mbed TLS upgraded to 2.6.0
Fork of mbedtls by
library/ssl_tls.c@2:bbdeda018a3c, 2017-09-29 (annotated)
- Committer:
- Jasper Wallace
- Date:
- Fri Sep 29 19:50:30 2017 +0100
- Revision:
- 2:bbdeda018a3c
- Parent:
- 1:9ebc941037d5
Update to mbedtls 2.6.0, many changes.
Changes to mbedtls sources made:
in include/mbedtls/config.h comment out:
#define MBEDTLS_FS_IO
#define MBEDTLS_NET_C
#define MBEDTLS_TIMING_C
uncomment:
#define MBEDTLS_NO_PLATFORM_ENTROPY
remove the following directorys:
programs
yotta
visualc
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
markrad | 0:cdf462088d13 | 1 | /* |
markrad | 0:cdf462088d13 | 2 | * SSLv3/TLSv1 shared functions |
markrad | 0:cdf462088d13 | 3 | * |
markrad | 0:cdf462088d13 | 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
markrad | 0:cdf462088d13 | 5 | * SPDX-License-Identifier: Apache-2.0 |
markrad | 0:cdf462088d13 | 6 | * |
markrad | 0:cdf462088d13 | 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
markrad | 0:cdf462088d13 | 8 | * not use this file except in compliance with the License. |
markrad | 0:cdf462088d13 | 9 | * You may obtain a copy of the License at |
markrad | 0:cdf462088d13 | 10 | * |
markrad | 0:cdf462088d13 | 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
markrad | 0:cdf462088d13 | 12 | * |
markrad | 0:cdf462088d13 | 13 | * Unless required by applicable law or agreed to in writing, software |
markrad | 0:cdf462088d13 | 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
markrad | 0:cdf462088d13 | 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
markrad | 0:cdf462088d13 | 16 | * See the License for the specific language governing permissions and |
markrad | 0:cdf462088d13 | 17 | * limitations under the License. |
markrad | 0:cdf462088d13 | 18 | * |
markrad | 0:cdf462088d13 | 19 | * This file is part of mbed TLS (https://tls.mbed.org) |
markrad | 0:cdf462088d13 | 20 | */ |
markrad | 0:cdf462088d13 | 21 | /* |
markrad | 0:cdf462088d13 | 22 | * The SSL 3.0 specification was drafted by Netscape in 1996, |
markrad | 0:cdf462088d13 | 23 | * and became an IETF standard in 1999. |
markrad | 0:cdf462088d13 | 24 | * |
markrad | 0:cdf462088d13 | 25 | * http://wp.netscape.com/eng/ssl3/ |
markrad | 0:cdf462088d13 | 26 | * http://www.ietf.org/rfc/rfc2246.txt |
markrad | 0:cdf462088d13 | 27 | * http://www.ietf.org/rfc/rfc4346.txt |
markrad | 0:cdf462088d13 | 28 | */ |
markrad | 0:cdf462088d13 | 29 | |
markrad | 0:cdf462088d13 | 30 | #if !defined(MBEDTLS_CONFIG_FILE) |
markrad | 0:cdf462088d13 | 31 | #include "mbedtls/config.h" |
markrad | 0:cdf462088d13 | 32 | #else |
markrad | 0:cdf462088d13 | 33 | #include MBEDTLS_CONFIG_FILE |
markrad | 0:cdf462088d13 | 34 | #endif |
markrad | 0:cdf462088d13 | 35 | |
markrad | 0:cdf462088d13 | 36 | #if defined(MBEDTLS_SSL_TLS_C) |
markrad | 0:cdf462088d13 | 37 | |
markrad | 0:cdf462088d13 | 38 | #if defined(MBEDTLS_PLATFORM_C) |
markrad | 0:cdf462088d13 | 39 | #include "mbedtls/platform.h" |
markrad | 0:cdf462088d13 | 40 | #else |
markrad | 0:cdf462088d13 | 41 | #include <stdlib.h> |
markrad | 0:cdf462088d13 | 42 | #define mbedtls_calloc calloc |
markrad | 0:cdf462088d13 | 43 | #define mbedtls_free free |
markrad | 0:cdf462088d13 | 44 | #endif |
markrad | 0:cdf462088d13 | 45 | |
markrad | 0:cdf462088d13 | 46 | #include "mbedtls/debug.h" |
markrad | 0:cdf462088d13 | 47 | #include "mbedtls/ssl.h" |
markrad | 0:cdf462088d13 | 48 | #include "mbedtls/ssl_internal.h" |
markrad | 0:cdf462088d13 | 49 | |
markrad | 0:cdf462088d13 | 50 | #include <string.h> |
markrad | 0:cdf462088d13 | 51 | |
markrad | 0:cdf462088d13 | 52 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 53 | #include "mbedtls/oid.h" |
markrad | 0:cdf462088d13 | 54 | #endif |
markrad | 0:cdf462088d13 | 55 | |
markrad | 0:cdf462088d13 | 56 | /* Implementation that should never be optimized out by the compiler */ |
markrad | 0:cdf462088d13 | 57 | static void mbedtls_zeroize( void *v, size_t n ) { |
markrad | 0:cdf462088d13 | 58 | volatile unsigned char *p = v; while( n-- ) *p++ = 0; |
markrad | 0:cdf462088d13 | 59 | } |
markrad | 0:cdf462088d13 | 60 | |
markrad | 0:cdf462088d13 | 61 | /* Length of the "epoch" field in the record header */ |
markrad | 0:cdf462088d13 | 62 | static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 63 | { |
markrad | 0:cdf462088d13 | 64 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 65 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 66 | return( 2 ); |
markrad | 0:cdf462088d13 | 67 | #else |
markrad | 0:cdf462088d13 | 68 | ((void) ssl); |
markrad | 0:cdf462088d13 | 69 | #endif |
markrad | 0:cdf462088d13 | 70 | return( 0 ); |
markrad | 0:cdf462088d13 | 71 | } |
markrad | 0:cdf462088d13 | 72 | |
markrad | 0:cdf462088d13 | 73 | /* |
markrad | 0:cdf462088d13 | 74 | * Start a timer. |
markrad | 0:cdf462088d13 | 75 | * Passing millisecs = 0 cancels a running timer. |
markrad | 0:cdf462088d13 | 76 | */ |
markrad | 0:cdf462088d13 | 77 | static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ) |
markrad | 0:cdf462088d13 | 78 | { |
markrad | 0:cdf462088d13 | 79 | if( ssl->f_set_timer == NULL ) |
markrad | 0:cdf462088d13 | 80 | return; |
markrad | 0:cdf462088d13 | 81 | |
markrad | 0:cdf462088d13 | 82 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) ); |
markrad | 0:cdf462088d13 | 83 | ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs ); |
markrad | 0:cdf462088d13 | 84 | } |
markrad | 0:cdf462088d13 | 85 | |
markrad | 0:cdf462088d13 | 86 | /* |
markrad | 0:cdf462088d13 | 87 | * Return -1 is timer is expired, 0 if it isn't. |
markrad | 0:cdf462088d13 | 88 | */ |
markrad | 0:cdf462088d13 | 89 | static int ssl_check_timer( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 90 | { |
markrad | 0:cdf462088d13 | 91 | if( ssl->f_get_timer == NULL ) |
markrad | 0:cdf462088d13 | 92 | return( 0 ); |
markrad | 0:cdf462088d13 | 93 | |
markrad | 0:cdf462088d13 | 94 | if( ssl->f_get_timer( ssl->p_timer ) == 2 ) |
markrad | 0:cdf462088d13 | 95 | { |
markrad | 0:cdf462088d13 | 96 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) ); |
markrad | 0:cdf462088d13 | 97 | return( -1 ); |
markrad | 0:cdf462088d13 | 98 | } |
markrad | 0:cdf462088d13 | 99 | |
markrad | 0:cdf462088d13 | 100 | return( 0 ); |
markrad | 0:cdf462088d13 | 101 | } |
markrad | 0:cdf462088d13 | 102 | |
markrad | 0:cdf462088d13 | 103 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 104 | /* |
markrad | 0:cdf462088d13 | 105 | * Double the retransmit timeout value, within the allowed range, |
markrad | 0:cdf462088d13 | 106 | * returning -1 if the maximum value has already been reached. |
markrad | 0:cdf462088d13 | 107 | */ |
markrad | 0:cdf462088d13 | 108 | static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 109 | { |
markrad | 0:cdf462088d13 | 110 | uint32_t new_timeout; |
markrad | 0:cdf462088d13 | 111 | |
markrad | 0:cdf462088d13 | 112 | if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max ) |
markrad | 0:cdf462088d13 | 113 | return( -1 ); |
markrad | 0:cdf462088d13 | 114 | |
markrad | 0:cdf462088d13 | 115 | new_timeout = 2 * ssl->handshake->retransmit_timeout; |
markrad | 0:cdf462088d13 | 116 | |
markrad | 0:cdf462088d13 | 117 | /* Avoid arithmetic overflow and range overflow */ |
markrad | 0:cdf462088d13 | 118 | if( new_timeout < ssl->handshake->retransmit_timeout || |
markrad | 0:cdf462088d13 | 119 | new_timeout > ssl->conf->hs_timeout_max ) |
markrad | 0:cdf462088d13 | 120 | { |
markrad | 0:cdf462088d13 | 121 | new_timeout = ssl->conf->hs_timeout_max; |
markrad | 0:cdf462088d13 | 122 | } |
markrad | 0:cdf462088d13 | 123 | |
markrad | 0:cdf462088d13 | 124 | ssl->handshake->retransmit_timeout = new_timeout; |
markrad | 0:cdf462088d13 | 125 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", |
markrad | 0:cdf462088d13 | 126 | ssl->handshake->retransmit_timeout ) ); |
markrad | 0:cdf462088d13 | 127 | |
markrad | 0:cdf462088d13 | 128 | return( 0 ); |
markrad | 0:cdf462088d13 | 129 | } |
markrad | 0:cdf462088d13 | 130 | |
markrad | 0:cdf462088d13 | 131 | static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 132 | { |
markrad | 0:cdf462088d13 | 133 | ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; |
markrad | 0:cdf462088d13 | 134 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", |
markrad | 0:cdf462088d13 | 135 | ssl->handshake->retransmit_timeout ) ); |
markrad | 0:cdf462088d13 | 136 | } |
markrad | 0:cdf462088d13 | 137 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 138 | |
markrad | 0:cdf462088d13 | 139 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
markrad | 0:cdf462088d13 | 140 | /* |
markrad | 0:cdf462088d13 | 141 | * Convert max_fragment_length codes to length. |
markrad | 0:cdf462088d13 | 142 | * RFC 6066 says: |
markrad | 0:cdf462088d13 | 143 | * enum{ |
markrad | 0:cdf462088d13 | 144 | * 2^9(1), 2^10(2), 2^11(3), 2^12(4), (255) |
markrad | 0:cdf462088d13 | 145 | * } MaxFragmentLength; |
markrad | 0:cdf462088d13 | 146 | * and we add 0 -> extension unused |
markrad | 0:cdf462088d13 | 147 | */ |
markrad | 0:cdf462088d13 | 148 | static unsigned int mfl_code_to_length[MBEDTLS_SSL_MAX_FRAG_LEN_INVALID] = |
markrad | 0:cdf462088d13 | 149 | { |
markrad | 0:cdf462088d13 | 150 | MBEDTLS_SSL_MAX_CONTENT_LEN, /* MBEDTLS_SSL_MAX_FRAG_LEN_NONE */ |
markrad | 0:cdf462088d13 | 151 | 512, /* MBEDTLS_SSL_MAX_FRAG_LEN_512 */ |
markrad | 0:cdf462088d13 | 152 | 1024, /* MBEDTLS_SSL_MAX_FRAG_LEN_1024 */ |
markrad | 0:cdf462088d13 | 153 | 2048, /* MBEDTLS_SSL_MAX_FRAG_LEN_2048 */ |
markrad | 0:cdf462088d13 | 154 | 4096, /* MBEDTLS_SSL_MAX_FRAG_LEN_4096 */ |
markrad | 0:cdf462088d13 | 155 | }; |
markrad | 0:cdf462088d13 | 156 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
markrad | 0:cdf462088d13 | 157 | |
markrad | 0:cdf462088d13 | 158 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 159 | static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session *src ) |
markrad | 0:cdf462088d13 | 160 | { |
markrad | 0:cdf462088d13 | 161 | mbedtls_ssl_session_free( dst ); |
markrad | 0:cdf462088d13 | 162 | memcpy( dst, src, sizeof( mbedtls_ssl_session ) ); |
markrad | 0:cdf462088d13 | 163 | |
markrad | 0:cdf462088d13 | 164 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 165 | if( src->peer_cert != NULL ) |
markrad | 0:cdf462088d13 | 166 | { |
markrad | 0:cdf462088d13 | 167 | int ret; |
markrad | 0:cdf462088d13 | 168 | |
markrad | 0:cdf462088d13 | 169 | dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) ); |
markrad | 0:cdf462088d13 | 170 | if( dst->peer_cert == NULL ) |
markrad | 0:cdf462088d13 | 171 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 172 | |
markrad | 0:cdf462088d13 | 173 | mbedtls_x509_crt_init( dst->peer_cert ); |
markrad | 0:cdf462088d13 | 174 | |
markrad | 0:cdf462088d13 | 175 | if( ( ret = mbedtls_x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p, |
markrad | 0:cdf462088d13 | 176 | src->peer_cert->raw.len ) ) != 0 ) |
markrad | 0:cdf462088d13 | 177 | { |
markrad | 0:cdf462088d13 | 178 | mbedtls_free( dst->peer_cert ); |
markrad | 0:cdf462088d13 | 179 | dst->peer_cert = NULL; |
markrad | 0:cdf462088d13 | 180 | return( ret ); |
markrad | 0:cdf462088d13 | 181 | } |
markrad | 0:cdf462088d13 | 182 | } |
markrad | 0:cdf462088d13 | 183 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
markrad | 0:cdf462088d13 | 184 | |
markrad | 0:cdf462088d13 | 185 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 186 | if( src->ticket != NULL ) |
markrad | 0:cdf462088d13 | 187 | { |
markrad | 0:cdf462088d13 | 188 | dst->ticket = mbedtls_calloc( 1, src->ticket_len ); |
markrad | 0:cdf462088d13 | 189 | if( dst->ticket == NULL ) |
markrad | 0:cdf462088d13 | 190 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 191 | |
markrad | 0:cdf462088d13 | 192 | memcpy( dst->ticket, src->ticket, src->ticket_len ); |
markrad | 0:cdf462088d13 | 193 | } |
markrad | 0:cdf462088d13 | 194 | #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 195 | |
markrad | 0:cdf462088d13 | 196 | return( 0 ); |
markrad | 0:cdf462088d13 | 197 | } |
markrad | 0:cdf462088d13 | 198 | #endif /* MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 199 | |
markrad | 0:cdf462088d13 | 200 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 201 | int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 202 | const unsigned char *key_enc, const unsigned char *key_dec, |
markrad | 0:cdf462088d13 | 203 | size_t keylen, |
markrad | 0:cdf462088d13 | 204 | const unsigned char *iv_enc, const unsigned char *iv_dec, |
markrad | 0:cdf462088d13 | 205 | size_t ivlen, |
markrad | 0:cdf462088d13 | 206 | const unsigned char *mac_enc, const unsigned char *mac_dec, |
markrad | 0:cdf462088d13 | 207 | size_t maclen ) = NULL; |
markrad | 0:cdf462088d13 | 208 | int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL; |
markrad | 0:cdf462088d13 | 209 | int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL; |
markrad | 0:cdf462088d13 | 210 | int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL; |
markrad | 0:cdf462088d13 | 211 | int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL; |
markrad | 0:cdf462088d13 | 212 | int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL; |
markrad | 0:cdf462088d13 | 213 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
markrad | 0:cdf462088d13 | 214 | |
markrad | 0:cdf462088d13 | 215 | /* |
markrad | 0:cdf462088d13 | 216 | * Key material generation |
markrad | 0:cdf462088d13 | 217 | */ |
markrad | 0:cdf462088d13 | 218 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 219 | static int ssl3_prf( const unsigned char *secret, size_t slen, |
markrad | 0:cdf462088d13 | 220 | const char *label, |
markrad | 0:cdf462088d13 | 221 | const unsigned char *random, size_t rlen, |
markrad | 0:cdf462088d13 | 222 | unsigned char *dstbuf, size_t dlen ) |
markrad | 0:cdf462088d13 | 223 | { |
markrad | 0:cdf462088d13 | 224 | size_t i; |
markrad | 0:cdf462088d13 | 225 | mbedtls_md5_context md5; |
markrad | 0:cdf462088d13 | 226 | mbedtls_sha1_context sha1; |
markrad | 0:cdf462088d13 | 227 | unsigned char padding[16]; |
markrad | 0:cdf462088d13 | 228 | unsigned char sha1sum[20]; |
markrad | 0:cdf462088d13 | 229 | ((void)label); |
markrad | 0:cdf462088d13 | 230 | |
markrad | 0:cdf462088d13 | 231 | mbedtls_md5_init( &md5 ); |
markrad | 0:cdf462088d13 | 232 | mbedtls_sha1_init( &sha1 ); |
markrad | 0:cdf462088d13 | 233 | |
markrad | 0:cdf462088d13 | 234 | /* |
markrad | 0:cdf462088d13 | 235 | * SSLv3: |
markrad | 0:cdf462088d13 | 236 | * block = |
markrad | 0:cdf462088d13 | 237 | * MD5( secret + SHA1( 'A' + secret + random ) ) + |
markrad | 0:cdf462088d13 | 238 | * MD5( secret + SHA1( 'BB' + secret + random ) ) + |
markrad | 0:cdf462088d13 | 239 | * MD5( secret + SHA1( 'CCC' + secret + random ) ) + |
markrad | 0:cdf462088d13 | 240 | * ... |
markrad | 0:cdf462088d13 | 241 | */ |
markrad | 0:cdf462088d13 | 242 | for( i = 0; i < dlen / 16; i++ ) |
markrad | 0:cdf462088d13 | 243 | { |
markrad | 0:cdf462088d13 | 244 | memset( padding, (unsigned char) ('A' + i), 1 + i ); |
markrad | 0:cdf462088d13 | 245 | |
markrad | 0:cdf462088d13 | 246 | mbedtls_sha1_starts( &sha1 ); |
markrad | 0:cdf462088d13 | 247 | mbedtls_sha1_update( &sha1, padding, 1 + i ); |
markrad | 0:cdf462088d13 | 248 | mbedtls_sha1_update( &sha1, secret, slen ); |
markrad | 0:cdf462088d13 | 249 | mbedtls_sha1_update( &sha1, random, rlen ); |
markrad | 0:cdf462088d13 | 250 | mbedtls_sha1_finish( &sha1, sha1sum ); |
markrad | 0:cdf462088d13 | 251 | |
markrad | 0:cdf462088d13 | 252 | mbedtls_md5_starts( &md5 ); |
markrad | 0:cdf462088d13 | 253 | mbedtls_md5_update( &md5, secret, slen ); |
markrad | 0:cdf462088d13 | 254 | mbedtls_md5_update( &md5, sha1sum, 20 ); |
markrad | 0:cdf462088d13 | 255 | mbedtls_md5_finish( &md5, dstbuf + i * 16 ); |
markrad | 0:cdf462088d13 | 256 | } |
markrad | 0:cdf462088d13 | 257 | |
markrad | 0:cdf462088d13 | 258 | mbedtls_md5_free( &md5 ); |
markrad | 0:cdf462088d13 | 259 | mbedtls_sha1_free( &sha1 ); |
markrad | 0:cdf462088d13 | 260 | |
markrad | 0:cdf462088d13 | 261 | mbedtls_zeroize( padding, sizeof( padding ) ); |
markrad | 0:cdf462088d13 | 262 | mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); |
markrad | 0:cdf462088d13 | 263 | |
markrad | 0:cdf462088d13 | 264 | return( 0 ); |
markrad | 0:cdf462088d13 | 265 | } |
markrad | 0:cdf462088d13 | 266 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 267 | |
markrad | 0:cdf462088d13 | 268 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 269 | static int tls1_prf( const unsigned char *secret, size_t slen, |
markrad | 0:cdf462088d13 | 270 | const char *label, |
markrad | 0:cdf462088d13 | 271 | const unsigned char *random, size_t rlen, |
markrad | 0:cdf462088d13 | 272 | unsigned char *dstbuf, size_t dlen ) |
markrad | 0:cdf462088d13 | 273 | { |
markrad | 0:cdf462088d13 | 274 | size_t nb, hs; |
markrad | 0:cdf462088d13 | 275 | size_t i, j, k; |
markrad | 0:cdf462088d13 | 276 | const unsigned char *S1, *S2; |
markrad | 0:cdf462088d13 | 277 | unsigned char tmp[128]; |
markrad | 0:cdf462088d13 | 278 | unsigned char h_i[20]; |
markrad | 0:cdf462088d13 | 279 | const mbedtls_md_info_t *md_info; |
markrad | 0:cdf462088d13 | 280 | mbedtls_md_context_t md_ctx; |
markrad | 0:cdf462088d13 | 281 | int ret; |
markrad | 0:cdf462088d13 | 282 | |
markrad | 0:cdf462088d13 | 283 | mbedtls_md_init( &md_ctx ); |
markrad | 0:cdf462088d13 | 284 | |
markrad | 0:cdf462088d13 | 285 | if( sizeof( tmp ) < 20 + strlen( label ) + rlen ) |
markrad | 0:cdf462088d13 | 286 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 287 | |
markrad | 0:cdf462088d13 | 288 | hs = ( slen + 1 ) / 2; |
markrad | 0:cdf462088d13 | 289 | S1 = secret; |
markrad | 0:cdf462088d13 | 290 | S2 = secret + slen - hs; |
markrad | 0:cdf462088d13 | 291 | |
markrad | 0:cdf462088d13 | 292 | nb = strlen( label ); |
markrad | 0:cdf462088d13 | 293 | memcpy( tmp + 20, label, nb ); |
markrad | 0:cdf462088d13 | 294 | memcpy( tmp + 20 + nb, random, rlen ); |
markrad | 0:cdf462088d13 | 295 | nb += rlen; |
markrad | 0:cdf462088d13 | 296 | |
markrad | 0:cdf462088d13 | 297 | /* |
markrad | 0:cdf462088d13 | 298 | * First compute P_md5(secret,label+random)[0..dlen] |
markrad | 0:cdf462088d13 | 299 | */ |
markrad | 0:cdf462088d13 | 300 | if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL ) |
markrad | 0:cdf462088d13 | 301 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 302 | |
markrad | 0:cdf462088d13 | 303 | if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
markrad | 0:cdf462088d13 | 304 | return( ret ); |
markrad | 0:cdf462088d13 | 305 | |
markrad | 0:cdf462088d13 | 306 | mbedtls_md_hmac_starts( &md_ctx, S1, hs ); |
markrad | 0:cdf462088d13 | 307 | mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); |
markrad | 0:cdf462088d13 | 308 | mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); |
markrad | 0:cdf462088d13 | 309 | |
markrad | 0:cdf462088d13 | 310 | for( i = 0; i < dlen; i += 16 ) |
markrad | 0:cdf462088d13 | 311 | { |
markrad | 0:cdf462088d13 | 312 | mbedtls_md_hmac_reset ( &md_ctx ); |
markrad | 0:cdf462088d13 | 313 | mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb ); |
markrad | 0:cdf462088d13 | 314 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
markrad | 0:cdf462088d13 | 315 | |
markrad | 0:cdf462088d13 | 316 | mbedtls_md_hmac_reset ( &md_ctx ); |
markrad | 0:cdf462088d13 | 317 | mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 ); |
markrad | 0:cdf462088d13 | 318 | mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); |
markrad | 0:cdf462088d13 | 319 | |
markrad | 0:cdf462088d13 | 320 | k = ( i + 16 > dlen ) ? dlen % 16 : 16; |
markrad | 0:cdf462088d13 | 321 | |
markrad | 0:cdf462088d13 | 322 | for( j = 0; j < k; j++ ) |
markrad | 0:cdf462088d13 | 323 | dstbuf[i + j] = h_i[j]; |
markrad | 0:cdf462088d13 | 324 | } |
markrad | 0:cdf462088d13 | 325 | |
markrad | 0:cdf462088d13 | 326 | mbedtls_md_free( &md_ctx ); |
markrad | 0:cdf462088d13 | 327 | |
markrad | 0:cdf462088d13 | 328 | /* |
markrad | 0:cdf462088d13 | 329 | * XOR out with P_sha1(secret,label+random)[0..dlen] |
markrad | 0:cdf462088d13 | 330 | */ |
markrad | 0:cdf462088d13 | 331 | if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) |
markrad | 0:cdf462088d13 | 332 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 333 | |
markrad | 0:cdf462088d13 | 334 | if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
markrad | 0:cdf462088d13 | 335 | return( ret ); |
markrad | 0:cdf462088d13 | 336 | |
markrad | 0:cdf462088d13 | 337 | mbedtls_md_hmac_starts( &md_ctx, S2, hs ); |
markrad | 0:cdf462088d13 | 338 | mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); |
markrad | 0:cdf462088d13 | 339 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
markrad | 0:cdf462088d13 | 340 | |
markrad | 0:cdf462088d13 | 341 | for( i = 0; i < dlen; i += 20 ) |
markrad | 0:cdf462088d13 | 342 | { |
markrad | 0:cdf462088d13 | 343 | mbedtls_md_hmac_reset ( &md_ctx ); |
markrad | 0:cdf462088d13 | 344 | mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb ); |
markrad | 0:cdf462088d13 | 345 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
markrad | 0:cdf462088d13 | 346 | |
markrad | 0:cdf462088d13 | 347 | mbedtls_md_hmac_reset ( &md_ctx ); |
markrad | 0:cdf462088d13 | 348 | mbedtls_md_hmac_update( &md_ctx, tmp, 20 ); |
markrad | 0:cdf462088d13 | 349 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
markrad | 0:cdf462088d13 | 350 | |
markrad | 0:cdf462088d13 | 351 | k = ( i + 20 > dlen ) ? dlen % 20 : 20; |
markrad | 0:cdf462088d13 | 352 | |
markrad | 0:cdf462088d13 | 353 | for( j = 0; j < k; j++ ) |
markrad | 0:cdf462088d13 | 354 | dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] ); |
markrad | 0:cdf462088d13 | 355 | } |
markrad | 0:cdf462088d13 | 356 | |
markrad | 0:cdf462088d13 | 357 | mbedtls_md_free( &md_ctx ); |
markrad | 0:cdf462088d13 | 358 | |
markrad | 0:cdf462088d13 | 359 | mbedtls_zeroize( tmp, sizeof( tmp ) ); |
markrad | 0:cdf462088d13 | 360 | mbedtls_zeroize( h_i, sizeof( h_i ) ); |
markrad | 0:cdf462088d13 | 361 | |
markrad | 0:cdf462088d13 | 362 | return( 0 ); |
markrad | 0:cdf462088d13 | 363 | } |
markrad | 0:cdf462088d13 | 364 | #endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */ |
markrad | 0:cdf462088d13 | 365 | |
markrad | 0:cdf462088d13 | 366 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 367 | static int tls_prf_generic( mbedtls_md_type_t md_type, |
markrad | 0:cdf462088d13 | 368 | const unsigned char *secret, size_t slen, |
markrad | 0:cdf462088d13 | 369 | const char *label, |
markrad | 0:cdf462088d13 | 370 | const unsigned char *random, size_t rlen, |
markrad | 0:cdf462088d13 | 371 | unsigned char *dstbuf, size_t dlen ) |
markrad | 0:cdf462088d13 | 372 | { |
markrad | 0:cdf462088d13 | 373 | size_t nb; |
markrad | 0:cdf462088d13 | 374 | size_t i, j, k, md_len; |
markrad | 0:cdf462088d13 | 375 | unsigned char tmp[128]; |
markrad | 0:cdf462088d13 | 376 | unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; |
markrad | 0:cdf462088d13 | 377 | const mbedtls_md_info_t *md_info; |
markrad | 0:cdf462088d13 | 378 | mbedtls_md_context_t md_ctx; |
markrad | 0:cdf462088d13 | 379 | int ret; |
markrad | 0:cdf462088d13 | 380 | |
markrad | 0:cdf462088d13 | 381 | mbedtls_md_init( &md_ctx ); |
markrad | 0:cdf462088d13 | 382 | |
markrad | 0:cdf462088d13 | 383 | if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL ) |
markrad | 0:cdf462088d13 | 384 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 385 | |
markrad | 0:cdf462088d13 | 386 | md_len = mbedtls_md_get_size( md_info ); |
markrad | 0:cdf462088d13 | 387 | |
markrad | 0:cdf462088d13 | 388 | if( sizeof( tmp ) < md_len + strlen( label ) + rlen ) |
markrad | 0:cdf462088d13 | 389 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 390 | |
markrad | 0:cdf462088d13 | 391 | nb = strlen( label ); |
markrad | 0:cdf462088d13 | 392 | memcpy( tmp + md_len, label, nb ); |
markrad | 0:cdf462088d13 | 393 | memcpy( tmp + md_len + nb, random, rlen ); |
markrad | 0:cdf462088d13 | 394 | nb += rlen; |
markrad | 0:cdf462088d13 | 395 | |
markrad | 0:cdf462088d13 | 396 | /* |
markrad | 0:cdf462088d13 | 397 | * Compute P_<hash>(secret, label + random)[0..dlen] |
markrad | 0:cdf462088d13 | 398 | */ |
markrad | 0:cdf462088d13 | 399 | if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
markrad | 0:cdf462088d13 | 400 | return( ret ); |
markrad | 0:cdf462088d13 | 401 | |
markrad | 0:cdf462088d13 | 402 | mbedtls_md_hmac_starts( &md_ctx, secret, slen ); |
markrad | 0:cdf462088d13 | 403 | mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb ); |
markrad | 0:cdf462088d13 | 404 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
markrad | 0:cdf462088d13 | 405 | |
markrad | 0:cdf462088d13 | 406 | for( i = 0; i < dlen; i += md_len ) |
markrad | 0:cdf462088d13 | 407 | { |
markrad | 0:cdf462088d13 | 408 | mbedtls_md_hmac_reset ( &md_ctx ); |
markrad | 0:cdf462088d13 | 409 | mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb ); |
markrad | 0:cdf462088d13 | 410 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
markrad | 0:cdf462088d13 | 411 | |
markrad | 0:cdf462088d13 | 412 | mbedtls_md_hmac_reset ( &md_ctx ); |
markrad | 0:cdf462088d13 | 413 | mbedtls_md_hmac_update( &md_ctx, tmp, md_len ); |
markrad | 0:cdf462088d13 | 414 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
markrad | 0:cdf462088d13 | 415 | |
markrad | 0:cdf462088d13 | 416 | k = ( i + md_len > dlen ) ? dlen % md_len : md_len; |
markrad | 0:cdf462088d13 | 417 | |
markrad | 0:cdf462088d13 | 418 | for( j = 0; j < k; j++ ) |
markrad | 0:cdf462088d13 | 419 | dstbuf[i + j] = h_i[j]; |
markrad | 0:cdf462088d13 | 420 | } |
markrad | 0:cdf462088d13 | 421 | |
markrad | 0:cdf462088d13 | 422 | mbedtls_md_free( &md_ctx ); |
markrad | 0:cdf462088d13 | 423 | |
markrad | 0:cdf462088d13 | 424 | mbedtls_zeroize( tmp, sizeof( tmp ) ); |
markrad | 0:cdf462088d13 | 425 | mbedtls_zeroize( h_i, sizeof( h_i ) ); |
markrad | 0:cdf462088d13 | 426 | |
markrad | 0:cdf462088d13 | 427 | return( 0 ); |
markrad | 0:cdf462088d13 | 428 | } |
markrad | 0:cdf462088d13 | 429 | |
markrad | 0:cdf462088d13 | 430 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 431 | static int tls_prf_sha256( const unsigned char *secret, size_t slen, |
markrad | 0:cdf462088d13 | 432 | const char *label, |
markrad | 0:cdf462088d13 | 433 | const unsigned char *random, size_t rlen, |
markrad | 0:cdf462088d13 | 434 | unsigned char *dstbuf, size_t dlen ) |
markrad | 0:cdf462088d13 | 435 | { |
markrad | 0:cdf462088d13 | 436 | return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen, |
markrad | 0:cdf462088d13 | 437 | label, random, rlen, dstbuf, dlen ) ); |
markrad | 0:cdf462088d13 | 438 | } |
markrad | 0:cdf462088d13 | 439 | #endif /* MBEDTLS_SHA256_C */ |
markrad | 0:cdf462088d13 | 440 | |
markrad | 0:cdf462088d13 | 441 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 442 | static int tls_prf_sha384( const unsigned char *secret, size_t slen, |
markrad | 0:cdf462088d13 | 443 | const char *label, |
markrad | 0:cdf462088d13 | 444 | const unsigned char *random, size_t rlen, |
markrad | 0:cdf462088d13 | 445 | unsigned char *dstbuf, size_t dlen ) |
markrad | 0:cdf462088d13 | 446 | { |
markrad | 0:cdf462088d13 | 447 | return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen, |
markrad | 0:cdf462088d13 | 448 | label, random, rlen, dstbuf, dlen ) ); |
markrad | 0:cdf462088d13 | 449 | } |
markrad | 0:cdf462088d13 | 450 | #endif /* MBEDTLS_SHA512_C */ |
markrad | 0:cdf462088d13 | 451 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 452 | |
markrad | 0:cdf462088d13 | 453 | static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); |
markrad | 0:cdf462088d13 | 454 | |
markrad | 0:cdf462088d13 | 455 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 456 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 457 | static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t ); |
markrad | 0:cdf462088d13 | 458 | #endif |
markrad | 0:cdf462088d13 | 459 | |
markrad | 0:cdf462088d13 | 460 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 461 | static void ssl_calc_verify_ssl( mbedtls_ssl_context *, unsigned char * ); |
markrad | 0:cdf462088d13 | 462 | static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int ); |
markrad | 0:cdf462088d13 | 463 | #endif |
markrad | 0:cdf462088d13 | 464 | |
markrad | 0:cdf462088d13 | 465 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 466 | static void ssl_calc_verify_tls( mbedtls_ssl_context *, unsigned char * ); |
markrad | 0:cdf462088d13 | 467 | static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int ); |
markrad | 0:cdf462088d13 | 468 | #endif |
markrad | 0:cdf462088d13 | 469 | |
markrad | 0:cdf462088d13 | 470 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 471 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 472 | static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); |
markrad | 0:cdf462088d13 | 473 | static void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *,unsigned char * ); |
markrad | 0:cdf462088d13 | 474 | static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); |
markrad | 0:cdf462088d13 | 475 | #endif |
markrad | 0:cdf462088d13 | 476 | |
markrad | 0:cdf462088d13 | 477 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 478 | static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); |
markrad | 0:cdf462088d13 | 479 | static void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *, unsigned char * ); |
markrad | 0:cdf462088d13 | 480 | static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); |
markrad | 0:cdf462088d13 | 481 | #endif |
markrad | 0:cdf462088d13 | 482 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 483 | |
markrad | 0:cdf462088d13 | 484 | int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 485 | { |
markrad | 0:cdf462088d13 | 486 | int ret = 0; |
markrad | 0:cdf462088d13 | 487 | unsigned char tmp[64]; |
markrad | 0:cdf462088d13 | 488 | unsigned char keyblk[256]; |
markrad | 0:cdf462088d13 | 489 | unsigned char *key1; |
markrad | 0:cdf462088d13 | 490 | unsigned char *key2; |
markrad | 0:cdf462088d13 | 491 | unsigned char *mac_enc; |
markrad | 0:cdf462088d13 | 492 | unsigned char *mac_dec; |
markrad | 0:cdf462088d13 | 493 | size_t iv_copy_len; |
markrad | 0:cdf462088d13 | 494 | const mbedtls_cipher_info_t *cipher_info; |
markrad | 0:cdf462088d13 | 495 | const mbedtls_md_info_t *md_info; |
markrad | 0:cdf462088d13 | 496 | |
markrad | 0:cdf462088d13 | 497 | mbedtls_ssl_session *session = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 498 | mbedtls_ssl_transform *transform = ssl->transform_negotiate; |
markrad | 0:cdf462088d13 | 499 | mbedtls_ssl_handshake_params *handshake = ssl->handshake; |
markrad | 0:cdf462088d13 | 500 | |
markrad | 0:cdf462088d13 | 501 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); |
markrad | 0:cdf462088d13 | 502 | |
markrad | 0:cdf462088d13 | 503 | cipher_info = mbedtls_cipher_info_from_type( transform->ciphersuite_info->cipher ); |
markrad | 0:cdf462088d13 | 504 | if( cipher_info == NULL ) |
markrad | 0:cdf462088d13 | 505 | { |
markrad | 0:cdf462088d13 | 506 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found", |
markrad | 0:cdf462088d13 | 507 | transform->ciphersuite_info->cipher ) ); |
markrad | 0:cdf462088d13 | 508 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 509 | } |
markrad | 0:cdf462088d13 | 510 | |
markrad | 0:cdf462088d13 | 511 | md_info = mbedtls_md_info_from_type( transform->ciphersuite_info->mac ); |
markrad | 0:cdf462088d13 | 512 | if( md_info == NULL ) |
markrad | 0:cdf462088d13 | 513 | { |
markrad | 0:cdf462088d13 | 514 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found", |
markrad | 0:cdf462088d13 | 515 | transform->ciphersuite_info->mac ) ); |
markrad | 0:cdf462088d13 | 516 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 517 | } |
markrad | 0:cdf462088d13 | 518 | |
markrad | 0:cdf462088d13 | 519 | /* |
markrad | 0:cdf462088d13 | 520 | * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions |
markrad | 0:cdf462088d13 | 521 | */ |
markrad | 0:cdf462088d13 | 522 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 523 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 524 | { |
markrad | 0:cdf462088d13 | 525 | handshake->tls_prf = ssl3_prf; |
markrad | 0:cdf462088d13 | 526 | handshake->calc_verify = ssl_calc_verify_ssl; |
markrad | 0:cdf462088d13 | 527 | handshake->calc_finished = ssl_calc_finished_ssl; |
markrad | 0:cdf462088d13 | 528 | } |
markrad | 0:cdf462088d13 | 529 | else |
markrad | 0:cdf462088d13 | 530 | #endif |
markrad | 0:cdf462088d13 | 531 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 532 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 533 | { |
markrad | 0:cdf462088d13 | 534 | handshake->tls_prf = tls1_prf; |
markrad | 0:cdf462088d13 | 535 | handshake->calc_verify = ssl_calc_verify_tls; |
markrad | 0:cdf462088d13 | 536 | handshake->calc_finished = ssl_calc_finished_tls; |
markrad | 0:cdf462088d13 | 537 | } |
markrad | 0:cdf462088d13 | 538 | else |
markrad | 0:cdf462088d13 | 539 | #endif |
markrad | 0:cdf462088d13 | 540 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 541 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 542 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && |
markrad | 0:cdf462088d13 | 543 | transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) |
markrad | 0:cdf462088d13 | 544 | { |
markrad | 0:cdf462088d13 | 545 | handshake->tls_prf = tls_prf_sha384; |
markrad | 0:cdf462088d13 | 546 | handshake->calc_verify = ssl_calc_verify_tls_sha384; |
markrad | 0:cdf462088d13 | 547 | handshake->calc_finished = ssl_calc_finished_tls_sha384; |
markrad | 0:cdf462088d13 | 548 | } |
markrad | 0:cdf462088d13 | 549 | else |
markrad | 0:cdf462088d13 | 550 | #endif |
markrad | 0:cdf462088d13 | 551 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 552 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 553 | { |
markrad | 0:cdf462088d13 | 554 | handshake->tls_prf = tls_prf_sha256; |
markrad | 0:cdf462088d13 | 555 | handshake->calc_verify = ssl_calc_verify_tls_sha256; |
markrad | 0:cdf462088d13 | 556 | handshake->calc_finished = ssl_calc_finished_tls_sha256; |
markrad | 0:cdf462088d13 | 557 | } |
markrad | 0:cdf462088d13 | 558 | else |
markrad | 0:cdf462088d13 | 559 | #endif |
markrad | 0:cdf462088d13 | 560 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 561 | { |
markrad | 0:cdf462088d13 | 562 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 563 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 564 | } |
markrad | 0:cdf462088d13 | 565 | |
markrad | 0:cdf462088d13 | 566 | /* |
markrad | 0:cdf462088d13 | 567 | * SSLv3: |
markrad | 0:cdf462088d13 | 568 | * master = |
markrad | 0:cdf462088d13 | 569 | * MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) + |
markrad | 0:cdf462088d13 | 570 | * MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) + |
markrad | 0:cdf462088d13 | 571 | * MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) ) |
markrad | 0:cdf462088d13 | 572 | * |
markrad | 0:cdf462088d13 | 573 | * TLSv1+: |
markrad | 0:cdf462088d13 | 574 | * master = PRF( premaster, "master secret", randbytes )[0..47] |
markrad | 0:cdf462088d13 | 575 | */ |
markrad | 0:cdf462088d13 | 576 | if( handshake->resume == 0 ) |
markrad | 0:cdf462088d13 | 577 | { |
markrad | 0:cdf462088d13 | 578 | MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster, |
markrad | 0:cdf462088d13 | 579 | handshake->pmslen ); |
markrad | 0:cdf462088d13 | 580 | |
markrad | 0:cdf462088d13 | 581 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
markrad | 0:cdf462088d13 | 582 | if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) |
markrad | 0:cdf462088d13 | 583 | { |
markrad | 0:cdf462088d13 | 584 | unsigned char session_hash[48]; |
markrad | 0:cdf462088d13 | 585 | size_t hash_len; |
markrad | 0:cdf462088d13 | 586 | |
markrad | 0:cdf462088d13 | 587 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using extended master secret" ) ); |
markrad | 0:cdf462088d13 | 588 | |
markrad | 0:cdf462088d13 | 589 | ssl->handshake->calc_verify( ssl, session_hash ); |
markrad | 0:cdf462088d13 | 590 | |
markrad | 0:cdf462088d13 | 591 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 592 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 593 | { |
markrad | 0:cdf462088d13 | 594 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 595 | if( ssl->transform_negotiate->ciphersuite_info->mac == |
markrad | 0:cdf462088d13 | 596 | MBEDTLS_MD_SHA384 ) |
markrad | 0:cdf462088d13 | 597 | { |
markrad | 0:cdf462088d13 | 598 | hash_len = 48; |
markrad | 0:cdf462088d13 | 599 | } |
markrad | 0:cdf462088d13 | 600 | else |
markrad | 0:cdf462088d13 | 601 | #endif |
markrad | 0:cdf462088d13 | 602 | hash_len = 32; |
markrad | 0:cdf462088d13 | 603 | } |
markrad | 0:cdf462088d13 | 604 | else |
markrad | 0:cdf462088d13 | 605 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 606 | hash_len = 36; |
markrad | 0:cdf462088d13 | 607 | |
markrad | 0:cdf462088d13 | 608 | MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len ); |
markrad | 0:cdf462088d13 | 609 | |
markrad | 0:cdf462088d13 | 610 | ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, |
markrad | 0:cdf462088d13 | 611 | "extended master secret", |
markrad | 0:cdf462088d13 | 612 | session_hash, hash_len, |
markrad | 0:cdf462088d13 | 613 | session->master, 48 ); |
markrad | 0:cdf462088d13 | 614 | if( ret != 0 ) |
markrad | 0:cdf462088d13 | 615 | { |
markrad | 0:cdf462088d13 | 616 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
markrad | 0:cdf462088d13 | 617 | return( ret ); |
markrad | 0:cdf462088d13 | 618 | } |
markrad | 0:cdf462088d13 | 619 | |
markrad | 0:cdf462088d13 | 620 | } |
markrad | 0:cdf462088d13 | 621 | else |
markrad | 0:cdf462088d13 | 622 | #endif |
markrad | 0:cdf462088d13 | 623 | ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, |
markrad | 0:cdf462088d13 | 624 | "master secret", |
markrad | 0:cdf462088d13 | 625 | handshake->randbytes, 64, |
markrad | 0:cdf462088d13 | 626 | session->master, 48 ); |
markrad | 0:cdf462088d13 | 627 | if( ret != 0 ) |
markrad | 0:cdf462088d13 | 628 | { |
markrad | 0:cdf462088d13 | 629 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
markrad | 0:cdf462088d13 | 630 | return( ret ); |
markrad | 0:cdf462088d13 | 631 | } |
markrad | 0:cdf462088d13 | 632 | |
markrad | 0:cdf462088d13 | 633 | mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) ); |
markrad | 0:cdf462088d13 | 634 | } |
markrad | 0:cdf462088d13 | 635 | else |
markrad | 0:cdf462088d13 | 636 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); |
markrad | 0:cdf462088d13 | 637 | |
markrad | 0:cdf462088d13 | 638 | /* |
markrad | 0:cdf462088d13 | 639 | * Swap the client and server random values. |
markrad | 0:cdf462088d13 | 640 | */ |
markrad | 0:cdf462088d13 | 641 | memcpy( tmp, handshake->randbytes, 64 ); |
markrad | 0:cdf462088d13 | 642 | memcpy( handshake->randbytes, tmp + 32, 32 ); |
markrad | 0:cdf462088d13 | 643 | memcpy( handshake->randbytes + 32, tmp, 32 ); |
markrad | 0:cdf462088d13 | 644 | mbedtls_zeroize( tmp, sizeof( tmp ) ); |
markrad | 0:cdf462088d13 | 645 | |
markrad | 0:cdf462088d13 | 646 | /* |
markrad | 0:cdf462088d13 | 647 | * SSLv3: |
markrad | 0:cdf462088d13 | 648 | * key block = |
markrad | 0:cdf462088d13 | 649 | * MD5( master + SHA1( 'A' + master + randbytes ) ) + |
markrad | 0:cdf462088d13 | 650 | * MD5( master + SHA1( 'BB' + master + randbytes ) ) + |
markrad | 0:cdf462088d13 | 651 | * MD5( master + SHA1( 'CCC' + master + randbytes ) ) + |
