | 1859 | size_t pad_count = 0, real_count = 1; |
markrad | 0:cdf462088d13 | 1860 | size_t padding_idx = ssl->in_msglen - padlen - 1; |
markrad | 0:cdf462088d13 | 1861 | |
markrad | 0:cdf462088d13 | 1862 | /* |
markrad | 0:cdf462088d13 | 1863 | * Padding is guaranteed to be incorrect if: |
markrad | 0:cdf462088d13 | 1864 | * 1. padlen >= ssl->in_msglen |
markrad | 0:cdf462088d13 | 1865 | * |
markrad | 0:cdf462088d13 | 1866 | * 2. padding_idx >= MBEDTLS_SSL_MAX_CONTENT_LEN + |
markrad | 0:cdf462088d13 | 1867 | * ssl->transform_in->maclen |
markrad | 0:cdf462088d13 | 1868 | * |
markrad | 0:cdf462088d13 | 1869 | * In both cases we reset padding_idx to a safe value (0) to |
markrad | 0:cdf462088d13 | 1870 | * prevent out-of-buffer reads. |
markrad | 0:cdf462088d13 | 1871 | */ |
markrad | 0:cdf462088d13 | 1872 | correct &= ( ssl->in_msglen >= padlen + 1 ); |
markrad | 0:cdf462088d13 | 1873 | correct &= ( padding_idx < MBEDTLS_SSL_MAX_CONTENT_LEN + |
markrad | 0:cdf462088d13 | 1874 | ssl->transform_in->maclen ); |
markrad | 0:cdf462088d13 | 1875 | |
markrad | 0:cdf462088d13 | 1876 | padding_idx *= correct; |
markrad | 0:cdf462088d13 | 1877 | |
markrad | 0:cdf462088d13 | 1878 | for( i = 1; i <= 256; i++ ) |
markrad | 0:cdf462088d13 | 1879 | { |
markrad | 0:cdf462088d13 | 1880 | real_count &= ( i <= padlen ); |
markrad | 0:cdf462088d13 | 1881 | pad_count += real_count * |
markrad | 0:cdf462088d13 | 1882 | ( ssl->in_msg[padding_idx + i] == padlen - 1 ); |
markrad | 0:cdf462088d13 | 1883 | } |
markrad | 0:cdf462088d13 | 1884 | |
markrad | 0:cdf462088d13 | 1885 | correct &= ( pad_count == padlen ); /* Only 1 on correct padding */ |
markrad | 0:cdf462088d13 | 1886 | |
markrad | 0:cdf462088d13 | 1887 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
markrad | 0:cdf462088d13 | 1888 | if( padlen > 0 && correct == 0 ) |
markrad | 0:cdf462088d13 | 1889 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) ); |
markrad | 0:cdf462088d13 | 1890 | #endif |
markrad | 0:cdf462088d13 | 1891 | padlen &= correct * 0x1FF; |
markrad | 0:cdf462088d13 | 1892 | } |
markrad | 0:cdf462088d13 | 1893 | else |
markrad | 0:cdf462088d13 | 1894 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
markrad | 0:cdf462088d13 | 1895 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 1896 | { |
markrad | 0:cdf462088d13 | 1897 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1898 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1899 | } |
markrad | 0:cdf462088d13 | 1900 | |
markrad | 0:cdf462088d13 | 1901 | ssl->in_msglen -= padlen; |
markrad | 0:cdf462088d13 | 1902 | } |
markrad | 0:cdf462088d13 | 1903 | else |
markrad | 0:cdf462088d13 | 1904 | #endif /* MBEDTLS_CIPHER_MODE_CBC && |
markrad | 0:cdf462088d13 | 1905 | ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ |
markrad | 0:cdf462088d13 | 1906 | { |
markrad | 0:cdf462088d13 | 1907 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1908 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1909 | } |
markrad | 0:cdf462088d13 | 1910 | |
markrad | 0:cdf462088d13 | 1911 | MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption", |
markrad | 0:cdf462088d13 | 1912 | ssl->in_msg, ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 1913 | |
markrad | 0:cdf462088d13 | 1914 | /* |
markrad | 0:cdf462088d13 | 1915 | * Authenticate if not done yet. |
markrad | 0:cdf462088d13 | 1916 | * Compute the MAC regardless of the padding result (RFC4346, CBCTIME). |
markrad | 0:cdf462088d13 | 1917 | */ |
markrad | 0:cdf462088d13 | 1918 | #if defined(SSL_SOME_MODES_USE_MAC) |
markrad | 0:cdf462088d13 | 1919 | if( auth_done == 0 ) |
markrad | 0:cdf462088d13 | 1920 | { |
markrad | 0:cdf462088d13 | 1921 | unsigned char tmp[SSL_MAX_MAC_SIZE]; |
markrad | 0:cdf462088d13 | 1922 | |
markrad | 0:cdf462088d13 | 1923 | ssl->in_msglen -= ssl->transform_in->maclen; |
markrad | 0:cdf462088d13 | 1924 | |
markrad | 0:cdf462088d13 | 1925 | ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 ); |
markrad | 0:cdf462088d13 | 1926 | ssl->in_len[1] = (unsigned char)( ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 1927 | |
markrad | 0:cdf462088d13 | 1928 | memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen ); |
markrad | 0:cdf462088d13 | 1929 | |
markrad | 0:cdf462088d13 | 1930 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 1931 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 1932 | { |
markrad | 0:cdf462088d13 | 1933 | ssl_mac( &ssl->transform_in->md_ctx_dec, |
markrad | 0:cdf462088d13 | 1934 | ssl->transform_in->mac_dec, |
markrad | 0:cdf462088d13 | 1935 | ssl->in_msg, ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1936 | ssl->in_ctr, ssl->in_msgtype ); |
markrad | 0:cdf462088d13 | 1937 | } |
markrad | 0:cdf462088d13 | 1938 | else |
markrad | 0:cdf462088d13 | 1939 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 1940 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 1941 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1942 | if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 1943 | { |
markrad | 0:cdf462088d13 | 1944 | /* |
markrad | 0:cdf462088d13 | 1945 | * Process MAC and always update for padlen afterwards to make |
markrad | 0:cdf462088d13 | 1946 | * total time independent of padlen |
markrad | 0:cdf462088d13 | 1947 | * |
markrad | 0:cdf462088d13 | 1948 | * extra_run compensates MAC check for padlen |
markrad | 0:cdf462088d13 | 1949 | * |
markrad | 0:cdf462088d13 | 1950 | * Known timing attacks: |
markrad | 0:cdf462088d13 | 1951 | * - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf) |
markrad | 0:cdf462088d13 | 1952 | * |
markrad | 0:cdf462088d13 | 1953 | * We use ( ( Lx + 8 ) / 64 ) to handle 'negative Lx' values |
markrad | 0:cdf462088d13 | 1954 | * correctly. (We round down instead of up, so -56 is the correct |
markrad | 0:cdf462088d13 | 1955 | * value for our calculations instead of -55) |
markrad | 0:cdf462088d13 | 1956 | */ |
markrad | 0:cdf462088d13 | 1957 | size_t j, extra_run = 0; |
markrad | 0:cdf462088d13 | 1958 | extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 - |
markrad | 0:cdf462088d13 | 1959 | ( 13 + ssl->in_msglen + 8 ) / 64; |
markrad | 0:cdf462088d13 | 1960 | |
markrad | 0:cdf462088d13 | 1961 | extra_run &= correct * 0xFF; |
markrad | 0:cdf462088d13 | 1962 | |
markrad | 0:cdf462088d13 | 1963 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1964 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 ); |
markrad | 0:cdf462088d13 | 1965 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 ); |
markrad | 0:cdf462088d13 | 1966 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, |
markrad | 0:cdf462088d13 | 1967 | ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 1968 | mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, |
markrad | 0:cdf462088d13 | 1969 | ssl->in_msg + ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 1970 | /* Call mbedtls_md_process at least once due to cache attacks */ |
markrad | 0:cdf462088d13 | 1971 | for( j = 0; j < extra_run + 1; j++ ) |
markrad | 0:cdf462088d13 | 1972 | mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); |
markrad | 0:cdf462088d13 | 1973 | |
markrad | 0:cdf462088d13 | 1974 | mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); |
markrad | 0:cdf462088d13 | 1975 | } |
markrad | 0:cdf462088d13 | 1976 | else |
markrad | 0:cdf462088d13 | 1977 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
markrad | 0:cdf462088d13 | 1978 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 1979 | { |
markrad | 0:cdf462088d13 | 1980 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1981 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1982 | } |
markrad | 0:cdf462088d13 | 1983 | |
markrad | 0:cdf462088d13 | 1984 | MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen ); |
markrad | 0:cdf462088d13 | 1985 | MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1986 | ssl->transform_in->maclen ); |
markrad | 0:cdf462088d13 | 1987 | |
markrad | 0:cdf462088d13 | 1988 | if( mbedtls_ssl_safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1989 | ssl->transform_in->maclen ) != 0 ) |
markrad | 0:cdf462088d13 | 1990 | { |
markrad | 0:cdf462088d13 | 1991 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
markrad | 0:cdf462088d13 | 1992 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); |
markrad | 0:cdf462088d13 | 1993 | #endif |
markrad | 0:cdf462088d13 | 1994 | correct = 0; |
markrad | 0:cdf462088d13 | 1995 | } |
markrad | 0:cdf462088d13 | 1996 | auth_done++; |
markrad | 0:cdf462088d13 | 1997 | |
markrad | 0:cdf462088d13 | 1998 | /* |
markrad | 0:cdf462088d13 | 1999 | * Finally check the correct flag |
markrad | 0:cdf462088d13 | 2000 | */ |
markrad | 0:cdf462088d13 | 2001 | if( correct == 0 ) |
markrad | 0:cdf462088d13 | 2002 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 2003 | } |
markrad | 0:cdf462088d13 | 2004 | #endif /* SSL_SOME_MODES_USE_MAC */ |
markrad | 0:cdf462088d13 | 2005 | |
markrad | 0:cdf462088d13 | 2006 | /* Make extra sure authentication was performed, exactly once */ |
markrad | 0:cdf462088d13 | 2007 | if( auth_done != 1 ) |
markrad | 0:cdf462088d13 | 2008 | { |
markrad | 0:cdf462088d13 | 2009 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 2010 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 2011 | } |
markrad | 0:cdf462088d13 | 2012 | |
markrad | 0:cdf462088d13 | 2013 | if( ssl->in_msglen == 0 ) |
markrad | 0:cdf462088d13 | 2014 | { |
markrad | 0:cdf462088d13 | 2015 | ssl->nb_zero++; |
markrad | 0:cdf462088d13 | 2016 | |
markrad | 0:cdf462088d13 | 2017 | /* |
markrad | 0:cdf462088d13 | 2018 | * Three or more empty messages may be a DoS attack |
markrad | 0:cdf462088d13 | 2019 | * (excessive CPU consumption). |
markrad | 0:cdf462088d13 | 2020 | */ |
markrad | 0:cdf462088d13 | 2021 | if( ssl->nb_zero > 3 ) |
markrad | 0:cdf462088d13 | 2022 | { |
markrad | 0:cdf462088d13 | 2023 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty " |
markrad | 0:cdf462088d13 | 2024 | "messages, possible DoS attack" ) ); |
markrad | 0:cdf462088d13 | 2025 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 2026 | } |
markrad | 0:cdf462088d13 | 2027 | } |
markrad | 0:cdf462088d13 | 2028 | else |
markrad | 0:cdf462088d13 | 2029 | ssl->nb_zero = 0; |
markrad | 0:cdf462088d13 | 2030 | |
markrad | 0:cdf462088d13 | 2031 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2032 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 2033 | { |
markrad | 0:cdf462088d13 | 2034 | ; /* in_ctr read from peer, not maintained internally */ |
markrad | 0:cdf462088d13 | 2035 | } |
markrad | 0:cdf462088d13 | 2036 | else |
markrad | 0:cdf462088d13 | 2037 | #endif |
markrad | 0:cdf462088d13 | 2038 | { |
markrad | 0:cdf462088d13 | 2039 | for( i = 8; i > ssl_ep_len( ssl ); i-- ) |
markrad | 0:cdf462088d13 | 2040 | if( ++ssl->in_ctr[i - 1] != 0 ) |
markrad | 0:cdf462088d13 | 2041 | break; |
markrad | 0:cdf462088d13 | 2042 | |
markrad | 0:cdf462088d13 | 2043 | /* The loop goes to its end iff the counter is wrapping */ |
markrad | 0:cdf462088d13 | 2044 | if( i == ssl_ep_len( ssl ) ) |
markrad | 0:cdf462088d13 | 2045 | { |
markrad | 0:cdf462088d13 | 2046 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) ); |
markrad | 0:cdf462088d13 | 2047 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
markrad | 0:cdf462088d13 | 2048 | } |
markrad | 0:cdf462088d13 | 2049 | } |
markrad | 0:cdf462088d13 | 2050 | |
markrad | 0:cdf462088d13 | 2051 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) ); |
markrad | 0:cdf462088d13 | 2052 | |
markrad | 0:cdf462088d13 | 2053 | return( 0 ); |
markrad | 0:cdf462088d13 | 2054 | } |
markrad | 0:cdf462088d13 | 2055 | |
markrad | 0:cdf462088d13 | 2056 | #undef MAC_NONE |
markrad | 0:cdf462088d13 | 2057 | #undef MAC_PLAINTEXT |
markrad | 0:cdf462088d13 | 2058 | #undef MAC_CIPHERTEXT |
markrad | 0:cdf462088d13 | 2059 | |
markrad | 0:cdf462088d13 | 2060 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 2061 | /* |
markrad | 0:cdf462088d13 | 2062 | * Compression/decompression functions |
markrad | 0:cdf462088d13 | 2063 | */ |
markrad | 0:cdf462088d13 | 2064 | static int ssl_compress_buf( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2065 | { |
markrad | 0:cdf462088d13 | 2066 | int ret; |
markrad | 0:cdf462088d13 | 2067 | unsigned char *msg_post = ssl->out_msg; |
markrad | 0:cdf462088d13 | 2068 | size_t len_pre = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 2069 | unsigned char *msg_pre = ssl->compress_buf; |
markrad | 0:cdf462088d13 | 2070 | |
markrad | 0:cdf462088d13 | 2071 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> compress buf" ) ); |
markrad | 0:cdf462088d13 | 2072 | |
markrad | 0:cdf462088d13 | 2073 | if( len_pre == 0 ) |
markrad | 0:cdf462088d13 | 2074 | return( 0 ); |
markrad | 0:cdf462088d13 | 2075 | |
markrad | 0:cdf462088d13 | 2076 | memcpy( msg_pre, ssl->out_msg, len_pre ); |
markrad | 0:cdf462088d13 | 2077 | |
markrad | 0:cdf462088d13 | 2078 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ", |
markrad | 0:cdf462088d13 | 2079 | ssl->out_msglen ) ); |
markrad | 0:cdf462088d13 | 2080 | |
markrad | 0:cdf462088d13 | 2081 | MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload", |
markrad | 0:cdf462088d13 | 2082 | ssl->out_msg, ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 2083 | |
markrad | 0:cdf462088d13 | 2084 | ssl->transform_out->ctx_deflate.next_in = msg_pre; |
markrad | 0:cdf462088d13 | 2085 | ssl->transform_out->ctx_deflate.avail_in = len_pre; |
markrad | 0:cdf462088d13 | 2086 | ssl->transform_out->ctx_deflate.next_out = msg_post; |
markrad | 0:cdf462088d13 | 2087 | ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN; |
markrad | 0:cdf462088d13 | 2088 | |
markrad | 0:cdf462088d13 | 2089 | ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH ); |
markrad | 0:cdf462088d13 | 2090 | if( ret != Z_OK ) |
markrad | 0:cdf462088d13 | 2091 | { |
markrad | 0:cdf462088d13 | 2092 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) ); |
markrad | 0:cdf462088d13 | 2093 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
markrad | 0:cdf462088d13 | 2094 | } |
markrad | 0:cdf462088d13 | 2095 | |
markrad | 0:cdf462088d13 | 2096 | ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN - |
markrad | 0:cdf462088d13 | 2097 | ssl->transform_out->ctx_deflate.avail_out; |
markrad | 0:cdf462088d13 | 2098 | |
markrad | 0:cdf462088d13 | 2099 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ", |
markrad | 0:cdf462088d13 | 2100 | ssl->out_msglen ) ); |
markrad | 0:cdf462088d13 | 2101 | |
markrad | 0:cdf462088d13 | 2102 | MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload", |
markrad | 0:cdf462088d13 | 2103 | ssl->out_msg, ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 2104 | |
markrad | 0:cdf462088d13 | 2105 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= compress buf" ) ); |
markrad | 0:cdf462088d13 | 2106 | |
markrad | 0:cdf462088d13 | 2107 | return( 0 ); |
markrad | 0:cdf462088d13 | 2108 | } |
markrad | 0:cdf462088d13 | 2109 | |
markrad | 0:cdf462088d13 | 2110 | static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2111 | { |
markrad | 0:cdf462088d13 | 2112 | int ret; |
markrad | 0:cdf462088d13 | 2113 | unsigned char *msg_post = ssl->in_msg; |
markrad | 0:cdf462088d13 | 2114 | size_t len_pre = ssl->in_msglen; |
markrad | 0:cdf462088d13 | 2115 | unsigned char *msg_pre = ssl->compress_buf; |
markrad | 0:cdf462088d13 | 2116 | |
markrad | 0:cdf462088d13 | 2117 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) ); |
markrad | 0:cdf462088d13 | 2118 | |
markrad | 0:cdf462088d13 | 2119 | if( len_pre == 0 ) |
markrad | 0:cdf462088d13 | 2120 | return( 0 ); |
markrad | 0:cdf462088d13 | 2121 | |
markrad | 0:cdf462088d13 | 2122 | memcpy( msg_pre, ssl->in_msg, len_pre ); |
markrad | 0:cdf462088d13 | 2123 | |
markrad | 0:cdf462088d13 | 2124 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ", |
markrad | 0:cdf462088d13 | 2125 | ssl->in_msglen ) ); |
markrad | 0:cdf462088d13 | 2126 | |
markrad | 0:cdf462088d13 | 2127 | MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload", |
markrad | 0:cdf462088d13 | 2128 | ssl->in_msg, ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 2129 | |
markrad | 0:cdf462088d13 | 2130 | ssl->transform_in->ctx_inflate.next_in = msg_pre; |
markrad | 0:cdf462088d13 | 2131 | ssl->transform_in->ctx_inflate.avail_in = len_pre; |
markrad | 0:cdf462088d13 | 2132 | ssl->transform_in->ctx_inflate.next_out = msg_post; |
markrad | 0:cdf462088d13 | 2133 | ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_MAX_CONTENT_LEN; |
markrad | 0:cdf462088d13 | 2134 | |
markrad | 0:cdf462088d13 | 2135 | ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); |
markrad | 0:cdf462088d13 | 2136 | if( ret != Z_OK ) |
markrad | 0:cdf462088d13 | 2137 | { |
markrad | 0:cdf462088d13 | 2138 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) ); |
markrad | 0:cdf462088d13 | 2139 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
markrad | 0:cdf462088d13 | 2140 | } |
markrad | 0:cdf462088d13 | 2141 | |
markrad | 0:cdf462088d13 | 2142 | ssl->in_msglen = MBEDTLS_SSL_MAX_CONTENT_LEN - |
markrad | 0:cdf462088d13 | 2143 | ssl->transform_in->ctx_inflate.avail_out; |
markrad | 0:cdf462088d13 | 2144 | |
markrad | 0:cdf462088d13 | 2145 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", |
markrad | 0:cdf462088d13 | 2146 | ssl->in_msglen ) ); |
markrad | 0:cdf462088d13 | 2147 | |
markrad | 0:cdf462088d13 | 2148 | MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload", |
markrad | 0:cdf462088d13 | 2149 | ssl->in_msg, ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 2150 | |
markrad | 0:cdf462088d13 | 2151 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) ); |
markrad | 0:cdf462088d13 | 2152 | |
markrad | 0:cdf462088d13 | 2153 | return( 0 ); |
markrad | 0:cdf462088d13 | 2154 | } |
markrad | 0:cdf462088d13 | 2155 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
markrad | 0:cdf462088d13 | 2156 | |
markrad | 0:cdf462088d13 | 2157 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 2158 | static int ssl_write_hello_request( mbedtls_ssl_context *ssl ); |
markrad | 0:cdf462088d13 | 2159 | |
markrad | 0:cdf462088d13 | 2160 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2161 | static int ssl_resend_hello_request( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2162 | { |
markrad | 0:cdf462088d13 | 2163 | /* If renegotiation is not enforced, retransmit until we would reach max |
markrad | 0:cdf462088d13 | 2164 | * timeout if we were using the usual handshake doubling scheme */ |
markrad | 0:cdf462088d13 | 2165 | if( ssl->conf->renego_max_records < 0 ) |
markrad | 0:cdf462088d13 | 2166 | { |
markrad | 0:cdf462088d13 | 2167 | uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; |
markrad | 0:cdf462088d13 | 2168 | unsigned char doublings = 1; |
markrad | 0:cdf462088d13 | 2169 | |
markrad | 0:cdf462088d13 | 2170 | while( ratio != 0 ) |
markrad | 0:cdf462088d13 | 2171 | { |
markrad | 0:cdf462088d13 | 2172 | ++doublings; |
markrad | 0:cdf462088d13 | 2173 | ratio >>= 1; |
markrad | 0:cdf462088d13 | 2174 | } |
markrad | 0:cdf462088d13 | 2175 | |
markrad | 0:cdf462088d13 | 2176 | if( ++ssl->renego_records_seen > doublings ) |
markrad | 0:cdf462088d13 | 2177 | { |
markrad | 0:cdf462088d13 | 2178 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) ); |
markrad | 0:cdf462088d13 | 2179 | return( 0 ); |
markrad | 0:cdf462088d13 | 2180 | } |
markrad | 0:cdf462088d13 | 2181 | } |
markrad | 0:cdf462088d13 | 2182 | |
markrad | 0:cdf462088d13 | 2183 | return( ssl_write_hello_request( ssl ) ); |
markrad | 0:cdf462088d13 | 2184 | } |
markrad | 0:cdf462088d13 | 2185 | #endif |
markrad | 0:cdf462088d13 | 2186 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
markrad | 0:cdf462088d13 | 2187 | |
markrad | 0:cdf462088d13 | 2188 | /* |
markrad | 0:cdf462088d13 | 2189 | * Fill the input message buffer by appending data to it. |
markrad | 0:cdf462088d13 | 2190 | * The amount of data already fetched is in ssl->in_left. |
markrad | 0:cdf462088d13 | 2191 | * |
markrad | 0:cdf462088d13 | 2192 | * If we return 0, is it guaranteed that (at least) nb_want bytes are |
markrad | 0:cdf462088d13 | 2193 | * available (from this read and/or a previous one). Otherwise, an error code |
markrad | 0:cdf462088d13 | 2194 | * is returned (possibly EOF or WANT_READ). |
markrad | 0:cdf462088d13 | 2195 | * |
markrad | 0:cdf462088d13 | 2196 | * With stream transport (TLS) on success ssl->in_left == nb_want, but |
markrad | 0:cdf462088d13 | 2197 | * with datagram transport (DTLS) on success ssl->in_left >= nb_want, |
markrad | 0:cdf462088d13 | 2198 | * since we always read a whole datagram at once. |
markrad | 0:cdf462088d13 | 2199 | * |
markrad | 0:cdf462088d13 | 2200 | * For DTLS, it is up to the caller to set ssl->next_record_offset when |
markrad | 0:cdf462088d13 | 2201 | * they're done reading a record. |
markrad | 0:cdf462088d13 | 2202 | */ |
markrad | 0:cdf462088d13 | 2203 | int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) |
markrad | 0:cdf462088d13 | 2204 | { |
markrad | 0:cdf462088d13 | 2205 | int ret; |
markrad | 0:cdf462088d13 | 2206 | size_t len; |
markrad | 0:cdf462088d13 | 2207 | |
markrad | 0:cdf462088d13 | 2208 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) ); |
markrad | 0:cdf462088d13 | 2209 | |
markrad | 0:cdf462088d13 | 2210 | if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL ) |
markrad | 0:cdf462088d13 | 2211 | { |
markrad | 0:cdf462088d13 | 2212 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " |
markrad | 0:cdf462088d13 | 2213 | "or mbedtls_ssl_set_bio()" ) ); |
markrad | 0:cdf462088d13 | 2214 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 2215 | } |
markrad | 0:cdf462088d13 | 2216 | |
markrad | 0:cdf462088d13 | 2217 | if( nb_want > MBEDTLS_SSL_BUFFER_LEN - (size_t)( ssl->in_hdr - ssl->in_buf ) ) |
markrad | 0:cdf462088d13 | 2218 | { |
markrad | 0:cdf462088d13 | 2219 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) ); |
markrad | 0:cdf462088d13 | 2220 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 2221 | } |
markrad | 0:cdf462088d13 | 2222 | |
markrad | 0:cdf462088d13 | 2223 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2224 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 2225 | { |
markrad | 0:cdf462088d13 | 2226 | uint32_t timeout; |
markrad | 0:cdf462088d13 | 2227 | |
markrad | 0:cdf462088d13 | 2228 | /* Just to be sure */ |
markrad | 0:cdf462088d13 | 2229 | if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) |
markrad | 0:cdf462088d13 | 2230 | { |
markrad | 0:cdf462088d13 | 2231 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use " |
markrad | 0:cdf462088d13 | 2232 | "mbedtls_ssl_set_timer_cb() for DTLS" ) ); |
markrad | 0:cdf462088d13 | 2233 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 2234 | } |
markrad | 0:cdf462088d13 | 2235 | |
markrad | 0:cdf462088d13 | 2236 | /* |
markrad | 0:cdf462088d13 | 2237 | * The point is, we need to always read a full datagram at once, so we |
markrad | 0:cdf462088d13 | 2238 | * sometimes read more then requested, and handle the additional data. |
markrad | 0:cdf462088d13 | 2239 | * It could be the rest of the current record (while fetching the |
markrad | 0:cdf462088d13 | 2240 | * header) and/or some other records in the same datagram. |
markrad | 0:cdf462088d13 | 2241 | */ |
markrad | 0:cdf462088d13 | 2242 | |
markrad | 0:cdf462088d13 | 2243 | /* |
markrad | 0:cdf462088d13 | 2244 | * Move to the next record in the already read datagram if applicable |
markrad | 0:cdf462088d13 | 2245 | */ |
markrad | 0:cdf462088d13 | 2246 | if( ssl->next_record_offset != 0 ) |
markrad | 0:cdf462088d13 | 2247 | { |
markrad | 0:cdf462088d13 | 2248 | if( ssl->in_left < ssl->next_record_offset ) |
markrad | 0:cdf462088d13 | 2249 | { |
markrad | 0:cdf462088d13 | 2250 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 2251 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 2252 | } |
markrad | 0:cdf462088d13 | 2253 | |
markrad | 0:cdf462088d13 | 2254 | ssl->in_left -= ssl->next_record_offset; |
markrad | 0:cdf462088d13 | 2255 | |
markrad | 0:cdf462088d13 | 2256 | if( ssl->in_left != 0 ) |
markrad | 0:cdf462088d13 | 2257 | { |
markrad | 0:cdf462088d13 | 2258 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d", |
markrad | 0:cdf462088d13 | 2259 | ssl->next_record_offset ) ); |
markrad | 0:cdf462088d13 | 2260 | memmove( ssl->in_hdr, |
markrad | 0:cdf462088d13 | 2261 | ssl->in_hdr + ssl->next_record_offset, |
markrad | 0:cdf462088d13 | 2262 | ssl->in_left ); |
markrad | 0:cdf462088d13 | 2263 | } |
markrad | 0:cdf462088d13 | 2264 | |
markrad | 0:cdf462088d13 | 2265 | ssl->next_record_offset = 0; |
markrad | 0:cdf462088d13 | 2266 | } |
markrad | 0:cdf462088d13 | 2267 | |
markrad | 0:cdf462088d13 | 2268 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
markrad | 0:cdf462088d13 | 2269 | ssl->in_left, nb_want ) ); |
markrad | 0:cdf462088d13 | 2270 | |
markrad | 0:cdf462088d13 | 2271 | /* |
markrad | 0:cdf462088d13 | 2272 | * Done if we already have enough data. |
markrad | 0:cdf462088d13 | 2273 | */ |
markrad | 0:cdf462088d13 | 2274 | if( nb_want <= ssl->in_left) |
markrad | 0:cdf462088d13 | 2275 | { |
markrad | 0:cdf462088d13 | 2276 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); |
markrad | 0:cdf462088d13 | 2277 | return( 0 ); |
markrad | 0:cdf462088d13 | 2278 | } |
markrad | 0:cdf462088d13 | 2279 | |
markrad | 0:cdf462088d13 | 2280 | /* |
markrad | 0:cdf462088d13 | 2281 | * A record can't be split accross datagrams. If we need to read but |
markrad | 0:cdf462088d13 | 2282 | * are not at the beginning of a new record, the caller did something |
markrad | 0:cdf462088d13 | 2283 | * wrong. |
markrad | 0:cdf462088d13 | 2284 | */ |
markrad | 0:cdf462088d13 | 2285 | if( ssl->in_left != 0 ) |
markrad | 0:cdf462088d13 | 2286 | { |
markrad | 0:cdf462088d13 | 2287 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 2288 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 2289 | } |
markrad | 0:cdf462088d13 | 2290 | |
markrad | 0:cdf462088d13 | 2291 | /* |
markrad | 0:cdf462088d13 | 2292 | * Don't even try to read if time's out already. |
markrad | 0:cdf462088d13 | 2293 | * This avoids by-passing the timer when repeatedly receiving messages |
markrad | 0:cdf462088d13 | 2294 | * that will end up being dropped. |
markrad | 0:cdf462088d13 | 2295 | */ |
markrad | 0:cdf462088d13 | 2296 | if( ssl_check_timer( ssl ) != 0 ) |
markrad | 0:cdf462088d13 | 2297 | ret = MBEDTLS_ERR_SSL_TIMEOUT; |
markrad | 0:cdf462088d13 | 2298 | else |
markrad | 0:cdf462088d13 | 2299 | { |
markrad | 0:cdf462088d13 | 2300 | len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf ); |
markrad | 0:cdf462088d13 | 2301 | |
markrad | 0:cdf462088d13 | 2302 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 2303 | timeout = ssl->handshake->retransmit_timeout; |
markrad | 0:cdf462088d13 | 2304 | else |
markrad | 0:cdf462088d13 | 2305 | timeout = ssl->conf->read_timeout; |
markrad | 0:cdf462088d13 | 2306 | |
markrad | 0:cdf462088d13 | 2307 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) ); |
markrad | 0:cdf462088d13 | 2308 | |
markrad | 0:cdf462088d13 | 2309 | if( ssl->f_recv_timeout != NULL ) |
markrad | 0:cdf462088d13 | 2310 | ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len, |
markrad | 0:cdf462088d13 | 2311 | timeout ); |
markrad | 0:cdf462088d13 | 2312 | else |
markrad | 0:cdf462088d13 | 2313 | ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len ); |
markrad | 0:cdf462088d13 | 2314 | |
markrad | 0:cdf462088d13 | 2315 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); |
markrad | 0:cdf462088d13 | 2316 | |
markrad | 0:cdf462088d13 | 2317 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 2318 | return( MBEDTLS_ERR_SSL_CONN_EOF ); |
markrad | 0:cdf462088d13 | 2319 | } |
markrad | 0:cdf462088d13 | 2320 | |
markrad | 0:cdf462088d13 | 2321 | if( ret == MBEDTLS_ERR_SSL_TIMEOUT ) |
markrad | 0:cdf462088d13 | 2322 | { |
markrad | 0:cdf462088d13 | 2323 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) ); |
markrad | 0:cdf462088d13 | 2324 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 2325 | |
markrad | 0:cdf462088d13 | 2326 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 2327 | { |
markrad | 0:cdf462088d13 | 2328 | if( ssl_double_retransmit_timeout( ssl ) != 0 ) |
markrad | 0:cdf462088d13 | 2329 | { |
markrad | 0:cdf462088d13 | 2330 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) ); |
markrad | 0:cdf462088d13 | 2331 | return( MBEDTLS_ERR_SSL_TIMEOUT ); |
markrad | 0:cdf462088d13 | 2332 | } |
markrad | 0:cdf462088d13 | 2333 | |
markrad | 0:cdf462088d13 | 2334 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2335 | { |
markrad | 0:cdf462088d13 | 2336 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
markrad | 0:cdf462088d13 | 2337 | return( ret ); |
markrad | 0:cdf462088d13 | 2338 | } |
markrad | 0:cdf462088d13 | 2339 | |
markrad | 0:cdf462088d13 | 2340 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 2341 | } |
markrad | 0:cdf462088d13 | 2342 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 2343 | else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 2344 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
markrad | 0:cdf462088d13 | 2345 | { |
markrad | 0:cdf462088d13 | 2346 | if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2347 | { |
markrad | 0:cdf462088d13 | 2348 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret ); |
markrad | 0:cdf462088d13 | 2349 | return( ret ); |
markrad | 0:cdf462088d13 | 2350 | } |
markrad | 0:cdf462088d13 | 2351 | |
markrad | 0:cdf462088d13 | 2352 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 2353 | } |
markrad | 0:cdf462088d13 | 2354 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
markrad | 0:cdf462088d13 | 2355 | } |
markrad | 0:cdf462088d13 | 2356 | |
markrad | 0:cdf462088d13 | 2357 | if( ret < 0 ) |
markrad | 0:cdf462088d13 | 2358 | return( ret ); |
markrad | 0:cdf462088d13 | 2359 | |
markrad | 0:cdf462088d13 | 2360 | ssl->in_left = ret; |
markrad | 0:cdf462088d13 | 2361 | } |
markrad | 0:cdf462088d13 | 2362 | else |
markrad | 0:cdf462088d13 | 2363 | #endif |
markrad | 0:cdf462088d13 | 2364 | { |
markrad | 0:cdf462088d13 | 2365 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
markrad | 0:cdf462088d13 | 2366 | ssl->in_left, nb_want ) ); |
markrad | 0:cdf462088d13 | 2367 | |
markrad | 0:cdf462088d13 | 2368 | while( ssl->in_left < nb_want ) |
markrad | 0:cdf462088d13 | 2369 | { |
markrad | 0:cdf462088d13 | 2370 | len = nb_want - ssl->in_left; |
markrad | 0:cdf462088d13 | 2371 | |
markrad | 0:cdf462088d13 | 2372 | if( ssl_check_timer( ssl ) != 0 ) |
markrad | 0:cdf462088d13 | 2373 | ret = MBEDTLS_ERR_SSL_TIMEOUT; |
markrad | 0:cdf462088d13 | 2374 | else |
markrad | 0:cdf462088d13 | 2375 | { |
markrad | 0:cdf462088d13 | 2376 | if( ssl->f_recv_timeout != NULL ) |
markrad | 0:cdf462088d13 | 2377 | { |
markrad | 0:cdf462088d13 | 2378 | ret = ssl->f_recv_timeout( ssl->p_bio, |
markrad | 0:cdf462088d13 | 2379 | ssl->in_hdr + ssl->in_left, len, |
markrad | 0:cdf462088d13 | 2380 | ssl->conf->read_timeout ); |
markrad | 0:cdf462088d13 | 2381 | } |
markrad | 0:cdf462088d13 | 2382 | else |
markrad | 0:cdf462088d13 | 2383 | { |
markrad | 0:cdf462088d13 | 2384 | ret = ssl->f_recv( ssl->p_bio, |
markrad | 0:cdf462088d13 | 2385 | ssl->in_hdr + ssl->in_left, len ); |
markrad | 0:cdf462088d13 | 2386 | } |
markrad | 0:cdf462088d13 | 2387 | } |
markrad | 0:cdf462088d13 | 2388 | |
markrad | 0:cdf462088d13 | 2389 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
markrad | 0:cdf462088d13 | 2390 | ssl->in_left, nb_want ) ); |
markrad | 0:cdf462088d13 | 2391 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); |
markrad | 0:cdf462088d13 | 2392 | |
markrad | 0:cdf462088d13 | 2393 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 2394 | return( MBEDTLS_ERR_SSL_CONN_EOF ); |
markrad | 0:cdf462088d13 | 2395 | |
markrad | 0:cdf462088d13 | 2396 | if( ret < 0 ) |
markrad | 0:cdf462088d13 | 2397 | return( ret ); |
markrad | 0:cdf462088d13 | 2398 | |
markrad | 0:cdf462088d13 | 2399 | ssl->in_left += ret; |
markrad | 0:cdf462088d13 | 2400 | } |
markrad | 0:cdf462088d13 | 2401 | } |
markrad | 0:cdf462088d13 | 2402 | |
markrad | 0:cdf462088d13 | 2403 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); |
markrad | 0:cdf462088d13 | 2404 | |
markrad | 0:cdf462088d13 | 2405 | return( 0 ); |
markrad | 0:cdf462088d13 | 2406 | } |
markrad | 0:cdf462088d13 | 2407 | |
markrad | 0:cdf462088d13 | 2408 | /* |
markrad | 0:cdf462088d13 | 2409 | * Flush any data not yet written |
markrad | 0:cdf462088d13 | 2410 | */ |
markrad | 0:cdf462088d13 | 2411 | int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2412 | { |
markrad | 0:cdf462088d13 | 2413 | int ret; |
markrad | 0:cdf462088d13 | 2414 | unsigned char *buf, i; |
markrad | 0:cdf462088d13 | 2415 | |
markrad | 0:cdf462088d13 | 2416 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) ); |
markrad | 0:cdf462088d13 | 2417 | |
markrad | 0:cdf462088d13 | 2418 | if( ssl->f_send == NULL ) |
markrad | 0:cdf462088d13 | 2419 | { |
markrad | 0:cdf462088d13 | 2420 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " |
markrad | 0:cdf462088d13 | 2421 | "or mbedtls_ssl_set_bio()" ) ); |
markrad | 0:cdf462088d13 | 2422 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 2423 | } |
markrad | 0:cdf462088d13 | 2424 | |
markrad | 0:cdf462088d13 | 2425 | /* Avoid incrementing counter if data is flushed */ |
markrad | 0:cdf462088d13 | 2426 | if( ssl->out_left == 0 ) |
markrad | 0:cdf462088d13 | 2427 | { |
markrad | 0:cdf462088d13 | 2428 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); |
markrad | 0:cdf462088d13 | 2429 | return( 0 ); |
markrad | 0:cdf462088d13 | 2430 | } |
markrad | 0:cdf462088d13 | 2431 | |
markrad | 0:cdf462088d13 | 2432 | while( ssl->out_left > 0 ) |
markrad | 0:cdf462088d13 | 2433 | { |
markrad | 0:cdf462088d13 | 2434 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d", |
markrad | 0:cdf462088d13 | 2435 | mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) ); |
markrad | 0:cdf462088d13 | 2436 | |
markrad | 0:cdf462088d13 | 2437 | buf = ssl->out_hdr + mbedtls_ssl_hdr_len( ssl ) + |
markrad | 0:cdf462088d13 | 2438 | ssl->out_msglen - ssl->out_left; |
markrad | 0:cdf462088d13 | 2439 | ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left ); |
markrad | 0:cdf462088d13 | 2440 | |
markrad | 0:cdf462088d13 | 2441 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret ); |
markrad | 0:cdf462088d13 | 2442 | |
markrad | 0:cdf462088d13 | 2443 | if( ret <= 0 ) |
markrad | 0:cdf462088d13 | 2444 | return( ret ); |
markrad | 0:cdf462088d13 | 2445 | |
markrad | 0:cdf462088d13 | 2446 | ssl->out_left -= ret; |
markrad | 0:cdf462088d13 | 2447 | } |
markrad | 0:cdf462088d13 | 2448 | |
markrad | 0:cdf462088d13 | 2449 | for( i = 8; i > ssl_ep_len( ssl ); i-- ) |
markrad | 0:cdf462088d13 | 2450 | if( ++ssl->out_ctr[i - 1] != 0 ) |
markrad | 0:cdf462088d13 | 2451 | break; |
markrad | 0:cdf462088d13 | 2452 | |
markrad | 0:cdf462088d13 | 2453 | /* The loop goes to its end iff the counter is wrapping */ |
markrad | 0:cdf462088d13 | 2454 | if( i == ssl_ep_len( ssl ) ) |
markrad | 0:cdf462088d13 | 2455 | { |
markrad | 0:cdf462088d13 | 2456 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); |
markrad | 0:cdf462088d13 | 2457 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
markrad | 0:cdf462088d13 | 2458 | } |
markrad | 0:cdf462088d13 | 2459 | |
markrad | 0:cdf462088d13 | 2460 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); |
markrad | 0:cdf462088d13 | 2461 | |
markrad | 0:cdf462088d13 | 2462 | return( 0 ); |
markrad | 0:cdf462088d13 | 2463 | } |
markrad | 0:cdf462088d13 | 2464 | |
markrad | 0:cdf462088d13 | 2465 | /* |
markrad | 0:cdf462088d13 | 2466 | * Functions to handle the DTLS retransmission state machine |
markrad | 0:cdf462088d13 | 2467 | */ |
markrad | 0:cdf462088d13 | 2468 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2469 | /* |
markrad | 0:cdf462088d13 | 2470 | * Append current handshake message to current outgoing flight |
markrad | 0:cdf462088d13 | 2471 | */ |
markrad | 0:cdf462088d13 | 2472 | static int ssl_flight_append( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2473 | { |
markrad | 0:cdf462088d13 | 2474 | mbedtls_ssl_flight_item *msg; |
markrad | 0:cdf462088d13 | 2475 | |
markrad | 0:cdf462088d13 | 2476 | /* Allocate space for current message */ |
markrad | 0:cdf462088d13 | 2477 | if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL ) |
markrad | 0:cdf462088d13 | 2478 | { |
markrad | 0:cdf462088d13 | 2479 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", |
markrad | 0:cdf462088d13 | 2480 | sizeof( mbedtls_ssl_flight_item ) ) ); |
markrad | 0:cdf462088d13 | 2481 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 2482 | } |
markrad | 0:cdf462088d13 | 2483 | |
markrad | 0:cdf462088d13 | 2484 | if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL ) |
markrad | 0:cdf462088d13 | 2485 | { |
markrad | 0:cdf462088d13 | 2486 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) ); |
markrad | 0:cdf462088d13 | 2487 | mbedtls_free( msg ); |
markrad | 0:cdf462088d13 | 2488 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 2489 | } |
markrad | 0:cdf462088d13 | 2490 | |
markrad | 0:cdf462088d13 | 2491 | /* Copy current handshake message with headers */ |
markrad | 0:cdf462088d13 | 2492 | memcpy( msg->p, ssl->out_msg, ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 2493 | msg->len = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 2494 | msg->type = ssl->out_msgtype; |
markrad | 0:cdf462088d13 | 2495 | msg->next = NULL; |
markrad | 0:cdf462088d13 | 2496 | |
markrad | 0:cdf462088d13 | 2497 | /* Append to the current flight */ |
markrad | 0:cdf462088d13 | 2498 | if( ssl->handshake->flight == NULL ) |
markrad | 0:cdf462088d13 | 2499 | ssl->handshake->flight = msg; |
markrad | 0:cdf462088d13 | 2500 | else |
markrad | 0:cdf462088d13 | 2501 | { |
markrad | 0:cdf462088d13 | 2502 | mbedtls_ssl_flight_item *cur = ssl->handshake->flight; |
markrad | 0:cdf462088d13 | 2503 | while( cur->next != NULL ) |
markrad | 0:cdf462088d13 | 2504 | cur = cur->next; |
markrad | 0:cdf462088d13 | 2505 | cur->next = msg; |
markrad | 0:cdf462088d13 | 2506 | } |
markrad | 0:cdf462088d13 | 2507 | |
markrad | 0:cdf462088d13 | 2508 | return( 0 ); |
markrad | 0:cdf462088d13 | 2509 | } |
markrad | 0:cdf462088d13 | 2510 | |
markrad | 0:cdf462088d13 | 2511 | /* |
markrad | 0:cdf462088d13 | 2512 | * Free the current flight of handshake messages |
markrad | 0:cdf462088d13 | 2513 | */ |
markrad | 0:cdf462088d13 | 2514 | static void ssl_flight_free( mbedtls_ssl_flight_item *flight ) |
markrad | 0:cdf462088d13 | 2515 | { |
markrad | 0:cdf462088d13 | 2516 | mbedtls_ssl_flight_item *cur = flight; |
markrad | 0:cdf462088d13 | 2517 | mbedtls_ssl_flight_item *next; |
markrad | 0:cdf462088d13 | 2518 | |
markrad | 0:cdf462088d13 | 2519 | while( cur != NULL ) |
markrad | 0:cdf462088d13 | 2520 | { |
markrad | 0:cdf462088d13 | 2521 | next = cur->next; |
markrad | 0:cdf462088d13 | 2522 | |
markrad | 0:cdf462088d13 | 2523 | mbedtls_free( cur->p ); |
markrad | 0:cdf462088d13 | 2524 | mbedtls_free( cur ); |
markrad | 0:cdf462088d13 | 2525 | |
markrad | 0:cdf462088d13 | 2526 | cur = next; |
markrad | 0:cdf462088d13 | 2527 | } |
markrad | 0:cdf462088d13 | 2528 | } |
markrad | 0:cdf462088d13 | 2529 | |
markrad | 0:cdf462088d13 | 2530 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 2531 | static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ); |
markrad | 0:cdf462088d13 | 2532 | #endif |
markrad | 0:cdf462088d13 | 2533 | |
markrad | 0:cdf462088d13 | 2534 | /* |
markrad | 0:cdf462088d13 | 2535 | * Swap transform_out and out_ctr with the alternative ones |
markrad | 0:cdf462088d13 | 2536 | */ |
markrad | 0:cdf462088d13 | 2537 | static void ssl_swap_epochs( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2538 | { |
markrad | 0:cdf462088d13 | 2539 | mbedtls_ssl_transform *tmp_transform; |
markrad | 0:cdf462088d13 | 2540 | unsigned char tmp_out_ctr[8]; |
markrad | 0:cdf462088d13 | 2541 | |
markrad | 0:cdf462088d13 | 2542 | if( ssl->transform_out == ssl->handshake->alt_transform_out ) |
markrad | 0:cdf462088d13 | 2543 | { |
markrad | 0:cdf462088d13 | 2544 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) ); |
markrad | 0:cdf462088d13 | 2545 | return; |
markrad | 0:cdf462088d13 | 2546 | } |
markrad | 0:cdf462088d13 | 2547 | |
markrad | 0:cdf462088d13 | 2548 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) ); |
markrad | 0:cdf462088d13 | 2549 | |
markrad | 0:cdf462088d13 | 2550 | /* Swap transforms */ |
markrad | 0:cdf462088d13 | 2551 | tmp_transform = ssl->transform_out; |
markrad | 0:cdf462088d13 | 2552 | ssl->transform_out = ssl->handshake->alt_transform_out; |
markrad | 0:cdf462088d13 | 2553 | ssl->handshake->alt_transform_out = tmp_transform; |
markrad | 0:cdf462088d13 | 2554 | |
markrad | 0:cdf462088d13 | 2555 | /* Swap epoch + sequence_number */ |
markrad | 0:cdf462088d13 | 2556 | memcpy( tmp_out_ctr, ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 2557 | memcpy( ssl->out_ctr, ssl->handshake->alt_out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 2558 | memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 2559 | |
markrad | 0:cdf462088d13 | 2560 | /* Adjust to the newly activated transform */ |
markrad | 0:cdf462088d13 | 2561 | if( ssl->transform_out != NULL && |
markrad | 0:cdf462088d13 | 2562 | ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 2563 | { |
markrad | 0:cdf462088d13 | 2564 | ssl->out_msg = ssl->out_iv + ssl->transform_out->ivlen - |
markrad | 0:cdf462088d13 | 2565 | ssl->transform_out->fixed_ivlen; |
markrad | 0:cdf462088d13 | 2566 | } |
markrad | 0:cdf462088d13 | 2567 | else |
markrad | 0:cdf462088d13 | 2568 | ssl->out_msg = ssl->out_iv; |
markrad | 0:cdf462088d13 | 2569 | |
markrad | 0:cdf462088d13 | 2570 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 2571 | if( mbedtls_ssl_hw_record_activate != NULL ) |
markrad | 0:cdf462088d13 | 2572 | { |
markrad | 0:cdf462088d13 | 2573 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2574 | { |
markrad | 0:cdf462088d13 | 2575 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
markrad | 0:cdf462088d13 | 2576 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 2577 | } |
markrad | 0:cdf462088d13 | 2578 | } |
markrad | 0:cdf462088d13 | 2579 | #endif |
markrad | 0:cdf462088d13 | 2580 | } |
markrad | 0:cdf462088d13 | 2581 | |
markrad | 0:cdf462088d13 | 2582 | /* |
markrad | 0:cdf462088d13 | 2583 | * Retransmit the current flight of messages. |
markrad | 0:cdf462088d13 | 2584 | * |
markrad | 0:cdf462088d13 | 2585 | * Need to remember the current message in case flush_output returns |