markrad | 0:cdf462088d13 | 652 | * MD5( master + SHA1( 'DDDD' + master + randbytes ) ) + |
markrad | 0:cdf462088d13 | 653 | * ... |
markrad | 0:cdf462088d13 | 654 | * |
markrad | 0:cdf462088d13 | 655 | * TLSv1: |
markrad | 0:cdf462088d13 | 656 | * key block = PRF( master, "key expansion", randbytes ) |
markrad | 0:cdf462088d13 | 657 | */ |
markrad | 0:cdf462088d13 | 658 | ret = handshake->tls_prf( session->master, 48, "key expansion", |
markrad | 0:cdf462088d13 | 659 | handshake->randbytes, 64, keyblk, 256 ); |
markrad | 0:cdf462088d13 | 660 | if( ret != 0 ) |
markrad | 0:cdf462088d13 | 661 | { |
markrad | 0:cdf462088d13 | 662 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
markrad | 0:cdf462088d13 | 663 | return( ret ); |
markrad | 0:cdf462088d13 | 664 | } |
markrad | 0:cdf462088d13 | 665 | |
markrad | 0:cdf462088d13 | 666 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", |
markrad | 0:cdf462088d13 | 667 | mbedtls_ssl_get_ciphersuite_name( session->ciphersuite ) ) ); |
markrad | 0:cdf462088d13 | 668 | MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", session->master, 48 ); |
markrad | 0:cdf462088d13 | 669 | MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 ); |
markrad | 0:cdf462088d13 | 670 | MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); |
markrad | 0:cdf462088d13 | 671 | |
markrad | 0:cdf462088d13 | 672 | mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) ); |
markrad | 0:cdf462088d13 | 673 | |
markrad | 0:cdf462088d13 | 674 | /* |
markrad | 0:cdf462088d13 | 675 | * Determine the appropriate key, IV and MAC length. |
markrad | 0:cdf462088d13 | 676 | */ |
markrad | 0:cdf462088d13 | 677 | |
markrad | 0:cdf462088d13 | 678 | transform->keylen = cipher_info->key_bitlen / 8; |
markrad | 0:cdf462088d13 | 679 | |
markrad | 0:cdf462088d13 | 680 | if( cipher_info->mode == MBEDTLS_MODE_GCM || |
markrad | 0:cdf462088d13 | 681 | cipher_info->mode == MBEDTLS_MODE_CCM ) |
markrad | 0:cdf462088d13 | 682 | { |
markrad | 0:cdf462088d13 | 683 | transform->maclen = 0; |
markrad | 0:cdf462088d13 | 684 | |
markrad | 0:cdf462088d13 | 685 | transform->ivlen = 12; |
markrad | 0:cdf462088d13 | 686 | transform->fixed_ivlen = 4; |
markrad | 0:cdf462088d13 | 687 | |
markrad | 0:cdf462088d13 | 688 | /* Minimum length is expicit IV + tag */ |
markrad | 0:cdf462088d13 | 689 | transform->minlen = transform->ivlen - transform->fixed_ivlen |
markrad | 0:cdf462088d13 | 690 | + ( transform->ciphersuite_info->flags & |
markrad | 0:cdf462088d13 | 691 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16 ); |
markrad | 0:cdf462088d13 | 692 | } |
markrad | 0:cdf462088d13 | 693 | else |
markrad | 0:cdf462088d13 | 694 | { |
markrad | 0:cdf462088d13 | 695 | /* Initialize HMAC contexts */ |
markrad | 0:cdf462088d13 | 696 | if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 || |
markrad | 0:cdf462088d13 | 697 | ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 ) |
markrad | 0:cdf462088d13 | 698 | { |
markrad | 0:cdf462088d13 | 699 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); |
markrad | 0:cdf462088d13 | 700 | return( ret ); |
markrad | 0:cdf462088d13 | 701 | } |
markrad | 0:cdf462088d13 | 702 | |
markrad | 0:cdf462088d13 | 703 | /* Get MAC length */ |
markrad | 0:cdf462088d13 | 704 | transform->maclen = mbedtls_md_get_size( md_info ); |
markrad | 0:cdf462088d13 | 705 | |
markrad | 0:cdf462088d13 | 706 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
markrad | 0:cdf462088d13 | 707 | /* |
markrad | 0:cdf462088d13 | 708 | * If HMAC is to be truncated, we shall keep the leftmost bytes, |
markrad | 0:cdf462088d13 | 709 | * (rfc 6066 page 13 or rfc 2104 section 4), |
markrad | 0:cdf462088d13 | 710 | * so we only need to adjust the length here. |
markrad | 0:cdf462088d13 | 711 | */ |
markrad | 0:cdf462088d13 | 712 | if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) |
markrad | 0:cdf462088d13 | 713 | transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN; |
markrad | 0:cdf462088d13 | 714 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
markrad | 0:cdf462088d13 | 715 | |
markrad | 0:cdf462088d13 | 716 | /* IV length */ |
markrad | 0:cdf462088d13 | 717 | transform->ivlen = cipher_info->iv_size; |
markrad | 0:cdf462088d13 | 718 | |
markrad | 0:cdf462088d13 | 719 | /* Minimum length */ |
markrad | 0:cdf462088d13 | 720 | if( cipher_info->mode == MBEDTLS_MODE_STREAM ) |
markrad | 0:cdf462088d13 | 721 | transform->minlen = transform->maclen; |
markrad | 0:cdf462088d13 | 722 | else |
markrad | 0:cdf462088d13 | 723 | { |
markrad | 0:cdf462088d13 | 724 | /* |
markrad | 0:cdf462088d13 | 725 | * GenericBlockCipher: |
markrad | 0:cdf462088d13 | 726 | * 1. if EtM is in use: one block plus MAC |
markrad | 0:cdf462088d13 | 727 | * otherwise: * first multiple of blocklen greater than maclen |
markrad | 0:cdf462088d13 | 728 | * 2. IV except for SSL3 and TLS 1.0 |
markrad | 0:cdf462088d13 | 729 | */ |
markrad | 0:cdf462088d13 | 730 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 731 | if( session->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) |
markrad | 0:cdf462088d13 | 732 | { |
markrad | 0:cdf462088d13 | 733 | transform->minlen = transform->maclen |
markrad | 0:cdf462088d13 | 734 | + cipher_info->block_size; |
markrad | 0:cdf462088d13 | 735 | } |
markrad | 0:cdf462088d13 | 736 | else |
markrad | 0:cdf462088d13 | 737 | #endif |
markrad | 0:cdf462088d13 | 738 | { |
markrad | 0:cdf462088d13 | 739 | transform->minlen = transform->maclen |
markrad | 0:cdf462088d13 | 740 | + cipher_info->block_size |
markrad | 0:cdf462088d13 | 741 | - transform->maclen % cipher_info->block_size; |
markrad | 0:cdf462088d13 | 742 | } |
markrad | 0:cdf462088d13 | 743 | |
markrad | 0:cdf462088d13 | 744 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
markrad | 0:cdf462088d13 | 745 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || |
markrad | 0:cdf462088d13 | 746 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 ) |
markrad | 0:cdf462088d13 | 747 | ; /* No need to adjust minlen */ |
markrad | 0:cdf462088d13 | 748 | else |
markrad | 0:cdf462088d13 | 749 | #endif |
markrad | 0:cdf462088d13 | 750 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 751 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 || |
markrad | 0:cdf462088d13 | 752 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 753 | { |
markrad | 0:cdf462088d13 | 754 | transform->minlen += transform->ivlen; |
markrad | 0:cdf462088d13 | 755 | } |
markrad | 0:cdf462088d13 | 756 | else |
markrad | 0:cdf462088d13 | 757 | #endif |
markrad | 0:cdf462088d13 | 758 | { |
markrad | 0:cdf462088d13 | 759 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 760 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 761 | } |
markrad | 0:cdf462088d13 | 762 | } |
markrad | 0:cdf462088d13 | 763 | } |
markrad | 0:cdf462088d13 | 764 | |
markrad | 0:cdf462088d13 | 765 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d", |
markrad | 0:cdf462088d13 | 766 | transform->keylen, transform->minlen, transform->ivlen, |
markrad | 0:cdf462088d13 | 767 | transform->maclen ) ); |
markrad | 0:cdf462088d13 | 768 | |
markrad | 0:cdf462088d13 | 769 | /* |
markrad | 0:cdf462088d13 | 770 | * Finally setup the cipher contexts, IVs and MAC secrets. |
markrad | 0:cdf462088d13 | 771 | */ |
markrad | 0:cdf462088d13 | 772 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 773 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 774 | { |
markrad | 0:cdf462088d13 | 775 | key1 = keyblk + transform->maclen * 2; |
markrad | 0:cdf462088d13 | 776 | key2 = keyblk + transform->maclen * 2 + transform->keylen; |
markrad | 0:cdf462088d13 | 777 | |
markrad | 0:cdf462088d13 | 778 | mac_enc = keyblk; |
markrad | 0:cdf462088d13 | 779 | mac_dec = keyblk + transform->maclen; |
markrad | 0:cdf462088d13 | 780 | |
markrad | 0:cdf462088d13 | 781 | /* |
markrad | 0:cdf462088d13 | 782 | * This is not used in TLS v1.1. |
markrad | 0:cdf462088d13 | 783 | */ |
markrad | 0:cdf462088d13 | 784 | iv_copy_len = ( transform->fixed_ivlen ) ? |
markrad | 0:cdf462088d13 | 785 | transform->fixed_ivlen : transform->ivlen; |
markrad | 0:cdf462088d13 | 786 | memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len ); |
markrad | 0:cdf462088d13 | 787 | memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len, |
markrad | 0:cdf462088d13 | 788 | iv_copy_len ); |
markrad | 0:cdf462088d13 | 789 | } |
markrad | 0:cdf462088d13 | 790 | else |
markrad | 0:cdf462088d13 | 791 | #endif /* MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 792 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 793 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 794 | { |
markrad | 0:cdf462088d13 | 795 | key1 = keyblk + transform->maclen * 2 + transform->keylen; |
markrad | 0:cdf462088d13 | 796 | key2 = keyblk + transform->maclen * 2; |
markrad | 0:cdf462088d13 | 797 | |
markrad | 0:cdf462088d13 | 798 | mac_enc = keyblk + transform->maclen; |
markrad | 0:cdf462088d13 | 799 | mac_dec = keyblk; |
markrad | 0:cdf462088d13 | 800 | |
markrad | 0:cdf462088d13 | 801 | /* |
markrad | 0:cdf462088d13 | 802 | * This is not used in TLS v1.1. |
markrad | 0:cdf462088d13 | 803 | */ |
markrad | 0:cdf462088d13 | 804 | iv_copy_len = ( transform->fixed_ivlen ) ? |
markrad | 0:cdf462088d13 | 805 | transform->fixed_ivlen : transform->ivlen; |
markrad | 0:cdf462088d13 | 806 | memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len ); |
markrad | 0:cdf462088d13 | 807 | memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len, |
markrad | 0:cdf462088d13 | 808 | iv_copy_len ); |
markrad | 0:cdf462088d13 | 809 | } |
markrad | 0:cdf462088d13 | 810 | else |
markrad | 0:cdf462088d13 | 811 | #endif /* MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 812 | { |
markrad | 0:cdf462088d13 | 813 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 814 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 815 | } |
markrad | 0:cdf462088d13 | 816 | |
markrad | 0:cdf462088d13 | 817 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 818 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 819 | { |
markrad | 0:cdf462088d13 | 820 | if( transform->maclen > sizeof transform->mac_enc ) |
markrad | 0:cdf462088d13 | 821 | { |
markrad | 0:cdf462088d13 | 822 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 823 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 824 | } |
markrad | 0:cdf462088d13 | 825 | |
markrad | 0:cdf462088d13 | 826 | memcpy( transform->mac_enc, mac_enc, transform->maclen ); |
markrad | 0:cdf462088d13 | 827 | memcpy( transform->mac_dec, mac_dec, transform->maclen ); |
markrad | 0:cdf462088d13 | 828 | } |
markrad | 0:cdf462088d13 | 829 | else |
markrad | 0:cdf462088d13 | 830 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 831 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 832 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 833 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
markrad | 0:cdf462088d13 | 834 | { |
markrad | 0:cdf462088d13 | 835 | mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen ); |
markrad | 0:cdf462088d13 | 836 | mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen ); |
markrad | 0:cdf462088d13 | 837 | } |
markrad | 0:cdf462088d13 | 838 | else |
markrad | 0:cdf462088d13 | 839 | #endif |
markrad | 0:cdf462088d13 | 840 | { |
markrad | 0:cdf462088d13 | 841 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 842 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 843 | } |
markrad | 0:cdf462088d13 | 844 | |
markrad | 0:cdf462088d13 | 845 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 846 | if( mbedtls_ssl_hw_record_init != NULL ) |
markrad | 0:cdf462088d13 | 847 | { |
markrad | 0:cdf462088d13 | 848 | int ret = 0; |
markrad | 0:cdf462088d13 | 849 | |
markrad | 0:cdf462088d13 | 850 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) ); |
markrad | 0:cdf462088d13 | 851 | |
markrad | 0:cdf462088d13 | 852 | if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen, |
markrad | 0:cdf462088d13 | 853 | transform->iv_enc, transform->iv_dec, |
markrad | 0:cdf462088d13 | 854 | iv_copy_len, |
markrad | 0:cdf462088d13 | 855 | mac_enc, mac_dec, |
markrad | 0:cdf462088d13 | 856 | transform->maclen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 857 | { |
markrad | 0:cdf462088d13 | 858 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret ); |
markrad | 0:cdf462088d13 | 859 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 860 | } |
markrad | 0:cdf462088d13 | 861 | } |
markrad | 0:cdf462088d13 | 862 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
markrad | 0:cdf462088d13 | 863 | |
markrad | 0:cdf462088d13 | 864 | #if defined(MBEDTLS_SSL_EXPORT_KEYS) |
markrad | 0:cdf462088d13 | 865 | if( ssl->conf->f_export_keys != NULL ) |
markrad | 0:cdf462088d13 | 866 | { |
markrad | 0:cdf462088d13 | 867 | ssl->conf->f_export_keys( ssl->conf->p_export_keys, |
markrad | 0:cdf462088d13 | 868 | session->master, keyblk, |
markrad | 0:cdf462088d13 | 869 | transform->maclen, transform->keylen, |
markrad | 0:cdf462088d13 | 870 | iv_copy_len ); |
markrad | 0:cdf462088d13 | 871 | } |
markrad | 0:cdf462088d13 | 872 | #endif |
markrad | 0:cdf462088d13 | 873 | |
markrad | 0:cdf462088d13 | 874 | if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, |
markrad | 0:cdf462088d13 | 875 | cipher_info ) ) != 0 ) |
markrad | 0:cdf462088d13 | 876 | { |
markrad | 0:cdf462088d13 | 877 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); |
markrad | 0:cdf462088d13 | 878 | return( ret ); |
markrad | 0:cdf462088d13 | 879 | } |
markrad | 0:cdf462088d13 | 880 | |
markrad | 0:cdf462088d13 | 881 | if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, |
markrad | 0:cdf462088d13 | 882 | cipher_info ) ) != 0 ) |
markrad | 0:cdf462088d13 | 883 | { |
markrad | 0:cdf462088d13 | 884 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); |
markrad | 0:cdf462088d13 | 885 | return( ret ); |
markrad | 0:cdf462088d13 | 886 | } |
markrad | 0:cdf462088d13 | 887 | |
markrad | 0:cdf462088d13 | 888 | if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, |
markrad | 0:cdf462088d13 | 889 | cipher_info->key_bitlen, |
markrad | 0:cdf462088d13 | 890 | MBEDTLS_ENCRYPT ) ) != 0 ) |
markrad | 0:cdf462088d13 | 891 | { |
markrad | 0:cdf462088d13 | 892 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); |
markrad | 0:cdf462088d13 | 893 | return( ret ); |
markrad | 0:cdf462088d13 | 894 | } |
markrad | 0:cdf462088d13 | 895 | |
markrad | 0:cdf462088d13 | 896 | if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, |
markrad | 0:cdf462088d13 | 897 | cipher_info->key_bitlen, |
markrad | 0:cdf462088d13 | 898 | MBEDTLS_DECRYPT ) ) != 0 ) |
markrad | 0:cdf462088d13 | 899 | { |
markrad | 0:cdf462088d13 | 900 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); |
markrad | 0:cdf462088d13 | 901 | return( ret ); |
markrad | 0:cdf462088d13 | 902 | } |
markrad | 0:cdf462088d13 | 903 | |
markrad | 0:cdf462088d13 | 904 | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
markrad | 0:cdf462088d13 | 905 | if( cipher_info->mode == MBEDTLS_MODE_CBC ) |
markrad | 0:cdf462088d13 | 906 | { |
markrad | 0:cdf462088d13 | 907 | if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc, |
markrad | 0:cdf462088d13 | 908 | MBEDTLS_PADDING_NONE ) ) != 0 ) |
markrad | 0:cdf462088d13 | 909 | { |
markrad | 0:cdf462088d13 | 910 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); |
markrad | 0:cdf462088d13 | 911 | return( ret ); |
markrad | 0:cdf462088d13 | 912 | } |
markrad | 0:cdf462088d13 | 913 | |
markrad | 0:cdf462088d13 | 914 | if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec, |
markrad | 0:cdf462088d13 | 915 | MBEDTLS_PADDING_NONE ) ) != 0 ) |
markrad | 0:cdf462088d13 | 916 | { |
markrad | 0:cdf462088d13 | 917 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); |
markrad | 0:cdf462088d13 | 918 | return( ret ); |
markrad | 0:cdf462088d13 | 919 | } |
markrad | 0:cdf462088d13 | 920 | } |
markrad | 0:cdf462088d13 | 921 | #endif /* MBEDTLS_CIPHER_MODE_CBC */ |
markrad | 0:cdf462088d13 | 922 | |
markrad | 0:cdf462088d13 | 923 | mbedtls_zeroize( keyblk, sizeof( keyblk ) ); |
markrad | 0:cdf462088d13 | 924 | |
markrad | 0:cdf462088d13 | 925 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 926 | // Initialize compression |
markrad | 0:cdf462088d13 | 927 | // |
markrad | 0:cdf462088d13 | 928 | if( session->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
markrad | 0:cdf462088d13 | 929 | { |
markrad | 0:cdf462088d13 | 930 | if( ssl->compress_buf == NULL ) |
markrad | 0:cdf462088d13 | 931 | { |
markrad | 0:cdf462088d13 | 932 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) ); |
markrad | 0:cdf462088d13 | 933 | ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_BUFFER_LEN ); |
markrad | 0:cdf462088d13 | 934 | if( ssl->compress_buf == NULL ) |
markrad | 0:cdf462088d13 | 935 | { |
markrad | 0:cdf462088d13 | 936 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", |
markrad | 0:cdf462088d13 | 937 | MBEDTLS_SSL_BUFFER_LEN ) ); |
markrad | 0:cdf462088d13 | 938 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 939 | } |
markrad | 0:cdf462088d13 | 940 | } |
markrad | 0:cdf462088d13 | 941 | |
markrad | 0:cdf462088d13 | 942 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) ); |
markrad | 0:cdf462088d13 | 943 | |
markrad | 0:cdf462088d13 | 944 | memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) ); |
markrad | 0:cdf462088d13 | 945 | memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) ); |
markrad | 0:cdf462088d13 | 946 | |
markrad | 0:cdf462088d13 | 947 | if( deflateInit( &transform->ctx_deflate, |
markrad | 0:cdf462088d13 | 948 | Z_DEFAULT_COMPRESSION ) != Z_OK || |
markrad | 0:cdf462088d13 | 949 | inflateInit( &transform->ctx_inflate ) != Z_OK ) |
markrad | 0:cdf462088d13 | 950 | { |
markrad | 0:cdf462088d13 | 951 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) ); |
markrad | 0:cdf462088d13 | 952 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
markrad | 0:cdf462088d13 | 953 | } |
markrad | 0:cdf462088d13 | 954 | } |
markrad | 0:cdf462088d13 | 955 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
markrad | 0:cdf462088d13 | 956 | |
markrad | 0:cdf462088d13 | 957 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); |
markrad | 0:cdf462088d13 | 958 | |
markrad | 0:cdf462088d13 | 959 | return( 0 ); |
markrad | 0:cdf462088d13 | 960 | } |
markrad | 0:cdf462088d13 | 961 | |
markrad | 0:cdf462088d13 | 962 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 963 | void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] ) |
markrad | 0:cdf462088d13 | 964 | { |
markrad | 0:cdf462088d13 | 965 | mbedtls_md5_context md5; |
markrad | 0:cdf462088d13 | 966 | mbedtls_sha1_context sha1; |
markrad | 0:cdf462088d13 | 967 | unsigned char pad_1[48]; |
markrad | 0:cdf462088d13 | 968 | unsigned char pad_2[48]; |
markrad | 0:cdf462088d13 | 969 | |
markrad | 0:cdf462088d13 | 970 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) ); |
markrad | 0:cdf462088d13 | 971 | |
markrad | 0:cdf462088d13 | 972 | mbedtls_md5_init( &md5 ); |
markrad | 0:cdf462088d13 | 973 | mbedtls_sha1_init( &sha1 ); |
markrad | 0:cdf462088d13 | 974 | |
markrad | 0:cdf462088d13 | 975 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 976 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 977 | |
markrad | 0:cdf462088d13 | 978 | memset( pad_1, 0x36, 48 ); |
markrad | 0:cdf462088d13 | 979 | memset( pad_2, 0x5C, 48 ); |
markrad | 0:cdf462088d13 | 980 | |
markrad | 0:cdf462088d13 | 981 | mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); |
markrad | 0:cdf462088d13 | 982 | mbedtls_md5_update( &md5, pad_1, 48 ); |
markrad | 0:cdf462088d13 | 983 | mbedtls_md5_finish( &md5, hash ); |
markrad | 0:cdf462088d13 | 984 | |
markrad | 0:cdf462088d13 | 985 | mbedtls_md5_starts( &md5 ); |
markrad | 0:cdf462088d13 | 986 | mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); |
markrad | 0:cdf462088d13 | 987 | mbedtls_md5_update( &md5, pad_2, 48 ); |
markrad | 0:cdf462088d13 | 988 | mbedtls_md5_update( &md5, hash, 16 ); |
markrad | 0:cdf462088d13 | 989 | mbedtls_md5_finish( &md5, hash ); |
markrad | 0:cdf462088d13 | 990 | |
markrad | 0:cdf462088d13 | 991 | mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); |
markrad | 0:cdf462088d13 | 992 | mbedtls_sha1_update( &sha1, pad_1, 40 ); |
markrad | 0:cdf462088d13 | 993 | mbedtls_sha1_finish( &sha1, hash + 16 ); |
markrad | 0:cdf462088d13 | 994 | |
markrad | 0:cdf462088d13 | 995 | mbedtls_sha1_starts( &sha1 ); |
markrad | 0:cdf462088d13 | 996 | mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); |
markrad | 0:cdf462088d13 | 997 | mbedtls_sha1_update( &sha1, pad_2, 40 ); |
markrad | 0:cdf462088d13 | 998 | mbedtls_sha1_update( &sha1, hash + 16, 20 ); |
markrad | 0:cdf462088d13 | 999 | mbedtls_sha1_finish( &sha1, hash + 16 ); |
markrad | 0:cdf462088d13 | 1000 | |
markrad | 0:cdf462088d13 | 1001 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); |
markrad | 0:cdf462088d13 | 1002 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
markrad | 0:cdf462088d13 | 1003 | |
markrad | 0:cdf462088d13 | 1004 | mbedtls_md5_free( &md5 ); |
markrad | 0:cdf462088d13 | 1005 | mbedtls_sha1_free( &sha1 ); |
markrad | 0:cdf462088d13 | 1006 | |
markrad | 0:cdf462088d13 | 1007 | return; |
markrad | 0:cdf462088d13 | 1008 | } |
markrad | 0:cdf462088d13 | 1009 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 1010 | |
markrad | 0:cdf462088d13 | 1011 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 1012 | void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] ) |
markrad | 0:cdf462088d13 | 1013 | { |
markrad | 0:cdf462088d13 | 1014 | mbedtls_md5_context md5; |
markrad | 0:cdf462088d13 | 1015 | mbedtls_sha1_context sha1; |
markrad | 0:cdf462088d13 | 1016 | |
markrad | 0:cdf462088d13 | 1017 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) ); |
markrad | 0:cdf462088d13 | 1018 | |
markrad | 0:cdf462088d13 | 1019 | mbedtls_md5_init( &md5 ); |
markrad | 0:cdf462088d13 | 1020 | mbedtls_sha1_init( &sha1 ); |
markrad | 0:cdf462088d13 | 1021 | |
markrad | 0:cdf462088d13 | 1022 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 1023 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 1024 | |
markrad | 0:cdf462088d13 | 1025 | mbedtls_md5_finish( &md5, hash ); |
markrad | 0:cdf462088d13 | 1026 | mbedtls_sha1_finish( &sha1, hash + 16 ); |
markrad | 0:cdf462088d13 | 1027 | |
markrad | 0:cdf462088d13 | 1028 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); |
markrad | 0:cdf462088d13 | 1029 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
markrad | 0:cdf462088d13 | 1030 | |
markrad | 0:cdf462088d13 | 1031 | mbedtls_md5_free( &md5 ); |
markrad | 0:cdf462088d13 | 1032 | mbedtls_sha1_free( &sha1 ); |
markrad | 0:cdf462088d13 | 1033 | |
markrad | 0:cdf462088d13 | 1034 | return; |
markrad | 0:cdf462088d13 | 1035 | } |
markrad | 0:cdf462088d13 | 1036 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
markrad | 0:cdf462088d13 | 1037 | |
markrad | 0:cdf462088d13 | 1038 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1039 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 1040 | void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] ) |
markrad | 0:cdf462088d13 | 1041 | { |
markrad | 0:cdf462088d13 | 1042 | mbedtls_sha256_context sha256; |
markrad | 0:cdf462088d13 | 1043 | |
markrad | 0:cdf462088d13 | 1044 | mbedtls_sha256_init( &sha256 ); |
markrad | 0:cdf462088d13 | 1045 | |
markrad | 0:cdf462088d13 | 1046 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); |
markrad | 0:cdf462088d13 | 1047 | |
markrad | 0:cdf462088d13 | 1048 | mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); |
markrad | 0:cdf462088d13 | 1049 | mbedtls_sha256_finish( &sha256, hash ); |
markrad | 0:cdf462088d13 | 1050 | |
markrad | 0:cdf462088d13 | 1051 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 ); |
markrad | 0:cdf462088d13 | 1052 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
markrad | 0:cdf462088d13 | 1053 | |
markrad | 0:cdf462088d13 | 1054 | mbedtls_sha256_free( &sha256 ); |
markrad | 0:cdf462088d13 | 1055 | |
markrad | 0:cdf462088d13 | 1056 | return; |
markrad | 0:cdf462088d13 | 1057 | } |
markrad | 0:cdf462088d13 | 1058 | #endif /* MBEDTLS_SHA256_C */ |
markrad | 0:cdf462088d13 | 1059 | |
markrad | 0:cdf462088d13 | 1060 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 1061 | void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] ) |
markrad | 0:cdf462088d13 | 1062 | { |
markrad | 0:cdf462088d13 | 1063 | mbedtls_sha512_context sha512; |
markrad | 0:cdf462088d13 | 1064 | |
markrad | 0:cdf462088d13 | 1065 | mbedtls_sha512_init( &sha512 ); |
markrad | 0:cdf462088d13 | 1066 | |
markrad | 0:cdf462088d13 | 1067 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); |
markrad | 0:cdf462088d13 | 1068 | |
markrad | 0:cdf462088d13 | 1069 | mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); |
markrad | 0:cdf462088d13 | 1070 | mbedtls_sha512_finish( &sha512, hash ); |
markrad | 0:cdf462088d13 | 1071 | |
markrad | 0:cdf462088d13 | 1072 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 ); |
markrad | 0:cdf462088d13 | 1073 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
markrad | 0:cdf462088d13 | 1074 | |
markrad | 0:cdf462088d13 | 1075 | mbedtls_sha512_free( &sha512 ); |
markrad | 0:cdf462088d13 | 1076 | |
markrad | 0:cdf462088d13 | 1077 | return; |
markrad | 0:cdf462088d13 | 1078 | } |
markrad | 0:cdf462088d13 | 1079 | #endif /* MBEDTLS_SHA512_C */ |
markrad | 0:cdf462088d13 | 1080 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 1081 | |
markrad | 0:cdf462088d13 | 1082 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
markrad | 0:cdf462088d13 | 1083 | int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) |
markrad | 0:cdf462088d13 | 1084 | { |
markrad | 0:cdf462088d13 | 1085 | unsigned char *p = ssl->handshake->premaster; |
markrad | 0:cdf462088d13 | 1086 | unsigned char *end = p + sizeof( ssl->handshake->premaster ); |
markrad | 0:cdf462088d13 | 1087 | const unsigned char *psk = ssl->conf->psk; |
markrad | 0:cdf462088d13 | 1088 | size_t psk_len = ssl->conf->psk_len; |
markrad | 0:cdf462088d13 | 1089 | |
markrad | 0:cdf462088d13 | 1090 | /* If the psk callback was called, use its result */ |
markrad | 0:cdf462088d13 | 1091 | if( ssl->handshake->psk != NULL ) |
markrad | 0:cdf462088d13 | 1092 | { |
markrad | 0:cdf462088d13 | 1093 | psk = ssl->handshake->psk; |
markrad | 0:cdf462088d13 | 1094 | psk_len = ssl->handshake->psk_len; |
markrad | 0:cdf462088d13 | 1095 | } |
markrad | 0:cdf462088d13 | 1096 | |
markrad | 0:cdf462088d13 | 1097 | /* |
markrad | 0:cdf462088d13 | 1098 | * PMS = struct { |
markrad | 0:cdf462088d13 | 1099 | * opaque other_secret<0..2^16-1>; |
markrad | 0:cdf462088d13 | 1100 | * opaque psk<0..2^16-1>; |
markrad | 0:cdf462088d13 | 1101 | * }; |
markrad | 0:cdf462088d13 | 1102 | * with "other_secret" depending on the particular key exchange |
markrad | 0:cdf462088d13 | 1103 | */ |
markrad | 0:cdf462088d13 | 1104 | #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) |
markrad | 0:cdf462088d13 | 1105 | if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK ) |
markrad | 0:cdf462088d13 | 1106 | { |
markrad | 0:cdf462088d13 | 1107 | if( end - p < 2 ) |
markrad | 0:cdf462088d13 | 1108 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 1109 | |
markrad | 0:cdf462088d13 | 1110 | *(p++) = (unsigned char)( psk_len >> 8 ); |
markrad | 0:cdf462088d13 | 1111 | *(p++) = (unsigned char)( psk_len ); |
markrad | 0:cdf462088d13 | 1112 | |
markrad | 0:cdf462088d13 | 1113 | if( end < p || (size_t)( end - p ) < psk_len ) |
markrad | 0:cdf462088d13 | 1114 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 1115 | |
markrad | 0:cdf462088d13 | 1116 | memset( p, 0, psk_len ); |
markrad | 0:cdf462088d13 | 1117 | p += psk_len; |
markrad | 0:cdf462088d13 | 1118 | } |
markrad | 0:cdf462088d13 | 1119 | else |
markrad | 0:cdf462088d13 | 1120 | #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ |
markrad | 0:cdf462088d13 | 1121 | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) |
markrad | 0:cdf462088d13 | 1122 | if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) |
markrad | 0:cdf462088d13 | 1123 | { |
markrad | 0:cdf462088d13 | 1124 | /* |
markrad | 0:cdf462088d13 | 1125 | * other_secret already set by the ClientKeyExchange message, |
markrad | 0:cdf462088d13 | 1126 | * and is 48 bytes long |
markrad | 0:cdf462088d13 | 1127 | */ |
markrad | 0:cdf462088d13 | 1128 | *p++ = 0; |
markrad | 0:cdf462088d13 | 1129 | *p++ = 48; |
markrad | 0:cdf462088d13 | 1130 | p += 48; |
markrad | 0:cdf462088d13 | 1131 | } |
markrad | 0:cdf462088d13 | 1132 | else |
markrad | 0:cdf462088d13 | 1133 | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ |
markrad | 0:cdf462088d13 | 1134 | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) |
markrad | 0:cdf462088d13 | 1135 | if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) |
markrad | 0:cdf462088d13 | 1136 | { |
markrad | 0:cdf462088d13 | 1137 | int ret; |
markrad | 0:cdf462088d13 | 1138 | size_t len; |
markrad | 0:cdf462088d13 | 1139 | |
markrad | 0:cdf462088d13 | 1140 | /* Write length only when we know the actual value */ |
markrad | 0:cdf462088d13 | 1141 | if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, |
markrad | 0:cdf462088d13 | 1142 | p + 2, end - ( p + 2 ), &len, |
markrad | 0:cdf462088d13 | 1143 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1144 | { |
markrad | 0:cdf462088d13 | 1145 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); |
markrad | 0:cdf462088d13 | 1146 | return( ret ); |
markrad | 0:cdf462088d13 | 1147 | } |
markrad | 0:cdf462088d13 | 1148 | *(p++) = (unsigned char)( len >> 8 ); |
markrad | 0:cdf462088d13 | 1149 | *(p++) = (unsigned char)( len ); |
markrad | 0:cdf462088d13 | 1150 | p += len; |
markrad | 0:cdf462088d13 | 1151 | |
markrad | 0:cdf462088d13 | 1152 | MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); |
markrad | 0:cdf462088d13 | 1153 | } |
markrad | 0:cdf462088d13 | 1154 | else |
markrad | 0:cdf462088d13 | 1155 | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ |
markrad | 0:cdf462088d13 | 1156 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
markrad | 0:cdf462088d13 | 1157 | if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) |
markrad | 0:cdf462088d13 | 1158 | { |
markrad | 0:cdf462088d13 | 1159 | int ret; |
markrad | 0:cdf462088d13 | 1160 | size_t zlen; |
markrad | 0:cdf462088d13 | 1161 | |
markrad | 0:cdf462088d13 | 1162 | if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, |
markrad | 0:cdf462088d13 | 1163 | p + 2, end - ( p + 2 ), |
markrad | 0:cdf462088d13 | 1164 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1165 | { |
markrad | 0:cdf462088d13 | 1166 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); |
markrad | 0:cdf462088d13 | 1167 | return( ret ); |
markrad | 0:cdf462088d13 | 1168 | } |
markrad | 0:cdf462088d13 | 1169 | |
markrad | 0:cdf462088d13 | 1170 | *(p++) = (unsigned char)( zlen >> 8 ); |
markrad | 0:cdf462088d13 | 1171 | *(p++) = (unsigned char)( zlen ); |
markrad | 0:cdf462088d13 | 1172 | p += zlen; |
markrad | 0:cdf462088d13 | 1173 | |
markrad | 0:cdf462088d13 | 1174 | MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); |
markrad | 0:cdf462088d13 | 1175 | } |
markrad | 0:cdf462088d13 | 1176 | else |
markrad | 0:cdf462088d13 | 1177 | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ |
markrad | 0:cdf462088d13 | 1178 | { |
markrad | 0:cdf462088d13 | 1179 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1180 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1181 | } |
markrad | 0:cdf462088d13 | 1182 | |
markrad | 0:cdf462088d13 | 1183 | /* opaque psk<0..2^16-1>; */ |
markrad | 0:cdf462088d13 | 1184 | if( end - p < 2 ) |
markrad | 0:cdf462088d13 | 1185 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 1186 | |
markrad | 0:cdf462088d13 | 1187 | *(p++) = (unsigned char)( psk_len >> 8 ); |
markrad | 0:cdf462088d13 | 1188 | *(p++) = (unsigned char)( psk_len ); |
markrad | 0:cdf462088d13 | 1189 | |
markrad | 0:cdf462088d13 | 1190 | if( end < p || (size_t)( end - p ) < psk_len ) |
markrad | 0:cdf462088d13 | 1191 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 1192 | |
markrad | 0:cdf462088d13 | 1193 | memcpy( p, psk, psk_len ); |
markrad | 0:cdf462088d13 | 1194 | p += psk_len; |
markrad | 0:cdf462088d13 | 1195 | |
markrad | 0:cdf462088d13 | 1196 | ssl->handshake->pmslen = p - ssl->handshake->premaster; |
markrad | 0:cdf462088d13 | 1197 | |
markrad | 0:cdf462088d13 | 1198 | return( 0 ); |
markrad | 0:cdf462088d13 | 1199 | } |
markrad | 0:cdf462088d13 | 1200 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
markrad | 0:cdf462088d13 | 1201 | |
markrad | 0:cdf462088d13 | 1202 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 1203 | /* |
markrad | 0:cdf462088d13 | 1204 | * SSLv3.0 MAC functions |
markrad | 0:cdf462088d13 | 1205 | */ |
markrad | 0:cdf462088d13 | 1206 | static void ssl_mac( mbedtls_md_context_t *md_ctx, unsigned char *secret, |
markrad | 0:cdf462088d13 | 1207 | unsigned char *buf, size_t len, |
markrad | 0:cdf462088d13 | 1208 | unsigned char *ctr, int type ) |
markrad | 0:cdf462088d13 | 1209 | { |
markrad | 0:cdf462088d13 | 1210 | unsigned char header[11]; |
markrad | 0:cdf462088d13 | 1211 | unsigned char padding[48]; |
markrad | 0:cdf462088d13 | 1212 | int padlen; |
markrad | 0:cdf462088d13 | 1213 | int md_size = mbedtls_md_get_size( md_ctx->md_info ); |
markrad | 0:cdf462088d13 | 1214 | int md_type = mbedtls_md_get_type( md_ctx->md_info ); |
markrad | 0:cdf462088d13 | 1215 | |
markrad | 0:cdf462088d13 | 1216 | /* Only MD5 and SHA-1 supported */ |
markrad | 0:cdf462088d13 | 1217 | if( md_type == MBEDTLS_MD_MD5 ) |
markrad | 0:cdf462088d13 | 1218 | padlen = 48; |
markrad | 0:cdf462088d13 | 1219 | else |
markrad | 0:cdf462088d13 | 1220 | padlen = 40; |
markrad | 0:cdf462088d13 | 1221 | |
markrad | 0:cdf462088d13 | 1222 | memcpy( header, ctr, 8 ); |
markrad | 0:cdf462088d13 | 1223 | header[ 8] = (unsigned char) type; |
markrad | 0:cdf462088d13 | 1224 | header[ 9] = (unsigned char)( len >> 8 ); |
markrad | 0:cdf462088d13 | 1225 | header[10] = (unsigned char)( len ); |
markrad | 0:cdf462088d13 | 1226 | |
markrad | 0:cdf462088d13 | 1227 | memset( padding, 0x36, padlen ); |
markrad | 0:cdf462088d13 | 1228 | mbedtls_md_starts( md_ctx ); |
markrad | 0:cdf462088d13 | 1229 | mbedtls_md_update( md_ctx, secret, md_size ); |
markrad | 0:cdf462088d13 | 1230 | mbedtls_md_update( md_ctx, padding, padlen ); |
markrad | 0:cdf462088d13 | 1231 | mbedtls_md_update( md_ctx, header, 11 ); |
markrad | 0:cdf462088d13 | 1232 | mbedtls_md_update( md_ctx, buf, len ); |
markrad | 0:cdf462088d13 | 1233 | mbedtls_md_finish( md_ctx, buf + len ); |
markrad | 0:cdf462088d13 | 1234 | |
markrad | 0:cdf462088d13 | 1235 | memset( padding, 0x5C, padlen ); |
markrad | 0:cdf462088d13 | 1236 | mbedtls_md_starts( md_ctx ); |
markrad | 0:cdf462088d13 | 1237 | mbedtls_md_update( md_ctx, secret, md_size ); |
markrad | 0:cdf462088d13 | 1238 | mbedtls_md_update( md_ctx, padding, padlen ); |
markrad | 0:cdf462088d13 | 1239 | mbedtls_md_update( md_ctx, buf + len, md_size ); |
markrad | 0:cdf462088d13 | 1240 | mbedtls_md_finish( md_ctx, buf + len ); |
markrad | 0:cdf462088d13 | 1241 | } |
markrad | 0:cdf462088d13 | 1242 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 1243 | |
markrad | 0:cdf462088d13 | 1244 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ |
markrad | 0:cdf462088d13 | 1245 | ( defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
markrad | 0:cdf462088d13 | 1246 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) ) |
markrad | 0:cdf462088d13 | 1247 | #define SSL_SOME_MODES_USE_MAC |
markrad | 0:cdf462088d13 | 1248 | #endif |
markrad | 0:cdf462088d13 | 1249 | |
markrad | 0:cdf462088d13 | 1250 | /* |
markrad | 0:cdf462088d13 | 1251 | * Encryption/decryption functions |
markrad | 0:cdf462088d13 | 1252 | */ |
markrad | 0:cdf462088d13 | 1253 | static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 1254 | { |
markrad | 0:cdf462088d13 | 1255 | mbedtls_cipher_mode_t mode; |
markrad | 0:cdf462088d13 | 1256 | int auth_done = 0; |
markrad | 0:cdf462088d13 | 1257 | |
markrad | 0:cdf462088d13 | 1258 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); |
markrad | 0:cdf462088d13 | 1259 | |
markrad | 0:cdf462088d13 | 1260 | if( ssl->session_out == NULL || ssl->transform_out == NULL ) |
markrad | 0:cdf462088d13 | 1261 | { |
markrad | 0:cdf462088d13 | 1262 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1263 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1264 | } |
markrad | 0:cdf462088d13 | 1265 | |
markrad | 0:cdf462088d13 | 1266 | mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ); |
markrad | 0:cdf462088d13 | 1267 | |
markrad | 0:cdf462088d13 | 1268 | MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload", |
markrad | 0:cdf462088d13 | 1269 | ssl->out_msg, ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 1270 | |
markrad | 0:cdf462088d13 | 1271 | /* |
markrad | 0:cdf462088d13 | 1272 | * Add MAC before if needed |
markrad | 0:cdf462088d13 | 1273 | */ |
markrad | 0:cdf462088d13 | 1274 | #if defined(SSL_SOME_MODES_USE_MAC) |
markrad | 0:cdf462088d13 | 1275 | if( mode == MBEDTLS_MODE_STREAM || |
markrad | 0:cdf462088d13 | 1276 | ( mode == MBEDTLS_MODE_CBC |
markrad | 0:cdf462088d13 | 1277 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 1278 | && ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED |
markrad | 0:cdf462088d13 | 1279 | #endif |
markrad | 0:cdf462088d13 | 1280 | ) ) |
markrad | 0:cdf462088d13 | 1281 | { |
markrad | 0:cdf462088d13 | 1282 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 1283 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 1284 | { |
markrad | 0:cdf462088d13 | 1285 | ssl_mac( &ssl->transform_out->md_ctx_enc, |
markrad | 0:cdf462088d13 | 1286 | ssl->transform_out->mac_enc, |
markrad | 0:cdf462088d13 | 1287 | ssl->out_msg, ssl->out_msglen, |
markrad | 0:cdf462088d13 | 1288 | ssl->out_ctr, ssl->out_msgtype ); |
markrad | 0:cdf462088d13 | 1289 | } |
markrad | 0:cdf462088d13 | 1290 | else |
markrad | 0:cdf462088d13 | 1291 | #endif |
markrad | 0:cdf462088d13 | 1292 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 1293 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1294 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
markrad | 0:cdf462088d13 | 1295 | { |
markrad | 0:cdf462088d13 | 1296 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1297 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 ); |
markrad | 0:cdf462088d13 | 1298 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 ); |
markrad | 0:cdf462088d13 | 1299 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, |
markrad | 0:cdf462088d13 | 1300 | ssl->out_msg, ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 1301 | mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, |
markrad | 0:cdf462088d13 | 1302 | ssl->out_msg + ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 1303 | mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); |
markrad | 0:cdf462088d13 | 1304 | } |
markrad | 0:cdf462088d13 | 1305 | else |
markrad | 0:cdf462088d13 | 1306 | #endif |
markrad | 0:cdf462088d13 | 1307 | { |
markrad | 0:cdf462088d13 | 1308 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1309 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1310 | } |
markrad | 0:cdf462088d13 | 1311 | |
markrad | 0:cdf462088d13 | 1312 | MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", |
markrad | 0:cdf462088d13 | 1313 | ssl->out_msg + ssl->out_msglen, |
markrad | 0:cdf462088d13 | 1314 | ssl->transform_out->maclen ); |
markrad | 0:cdf462088d13 | 1315 | |
markrad | 0:cdf462088d13 | 1316 | ssl->out_msglen += ssl->transform_out->maclen; |
markrad | 0:cdf462088d13 | 1317 | auth_done++; |
markrad | 0:cdf462088d13 | 1318 | } |
markrad | 0:cdf462088d13 | 1319 | #endif /* AEAD not the only option */ |
markrad | 0:cdf462088d13 | 1320 | |
markrad | 0:cdf462088d13 | 1321 | /* |
markrad | 0:cdf462088d13 | 1322 | * Encrypt |
markrad | 0:cdf462088d13 | 1323 | */ |
markrad | 0:cdf462088d13 | 1324 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) |
markrad | 0:cdf462088d13 | 1325 | if( mode == MBEDTLS_MODE_STREAM ) |
markrad | 0:cdf462088d13 | 1326 | { |
markrad | 0:cdf462088d13 | 1327 | int ret; |
markrad | 0:cdf462088d13 | 1328 | size_t olen = 0; |
markrad | 0:cdf462088d13 | 1329 | |
markrad | 0:cdf462088d13 | 1330 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
markrad | 0:cdf462088d13 | 1331 | "including %d bytes of padding", |
markrad | 0:cdf462088d13 | 1332 | ssl->out_msglen, 0 ) ); |
markrad | 0:cdf462088d13 | 1333 | |
markrad | 0:cdf462088d13 | 1334 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, |
markrad | 0:cdf462088d13 | 1335 | ssl->transform_out->iv_enc, |
markrad | 0:cdf462088d13 | 1336 | ssl->transform_out->ivlen, |
markrad | 0:cdf462088d13 | 1337 | ssl->out_msg, ssl->out_msglen, |
markrad | 0:cdf462088d13 | 1338 | ssl->out_msg, &olen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1339 | { |
markrad | 0:cdf462088d13 | 1340 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
markrad | 0:cdf462088d13 | 1341 | return( ret ); |
markrad | 0:cdf462088d13 | 1342 | } |
markrad | 0:cdf462088d13 | 1343 | |
markrad | 0:cdf462088d13 | 1344 | if( ssl->out_msglen != olen ) |
markrad | 0:cdf462088d13 | 1345 | { |
markrad | 0:cdf462088d13 | 1346 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1347 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1348 | } |
markrad | 0:cdf462088d13 | 1349 | } |
markrad | 0:cdf462088d13 | 1350 | else |
markrad | 0:cdf462088d13 | 1351 | #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ |
markrad | 0:cdf462088d13 | 1352 | #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) |
markrad | 0:cdf462088d13 | 1353 | if( mode == MBEDTLS_MODE_GCM || |
markrad | 0:cdf462088d13 | 1354 | mode == MBEDTLS_MODE_CCM ) |
markrad | 0:cdf462088d13 | 1355 | { |
markrad | 0:cdf462088d13 | 1356 | int ret; |
markrad | 0:cdf462088d13 | 1357 | size_t enc_msglen, olen; |
markrad | 0:cdf462088d13 | 1358 | unsigned char *enc_msg; |
markrad | 0:cdf462088d13 | 1359 | unsigned char add_data[13]; |
markrad | 0:cdf462088d13 | 1360 | unsigned char taglen = ssl->transform_out->ciphersuite_info->flags & |
markrad | 0:cdf462088d13 | 1361 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; |
markrad | 0:cdf462088d13 | 1362 | |
markrad | 0:cdf462088d13 | 1363 | memcpy( add_data, ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1364 | add_data[8] = ssl->out_msgtype; |
markrad | 0:cdf462088d13 | 1365 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
markrad | 0:cdf462088d13 | 1366 | ssl->conf->transport, add_data + 9 ); |
markrad | 0:cdf462088d13 | 1367 | add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF; |
markrad | 0:cdf462088d13 | 1368 | add_data[12] = ssl->out_msglen & 0xFF; |
markrad | 0:cdf462088d13 | 1369 | |
markrad | 0:cdf462088d13 | 1370 | MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", |
markrad | 0:cdf462088d13 | 1371 | add_data, 13 ); |
markrad | 0:cdf462088d13 | 1372 | |
markrad | 0:cdf462088d13 | 1373 | /* |
markrad | 0:cdf462088d13 | 1374 | * Generate IV |
markrad | 0:cdf462088d13 | 1375 | */ |
markrad | 0:cdf462088d13 | 1376 | if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 ) |
markrad | 0:cdf462088d13 | 1377 | { |
markrad | 0:cdf462088d13 | 1378 | /* Reminder if we ever add an AEAD mode with a different size */ |
markrad | 0:cdf462088d13 | 1379 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1380 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1381 | } |
markrad | 0:cdf462088d13 | 1382 | |
markrad | 0:cdf462088d13 | 1383 | memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, |
markrad | 0:cdf462088d13 | 1384 | ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1385 | memcpy( ssl->out_iv, ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1386 | |
markrad | 0:cdf462088d13 | 1387 | MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv, |
markrad | 0:cdf462088d13 | 1388 | ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); |
markrad | 0:cdf462088d13 | 1389 | |
markrad | 0:cdf462088d13 | 1390 | /* |
markrad | 0:cdf462088d13 | 1391 | * Fix pointer positions and message length with added IV |
markrad | 0:cdf462088d13 | 1392 | */ |
markrad | 0:cdf462088d13 | 1393 | enc_msg = ssl->out_msg; |
markrad | 0:cdf462088d13 | 1394 | enc_msglen = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 1395 | ssl->out_msglen += ssl->transform_out->ivlen - |
markrad | 0:cdf462088d13 | 1396 | ssl->transform_out->fixed_ivlen; |
markrad | 0:cdf462088d13 | 1397 | |
markrad | 0:cdf462088d13 | 1398 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
markrad | 0:cdf462088d13 | 1399 | "including %d bytes of padding", |
markrad | 0:cdf462088d13 | 1400 | ssl->out_msglen, 0 ) ); |
markrad | 0:cdf462088d13 | 1401 | |
markrad | 0:cdf462088d13 | 1402 | /* |
markrad | 0:cdf462088d13 | 1403 | * Encrypt and authenticate |
markrad | 0:cdf462088d13 | 1404 | */ |
markrad | 0:cdf462088d13 | 1405 | if( ( ret = mbedtls_cipher_auth_encrypt( &ssl->transform_out->cipher_ctx_enc, |
markrad | 0:cdf462088d13 | 1406 | ssl->transform_out->iv_enc, |
markrad | 0:cdf462088d13 | 1407 | ssl->transform_out->ivlen, |
markrad | 0:cdf462088d13 | 1408 | add_data, 13, |
markrad | 0:cdf462088d13 | 1409 | enc_msg, enc_msglen, |
markrad | 0:cdf462088d13 | 1410 | enc_msg, &olen, |
markrad | 0:cdf462088d13 | 1411 | enc_msg + enc_msglen, taglen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1412 | { |
markrad | 0:cdf462088d13 | 1413 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret ); |
markrad | 0:cdf462088d13 | 1414 | return( ret ); |
markrad | 0:cdf462088d13 | 1415 | } |
markrad | 0:cdf462088d13 | 1416 | |
markrad | 0:cdf462088d13 | 1417 | if( olen != enc_msglen ) |
markrad | 0:cdf462088d13 | 1418 | { |
markrad | 0:cdf462088d13 | 1419 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1420 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1421 | } |
markrad | 0:cdf462088d13 | 1422 | |
markrad | 0:cdf462088d13 | 1423 | ssl->out_msglen += taglen; |
markrad | 0:cdf462088d13 | 1424 | auth_done++; |
markrad | 0:cdf462088d13 | 1425 | |
markrad | 0:cdf462088d13 | 1426 | MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen ); |
markrad | 0:cdf462088d13 | 1427 | } |
markrad | 0:cdf462088d13 | 1428 | else |
markrad | 0:cdf462088d13 | 1429 | #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ |
markrad | 0:cdf462088d13 | 1430 | #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
markrad | 0:cdf462088d13 | 1431 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) |
markrad | 0:cdf462088d13 | 1432 | if( mode == MBEDTLS_MODE_CBC ) |
markrad | 0:cdf462088d13 | 1433 | { |
markrad | 0:cdf462088d13 | 1434 | int ret; |
markrad | 0:cdf462088d13 | 1435 | unsigned char *enc_msg; |
markrad | 0:cdf462088d13 | 1436 | size_t enc_msglen, padlen, olen = 0, i; |
markrad | 0:cdf462088d13 | 1437 | |
markrad | 0:cdf462088d13 | 1438 | padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) % |
markrad | 0:cdf462088d13 | 1439 | ssl->transform_out->ivlen; |
markrad | 0:cdf462088d13 | 1440 | if( padlen == ssl->transform_out->ivlen ) |
markrad | 0:cdf462088d13 | 1441 | padlen = 0; |
markrad | 0:cdf462088d13 | 1442 | |
markrad | 0:cdf462088d13 | 1443 | for( i = 0; i <= padlen; i++ ) |
markrad | 0:cdf462088d13 | 1444 | ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen; |
markrad | 0:cdf462088d13 | 1445 | |
markrad | 0:cdf462088d13 | 1446 | ssl->out_msglen += padlen + 1; |
markrad | 0:cdf462088d13 | 1447 | |
markrad | 0:cdf462088d13 | 1448 | enc_msglen = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 1449 | enc_msg = ssl->out_msg; |
markrad | 0:cdf462088d13 | 1450 | |
markrad | 0:cdf462088d13 | 1451 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1452 | /* |
markrad | 0:cdf462088d13 | 1453 | * Prepend per-record IV for block cipher in TLS v1.1 and up as per |
markrad | 0:cdf462088d13 | 1454 | * Method 1 (6.2.3.2. in RFC4346 and RFC5246) |
markrad | 0:cdf462088d13 | 1455 | */ |
markrad | 0:cdf462088d13 | 1456 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 1457 | { |
markrad | 0:cdf462088d13 | 1458 | /* |
markrad | 0:cdf462088d13 | 1459 | * Generate IV |
markrad | 0:cdf462088d13 | 1460 | */ |
markrad | 0:cdf462088d13 | 1461 | ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc, |
markrad | 0:cdf462088d13 | 1462 | ssl->transform_out->ivlen ); |
markrad | 0:cdf462088d13 | 1463 | if( ret != 0 ) |
markrad | 0:cdf462088d13 | 1464 | return( ret ); |
markrad | 0:cdf462088d13 | 1465 | |
markrad | 0:cdf462088d13 | 1466 | memcpy( ssl->out_iv, ssl->transform_out->iv_enc, |
markrad | 0:cdf462088d13 | 1467 | ssl->transform_out->ivlen ); |
markrad | 0:cdf462088d13 | 1468 | |
markrad | 0:cdf462088d13 | 1469 | /* |
markrad | 0:cdf462088d13 | 1470 | * Fix pointer positions and message length with added IV |
markrad | 0:cdf462088d13 | 1471 | */ |
markrad | 0:cdf462088d13 | 1472 | enc_msg = ssl->out_msg; |
markrad | 0:cdf462088d13 | 1473 | enc_msglen = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 1474 | ssl->out_msglen += ssl->transform_out->ivlen; |
markrad | 0:cdf462088d13 | 1475 | } |
markrad | 0:cdf462088d13 | 1476 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 1477 | |
markrad | 0:cdf462088d13 | 1478 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
markrad | 0:cdf462088d13 | 1479 | "including %d bytes of IV and %d bytes of padding", |
markrad | 0:cdf462088d13 | 1480 | ssl->out_msglen, ssl->transform_out->ivlen, |
markrad | 0:cdf462088d13 | 1481 | padlen + 1 ) ); |
markrad | 0:cdf462088d13 | 1482 | |
markrad | 0:cdf462088d13 | 1483 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, |
markrad | 0:cdf462088d13 | 1484 | ssl->transform_out->iv_enc, |
markrad | 0:cdf462088d13 | 1485 | ssl->transform_out->ivlen, |
markrad | 0:cdf462088d13 | 1486 | enc_msg, enc_msglen, |
markrad | 0:cdf462088d13 | 1487 | enc_msg, &olen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1488 | { |
markrad | 0:cdf462088d13 | 1489 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
markrad | 0:cdf462088d13 | 1490 | return( ret ); |
markrad | 0:cdf462088d13 | 1491 | } |
markrad | 0:cdf462088d13 | 1492 | |
markrad | 0:cdf462088d13 | 1493 | if( enc_msglen != olen ) |
markrad | 0:cdf462088d13 | 1494 | { |
markrad | 0:cdf462088d13 | 1495 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1496 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1497 | } |
markrad | 0:cdf462088d13 | 1498 | |
markrad | 0:cdf462088d13 | 1499 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
markrad | 0:cdf462088d13 | 1500 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 1501 | { |
markrad | 0:cdf462088d13 | 1502 | /* |
markrad | 0:cdf462088d13 | 1503 | * Save IV in SSL3 and TLS1 |
markrad | 0:cdf462088d13 | 1504 | */ |
markrad | 0:cdf462088d13 | 1505 | memcpy( ssl->transform_out->iv_enc, |
markrad | 0:cdf462088d13 | 1506 | ssl->transform_out->cipher_ctx_enc.iv, |
markrad | 0:cdf462088d13 | 1507 | ssl->transform_out->ivlen ); |
markrad | 0:cdf462088d13 | 1508 | } |
markrad | 0:cdf462088d13 | 1509 | #endif |
markrad | 0:cdf462088d13 | 1510 | |
markrad | 0:cdf462088d13 | 1511 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 1512 | if( auth_done == 0 ) |
markrad | 0:cdf462088d13 | 1513 | { |
markrad | 0:cdf462088d13 | 1514 | /* |
markrad | 0:cdf462088d13 | 1515 | * MAC(MAC_write_key, seq_num + |
markrad | 0:cdf462088d13 | 1516 | * TLSCipherText.type + |
markrad | 0:cdf462088d13 | 1517 | * TLSCipherText.version + |
markrad | 0:cdf462088d13 | 1518 | * length_of( (IV +) ENC(...) ) + |
markrad | 0:cdf462088d13 | 1519 | * IV + // except for TLS 1.0 |
markrad | 0:cdf462088d13 | 1520 | * ENC(content + padding + padding_length)); |
markrad | 0:cdf462088d13 | 1521 | */ |
markrad | 0:cdf462088d13 | 1522 | unsigned char pseudo_hdr[13]; |
markrad | 0:cdf462088d13 | 1523 | |
markrad | 0:cdf462088d13 | 1524 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); |
markrad | 0:cdf462088d13 | 1525 | |
markrad | 0:cdf462088d13 | 1526 | memcpy( pseudo_hdr + 0, ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1527 | memcpy( pseudo_hdr + 8, ssl->out_hdr, 3 ); |
markrad | 0:cdf462088d13 | 1528 | pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF ); |
markrad | 0:cdf462088d13 | 1529 | pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen ) & 0xFF ); |
markrad | 0:cdf462088d13 | 1530 | |
markrad | 0:cdf462088d13 | 1531 | MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 ); |
markrad | 0:cdf462088d13 | 1532 | |
markrad | 0:cdf462088d13 | 1533 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 ); |
markrad | 0:cdf462088d13 | 1534 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, |
markrad | 0:cdf462088d13 | 1535 | ssl->out_iv, ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 1536 | mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, |
markrad | 0:cdf462088d13 | 1537 | ssl->out_iv + ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 1538 | mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); |
markrad | 0:cdf462088d13 | 1539 | |
markrad | 0:cdf462088d13 | 1540 | ssl->out_msglen += ssl->transform_out->maclen; |
markrad | 0:cdf462088d13 | 1541 | auth_done++; |
markrad | 0:cdf462088d13 | 1542 | } |
markrad | 0:cdf462088d13 | 1543 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
markrad | 0:cdf462088d13 | 1544 | } |
markrad | 0:cdf462088d13 | 1545 | else |
markrad | 0:cdf462088d13 | 1546 | #endif /* MBEDTLS_CIPHER_MODE_CBC && |
markrad | 0:cdf462088d13 | 1547 | ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ |
markrad | 0:cdf462088d13 | 1548 | { |
markrad | 0:cdf462088d13 | 1549 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1550 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1551 | } |
markrad | 0:cdf462088d13 | 1552 | |
markrad | 0:cdf462088d13 | 1553 | /* Make extra sure authentication was performed, exactly once */ |
markrad | 0:cdf462088d13 | 1554 | if( auth_done != 1 ) |
markrad | 0:cdf462088d13 | 1555 | { |
markrad | 0:cdf462088d13 | 1556 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1557 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1558 | } |
markrad | 0:cdf462088d13 | 1559 | |
markrad | 0:cdf462088d13 | 1560 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) ); |
markrad | 0:cdf462088d13 | 1561 | |
markrad | 0:cdf462088d13 | 1562 | return( 0 ); |
markrad | 0:cdf462088d13 | 1563 | } |
markrad | 0:cdf462088d13 | 1564 | |
markrad | 0:cdf462088d13 | 1565 | #define SSL_MAX_MAC_SIZE 48 |
markrad | 0:cdf462088d13 | 1566 | |
markrad | 0:cdf462088d13 | 1567 | static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 1568 | { |
markrad | 0:cdf462088d13 | 1569 | size_t i; |
markrad | 0:cdf462088d13 | 1570 | mbedtls_cipher_mode_t mode; |
markrad | 0:cdf462088d13 | 1571 | int auth_done = 0; |
markrad | 0:cdf462088d13 | 1572 | #if defined(SSL_SOME_MODES_USE_MAC) |
markrad | 0:cdf462088d13 | 1573 | size_t padlen = 0, correct = 1; |
markrad | 0:cdf462088d13 | 1574 | #endif |
markrad | 0:cdf462088d13 | 1575 | |
markrad | 0:cdf462088d13 | 1576 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) ); |
markrad | 0:cdf462088d13 | 1577 | |
markrad | 0:cdf462088d13 | 1578 | if( ssl->session_in == NULL || ssl->transform_in == NULL ) |
markrad | 0:cdf462088d13 | 1579 | { |
markrad | 0:cdf462088d13 | 1580 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1581 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1582 | } |
markrad | 0:cdf462088d13 | 1583 | |
markrad | 0:cdf462088d13 | 1584 | mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec ); |
markrad | 0:cdf462088d13 | 1585 | |
markrad | 0:cdf462088d13 | 1586 | if( ssl->in_msglen < ssl->transform_in->minlen ) |
markrad | 0:cdf462088d13 | 1587 | { |
markrad | 0:cdf462088d13 | 1588 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)", |
markrad | 0:cdf462088d13 | 1589 | ssl->in_msglen, ssl->transform_in->minlen ) ); |
markrad | 0:cdf462088d13 | 1590 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 1591 | } |
markrad | 0:cdf462088d13 | 1592 | |
markrad | 0:cdf462088d13 | 1593 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) |
markrad | 0:cdf462088d13 | 1594 | if( mode == MBEDTLS_MODE_STREAM ) |
markrad | 0:cdf462088d13 | 1595 | { |
markrad | 0:cdf462088d13 | 1596 | int ret; |
markrad | 0:cdf462088d13 | 1597 | size_t olen = 0; |
markrad | 0:cdf462088d13 | 1598 | |
markrad | 0:cdf462088d13 | 1599 | padlen = 0; |
markrad | 0:cdf462088d13 | 1600 | |
markrad | 0:cdf462088d13 | 1601 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, |
markrad | 0:cdf462088d13 | 1602 | ssl->transform_in->iv_dec, |
markrad | 0:cdf462088d13 | 1603 | ssl->transform_in->ivlen, |
markrad | 0:cdf462088d13 | 1604 | ssl->in_msg, ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1605 | ssl->in_msg, &olen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1606 | { |
markrad | 0:cdf462088d13 | 1607 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
markrad | 0:cdf462088d13 | 1608 | return( ret ); |
markrad | 0:cdf462088d13 | 1609 | } |
markrad | 0:cdf462088d13 | 1610 | |
markrad | 0:cdf462088d13 | 1611 | if( ssl->in_msglen != olen ) |
markrad | 0:cdf462088d13 | 1612 | { |
markrad | 0:cdf462088d13 | 1613 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1614 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1615 | } |
markrad | 0:cdf462088d13 | 1616 | } |
markrad | 0:cdf462088d13 | 1617 | else |
markrad | 0:cdf462088d13 | 1618 | #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ |
markrad | 0:cdf462088d13 | 1619 | #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) |
markrad | 0:cdf462088d13 | 1620 | if( mode == MBEDTLS_MODE_GCM || |
markrad | 0:cdf462088d13 | 1621 | mode == MBEDTLS_MODE_CCM ) |
markrad | 0:cdf462088d13 | 1622 | { |
markrad | 0:cdf462088d13 | 1623 | int ret; |
markrad | 0:cdf462088d13 | 1624 | size_t dec_msglen, olen; |
markrad | 0:cdf462088d13 | 1625 | unsigned char *dec_msg; |
markrad | 0:cdf462088d13 | 1626 | unsigned char *dec_msg_result; |
markrad | 0:cdf462088d13 | 1627 | unsigned char add_data[13]; |
markrad | 0:cdf462088d13 | 1628 | unsigned char taglen = ssl->transform_in->ciphersuite_info->flags & |
markrad | 0:cdf462088d13 | 1629 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; |
markrad | 0:cdf462088d13 | 1630 | size_t explicit_iv_len = ssl->transform_in->ivlen - |
markrad | 0:cdf462088d13 | 1631 | ssl->transform_in->fixed_ivlen; |
markrad | 0:cdf462088d13 | 1632 | |
markrad | 0:cdf462088d13 | 1633 | if( ssl->in_msglen < explicit_iv_len + taglen ) |
markrad | 0:cdf462088d13 | 1634 | { |
markrad | 0:cdf462088d13 | 1635 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) " |
markrad | 0:cdf462088d13 | 1636 | "+ taglen (%d)", ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1637 | explicit_iv_len, taglen ) ); |
markrad | 0:cdf462088d13 | 1638 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 1639 | } |
markrad | 0:cdf462088d13 | 1640 | dec_msglen = ssl->in_msglen - explicit_iv_len - taglen; |
markrad | 0:cdf462088d13 | 1641 | |
markrad | 0:cdf462088d13 | 1642 | dec_msg = ssl->in_msg; |
markrad | 0:cdf462088d13 | 1643 | dec_msg_result = ssl->in_msg; |
markrad | 0:cdf462088d13 | 1644 | ssl->in_msglen = dec_msglen; |
markrad | 0:cdf462088d13 | 1645 | |
markrad | 0:cdf462088d13 | 1646 | memcpy( add_data, ssl->in_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1647 | add_data[8] = ssl->in_msgtype; |
markrad | 0:cdf462088d13 | 1648 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
markrad | 0:cdf462088d13 | 1649 | ssl->conf->transport, add_data + 9 ); |
markrad | 0:cdf462088d13 | 1650 | add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF; |
markrad | 0:cdf462088d13 | 1651 | add_data[12] = ssl->in_msglen & 0xFF; |
markrad | 0:cdf462088d13 | 1652 | |
markrad | 0:cdf462088d13 | 1653 | MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", |
markrad | 0:cdf462088d13 | 1654 | add_data, 13 ); |
markrad | 0:cdf462088d13 | 1655 | |
markrad | 0:cdf462088d13 | 1656 | memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen, |
markrad | 0:cdf462088d13 | 1657 | ssl->in_iv, |
markrad | 0:cdf462088d13 | 1658 | ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen ); |
markrad | 0:cdf462088d13 | 1659 | |
markrad | 0:cdf462088d13 | 1660 | MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec, |
markrad | 0:cdf462088d13 | 1661 | ssl->transform_in->ivlen ); |
markrad | 0:cdf462088d13 | 1662 | MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen ); |
markrad | 0:cdf462088d13 | 1663 | |
markrad | 0:cdf462088d13 | 1664 | /* |
markrad | 0:cdf462088d13 | 1665 | * Decrypt and authenticate |
markrad | 0:cdf462088d13 | 1666 | */ |
markrad | 0:cdf462088d13 | 1667 | if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec, |
markrad | 0:cdf462088d13 | 1668 | ssl->transform_in->iv_dec, |
markrad | 0:cdf462088d13 | 1669 | ssl->transform_in->ivlen, |
markrad | 0:cdf462088d13 | 1670 | add_data, 13, |
markrad | 0:cdf462088d13 | 1671 | dec_msg, dec_msglen, |
markrad | 0:cdf462088d13 | 1672 | dec_msg_result, &olen, |
markrad | 0:cdf462088d13 | 1673 | dec_msg + dec_msglen, taglen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1674 | { |
markrad | 0:cdf462088d13 | 1675 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret ); |
markrad | 0:cdf462088d13 | 1676 | |
markrad | 0:cdf462088d13 | 1677 | if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ) |
markrad | 0:cdf462088d13 | 1678 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 1679 | |
markrad | 0:cdf462088d13 | 1680 | return( ret ); |
markrad | 0:cdf462088d13 | 1681 | } |
markrad | 0:cdf462088d13 | 1682 | auth_done++; |
markrad | 0:cdf462088d13 | 1683 | |
markrad | 0:cdf462088d13 | 1684 | if( olen != dec_msglen ) |
markrad | 0:cdf462088d13 | 1685 | { |
markrad | 0:cdf462088d13 | 1686 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1687 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1688 | } |
markrad | 0:cdf462088d13 | 1689 | } |
markrad | 0:cdf462088d13 | 1690 | else |
markrad | 0:cdf462088d13 | 1691 | #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ |
markrad | 0:cdf462088d13 | 1692 | #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
markrad | 0:cdf462088d13 | 1693 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) |
markrad | 0:cdf462088d13 | 1694 | if( mode == MBEDTLS_MODE_CBC ) |
markrad | 0:cdf462088d13 | 1695 | { |
markrad | 0:cdf462088d13 | 1696 | /* |
markrad | 0:cdf462088d13 | 1697 | * Decrypt and check the padding |
markrad | 0:cdf462088d13 | 1698 | */ |
markrad | 0:cdf462088d13 | 1699 | int ret; |
markrad | 0:cdf462088d13 | 1700 | unsigned char *dec_msg; |
markrad | 0:cdf462088d13 | 1701 | unsigned char *dec_msg_result; |
markrad | 0:cdf462088d13 | 1702 | size_t dec_msglen; |
markrad | 0:cdf462088d13 | 1703 | size_t minlen = 0; |
markrad | 0:cdf462088d13 | 1704 | size_t olen = 0; |
markrad | 0:cdf462088d13 | 1705 | |
markrad | 0:cdf462088d13 | 1706 | /* |
markrad | 0:cdf462088d13 | 1707 | * Check immediate ciphertext sanity |
markrad | 0:cdf462088d13 | 1708 | */ |
markrad | 0:cdf462088d13 | 1709 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1710 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 1711 | minlen += ssl->transform_in->ivlen; |
markrad | 0:cdf462088d13 | 1712 | #endif |
markrad | 0:cdf462088d13 | 1713 | |
markrad | 0:cdf462088d13 | 1714 | if( ssl->in_msglen < minlen + ssl->transform_in->ivlen || |
markrad | 0:cdf462088d13 | 1715 | ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 ) |
markrad | 0:cdf462088d13 | 1716 | { |
markrad | 0:cdf462088d13 | 1717 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) " |
markrad | 0:cdf462088d13 | 1718 | "+ 1 ) ( + expl IV )", ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1719 | ssl->transform_in->ivlen, |
markrad | 0:cdf462088d13 | 1720 | ssl->transform_in->maclen ) ); |
markrad | 0:cdf462088d13 | 1721 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 1722 | } |
markrad | 0:cdf462088d13 | 1723 | |
markrad | 0:cdf462088d13 | 1724 | dec_msglen = ssl->in_msglen; |
markrad | 0:cdf462088d13 | 1725 | dec_msg = ssl->in_msg; |
markrad | 0:cdf462088d13 | 1726 | dec_msg_result = ssl->in_msg; |
markrad | 0:cdf462088d13 | 1727 | |
markrad | 0:cdf462088d13 | 1728 | /* |
markrad | 0:cdf462088d13 | 1729 | * Authenticate before decrypt if enabled |
markrad | 0:cdf462088d13 | 1730 | */ |
markrad | 0:cdf462088d13 | 1731 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 1732 | if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) |
markrad | 0:cdf462088d13 | 1733 | { |
markrad | 0:cdf462088d13 | 1734 | unsigned char computed_mac[SSL_MAX_MAC_SIZE]; |
markrad | 0:cdf462088d13 | 1735 | unsigned char pseudo_hdr[13]; |
markrad | 0:cdf462088d13 | 1736 | |
markrad | 0:cdf462088d13 | 1737 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); |
markrad | 0:cdf462088d13 | 1738 | |
markrad | 0:cdf462088d13 | 1739 | dec_msglen -= ssl->transform_in->maclen; |
markrad | 0:cdf462088d13 | 1740 | ssl->in_msglen -= ssl->transform_in->maclen; |
markrad | 0:cdf462088d13 | 1741 | |
markrad | 0:cdf462088d13 | 1742 | memcpy( pseudo_hdr + 0, ssl->in_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1743 | memcpy( pseudo_hdr + 8, ssl->in_hdr, 3 ); |
markrad | 0:cdf462088d13 | 1744 | pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF ); |
markrad | 0:cdf462088d13 | 1745 | pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen ) & 0xFF ); |
markrad | 0:cdf462088d13 | 1746 | |
markrad | 0:cdf462088d13 | 1747 | MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 ); |
markrad | 0:cdf462088d13 | 1748 | |
markrad | 0:cdf462088d13 | 1749 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 ); |
markrad | 0:cdf462088d13 | 1750 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, |
markrad | 0:cdf462088d13 | 1751 | ssl->in_iv, ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 1752 | mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, computed_mac ); |
markrad | 0:cdf462088d13 | 1753 | mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); |
markrad | 0:cdf462088d13 | 1754 | |
markrad | 0:cdf462088d13 | 1755 | MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1756 | ssl->transform_in->maclen ); |
markrad | 0:cdf462088d13 | 1757 | MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", computed_mac, |
markrad | 0:cdf462088d13 | 1758 | ssl->transform_in->maclen ); |
markrad | 0:cdf462088d13 | 1759 | |
markrad | 0:cdf462088d13 | 1760 | if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, computed_mac, |
markrad | 0:cdf462088d13 | 1761 | ssl->transform_in->maclen ) != 0 ) |
markrad | 0:cdf462088d13 | 1762 | { |
markrad | 0:cdf462088d13 | 1763 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); |
markrad | 0:cdf462088d13 | 1764 | |
markrad | 0:cdf462088d13 | 1765 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 1766 | } |
markrad | 0:cdf462088d13 | 1767 | auth_done++; |
markrad | 0:cdf462088d13 | 1768 | } |
markrad | 0:cdf462088d13 | 1769 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
markrad | 0:cdf462088d13 | 1770 | |
markrad | 0:cdf462088d13 | 1771 | /* |
markrad | 0:cdf462088d13 | 1772 | * Check length sanity |
markrad | 0:cdf462088d13 | 1773 | */ |
markrad | 0:cdf462088d13 | 1774 | if( ssl->in_msglen % ssl->transform_in->ivlen != 0 ) |
markrad | 0:cdf462088d13 | 1775 | { |
markrad | 0:cdf462088d13 | 1776 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0", |
markrad | 0:cdf462088d13 | 1777 | ssl->in_msglen, ssl->transform_in->ivlen ) ); |
markrad | 0:cdf462088d13 | 1778 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 1779 | } |
markrad | 0:cdf462088d13 | 1780 | |
markrad | 0:cdf462088d13 | 1781 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1782 | /* |
markrad | 0:cdf462088d13 | 1783 | * Initialize for prepended IV for block cipher in TLS v1.1 and up |
markrad | 0:cdf462088d13 | 1784 | */ |
markrad | 0:cdf462088d13 | 1785 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 1786 | { |
markrad | 0:cdf462088d13 | 1787 | dec_msglen -= ssl->transform_in->ivlen; |
markrad | 0:cdf462088d13 | 1788 | ssl->in_msglen -= ssl->transform_in->ivlen; |
markrad | 0:cdf462088d13 | 1789 | |
markrad | 0:cdf462088d13 | 1790 | for( i = 0; i < ssl->transform_in->ivlen; i++ ) |
markrad | 0:cdf462088d13 | 1791 | ssl->transform_in->iv_dec[i] = ssl->in_iv[i]; |
markrad | 0:cdf462088d13 | 1792 | } |
markrad | 0:cdf462088d13 | 1793 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 1794 | |
markrad | 0:cdf462088d13 | 1795 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, |
markrad | 0:cdf462088d13 | 1796 | ssl->transform_in->iv_dec, |
markrad | 0:cdf462088d13 | 1797 | ssl->transform_in->ivlen, |
markrad | 0:cdf462088d13 | 1798 | dec_msg, dec_msglen, |
markrad | 0:cdf462088d13 | 1799 | dec_msg_result, &olen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 1800 | { |
markrad | 0:cdf462088d13 | 1801 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
markrad | 0:cdf462088d13 | 1802 | return( ret ); |
markrad | 0:cdf462088d13 | 1803 | } |
markrad | 0:cdf462088d13 | 1804 | |
markrad | 0:cdf462088d13 | 1805 | if( dec_msglen != olen ) |
markrad | 0:cdf462088d13 | 1806 | { |
markrad | 0:cdf462088d13 | 1807 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1808 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1809 | } |
markrad | 0:cdf462088d13 | 1810 | |
markrad | 0:cdf462088d13 | 1811 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
markrad | 0:cdf462088d13 | 1812 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 1813 | { |
markrad | 0:cdf462088d13 | 1814 | /* |
markrad | 0:cdf462088d13 | 1815 | * Save IV in SSL3 and TLS1 |
markrad | 0:cdf462088d13 | 1816 | */ |
markrad | 0:cdf462088d13 | 1817 | memcpy( ssl->transform_in->iv_dec, |
markrad | 0:cdf462088d13 | 1818 | ssl->transform_in->cipher_ctx_dec.iv, |
markrad | 0:cdf462088d13 | 1819 | ssl->transform_in->ivlen ); |
markrad | 0:cdf462088d13 | 1820 | } |
markrad | 0:cdf462088d13 | 1821 | #endif |
markrad | 0:cdf462088d13 | 1822 | |
markrad | 0:cdf462088d13 | 1823 | padlen = 1 + ssl->in_msg[ssl->in_msglen - 1]; |
markrad | 0:cdf462088d13 | 1824 | |
markrad | 0:cdf462088d13 | 1825 | if( ssl->in_msglen < ssl->transform_in->maclen + padlen && |
markrad | 0:cdf462088d13 | 1826 | auth_done == 0 ) |
markrad | 0:cdf462088d13 | 1827 | { |
markrad | 0:cdf462088d13 | 1828 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
markrad | 0:cdf462088d13 | 1829 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)", |
markrad | 0:cdf462088d13 | 1830 | ssl->in_msglen, ssl->transform_in->maclen, padlen ) ); |
markrad | 0:cdf462088d13 | 1831 | #endif |
markrad | 0:cdf462088d13 | 1832 | padlen = 0; |
markrad | 0:cdf462088d13 | 1833 | correct = 0; |
markrad | 0:cdf462088d13 | 1834 | } |
markrad | 0:cdf462088d13 | 1835 | |
markrad | 0:cdf462088d13 | 1836 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 1837 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 1838 | { |
markrad | 0:cdf462088d13 | 1839 | if( padlen > ssl->transform_in->ivlen ) |
markrad | 0:cdf462088d13 | 1840 | { |
markrad | 0:cdf462088d13 | 1841 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
markrad | 0:cdf462088d13 | 1842 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, " |
markrad | 0:cdf462088d13 | 1843 | "should be no more than %d", |
markrad | 0:cdf462088d13 | 1844 | padlen, ssl->transform_in->ivlen ) ); |
markrad | 0:cdf462088d13 | 1845 | #endif |
markrad | 0:cdf462088d13 | 1846 | correct = 0; |
markrad | 0:cdf462088d13 | 1847 | } |
markrad | 0:cdf462088d13 | 1848 | } |
markrad | 0:cdf462088d13 | 1849 | else |
markrad | 0:cdf462088d13 | 1850 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 1851 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 1852 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1853 | if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 1854 | { |
markrad | 0:cdf462088d13 | 1855 | /* |
markrad | 0:cdf462088d13 | 1856 | * TLSv1+: always check the padding up to the first failure |
markrad | 0:cdf462088d13 | 1857 | * and fake check up to 256 bytes of padding |
markrad | 0:cdf462088d13 | 1858 | */ |
markrad | 0:cdf462088d13 | 1859 | size_t pad_count = 0, real_count = 1; |
markrad | 0:cdf462088d13 | 1860 | size_t padding_idx = ssl->in_msglen - padlen - 1; |
markrad | 0:cdf462088d13 | 1861 | |
markrad | 0:cdf462088d13 | 1862 | /* |
markrad | 0:cdf462088d13 | 1863 | * Padding is guaranteed to be incorrect if: |
markrad | 0:cdf462088d13 | 1864 | * 1. padlen >= ssl->in_msglen |
markrad | 0:cdf462088d13 | 1865 | * |
markrad | 0:cdf462088d13 | 1866 | * 2. padding_idx >= MBEDTLS_SSL_MAX_CONTENT_LEN + |
markrad | 0:cdf462088d13 | 1867 | * ssl->transform_in->maclen |
markrad | 0:cdf462088d13 | 1868 | * |
markrad | 0:cdf462088d13 | 1869 | * In both cases we reset padding_idx to a safe value (0) to |
markrad | 0:cdf462088d13 | 1870 | * prevent out-of-buffer reads. |
markrad | 0:cdf462088d13 | 1871 | */ |
markrad | 0:cdf462088d13 | 1872 | correct &= ( ssl->in_msglen >= padlen + 1 ); |
markrad | 0:cdf462088d13 | 1873 | correct &= ( padding_idx < MBEDTLS_SSL_MAX_CONTENT_LEN + |
markrad | 0:cdf462088d13 | 1874 | ssl->transform_in->maclen ); |
markrad | 0:cdf462088d13 | 1875 | |
markrad | 0:cdf462088d13 | 1876 | padding_idx *= correct; |
markrad | 0:cdf462088d13 | 1877 | |
markrad | 0:cdf462088d13 | 1878 | for( i = 1; i <= 256; i++ ) |
markrad | 0:cdf462088d13 | 1879 | { |
markrad | 0:cdf462088d13 | 1880 | real_count &= ( i <= padlen ); |
markrad | 0:cdf462088d13 | 1881 | pad_count += real_count * |
markrad | 0:cdf462088d13 | 1882 | ( ssl->in_msg[padding_idx + i] == padlen - 1 ); |
markrad | 0:cdf462088d13 | 1883 | } |
markrad | 0:cdf462088d13 | 1884 | |
markrad | 0:cdf462088d13 | 1885 | correct &= ( pad_count == padlen ); /* Only 1 on correct padding */ |
markrad | 0:cdf462088d13 | 1886 | |
markrad | 0:cdf462088d13 | 1887 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
markrad | 0:cdf462088d13 | 1888 | if( padlen > 0 && correct == 0 ) |
markrad | 0:cdf462088d13 | 1889 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) ); |
markrad | 0:cdf462088d13 | 1890 | #endif |
markrad | 0:cdf462088d13 | 1891 | padlen &= correct * 0x1FF; |
markrad | 0:cdf462088d13 | 1892 | } |
markrad | 0:cdf462088d13 | 1893 | else |
markrad | 0:cdf462088d13 | 1894 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
markrad | 0:cdf462088d13 | 1895 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 1896 | { |
markrad | 0:cdf462088d13 | 1897 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1898 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1899 | } |
markrad | 0:cdf462088d13 | 1900 | |
markrad | 0:cdf462088d13 | 1901 | ssl->in_msglen -= padlen; |
markrad | 0:cdf462088d13 | 1902 | } |
markrad | 0:cdf462088d13 | 1903 | else |
markrad | 0:cdf462088d13 | 1904 | #endif /* MBEDTLS_CIPHER_MODE_CBC && |
markrad | 0:cdf462088d13 | 1905 | ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ |
markrad | 0:cdf462088d13 | 1906 | { |
markrad | 0:cdf462088d13 | 1907 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1908 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1909 | } |
markrad | 0:cdf462088d13 | 1910 | |
markrad | 0:cdf462088d13 | 1911 | MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption", |
markrad | 0:cdf462088d13 | 1912 | ssl->in_msg, ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 1913 | |
markrad | 0:cdf462088d13 | 1914 | /* |
markrad | 0:cdf462088d13 | 1915 | * Authenticate if not done yet. |
markrad | 0:cdf462088d13 | 1916 | * Compute the MAC regardless of the padding result (RFC4346, CBCTIME). |
markrad | 0:cdf462088d13 | 1917 | */ |
markrad | 0:cdf462088d13 | 1918 | #if defined(SSL_SOME_MODES_USE_MAC) |
markrad | 0:cdf462088d13 | 1919 | if( auth_done == 0 ) |
markrad | 0:cdf462088d13 | 1920 | { |
markrad | 0:cdf462088d13 | 1921 | unsigned char tmp[SSL_MAX_MAC_SIZE]; |
markrad | 0:cdf462088d13 | 1922 | |
markrad | 0:cdf462088d13 | 1923 | ssl->in_msglen -= ssl->transform_in->maclen; |
markrad | 0:cdf462088d13 | 1924 | |
markrad | 0:cdf462088d13 | 1925 | ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 ); |
markrad | 0:cdf462088d13 | 1926 | ssl->in_len[1] = (unsigned char)( ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 1927 | |
markrad | 0:cdf462088d13 | 1928 | memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen ); |
markrad | 0:cdf462088d13 | 1929 | |
markrad | 0:cdf462088d13 | 1930 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 1931 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 1932 | { |
markrad | 0:cdf462088d13 | 1933 | ssl_mac( &ssl->transform_in->md_ctx_dec, |
markrad | 0:cdf462088d13 | 1934 | ssl->transform_in->mac_dec, |
markrad | 0:cdf462088d13 | 1935 | ssl->in_msg, ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1936 | ssl->in_ctr, ssl->in_msgtype ); |
markrad | 0:cdf462088d13 | 1937 | } |
markrad | 0:cdf462088d13 | 1938 | else |
markrad | 0:cdf462088d13 | 1939 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 1940 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 1941 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 1942 | if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 1943 | { |
markrad | 0:cdf462088d13 | 1944 | /* |
markrad | 0:cdf462088d13 | 1945 | * Process MAC and always update for padlen afterwards to make |
markrad | 0:cdf462088d13 | 1946 | * total time independent of padlen |
markrad | 0:cdf462088d13 | 1947 | * |
markrad | 0:cdf462088d13 | 1948 | * extra_run compensates MAC check for padlen |
markrad | 0:cdf462088d13 | 1949 | * |
markrad | 0:cdf462088d13 | 1950 | * Known timing attacks: |
markrad | 0:cdf462088d13 | 1951 | * - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf) |
markrad | 0:cdf462088d13 | 1952 | * |
markrad | 0:cdf462088d13 | 1953 | * We use ( ( Lx + 8 ) / 64 ) to handle 'negative Lx' values |
markrad | 0:cdf462088d13 | 1954 | * correctly. (We round down instead of up, so -56 is the correct |
markrad | 0:cdf462088d13 | 1955 | * value for our calculations instead of -55) |
markrad | 0:cdf462088d13 | 1956 | */ |
markrad | 0:cdf462088d13 | 1957 | size_t j, extra_run = 0; |
markrad | 0:cdf462088d13 | 1958 | extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 - |
markrad | 0:cdf462088d13 | 1959 | ( 13 + ssl->in_msglen + 8 ) / 64; |
markrad | 0:cdf462088d13 | 1960 | |
markrad | 0:cdf462088d13 | 1961 | extra_run &= correct * 0xFF; |
markrad | 0:cdf462088d13 | 1962 | |
markrad | 0:cdf462088d13 | 1963 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 ); |
markrad | 0:cdf462088d13 | 1964 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 ); |
markrad | 0:cdf462088d13 | 1965 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 ); |
markrad | 0:cdf462088d13 | 1966 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, |
markrad | 0:cdf462088d13 | 1967 | ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 1968 | mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, |