markrad | 0:cdf462088d13 | 2586 | * WANT_WRITE, causing us to exit this function and come back later. |
markrad | 0:cdf462088d13 | 2587 | * This function must be called until state is no longer SENDING. |
markrad | 0:cdf462088d13 | 2588 | */ |
markrad | 0:cdf462088d13 | 2589 | int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2590 | { |
markrad | 0:cdf462088d13 | 2591 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) ); |
markrad | 0:cdf462088d13 | 2592 | |
markrad | 0:cdf462088d13 | 2593 | if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) |
markrad | 0:cdf462088d13 | 2594 | { |
markrad | 0:cdf462088d13 | 2595 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise resending" ) ); |
markrad | 0:cdf462088d13 | 2596 | |
markrad | 0:cdf462088d13 | 2597 | ssl->handshake->cur_msg = ssl->handshake->flight; |
markrad | 0:cdf462088d13 | 2598 | ssl_swap_epochs( ssl ); |
markrad | 0:cdf462088d13 | 2599 | |
markrad | 0:cdf462088d13 | 2600 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; |
markrad | 0:cdf462088d13 | 2601 | } |
markrad | 0:cdf462088d13 | 2602 | |
markrad | 0:cdf462088d13 | 2603 | while( ssl->handshake->cur_msg != NULL ) |
markrad | 0:cdf462088d13 | 2604 | { |
markrad | 0:cdf462088d13 | 2605 | int ret; |
markrad | 0:cdf462088d13 | 2606 | mbedtls_ssl_flight_item *cur = ssl->handshake->cur_msg; |
markrad | 0:cdf462088d13 | 2607 | |
markrad | 0:cdf462088d13 | 2608 | /* Swap epochs before sending Finished: we can't do it after |
markrad | 0:cdf462088d13 | 2609 | * sending ChangeCipherSpec, in case write returns WANT_READ. |
markrad | 0:cdf462088d13 | 2610 | * Must be done before copying, may change out_msg pointer */ |
markrad | 0:cdf462088d13 | 2611 | if( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 2612 | cur->p[0] == MBEDTLS_SSL_HS_FINISHED ) |
markrad | 0:cdf462088d13 | 2613 | { |
markrad | 0:cdf462088d13 | 2614 | ssl_swap_epochs( ssl ); |
markrad | 0:cdf462088d13 | 2615 | } |
markrad | 0:cdf462088d13 | 2616 | |
markrad | 0:cdf462088d13 | 2617 | memcpy( ssl->out_msg, cur->p, cur->len ); |
markrad | 0:cdf462088d13 | 2618 | ssl->out_msglen = cur->len; |
markrad | 0:cdf462088d13 | 2619 | ssl->out_msgtype = cur->type; |
markrad | 0:cdf462088d13 | 2620 | |
markrad | 0:cdf462088d13 | 2621 | ssl->handshake->cur_msg = cur->next; |
markrad | 0:cdf462088d13 | 2622 | |
markrad | 0:cdf462088d13 | 2623 | MBEDTLS_SSL_DEBUG_BUF( 3, "resent handshake message header", ssl->out_msg, 12 ); |
markrad | 0:cdf462088d13 | 2624 | |
markrad | 0:cdf462088d13 | 2625 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2626 | { |
markrad | 0:cdf462088d13 | 2627 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 2628 | return( ret ); |
markrad | 0:cdf462088d13 | 2629 | } |
markrad | 0:cdf462088d13 | 2630 | } |
markrad | 0:cdf462088d13 | 2631 | |
markrad | 0:cdf462088d13 | 2632 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 2633 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
markrad | 0:cdf462088d13 | 2634 | else |
markrad | 0:cdf462088d13 | 2635 | { |
markrad | 0:cdf462088d13 | 2636 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
markrad | 0:cdf462088d13 | 2637 | ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); |
markrad | 0:cdf462088d13 | 2638 | } |
markrad | 0:cdf462088d13 | 2639 | |
markrad | 0:cdf462088d13 | 2640 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) ); |
markrad | 0:cdf462088d13 | 2641 | |
markrad | 0:cdf462088d13 | 2642 | return( 0 ); |
markrad | 0:cdf462088d13 | 2643 | } |
markrad | 0:cdf462088d13 | 2644 | |
markrad | 0:cdf462088d13 | 2645 | /* |
markrad | 0:cdf462088d13 | 2646 | * To be called when the last message of an incoming flight is received. |
markrad | 0:cdf462088d13 | 2647 | */ |
markrad | 0:cdf462088d13 | 2648 | void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2649 | { |
markrad | 0:cdf462088d13 | 2650 | /* We won't need to resend that one any more */ |
markrad | 0:cdf462088d13 | 2651 | ssl_flight_free( ssl->handshake->flight ); |
markrad | 0:cdf462088d13 | 2652 | ssl->handshake->flight = NULL; |
markrad | 0:cdf462088d13 | 2653 | ssl->handshake->cur_msg = NULL; |
markrad | 0:cdf462088d13 | 2654 | |
markrad | 0:cdf462088d13 | 2655 | /* The next incoming flight will start with this msg_seq */ |
markrad | 0:cdf462088d13 | 2656 | ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq; |
markrad | 0:cdf462088d13 | 2657 | |
markrad | 0:cdf462088d13 | 2658 | /* Cancel timer */ |
markrad | 0:cdf462088d13 | 2659 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 2660 | |
markrad | 0:cdf462088d13 | 2661 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 2662 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
markrad | 0:cdf462088d13 | 2663 | { |
markrad | 0:cdf462088d13 | 2664 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
markrad | 0:cdf462088d13 | 2665 | } |
markrad | 0:cdf462088d13 | 2666 | else |
markrad | 0:cdf462088d13 | 2667 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; |
markrad | 0:cdf462088d13 | 2668 | } |
markrad | 0:cdf462088d13 | 2669 | |
markrad | 0:cdf462088d13 | 2670 | /* |
markrad | 0:cdf462088d13 | 2671 | * To be called when the last message of an outgoing flight is send. |
markrad | 0:cdf462088d13 | 2672 | */ |
markrad | 0:cdf462088d13 | 2673 | void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2674 | { |
markrad | 0:cdf462088d13 | 2675 | ssl_reset_retransmit_timeout( ssl ); |
markrad | 0:cdf462088d13 | 2676 | ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); |
markrad | 0:cdf462088d13 | 2677 | |
markrad | 0:cdf462088d13 | 2678 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 2679 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
markrad | 0:cdf462088d13 | 2680 | { |
markrad | 0:cdf462088d13 | 2681 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
markrad | 0:cdf462088d13 | 2682 | } |
markrad | 0:cdf462088d13 | 2683 | else |
markrad | 0:cdf462088d13 | 2684 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
markrad | 0:cdf462088d13 | 2685 | } |
markrad | 0:cdf462088d13 | 2686 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 2687 | |
markrad | 0:cdf462088d13 | 2688 | /* |
markrad | 0:cdf462088d13 | 2689 | * Record layer functions |
markrad | 0:cdf462088d13 | 2690 | */ |
markrad | 0:cdf462088d13 | 2691 | |
markrad | 0:cdf462088d13 | 2692 | /* |
markrad | 0:cdf462088d13 | 2693 | * Write current record. |
markrad | 0:cdf462088d13 | 2694 | * Uses ssl->out_msgtype, ssl->out_msglen and bytes at ssl->out_msg. |
markrad | 0:cdf462088d13 | 2695 | */ |
markrad | 0:cdf462088d13 | 2696 | int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2697 | { |
markrad | 0:cdf462088d13 | 2698 | int ret, done = 0, out_msg_type; |
markrad | 0:cdf462088d13 | 2699 | size_t len = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 2700 | |
markrad | 0:cdf462088d13 | 2701 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) ); |
markrad | 0:cdf462088d13 | 2702 | |
markrad | 0:cdf462088d13 | 2703 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2704 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 2705 | ssl->handshake != NULL && |
markrad | 0:cdf462088d13 | 2706 | ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) |
markrad | 0:cdf462088d13 | 2707 | { |
markrad | 0:cdf462088d13 | 2708 | ; /* Skip special handshake treatment when resending */ |
markrad | 0:cdf462088d13 | 2709 | } |
markrad | 0:cdf462088d13 | 2710 | else |
markrad | 0:cdf462088d13 | 2711 | #endif |
markrad | 0:cdf462088d13 | 2712 | if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
markrad | 0:cdf462088d13 | 2713 | { |
markrad | 0:cdf462088d13 | 2714 | out_msg_type = ssl->out_msg[0]; |
markrad | 0:cdf462088d13 | 2715 | |
markrad | 0:cdf462088d13 | 2716 | if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST && |
markrad | 0:cdf462088d13 | 2717 | ssl->handshake == NULL ) |
markrad | 0:cdf462088d13 | 2718 | { |
markrad | 0:cdf462088d13 | 2719 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 2720 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 2721 | } |
markrad | 0:cdf462088d13 | 2722 | |
markrad | 0:cdf462088d13 | 2723 | ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 ); |
markrad | 0:cdf462088d13 | 2724 | ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 ); |
markrad | 0:cdf462088d13 | 2725 | ssl->out_msg[3] = (unsigned char)( ( len - 4 ) ); |
markrad | 0:cdf462088d13 | 2726 | |
markrad | 0:cdf462088d13 | 2727 | /* |
markrad | 0:cdf462088d13 | 2728 | * DTLS has additional fields in the Handshake layer, |
markrad | 0:cdf462088d13 | 2729 | * between the length field and the actual payload: |
markrad | 0:cdf462088d13 | 2730 | * uint16 message_seq; |
markrad | 0:cdf462088d13 | 2731 | * uint24 fragment_offset; |
markrad | 0:cdf462088d13 | 2732 | * uint24 fragment_length; |
markrad | 0:cdf462088d13 | 2733 | */ |
markrad | 0:cdf462088d13 | 2734 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2735 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 2736 | { |
markrad | 0:cdf462088d13 | 2737 | /* Make room for the additional DTLS fields */ |
markrad | 0:cdf462088d13 | 2738 | memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 ); |
markrad | 0:cdf462088d13 | 2739 | ssl->out_msglen += 8; |
markrad | 0:cdf462088d13 | 2740 | len += 8; |
markrad | 0:cdf462088d13 | 2741 | |
markrad | 0:cdf462088d13 | 2742 | /* Write message_seq and update it, except for HelloRequest */ |
markrad | 0:cdf462088d13 | 2743 | if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) |
markrad | 0:cdf462088d13 | 2744 | { |
markrad | 0:cdf462088d13 | 2745 | ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; |
markrad | 0:cdf462088d13 | 2746 | ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; |
markrad | 0:cdf462088d13 | 2747 | ++( ssl->handshake->out_msg_seq ); |
markrad | 0:cdf462088d13 | 2748 | } |
markrad | 0:cdf462088d13 | 2749 | else |
markrad | 0:cdf462088d13 | 2750 | { |
markrad | 0:cdf462088d13 | 2751 | ssl->out_msg[4] = 0; |
markrad | 0:cdf462088d13 | 2752 | ssl->out_msg[5] = 0; |
markrad | 0:cdf462088d13 | 2753 | } |
markrad | 0:cdf462088d13 | 2754 | |
markrad | 0:cdf462088d13 | 2755 | /* We don't fragment, so frag_offset = 0 and frag_len = len */ |
markrad | 0:cdf462088d13 | 2756 | memset( ssl->out_msg + 6, 0x00, 3 ); |
markrad | 0:cdf462088d13 | 2757 | memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 ); |
markrad | 0:cdf462088d13 | 2758 | } |
markrad | 0:cdf462088d13 | 2759 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 2760 | |
markrad | 0:cdf462088d13 | 2761 | if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) |
markrad | 0:cdf462088d13 | 2762 | ssl->handshake->update_checksum( ssl, ssl->out_msg, len ); |
markrad | 0:cdf462088d13 | 2763 | } |
markrad | 0:cdf462088d13 | 2764 | |
markrad | 0:cdf462088d13 | 2765 | /* Save handshake and CCS messages for resending */ |
markrad | 0:cdf462088d13 | 2766 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2767 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 2768 | ssl->handshake != NULL && |
markrad | 0:cdf462088d13 | 2769 | ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING && |
markrad | 0:cdf462088d13 | 2770 | ( ssl->out_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC || |
markrad | 0:cdf462088d13 | 2771 | ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) ) |
markrad | 0:cdf462088d13 | 2772 | { |
markrad | 0:cdf462088d13 | 2773 | if( ( ret = ssl_flight_append( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2774 | { |
markrad | 0:cdf462088d13 | 2775 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret ); |
markrad | 0:cdf462088d13 | 2776 | return( ret ); |
markrad | 0:cdf462088d13 | 2777 | } |
markrad | 0:cdf462088d13 | 2778 | } |
markrad | 0:cdf462088d13 | 2779 | #endif |
markrad | 0:cdf462088d13 | 2780 | |
markrad | 0:cdf462088d13 | 2781 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 2782 | if( ssl->transform_out != NULL && |
markrad | 0:cdf462088d13 | 2783 | ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
markrad | 0:cdf462088d13 | 2784 | { |
markrad | 0:cdf462088d13 | 2785 | if( ( ret = ssl_compress_buf( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2786 | { |
markrad | 0:cdf462088d13 | 2787 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compress_buf", ret ); |
markrad | 0:cdf462088d13 | 2788 | return( ret ); |
markrad | 0:cdf462088d13 | 2789 | } |
markrad | 0:cdf462088d13 | 2790 | |
markrad | 0:cdf462088d13 | 2791 | len = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 2792 | } |
markrad | 0:cdf462088d13 | 2793 | #endif /*MBEDTLS_ZLIB_SUPPORT */ |
markrad | 0:cdf462088d13 | 2794 | |
markrad | 0:cdf462088d13 | 2795 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 2796 | if( mbedtls_ssl_hw_record_write != NULL ) |
markrad | 0:cdf462088d13 | 2797 | { |
markrad | 0:cdf462088d13 | 2798 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_write()" ) ); |
markrad | 0:cdf462088d13 | 2799 | |
markrad | 0:cdf462088d13 | 2800 | ret = mbedtls_ssl_hw_record_write( ssl ); |
markrad | 0:cdf462088d13 | 2801 | if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) |
markrad | 0:cdf462088d13 | 2802 | { |
markrad | 0:cdf462088d13 | 2803 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_write", ret ); |
markrad | 0:cdf462088d13 | 2804 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 2805 | } |
markrad | 0:cdf462088d13 | 2806 | |
markrad | 0:cdf462088d13 | 2807 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 2808 | done = 1; |
markrad | 0:cdf462088d13 | 2809 | } |
markrad | 0:cdf462088d13 | 2810 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
markrad | 0:cdf462088d13 | 2811 | if( !done ) |
markrad | 0:cdf462088d13 | 2812 | { |
markrad | 0:cdf462088d13 | 2813 | ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; |
markrad | 0:cdf462088d13 | 2814 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
markrad | 0:cdf462088d13 | 2815 | ssl->conf->transport, ssl->out_hdr + 1 ); |
markrad | 0:cdf462088d13 | 2816 | |
markrad | 0:cdf462088d13 | 2817 | ssl->out_len[0] = (unsigned char)( len >> 8 ); |
markrad | 0:cdf462088d13 | 2818 | ssl->out_len[1] = (unsigned char)( len ); |
markrad | 0:cdf462088d13 | 2819 | |
markrad | 0:cdf462088d13 | 2820 | if( ssl->transform_out != NULL ) |
markrad | 0:cdf462088d13 | 2821 | { |
markrad | 0:cdf462088d13 | 2822 | if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2823 | { |
markrad | 0:cdf462088d13 | 2824 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); |
markrad | 0:cdf462088d13 | 2825 | return( ret ); |
markrad | 0:cdf462088d13 | 2826 | } |
markrad | 0:cdf462088d13 | 2827 | |
markrad | 0:cdf462088d13 | 2828 | len = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 2829 | ssl->out_len[0] = (unsigned char)( len >> 8 ); |
markrad | 0:cdf462088d13 | 2830 | ssl->out_len[1] = (unsigned char)( len ); |
markrad | 0:cdf462088d13 | 2831 | } |
markrad | 0:cdf462088d13 | 2832 | |
markrad | 0:cdf462088d13 | 2833 | ssl->out_left = mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen; |
markrad | 0:cdf462088d13 | 2834 | |
markrad | 0:cdf462088d13 | 2835 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, " |
markrad | 0:cdf462088d13 | 2836 | "version = [%d:%d], msglen = %d", |
markrad | 0:cdf462088d13 | 2837 | ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], |
markrad | 0:cdf462088d13 | 2838 | ( ssl->out_len[0] << 8 ) | ssl->out_len[1] ) ); |
markrad | 0:cdf462088d13 | 2839 | |
markrad | 0:cdf462088d13 | 2840 | MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network", |
markrad | 0:cdf462088d13 | 2841 | ssl->out_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 2842 | } |
markrad | 0:cdf462088d13 | 2843 | |
markrad | 0:cdf462088d13 | 2844 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2845 | { |
markrad | 0:cdf462088d13 | 2846 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); |
markrad | 0:cdf462088d13 | 2847 | return( ret ); |
markrad | 0:cdf462088d13 | 2848 | } |
markrad | 0:cdf462088d13 | 2849 | |
markrad | 0:cdf462088d13 | 2850 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) ); |
markrad | 0:cdf462088d13 | 2851 | |
markrad | 0:cdf462088d13 | 2852 | return( 0 ); |
markrad | 0:cdf462088d13 | 2853 | } |
markrad | 0:cdf462088d13 | 2854 | |
markrad | 0:cdf462088d13 | 2855 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2856 | /* |
markrad | 0:cdf462088d13 | 2857 | * Mark bits in bitmask (used for DTLS HS reassembly) |
markrad | 0:cdf462088d13 | 2858 | */ |
markrad | 0:cdf462088d13 | 2859 | static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len ) |
markrad | 0:cdf462088d13 | 2860 | { |
markrad | 0:cdf462088d13 | 2861 | unsigned int start_bits, end_bits; |
markrad | 0:cdf462088d13 | 2862 | |
markrad | 0:cdf462088d13 | 2863 | start_bits = 8 - ( offset % 8 ); |
markrad | 0:cdf462088d13 | 2864 | if( start_bits != 8 ) |
markrad | 0:cdf462088d13 | 2865 | { |
markrad | 0:cdf462088d13 | 2866 | size_t first_byte_idx = offset / 8; |
markrad | 0:cdf462088d13 | 2867 | |
markrad | 0:cdf462088d13 | 2868 | /* Special case */ |
markrad | 0:cdf462088d13 | 2869 | if( len <= start_bits ) |
markrad | 0:cdf462088d13 | 2870 | { |
markrad | 0:cdf462088d13 | 2871 | for( ; len != 0; len-- ) |
markrad | 0:cdf462088d13 | 2872 | mask[first_byte_idx] |= 1 << ( start_bits - len ); |
markrad | 0:cdf462088d13 | 2873 | |
markrad | 0:cdf462088d13 | 2874 | /* Avoid potential issues with offset or len becoming invalid */ |
markrad | 0:cdf462088d13 | 2875 | return; |
markrad | 0:cdf462088d13 | 2876 | } |
markrad | 0:cdf462088d13 | 2877 | |
markrad | 0:cdf462088d13 | 2878 | offset += start_bits; /* Now offset % 8 == 0 */ |
markrad | 0:cdf462088d13 | 2879 | len -= start_bits; |
markrad | 0:cdf462088d13 | 2880 | |
markrad | 0:cdf462088d13 | 2881 | for( ; start_bits != 0; start_bits-- ) |
markrad | 0:cdf462088d13 | 2882 | mask[first_byte_idx] |= 1 << ( start_bits - 1 ); |
markrad | 0:cdf462088d13 | 2883 | } |
markrad | 0:cdf462088d13 | 2884 | |
markrad | 0:cdf462088d13 | 2885 | end_bits = len % 8; |
markrad | 0:cdf462088d13 | 2886 | if( end_bits != 0 ) |
markrad | 0:cdf462088d13 | 2887 | { |
markrad | 0:cdf462088d13 | 2888 | size_t last_byte_idx = ( offset + len ) / 8; |
markrad | 0:cdf462088d13 | 2889 | |
markrad | 0:cdf462088d13 | 2890 | len -= end_bits; /* Now len % 8 == 0 */ |
markrad | 0:cdf462088d13 | 2891 | |
markrad | 0:cdf462088d13 | 2892 | for( ; end_bits != 0; end_bits-- ) |
markrad | 0:cdf462088d13 | 2893 | mask[last_byte_idx] |= 1 << ( 8 - end_bits ); |
markrad | 0:cdf462088d13 | 2894 | } |
markrad | 0:cdf462088d13 | 2895 | |
markrad | 0:cdf462088d13 | 2896 | memset( mask + offset / 8, 0xFF, len / 8 ); |
markrad | 0:cdf462088d13 | 2897 | } |
markrad | 0:cdf462088d13 | 2898 | |
markrad | 0:cdf462088d13 | 2899 | /* |
markrad | 0:cdf462088d13 | 2900 | * Check that bitmask is full |
markrad | 0:cdf462088d13 | 2901 | */ |
markrad | 0:cdf462088d13 | 2902 | static int ssl_bitmask_check( unsigned char *mask, size_t len ) |
markrad | 0:cdf462088d13 | 2903 | { |
markrad | 0:cdf462088d13 | 2904 | size_t i; |
markrad | 0:cdf462088d13 | 2905 | |
markrad | 0:cdf462088d13 | 2906 | for( i = 0; i < len / 8; i++ ) |
markrad | 0:cdf462088d13 | 2907 | if( mask[i] != 0xFF ) |
markrad | 0:cdf462088d13 | 2908 | return( -1 ); |
markrad | 0:cdf462088d13 | 2909 | |
markrad | 0:cdf462088d13 | 2910 | for( i = 0; i < len % 8; i++ ) |
markrad | 0:cdf462088d13 | 2911 | if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 ) |
markrad | 0:cdf462088d13 | 2912 | return( -1 ); |
markrad | 0:cdf462088d13 | 2913 | |
markrad | 0:cdf462088d13 | 2914 | return( 0 ); |
markrad | 0:cdf462088d13 | 2915 | } |
markrad | 0:cdf462088d13 | 2916 | |
markrad | 0:cdf462088d13 | 2917 | /* |
markrad | 0:cdf462088d13 | 2918 | * Reassemble fragmented DTLS handshake messages. |
markrad | 0:cdf462088d13 | 2919 | * |
markrad | 0:cdf462088d13 | 2920 | * Use a temporary buffer for reassembly, divided in two parts: |
markrad | 0:cdf462088d13 | 2921 | * - the first holds the reassembled message (including handshake header), |
markrad | 0:cdf462088d13 | 2922 | * - the second holds a bitmask indicating which parts of the message |
markrad | 0:cdf462088d13 | 2923 | * (excluding headers) have been received so far. |
markrad | 0:cdf462088d13 | 2924 | */ |
markrad | 0:cdf462088d13 | 2925 | static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2926 | { |
markrad | 0:cdf462088d13 | 2927 | unsigned char *msg, *bitmask; |
markrad | 0:cdf462088d13 | 2928 | size_t frag_len, frag_off; |
markrad | 0:cdf462088d13 | 2929 | size_t msg_len = ssl->in_hslen - 12; /* Without headers */ |
markrad | 0:cdf462088d13 | 2930 | |
markrad | 0:cdf462088d13 | 2931 | if( ssl->handshake == NULL ) |
markrad | 0:cdf462088d13 | 2932 | { |
markrad | 0:cdf462088d13 | 2933 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "not supported outside handshake (for now)" ) ); |
markrad | 0:cdf462088d13 | 2934 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 2935 | } |
markrad | 0:cdf462088d13 | 2936 | |
markrad | 0:cdf462088d13 | 2937 | /* |
markrad | 0:cdf462088d13 | 2938 | * For first fragment, check size and allocate buffer |
markrad | 0:cdf462088d13 | 2939 | */ |
markrad | 0:cdf462088d13 | 2940 | if( ssl->handshake->hs_msg == NULL ) |
markrad | 0:cdf462088d13 | 2941 | { |
markrad | 0:cdf462088d13 | 2942 | size_t alloc_len; |
markrad | 0:cdf462088d13 | 2943 | |
markrad | 0:cdf462088d13 | 2944 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d", |
markrad | 0:cdf462088d13 | 2945 | msg_len ) ); |
markrad | 0:cdf462088d13 | 2946 | |
markrad | 0:cdf462088d13 | 2947 | if( ssl->in_hslen > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
markrad | 0:cdf462088d13 | 2948 | { |
markrad | 0:cdf462088d13 | 2949 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too large" ) ); |
markrad | 0:cdf462088d13 | 2950 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 2951 | } |
markrad | 0:cdf462088d13 | 2952 | |
markrad | 0:cdf462088d13 | 2953 | /* The bitmask needs one bit per byte of message excluding header */ |
markrad | 0:cdf462088d13 | 2954 | alloc_len = 12 + msg_len + msg_len / 8 + ( msg_len % 8 != 0 ); |
markrad | 0:cdf462088d13 | 2955 | |
markrad | 0:cdf462088d13 | 2956 | ssl->handshake->hs_msg = mbedtls_calloc( 1, alloc_len ); |
markrad | 0:cdf462088d13 | 2957 | if( ssl->handshake->hs_msg == NULL ) |
markrad | 0:cdf462088d13 | 2958 | { |
markrad | 0:cdf462088d13 | 2959 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", alloc_len ) ); |
markrad | 0:cdf462088d13 | 2960 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 2961 | } |
markrad | 0:cdf462088d13 | 2962 | |
markrad | 0:cdf462088d13 | 2963 | /* Prepare final header: copy msg_type, length and message_seq, |
markrad | 0:cdf462088d13 | 2964 | * then add standardised fragment_offset and fragment_length */ |
markrad | 0:cdf462088d13 | 2965 | memcpy( ssl->handshake->hs_msg, ssl->in_msg, 6 ); |
markrad | 0:cdf462088d13 | 2966 | memset( ssl->handshake->hs_msg + 6, 0, 3 ); |
markrad | 0:cdf462088d13 | 2967 | memcpy( ssl->handshake->hs_msg + 9, |
markrad | 0:cdf462088d13 | 2968 | ssl->handshake->hs_msg + 1, 3 ); |
markrad | 0:cdf462088d13 | 2969 | } |
markrad | 0:cdf462088d13 | 2970 | else |
markrad | 0:cdf462088d13 | 2971 | { |
markrad | 0:cdf462088d13 | 2972 | /* Make sure msg_type and length are consistent */ |
markrad | 0:cdf462088d13 | 2973 | if( memcmp( ssl->handshake->hs_msg, ssl->in_msg, 4 ) != 0 ) |
markrad | 0:cdf462088d13 | 2974 | { |
markrad | 0:cdf462088d13 | 2975 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment header mismatch" ) ); |
markrad | 0:cdf462088d13 | 2976 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 2977 | } |
markrad | 0:cdf462088d13 | 2978 | } |
markrad | 0:cdf462088d13 | 2979 | |
markrad | 0:cdf462088d13 | 2980 | msg = ssl->handshake->hs_msg + 12; |
markrad | 0:cdf462088d13 | 2981 | bitmask = msg + msg_len; |
markrad | 0:cdf462088d13 | 2982 | |
markrad | 0:cdf462088d13 | 2983 | /* |
markrad | 0:cdf462088d13 | 2984 | * Check and copy current fragment |
markrad | 0:cdf462088d13 | 2985 | */ |
markrad | 0:cdf462088d13 | 2986 | frag_off = ( ssl->in_msg[6] << 16 ) | |
markrad | 0:cdf462088d13 | 2987 | ( ssl->in_msg[7] << 8 ) | |
markrad | 0:cdf462088d13 | 2988 | ssl->in_msg[8]; |
markrad | 0:cdf462088d13 | 2989 | frag_len = ( ssl->in_msg[9] << 16 ) | |
markrad | 0:cdf462088d13 | 2990 | ( ssl->in_msg[10] << 8 ) | |
markrad | 0:cdf462088d13 | 2991 | ssl->in_msg[11]; |
markrad | 0:cdf462088d13 | 2992 | |
markrad | 0:cdf462088d13 | 2993 | if( frag_off + frag_len > msg_len ) |
markrad | 0:cdf462088d13 | 2994 | { |
markrad | 0:cdf462088d13 | 2995 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment offset/len: %d + %d > %d", |
markrad | 0:cdf462088d13 | 2996 | frag_off, frag_len, msg_len ) ); |
markrad | 0:cdf462088d13 | 2997 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 2998 | } |
markrad | 0:cdf462088d13 | 2999 | |
markrad | 0:cdf462088d13 | 3000 | if( frag_len + 12 > ssl->in_msglen ) |
markrad | 0:cdf462088d13 | 3001 | { |
markrad | 0:cdf462088d13 | 3002 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment length: %d + 12 > %d", |
markrad | 0:cdf462088d13 | 3003 | frag_len, ssl->in_msglen ) ); |
markrad | 0:cdf462088d13 | 3004 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3005 | } |
markrad | 0:cdf462088d13 | 3006 | |
markrad | 0:cdf462088d13 | 3007 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d", |
markrad | 0:cdf462088d13 | 3008 | frag_off, frag_len ) ); |
markrad | 0:cdf462088d13 | 3009 | |
markrad | 0:cdf462088d13 | 3010 | memcpy( msg + frag_off, ssl->in_msg + 12, frag_len ); |
markrad | 0:cdf462088d13 | 3011 | ssl_bitmask_set( bitmask, frag_off, frag_len ); |
markrad | 0:cdf462088d13 | 3012 | |
markrad | 0:cdf462088d13 | 3013 | /* |
markrad | 0:cdf462088d13 | 3014 | * Do we have the complete message by now? |
markrad | 0:cdf462088d13 | 3015 | * If yes, finalize it, else ask to read the next record. |
markrad | 0:cdf462088d13 | 3016 | */ |
markrad | 0:cdf462088d13 | 3017 | if( ssl_bitmask_check( bitmask, msg_len ) != 0 ) |
markrad | 0:cdf462088d13 | 3018 | { |
markrad | 0:cdf462088d13 | 3019 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) ); |
markrad | 0:cdf462088d13 | 3020 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 3021 | } |
markrad | 0:cdf462088d13 | 3022 | |
markrad | 0:cdf462088d13 | 3023 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) ); |
markrad | 0:cdf462088d13 | 3024 | |
markrad | 0:cdf462088d13 | 3025 | if( frag_len + 12 < ssl->in_msglen ) |
markrad | 0:cdf462088d13 | 3026 | { |
markrad | 0:cdf462088d13 | 3027 | /* |
markrad | 0:cdf462088d13 | 3028 | * We'got more handshake messages in the same record. |
markrad | 0:cdf462088d13 | 3029 | * This case is not handled now because no know implementation does |
markrad | 0:cdf462088d13 | 3030 | * that and it's hard to test, so we prefer to fail cleanly for now. |
markrad | 0:cdf462088d13 | 3031 | */ |
markrad | 0:cdf462088d13 | 3032 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "last fragment not alone in its record" ) ); |
markrad | 0:cdf462088d13 | 3033 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 3034 | } |
markrad | 0:cdf462088d13 | 3035 | |
markrad | 0:cdf462088d13 | 3036 | if( ssl->in_left > ssl->next_record_offset ) |
markrad | 0:cdf462088d13 | 3037 | { |
markrad | 0:cdf462088d13 | 3038 | /* |
markrad | 0:cdf462088d13 | 3039 | * We've got more data in the buffer after the current record, |
markrad | 0:cdf462088d13 | 3040 | * that we don't want to overwrite. Move it before writing the |
markrad | 0:cdf462088d13 | 3041 | * reassembled message, and adjust in_left and next_record_offset. |
markrad | 0:cdf462088d13 | 3042 | */ |
markrad | 0:cdf462088d13 | 3043 | unsigned char *cur_remain = ssl->in_hdr + ssl->next_record_offset; |
markrad | 0:cdf462088d13 | 3044 | unsigned char *new_remain = ssl->in_msg + ssl->in_hslen; |
markrad | 0:cdf462088d13 | 3045 | size_t remain_len = ssl->in_left - ssl->next_record_offset; |
markrad | 0:cdf462088d13 | 3046 | |
markrad | 0:cdf462088d13 | 3047 | /* First compute and check new lengths */ |
markrad | 0:cdf462088d13 | 3048 | ssl->next_record_offset = new_remain - ssl->in_hdr; |
markrad | 0:cdf462088d13 | 3049 | ssl->in_left = ssl->next_record_offset + remain_len; |
markrad | 0:cdf462088d13 | 3050 | |
markrad | 0:cdf462088d13 | 3051 | if( ssl->in_left > MBEDTLS_SSL_BUFFER_LEN - |
markrad | 0:cdf462088d13 | 3052 | (size_t)( ssl->in_hdr - ssl->in_buf ) ) |
markrad | 0:cdf462088d13 | 3053 | { |
markrad | 0:cdf462088d13 | 3054 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "reassembled message too large for buffer" ) ); |
markrad | 0:cdf462088d13 | 3055 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); |
markrad | 0:cdf462088d13 | 3056 | } |
markrad | 0:cdf462088d13 | 3057 | |
markrad | 0:cdf462088d13 | 3058 | memmove( new_remain, cur_remain, remain_len ); |
markrad | 0:cdf462088d13 | 3059 | } |
markrad | 0:cdf462088d13 | 3060 | |
markrad | 0:cdf462088d13 | 3061 | memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen ); |
markrad | 0:cdf462088d13 | 3062 | |
markrad | 0:cdf462088d13 | 3063 | mbedtls_free( ssl->handshake->hs_msg ); |
markrad | 0:cdf462088d13 | 3064 | ssl->handshake->hs_msg = NULL; |
markrad | 0:cdf462088d13 | 3065 | |
markrad | 0:cdf462088d13 | 3066 | MBEDTLS_SSL_DEBUG_BUF( 3, "reassembled handshake message", |
markrad | 0:cdf462088d13 | 3067 | ssl->in_msg, ssl->in_hslen ); |
markrad | 0:cdf462088d13 | 3068 | |
markrad | 0:cdf462088d13 | 3069 | return( 0 ); |
markrad | 0:cdf462088d13 | 3070 | } |
markrad | 0:cdf462088d13 | 3071 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 3072 | |
markrad | 0:cdf462088d13 | 3073 | int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3074 | { |
markrad | 0:cdf462088d13 | 3075 | if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) ) |
markrad | 0:cdf462088d13 | 3076 | { |
markrad | 0:cdf462088d13 | 3077 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d", |
markrad | 0:cdf462088d13 | 3078 | ssl->in_msglen ) ); |
markrad | 0:cdf462088d13 | 3079 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3080 | } |
markrad | 0:cdf462088d13 | 3081 | |
markrad | 0:cdf462088d13 | 3082 | ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ( |
markrad | 0:cdf462088d13 | 3083 | ( ssl->in_msg[1] << 16 ) | |
markrad | 0:cdf462088d13 | 3084 | ( ssl->in_msg[2] << 8 ) | |
markrad | 0:cdf462088d13 | 3085 | ssl->in_msg[3] ); |
markrad | 0:cdf462088d13 | 3086 | |
markrad | 0:cdf462088d13 | 3087 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" |
markrad | 0:cdf462088d13 | 3088 | " %d, type = %d, hslen = %d", |
markrad | 0:cdf462088d13 | 3089 | ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); |
markrad | 0:cdf462088d13 | 3090 | |
markrad | 0:cdf462088d13 | 3091 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3092 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 3093 | { |
markrad | 0:cdf462088d13 | 3094 | int ret; |
markrad | 0:cdf462088d13 | 3095 | unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; |
markrad | 0:cdf462088d13 | 3096 | |
markrad | 0:cdf462088d13 | 3097 | /* ssl->handshake is NULL when receiving ClientHello for renego */ |
markrad | 0:cdf462088d13 | 3098 | if( ssl->handshake != NULL && |
markrad | 0:cdf462088d13 | 3099 | recv_msg_seq != ssl->handshake->in_msg_seq ) |
markrad | 0:cdf462088d13 | 3100 | { |
markrad | 0:cdf462088d13 | 3101 | /* Retransmit only on last message from previous flight, to avoid |
markrad | 0:cdf462088d13 | 3102 | * too many retransmissions. |
markrad | 0:cdf462088d13 | 3103 | * Besides, No sane server ever retransmits HelloVerifyRequest */ |
markrad | 0:cdf462088d13 | 3104 | if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 && |
markrad | 0:cdf462088d13 | 3105 | ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST ) |
markrad | 0:cdf462088d13 | 3106 | { |
markrad | 0:cdf462088d13 | 3107 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, " |
markrad | 0:cdf462088d13 | 3108 | "message_seq = %d, start_of_flight = %d", |
markrad | 0:cdf462088d13 | 3109 | recv_msg_seq, |
markrad | 0:cdf462088d13 | 3110 | ssl->handshake->in_flight_start_seq ) ); |
markrad | 0:cdf462088d13 | 3111 | |
markrad | 0:cdf462088d13 | 3112 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3113 | { |
markrad | 0:cdf462088d13 | 3114 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
markrad | 0:cdf462088d13 | 3115 | return( ret ); |
markrad | 0:cdf462088d13 | 3116 | } |
markrad | 0:cdf462088d13 | 3117 | } |
markrad | 0:cdf462088d13 | 3118 | else |
markrad | 0:cdf462088d13 | 3119 | { |
markrad | 0:cdf462088d13 | 3120 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: " |
markrad | 0:cdf462088d13 | 3121 | "message_seq = %d, expected = %d", |
markrad | 0:cdf462088d13 | 3122 | recv_msg_seq, |
markrad | 0:cdf462088d13 | 3123 | ssl->handshake->in_msg_seq ) ); |
markrad | 0:cdf462088d13 | 3124 | } |
markrad | 0:cdf462088d13 | 3125 | |
markrad | 0:cdf462088d13 | 3126 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 3127 | } |
markrad | 0:cdf462088d13 | 3128 | /* Wait until message completion to increment in_msg_seq */ |
markrad | 0:cdf462088d13 | 3129 | |
markrad | 0:cdf462088d13 | 3130 | /* Reassemble if current message is fragmented or reassembly is |
markrad | 0:cdf462088d13 | 3131 | * already in progress */ |
markrad | 0:cdf462088d13 | 3132 | if( ssl->in_msglen < ssl->in_hslen || |
markrad | 0:cdf462088d13 | 3133 | memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 || |
markrad | 0:cdf462088d13 | 3134 | memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 || |
markrad | 0:cdf462088d13 | 3135 | ( ssl->handshake != NULL && ssl->handshake->hs_msg != NULL ) ) |
markrad | 0:cdf462088d13 | 3136 | { |
markrad | 0:cdf462088d13 | 3137 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) ); |
markrad | 0:cdf462088d13 | 3138 | |
markrad | 0:cdf462088d13 | 3139 | if( ( ret = ssl_reassemble_dtls_handshake( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3140 | { |
markrad | 0:cdf462088d13 | 3141 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_reassemble_dtls_handshake", ret ); |
markrad | 0:cdf462088d13 | 3142 | return( ret ); |
markrad | 0:cdf462088d13 | 3143 | } |
markrad | 0:cdf462088d13 | 3144 | } |
markrad | 0:cdf462088d13 | 3145 | } |
markrad | 0:cdf462088d13 | 3146 | else |
markrad | 0:cdf462088d13 | 3147 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 3148 | /* With TLS we don't handle fragmentation (for now) */ |
markrad | 0:cdf462088d13 | 3149 | if( ssl->in_msglen < ssl->in_hslen ) |
markrad | 0:cdf462088d13 | 3150 | { |
markrad | 0:cdf462088d13 | 3151 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) ); |
markrad | 0:cdf462088d13 | 3152 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 3153 | } |
markrad | 0:cdf462088d13 | 3154 | |
markrad | 0:cdf462088d13 | 3155 | return( 0 ); |
markrad | 0:cdf462088d13 | 3156 | } |
markrad | 0:cdf462088d13 | 3157 | |
markrad | 0:cdf462088d13 | 3158 | void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3159 | { |
markrad | 0:cdf462088d13 | 3160 | |
markrad | 0:cdf462088d13 | 3161 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && |
markrad | 0:cdf462088d13 | 3162 | ssl->handshake != NULL ) |
markrad | 0:cdf462088d13 | 3163 | { |
markrad | 0:cdf462088d13 | 3164 | ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); |
markrad | 0:cdf462088d13 | 3165 | } |
markrad | 0:cdf462088d13 | 3166 | |
markrad | 0:cdf462088d13 | 3167 | /* Handshake message is complete, increment counter */ |
markrad | 0:cdf462088d13 | 3168 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3169 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 3170 | ssl->handshake != NULL ) |
markrad | 0:cdf462088d13 | 3171 | { |
markrad | 0:cdf462088d13 | 3172 | ssl->handshake->in_msg_seq++; |
markrad | 0:cdf462088d13 | 3173 | } |
markrad | 0:cdf462088d13 | 3174 | #endif |
markrad | 0:cdf462088d13 | 3175 | } |
markrad | 0:cdf462088d13 | 3176 | |
markrad | 0:cdf462088d13 | 3177 | /* |
markrad | 0:cdf462088d13 | 3178 | * DTLS anti-replay: RFC 6347 4.1.2.6 |
markrad | 0:cdf462088d13 | 3179 | * |
markrad | 0:cdf462088d13 | 3180 | * in_window is a field of bits numbered from 0 (lsb) to 63 (msb). |
markrad | 0:cdf462088d13 | 3181 | * Bit n is set iff record number in_window_top - n has been seen. |
markrad | 0:cdf462088d13 | 3182 | * |
markrad | 0:cdf462088d13 | 3183 | * Usually, in_window_top is the last record number seen and the lsb of |
markrad | 0:cdf462088d13 | 3184 | * in_window is set. The only exception is the initial state (record number 0 |
markrad | 0:cdf462088d13 | 3185 | * not seen yet). |
markrad | 0:cdf462088d13 | 3186 | */ |
markrad | 0:cdf462088d13 | 3187 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 3188 | static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3189 | { |
markrad | 0:cdf462088d13 | 3190 | ssl->in_window_top = 0; |
markrad | 0:cdf462088d13 | 3191 | ssl->in_window = 0; |
markrad | 0:cdf462088d13 | 3192 | } |
markrad | 0:cdf462088d13 | 3193 | |
markrad | 0:cdf462088d13 | 3194 | static inline uint64_t ssl_load_six_bytes( unsigned char *buf ) |
markrad | 0:cdf462088d13 | 3195 | { |
markrad | 0:cdf462088d13 | 3196 | return( ( (uint64_t) buf[0] << 40 ) | |
markrad | 0:cdf462088d13 | 3197 | ( (uint64_t) buf[1] << 32 ) | |
markrad | 0:cdf462088d13 | 3198 | ( (uint64_t) buf[2] << 24 ) | |
markrad | 0:cdf462088d13 | 3199 | ( (uint64_t) buf[3] << 16 ) | |
markrad | 0:cdf462088d13 | 3200 | ( (uint64_t) buf[4] << 8 ) | |
markrad | 0:cdf462088d13 | 3201 | ( (uint64_t) buf[5] ) ); |
markrad | 0:cdf462088d13 | 3202 | } |
markrad | 0:cdf462088d13 | 3203 | |
markrad | 0:cdf462088d13 | 3204 | /* |
markrad | 0:cdf462088d13 | 3205 | * Return 0 if sequence number is acceptable, -1 otherwise |
markrad | 0:cdf462088d13 | 3206 | */ |
markrad | 0:cdf462088d13 | 3207 | int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3208 | { |
markrad | 0:cdf462088d13 | 3209 | uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); |
markrad | 0:cdf462088d13 | 3210 | uint64_t bit; |
markrad | 0:cdf462088d13 | 3211 | |
markrad | 0:cdf462088d13 | 3212 | if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) |
markrad | 0:cdf462088d13 | 3213 | return( 0 ); |
markrad | 0:cdf462088d13 | 3214 | |
markrad | 0:cdf462088d13 | 3215 | if( rec_seqnum > ssl->in_window_top ) |
markrad | 0:cdf462088d13 | 3216 | return( 0 ); |
markrad | 0:cdf462088d13 | 3217 | |
markrad | 0:cdf462088d13 | 3218 | bit = ssl->in_window_top - rec_seqnum; |
markrad | 0:cdf462088d13 | 3219 | |
markrad | 0:cdf462088d13 | 3220 | if( bit >= 64 ) |
markrad | 0:cdf462088d13 | 3221 | return( -1 ); |
markrad | 0:cdf462088d13 | 3222 | |
markrad | 0:cdf462088d13 | 3223 | if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3224 | return( -1 ); |
markrad | 0:cdf462088d13 | 3225 | |
markrad | 0:cdf462088d13 | 3226 | return( 0 ); |
markrad | 0:cdf462088d13 | 3227 | } |
markrad | 0:cdf462088d13 | 3228 | |
markrad | 0:cdf462088d13 | 3229 | /* |
markrad | 0:cdf462088d13 | 3230 | * Update replay window on new validated record |
markrad | 0:cdf462088d13 | 3231 | */ |
markrad | 0:cdf462088d13 | 3232 | void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3233 | { |
markrad | 0:cdf462088d13 | 3234 | uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); |
markrad | 0:cdf462088d13 | 3235 | |
markrad | 0:cdf462088d13 | 3236 | if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) |
markrad | 0:cdf462088d13 | 3237 | return; |
markrad | 0:cdf462088d13 | 3238 | |
markrad | 0:cdf462088d13 | 3239 | if( rec_seqnum > ssl->in_window_top ) |
markrad | 0:cdf462088d13 | 3240 | { |
markrad | 0:cdf462088d13 | 3241 | /* Update window_top and the contents of the window */ |
markrad | 0:cdf462088d13 | 3242 | uint64_t shift = rec_seqnum - ssl->in_window_top; |
markrad | 0:cdf462088d13 | 3243 | |
markrad | 0:cdf462088d13 | 3244 | if( shift >= 64 ) |
markrad | 0:cdf462088d13 | 3245 | ssl->in_window = 1; |
markrad | 0:cdf462088d13 | 3246 | else |
markrad | 0:cdf462088d13 | 3247 | { |
markrad | 0:cdf462088d13 | 3248 | ssl->in_window <<= shift; |
markrad | 0:cdf462088d13 | 3249 | ssl->in_window |= 1; |
markrad | 0:cdf462088d13 | 3250 | } |
markrad | 0:cdf462088d13 | 3251 | |
markrad | 0:cdf462088d13 | 3252 | ssl->in_window_top = rec_seqnum; |
markrad | 0:cdf462088d13 | 3253 | } |
markrad | 0:cdf462088d13 | 3254 | else |
markrad | 0:cdf462088d13 | 3255 | { |
markrad | 0:cdf462088d13 | 3256 | /* Mark that number as seen in the current window */ |
markrad | 0:cdf462088d13 | 3257 | uint64_t bit = ssl->in_window_top - rec_seqnum; |
markrad | 0:cdf462088d13 | 3258 | |
markrad | 0:cdf462088d13 | 3259 | if( bit < 64 ) /* Always true, but be extra sure */ |
markrad | 0:cdf462088d13 | 3260 | ssl->in_window |= (uint64_t) 1 << bit; |
markrad | 0:cdf462088d13 | 3261 | } |
markrad | 0:cdf462088d13 | 3262 | } |
markrad | 0:cdf462088d13 | 3263 | #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ |
markrad | 0:cdf462088d13 | 3264 | |
markrad | 0:cdf462088d13 | 3265 | #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 3266 | /* Forward declaration */ |
markrad | 0:cdf462088d13 | 3267 | static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ); |
markrad | 0:cdf462088d13 | 3268 | |
markrad | 0:cdf462088d13 | 3269 | /* |
markrad | 0:cdf462088d13 | 3270 | * Without any SSL context, check if a datagram looks like a ClientHello with |
markrad | 0:cdf462088d13 | 3271 | * a valid cookie, and if it doesn't, generate a HelloVerifyRequest message. |
markrad | 0:cdf462088d13 | 3272 | * Both input and output include full DTLS headers. |
markrad | 0:cdf462088d13 | 3273 | * |
markrad | 0:cdf462088d13 | 3274 | * - if cookie is valid, return 0 |
markrad | 0:cdf462088d13 | 3275 | * - if ClientHello looks superficially valid but cookie is not, |
markrad | 0:cdf462088d13 | 3276 | * fill obuf and set olen, then |
markrad | 0:cdf462088d13 | 3277 | * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED |
markrad | 0:cdf462088d13 | 3278 | * - otherwise return a specific error code |
markrad | 0:cdf462088d13 | 3279 | */ |
markrad | 0:cdf462088d13 | 3280 | static int ssl_check_dtls_clihlo_cookie( |
markrad | 0:cdf462088d13 | 3281 | mbedtls_ssl_cookie_write_t *f_cookie_write, |
markrad | 0:cdf462088d13 | 3282 | mbedtls_ssl_cookie_check_t *f_cookie_check, |
markrad | 0:cdf462088d13 | 3283 | void *p_cookie, |
markrad | 0:cdf462088d13 | 3284 | const unsigned char *cli_id, size_t cli_id_len, |
markrad | 0:cdf462088d13 | 3285 | const unsigned char *in, size_t in_len, |
markrad | 0:cdf462088d13 | 3286 | unsigned char *obuf, size_t buf_len, size_t *olen ) |
markrad | 0:cdf462088d13 | 3287 | { |
markrad | 0:cdf462088d13 | 3288 | size_t sid_len, cookie_len; |
markrad | 0:cdf462088d13 | 3289 | unsigned char *p; |