markrad | 0:cdf462088d13 | 1969 | ssl->in_msg + ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 1970 | /* Call mbedtls_md_process at least once due to cache attacks */ |
markrad | 0:cdf462088d13 | 1971 | for( j = 0; j < extra_run + 1; j++ ) |
markrad | 0:cdf462088d13 | 1972 | mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); |
markrad | 0:cdf462088d13 | 1973 | |
markrad | 0:cdf462088d13 | 1974 | mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); |
markrad | 0:cdf462088d13 | 1975 | } |
markrad | 0:cdf462088d13 | 1976 | else |
markrad | 0:cdf462088d13 | 1977 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
markrad | 0:cdf462088d13 | 1978 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 1979 | { |
markrad | 0:cdf462088d13 | 1980 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 1981 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 1982 | } |
markrad | 0:cdf462088d13 | 1983 | |
markrad | 0:cdf462088d13 | 1984 | MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen ); |
markrad | 0:cdf462088d13 | 1985 | MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1986 | ssl->transform_in->maclen ); |
markrad | 0:cdf462088d13 | 1987 | |
markrad | 0:cdf462088d13 | 1988 | if( mbedtls_ssl_safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen, |
markrad | 0:cdf462088d13 | 1989 | ssl->transform_in->maclen ) != 0 ) |
markrad | 0:cdf462088d13 | 1990 | { |
markrad | 0:cdf462088d13 | 1991 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
markrad | 0:cdf462088d13 | 1992 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); |
markrad | 0:cdf462088d13 | 1993 | #endif |
markrad | 0:cdf462088d13 | 1994 | correct = 0; |
markrad | 0:cdf462088d13 | 1995 | } |
markrad | 0:cdf462088d13 | 1996 | auth_done++; |
markrad | 0:cdf462088d13 | 1997 | |
markrad | 0:cdf462088d13 | 1998 | /* |
markrad | 0:cdf462088d13 | 1999 | * Finally check the correct flag |
markrad | 0:cdf462088d13 | 2000 | */ |
markrad | 0:cdf462088d13 | 2001 | if( correct == 0 ) |
markrad | 0:cdf462088d13 | 2002 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 2003 | } |
markrad | 0:cdf462088d13 | 2004 | #endif /* SSL_SOME_MODES_USE_MAC */ |
markrad | 0:cdf462088d13 | 2005 | |
markrad | 0:cdf462088d13 | 2006 | /* Make extra sure authentication was performed, exactly once */ |
markrad | 0:cdf462088d13 | 2007 | if( auth_done != 1 ) |
markrad | 0:cdf462088d13 | 2008 | { |
markrad | 0:cdf462088d13 | 2009 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 2010 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 2011 | } |
markrad | 0:cdf462088d13 | 2012 | |
markrad | 0:cdf462088d13 | 2013 | if( ssl->in_msglen == 0 ) |
markrad | 0:cdf462088d13 | 2014 | { |
markrad | 0:cdf462088d13 | 2015 | ssl->nb_zero++; |
markrad | 0:cdf462088d13 | 2016 | |
markrad | 0:cdf462088d13 | 2017 | /* |
markrad | 0:cdf462088d13 | 2018 | * Three or more empty messages may be a DoS attack |
markrad | 0:cdf462088d13 | 2019 | * (excessive CPU consumption). |
markrad | 0:cdf462088d13 | 2020 | */ |
markrad | 0:cdf462088d13 | 2021 | if( ssl->nb_zero > 3 ) |
markrad | 0:cdf462088d13 | 2022 | { |
markrad | 0:cdf462088d13 | 2023 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty " |
markrad | 0:cdf462088d13 | 2024 | "messages, possible DoS attack" ) ); |
markrad | 0:cdf462088d13 | 2025 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 2026 | } |
markrad | 0:cdf462088d13 | 2027 | } |
markrad | 0:cdf462088d13 | 2028 | else |
markrad | 0:cdf462088d13 | 2029 | ssl->nb_zero = 0; |
markrad | 0:cdf462088d13 | 2030 | |
markrad | 0:cdf462088d13 | 2031 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2032 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 2033 | { |
markrad | 0:cdf462088d13 | 2034 | ; /* in_ctr read from peer, not maintained internally */ |
markrad | 0:cdf462088d13 | 2035 | } |
markrad | 0:cdf462088d13 | 2036 | else |
markrad | 0:cdf462088d13 | 2037 | #endif |
markrad | 0:cdf462088d13 | 2038 | { |
markrad | 0:cdf462088d13 | 2039 | for( i = 8; i > ssl_ep_len( ssl ); i-- ) |
markrad | 0:cdf462088d13 | 2040 | if( ++ssl->in_ctr[i - 1] != 0 ) |
markrad | 0:cdf462088d13 | 2041 | break; |
markrad | 0:cdf462088d13 | 2042 | |
markrad | 0:cdf462088d13 | 2043 | /* The loop goes to its end iff the counter is wrapping */ |
markrad | 0:cdf462088d13 | 2044 | if( i == ssl_ep_len( ssl ) ) |
markrad | 0:cdf462088d13 | 2045 | { |
markrad | 0:cdf462088d13 | 2046 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) ); |
markrad | 0:cdf462088d13 | 2047 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
markrad | 0:cdf462088d13 | 2048 | } |
markrad | 0:cdf462088d13 | 2049 | } |
markrad | 0:cdf462088d13 | 2050 | |
markrad | 0:cdf462088d13 | 2051 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) ); |
markrad | 0:cdf462088d13 | 2052 | |
markrad | 0:cdf462088d13 | 2053 | return( 0 ); |
markrad | 0:cdf462088d13 | 2054 | } |
markrad | 0:cdf462088d13 | 2055 | |
markrad | 0:cdf462088d13 | 2056 | #undef MAC_NONE |
markrad | 0:cdf462088d13 | 2057 | #undef MAC_PLAINTEXT |
markrad | 0:cdf462088d13 | 2058 | #undef MAC_CIPHERTEXT |
markrad | 0:cdf462088d13 | 2059 | |
markrad | 0:cdf462088d13 | 2060 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 2061 | /* |
markrad | 0:cdf462088d13 | 2062 | * Compression/decompression functions |
markrad | 0:cdf462088d13 | 2063 | */ |
markrad | 0:cdf462088d13 | 2064 | static int ssl_compress_buf( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2065 | { |
markrad | 0:cdf462088d13 | 2066 | int ret; |
markrad | 0:cdf462088d13 | 2067 | unsigned char *msg_post = ssl->out_msg; |
markrad | 0:cdf462088d13 | 2068 | size_t len_pre = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 2069 | unsigned char *msg_pre = ssl->compress_buf; |
markrad | 0:cdf462088d13 | 2070 | |
markrad | 0:cdf462088d13 | 2071 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> compress buf" ) ); |
markrad | 0:cdf462088d13 | 2072 | |
markrad | 0:cdf462088d13 | 2073 | if( len_pre == 0 ) |
markrad | 0:cdf462088d13 | 2074 | return( 0 ); |
markrad | 0:cdf462088d13 | 2075 | |
markrad | 0:cdf462088d13 | 2076 | memcpy( msg_pre, ssl->out_msg, len_pre ); |
markrad | 0:cdf462088d13 | 2077 | |
markrad | 0:cdf462088d13 | 2078 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ", |
markrad | 0:cdf462088d13 | 2079 | ssl->out_msglen ) ); |
markrad | 0:cdf462088d13 | 2080 | |
markrad | 0:cdf462088d13 | 2081 | MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload", |
markrad | 0:cdf462088d13 | 2082 | ssl->out_msg, ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 2083 | |
markrad | 0:cdf462088d13 | 2084 | ssl->transform_out->ctx_deflate.next_in = msg_pre; |
markrad | 0:cdf462088d13 | 2085 | ssl->transform_out->ctx_deflate.avail_in = len_pre; |
markrad | 0:cdf462088d13 | 2086 | ssl->transform_out->ctx_deflate.next_out = msg_post; |
markrad | 0:cdf462088d13 | 2087 | ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN; |
markrad | 0:cdf462088d13 | 2088 | |
markrad | 0:cdf462088d13 | 2089 | ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH ); |
markrad | 0:cdf462088d13 | 2090 | if( ret != Z_OK ) |
markrad | 0:cdf462088d13 | 2091 | { |
markrad | 0:cdf462088d13 | 2092 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) ); |
markrad | 0:cdf462088d13 | 2093 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
markrad | 0:cdf462088d13 | 2094 | } |
markrad | 0:cdf462088d13 | 2095 | |
markrad | 0:cdf462088d13 | 2096 | ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN - |
markrad | 0:cdf462088d13 | 2097 | ssl->transform_out->ctx_deflate.avail_out; |
markrad | 0:cdf462088d13 | 2098 | |
markrad | 0:cdf462088d13 | 2099 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ", |
markrad | 0:cdf462088d13 | 2100 | ssl->out_msglen ) ); |
markrad | 0:cdf462088d13 | 2101 | |
markrad | 0:cdf462088d13 | 2102 | MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload", |
markrad | 0:cdf462088d13 | 2103 | ssl->out_msg, ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 2104 | |
markrad | 0:cdf462088d13 | 2105 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= compress buf" ) ); |
markrad | 0:cdf462088d13 | 2106 | |
markrad | 0:cdf462088d13 | 2107 | return( 0 ); |
markrad | 0:cdf462088d13 | 2108 | } |
markrad | 0:cdf462088d13 | 2109 | |
markrad | 0:cdf462088d13 | 2110 | static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2111 | { |
markrad | 0:cdf462088d13 | 2112 | int ret; |
markrad | 0:cdf462088d13 | 2113 | unsigned char *msg_post = ssl->in_msg; |
markrad | 0:cdf462088d13 | 2114 | size_t len_pre = ssl->in_msglen; |
markrad | 0:cdf462088d13 | 2115 | unsigned char *msg_pre = ssl->compress_buf; |
markrad | 0:cdf462088d13 | 2116 | |
markrad | 0:cdf462088d13 | 2117 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) ); |
markrad | 0:cdf462088d13 | 2118 | |
markrad | 0:cdf462088d13 | 2119 | if( len_pre == 0 ) |
markrad | 0:cdf462088d13 | 2120 | return( 0 ); |
markrad | 0:cdf462088d13 | 2121 | |
markrad | 0:cdf462088d13 | 2122 | memcpy( msg_pre, ssl->in_msg, len_pre ); |
markrad | 0:cdf462088d13 | 2123 | |
markrad | 0:cdf462088d13 | 2124 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ", |
markrad | 0:cdf462088d13 | 2125 | ssl->in_msglen ) ); |
markrad | 0:cdf462088d13 | 2126 | |
markrad | 0:cdf462088d13 | 2127 | MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload", |
markrad | 0:cdf462088d13 | 2128 | ssl->in_msg, ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 2129 | |
markrad | 0:cdf462088d13 | 2130 | ssl->transform_in->ctx_inflate.next_in = msg_pre; |
markrad | 0:cdf462088d13 | 2131 | ssl->transform_in->ctx_inflate.avail_in = len_pre; |
markrad | 0:cdf462088d13 | 2132 | ssl->transform_in->ctx_inflate.next_out = msg_post; |
markrad | 0:cdf462088d13 | 2133 | ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_MAX_CONTENT_LEN; |
markrad | 0:cdf462088d13 | 2134 | |
markrad | 0:cdf462088d13 | 2135 | ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); |
markrad | 0:cdf462088d13 | 2136 | if( ret != Z_OK ) |
markrad | 0:cdf462088d13 | 2137 | { |
markrad | 0:cdf462088d13 | 2138 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) ); |
markrad | 0:cdf462088d13 | 2139 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
markrad | 0:cdf462088d13 | 2140 | } |
markrad | 0:cdf462088d13 | 2141 | |
markrad | 0:cdf462088d13 | 2142 | ssl->in_msglen = MBEDTLS_SSL_MAX_CONTENT_LEN - |
markrad | 0:cdf462088d13 | 2143 | ssl->transform_in->ctx_inflate.avail_out; |
markrad | 0:cdf462088d13 | 2144 | |
markrad | 0:cdf462088d13 | 2145 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", |
markrad | 0:cdf462088d13 | 2146 | ssl->in_msglen ) ); |
markrad | 0:cdf462088d13 | 2147 | |
markrad | 0:cdf462088d13 | 2148 | MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload", |
markrad | 0:cdf462088d13 | 2149 | ssl->in_msg, ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 2150 | |
markrad | 0:cdf462088d13 | 2151 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) ); |
markrad | 0:cdf462088d13 | 2152 | |
markrad | 0:cdf462088d13 | 2153 | return( 0 ); |
markrad | 0:cdf462088d13 | 2154 | } |
markrad | 0:cdf462088d13 | 2155 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
markrad | 0:cdf462088d13 | 2156 | |
markrad | 0:cdf462088d13 | 2157 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 2158 | static int ssl_write_hello_request( mbedtls_ssl_context *ssl ); |
markrad | 0:cdf462088d13 | 2159 | |
markrad | 0:cdf462088d13 | 2160 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2161 | static int ssl_resend_hello_request( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2162 | { |
markrad | 0:cdf462088d13 | 2163 | /* If renegotiation is not enforced, retransmit until we would reach max |
markrad | 0:cdf462088d13 | 2164 | * timeout if we were using the usual handshake doubling scheme */ |
markrad | 0:cdf462088d13 | 2165 | if( ssl->conf->renego_max_records < 0 ) |
markrad | 0:cdf462088d13 | 2166 | { |
markrad | 0:cdf462088d13 | 2167 | uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; |
markrad | 0:cdf462088d13 | 2168 | unsigned char doublings = 1; |
markrad | 0:cdf462088d13 | 2169 | |
markrad | 0:cdf462088d13 | 2170 | while( ratio != 0 ) |
markrad | 0:cdf462088d13 | 2171 | { |
markrad | 0:cdf462088d13 | 2172 | ++doublings; |
markrad | 0:cdf462088d13 | 2173 | ratio >>= 1; |
markrad | 0:cdf462088d13 | 2174 | } |
markrad | 0:cdf462088d13 | 2175 | |
markrad | 0:cdf462088d13 | 2176 | if( ++ssl->renego_records_seen > doublings ) |
markrad | 0:cdf462088d13 | 2177 | { |
markrad | 0:cdf462088d13 | 2178 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) ); |
markrad | 0:cdf462088d13 | 2179 | return( 0 ); |
markrad | 0:cdf462088d13 | 2180 | } |
markrad | 0:cdf462088d13 | 2181 | } |
markrad | 0:cdf462088d13 | 2182 | |
markrad | 0:cdf462088d13 | 2183 | return( ssl_write_hello_request( ssl ) ); |
markrad | 0:cdf462088d13 | 2184 | } |
markrad | 0:cdf462088d13 | 2185 | #endif |
markrad | 0:cdf462088d13 | 2186 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
markrad | 0:cdf462088d13 | 2187 | |
markrad | 0:cdf462088d13 | 2188 | /* |
markrad | 0:cdf462088d13 | 2189 | * Fill the input message buffer by appending data to it. |
markrad | 0:cdf462088d13 | 2190 | * The amount of data already fetched is in ssl->in_left. |
markrad | 0:cdf462088d13 | 2191 | * |
markrad | 0:cdf462088d13 | 2192 | * If we return 0, is it guaranteed that (at least) nb_want bytes are |
markrad | 0:cdf462088d13 | 2193 | * available (from this read and/or a previous one). Otherwise, an error code |
markrad | 0:cdf462088d13 | 2194 | * is returned (possibly EOF or WANT_READ). |
markrad | 0:cdf462088d13 | 2195 | * |
markrad | 0:cdf462088d13 | 2196 | * With stream transport (TLS) on success ssl->in_left == nb_want, but |
markrad | 0:cdf462088d13 | 2197 | * with datagram transport (DTLS) on success ssl->in_left >= nb_want, |
markrad | 0:cdf462088d13 | 2198 | * since we always read a whole datagram at once. |
markrad | 0:cdf462088d13 | 2199 | * |
markrad | 0:cdf462088d13 | 2200 | * For DTLS, it is up to the caller to set ssl->next_record_offset when |
markrad | 0:cdf462088d13 | 2201 | * they're done reading a record. |
markrad | 0:cdf462088d13 | 2202 | */ |
markrad | 0:cdf462088d13 | 2203 | int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) |
markrad | 0:cdf462088d13 | 2204 | { |
markrad | 0:cdf462088d13 | 2205 | int ret; |
markrad | 0:cdf462088d13 | 2206 | size_t len; |
markrad | 0:cdf462088d13 | 2207 | |
markrad | 0:cdf462088d13 | 2208 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) ); |
markrad | 0:cdf462088d13 | 2209 | |
markrad | 0:cdf462088d13 | 2210 | if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL ) |
markrad | 0:cdf462088d13 | 2211 | { |
markrad | 0:cdf462088d13 | 2212 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " |
markrad | 0:cdf462088d13 | 2213 | "or mbedtls_ssl_set_bio()" ) ); |
markrad | 0:cdf462088d13 | 2214 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 2215 | } |
markrad | 0:cdf462088d13 | 2216 | |
markrad | 0:cdf462088d13 | 2217 | if( nb_want > MBEDTLS_SSL_BUFFER_LEN - (size_t)( ssl->in_hdr - ssl->in_buf ) ) |
markrad | 0:cdf462088d13 | 2218 | { |
markrad | 0:cdf462088d13 | 2219 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) ); |
markrad | 0:cdf462088d13 | 2220 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 2221 | } |
markrad | 0:cdf462088d13 | 2222 | |
markrad | 0:cdf462088d13 | 2223 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2224 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 2225 | { |
markrad | 0:cdf462088d13 | 2226 | uint32_t timeout; |
markrad | 0:cdf462088d13 | 2227 | |
markrad | 0:cdf462088d13 | 2228 | /* Just to be sure */ |
markrad | 0:cdf462088d13 | 2229 | if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) |
markrad | 0:cdf462088d13 | 2230 | { |
markrad | 0:cdf462088d13 | 2231 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use " |
markrad | 0:cdf462088d13 | 2232 | "mbedtls_ssl_set_timer_cb() for DTLS" ) ); |
markrad | 0:cdf462088d13 | 2233 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 2234 | } |
markrad | 0:cdf462088d13 | 2235 | |
markrad | 0:cdf462088d13 | 2236 | /* |
markrad | 0:cdf462088d13 | 2237 | * The point is, we need to always read a full datagram at once, so we |
markrad | 0:cdf462088d13 | 2238 | * sometimes read more then requested, and handle the additional data. |
markrad | 0:cdf462088d13 | 2239 | * It could be the rest of the current record (while fetching the |
markrad | 0:cdf462088d13 | 2240 | * header) and/or some other records in the same datagram. |
markrad | 0:cdf462088d13 | 2241 | */ |
markrad | 0:cdf462088d13 | 2242 | |
markrad | 0:cdf462088d13 | 2243 | /* |
markrad | 0:cdf462088d13 | 2244 | * Move to the next record in the already read datagram if applicable |
markrad | 0:cdf462088d13 | 2245 | */ |
markrad | 0:cdf462088d13 | 2246 | if( ssl->next_record_offset != 0 ) |
markrad | 0:cdf462088d13 | 2247 | { |
markrad | 0:cdf462088d13 | 2248 | if( ssl->in_left < ssl->next_record_offset ) |
markrad | 0:cdf462088d13 | 2249 | { |
markrad | 0:cdf462088d13 | 2250 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 2251 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 2252 | } |
markrad | 0:cdf462088d13 | 2253 | |
markrad | 0:cdf462088d13 | 2254 | ssl->in_left -= ssl->next_record_offset; |
markrad | 0:cdf462088d13 | 2255 | |
markrad | 0:cdf462088d13 | 2256 | if( ssl->in_left != 0 ) |
markrad | 0:cdf462088d13 | 2257 | { |
markrad | 0:cdf462088d13 | 2258 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d", |
markrad | 0:cdf462088d13 | 2259 | ssl->next_record_offset ) ); |
markrad | 0:cdf462088d13 | 2260 | memmove( ssl->in_hdr, |
markrad | 0:cdf462088d13 | 2261 | ssl->in_hdr + ssl->next_record_offset, |
markrad | 0:cdf462088d13 | 2262 | ssl->in_left ); |
markrad | 0:cdf462088d13 | 2263 | } |
markrad | 0:cdf462088d13 | 2264 | |
markrad | 0:cdf462088d13 | 2265 | ssl->next_record_offset = 0; |
markrad | 0:cdf462088d13 | 2266 | } |
markrad | 0:cdf462088d13 | 2267 | |
markrad | 0:cdf462088d13 | 2268 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
markrad | 0:cdf462088d13 | 2269 | ssl->in_left, nb_want ) ); |
markrad | 0:cdf462088d13 | 2270 | |
markrad | 0:cdf462088d13 | 2271 | /* |
markrad | 0:cdf462088d13 | 2272 | * Done if we already have enough data. |
markrad | 0:cdf462088d13 | 2273 | */ |
markrad | 0:cdf462088d13 | 2274 | if( nb_want <= ssl->in_left) |
markrad | 0:cdf462088d13 | 2275 | { |
markrad | 0:cdf462088d13 | 2276 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); |
markrad | 0:cdf462088d13 | 2277 | return( 0 ); |
markrad | 0:cdf462088d13 | 2278 | } |
markrad | 0:cdf462088d13 | 2279 | |
markrad | 0:cdf462088d13 | 2280 | /* |
markrad | 0:cdf462088d13 | 2281 | * A record can't be split accross datagrams. If we need to read but |
markrad | 0:cdf462088d13 | 2282 | * are not at the beginning of a new record, the caller did something |
markrad | 0:cdf462088d13 | 2283 | * wrong. |
markrad | 0:cdf462088d13 | 2284 | */ |
markrad | 0:cdf462088d13 | 2285 | if( ssl->in_left != 0 ) |
markrad | 0:cdf462088d13 | 2286 | { |
markrad | 0:cdf462088d13 | 2287 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 2288 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 2289 | } |
markrad | 0:cdf462088d13 | 2290 | |
markrad | 0:cdf462088d13 | 2291 | /* |
markrad | 0:cdf462088d13 | 2292 | * Don't even try to read if time's out already. |
markrad | 0:cdf462088d13 | 2293 | * This avoids by-passing the timer when repeatedly receiving messages |
markrad | 0:cdf462088d13 | 2294 | * that will end up being dropped. |
markrad | 0:cdf462088d13 | 2295 | */ |
markrad | 0:cdf462088d13 | 2296 | if( ssl_check_timer( ssl ) != 0 ) |
markrad | 0:cdf462088d13 | 2297 | ret = MBEDTLS_ERR_SSL_TIMEOUT; |
markrad | 0:cdf462088d13 | 2298 | else |
markrad | 0:cdf462088d13 | 2299 | { |
markrad | 0:cdf462088d13 | 2300 | len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf ); |
markrad | 0:cdf462088d13 | 2301 | |
markrad | 0:cdf462088d13 | 2302 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 2303 | timeout = ssl->handshake->retransmit_timeout; |
markrad | 0:cdf462088d13 | 2304 | else |
markrad | 0:cdf462088d13 | 2305 | timeout = ssl->conf->read_timeout; |
markrad | 0:cdf462088d13 | 2306 | |
markrad | 0:cdf462088d13 | 2307 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) ); |
markrad | 0:cdf462088d13 | 2308 | |
markrad | 0:cdf462088d13 | 2309 | if( ssl->f_recv_timeout != NULL ) |
markrad | 0:cdf462088d13 | 2310 | ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len, |
markrad | 0:cdf462088d13 | 2311 | timeout ); |
markrad | 0:cdf462088d13 | 2312 | else |
markrad | 0:cdf462088d13 | 2313 | ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len ); |
markrad | 0:cdf462088d13 | 2314 | |
markrad | 0:cdf462088d13 | 2315 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); |
markrad | 0:cdf462088d13 | 2316 | |
markrad | 0:cdf462088d13 | 2317 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 2318 | return( MBEDTLS_ERR_SSL_CONN_EOF ); |
markrad | 0:cdf462088d13 | 2319 | } |
markrad | 0:cdf462088d13 | 2320 | |
markrad | 0:cdf462088d13 | 2321 | if( ret == MBEDTLS_ERR_SSL_TIMEOUT ) |
markrad | 0:cdf462088d13 | 2322 | { |
markrad | 0:cdf462088d13 | 2323 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) ); |
markrad | 0:cdf462088d13 | 2324 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 2325 | |
markrad | 0:cdf462088d13 | 2326 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 2327 | { |
markrad | 0:cdf462088d13 | 2328 | if( ssl_double_retransmit_timeout( ssl ) != 0 ) |
markrad | 0:cdf462088d13 | 2329 | { |
markrad | 0:cdf462088d13 | 2330 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) ); |
markrad | 0:cdf462088d13 | 2331 | return( MBEDTLS_ERR_SSL_TIMEOUT ); |
markrad | 0:cdf462088d13 | 2332 | } |
markrad | 0:cdf462088d13 | 2333 | |
markrad | 0:cdf462088d13 | 2334 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2335 | { |
markrad | 0:cdf462088d13 | 2336 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
markrad | 0:cdf462088d13 | 2337 | return( ret ); |
markrad | 0:cdf462088d13 | 2338 | } |
markrad | 0:cdf462088d13 | 2339 | |
markrad | 0:cdf462088d13 | 2340 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 2341 | } |
markrad | 0:cdf462088d13 | 2342 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 2343 | else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 2344 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
markrad | 0:cdf462088d13 | 2345 | { |
markrad | 0:cdf462088d13 | 2346 | if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2347 | { |
markrad | 0:cdf462088d13 | 2348 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret ); |
markrad | 0:cdf462088d13 | 2349 | return( ret ); |
markrad | 0:cdf462088d13 | 2350 | } |
markrad | 0:cdf462088d13 | 2351 | |
markrad | 0:cdf462088d13 | 2352 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 2353 | } |
markrad | 0:cdf462088d13 | 2354 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
markrad | 0:cdf462088d13 | 2355 | } |
markrad | 0:cdf462088d13 | 2356 | |
markrad | 0:cdf462088d13 | 2357 | if( ret < 0 ) |
markrad | 0:cdf462088d13 | 2358 | return( ret ); |
markrad | 0:cdf462088d13 | 2359 | |
markrad | 0:cdf462088d13 | 2360 | ssl->in_left = ret; |
markrad | 0:cdf462088d13 | 2361 | } |
markrad | 0:cdf462088d13 | 2362 | else |
markrad | 0:cdf462088d13 | 2363 | #endif |
markrad | 0:cdf462088d13 | 2364 | { |
markrad | 0:cdf462088d13 | 2365 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
markrad | 0:cdf462088d13 | 2366 | ssl->in_left, nb_want ) ); |
markrad | 0:cdf462088d13 | 2367 | |
markrad | 0:cdf462088d13 | 2368 | while( ssl->in_left < nb_want ) |
markrad | 0:cdf462088d13 | 2369 | { |
markrad | 0:cdf462088d13 | 2370 | len = nb_want - ssl->in_left; |
markrad | 0:cdf462088d13 | 2371 | |
markrad | 0:cdf462088d13 | 2372 | if( ssl_check_timer( ssl ) != 0 ) |
markrad | 0:cdf462088d13 | 2373 | ret = MBEDTLS_ERR_SSL_TIMEOUT; |
markrad | 0:cdf462088d13 | 2374 | else |
markrad | 0:cdf462088d13 | 2375 | { |
markrad | 0:cdf462088d13 | 2376 | if( ssl->f_recv_timeout != NULL ) |
markrad | 0:cdf462088d13 | 2377 | { |
markrad | 0:cdf462088d13 | 2378 | ret = ssl->f_recv_timeout( ssl->p_bio, |
markrad | 0:cdf462088d13 | 2379 | ssl->in_hdr + ssl->in_left, len, |
markrad | 0:cdf462088d13 | 2380 | ssl->conf->read_timeout ); |
markrad | 0:cdf462088d13 | 2381 | } |
markrad | 0:cdf462088d13 | 2382 | else |
markrad | 0:cdf462088d13 | 2383 | { |
markrad | 0:cdf462088d13 | 2384 | ret = ssl->f_recv( ssl->p_bio, |
markrad | 0:cdf462088d13 | 2385 | ssl->in_hdr + ssl->in_left, len ); |
markrad | 0:cdf462088d13 | 2386 | } |
markrad | 0:cdf462088d13 | 2387 | } |
markrad | 0:cdf462088d13 | 2388 | |
markrad | 0:cdf462088d13 | 2389 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
markrad | 0:cdf462088d13 | 2390 | ssl->in_left, nb_want ) ); |
markrad | 0:cdf462088d13 | 2391 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); |
markrad | 0:cdf462088d13 | 2392 | |
markrad | 0:cdf462088d13 | 2393 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 2394 | return( MBEDTLS_ERR_SSL_CONN_EOF ); |
markrad | 0:cdf462088d13 | 2395 | |
markrad | 0:cdf462088d13 | 2396 | if( ret < 0 ) |
markrad | 0:cdf462088d13 | 2397 | return( ret ); |
markrad | 0:cdf462088d13 | 2398 | |
markrad | 0:cdf462088d13 | 2399 | ssl->in_left += ret; |
markrad | 0:cdf462088d13 | 2400 | } |
markrad | 0:cdf462088d13 | 2401 | } |
markrad | 0:cdf462088d13 | 2402 | |
markrad | 0:cdf462088d13 | 2403 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); |
markrad | 0:cdf462088d13 | 2404 | |
markrad | 0:cdf462088d13 | 2405 | return( 0 ); |
markrad | 0:cdf462088d13 | 2406 | } |
markrad | 0:cdf462088d13 | 2407 | |
markrad | 0:cdf462088d13 | 2408 | /* |
markrad | 0:cdf462088d13 | 2409 | * Flush any data not yet written |
markrad | 0:cdf462088d13 | 2410 | */ |
markrad | 0:cdf462088d13 | 2411 | int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2412 | { |
markrad | 0:cdf462088d13 | 2413 | int ret; |
markrad | 0:cdf462088d13 | 2414 | unsigned char *buf, i; |
markrad | 0:cdf462088d13 | 2415 | |
markrad | 0:cdf462088d13 | 2416 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) ); |
markrad | 0:cdf462088d13 | 2417 | |
markrad | 0:cdf462088d13 | 2418 | if( ssl->f_send == NULL ) |
markrad | 0:cdf462088d13 | 2419 | { |
markrad | 0:cdf462088d13 | 2420 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " |
markrad | 0:cdf462088d13 | 2421 | "or mbedtls_ssl_set_bio()" ) ); |
markrad | 0:cdf462088d13 | 2422 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 2423 | } |
markrad | 0:cdf462088d13 | 2424 | |
markrad | 0:cdf462088d13 | 2425 | /* Avoid incrementing counter if data is flushed */ |
markrad | 0:cdf462088d13 | 2426 | if( ssl->out_left == 0 ) |
markrad | 0:cdf462088d13 | 2427 | { |
markrad | 0:cdf462088d13 | 2428 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); |
markrad | 0:cdf462088d13 | 2429 | return( 0 ); |
markrad | 0:cdf462088d13 | 2430 | } |
markrad | 0:cdf462088d13 | 2431 | |
markrad | 0:cdf462088d13 | 2432 | while( ssl->out_left > 0 ) |
markrad | 0:cdf462088d13 | 2433 | { |
markrad | 0:cdf462088d13 | 2434 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d", |
markrad | 0:cdf462088d13 | 2435 | mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) ); |
markrad | 0:cdf462088d13 | 2436 | |
markrad | 0:cdf462088d13 | 2437 | buf = ssl->out_hdr + mbedtls_ssl_hdr_len( ssl ) + |
markrad | 0:cdf462088d13 | 2438 | ssl->out_msglen - ssl->out_left; |
markrad | 0:cdf462088d13 | 2439 | ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left ); |
markrad | 0:cdf462088d13 | 2440 | |
markrad | 0:cdf462088d13 | 2441 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret ); |
markrad | 0:cdf462088d13 | 2442 | |
markrad | 0:cdf462088d13 | 2443 | if( ret <= 0 ) |
markrad | 0:cdf462088d13 | 2444 | return( ret ); |
markrad | 0:cdf462088d13 | 2445 | |
markrad | 0:cdf462088d13 | 2446 | ssl->out_left -= ret; |
markrad | 0:cdf462088d13 | 2447 | } |
markrad | 0:cdf462088d13 | 2448 | |
markrad | 0:cdf462088d13 | 2449 | for( i = 8; i > ssl_ep_len( ssl ); i-- ) |
markrad | 0:cdf462088d13 | 2450 | if( ++ssl->out_ctr[i - 1] != 0 ) |
markrad | 0:cdf462088d13 | 2451 | break; |
markrad | 0:cdf462088d13 | 2452 | |
markrad | 0:cdf462088d13 | 2453 | /* The loop goes to its end iff the counter is wrapping */ |
markrad | 0:cdf462088d13 | 2454 | if( i == ssl_ep_len( ssl ) ) |
markrad | 0:cdf462088d13 | 2455 | { |
markrad | 0:cdf462088d13 | 2456 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); |
markrad | 0:cdf462088d13 | 2457 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
markrad | 0:cdf462088d13 | 2458 | } |
markrad | 0:cdf462088d13 | 2459 | |
markrad | 0:cdf462088d13 | 2460 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); |
markrad | 0:cdf462088d13 | 2461 | |
markrad | 0:cdf462088d13 | 2462 | return( 0 ); |
markrad | 0:cdf462088d13 | 2463 | } |
markrad | 0:cdf462088d13 | 2464 | |
markrad | 0:cdf462088d13 | 2465 | /* |
markrad | 0:cdf462088d13 | 2466 | * Functions to handle the DTLS retransmission state machine |
markrad | 0:cdf462088d13 | 2467 | */ |
markrad | 0:cdf462088d13 | 2468 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2469 | /* |
markrad | 0:cdf462088d13 | 2470 | * Append current handshake message to current outgoing flight |
markrad | 0:cdf462088d13 | 2471 | */ |
markrad | 0:cdf462088d13 | 2472 | static int ssl_flight_append( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2473 | { |
markrad | 0:cdf462088d13 | 2474 | mbedtls_ssl_flight_item *msg; |
markrad | 0:cdf462088d13 | 2475 | |
markrad | 0:cdf462088d13 | 2476 | /* Allocate space for current message */ |
markrad | 0:cdf462088d13 | 2477 | if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL ) |
markrad | 0:cdf462088d13 | 2478 | { |
markrad | 0:cdf462088d13 | 2479 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", |
markrad | 0:cdf462088d13 | 2480 | sizeof( mbedtls_ssl_flight_item ) ) ); |
markrad | 0:cdf462088d13 | 2481 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 2482 | } |
markrad | 0:cdf462088d13 | 2483 | |
markrad | 0:cdf462088d13 | 2484 | if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL ) |
markrad | 0:cdf462088d13 | 2485 | { |
markrad | 0:cdf462088d13 | 2486 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) ); |
markrad | 0:cdf462088d13 | 2487 | mbedtls_free( msg ); |
markrad | 0:cdf462088d13 | 2488 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 2489 | } |
markrad | 0:cdf462088d13 | 2490 | |
markrad | 0:cdf462088d13 | 2491 | /* Copy current handshake message with headers */ |
markrad | 0:cdf462088d13 | 2492 | memcpy( msg->p, ssl->out_msg, ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 2493 | msg->len = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 2494 | msg->type = ssl->out_msgtype; |
markrad | 0:cdf462088d13 | 2495 | msg->next = NULL; |
markrad | 0:cdf462088d13 | 2496 | |
markrad | 0:cdf462088d13 | 2497 | /* Append to the current flight */ |
markrad | 0:cdf462088d13 | 2498 | if( ssl->handshake->flight == NULL ) |
markrad | 0:cdf462088d13 | 2499 | ssl->handshake->flight = msg; |
markrad | 0:cdf462088d13 | 2500 | else |
markrad | 0:cdf462088d13 | 2501 | { |
markrad | 0:cdf462088d13 | 2502 | mbedtls_ssl_flight_item *cur = ssl->handshake->flight; |
markrad | 0:cdf462088d13 | 2503 | while( cur->next != NULL ) |
markrad | 0:cdf462088d13 | 2504 | cur = cur->next; |
markrad | 0:cdf462088d13 | 2505 | cur->next = msg; |
markrad | 0:cdf462088d13 | 2506 | } |
markrad | 0:cdf462088d13 | 2507 | |
markrad | 0:cdf462088d13 | 2508 | return( 0 ); |
markrad | 0:cdf462088d13 | 2509 | } |
markrad | 0:cdf462088d13 | 2510 | |
markrad | 0:cdf462088d13 | 2511 | /* |
markrad | 0:cdf462088d13 | 2512 | * Free the current flight of handshake messages |
markrad | 0:cdf462088d13 | 2513 | */ |
markrad | 0:cdf462088d13 | 2514 | static void ssl_flight_free( mbedtls_ssl_flight_item *flight ) |
markrad | 0:cdf462088d13 | 2515 | { |
markrad | 0:cdf462088d13 | 2516 | mbedtls_ssl_flight_item *cur = flight; |
markrad | 0:cdf462088d13 | 2517 | mbedtls_ssl_flight_item *next; |
markrad | 0:cdf462088d13 | 2518 | |
markrad | 0:cdf462088d13 | 2519 | while( cur != NULL ) |
markrad | 0:cdf462088d13 | 2520 | { |
markrad | 0:cdf462088d13 | 2521 | next = cur->next; |
markrad | 0:cdf462088d13 | 2522 | |
markrad | 0:cdf462088d13 | 2523 | mbedtls_free( cur->p ); |
markrad | 0:cdf462088d13 | 2524 | mbedtls_free( cur ); |
markrad | 0:cdf462088d13 | 2525 | |
markrad | 0:cdf462088d13 | 2526 | cur = next; |
markrad | 0:cdf462088d13 | 2527 | } |
markrad | 0:cdf462088d13 | 2528 | } |
markrad | 0:cdf462088d13 | 2529 | |
markrad | 0:cdf462088d13 | 2530 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 2531 | static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ); |
markrad | 0:cdf462088d13 | 2532 | #endif |
markrad | 0:cdf462088d13 | 2533 | |
markrad | 0:cdf462088d13 | 2534 | /* |
markrad | 0:cdf462088d13 | 2535 | * Swap transform_out and out_ctr with the alternative ones |
markrad | 0:cdf462088d13 | 2536 | */ |
markrad | 0:cdf462088d13 | 2537 | static void ssl_swap_epochs( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2538 | { |
markrad | 0:cdf462088d13 | 2539 | mbedtls_ssl_transform *tmp_transform; |
markrad | 0:cdf462088d13 | 2540 | unsigned char tmp_out_ctr[8]; |
markrad | 0:cdf462088d13 | 2541 | |
markrad | 0:cdf462088d13 | 2542 | if( ssl->transform_out == ssl->handshake->alt_transform_out ) |
markrad | 0:cdf462088d13 | 2543 | { |
markrad | 0:cdf462088d13 | 2544 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) ); |
markrad | 0:cdf462088d13 | 2545 | return; |
markrad | 0:cdf462088d13 | 2546 | } |
markrad | 0:cdf462088d13 | 2547 | |
markrad | 0:cdf462088d13 | 2548 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) ); |
markrad | 0:cdf462088d13 | 2549 | |
markrad | 0:cdf462088d13 | 2550 | /* Swap transforms */ |
markrad | 0:cdf462088d13 | 2551 | tmp_transform = ssl->transform_out; |
markrad | 0:cdf462088d13 | 2552 | ssl->transform_out = ssl->handshake->alt_transform_out; |
markrad | 0:cdf462088d13 | 2553 | ssl->handshake->alt_transform_out = tmp_transform; |
markrad | 0:cdf462088d13 | 2554 | |
markrad | 0:cdf462088d13 | 2555 | /* Swap epoch + sequence_number */ |
markrad | 0:cdf462088d13 | 2556 | memcpy( tmp_out_ctr, ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 2557 | memcpy( ssl->out_ctr, ssl->handshake->alt_out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 2558 | memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 2559 | |
markrad | 0:cdf462088d13 | 2560 | /* Adjust to the newly activated transform */ |
markrad | 0:cdf462088d13 | 2561 | if( ssl->transform_out != NULL && |
markrad | 0:cdf462088d13 | 2562 | ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 2563 | { |
markrad | 0:cdf462088d13 | 2564 | ssl->out_msg = ssl->out_iv + ssl->transform_out->ivlen - |
markrad | 0:cdf462088d13 | 2565 | ssl->transform_out->fixed_ivlen; |
markrad | 0:cdf462088d13 | 2566 | } |
markrad | 0:cdf462088d13 | 2567 | else |
markrad | 0:cdf462088d13 | 2568 | ssl->out_msg = ssl->out_iv; |
markrad | 0:cdf462088d13 | 2569 | |
markrad | 0:cdf462088d13 | 2570 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 2571 | if( mbedtls_ssl_hw_record_activate != NULL ) |
markrad | 0:cdf462088d13 | 2572 | { |
markrad | 0:cdf462088d13 | 2573 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2574 | { |
markrad | 0:cdf462088d13 | 2575 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
markrad | 0:cdf462088d13 | 2576 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 2577 | } |
markrad | 0:cdf462088d13 | 2578 | } |
markrad | 0:cdf462088d13 | 2579 | #endif |
markrad | 0:cdf462088d13 | 2580 | } |
markrad | 0:cdf462088d13 | 2581 | |
markrad | 0:cdf462088d13 | 2582 | /* |
markrad | 0:cdf462088d13 | 2583 | * Retransmit the current flight of messages. |
markrad | 0:cdf462088d13 | 2584 | * |
markrad | 0:cdf462088d13 | 2585 | * Need to remember the current message in case flush_output returns |
markrad | 0:cdf462088d13 | 2586 | * WANT_WRITE, causing us to exit this function and come back later. |
markrad | 0:cdf462088d13 | 2587 | * This function must be called until state is no longer SENDING. |
markrad | 0:cdf462088d13 | 2588 | */ |
markrad | 0:cdf462088d13 | 2589 | int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2590 | { |
markrad | 0:cdf462088d13 | 2591 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) ); |
markrad | 0:cdf462088d13 | 2592 | |
markrad | 0:cdf462088d13 | 2593 | if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) |
markrad | 0:cdf462088d13 | 2594 | { |
markrad | 0:cdf462088d13 | 2595 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise resending" ) ); |
markrad | 0:cdf462088d13 | 2596 | |
markrad | 0:cdf462088d13 | 2597 | ssl->handshake->cur_msg = ssl->handshake->flight; |
markrad | 0:cdf462088d13 | 2598 | ssl_swap_epochs( ssl ); |
markrad | 0:cdf462088d13 | 2599 | |
markrad | 0:cdf462088d13 | 2600 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; |
markrad | 0:cdf462088d13 | 2601 | } |
markrad | 0:cdf462088d13 | 2602 | |
markrad | 0:cdf462088d13 | 2603 | while( ssl->handshake->cur_msg != NULL ) |
markrad | 0:cdf462088d13 | 2604 | { |
markrad | 0:cdf462088d13 | 2605 | int ret; |
markrad | 0:cdf462088d13 | 2606 | mbedtls_ssl_flight_item *cur = ssl->handshake->cur_msg; |
markrad | 0:cdf462088d13 | 2607 | |
markrad | 0:cdf462088d13 | 2608 | /* Swap epochs before sending Finished: we can't do it after |
markrad | 0:cdf462088d13 | 2609 | * sending ChangeCipherSpec, in case write returns WANT_READ. |
markrad | 0:cdf462088d13 | 2610 | * Must be done before copying, may change out_msg pointer */ |
markrad | 0:cdf462088d13 | 2611 | if( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 2612 | cur->p[0] == MBEDTLS_SSL_HS_FINISHED ) |
markrad | 0:cdf462088d13 | 2613 | { |
markrad | 0:cdf462088d13 | 2614 | ssl_swap_epochs( ssl ); |
markrad | 0:cdf462088d13 | 2615 | } |
markrad | 0:cdf462088d13 | 2616 | |
markrad | 0:cdf462088d13 | 2617 | memcpy( ssl->out_msg, cur->p, cur->len ); |
markrad | 0:cdf462088d13 | 2618 | ssl->out_msglen = cur->len; |
markrad | 0:cdf462088d13 | 2619 | ssl->out_msgtype = cur->type; |
markrad | 0:cdf462088d13 | 2620 | |
markrad | 0:cdf462088d13 | 2621 | ssl->handshake->cur_msg = cur->next; |
markrad | 0:cdf462088d13 | 2622 | |
markrad | 0:cdf462088d13 | 2623 | MBEDTLS_SSL_DEBUG_BUF( 3, "resent handshake message header", ssl->out_msg, 12 ); |
markrad | 0:cdf462088d13 | 2624 | |
markrad | 0:cdf462088d13 | 2625 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2626 | { |
markrad | 0:cdf462088d13 | 2627 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 2628 | return( ret ); |
markrad | 0:cdf462088d13 | 2629 | } |
markrad | 0:cdf462088d13 | 2630 | } |
markrad | 0:cdf462088d13 | 2631 | |
markrad | 0:cdf462088d13 | 2632 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 2633 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
markrad | 0:cdf462088d13 | 2634 | else |
markrad | 0:cdf462088d13 | 2635 | { |
markrad | 0:cdf462088d13 | 2636 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
markrad | 0:cdf462088d13 | 2637 | ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); |
markrad | 0:cdf462088d13 | 2638 | } |
markrad | 0:cdf462088d13 | 2639 | |
markrad | 0:cdf462088d13 | 2640 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) ); |
markrad | 0:cdf462088d13 | 2641 | |
markrad | 0:cdf462088d13 | 2642 | return( 0 ); |