markrad | 0:cdf462088d13 | 3290 | |
markrad | 0:cdf462088d13 | 3291 | if( f_cookie_write == NULL || f_cookie_check == NULL ) |
markrad | 0:cdf462088d13 | 3292 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 3293 | |
markrad | 0:cdf462088d13 | 3294 | /* |
markrad | 0:cdf462088d13 | 3295 | * Structure of ClientHello with record and handshake headers, |
markrad | 0:cdf462088d13 | 3296 | * and expected values. We don't need to check a lot, more checks will be |
markrad | 0:cdf462088d13 | 3297 | * done when actually parsing the ClientHello - skipping those checks |
markrad | 0:cdf462088d13 | 3298 | * avoids code duplication and does not make cookie forging any easier. |
markrad | 0:cdf462088d13 | 3299 | * |
markrad | 0:cdf462088d13 | 3300 | * 0-0 ContentType type; copied, must be handshake |
markrad | 0:cdf462088d13 | 3301 | * 1-2 ProtocolVersion version; copied |
markrad | 0:cdf462088d13 | 3302 | * 3-4 uint16 epoch; copied, must be 0 |
markrad | 0:cdf462088d13 | 3303 | * 5-10 uint48 sequence_number; copied |
markrad | 0:cdf462088d13 | 3304 | * 11-12 uint16 length; (ignored) |
markrad | 0:cdf462088d13 | 3305 | * |
markrad | 0:cdf462088d13 | 3306 | * 13-13 HandshakeType msg_type; (ignored) |
markrad | 0:cdf462088d13 | 3307 | * 14-16 uint24 length; (ignored) |
markrad | 0:cdf462088d13 | 3308 | * 17-18 uint16 message_seq; copied |
markrad | 0:cdf462088d13 | 3309 | * 19-21 uint24 fragment_offset; copied, must be 0 |
markrad | 0:cdf462088d13 | 3310 | * 22-24 uint24 fragment_length; (ignored) |
markrad | 0:cdf462088d13 | 3311 | * |
markrad | 0:cdf462088d13 | 3312 | * 25-26 ProtocolVersion client_version; (ignored) |
markrad | 0:cdf462088d13 | 3313 | * 27-58 Random random; (ignored) |
markrad | 0:cdf462088d13 | 3314 | * 59-xx SessionID session_id; 1 byte len + sid_len content |
markrad | 0:cdf462088d13 | 3315 | * 60+ opaque cookie<0..2^8-1>; 1 byte len + content |
markrad | 0:cdf462088d13 | 3316 | * ... |
markrad | 0:cdf462088d13 | 3317 | * |
markrad | 0:cdf462088d13 | 3318 | * Minimum length is 61 bytes. |
markrad | 0:cdf462088d13 | 3319 | */ |
markrad | 0:cdf462088d13 | 3320 | if( in_len < 61 || |
markrad | 0:cdf462088d13 | 3321 | in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || |
markrad | 0:cdf462088d13 | 3322 | in[3] != 0 || in[4] != 0 || |
markrad | 0:cdf462088d13 | 3323 | in[19] != 0 || in[20] != 0 || in[21] != 0 ) |
markrad | 0:cdf462088d13 | 3324 | { |
markrad | 0:cdf462088d13 | 3325 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
markrad | 0:cdf462088d13 | 3326 | } |
markrad | 0:cdf462088d13 | 3327 | |
markrad | 0:cdf462088d13 | 3328 | sid_len = in[59]; |
markrad | 0:cdf462088d13 | 3329 | if( sid_len > in_len - 61 ) |
markrad | 0:cdf462088d13 | 3330 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
markrad | 0:cdf462088d13 | 3331 | |
markrad | 0:cdf462088d13 | 3332 | cookie_len = in[60 + sid_len]; |
markrad | 0:cdf462088d13 | 3333 | if( cookie_len > in_len - 60 ) |
markrad | 0:cdf462088d13 | 3334 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
markrad | 0:cdf462088d13 | 3335 | |
markrad | 0:cdf462088d13 | 3336 | if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len, |
markrad | 0:cdf462088d13 | 3337 | cli_id, cli_id_len ) == 0 ) |
markrad | 0:cdf462088d13 | 3338 | { |
markrad | 0:cdf462088d13 | 3339 | /* Valid cookie */ |
markrad | 0:cdf462088d13 | 3340 | return( 0 ); |
markrad | 0:cdf462088d13 | 3341 | } |
markrad | 0:cdf462088d13 | 3342 | |
markrad | 0:cdf462088d13 | 3343 | /* |
markrad | 0:cdf462088d13 | 3344 | * If we get here, we've got an invalid cookie, let's prepare HVR. |
markrad | 0:cdf462088d13 | 3345 | * |
markrad | 0:cdf462088d13 | 3346 | * 0-0 ContentType type; copied |
markrad | 0:cdf462088d13 | 3347 | * 1-2 ProtocolVersion version; copied |
markrad | 0:cdf462088d13 | 3348 | * 3-4 uint16 epoch; copied |
markrad | 0:cdf462088d13 | 3349 | * 5-10 uint48 sequence_number; copied |
markrad | 0:cdf462088d13 | 3350 | * 11-12 uint16 length; olen - 13 |
markrad | 0:cdf462088d13 | 3351 | * |
markrad | 0:cdf462088d13 | 3352 | * 13-13 HandshakeType msg_type; hello_verify_request |
markrad | 0:cdf462088d13 | 3353 | * 14-16 uint24 length; olen - 25 |
markrad | 0:cdf462088d13 | 3354 | * 17-18 uint16 message_seq; copied |
markrad | 0:cdf462088d13 | 3355 | * 19-21 uint24 fragment_offset; copied |
markrad | 0:cdf462088d13 | 3356 | * 22-24 uint24 fragment_length; olen - 25 |
markrad | 0:cdf462088d13 | 3357 | * |
markrad | 0:cdf462088d13 | 3358 | * 25-26 ProtocolVersion server_version; 0xfe 0xff |
markrad | 0:cdf462088d13 | 3359 | * 27-27 opaque cookie<0..2^8-1>; cookie_len = olen - 27, cookie |
markrad | 0:cdf462088d13 | 3360 | * |
markrad | 0:cdf462088d13 | 3361 | * Minimum length is 28. |
markrad | 0:cdf462088d13 | 3362 | */ |
markrad | 0:cdf462088d13 | 3363 | if( buf_len < 28 ) |
markrad | 0:cdf462088d13 | 3364 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); |
markrad | 0:cdf462088d13 | 3365 | |
markrad | 0:cdf462088d13 | 3366 | /* Copy most fields and adapt others */ |
markrad | 0:cdf462088d13 | 3367 | memcpy( obuf, in, 25 ); |
markrad | 0:cdf462088d13 | 3368 | obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; |
markrad | 0:cdf462088d13 | 3369 | obuf[25] = 0xfe; |
markrad | 0:cdf462088d13 | 3370 | obuf[26] = 0xff; |
markrad | 0:cdf462088d13 | 3371 | |
markrad | 0:cdf462088d13 | 3372 | /* Generate and write actual cookie */ |
markrad | 0:cdf462088d13 | 3373 | p = obuf + 28; |
markrad | 0:cdf462088d13 | 3374 | if( f_cookie_write( p_cookie, |
markrad | 0:cdf462088d13 | 3375 | &p, obuf + buf_len, cli_id, cli_id_len ) != 0 ) |
markrad | 0:cdf462088d13 | 3376 | { |
markrad | 0:cdf462088d13 | 3377 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 3378 | } |
markrad | 0:cdf462088d13 | 3379 | |
markrad | 0:cdf462088d13 | 3380 | *olen = p - obuf; |
markrad | 0:cdf462088d13 | 3381 | |
markrad | 0:cdf462088d13 | 3382 | /* Go back and fill length fields */ |
markrad | 0:cdf462088d13 | 3383 | obuf[27] = (unsigned char)( *olen - 28 ); |
markrad | 0:cdf462088d13 | 3384 | |
markrad | 0:cdf462088d13 | 3385 | obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 ); |
markrad | 0:cdf462088d13 | 3386 | obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 ); |
markrad | 0:cdf462088d13 | 3387 | obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) ); |
markrad | 0:cdf462088d13 | 3388 | |
markrad | 0:cdf462088d13 | 3389 | obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 ); |
markrad | 0:cdf462088d13 | 3390 | obuf[12] = (unsigned char)( ( *olen - 13 ) ); |
markrad | 0:cdf462088d13 | 3391 | |
markrad | 0:cdf462088d13 | 3392 | return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); |
markrad | 0:cdf462088d13 | 3393 | } |
markrad | 0:cdf462088d13 | 3394 | |
markrad | 0:cdf462088d13 | 3395 | /* |
markrad | 0:cdf462088d13 | 3396 | * Handle possible client reconnect with the same UDP quadruplet |
markrad | 0:cdf462088d13 | 3397 | * (RFC 6347 Section 4.2.8). |
markrad | 0:cdf462088d13 | 3398 | * |
markrad | 0:cdf462088d13 | 3399 | * Called by ssl_parse_record_header() in case we receive an epoch 0 record |
markrad | 0:cdf462088d13 | 3400 | * that looks like a ClientHello. |
markrad | 0:cdf462088d13 | 3401 | * |
markrad | 0:cdf462088d13 | 3402 | * - if the input looks like a ClientHello without cookies, |
markrad | 0:cdf462088d13 | 3403 | * send back HelloVerifyRequest, then |
markrad | 0:cdf462088d13 | 3404 | * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED |
markrad | 0:cdf462088d13 | 3405 | * - if the input looks like a ClientHello with a valid cookie, |
markrad | 0:cdf462088d13 | 3406 | * reset the session of the current context, and |
markrad | 0:cdf462088d13 | 3407 | * return MBEDTLS_ERR_SSL_CLIENT_RECONNECT |
markrad | 0:cdf462088d13 | 3408 | * - if anything goes wrong, return a specific error code |
markrad | 0:cdf462088d13 | 3409 | * |
markrad | 0:cdf462088d13 | 3410 | * mbedtls_ssl_read_record() will ignore the record if anything else than |
markrad | 0:cdf462088d13 | 3411 | * MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function |
markrad | 0:cdf462088d13 | 3412 | * cannot not return 0. |
markrad | 0:cdf462088d13 | 3413 | */ |
markrad | 0:cdf462088d13 | 3414 | static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3415 | { |
markrad | 0:cdf462088d13 | 3416 | int ret; |
markrad | 0:cdf462088d13 | 3417 | size_t len; |
markrad | 0:cdf462088d13 | 3418 | |
markrad | 0:cdf462088d13 | 3419 | ret = ssl_check_dtls_clihlo_cookie( |
markrad | 0:cdf462088d13 | 3420 | ssl->conf->f_cookie_write, |
markrad | 0:cdf462088d13 | 3421 | ssl->conf->f_cookie_check, |
markrad | 0:cdf462088d13 | 3422 | ssl->conf->p_cookie, |
markrad | 0:cdf462088d13 | 3423 | ssl->cli_id, ssl->cli_id_len, |
markrad | 0:cdf462088d13 | 3424 | ssl->in_buf, ssl->in_left, |
markrad | 0:cdf462088d13 | 3425 | ssl->out_buf, MBEDTLS_SSL_MAX_CONTENT_LEN, &len ); |
markrad | 0:cdf462088d13 | 3426 | |
markrad | 0:cdf462088d13 | 3427 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret ); |
markrad | 0:cdf462088d13 | 3428 | |
markrad | 0:cdf462088d13 | 3429 | if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) |
markrad | 0:cdf462088d13 | 3430 | { |
markrad | 0:cdf462088d13 | 3431 | /* Don't check write errors as we can't do anything here. |
markrad | 0:cdf462088d13 | 3432 | * If the error is permanent we'll catch it later, |
markrad | 0:cdf462088d13 | 3433 | * if it's not, then hopefully it'll work next time. */ |
markrad | 0:cdf462088d13 | 3434 | (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); |
markrad | 0:cdf462088d13 | 3435 | |
markrad | 0:cdf462088d13 | 3436 | return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); |
markrad | 0:cdf462088d13 | 3437 | } |
markrad | 0:cdf462088d13 | 3438 | |
markrad | 0:cdf462088d13 | 3439 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 3440 | { |
markrad | 0:cdf462088d13 | 3441 | /* Got a valid cookie, partially reset context */ |
markrad | 0:cdf462088d13 | 3442 | if( ( ret = ssl_session_reset_int( ssl, 1 ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3443 | { |
markrad | 0:cdf462088d13 | 3444 | MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret ); |
markrad | 0:cdf462088d13 | 3445 | return( ret ); |
markrad | 0:cdf462088d13 | 3446 | } |
markrad | 0:cdf462088d13 | 3447 | |
markrad | 0:cdf462088d13 | 3448 | return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT ); |
markrad | 0:cdf462088d13 | 3449 | } |
markrad | 0:cdf462088d13 | 3450 | |
markrad | 0:cdf462088d13 | 3451 | return( ret ); |
markrad | 0:cdf462088d13 | 3452 | } |
markrad | 0:cdf462088d13 | 3453 | #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 3454 | |
markrad | 0:cdf462088d13 | 3455 | /* |
markrad | 0:cdf462088d13 | 3456 | * ContentType type; |
markrad | 0:cdf462088d13 | 3457 | * ProtocolVersion version; |
markrad | 0:cdf462088d13 | 3458 | * uint16 epoch; // DTLS only |
markrad | 0:cdf462088d13 | 3459 | * uint48 sequence_number; // DTLS only |
markrad | 0:cdf462088d13 | 3460 | * uint16 length; |
markrad | 0:cdf462088d13 | 3461 | * |
markrad | 0:cdf462088d13 | 3462 | * Return 0 if header looks sane (and, for DTLS, the record is expected) |
markrad | 0:cdf462088d13 | 3463 | * MBEDTLS_ERR_SSL_INVALID_RECORD if the header looks bad, |
markrad | 0:cdf462088d13 | 3464 | * MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected. |
markrad | 0:cdf462088d13 | 3465 | * |
markrad | 0:cdf462088d13 | 3466 | * With DTLS, mbedtls_ssl_read_record() will: |
markrad | 0:cdf462088d13 | 3467 | * 1. proceed with the record if this function returns 0 |
markrad | 0:cdf462088d13 | 3468 | * 2. drop only the current record if this function returns UNEXPECTED_RECORD |
markrad | 0:cdf462088d13 | 3469 | * 3. return CLIENT_RECONNECT if this function return that value |
markrad | 0:cdf462088d13 | 3470 | * 4. drop the whole datagram if this function returns anything else. |
markrad | 0:cdf462088d13 | 3471 | * Point 2 is needed when the peer is resending, and we have already received |
markrad | 0:cdf462088d13 | 3472 | * the first record from a datagram but are still waiting for the others. |
markrad | 0:cdf462088d13 | 3473 | */ |
markrad | 0:cdf462088d13 | 3474 | static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3475 | { |
markrad | 0:cdf462088d13 | 3476 | int ret; |
markrad | 0:cdf462088d13 | 3477 | int major_ver, minor_ver; |
markrad | 0:cdf462088d13 | 3478 | |
markrad | 0:cdf462088d13 | 3479 | MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) ); |
markrad | 0:cdf462088d13 | 3480 | |
markrad | 0:cdf462088d13 | 3481 | ssl->in_msgtype = ssl->in_hdr[0]; |
markrad | 0:cdf462088d13 | 3482 | ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; |
markrad | 0:cdf462088d13 | 3483 | mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 ); |
markrad | 0:cdf462088d13 | 3484 | |
markrad | 0:cdf462088d13 | 3485 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " |
markrad | 0:cdf462088d13 | 3486 | "version = [%d:%d], msglen = %d", |
markrad | 0:cdf462088d13 | 3487 | ssl->in_msgtype, |
markrad | 0:cdf462088d13 | 3488 | major_ver, minor_ver, ssl->in_msglen ) ); |
markrad | 0:cdf462088d13 | 3489 | |
markrad | 0:cdf462088d13 | 3490 | /* Check record type */ |
markrad | 0:cdf462088d13 | 3491 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 3492 | ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT && |
markrad | 0:cdf462088d13 | 3493 | ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && |
markrad | 0:cdf462088d13 | 3494 | ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
markrad | 0:cdf462088d13 | 3495 | { |
markrad | 0:cdf462088d13 | 3496 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); |
markrad | 0:cdf462088d13 | 3497 | |
markrad | 0:cdf462088d13 | 3498 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
markrad | 0:cdf462088d13 | 3499 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
markrad | 0:cdf462088d13 | 3500 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3501 | { |
markrad | 0:cdf462088d13 | 3502 | return( ret ); |
markrad | 0:cdf462088d13 | 3503 | } |
markrad | 0:cdf462088d13 | 3504 | |
markrad | 0:cdf462088d13 | 3505 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3506 | } |
markrad | 0:cdf462088d13 | 3507 | |
markrad | 0:cdf462088d13 | 3508 | /* Check version */ |
markrad | 0:cdf462088d13 | 3509 | if( major_ver != ssl->major_ver ) |
markrad | 0:cdf462088d13 | 3510 | { |
markrad | 0:cdf462088d13 | 3511 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) ); |
markrad | 0:cdf462088d13 | 3512 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3513 | } |
markrad | 0:cdf462088d13 | 3514 | |
markrad | 0:cdf462088d13 | 3515 | if( minor_ver > ssl->conf->max_minor_ver ) |
markrad | 0:cdf462088d13 | 3516 | { |
markrad | 0:cdf462088d13 | 3517 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) ); |
markrad | 0:cdf462088d13 | 3518 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3519 | } |
markrad | 0:cdf462088d13 | 3520 | |
markrad | 0:cdf462088d13 | 3521 | /* Check length against the size of our buffer */ |
markrad | 0:cdf462088d13 | 3522 | if( ssl->in_msglen > MBEDTLS_SSL_BUFFER_LEN |
markrad | 0:cdf462088d13 | 3523 | - (size_t)( ssl->in_msg - ssl->in_buf ) ) |
markrad | 0:cdf462088d13 | 3524 | { |
markrad | 0:cdf462088d13 | 3525 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
markrad | 0:cdf462088d13 | 3526 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3527 | } |
markrad | 0:cdf462088d13 | 3528 | |
markrad | 0:cdf462088d13 | 3529 | /* Check length against bounds of the current transform and version */ |
markrad | 0:cdf462088d13 | 3530 | if( ssl->transform_in == NULL ) |
markrad | 0:cdf462088d13 | 3531 | { |
markrad | 0:cdf462088d13 | 3532 | if( ssl->in_msglen < 1 || |
markrad | 0:cdf462088d13 | 3533 | ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
markrad | 0:cdf462088d13 | 3534 | { |
markrad | 0:cdf462088d13 | 3535 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
markrad | 0:cdf462088d13 | 3536 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3537 | } |
markrad | 0:cdf462088d13 | 3538 | } |
markrad | 0:cdf462088d13 | 3539 | else |
markrad | 0:cdf462088d13 | 3540 | { |
markrad | 0:cdf462088d13 | 3541 | if( ssl->in_msglen < ssl->transform_in->minlen ) |
markrad | 0:cdf462088d13 | 3542 | { |
markrad | 0:cdf462088d13 | 3543 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
markrad | 0:cdf462088d13 | 3544 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3545 | } |
markrad | 0:cdf462088d13 | 3546 | |
markrad | 0:cdf462088d13 | 3547 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 3548 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && |
markrad | 0:cdf462088d13 | 3549 | ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN ) |
markrad | 0:cdf462088d13 | 3550 | { |
markrad | 0:cdf462088d13 | 3551 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
markrad | 0:cdf462088d13 | 3552 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3553 | } |
markrad | 0:cdf462088d13 | 3554 | #endif |
markrad | 0:cdf462088d13 | 3555 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 3556 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 3557 | /* |
markrad | 0:cdf462088d13 | 3558 | * TLS encrypted messages can have up to 256 bytes of padding |
markrad | 0:cdf462088d13 | 3559 | */ |
markrad | 0:cdf462088d13 | 3560 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 && |
markrad | 0:cdf462088d13 | 3561 | ssl->in_msglen > ssl->transform_in->minlen + |
markrad | 0:cdf462088d13 | 3562 | MBEDTLS_SSL_MAX_CONTENT_LEN + 256 ) |
markrad | 0:cdf462088d13 | 3563 | { |
markrad | 0:cdf462088d13 | 3564 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
markrad | 0:cdf462088d13 | 3565 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3566 | } |
markrad | 0:cdf462088d13 | 3567 | #endif |
markrad | 0:cdf462088d13 | 3568 | } |
markrad | 0:cdf462088d13 | 3569 | |
markrad | 0:cdf462088d13 | 3570 | /* |
markrad | 0:cdf462088d13 | 3571 | * DTLS-related tests done last, because most of them may result in |
markrad | 0:cdf462088d13 | 3572 | * silently dropping the record (but not the whole datagram), and we only |
markrad | 0:cdf462088d13 | 3573 | * want to consider that after ensuring that the "basic" fields (type, |
markrad | 0:cdf462088d13 | 3574 | * version, length) are sane. |
markrad | 0:cdf462088d13 | 3575 | */ |
markrad | 0:cdf462088d13 | 3576 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3577 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 3578 | { |
markrad | 0:cdf462088d13 | 3579 | unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; |
markrad | 0:cdf462088d13 | 3580 | |
markrad | 0:cdf462088d13 | 3581 | /* Drop unexpected ChangeCipherSpec messages */ |
markrad | 0:cdf462088d13 | 3582 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && |
markrad | 0:cdf462088d13 | 3583 | ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && |
markrad | 0:cdf462088d13 | 3584 | ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) |
markrad | 0:cdf462088d13 | 3585 | { |
markrad | 0:cdf462088d13 | 3586 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) ); |
markrad | 0:cdf462088d13 | 3587 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
markrad | 0:cdf462088d13 | 3588 | } |
markrad | 0:cdf462088d13 | 3589 | |
markrad | 0:cdf462088d13 | 3590 | /* Drop unexpected ApplicationData records, |
markrad | 0:cdf462088d13 | 3591 | * except at the beginning of renegotiations */ |
markrad | 0:cdf462088d13 | 3592 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && |
markrad | 0:cdf462088d13 | 3593 | ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER |
markrad | 0:cdf462088d13 | 3594 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 3595 | && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && |
markrad | 0:cdf462088d13 | 3596 | ssl->state == MBEDTLS_SSL_SERVER_HELLO ) |
markrad | 0:cdf462088d13 | 3597 | #endif |
markrad | 0:cdf462088d13 | 3598 | ) |
markrad | 0:cdf462088d13 | 3599 | { |
markrad | 0:cdf462088d13 | 3600 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) ); |
markrad | 0:cdf462088d13 | 3601 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
markrad | 0:cdf462088d13 | 3602 | } |
markrad | 0:cdf462088d13 | 3603 | |
markrad | 0:cdf462088d13 | 3604 | /* Check epoch (and sequence number) with DTLS */ |
markrad | 0:cdf462088d13 | 3605 | if( rec_epoch != ssl->in_epoch ) |
markrad | 0:cdf462088d13 | 3606 | { |
markrad | 0:cdf462088d13 | 3607 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: " |
markrad | 0:cdf462088d13 | 3608 | "expected %d, received %d", |
markrad | 0:cdf462088d13 | 3609 | ssl->in_epoch, rec_epoch ) ); |
markrad | 0:cdf462088d13 | 3610 | |
markrad | 0:cdf462088d13 | 3611 | #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 3612 | /* |
markrad | 0:cdf462088d13 | 3613 | * Check for an epoch 0 ClientHello. We can't use in_msg here to |
markrad | 0:cdf462088d13 | 3614 | * access the first byte of record content (handshake type), as we |
markrad | 0:cdf462088d13 | 3615 | * have an active transform (possibly iv_len != 0), so use the |
markrad | 0:cdf462088d13 | 3616 | * fact that the record header len is 13 instead. |
markrad | 0:cdf462088d13 | 3617 | */ |
markrad | 0:cdf462088d13 | 3618 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 3619 | ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && |
markrad | 0:cdf462088d13 | 3620 | rec_epoch == 0 && |
markrad | 0:cdf462088d13 | 3621 | ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 3622 | ssl->in_left > 13 && |
markrad | 0:cdf462088d13 | 3623 | ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO ) |
markrad | 0:cdf462088d13 | 3624 | { |
markrad | 0:cdf462088d13 | 3625 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect " |
markrad | 0:cdf462088d13 | 3626 | "from the same port" ) ); |
markrad | 0:cdf462088d13 | 3627 | return( ssl_handle_possible_reconnect( ssl ) ); |
markrad | 0:cdf462088d13 | 3628 | } |
markrad | 0:cdf462088d13 | 3629 | else |
markrad | 0:cdf462088d13 | 3630 | #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 3631 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
markrad | 0:cdf462088d13 | 3632 | } |
markrad | 0:cdf462088d13 | 3633 | |
markrad | 0:cdf462088d13 | 3634 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 3635 | /* Replay detection only works for the current epoch */ |
markrad | 0:cdf462088d13 | 3636 | if( rec_epoch == ssl->in_epoch && |
markrad | 0:cdf462088d13 | 3637 | mbedtls_ssl_dtls_replay_check( ssl ) != 0 ) |
markrad | 0:cdf462088d13 | 3638 | { |
markrad | 0:cdf462088d13 | 3639 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) ); |
markrad | 0:cdf462088d13 | 3640 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
markrad | 0:cdf462088d13 | 3641 | } |
markrad | 0:cdf462088d13 | 3642 | #endif |
markrad | 0:cdf462088d13 | 3643 | } |
markrad | 0:cdf462088d13 | 3644 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 3645 | |
markrad | 0:cdf462088d13 | 3646 | return( 0 ); |
markrad | 0:cdf462088d13 | 3647 | } |
markrad | 0:cdf462088d13 | 3648 | |
markrad | 0:cdf462088d13 | 3649 | /* |
markrad | 0:cdf462088d13 | 3650 | * If applicable, decrypt (and decompress) record content |
markrad | 0:cdf462088d13 | 3651 | */ |
markrad | 0:cdf462088d13 | 3652 | static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3653 | { |
markrad | 0:cdf462088d13 | 3654 | int ret, done = 0; |
markrad | 0:cdf462088d13 | 3655 | |
markrad | 0:cdf462088d13 | 3656 | MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network", |
markrad | 0:cdf462088d13 | 3657 | ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 3658 | |
markrad | 0:cdf462088d13 | 3659 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 3660 | if( mbedtls_ssl_hw_record_read != NULL ) |
markrad | 0:cdf462088d13 | 3661 | { |
markrad | 0:cdf462088d13 | 3662 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_read()" ) ); |
markrad | 0:cdf462088d13 | 3663 | |
markrad | 0:cdf462088d13 | 3664 | ret = mbedtls_ssl_hw_record_read( ssl ); |
markrad | 0:cdf462088d13 | 3665 | if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) |
markrad | 0:cdf462088d13 | 3666 | { |
markrad | 0:cdf462088d13 | 3667 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_read", ret ); |
markrad | 0:cdf462088d13 | 3668 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 3669 | } |
markrad | 0:cdf462088d13 | 3670 | |
markrad | 0:cdf462088d13 | 3671 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 3672 | done = 1; |
markrad | 0:cdf462088d13 | 3673 | } |
markrad | 0:cdf462088d13 | 3674 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
markrad | 0:cdf462088d13 | 3675 | if( !done && ssl->transform_in != NULL ) |
markrad | 0:cdf462088d13 | 3676 | { |
markrad | 0:cdf462088d13 | 3677 | if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3678 | { |
markrad | 0:cdf462088d13 | 3679 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret ); |
markrad | 0:cdf462088d13 | 3680 | return( ret ); |
markrad | 0:cdf462088d13 | 3681 | } |
markrad | 0:cdf462088d13 | 3682 | |
markrad | 0:cdf462088d13 | 3683 | MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt", |
markrad | 0:cdf462088d13 | 3684 | ssl->in_msg, ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 3685 | |
markrad | 0:cdf462088d13 | 3686 | if( ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
markrad | 0:cdf462088d13 | 3687 | { |
markrad | 0:cdf462088d13 | 3688 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
markrad | 0:cdf462088d13 | 3689 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3690 | } |
markrad | 0:cdf462088d13 | 3691 | } |
markrad | 0:cdf462088d13 | 3692 | |
markrad | 0:cdf462088d13 | 3693 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 3694 | if( ssl->transform_in != NULL && |
markrad | 0:cdf462088d13 | 3695 | ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
markrad | 0:cdf462088d13 | 3696 | { |
markrad | 0:cdf462088d13 | 3697 | if( ( ret = ssl_decompress_buf( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3698 | { |
markrad | 0:cdf462088d13 | 3699 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret ); |
markrad | 0:cdf462088d13 | 3700 | return( ret ); |
markrad | 0:cdf462088d13 | 3701 | } |
markrad | 0:cdf462088d13 | 3702 | } |
markrad | 0:cdf462088d13 | 3703 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
markrad | 0:cdf462088d13 | 3704 | |
markrad | 0:cdf462088d13 | 3705 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 3706 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 3707 | { |
markrad | 0:cdf462088d13 | 3708 | mbedtls_ssl_dtls_replay_update( ssl ); |
markrad | 0:cdf462088d13 | 3709 | } |
markrad | 0:cdf462088d13 | 3710 | #endif |
markrad | 0:cdf462088d13 | 3711 | |
markrad | 0:cdf462088d13 | 3712 | return( 0 ); |
markrad | 0:cdf462088d13 | 3713 | } |
markrad | 0:cdf462088d13 | 3714 | |
markrad | 0:cdf462088d13 | 3715 | static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ); |
markrad | 0:cdf462088d13 | 3716 | |
markrad | 0:cdf462088d13 | 3717 | /* |
markrad | 0:cdf462088d13 | 3718 | * Read a record. |
markrad | 0:cdf462088d13 | 3719 | * |
markrad | 0:cdf462088d13 | 3720 | * Silently ignore non-fatal alert (and for DTLS, invalid records as well, |
markrad | 0:cdf462088d13 | 3721 | * RFC 6347 4.1.2.7) and continue reading until a valid record is found. |
markrad | 0:cdf462088d13 | 3722 | * |
markrad | 0:cdf462088d13 | 3723 | */ |
markrad | 0:cdf462088d13 | 3724 | int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3725 | { |
markrad | 0:cdf462088d13 | 3726 | int ret; |
markrad | 0:cdf462088d13 | 3727 | |
markrad | 0:cdf462088d13 | 3728 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) ); |
markrad | 0:cdf462088d13 | 3729 | |
markrad | 0:cdf462088d13 | 3730 | do { |
markrad | 0:cdf462088d13 | 3731 | |
markrad | 0:cdf462088d13 | 3732 | if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3733 | { |
markrad | 0:cdf462088d13 | 3734 | MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); |
markrad | 0:cdf462088d13 | 3735 | return( ret ); |
markrad | 0:cdf462088d13 | 3736 | } |
markrad | 0:cdf462088d13 | 3737 | |
markrad | 0:cdf462088d13 | 3738 | ret = mbedtls_ssl_handle_message_type( ssl ); |
markrad | 0:cdf462088d13 | 3739 | |
markrad | 0:cdf462088d13 | 3740 | } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ); |
markrad | 0:cdf462088d13 | 3741 | |
markrad | 0:cdf462088d13 | 3742 | if( 0 != ret ) |
markrad | 0:cdf462088d13 | 3743 | { |
markrad | 0:cdf462088d13 | 3744 | MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret ); |
markrad | 0:cdf462088d13 | 3745 | return( ret ); |
markrad | 0:cdf462088d13 | 3746 | } |
markrad | 0:cdf462088d13 | 3747 | |
markrad | 0:cdf462088d13 | 3748 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
markrad | 0:cdf462088d13 | 3749 | { |
markrad | 0:cdf462088d13 | 3750 | mbedtls_ssl_update_handshake_status( ssl ); |
markrad | 0:cdf462088d13 | 3751 | } |
markrad | 0:cdf462088d13 | 3752 | |
markrad | 0:cdf462088d13 | 3753 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) ); |
markrad | 0:cdf462088d13 | 3754 | |
markrad | 0:cdf462088d13 | 3755 | return( 0 ); |
markrad | 0:cdf462088d13 | 3756 | } |
markrad | 0:cdf462088d13 | 3757 | |
markrad | 0:cdf462088d13 | 3758 | int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3759 | { |
markrad | 0:cdf462088d13 | 3760 | int ret; |
markrad | 0:cdf462088d13 | 3761 | |
markrad | 0:cdf462088d13 | 3762 | if( ssl->in_hslen != 0 && ssl->in_hslen < ssl->in_msglen ) |
markrad | 0:cdf462088d13 | 3763 | { |
markrad | 0:cdf462088d13 | 3764 | /* |
markrad | 0:cdf462088d13 | 3765 | * Get next Handshake message in the current record |
markrad | 0:cdf462088d13 | 3766 | */ |
markrad | 0:cdf462088d13 | 3767 | ssl->in_msglen -= ssl->in_hslen; |
markrad | 0:cdf462088d13 | 3768 | |
markrad | 0:cdf462088d13 | 3769 | memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen, |
markrad | 0:cdf462088d13 | 3770 | ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 3771 | |
markrad | 0:cdf462088d13 | 3772 | MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record", |
markrad | 0:cdf462088d13 | 3773 | ssl->in_msg, ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 3774 | |
markrad | 0:cdf462088d13 | 3775 | return( 0 ); |
markrad | 0:cdf462088d13 | 3776 | } |
markrad | 0:cdf462088d13 | 3777 | |
markrad | 0:cdf462088d13 | 3778 | ssl->in_hslen = 0; |
markrad | 0:cdf462088d13 | 3779 | |
markrad | 0:cdf462088d13 | 3780 | /* |
markrad | 0:cdf462088d13 | 3781 | * Read the record header and parse it |
markrad | 0:cdf462088d13 | 3782 | */ |
markrad | 0:cdf462088d13 | 3783 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3784 | read_record_header: |
markrad | 0:cdf462088d13 | 3785 | #endif |
markrad | 0:cdf462088d13 | 3786 | |
markrad | 0:cdf462088d13 | 3787 | if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3788 | { |
markrad | 0:cdf462088d13 | 3789 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); |
markrad | 0:cdf462088d13 | 3790 | return( ret ); |
markrad | 0:cdf462088d13 | 3791 | } |
markrad | 0:cdf462088d13 | 3792 | |
markrad | 0:cdf462088d13 | 3793 | if( ( ret = ssl_parse_record_header( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3794 | { |
markrad | 0:cdf462088d13 | 3795 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3796 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 3797 | ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT ) |
markrad | 0:cdf462088d13 | 3798 | { |
markrad | 0:cdf462088d13 | 3799 | if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ) |
markrad | 0:cdf462088d13 | 3800 | { |
markrad | 0:cdf462088d13 | 3801 | /* Skip unexpected record (but not whole datagram) */ |
markrad | 0:cdf462088d13 | 3802 | ssl->next_record_offset = ssl->in_msglen |
markrad | 0:cdf462088d13 | 3803 | + mbedtls_ssl_hdr_len( ssl ); |
markrad | 0:cdf462088d13 | 3804 | |
markrad | 0:cdf462088d13 | 3805 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record " |
markrad | 0:cdf462088d13 | 3806 | "(header)" ) ); |
markrad | 0:cdf462088d13 | 3807 | } |
markrad | 0:cdf462088d13 | 3808 | else |
markrad | 0:cdf462088d13 | 3809 | { |
markrad | 0:cdf462088d13 | 3810 | /* Skip invalid record and the rest of the datagram */ |
markrad | 0:cdf462088d13 | 3811 | ssl->next_record_offset = 0; |
markrad | 0:cdf462088d13 | 3812 | ssl->in_left = 0; |
markrad | 0:cdf462088d13 | 3813 | |
markrad | 0:cdf462088d13 | 3814 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record " |
markrad | 0:cdf462088d13 | 3815 | "(header)" ) ); |
markrad | 0:cdf462088d13 | 3816 | } |
markrad | 0:cdf462088d13 | 3817 | |
markrad | 0:cdf462088d13 | 3818 | /* Get next record */ |
markrad | 0:cdf462088d13 | 3819 | goto read_record_header; |
markrad | 0:cdf462088d13 | 3820 | } |
markrad | 0:cdf462088d13 | 3821 | #endif |
markrad | 0:cdf462088d13 | 3822 | return( ret ); |
markrad | 0:cdf462088d13 | 3823 | } |
markrad | 0:cdf462088d13 | 3824 | |
markrad | 0:cdf462088d13 | 3825 | /* |
markrad | 0:cdf462088d13 | 3826 | * Read and optionally decrypt the message contents |
markrad | 0:cdf462088d13 | 3827 | */ |
markrad | 0:cdf462088d13 | 3828 | if( ( ret = mbedtls_ssl_fetch_input( ssl, |
markrad | 0:cdf462088d13 | 3829 | mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3830 | { |
markrad | 0:cdf462088d13 | 3831 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); |
markrad | 0:cdf462088d13 | 3832 | return( ret ); |
markrad | 0:cdf462088d13 | 3833 | } |
markrad | 0:cdf462088d13 | 3834 | |
markrad | 0:cdf462088d13 | 3835 | /* Done reading this record, get ready for the next one */ |
markrad | 0:cdf462088d13 | 3836 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3837 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 3838 | ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl ); |
markrad | 0:cdf462088d13 | 3839 | else |
markrad | 0:cdf462088d13 | 3840 | #endif |
markrad | 0:cdf462088d13 | 3841 | ssl->in_left = 0; |
markrad | 0:cdf462088d13 | 3842 | |
markrad | 0:cdf462088d13 | 3843 | if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3844 | { |
markrad | 0:cdf462088d13 | 3845 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3846 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 3847 | { |
markrad | 0:cdf462088d13 | 3848 | /* Silently discard invalid records */ |
markrad | 0:cdf462088d13 | 3849 | if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD || |
markrad | 0:cdf462088d13 | 3850 | ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
markrad | 0:cdf462088d13 | 3851 | { |
markrad | 0:cdf462088d13 | 3852 | /* Except when waiting for Finished as a bad mac here |
markrad | 0:cdf462088d13 | 3853 | * probably means something went wrong in the handshake |
markrad | 0:cdf462088d13 | 3854 | * (eg wrong psk used, mitm downgrade attempt, etc.) */ |
markrad | 0:cdf462088d13 | 3855 | if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED || |
markrad | 0:cdf462088d13 | 3856 | ssl->state == MBEDTLS_SSL_SERVER_FINISHED ) |
markrad | 0:cdf462088d13 | 3857 | { |
markrad | 0:cdf462088d13 | 3858 | #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) |
markrad | 0:cdf462088d13 | 3859 | if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
markrad | 0:cdf462088d13 | 3860 | { |
markrad | 0:cdf462088d13 | 3861 | mbedtls_ssl_send_alert_message( ssl, |
markrad | 0:cdf462088d13 | 3862 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
markrad | 0:cdf462088d13 | 3863 | MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); |
markrad | 0:cdf462088d13 | 3864 | } |
markrad | 0:cdf462088d13 | 3865 | #endif |
markrad | 0:cdf462088d13 | 3866 | return( ret ); |
markrad | 0:cdf462088d13 | 3867 | } |
markrad | 0:cdf462088d13 | 3868 | |
markrad | 0:cdf462088d13 | 3869 | #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) |
markrad | 0:cdf462088d13 | 3870 | if( ssl->conf->badmac_limit != 0 && |
markrad | 0:cdf462088d13 | 3871 | ++ssl->badmac_seen >= ssl->conf->badmac_limit ) |
markrad | 0:cdf462088d13 | 3872 | { |
markrad | 0:cdf462088d13 | 3873 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) ); |
markrad | 0:cdf462088d13 | 3874 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 3875 | } |
markrad | 0:cdf462088d13 | 3876 | #endif |
markrad | 0:cdf462088d13 | 3877 | |
markrad | 0:cdf462088d13 | 3878 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) ); |
markrad | 0:cdf462088d13 | 3879 | goto read_record_header; |
markrad | 0:cdf462088d13 | 3880 | } |
markrad | 0:cdf462088d13 | 3881 | |
markrad | 0:cdf462088d13 | 3882 | return( ret ); |
markrad | 0:cdf462088d13 | 3883 | } |
markrad | 0:cdf462088d13 | 3884 | else |
markrad | 0:cdf462088d13 | 3885 | #endif |
markrad | 0:cdf462088d13 | 3886 | { |
markrad | 0:cdf462088d13 | 3887 | /* Error out (and send alert) on invalid records */ |
markrad | 0:cdf462088d13 | 3888 | #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) |
markrad | 0:cdf462088d13 | 3889 | if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
markrad | 0:cdf462088d13 | 3890 | { |
markrad | 0:cdf462088d13 | 3891 | mbedtls_ssl_send_alert_message( ssl, |
markrad | 0:cdf462088d13 | 3892 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
markrad | 0:cdf462088d13 | 3893 | MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); |
markrad | 0:cdf462088d13 | 3894 | } |
markrad | 0:cdf462088d13 | 3895 | #endif |
markrad | 0:cdf462088d13 | 3896 | return( ret ); |
markrad | 0:cdf462088d13 | 3897 | } |
markrad | 0:cdf462088d13 | 3898 | } |
markrad | 0:cdf462088d13 | 3899 | |
markrad | 0:cdf462088d13 | 3900 | /* |
markrad | 0:cdf462088d13 | 3901 | * When we sent the last flight of the handshake, we MUST respond to a |
markrad | 0:cdf462088d13 | 3902 | * retransmit of the peer's previous flight with a retransmit. (In |
markrad | 0:cdf462088d13 | 3903 | * practice, only the Finished message will make it, other messages |
markrad | 0:cdf462088d13 | 3904 | * including CCS use the old transform so they're dropped as invalid.) |
markrad | 0:cdf462088d13 | 3905 | * |
markrad | 0:cdf462088d13 | 3906 | * If the record we received is not a handshake message, however, it |
markrad | 0:cdf462088d13 | 3907 | * means the peer received our last flight so we can clean up |
markrad | 0:cdf462088d13 | 3908 | * handshake info. |
markrad | 0:cdf462088d13 | 3909 | * |
markrad | 0:cdf462088d13 | 3910 | * This check needs to be done before prepare_handshake() due to an edge |
markrad | 0:cdf462088d13 | 3911 | * case: if the client immediately requests renegotiation, this |
markrad | 0:cdf462088d13 | 3912 | * finishes the current handshake first, avoiding the new ClientHello |
markrad | 0:cdf462088d13 | 3913 | * being mistaken for an ancient message in the current handshake. |
markrad | 0:cdf462088d13 | 3914 | */ |
markrad | 0:cdf462088d13 | 3915 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3916 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 3917 | ssl->handshake != NULL && |
markrad | 0:cdf462088d13 | 3918 | ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 3919 | { |
markrad | 0:cdf462088d13 | 3920 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 3921 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
markrad | 0:cdf462088d13 | 3922 | { |
markrad | 0:cdf462088d13 | 3923 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "received retransmit of last flight" ) ); |
markrad | 0:cdf462088d13 | 3924 | |
markrad | 0:cdf462088d13 | 3925 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3926 | { |
markrad | 0:cdf462088d13 | 3927 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
markrad | 0:cdf462088d13 | 3928 | return( ret ); |
markrad | 0:cdf462088d13 | 3929 | } |
markrad | 0:cdf462088d13 | 3930 | |
markrad | 0:cdf462088d13 | 3931 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 3932 | } |
markrad | 0:cdf462088d13 | 3933 | else |
markrad | 0:cdf462088d13 | 3934 | { |
markrad | 0:cdf462088d13 | 3935 | ssl_handshake_wrapup_free_hs_transform( ssl ); |
markrad | 0:cdf462088d13 | 3936 | } |
markrad | 0:cdf462088d13 | 3937 | } |
markrad | 0:cdf462088d13 | 3938 | #endif |
markrad | 0:cdf462088d13 | 3939 | |
markrad | 0:cdf462088d13 | 3940 | return( 0 ); |
markrad | 0:cdf462088d13 | 3941 | } |
markrad | 0:cdf462088d13 | 3942 | |
markrad | 0:cdf462088d13 | 3943 | int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3944 | { |
markrad | 0:cdf462088d13 | 3945 | int ret; |
markrad | 0:cdf462088d13 | 3946 | |
markrad | 0:cdf462088d13 | 3947 | /* |
markrad | 0:cdf462088d13 | 3948 | * Handle particular types of records |
markrad | 0:cdf462088d13 | 3949 | */ |
markrad | 0:cdf462088d13 | 3950 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
markrad | 0:cdf462088d13 | 3951 | { |
markrad | 0:cdf462088d13 | 3952 | if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3953 | { |
markrad | 0:cdf462088d13 | 3954 | return( ret ); |
markrad | 0:cdf462088d13 | 3955 | } |
markrad | 0:cdf462088d13 | 3956 | } |
markrad | 0:cdf462088d13 | 3957 | |
markrad | 0:cdf462088d13 | 3958 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) |
markrad | 0:cdf462088d13 | 3959 | { |
markrad | 0:cdf462088d13 | 3960 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]", |
markrad | 0:cdf462088d13 | 3961 | ssl->in_msg[0], ssl->in_msg[1] ) ); |
markrad | 0:cdf462088d13 | 3962 | |
markrad | 0:cdf462088d13 | 3963 | /* |
markrad | 0:cdf462088d13 | 3964 | * Ignore non-fatal alerts, except close_notify and no_renegotiation |
markrad | 0:cdf462088d13 | 3965 | */ |
markrad | 0:cdf462088d13 | 3966 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL ) |
markrad | 0:cdf462088d13 | 3967 | { |
markrad | 0:cdf462088d13 | 3968 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)", |
markrad | 0:cdf462088d13 | 3969 | ssl->in_msg[1] ) ); |
markrad | 0:cdf462088d13 | 3970 | return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE ); |
markrad | 0:cdf462088d13 | 3971 | } |
markrad | 0:cdf462088d13 | 3972 | |
markrad | 0:cdf462088d13 | 3973 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
markrad | 0:cdf462088d13 | 3974 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) |
markrad | 0:cdf462088d13 | 3975 | { |
markrad | 0:cdf462088d13 | 3976 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); |
markrad | 0:cdf462088d13 | 3977 | return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ); |
markrad | 0:cdf462088d13 | 3978 | } |
markrad | 0:cdf462088d13 | 3979 | |
markrad | 0:cdf462088d13 | 3980 | #if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED) |
markrad | 0:cdf462088d13 | 3981 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
markrad | 0:cdf462088d13 | 3982 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) |
markrad | 0:cdf462088d13 | 3983 | { |
markrad | 0:cdf462088d13 | 3984 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); |
markrad | 0:cdf462088d13 | 3985 | /* Will be handled when trying to parse ServerHello */ |