markrad | 0:cdf462088d13 | 2643 | } |
markrad | 0:cdf462088d13 | 2644 | |
markrad | 0:cdf462088d13 | 2645 | /* |
markrad | 0:cdf462088d13 | 2646 | * To be called when the last message of an incoming flight is received. |
markrad | 0:cdf462088d13 | 2647 | */ |
markrad | 0:cdf462088d13 | 2648 | void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2649 | { |
markrad | 0:cdf462088d13 | 2650 | /* We won't need to resend that one any more */ |
markrad | 0:cdf462088d13 | 2651 | ssl_flight_free( ssl->handshake->flight ); |
markrad | 0:cdf462088d13 | 2652 | ssl->handshake->flight = NULL; |
markrad | 0:cdf462088d13 | 2653 | ssl->handshake->cur_msg = NULL; |
markrad | 0:cdf462088d13 | 2654 | |
markrad | 0:cdf462088d13 | 2655 | /* The next incoming flight will start with this msg_seq */ |
markrad | 0:cdf462088d13 | 2656 | ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq; |
markrad | 0:cdf462088d13 | 2657 | |
markrad | 0:cdf462088d13 | 2658 | /* Cancel timer */ |
markrad | 0:cdf462088d13 | 2659 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 2660 | |
markrad | 0:cdf462088d13 | 2661 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 2662 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
markrad | 0:cdf462088d13 | 2663 | { |
markrad | 0:cdf462088d13 | 2664 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
markrad | 0:cdf462088d13 | 2665 | } |
markrad | 0:cdf462088d13 | 2666 | else |
markrad | 0:cdf462088d13 | 2667 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; |
markrad | 0:cdf462088d13 | 2668 | } |
markrad | 0:cdf462088d13 | 2669 | |
markrad | 0:cdf462088d13 | 2670 | /* |
markrad | 0:cdf462088d13 | 2671 | * To be called when the last message of an outgoing flight is send. |
markrad | 0:cdf462088d13 | 2672 | */ |
markrad | 0:cdf462088d13 | 2673 | void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2674 | { |
markrad | 0:cdf462088d13 | 2675 | ssl_reset_retransmit_timeout( ssl ); |
markrad | 0:cdf462088d13 | 2676 | ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); |
markrad | 0:cdf462088d13 | 2677 | |
markrad | 0:cdf462088d13 | 2678 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 2679 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
markrad | 0:cdf462088d13 | 2680 | { |
markrad | 0:cdf462088d13 | 2681 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
markrad | 0:cdf462088d13 | 2682 | } |
markrad | 0:cdf462088d13 | 2683 | else |
markrad | 0:cdf462088d13 | 2684 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
markrad | 0:cdf462088d13 | 2685 | } |
markrad | 0:cdf462088d13 | 2686 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 2687 | |
markrad | 0:cdf462088d13 | 2688 | /* |
markrad | 0:cdf462088d13 | 2689 | * Record layer functions |
markrad | 0:cdf462088d13 | 2690 | */ |
markrad | 0:cdf462088d13 | 2691 | |
markrad | 0:cdf462088d13 | 2692 | /* |
markrad | 0:cdf462088d13 | 2693 | * Write current record. |
markrad | 0:cdf462088d13 | 2694 | * Uses ssl->out_msgtype, ssl->out_msglen and bytes at ssl->out_msg. |
markrad | 0:cdf462088d13 | 2695 | */ |
markrad | 0:cdf462088d13 | 2696 | int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2697 | { |
markrad | 0:cdf462088d13 | 2698 | int ret, done = 0, out_msg_type; |
markrad | 0:cdf462088d13 | 2699 | size_t len = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 2700 | |
markrad | 0:cdf462088d13 | 2701 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) ); |
markrad | 0:cdf462088d13 | 2702 | |
markrad | 0:cdf462088d13 | 2703 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2704 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 2705 | ssl->handshake != NULL && |
markrad | 0:cdf462088d13 | 2706 | ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) |
markrad | 0:cdf462088d13 | 2707 | { |
markrad | 0:cdf462088d13 | 2708 | ; /* Skip special handshake treatment when resending */ |
markrad | 0:cdf462088d13 | 2709 | } |
markrad | 0:cdf462088d13 | 2710 | else |
markrad | 0:cdf462088d13 | 2711 | #endif |
markrad | 0:cdf462088d13 | 2712 | if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
markrad | 0:cdf462088d13 | 2713 | { |
markrad | 0:cdf462088d13 | 2714 | out_msg_type = ssl->out_msg[0]; |
markrad | 0:cdf462088d13 | 2715 | |
markrad | 0:cdf462088d13 | 2716 | if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST && |
markrad | 0:cdf462088d13 | 2717 | ssl->handshake == NULL ) |
markrad | 0:cdf462088d13 | 2718 | { |
markrad | 0:cdf462088d13 | 2719 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 2720 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 2721 | } |
markrad | 0:cdf462088d13 | 2722 | |
markrad | 0:cdf462088d13 | 2723 | ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 ); |
markrad | 0:cdf462088d13 | 2724 | ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 ); |
markrad | 0:cdf462088d13 | 2725 | ssl->out_msg[3] = (unsigned char)( ( len - 4 ) ); |
markrad | 0:cdf462088d13 | 2726 | |
markrad | 0:cdf462088d13 | 2727 | /* |
markrad | 0:cdf462088d13 | 2728 | * DTLS has additional fields in the Handshake layer, |
markrad | 0:cdf462088d13 | 2729 | * between the length field and the actual payload: |
markrad | 0:cdf462088d13 | 2730 | * uint16 message_seq; |
markrad | 0:cdf462088d13 | 2731 | * uint24 fragment_offset; |
markrad | 0:cdf462088d13 | 2732 | * uint24 fragment_length; |
markrad | 0:cdf462088d13 | 2733 | */ |
markrad | 0:cdf462088d13 | 2734 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2735 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 2736 | { |
markrad | 0:cdf462088d13 | 2737 | /* Make room for the additional DTLS fields */ |
markrad | 0:cdf462088d13 | 2738 | memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 ); |
markrad | 0:cdf462088d13 | 2739 | ssl->out_msglen += 8; |
markrad | 0:cdf462088d13 | 2740 | len += 8; |
markrad | 0:cdf462088d13 | 2741 | |
markrad | 0:cdf462088d13 | 2742 | /* Write message_seq and update it, except for HelloRequest */ |
markrad | 0:cdf462088d13 | 2743 | if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) |
markrad | 0:cdf462088d13 | 2744 | { |
markrad | 0:cdf462088d13 | 2745 | ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; |
markrad | 0:cdf462088d13 | 2746 | ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; |
markrad | 0:cdf462088d13 | 2747 | ++( ssl->handshake->out_msg_seq ); |
markrad | 0:cdf462088d13 | 2748 | } |
markrad | 0:cdf462088d13 | 2749 | else |
markrad | 0:cdf462088d13 | 2750 | { |
markrad | 0:cdf462088d13 | 2751 | ssl->out_msg[4] = 0; |
markrad | 0:cdf462088d13 | 2752 | ssl->out_msg[5] = 0; |
markrad | 0:cdf462088d13 | 2753 | } |
markrad | 0:cdf462088d13 | 2754 | |
markrad | 0:cdf462088d13 | 2755 | /* We don't fragment, so frag_offset = 0 and frag_len = len */ |
markrad | 0:cdf462088d13 | 2756 | memset( ssl->out_msg + 6, 0x00, 3 ); |
markrad | 0:cdf462088d13 | 2757 | memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 ); |
markrad | 0:cdf462088d13 | 2758 | } |
markrad | 0:cdf462088d13 | 2759 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 2760 | |
markrad | 0:cdf462088d13 | 2761 | if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) |
markrad | 0:cdf462088d13 | 2762 | ssl->handshake->update_checksum( ssl, ssl->out_msg, len ); |
markrad | 0:cdf462088d13 | 2763 | } |
markrad | 0:cdf462088d13 | 2764 | |
markrad | 0:cdf462088d13 | 2765 | /* Save handshake and CCS messages for resending */ |
markrad | 0:cdf462088d13 | 2766 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2767 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 2768 | ssl->handshake != NULL && |
markrad | 0:cdf462088d13 | 2769 | ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING && |
markrad | 0:cdf462088d13 | 2770 | ( ssl->out_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC || |
markrad | 0:cdf462088d13 | 2771 | ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) ) |
markrad | 0:cdf462088d13 | 2772 | { |
markrad | 0:cdf462088d13 | 2773 | if( ( ret = ssl_flight_append( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2774 | { |
markrad | 0:cdf462088d13 | 2775 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret ); |
markrad | 0:cdf462088d13 | 2776 | return( ret ); |
markrad | 0:cdf462088d13 | 2777 | } |
markrad | 0:cdf462088d13 | 2778 | } |
markrad | 0:cdf462088d13 | 2779 | #endif |
markrad | 0:cdf462088d13 | 2780 | |
markrad | 0:cdf462088d13 | 2781 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 2782 | if( ssl->transform_out != NULL && |
markrad | 0:cdf462088d13 | 2783 | ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
markrad | 0:cdf462088d13 | 2784 | { |
markrad | 0:cdf462088d13 | 2785 | if( ( ret = ssl_compress_buf( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2786 | { |
markrad | 0:cdf462088d13 | 2787 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compress_buf", ret ); |
markrad | 0:cdf462088d13 | 2788 | return( ret ); |
markrad | 0:cdf462088d13 | 2789 | } |
markrad | 0:cdf462088d13 | 2790 | |
markrad | 0:cdf462088d13 | 2791 | len = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 2792 | } |
markrad | 0:cdf462088d13 | 2793 | #endif /*MBEDTLS_ZLIB_SUPPORT */ |
markrad | 0:cdf462088d13 | 2794 | |
markrad | 0:cdf462088d13 | 2795 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 2796 | if( mbedtls_ssl_hw_record_write != NULL ) |
markrad | 0:cdf462088d13 | 2797 | { |
markrad | 0:cdf462088d13 | 2798 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_write()" ) ); |
markrad | 0:cdf462088d13 | 2799 | |
markrad | 0:cdf462088d13 | 2800 | ret = mbedtls_ssl_hw_record_write( ssl ); |
markrad | 0:cdf462088d13 | 2801 | if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) |
markrad | 0:cdf462088d13 | 2802 | { |
markrad | 0:cdf462088d13 | 2803 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_write", ret ); |
markrad | 0:cdf462088d13 | 2804 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 2805 | } |
markrad | 0:cdf462088d13 | 2806 | |
markrad | 0:cdf462088d13 | 2807 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 2808 | done = 1; |
markrad | 0:cdf462088d13 | 2809 | } |
markrad | 0:cdf462088d13 | 2810 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
markrad | 0:cdf462088d13 | 2811 | if( !done ) |
markrad | 0:cdf462088d13 | 2812 | { |
markrad | 0:cdf462088d13 | 2813 | ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; |
markrad | 0:cdf462088d13 | 2814 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
markrad | 0:cdf462088d13 | 2815 | ssl->conf->transport, ssl->out_hdr + 1 ); |
markrad | 0:cdf462088d13 | 2816 | |
markrad | 0:cdf462088d13 | 2817 | ssl->out_len[0] = (unsigned char)( len >> 8 ); |
markrad | 0:cdf462088d13 | 2818 | ssl->out_len[1] = (unsigned char)( len ); |
markrad | 0:cdf462088d13 | 2819 | |
markrad | 0:cdf462088d13 | 2820 | if( ssl->transform_out != NULL ) |
markrad | 0:cdf462088d13 | 2821 | { |
markrad | 0:cdf462088d13 | 2822 | if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2823 | { |
markrad | 0:cdf462088d13 | 2824 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); |
markrad | 0:cdf462088d13 | 2825 | return( ret ); |
markrad | 0:cdf462088d13 | 2826 | } |
markrad | 0:cdf462088d13 | 2827 | |
markrad | 0:cdf462088d13 | 2828 | len = ssl->out_msglen; |
markrad | 0:cdf462088d13 | 2829 | ssl->out_len[0] = (unsigned char)( len >> 8 ); |
markrad | 0:cdf462088d13 | 2830 | ssl->out_len[1] = (unsigned char)( len ); |
markrad | 0:cdf462088d13 | 2831 | } |
markrad | 0:cdf462088d13 | 2832 | |
markrad | 0:cdf462088d13 | 2833 | ssl->out_left = mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen; |
markrad | 0:cdf462088d13 | 2834 | |
markrad | 0:cdf462088d13 | 2835 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, " |
markrad | 0:cdf462088d13 | 2836 | "version = [%d:%d], msglen = %d", |
markrad | 0:cdf462088d13 | 2837 | ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], |
markrad | 0:cdf462088d13 | 2838 | ( ssl->out_len[0] << 8 ) | ssl->out_len[1] ) ); |
markrad | 0:cdf462088d13 | 2839 | |
markrad | 0:cdf462088d13 | 2840 | MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network", |
markrad | 0:cdf462088d13 | 2841 | ssl->out_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen ); |
markrad | 0:cdf462088d13 | 2842 | } |
markrad | 0:cdf462088d13 | 2843 | |
markrad | 0:cdf462088d13 | 2844 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 2845 | { |
markrad | 0:cdf462088d13 | 2846 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); |
markrad | 0:cdf462088d13 | 2847 | return( ret ); |
markrad | 0:cdf462088d13 | 2848 | } |
markrad | 0:cdf462088d13 | 2849 | |
markrad | 0:cdf462088d13 | 2850 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) ); |
markrad | 0:cdf462088d13 | 2851 | |
markrad | 0:cdf462088d13 | 2852 | return( 0 ); |
markrad | 0:cdf462088d13 | 2853 | } |
markrad | 0:cdf462088d13 | 2854 | |
markrad | 0:cdf462088d13 | 2855 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 2856 | /* |
markrad | 0:cdf462088d13 | 2857 | * Mark bits in bitmask (used for DTLS HS reassembly) |
markrad | 0:cdf462088d13 | 2858 | */ |
markrad | 0:cdf462088d13 | 2859 | static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len ) |
markrad | 0:cdf462088d13 | 2860 | { |
markrad | 0:cdf462088d13 | 2861 | unsigned int start_bits, end_bits; |
markrad | 0:cdf462088d13 | 2862 | |
markrad | 0:cdf462088d13 | 2863 | start_bits = 8 - ( offset % 8 ); |
markrad | 0:cdf462088d13 | 2864 | if( start_bits != 8 ) |
markrad | 0:cdf462088d13 | 2865 | { |
markrad | 0:cdf462088d13 | 2866 | size_t first_byte_idx = offset / 8; |
markrad | 0:cdf462088d13 | 2867 | |
markrad | 0:cdf462088d13 | 2868 | /* Special case */ |
markrad | 0:cdf462088d13 | 2869 | if( len <= start_bits ) |
markrad | 0:cdf462088d13 | 2870 | { |
markrad | 0:cdf462088d13 | 2871 | for( ; len != 0; len-- ) |
markrad | 0:cdf462088d13 | 2872 | mask[first_byte_idx] |= 1 << ( start_bits - len ); |
markrad | 0:cdf462088d13 | 2873 | |
markrad | 0:cdf462088d13 | 2874 | /* Avoid potential issues with offset or len becoming invalid */ |
markrad | 0:cdf462088d13 | 2875 | return; |
markrad | 0:cdf462088d13 | 2876 | } |
markrad | 0:cdf462088d13 | 2877 | |
markrad | 0:cdf462088d13 | 2878 | offset += start_bits; /* Now offset % 8 == 0 */ |
markrad | 0:cdf462088d13 | 2879 | len -= start_bits; |
markrad | 0:cdf462088d13 | 2880 | |
markrad | 0:cdf462088d13 | 2881 | for( ; start_bits != 0; start_bits-- ) |
markrad | 0:cdf462088d13 | 2882 | mask[first_byte_idx] |= 1 << ( start_bits - 1 ); |
markrad | 0:cdf462088d13 | 2883 | } |
markrad | 0:cdf462088d13 | 2884 | |
markrad | 0:cdf462088d13 | 2885 | end_bits = len % 8; |
markrad | 0:cdf462088d13 | 2886 | if( end_bits != 0 ) |
markrad | 0:cdf462088d13 | 2887 | { |
markrad | 0:cdf462088d13 | 2888 | size_t last_byte_idx = ( offset + len ) / 8; |
markrad | 0:cdf462088d13 | 2889 | |
markrad | 0:cdf462088d13 | 2890 | len -= end_bits; /* Now len % 8 == 0 */ |
markrad | 0:cdf462088d13 | 2891 | |
markrad | 0:cdf462088d13 | 2892 | for( ; end_bits != 0; end_bits-- ) |
markrad | 0:cdf462088d13 | 2893 | mask[last_byte_idx] |= 1 << ( 8 - end_bits ); |
markrad | 0:cdf462088d13 | 2894 | } |
markrad | 0:cdf462088d13 | 2895 | |
markrad | 0:cdf462088d13 | 2896 | memset( mask + offset / 8, 0xFF, len / 8 ); |
markrad | 0:cdf462088d13 | 2897 | } |
markrad | 0:cdf462088d13 | 2898 | |
markrad | 0:cdf462088d13 | 2899 | /* |
markrad | 0:cdf462088d13 | 2900 | * Check that bitmask is full |
markrad | 0:cdf462088d13 | 2901 | */ |
markrad | 0:cdf462088d13 | 2902 | static int ssl_bitmask_check( unsigned char *mask, size_t len ) |
markrad | 0:cdf462088d13 | 2903 | { |
markrad | 0:cdf462088d13 | 2904 | size_t i; |
markrad | 0:cdf462088d13 | 2905 | |
markrad | 0:cdf462088d13 | 2906 | for( i = 0; i < len / 8; i++ ) |
markrad | 0:cdf462088d13 | 2907 | if( mask[i] != 0xFF ) |
markrad | 0:cdf462088d13 | 2908 | return( -1 ); |
markrad | 0:cdf462088d13 | 2909 | |
markrad | 0:cdf462088d13 | 2910 | for( i = 0; i < len % 8; i++ ) |
markrad | 0:cdf462088d13 | 2911 | if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 ) |
markrad | 0:cdf462088d13 | 2912 | return( -1 ); |
markrad | 0:cdf462088d13 | 2913 | |
markrad | 0:cdf462088d13 | 2914 | return( 0 ); |
markrad | 0:cdf462088d13 | 2915 | } |
markrad | 0:cdf462088d13 | 2916 | |
markrad | 0:cdf462088d13 | 2917 | /* |
markrad | 0:cdf462088d13 | 2918 | * Reassemble fragmented DTLS handshake messages. |
markrad | 0:cdf462088d13 | 2919 | * |
markrad | 0:cdf462088d13 | 2920 | * Use a temporary buffer for reassembly, divided in two parts: |
markrad | 0:cdf462088d13 | 2921 | * - the first holds the reassembled message (including handshake header), |
markrad | 0:cdf462088d13 | 2922 | * - the second holds a bitmask indicating which parts of the message |
markrad | 0:cdf462088d13 | 2923 | * (excluding headers) have been received so far. |
markrad | 0:cdf462088d13 | 2924 | */ |
markrad | 0:cdf462088d13 | 2925 | static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 2926 | { |
markrad | 0:cdf462088d13 | 2927 | unsigned char *msg, *bitmask; |
markrad | 0:cdf462088d13 | 2928 | size_t frag_len, frag_off; |
markrad | 0:cdf462088d13 | 2929 | size_t msg_len = ssl->in_hslen - 12; /* Without headers */ |
markrad | 0:cdf462088d13 | 2930 | |
markrad | 0:cdf462088d13 | 2931 | if( ssl->handshake == NULL ) |
markrad | 0:cdf462088d13 | 2932 | { |
markrad | 0:cdf462088d13 | 2933 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "not supported outside handshake (for now)" ) ); |
markrad | 0:cdf462088d13 | 2934 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 2935 | } |
markrad | 0:cdf462088d13 | 2936 | |
markrad | 0:cdf462088d13 | 2937 | /* |
markrad | 0:cdf462088d13 | 2938 | * For first fragment, check size and allocate buffer |
markrad | 0:cdf462088d13 | 2939 | */ |
markrad | 0:cdf462088d13 | 2940 | if( ssl->handshake->hs_msg == NULL ) |
markrad | 0:cdf462088d13 | 2941 | { |
markrad | 0:cdf462088d13 | 2942 | size_t alloc_len; |
markrad | 0:cdf462088d13 | 2943 | |
markrad | 0:cdf462088d13 | 2944 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d", |
markrad | 0:cdf462088d13 | 2945 | msg_len ) ); |
markrad | 0:cdf462088d13 | 2946 | |
markrad | 0:cdf462088d13 | 2947 | if( ssl->in_hslen > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
markrad | 0:cdf462088d13 | 2948 | { |
markrad | 0:cdf462088d13 | 2949 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too large" ) ); |
markrad | 0:cdf462088d13 | 2950 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 2951 | } |
markrad | 0:cdf462088d13 | 2952 | |
markrad | 0:cdf462088d13 | 2953 | /* The bitmask needs one bit per byte of message excluding header */ |
markrad | 0:cdf462088d13 | 2954 | alloc_len = 12 + msg_len + msg_len / 8 + ( msg_len % 8 != 0 ); |
markrad | 0:cdf462088d13 | 2955 | |
markrad | 0:cdf462088d13 | 2956 | ssl->handshake->hs_msg = mbedtls_calloc( 1, alloc_len ); |
markrad | 0:cdf462088d13 | 2957 | if( ssl->handshake->hs_msg == NULL ) |
markrad | 0:cdf462088d13 | 2958 | { |
markrad | 0:cdf462088d13 | 2959 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", alloc_len ) ); |
markrad | 0:cdf462088d13 | 2960 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 2961 | } |
markrad | 0:cdf462088d13 | 2962 | |
markrad | 0:cdf462088d13 | 2963 | /* Prepare final header: copy msg_type, length and message_seq, |
markrad | 0:cdf462088d13 | 2964 | * then add standardised fragment_offset and fragment_length */ |
markrad | 0:cdf462088d13 | 2965 | memcpy( ssl->handshake->hs_msg, ssl->in_msg, 6 ); |
markrad | 0:cdf462088d13 | 2966 | memset( ssl->handshake->hs_msg + 6, 0, 3 ); |
markrad | 0:cdf462088d13 | 2967 | memcpy( ssl->handshake->hs_msg + 9, |
markrad | 0:cdf462088d13 | 2968 | ssl->handshake->hs_msg + 1, 3 ); |
markrad | 0:cdf462088d13 | 2969 | } |
markrad | 0:cdf462088d13 | 2970 | else |
markrad | 0:cdf462088d13 | 2971 | { |
markrad | 0:cdf462088d13 | 2972 | /* Make sure msg_type and length are consistent */ |
markrad | 0:cdf462088d13 | 2973 | if( memcmp( ssl->handshake->hs_msg, ssl->in_msg, 4 ) != 0 ) |
markrad | 0:cdf462088d13 | 2974 | { |
markrad | 0:cdf462088d13 | 2975 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment header mismatch" ) ); |
markrad | 0:cdf462088d13 | 2976 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 2977 | } |
markrad | 0:cdf462088d13 | 2978 | } |
markrad | 0:cdf462088d13 | 2979 | |
markrad | 0:cdf462088d13 | 2980 | msg = ssl->handshake->hs_msg + 12; |
markrad | 0:cdf462088d13 | 2981 | bitmask = msg + msg_len; |
markrad | 0:cdf462088d13 | 2982 | |
markrad | 0:cdf462088d13 | 2983 | /* |
markrad | 0:cdf462088d13 | 2984 | * Check and copy current fragment |
markrad | 0:cdf462088d13 | 2985 | */ |
markrad | 0:cdf462088d13 | 2986 | frag_off = ( ssl->in_msg[6] << 16 ) | |
markrad | 0:cdf462088d13 | 2987 | ( ssl->in_msg[7] << 8 ) | |
markrad | 0:cdf462088d13 | 2988 | ssl->in_msg[8]; |
markrad | 0:cdf462088d13 | 2989 | frag_len = ( ssl->in_msg[9] << 16 ) | |
markrad | 0:cdf462088d13 | 2990 | ( ssl->in_msg[10] << 8 ) | |
markrad | 0:cdf462088d13 | 2991 | ssl->in_msg[11]; |
markrad | 0:cdf462088d13 | 2992 | |
markrad | 0:cdf462088d13 | 2993 | if( frag_off + frag_len > msg_len ) |
markrad | 0:cdf462088d13 | 2994 | { |
markrad | 0:cdf462088d13 | 2995 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment offset/len: %d + %d > %d", |
markrad | 0:cdf462088d13 | 2996 | frag_off, frag_len, msg_len ) ); |
markrad | 0:cdf462088d13 | 2997 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 2998 | } |
markrad | 0:cdf462088d13 | 2999 | |
markrad | 0:cdf462088d13 | 3000 | if( frag_len + 12 > ssl->in_msglen ) |
markrad | 0:cdf462088d13 | 3001 | { |
markrad | 0:cdf462088d13 | 3002 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment length: %d + 12 > %d", |
markrad | 0:cdf462088d13 | 3003 | frag_len, ssl->in_msglen ) ); |
markrad | 0:cdf462088d13 | 3004 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3005 | } |
markrad | 0:cdf462088d13 | 3006 | |
markrad | 0:cdf462088d13 | 3007 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d", |
markrad | 0:cdf462088d13 | 3008 | frag_off, frag_len ) ); |
markrad | 0:cdf462088d13 | 3009 | |
markrad | 0:cdf462088d13 | 3010 | memcpy( msg + frag_off, ssl->in_msg + 12, frag_len ); |
markrad | 0:cdf462088d13 | 3011 | ssl_bitmask_set( bitmask, frag_off, frag_len ); |
markrad | 0:cdf462088d13 | 3012 | |
markrad | 0:cdf462088d13 | 3013 | /* |
markrad | 0:cdf462088d13 | 3014 | * Do we have the complete message by now? |
markrad | 0:cdf462088d13 | 3015 | * If yes, finalize it, else ask to read the next record. |
markrad | 0:cdf462088d13 | 3016 | */ |
markrad | 0:cdf462088d13 | 3017 | if( ssl_bitmask_check( bitmask, msg_len ) != 0 ) |
markrad | 0:cdf462088d13 | 3018 | { |
markrad | 0:cdf462088d13 | 3019 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) ); |
markrad | 0:cdf462088d13 | 3020 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 3021 | } |
markrad | 0:cdf462088d13 | 3022 | |
markrad | 0:cdf462088d13 | 3023 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) ); |
markrad | 0:cdf462088d13 | 3024 | |
markrad | 0:cdf462088d13 | 3025 | if( frag_len + 12 < ssl->in_msglen ) |
markrad | 0:cdf462088d13 | 3026 | { |
markrad | 0:cdf462088d13 | 3027 | /* |
markrad | 0:cdf462088d13 | 3028 | * We'got more handshake messages in the same record. |
markrad | 0:cdf462088d13 | 3029 | * This case is not handled now because no know implementation does |
markrad | 0:cdf462088d13 | 3030 | * that and it's hard to test, so we prefer to fail cleanly for now. |
markrad | 0:cdf462088d13 | 3031 | */ |
markrad | 0:cdf462088d13 | 3032 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "last fragment not alone in its record" ) ); |
markrad | 0:cdf462088d13 | 3033 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 3034 | } |
markrad | 0:cdf462088d13 | 3035 | |
markrad | 0:cdf462088d13 | 3036 | if( ssl->in_left > ssl->next_record_offset ) |
markrad | 0:cdf462088d13 | 3037 | { |
markrad | 0:cdf462088d13 | 3038 | /* |
markrad | 0:cdf462088d13 | 3039 | * We've got more data in the buffer after the current record, |
markrad | 0:cdf462088d13 | 3040 | * that we don't want to overwrite. Move it before writing the |
markrad | 0:cdf462088d13 | 3041 | * reassembled message, and adjust in_left and next_record_offset. |
markrad | 0:cdf462088d13 | 3042 | */ |
markrad | 0:cdf462088d13 | 3043 | unsigned char *cur_remain = ssl->in_hdr + ssl->next_record_offset; |
markrad | 0:cdf462088d13 | 3044 | unsigned char *new_remain = ssl->in_msg + ssl->in_hslen; |
markrad | 0:cdf462088d13 | 3045 | size_t remain_len = ssl->in_left - ssl->next_record_offset; |
markrad | 0:cdf462088d13 | 3046 | |
markrad | 0:cdf462088d13 | 3047 | /* First compute and check new lengths */ |
markrad | 0:cdf462088d13 | 3048 | ssl->next_record_offset = new_remain - ssl->in_hdr; |
markrad | 0:cdf462088d13 | 3049 | ssl->in_left = ssl->next_record_offset + remain_len; |
markrad | 0:cdf462088d13 | 3050 | |
markrad | 0:cdf462088d13 | 3051 | if( ssl->in_left > MBEDTLS_SSL_BUFFER_LEN - |
markrad | 0:cdf462088d13 | 3052 | (size_t)( ssl->in_hdr - ssl->in_buf ) ) |
markrad | 0:cdf462088d13 | 3053 | { |
markrad | 0:cdf462088d13 | 3054 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "reassembled message too large for buffer" ) ); |
markrad | 0:cdf462088d13 | 3055 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); |
markrad | 0:cdf462088d13 | 3056 | } |
markrad | 0:cdf462088d13 | 3057 | |
markrad | 0:cdf462088d13 | 3058 | memmove( new_remain, cur_remain, remain_len ); |
markrad | 0:cdf462088d13 | 3059 | } |
markrad | 0:cdf462088d13 | 3060 | |
markrad | 0:cdf462088d13 | 3061 | memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen ); |
markrad | 0:cdf462088d13 | 3062 | |
markrad | 0:cdf462088d13 | 3063 | mbedtls_free( ssl->handshake->hs_msg ); |
markrad | 0:cdf462088d13 | 3064 | ssl->handshake->hs_msg = NULL; |
markrad | 0:cdf462088d13 | 3065 | |
markrad | 0:cdf462088d13 | 3066 | MBEDTLS_SSL_DEBUG_BUF( 3, "reassembled handshake message", |
markrad | 0:cdf462088d13 | 3067 | ssl->in_msg, ssl->in_hslen ); |
markrad | 0:cdf462088d13 | 3068 | |
markrad | 0:cdf462088d13 | 3069 | return( 0 ); |
markrad | 0:cdf462088d13 | 3070 | } |
markrad | 0:cdf462088d13 | 3071 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 3072 | |
markrad | 0:cdf462088d13 | 3073 | int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3074 | { |
markrad | 0:cdf462088d13 | 3075 | if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) ) |
markrad | 0:cdf462088d13 | 3076 | { |
markrad | 0:cdf462088d13 | 3077 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d", |
markrad | 0:cdf462088d13 | 3078 | ssl->in_msglen ) ); |
markrad | 0:cdf462088d13 | 3079 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3080 | } |
markrad | 0:cdf462088d13 | 3081 | |
markrad | 0:cdf462088d13 | 3082 | ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ( |
markrad | 0:cdf462088d13 | 3083 | ( ssl->in_msg[1] << 16 ) | |
markrad | 0:cdf462088d13 | 3084 | ( ssl->in_msg[2] << 8 ) | |
markrad | 0:cdf462088d13 | 3085 | ssl->in_msg[3] ); |
markrad | 0:cdf462088d13 | 3086 | |
markrad | 0:cdf462088d13 | 3087 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" |
markrad | 0:cdf462088d13 | 3088 | " %d, type = %d, hslen = %d", |
markrad | 0:cdf462088d13 | 3089 | ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); |
markrad | 0:cdf462088d13 | 3090 | |
markrad | 0:cdf462088d13 | 3091 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3092 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 3093 | { |
markrad | 0:cdf462088d13 | 3094 | int ret; |
markrad | 0:cdf462088d13 | 3095 | unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; |
markrad | 0:cdf462088d13 | 3096 | |
markrad | 0:cdf462088d13 | 3097 | /* ssl->handshake is NULL when receiving ClientHello for renego */ |
markrad | 0:cdf462088d13 | 3098 | if( ssl->handshake != NULL && |
markrad | 0:cdf462088d13 | 3099 | recv_msg_seq != ssl->handshake->in_msg_seq ) |
markrad | 0:cdf462088d13 | 3100 | { |
markrad | 0:cdf462088d13 | 3101 | /* Retransmit only on last message from previous flight, to avoid |
markrad | 0:cdf462088d13 | 3102 | * too many retransmissions. |
markrad | 0:cdf462088d13 | 3103 | * Besides, No sane server ever retransmits HelloVerifyRequest */ |
markrad | 0:cdf462088d13 | 3104 | if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 && |
markrad | 0:cdf462088d13 | 3105 | ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST ) |
markrad | 0:cdf462088d13 | 3106 | { |
markrad | 0:cdf462088d13 | 3107 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, " |
markrad | 0:cdf462088d13 | 3108 | "message_seq = %d, start_of_flight = %d", |
markrad | 0:cdf462088d13 | 3109 | recv_msg_seq, |
markrad | 0:cdf462088d13 | 3110 | ssl->handshake->in_flight_start_seq ) ); |
markrad | 0:cdf462088d13 | 3111 | |
markrad | 0:cdf462088d13 | 3112 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3113 | { |
markrad | 0:cdf462088d13 | 3114 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
markrad | 0:cdf462088d13 | 3115 | return( ret ); |
markrad | 0:cdf462088d13 | 3116 | } |
markrad | 0:cdf462088d13 | 3117 | } |
markrad | 0:cdf462088d13 | 3118 | else |
markrad | 0:cdf462088d13 | 3119 | { |
markrad | 0:cdf462088d13 | 3120 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: " |
markrad | 0:cdf462088d13 | 3121 | "message_seq = %d, expected = %d", |
markrad | 0:cdf462088d13 | 3122 | recv_msg_seq, |
markrad | 0:cdf462088d13 | 3123 | ssl->handshake->in_msg_seq ) ); |
markrad | 0:cdf462088d13 | 3124 | } |
markrad | 0:cdf462088d13 | 3125 | |
markrad | 0:cdf462088d13 | 3126 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 3127 | } |
markrad | 0:cdf462088d13 | 3128 | /* Wait until message completion to increment in_msg_seq */ |
markrad | 0:cdf462088d13 | 3129 | |
markrad | 0:cdf462088d13 | 3130 | /* Reassemble if current message is fragmented or reassembly is |
markrad | 0:cdf462088d13 | 3131 | * already in progress */ |
markrad | 0:cdf462088d13 | 3132 | if( ssl->in_msglen < ssl->in_hslen || |
markrad | 0:cdf462088d13 | 3133 | memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 || |
markrad | 0:cdf462088d13 | 3134 | memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 || |
markrad | 0:cdf462088d13 | 3135 | ( ssl->handshake != NULL && ssl->handshake->hs_msg != NULL ) ) |
markrad | 0:cdf462088d13 | 3136 | { |
markrad | 0:cdf462088d13 | 3137 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) ); |
markrad | 0:cdf462088d13 | 3138 | |
markrad | 0:cdf462088d13 | 3139 | if( ( ret = ssl_reassemble_dtls_handshake( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3140 | { |
markrad | 0:cdf462088d13 | 3141 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_reassemble_dtls_handshake", ret ); |
markrad | 0:cdf462088d13 | 3142 | return( ret ); |
markrad | 0:cdf462088d13 | 3143 | } |
markrad | 0:cdf462088d13 | 3144 | } |
markrad | 0:cdf462088d13 | 3145 | } |
markrad | 0:cdf462088d13 | 3146 | else |
markrad | 0:cdf462088d13 | 3147 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 3148 | /* With TLS we don't handle fragmentation (for now) */ |
markrad | 0:cdf462088d13 | 3149 | if( ssl->in_msglen < ssl->in_hslen ) |
markrad | 0:cdf462088d13 | 3150 | { |
markrad | 0:cdf462088d13 | 3151 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) ); |
markrad | 0:cdf462088d13 | 3152 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 3153 | } |
markrad | 0:cdf462088d13 | 3154 | |
markrad | 0:cdf462088d13 | 3155 | return( 0 ); |
markrad | 0:cdf462088d13 | 3156 | } |
markrad | 0:cdf462088d13 | 3157 | |
markrad | 0:cdf462088d13 | 3158 | void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3159 | { |
markrad | 0:cdf462088d13 | 3160 | |
markrad | 0:cdf462088d13 | 3161 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && |
markrad | 0:cdf462088d13 | 3162 | ssl->handshake != NULL ) |
markrad | 0:cdf462088d13 | 3163 | { |
markrad | 0:cdf462088d13 | 3164 | ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); |
markrad | 0:cdf462088d13 | 3165 | } |
markrad | 0:cdf462088d13 | 3166 | |
markrad | 0:cdf462088d13 | 3167 | /* Handshake message is complete, increment counter */ |
markrad | 0:cdf462088d13 | 3168 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3169 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 3170 | ssl->handshake != NULL ) |
markrad | 0:cdf462088d13 | 3171 | { |
markrad | 0:cdf462088d13 | 3172 | ssl->handshake->in_msg_seq++; |
markrad | 0:cdf462088d13 | 3173 | } |
markrad | 0:cdf462088d13 | 3174 | #endif |
markrad | 0:cdf462088d13 | 3175 | } |
markrad | 0:cdf462088d13 | 3176 | |
markrad | 0:cdf462088d13 | 3177 | /* |
markrad | 0:cdf462088d13 | 3178 | * DTLS anti-replay: RFC 6347 4.1.2.6 |
markrad | 0:cdf462088d13 | 3179 | * |
markrad | 0:cdf462088d13 | 3180 | * in_window is a field of bits numbered from 0 (lsb) to 63 (msb). |
markrad | 0:cdf462088d13 | 3181 | * Bit n is set iff record number in_window_top - n has been seen. |
markrad | 0:cdf462088d13 | 3182 | * |
markrad | 0:cdf462088d13 | 3183 | * Usually, in_window_top is the last record number seen and the lsb of |
markrad | 0:cdf462088d13 | 3184 | * in_window is set. The only exception is the initial state (record number 0 |
markrad | 0:cdf462088d13 | 3185 | * not seen yet). |
markrad | 0:cdf462088d13 | 3186 | */ |
markrad | 0:cdf462088d13 | 3187 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 3188 | static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3189 | { |
markrad | 0:cdf462088d13 | 3190 | ssl->in_window_top = 0; |
markrad | 0:cdf462088d13 | 3191 | ssl->in_window = 0; |
markrad | 0:cdf462088d13 | 3192 | } |
markrad | 0:cdf462088d13 | 3193 | |
markrad | 0:cdf462088d13 | 3194 | static inline uint64_t ssl_load_six_bytes( unsigned char *buf ) |
markrad | 0:cdf462088d13 | 3195 | { |
markrad | 0:cdf462088d13 | 3196 | return( ( (uint64_t) buf[0] << 40 ) | |
markrad | 0:cdf462088d13 | 3197 | ( (uint64_t) buf[1] << 32 ) | |
markrad | 0:cdf462088d13 | 3198 | ( (uint64_t) buf[2] << 24 ) | |
markrad | 0:cdf462088d13 | 3199 | ( (uint64_t) buf[3] << 16 ) | |
markrad | 0:cdf462088d13 | 3200 | ( (uint64_t) buf[4] << 8 ) | |
markrad | 0:cdf462088d13 | 3201 | ( (uint64_t) buf[5] ) ); |
markrad | 0:cdf462088d13 | 3202 | } |
markrad | 0:cdf462088d13 | 3203 | |
markrad | 0:cdf462088d13 | 3204 | /* |
markrad | 0:cdf462088d13 | 3205 | * Return 0 if sequence number is acceptable, -1 otherwise |
markrad | 0:cdf462088d13 | 3206 | */ |
markrad | 0:cdf462088d13 | 3207 | int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3208 | { |
markrad | 0:cdf462088d13 | 3209 | uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); |
markrad | 0:cdf462088d13 | 3210 | uint64_t bit; |
markrad | 0:cdf462088d13 | 3211 | |
markrad | 0:cdf462088d13 | 3212 | if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) |
markrad | 0:cdf462088d13 | 3213 | return( 0 ); |
markrad | 0:cdf462088d13 | 3214 | |
markrad | 0:cdf462088d13 | 3215 | if( rec_seqnum > ssl->in_window_top ) |
markrad | 0:cdf462088d13 | 3216 | return( 0 ); |
markrad | 0:cdf462088d13 | 3217 | |
markrad | 0:cdf462088d13 | 3218 | bit = ssl->in_window_top - rec_seqnum; |
markrad | 0:cdf462088d13 | 3219 | |
markrad | 0:cdf462088d13 | 3220 | if( bit >= 64 ) |
markrad | 0:cdf462088d13 | 3221 | return( -1 ); |
markrad | 0:cdf462088d13 | 3222 | |
markrad | 0:cdf462088d13 | 3223 | if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3224 | return( -1 ); |
markrad | 0:cdf462088d13 | 3225 | |
markrad | 0:cdf462088d13 | 3226 | return( 0 ); |
markrad | 0:cdf462088d13 | 3227 | } |
markrad | 0:cdf462088d13 | 3228 | |
markrad | 0:cdf462088d13 | 3229 | /* |
markrad | 0:cdf462088d13 | 3230 | * Update replay window on new validated record |
markrad | 0:cdf462088d13 | 3231 | */ |
markrad | 0:cdf462088d13 | 3232 | void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3233 | { |
markrad | 0:cdf462088d13 | 3234 | uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); |
markrad | 0:cdf462088d13 | 3235 | |
markrad | 0:cdf462088d13 | 3236 | if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) |
markrad | 0:cdf462088d13 | 3237 | return; |
markrad | 0:cdf462088d13 | 3238 | |
markrad | 0:cdf462088d13 | 3239 | if( rec_seqnum > ssl->in_window_top ) |
markrad | 0:cdf462088d13 | 3240 | { |
markrad | 0:cdf462088d13 | 3241 | /* Update window_top and the contents of the window */ |
markrad | 0:cdf462088d13 | 3242 | uint64_t shift = rec_seqnum - ssl->in_window_top; |
markrad | 0:cdf462088d13 | 3243 | |
markrad | 0:cdf462088d13 | 3244 | if( shift >= 64 ) |
markrad | 0:cdf462088d13 | 3245 | ssl->in_window = 1; |
markrad | 0:cdf462088d13 | 3246 | else |
markrad | 0:cdf462088d13 | 3247 | { |
markrad | 0:cdf462088d13 | 3248 | ssl->in_window <<= shift; |
markrad | 0:cdf462088d13 | 3249 | ssl->in_window |= 1; |
markrad | 0:cdf462088d13 | 3250 | } |
markrad | 0:cdf462088d13 | 3251 | |
markrad | 0:cdf462088d13 | 3252 | ssl->in_window_top = rec_seqnum; |
markrad | 0:cdf462088d13 | 3253 | } |
markrad | 0:cdf462088d13 | 3254 | else |
markrad | 0:cdf462088d13 | 3255 | { |
markrad | 0:cdf462088d13 | 3256 | /* Mark that number as seen in the current window */ |
markrad | 0:cdf462088d13 | 3257 | uint64_t bit = ssl->in_window_top - rec_seqnum; |
markrad | 0:cdf462088d13 | 3258 | |
markrad | 0:cdf462088d13 | 3259 | if( bit < 64 ) /* Always true, but be extra sure */ |
markrad | 0:cdf462088d13 | 3260 | ssl->in_window |= (uint64_t) 1 << bit; |
markrad | 0:cdf462088d13 | 3261 | } |
markrad | 0:cdf462088d13 | 3262 | } |
markrad | 0:cdf462088d13 | 3263 | #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ |
markrad | 0:cdf462088d13 | 3264 | |
markrad | 0:cdf462088d13 | 3265 | #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 3266 | /* Forward declaration */ |
markrad | 0:cdf462088d13 | 3267 | static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ); |
markrad | 0:cdf462088d13 | 3268 | |
markrad | 0:cdf462088d13 | 3269 | /* |
markrad | 0:cdf462088d13 | 3270 | * Without any SSL context, check if a datagram looks like a ClientHello with |
markrad | 0:cdf462088d13 | 3271 | * a valid cookie, and if it doesn't, generate a HelloVerifyRequest message. |
markrad | 0:cdf462088d13 | 3272 | * Both input and output include full DTLS headers. |
markrad | 0:cdf462088d13 | 3273 | * |
markrad | 0:cdf462088d13 | 3274 | * - if cookie is valid, return 0 |
markrad | 0:cdf462088d13 | 3275 | * - if ClientHello looks superficially valid but cookie is not, |
markrad | 0:cdf462088d13 | 3276 | * fill obuf and set olen, then |
markrad | 0:cdf462088d13 | 3277 | * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED |
markrad | 0:cdf462088d13 | 3278 | * - otherwise return a specific error code |
markrad | 0:cdf462088d13 | 3279 | */ |
markrad | 0:cdf462088d13 | 3280 | static int ssl_check_dtls_clihlo_cookie( |
markrad | 0:cdf462088d13 | 3281 | mbedtls_ssl_cookie_write_t *f_cookie_write, |
markrad | 0:cdf462088d13 | 3282 | mbedtls_ssl_cookie_check_t *f_cookie_check, |
markrad | 0:cdf462088d13 | 3283 | void *p_cookie, |
markrad | 0:cdf462088d13 | 3284 | const unsigned char *cli_id, size_t cli_id_len, |
markrad | 0:cdf462088d13 | 3285 | const unsigned char *in, size_t in_len, |
markrad | 0:cdf462088d13 | 3286 | unsigned char *obuf, size_t buf_len, size_t *olen ) |
markrad | 0:cdf462088d13 | 3287 | { |
markrad | 0:cdf462088d13 | 3288 | size_t sid_len, cookie_len; |
markrad | 0:cdf462088d13 | 3289 | unsigned char *p; |
markrad | 0:cdf462088d13 | 3290 | |
markrad | 0:cdf462088d13 | 3291 | if( f_cookie_write == NULL || f_cookie_check == NULL ) |
markrad | 0:cdf462088d13 | 3292 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 3293 | |
markrad | 0:cdf462088d13 | 3294 | /* |
markrad | 0:cdf462088d13 | 3295 | * Structure of ClientHello with record and handshake headers, |
markrad | 0:cdf462088d13 | 3296 | * and expected values. We don't need to check a lot, more checks will be |
markrad | 0:cdf462088d13 | 3297 | * done when actually parsing the ClientHello - skipping those checks |
markrad | 0:cdf462088d13 | 3298 | * avoids code duplication and does not make cookie forging any easier. |
markrad | 0:cdf462088d13 | 3299 | * |
markrad | 0:cdf462088d13 | 3300 | * 0-0 ContentType type; copied, must be handshake |
markrad | 0:cdf462088d13 | 3301 | * 1-2 ProtocolVersion version; copied |
markrad | 0:cdf462088d13 | 3302 | * 3-4 uint16 epoch; copied, must be 0 |
markrad | 0:cdf462088d13 | 3303 | * 5-10 uint48 sequence_number; copied |
markrad | 0:cdf462088d13 | 3304 | * 11-12 uint16 length; (ignored) |
markrad | 0:cdf462088d13 | 3305 | * |
markrad | 0:cdf462088d13 | 3306 | * 13-13 HandshakeType msg_type; (ignored) |
markrad | 0:cdf462088d13 | 3307 | * 14-16 uint24 length; (ignored) |
markrad | 0:cdf462088d13 | 3308 | * 17-18 uint16 message_seq; copied |
markrad | 0:cdf462088d13 | 3309 | * 19-21 uint24 fragment_offset; copied, must be 0 |
markrad | 0:cdf462088d13 | 3310 | * 22-24 uint24 fragment_length; (ignored) |
markrad | 0:cdf462088d13 | 3311 | * |
markrad | 0:cdf462088d13 | 3312 | * 25-26 ProtocolVersion client_version; (ignored) |
markrad | 0:cdf462088d13 | 3313 | * 27-58 Random random; (ignored) |
markrad | 0:cdf462088d13 | 3314 | * 59-xx SessionID session_id; 1 byte len + sid_len content |
markrad | 0:cdf462088d13 | 3315 | * 60+ opaque cookie<0..2^8-1>; 1 byte len + content |
markrad | 0:cdf462088d13 | 3316 | * ... |
markrad | 0:cdf462088d13 | 3317 | * |
markrad | 0:cdf462088d13 | 3318 | * Minimum length is 61 bytes. |
markrad | 0:cdf462088d13 | 3319 | */ |
markrad | 0:cdf462088d13 | 3320 | if( in_len < 61 || |
markrad | 0:cdf462088d13 | 3321 | in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || |
markrad | 0:cdf462088d13 | 3322 | in[3] != 0 || in[4] != 0 || |
markrad | 0:cdf462088d13 | 3323 | in[19] != 0 || in[20] != 0 || in[21] != 0 ) |
markrad | 0:cdf462088d13 | 3324 | { |
markrad | 0:cdf462088d13 | 3325 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
markrad | 0:cdf462088d13 | 3326 | } |
markrad | 0:cdf462088d13 | 3327 | |
markrad | 0:cdf462088d13 | 3328 | sid_len = in[59]; |
markrad | 0:cdf462088d13 | 3329 | if( sid_len > in_len - 61 ) |
markrad | 0:cdf462088d13 | 3330 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
markrad | 0:cdf462088d13 | 3331 | |
markrad | 0:cdf462088d13 | 3332 | cookie_len = in[60 + sid_len]; |
markrad | 0:cdf462088d13 | 3333 | if( cookie_len > in_len - 60 ) |
markrad | 0:cdf462088d13 | 3334 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
markrad | 0:cdf462088d13 | 3335 | |
markrad | 0:cdf462088d13 | 3336 | if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len, |
markrad | 0:cdf462088d13 | 3337 | cli_id, cli_id_len ) == 0 ) |
markrad | 0:cdf462088d13 | 3338 | { |
markrad | 0:cdf462088d13 | 3339 | /* Valid cookie */ |
markrad | 0:cdf462088d13 | 3340 | return( 0 ); |
markrad | 0:cdf462088d13 | 3341 | } |
markrad | 0:cdf462088d13 | 3342 | |
markrad | 0:cdf462088d13 | 3343 | /* |
markrad | 0:cdf462088d13 | 3344 | * If we get here, we've got an invalid cookie, let's prepare HVR. |
markrad | 0:cdf462088d13 | 3345 | * |
markrad | 0:cdf462088d13 | 3346 | * 0-0 ContentType type; copied |
markrad | 0:cdf462088d13 | 3347 | * 1-2 ProtocolVersion version; copied |
markrad | 0:cdf462088d13 | 3348 | * 3-4 uint16 epoch; copied |
markrad | 0:cdf462088d13 | 3349 | * 5-10 uint48 sequence_number; copied |
markrad | 0:cdf462088d13 | 3350 | * 11-12 uint16 length; olen - 13 |
markrad | 0:cdf462088d13 | 3351 | * |
markrad | 0:cdf462088d13 | 3352 | * 13-13 HandshakeType msg_type; hello_verify_request |
markrad | 0:cdf462088d13 | 3353 | * 14-16 uint24 length; olen - 25 |
markrad | 0:cdf462088d13 | 3354 | * 17-18 uint16 message_seq; copied |
markrad | 0:cdf462088d13 | 3355 | * 19-21 uint24 fragment_offset; copied |
markrad | 0:cdf462088d13 | 3356 | * 22-24 uint24 fragment_length; olen - 25 |
markrad | 0:cdf462088d13 | 3357 | * |
markrad | 0:cdf462088d13 | 3358 | * 25-26 ProtocolVersion server_version; 0xfe 0xff |
markrad | 0:cdf462088d13 | 3359 | * 27-27 opaque cookie<0..2^8-1>; cookie_len = olen - 27, cookie |
markrad | 0:cdf462088d13 | 3360 | * |
markrad | 0:cdf462088d13 | 3361 | * Minimum length is 28. |
markrad | 0:cdf462088d13 | 3362 | */ |
markrad | 0:cdf462088d13 | 3363 | if( buf_len < 28 ) |
markrad | 0:cdf462088d13 | 3364 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); |
markrad | 0:cdf462088d13 | 3365 | |
markrad | 0:cdf462088d13 | 3366 | /* Copy most fields and adapt others */ |
markrad | 0:cdf462088d13 | 3367 | memcpy( obuf, in, 25 ); |
markrad | 0:cdf462088d13 | 3368 | obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; |
markrad | 0:cdf462088d13 | 3369 | obuf[25] = 0xfe; |
markrad | 0:cdf462088d13 | 3370 | obuf[26] = 0xff; |
markrad | 0:cdf462088d13 | 3371 | |
markrad | 0:cdf462088d13 | 3372 | /* Generate and write actual cookie */ |
markrad | 0:cdf462088d13 | 3373 | p = obuf + 28; |
markrad | 0:cdf462088d13 | 3374 | if( f_cookie_write( p_cookie, |
markrad | 0:cdf462088d13 | 3375 | &p, obuf + buf_len, cli_id, cli_id_len ) != 0 ) |
markrad | 0:cdf462088d13 | 3376 | { |
markrad | 0:cdf462088d13 | 3377 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 3378 | } |
markrad | 0:cdf462088d13 | 3379 | |
markrad | 0:cdf462088d13 | 3380 | *olen = p - obuf; |
markrad | 0:cdf462088d13 | 3381 | |
markrad | 0:cdf462088d13 | 3382 | /* Go back and fill length fields */ |
markrad | 0:cdf462088d13 | 3383 | obuf[27] = (unsigned char)( *olen - 28 ); |
markrad | 0:cdf462088d13 | 3384 | |
markrad | 0:cdf462088d13 | 3385 | obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 ); |
markrad | 0:cdf462088d13 | 3386 | obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 ); |
markrad | 0:cdf462088d13 | 3387 | obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) ); |
markrad | 0:cdf462088d13 | 3388 | |
markrad | 0:cdf462088d13 | 3389 | obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 ); |
markrad | 0:cdf462088d13 | 3390 | obuf[12] = (unsigned char)( ( *olen - 13 ) ); |
markrad | 0:cdf462088d13 | 3391 | |
markrad | 0:cdf462088d13 | 3392 | return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); |
markrad | 0:cdf462088d13 | 3393 | } |
markrad | 0:cdf462088d13 | 3394 | |
markrad | 0:cdf462088d13 | 3395 | /* |
markrad | 0:cdf462088d13 | 3396 | * Handle possible client reconnect with the same UDP quadruplet |
markrad | 0:cdf462088d13 | 3397 | * (RFC 6347 Section 4.2.8). |
markrad | 0:cdf462088d13 | 3398 | * |
markrad | 0:cdf462088d13 | 3399 | * Called by ssl_parse_record_header() in case we receive an epoch 0 record |
markrad | 0:cdf462088d13 | 3400 | * that looks like a ClientHello. |
markrad | 0:cdf462088d13 | 3401 | * |
markrad | 0:cdf462088d13 | 3402 | * - if the input looks like a ClientHello without cookies, |
markrad | 0:cdf462088d13 | 3403 | * send back HelloVerifyRequest, then |
markrad | 0:cdf462088d13 | 3404 | * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED |
markrad | 0:cdf462088d13 | 3405 | * - if the input looks like a ClientHello with a valid cookie, |
markrad | 0:cdf462088d13 | 3406 | * reset the session of the current context, and |
markrad | 0:cdf462088d13 | 3407 | * return MBEDTLS_ERR_SSL_CLIENT_RECONNECT |
markrad | 0:cdf462088d13 | 3408 | * - if anything goes wrong, return a specific error code |
markrad | 0:cdf462088d13 | 3409 | * |
markrad | 0:cdf462088d13 | 3410 | * mbedtls_ssl_read_record() will ignore the record if anything else than |
markrad | 0:cdf462088d13 | 3411 | * MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function |
markrad | 0:cdf462088d13 | 3412 | * cannot not return 0. |
markrad | 0:cdf462088d13 | 3413 | */ |
markrad | 0:cdf462088d13 | 3414 | static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3415 | { |
markrad | 0:cdf462088d13 | 3416 | int ret; |
markrad | 0:cdf462088d13 | 3417 | size_t len; |
markrad | 0:cdf462088d13 | 3418 | |
markrad | 0:cdf462088d13 | 3419 | ret = ssl_check_dtls_clihlo_cookie( |
markrad | 0:cdf462088d13 | 3420 | ssl->conf->f_cookie_write, |
markrad | 0:cdf462088d13 | 3421 | ssl->conf->f_cookie_check, |
markrad | 0:cdf462088d13 | 3422 | ssl->conf->p_cookie, |
markrad | 0:cdf462088d13 | 3423 | ssl->cli_id, ssl->cli_id_len, |
markrad | 0:cdf462088d13 | 3424 | ssl->in_buf, ssl->in_left, |
markrad | 0:cdf462088d13 | 3425 | ssl->out_buf, MBEDTLS_SSL_MAX_CONTENT_LEN, &len ); |
markrad | 0:cdf462088d13 | 3426 | |
markrad | 0:cdf462088d13 | 3427 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret ); |
markrad | 0:cdf462088d13 | 3428 | |
markrad | 0:cdf462088d13 | 3429 | if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) |
markrad | 0:cdf462088d13 | 3430 | { |
markrad | 0:cdf462088d13 | 3431 | /* Don't check write errors as we can't do anything here. |
markrad | 0:cdf462088d13 | 3432 | * If the error is permanent we'll catch it later, |
markrad | 0:cdf462088d13 | 3433 | * if it's not, then hopefully it'll work next time. */ |
markrad | 0:cdf462088d13 | 3434 | (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); |
markrad | 0:cdf462088d13 | 3435 | |
markrad | 0:cdf462088d13 | 3436 | return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); |
markrad | 0:cdf462088d13 | 3437 | } |
markrad | 0:cdf462088d13 | 3438 | |
markrad | 0:cdf462088d13 | 3439 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 3440 | { |
markrad | 0:cdf462088d13 | 3441 | /* Got a valid cookie, partially reset context */ |
markrad | 0:cdf462088d13 | 3442 | if( ( ret = ssl_session_reset_int( ssl, 1 ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3443 | { |
markrad | 0:cdf462088d13 | 3444 | MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret ); |
markrad | 0:cdf462088d13 | 3445 | return( ret ); |
markrad | 0:cdf462088d13 | 3446 | } |
markrad | 0:cdf462088d13 | 3447 | |
markrad | 0:cdf462088d13 | 3448 | return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT ); |
markrad | 0:cdf462088d13 | 3449 | } |
markrad | 0:cdf462088d13 | 3450 | |
markrad | 0:cdf462088d13 | 3451 | return( ret ); |
markrad | 0:cdf462088d13 | 3452 | } |
markrad | 0:cdf462088d13 | 3453 | #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 3454 | |
markrad | 0:cdf462088d13 | 3455 | /* |
markrad | 0:cdf462088d13 | 3456 | * ContentType type; |
markrad | 0:cdf462088d13 | 3457 | * ProtocolVersion version; |
markrad | 0:cdf462088d13 | 3458 | * uint16 epoch; // DTLS only |
markrad | 0:cdf462088d13 | 3459 | * uint48 sequence_number; // DTLS only |
markrad | 0:cdf462088d13 | 3460 | * uint16 length; |
markrad | 0:cdf462088d13 | 3461 | * |
markrad | 0:cdf462088d13 | 3462 | * Return 0 if header looks sane (and, for DTLS, the record is expected) |
markrad | 0:cdf462088d13 | 3463 | * MBEDTLS_ERR_SSL_INVALID_RECORD if the header looks bad, |
markrad | 0:cdf462088d13 | 3464 | * MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected. |
markrad | 0:cdf462088d13 | 3465 | * |
markrad | 0:cdf462088d13 | 3466 | * With DTLS, mbedtls_ssl_read_record() will: |
markrad | 0:cdf462088d13 | 3467 | * 1. proceed with the record if this function returns 0 |
markrad | 0:cdf462088d13 | 3468 | * 2. drop only the current record if this function returns UNEXPECTED_RECORD |
markrad | 0:cdf462088d13 | 3469 | * 3. return CLIENT_RECONNECT if this function return that value |
markrad | 0:cdf462088d13 | 3470 | * 4. drop the whole datagram if this function returns anything else. |
markrad | 0:cdf462088d13 | 3471 | * Point 2 is needed when the peer is resending, and we have already received |
markrad | 0:cdf462088d13 | 3472 | * the first record from a datagram but are still waiting for the others. |
markrad | 0:cdf462088d13 | 3473 | */ |
markrad | 0:cdf462088d13 | 3474 | static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3475 | { |
markrad | 0:cdf462088d13 | 3476 | int major_ver, minor_ver; |
markrad | 0:cdf462088d13 | 3477 | |
markrad | 0:cdf462088d13 | 3478 | MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) ); |
markrad | 0:cdf462088d13 | 3479 | |
markrad | 0:cdf462088d13 | 3480 | ssl->in_msgtype = ssl->in_hdr[0]; |
markrad | 0:cdf462088d13 | 3481 | ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; |
markrad | 0:cdf462088d13 | 3482 | mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 ); |
markrad | 0:cdf462088d13 | 3483 | |
markrad | 0:cdf462088d13 | 3484 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " |
markrad | 0:cdf462088d13 | 3485 | "version = [%d:%d], msglen = %d", |
markrad | 0:cdf462088d13 | 3486 | ssl->in_msgtype, |
markrad | 0:cdf462088d13 | 3487 | major_ver, minor_ver, ssl->in_msglen ) ); |
markrad | 0:cdf462088d13 | 3488 | |
markrad | 0:cdf462088d13 | 3489 | /* Check record type */ |
markrad | 0:cdf462088d13 | 3490 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 3491 | ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT && |
markrad | 0:cdf462088d13 | 3492 | ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && |
markrad | 0:cdf462088d13 | 3493 | ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
markrad | 0:cdf462088d13 | 3494 | { |
markrad | 0:cdf462088d13 | 3495 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 3496 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 3497 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 3498 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3499 | } |
markrad | 0:cdf462088d13 | 3500 | |
markrad | 0:cdf462088d13 | 3501 | /* Check version */ |
markrad | 0:cdf462088d13 | 3502 | if( major_ver != ssl->major_ver ) |
markrad | 0:cdf462088d13 | 3503 | { |
markrad | 0:cdf462088d13 | 3504 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) ); |
markrad | 0:cdf462088d13 | 3505 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3506 | } |
markrad | 0:cdf462088d13 | 3507 | |
markrad | 0:cdf462088d13 | 3508 | if( minor_ver > ssl->conf->max_minor_ver ) |
markrad | 0:cdf462088d13 | 3509 | { |
markrad | 0:cdf462088d13 | 3510 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) ); |
markrad | 0:cdf462088d13 | 3511 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3512 | } |
markrad | 0:cdf462088d13 | 3513 | |
markrad | 0:cdf462088d13 | 3514 | /* Check length against the size of our buffer */ |
markrad | 0:cdf462088d13 | 3515 | if( ssl->in_msglen > MBEDTLS_SSL_BUFFER_LEN |
markrad | 0:cdf462088d13 | 3516 | - (size_t)( ssl->in_msg - ssl->in_buf ) ) |
markrad | 0:cdf462088d13 | 3517 | { |
markrad | 0:cdf462088d13 | 3518 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
markrad | 0:cdf462088d13 | 3519 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3520 | } |
markrad | 0:cdf462088d13 | 3521 | |
markrad | 0:cdf462088d13 | 3522 | /* Check length against bounds of the current transform and version */ |
markrad | 0:cdf462088d13 | 3523 | if( ssl->transform_in == NULL ) |
markrad | 0:cdf462088d13 | 3524 | { |
markrad | 0:cdf462088d13 | 3525 | if( ssl->in_msglen < 1 || |
markrad | 0:cdf462088d13 | 3526 | ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
markrad | 0:cdf462088d13 | 3527 | { |
markrad | 0:cdf462088d13 | 3528 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
markrad | 0:cdf462088d13 | 3529 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3530 | } |
markrad | 0:cdf462088d13 | 3531 | } |
markrad | 0:cdf462088d13 | 3532 | else |
markrad | 0:cdf462088d13 | 3533 | { |
markrad | 0:cdf462088d13 | 3534 | if( ssl->in_msglen < ssl->transform_in->minlen ) |
markrad | 0:cdf462088d13 | 3535 | { |
markrad | 0:cdf462088d13 | 3536 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
markrad | 0:cdf462088d13 | 3537 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3538 | } |
markrad | 0:cdf462088d13 | 3539 | |
markrad | 0:cdf462088d13 | 3540 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 3541 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && |
markrad | 0:cdf462088d13 | 3542 | ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN ) |
markrad | 0:cdf462088d13 | 3543 | { |
markrad | 0:cdf462088d13 | 3544 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
markrad | 0:cdf462088d13 | 3545 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3546 | } |
markrad | 0:cdf462088d13 | 3547 | #endif |
markrad | 0:cdf462088d13 | 3548 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 3549 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 3550 | /* |
markrad | 0:cdf462088d13 | 3551 | * TLS encrypted messages can have up to 256 bytes of padding |
markrad | 0:cdf462088d13 | 3552 | */ |
markrad | 0:cdf462088d13 | 3553 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 && |
markrad | 0:cdf462088d13 | 3554 | ssl->in_msglen > ssl->transform_in->minlen + |
markrad | 0:cdf462088d13 | 3555 | MBEDTLS_SSL_MAX_CONTENT_LEN + 256 ) |
markrad | 0:cdf462088d13 | 3556 | { |
markrad | 0:cdf462088d13 | 3557 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
markrad | 0:cdf462088d13 | 3558 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3559 | } |
markrad | 0:cdf462088d13 | 3560 | #endif |
markrad | 0:cdf462088d13 | 3561 | } |
markrad | 0:cdf462088d13 | 3562 | |
markrad | 0:cdf462088d13 | 3563 | /* |
markrad | 0:cdf462088d13 | 3564 | * DTLS-related tests done last, because most of them may result in |
markrad | 0:cdf462088d13 | 3565 | * silently dropping the record (but not the whole datagram), and we only |
markrad | 0:cdf462088d13 | 3566 | * want to consider that after ensuring that the "basic" fields (type, |
markrad | 0:cdf462088d13 | 3567 | * version, length) are sane. |
markrad | 0:cdf462088d13 | 3568 | */ |
markrad | 0:cdf462088d13 | 3569 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3570 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 3571 | { |
markrad | 0:cdf462088d13 | 3572 | unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; |
markrad | 0:cdf462088d13 | 3573 | |
markrad | 0:cdf462088d13 | 3574 | /* Drop unexpected ChangeCipherSpec messages */ |
markrad | 0:cdf462088d13 | 3575 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && |
markrad | 0:cdf462088d13 | 3576 | ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && |
markrad | 0:cdf462088d13 | 3577 | ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) |
markrad | 0:cdf462088d13 | 3578 | { |
markrad | 0:cdf462088d13 | 3579 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) ); |
markrad | 0:cdf462088d13 | 3580 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
markrad | 0:cdf462088d13 | 3581 | } |
markrad | 0:cdf462088d13 | 3582 | |
markrad | 0:cdf462088d13 | 3583 | /* Drop unexpected ApplicationData records, |
markrad | 0:cdf462088d13 | 3584 | * except at the beginning of renegotiations */ |
markrad | 0:cdf462088d13 | 3585 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && |
markrad | 0:cdf462088d13 | 3586 | ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER |
markrad | 0:cdf462088d13 | 3587 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 3588 | && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && |
markrad | 0:cdf462088d13 | 3589 | ssl->state == MBEDTLS_SSL_SERVER_HELLO ) |
markrad | 0:cdf462088d13 | 3590 | #endif |
markrad | 0:cdf462088d13 | 3591 | ) |
markrad | 0:cdf462088d13 | 3592 | { |
markrad | 0:cdf462088d13 | 3593 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) ); |
markrad | 0:cdf462088d13 | 3594 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
markrad | 0:cdf462088d13 | 3595 | } |
markrad | 0:cdf462088d13 | 3596 | |
markrad | 0:cdf462088d13 | 3597 | /* Check epoch (and sequence number) with DTLS */ |
markrad | 0:cdf462088d13 | 3598 | if( rec_epoch != ssl->in_epoch ) |
markrad | 0:cdf462088d13 | 3599 | { |
markrad | 0:cdf462088d13 | 3600 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: " |
markrad | 0:cdf462088d13 | 3601 | "expected %d, received %d", |
markrad | 0:cdf462088d13 | 3602 | ssl->in_epoch, rec_epoch ) ); |
markrad | 0:cdf462088d13 | 3603 | |
markrad | 0:cdf462088d13 | 3604 | #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 3605 | /* |
markrad | 0:cdf462088d13 | 3606 | * Check for an epoch 0 ClientHello. We can't use in_msg here to |
markrad | 0:cdf462088d13 | 3607 | * access the first byte of record content (handshake type), as we |
markrad | 0:cdf462088d13 | 3608 | * have an active transform (possibly iv_len != 0), so use the |
markrad | 0:cdf462088d13 | 3609 | * fact that the record header len is 13 instead. |
markrad | 0:cdf462088d13 | 3610 | */ |
markrad | 0:cdf462088d13 | 3611 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 3612 | ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && |
markrad | 0:cdf462088d13 | 3613 | rec_epoch == 0 && |
markrad | 0:cdf462088d13 | 3614 | ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 3615 | ssl->in_left > 13 && |
markrad | 0:cdf462088d13 | 3616 | ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO ) |
markrad | 0:cdf462088d13 | 3617 | { |
markrad | 0:cdf462088d13 | 3618 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect " |
markrad | 0:cdf462088d13 | 3619 | "from the same port" ) ); |
markrad | 0:cdf462088d13 | 3620 | return( ssl_handle_possible_reconnect( ssl ) ); |
markrad | 0:cdf462088d13 | 3621 | } |
markrad | 0:cdf462088d13 | 3622 | else |
markrad | 0:cdf462088d13 | 3623 | #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 3624 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
markrad | 0:cdf462088d13 | 3625 | } |
markrad | 0:cdf462088d13 | 3626 | |
markrad | 0:cdf462088d13 | 3627 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 3628 | /* Replay detection only works for the current epoch */ |
markrad | 0:cdf462088d13 | 3629 | if( rec_epoch == ssl->in_epoch && |
markrad | 0:cdf462088d13 | 3630 | mbedtls_ssl_dtls_replay_check( ssl ) != 0 ) |
markrad | 0:cdf462088d13 | 3631 | { |
markrad | 0:cdf462088d13 | 3632 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) ); |
markrad | 0:cdf462088d13 | 3633 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
markrad | 0:cdf462088d13 | 3634 | } |
markrad | 0:cdf462088d13 | 3635 | #endif |
markrad | 0:cdf462088d13 | 3636 | } |
markrad | 0:cdf462088d13 | 3637 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 3638 | |
markrad | 0:cdf462088d13 | 3639 | return( 0 ); |
markrad | 0:cdf462088d13 | 3640 | } |
markrad | 0:cdf462088d13 | 3641 | |
markrad | 0:cdf462088d13 | 3642 | /* |
markrad | 0:cdf462088d13 | 3643 | * If applicable, decrypt (and decompress) record content |
markrad | 0:cdf462088d13 | 3644 | */ |
markrad | 0:cdf462088d13 | 3645 | static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3646 | { |
markrad | 0:cdf462088d13 | 3647 | int ret, done = 0; |
markrad | 0:cdf462088d13 | 3648 | |
markrad | 0:cdf462088d13 | 3649 | MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network", |
markrad | 0:cdf462088d13 | 3650 | ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 3651 | |
markrad | 0:cdf462088d13 | 3652 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 3653 | if( mbedtls_ssl_hw_record_read != NULL ) |
markrad | 0:cdf462088d13 | 3654 | { |
markrad | 0:cdf462088d13 | 3655 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_read()" ) ); |
markrad | 0:cdf462088d13 | 3656 | |
markrad | 0:cdf462088d13 | 3657 | ret = mbedtls_ssl_hw_record_read( ssl ); |
markrad | 0:cdf462088d13 | 3658 | if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) |
markrad | 0:cdf462088d13 | 3659 | { |
markrad | 0:cdf462088d13 | 3660 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_read", ret ); |
markrad | 0:cdf462088d13 | 3661 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 3662 | } |
markrad | 0:cdf462088d13 | 3663 | |
markrad | 0:cdf462088d13 | 3664 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 3665 | done = 1; |
markrad | 0:cdf462088d13 | 3666 | } |
markrad | 0:cdf462088d13 | 3667 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
markrad | 0:cdf462088d13 | 3668 | if( !done && ssl->transform_in != NULL ) |
markrad | 0:cdf462088d13 | 3669 | { |
markrad | 0:cdf462088d13 | 3670 | if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3671 | { |
markrad | 0:cdf462088d13 | 3672 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret ); |
markrad | 0:cdf462088d13 | 3673 | return( ret ); |
markrad | 0:cdf462088d13 | 3674 | } |
markrad | 0:cdf462088d13 | 3675 | |
markrad | 0:cdf462088d13 | 3676 | MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt", |
markrad | 0:cdf462088d13 | 3677 | ssl->in_msg, ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 3678 | |
markrad | 0:cdf462088d13 | 3679 | if( ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
markrad | 0:cdf462088d13 | 3680 | { |
markrad | 0:cdf462088d13 | 3681 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
markrad | 0:cdf462088d13 | 3682 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
markrad | 0:cdf462088d13 | 3683 | } |
markrad | 0:cdf462088d13 | 3684 | } |
markrad | 0:cdf462088d13 | 3685 | |
markrad | 0:cdf462088d13 | 3686 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 3687 | if( ssl->transform_in != NULL && |
markrad | 0:cdf462088d13 | 3688 | ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
markrad | 0:cdf462088d13 | 3689 | { |
markrad | 0:cdf462088d13 | 3690 | if( ( ret = ssl_decompress_buf( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3691 | { |
markrad | 0:cdf462088d13 | 3692 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret ); |
markrad | 0:cdf462088d13 | 3693 | return( ret ); |
markrad | 0:cdf462088d13 | 3694 | } |
markrad | 0:cdf462088d13 | 3695 | } |
markrad | 0:cdf462088d13 | 3696 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
markrad | 0:cdf462088d13 | 3697 | |
markrad | 0:cdf462088d13 | 3698 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 3699 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 3700 | { |
markrad | 0:cdf462088d13 | 3701 | mbedtls_ssl_dtls_replay_update( ssl ); |
markrad | 0:cdf462088d13 | 3702 | } |
markrad | 0:cdf462088d13 | 3703 | #endif |
markrad | 0:cdf462088d13 | 3704 | |
markrad | 0:cdf462088d13 | 3705 | return( 0 ); |
markrad | 0:cdf462088d13 | 3706 | } |
markrad | 0:cdf462088d13 | 3707 | |
markrad | 0:cdf462088d13 | 3708 | static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ); |
markrad | 0:cdf462088d13 | 3709 | |
markrad | 0:cdf462088d13 | 3710 | /* |
markrad | 0:cdf462088d13 | 3711 | * Read a record. |
markrad | 0:cdf462088d13 | 3712 | * |
markrad | 0:cdf462088d13 | 3713 | * Silently ignore non-fatal alert (and for DTLS, invalid records as well, |
markrad | 0:cdf462088d13 | 3714 | * RFC 6347 4.1.2.7) and continue reading until a valid record is found. |
markrad | 0:cdf462088d13 | 3715 | * |
markrad | 0:cdf462088d13 | 3716 | */ |
markrad | 0:cdf462088d13 | 3717 | int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3718 | { |
markrad | 0:cdf462088d13 | 3719 | int ret; |
markrad | 0:cdf462088d13 | 3720 | |
markrad | 0:cdf462088d13 | 3721 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) ); |
markrad | 0:cdf462088d13 | 3722 | |
Jasper Wallace |
2:bbdeda018a3c | 3723 | if( ssl->keep_current_message == 0 ) |
Jasper Wallace |
2:bbdeda018a3c | 3724 | { |
Jasper Wallace |
2:bbdeda018a3c | 3725 | do { |
Jasper Wallace |
2:bbdeda018a3c | 3726 | |
Jasper Wallace |
2:bbdeda018a3c | 3727 | if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 ) |
Jasper Wallace |
2:bbdeda018a3c | 3728 | { |
Jasper Wallace |
2:bbdeda018a3c | 3729 | MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); |
Jasper Wallace |
2:bbdeda018a3c | 3730 | return( ret ); |
Jasper Wallace |
2:bbdeda018a3c | 3731 | } |
Jasper Wallace |
2:bbdeda018a3c | 3732 | |
Jasper Wallace |
2:bbdeda018a3c | 3733 | ret = mbedtls_ssl_handle_message_type( ssl ); |
Jasper Wallace |
2:bbdeda018a3c | 3734 | |
Jasper Wallace |
2:bbdeda018a3c | 3735 | } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ); |
Jasper Wallace |
2:bbdeda018a3c | 3736 | |
Jasper Wallace |
2:bbdeda018a3c | 3737 | if( 0 != ret ) |
markrad | 0:cdf462088d13 | 3738 | { |
markrad | 0:cdf462088d13 | 3739 | MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); |
markrad | 0:cdf462088d13 | 3740 | return( ret ); |
markrad | 0:cdf462088d13 | 3741 | } |
markrad | 0:cdf462088d13 | 3742 | |
Jasper Wallace |
2:bbdeda018a3c | 3743 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
Jasper Wallace |
2:bbdeda018a3c | 3744 | { |
Jasper Wallace |
2:bbdeda018a3c | 3745 | mbedtls_ssl_update_handshake_status( ssl ); |
Jasper Wallace |
2:bbdeda018a3c | 3746 | } |
Jasper Wallace |
2:bbdeda018a3c | 3747 | } |
Jasper Wallace |
2:bbdeda018a3c | 3748 | else |
Jasper Wallace |
2:bbdeda018a3c | 3749 | { |
Jasper Wallace |
2:bbdeda018a3c | 3750 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= reuse previously read message" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 3751 | ssl->keep_current_message = 0; |
markrad | 0:cdf462088d13 | 3752 | } |
markrad | 0:cdf462088d13 | 3753 | |
markrad | 0:cdf462088d13 | 3754 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) ); |
markrad | 0:cdf462088d13 | 3755 | |
markrad | 0:cdf462088d13 | 3756 | return( 0 ); |
markrad | 0:cdf462088d13 | 3757 | } |
markrad | 0:cdf462088d13 | 3758 | |
markrad | 0:cdf462088d13 | 3759 | int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 3760 | { |
markrad | 0:cdf462088d13 | 3761 | int ret; |
markrad | 0:cdf462088d13 | 3762 | |
Jasper Wallace |
2:bbdeda018a3c | 3763 | /* |
Jasper Wallace |
2:bbdeda018a3c | 3764 | * Step A |
Jasper Wallace |
2:bbdeda018a3c | 3765 | * |
Jasper Wallace |
2:bbdeda018a3c | 3766 | * Consume last content-layer message and potentially |
Jasper Wallace |
2:bbdeda018a3c | 3767 | * update in_msglen which keeps track of the contents' |
Jasper Wallace |
2:bbdeda018a3c | 3768 | * consumption state. |
Jasper Wallace |
2:bbdeda018a3c | 3769 | * |
Jasper Wallace |
2:bbdeda018a3c | 3770 | * (1) Handshake messages: |
Jasper Wallace |
2:bbdeda018a3c | 3771 | * Remove last handshake message, move content |
Jasper Wallace |
2:bbdeda018a3c | 3772 | * and adapt in_msglen. |
Jasper Wallace |
2:bbdeda018a3c | 3773 | * |
Jasper Wallace |
2:bbdeda018a3c | 3774 | * (2) Alert messages: |
Jasper Wallace |
2:bbdeda018a3c | 3775 | * Consume whole record content, in_msglen = 0. |
Jasper Wallace |
2:bbdeda018a3c | 3776 | * |
Jasper Wallace |
2:bbdeda018a3c | 3777 | * NOTE: This needs to be fixed, since like for |
Jasper Wallace |
2:bbdeda018a3c | 3778 | * handshake messages it is allowed to have |
Jasper Wallace |
2:bbdeda018a3c | 3779 | * multiple alerts witin a single record. |
Jasper Wallace |
2:bbdeda018a3c | 3780 | * Internal reference IOTSSL-1321. |
Jasper Wallace |
2:bbdeda018a3c | 3781 | * |
Jasper Wallace |
2:bbdeda018a3c | 3782 | * (3) Change cipher spec: |
Jasper Wallace |
2:bbdeda018a3c | 3783 | * Consume whole record content, in_msglen = 0. |
Jasper Wallace |
2:bbdeda018a3c | 3784 | * |
Jasper Wallace |
2:bbdeda018a3c | 3785 | * (4) Application data: |
Jasper Wallace |
2:bbdeda018a3c | 3786 | * Don't do anything - the record layer provides |
Jasper Wallace |
2:bbdeda018a3c | 3787 | * the application data as a stream transport |
Jasper Wallace |
2:bbdeda018a3c | 3788 | * and consumes through mbedtls_ssl_read only. |
Jasper Wallace |
2:bbdeda018a3c | 3789 | * |
Jasper Wallace |
2:bbdeda018a3c | 3790 | */ |
Jasper Wallace |
2:bbdeda018a3c | 3791 | |
Jasper Wallace |
2:bbdeda018a3c | 3792 | /* Case (1): Handshake messages */ |
Jasper Wallace |
2:bbdeda018a3c | 3793 | if( ssl->in_hslen != 0 ) |
Jasper Wallace |
2:bbdeda018a3c | 3794 | { |
Jasper Wallace |
2:bbdeda018a3c | 3795 | /* Hard assertion to be sure that no application data |
Jasper Wallace |
2:bbdeda018a3c | 3796 | * is in flight, as corrupting ssl->in_msglen during |
Jasper Wallace |
2:bbdeda018a3c | 3797 | * ssl->in_offt != NULL is fatal. */ |
Jasper Wallace |
2:bbdeda018a3c | 3798 | if( ssl->in_offt != NULL ) |
Jasper Wallace |
2:bbdeda018a3c | 3799 | { |
Jasper Wallace |
2:bbdeda018a3c | 3800 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 3801 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Jasper Wallace |
2:bbdeda018a3c | 3802 | } |
Jasper Wallace |
2:bbdeda018a3c | 3803 | |
markrad | 0:cdf462088d13 | 3804 | /* |
markrad | 0:cdf462088d13 | 3805 | * Get next Handshake message in the current record |
markrad | 0:cdf462088d13 | 3806 | */ |
Jasper Wallace |
2:bbdeda018a3c | 3807 | |
Jasper Wallace |
2:bbdeda018a3c | 3808 | /* Notes: |
Jasper Wallace |
2:bbdeda018a3c | 3809 | * (1) in_hslen is *NOT* necessarily the size of the |
Jasper Wallace |
2:bbdeda018a3c | 3810 | * current handshake content: If DTLS handshake |
Jasper Wallace |
2:bbdeda018a3c | 3811 | * fragmentation is used, that's the fragment |
Jasper Wallace |
2:bbdeda018a3c | 3812 | * size instead. Using the total handshake message |
Jasper Wallace |
2:bbdeda018a3c | 3813 | * size here is FAULTY and should be changed at |
Jasper Wallace |
2:bbdeda018a3c | 3814 | * some point. Internal reference IOTSSL-1414. |
Jasper Wallace |
2:bbdeda018a3c | 3815 | * (2) While it doesn't seem to cause problems, one |
Jasper Wallace |
2:bbdeda018a3c | 3816 | * has to be very careful not to assume that in_hslen |
Jasper Wallace |
2:bbdeda018a3c | 3817 | * is always <= in_msglen in a sensible communication. |
Jasper Wallace |
2:bbdeda018a3c | 3818 | * Again, it's wrong for DTLS handshake fragmentation. |
Jasper Wallace |
2:bbdeda018a3c | 3819 | * The following check is therefore mandatory, and |
Jasper Wallace |
2:bbdeda018a3c | 3820 | * should not be treated as a silently corrected assertion. |
Jasper Wallace |
2:bbdeda018a3c | 3821 | * Additionally, ssl->in_hslen might be arbitrarily out of |
Jasper Wallace |
2:bbdeda018a3c | 3822 | * bounds after handling a DTLS message with an unexpected |
Jasper Wallace |
2:bbdeda018a3c | 3823 | * sequence number, see mbedtls_ssl_prepare_handshake_record. |
Jasper Wallace |
2:bbdeda018a3c | 3824 | */ |
Jasper Wallace |
2:bbdeda018a3c | 3825 | if( ssl->in_hslen < ssl->in_msglen ) |
Jasper Wallace |
2:bbdeda018a3c | 3826 | { |
Jasper Wallace |
2:bbdeda018a3c | 3827 | ssl->in_msglen -= ssl->in_hslen; |
Jasper Wallace |
2:bbdeda018a3c | 3828 | memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen, |
Jasper Wallace |
2:bbdeda018a3c | 3829 | ssl->in_msglen ); |
Jasper Wallace |
2:bbdeda018a3c | 3830 | |
Jasper Wallace |
2:bbdeda018a3c | 3831 | MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record", |
Jasper Wallace |
2:bbdeda018a3c | 3832 | ssl->in_msg, ssl->in_msglen ); |
Jasper Wallace |
2:bbdeda018a3c | 3833 | } |
Jasper Wallace |
2:bbdeda018a3c | 3834 | else |
Jasper Wallace |
2:bbdeda018a3c | 3835 | { |
Jasper Wallace |
2:bbdeda018a3c | 3836 | ssl->in_msglen = 0; |
Jasper Wallace |
2:bbdeda018a3c | 3837 | } |
Jasper Wallace |
2:bbdeda018a3c | 3838 | |
Jasper Wallace |
2:bbdeda018a3c | 3839 | ssl->in_hslen = 0; |
Jasper Wallace |
2:bbdeda018a3c | 3840 | } |
Jasper Wallace |
2:bbdeda018a3c | 3841 | /* Case (4): Application data */ |
Jasper Wallace |
2:bbdeda018a3c | 3842 | else if( ssl->in_offt != NULL ) |
Jasper Wallace |
2:bbdeda018a3c | 3843 | { |
markrad | 0:cdf462088d13 | 3844 | return( 0 ); |
markrad | 0:cdf462088d13 | 3845 | } |
Jasper Wallace |
2:bbdeda018a3c | 3846 | /* Everything else (CCS & Alerts) */ |
Jasper Wallace |
2:bbdeda018a3c | 3847 | else |
Jasper Wallace |
2:bbdeda018a3c | 3848 | { |
Jasper Wallace |
2:bbdeda018a3c | 3849 | ssl->in_msglen = 0; |
Jasper Wallace |
2:bbdeda018a3c | 3850 | } |
markrad | 0:cdf462088d13 | 3851 | |
markrad | 0:cdf462088d13 | 3852 | /* |
Jasper Wallace |
2:bbdeda018a3c | 3853 | * Step B |
Jasper Wallace |
2:bbdeda018a3c | 3854 | * |
Jasper Wallace |
2:bbdeda018a3c | 3855 | * Fetch and decode new record if current one is fully consumed. |
Jasper Wallace |
2:bbdeda018a3c | 3856 | * |
markrad | 0:cdf462088d13 | 3857 | */ |
Jasper Wallace |
2:bbdeda018a3c | 3858 | |
Jasper Wallace |
2:bbdeda018a3c | 3859 | if( ssl->in_msglen > 0 ) |
Jasper Wallace |
2:bbdeda018a3c | 3860 | { |
Jasper Wallace |
2:bbdeda018a3c | 3861 | /* There's something left to be processed in the current record. */ |
Jasper Wallace |
2:bbdeda018a3c | 3862 | return( 0 ); |
Jasper Wallace |
2:bbdeda018a3c | 3863 | } |
Jasper Wallace |
2:bbdeda018a3c | 3864 | |
Jasper Wallace |
2:bbdeda018a3c | 3865 | /* Need to fetch a new record */ |
Jasper Wallace |
2:bbdeda018a3c | 3866 | |
markrad | 0:cdf462088d13 | 3867 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3868 | read_record_header: |
markrad | 0:cdf462088d13 | 3869 | #endif |
markrad | 0:cdf462088d13 | 3870 | |
Jasper Wallace |
2:bbdeda018a3c | 3871 | /* Current record either fully processed or to be discarded. */ |
Jasper Wallace |
2:bbdeda018a3c | 3872 | |
markrad | 0:cdf462088d13 | 3873 | if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3874 | { |
markrad | 0:cdf462088d13 | 3875 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); |
markrad | 0:cdf462088d13 | 3876 | return( ret ); |
markrad | 0:cdf462088d13 | 3877 | } |
markrad | 0:cdf462088d13 | 3878 | |
markrad | 0:cdf462088d13 | 3879 | if( ( ret = ssl_parse_record_header( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3880 | { |
markrad | 0:cdf462088d13 | 3881 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3882 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 3883 | ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT ) |
markrad | 0:cdf462088d13 | 3884 | { |
markrad | 0:cdf462088d13 | 3885 | if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ) |
markrad | 0:cdf462088d13 | 3886 | { |
markrad | 0:cdf462088d13 | 3887 | /* Skip unexpected record (but not whole datagram) */ |
markrad | 0:cdf462088d13 | 3888 | ssl->next_record_offset = ssl->in_msglen |
markrad | 0:cdf462088d13 | 3889 | + mbedtls_ssl_hdr_len( ssl ); |
markrad | 0:cdf462088d13 | 3890 | |
markrad | 0:cdf462088d13 | 3891 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record " |
markrad | 0:cdf462088d13 | 3892 | "(header)" ) ); |
markrad | 0:cdf462088d13 | 3893 | } |
markrad | 0:cdf462088d13 | 3894 | else |
markrad | 0:cdf462088d13 | 3895 | { |
markrad | 0:cdf462088d13 | 3896 | /* Skip invalid record and the rest of the datagram */ |
markrad | 0:cdf462088d13 | 3897 | ssl->next_record_offset = 0; |
markrad | 0:cdf462088d13 | 3898 | ssl->in_left = 0; |
markrad | 0:cdf462088d13 | 3899 | |
markrad | 0:cdf462088d13 | 3900 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record " |
markrad | 0:cdf462088d13 | 3901 | "(header)" ) ); |
markrad | 0:cdf462088d13 | 3902 | } |
markrad | 0:cdf462088d13 | 3903 | |
markrad | 0:cdf462088d13 | 3904 | /* Get next record */ |
markrad | 0:cdf462088d13 | 3905 | goto read_record_header; |
markrad | 0:cdf462088d13 | 3906 | } |
markrad | 0:cdf462088d13 | 3907 | #endif |
markrad | 0:cdf462088d13 | 3908 | return( ret ); |
markrad | 0:cdf462088d13 | 3909 | } |
markrad | 0:cdf462088d13 | 3910 | |
markrad | 0:cdf462088d13 | 3911 | /* |
markrad | 0:cdf462088d13 | 3912 | * Read and optionally decrypt the message contents |
markrad | 0:cdf462088d13 | 3913 | */ |
markrad | 0:cdf462088d13 | 3914 | if( ( ret = mbedtls_ssl_fetch_input( ssl, |
markrad | 0:cdf462088d13 | 3915 | mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3916 | { |
markrad | 0:cdf462088d13 | 3917 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); |
markrad | 0:cdf462088d13 | 3918 | return( ret ); |
markrad | 0:cdf462088d13 | 3919 | } |
markrad | 0:cdf462088d13 | 3920 | |