markrad | 0:cdf462088d13 | 3986 | return( 0 ); |
markrad | 0:cdf462088d13 | 3987 | } |
markrad | 0:cdf462088d13 | 3988 | #endif |
markrad | 0:cdf462088d13 | 3989 | |
markrad | 0:cdf462088d13 | 3990 | #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 3991 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && |
markrad | 0:cdf462088d13 | 3992 | ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 3993 | ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
markrad | 0:cdf462088d13 | 3994 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) |
markrad | 0:cdf462088d13 | 3995 | { |
markrad | 0:cdf462088d13 | 3996 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); |
markrad | 0:cdf462088d13 | 3997 | /* Will be handled in mbedtls_ssl_parse_certificate() */ |
markrad | 0:cdf462088d13 | 3998 | return( 0 ); |
markrad | 0:cdf462088d13 | 3999 | } |
markrad | 0:cdf462088d13 | 4000 | #endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 4001 | |
markrad | 0:cdf462088d13 | 4002 | /* Silently ignore: fetch new message */ |
markrad | 0:cdf462088d13 | 4003 | return MBEDTLS_ERR_SSL_NON_FATAL; |
markrad | 0:cdf462088d13 | 4004 | } |
markrad | 0:cdf462088d13 | 4005 | |
markrad | 0:cdf462088d13 | 4006 | return( 0 ); |
markrad | 0:cdf462088d13 | 4007 | } |
markrad | 0:cdf462088d13 | 4008 | |
markrad | 0:cdf462088d13 | 4009 | int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4010 | { |
markrad | 0:cdf462088d13 | 4011 | int ret; |
markrad | 0:cdf462088d13 | 4012 | |
markrad | 0:cdf462088d13 | 4013 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
markrad | 0:cdf462088d13 | 4014 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
markrad | 0:cdf462088d13 | 4015 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4016 | { |
markrad | 0:cdf462088d13 | 4017 | return( ret ); |
markrad | 0:cdf462088d13 | 4018 | } |
markrad | 0:cdf462088d13 | 4019 | |
markrad | 0:cdf462088d13 | 4020 | return( 0 ); |
markrad | 0:cdf462088d13 | 4021 | } |
markrad | 0:cdf462088d13 | 4022 | |
markrad | 0:cdf462088d13 | 4023 | int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 4024 | unsigned char level, |
markrad | 0:cdf462088d13 | 4025 | unsigned char message ) |
markrad | 0:cdf462088d13 | 4026 | { |
markrad | 0:cdf462088d13 | 4027 | int ret; |
markrad | 0:cdf462088d13 | 4028 | |
markrad | 0:cdf462088d13 | 4029 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 4030 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 4031 | |
markrad | 0:cdf462088d13 | 4032 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) ); |
markrad | 0:cdf462088d13 | 4033 | |
markrad | 0:cdf462088d13 | 4034 | ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; |
markrad | 0:cdf462088d13 | 4035 | ssl->out_msglen = 2; |
markrad | 0:cdf462088d13 | 4036 | ssl->out_msg[0] = level; |
markrad | 0:cdf462088d13 | 4037 | ssl->out_msg[1] = message; |
markrad | 0:cdf462088d13 | 4038 | |
markrad | 0:cdf462088d13 | 4039 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4040 | { |
markrad | 0:cdf462088d13 | 4041 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 4042 | return( ret ); |
markrad | 0:cdf462088d13 | 4043 | } |
markrad | 0:cdf462088d13 | 4044 | |
markrad | 0:cdf462088d13 | 4045 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) ); |
markrad | 0:cdf462088d13 | 4046 | |
markrad | 0:cdf462088d13 | 4047 | return( 0 ); |
markrad | 0:cdf462088d13 | 4048 | } |
markrad | 0:cdf462088d13 | 4049 | |
markrad | 0:cdf462088d13 | 4050 | /* |
markrad | 0:cdf462088d13 | 4051 | * Handshake functions |
markrad | 0:cdf462088d13 | 4052 | */ |
markrad | 0:cdf462088d13 | 4053 | #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ |
markrad | 0:cdf462088d13 | 4054 | !defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ |
markrad | 0:cdf462088d13 | 4055 | !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ |
markrad | 0:cdf462088d13 | 4056 | !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ |
markrad | 0:cdf462088d13 | 4057 | !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ |
markrad | 0:cdf462088d13 | 4058 | !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ |
markrad | 0:cdf462088d13 | 4059 | !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) |
markrad | 0:cdf462088d13 | 4060 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4061 | { |
markrad | 0:cdf462088d13 | 4062 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
markrad | 0:cdf462088d13 | 4063 | |
markrad | 0:cdf462088d13 | 4064 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); |
markrad | 0:cdf462088d13 | 4065 | |
markrad | 0:cdf462088d13 | 4066 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
markrad | 0:cdf462088d13 | 4067 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
markrad | 0:cdf462088d13 | 4068 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
markrad | 0:cdf462088d13 | 4069 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
markrad | 0:cdf462088d13 | 4070 | { |
markrad | 0:cdf462088d13 | 4071 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
markrad | 0:cdf462088d13 | 4072 | ssl->state++; |
markrad | 0:cdf462088d13 | 4073 | return( 0 ); |
markrad | 0:cdf462088d13 | 4074 | } |
markrad | 0:cdf462088d13 | 4075 | |
markrad | 0:cdf462088d13 | 4076 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 4077 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 4078 | } |
markrad | 0:cdf462088d13 | 4079 | |
markrad | 0:cdf462088d13 | 4080 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4081 | { |
markrad | 0:cdf462088d13 | 4082 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
markrad | 0:cdf462088d13 | 4083 | |
markrad | 0:cdf462088d13 | 4084 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4085 | |
markrad | 0:cdf462088d13 | 4086 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
markrad | 0:cdf462088d13 | 4087 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
markrad | 0:cdf462088d13 | 4088 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
markrad | 0:cdf462088d13 | 4089 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
markrad | 0:cdf462088d13 | 4090 | { |
markrad | 0:cdf462088d13 | 4091 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4092 | ssl->state++; |
markrad | 0:cdf462088d13 | 4093 | return( 0 ); |
markrad | 0:cdf462088d13 | 4094 | } |
markrad | 0:cdf462088d13 | 4095 | |
markrad | 0:cdf462088d13 | 4096 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 4097 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 4098 | } |
markrad | 0:cdf462088d13 | 4099 | #else |
markrad | 0:cdf462088d13 | 4100 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4101 | { |
markrad | 0:cdf462088d13 | 4102 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
markrad | 0:cdf462088d13 | 4103 | size_t i, n; |
markrad | 0:cdf462088d13 | 4104 | const mbedtls_x509_crt *crt; |
markrad | 0:cdf462088d13 | 4105 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
markrad | 0:cdf462088d13 | 4106 | |
markrad | 0:cdf462088d13 | 4107 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); |
markrad | 0:cdf462088d13 | 4108 | |
markrad | 0:cdf462088d13 | 4109 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
markrad | 0:cdf462088d13 | 4110 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
markrad | 0:cdf462088d13 | 4111 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
markrad | 0:cdf462088d13 | 4112 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
markrad | 0:cdf462088d13 | 4113 | { |
markrad | 0:cdf462088d13 | 4114 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
markrad | 0:cdf462088d13 | 4115 | ssl->state++; |
markrad | 0:cdf462088d13 | 4116 | return( 0 ); |
markrad | 0:cdf462088d13 | 4117 | } |
markrad | 0:cdf462088d13 | 4118 | |
markrad | 0:cdf462088d13 | 4119 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 4120 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 4121 | { |
markrad | 0:cdf462088d13 | 4122 | if( ssl->client_auth == 0 ) |
markrad | 0:cdf462088d13 | 4123 | { |
markrad | 0:cdf462088d13 | 4124 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
markrad | 0:cdf462088d13 | 4125 | ssl->state++; |
markrad | 0:cdf462088d13 | 4126 | return( 0 ); |
markrad | 0:cdf462088d13 | 4127 | } |
markrad | 0:cdf462088d13 | 4128 | |
markrad | 0:cdf462088d13 | 4129 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 4130 | /* |
markrad | 0:cdf462088d13 | 4131 | * If using SSLv3 and got no cert, send an Alert message |
markrad | 0:cdf462088d13 | 4132 | * (otherwise an empty Certificate message will be sent). |
markrad | 0:cdf462088d13 | 4133 | */ |
markrad | 0:cdf462088d13 | 4134 | if( mbedtls_ssl_own_cert( ssl ) == NULL && |
markrad | 0:cdf462088d13 | 4135 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 4136 | { |
markrad | 0:cdf462088d13 | 4137 | ssl->out_msglen = 2; |
markrad | 0:cdf462088d13 | 4138 | ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; |
markrad | 0:cdf462088d13 | 4139 | ssl->out_msg[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING; |
markrad | 0:cdf462088d13 | 4140 | ssl->out_msg[1] = MBEDTLS_SSL_ALERT_MSG_NO_CERT; |
markrad | 0:cdf462088d13 | 4141 | |
markrad | 0:cdf462088d13 | 4142 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) ); |
markrad | 0:cdf462088d13 | 4143 | goto write_msg; |
markrad | 0:cdf462088d13 | 4144 | } |
markrad | 0:cdf462088d13 | 4145 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 4146 | } |
markrad | 0:cdf462088d13 | 4147 | #endif /* MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 4148 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 4149 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 4150 | { |
markrad | 0:cdf462088d13 | 4151 | if( mbedtls_ssl_own_cert( ssl ) == NULL ) |
markrad | 0:cdf462088d13 | 4152 | { |
markrad | 0:cdf462088d13 | 4153 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) ); |
markrad | 0:cdf462088d13 | 4154 | return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED ); |
markrad | 0:cdf462088d13 | 4155 | } |
markrad | 0:cdf462088d13 | 4156 | } |
markrad | 0:cdf462088d13 | 4157 | #endif |
markrad | 0:cdf462088d13 | 4158 | |
markrad | 0:cdf462088d13 | 4159 | MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) ); |
markrad | 0:cdf462088d13 | 4160 | |
markrad | 0:cdf462088d13 | 4161 | /* |
markrad | 0:cdf462088d13 | 4162 | * 0 . 0 handshake type |
markrad | 0:cdf462088d13 | 4163 | * 1 . 3 handshake length |
markrad | 0:cdf462088d13 | 4164 | * 4 . 6 length of all certs |
markrad | 0:cdf462088d13 | 4165 | * 7 . 9 length of cert. 1 |
markrad | 0:cdf462088d13 | 4166 | * 10 . n-1 peer certificate |
markrad | 0:cdf462088d13 | 4167 | * n . n+2 length of cert. 2 |
markrad | 0:cdf462088d13 | 4168 | * n+3 . ... upper level cert, etc. |
markrad | 0:cdf462088d13 | 4169 | */ |
markrad | 0:cdf462088d13 | 4170 | i = 7; |
markrad | 0:cdf462088d13 | 4171 | crt = mbedtls_ssl_own_cert( ssl ); |
markrad | 0:cdf462088d13 | 4172 | |
markrad | 0:cdf462088d13 | 4173 | while( crt != NULL ) |
markrad | 0:cdf462088d13 | 4174 | { |
markrad | 0:cdf462088d13 | 4175 | n = crt->raw.len; |
markrad | 0:cdf462088d13 | 4176 | if( n > MBEDTLS_SSL_MAX_CONTENT_LEN - 3 - i ) |
markrad | 0:cdf462088d13 | 4177 | { |
markrad | 0:cdf462088d13 | 4178 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d", |
markrad | 0:cdf462088d13 | 4179 | i + 3 + n, MBEDTLS_SSL_MAX_CONTENT_LEN ) ); |
markrad | 0:cdf462088d13 | 4180 | return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); |
markrad | 0:cdf462088d13 | 4181 | } |
markrad | 0:cdf462088d13 | 4182 | |
markrad | 0:cdf462088d13 | 4183 | ssl->out_msg[i ] = (unsigned char)( n >> 16 ); |
markrad | 0:cdf462088d13 | 4184 | ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); |
markrad | 0:cdf462088d13 | 4185 | ssl->out_msg[i + 2] = (unsigned char)( n ); |
markrad | 0:cdf462088d13 | 4186 | |
markrad | 0:cdf462088d13 | 4187 | i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); |
markrad | 0:cdf462088d13 | 4188 | i += n; crt = crt->next; |
markrad | 0:cdf462088d13 | 4189 | } |
markrad | 0:cdf462088d13 | 4190 | |
markrad | 0:cdf462088d13 | 4191 | ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); |
markrad | 0:cdf462088d13 | 4192 | ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); |
markrad | 0:cdf462088d13 | 4193 | ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); |
markrad | 0:cdf462088d13 | 4194 | |
markrad | 0:cdf462088d13 | 4195 | ssl->out_msglen = i; |
markrad | 0:cdf462088d13 | 4196 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
markrad | 0:cdf462088d13 | 4197 | ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; |
markrad | 0:cdf462088d13 | 4198 | |
markrad | 0:cdf462088d13 | 4199 | #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 4200 | write_msg: |
markrad | 0:cdf462088d13 | 4201 | #endif |
markrad | 0:cdf462088d13 | 4202 | |
markrad | 0:cdf462088d13 | 4203 | ssl->state++; |
markrad | 0:cdf462088d13 | 4204 | |
markrad | 0:cdf462088d13 | 4205 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4206 | { |
markrad | 0:cdf462088d13 | 4207 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 4208 | return( ret ); |
markrad | 0:cdf462088d13 | 4209 | } |
markrad | 0:cdf462088d13 | 4210 | |
markrad | 0:cdf462088d13 | 4211 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); |
markrad | 0:cdf462088d13 | 4212 | |
markrad | 0:cdf462088d13 | 4213 | return( ret ); |
markrad | 0:cdf462088d13 | 4214 | } |
markrad | 0:cdf462088d13 | 4215 | |
markrad | 0:cdf462088d13 | 4216 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4217 | { |
markrad | 0:cdf462088d13 | 4218 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
markrad | 0:cdf462088d13 | 4219 | size_t i, n; |
markrad | 0:cdf462088d13 | 4220 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
markrad | 0:cdf462088d13 | 4221 | int authmode = ssl->conf->authmode; |
markrad | 0:cdf462088d13 | 4222 | |
markrad | 0:cdf462088d13 | 4223 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4224 | |
markrad | 0:cdf462088d13 | 4225 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
markrad | 0:cdf462088d13 | 4226 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
markrad | 0:cdf462088d13 | 4227 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
markrad | 0:cdf462088d13 | 4228 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
markrad | 0:cdf462088d13 | 4229 | { |
markrad | 0:cdf462088d13 | 4230 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4231 | ssl->state++; |
markrad | 0:cdf462088d13 | 4232 | return( 0 ); |
markrad | 0:cdf462088d13 | 4233 | } |
markrad | 0:cdf462088d13 | 4234 | |
markrad | 0:cdf462088d13 | 4235 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 4236 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 4237 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) |
markrad | 0:cdf462088d13 | 4238 | { |
markrad | 0:cdf462088d13 | 4239 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4240 | ssl->state++; |
markrad | 0:cdf462088d13 | 4241 | return( 0 ); |
markrad | 0:cdf462088d13 | 4242 | } |
markrad | 0:cdf462088d13 | 4243 | |
markrad | 0:cdf462088d13 | 4244 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
markrad | 0:cdf462088d13 | 4245 | if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ) |
markrad | 0:cdf462088d13 | 4246 | authmode = ssl->handshake->sni_authmode; |
markrad | 0:cdf462088d13 | 4247 | #endif |
markrad | 0:cdf462088d13 | 4248 | |
markrad | 0:cdf462088d13 | 4249 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 4250 | authmode == MBEDTLS_SSL_VERIFY_NONE ) |
markrad | 0:cdf462088d13 | 4251 | { |
markrad | 0:cdf462088d13 | 4252 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; |
markrad | 0:cdf462088d13 | 4253 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4254 | ssl->state++; |
markrad | 0:cdf462088d13 | 4255 | return( 0 ); |
markrad | 0:cdf462088d13 | 4256 | } |
markrad | 0:cdf462088d13 | 4257 | #endif |
markrad | 0:cdf462088d13 | 4258 | |
markrad | 0:cdf462088d13 | 4259 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4260 | { |
markrad | 0:cdf462088d13 | 4261 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
markrad | 0:cdf462088d13 | 4262 | return( ret ); |
markrad | 0:cdf462088d13 | 4263 | } |
markrad | 0:cdf462088d13 | 4264 | |
markrad | 0:cdf462088d13 | 4265 | ssl->state++; |
markrad | 0:cdf462088d13 | 4266 | |
markrad | 0:cdf462088d13 | 4267 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 4268 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 4269 | /* |
markrad | 0:cdf462088d13 | 4270 | * Check if the client sent an empty certificate |
markrad | 0:cdf462088d13 | 4271 | */ |
markrad | 0:cdf462088d13 | 4272 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 4273 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 4274 | { |
markrad | 0:cdf462088d13 | 4275 | if( ssl->in_msglen == 2 && |
markrad | 0:cdf462088d13 | 4276 | ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT && |
markrad | 0:cdf462088d13 | 4277 | ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
markrad | 0:cdf462088d13 | 4278 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) |
markrad | 0:cdf462088d13 | 4279 | { |
markrad | 0:cdf462088d13 | 4280 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) ); |
markrad | 0:cdf462088d13 | 4281 | |
markrad | 0:cdf462088d13 | 4282 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; |
markrad | 0:cdf462088d13 | 4283 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) |
markrad | 0:cdf462088d13 | 4284 | return( 0 ); |
markrad | 0:cdf462088d13 | 4285 | else |
markrad | 0:cdf462088d13 | 4286 | return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4287 | } |
markrad | 0:cdf462088d13 | 4288 | } |
markrad | 0:cdf462088d13 | 4289 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 4290 | |
markrad | 0:cdf462088d13 | 4291 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 4292 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 4293 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 4294 | ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 4295 | { |
markrad | 0:cdf462088d13 | 4296 | if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) && |
markrad | 0:cdf462088d13 | 4297 | ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 4298 | ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && |
markrad | 0:cdf462088d13 | 4299 | memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 ) |
markrad | 0:cdf462088d13 | 4300 | { |
markrad | 0:cdf462088d13 | 4301 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); |
markrad | 0:cdf462088d13 | 4302 | |
markrad | 0:cdf462088d13 | 4303 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; |
markrad | 0:cdf462088d13 | 4304 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) |
markrad | 0:cdf462088d13 | 4305 | return( 0 ); |
markrad | 0:cdf462088d13 | 4306 | else |
markrad | 0:cdf462088d13 | 4307 | return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4308 | } |
markrad | 0:cdf462088d13 | 4309 | } |
markrad | 0:cdf462088d13 | 4310 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
markrad | 0:cdf462088d13 | 4311 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 4312 | #endif /* MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 4313 | |
markrad | 0:cdf462088d13 | 4314 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
markrad | 0:cdf462088d13 | 4315 | { |
markrad | 0:cdf462088d13 | 4316 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
markrad | 0:cdf462088d13 | 4317 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 4318 | } |
markrad | 0:cdf462088d13 | 4319 | |
markrad | 0:cdf462088d13 | 4320 | if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE || |
markrad | 0:cdf462088d13 | 4321 | ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 ) |
markrad | 0:cdf462088d13 | 4322 | { |
markrad | 0:cdf462088d13 | 4323 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
markrad | 0:cdf462088d13 | 4324 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4325 | } |
markrad | 0:cdf462088d13 | 4326 | |
markrad | 0:cdf462088d13 | 4327 | i = mbedtls_ssl_hs_hdr_len( ssl ); |
markrad | 0:cdf462088d13 | 4328 | |
markrad | 0:cdf462088d13 | 4329 | /* |
markrad | 0:cdf462088d13 | 4330 | * Same message structure as in mbedtls_ssl_write_certificate() |
markrad | 0:cdf462088d13 | 4331 | */ |
markrad | 0:cdf462088d13 | 4332 | n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; |
markrad | 0:cdf462088d13 | 4333 | |
markrad | 0:cdf462088d13 | 4334 | if( ssl->in_msg[i] != 0 || |
markrad | 0:cdf462088d13 | 4335 | ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) |
markrad | 0:cdf462088d13 | 4336 | { |
markrad | 0:cdf462088d13 | 4337 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
markrad | 0:cdf462088d13 | 4338 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4339 | } |
markrad | 0:cdf462088d13 | 4340 | |
markrad | 0:cdf462088d13 | 4341 | /* In case we tried to reuse a session but it failed */ |
markrad | 0:cdf462088d13 | 4342 | if( ssl->session_negotiate->peer_cert != NULL ) |
markrad | 0:cdf462088d13 | 4343 | { |
markrad | 0:cdf462088d13 | 4344 | mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert ); |
markrad | 0:cdf462088d13 | 4345 | mbedtls_free( ssl->session_negotiate->peer_cert ); |
markrad | 0:cdf462088d13 | 4346 | } |
markrad | 0:cdf462088d13 | 4347 | |
markrad | 0:cdf462088d13 | 4348 | if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1, |
markrad | 0:cdf462088d13 | 4349 | sizeof( mbedtls_x509_crt ) ) ) == NULL ) |
markrad | 0:cdf462088d13 | 4350 | { |
markrad | 0:cdf462088d13 | 4351 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", |
markrad | 0:cdf462088d13 | 4352 | sizeof( mbedtls_x509_crt ) ) ); |
markrad | 0:cdf462088d13 | 4353 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 4354 | } |
markrad | 0:cdf462088d13 | 4355 | |
markrad | 0:cdf462088d13 | 4356 | mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert ); |
markrad | 0:cdf462088d13 | 4357 | |
markrad | 0:cdf462088d13 | 4358 | i += 3; |
markrad | 0:cdf462088d13 | 4359 | |
markrad | 0:cdf462088d13 | 4360 | while( i < ssl->in_hslen ) |
markrad | 0:cdf462088d13 | 4361 | { |
markrad | 0:cdf462088d13 | 4362 | if( ssl->in_msg[i] != 0 ) |
markrad | 0:cdf462088d13 | 4363 | { |
markrad | 0:cdf462088d13 | 4364 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
markrad | 0:cdf462088d13 | 4365 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4366 | } |
markrad | 0:cdf462088d13 | 4367 | |
markrad | 0:cdf462088d13 | 4368 | n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) |
markrad | 0:cdf462088d13 | 4369 | | (unsigned int) ssl->in_msg[i + 2]; |
markrad | 0:cdf462088d13 | 4370 | i += 3; |
markrad | 0:cdf462088d13 | 4371 | |
markrad | 0:cdf462088d13 | 4372 | if( n < 128 || i + n > ssl->in_hslen ) |
markrad | 0:cdf462088d13 | 4373 | { |
markrad | 0:cdf462088d13 | 4374 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
markrad | 0:cdf462088d13 | 4375 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4376 | } |
markrad | 0:cdf462088d13 | 4377 | |
markrad | 0:cdf462088d13 | 4378 | ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert, |
markrad | 0:cdf462088d13 | 4379 | ssl->in_msg + i, n ); |
markrad | 0:cdf462088d13 | 4380 | if( 0 != ret && ( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND ) != ret ) |
markrad | 0:cdf462088d13 | 4381 | { |
markrad | 0:cdf462088d13 | 4382 | MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret ); |
markrad | 0:cdf462088d13 | 4383 | return( ret ); |
markrad | 0:cdf462088d13 | 4384 | } |
markrad | 0:cdf462088d13 | 4385 | |
markrad | 0:cdf462088d13 | 4386 | i += n; |
markrad | 0:cdf462088d13 | 4387 | } |
markrad | 0:cdf462088d13 | 4388 | |
markrad | 0:cdf462088d13 | 4389 | MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert ); |
markrad | 0:cdf462088d13 | 4390 | |
markrad | 0:cdf462088d13 | 4391 | /* |
markrad | 0:cdf462088d13 | 4392 | * On client, make sure the server cert doesn't change during renego to |
markrad | 0:cdf462088d13 | 4393 | * avoid "triple handshake" attack: https://secure-resumption.com/ |
markrad | 0:cdf462088d13 | 4394 | */ |
markrad | 0:cdf462088d13 | 4395 | #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 4396 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && |
markrad | 0:cdf462088d13 | 4397 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
markrad | 0:cdf462088d13 | 4398 | { |
markrad | 0:cdf462088d13 | 4399 | if( ssl->session->peer_cert == NULL ) |
markrad | 0:cdf462088d13 | 4400 | { |
markrad | 0:cdf462088d13 | 4401 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) ); |
markrad | 0:cdf462088d13 | 4402 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4403 | } |
markrad | 0:cdf462088d13 | 4404 | |
markrad | 0:cdf462088d13 | 4405 | if( ssl->session->peer_cert->raw.len != |
markrad | 0:cdf462088d13 | 4406 | ssl->session_negotiate->peer_cert->raw.len || |
markrad | 0:cdf462088d13 | 4407 | memcmp( ssl->session->peer_cert->raw.p, |
markrad | 0:cdf462088d13 | 4408 | ssl->session_negotiate->peer_cert->raw.p, |
markrad | 0:cdf462088d13 | 4409 | ssl->session->peer_cert->raw.len ) != 0 ) |
markrad | 0:cdf462088d13 | 4410 | { |
markrad | 0:cdf462088d13 | 4411 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) ); |
markrad | 0:cdf462088d13 | 4412 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4413 | } |
markrad | 0:cdf462088d13 | 4414 | } |
markrad | 0:cdf462088d13 | 4415 | #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 4416 | |
markrad | 0:cdf462088d13 | 4417 | if( authmode != MBEDTLS_SSL_VERIFY_NONE ) |
markrad | 0:cdf462088d13 | 4418 | { |
markrad | 0:cdf462088d13 | 4419 | mbedtls_x509_crt *ca_chain; |
markrad | 0:cdf462088d13 | 4420 | mbedtls_x509_crl *ca_crl; |
markrad | 0:cdf462088d13 | 4421 | |
markrad | 0:cdf462088d13 | 4422 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
markrad | 0:cdf462088d13 | 4423 | if( ssl->handshake->sni_ca_chain != NULL ) |
markrad | 0:cdf462088d13 | 4424 | { |
markrad | 0:cdf462088d13 | 4425 | ca_chain = ssl->handshake->sni_ca_chain; |
markrad | 0:cdf462088d13 | 4426 | ca_crl = ssl->handshake->sni_ca_crl; |
markrad | 0:cdf462088d13 | 4427 | } |
markrad | 0:cdf462088d13 | 4428 | else |
markrad | 0:cdf462088d13 | 4429 | #endif |
markrad | 0:cdf462088d13 | 4430 | { |
markrad | 0:cdf462088d13 | 4431 | ca_chain = ssl->conf->ca_chain; |
markrad | 0:cdf462088d13 | 4432 | ca_crl = ssl->conf->ca_crl; |
markrad | 0:cdf462088d13 | 4433 | } |
markrad | 0:cdf462088d13 | 4434 | |
markrad | 0:cdf462088d13 | 4435 | if( ca_chain == NULL ) |
markrad | 0:cdf462088d13 | 4436 | { |
markrad | 0:cdf462088d13 | 4437 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); |
markrad | 0:cdf462088d13 | 4438 | return( MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED ); |
markrad | 0:cdf462088d13 | 4439 | } |
markrad | 0:cdf462088d13 | 4440 | |
markrad | 0:cdf462088d13 | 4441 | /* |
markrad | 0:cdf462088d13 | 4442 | * Main check: verify certificate |
markrad | 0:cdf462088d13 | 4443 | */ |
markrad | 0:cdf462088d13 | 4444 | ret = mbedtls_x509_crt_verify_with_profile( |
markrad | 0:cdf462088d13 | 4445 | ssl->session_negotiate->peer_cert, |
markrad | 0:cdf462088d13 | 4446 | ca_chain, ca_crl, |
markrad | 0:cdf462088d13 | 4447 | ssl->conf->cert_profile, |
markrad | 0:cdf462088d13 | 4448 | ssl->hostname, |
markrad | 0:cdf462088d13 | 4449 | &ssl->session_negotiate->verify_result, |
markrad | 0:cdf462088d13 | 4450 | ssl->conf->f_vrfy, ssl->conf->p_vrfy ); |
markrad | 0:cdf462088d13 | 4451 | |
markrad | 0:cdf462088d13 | 4452 | if( ret != 0 ) |
markrad | 0:cdf462088d13 | 4453 | { |
markrad | 0:cdf462088d13 | 4454 | MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); |
markrad | 0:cdf462088d13 | 4455 | } |
markrad | 0:cdf462088d13 | 4456 | |
markrad | 0:cdf462088d13 | 4457 | /* |
markrad | 0:cdf462088d13 | 4458 | * Secondary checks: always done, but change 'ret' only if it was 0 |
markrad | 0:cdf462088d13 | 4459 | */ |
markrad | 0:cdf462088d13 | 4460 | |
markrad | 0:cdf462088d13 | 4461 | #if defined(MBEDTLS_ECP_C) |
markrad | 0:cdf462088d13 | 4462 | { |
markrad | 0:cdf462088d13 | 4463 | const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk; |
markrad | 0:cdf462088d13 | 4464 | |
markrad | 0:cdf462088d13 | 4465 | /* If certificate uses an EC key, make sure the curve is OK */ |
markrad | 0:cdf462088d13 | 4466 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) && |
markrad | 0:cdf462088d13 | 4467 | mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 ) |
markrad | 0:cdf462088d13 | 4468 | { |
markrad | 0:cdf462088d13 | 4469 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) ); |
markrad | 0:cdf462088d13 | 4470 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 4471 | ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; |
markrad | 0:cdf462088d13 | 4472 | } |
markrad | 0:cdf462088d13 | 4473 | } |
markrad | 0:cdf462088d13 | 4474 | #endif /* MBEDTLS_ECP_C */ |
markrad | 0:cdf462088d13 | 4475 | |
markrad | 0:cdf462088d13 | 4476 | if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert, |
markrad | 0:cdf462088d13 | 4477 | ciphersuite_info, |
markrad | 0:cdf462088d13 | 4478 | ! ssl->conf->endpoint, |
markrad | 0:cdf462088d13 | 4479 | &ssl->session_negotiate->verify_result ) != 0 ) |
markrad | 0:cdf462088d13 | 4480 | { |
markrad | 0:cdf462088d13 | 4481 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) ); |
markrad | 0:cdf462088d13 | 4482 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 4483 | ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; |
markrad | 0:cdf462088d13 | 4484 | } |
markrad | 0:cdf462088d13 | 4485 | |
markrad | 0:cdf462088d13 | 4486 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) |
markrad | 0:cdf462088d13 | 4487 | ret = 0; |
markrad | 0:cdf462088d13 | 4488 | } |
markrad | 0:cdf462088d13 | 4489 | |
markrad | 0:cdf462088d13 | 4490 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4491 | |
markrad | 0:cdf462088d13 | 4492 | return( ret ); |
markrad | 0:cdf462088d13 | 4493 | } |
markrad | 0:cdf462088d13 | 4494 | #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED |
markrad | 0:cdf462088d13 | 4495 | !MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
markrad | 0:cdf462088d13 | 4496 | !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED |
markrad | 0:cdf462088d13 | 4497 | !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
markrad | 0:cdf462088d13 | 4498 | !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
markrad | 0:cdf462088d13 | 4499 | !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED |
markrad | 0:cdf462088d13 | 4500 | !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ |
markrad | 0:cdf462088d13 | 4501 | |
markrad | 0:cdf462088d13 | 4502 | int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4503 | { |
markrad | 0:cdf462088d13 | 4504 | int ret; |
markrad | 0:cdf462088d13 | 4505 | |
markrad | 0:cdf462088d13 | 4506 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) ); |
markrad | 0:cdf462088d13 | 4507 | |
markrad | 0:cdf462088d13 | 4508 | ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; |
markrad | 0:cdf462088d13 | 4509 | ssl->out_msglen = 1; |
markrad | 0:cdf462088d13 | 4510 | ssl->out_msg[0] = 1; |
markrad | 0:cdf462088d13 | 4511 | |
markrad | 0:cdf462088d13 | 4512 | ssl->state++; |
markrad | 0:cdf462088d13 | 4513 | |
markrad | 0:cdf462088d13 | 4514 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4515 | { |
markrad | 0:cdf462088d13 | 4516 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 4517 | return( ret ); |
markrad | 0:cdf462088d13 | 4518 | } |
markrad | 0:cdf462088d13 | 4519 | |
markrad | 0:cdf462088d13 | 4520 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) ); |
markrad | 0:cdf462088d13 | 4521 | |
markrad | 0:cdf462088d13 | 4522 | return( 0 ); |
markrad | 0:cdf462088d13 | 4523 | } |
markrad | 0:cdf462088d13 | 4524 | |
markrad | 0:cdf462088d13 | 4525 | int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4526 | { |
markrad | 0:cdf462088d13 | 4527 | int ret; |
markrad | 0:cdf462088d13 | 4528 | |
markrad | 0:cdf462088d13 | 4529 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) ); |
markrad | 0:cdf462088d13 | 4530 | |
markrad | 0:cdf462088d13 | 4531 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4532 | { |
markrad | 0:cdf462088d13 | 4533 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
markrad | 0:cdf462088d13 | 4534 | return( ret ); |
markrad | 0:cdf462088d13 | 4535 | } |
markrad | 0:cdf462088d13 | 4536 | |
markrad | 0:cdf462088d13 | 4537 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) |
markrad | 0:cdf462088d13 | 4538 | { |
markrad | 0:cdf462088d13 | 4539 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); |
markrad | 0:cdf462088d13 | 4540 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 4541 | } |
markrad | 0:cdf462088d13 | 4542 | |
markrad | 0:cdf462088d13 | 4543 | if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 ) |
markrad | 0:cdf462088d13 | 4544 | { |
markrad | 0:cdf462088d13 | 4545 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); |
markrad | 0:cdf462088d13 | 4546 | return( MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC ); |
markrad | 0:cdf462088d13 | 4547 | } |
markrad | 0:cdf462088d13 | 4548 | |
markrad | 0:cdf462088d13 | 4549 | /* |
markrad | 0:cdf462088d13 | 4550 | * Switch to our negotiated transform and session parameters for inbound |
markrad | 0:cdf462088d13 | 4551 | * data. |
markrad | 0:cdf462088d13 | 4552 | */ |
markrad | 0:cdf462088d13 | 4553 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) ); |
markrad | 0:cdf462088d13 | 4554 | ssl->transform_in = ssl->transform_negotiate; |
markrad | 0:cdf462088d13 | 4555 | ssl->session_in = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 4556 | |
markrad | 0:cdf462088d13 | 4557 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 4558 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 4559 | { |
markrad | 0:cdf462088d13 | 4560 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 4561 | ssl_dtls_replay_reset( ssl ); |
markrad | 0:cdf462088d13 | 4562 | #endif |
markrad | 0:cdf462088d13 | 4563 | |
markrad | 0:cdf462088d13 | 4564 | /* Increment epoch */ |
markrad | 0:cdf462088d13 | 4565 | if( ++ssl->in_epoch == 0 ) |
markrad | 0:cdf462088d13 | 4566 | { |
markrad | 0:cdf462088d13 | 4567 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); |
markrad | 0:cdf462088d13 | 4568 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
markrad | 0:cdf462088d13 | 4569 | } |
markrad | 0:cdf462088d13 | 4570 | } |
markrad | 0:cdf462088d13 | 4571 | else |
markrad | 0:cdf462088d13 | 4572 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 4573 | memset( ssl->in_ctr, 0, 8 ); |
markrad | 0:cdf462088d13 | 4574 | |
markrad | 0:cdf462088d13 | 4575 | /* |
markrad | 0:cdf462088d13 | 4576 | * Set the in_msg pointer to the correct location based on IV length |
markrad | 0:cdf462088d13 | 4577 | */ |
markrad | 0:cdf462088d13 | 4578 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 4579 | { |
markrad | 0:cdf462088d13 | 4580 | ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen - |
markrad | 0:cdf462088d13 | 4581 | ssl->transform_negotiate->fixed_ivlen; |
markrad | 0:cdf462088d13 | 4582 | } |
markrad | 0:cdf462088d13 | 4583 | else |
markrad | 0:cdf462088d13 | 4584 | ssl->in_msg = ssl->in_iv; |
markrad | 0:cdf462088d13 | 4585 | |
markrad | 0:cdf462088d13 | 4586 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 4587 | if( mbedtls_ssl_hw_record_activate != NULL ) |
markrad | 0:cdf462088d13 | 4588 | { |
markrad | 0:cdf462088d13 | 4589 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4590 | { |
markrad | 0:cdf462088d13 | 4591 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
markrad | 0:cdf462088d13 | 4592 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 4593 | } |
markrad | 0:cdf462088d13 | 4594 | } |
markrad | 0:cdf462088d13 | 4595 | #endif |
markrad | 0:cdf462088d13 | 4596 | |
markrad | 0:cdf462088d13 | 4597 | ssl->state++; |
markrad | 0:cdf462088d13 | 4598 | |
markrad | 0:cdf462088d13 | 4599 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) ); |
markrad | 0:cdf462088d13 | 4600 | |
markrad | 0:cdf462088d13 | 4601 | return( 0 ); |
markrad | 0:cdf462088d13 | 4602 | } |
markrad | 0:cdf462088d13 | 4603 | |
markrad | 0:cdf462088d13 | 4604 | void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 4605 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info ) |
markrad | 0:cdf462088d13 | 4606 | { |
markrad | 0:cdf462088d13 | 4607 | ((void) ciphersuite_info); |
markrad | 0:cdf462088d13 | 4608 | |
markrad | 0:cdf462088d13 | 4609 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 4610 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 4611 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 4612 | ssl->handshake->update_checksum = ssl_update_checksum_md5sha1; |
markrad | 0:cdf462088d13 | 4613 | else |
markrad | 0:cdf462088d13 | 4614 | #endif |
markrad | 0:cdf462088d13 | 4615 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 4616 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 4617 | if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) |
markrad | 0:cdf462088d13 | 4618 | ssl->handshake->update_checksum = ssl_update_checksum_sha384; |
markrad | 0:cdf462088d13 | 4619 | else |
markrad | 0:cdf462088d13 | 4620 | #endif |
markrad | 0:cdf462088d13 | 4621 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 4622 | if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 ) |
markrad | 0:cdf462088d13 | 4623 | ssl->handshake->update_checksum = ssl_update_checksum_sha256; |
markrad | 0:cdf462088d13 | 4624 | else |
markrad | 0:cdf462088d13 | 4625 | #endif |
markrad | 0:cdf462088d13 | 4626 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 4627 | { |
markrad | 0:cdf462088d13 | 4628 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 4629 | return; |
markrad | 0:cdf462088d13 | 4630 | } |
markrad | 0:cdf462088d13 | 4631 | } |
markrad | 0:cdf462088d13 | 4632 | |
markrad | 0:cdf462088d13 | 4633 | void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4634 | { |
markrad | 0:cdf462088d13 | 4635 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 4636 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 4637 | mbedtls_md5_starts( &ssl->handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 4638 | mbedtls_sha1_starts( &ssl->handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 4639 | #endif |
markrad | 0:cdf462088d13 | 4640 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 4641 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 4642 | mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 ); |
markrad | 0:cdf462088d13 | 4643 | #endif |
markrad | 0:cdf462088d13 | 4644 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 4645 | mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 ); |
markrad | 0:cdf462088d13 | 4646 | #endif |
markrad | 0:cdf462088d13 | 4647 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 4648 | } |
markrad | 0:cdf462088d13 | 4649 | |
markrad | 0:cdf462088d13 | 4650 | static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 4651 | const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 4652 | { |
markrad | 0:cdf462088d13 | 4653 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 4654 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 4655 | mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); |
markrad | 0:cdf462088d13 | 4656 | mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); |
markrad | 0:cdf462088d13 | 4657 | #endif |
markrad | 0:cdf462088d13 | 4658 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 4659 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 4660 | mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); |
markrad | 0:cdf462088d13 | 4661 | #endif |
markrad | 0:cdf462088d13 | 4662 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 4663 | mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); |
markrad | 0:cdf462088d13 | 4664 | #endif |
markrad | 0:cdf462088d13 | 4665 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 4666 | } |
markrad | 0:cdf462088d13 | 4667 | |
markrad | 0:cdf462088d13 | 4668 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 4669 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 4670 | static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 4671 | const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 4672 | { |
markrad | 0:cdf462088d13 | 4673 | mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); |
markrad | 0:cdf462088d13 | 4674 | mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); |
markrad | 0:cdf462088d13 | 4675 | } |
markrad | 0:cdf462088d13 | 4676 | #endif |
markrad | 0:cdf462088d13 | 4677 | |
markrad | 0:cdf462088d13 | 4678 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 4679 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 4680 | static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 4681 | const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 4682 | { |
markrad | 0:cdf462088d13 | 4683 | mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); |
markrad | 0:cdf462088d13 | 4684 | } |
markrad | 0:cdf462088d13 | 4685 | #endif |
markrad | 0:cdf462088d13 | 4686 | |
markrad | 0:cdf462088d13 | 4687 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 4688 | static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 4689 | const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 4690 | { |
markrad | 0:cdf462088d13 | 4691 | mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); |
markrad | 0:cdf462088d13 | 4692 | } |
markrad | 0:cdf462088d13 | 4693 | #endif |
markrad | 0:cdf462088d13 | 4694 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 4695 | |
markrad | 0:cdf462088d13 | 4696 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 4697 | static void ssl_calc_finished_ssl( |
markrad | 0:cdf462088d13 | 4698 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
markrad | 0:cdf462088d13 | 4699 | { |
markrad | 0:cdf462088d13 | 4700 | const char *sender; |
markrad | 0:cdf462088d13 | 4701 | mbedtls_md5_context md5; |
markrad | 0:cdf462088d13 | 4702 | mbedtls_sha1_context sha1; |
markrad | 0:cdf462088d13 | 4703 | |
markrad | 0:cdf462088d13 | 4704 | unsigned char padbuf[48]; |
markrad | 0:cdf462088d13 | 4705 | unsigned char md5sum[16]; |
markrad | 0:cdf462088d13 | 4706 | unsigned char sha1sum[20]; |
markrad | 0:cdf462088d13 | 4707 | |
markrad | 0:cdf462088d13 | 4708 | mbedtls_ssl_session *session = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 4709 | if( !session ) |
markrad | 0:cdf462088d13 | 4710 | session = ssl->session; |
markrad | 0:cdf462088d13 | 4711 | |
markrad | 0:cdf462088d13 | 4712 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) ); |
markrad | 0:cdf462088d13 | 4713 | |
markrad | 0:cdf462088d13 | 4714 | mbedtls_md5_init( &md5 ); |
markrad | 0:cdf462088d13 | 4715 | mbedtls_sha1_init( &sha1 ); |