markrad | 0:cdf462088d13 | 3921 | /* Done reading this record, get ready for the next one */ |
markrad | 0:cdf462088d13 | 3922 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3923 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 3924 | ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl ); |
markrad | 0:cdf462088d13 | 3925 | else |
markrad | 0:cdf462088d13 | 3926 | #endif |
markrad | 0:cdf462088d13 | 3927 | ssl->in_left = 0; |
markrad | 0:cdf462088d13 | 3928 | |
markrad | 0:cdf462088d13 | 3929 | if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 3930 | { |
markrad | 0:cdf462088d13 | 3931 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 3932 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 3933 | { |
markrad | 0:cdf462088d13 | 3934 | /* Silently discard invalid records */ |
markrad | 0:cdf462088d13 | 3935 | if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD || |
markrad | 0:cdf462088d13 | 3936 | ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
markrad | 0:cdf462088d13 | 3937 | { |
markrad | 0:cdf462088d13 | 3938 | /* Except when waiting for Finished as a bad mac here |
markrad | 0:cdf462088d13 | 3939 | * probably means something went wrong in the handshake |
markrad | 0:cdf462088d13 | 3940 | * (eg wrong psk used, mitm downgrade attempt, etc.) */ |
markrad | 0:cdf462088d13 | 3941 | if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED || |
markrad | 0:cdf462088d13 | 3942 | ssl->state == MBEDTLS_SSL_SERVER_FINISHED ) |
markrad | 0:cdf462088d13 | 3943 | { |
markrad | 0:cdf462088d13 | 3944 | #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) |
markrad | 0:cdf462088d13 | 3945 | if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
markrad | 0:cdf462088d13 | 3946 | { |
markrad | 0:cdf462088d13 | 3947 | mbedtls_ssl_send_alert_message( ssl, |
markrad | 0:cdf462088d13 | 3948 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
markrad | 0:cdf462088d13 | 3949 | MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); |
markrad | 0:cdf462088d13 | 3950 | } |
markrad | 0:cdf462088d13 | 3951 | #endif |
markrad | 0:cdf462088d13 | 3952 | return( ret ); |
markrad | 0:cdf462088d13 | 3953 | } |
markrad | 0:cdf462088d13 | 3954 | |
markrad | 0:cdf462088d13 | 3955 | #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) |
markrad | 0:cdf462088d13 | 3956 | if( ssl->conf->badmac_limit != 0 && |
markrad | 0:cdf462088d13 | 3957 | ++ssl->badmac_seen >= ssl->conf->badmac_limit ) |
markrad | 0:cdf462088d13 | 3958 | { |
markrad | 0:cdf462088d13 | 3959 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) ); |
markrad | 0:cdf462088d13 | 3960 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
markrad | 0:cdf462088d13 | 3961 | } |
markrad | 0:cdf462088d13 | 3962 | #endif |
markrad | 0:cdf462088d13 | 3963 | |
Jasper Wallace |
2:bbdeda018a3c | 3964 | /* As above, invalid records cause |
Jasper Wallace |
2:bbdeda018a3c | 3965 | * dismissal of the whole datagram. */ |
Jasper Wallace |
2:bbdeda018a3c | 3966 | |
Jasper Wallace |
2:bbdeda018a3c | 3967 | ssl->next_record_offset = 0; |
Jasper Wallace |
2:bbdeda018a3c | 3968 | ssl->in_left = 0; |
Jasper Wallace |
2:bbdeda018a3c | 3969 | |
markrad | 0:cdf462088d13 | 3970 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) ); |
markrad | 0:cdf462088d13 | 3971 | goto read_record_header; |
markrad | 0:cdf462088d13 | 3972 | } |
markrad | 0:cdf462088d13 | 3973 | |
markrad | 0:cdf462088d13 | 3974 | return( ret ); |
markrad | 0:cdf462088d13 | 3975 | } |
markrad | 0:cdf462088d13 | 3976 | else |
markrad | 0:cdf462088d13 | 3977 | #endif |
markrad | 0:cdf462088d13 | 3978 | { |
markrad | 0:cdf462088d13 | 3979 | /* Error out (and send alert) on invalid records */ |
markrad | 0:cdf462088d13 | 3980 | #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) |
markrad | 0:cdf462088d13 | 3981 | if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
markrad | 0:cdf462088d13 | 3982 | { |
markrad | 0:cdf462088d13 | 3983 | mbedtls_ssl_send_alert_message( ssl, |
markrad | 0:cdf462088d13 | 3984 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
markrad | 0:cdf462088d13 | 3985 | MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); |
markrad | 0:cdf462088d13 | 3986 | } |
markrad | 0:cdf462088d13 | 3987 | #endif |
markrad | 0:cdf462088d13 | 3988 | return( ret ); |
markrad | 0:cdf462088d13 | 3989 | } |
markrad | 0:cdf462088d13 | 3990 | } |
markrad | 0:cdf462088d13 | 3991 | |
markrad | 0:cdf462088d13 | 3992 | /* |
markrad | 0:cdf462088d13 | 3993 | * When we sent the last flight of the handshake, we MUST respond to a |
markrad | 0:cdf462088d13 | 3994 | * retransmit of the peer's previous flight with a retransmit. (In |
markrad | 0:cdf462088d13 | 3995 | * practice, only the Finished message will make it, other messages |
markrad | 0:cdf462088d13 | 3996 | * including CCS use the old transform so they're dropped as invalid.) |
markrad | 0:cdf462088d13 | 3997 | * |
markrad | 0:cdf462088d13 | 3998 | * If the record we received is not a handshake message, however, it |
markrad | 0:cdf462088d13 | 3999 | * means the peer received our last flight so we can clean up |
markrad | 0:cdf462088d13 | 4000 | * handshake info. |
markrad | 0:cdf462088d13 | 4001 | * |
markrad | 0:cdf462088d13 | 4002 | * This check needs to be done before prepare_handshake() due to an edge |
markrad | 0:cdf462088d13 | 4003 | * case: if the client immediately requests renegotiation, this |
markrad | 0:cdf462088d13 | 4004 | * finishes the current handshake first, avoiding the new ClientHello |
markrad | 0:cdf462088d13 | 4005 | * being mistaken for an ancient message in the current handshake. |
markrad | 0:cdf462088d13 | 4006 | */ |
markrad | 0:cdf462088d13 | 4007 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 4008 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 4009 | ssl->handshake != NULL && |
markrad | 0:cdf462088d13 | 4010 | ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 4011 | { |
markrad | 0:cdf462088d13 | 4012 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 4013 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
markrad | 0:cdf462088d13 | 4014 | { |
markrad | 0:cdf462088d13 | 4015 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "received retransmit of last flight" ) ); |
markrad | 0:cdf462088d13 | 4016 | |
markrad | 0:cdf462088d13 | 4017 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4018 | { |
markrad | 0:cdf462088d13 | 4019 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
markrad | 0:cdf462088d13 | 4020 | return( ret ); |
markrad | 0:cdf462088d13 | 4021 | } |
markrad | 0:cdf462088d13 | 4022 | |
markrad | 0:cdf462088d13 | 4023 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 4024 | } |
markrad | 0:cdf462088d13 | 4025 | else |
markrad | 0:cdf462088d13 | 4026 | { |
markrad | 0:cdf462088d13 | 4027 | ssl_handshake_wrapup_free_hs_transform( ssl ); |
markrad | 0:cdf462088d13 | 4028 | } |
markrad | 0:cdf462088d13 | 4029 | } |
markrad | 0:cdf462088d13 | 4030 | #endif |
markrad | 0:cdf462088d13 | 4031 | |
markrad | 0:cdf462088d13 | 4032 | return( 0 ); |
markrad | 0:cdf462088d13 | 4033 | } |
markrad | 0:cdf462088d13 | 4034 | |
markrad | 0:cdf462088d13 | 4035 | int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4036 | { |
markrad | 0:cdf462088d13 | 4037 | int ret; |
markrad | 0:cdf462088d13 | 4038 | |
markrad | 0:cdf462088d13 | 4039 | /* |
markrad | 0:cdf462088d13 | 4040 | * Handle particular types of records |
markrad | 0:cdf462088d13 | 4041 | */ |
markrad | 0:cdf462088d13 | 4042 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
markrad | 0:cdf462088d13 | 4043 | { |
markrad | 0:cdf462088d13 | 4044 | if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4045 | { |
markrad | 0:cdf462088d13 | 4046 | return( ret ); |
markrad | 0:cdf462088d13 | 4047 | } |
markrad | 0:cdf462088d13 | 4048 | } |
markrad | 0:cdf462088d13 | 4049 | |
markrad | 0:cdf462088d13 | 4050 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) |
markrad | 0:cdf462088d13 | 4051 | { |
markrad | 0:cdf462088d13 | 4052 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]", |
markrad | 0:cdf462088d13 | 4053 | ssl->in_msg[0], ssl->in_msg[1] ) ); |
markrad | 0:cdf462088d13 | 4054 | |
markrad | 0:cdf462088d13 | 4055 | /* |
markrad | 0:cdf462088d13 | 4056 | * Ignore non-fatal alerts, except close_notify and no_renegotiation |
markrad | 0:cdf462088d13 | 4057 | */ |
markrad | 0:cdf462088d13 | 4058 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL ) |
markrad | 0:cdf462088d13 | 4059 | { |
markrad | 0:cdf462088d13 | 4060 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)", |
markrad | 0:cdf462088d13 | 4061 | ssl->in_msg[1] ) ); |
markrad | 0:cdf462088d13 | 4062 | return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE ); |
markrad | 0:cdf462088d13 | 4063 | } |
markrad | 0:cdf462088d13 | 4064 | |
markrad | 0:cdf462088d13 | 4065 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
markrad | 0:cdf462088d13 | 4066 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) |
markrad | 0:cdf462088d13 | 4067 | { |
markrad | 0:cdf462088d13 | 4068 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); |
markrad | 0:cdf462088d13 | 4069 | return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ); |
markrad | 0:cdf462088d13 | 4070 | } |
markrad | 0:cdf462088d13 | 4071 | |
markrad | 0:cdf462088d13 | 4072 | #if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED) |
markrad | 0:cdf462088d13 | 4073 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
markrad | 0:cdf462088d13 | 4074 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) |
markrad | 0:cdf462088d13 | 4075 | { |
markrad | 0:cdf462088d13 | 4076 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); |
markrad | 0:cdf462088d13 | 4077 | /* Will be handled when trying to parse ServerHello */ |
markrad | 0:cdf462088d13 | 4078 | return( 0 ); |
markrad | 0:cdf462088d13 | 4079 | } |
markrad | 0:cdf462088d13 | 4080 | #endif |
markrad | 0:cdf462088d13 | 4081 | |
markrad | 0:cdf462088d13 | 4082 | #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 4083 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && |
markrad | 0:cdf462088d13 | 4084 | ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 4085 | ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
markrad | 0:cdf462088d13 | 4086 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) |
markrad | 0:cdf462088d13 | 4087 | { |
markrad | 0:cdf462088d13 | 4088 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); |
markrad | 0:cdf462088d13 | 4089 | /* Will be handled in mbedtls_ssl_parse_certificate() */ |
markrad | 0:cdf462088d13 | 4090 | return( 0 ); |
markrad | 0:cdf462088d13 | 4091 | } |
markrad | 0:cdf462088d13 | 4092 | #endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 4093 | |
markrad | 0:cdf462088d13 | 4094 | /* Silently ignore: fetch new message */ |
markrad | 0:cdf462088d13 | 4095 | return MBEDTLS_ERR_SSL_NON_FATAL; |
markrad | 0:cdf462088d13 | 4096 | } |
markrad | 0:cdf462088d13 | 4097 | |
markrad | 0:cdf462088d13 | 4098 | return( 0 ); |
markrad | 0:cdf462088d13 | 4099 | } |
markrad | 0:cdf462088d13 | 4100 | |
markrad | 0:cdf462088d13 | 4101 | int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4102 | { |
markrad | 0:cdf462088d13 | 4103 | int ret; |
markrad | 0:cdf462088d13 | 4104 | |
markrad | 0:cdf462088d13 | 4105 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
markrad | 0:cdf462088d13 | 4106 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
markrad | 0:cdf462088d13 | 4107 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4108 | { |
markrad | 0:cdf462088d13 | 4109 | return( ret ); |
markrad | 0:cdf462088d13 | 4110 | } |
markrad | 0:cdf462088d13 | 4111 | |
markrad | 0:cdf462088d13 | 4112 | return( 0 ); |
markrad | 0:cdf462088d13 | 4113 | } |
markrad | 0:cdf462088d13 | 4114 | |
markrad | 0:cdf462088d13 | 4115 | int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 4116 | unsigned char level, |
markrad | 0:cdf462088d13 | 4117 | unsigned char message ) |
markrad | 0:cdf462088d13 | 4118 | { |
markrad | 0:cdf462088d13 | 4119 | int ret; |
markrad | 0:cdf462088d13 | 4120 | |
markrad | 0:cdf462088d13 | 4121 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 4122 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 4123 | |
markrad | 0:cdf462088d13 | 4124 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4125 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message )); |
markrad | 0:cdf462088d13 | 4126 | |
markrad | 0:cdf462088d13 | 4127 | ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; |
markrad | 0:cdf462088d13 | 4128 | ssl->out_msglen = 2; |
markrad | 0:cdf462088d13 | 4129 | ssl->out_msg[0] = level; |
markrad | 0:cdf462088d13 | 4130 | ssl->out_msg[1] = message; |
markrad | 0:cdf462088d13 | 4131 | |
markrad | 0:cdf462088d13 | 4132 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4133 | { |
markrad | 0:cdf462088d13 | 4134 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 4135 | return( ret ); |
markrad | 0:cdf462088d13 | 4136 | } |
markrad | 0:cdf462088d13 | 4137 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) ); |
markrad | 0:cdf462088d13 | 4138 | |
markrad | 0:cdf462088d13 | 4139 | return( 0 ); |
markrad | 0:cdf462088d13 | 4140 | } |
markrad | 0:cdf462088d13 | 4141 | |
markrad | 0:cdf462088d13 | 4142 | /* |
markrad | 0:cdf462088d13 | 4143 | * Handshake functions |
markrad | 0:cdf462088d13 | 4144 | */ |
markrad | 0:cdf462088d13 | 4145 | #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ |
markrad | 0:cdf462088d13 | 4146 | !defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ |
markrad | 0:cdf462088d13 | 4147 | !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ |
markrad | 0:cdf462088d13 | 4148 | !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ |
markrad | 0:cdf462088d13 | 4149 | !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ |
markrad | 0:cdf462088d13 | 4150 | !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ |
markrad | 0:cdf462088d13 | 4151 | !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) |
Jasper Wallace |
2:bbdeda018a3c | 4152 | /* No certificate support -> dummy functions */ |
markrad | 0:cdf462088d13 | 4153 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4154 | { |
markrad | 0:cdf462088d13 | 4155 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
markrad | 0:cdf462088d13 | 4156 | |
markrad | 0:cdf462088d13 | 4157 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); |
markrad | 0:cdf462088d13 | 4158 | |
markrad | 0:cdf462088d13 | 4159 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
markrad | 0:cdf462088d13 | 4160 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
markrad | 0:cdf462088d13 | 4161 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
markrad | 0:cdf462088d13 | 4162 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
markrad | 0:cdf462088d13 | 4163 | { |
markrad | 0:cdf462088d13 | 4164 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
markrad | 0:cdf462088d13 | 4165 | ssl->state++; |
markrad | 0:cdf462088d13 | 4166 | return( 0 ); |
markrad | 0:cdf462088d13 | 4167 | } |
markrad | 0:cdf462088d13 | 4168 | |
markrad | 0:cdf462088d13 | 4169 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 4170 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 4171 | } |
markrad | 0:cdf462088d13 | 4172 | |
markrad | 0:cdf462088d13 | 4173 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4174 | { |
markrad | 0:cdf462088d13 | 4175 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
markrad | 0:cdf462088d13 | 4176 | |
markrad | 0:cdf462088d13 | 4177 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4178 | |
markrad | 0:cdf462088d13 | 4179 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
markrad | 0:cdf462088d13 | 4180 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
markrad | 0:cdf462088d13 | 4181 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
markrad | 0:cdf462088d13 | 4182 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
markrad | 0:cdf462088d13 | 4183 | { |
markrad | 0:cdf462088d13 | 4184 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4185 | ssl->state++; |
markrad | 0:cdf462088d13 | 4186 | return( 0 ); |
markrad | 0:cdf462088d13 | 4187 | } |
markrad | 0:cdf462088d13 | 4188 | |
markrad | 0:cdf462088d13 | 4189 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 4190 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 4191 | } |
Jasper Wallace |
2:bbdeda018a3c | 4192 | |
markrad | 0:cdf462088d13 | 4193 | #else |
Jasper Wallace |
2:bbdeda018a3c | 4194 | /* Some certificate support -> implement write and parse */ |
Jasper Wallace |
2:bbdeda018a3c | 4195 | |
markrad | 0:cdf462088d13 | 4196 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4197 | { |
markrad | 0:cdf462088d13 | 4198 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
markrad | 0:cdf462088d13 | 4199 | size_t i, n; |
markrad | 0:cdf462088d13 | 4200 | const mbedtls_x509_crt *crt; |
markrad | 0:cdf462088d13 | 4201 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
markrad | 0:cdf462088d13 | 4202 | |
markrad | 0:cdf462088d13 | 4203 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); |
markrad | 0:cdf462088d13 | 4204 | |
markrad | 0:cdf462088d13 | 4205 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
markrad | 0:cdf462088d13 | 4206 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
markrad | 0:cdf462088d13 | 4207 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
markrad | 0:cdf462088d13 | 4208 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
markrad | 0:cdf462088d13 | 4209 | { |
markrad | 0:cdf462088d13 | 4210 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
markrad | 0:cdf462088d13 | 4211 | ssl->state++; |
markrad | 0:cdf462088d13 | 4212 | return( 0 ); |
markrad | 0:cdf462088d13 | 4213 | } |
markrad | 0:cdf462088d13 | 4214 | |
markrad | 0:cdf462088d13 | 4215 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 4216 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 4217 | { |
markrad | 0:cdf462088d13 | 4218 | if( ssl->client_auth == 0 ) |
markrad | 0:cdf462088d13 | 4219 | { |
markrad | 0:cdf462088d13 | 4220 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
markrad | 0:cdf462088d13 | 4221 | ssl->state++; |
markrad | 0:cdf462088d13 | 4222 | return( 0 ); |
markrad | 0:cdf462088d13 | 4223 | } |
markrad | 0:cdf462088d13 | 4224 | |
markrad | 0:cdf462088d13 | 4225 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 4226 | /* |
markrad | 0:cdf462088d13 | 4227 | * If using SSLv3 and got no cert, send an Alert message |
markrad | 0:cdf462088d13 | 4228 | * (otherwise an empty Certificate message will be sent). |
markrad | 0:cdf462088d13 | 4229 | */ |
markrad | 0:cdf462088d13 | 4230 | if( mbedtls_ssl_own_cert( ssl ) == NULL && |
markrad | 0:cdf462088d13 | 4231 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 4232 | { |
markrad | 0:cdf462088d13 | 4233 | ssl->out_msglen = 2; |
markrad | 0:cdf462088d13 | 4234 | ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; |
markrad | 0:cdf462088d13 | 4235 | ssl->out_msg[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING; |
markrad | 0:cdf462088d13 | 4236 | ssl->out_msg[1] = MBEDTLS_SSL_ALERT_MSG_NO_CERT; |
markrad | 0:cdf462088d13 | 4237 | |
markrad | 0:cdf462088d13 | 4238 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) ); |
markrad | 0:cdf462088d13 | 4239 | goto write_msg; |
markrad | 0:cdf462088d13 | 4240 | } |
markrad | 0:cdf462088d13 | 4241 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 4242 | } |
markrad | 0:cdf462088d13 | 4243 | #endif /* MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 4244 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 4245 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 4246 | { |
markrad | 0:cdf462088d13 | 4247 | if( mbedtls_ssl_own_cert( ssl ) == NULL ) |
markrad | 0:cdf462088d13 | 4248 | { |
markrad | 0:cdf462088d13 | 4249 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) ); |
markrad | 0:cdf462088d13 | 4250 | return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED ); |
markrad | 0:cdf462088d13 | 4251 | } |
markrad | 0:cdf462088d13 | 4252 | } |
markrad | 0:cdf462088d13 | 4253 | #endif |
markrad | 0:cdf462088d13 | 4254 | |
markrad | 0:cdf462088d13 | 4255 | MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) ); |
markrad | 0:cdf462088d13 | 4256 | |
markrad | 0:cdf462088d13 | 4257 | /* |
markrad | 0:cdf462088d13 | 4258 | * 0 . 0 handshake type |
markrad | 0:cdf462088d13 | 4259 | * 1 . 3 handshake length |
markrad | 0:cdf462088d13 | 4260 | * 4 . 6 length of all certs |
markrad | 0:cdf462088d13 | 4261 | * 7 . 9 length of cert. 1 |
markrad | 0:cdf462088d13 | 4262 | * 10 . n-1 peer certificate |
markrad | 0:cdf462088d13 | 4263 | * n . n+2 length of cert. 2 |
markrad | 0:cdf462088d13 | 4264 | * n+3 . ... upper level cert, etc. |
markrad | 0:cdf462088d13 | 4265 | */ |
markrad | 0:cdf462088d13 | 4266 | i = 7; |
markrad | 0:cdf462088d13 | 4267 | crt = mbedtls_ssl_own_cert( ssl ); |
markrad | 0:cdf462088d13 | 4268 | |
markrad | 0:cdf462088d13 | 4269 | while( crt != NULL ) |
markrad | 0:cdf462088d13 | 4270 | { |
markrad | 0:cdf462088d13 | 4271 | n = crt->raw.len; |
markrad | 0:cdf462088d13 | 4272 | if( n > MBEDTLS_SSL_MAX_CONTENT_LEN - 3 - i ) |
markrad | 0:cdf462088d13 | 4273 | { |
markrad | 0:cdf462088d13 | 4274 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d", |
markrad | 0:cdf462088d13 | 4275 | i + 3 + n, MBEDTLS_SSL_MAX_CONTENT_LEN ) ); |
markrad | 0:cdf462088d13 | 4276 | return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); |
markrad | 0:cdf462088d13 | 4277 | } |
markrad | 0:cdf462088d13 | 4278 | |
markrad | 0:cdf462088d13 | 4279 | ssl->out_msg[i ] = (unsigned char)( n >> 16 ); |
markrad | 0:cdf462088d13 | 4280 | ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); |
markrad | 0:cdf462088d13 | 4281 | ssl->out_msg[i + 2] = (unsigned char)( n ); |
markrad | 0:cdf462088d13 | 4282 | |
markrad | 0:cdf462088d13 | 4283 | i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); |
markrad | 0:cdf462088d13 | 4284 | i += n; crt = crt->next; |
markrad | 0:cdf462088d13 | 4285 | } |
markrad | 0:cdf462088d13 | 4286 | |
markrad | 0:cdf462088d13 | 4287 | ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); |
markrad | 0:cdf462088d13 | 4288 | ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); |
markrad | 0:cdf462088d13 | 4289 | ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); |
markrad | 0:cdf462088d13 | 4290 | |
markrad | 0:cdf462088d13 | 4291 | ssl->out_msglen = i; |
markrad | 0:cdf462088d13 | 4292 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
markrad | 0:cdf462088d13 | 4293 | ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; |
markrad | 0:cdf462088d13 | 4294 | |
markrad | 0:cdf462088d13 | 4295 | #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 4296 | write_msg: |
markrad | 0:cdf462088d13 | 4297 | #endif |
markrad | 0:cdf462088d13 | 4298 | |
markrad | 0:cdf462088d13 | 4299 | ssl->state++; |
markrad | 0:cdf462088d13 | 4300 | |
markrad | 0:cdf462088d13 | 4301 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4302 | { |
markrad | 0:cdf462088d13 | 4303 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 4304 | return( ret ); |
markrad | 0:cdf462088d13 | 4305 | } |
markrad | 0:cdf462088d13 | 4306 | |
markrad | 0:cdf462088d13 | 4307 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); |
markrad | 0:cdf462088d13 | 4308 | |
markrad | 0:cdf462088d13 | 4309 | return( ret ); |
markrad | 0:cdf462088d13 | 4310 | } |
markrad | 0:cdf462088d13 | 4311 | |
markrad | 0:cdf462088d13 | 4312 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4313 | { |
markrad | 0:cdf462088d13 | 4314 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
markrad | 0:cdf462088d13 | 4315 | size_t i, n; |
markrad | 0:cdf462088d13 | 4316 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
markrad | 0:cdf462088d13 | 4317 | int authmode = ssl->conf->authmode; |
Jasper Wallace |
2:bbdeda018a3c | 4318 | uint8_t alert; |
markrad | 0:cdf462088d13 | 4319 | |
markrad | 0:cdf462088d13 | 4320 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4321 | |
markrad | 0:cdf462088d13 | 4322 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
markrad | 0:cdf462088d13 | 4323 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
markrad | 0:cdf462088d13 | 4324 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
markrad | 0:cdf462088d13 | 4325 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
markrad | 0:cdf462088d13 | 4326 | { |
markrad | 0:cdf462088d13 | 4327 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4328 | ssl->state++; |
markrad | 0:cdf462088d13 | 4329 | return( 0 ); |
markrad | 0:cdf462088d13 | 4330 | } |
markrad | 0:cdf462088d13 | 4331 | |
markrad | 0:cdf462088d13 | 4332 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 4333 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 4334 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) |
markrad | 0:cdf462088d13 | 4335 | { |
markrad | 0:cdf462088d13 | 4336 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4337 | ssl->state++; |
markrad | 0:cdf462088d13 | 4338 | return( 0 ); |
markrad | 0:cdf462088d13 | 4339 | } |
markrad | 0:cdf462088d13 | 4340 | |
markrad | 0:cdf462088d13 | 4341 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
markrad | 0:cdf462088d13 | 4342 | if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ) |
markrad | 0:cdf462088d13 | 4343 | authmode = ssl->handshake->sni_authmode; |
markrad | 0:cdf462088d13 | 4344 | #endif |
markrad | 0:cdf462088d13 | 4345 | |
markrad | 0:cdf462088d13 | 4346 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 4347 | authmode == MBEDTLS_SSL_VERIFY_NONE ) |
markrad | 0:cdf462088d13 | 4348 | { |
markrad | 0:cdf462088d13 | 4349 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; |
markrad | 0:cdf462088d13 | 4350 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4351 | ssl->state++; |
markrad | 0:cdf462088d13 | 4352 | return( 0 ); |
markrad | 0:cdf462088d13 | 4353 | } |
markrad | 0:cdf462088d13 | 4354 | #endif |
markrad | 0:cdf462088d13 | 4355 | |
markrad | 0:cdf462088d13 | 4356 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4357 | { |
Jasper Wallace |
2:bbdeda018a3c | 4358 | /* mbedtls_ssl_read_record may have sent an alert already. We |
Jasper Wallace |
2:bbdeda018a3c | 4359 | let it decide whether to alert. */ |
markrad | 0:cdf462088d13 | 4360 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
markrad | 0:cdf462088d13 | 4361 | return( ret ); |
markrad | 0:cdf462088d13 | 4362 | } |
markrad | 0:cdf462088d13 | 4363 | |
markrad | 0:cdf462088d13 | 4364 | ssl->state++; |
markrad | 0:cdf462088d13 | 4365 | |
markrad | 0:cdf462088d13 | 4366 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 4367 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 4368 | /* |
markrad | 0:cdf462088d13 | 4369 | * Check if the client sent an empty certificate |
markrad | 0:cdf462088d13 | 4370 | */ |
markrad | 0:cdf462088d13 | 4371 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 4372 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 4373 | { |
markrad | 0:cdf462088d13 | 4374 | if( ssl->in_msglen == 2 && |
markrad | 0:cdf462088d13 | 4375 | ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT && |
markrad | 0:cdf462088d13 | 4376 | ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
markrad | 0:cdf462088d13 | 4377 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) |
markrad | 0:cdf462088d13 | 4378 | { |
markrad | 0:cdf462088d13 | 4379 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) ); |
markrad | 0:cdf462088d13 | 4380 | |
Jasper Wallace |
2:bbdeda018a3c | 4381 | /* The client was asked for a certificate but didn't send |
Jasper Wallace |
2:bbdeda018a3c | 4382 | one. The client should know what's going on, so we |
Jasper Wallace |
2:bbdeda018a3c | 4383 | don't send an alert. */ |
markrad | 0:cdf462088d13 | 4384 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; |
markrad | 0:cdf462088d13 | 4385 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) |
markrad | 0:cdf462088d13 | 4386 | return( 0 ); |
markrad | 0:cdf462088d13 | 4387 | else |
markrad | 0:cdf462088d13 | 4388 | return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4389 | } |
markrad | 0:cdf462088d13 | 4390 | } |
markrad | 0:cdf462088d13 | 4391 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 4392 | |
markrad | 0:cdf462088d13 | 4393 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 4394 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 4395 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 4396 | ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 4397 | { |
markrad | 0:cdf462088d13 | 4398 | if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) && |
markrad | 0:cdf462088d13 | 4399 | ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
markrad | 0:cdf462088d13 | 4400 | ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && |
markrad | 0:cdf462088d13 | 4401 | memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 ) |
markrad | 0:cdf462088d13 | 4402 | { |
markrad | 0:cdf462088d13 | 4403 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); |
markrad | 0:cdf462088d13 | 4404 | |
Jasper Wallace |
2:bbdeda018a3c | 4405 | /* The client was asked for a certificate but didn't send |
Jasper Wallace |
2:bbdeda018a3c | 4406 | one. The client should know what's going on, so we |
Jasper Wallace |
2:bbdeda018a3c | 4407 | don't send an alert. */ |
markrad | 0:cdf462088d13 | 4408 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; |
markrad | 0:cdf462088d13 | 4409 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) |
markrad | 0:cdf462088d13 | 4410 | return( 0 ); |
markrad | 0:cdf462088d13 | 4411 | else |
markrad | 0:cdf462088d13 | 4412 | return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4413 | } |
markrad | 0:cdf462088d13 | 4414 | } |
markrad | 0:cdf462088d13 | 4415 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
markrad | 0:cdf462088d13 | 4416 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 4417 | #endif /* MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 4418 | |
markrad | 0:cdf462088d13 | 4419 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
markrad | 0:cdf462088d13 | 4420 | { |
markrad | 0:cdf462088d13 | 4421 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4422 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 4423 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 4424 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 4425 | } |
markrad | 0:cdf462088d13 | 4426 | |
markrad | 0:cdf462088d13 | 4427 | if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE || |
markrad | 0:cdf462088d13 | 4428 | ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 ) |
markrad | 0:cdf462088d13 | 4429 | { |
markrad | 0:cdf462088d13 | 4430 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4431 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 4432 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
markrad | 0:cdf462088d13 | 4433 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4434 | } |
markrad | 0:cdf462088d13 | 4435 | |
markrad | 0:cdf462088d13 | 4436 | i = mbedtls_ssl_hs_hdr_len( ssl ); |
markrad | 0:cdf462088d13 | 4437 | |
markrad | 0:cdf462088d13 | 4438 | /* |
markrad | 0:cdf462088d13 | 4439 | * Same message structure as in mbedtls_ssl_write_certificate() |
markrad | 0:cdf462088d13 | 4440 | */ |
markrad | 0:cdf462088d13 | 4441 | n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; |
markrad | 0:cdf462088d13 | 4442 | |
markrad | 0:cdf462088d13 | 4443 | if( ssl->in_msg[i] != 0 || |
markrad | 0:cdf462088d13 | 4444 | ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) |
markrad | 0:cdf462088d13 | 4445 | { |
markrad | 0:cdf462088d13 | 4446 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4447 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 4448 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
markrad | 0:cdf462088d13 | 4449 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4450 | } |
markrad | 0:cdf462088d13 | 4451 | |
markrad | 0:cdf462088d13 | 4452 | /* In case we tried to reuse a session but it failed */ |
markrad | 0:cdf462088d13 | 4453 | if( ssl->session_negotiate->peer_cert != NULL ) |
markrad | 0:cdf462088d13 | 4454 | { |
markrad | 0:cdf462088d13 | 4455 | mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert ); |
markrad | 0:cdf462088d13 | 4456 | mbedtls_free( ssl->session_negotiate->peer_cert ); |
markrad | 0:cdf462088d13 | 4457 | } |
markrad | 0:cdf462088d13 | 4458 | |
markrad | 0:cdf462088d13 | 4459 | if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1, |
markrad | 0:cdf462088d13 | 4460 | sizeof( mbedtls_x509_crt ) ) ) == NULL ) |
markrad | 0:cdf462088d13 | 4461 | { |
markrad | 0:cdf462088d13 | 4462 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", |
markrad | 0:cdf462088d13 | 4463 | sizeof( mbedtls_x509_crt ) ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4464 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 4465 | MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 4466 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 4467 | } |
markrad | 0:cdf462088d13 | 4468 | |
markrad | 0:cdf462088d13 | 4469 | mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert ); |
markrad | 0:cdf462088d13 | 4470 | |
markrad | 0:cdf462088d13 | 4471 | i += 3; |
markrad | 0:cdf462088d13 | 4472 | |
markrad | 0:cdf462088d13 | 4473 | while( i < ssl->in_hslen ) |
markrad | 0:cdf462088d13 | 4474 | { |
markrad | 0:cdf462088d13 | 4475 | if( ssl->in_msg[i] != 0 ) |
markrad | 0:cdf462088d13 | 4476 | { |
markrad | 0:cdf462088d13 | 4477 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4478 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 4479 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
markrad | 0:cdf462088d13 | 4480 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4481 | } |
markrad | 0:cdf462088d13 | 4482 | |
markrad | 0:cdf462088d13 | 4483 | n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) |
markrad | 0:cdf462088d13 | 4484 | | (unsigned int) ssl->in_msg[i + 2]; |
markrad | 0:cdf462088d13 | 4485 | i += 3; |
markrad | 0:cdf462088d13 | 4486 | |
markrad | 0:cdf462088d13 | 4487 | if( n < 128 || i + n > ssl->in_hslen ) |
markrad | 0:cdf462088d13 | 4488 | { |
markrad | 0:cdf462088d13 | 4489 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4490 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 4491 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
markrad | 0:cdf462088d13 | 4492 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4493 | } |
markrad | 0:cdf462088d13 | 4494 | |
markrad | 0:cdf462088d13 | 4495 | ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert, |
markrad | 0:cdf462088d13 | 4496 | ssl->in_msg + i, n ); |
Jasper Wallace |
2:bbdeda018a3c | 4497 | switch( ret ) |
Jasper Wallace |
2:bbdeda018a3c | 4498 | { |
Jasper Wallace |
2:bbdeda018a3c | 4499 | case 0: /*ok*/ |
Jasper Wallace |
2:bbdeda018a3c | 4500 | case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: |
Jasper Wallace |
2:bbdeda018a3c | 4501 | /* Ignore certificate with an unknown algorithm: maybe a |
Jasper Wallace |
2:bbdeda018a3c | 4502 | prior certificate was already trusted. */ |
Jasper Wallace |
2:bbdeda018a3c | 4503 | break; |
Jasper Wallace |
2:bbdeda018a3c | 4504 | |
Jasper Wallace |
2:bbdeda018a3c | 4505 | case MBEDTLS_ERR_X509_ALLOC_FAILED: |
Jasper Wallace |
2:bbdeda018a3c | 4506 | alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR; |
Jasper Wallace |
2:bbdeda018a3c | 4507 | goto crt_parse_der_failed; |
Jasper Wallace |
2:bbdeda018a3c | 4508 | |
Jasper Wallace |
2:bbdeda018a3c | 4509 | case MBEDTLS_ERR_X509_UNKNOWN_VERSION: |
Jasper Wallace |
2:bbdeda018a3c | 4510 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
Jasper Wallace |
2:bbdeda018a3c | 4511 | goto crt_parse_der_failed; |
Jasper Wallace |
2:bbdeda018a3c | 4512 | |
Jasper Wallace |
2:bbdeda018a3c | 4513 | default: |
Jasper Wallace |
2:bbdeda018a3c | 4514 | alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; |
Jasper Wallace |
2:bbdeda018a3c | 4515 | crt_parse_der_failed: |
Jasper Wallace |
2:bbdeda018a3c | 4516 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert ); |
markrad | 0:cdf462088d13 | 4517 | MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret ); |
markrad | 0:cdf462088d13 | 4518 | return( ret ); |
markrad | 0:cdf462088d13 | 4519 | } |
markrad | 0:cdf462088d13 | 4520 | |
markrad | 0:cdf462088d13 | 4521 | i += n; |
markrad | 0:cdf462088d13 | 4522 | } |
markrad | 0:cdf462088d13 | 4523 | |
markrad | 0:cdf462088d13 | 4524 | MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert ); |
markrad | 0:cdf462088d13 | 4525 | |
markrad | 0:cdf462088d13 | 4526 | /* |
markrad | 0:cdf462088d13 | 4527 | * On client, make sure the server cert doesn't change during renego to |
markrad | 0:cdf462088d13 | 4528 | * avoid "triple handshake" attack: https://secure-resumption.com/ |
markrad | 0:cdf462088d13 | 4529 | */ |
markrad | 0:cdf462088d13 | 4530 | #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 4531 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && |
markrad | 0:cdf462088d13 | 4532 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
markrad | 0:cdf462088d13 | 4533 | { |
markrad | 0:cdf462088d13 | 4534 | if( ssl->session->peer_cert == NULL ) |
markrad | 0:cdf462088d13 | 4535 | { |
markrad | 0:cdf462088d13 | 4536 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4537 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 4538 | MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED ); |
markrad | 0:cdf462088d13 | 4539 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4540 | } |
markrad | 0:cdf462088d13 | 4541 | |
markrad | 0:cdf462088d13 | 4542 | if( ssl->session->peer_cert->raw.len != |
markrad | 0:cdf462088d13 | 4543 | ssl->session_negotiate->peer_cert->raw.len || |
markrad | 0:cdf462088d13 | 4544 | memcmp( ssl->session->peer_cert->raw.p, |
markrad | 0:cdf462088d13 | 4545 | ssl->session_negotiate->peer_cert->raw.p, |
markrad | 0:cdf462088d13 | 4546 | ssl->session->peer_cert->raw.len ) != 0 ) |
markrad | 0:cdf462088d13 | 4547 | { |
markrad | 0:cdf462088d13 | 4548 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4549 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 4550 | MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED ); |
markrad | 0:cdf462088d13 | 4551 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
markrad | 0:cdf462088d13 | 4552 | } |
markrad | 0:cdf462088d13 | 4553 | } |
markrad | 0:cdf462088d13 | 4554 | #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 4555 | |
markrad | 0:cdf462088d13 | 4556 | if( authmode != MBEDTLS_SSL_VERIFY_NONE ) |
markrad | 0:cdf462088d13 | 4557 | { |
markrad | 0:cdf462088d13 | 4558 | mbedtls_x509_crt *ca_chain; |
markrad | 0:cdf462088d13 | 4559 | mbedtls_x509_crl *ca_crl; |
markrad | 0:cdf462088d13 | 4560 | |
markrad | 0:cdf462088d13 | 4561 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
markrad | 0:cdf462088d13 | 4562 | if( ssl->handshake->sni_ca_chain != NULL ) |
markrad | 0:cdf462088d13 | 4563 | { |
markrad | 0:cdf462088d13 | 4564 | ca_chain = ssl->handshake->sni_ca_chain; |
markrad | 0:cdf462088d13 | 4565 | ca_crl = ssl->handshake->sni_ca_crl; |
markrad | 0:cdf462088d13 | 4566 | } |
markrad | 0:cdf462088d13 | 4567 | else |
markrad | 0:cdf462088d13 | 4568 | #endif |
markrad | 0:cdf462088d13 | 4569 | { |
markrad | 0:cdf462088d13 | 4570 | ca_chain = ssl->conf->ca_chain; |
markrad | 0:cdf462088d13 | 4571 | ca_crl = ssl->conf->ca_crl; |
markrad | 0:cdf462088d13 | 4572 | } |
markrad | 0:cdf462088d13 | 4573 | |