markrad | 0:cdf462088d13 | 4716 | |
markrad | 0:cdf462088d13 | 4717 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 4718 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 4719 | |
markrad | 0:cdf462088d13 | 4720 | /* |
markrad | 0:cdf462088d13 | 4721 | * SSLv3: |
markrad | 0:cdf462088d13 | 4722 | * hash = |
markrad | 0:cdf462088d13 | 4723 | * MD5( master + pad2 + |
markrad | 0:cdf462088d13 | 4724 | * MD5( handshake + sender + master + pad1 ) ) |
markrad | 0:cdf462088d13 | 4725 | * + SHA1( master + pad2 + |
markrad | 0:cdf462088d13 | 4726 | * SHA1( handshake + sender + master + pad1 ) ) |
markrad | 0:cdf462088d13 | 4727 | */ |
markrad | 0:cdf462088d13 | 4728 | |
markrad | 0:cdf462088d13 | 4729 | #if !defined(MBEDTLS_MD5_ALT) |
markrad | 0:cdf462088d13 | 4730 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) |
markrad | 0:cdf462088d13 | 4731 | md5.state, sizeof( md5.state ) ); |
markrad | 0:cdf462088d13 | 4732 | #endif |
markrad | 0:cdf462088d13 | 4733 | |
markrad | 0:cdf462088d13 | 4734 | #if !defined(MBEDTLS_SHA1_ALT) |
markrad | 0:cdf462088d13 | 4735 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) |
markrad | 0:cdf462088d13 | 4736 | sha1.state, sizeof( sha1.state ) ); |
markrad | 0:cdf462088d13 | 4737 | #endif |
markrad | 0:cdf462088d13 | 4738 | |
markrad | 0:cdf462088d13 | 4739 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) ? "CLNT" |
markrad | 0:cdf462088d13 | 4740 | : "SRVR"; |
markrad | 0:cdf462088d13 | 4741 | |
markrad | 0:cdf462088d13 | 4742 | memset( padbuf, 0x36, 48 ); |
markrad | 0:cdf462088d13 | 4743 | |
markrad | 0:cdf462088d13 | 4744 | mbedtls_md5_update( &md5, (const unsigned char *) sender, 4 ); |
markrad | 0:cdf462088d13 | 4745 | mbedtls_md5_update( &md5, session->master, 48 ); |
markrad | 0:cdf462088d13 | 4746 | mbedtls_md5_update( &md5, padbuf, 48 ); |
markrad | 0:cdf462088d13 | 4747 | mbedtls_md5_finish( &md5, md5sum ); |
markrad | 0:cdf462088d13 | 4748 | |
markrad | 0:cdf462088d13 | 4749 | mbedtls_sha1_update( &sha1, (const unsigned char *) sender, 4 ); |
markrad | 0:cdf462088d13 | 4750 | mbedtls_sha1_update( &sha1, session->master, 48 ); |
markrad | 0:cdf462088d13 | 4751 | mbedtls_sha1_update( &sha1, padbuf, 40 ); |
markrad | 0:cdf462088d13 | 4752 | mbedtls_sha1_finish( &sha1, sha1sum ); |
markrad | 0:cdf462088d13 | 4753 | |
markrad | 0:cdf462088d13 | 4754 | memset( padbuf, 0x5C, 48 ); |
markrad | 0:cdf462088d13 | 4755 | |
markrad | 0:cdf462088d13 | 4756 | mbedtls_md5_starts( &md5 ); |
markrad | 0:cdf462088d13 | 4757 | mbedtls_md5_update( &md5, session->master, 48 ); |
markrad | 0:cdf462088d13 | 4758 | mbedtls_md5_update( &md5, padbuf, 48 ); |
markrad | 0:cdf462088d13 | 4759 | mbedtls_md5_update( &md5, md5sum, 16 ); |
markrad | 0:cdf462088d13 | 4760 | mbedtls_md5_finish( &md5, buf ); |
markrad | 0:cdf462088d13 | 4761 | |
markrad | 0:cdf462088d13 | 4762 | mbedtls_sha1_starts( &sha1 ); |
markrad | 0:cdf462088d13 | 4763 | mbedtls_sha1_update( &sha1, session->master, 48 ); |
markrad | 0:cdf462088d13 | 4764 | mbedtls_sha1_update( &sha1, padbuf , 40 ); |
markrad | 0:cdf462088d13 | 4765 | mbedtls_sha1_update( &sha1, sha1sum, 20 ); |
markrad | 0:cdf462088d13 | 4766 | mbedtls_sha1_finish( &sha1, buf + 16 ); |
markrad | 0:cdf462088d13 | 4767 | |
markrad | 0:cdf462088d13 | 4768 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 ); |
markrad | 0:cdf462088d13 | 4769 | |
markrad | 0:cdf462088d13 | 4770 | mbedtls_md5_free( &md5 ); |
markrad | 0:cdf462088d13 | 4771 | mbedtls_sha1_free( &sha1 ); |
markrad | 0:cdf462088d13 | 4772 | |
markrad | 0:cdf462088d13 | 4773 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
markrad | 0:cdf462088d13 | 4774 | mbedtls_zeroize( md5sum, sizeof( md5sum ) ); |
markrad | 0:cdf462088d13 | 4775 | mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); |
markrad | 0:cdf462088d13 | 4776 | |
markrad | 0:cdf462088d13 | 4777 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
markrad | 0:cdf462088d13 | 4778 | } |
markrad | 0:cdf462088d13 | 4779 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 4780 | |
markrad | 0:cdf462088d13 | 4781 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 4782 | static void ssl_calc_finished_tls( |
markrad | 0:cdf462088d13 | 4783 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
markrad | 0:cdf462088d13 | 4784 | { |
markrad | 0:cdf462088d13 | 4785 | int len = 12; |
markrad | 0:cdf462088d13 | 4786 | const char *sender; |
markrad | 0:cdf462088d13 | 4787 | mbedtls_md5_context md5; |
markrad | 0:cdf462088d13 | 4788 | mbedtls_sha1_context sha1; |
markrad | 0:cdf462088d13 | 4789 | unsigned char padbuf[36]; |
markrad | 0:cdf462088d13 | 4790 | |
markrad | 0:cdf462088d13 | 4791 | mbedtls_ssl_session *session = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 4792 | if( !session ) |
markrad | 0:cdf462088d13 | 4793 | session = ssl->session; |
markrad | 0:cdf462088d13 | 4794 | |
markrad | 0:cdf462088d13 | 4795 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) ); |
markrad | 0:cdf462088d13 | 4796 | |
markrad | 0:cdf462088d13 | 4797 | mbedtls_md5_init( &md5 ); |
markrad | 0:cdf462088d13 | 4798 | mbedtls_sha1_init( &sha1 ); |
markrad | 0:cdf462088d13 | 4799 | |
markrad | 0:cdf462088d13 | 4800 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 4801 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 4802 | |
markrad | 0:cdf462088d13 | 4803 | /* |
markrad | 0:cdf462088d13 | 4804 | * TLSv1: |
markrad | 0:cdf462088d13 | 4805 | * hash = PRF( master, finished_label, |
markrad | 0:cdf462088d13 | 4806 | * MD5( handshake ) + SHA1( handshake ) )[0..11] |
markrad | 0:cdf462088d13 | 4807 | */ |
markrad | 0:cdf462088d13 | 4808 | |
markrad | 0:cdf462088d13 | 4809 | #if !defined(MBEDTLS_MD5_ALT) |
markrad | 0:cdf462088d13 | 4810 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) |
markrad | 0:cdf462088d13 | 4811 | md5.state, sizeof( md5.state ) ); |
markrad | 0:cdf462088d13 | 4812 | #endif |
markrad | 0:cdf462088d13 | 4813 | |
markrad | 0:cdf462088d13 | 4814 | #if !defined(MBEDTLS_SHA1_ALT) |
markrad | 0:cdf462088d13 | 4815 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) |
markrad | 0:cdf462088d13 | 4816 | sha1.state, sizeof( sha1.state ) ); |
markrad | 0:cdf462088d13 | 4817 | #endif |
markrad | 0:cdf462088d13 | 4818 | |
markrad | 0:cdf462088d13 | 4819 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 4820 | ? "client finished" |
markrad | 0:cdf462088d13 | 4821 | : "server finished"; |
markrad | 0:cdf462088d13 | 4822 | |
markrad | 0:cdf462088d13 | 4823 | mbedtls_md5_finish( &md5, padbuf ); |
markrad | 0:cdf462088d13 | 4824 | mbedtls_sha1_finish( &sha1, padbuf + 16 ); |
markrad | 0:cdf462088d13 | 4825 | |
markrad | 0:cdf462088d13 | 4826 | ssl->handshake->tls_prf( session->master, 48, sender, |
markrad | 0:cdf462088d13 | 4827 | padbuf, 36, buf, len ); |
markrad | 0:cdf462088d13 | 4828 | |
markrad | 0:cdf462088d13 | 4829 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
markrad | 0:cdf462088d13 | 4830 | |
markrad | 0:cdf462088d13 | 4831 | mbedtls_md5_free( &md5 ); |
markrad | 0:cdf462088d13 | 4832 | mbedtls_sha1_free( &sha1 ); |
markrad | 0:cdf462088d13 | 4833 | |
markrad | 0:cdf462088d13 | 4834 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
markrad | 0:cdf462088d13 | 4835 | |
markrad | 0:cdf462088d13 | 4836 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
markrad | 0:cdf462088d13 | 4837 | } |
markrad | 0:cdf462088d13 | 4838 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
markrad | 0:cdf462088d13 | 4839 | |
markrad | 0:cdf462088d13 | 4840 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 4841 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 4842 | static void ssl_calc_finished_tls_sha256( |
markrad | 0:cdf462088d13 | 4843 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
markrad | 0:cdf462088d13 | 4844 | { |
markrad | 0:cdf462088d13 | 4845 | int len = 12; |
markrad | 0:cdf462088d13 | 4846 | const char *sender; |
markrad | 0:cdf462088d13 | 4847 | mbedtls_sha256_context sha256; |
markrad | 0:cdf462088d13 | 4848 | unsigned char padbuf[32]; |
markrad | 0:cdf462088d13 | 4849 | |
markrad | 0:cdf462088d13 | 4850 | mbedtls_ssl_session *session = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 4851 | if( !session ) |
markrad | 0:cdf462088d13 | 4852 | session = ssl->session; |
markrad | 0:cdf462088d13 | 4853 | |
markrad | 0:cdf462088d13 | 4854 | mbedtls_sha256_init( &sha256 ); |
markrad | 0:cdf462088d13 | 4855 | |
markrad | 0:cdf462088d13 | 4856 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) ); |
markrad | 0:cdf462088d13 | 4857 | |
markrad | 0:cdf462088d13 | 4858 | mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); |
markrad | 0:cdf462088d13 | 4859 | |
markrad | 0:cdf462088d13 | 4860 | /* |
markrad | 0:cdf462088d13 | 4861 | * TLSv1.2: |
markrad | 0:cdf462088d13 | 4862 | * hash = PRF( master, finished_label, |
markrad | 0:cdf462088d13 | 4863 | * Hash( handshake ) )[0.11] |
markrad | 0:cdf462088d13 | 4864 | */ |
markrad | 0:cdf462088d13 | 4865 | |
markrad | 0:cdf462088d13 | 4866 | #if !defined(MBEDTLS_SHA256_ALT) |
markrad | 0:cdf462088d13 | 4867 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *) |
markrad | 0:cdf462088d13 | 4868 | sha256.state, sizeof( sha256.state ) ); |
markrad | 0:cdf462088d13 | 4869 | #endif |
markrad | 0:cdf462088d13 | 4870 | |
markrad | 0:cdf462088d13 | 4871 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 4872 | ? "client finished" |
markrad | 0:cdf462088d13 | 4873 | : "server finished"; |
markrad | 0:cdf462088d13 | 4874 | |
markrad | 0:cdf462088d13 | 4875 | mbedtls_sha256_finish( &sha256, padbuf ); |
markrad | 0:cdf462088d13 | 4876 | |
markrad | 0:cdf462088d13 | 4877 | ssl->handshake->tls_prf( session->master, 48, sender, |
markrad | 0:cdf462088d13 | 4878 | padbuf, 32, buf, len ); |
markrad | 0:cdf462088d13 | 4879 | |
markrad | 0:cdf462088d13 | 4880 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
markrad | 0:cdf462088d13 | 4881 | |
markrad | 0:cdf462088d13 | 4882 | mbedtls_sha256_free( &sha256 ); |
markrad | 0:cdf462088d13 | 4883 | |
markrad | 0:cdf462088d13 | 4884 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
markrad | 0:cdf462088d13 | 4885 | |
markrad | 0:cdf462088d13 | 4886 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
markrad | 0:cdf462088d13 | 4887 | } |
markrad | 0:cdf462088d13 | 4888 | #endif /* MBEDTLS_SHA256_C */ |
markrad | 0:cdf462088d13 | 4889 | |
markrad | 0:cdf462088d13 | 4890 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 4891 | static void ssl_calc_finished_tls_sha384( |
markrad | 0:cdf462088d13 | 4892 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
markrad | 0:cdf462088d13 | 4893 | { |
markrad | 0:cdf462088d13 | 4894 | int len = 12; |
markrad | 0:cdf462088d13 | 4895 | const char *sender; |
markrad | 0:cdf462088d13 | 4896 | mbedtls_sha512_context sha512; |
markrad | 0:cdf462088d13 | 4897 | unsigned char padbuf[48]; |
markrad | 0:cdf462088d13 | 4898 | |
markrad | 0:cdf462088d13 | 4899 | mbedtls_ssl_session *session = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 4900 | if( !session ) |
markrad | 0:cdf462088d13 | 4901 | session = ssl->session; |
markrad | 0:cdf462088d13 | 4902 | |
markrad | 0:cdf462088d13 | 4903 | mbedtls_sha512_init( &sha512 ); |
markrad | 0:cdf462088d13 | 4904 | |
markrad | 0:cdf462088d13 | 4905 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) ); |
markrad | 0:cdf462088d13 | 4906 | |
markrad | 0:cdf462088d13 | 4907 | mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); |
markrad | 0:cdf462088d13 | 4908 | |
markrad | 0:cdf462088d13 | 4909 | /* |
markrad | 0:cdf462088d13 | 4910 | * TLSv1.2: |
markrad | 0:cdf462088d13 | 4911 | * hash = PRF( master, finished_label, |
markrad | 0:cdf462088d13 | 4912 | * Hash( handshake ) )[0.11] |
markrad | 0:cdf462088d13 | 4913 | */ |
markrad | 0:cdf462088d13 | 4914 | |
markrad | 0:cdf462088d13 | 4915 | #if !defined(MBEDTLS_SHA512_ALT) |
markrad | 0:cdf462088d13 | 4916 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) |
markrad | 0:cdf462088d13 | 4917 | sha512.state, sizeof( sha512.state ) ); |
markrad | 0:cdf462088d13 | 4918 | #endif |
markrad | 0:cdf462088d13 | 4919 | |
markrad | 0:cdf462088d13 | 4920 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 4921 | ? "client finished" |
markrad | 0:cdf462088d13 | 4922 | : "server finished"; |
markrad | 0:cdf462088d13 | 4923 | |
markrad | 0:cdf462088d13 | 4924 | mbedtls_sha512_finish( &sha512, padbuf ); |
markrad | 0:cdf462088d13 | 4925 | |
markrad | 0:cdf462088d13 | 4926 | ssl->handshake->tls_prf( session->master, 48, sender, |
markrad | 0:cdf462088d13 | 4927 | padbuf, 48, buf, len ); |
markrad | 0:cdf462088d13 | 4928 | |
markrad | 0:cdf462088d13 | 4929 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
markrad | 0:cdf462088d13 | 4930 | |
markrad | 0:cdf462088d13 | 4931 | mbedtls_sha512_free( &sha512 ); |
markrad | 0:cdf462088d13 | 4932 | |
markrad | 0:cdf462088d13 | 4933 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
markrad | 0:cdf462088d13 | 4934 | |
markrad | 0:cdf462088d13 | 4935 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
markrad | 0:cdf462088d13 | 4936 | } |
markrad | 0:cdf462088d13 | 4937 | #endif /* MBEDTLS_SHA512_C */ |
markrad | 0:cdf462088d13 | 4938 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 4939 | |
markrad | 0:cdf462088d13 | 4940 | static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4941 | { |
markrad | 0:cdf462088d13 | 4942 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) ); |
markrad | 0:cdf462088d13 | 4943 | |
markrad | 0:cdf462088d13 | 4944 | /* |
markrad | 0:cdf462088d13 | 4945 | * Free our handshake params |
markrad | 0:cdf462088d13 | 4946 | */ |
markrad | 0:cdf462088d13 | 4947 | mbedtls_ssl_handshake_free( ssl->handshake ); |
markrad | 0:cdf462088d13 | 4948 | mbedtls_free( ssl->handshake ); |
markrad | 0:cdf462088d13 | 4949 | ssl->handshake = NULL; |
markrad | 0:cdf462088d13 | 4950 | |
markrad | 0:cdf462088d13 | 4951 | /* |
markrad | 0:cdf462088d13 | 4952 | * Free the previous transform and swith in the current one |
markrad | 0:cdf462088d13 | 4953 | */ |
markrad | 0:cdf462088d13 | 4954 | if( ssl->transform ) |
markrad | 0:cdf462088d13 | 4955 | { |
markrad | 0:cdf462088d13 | 4956 | mbedtls_ssl_transform_free( ssl->transform ); |
markrad | 0:cdf462088d13 | 4957 | mbedtls_free( ssl->transform ); |
markrad | 0:cdf462088d13 | 4958 | } |
markrad | 0:cdf462088d13 | 4959 | ssl->transform = ssl->transform_negotiate; |
markrad | 0:cdf462088d13 | 4960 | ssl->transform_negotiate = NULL; |
markrad | 0:cdf462088d13 | 4961 | |
markrad | 0:cdf462088d13 | 4962 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) ); |
markrad | 0:cdf462088d13 | 4963 | } |
markrad | 0:cdf462088d13 | 4964 | |
markrad | 0:cdf462088d13 | 4965 | void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4966 | { |
markrad | 0:cdf462088d13 | 4967 | int resume = ssl->handshake->resume; |
markrad | 0:cdf462088d13 | 4968 | |
markrad | 0:cdf462088d13 | 4969 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); |
markrad | 0:cdf462088d13 | 4970 | |
markrad | 0:cdf462088d13 | 4971 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 4972 | if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
markrad | 0:cdf462088d13 | 4973 | { |
markrad | 0:cdf462088d13 | 4974 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE; |
markrad | 0:cdf462088d13 | 4975 | ssl->renego_records_seen = 0; |
markrad | 0:cdf462088d13 | 4976 | } |
markrad | 0:cdf462088d13 | 4977 | #endif |
markrad | 0:cdf462088d13 | 4978 | |
markrad | 0:cdf462088d13 | 4979 | /* |
markrad | 0:cdf462088d13 | 4980 | * Free the previous session and switch in the current one |
markrad | 0:cdf462088d13 | 4981 | */ |
markrad | 0:cdf462088d13 | 4982 | if( ssl->session ) |
markrad | 0:cdf462088d13 | 4983 | { |
markrad | 0:cdf462088d13 | 4984 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 4985 | /* RFC 7366 3.1: keep the EtM state */ |
markrad | 0:cdf462088d13 | 4986 | ssl->session_negotiate->encrypt_then_mac = |
markrad | 0:cdf462088d13 | 4987 | ssl->session->encrypt_then_mac; |
markrad | 0:cdf462088d13 | 4988 | #endif |
markrad | 0:cdf462088d13 | 4989 | |
markrad | 0:cdf462088d13 | 4990 | mbedtls_ssl_session_free( ssl->session ); |
markrad | 0:cdf462088d13 | 4991 | mbedtls_free( ssl->session ); |
markrad | 0:cdf462088d13 | 4992 | } |
markrad | 0:cdf462088d13 | 4993 | ssl->session = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 4994 | ssl->session_negotiate = NULL; |
markrad | 0:cdf462088d13 | 4995 | |
markrad | 0:cdf462088d13 | 4996 | /* |
markrad | 0:cdf462088d13 | 4997 | * Add cache entry |
markrad | 0:cdf462088d13 | 4998 | */ |
markrad | 0:cdf462088d13 | 4999 | if( ssl->conf->f_set_cache != NULL && |
markrad | 0:cdf462088d13 | 5000 | ssl->session->id_len != 0 && |
markrad | 0:cdf462088d13 | 5001 | resume == 0 ) |
markrad | 0:cdf462088d13 | 5002 | { |
markrad | 0:cdf462088d13 | 5003 | if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 ) |
markrad | 0:cdf462088d13 | 5004 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) ); |
markrad | 0:cdf462088d13 | 5005 | } |
markrad | 0:cdf462088d13 | 5006 | |
markrad | 0:cdf462088d13 | 5007 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5008 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 5009 | ssl->handshake->flight != NULL ) |
markrad | 0:cdf462088d13 | 5010 | { |
markrad | 0:cdf462088d13 | 5011 | /* Cancel handshake timer */ |
markrad | 0:cdf462088d13 | 5012 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 5013 | |
markrad | 0:cdf462088d13 | 5014 | /* Keep last flight around in case we need to resend it: |
markrad | 0:cdf462088d13 | 5015 | * we need the handshake and transform structures for that */ |
markrad | 0:cdf462088d13 | 5016 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) ); |
markrad | 0:cdf462088d13 | 5017 | } |
markrad | 0:cdf462088d13 | 5018 | else |
markrad | 0:cdf462088d13 | 5019 | #endif |
markrad | 0:cdf462088d13 | 5020 | ssl_handshake_wrapup_free_hs_transform( ssl ); |
markrad | 0:cdf462088d13 | 5021 | |
markrad | 0:cdf462088d13 | 5022 | ssl->state++; |
markrad | 0:cdf462088d13 | 5023 | |
markrad | 0:cdf462088d13 | 5024 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); |
markrad | 0:cdf462088d13 | 5025 | } |
markrad | 0:cdf462088d13 | 5026 | |
markrad | 0:cdf462088d13 | 5027 | int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 5028 | { |
markrad | 0:cdf462088d13 | 5029 | int ret, hash_len; |
markrad | 0:cdf462088d13 | 5030 | |
markrad | 0:cdf462088d13 | 5031 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) ); |
markrad | 0:cdf462088d13 | 5032 | |
markrad | 0:cdf462088d13 | 5033 | /* |
markrad | 0:cdf462088d13 | 5034 | * Set the out_msg pointer to the correct location based on IV length |
markrad | 0:cdf462088d13 | 5035 | */ |
markrad | 0:cdf462088d13 | 5036 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 5037 | { |
markrad | 0:cdf462088d13 | 5038 | ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen - |
markrad | 0:cdf462088d13 | 5039 | ssl->transform_negotiate->fixed_ivlen; |
markrad | 0:cdf462088d13 | 5040 | } |
markrad | 0:cdf462088d13 | 5041 | else |
markrad | 0:cdf462088d13 | 5042 | ssl->out_msg = ssl->out_iv; |
markrad | 0:cdf462088d13 | 5043 | |
markrad | 0:cdf462088d13 | 5044 | ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); |
markrad | 0:cdf462088d13 | 5045 | |
markrad | 0:cdf462088d13 | 5046 | /* |
markrad | 0:cdf462088d13 | 5047 | * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites |
markrad | 0:cdf462088d13 | 5048 | * may define some other value. Currently (early 2016), no defined |
markrad | 0:cdf462088d13 | 5049 | * ciphersuite does this (and this is unlikely to change as activity has |
markrad | 0:cdf462088d13 | 5050 | * moved to TLS 1.3 now) so we can keep the hardcoded 12 here. |
markrad | 0:cdf462088d13 | 5051 | */ |
markrad | 0:cdf462088d13 | 5052 | hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12; |
markrad | 0:cdf462088d13 | 5053 | |
markrad | 0:cdf462088d13 | 5054 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 5055 | ssl->verify_data_len = hash_len; |
markrad | 0:cdf462088d13 | 5056 | memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len ); |
markrad | 0:cdf462088d13 | 5057 | #endif |
markrad | 0:cdf462088d13 | 5058 | |
markrad | 0:cdf462088d13 | 5059 | ssl->out_msglen = 4 + hash_len; |
markrad | 0:cdf462088d13 | 5060 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
markrad | 0:cdf462088d13 | 5061 | ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED; |
markrad | 0:cdf462088d13 | 5062 | |
markrad | 0:cdf462088d13 | 5063 | /* |
markrad | 0:cdf462088d13 | 5064 | * In case of session resuming, invert the client and server |
markrad | 0:cdf462088d13 | 5065 | * ChangeCipherSpec messages order. |
markrad | 0:cdf462088d13 | 5066 | */ |
markrad | 0:cdf462088d13 | 5067 | if( ssl->handshake->resume != 0 ) |
markrad | 0:cdf462088d13 | 5068 | { |
markrad | 0:cdf462088d13 | 5069 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 5070 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 5071 | ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; |
markrad | 0:cdf462088d13 | 5072 | #endif |
markrad | 0:cdf462088d13 | 5073 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 5074 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 5075 | ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; |
markrad | 0:cdf462088d13 | 5076 | #endif |
markrad | 0:cdf462088d13 | 5077 | } |
markrad | 0:cdf462088d13 | 5078 | else |
markrad | 0:cdf462088d13 | 5079 | ssl->state++; |
markrad | 0:cdf462088d13 | 5080 | |
markrad | 0:cdf462088d13 | 5081 | /* |
markrad | 0:cdf462088d13 | 5082 | * Switch to our negotiated transform and session parameters for outbound |
markrad | 0:cdf462088d13 | 5083 | * data. |
markrad | 0:cdf462088d13 | 5084 | */ |
markrad | 0:cdf462088d13 | 5085 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); |
markrad | 0:cdf462088d13 | 5086 | |
markrad | 0:cdf462088d13 | 5087 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5088 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 5089 | { |
markrad | 0:cdf462088d13 | 5090 | unsigned char i; |
markrad | 0:cdf462088d13 | 5091 | |
markrad | 0:cdf462088d13 | 5092 | /* Remember current epoch settings for resending */ |
markrad | 0:cdf462088d13 | 5093 | ssl->handshake->alt_transform_out = ssl->transform_out; |
markrad | 0:cdf462088d13 | 5094 | memcpy( ssl->handshake->alt_out_ctr, ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 5095 | |
markrad | 0:cdf462088d13 | 5096 | /* Set sequence_number to zero */ |
markrad | 0:cdf462088d13 | 5097 | memset( ssl->out_ctr + 2, 0, 6 ); |
markrad | 0:cdf462088d13 | 5098 | |
markrad | 0:cdf462088d13 | 5099 | /* Increment epoch */ |
markrad | 0:cdf462088d13 | 5100 | for( i = 2; i > 0; i-- ) |
markrad | 0:cdf462088d13 | 5101 | if( ++ssl->out_ctr[i - 1] != 0 ) |
markrad | 0:cdf462088d13 | 5102 | break; |
markrad | 0:cdf462088d13 | 5103 | |
markrad | 0:cdf462088d13 | 5104 | /* The loop goes to its end iff the counter is wrapping */ |
markrad | 0:cdf462088d13 | 5105 | if( i == 0 ) |
markrad | 0:cdf462088d13 | 5106 | { |
markrad | 0:cdf462088d13 | 5107 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); |
markrad | 0:cdf462088d13 | 5108 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
markrad | 0:cdf462088d13 | 5109 | } |
markrad | 0:cdf462088d13 | 5110 | } |
markrad | 0:cdf462088d13 | 5111 | else |
markrad | 0:cdf462088d13 | 5112 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 5113 | memset( ssl->out_ctr, 0, 8 ); |
markrad | 0:cdf462088d13 | 5114 | |
markrad | 0:cdf462088d13 | 5115 | ssl->transform_out = ssl->transform_negotiate; |
markrad | 0:cdf462088d13 | 5116 | ssl->session_out = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 5117 | |
markrad | 0:cdf462088d13 | 5118 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 5119 | if( mbedtls_ssl_hw_record_activate != NULL ) |
markrad | 0:cdf462088d13 | 5120 | { |
markrad | 0:cdf462088d13 | 5121 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5122 | { |
markrad | 0:cdf462088d13 | 5123 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
markrad | 0:cdf462088d13 | 5124 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 5125 | } |
markrad | 0:cdf462088d13 | 5126 | } |
markrad | 0:cdf462088d13 | 5127 | #endif |
markrad | 0:cdf462088d13 | 5128 | |
markrad | 0:cdf462088d13 | 5129 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5130 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 5131 | mbedtls_ssl_send_flight_completed( ssl ); |
markrad | 0:cdf462088d13 | 5132 | #endif |
markrad | 0:cdf462088d13 | 5133 | |
markrad | 0:cdf462088d13 | 5134 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5135 | { |
markrad | 0:cdf462088d13 | 5136 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 5137 | return( ret ); |
markrad | 0:cdf462088d13 | 5138 | } |
markrad | 0:cdf462088d13 | 5139 | |
markrad | 0:cdf462088d13 | 5140 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) ); |
markrad | 0:cdf462088d13 | 5141 | |
markrad | 0:cdf462088d13 | 5142 | return( 0 ); |
markrad | 0:cdf462088d13 | 5143 | } |
markrad | 0:cdf462088d13 | 5144 | |
markrad | 0:cdf462088d13 | 5145 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 5146 | #define SSL_MAX_HASH_LEN 36 |
markrad | 0:cdf462088d13 | 5147 | #else |
markrad | 0:cdf462088d13 | 5148 | #define SSL_MAX_HASH_LEN 12 |
markrad | 0:cdf462088d13 | 5149 | #endif |
markrad | 0:cdf462088d13 | 5150 | |
markrad | 0:cdf462088d13 | 5151 | int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 5152 | { |
markrad | 0:cdf462088d13 | 5153 | int ret; |
markrad | 0:cdf462088d13 | 5154 | unsigned int hash_len; |
markrad | 0:cdf462088d13 | 5155 | unsigned char buf[SSL_MAX_HASH_LEN]; |
markrad | 0:cdf462088d13 | 5156 | |
markrad | 0:cdf462088d13 | 5157 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); |
markrad | 0:cdf462088d13 | 5158 | |
markrad | 0:cdf462088d13 | 5159 | ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 ); |
markrad | 0:cdf462088d13 | 5160 | |
markrad | 0:cdf462088d13 | 5161 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5162 | { |
markrad | 0:cdf462088d13 | 5163 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
markrad | 0:cdf462088d13 | 5164 | return( ret ); |
markrad | 0:cdf462088d13 | 5165 | } |
markrad | 0:cdf462088d13 | 5166 | |
markrad | 0:cdf462088d13 | 5167 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
markrad | 0:cdf462088d13 | 5168 | { |
markrad | 0:cdf462088d13 | 5169 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
markrad | 0:cdf462088d13 | 5170 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 5171 | } |
markrad | 0:cdf462088d13 | 5172 | |
markrad | 0:cdf462088d13 | 5173 | /* There is currently no ciphersuite using another length with TLS 1.2 */ |
markrad | 0:cdf462088d13 | 5174 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 5175 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 5176 | hash_len = 36; |
markrad | 0:cdf462088d13 | 5177 | else |
markrad | 0:cdf462088d13 | 5178 | #endif |
markrad | 0:cdf462088d13 | 5179 | hash_len = 12; |
markrad | 0:cdf462088d13 | 5180 | |
markrad | 0:cdf462088d13 | 5181 | if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED || |
markrad | 0:cdf462088d13 | 5182 | ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len ) |
markrad | 0:cdf462088d13 | 5183 | { |
markrad | 0:cdf462088d13 | 5184 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
markrad | 0:cdf462088d13 | 5185 | return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); |
markrad | 0:cdf462088d13 | 5186 | } |
markrad | 0:cdf462088d13 | 5187 | |
markrad | 0:cdf462088d13 | 5188 | if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), |
markrad | 0:cdf462088d13 | 5189 | buf, hash_len ) != 0 ) |
markrad | 0:cdf462088d13 | 5190 | { |
markrad | 0:cdf462088d13 | 5191 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
markrad | 0:cdf462088d13 | 5192 | return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); |
markrad | 0:cdf462088d13 | 5193 | } |
markrad | 0:cdf462088d13 | 5194 | |
markrad | 0:cdf462088d13 | 5195 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 5196 | ssl->verify_data_len = hash_len; |
markrad | 0:cdf462088d13 | 5197 | memcpy( ssl->peer_verify_data, buf, hash_len ); |
markrad | 0:cdf462088d13 | 5198 | #endif |
markrad | 0:cdf462088d13 | 5199 | |
markrad | 0:cdf462088d13 | 5200 | if( ssl->handshake->resume != 0 ) |
markrad | 0:cdf462088d13 | 5201 | { |
markrad | 0:cdf462088d13 | 5202 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 5203 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 5204 | ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; |
markrad | 0:cdf462088d13 | 5205 | #endif |
markrad | 0:cdf462088d13 | 5206 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 5207 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 5208 | ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; |
markrad | 0:cdf462088d13 | 5209 | #endif |
markrad | 0:cdf462088d13 | 5210 | } |
markrad | 0:cdf462088d13 | 5211 | else |
markrad | 0:cdf462088d13 | 5212 | ssl->state++; |
markrad | 0:cdf462088d13 | 5213 | |
markrad | 0:cdf462088d13 | 5214 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5215 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 5216 | mbedtls_ssl_recv_flight_completed( ssl ); |
markrad | 0:cdf462088d13 | 5217 | #endif |
markrad | 0:cdf462088d13 | 5218 | |
markrad | 0:cdf462088d13 | 5219 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) ); |
markrad | 0:cdf462088d13 | 5220 | |
markrad | 0:cdf462088d13 | 5221 | return( 0 ); |
markrad | 0:cdf462088d13 | 5222 | } |
markrad | 0:cdf462088d13 | 5223 | |
markrad | 0:cdf462088d13 | 5224 | static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) |
markrad | 0:cdf462088d13 | 5225 | { |
markrad | 0:cdf462088d13 | 5226 | memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); |
markrad | 0:cdf462088d13 | 5227 | |
markrad | 0:cdf462088d13 | 5228 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 5229 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 5230 | mbedtls_md5_init( &handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 5231 | mbedtls_sha1_init( &handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 5232 | mbedtls_md5_starts( &handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 5233 | mbedtls_sha1_starts( &handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 5234 | #endif |
markrad | 0:cdf462088d13 | 5235 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 5236 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 5237 | mbedtls_sha256_init( &handshake->fin_sha256 ); |
markrad | 0:cdf462088d13 | 5238 | mbedtls_sha256_starts( &handshake->fin_sha256, 0 ); |
markrad | 0:cdf462088d13 | 5239 | #endif |
markrad | 0:cdf462088d13 | 5240 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 5241 | mbedtls_sha512_init( &handshake->fin_sha512 ); |
markrad | 0:cdf462088d13 | 5242 | mbedtls_sha512_starts( &handshake->fin_sha512, 1 ); |
markrad | 0:cdf462088d13 | 5243 | #endif |
markrad | 0:cdf462088d13 | 5244 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 5245 | |
markrad | 0:cdf462088d13 | 5246 | handshake->update_checksum = ssl_update_checksum_start; |
markrad | 0:cdf462088d13 | 5247 | handshake->sig_alg = MBEDTLS_SSL_HASH_SHA1; |
markrad | 0:cdf462088d13 | 5248 | |
markrad | 0:cdf462088d13 | 5249 | #if defined(MBEDTLS_DHM_C) |
markrad | 0:cdf462088d13 | 5250 | mbedtls_dhm_init( &handshake->dhm_ctx ); |
markrad | 0:cdf462088d13 | 5251 | #endif |
markrad | 0:cdf462088d13 | 5252 | #if defined(MBEDTLS_ECDH_C) |
markrad | 0:cdf462088d13 | 5253 | mbedtls_ecdh_init( &handshake->ecdh_ctx ); |
markrad | 0:cdf462088d13 | 5254 | #endif |
markrad | 0:cdf462088d13 | 5255 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
markrad | 0:cdf462088d13 | 5256 | mbedtls_ecjpake_init( &handshake->ecjpake_ctx ); |
markrad | 0:cdf462088d13 | 5257 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 5258 | handshake->ecjpake_cache = NULL; |
markrad | 0:cdf462088d13 | 5259 | handshake->ecjpake_cache_len = 0; |
markrad | 0:cdf462088d13 | 5260 | #endif |
markrad | 0:cdf462088d13 | 5261 | #endif |
markrad | 0:cdf462088d13 | 5262 | |
markrad | 0:cdf462088d13 | 5263 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
markrad | 0:cdf462088d13 | 5264 | handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET; |
markrad | 0:cdf462088d13 | 5265 | #endif |
markrad | 0:cdf462088d13 | 5266 | } |
markrad | 0:cdf462088d13 | 5267 | |
markrad | 0:cdf462088d13 | 5268 | static void ssl_transform_init( mbedtls_ssl_transform *transform ) |
markrad | 0:cdf462088d13 | 5269 | { |
markrad | 0:cdf462088d13 | 5270 | memset( transform, 0, sizeof(mbedtls_ssl_transform) ); |
markrad | 0:cdf462088d13 | 5271 | |
markrad | 0:cdf462088d13 | 5272 | mbedtls_cipher_init( &transform->cipher_ctx_enc ); |
markrad | 0:cdf462088d13 | 5273 | mbedtls_cipher_init( &transform->cipher_ctx_dec ); |
markrad | 0:cdf462088d13 | 5274 | |
markrad | 0:cdf462088d13 | 5275 | mbedtls_md_init( &transform->md_ctx_enc ); |
markrad | 0:cdf462088d13 | 5276 | mbedtls_md_init( &transform->md_ctx_dec ); |
markrad | 0:cdf462088d13 | 5277 | } |
markrad | 0:cdf462088d13 | 5278 | |
markrad | 0:cdf462088d13 | 5279 | void mbedtls_ssl_session_init( mbedtls_ssl_session *session ) |
markrad | 0:cdf462088d13 | 5280 | { |
markrad | 0:cdf462088d13 | 5281 | memset( session, 0, sizeof(mbedtls_ssl_session) ); |
markrad | 0:cdf462088d13 | 5282 | } |
markrad | 0:cdf462088d13 | 5283 | |
markrad | 0:cdf462088d13 | 5284 | static int ssl_handshake_init( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 5285 | { |
markrad | 0:cdf462088d13 | 5286 | /* Clear old handshake information if present */ |
markrad | 0:cdf462088d13 | 5287 | if( ssl->transform_negotiate ) |
markrad | 0:cdf462088d13 | 5288 | mbedtls_ssl_transform_free( ssl->transform_negotiate ); |
markrad | 0:cdf462088d13 | 5289 | if( ssl->session_negotiate ) |
markrad | 0:cdf462088d13 | 5290 | mbedtls_ssl_session_free( ssl->session_negotiate ); |
markrad | 0:cdf462088d13 | 5291 | if( ssl->handshake ) |
markrad | 0:cdf462088d13 | 5292 | mbedtls_ssl_handshake_free( ssl->handshake ); |
markrad | 0:cdf462088d13 | 5293 | |
markrad | 0:cdf462088d13 | 5294 | /* |
markrad | 0:cdf462088d13 | 5295 | * Either the pointers are now NULL or cleared properly and can be freed. |
markrad | 0:cdf462088d13 | 5296 | * Now allocate missing structures. |
markrad | 0:cdf462088d13 | 5297 | */ |
markrad | 0:cdf462088d13 | 5298 | if( ssl->transform_negotiate == NULL ) |
markrad | 0:cdf462088d13 | 5299 | { |
markrad | 0:cdf462088d13 | 5300 | ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) ); |
markrad | 0:cdf462088d13 | 5301 | } |
markrad | 0:cdf462088d13 | 5302 | |
markrad | 0:cdf462088d13 | 5303 | if( ssl->session_negotiate == NULL ) |
markrad | 0:cdf462088d13 | 5304 | { |
markrad | 0:cdf462088d13 | 5305 | ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) ); |
markrad | 0:cdf462088d13 | 5306 | } |
markrad | 0:cdf462088d13 | 5307 | |
markrad | 0:cdf462088d13 | 5308 | if( ssl->handshake == NULL ) |
markrad | 0:cdf462088d13 | 5309 | { |
markrad | 0:cdf462088d13 | 5310 | ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) ); |
markrad | 0:cdf462088d13 | 5311 | } |
markrad | 0:cdf462088d13 | 5312 | |
markrad | 0:cdf462088d13 | 5313 | /* All pointers should exist and can be directly freed without issue */ |
markrad | 0:cdf462088d13 | 5314 | if( ssl->handshake == NULL || |
markrad | 0:cdf462088d13 | 5315 | ssl->transform_negotiate == NULL || |
markrad | 0:cdf462088d13 | 5316 | ssl->session_negotiate == NULL ) |
markrad | 0:cdf462088d13 | 5317 | { |
markrad | 0:cdf462088d13 | 5318 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) ); |
markrad | 0:cdf462088d13 | 5319 | |
markrad | 0:cdf462088d13 | 5320 | mbedtls_free( ssl->handshake ); |
markrad | 0:cdf462088d13 | 5321 | mbedtls_free( ssl->transform_negotiate ); |
markrad | 0:cdf462088d13 | 5322 | mbedtls_free( ssl->session_negotiate ); |
markrad | 0:cdf462088d13 | 5323 | |
markrad | 0:cdf462088d13 | 5324 | ssl->handshake = NULL; |
markrad | 0:cdf462088d13 | 5325 | ssl->transform_negotiate = NULL; |
markrad | 0:cdf462088d13 | 5326 | ssl->session_negotiate = NULL; |
markrad | 0:cdf462088d13 | 5327 | |
markrad | 0:cdf462088d13 | 5328 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 5329 | } |
markrad | 0:cdf462088d13 | 5330 | |
markrad | 0:cdf462088d13 | 5331 | /* Initialize structures */ |
markrad | 0:cdf462088d13 | 5332 | mbedtls_ssl_session_init( ssl->session_negotiate ); |
markrad | 0:cdf462088d13 | 5333 | ssl_transform_init( ssl->transform_negotiate ); |
markrad | 0:cdf462088d13 | 5334 | ssl_handshake_params_init( ssl->handshake ); |
markrad | 0:cdf462088d13 | 5335 | |
markrad | 0:cdf462088d13 | 5336 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5337 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 5338 | { |
markrad | 0:cdf462088d13 | 5339 | ssl->handshake->alt_transform_out = ssl->transform_out; |
markrad | 0:cdf462088d13 | 5340 | |
markrad | 0:cdf462088d13 | 5341 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 5342 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; |
markrad | 0:cdf462088d13 | 5343 | else |
markrad | 0:cdf462088d13 | 5344 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
markrad | 0:cdf462088d13 | 5345 | |
markrad | 0:cdf462088d13 | 5346 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 5347 | } |
markrad | 0:cdf462088d13 | 5348 | #endif |
markrad | 0:cdf462088d13 | 5349 | |
markrad | 0:cdf462088d13 | 5350 | return( 0 ); |
markrad | 0:cdf462088d13 | 5351 | } |
markrad | 0:cdf462088d13 | 5352 | |
markrad | 0:cdf462088d13 | 5353 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 5354 | /* Dummy cookie callbacks for defaults */ |
markrad | 0:cdf462088d13 | 5355 | static int ssl_cookie_write_dummy( void *ctx, |
markrad | 0:cdf462088d13 | 5356 | unsigned char **p, unsigned char *end, |
markrad | 0:cdf462088d13 | 5357 | const unsigned char *cli_id, size_t cli_id_len ) |
markrad | 0:cdf462088d13 | 5358 | { |
markrad | 0:cdf462088d13 | 5359 | ((void) ctx); |
markrad | 0:cdf462088d13 | 5360 | ((void) p); |
markrad | 0:cdf462088d13 | 5361 | ((void) end); |
markrad | 0:cdf462088d13 | 5362 | ((void) cli_id); |
markrad | 0:cdf462088d13 | 5363 | ((void) cli_id_len); |
markrad | 0:cdf462088d13 | 5364 | |
markrad | 0:cdf462088d13 | 5365 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 5366 | } |
markrad | 0:cdf462088d13 | 5367 | |
markrad | 0:cdf462088d13 | 5368 | static int ssl_cookie_check_dummy( void *ctx, |
markrad | 0:cdf462088d13 | 5369 | const unsigned char *cookie, size_t cookie_len, |
markrad | 0:cdf462088d13 | 5370 | const unsigned char *cli_id, size_t cli_id_len ) |
markrad | 0:cdf462088d13 | 5371 | { |
markrad | 0:cdf462088d13 | 5372 | ((void) ctx); |
markrad | 0:cdf462088d13 | 5373 | ((void) cookie); |
markrad | 0:cdf462088d13 | 5374 | ((void) cookie_len); |
markrad | 0:cdf462088d13 | 5375 | ((void) cli_id); |
markrad | 0:cdf462088d13 | 5376 | ((void) cli_id_len); |
markrad | 0:cdf462088d13 | 5377 | |
markrad | 0:cdf462088d13 | 5378 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 5379 | } |
markrad | 0:cdf462088d13 | 5380 | #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 5381 | |
markrad | 0:cdf462088d13 | 5382 | /* |
markrad | 0:cdf462088d13 | 5383 | * Initialize an SSL context |
markrad | 0:cdf462088d13 | 5384 | */ |
markrad | 0:cdf462088d13 | 5385 | void mbedtls_ssl_init( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 5386 | { |
markrad | 0:cdf462088d13 | 5387 | memset( ssl, 0, sizeof( mbedtls_ssl_context ) ); |
markrad | 0:cdf462088d13 | 5388 | } |
markrad | 0:cdf462088d13 | 5389 | |
markrad | 0:cdf462088d13 | 5390 | /* |
markrad | 0:cdf462088d13 | 5391 | * Setup an SSL context |
markrad | 0:cdf462088d13 | 5392 | */ |
markrad | 0:cdf462088d13 | 5393 | int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 5394 | const mbedtls_ssl_config *conf ) |
markrad | 0:cdf462088d13 | 5395 | { |
markrad | 0:cdf462088d13 | 5396 | int ret; |
markrad | 0:cdf462088d13 | 5397 | const size_t len = MBEDTLS_SSL_BUFFER_LEN; |
markrad | 0:cdf462088d13 | 5398 | |
markrad | 0:cdf462088d13 | 5399 | ssl->conf = conf; |
markrad | 0:cdf462088d13 | 5400 | |
markrad | 0:cdf462088d13 | 5401 | /* |
markrad | 0:cdf462088d13 | 5402 | * Prepare base structures |
markrad | 0:cdf462088d13 | 5403 | */ |
markrad | 0:cdf462088d13 | 5404 | if( ( ssl-> in_buf = mbedtls_calloc( 1, len ) ) == NULL || |
markrad | 0:cdf462088d13 | 5405 | ( ssl->out_buf = mbedtls_calloc( 1, len ) ) == NULL ) |
markrad | 0:cdf462088d13 | 5406 | { |
markrad | 0:cdf462088d13 | 5407 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", len ) ); |
markrad | 0:cdf462088d13 | 5408 | mbedtls_free( ssl->in_buf ); |
markrad | 0:cdf462088d13 | 5409 | ssl->in_buf = NULL; |
markrad | 0:cdf462088d13 | 5410 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 5411 | } |
markrad | 0:cdf462088d13 | 5412 | |
markrad | 0:cdf462088d13 | 5413 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5414 | if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 5415 | { |
markrad | 0:cdf462088d13 | 5416 | ssl->out_hdr = ssl->out_buf; |
markrad | 0:cdf462088d13 | 5417 | ssl->out_ctr = ssl->out_buf + 3; |
markrad | 0:cdf462088d13 | 5418 | ssl->out_len = ssl->out_buf + 11; |
markrad | 0:cdf462088d13 | 5419 | ssl->out_iv = ssl->out_buf + 13; |
markrad | 0:cdf462088d13 | 5420 | ssl->out_msg = ssl->out_buf + 13; |
markrad | 0:cdf462088d13 | 5421 | |
markrad | 0:cdf462088d13 | 5422 | ssl->in_hdr = ssl->in_buf; |
markrad | 0:cdf462088d13 | 5423 | ssl->in_ctr = ssl->in_buf + 3; |
markrad | 0:cdf462088d13 | 5424 | ssl->in_len = ssl->in_buf + 11; |
markrad | 0:cdf462088d13 | 5425 | ssl->in_iv = ssl->in_buf + 13; |
markrad | 0:cdf462088d13 | 5426 | ssl->in_msg = ssl->in_buf + 13; |
markrad | 0:cdf462088d13 | 5427 | } |
markrad | 0:cdf462088d13 | 5428 | else |
markrad | 0:cdf462088d13 | 5429 | #endif |
markrad | 0:cdf462088d13 | 5430 | { |
markrad | 0:cdf462088d13 | 5431 | ssl->out_ctr = ssl->out_buf; |
markrad | 0:cdf462088d13 | 5432 | ssl->out_hdr = ssl->out_buf + 8; |
markrad | 0:cdf462088d13 | 5433 | ssl->out_len = ssl->out_buf + 11; |
markrad | 0:cdf462088d13 | 5434 | ssl->out_iv = ssl->out_buf + 13; |
markrad | 0:cdf462088d13 | 5435 | ssl->out_msg = ssl->out_buf + 13; |
markrad | 0:cdf462088d13 | 5436 | |
markrad | 0:cdf462088d13 | 5437 | ssl->in_ctr = ssl->in_buf; |
markrad | 0:cdf462088d13 | 5438 | ssl->in_hdr = ssl->in_buf + 8; |
markrad | 0:cdf462088d13 | 5439 | ssl->in_len = ssl->in_buf + 11; |
markrad | 0:cdf462088d13 | 5440 | ssl->in_iv = ssl->in_buf + 13; |
markrad | 0:cdf462088d13 | 5441 | ssl->in_msg = ssl->in_buf + 13; |
markrad | 0:cdf462088d13 | 5442 | } |
markrad | 0:cdf462088d13 | 5443 | |
markrad | 0:cdf462088d13 | 5444 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5445 | return( ret ); |
markrad | 0:cdf462088d13 | 5446 | |
markrad | 0:cdf462088d13 | 5447 | return( 0 ); |
markrad | 0:cdf462088d13 | 5448 | } |
markrad | 0:cdf462088d13 | 5449 | |
markrad | 0:cdf462088d13 | 5450 | /* |
markrad | 0:cdf462088d13 | 5451 | * Reset an initialized and used SSL context for re-use while retaining |
markrad | 0:cdf462088d13 | 5452 | * all application-set variables, function pointers and data. |
markrad | 0:cdf462088d13 | 5453 | * |
markrad | 0:cdf462088d13 | 5454 | * If partial is non-zero, keep data in the input buffer and client ID. |
markrad | 0:cdf462088d13 | 5455 | * (Use when a DTLS client reconnects from the same port.) |
markrad | 0:cdf462088d13 | 5456 | */ |
markrad | 0:cdf462088d13 | 5457 | static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) |
markrad | 0:cdf462088d13 | 5458 | { |
markrad | 0:cdf462088d13 | 5459 | int ret; |
markrad | 0:cdf462088d13 | 5460 | |
markrad | 0:cdf462088d13 | 5461 | ssl->state = MBEDTLS_SSL_HELLO_REQUEST; |
markrad | 0:cdf462088d13 | 5462 | |
markrad | 0:cdf462088d13 | 5463 | /* Cancel any possibly running timer */ |
markrad | 0:cdf462088d13 | 5464 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 5465 | |
markrad | 0:cdf462088d13 | 5466 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 5467 | ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; |
markrad | 0:cdf462088d13 | 5468 | ssl->renego_records_seen = 0; |
markrad | 0:cdf462088d13 | 5469 | |
markrad | 0:cdf462088d13 | 5470 | ssl->verify_data_len = 0; |
markrad | 0:cdf462088d13 | 5471 | memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); |
markrad | 0:cdf462088d13 | 5472 | memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); |
markrad | 0:cdf462088d13 | 5473 | #endif |
markrad | 0:cdf462088d13 | 5474 | ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; |
markrad | 0:cdf462088d13 | 5475 | |
markrad | 0:cdf462088d13 | 5476 | ssl->in_offt = NULL; |
markrad | 0:cdf462088d13 | 5477 | |
markrad | 0:cdf462088d13 | 5478 | ssl->in_msg = ssl->in_buf + 13; |
markrad | 0:cdf462088d13 | 5479 | ssl->in_msgtype = 0; |
markrad | 0:cdf462088d13 | 5480 | ssl->in_msglen = 0; |
markrad | 0:cdf462088d13 | 5481 | if( partial == 0 ) |
markrad | 0:cdf462088d13 | 5482 | ssl->in_left = 0; |
markrad | 0:cdf462088d13 | 5483 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5484 | ssl->next_record_offset = 0; |
markrad | 0:cdf462088d13 | 5485 | ssl->in_epoch = 0; |
markrad | 0:cdf462088d13 | 5486 | #endif |
markrad | 0:cdf462088d13 | 5487 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 5488 | ssl_dtls_replay_reset( ssl ); |
markrad | 0:cdf462088d13 | 5489 | #endif |
markrad | 0:cdf462088d13 | 5490 | |
markrad | 0:cdf462088d13 | 5491 | ssl->in_hslen = 0; |
markrad | 0:cdf462088d13 | 5492 | ssl->nb_zero = 0; |
markrad | 0:cdf462088d13 | 5493 | ssl->record_read = 0; |
markrad | 0:cdf462088d13 | 5494 | |
markrad | 0:cdf462088d13 | 5495 | ssl->out_msg = ssl->out_buf + 13; |
markrad | 0:cdf462088d13 | 5496 | ssl->out_msgtype = 0; |
markrad | 0:cdf462088d13 | 5497 | ssl->out_msglen = 0; |
markrad | 0:cdf462088d13 | 5498 | ssl->out_left = 0; |
markrad | 0:cdf462088d13 | 5499 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
markrad | 0:cdf462088d13 | 5500 | if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ) |
markrad | 0:cdf462088d13 | 5501 | ssl->split_done = 0; |
markrad | 0:cdf462088d13 | 5502 | #endif |
markrad | 0:cdf462088d13 | 5503 | |
markrad | 0:cdf462088d13 | 5504 | ssl->transform_in = NULL; |
markrad | 0:cdf462088d13 | 5505 | ssl->transform_out = NULL; |
markrad | 0:cdf462088d13 | 5506 | |
markrad | 0:cdf462088d13 | 5507 | memset( ssl->out_buf, 0, MBEDTLS_SSL_BUFFER_LEN ); |
markrad | 0:cdf462088d13 | 5508 | if( partial == 0 ) |
markrad | 0:cdf462088d13 | 5509 | memset( ssl->in_buf, 0, MBEDTLS_SSL_BUFFER_LEN ); |
markrad | 0:cdf462088d13 | 5510 | |
markrad | 0:cdf462088d13 | 5511 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 5512 | if( mbedtls_ssl_hw_record_reset != NULL ) |
markrad | 0:cdf462088d13 | 5513 | { |
markrad | 0:cdf462088d13 | 5514 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_reset()" ) ); |
markrad | 0:cdf462088d13 | 5515 | if( ( ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5516 | { |
markrad | 0:cdf462088d13 | 5517 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_reset", ret ); |
markrad | 0:cdf462088d13 | 5518 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 5519 | } |
markrad | 0:cdf462088d13 | 5520 | } |
markrad | 0:cdf462088d13 | 5521 | #endif |
markrad | 0:cdf462088d13 | 5522 | |
markrad | 0:cdf462088d13 | 5523 | if( ssl->transform ) |
markrad | 0:cdf462088d13 | 5524 | { |
markrad | 0:cdf462088d13 | 5525 | mbedtls_ssl_transform_free( ssl->transform ); |
markrad | 0:cdf462088d13 | 5526 | mbedtls_free( ssl->transform ); |
markrad | 0:cdf462088d13 | 5527 | ssl->transform = NULL; |
markrad | 0:cdf462088d13 | 5528 | } |
markrad | 0:cdf462088d13 | 5529 | |
markrad | 0:cdf462088d13 | 5530 | if( ssl->session ) |
markrad | 0:cdf462088d13 | 5531 | { |
markrad | 0:cdf462088d13 | 5532 | mbedtls_ssl_session_free( ssl->session ); |
markrad | 0:cdf462088d13 | 5533 | mbedtls_free( ssl->session ); |
markrad | 0:cdf462088d13 | 5534 | ssl->session = NULL; |
markrad | 0:cdf462088d13 | 5535 | } |
markrad | 0:cdf462088d13 | 5536 | |
markrad | 0:cdf462088d13 | 5537 | #if defined(MBEDTLS_SSL_ALPN) |
markrad | 0:cdf462088d13 | 5538 | ssl->alpn_chosen = NULL; |
markrad | 0:cdf462088d13 | 5539 | #endif |
markrad | 0:cdf462088d13 | 5540 | |
markrad | 0:cdf462088d13 | 5541 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 5542 | if( partial == 0 ) |
markrad | 0:cdf462088d13 | 5543 | { |
markrad | 0:cdf462088d13 | 5544 | mbedtls_free( ssl->cli_id ); |
markrad | 0:cdf462088d13 | 5545 | ssl->cli_id = NULL; |
markrad | 0:cdf462088d13 | 5546 | ssl->cli_id_len = 0; |
markrad | 0:cdf462088d13 | 5547 | } |
markrad | 0:cdf462088d13 | 5548 | #endif |
markrad | 0:cdf462088d13 | 5549 | |
markrad | 0:cdf462088d13 | 5550 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5551 | return( ret ); |
markrad | 0:cdf462088d13 | 5552 | |
markrad | 0:cdf462088d13 | 5553 | return( 0 ); |
markrad | 0:cdf462088d13 | 5554 | } |
markrad | 0:cdf462088d13 | 5555 | |
markrad | 0:cdf462088d13 | 5556 | /* |
markrad | 0:cdf462088d13 | 5557 | * Reset an initialized and used SSL context for re-use while retaining |
markrad | 0:cdf462088d13 | 5558 | * all application-set variables, function pointers and data. |
markrad | 0:cdf462088d13 | 5559 | */ |
markrad | 0:cdf462088d13 | 5560 | int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 5561 | { |
markrad | 0:cdf462088d13 | 5562 | return( ssl_session_reset_int( ssl, 0 ) ); |
markrad | 0:cdf462088d13 | 5563 | } |
markrad | 0:cdf462088d13 | 5564 | |
markrad | 0:cdf462088d13 | 5565 | /* |
markrad | 0:cdf462088d13 | 5566 | * SSL set accessors |
markrad | 0:cdf462088d13 | 5567 | */ |
markrad | 0:cdf462088d13 | 5568 | void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ) |
markrad | 0:cdf462088d13 | 5569 | { |
markrad | 0:cdf462088d13 | 5570 | conf->endpoint = endpoint; |
markrad | 0:cdf462088d13 | 5571 | } |
markrad | 0:cdf462088d13 | 5572 | |
markrad | 0:cdf462088d13 | 5573 | void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ) |
markrad | 0:cdf462088d13 | 5574 | { |
markrad | 0:cdf462088d13 | 5575 | conf->transport = transport; |
markrad | 0:cdf462088d13 | 5576 | } |
markrad | 0:cdf462088d13 | 5577 | |
markrad | 0:cdf462088d13 | 5578 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 5579 | void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ) |
markrad | 0:cdf462088d13 | 5580 | { |
markrad | 0:cdf462088d13 | 5581 | conf->anti_replay = mode; |
markrad | 0:cdf462088d13 | 5582 | } |
markrad | 0:cdf462088d13 | 5583 | #endif |
markrad | 0:cdf462088d13 | 5584 | |
markrad | 0:cdf462088d13 | 5585 | #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) |
markrad | 0:cdf462088d13 | 5586 | void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ) |
markrad | 0:cdf462088d13 | 5587 | { |
markrad | 0:cdf462088d13 | 5588 | conf->badmac_limit = limit; |
markrad | 0:cdf462088d13 | 5589 | } |
markrad | 0:cdf462088d13 | 5590 | #endif |
markrad | 0:cdf462088d13 | 5591 | |
markrad | 0:cdf462088d13 | 5592 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5593 | void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ) |
markrad | 0:cdf462088d13 | 5594 | { |
markrad | 0:cdf462088d13 | 5595 | conf->hs_timeout_min = min; |
markrad | 0:cdf462088d13 | 5596 | conf->hs_timeout_max = max; |
markrad | 0:cdf462088d13 | 5597 | } |
markrad | 0:cdf462088d13 | 5598 | #endif |
markrad | 0:cdf462088d13 | 5599 | |
markrad | 0:cdf462088d13 | 5600 | void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ) |
markrad | 0:cdf462088d13 | 5601 | { |
markrad | 0:cdf462088d13 | 5602 | conf->authmode = authmode; |
markrad | 0:cdf462088d13 | 5603 | } |
markrad | 0:cdf462088d13 | 5604 | |
markrad | 0:cdf462088d13 | 5605 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 5606 | void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5607 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
markrad | 0:cdf462088d13 | 5608 | void *p_vrfy ) |
markrad | 0:cdf462088d13 | 5609 | { |
markrad | 0:cdf462088d13 | 5610 | conf->f_vrfy = f_vrfy; |
markrad | 0:cdf462088d13 | 5611 | conf->p_vrfy = p_vrfy; |
markrad | 0:cdf462088d13 | 5612 | } |
markrad | 0:cdf462088d13 | 5613 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
markrad | 0:cdf462088d13 | 5614 | |
markrad | 0:cdf462088d13 | 5615 | void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5616 | int (*f_rng)(void *, unsigned char *, size_t), |
markrad | 0:cdf462088d13 | 5617 | void *p_rng ) |
markrad | 0:cdf462088d13 | 5618 | { |
markrad | 0:cdf462088d13 | 5619 | conf->f_rng = f_rng; |
markrad | 0:cdf462088d13 | 5620 | conf->p_rng = p_rng; |
markrad | 0:cdf462088d13 | 5621 | } |
markrad | 0:cdf462088d13 | 5622 | |
markrad | 0:cdf462088d13 | 5623 | void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5624 | void (*f_dbg)(void *, int, const char *, int, const char *), |
markrad | 0:cdf462088d13 | 5625 | void *p_dbg ) |
markrad | 0:cdf462088d13 | 5626 | { |
markrad | 0:cdf462088d13 | 5627 | conf->f_dbg = f_dbg; |
markrad | 0:cdf462088d13 | 5628 | conf->p_dbg = p_dbg; |
markrad | 0:cdf462088d13 | 5629 | } |
markrad | 0:cdf462088d13 | 5630 | |
markrad | 0:cdf462088d13 | 5631 | void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 5632 | void *p_bio, |
markrad | 0:cdf462088d13 | 5633 | mbedtls_ssl_send_t *f_send, |
markrad | 0:cdf462088d13 | 5634 | mbedtls_ssl_recv_t *f_recv, |
markrad | 0:cdf462088d13 | 5635 | mbedtls_ssl_recv_timeout_t *f_recv_timeout ) |
markrad | 0:cdf462088d13 | 5636 | { |
markrad | 0:cdf462088d13 | 5637 | ssl->p_bio = p_bio; |
markrad | 0:cdf462088d13 | 5638 | ssl->f_send = f_send; |
markrad | 0:cdf462088d13 | 5639 | ssl->f_recv = f_recv; |
markrad | 0:cdf462088d13 | 5640 | ssl->f_recv_timeout = f_recv_timeout; |
markrad | 0:cdf462088d13 | 5641 | } |
markrad | 0:cdf462088d13 | 5642 | |
markrad | 0:cdf462088d13 | 5643 | void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) |
markrad | 0:cdf462088d13 | 5644 | { |
markrad | 0:cdf462088d13 | 5645 | conf->read_timeout = timeout; |
markrad | 0:cdf462088d13 | 5646 | } |
markrad | 0:cdf462088d13 | 5647 | |
markrad | 0:cdf462088d13 | 5648 | void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 5649 | void *p_timer, |
markrad | 0:cdf462088d13 | 5650 | mbedtls_ssl_set_timer_t *f_set_timer, |
markrad | 0:cdf462088d13 | 5651 | mbedtls_ssl_get_timer_t *f_get_timer ) |
markrad | 0:cdf462088d13 | 5652 | { |
markrad | 0:cdf462088d13 | 5653 | ssl->p_timer = p_timer; |
markrad | 0:cdf462088d13 | 5654 | ssl->f_set_timer = f_set_timer; |
markrad | 0:cdf462088d13 | 5655 | ssl->f_get_timer = f_get_timer; |
markrad | 0:cdf462088d13 | 5656 | |
markrad | 0:cdf462088d13 | 5657 | /* Make sure we start with no timer running */ |
markrad | 0:cdf462088d13 | 5658 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 5659 | } |
markrad | 0:cdf462088d13 | 5660 | |
markrad | 0:cdf462088d13 | 5661 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 5662 | void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5663 | void *p_cache, |
markrad | 0:cdf462088d13 | 5664 | int (*f_get_cache)(void *, mbedtls_ssl_session *), |
markrad | 0:cdf462088d13 | 5665 | int (*f_set_cache)(void *, const mbedtls_ssl_session *) ) |
markrad | 0:cdf462088d13 | 5666 | { |
markrad | 0:cdf462088d13 | 5667 | conf->p_cache = p_cache; |
markrad | 0:cdf462088d13 | 5668 | conf->f_get_cache = f_get_cache; |
markrad | 0:cdf462088d13 | 5669 | conf->f_set_cache = f_set_cache; |
markrad | 0:cdf462088d13 | 5670 | } |
markrad | 0:cdf462088d13 | 5671 | #endif /* MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 5672 | |
markrad | 0:cdf462088d13 | 5673 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 5674 | int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ) |
markrad | 0:cdf462088d13 | 5675 | { |
markrad | 0:cdf462088d13 | 5676 | int ret; |
markrad | 0:cdf462088d13 | 5677 | |
markrad | 0:cdf462088d13 | 5678 | if( ssl == NULL || |
markrad | 0:cdf462088d13 | 5679 | session == NULL || |
markrad | 0:cdf462088d13 | 5680 | ssl->session_negotiate == NULL || |
markrad | 0:cdf462088d13 | 5681 | ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 5682 | { |
markrad | 0:cdf462088d13 | 5683 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 5684 | } |
markrad | 0:cdf462088d13 | 5685 | |
markrad | 0:cdf462088d13 | 5686 | if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5687 | return( ret ); |
markrad | 0:cdf462088d13 | 5688 | |
markrad | 0:cdf462088d13 | 5689 | ssl->handshake->resume = 1; |
markrad | 0:cdf462088d13 | 5690 | |
markrad | 0:cdf462088d13 | 5691 | return( 0 ); |
markrad | 0:cdf462088d13 | 5692 | } |
markrad | 0:cdf462088d13 | 5693 | #endif /* MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 5694 | |
markrad | 0:cdf462088d13 | 5695 | void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5696 | const int *ciphersuites ) |
markrad | 0:cdf462088d13 | 5697 | { |
markrad | 0:cdf462088d13 | 5698 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites; |
markrad | 0:cdf462088d13 | 5699 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites; |
markrad | 0:cdf462088d13 | 5700 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites; |
markrad | 0:cdf462088d13 | 5701 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites; |
markrad | 0:cdf462088d13 | 5702 | } |
markrad | 0:cdf462088d13 | 5703 | |
markrad | 0:cdf462088d13 | 5704 | void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5705 | const int *ciphersuites, |
markrad | 0:cdf462088d13 | 5706 | int major, int minor ) |
markrad | 0:cdf462088d13 | 5707 | { |
markrad | 0:cdf462088d13 | 5708 | if( major != MBEDTLS_SSL_MAJOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 5709 | return; |
markrad | 0:cdf462088d13 | 5710 | |
markrad | 0:cdf462088d13 | 5711 | if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 5712 | return; |
markrad | 0:cdf462088d13 | 5713 | |
markrad | 0:cdf462088d13 | 5714 | conf->ciphersuite_list[minor] = ciphersuites; |
markrad | 0:cdf462088d13 | 5715 | } |
markrad | 0:cdf462088d13 | 5716 | |
markrad | 0:cdf462088d13 | 5717 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 5718 | void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5719 | const mbedtls_x509_crt_profile *profile ) |
markrad | 0:cdf462088d13 | 5720 | { |
markrad | 0:cdf462088d13 | 5721 | conf->cert_profile = profile; |
markrad | 0:cdf462088d13 | 5722 | } |
markrad | 0:cdf462088d13 | 5723 | |
markrad | 0:cdf462088d13 | 5724 | /* Append a new keycert entry to a (possibly empty) list */ |
markrad | 0:cdf462088d13 | 5725 | static int ssl_append_key_cert( mbedtls_ssl_key_cert **head, |
markrad | 0:cdf462088d13 | 5726 | mbedtls_x509_crt *cert, |
markrad | 0:cdf462088d13 | 5727 | mbedtls_pk_context *key ) |
markrad | 0:cdf462088d13 | 5728 | { |
markrad | 0:cdf462088d13 | 5729 | mbedtls_ssl_key_cert *new; |
markrad | 0:cdf462088d13 | 5730 | |
markrad | 0:cdf462088d13 | 5731 | new = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) ); |
markrad | 0:cdf462088d13 | 5732 | if( new == NULL ) |
markrad | 0:cdf462088d13 | 5733 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 5734 | |
markrad | 0:cdf462088d13 | 5735 | new->cert = cert; |
markrad | 0:cdf462088d13 | 5736 | new->key = key; |
markrad | 0:cdf462088d13 | 5737 | new->next = NULL; |
markrad | 0:cdf462088d13 | 5738 | |
markrad | 0:cdf462088d13 | 5739 | /* Update head is the list was null, else add to the end */ |
markrad | 0:cdf462088d13 | 5740 | if( *head == NULL ) |
markrad | 0:cdf462088d13 | 5741 | { |
markrad | 0:cdf462088d13 | 5742 | *head = new; |
markrad | 0:cdf462088d13 | 5743 | } |
markrad | 0:cdf462088d13 | 5744 | else |
markrad | 0:cdf462088d13 | 5745 | { |
markrad | 0:cdf462088d13 | 5746 | mbedtls_ssl_key_cert *cur = *head; |
markrad | 0:cdf462088d13 | 5747 | while( cur->next != NULL ) |
markrad | 0:cdf462088d13 | 5748 | cur = cur->next; |
markrad | 0:cdf462088d13 | 5749 | cur->next = new; |
markrad | 0:cdf462088d13 | 5750 | } |
markrad | 0:cdf462088d13 | 5751 | |
markrad | 0:cdf462088d13 | 5752 | return( 0 ); |
markrad | 0:cdf462088d13 | 5753 | } |
markrad | 0:cdf462088d13 | 5754 | |
markrad | 0:cdf462088d13 | 5755 | int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5756 | mbedtls_x509_crt *own_cert, |
markrad | 0:cdf462088d13 | 5757 | mbedtls_pk_context *pk_key ) |
markrad | 0:cdf462088d13 | 5758 | { |
markrad | 0:cdf462088d13 | 5759 | return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) ); |
markrad | 0:cdf462088d13 | 5760 | } |
markrad | 0:cdf462088d13 | 5761 | |
markrad | 0:cdf462088d13 | 5762 | void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5763 | mbedtls_x509_crt *ca_chain, |
markrad | 0:cdf462088d13 | 5764 | mbedtls_x509_crl *ca_crl ) |
markrad | 0:cdf462088d13 | 5765 | { |
markrad | 0:cdf462088d13 | 5766 | conf->ca_chain = ca_chain; |
markrad | 0:cdf462088d13 | 5767 | conf->ca_crl = ca_crl; |
markrad | 0:cdf462088d13 | 5768 | } |
markrad | 0:cdf462088d13 | 5769 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
markrad | 0:cdf462088d13 | 5770 | |
markrad | 0:cdf462088d13 | 5771 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
markrad | 0:cdf462088d13 | 5772 | int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 5773 | mbedtls_x509_crt *own_cert, |
markrad | 0:cdf462088d13 | 5774 | mbedtls_pk_context *pk_key ) |
markrad | 0:cdf462088d13 | 5775 | { |
markrad | 0:cdf462088d13 | 5776 | return( ssl_append_key_cert( &ssl->handshake->sni_key_cert, |
markrad | 0:cdf462088d13 | 5777 | own_cert, pk_key ) ); |
markrad | 0:cdf462088d13 | 5778 | } |
markrad | 0:cdf462088d13 | 5779 | |
markrad | 0:cdf462088d13 | 5780 | void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 5781 | mbedtls_x509_crt *ca_chain, |
markrad | 0:cdf462088d13 | 5782 | mbedtls_x509_crl *ca_crl ) |
markrad | 0:cdf462088d13 | 5783 | { |
markrad | 0:cdf462088d13 | 5784 | ssl->handshake->sni_ca_chain = ca_chain; |
markrad | 0:cdf462088d13 | 5785 | ssl->handshake->sni_ca_crl = ca_crl; |
markrad | 0:cdf462088d13 | 5786 | } |
markrad | 0:cdf462088d13 | 5787 | |
markrad | 0:cdf462088d13 | 5788 | void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 5789 | int authmode ) |
markrad | 0:cdf462088d13 | 5790 | { |
markrad | 0:cdf462088d13 | 5791 | ssl->handshake->sni_authmode = authmode; |
markrad | 0:cdf462088d13 | 5792 | } |
markrad | 0:cdf462088d13 | 5793 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
markrad | 0:cdf462088d13 | 5794 | |
markrad | 0:cdf462088d13 | 5795 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
markrad | 0:cdf462088d13 | 5796 | /* |
markrad | 0:cdf462088d13 | 5797 | * Set EC J-PAKE password for current handshake |
markrad | 0:cdf462088d13 | 5798 | */ |
markrad | 0:cdf462088d13 | 5799 | int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 5800 | const unsigned char *pw, |
markrad | 0:cdf462088d13 | 5801 | size_t pw_len ) |
markrad | 0:cdf462088d13 | 5802 | { |
markrad | 0:cdf462088d13 | 5803 | mbedtls_ecjpake_role role; |
markrad | 0:cdf462088d13 | 5804 | |
markrad | 0:cdf462088d13 | 5805 | if( ssl->handshake == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 5806 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 5807 | |
markrad | 0:cdf462088d13 | 5808 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 5809 | role = MBEDTLS_ECJPAKE_SERVER; |
markrad | 0:cdf462088d13 | 5810 | else |
markrad | 0:cdf462088d13 | 5811 | role = MBEDTLS_ECJPAKE_CLIENT; |
markrad | 0:cdf462088d13 | 5812 | |
markrad | 0:cdf462088d13 | 5813 | return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx, |
markrad | 0:cdf462088d13 | 5814 | role, |
markrad | 0:cdf462088d13 | 5815 | MBEDTLS_MD_SHA256, |
markrad | 0:cdf462088d13 | 5816 | MBEDTLS_ECP_DP_SECP256R1, |
markrad | 0:cdf462088d13 | 5817 | pw, pw_len ) ); |
markrad | 0:cdf462088d13 | 5818 | } |
markrad | 0:cdf462088d13 | 5819 | #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
markrad | 0:cdf462088d13 | 5820 | |
markrad | 0:cdf462088d13 | 5821 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
markrad | 0:cdf462088d13 | 5822 | int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5823 | const unsigned char *psk, size_t psk_len, |
markrad | 0:cdf462088d13 | 5824 | const unsigned char *psk_identity, size_t psk_identity_len ) |
markrad | 0:cdf462088d13 | 5825 | { |
markrad | 0:cdf462088d13 | 5826 | if( psk == NULL || psk_identity == NULL ) |
markrad | 0:cdf462088d13 | 5827 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 5828 | |
markrad | 0:cdf462088d13 | 5829 | if( psk_len > MBEDTLS_PSK_MAX_LEN ) |
markrad | 0:cdf462088d13 | 5830 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 5831 | |
markrad | 0:cdf462088d13 | 5832 | /* Identity len will be encoded on two bytes */ |
markrad | 0:cdf462088d13 | 5833 | if( ( psk_identity_len >> 16 ) != 0 || |
markrad | 0:cdf462088d13 | 5834 | psk_identity_len > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
markrad | 0:cdf462088d13 | 5835 | { |
markrad | 0:cdf462088d13 | 5836 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 5837 | } |
markrad | 0:cdf462088d13 | 5838 | |
markrad | 0:cdf462088d13 | 5839 | if( conf->psk != NULL || conf->psk_identity != NULL ) |
markrad | 0:cdf462088d13 | 5840 | { |
markrad | 0:cdf462088d13 | 5841 | mbedtls_free( conf->psk ); |
markrad | 0:cdf462088d13 | 5842 | mbedtls_free( conf->psk_identity ); |
markrad | 0:cdf462088d13 | 5843 | conf->psk = NULL; |
markrad | 0:cdf462088d13 | 5844 | conf->psk_identity = NULL; |
markrad | 0:cdf462088d13 | 5845 | } |
markrad | 0:cdf462088d13 | 5846 | |
markrad | 0:cdf462088d13 | 5847 | if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL || |
markrad | 0:cdf462088d13 | 5848 | ( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL ) |
markrad | 0:cdf462088d13 | 5849 | { |
markrad | 0:cdf462088d13 | 5850 | mbedtls_free( conf->psk ); |
markrad | 0:cdf462088d13 | 5851 | mbedtls_free( conf->psk_identity ); |
markrad | 0:cdf462088d13 | 5852 | conf->psk = NULL; |
markrad | 0:cdf462088d13 | 5853 | conf->psk_identity = NULL; |
markrad | 0:cdf462088d13 | 5854 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 5855 | } |
markrad | 0:cdf462088d13 | 5856 | |
markrad | 0:cdf462088d13 | 5857 | conf->psk_len = psk_len; |
markrad | 0:cdf462088d13 | 5858 | conf->psk_identity_len = psk_identity_len; |
markrad | 0:cdf462088d13 | 5859 | |
markrad | 0:cdf462088d13 | 5860 | memcpy( conf->psk, psk, conf->psk_len ); |
markrad | 0:cdf462088d13 | 5861 | memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len ); |
markrad | 0:cdf462088d13 | 5862 | |
markrad | 0:cdf462088d13 | 5863 | return( 0 ); |
markrad | 0:cdf462088d13 | 5864 | } |
markrad | 0:cdf462088d13 | 5865 | |
markrad | 0:cdf462088d13 | 5866 | int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 5867 | const unsigned char *psk, size_t psk_len ) |
markrad | 0:cdf462088d13 | 5868 | { |
markrad | 0:cdf462088d13 | 5869 | if( psk == NULL || ssl->handshake == NULL ) |
markrad | 0:cdf462088d13 | 5870 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 5871 | |
markrad | 0:cdf462088d13 | 5872 | if( psk_len > MBEDTLS_PSK_MAX_LEN ) |
markrad | 0:cdf462088d13 | 5873 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 5874 | |
markrad | 0:cdf462088d13 | 5875 | if( ssl->handshake->psk != NULL ) |
markrad | 0:cdf462088d13 | 5876 | mbedtls_free( ssl->handshake->psk ); |
markrad | 0:cdf462088d13 | 5877 | |
markrad | 0:cdf462088d13 | 5878 | if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) |
markrad | 0:cdf462088d13 | 5879 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 5880 | |
markrad | 0:cdf462088d13 | 5881 | ssl->handshake->psk_len = psk_len; |
markrad | 0:cdf462088d13 | 5882 | memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len ); |
markrad | 0:cdf462088d13 | 5883 | |
markrad | 0:cdf462088d13 | 5884 | return( 0 ); |
markrad | 0:cdf462088d13 | 5885 | } |
markrad | 0:cdf462088d13 | 5886 | |
markrad | 0:cdf462088d13 | 5887 | void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5888 | int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, |
markrad | 0:cdf462088d13 | 5889 | size_t), |
markrad | 0:cdf462088d13 | 5890 | void *p_psk ) |
markrad | 0:cdf462088d13 | 5891 | { |
markrad | 0:cdf462088d13 | 5892 | conf->f_psk = f_psk; |
markrad | 0:cdf462088d13 | 5893 | conf->p_psk = p_psk; |
markrad | 0:cdf462088d13 | 5894 | } |
markrad | 0:cdf462088d13 | 5895 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
markrad | 0:cdf462088d13 | 5896 | |
markrad | 0:cdf462088d13 | 5897 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 5898 | int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ) |
markrad | 0:cdf462088d13 | 5899 | { |
markrad | 0:cdf462088d13 | 5900 | int ret; |
markrad | 0:cdf462088d13 | 5901 | |
markrad | 0:cdf462088d13 | 5902 | if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 || |
markrad | 0:cdf462088d13 | 5903 | ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5904 | { |
markrad | 0:cdf462088d13 | 5905 | mbedtls_mpi_free( &conf->dhm_P ); |
markrad | 0:cdf462088d13 | 5906 | mbedtls_mpi_free( &conf->dhm_G ); |
markrad | 0:cdf462088d13 | 5907 | return( ret ); |
markrad | 0:cdf462088d13 | 5908 | } |
markrad | 0:cdf462088d13 | 5909 | |
markrad | 0:cdf462088d13 | 5910 | return( 0 ); |
markrad | 0:cdf462088d13 | 5911 | } |
markrad | 0:cdf462088d13 | 5912 | |
markrad | 0:cdf462088d13 | 5913 | int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ) |
markrad | 0:cdf462088d13 | 5914 | { |
markrad | 0:cdf462088d13 | 5915 | int ret; |
markrad | 0:cdf462088d13 | 5916 | |
markrad | 0:cdf462088d13 | 5917 | if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 || |
markrad | 0:cdf462088d13 | 5918 | ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5919 | { |
markrad | 0:cdf462088d13 | 5920 | mbedtls_mpi_free( &conf->dhm_P ); |
markrad | 0:cdf462088d13 | 5921 | mbedtls_mpi_free( &conf->dhm_G ); |
markrad | 0:cdf462088d13 | 5922 | return( ret ); |
markrad | 0:cdf462088d13 | 5923 | } |
markrad | 0:cdf462088d13 | 5924 | |
markrad | 0:cdf462088d13 | 5925 | return( 0 ); |
markrad | 0:cdf462088d13 | 5926 | } |
markrad | 0:cdf462088d13 | 5927 | #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 5928 | |
markrad | 0:cdf462088d13 | 5929 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 5930 | /* |
markrad | 0:cdf462088d13 | 5931 | * Set the minimum length for Diffie-Hellman parameters |
markrad | 0:cdf462088d13 | 5932 | */ |
markrad | 0:cdf462088d13 | 5933 | void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5934 | unsigned int bitlen ) |
markrad | 0:cdf462088d13 | 5935 | { |
markrad | 0:cdf462088d13 | 5936 | conf->dhm_min_bitlen = bitlen; |
markrad | 0:cdf462088d13 | 5937 | } |
markrad | 0:cdf462088d13 | 5938 | #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 5939 | |
markrad | 0:cdf462088d13 | 5940 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
markrad | 0:cdf462088d13 | 5941 | /* |
markrad | 0:cdf462088d13 | 5942 | * Set allowed/preferred hashes for handshake signatures |
markrad | 0:cdf462088d13 | 5943 | */ |
markrad | 0:cdf462088d13 | 5944 | void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5945 | const int *hashes ) |
markrad | 0:cdf462088d13 | 5946 | { |
markrad | 0:cdf462088d13 | 5947 | conf->sig_hashes = hashes; |
markrad | 0:cdf462088d13 | 5948 | } |
markrad | 0:cdf462088d13 | 5949 | #endif |
markrad | 0:cdf462088d13 | 5950 | |
markrad | 0:cdf462088d13 | 5951 | #if defined(MBEDTLS_ECP_C) |
markrad | 0:cdf462088d13 | 5952 | /* |
markrad | 0:cdf462088d13 | 5953 | * Set the allowed elliptic curves |
markrad | 0:cdf462088d13 | 5954 | */ |
markrad | 0:cdf462088d13 | 5955 | void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5956 | const mbedtls_ecp_group_id *curve_list ) |
markrad | 0:cdf462088d13 | 5957 | { |
markrad | 0:cdf462088d13 | 5958 | conf->curve_list = curve_list; |
markrad | 0:cdf462088d13 | 5959 | } |
markrad | 0:cdf462088d13 | 5960 | #endif |
markrad | 0:cdf462088d13 | 5961 | |
markrad | 0:cdf462088d13 | 5962 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 5963 | int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) |
markrad | 0:cdf462088d13 | 5964 | { |
markrad | 0:cdf462088d13 | 5965 | size_t hostname_len; |
markrad | 0:cdf462088d13 | 5966 | |
markrad | 0:cdf462088d13 | 5967 | if( hostname == NULL ) |
markrad | 0:cdf462088d13 | 5968 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 5969 | |
markrad | 0:cdf462088d13 | 5970 | hostname_len = strlen( hostname ); |
markrad | 0:cdf462088d13 | 5971 | |
markrad | 0:cdf462088d13 | 5972 | if( hostname_len + 1 == 0 ) |
markrad | 0:cdf462088d13 | 5973 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 5974 | |
markrad | 0:cdf462088d13 | 5975 | if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) |
markrad | 0:cdf462088d13 | 5976 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 5977 | |
markrad | 0:cdf462088d13 | 5978 | ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); |
markrad | 0:cdf462088d13 | 5979 | |
markrad | 0:cdf462088d13 | 5980 | if( ssl->hostname == NULL ) |
markrad | 0:cdf462088d13 | 5981 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 5982 | |
markrad | 0:cdf462088d13 | 5983 | memcpy( ssl->hostname, hostname, hostname_len ); |
markrad | 0:cdf462088d13 | 5984 | |
markrad | 0:cdf462088d13 | 5985 | ssl->hostname[hostname_len] = '\0'; |
markrad | 0:cdf462088d13 | 5986 | |
markrad | 0:cdf462088d13 | 5987 | return( 0 ); |
markrad | 0:cdf462088d13 | 5988 | } |
markrad | 0:cdf462088d13 | 5989 | #endif |
markrad | 0:cdf462088d13 | 5990 | |
markrad | 0:cdf462088d13 | 5991 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
markrad | 0:cdf462088d13 | 5992 | void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5993 | int (*f_sni)(void *, mbedtls_ssl_context *, |
markrad | 0:cdf462088d13 | 5994 | const unsigned char *, size_t), |
markrad | 0:cdf462088d13 | 5995 | void *p_sni ) |
markrad | 0:cdf462088d13 | 5996 | { |
markrad | 0:cdf462088d13 | 5997 | conf->f_sni = f_sni; |
markrad | 0:cdf462088d13 | 5998 | conf->p_sni = p_sni; |
markrad | 0:cdf462088d13 | 5999 | } |
markrad | 0:cdf462088d13 | 6000 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
markrad | 0:cdf462088d13 | 6001 | |
markrad | 0:cdf462088d13 | 6002 | #if defined(MBEDTLS_SSL_ALPN) |
markrad | 0:cdf462088d13 | 6003 | int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ) |
markrad | 0:cdf462088d13 | 6004 | { |
markrad | 0:cdf462088d13 | 6005 | size_t cur_len, tot_len; |
markrad | 0:cdf462088d13 | 6006 | const char **p; |
markrad | 0:cdf462088d13 | 6007 | |
markrad | 0:cdf462088d13 | 6008 | /* |
markrad | 0:cdf462088d13 | 6009 | * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings |
markrad | 0:cdf462088d13 | 6010 | * MUST NOT be truncated." |
markrad | 0:cdf462088d13 | 6011 | * We check lengths now rather than later. |
markrad | 0:cdf462088d13 | 6012 | */ |
markrad | 0:cdf462088d13 | 6013 | tot_len = 0; |
markrad | 0:cdf462088d13 | 6014 | for( p = protos; *p != NULL; p++ ) |
markrad | 0:cdf462088d13 | 6015 | { |
markrad | 0:cdf462088d13 | 6016 | cur_len = strlen( *p ); |
markrad | 0:cdf462088d13 | 6017 | tot_len += cur_len; |
markrad | 0:cdf462088d13 | 6018 | |
markrad | 0:cdf462088d13 | 6019 | if( cur_len == 0 || cur_len > 255 || tot_len > 65535 ) |
markrad | 0:cdf462088d13 | 6020 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6021 | } |
markrad | 0:cdf462088d13 | 6022 | |
markrad | 0:cdf462088d13 | 6023 | conf->alpn_list = protos; |
markrad | 0:cdf462088d13 | 6024 | |
markrad | 0:cdf462088d13 | 6025 | return( 0 ); |
markrad | 0:cdf462088d13 | 6026 | } |
markrad | 0:cdf462088d13 | 6027 | |
markrad | 0:cdf462088d13 | 6028 | const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6029 | { |
markrad | 0:cdf462088d13 | 6030 | return( ssl->alpn_chosen ); |
markrad | 0:cdf462088d13 | 6031 | } |
markrad | 0:cdf462088d13 | 6032 | #endif /* MBEDTLS_SSL_ALPN */ |
markrad | 0:cdf462088d13 | 6033 | |
markrad | 0:cdf462088d13 | 6034 | void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) |
markrad | 0:cdf462088d13 | 6035 | { |
markrad | 0:cdf462088d13 | 6036 | conf->max_major_ver = major; |
markrad | 0:cdf462088d13 | 6037 | conf->max_minor_ver = minor; |
markrad | 0:cdf462088d13 | 6038 | } |
markrad | 0:cdf462088d13 | 6039 | |
markrad | 0:cdf462088d13 | 6040 | void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ) |
markrad | 0:cdf462088d13 | 6041 | { |
markrad | 0:cdf462088d13 | 6042 | conf->min_major_ver = major; |
markrad | 0:cdf462088d13 | 6043 | conf->min_minor_ver = minor; |
markrad | 0:cdf462088d13 | 6044 | } |
markrad | 0:cdf462088d13 | 6045 | |
markrad | 0:cdf462088d13 | 6046 | #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6047 | void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ) |
markrad | 0:cdf462088d13 | 6048 | { |
markrad | 0:cdf462088d13 | 6049 | conf->fallback = fallback; |
markrad | 0:cdf462088d13 | 6050 | } |
markrad | 0:cdf462088d13 | 6051 | #endif |
markrad | 0:cdf462088d13 | 6052 | |
markrad | 0:cdf462088d13 | 6053 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 6054 | void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ) |
markrad | 0:cdf462088d13 | 6055 | { |
markrad | 0:cdf462088d13 | 6056 | conf->encrypt_then_mac = etm; |
markrad | 0:cdf462088d13 | 6057 | } |
markrad | 0:cdf462088d13 | 6058 | #endif |
markrad | 0:cdf462088d13 | 6059 | |
markrad | 0:cdf462088d13 | 6060 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
markrad | 0:cdf462088d13 | 6061 | void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ) |
markrad | 0:cdf462088d13 | 6062 | { |
markrad | 0:cdf462088d13 | 6063 | conf->extended_ms = ems; |
markrad | 0:cdf462088d13 | 6064 | } |
markrad | 0:cdf462088d13 | 6065 | #endif |
markrad | 0:cdf462088d13 | 6066 | |
markrad | 0:cdf462088d13 | 6067 | #if defined(MBEDTLS_ARC4_C) |
markrad | 0:cdf462088d13 | 6068 | void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ) |
markrad | 0:cdf462088d13 | 6069 | { |
markrad | 0:cdf462088d13 | 6070 | conf->arc4_disabled = arc4; |
markrad | 0:cdf462088d13 | 6071 | } |
markrad | 0:cdf462088d13 | 6072 | #endif |
markrad | 0:cdf462088d13 | 6073 | |
markrad | 0:cdf462088d13 | 6074 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
markrad | 0:cdf462088d13 | 6075 | int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code ) |
markrad | 0:cdf462088d13 | 6076 | { |
markrad | 0:cdf462088d13 | 6077 | if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID || |
markrad | 0:cdf462088d13 | 6078 | mfl_code_to_length[mfl_code] > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
markrad | 0:cdf462088d13 | 6079 | { |
markrad | 0:cdf462088d13 | 6080 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6081 | } |
markrad | 0:cdf462088d13 | 6082 | |
markrad | 0:cdf462088d13 | 6083 | conf->mfl_code = mfl_code; |
markrad | 0:cdf462088d13 | 6084 | |
markrad | 0:cdf462088d13 | 6085 | return( 0 ); |
markrad | 0:cdf462088d13 | 6086 | } |
markrad | 0:cdf462088d13 | 6087 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
markrad | 0:cdf462088d13 | 6088 | |
markrad | 0:cdf462088d13 | 6089 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
markrad | 0:cdf462088d13 | 6090 | void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ) |
markrad | 0:cdf462088d13 | 6091 | { |
markrad | 0:cdf462088d13 | 6092 | conf->trunc_hmac = truncate; |
markrad | 0:cdf462088d13 | 6093 | } |
markrad | 0:cdf462088d13 | 6094 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
markrad | 0:cdf462088d13 | 6095 | |
markrad | 0:cdf462088d13 | 6096 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
markrad | 0:cdf462088d13 | 6097 | void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split ) |
markrad | 0:cdf462088d13 | 6098 | { |
markrad | 0:cdf462088d13 | 6099 | conf->cbc_record_splitting = split; |
markrad | 0:cdf462088d13 | 6100 | } |
markrad | 0:cdf462088d13 | 6101 | #endif |
markrad | 0:cdf462088d13 | 6102 | |
markrad | 0:cdf462088d13 | 6103 | void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ) |
markrad | 0:cdf462088d13 | 6104 | { |
markrad | 0:cdf462088d13 | 6105 | conf->allow_legacy_renegotiation = allow_legacy; |
markrad | 0:cdf462088d13 | 6106 | } |
markrad | 0:cdf462088d13 | 6107 | |
markrad | 0:cdf462088d13 | 6108 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 6109 | void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ) |
markrad | 0:cdf462088d13 | 6110 | { |
markrad | 0:cdf462088d13 | 6111 | conf->disable_renegotiation = renegotiation; |
markrad | 0:cdf462088d13 | 6112 | } |
markrad | 0:cdf462088d13 | 6113 | |
markrad | 0:cdf462088d13 | 6114 | void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ) |
markrad | 0:cdf462088d13 | 6115 | { |
markrad | 0:cdf462088d13 | 6116 | conf->renego_max_records = max_records; |
markrad | 0:cdf462088d13 | 6117 | } |
markrad | 0:cdf462088d13 | 6118 | |
markrad | 0:cdf462088d13 | 6119 | void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 6120 | const unsigned char period[8] ) |
markrad | 0:cdf462088d13 | 6121 | { |
markrad | 0:cdf462088d13 | 6122 | memcpy( conf->renego_period, period, 8 ); |
markrad | 0:cdf462088d13 | 6123 | } |
markrad | 0:cdf462088d13 | 6124 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
markrad | 0:cdf462088d13 | 6125 | |
markrad | 0:cdf462088d13 | 6126 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
markrad | 0:cdf462088d13 | 6127 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6128 | void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ) |
markrad | 0:cdf462088d13 | 6129 | { |
markrad | 0:cdf462088d13 | 6130 | conf->session_tickets = use_tickets; |
markrad | 0:cdf462088d13 | 6131 | } |
markrad | 0:cdf462088d13 | 6132 | #endif |
markrad | 0:cdf462088d13 | 6133 | |
markrad | 0:cdf462088d13 | 6134 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 6135 | void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 6136 | mbedtls_ssl_ticket_write_t *f_ticket_write, |
markrad | 0:cdf462088d13 | 6137 | mbedtls_ssl_ticket_parse_t *f_ticket_parse, |
markrad | 0:cdf462088d13 | 6138 | void *p_ticket ) |
markrad | 0:cdf462088d13 | 6139 | { |
markrad | 0:cdf462088d13 | 6140 | conf->f_ticket_write = f_ticket_write; |
markrad | 0:cdf462088d13 | 6141 | conf->f_ticket_parse = f_ticket_parse; |
markrad | 0:cdf462088d13 | 6142 | conf->p_ticket = p_ticket; |
markrad | 0:cdf462088d13 | 6143 | } |
markrad | 0:cdf462088d13 | 6144 | #endif |
markrad | 0:cdf462088d13 | 6145 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
markrad | 0:cdf462088d13 | 6146 | |
markrad | 0:cdf462088d13 | 6147 | #if defined(MBEDTLS_SSL_EXPORT_KEYS) |
markrad | 0:cdf462088d13 | 6148 | void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 6149 | mbedtls_ssl_export_keys_t *f_export_keys, |
markrad | 0:cdf462088d13 | 6150 | void *p_export_keys ) |
markrad | 0:cdf462088d13 | 6151 | { |
markrad | 0:cdf462088d13 | 6152 | conf->f_export_keys = f_export_keys; |
markrad | 0:cdf462088d13 | 6153 | conf->p_export_keys = p_export_keys; |
markrad | 0:cdf462088d13 | 6154 | } |
markrad | 0:cdf462088d13 | 6155 | #endif |
markrad | 0:cdf462088d13 | 6156 | |
markrad | 0:cdf462088d13 | 6157 | /* |
markrad | 0:cdf462088d13 | 6158 | * SSL get accessors |
markrad | 0:cdf462088d13 | 6159 | */ |
markrad | 0:cdf462088d13 | 6160 | size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6161 | { |
markrad | 0:cdf462088d13 | 6162 | return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 6163 | } |
markrad | 0:cdf462088d13 | 6164 | |
markrad | 0:cdf462088d13 | 6165 | uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6166 | { |
markrad | 0:cdf462088d13 | 6167 | if( ssl->session != NULL ) |
markrad | 0:cdf462088d13 | 6168 | return( ssl->session->verify_result ); |
markrad | 0:cdf462088d13 | 6169 | |
markrad | 0:cdf462088d13 | 6170 | if( ssl->session_negotiate != NULL ) |
markrad | 0:cdf462088d13 | 6171 | return( ssl->session_negotiate->verify_result ); |
markrad | 0:cdf462088d13 | 6172 | |
markrad | 0:cdf462088d13 | 6173 | return( 0xFFFFFFFF ); |
markrad | 0:cdf462088d13 | 6174 | } |
markrad | 0:cdf462088d13 | 6175 | |
markrad | 0:cdf462088d13 | 6176 | const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6177 | { |
markrad | 0:cdf462088d13 | 6178 | if( ssl == NULL || ssl->session == NULL ) |
markrad | 0:cdf462088d13 | 6179 | return( NULL ); |
markrad | 0:cdf462088d13 | 6180 | |
markrad | 0:cdf462088d13 | 6181 | return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite ); |
markrad | 0:cdf462088d13 | 6182 | } |
markrad | 0:cdf462088d13 | 6183 | |
markrad | 0:cdf462088d13 | 6184 | const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6185 | { |
markrad | 0:cdf462088d13 | 6186 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6187 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 6188 | { |
markrad | 0:cdf462088d13 | 6189 | switch( ssl->minor_ver ) |
markrad | 0:cdf462088d13 | 6190 | { |
markrad | 0:cdf462088d13 | 6191 | case MBEDTLS_SSL_MINOR_VERSION_2: |
markrad | 0:cdf462088d13 | 6192 | return( "DTLSv1.0" ); |
markrad | 0:cdf462088d13 | 6193 | |
markrad | 0:cdf462088d13 | 6194 | case MBEDTLS_SSL_MINOR_VERSION_3: |
markrad | 0:cdf462088d13 | 6195 | return( "DTLSv1.2" ); |
markrad | 0:cdf462088d13 | 6196 | |
markrad | 0:cdf462088d13 | 6197 | default: |
markrad | 0:cdf462088d13 | 6198 | return( "unknown (DTLS)" ); |
markrad | 0:cdf462088d13 | 6199 | } |
markrad | 0:cdf462088d13 | 6200 | } |
markrad | 0:cdf462088d13 | 6201 | #endif |
markrad | 0:cdf462088d13 | 6202 | |
markrad | 0:cdf462088d13 | 6203 | switch( ssl->minor_ver ) |
markrad | 0:cdf462088d13 | 6204 | { |
markrad | 0:cdf462088d13 | 6205 | case MBEDTLS_SSL_MINOR_VERSION_0: |
markrad | 0:cdf462088d13 | 6206 | return( "SSLv3.0" ); |
markrad | 0:cdf462088d13 | 6207 | |
markrad | 0:cdf462088d13 | 6208 | case MBEDTLS_SSL_MINOR_VERSION_1: |
markrad | 0:cdf462088d13 | 6209 | return( "TLSv1.0" ); |
markrad | 0:cdf462088d13 | 6210 | |
markrad | 0:cdf462088d13 | 6211 | case MBEDTLS_SSL_MINOR_VERSION_2: |
markrad | 0:cdf462088d13 | 6212 | return( "TLSv1.1" ); |
markrad | 0:cdf462088d13 | 6213 | |
markrad | 0:cdf462088d13 | 6214 | case MBEDTLS_SSL_MINOR_VERSION_3: |
markrad | 0:cdf462088d13 | 6215 | return( "TLSv1.2" ); |
markrad | 0:cdf462088d13 | 6216 | |
markrad | 0:cdf462088d13 | 6217 | default: |
markrad | 0:cdf462088d13 | 6218 | return( "unknown" ); |
markrad | 0:cdf462088d13 | 6219 | } |
markrad | 0:cdf462088d13 | 6220 | } |
markrad | 0:cdf462088d13 | 6221 | |
markrad | 0:cdf462088d13 | 6222 | int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6223 | { |
markrad | 0:cdf462088d13 | 6224 | size_t transform_expansion; |
markrad | 0:cdf462088d13 | 6225 | const mbedtls_ssl_transform *transform = ssl->transform_out; |
markrad | 0:cdf462088d13 | 6226 | |
markrad | 0:cdf462088d13 | 6227 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 6228 | if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL ) |
markrad | 0:cdf462088d13 | 6229 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 6230 | #endif |
markrad | 0:cdf462088d13 | 6231 | |
markrad | 0:cdf462088d13 | 6232 | if( transform == NULL ) |
markrad | 0:cdf462088d13 | 6233 | return( (int) mbedtls_ssl_hdr_len( ssl ) ); |
markrad | 0:cdf462088d13 | 6234 | |
markrad | 0:cdf462088d13 | 6235 | switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) ) |
markrad | 0:cdf462088d13 | 6236 | { |
markrad | 0:cdf462088d13 | 6237 | case MBEDTLS_MODE_GCM: |
markrad | 0:cdf462088d13 | 6238 | case MBEDTLS_MODE_CCM: |
markrad | 0:cdf462088d13 | 6239 | case MBEDTLS_MODE_STREAM: |
markrad | 0:cdf462088d13 | 6240 | transform_expansion = transform->minlen; |
markrad | 0:cdf462088d13 | 6241 | break; |
markrad | 0:cdf462088d13 | 6242 | |
markrad | 0:cdf462088d13 | 6243 | case MBEDTLS_MODE_CBC: |
markrad | 0:cdf462088d13 | 6244 | transform_expansion = transform->maclen |
markrad | 0:cdf462088d13 | 6245 | + mbedtls_cipher_get_block_size( &transform->cipher_ctx_enc ); |
markrad | 0:cdf462088d13 | 6246 | break; |
markrad | 0:cdf462088d13 | 6247 | |
markrad | 0:cdf462088d13 | 6248 | default: |
markrad | 0:cdf462088d13 | 6249 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 6250 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 6251 | } |
markrad | 0:cdf462088d13 | 6252 | |
markrad | 0:cdf462088d13 | 6253 | return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) ); |
markrad | 0:cdf462088d13 | 6254 | } |
markrad | 0:cdf462088d13 | 6255 | |
markrad | 0:cdf462088d13 | 6256 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
markrad | 0:cdf462088d13 | 6257 | size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6258 | { |
markrad | 0:cdf462088d13 | 6259 | size_t max_len; |
markrad | 0:cdf462088d13 | 6260 | |
markrad | 0:cdf462088d13 | 6261 | /* |
markrad | 0:cdf462088d13 | 6262 | * Assume mfl_code is correct since it was checked when set |
markrad | 0:cdf462088d13 | 6263 | */ |
markrad | 0:cdf462088d13 | 6264 | max_len = mfl_code_to_length[ssl->conf->mfl_code]; |
markrad | 0:cdf462088d13 | 6265 | |
markrad | 0:cdf462088d13 | 6266 | /* |
markrad | 0:cdf462088d13 | 6267 | * Check if a smaller max length was negotiated |
markrad | 0:cdf462088d13 | 6268 | */ |
markrad | 0:cdf462088d13 | 6269 | if( ssl->session_out != NULL && |
markrad | 0:cdf462088d13 | 6270 | mfl_code_to_length[ssl->session_out->mfl_code] < max_len ) |
markrad | 0:cdf462088d13 | 6271 | { |
markrad | 0:cdf462088d13 | 6272 | max_len = mfl_code_to_length[ssl->session_out->mfl_code]; |
markrad | 0:cdf462088d13 | 6273 | } |
markrad | 0:cdf462088d13 | 6274 | |
markrad | 0:cdf462088d13 | 6275 | return max_len; |
markrad | 0:cdf462088d13 | 6276 | } |
markrad | 0:cdf462088d13 | 6277 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
markrad | 0:cdf462088d13 | 6278 | |
markrad | 0:cdf462088d13 | 6279 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 6280 | const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6281 | { |
markrad | 0:cdf462088d13 | 6282 | if( ssl == NULL || ssl->session == NULL ) |
markrad | 0:cdf462088d13 | 6283 | return( NULL ); |
markrad | 0:cdf462088d13 | 6284 | |
markrad | 0:cdf462088d13 | 6285 | return( ssl->session->peer_cert ); |
markrad | 0:cdf462088d13 | 6286 | } |
markrad | 0:cdf462088d13 | 6287 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
markrad | 0:cdf462088d13 | 6288 | |
markrad | 0:cdf462088d13 | 6289 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6290 | int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *dst ) |
markrad | 0:cdf462088d13 | 6291 | { |
markrad | 0:cdf462088d13 | 6292 | if( ssl == NULL || |
markrad | 0:cdf462088d13 | 6293 | dst == NULL || |
markrad | 0:cdf462088d13 | 6294 | ssl->session == NULL || |
markrad | 0:cdf462088d13 | 6295 | ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 6296 | { |
markrad | 0:cdf462088d13 | 6297 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6298 | } |
markrad | 0:cdf462088d13 | 6299 | |
markrad | 0:cdf462088d13 | 6300 | return( ssl_session_copy( dst, ssl->session ) ); |
markrad | 0:cdf462088d13 | 6301 | } |
markrad | 0:cdf462088d13 | 6302 | #endif /* MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 6303 | |
markrad | 0:cdf462088d13 | 6304 | /* |
markrad | 0:cdf462088d13 | 6305 | * Perform a single step of the SSL handshake |
markrad | 0:cdf462088d13 | 6306 | */ |
markrad | 0:cdf462088d13 | 6307 | int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6308 | { |
markrad | 0:cdf462088d13 | 6309 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
markrad | 0:cdf462088d13 | 6310 | |
markrad | 0:cdf462088d13 | 6311 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 6312 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6313 | |
markrad | 0:cdf462088d13 | 6314 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6315 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 6316 | ret = mbedtls_ssl_handshake_client_step( ssl ); |
markrad | 0:cdf462088d13 | 6317 | #endif |
markrad | 0:cdf462088d13 | 6318 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 6319 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 6320 | ret = mbedtls_ssl_handshake_server_step( ssl ); |
markrad | 0:cdf462088d13 | 6321 | #endif |
markrad | 0:cdf462088d13 | 6322 | |
markrad | 0:cdf462088d13 | 6323 | return( ret ); |
markrad | 0:cdf462088d13 | 6324 | } |
markrad | 0:cdf462088d13 | 6325 | |
markrad | 0:cdf462088d13 | 6326 | /* |
markrad | 0:cdf462088d13 | 6327 | * Perform the SSL handshake |
markrad | 0:cdf462088d13 | 6328 | */ |
markrad | 0:cdf462088d13 | 6329 | int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6330 | { |
markrad | 0:cdf462088d13 | 6331 | int ret = 0; |
markrad | 0:cdf462088d13 | 6332 | |
markrad | 0:cdf462088d13 | 6333 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 6334 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6335 | |
markrad | 0:cdf462088d13 | 6336 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); |
markrad | 0:cdf462088d13 | 6337 | |
markrad | 0:cdf462088d13 | 6338 | while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 6339 | { |
markrad | 0:cdf462088d13 | 6340 | ret = mbedtls_ssl_handshake_step( ssl ); |
markrad | 0:cdf462088d13 | 6341 | |
markrad | 0:cdf462088d13 | 6342 | if( ret != 0 ) |
markrad | 0:cdf462088d13 | 6343 | break; |
markrad | 0:cdf462088d13 | 6344 | } |
markrad | 0:cdf462088d13 | 6345 | |
markrad | 0:cdf462088d13 | 6346 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) ); |
markrad | 0:cdf462088d13 | 6347 | |
markrad | 0:cdf462088d13 | 6348 | return( ret ); |
markrad | 0:cdf462088d13 | 6349 | } |
markrad | 0:cdf462088d13 | 6350 | |
markrad | 0:cdf462088d13 | 6351 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 6352 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 6353 | /* |
markrad | 0:cdf462088d13 | 6354 | * Write HelloRequest to request renegotiation on server |
markrad | 0:cdf462088d13 | 6355 | */ |
markrad | 0:cdf462088d13 | 6356 | static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6357 | { |
markrad | 0:cdf462088d13 | 6358 | int ret; |
markrad | 0:cdf462088d13 | 6359 | |
markrad | 0:cdf462088d13 | 6360 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) ); |
markrad | 0:cdf462088d13 | 6361 | |
markrad | 0:cdf462088d13 | 6362 | ssl->out_msglen = 4; |
markrad | 0:cdf462088d13 | 6363 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
markrad | 0:cdf462088d13 | 6364 | ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; |
markrad | 0:cdf462088d13 | 6365 | |
markrad | 0:cdf462088d13 | 6366 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6367 | { |
markrad | 0:cdf462088d13 | 6368 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 6369 | return( ret ); |
markrad | 0:cdf462088d13 | 6370 | } |
markrad | 0:cdf462088d13 | 6371 | |
markrad | 0:cdf462088d13 | 6372 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) ); |
markrad | 0:cdf462088d13 | 6373 | |
markrad | 0:cdf462088d13 | 6374 | return( 0 ); |
markrad | 0:cdf462088d13 | 6375 | } |
markrad | 0:cdf462088d13 | 6376 | #endif /* MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 6377 | |
markrad | 0:cdf462088d13 | 6378 | /* |
markrad | 0:cdf462088d13 | 6379 | * Actually renegotiate current connection, triggered by either: |
markrad | 0:cdf462088d13 | 6380 | * - any side: calling mbedtls_ssl_renegotiate(), |
markrad | 0:cdf462088d13 | 6381 | * - client: receiving a HelloRequest during mbedtls_ssl_read(), |
markrad | 0:cdf462088d13 | 6382 | * - server: receiving any handshake message on server during mbedtls_ssl_read() after |
markrad | 0:cdf462088d13 | 6383 | * the initial handshake is completed. |
markrad | 0:cdf462088d13 | 6384 | * If the handshake doesn't complete due to waiting for I/O, it will continue |
markrad | 0:cdf462088d13 | 6385 | * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively. |
markrad | 0:cdf462088d13 | 6386 | */ |
markrad | 0:cdf462088d13 | 6387 | static int ssl_start_renegotiation( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6388 | { |
markrad | 0:cdf462088d13 | 6389 | int ret; |
markrad | 0:cdf462088d13 | 6390 | |
markrad | 0:cdf462088d13 | 6391 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) ); |
markrad | 0:cdf462088d13 | 6392 | |
markrad | 0:cdf462088d13 | 6393 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6394 | return( ret ); |
markrad | 0:cdf462088d13 | 6395 | |
markrad | 0:cdf462088d13 | 6396 | /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and |
markrad | 0:cdf462088d13 | 6397 | * the ServerHello will have message_seq = 1" */ |
markrad | 0:cdf462088d13 | 6398 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6399 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 6400 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
markrad | 0:cdf462088d13 | 6401 | { |
markrad | 0:cdf462088d13 | 6402 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 6403 | ssl->handshake->out_msg_seq = 1; |
markrad | 0:cdf462088d13 | 6404 | else |
markrad | 0:cdf462088d13 | 6405 | ssl->handshake->in_msg_seq = 1; |
markrad | 0:cdf462088d13 | 6406 | } |
markrad | 0:cdf462088d13 | 6407 | #endif |
markrad | 0:cdf462088d13 | 6408 | |
markrad | 0:cdf462088d13 | 6409 | ssl->state = MBEDTLS_SSL_HELLO_REQUEST; |
markrad | 0:cdf462088d13 | 6410 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; |
markrad | 0:cdf462088d13 | 6411 | |
markrad | 0:cdf462088d13 | 6412 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6413 | { |
markrad | 0:cdf462088d13 | 6414 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
markrad | 0:cdf462088d13 | 6415 | return( ret ); |
markrad | 0:cdf462088d13 | 6416 | } |
markrad | 0:cdf462088d13 | 6417 | |
markrad | 0:cdf462088d13 | 6418 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) ); |
markrad | 0:cdf462088d13 | 6419 | |
markrad | 0:cdf462088d13 | 6420 | return( 0 ); |
markrad | 0:cdf462088d13 | 6421 | } |
markrad | 0:cdf462088d13 | 6422 | |
markrad | 0:cdf462088d13 | 6423 | /* |
markrad | 0:cdf462088d13 | 6424 | * Renegotiate current connection on client, |
markrad | 0:cdf462088d13 | 6425 | * or request renegotiation on server |
markrad | 0:cdf462088d13 | 6426 | */ |
markrad | 0:cdf462088d13 | 6427 | int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6428 | { |
markrad | 0:cdf462088d13 | 6429 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
markrad | 0:cdf462088d13 | 6430 | |
markrad | 0:cdf462088d13 | 6431 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 6432 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6433 | |
markrad | 0:cdf462088d13 | 6434 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 6435 | /* On server, just send the request */ |
markrad | 0:cdf462088d13 | 6436 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 6437 | { |
markrad | 0:cdf462088d13 | 6438 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 6439 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6440 | |
markrad | 0:cdf462088d13 | 6441 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; |
markrad | 0:cdf462088d13 | 6442 | |
markrad | 0:cdf462088d13 | 6443 | /* Did we already try/start sending HelloRequest? */ |
markrad | 0:cdf462088d13 | 6444 | if( ssl->out_left != 0 ) |
markrad | 0:cdf462088d13 | 6445 | return( mbedtls_ssl_flush_output( ssl ) ); |
markrad | 0:cdf462088d13 | 6446 | |
markrad | 0:cdf462088d13 | 6447 | return( ssl_write_hello_request( ssl ) ); |
markrad | 0:cdf462088d13 | 6448 | } |
markrad | 0:cdf462088d13 | 6449 | #endif /* MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 6450 | |
markrad | 0:cdf462088d13 | 6451 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6452 | /* |
markrad | 0:cdf462088d13 | 6453 | * On client, either start the renegotiation process or, |
markrad | 0:cdf462088d13 | 6454 | * if already in progress, continue the handshake |
markrad | 0:cdf462088d13 | 6455 | */ |
markrad | 0:cdf462088d13 | 6456 | if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
markrad | 0:cdf462088d13 | 6457 | { |
markrad | 0:cdf462088d13 | 6458 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 6459 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6460 | |
markrad | 0:cdf462088d13 | 6461 | if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6462 | { |
markrad | 0:cdf462088d13 | 6463 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); |
markrad | 0:cdf462088d13 | 6464 | return( ret ); |
markrad | 0:cdf462088d13 | 6465 | } |
markrad | 0:cdf462088d13 | 6466 | } |
markrad | 0:cdf462088d13 | 6467 | else |
markrad | 0:cdf462088d13 | 6468 | { |
markrad | 0:cdf462088d13 | 6469 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6470 | { |
markrad | 0:cdf462088d13 | 6471 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
markrad | 0:cdf462088d13 | 6472 | return( ret ); |
markrad | 0:cdf462088d13 | 6473 | } |
markrad | 0:cdf462088d13 | 6474 | } |
markrad | 0:cdf462088d13 | 6475 | #endif /* MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 6476 | |
markrad | 0:cdf462088d13 | 6477 | return( ret ); |
markrad | 0:cdf462088d13 | 6478 | } |
markrad | 0:cdf462088d13 | 6479 | |
markrad | 0:cdf462088d13 | 6480 | /* |
markrad | 0:cdf462088d13 | 6481 | * Check record counters and renegotiate if they're above the limit. |
markrad | 0:cdf462088d13 | 6482 | */ |
markrad | 0:cdf462088d13 | 6483 | static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6484 | { |
Jasper Wallace |
1:9ebc941037d5 | 6485 | size_t ep_len = ssl_ep_len( ssl ); |
Jasper Wallace |
1:9ebc941037d5 | 6486 | int in_ctr_cmp; |
Jasper Wallace |
1:9ebc941037d5 | 6487 | int out_ctr_cmp; |
Jasper Wallace |
1:9ebc941037d5 | 6488 | |
markrad | 0:cdf462088d13 | 6489 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || |
markrad | 0:cdf462088d13 | 6490 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || |
markrad | 0:cdf462088d13 | 6491 | ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) |
markrad | 0:cdf462088d13 | 6492 | { |
markrad | 0:cdf462088d13 | 6493 | return( 0 ); |
markrad | 0:cdf462088d13 | 6494 | } |
markrad | 0:cdf462088d13 | 6495 | |
Jasper Wallace |
1:9ebc941037d5 | 6496 | in_ctr_cmp = memcmp( ssl->in_ctr + ep_len, |
Jasper Wallace |
1:9ebc941037d5 | 6497 | ssl->conf->renego_period + ep_len, 8 - ep_len ); |
Jasper Wallace |
1:9ebc941037d5 | 6498 | out_ctr_cmp = memcmp( ssl->out_ctr + ep_len, |
Jasper Wallace |
1:9ebc941037d5 | 6499 | ssl->conf->renego_period + ep_len, 8 - ep_len ); |
Jasper Wallace |
1:9ebc941037d5 | 6500 | |
Jasper Wallace |
1:9ebc941037d5 | 6501 | if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 ) |
markrad | 0:cdf462088d13 | 6502 | { |
markrad | 0:cdf462088d13 | 6503 | return( 0 ); |
markrad | 0:cdf462088d13 | 6504 | } |
markrad | 0:cdf462088d13 | 6505 | |
markrad | 0:cdf462088d13 | 6506 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) ); |
markrad | 0:cdf462088d13 | 6507 | return( mbedtls_ssl_renegotiate( ssl ) ); |
markrad | 0:cdf462088d13 | 6508 | } |
markrad | 0:cdf462088d13 | 6509 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
markrad | 0:cdf462088d13 | 6510 | |
markrad | 0:cdf462088d13 | 6511 | /* |
markrad | 0:cdf462088d13 | 6512 | * Receive application data decrypted from the SSL layer |
markrad | 0:cdf462088d13 | 6513 | */ |
markrad | 0:cdf462088d13 | 6514 | int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 6515 | { |
markrad | 0:cdf462088d13 | 6516 | int ret, record_read = 0; |
markrad | 0:cdf462088d13 | 6517 | size_t n; |
markrad | 0:cdf462088d13 | 6518 | |
markrad | 0:cdf462088d13 | 6519 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 6520 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6521 | |
markrad | 0:cdf462088d13 | 6522 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) ); |
markrad | 0:cdf462088d13 | 6523 | |
markrad | 0:cdf462088d13 | 6524 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6525 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 6526 | { |
markrad | 0:cdf462088d13 | 6527 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6528 | return( ret ); |
markrad | 0:cdf462088d13 | 6529 | |
markrad | 0:cdf462088d13 | 6530 | if( ssl->handshake != NULL && |
markrad | 0:cdf462088d13 | 6531 | ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) |
markrad | 0:cdf462088d13 | 6532 | { |
markrad | 0:cdf462088d13 | 6533 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6534 | return( ret ); |
markrad | 0:cdf462088d13 | 6535 | } |
markrad | 0:cdf462088d13 | 6536 | } |
markrad | 0:cdf462088d13 | 6537 | #endif |
markrad | 0:cdf462088d13 | 6538 | |
markrad | 0:cdf462088d13 | 6539 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 6540 | if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6541 | { |
markrad | 0:cdf462088d13 | 6542 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); |
markrad | 0:cdf462088d13 | 6543 | return( ret ); |
markrad | 0:cdf462088d13 | 6544 | } |
markrad | 0:cdf462088d13 | 6545 | #endif |
markrad | 0:cdf462088d13 | 6546 | |
markrad | 0:cdf462088d13 | 6547 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 6548 | { |
markrad | 0:cdf462088d13 | 6549 | ret = mbedtls_ssl_handshake( ssl ); |
markrad | 0:cdf462088d13 | 6550 | if( ret == MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO ) |
markrad | 0:cdf462088d13 | 6551 | { |
markrad | 0:cdf462088d13 | 6552 | record_read = 1; |
markrad | 0:cdf462088d13 | 6553 | } |
markrad | 0:cdf462088d13 | 6554 | else if( ret != 0 ) |
markrad | 0:cdf462088d13 | 6555 | { |
markrad | 0:cdf462088d13 | 6556 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
markrad | 0:cdf462088d13 | 6557 | return( ret ); |
markrad | 0:cdf462088d13 | 6558 | } |
markrad | 0:cdf462088d13 | 6559 | } |
markrad | 0:cdf462088d13 | 6560 | |
markrad | 0:cdf462088d13 | 6561 | if( ssl->in_offt == NULL ) |
markrad | 0:cdf462088d13 | 6562 | { |
markrad | 0:cdf462088d13 | 6563 | /* Start timer if not already running */ |
markrad | 0:cdf462088d13 | 6564 | if( ssl->f_get_timer != NULL && |
markrad | 0:cdf462088d13 | 6565 | ssl->f_get_timer( ssl->p_timer ) == -1 ) |
markrad | 0:cdf462088d13 | 6566 | { |
markrad | 0:cdf462088d13 | 6567 | ssl_set_timer( ssl, ssl->conf->read_timeout ); |
markrad | 0:cdf462088d13 | 6568 | } |
markrad | 0:cdf462088d13 | 6569 | |
markrad | 0:cdf462088d13 | 6570 | if( ! record_read ) |
markrad | 0:cdf462088d13 | 6571 | { |
markrad | 0:cdf462088d13 | 6572 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6573 | { |
markrad | 0:cdf462088d13 | 6574 | if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) |
markrad | 0:cdf462088d13 | 6575 | return( 0 ); |
markrad | 0:cdf462088d13 | 6576 | |
markrad | 0:cdf462088d13 | 6577 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
markrad | 0:cdf462088d13 | 6578 | return( ret ); |
markrad | 0:cdf462088d13 | 6579 | } |
markrad | 0:cdf462088d13 | 6580 | } |
markrad | 0:cdf462088d13 | 6581 | |
markrad | 0:cdf462088d13 | 6582 | if( ssl->in_msglen == 0 && |
markrad | 0:cdf462088d13 | 6583 | ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
markrad | 0:cdf462088d13 | 6584 | { |
markrad | 0:cdf462088d13 | 6585 | /* |
markrad | 0:cdf462088d13 | 6586 | * OpenSSL sends empty messages to randomize the IV |
markrad | 0:cdf462088d13 | 6587 | */ |
markrad | 0:cdf462088d13 | 6588 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6589 | { |
markrad | 0:cdf462088d13 | 6590 | if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) |
markrad | 0:cdf462088d13 | 6591 | return( 0 ); |
markrad | 0:cdf462088d13 | 6592 | |
markrad | 0:cdf462088d13 | 6593 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
markrad | 0:cdf462088d13 | 6594 | return( ret ); |
markrad | 0:cdf462088d13 | 6595 | } |
markrad | 0:cdf462088d13 | 6596 | } |
markrad | 0:cdf462088d13 | 6597 | |
markrad | 0:cdf462088d13 | 6598 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 6599 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
markrad | 0:cdf462088d13 | 6600 | { |
markrad | 0:cdf462088d13 | 6601 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) ); |
markrad | 0:cdf462088d13 | 6602 | |
markrad | 0:cdf462088d13 | 6603 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6604 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && |
markrad | 0:cdf462088d13 | 6605 | ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST || |
markrad | 0:cdf462088d13 | 6606 | ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) ) |
markrad | 0:cdf462088d13 | 6607 | { |
markrad | 0:cdf462088d13 | 6608 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) ); |
markrad | 0:cdf462088d13 | 6609 | |
markrad | 0:cdf462088d13 | 6610 | /* With DTLS, drop the packet (probably from last handshake) */ |
markrad | 0:cdf462088d13 | 6611 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6612 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 6613 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 6614 | #endif |
markrad | 0:cdf462088d13 | 6615 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 6616 | } |
markrad | 0:cdf462088d13 | 6617 | |
markrad | 0:cdf462088d13 | 6618 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 6619 | ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) |
markrad | 0:cdf462088d13 | 6620 | { |
markrad | 0:cdf462088d13 | 6621 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) ); |
markrad | 0:cdf462088d13 | 6622 | |
markrad | 0:cdf462088d13 | 6623 | /* With DTLS, drop the packet (probably from last handshake) */ |
markrad | 0:cdf462088d13 | 6624 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6625 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 6626 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 6627 | #endif |
markrad | 0:cdf462088d13 | 6628 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 6629 | } |
markrad | 0:cdf462088d13 | 6630 | #endif |
markrad | 0:cdf462088d13 | 6631 | |
markrad | 0:cdf462088d13 | 6632 | if( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || |
markrad | 0:cdf462088d13 | 6633 | ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && |
markrad | 0:cdf462088d13 | 6634 | ssl->conf->allow_legacy_renegotiation == |
markrad | 0:cdf462088d13 | 6635 | MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) |
markrad | 0:cdf462088d13 | 6636 | { |
markrad | 0:cdf462088d13 | 6637 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) ); |
markrad | 0:cdf462088d13 | 6638 | |
markrad | 0:cdf462088d13 | 6639 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 6640 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 6641 | { |
markrad | 0:cdf462088d13 | 6642 | /* |
markrad | 0:cdf462088d13 | 6643 | * SSLv3 does not have a "no_renegotiation" alert |
markrad | 0:cdf462088d13 | 6644 | */ |
markrad | 0:cdf462088d13 | 6645 | if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6646 | return( ret ); |
markrad | 0:cdf462088d13 | 6647 | } |
markrad | 0:cdf462088d13 | 6648 | else |
markrad | 0:cdf462088d13 | 6649 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 6650 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 6651 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 6652 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
markrad | 0:cdf462088d13 | 6653 | { |
markrad | 0:cdf462088d13 | 6654 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
markrad | 0:cdf462088d13 | 6655 | MBEDTLS_SSL_ALERT_LEVEL_WARNING, |
markrad | 0:cdf462088d13 | 6656 | MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6657 | { |
markrad | 0:cdf462088d13 | 6658 | return( ret ); |
markrad | 0:cdf462088d13 | 6659 | } |
markrad | 0:cdf462088d13 | 6660 | } |
markrad | 0:cdf462088d13 | 6661 | else |
markrad | 0:cdf462088d13 | 6662 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || |
markrad | 0:cdf462088d13 | 6663 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 6664 | { |
markrad | 0:cdf462088d13 | 6665 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 6666 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 6667 | } |
markrad | 0:cdf462088d13 | 6668 | } |
markrad | 0:cdf462088d13 | 6669 | else |
markrad | 0:cdf462088d13 | 6670 | { |
markrad | 0:cdf462088d13 | 6671 | /* DTLS clients need to know renego is server-initiated */ |
markrad | 0:cdf462088d13 | 6672 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6673 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 6674 | ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 6675 | { |
markrad | 0:cdf462088d13 | 6676 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; |
markrad | 0:cdf462088d13 | 6677 | } |
markrad | 0:cdf462088d13 | 6678 | #endif |
markrad | 0:cdf462088d13 | 6679 | ret = ssl_start_renegotiation( ssl ); |
markrad | 0:cdf462088d13 | 6680 | if( ret == MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO ) |
markrad | 0:cdf462088d13 | 6681 | { |
markrad | 0:cdf462088d13 | 6682 | record_read = 1; |
markrad | 0:cdf462088d13 | 6683 | } |
markrad | 0:cdf462088d13 | 6684 | else if( ret != 0 ) |
markrad | 0:cdf462088d13 | 6685 | { |
markrad | 0:cdf462088d13 | 6686 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); |
markrad | 0:cdf462088d13 | 6687 | return( ret ); |
markrad | 0:cdf462088d13 | 6688 | } |
markrad | 0:cdf462088d13 | 6689 | } |
markrad | 0:cdf462088d13 | 6690 | |
markrad | 0:cdf462088d13 | 6691 | /* If a non-handshake record was read during renego, fallthrough, |
markrad | 0:cdf462088d13 | 6692 | * else tell the user they should call mbedtls_ssl_read() again */ |
markrad | 0:cdf462088d13 | 6693 | if( ! record_read ) |
markrad | 0:cdf462088d13 | 6694 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 6695 | } |
markrad | 0:cdf462088d13 | 6696 | else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
markrad | 0:cdf462088d13 | 6697 | { |
markrad | 0:cdf462088d13 | 6698 | |
markrad | 0:cdf462088d13 | 6699 | if( ssl->conf->renego_max_records >= 0 ) |
markrad | 0:cdf462088d13 | 6700 | { |
markrad | 0:cdf462088d13 | 6701 | if( ++ssl->renego_records_seen > ssl->conf->renego_max_records ) |
markrad | 0:cdf462088d13 | 6702 | { |
markrad | 0:cdf462088d13 | 6703 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, " |
markrad | 0:cdf462088d13 | 6704 | "but not honored by client" ) ); |
markrad | 0:cdf462088d13 | 6705 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 6706 | } |
markrad | 0:cdf462088d13 | 6707 | } |
markrad | 0:cdf462088d13 | 6708 | } |
markrad | 0:cdf462088d13 | 6709 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
markrad | 0:cdf462088d13 | 6710 | |
markrad | 0:cdf462088d13 | 6711 | /* Fatal and closure alerts handled by mbedtls_ssl_read_record() */ |
markrad | 0:cdf462088d13 | 6712 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) |
markrad | 0:cdf462088d13 | 6713 | { |
markrad | 0:cdf462088d13 | 6714 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) ); |
markrad | 0:cdf462088d13 | 6715 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 6716 | } |
markrad | 0:cdf462088d13 | 6717 | |
markrad | 0:cdf462088d13 | 6718 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
markrad | 0:cdf462088d13 | 6719 | { |
markrad | 0:cdf462088d13 | 6720 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) ); |
markrad | 0:cdf462088d13 | 6721 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 6722 | } |
markrad | 0:cdf462088d13 | 6723 | |
markrad | 0:cdf462088d13 | 6724 | ssl->in_offt = ssl->in_msg; |
markrad | 0:cdf462088d13 | 6725 | |
markrad | 0:cdf462088d13 | 6726 | /* We're going to return something now, cancel timer, |
markrad | 0:cdf462088d13 | 6727 | * except if handshake (renegotiation) is in progress */ |
markrad | 0:cdf462088d13 | 6728 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 6729 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 6730 | |
markrad | 0:cdf462088d13 | 6731 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6732 | /* If we requested renego but received AppData, resend HelloRequest. |
markrad | 0:cdf462088d13 | 6733 | * Do it now, after setting in_offt, to avoid taking this branch |
markrad | 0:cdf462088d13 | 6734 | * again if ssl_write_hello_request() returns WANT_WRITE */ |
markrad | 0:cdf462088d13 | 6735 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 6736 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 6737 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
markrad | 0:cdf462088d13 | 6738 | { |
markrad | 0:cdf462088d13 | 6739 | if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6740 | { |
markrad | 0:cdf462088d13 | 6741 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret ); |
markrad | 0:cdf462088d13 | 6742 | return( ret ); |
markrad | 0:cdf462088d13 | 6743 | } |
markrad | 0:cdf462088d13 | 6744 | } |
markrad | 0:cdf462088d13 | 6745 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
markrad | 0:cdf462088d13 | 6746 | #endif |
markrad | 0:cdf462088d13 | 6747 | } |
markrad | 0:cdf462088d13 | 6748 | |
markrad | 0:cdf462088d13 | 6749 | n = ( len < ssl->in_msglen ) |
markrad | 0:cdf462088d13 | 6750 | ? len : ssl->in_msglen; |
markrad | 0:cdf462088d13 | 6751 | |
markrad | 0:cdf462088d13 | 6752 | memcpy( buf, ssl->in_offt, n ); |
markrad | 0:cdf462088d13 | 6753 | ssl->in_msglen -= n; |
markrad | 0:cdf462088d13 | 6754 | |
markrad | 0:cdf462088d13 | 6755 | if( ssl->in_msglen == 0 ) |
markrad | 0:cdf462088d13 | 6756 | /* all bytes consumed */ |
markrad | 0:cdf462088d13 | 6757 | ssl->in_offt = NULL; |
markrad | 0:cdf462088d13 | 6758 | else |
markrad | 0:cdf462088d13 | 6759 | /* more data available */ |
markrad | 0:cdf462088d13 | 6760 | ssl->in_offt += n; |
markrad | 0:cdf462088d13 | 6761 | |
markrad | 0:cdf462088d13 | 6762 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) ); |
markrad | 0:cdf462088d13 | 6763 | |
markrad | 0:cdf462088d13 | 6764 | return( (int) n ); |
markrad | 0:cdf462088d13 | 6765 | } |
markrad | 0:cdf462088d13 | 6766 | |
markrad | 0:cdf462088d13 | 6767 | /* |
markrad | 0:cdf462088d13 | 6768 | * Send application data to be encrypted by the SSL layer, |
markrad | 0:cdf462088d13 | 6769 | * taking care of max fragment length and buffer size |
markrad | 0:cdf462088d13 | 6770 | */ |
markrad | 0:cdf462088d13 | 6771 | static int ssl_write_real( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 6772 | const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 6773 | { |
markrad | 0:cdf462088d13 | 6774 | int ret; |
markrad | 0:cdf462088d13 | 6775 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
markrad | 0:cdf462088d13 | 6776 | size_t max_len = mbedtls_ssl_get_max_frag_len( ssl ); |
markrad | 0:cdf462088d13 | 6777 | |
markrad | 0:cdf462088d13 | 6778 | if( len > max_len ) |
markrad | 0:cdf462088d13 | 6779 | { |
markrad | 0:cdf462088d13 | 6780 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6781 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 6782 | { |
markrad | 0:cdf462088d13 | 6783 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) " |
markrad | 0:cdf462088d13 | 6784 | "maximum fragment length: %d > %d", |
markrad | 0:cdf462088d13 | 6785 | len, max_len ) ); |
markrad | 0:cdf462088d13 | 6786 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6787 | } |
markrad | 0:cdf462088d13 | 6788 | else |
markrad | 0:cdf462088d13 | 6789 | #endif |
markrad | 0:cdf462088d13 | 6790 | len = max_len; |
markrad | 0:cdf462088d13 | 6791 | } |
markrad | 0:cdf462088d13 | 6792 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
markrad | 0:cdf462088d13 | 6793 | |
markrad | 0:cdf462088d13 | 6794 | if( ssl->out_left != 0 ) |
markrad | 0:cdf462088d13 | 6795 | { |
markrad | 0:cdf462088d13 | 6796 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6797 | { |
markrad | 0:cdf462088d13 | 6798 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); |
markrad | 0:cdf462088d13 | 6799 | return( ret ); |
markrad | 0:cdf462088d13 | 6800 | } |
markrad | 0:cdf462088d13 | 6801 | } |
markrad | 0:cdf462088d13 | 6802 | else |
markrad | 0:cdf462088d13 | 6803 | { |
markrad | 0:cdf462088d13 | 6804 | ssl->out_msglen = len; |
markrad | 0:cdf462088d13 | 6805 | ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; |
markrad | 0:cdf462088d13 | 6806 | memcpy( ssl->out_msg, buf, len ); |
markrad | 0:cdf462088d13 | 6807 | |
markrad | 0:cdf462088d13 | 6808 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6809 | { |
markrad | 0:cdf462088d13 | 6810 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 6811 | return( ret ); |
markrad | 0:cdf462088d13 | 6812 | } |
markrad | 0:cdf462088d13 | 6813 | } |
markrad | 0:cdf462088d13 | 6814 | |
markrad | 0:cdf462088d13 | 6815 | return( (int) len ); |
markrad | 0:cdf462088d13 | 6816 | } |
markrad | 0:cdf462088d13 | 6817 | |
markrad | 0:cdf462088d13 | 6818 | /* |
markrad | 0:cdf462088d13 | 6819 | * Write application data, doing 1/n-1 splitting if necessary. |
markrad | 0:cdf462088d13 | 6820 | * |
markrad | 0:cdf462088d13 | 6821 | * With non-blocking I/O, ssl_write_real() may return WANT_WRITE, |
markrad | 0:cdf462088d13 | 6822 | * then the caller will call us again with the same arguments, so |
markrad | 0:cdf462088d13 | 6823 | * remember wether we already did the split or not. |
markrad | 0:cdf462088d13 | 6824 | */ |
markrad | 0:cdf462088d13 | 6825 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
markrad | 0:cdf462088d13 | 6826 | static int ssl_write_split( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 6827 | const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 6828 | { |
markrad | 0:cdf462088d13 | 6829 | int ret; |
markrad | 0:cdf462088d13 | 6830 | |
markrad | 0:cdf462088d13 | 6831 | if( ssl->conf->cbc_record_splitting == |
markrad | 0:cdf462088d13 | 6832 | MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || |
markrad | 0:cdf462088d13 | 6833 | len <= 1 || |
markrad | 0:cdf462088d13 | 6834 | ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 || |
markrad | 0:cdf462088d13 | 6835 | mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ) |
markrad | 0:cdf462088d13 | 6836 | != MBEDTLS_MODE_CBC ) |
markrad | 0:cdf462088d13 | 6837 | { |
markrad | 0:cdf462088d13 | 6838 | return( ssl_write_real( ssl, buf, len ) ); |
markrad | 0:cdf462088d13 | 6839 | } |
markrad | 0:cdf462088d13 | 6840 | |
markrad | 0:cdf462088d13 | 6841 | if( ssl->split_done == 0 ) |
markrad | 0:cdf462088d13 | 6842 | { |
markrad | 0:cdf462088d13 | 6843 | if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 ) |
markrad | 0:cdf462088d13 | 6844 | return( ret ); |
markrad | 0:cdf462088d13 | 6845 | ssl->split_done = 1; |
markrad | 0:cdf462088d13 | 6846 | } |
markrad | 0:cdf462088d13 | 6847 | |
markrad | 0:cdf462088d13 | 6848 | if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 ) |
markrad | 0:cdf462088d13 | 6849 | return( ret ); |
markrad | 0:cdf462088d13 | 6850 | ssl->split_done = 0; |
markrad | 0:cdf462088d13 | 6851 | |
markrad | 0:cdf462088d13 | 6852 | return( ret + 1 ); |
markrad | 0:cdf462088d13 | 6853 | } |
markrad | 0:cdf462088d13 | 6854 | #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ |
markrad | 0:cdf462088d13 | 6855 | |
markrad | 0:cdf462088d13 | 6856 | /* |
markrad | 0:cdf462088d13 | 6857 | * Write application data (public-facing wrapper) |
markrad | 0:cdf462088d13 | 6858 | */ |
markrad | 0:cdf462088d13 | 6859 | int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 6860 | { |
markrad | 0:cdf462088d13 | 6861 | int ret; |
markrad | 0:cdf462088d13 | 6862 | |
markrad | 0:cdf462088d13 | 6863 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) ); |
markrad | 0:cdf462088d13 | 6864 | |
markrad | 0:cdf462088d13 | 6865 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 6866 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6867 | |
markrad | 0:cdf462088d13 | 6868 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 6869 | if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6870 | { |
markrad | 0:cdf462088d13 | 6871 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); |
markrad | 0:cdf462088d13 | 6872 | return( ret ); |
markrad | 0:cdf462088d13 | 6873 | } |
markrad | 0:cdf462088d13 | 6874 | #endif |
markrad | 0:cdf462088d13 | 6875 | |
markrad | 0:cdf462088d13 | 6876 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 6877 | { |
markrad | 0:cdf462088d13 | 6878 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6879 | { |
markrad | 0:cdf462088d13 | 6880 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
markrad | 0:cdf462088d13 | 6881 | return( ret ); |
markrad | 0:cdf462088d13 | 6882 | } |
markrad | 0:cdf462088d13 | 6883 | } |
markrad | 0:cdf462088d13 | 6884 | |
markrad | 0:cdf462088d13 | 6885 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
markrad | 0:cdf462088d13 | 6886 | ret = ssl_write_split( ssl, buf, len ); |
markrad | 0:cdf462088d13 | 6887 | #else |
markrad | 0:cdf462088d13 | 6888 | ret = ssl_write_real( ssl, buf, len ); |
markrad | 0:cdf462088d13 | 6889 | #endif |
markrad | 0:cdf462088d13 | 6890 | |
markrad | 0:cdf462088d13 | 6891 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) ); |
markrad | 0:cdf462088d13 | 6892 | |
markrad | 0:cdf462088d13 | 6893 | return( ret ); |
markrad | 0:cdf462088d13 | 6894 | } |
markrad | 0:cdf462088d13 | 6895 | |
markrad | 0:cdf462088d13 | 6896 | /* |
markrad | 0:cdf462088d13 | 6897 | * Notify the peer that the connection is being closed |
markrad | 0:cdf462088d13 | 6898 | */ |
markrad | 0:cdf462088d13 | 6899 | int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6900 | { |
markrad | 0:cdf462088d13 | 6901 | int ret; |
markrad | 0:cdf462088d13 | 6902 | |
markrad | 0:cdf462088d13 | 6903 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 6904 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6905 | |
markrad | 0:cdf462088d13 | 6906 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); |
markrad | 0:cdf462088d13 | 6907 | |
markrad | 0:cdf462088d13 | 6908 | if( ssl->out_left != 0 ) |
markrad | 0:cdf462088d13 | 6909 | return( mbedtls_ssl_flush_output( ssl ) ); |
markrad | 0:cdf462088d13 | 6910 | |
markrad | 0:cdf462088d13 | 6911 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 6912 | { |
markrad | 0:cdf462088d13 | 6913 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
markrad | 0:cdf462088d13 | 6914 | MBEDTLS_SSL_ALERT_LEVEL_WARNING, |
markrad | 0:cdf462088d13 | 6915 | MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6916 | { |
markrad | 0:cdf462088d13 | 6917 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret ); |
markrad | 0:cdf462088d13 | 6918 | return( ret ); |
markrad | 0:cdf462088d13 | 6919 | } |
markrad | 0:cdf462088d13 | 6920 | } |
markrad | 0:cdf462088d13 | 6921 | |
markrad | 0:cdf462088d13 | 6922 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) ); |
markrad | 0:cdf462088d13 | 6923 | |
markrad | 0:cdf462088d13 | 6924 | return( 0 ); |
markrad | 0:cdf462088d13 | 6925 | } |
markrad | 0:cdf462088d13 | 6926 | |
markrad | 0:cdf462088d13 | 6927 | void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) |
markrad | 0:cdf462088d13 | 6928 | { |
markrad | 0:cdf462088d13 | 6929 | if( transform == NULL ) |
markrad | 0:cdf462088d13 | 6930 | return; |
markrad | 0:cdf462088d13 | 6931 | |
markrad | 0:cdf462088d13 | 6932 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 6933 | deflateEnd( &transform->ctx_deflate ); |
markrad | 0:cdf462088d13 | 6934 | inflateEnd( &transform->ctx_inflate ); |
markrad | 0:cdf462088d13 | 6935 | #endif |
markrad | 0:cdf462088d13 | 6936 | |
markrad | 0:cdf462088d13 | 6937 | mbedtls_cipher_free( &transform->cipher_ctx_enc ); |
markrad | 0:cdf462088d13 | 6938 | mbedtls_cipher_free( &transform->cipher_ctx_dec ); |
markrad | 0:cdf462088d13 | 6939 | |
markrad | 0:cdf462088d13 | 6940 | mbedtls_md_free( &transform->md_ctx_enc ); |
markrad | 0:cdf462088d13 | 6941 | mbedtls_md_free( &transform->md_ctx_dec ); |
markrad | 0:cdf462088d13 | 6942 | |
markrad | 0:cdf462088d13 | 6943 | mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); |
markrad | 0:cdf462088d13 | 6944 | } |
markrad | 0:cdf462088d13 | 6945 | |
markrad | 0:cdf462088d13 | 6946 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 6947 | static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert ) |
markrad | 0:cdf462088d13 | 6948 | { |
markrad | 0:cdf462088d13 | 6949 | mbedtls_ssl_key_cert *cur = key_cert, *next; |
markrad | 0:cdf462088d13 | 6950 | |
markrad | 0:cdf462088d13 | 6951 | while( cur != NULL ) |
markrad | 0:cdf462088d13 | 6952 | { |
markrad | 0:cdf462088d13 | 6953 | next = cur->next; |
markrad | 0:cdf462088d13 | 6954 | mbedtls_free( cur ); |
markrad | 0:cdf462088d13 | 6955 | cur = next; |
markrad | 0:cdf462088d13 | 6956 | } |
markrad | 0:cdf462088d13 | 6957 | } |
markrad | 0:cdf462088d13 | 6958 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
markrad | 0:cdf462088d13 | 6959 | |
markrad | 0:cdf462088d13 | 6960 | void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) |
markrad | 0:cdf462088d13 | 6961 | { |
markrad | 0:cdf462088d13 | 6962 | if( handshake == NULL ) |
markrad | 0:cdf462088d13 | 6963 | return; |
markrad | 0:cdf462088d13 | 6964 | |
markrad | 0:cdf462088d13 | 6965 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 6966 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 6967 | mbedtls_md5_free( &handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 6968 | mbedtls_sha1_free( &handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 6969 | #endif |
markrad | 0:cdf462088d13 | 6970 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 6971 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 6972 | mbedtls_sha256_free( &handshake->fin_sha256 ); |
markrad | 0:cdf462088d13 | 6973 | #endif |
markrad | 0:cdf462088d13 | 6974 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 6975 | mbedtls_sha512_free( &handshake->fin_sha512 ); |
markrad | 0:cdf462088d13 | 6976 | #endif |
markrad | 0:cdf462088d13 | 6977 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 6978 | |
markrad | 0:cdf462088d13 | 6979 | #if defined(MBEDTLS_DHM_C) |
markrad | 0:cdf462088d13 | 6980 | mbedtls_dhm_free( &handshake->dhm_ctx ); |
markrad | 0:cdf462088d13 | 6981 | #endif |
markrad | 0:cdf462088d13 | 6982 | #if defined(MBEDTLS_ECDH_C) |
markrad | 0:cdf462088d13 | 6983 | mbedtls_ecdh_free( &handshake->ecdh_ctx ); |
markrad | 0:cdf462088d13 | 6984 | #endif |
markrad | 0:cdf462088d13 | 6985 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
markrad | 0:cdf462088d13 | 6986 | mbedtls_ecjpake_free( &handshake->ecjpake_ctx ); |
markrad | 0:cdf462088d13 | 6987 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6988 | mbedtls_free( handshake->ecjpake_cache ); |
markrad | 0:cdf462088d13 | 6989 | handshake->ecjpake_cache = NULL; |
markrad | 0:cdf462088d13 | 6990 | handshake->ecjpake_cache_len = 0; |
markrad | 0:cdf462088d13 | 6991 | #endif |
markrad | 0:cdf462088d13 | 6992 | #endif |
markrad | 0:cdf462088d13 | 6993 | |
markrad | 0:cdf462088d13 | 6994 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ |
markrad | 0:cdf462088d13 | 6995 | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
markrad | 0:cdf462088d13 | 6996 | /* explicit void pointer cast for buggy MS compiler */ |
markrad | 0:cdf462088d13 | 6997 | mbedtls_free( (void *) handshake->curves ); |
markrad | 0:cdf462088d13 | 6998 | #endif |
markrad | 0:cdf462088d13 | 6999 | |
markrad | 0:cdf462088d13 | 7000 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
markrad | 0:cdf462088d13 | 7001 | if( handshake->psk != NULL ) |
markrad | 0:cdf462088d13 | 7002 | { |
markrad | 0:cdf462088d13 | 7003 | mbedtls_zeroize( handshake->psk, handshake->psk_len ); |
markrad | 0:cdf462088d13 | 7004 | mbedtls_free( handshake->psk ); |
markrad | 0:cdf462088d13 | 7005 | } |
markrad | 0:cdf462088d13 | 7006 | #endif |
markrad | 0:cdf462088d13 | 7007 | |
markrad | 0:cdf462088d13 | 7008 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ |
markrad | 0:cdf462088d13 | 7009 | defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
markrad | 0:cdf462088d13 | 7010 | /* |
markrad | 0:cdf462088d13 | 7011 | * Free only the linked list wrapper, not the keys themselves |
markrad | 0:cdf462088d13 | 7012 | * since the belong to the SNI callback |
markrad | 0:cdf462088d13 | 7013 | */ |
markrad | 0:cdf462088d13 | 7014 | if( handshake->sni_key_cert != NULL ) |
markrad | 0:cdf462088d13 | 7015 | { |
markrad | 0:cdf462088d13 | 7016 | mbedtls_ssl_key_cert *cur = handshake->sni_key_cert, *next; |
markrad | 0:cdf462088d13 | 7017 | |
markrad | 0:cdf462088d13 | 7018 | while( cur != NULL ) |
markrad | 0:cdf462088d13 | 7019 | { |
markrad | 0:cdf462088d13 | 7020 | next = cur->next; |
markrad | 0:cdf462088d13 | 7021 | mbedtls_free( cur ); |
markrad | 0:cdf462088d13 | 7022 | cur = next; |
markrad | 0:cdf462088d13 | 7023 | } |
markrad | 0:cdf462088d13 | 7024 | } |
markrad | 0:cdf462088d13 | 7025 | #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
markrad | 0:cdf462088d13 | 7026 | |
markrad | 0:cdf462088d13 | 7027 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 7028 | mbedtls_free( handshake->verify_cookie ); |
markrad | 0:cdf462088d13 | 7029 | mbedtls_free( handshake->hs_msg ); |
markrad | 0:cdf462088d13 | 7030 | ssl_flight_free( handshake->flight ); |
markrad | 0:cdf462088d13 | 7031 | #endif |
markrad | 0:cdf462088d13 | 7032 | |
markrad | 0:cdf462088d13 | 7033 | mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) ); |
markrad | 0:cdf462088d13 | 7034 | } |
markrad | 0:cdf462088d13 | 7035 | |
markrad | 0:cdf462088d13 | 7036 | void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) |
markrad | 0:cdf462088d13 | 7037 | { |
markrad | 0:cdf462088d13 | 7038 | if( session == NULL ) |
markrad | 0:cdf462088d13 | 7039 | return; |
markrad | 0:cdf462088d13 | 7040 | |
markrad | 0:cdf462088d13 | 7041 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 7042 | if( session->peer_cert != NULL ) |
markrad | 0:cdf462088d13 | 7043 | { |
markrad | 0:cdf462088d13 | 7044 | mbedtls_x509_crt_free( session->peer_cert ); |
markrad | 0:cdf462088d13 | 7045 | mbedtls_free( session->peer_cert ); |
markrad | 0:cdf462088d13 | 7046 | } |
markrad | 0:cdf462088d13 | 7047 | #endif |
markrad | 0:cdf462088d13 | 7048 | |
markrad | 0:cdf462088d13 | 7049 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 7050 | mbedtls_free( session->ticket ); |
markrad | 0:cdf462088d13 | 7051 | #endif |
markrad | 0:cdf462088d13 | 7052 | |
markrad | 0:cdf462088d13 | 7053 | mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) ); |
markrad | 0:cdf462088d13 | 7054 | } |
markrad | 0:cdf462088d13 | 7055 | |
markrad | 0:cdf462088d13 | 7056 | /* |
markrad | 0:cdf462088d13 | 7057 | * Free an SSL context |
markrad | 0:cdf462088d13 | 7058 | */ |
markrad | 0:cdf462088d13 | 7059 | void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 7060 | { |
markrad | 0:cdf462088d13 | 7061 | if( ssl == NULL ) |
markrad | 0:cdf462088d13 | 7062 | return; |
markrad | 0:cdf462088d13 | 7063 | |
markrad | 0:cdf462088d13 | 7064 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) ); |
markrad | 0:cdf462088d13 | 7065 | |
markrad | 0:cdf462088d13 | 7066 | if( ssl->out_buf != NULL ) |
markrad | 0:cdf462088d13 | 7067 | { |
markrad | 0:cdf462088d13 | 7068 | mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN ); |
markrad | 0:cdf462088d13 | 7069 | mbedtls_free( ssl->out_buf ); |
markrad | 0:cdf462088d13 | 7070 | } |
markrad | 0:cdf462088d13 | 7071 | |
markrad | 0:cdf462088d13 | 7072 | if( ssl->in_buf != NULL ) |
markrad | 0:cdf462088d13 | 7073 | { |
markrad | 0:cdf462088d13 | 7074 | mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN ); |
markrad | 0:cdf462088d13 | 7075 | mbedtls_free( ssl->in_buf ); |
markrad | 0:cdf462088d13 | 7076 | } |
markrad | 0:cdf462088d13 | 7077 | |
markrad | 0:cdf462088d13 | 7078 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 7079 | if( ssl->compress_buf != NULL ) |
markrad | 0:cdf462088d13 | 7080 | { |
markrad | 0:cdf462088d13 | 7081 | mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN ); |
markrad | 0:cdf462088d13 | 7082 | mbedtls_free( ssl->compress_buf ); |
markrad | 0:cdf462088d13 | 7083 | } |
markrad | 0:cdf462088d13 | 7084 | #endif |
markrad | 0:cdf462088d13 | 7085 | |
markrad | 0:cdf462088d13 | 7086 | if( ssl->transform ) |
markrad | 0:cdf462088d13 | 7087 | { |
markrad | 0:cdf462088d13 | 7088 | mbedtls_ssl_transform_free( ssl->transform ); |
markrad | 0:cdf462088d13 | 7089 | mbedtls_free( ssl->transform ); |
markrad | 0:cdf462088d13 | 7090 | } |
markrad | 0:cdf462088d13 | 7091 | |
markrad | 0:cdf462088d13 | 7092 | if( ssl->handshake ) |
markrad | 0:cdf462088d13 | 7093 | { |
markrad | 0:cdf462088d13 | 7094 | mbedtls_ssl_handshake_free( ssl->handshake ); |
markrad | 0:cdf462088d13 | 7095 | mbedtls_ssl_transform_free( ssl->transform_negotiate ); |
markrad | 0:cdf462088d13 | 7096 | mbedtls_ssl_session_free( ssl->session_negotiate ); |
markrad | 0:cdf462088d13 | 7097 | |
markrad | 0:cdf462088d13 | 7098 | mbedtls_free( ssl->handshake ); |
markrad | 0:cdf462088d13 | 7099 | mbedtls_free( ssl->transform_negotiate ); |
markrad | 0:cdf462088d13 | 7100 | mbedtls_free( ssl->session_negotiate ); |
markrad | 0:cdf462088d13 | 7101 | } |
markrad | 0:cdf462088d13 | 7102 | |
markrad | 0:cdf462088d13 | 7103 | if( ssl->session ) |
markrad | 0:cdf462088d13 | 7104 | { |
markrad | 0:cdf462088d13 | 7105 | mbedtls_ssl_session_free( ssl->session ); |
markrad | 0:cdf462088d13 | 7106 | mbedtls_free( ssl->session ); |
markrad | 0:cdf462088d13 | 7107 | } |
markrad | 0:cdf462088d13 | 7108 | |
markrad | 0:cdf462088d13 | 7109 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 7110 | if( ssl->hostname != NULL ) |
markrad | 0:cdf462088d13 | 7111 | { |
markrad | 0:cdf462088d13 | 7112 | mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); |
markrad | 0:cdf462088d13 | 7113 | mbedtls_free( ssl->hostname ); |
markrad | 0:cdf462088d13 | 7114 | } |
markrad | 0:cdf462088d13 | 7115 | #endif |
markrad | 0:cdf462088d13 | 7116 | |
markrad | 0:cdf462088d13 | 7117 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 7118 | if( mbedtls_ssl_hw_record_finish != NULL ) |
markrad | 0:cdf462088d13 | 7119 | { |
markrad | 0:cdf462088d13 | 7120 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_finish()" ) ); |
markrad | 0:cdf462088d13 | 7121 | mbedtls_ssl_hw_record_finish( ssl ); |
markrad | 0:cdf462088d13 | 7122 | } |
markrad | 0:cdf462088d13 | 7123 | #endif |
markrad | 0:cdf462088d13 | 7124 | |
markrad | 0:cdf462088d13 | 7125 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 7126 | mbedtls_free( ssl->cli_id ); |
markrad | 0:cdf462088d13 | 7127 | #endif |
markrad | 0:cdf462088d13 | 7128 | |
markrad | 0:cdf462088d13 | 7129 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); |
markrad | 0:cdf462088d13 | 7130 | |
markrad | 0:cdf462088d13 | 7131 | /* Actually clear after last debug message */ |
markrad | 0:cdf462088d13 | 7132 | mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); |
markrad | 0:cdf462088d13 | 7133 | } |
markrad | 0:cdf462088d13 | 7134 | |
markrad | 0:cdf462088d13 | 7135 | /* |
markrad | 0:cdf462088d13 | 7136 | * Initialze mbedtls_ssl_config |
markrad | 0:cdf462088d13 | 7137 | */ |
markrad | 0:cdf462088d13 | 7138 | void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) |
markrad | 0:cdf462088d13 | 7139 | { |
markrad | 0:cdf462088d13 | 7140 | memset( conf, 0, sizeof( mbedtls_ssl_config ) ); |
markrad | 0:cdf462088d13 | 7141 | } |
markrad | 0:cdf462088d13 | 7142 | |
markrad | 0:cdf462088d13 | 7143 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
markrad | 0:cdf462088d13 | 7144 | static int ssl_preset_default_hashes[] = { |
markrad | 0:cdf462088d13 | 7145 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 7146 | MBEDTLS_MD_SHA512, |
markrad | 0:cdf462088d13 | 7147 | MBEDTLS_MD_SHA384, |
markrad | 0:cdf462088d13 | 7148 | #endif |
markrad | 0:cdf462088d13 | 7149 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 7150 | MBEDTLS_MD_SHA256, |
markrad | 0:cdf462088d13 | 7151 | MBEDTLS_MD_SHA224, |
markrad | 0:cdf462088d13 | 7152 | #endif |
markrad | 0:cdf462088d13 | 7153 | #if defined(MBEDTLS_SHA1_C) |
markrad | 0:cdf462088d13 | 7154 | MBEDTLS_MD_SHA1, |
markrad | 0:cdf462088d13 | 7155 | #endif |
markrad | 0:cdf462088d13 | 7156 | MBEDTLS_MD_NONE |
markrad | 0:cdf462088d13 | 7157 | }; |
markrad | 0:cdf462088d13 | 7158 | #endif |
markrad | 0:cdf462088d13 | 7159 | |
markrad | 0:cdf462088d13 | 7160 | static int ssl_preset_suiteb_ciphersuites[] = { |
markrad | 0:cdf462088d13 | 7161 | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
markrad | 0:cdf462088d13 | 7162 | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
markrad | 0:cdf462088d13 | 7163 | 0 |
markrad | 0:cdf462088d13 | 7164 | }; |
markrad | 0:cdf462088d13 | 7165 | |
markrad | 0:cdf462088d13 | 7166 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
markrad | 0:cdf462088d13 | 7167 | static int ssl_preset_suiteb_hashes[] = { |
markrad | 0:cdf462088d13 | 7168 | MBEDTLS_MD_SHA256, |
markrad | 0:cdf462088d13 | 7169 | MBEDTLS_MD_SHA384, |
markrad | 0:cdf462088d13 | 7170 | MBEDTLS_MD_NONE |
markrad | 0:cdf462088d13 | 7171 | }; |
markrad | 0:cdf462088d13 | 7172 | #endif |
markrad | 0:cdf462088d13 | 7173 | |
markrad | 0:cdf462088d13 | 7174 | #if defined(MBEDTLS_ECP_C) |
markrad | 0:cdf462088d13 | 7175 | static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = { |
markrad | 0:cdf462088d13 | 7176 | MBEDTLS_ECP_DP_SECP256R1, |
markrad | 0:cdf462088d13 | 7177 | MBEDTLS_ECP_DP_SECP384R1, |
markrad | 0:cdf462088d13 | 7178 | MBEDTLS_ECP_DP_NONE |
markrad | 0:cdf462088d13 | 7179 | }; |
markrad | 0:cdf462088d13 | 7180 | #endif |
markrad | 0:cdf462088d13 | 7181 | |
markrad | 0:cdf462088d13 | 7182 | /* |
markrad | 0:cdf462088d13 | 7183 | * Load default in mbedtls_ssl_config |
markrad | 0:cdf462088d13 | 7184 | */ |
markrad | 0:cdf462088d13 | 7185 | int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 7186 | int endpoint, int transport, int preset ) |
markrad | 0:cdf462088d13 | 7187 | { |
markrad | 0:cdf462088d13 | 7188 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 7189 | int ret; |
markrad | 0:cdf462088d13 | 7190 | #endif |
markrad | 0:cdf462088d13 | 7191 | |
markrad | 0:cdf462088d13 | 7192 | /* Use the functions here so that they are covered in tests, |
markrad | 0:cdf462088d13 | 7193 | * but otherwise access member directly for efficiency */ |
markrad | 0:cdf462088d13 | 7194 | mbedtls_ssl_conf_endpoint( conf, endpoint ); |
markrad | 0:cdf462088d13 | 7195 | mbedtls_ssl_conf_transport( conf, transport ); |
markrad | 0:cdf462088d13 | 7196 | |
markrad | 0:cdf462088d13 | 7197 | /* |
markrad | 0:cdf462088d13 | 7198 | * Things that are common to all presets |
markrad | 0:cdf462088d13 | 7199 | */ |
markrad | 0:cdf462088d13 | 7200 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 7201 | if( endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 7202 | { |
markrad | 0:cdf462088d13 | 7203 | conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; |
markrad | 0:cdf462088d13 | 7204 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
markrad | 0:cdf462088d13 | 7205 | conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED; |
markrad | 0:cdf462088d13 | 7206 | #endif |
markrad | 0:cdf462088d13 | 7207 | } |
markrad | 0:cdf462088d13 | 7208 | #endif |
markrad | 0:cdf462088d13 | 7209 | |
markrad | 0:cdf462088d13 | 7210 | #if defined(MBEDTLS_ARC4_C) |
markrad | 0:cdf462088d13 | 7211 | conf->arc4_disabled = MBEDTLS_SSL_ARC4_DISABLED; |
markrad | 0:cdf462088d13 | 7212 | #endif |
markrad | 0:cdf462088d13 | 7213 | |
markrad | 0:cdf462088d13 | 7214 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 7215 | conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; |
markrad | 0:cdf462088d13 | 7216 | #endif |
markrad | 0:cdf462088d13 | 7217 | |
markrad | 0:cdf462088d13 | 7218 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
markrad | 0:cdf462088d13 | 7219 | conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; |
markrad | 0:cdf462088d13 | 7220 | #endif |
markrad | 0:cdf462088d13 | 7221 | |
markrad | 0:cdf462088d13 | 7222 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
markrad | 0:cdf462088d13 | 7223 | conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED; |
markrad | 0:cdf462088d13 | 7224 | #endif |
markrad | 0:cdf462088d13 | 7225 | |
markrad | 0:cdf462088d13 | 7226 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 7227 | conf->f_cookie_write = ssl_cookie_write_dummy; |
markrad | 0:cdf462088d13 | 7228 | conf->f_cookie_check = ssl_cookie_check_dummy; |
markrad | 0:cdf462088d13 | 7229 | #endif |
markrad | 0:cdf462088d13 | 7230 | |
markrad | 0:cdf462088d13 | 7231 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 7232 | conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED; |
markrad | 0:cdf462088d13 | 7233 | #endif |
markrad | 0:cdf462088d13 | 7234 | |
markrad | 0:cdf462088d13 | 7235 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 7236 | conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN; |
markrad | 0:cdf462088d13 | 7237 | conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX; |
markrad | 0:cdf462088d13 | 7238 | #endif |
markrad | 0:cdf462088d13 | 7239 | |
markrad | 0:cdf462088d13 | 7240 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 7241 | conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; |
Jasper Wallace |
1:9ebc941037d5 | 7242 | memset( conf->renego_period, 0x00, 2 ); |
Jasper Wallace |
1:9ebc941037d5 | 7243 | memset( conf->renego_period + 2, 0xFF, 6 ); |
markrad | 0:cdf462088d13 | 7244 | #endif |
markrad | 0:cdf462088d13 | 7245 | |
markrad | 0:cdf462088d13 | 7246 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 7247 | if( endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 7248 | { |
markrad | 0:cdf462088d13 | 7249 | if( ( ret = mbedtls_ssl_conf_dh_param( conf, |
markrad | 0:cdf462088d13 | 7250 | MBEDTLS_DHM_RFC5114_MODP_2048_P, |
markrad | 0:cdf462088d13 | 7251 | MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 ) |
markrad | 0:cdf462088d13 | 7252 | { |
markrad | 0:cdf462088d13 | 7253 | return( ret ); |
markrad | 0:cdf462088d13 | 7254 | } |
markrad | 0:cdf462088d13 | 7255 | } |
markrad | 0:cdf462088d13 | 7256 | #endif |
markrad | 0:cdf462088d13 | 7257 | |
markrad | 0:cdf462088d13 | 7258 | /* |
markrad | 0:cdf462088d13 | 7259 | * Preset-specific defaults |
markrad | 0:cdf462088d13 | 7260 | */ |
markrad | 0:cdf462088d13 | 7261 | switch( preset ) |
markrad | 0:cdf462088d13 | 7262 | { |
markrad | 0:cdf462088d13 | 7263 | /* |
markrad | 0:cdf462088d13 | 7264 | * NSA Suite B |
markrad | 0:cdf462088d13 | 7265 | */ |
markrad | 0:cdf462088d13 | 7266 | case MBEDTLS_SSL_PRESET_SUITEB: |
markrad | 0:cdf462088d13 | 7267 | conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; |
markrad | 0:cdf462088d13 | 7268 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ |
markrad | 0:cdf462088d13 | 7269 | conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; |
markrad | 0:cdf462088d13 | 7270 | conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; |
markrad | 0:cdf462088d13 | 7271 | |
markrad | 0:cdf462088d13 | 7272 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = |
markrad | 0:cdf462088d13 | 7273 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = |
markrad | 0:cdf462088d13 | 7274 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = |
markrad | 0:cdf462088d13 | 7275 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = |
markrad | 0:cdf462088d13 | 7276 | ssl_preset_suiteb_ciphersuites; |
markrad | 0:cdf462088d13 | 7277 | |
markrad | 0:cdf462088d13 | 7278 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 7279 | conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; |
markrad | 0:cdf462088d13 | 7280 | #endif |
markrad | 0:cdf462088d13 | 7281 | |
markrad | 0:cdf462088d13 | 7282 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
markrad | 0:cdf462088d13 | 7283 | conf->sig_hashes = ssl_preset_suiteb_hashes; |
markrad | 0:cdf462088d13 | 7284 | #endif |
markrad | 0:cdf462088d13 | 7285 | |
markrad | 0:cdf462088d13 | 7286 | #if defined(MBEDTLS_ECP_C) |
markrad | 0:cdf462088d13 | 7287 | conf->curve_list = ssl_preset_suiteb_curves; |
markrad | 0:cdf462088d13 | 7288 | #endif |
markrad | 0:cdf462088d13 | 7289 | break; |
markrad | 0:cdf462088d13 | 7290 | |
markrad | 0:cdf462088d13 | 7291 | /* |
markrad | 0:cdf462088d13 | 7292 | * Default |
markrad | 0:cdf462088d13 | 7293 | */ |
markrad | 0:cdf462088d13 | 7294 | default: |
markrad | 0:cdf462088d13 | 7295 | conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; |
markrad | 0:cdf462088d13 | 7296 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */ |
markrad | 0:cdf462088d13 | 7297 | conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; |
markrad | 0:cdf462088d13 | 7298 | conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; |
markrad | 0:cdf462088d13 | 7299 | |
markrad | 0:cdf462088d13 | 7300 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 7301 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 7302 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2; |
markrad | 0:cdf462088d13 | 7303 | #endif |
markrad | 0:cdf462088d13 | 7304 | |
markrad | 0:cdf462088d13 | 7305 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = |
markrad | 0:cdf462088d13 | 7306 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = |
markrad | 0:cdf462088d13 | 7307 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = |
markrad | 0:cdf462088d13 | 7308 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = |
markrad | 0:cdf462088d13 | 7309 | mbedtls_ssl_list_ciphersuites(); |
markrad | 0:cdf462088d13 | 7310 | |
markrad | 0:cdf462088d13 | 7311 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 7312 | conf->cert_profile = &mbedtls_x509_crt_profile_default; |
markrad | 0:cdf462088d13 | 7313 | #endif |
markrad | 0:cdf462088d13 | 7314 | |
markrad | 0:cdf462088d13 | 7315 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
markrad | 0:cdf462088d13 | 7316 | conf->sig_hashes = ssl_preset_default_hashes; |
markrad | 0:cdf462088d13 | 7317 | #endif |
markrad | 0:cdf462088d13 | 7318 | |
markrad | 0:cdf462088d13 | 7319 | #if defined(MBEDTLS_ECP_C) |
markrad | 0:cdf462088d13 | 7320 | conf->curve_list = mbedtls_ecp_grp_id_list(); |
markrad | 0:cdf462088d13 | 7321 | #endif |
markrad | 0:cdf462088d13 | 7322 | |
markrad | 0:cdf462088d13 | 7323 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 7324 | conf->dhm_min_bitlen = 1024; |
markrad | 0:cdf462088d13 | 7325 | #endif |
markrad | 0:cdf462088d13 | 7326 | } |
markrad | 0:cdf462088d13 | 7327 | |
markrad | 0:cdf462088d13 | 7328 | return( 0 ); |
markrad | 0:cdf462088d13 | 7329 | } |
markrad | 0:cdf462088d13 | 7330 | |
markrad | 0:cdf462088d13 | 7331 | /* |
markrad | 0:cdf462088d13 | 7332 | * Free mbedtls_ssl_config |
markrad | 0:cdf462088d13 | 7333 | */ |
markrad | 0:cdf462088d13 | 7334 | void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) |
markrad | 0:cdf462088d13 | 7335 | { |
markrad | 0:cdf462088d13 | 7336 | #if defined(MBEDTLS_DHM_C) |
markrad | 0:cdf462088d13 | 7337 | mbedtls_mpi_free( &conf->dhm_P ); |
markrad | 0:cdf462088d13 | 7338 | mbedtls_mpi_free( &conf->dhm_G ); |
markrad | 0:cdf462088d13 | 7339 | #endif |
markrad | 0:cdf462088d13 | 7340 | |
markrad | 0:cdf462088d13 | 7341 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
markrad | 0:cdf462088d13 | 7342 | if( conf->psk != NULL ) |
markrad | 0:cdf462088d13 | 7343 | { |
markrad | 0:cdf462088d13 | 7344 | mbedtls_zeroize( conf->psk, conf->psk_len ); |
markrad | 0:cdf462088d13 | 7345 | mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len ); |
markrad | 0:cdf462088d13 | 7346 | mbedtls_free( conf->psk ); |
markrad | 0:cdf462088d13 | 7347 | mbedtls_free( conf->psk_identity ); |
markrad | 0:cdf462088d13 | 7348 | conf->psk_len = 0; |
markrad | 0:cdf462088d13 | 7349 | conf->psk_identity_len = 0; |
markrad | 0:cdf462088d13 | 7350 | } |
markrad | 0:cdf462088d13 | 7351 | #endif |
markrad | 0:cdf462088d13 | 7352 | |
markrad | 0:cdf462088d13 | 7353 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 7354 | ssl_key_cert_free( conf->key_cert ); |
markrad | 0:cdf462088d13 | 7355 | #endif |
markrad | 0:cdf462088d13 | 7356 | |
markrad | 0:cdf462088d13 | 7357 | mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) ); |
markrad | 0:cdf462088d13 | 7358 | } |
markrad | 0:cdf462088d13 | 7359 | |
markrad | 0:cdf462088d13 | 7360 | #if defined(MBEDTLS_PK_C) && \ |
markrad | 0:cdf462088d13 | 7361 | ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) ) |
markrad | 0:cdf462088d13 | 7362 | /* |
markrad | 0:cdf462088d13 | 7363 | * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX |
markrad | 0:cdf462088d13 | 7364 | */ |
markrad | 0:cdf462088d13 | 7365 | unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ) |
markrad | 0:cdf462088d13 | 7366 | { |
markrad | 0:cdf462088d13 | 7367 | #if defined(MBEDTLS_RSA_C) |
markrad | 0:cdf462088d13 | 7368 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) ) |
markrad | 0:cdf462088d13 | 7369 | return( MBEDTLS_SSL_SIG_RSA ); |
markrad | 0:cdf462088d13 | 7370 | #endif |
markrad | 0:cdf462088d13 | 7371 | #if defined(MBEDTLS_ECDSA_C) |
markrad | 0:cdf462088d13 | 7372 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) ) |
markrad | 0:cdf462088d13 | 7373 | return( MBEDTLS_SSL_SIG_ECDSA ); |
markrad | 0:cdf462088d13 | 7374 | #endif |
markrad | 0:cdf462088d13 | 7375 | return( MBEDTLS_SSL_SIG_ANON ); |
markrad | 0:cdf462088d13 | 7376 | } |
markrad | 0:cdf462088d13 | 7377 | |
markrad | 0:cdf462088d13 | 7378 | mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ) |
markrad | 0:cdf462088d13 | 7379 | { |
markrad | 0:cdf462088d13 | 7380 | switch( sig ) |
markrad | 0:cdf462088d13 | 7381 | { |
markrad | 0:cdf462088d13 | 7382 | #if defined(MBEDTLS_RSA_C) |
markrad | 0:cdf462088d13 | 7383 | case MBEDTLS_SSL_SIG_RSA: |
markrad | 0:cdf462088d13 | 7384 | return( MBEDTLS_PK_RSA ); |
markrad | 0:cdf462088d13 | 7385 | #endif |
markrad | 0:cdf462088d13 | 7386 | #if defined(MBEDTLS_ECDSA_C) |
markrad | 0:cdf462088d13 | 7387 | case MBEDTLS_SSL_SIG_ECDSA: |
markrad | 0:cdf462088d13 | 7388 | return( MBEDTLS_PK_ECDSA ); |
markrad | 0:cdf462088d13 | 7389 | #endif |
markrad | 0:cdf462088d13 | 7390 | default: |
markrad | 0:cdf462088d13 | 7391 | return( MBEDTLS_PK_NONE ); |
markrad | 0:cdf462088d13 | 7392 | } |
markrad | 0:cdf462088d13 | 7393 | } |
markrad | 0:cdf462088d13 | 7394 | #endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */ |
markrad | 0:cdf462088d13 | 7395 | |
markrad | 0:cdf462088d13 | 7396 | /* |
markrad | 0:cdf462088d13 | 7397 | * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX |
markrad | 0:cdf462088d13 | 7398 | */ |
markrad | 0:cdf462088d13 | 7399 | mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ) |
markrad | 0:cdf462088d13 | 7400 | { |
markrad | 0:cdf462088d13 | 7401 | switch( hash ) |
markrad | 0:cdf462088d13 | 7402 | { |
markrad | 0:cdf462088d13 | 7403 | #if defined(MBEDTLS_MD5_C) |
markrad | 0:cdf462088d13 | 7404 | case MBEDTLS_SSL_HASH_MD5: |
markrad | 0:cdf462088d13 | 7405 | return( MBEDTLS_MD_MD5 ); |
markrad | 0:cdf462088d13 | 7406 | #endif |
markrad | 0:cdf462088d13 | 7407 | #if defined(MBEDTLS_SHA1_C) |
markrad | 0:cdf462088d13 | 7408 | case MBEDTLS_SSL_HASH_SHA1: |
markrad | 0:cdf462088d13 | 7409 | return( MBEDTLS_MD_SHA1 ); |
markrad | 0:cdf462088d13 | 7410 | #endif |
markrad | 0:cdf462088d13 | 7411 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 7412 | case MBEDTLS_SSL_HASH_SHA224: |
markrad | 0:cdf462088d13 | 7413 | return( MBEDTLS_MD_SHA224 ); |
markrad | 0:cdf462088d13 | 7414 | case MBEDTLS_SSL_HASH_SHA256: |
markrad | 0:cdf462088d13 | 7415 | return( MBEDTLS_MD_SHA256 ); |
markrad | 0:cdf462088d13 | 7416 | #endif |
markrad | 0:cdf462088d13 | 7417 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 7418 | case MBEDTLS_SSL_HASH_SHA384: |
markrad | 0:cdf462088d13 | 7419 | return( MBEDTLS_MD_SHA384 ); |
markrad | 0:cdf462088d13 | 7420 | case MBEDTLS_SSL_HASH_SHA512: |
markrad | 0:cdf462088d13 | 7421 | return( MBEDTLS_MD_SHA512 ); |
markrad | 0:cdf462088d13 | 7422 | #endif |
markrad | 0:cdf462088d13 | 7423 | default: |
markrad | 0:cdf462088d13 | 7424 | return( MBEDTLS_MD_NONE ); |
markrad | 0:cdf462088d13 | 7425 | } |
markrad | 0:cdf462088d13 | 7426 | } |
markrad | 0:cdf462088d13 | 7427 | |
markrad | 0:cdf462088d13 | 7428 | /* |
markrad | 0:cdf462088d13 | 7429 | * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX |
markrad | 0:cdf462088d13 | 7430 | */ |
markrad | 0:cdf462088d13 | 7431 | unsigned char mbedtls_ssl_hash_from_md_alg( int md ) |
markrad | 0:cdf462088d13 | 7432 | { |
markrad | 0:cdf462088d13 | 7433 | switch( md ) |
markrad | 0:cdf462088d13 | 7434 | { |
markrad | 0:cdf462088d13 | 7435 | #if defined(MBEDTLS_MD5_C) |
markrad | 0:cdf462088d13 | 7436 | case MBEDTLS_MD_MD5: |
markrad | 0:cdf462088d13 | 7437 | return( MBEDTLS_SSL_HASH_MD5 ); |
markrad | 0:cdf462088d13 | 7438 | #endif |
markrad | 0:cdf462088d13 | 7439 | #if defined(MBEDTLS_SHA1_C) |
markrad | 0:cdf462088d13 | 7440 | case MBEDTLS_MD_SHA1: |
markrad | 0:cdf462088d13 | 7441 | return( MBEDTLS_SSL_HASH_SHA1 ); |
markrad | 0:cdf462088d13 | 7442 | #endif |
markrad | 0:cdf462088d13 | 7443 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 7444 | case MBEDTLS_MD_SHA224: |
markrad | 0:cdf462088d13 | 7445 | return( MBEDTLS_SSL_HASH_SHA224 ); |
markrad | 0:cdf462088d13 | 7446 | case MBEDTLS_MD_SHA256: |
markrad | 0:cdf462088d13 | 7447 | return( MBEDTLS_SSL_HASH_SHA256 ); |
markrad | 0:cdf462088d13 | 7448 | #endif |
markrad | 0:cdf462088d13 | 7449 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 7450 | case MBEDTLS_MD_SHA384: |
markrad | 0:cdf462088d13 | 7451 | return( MBEDTLS_SSL_HASH_SHA384 ); |
markrad | 0:cdf462088d13 | 7452 | case MBEDTLS_MD_SHA512: |
markrad | 0:cdf462088d13 | 7453 | return( MBEDTLS_SSL_HASH_SHA512 ); |
markrad | 0:cdf462088d13 | 7454 | #endif |
markrad | 0:cdf462088d13 | 7455 | default: |
markrad | 0:cdf462088d13 | 7456 | return( MBEDTLS_SSL_HASH_NONE ); |
markrad | 0:cdf462088d13 | 7457 | } |
markrad | 0:cdf462088d13 | 7458 | } |
markrad | 0:cdf462088d13 | 7459 | |
markrad | 0:cdf462088d13 | 7460 | #if defined(MBEDTLS_ECP_C) |
markrad | 0:cdf462088d13 | 7461 | /* |
markrad | 0:cdf462088d13 | 7462 | * Check if a curve proposed by the peer is in our list. |
markrad | 0:cdf462088d13 | 7463 | * Return 0 if we're willing to use it, -1 otherwise. |
markrad | 0:cdf462088d13 | 7464 | */ |
markrad | 0:cdf462088d13 | 7465 | int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ) |
markrad | 0:cdf462088d13 | 7466 | { |
markrad | 0:cdf462088d13 | 7467 | const mbedtls_ecp_group_id *gid; |
markrad | 0:cdf462088d13 | 7468 | |
markrad | 0:cdf462088d13 | 7469 | if( ssl->conf->curve_list == NULL ) |
markrad | 0:cdf462088d13 | 7470 | return( -1 ); |
markrad | 0:cdf462088d13 | 7471 | |
markrad | 0:cdf462088d13 | 7472 | for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) |
markrad | 0:cdf462088d13 | 7473 | if( *gid == grp_id ) |
markrad | 0:cdf462088d13 | 7474 | return( 0 ); |
markrad | 0:cdf462088d13 | 7475 | |
markrad | 0:cdf462088d13 | 7476 | return( -1 ); |
markrad | 0:cdf462088d13 | 7477 | } |
markrad | 0:cdf462088d13 | 7478 | #endif /* MBEDTLS_ECP_C */ |
markrad | 0:cdf462088d13 | 7479 | |
markrad | 0:cdf462088d13 | 7480 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
markrad | 0:cdf462088d13 | 7481 | /* |
markrad | 0:cdf462088d13 | 7482 | * Check if a hash proposed by the peer is in our list. |
markrad | 0:cdf462088d13 | 7483 | * Return 0 if we're willing to use it, -1 otherwise. |
markrad | 0:cdf462088d13 | 7484 | */ |
markrad | 0:cdf462088d13 | 7485 | int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 7486 | mbedtls_md_type_t md ) |
markrad | 0:cdf462088d13 | 7487 | { |
markrad | 0:cdf462088d13 | 7488 | const int *cur; |
markrad | 0:cdf462088d13 | 7489 | |
markrad | 0:cdf462088d13 | 7490 | if( ssl->conf->sig_hashes == NULL ) |
markrad | 0:cdf462088d13 | 7491 | return( -1 ); |
markrad | 0:cdf462088d13 | 7492 | |
markrad | 0:cdf462088d13 | 7493 | for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) |
markrad | 0:cdf462088d13 | 7494 | if( *cur == (int) md ) |
markrad | 0:cdf462088d13 | 7495 | return( 0 ); |
markrad | 0:cdf462088d13 | 7496 | |
markrad | 0:cdf462088d13 | 7497 | return( -1 ); |
markrad | 0:cdf462088d13 | 7498 | } |
markrad | 0:cdf462088d13 | 7499 | #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ |
markrad | 0:cdf462088d13 | 7500 | |
markrad | 0:cdf462088d13 | 7501 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 7502 | int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, |
markrad | 0:cdf462088d13 | 7503 | const mbedtls_ssl_ciphersuite_t *ciphersuite, |
markrad | 0:cdf462088d13 | 7504 | int cert_endpoint, |
markrad | 0:cdf462088d13 | 7505 | uint32_t *flags ) |
markrad | 0:cdf462088d13 | 7506 | { |
markrad | 0:cdf462088d13 | 7507 | int ret = 0; |
markrad | 0:cdf462088d13 | 7508 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) |
markrad | 0:cdf462088d13 | 7509 | int usage = 0; |
markrad | 0:cdf462088d13 | 7510 | #endif |
markrad | 0:cdf462088d13 | 7511 | #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
markrad | 0:cdf462088d13 | 7512 | const char *ext_oid; |
markrad | 0:cdf462088d13 | 7513 | size_t ext_len; |
markrad | 0:cdf462088d13 | 7514 | #endif |
markrad | 0:cdf462088d13 | 7515 | |
markrad | 0:cdf462088d13 | 7516 | #if !defined(MBEDTLS_X509_CHECK_KEY_USAGE) && \ |
markrad | 0:cdf462088d13 | 7517 | !defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
markrad | 0:cdf462088d13 | 7518 | ((void) cert); |
markrad | 0:cdf462088d13 | 7519 | ((void) cert_endpoint); |
markrad | 0:cdf462088d13 | 7520 | ((void) flags); |
markrad | 0:cdf462088d13 | 7521 | #endif |
markrad | 0:cdf462088d13 | 7522 | |
markrad | 0:cdf462088d13 | 7523 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) |
markrad | 0:cdf462088d13 | 7524 | if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 7525 | { |
markrad | 0:cdf462088d13 | 7526 | /* Server part of the key exchange */ |
markrad | 0:cdf462088d13 | 7527 | switch( ciphersuite->key_exchange ) |
markrad | 0:cdf462088d13 | 7528 | { |
markrad | 0:cdf462088d13 | 7529 | case MBEDTLS_KEY_EXCHANGE_RSA: |
markrad | 0:cdf462088d13 | 7530 | case MBEDTLS_KEY_EXCHANGE_RSA_PSK: |
markrad | 0:cdf462088d13 | 7531 | usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; |
markrad | 0:cdf462088d13 | 7532 | break; |
markrad | 0:cdf462088d13 | 7533 | |
markrad | 0:cdf462088d13 | 7534 | case MBEDTLS_KEY_EXCHANGE_DHE_RSA: |
markrad | 0:cdf462088d13 | 7535 | case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: |
markrad | 0:cdf462088d13 | 7536 | case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: |
markrad | 0:cdf462088d13 | 7537 | usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; |
markrad | 0:cdf462088d13 | 7538 | break; |
markrad | 0:cdf462088d13 | 7539 | |
markrad | 0:cdf462088d13 | 7540 | case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: |
markrad | 0:cdf462088d13 | 7541 | case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: |
markrad | 0:cdf462088d13 | 7542 | usage = MBEDTLS_X509_KU_KEY_AGREEMENT; |
markrad | 0:cdf462088d13 | 7543 | break; |
markrad | 0:cdf462088d13 | 7544 | |
markrad | 0:cdf462088d13 | 7545 | /* Don't use default: we want warnings when adding new values */ |
markrad | 0:cdf462088d13 | 7546 | case MBEDTLS_KEY_EXCHANGE_NONE: |
markrad | 0:cdf462088d13 | 7547 | case MBEDTLS_KEY_EXCHANGE_PSK: |
markrad | 0:cdf462088d13 | 7548 | case MBEDTLS_KEY_EXCHANGE_DHE_PSK: |
markrad | 0:cdf462088d13 | 7549 | case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: |
markrad | 0:cdf462088d13 | 7550 | case MBEDTLS_KEY_EXCHANGE_ECJPAKE: |
markrad | 0:cdf462088d13 | 7551 | usage = 0; |
markrad | 0:cdf462088d13 | 7552 | } |
markrad | 0:cdf462088d13 | 7553 | } |
markrad | 0:cdf462088d13 | 7554 | else |
markrad | 0:cdf462088d13 | 7555 | { |
markrad | 0:cdf462088d13 | 7556 | /* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */ |
markrad | 0:cdf462088d13 | 7557 | usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; |
markrad | 0:cdf462088d13 | 7558 | } |
markrad | 0:cdf462088d13 | 7559 | |
markrad | 0:cdf462088d13 | 7560 | if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 ) |
markrad | 0:cdf462088d13 | 7561 | { |
markrad | 0:cdf462088d13 | 7562 | *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE; |
markrad | 0:cdf462088d13 | 7563 | ret = -1; |
markrad | 0:cdf462088d13 | 7564 | } |
markrad | 0:cdf462088d13 | 7565 | #else |
markrad | 0:cdf462088d13 | 7566 | ((void) ciphersuite); |
markrad | 0:cdf462088d13 | 7567 | #endif /* MBEDTLS_X509_CHECK_KEY_USAGE */ |
markrad | 0:cdf462088d13 | 7568 | |
markrad | 0:cdf462088d13 | 7569 | #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
markrad | 0:cdf462088d13 | 7570 | if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 7571 | { |
markrad | 0:cdf462088d13 | 7572 | ext_oid = MBEDTLS_OID_SERVER_AUTH; |
markrad | 0:cdf462088d13 | 7573 | ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH ); |
markrad | 0:cdf462088d13 | 7574 | } |
markrad | 0:cdf462088d13 | 7575 | else |
markrad | 0:cdf462088d13 | 7576 | { |
markrad | 0:cdf462088d13 | 7577 | ext_oid = MBEDTLS_OID_CLIENT_AUTH; |
markrad | 0:cdf462088d13 | 7578 | ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH ); |
markrad | 0:cdf462088d13 | 7579 | } |
markrad | 0:cdf462088d13 | 7580 | |
markrad | 0:cdf462088d13 | 7581 | if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 ) |
markrad | 0:cdf462088d13 | 7582 | { |
markrad | 0:cdf462088d13 | 7583 | *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE; |
markrad | 0:cdf462088d13 | 7584 | ret = -1; |
markrad | 0:cdf462088d13 | 7585 | } |
markrad | 0:cdf462088d13 | 7586 | #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ |
markrad | 0:cdf462088d13 | 7587 | |
markrad | 0:cdf462088d13 | 7588 | return( ret ); |
markrad | 0:cdf462088d13 | 7589 | } |
markrad | 0:cdf462088d13 | 7590 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
markrad | 0:cdf462088d13 | 7591 | |
markrad | 0:cdf462088d13 | 7592 | /* |
markrad | 0:cdf462088d13 | 7593 | * Convert version numbers to/from wire format |
markrad | 0:cdf462088d13 | 7594 | * and, for DTLS, to/from TLS equivalent. |
markrad | 0:cdf462088d13 | 7595 | * |
markrad | 0:cdf462088d13 | 7596 | * For TLS this is the identity. |
markrad | 0:cdf462088d13 | 7597 | * For DTLS, use 1's complement (v -> 255 - v, and then map as follows: |
markrad | 0:cdf462088d13 | 7598 | * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) |
markrad | 0:cdf462088d13 | 7599 | * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) |
markrad | 0:cdf462088d13 | 7600 | */ |
markrad | 0:cdf462088d13 | 7601 | void mbedtls_ssl_write_version( int major, int minor, int transport, |
markrad | 0:cdf462088d13 | 7602 | unsigned char ver[2] ) |
markrad | 0:cdf462088d13 | 7603 | { |
markrad | 0:cdf462088d13 | 7604 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 7605 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 7606 | { |
markrad | 0:cdf462088d13 | 7607 | if( minor == MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 7608 | --minor; /* DTLS 1.0 stored as TLS 1.1 internally */ |
markrad | 0:cdf462088d13 | 7609 | |
markrad | 0:cdf462088d13 | 7610 | ver[0] = (unsigned char)( 255 - ( major - 2 ) ); |
markrad | 0:cdf462088d13 | 7611 | ver[1] = (unsigned char)( 255 - ( minor - 1 ) ); |
markrad | 0:cdf462088d13 | 7612 | } |
markrad | 0:cdf462088d13 | 7613 | else |
markrad | 0:cdf462088d13 | 7614 | #else |
markrad | 0:cdf462088d13 | 7615 | ((void) transport); |
markrad | 0:cdf462088d13 | 7616 | #endif |
markrad | 0:cdf462088d13 | 7617 | { |
markrad | 0:cdf462088d13 | 7618 | ver[0] = (unsigned char) major; |
markrad | 0:cdf462088d13 | 7619 | ver[1] = (unsigned char) minor; |
markrad | 0:cdf462088d13 | 7620 | } |
markrad | 0:cdf462088d13 | 7621 | } |
markrad | 0:cdf462088d13 | 7622 | |
markrad | 0:cdf462088d13 | 7623 | void mbedtls_ssl_read_version( int *major, int *minor, int transport, |
markrad | 0:cdf462088d13 | 7624 | const unsigned char ver[2] ) |
markrad | 0:cdf462088d13 | 7625 | { |
markrad | 0:cdf462088d13 | 7626 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 7627 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 7628 | { |
markrad | 0:cdf462088d13 | 7629 | *major = 255 - ver[0] + 2; |
markrad | 0:cdf462088d13 | 7630 | *minor = 255 - ver[1] + 1; |
markrad | 0:cdf462088d13 | 7631 | |
markrad | 0:cdf462088d13 | 7632 | if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 ) |
markrad | 0:cdf462088d13 | 7633 | ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */ |
markrad | 0:cdf462088d13 | 7634 | } |
markrad | 0:cdf462088d13 | 7635 | else |
markrad | 0:cdf462088d13 | 7636 | #else |
markrad | 0:cdf462088d13 | 7637 | ((void) transport); |
markrad | 0:cdf462088d13 | 7638 | #endif |
markrad | 0:cdf462088d13 | 7639 | { |
markrad | 0:cdf462088d13 | 7640 | *major = ver[0]; |
markrad | 0:cdf462088d13 | 7641 | *minor = ver[1]; |
markrad | 0:cdf462088d13 | 7642 | } |
markrad | 0:cdf462088d13 | 7643 | } |
markrad | 0:cdf462088d13 | 7644 | |
markrad | 0:cdf462088d13 | 7645 | int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) |
markrad | 0:cdf462088d13 | 7646 | { |
markrad | 0:cdf462088d13 | 7647 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 7648 | if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 7649 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
markrad | 0:cdf462088d13 | 7650 | |
markrad | 0:cdf462088d13 | 7651 | switch( md ) |
markrad | 0:cdf462088d13 | 7652 | { |
markrad | 0:cdf462088d13 | 7653 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 7654 | #if defined(MBEDTLS_MD5_C) |
markrad | 0:cdf462088d13 | 7655 | case MBEDTLS_SSL_HASH_MD5: |
Jasper Wallace |
1:9ebc941037d5 | 7656 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
markrad | 0:cdf462088d13 | 7657 | #endif |
markrad | 0:cdf462088d13 | 7658 | #if defined(MBEDTLS_SHA1_C) |
markrad | 0:cdf462088d13 | 7659 | case MBEDTLS_SSL_HASH_SHA1: |
markrad | 0:cdf462088d13 | 7660 | ssl->handshake->calc_verify = ssl_calc_verify_tls; |
markrad | 0:cdf462088d13 | 7661 | break; |
markrad | 0:cdf462088d13 | 7662 | #endif |
markrad | 0:cdf462088d13 | 7663 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
markrad | 0:cdf462088d13 | 7664 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 7665 | case MBEDTLS_SSL_HASH_SHA384: |
markrad | 0:cdf462088d13 | 7666 | ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384; |
markrad | 0:cdf462088d13 | 7667 | break; |
markrad | 0:cdf462088d13 | 7668 | #endif |
markrad | 0:cdf462088d13 | 7669 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 7670 | case MBEDTLS_SSL_HASH_SHA256: |
markrad | 0:cdf462088d13 | 7671 | ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256; |
markrad | 0:cdf462088d13 | 7672 | break; |
markrad | 0:cdf462088d13 | 7673 | #endif |
markrad | 0:cdf462088d13 | 7674 | default: |
markrad | 0:cdf462088d13 | 7675 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
markrad | 0:cdf462088d13 | 7676 | } |
markrad | 0:cdf462088d13 | 7677 | |
markrad | 0:cdf462088d13 | 7678 | return 0; |
markrad | 0:cdf462088d13 | 7679 | #else /* !MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 7680 | (void) ssl; |
markrad | 0:cdf462088d13 | 7681 | (void) md; |
markrad | 0:cdf462088d13 | 7682 | |
markrad | 0:cdf462088d13 | 7683 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
markrad | 0:cdf462088d13 | 7684 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 7685 | } |
markrad | 0:cdf462088d13 | 7686 | |
markrad | 0:cdf462088d13 | 7687 | #endif /* MBEDTLS_SSL_TLS_C */ |