markrad | 0:cdf462088d13 | 4574 | /* |
markrad | 0:cdf462088d13 | 4575 | * Main check: verify certificate |
markrad | 0:cdf462088d13 | 4576 | */ |
markrad | 0:cdf462088d13 | 4577 | ret = mbedtls_x509_crt_verify_with_profile( |
markrad | 0:cdf462088d13 | 4578 | ssl->session_negotiate->peer_cert, |
markrad | 0:cdf462088d13 | 4579 | ca_chain, ca_crl, |
markrad | 0:cdf462088d13 | 4580 | ssl->conf->cert_profile, |
markrad | 0:cdf462088d13 | 4581 | ssl->hostname, |
markrad | 0:cdf462088d13 | 4582 | &ssl->session_negotiate->verify_result, |
markrad | 0:cdf462088d13 | 4583 | ssl->conf->f_vrfy, ssl->conf->p_vrfy ); |
markrad | 0:cdf462088d13 | 4584 | |
markrad | 0:cdf462088d13 | 4585 | if( ret != 0 ) |
markrad | 0:cdf462088d13 | 4586 | { |
markrad | 0:cdf462088d13 | 4587 | MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); |
markrad | 0:cdf462088d13 | 4588 | } |
markrad | 0:cdf462088d13 | 4589 | |
markrad | 0:cdf462088d13 | 4590 | /* |
markrad | 0:cdf462088d13 | 4591 | * Secondary checks: always done, but change 'ret' only if it was 0 |
markrad | 0:cdf462088d13 | 4592 | */ |
markrad | 0:cdf462088d13 | 4593 | |
markrad | 0:cdf462088d13 | 4594 | #if defined(MBEDTLS_ECP_C) |
markrad | 0:cdf462088d13 | 4595 | { |
markrad | 0:cdf462088d13 | 4596 | const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk; |
markrad | 0:cdf462088d13 | 4597 | |
markrad | 0:cdf462088d13 | 4598 | /* If certificate uses an EC key, make sure the curve is OK */ |
markrad | 0:cdf462088d13 | 4599 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) && |
markrad | 0:cdf462088d13 | 4600 | mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 ) |
markrad | 0:cdf462088d13 | 4601 | { |
Jasper Wallace |
2:bbdeda018a3c | 4602 | ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; |
Jasper Wallace |
2:bbdeda018a3c | 4603 | |
markrad | 0:cdf462088d13 | 4604 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) ); |
markrad | 0:cdf462088d13 | 4605 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 4606 | ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; |
markrad | 0:cdf462088d13 | 4607 | } |
markrad | 0:cdf462088d13 | 4608 | } |
markrad | 0:cdf462088d13 | 4609 | #endif /* MBEDTLS_ECP_C */ |
markrad | 0:cdf462088d13 | 4610 | |
markrad | 0:cdf462088d13 | 4611 | if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert, |
Jasper Wallace |
2:bbdeda018a3c | 4612 | ciphersuite_info, |
Jasper Wallace |
2:bbdeda018a3c | 4613 | ! ssl->conf->endpoint, |
markrad | 0:cdf462088d13 | 4614 | &ssl->session_negotiate->verify_result ) != 0 ) |
markrad | 0:cdf462088d13 | 4615 | { |
markrad | 0:cdf462088d13 | 4616 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) ); |
markrad | 0:cdf462088d13 | 4617 | if( ret == 0 ) |
markrad | 0:cdf462088d13 | 4618 | ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; |
markrad | 0:cdf462088d13 | 4619 | } |
markrad | 0:cdf462088d13 | 4620 | |
Jasper Wallace |
2:bbdeda018a3c | 4621 | /* mbedtls_x509_crt_verify_with_profile is supposed to report a |
Jasper Wallace |
2:bbdeda018a3c | 4622 | * verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED, |
Jasper Wallace |
2:bbdeda018a3c | 4623 | * with details encoded in the verification flags. All other kinds |
Jasper Wallace |
2:bbdeda018a3c | 4624 | * of error codes, including those from the user provided f_vrfy |
Jasper Wallace |
2:bbdeda018a3c | 4625 | * functions, are treated as fatal and lead to a failure of |
Jasper Wallace |
2:bbdeda018a3c | 4626 | * ssl_parse_certificate even if verification was optional. */ |
Jasper Wallace |
2:bbdeda018a3c | 4627 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && |
Jasper Wallace |
2:bbdeda018a3c | 4628 | ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || |
Jasper Wallace |
2:bbdeda018a3c | 4629 | ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) ) |
Jasper Wallace |
2:bbdeda018a3c | 4630 | { |
markrad | 0:cdf462088d13 | 4631 | ret = 0; |
Jasper Wallace |
2:bbdeda018a3c | 4632 | } |
Jasper Wallace |
2:bbdeda018a3c | 4633 | |
Jasper Wallace |
2:bbdeda018a3c | 4634 | if( ca_chain == NULL && authmode == MBEDTLS_SSL_VERIFY_REQUIRED ) |
Jasper Wallace |
2:bbdeda018a3c | 4635 | { |
Jasper Wallace |
2:bbdeda018a3c | 4636 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4637 | ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED; |
Jasper Wallace |
2:bbdeda018a3c | 4638 | } |
Jasper Wallace |
2:bbdeda018a3c | 4639 | |
Jasper Wallace |
2:bbdeda018a3c | 4640 | if( ret != 0 ) |
Jasper Wallace |
2:bbdeda018a3c | 4641 | { |
Jasper Wallace |
2:bbdeda018a3c | 4642 | /* The certificate may have been rejected for several reasons. |
Jasper Wallace |
2:bbdeda018a3c | 4643 | Pick one and send the corresponding alert. Which alert to send |
Jasper Wallace |
2:bbdeda018a3c | 4644 | may be a subject of debate in some cases. */ |
Jasper Wallace |
2:bbdeda018a3c | 4645 | if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER ) |
Jasper Wallace |
2:bbdeda018a3c | 4646 | alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED; |
Jasper Wallace |
2:bbdeda018a3c | 4647 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH ) |
Jasper Wallace |
2:bbdeda018a3c | 4648 | alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; |
Jasper Wallace |
2:bbdeda018a3c | 4649 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE ) |
Jasper Wallace |
2:bbdeda018a3c | 4650 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
Jasper Wallace |
2:bbdeda018a3c | 4651 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE ) |
Jasper Wallace |
2:bbdeda018a3c | 4652 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
Jasper Wallace |
2:bbdeda018a3c | 4653 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE ) |
Jasper Wallace |
2:bbdeda018a3c | 4654 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
Jasper Wallace |
2:bbdeda018a3c | 4655 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK ) |
Jasper Wallace |
2:bbdeda018a3c | 4656 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
Jasper Wallace |
2:bbdeda018a3c | 4657 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY ) |
Jasper Wallace |
2:bbdeda018a3c | 4658 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
Jasper Wallace |
2:bbdeda018a3c | 4659 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED ) |
Jasper Wallace |
2:bbdeda018a3c | 4660 | alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED; |
Jasper Wallace |
2:bbdeda018a3c | 4661 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED ) |
Jasper Wallace |
2:bbdeda018a3c | 4662 | alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED; |
Jasper Wallace |
2:bbdeda018a3c | 4663 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) |
Jasper Wallace |
2:bbdeda018a3c | 4664 | alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA; |
Jasper Wallace |
2:bbdeda018a3c | 4665 | else |
Jasper Wallace |
2:bbdeda018a3c | 4666 | alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN; |
Jasper Wallace |
2:bbdeda018a3c | 4667 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 4668 | alert ); |
Jasper Wallace |
2:bbdeda018a3c | 4669 | } |
Jasper Wallace |
2:bbdeda018a3c | 4670 | |
Jasper Wallace |
2:bbdeda018a3c | 4671 | #if defined(MBEDTLS_DEBUG_C) |
Jasper Wallace |
2:bbdeda018a3c | 4672 | if( ssl->session_negotiate->verify_result != 0 ) |
Jasper Wallace |
2:bbdeda018a3c | 4673 | { |
Jasper Wallace |
2:bbdeda018a3c | 4674 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x", |
Jasper Wallace |
2:bbdeda018a3c | 4675 | ssl->session_negotiate->verify_result ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4676 | } |
Jasper Wallace |
2:bbdeda018a3c | 4677 | else |
Jasper Wallace |
2:bbdeda018a3c | 4678 | { |
Jasper Wallace |
2:bbdeda018a3c | 4679 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4680 | } |
Jasper Wallace |
2:bbdeda018a3c | 4681 | #endif /* MBEDTLS_DEBUG_C */ |
markrad | 0:cdf462088d13 | 4682 | } |
markrad | 0:cdf462088d13 | 4683 | |
markrad | 0:cdf462088d13 | 4684 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); |
markrad | 0:cdf462088d13 | 4685 | |
markrad | 0:cdf462088d13 | 4686 | return( ret ); |
markrad | 0:cdf462088d13 | 4687 | } |
markrad | 0:cdf462088d13 | 4688 | #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED |
markrad | 0:cdf462088d13 | 4689 | !MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
markrad | 0:cdf462088d13 | 4690 | !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED |
markrad | 0:cdf462088d13 | 4691 | !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
markrad | 0:cdf462088d13 | 4692 | !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
markrad | 0:cdf462088d13 | 4693 | !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED |
markrad | 0:cdf462088d13 | 4694 | !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ |
markrad | 0:cdf462088d13 | 4695 | |
markrad | 0:cdf462088d13 | 4696 | int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4697 | { |
markrad | 0:cdf462088d13 | 4698 | int ret; |
markrad | 0:cdf462088d13 | 4699 | |
markrad | 0:cdf462088d13 | 4700 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) ); |
markrad | 0:cdf462088d13 | 4701 | |
markrad | 0:cdf462088d13 | 4702 | ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; |
markrad | 0:cdf462088d13 | 4703 | ssl->out_msglen = 1; |
markrad | 0:cdf462088d13 | 4704 | ssl->out_msg[0] = 1; |
markrad | 0:cdf462088d13 | 4705 | |
markrad | 0:cdf462088d13 | 4706 | ssl->state++; |
markrad | 0:cdf462088d13 | 4707 | |
markrad | 0:cdf462088d13 | 4708 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4709 | { |
markrad | 0:cdf462088d13 | 4710 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 4711 | return( ret ); |
markrad | 0:cdf462088d13 | 4712 | } |
markrad | 0:cdf462088d13 | 4713 | |
markrad | 0:cdf462088d13 | 4714 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) ); |
markrad | 0:cdf462088d13 | 4715 | |
markrad | 0:cdf462088d13 | 4716 | return( 0 ); |
markrad | 0:cdf462088d13 | 4717 | } |
markrad | 0:cdf462088d13 | 4718 | |
markrad | 0:cdf462088d13 | 4719 | int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4720 | { |
markrad | 0:cdf462088d13 | 4721 | int ret; |
markrad | 0:cdf462088d13 | 4722 | |
markrad | 0:cdf462088d13 | 4723 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) ); |
markrad | 0:cdf462088d13 | 4724 | |
markrad | 0:cdf462088d13 | 4725 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4726 | { |
markrad | 0:cdf462088d13 | 4727 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
markrad | 0:cdf462088d13 | 4728 | return( ret ); |
markrad | 0:cdf462088d13 | 4729 | } |
markrad | 0:cdf462088d13 | 4730 | |
markrad | 0:cdf462088d13 | 4731 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) |
markrad | 0:cdf462088d13 | 4732 | { |
markrad | 0:cdf462088d13 | 4733 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4734 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 4735 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 4736 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 4737 | } |
markrad | 0:cdf462088d13 | 4738 | |
markrad | 0:cdf462088d13 | 4739 | if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 ) |
markrad | 0:cdf462088d13 | 4740 | { |
markrad | 0:cdf462088d13 | 4741 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4742 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 4743 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
markrad | 0:cdf462088d13 | 4744 | return( MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC ); |
markrad | 0:cdf462088d13 | 4745 | } |
markrad | 0:cdf462088d13 | 4746 | |
markrad | 0:cdf462088d13 | 4747 | /* |
markrad | 0:cdf462088d13 | 4748 | * Switch to our negotiated transform and session parameters for inbound |
markrad | 0:cdf462088d13 | 4749 | * data. |
markrad | 0:cdf462088d13 | 4750 | */ |
markrad | 0:cdf462088d13 | 4751 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) ); |
markrad | 0:cdf462088d13 | 4752 | ssl->transform_in = ssl->transform_negotiate; |
markrad | 0:cdf462088d13 | 4753 | ssl->session_in = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 4754 | |
markrad | 0:cdf462088d13 | 4755 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 4756 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 4757 | { |
markrad | 0:cdf462088d13 | 4758 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 4759 | ssl_dtls_replay_reset( ssl ); |
markrad | 0:cdf462088d13 | 4760 | #endif |
markrad | 0:cdf462088d13 | 4761 | |
markrad | 0:cdf462088d13 | 4762 | /* Increment epoch */ |
markrad | 0:cdf462088d13 | 4763 | if( ++ssl->in_epoch == 0 ) |
markrad | 0:cdf462088d13 | 4764 | { |
markrad | 0:cdf462088d13 | 4765 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 4766 | /* This is highly unlikely to happen for legitimate reasons, so |
Jasper Wallace |
2:bbdeda018a3c | 4767 | treat it as an attack and don't send an alert. */ |
markrad | 0:cdf462088d13 | 4768 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
markrad | 0:cdf462088d13 | 4769 | } |
markrad | 0:cdf462088d13 | 4770 | } |
markrad | 0:cdf462088d13 | 4771 | else |
markrad | 0:cdf462088d13 | 4772 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 4773 | memset( ssl->in_ctr, 0, 8 ); |
markrad | 0:cdf462088d13 | 4774 | |
markrad | 0:cdf462088d13 | 4775 | /* |
markrad | 0:cdf462088d13 | 4776 | * Set the in_msg pointer to the correct location based on IV length |
markrad | 0:cdf462088d13 | 4777 | */ |
markrad | 0:cdf462088d13 | 4778 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 4779 | { |
markrad | 0:cdf462088d13 | 4780 | ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen - |
markrad | 0:cdf462088d13 | 4781 | ssl->transform_negotiate->fixed_ivlen; |
markrad | 0:cdf462088d13 | 4782 | } |
markrad | 0:cdf462088d13 | 4783 | else |
markrad | 0:cdf462088d13 | 4784 | ssl->in_msg = ssl->in_iv; |
markrad | 0:cdf462088d13 | 4785 | |
markrad | 0:cdf462088d13 | 4786 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 4787 | if( mbedtls_ssl_hw_record_activate != NULL ) |
markrad | 0:cdf462088d13 | 4788 | { |
markrad | 0:cdf462088d13 | 4789 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 ) |
markrad | 0:cdf462088d13 | 4790 | { |
markrad | 0:cdf462088d13 | 4791 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
Jasper Wallace |
2:bbdeda018a3c | 4792 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 4793 | MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 4794 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 4795 | } |
markrad | 0:cdf462088d13 | 4796 | } |
markrad | 0:cdf462088d13 | 4797 | #endif |
markrad | 0:cdf462088d13 | 4798 | |
markrad | 0:cdf462088d13 | 4799 | ssl->state++; |
markrad | 0:cdf462088d13 | 4800 | |
markrad | 0:cdf462088d13 | 4801 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) ); |
markrad | 0:cdf462088d13 | 4802 | |
markrad | 0:cdf462088d13 | 4803 | return( 0 ); |
markrad | 0:cdf462088d13 | 4804 | } |
markrad | 0:cdf462088d13 | 4805 | |
markrad | 0:cdf462088d13 | 4806 | void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 4807 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info ) |
markrad | 0:cdf462088d13 | 4808 | { |
markrad | 0:cdf462088d13 | 4809 | ((void) ciphersuite_info); |
markrad | 0:cdf462088d13 | 4810 | |
markrad | 0:cdf462088d13 | 4811 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 4812 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 4813 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 4814 | ssl->handshake->update_checksum = ssl_update_checksum_md5sha1; |
markrad | 0:cdf462088d13 | 4815 | else |
markrad | 0:cdf462088d13 | 4816 | #endif |
markrad | 0:cdf462088d13 | 4817 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 4818 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 4819 | if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) |
markrad | 0:cdf462088d13 | 4820 | ssl->handshake->update_checksum = ssl_update_checksum_sha384; |
markrad | 0:cdf462088d13 | 4821 | else |
markrad | 0:cdf462088d13 | 4822 | #endif |
markrad | 0:cdf462088d13 | 4823 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 4824 | if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 ) |
markrad | 0:cdf462088d13 | 4825 | ssl->handshake->update_checksum = ssl_update_checksum_sha256; |
markrad | 0:cdf462088d13 | 4826 | else |
markrad | 0:cdf462088d13 | 4827 | #endif |
markrad | 0:cdf462088d13 | 4828 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 4829 | { |
markrad | 0:cdf462088d13 | 4830 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 4831 | return; |
markrad | 0:cdf462088d13 | 4832 | } |
markrad | 0:cdf462088d13 | 4833 | } |
markrad | 0:cdf462088d13 | 4834 | |
markrad | 0:cdf462088d13 | 4835 | void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 4836 | { |
markrad | 0:cdf462088d13 | 4837 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 4838 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 4839 | mbedtls_md5_starts( &ssl->handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 4840 | mbedtls_sha1_starts( &ssl->handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 4841 | #endif |
markrad | 0:cdf462088d13 | 4842 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 4843 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 4844 | mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 ); |
markrad | 0:cdf462088d13 | 4845 | #endif |
markrad | 0:cdf462088d13 | 4846 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 4847 | mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 ); |
markrad | 0:cdf462088d13 | 4848 | #endif |
markrad | 0:cdf462088d13 | 4849 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 4850 | } |
markrad | 0:cdf462088d13 | 4851 | |
markrad | 0:cdf462088d13 | 4852 | static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 4853 | const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 4854 | { |
markrad | 0:cdf462088d13 | 4855 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 4856 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 4857 | mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); |
markrad | 0:cdf462088d13 | 4858 | mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); |
markrad | 0:cdf462088d13 | 4859 | #endif |
markrad | 0:cdf462088d13 | 4860 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 4861 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 4862 | mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); |
markrad | 0:cdf462088d13 | 4863 | #endif |
markrad | 0:cdf462088d13 | 4864 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 4865 | mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); |
markrad | 0:cdf462088d13 | 4866 | #endif |
markrad | 0:cdf462088d13 | 4867 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 4868 | } |
markrad | 0:cdf462088d13 | 4869 | |
markrad | 0:cdf462088d13 | 4870 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 4871 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 4872 | static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 4873 | const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 4874 | { |
markrad | 0:cdf462088d13 | 4875 | mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); |
markrad | 0:cdf462088d13 | 4876 | mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); |
markrad | 0:cdf462088d13 | 4877 | } |
markrad | 0:cdf462088d13 | 4878 | #endif |
markrad | 0:cdf462088d13 | 4879 | |
markrad | 0:cdf462088d13 | 4880 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 4881 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 4882 | static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 4883 | const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 4884 | { |
markrad | 0:cdf462088d13 | 4885 | mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); |
markrad | 0:cdf462088d13 | 4886 | } |
markrad | 0:cdf462088d13 | 4887 | #endif |
markrad | 0:cdf462088d13 | 4888 | |
markrad | 0:cdf462088d13 | 4889 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 4890 | static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 4891 | const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 4892 | { |
markrad | 0:cdf462088d13 | 4893 | mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); |
markrad | 0:cdf462088d13 | 4894 | } |
markrad | 0:cdf462088d13 | 4895 | #endif |
markrad | 0:cdf462088d13 | 4896 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 4897 | |
markrad | 0:cdf462088d13 | 4898 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 4899 | static void ssl_calc_finished_ssl( |
markrad | 0:cdf462088d13 | 4900 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
markrad | 0:cdf462088d13 | 4901 | { |
markrad | 0:cdf462088d13 | 4902 | const char *sender; |
markrad | 0:cdf462088d13 | 4903 | mbedtls_md5_context md5; |
markrad | 0:cdf462088d13 | 4904 | mbedtls_sha1_context sha1; |
markrad | 0:cdf462088d13 | 4905 | |
markrad | 0:cdf462088d13 | 4906 | unsigned char padbuf[48]; |
markrad | 0:cdf462088d13 | 4907 | unsigned char md5sum[16]; |
markrad | 0:cdf462088d13 | 4908 | unsigned char sha1sum[20]; |
markrad | 0:cdf462088d13 | 4909 | |
markrad | 0:cdf462088d13 | 4910 | mbedtls_ssl_session *session = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 4911 | if( !session ) |
markrad | 0:cdf462088d13 | 4912 | session = ssl->session; |
markrad | 0:cdf462088d13 | 4913 | |
markrad | 0:cdf462088d13 | 4914 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) ); |
markrad | 0:cdf462088d13 | 4915 | |
markrad | 0:cdf462088d13 | 4916 | mbedtls_md5_init( &md5 ); |
markrad | 0:cdf462088d13 | 4917 | mbedtls_sha1_init( &sha1 ); |
markrad | 0:cdf462088d13 | 4918 | |
markrad | 0:cdf462088d13 | 4919 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 4920 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 4921 | |
markrad | 0:cdf462088d13 | 4922 | /* |
markrad | 0:cdf462088d13 | 4923 | * SSLv3: |
markrad | 0:cdf462088d13 | 4924 | * hash = |
markrad | 0:cdf462088d13 | 4925 | * MD5( master + pad2 + |
markrad | 0:cdf462088d13 | 4926 | * MD5( handshake + sender + master + pad1 ) ) |
markrad | 0:cdf462088d13 | 4927 | * + SHA1( master + pad2 + |
markrad | 0:cdf462088d13 | 4928 | * SHA1( handshake + sender + master + pad1 ) ) |
markrad | 0:cdf462088d13 | 4929 | */ |
markrad | 0:cdf462088d13 | 4930 | |
markrad | 0:cdf462088d13 | 4931 | #if !defined(MBEDTLS_MD5_ALT) |
markrad | 0:cdf462088d13 | 4932 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) |
markrad | 0:cdf462088d13 | 4933 | md5.state, sizeof( md5.state ) ); |
markrad | 0:cdf462088d13 | 4934 | #endif |
markrad | 0:cdf462088d13 | 4935 | |
markrad | 0:cdf462088d13 | 4936 | #if !defined(MBEDTLS_SHA1_ALT) |
markrad | 0:cdf462088d13 | 4937 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) |
markrad | 0:cdf462088d13 | 4938 | sha1.state, sizeof( sha1.state ) ); |
markrad | 0:cdf462088d13 | 4939 | #endif |
markrad | 0:cdf462088d13 | 4940 | |
markrad | 0:cdf462088d13 | 4941 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) ? "CLNT" |
markrad | 0:cdf462088d13 | 4942 | : "SRVR"; |
markrad | 0:cdf462088d13 | 4943 | |
markrad | 0:cdf462088d13 | 4944 | memset( padbuf, 0x36, 48 ); |
markrad | 0:cdf462088d13 | 4945 | |
markrad | 0:cdf462088d13 | 4946 | mbedtls_md5_update( &md5, (const unsigned char *) sender, 4 ); |
markrad | 0:cdf462088d13 | 4947 | mbedtls_md5_update( &md5, session->master, 48 ); |
markrad | 0:cdf462088d13 | 4948 | mbedtls_md5_update( &md5, padbuf, 48 ); |
markrad | 0:cdf462088d13 | 4949 | mbedtls_md5_finish( &md5, md5sum ); |
markrad | 0:cdf462088d13 | 4950 | |
markrad | 0:cdf462088d13 | 4951 | mbedtls_sha1_update( &sha1, (const unsigned char *) sender, 4 ); |
markrad | 0:cdf462088d13 | 4952 | mbedtls_sha1_update( &sha1, session->master, 48 ); |
markrad | 0:cdf462088d13 | 4953 | mbedtls_sha1_update( &sha1, padbuf, 40 ); |
markrad | 0:cdf462088d13 | 4954 | mbedtls_sha1_finish( &sha1, sha1sum ); |
markrad | 0:cdf462088d13 | 4955 | |
markrad | 0:cdf462088d13 | 4956 | memset( padbuf, 0x5C, 48 ); |
markrad | 0:cdf462088d13 | 4957 | |
markrad | 0:cdf462088d13 | 4958 | mbedtls_md5_starts( &md5 ); |
markrad | 0:cdf462088d13 | 4959 | mbedtls_md5_update( &md5, session->master, 48 ); |
markrad | 0:cdf462088d13 | 4960 | mbedtls_md5_update( &md5, padbuf, 48 ); |
markrad | 0:cdf462088d13 | 4961 | mbedtls_md5_update( &md5, md5sum, 16 ); |
markrad | 0:cdf462088d13 | 4962 | mbedtls_md5_finish( &md5, buf ); |
markrad | 0:cdf462088d13 | 4963 | |
markrad | 0:cdf462088d13 | 4964 | mbedtls_sha1_starts( &sha1 ); |
markrad | 0:cdf462088d13 | 4965 | mbedtls_sha1_update( &sha1, session->master, 48 ); |
markrad | 0:cdf462088d13 | 4966 | mbedtls_sha1_update( &sha1, padbuf , 40 ); |
markrad | 0:cdf462088d13 | 4967 | mbedtls_sha1_update( &sha1, sha1sum, 20 ); |
markrad | 0:cdf462088d13 | 4968 | mbedtls_sha1_finish( &sha1, buf + 16 ); |
markrad | 0:cdf462088d13 | 4969 | |
markrad | 0:cdf462088d13 | 4970 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 ); |
markrad | 0:cdf462088d13 | 4971 | |
markrad | 0:cdf462088d13 | 4972 | mbedtls_md5_free( &md5 ); |
markrad | 0:cdf462088d13 | 4973 | mbedtls_sha1_free( &sha1 ); |
markrad | 0:cdf462088d13 | 4974 | |
markrad | 0:cdf462088d13 | 4975 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
markrad | 0:cdf462088d13 | 4976 | mbedtls_zeroize( md5sum, sizeof( md5sum ) ); |
markrad | 0:cdf462088d13 | 4977 | mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); |
markrad | 0:cdf462088d13 | 4978 | |
markrad | 0:cdf462088d13 | 4979 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
markrad | 0:cdf462088d13 | 4980 | } |
markrad | 0:cdf462088d13 | 4981 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 4982 | |
markrad | 0:cdf462088d13 | 4983 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 4984 | static void ssl_calc_finished_tls( |
markrad | 0:cdf462088d13 | 4985 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
markrad | 0:cdf462088d13 | 4986 | { |
markrad | 0:cdf462088d13 | 4987 | int len = 12; |
markrad | 0:cdf462088d13 | 4988 | const char *sender; |
markrad | 0:cdf462088d13 | 4989 | mbedtls_md5_context md5; |
markrad | 0:cdf462088d13 | 4990 | mbedtls_sha1_context sha1; |
markrad | 0:cdf462088d13 | 4991 | unsigned char padbuf[36]; |
markrad | 0:cdf462088d13 | 4992 | |
markrad | 0:cdf462088d13 | 4993 | mbedtls_ssl_session *session = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 4994 | if( !session ) |
markrad | 0:cdf462088d13 | 4995 | session = ssl->session; |
markrad | 0:cdf462088d13 | 4996 | |
markrad | 0:cdf462088d13 | 4997 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) ); |
markrad | 0:cdf462088d13 | 4998 | |
markrad | 0:cdf462088d13 | 4999 | mbedtls_md5_init( &md5 ); |
markrad | 0:cdf462088d13 | 5000 | mbedtls_sha1_init( &sha1 ); |
markrad | 0:cdf462088d13 | 5001 | |
markrad | 0:cdf462088d13 | 5002 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 5003 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 5004 | |
markrad | 0:cdf462088d13 | 5005 | /* |
markrad | 0:cdf462088d13 | 5006 | * TLSv1: |
markrad | 0:cdf462088d13 | 5007 | * hash = PRF( master, finished_label, |
markrad | 0:cdf462088d13 | 5008 | * MD5( handshake ) + SHA1( handshake ) )[0..11] |
markrad | 0:cdf462088d13 | 5009 | */ |
markrad | 0:cdf462088d13 | 5010 | |
markrad | 0:cdf462088d13 | 5011 | #if !defined(MBEDTLS_MD5_ALT) |
markrad | 0:cdf462088d13 | 5012 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) |
markrad | 0:cdf462088d13 | 5013 | md5.state, sizeof( md5.state ) ); |
markrad | 0:cdf462088d13 | 5014 | #endif |
markrad | 0:cdf462088d13 | 5015 | |
markrad | 0:cdf462088d13 | 5016 | #if !defined(MBEDTLS_SHA1_ALT) |
markrad | 0:cdf462088d13 | 5017 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) |
markrad | 0:cdf462088d13 | 5018 | sha1.state, sizeof( sha1.state ) ); |
markrad | 0:cdf462088d13 | 5019 | #endif |
markrad | 0:cdf462088d13 | 5020 | |
markrad | 0:cdf462088d13 | 5021 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 5022 | ? "client finished" |
markrad | 0:cdf462088d13 | 5023 | : "server finished"; |
markrad | 0:cdf462088d13 | 5024 | |
markrad | 0:cdf462088d13 | 5025 | mbedtls_md5_finish( &md5, padbuf ); |
markrad | 0:cdf462088d13 | 5026 | mbedtls_sha1_finish( &sha1, padbuf + 16 ); |
markrad | 0:cdf462088d13 | 5027 | |
markrad | 0:cdf462088d13 | 5028 | ssl->handshake->tls_prf( session->master, 48, sender, |
markrad | 0:cdf462088d13 | 5029 | padbuf, 36, buf, len ); |
markrad | 0:cdf462088d13 | 5030 | |
markrad | 0:cdf462088d13 | 5031 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
markrad | 0:cdf462088d13 | 5032 | |
markrad | 0:cdf462088d13 | 5033 | mbedtls_md5_free( &md5 ); |
markrad | 0:cdf462088d13 | 5034 | mbedtls_sha1_free( &sha1 ); |
markrad | 0:cdf462088d13 | 5035 | |
markrad | 0:cdf462088d13 | 5036 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
markrad | 0:cdf462088d13 | 5037 | |
markrad | 0:cdf462088d13 | 5038 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
markrad | 0:cdf462088d13 | 5039 | } |
markrad | 0:cdf462088d13 | 5040 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
markrad | 0:cdf462088d13 | 5041 | |
markrad | 0:cdf462088d13 | 5042 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 5043 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 5044 | static void ssl_calc_finished_tls_sha256( |
markrad | 0:cdf462088d13 | 5045 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
markrad | 0:cdf462088d13 | 5046 | { |
markrad | 0:cdf462088d13 | 5047 | int len = 12; |
markrad | 0:cdf462088d13 | 5048 | const char *sender; |
markrad | 0:cdf462088d13 | 5049 | mbedtls_sha256_context sha256; |
markrad | 0:cdf462088d13 | 5050 | unsigned char padbuf[32]; |
markrad | 0:cdf462088d13 | 5051 | |
markrad | 0:cdf462088d13 | 5052 | mbedtls_ssl_session *session = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 5053 | if( !session ) |
markrad | 0:cdf462088d13 | 5054 | session = ssl->session; |
markrad | 0:cdf462088d13 | 5055 | |
markrad | 0:cdf462088d13 | 5056 | mbedtls_sha256_init( &sha256 ); |
markrad | 0:cdf462088d13 | 5057 | |
markrad | 0:cdf462088d13 | 5058 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) ); |
markrad | 0:cdf462088d13 | 5059 | |
markrad | 0:cdf462088d13 | 5060 | mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); |
markrad | 0:cdf462088d13 | 5061 | |
markrad | 0:cdf462088d13 | 5062 | /* |
markrad | 0:cdf462088d13 | 5063 | * TLSv1.2: |
markrad | 0:cdf462088d13 | 5064 | * hash = PRF( master, finished_label, |
markrad | 0:cdf462088d13 | 5065 | * Hash( handshake ) )[0.11] |
markrad | 0:cdf462088d13 | 5066 | */ |
markrad | 0:cdf462088d13 | 5067 | |
markrad | 0:cdf462088d13 | 5068 | #if !defined(MBEDTLS_SHA256_ALT) |
markrad | 0:cdf462088d13 | 5069 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *) |
markrad | 0:cdf462088d13 | 5070 | sha256.state, sizeof( sha256.state ) ); |
markrad | 0:cdf462088d13 | 5071 | #endif |
markrad | 0:cdf462088d13 | 5072 | |
markrad | 0:cdf462088d13 | 5073 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 5074 | ? "client finished" |
markrad | 0:cdf462088d13 | 5075 | : "server finished"; |
markrad | 0:cdf462088d13 | 5076 | |
markrad | 0:cdf462088d13 | 5077 | mbedtls_sha256_finish( &sha256, padbuf ); |
markrad | 0:cdf462088d13 | 5078 | |
markrad | 0:cdf462088d13 | 5079 | ssl->handshake->tls_prf( session->master, 48, sender, |
markrad | 0:cdf462088d13 | 5080 | padbuf, 32, buf, len ); |
markrad | 0:cdf462088d13 | 5081 | |
markrad | 0:cdf462088d13 | 5082 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
markrad | 0:cdf462088d13 | 5083 | |
markrad | 0:cdf462088d13 | 5084 | mbedtls_sha256_free( &sha256 ); |
markrad | 0:cdf462088d13 | 5085 | |
markrad | 0:cdf462088d13 | 5086 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
markrad | 0:cdf462088d13 | 5087 | |
markrad | 0:cdf462088d13 | 5088 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
markrad | 0:cdf462088d13 | 5089 | } |
markrad | 0:cdf462088d13 | 5090 | #endif /* MBEDTLS_SHA256_C */ |
markrad | 0:cdf462088d13 | 5091 | |
markrad | 0:cdf462088d13 | 5092 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 5093 | static void ssl_calc_finished_tls_sha384( |
markrad | 0:cdf462088d13 | 5094 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
markrad | 0:cdf462088d13 | 5095 | { |
markrad | 0:cdf462088d13 | 5096 | int len = 12; |
markrad | 0:cdf462088d13 | 5097 | const char *sender; |
markrad | 0:cdf462088d13 | 5098 | mbedtls_sha512_context sha512; |
markrad | 0:cdf462088d13 | 5099 | unsigned char padbuf[48]; |
markrad | 0:cdf462088d13 | 5100 | |
markrad | 0:cdf462088d13 | 5101 | mbedtls_ssl_session *session = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 5102 | if( !session ) |
markrad | 0:cdf462088d13 | 5103 | session = ssl->session; |
markrad | 0:cdf462088d13 | 5104 | |
markrad | 0:cdf462088d13 | 5105 | mbedtls_sha512_init( &sha512 ); |
markrad | 0:cdf462088d13 | 5106 | |
markrad | 0:cdf462088d13 | 5107 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) ); |
markrad | 0:cdf462088d13 | 5108 | |
markrad | 0:cdf462088d13 | 5109 | mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); |
markrad | 0:cdf462088d13 | 5110 | |
markrad | 0:cdf462088d13 | 5111 | /* |
markrad | 0:cdf462088d13 | 5112 | * TLSv1.2: |
markrad | 0:cdf462088d13 | 5113 | * hash = PRF( master, finished_label, |
markrad | 0:cdf462088d13 | 5114 | * Hash( handshake ) )[0.11] |
markrad | 0:cdf462088d13 | 5115 | */ |
markrad | 0:cdf462088d13 | 5116 | |
markrad | 0:cdf462088d13 | 5117 | #if !defined(MBEDTLS_SHA512_ALT) |
markrad | 0:cdf462088d13 | 5118 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) |
markrad | 0:cdf462088d13 | 5119 | sha512.state, sizeof( sha512.state ) ); |
markrad | 0:cdf462088d13 | 5120 | #endif |
markrad | 0:cdf462088d13 | 5121 | |
markrad | 0:cdf462088d13 | 5122 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 5123 | ? "client finished" |
markrad | 0:cdf462088d13 | 5124 | : "server finished"; |
markrad | 0:cdf462088d13 | 5125 | |
markrad | 0:cdf462088d13 | 5126 | mbedtls_sha512_finish( &sha512, padbuf ); |
markrad | 0:cdf462088d13 | 5127 | |
markrad | 0:cdf462088d13 | 5128 | ssl->handshake->tls_prf( session->master, 48, sender, |
markrad | 0:cdf462088d13 | 5129 | padbuf, 48, buf, len ); |
markrad | 0:cdf462088d13 | 5130 | |
markrad | 0:cdf462088d13 | 5131 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
markrad | 0:cdf462088d13 | 5132 | |
markrad | 0:cdf462088d13 | 5133 | mbedtls_sha512_free( &sha512 ); |
markrad | 0:cdf462088d13 | 5134 | |
markrad | 0:cdf462088d13 | 5135 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
markrad | 0:cdf462088d13 | 5136 | |
markrad | 0:cdf462088d13 | 5137 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
markrad | 0:cdf462088d13 | 5138 | } |
markrad | 0:cdf462088d13 | 5139 | #endif /* MBEDTLS_SHA512_C */ |
markrad | 0:cdf462088d13 | 5140 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 5141 | |
markrad | 0:cdf462088d13 | 5142 | static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 5143 | { |
markrad | 0:cdf462088d13 | 5144 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) ); |
markrad | 0:cdf462088d13 | 5145 | |
markrad | 0:cdf462088d13 | 5146 | /* |
markrad | 0:cdf462088d13 | 5147 | * Free our handshake params |
markrad | 0:cdf462088d13 | 5148 | */ |
markrad | 0:cdf462088d13 | 5149 | mbedtls_ssl_handshake_free( ssl->handshake ); |
markrad | 0:cdf462088d13 | 5150 | mbedtls_free( ssl->handshake ); |
markrad | 0:cdf462088d13 | 5151 | ssl->handshake = NULL; |
markrad | 0:cdf462088d13 | 5152 | |
markrad | 0:cdf462088d13 | 5153 | /* |
markrad | 0:cdf462088d13 | 5154 | * Free the previous transform and swith in the current one |
markrad | 0:cdf462088d13 | 5155 | */ |
markrad | 0:cdf462088d13 | 5156 | if( ssl->transform ) |
markrad | 0:cdf462088d13 | 5157 | { |
markrad | 0:cdf462088d13 | 5158 | mbedtls_ssl_transform_free( ssl->transform ); |
markrad | 0:cdf462088d13 | 5159 | mbedtls_free( ssl->transform ); |
markrad | 0:cdf462088d13 | 5160 | } |
markrad | 0:cdf462088d13 | 5161 | ssl->transform = ssl->transform_negotiate; |
markrad | 0:cdf462088d13 | 5162 | ssl->transform_negotiate = NULL; |
markrad | 0:cdf462088d13 | 5163 | |
markrad | 0:cdf462088d13 | 5164 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) ); |
markrad | 0:cdf462088d13 | 5165 | } |
markrad | 0:cdf462088d13 | 5166 | |
markrad | 0:cdf462088d13 | 5167 | void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 5168 | { |
markrad | 0:cdf462088d13 | 5169 | int resume = ssl->handshake->resume; |
markrad | 0:cdf462088d13 | 5170 | |
markrad | 0:cdf462088d13 | 5171 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); |
markrad | 0:cdf462088d13 | 5172 | |
markrad | 0:cdf462088d13 | 5173 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 5174 | if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
markrad | 0:cdf462088d13 | 5175 | { |
markrad | 0:cdf462088d13 | 5176 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE; |
markrad | 0:cdf462088d13 | 5177 | ssl->renego_records_seen = 0; |
markrad | 0:cdf462088d13 | 5178 | } |
markrad | 0:cdf462088d13 | 5179 | #endif |
markrad | 0:cdf462088d13 | 5180 | |
markrad | 0:cdf462088d13 | 5181 | /* |
markrad | 0:cdf462088d13 | 5182 | * Free the previous session and switch in the current one |
markrad | 0:cdf462088d13 | 5183 | */ |
markrad | 0:cdf462088d13 | 5184 | if( ssl->session ) |
markrad | 0:cdf462088d13 | 5185 | { |
markrad | 0:cdf462088d13 | 5186 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 5187 | /* RFC 7366 3.1: keep the EtM state */ |
markrad | 0:cdf462088d13 | 5188 | ssl->session_negotiate->encrypt_then_mac = |
markrad | 0:cdf462088d13 | 5189 | ssl->session->encrypt_then_mac; |
markrad | 0:cdf462088d13 | 5190 | #endif |
markrad | 0:cdf462088d13 | 5191 | |
markrad | 0:cdf462088d13 | 5192 | mbedtls_ssl_session_free( ssl->session ); |
markrad | 0:cdf462088d13 | 5193 | mbedtls_free( ssl->session ); |
markrad | 0:cdf462088d13 | 5194 | } |
markrad | 0:cdf462088d13 | 5195 | ssl->session = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 5196 | ssl->session_negotiate = NULL; |
markrad | 0:cdf462088d13 | 5197 | |
markrad | 0:cdf462088d13 | 5198 | /* |
markrad | 0:cdf462088d13 | 5199 | * Add cache entry |
markrad | 0:cdf462088d13 | 5200 | */ |
markrad | 0:cdf462088d13 | 5201 | if( ssl->conf->f_set_cache != NULL && |
markrad | 0:cdf462088d13 | 5202 | ssl->session->id_len != 0 && |
markrad | 0:cdf462088d13 | 5203 | resume == 0 ) |
markrad | 0:cdf462088d13 | 5204 | { |
markrad | 0:cdf462088d13 | 5205 | if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 ) |
markrad | 0:cdf462088d13 | 5206 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) ); |
markrad | 0:cdf462088d13 | 5207 | } |
markrad | 0:cdf462088d13 | 5208 | |
markrad | 0:cdf462088d13 | 5209 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5210 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 5211 | ssl->handshake->flight != NULL ) |
markrad | 0:cdf462088d13 | 5212 | { |
markrad | 0:cdf462088d13 | 5213 | /* Cancel handshake timer */ |
markrad | 0:cdf462088d13 | 5214 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 5215 | |
markrad | 0:cdf462088d13 | 5216 | /* Keep last flight around in case we need to resend it: |
markrad | 0:cdf462088d13 | 5217 | * we need the handshake and transform structures for that */ |
markrad | 0:cdf462088d13 | 5218 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) ); |
markrad | 0:cdf462088d13 | 5219 | } |
markrad | 0:cdf462088d13 | 5220 | else |
markrad | 0:cdf462088d13 | 5221 | #endif |
markrad | 0:cdf462088d13 | 5222 | ssl_handshake_wrapup_free_hs_transform( ssl ); |
markrad | 0:cdf462088d13 | 5223 | |
markrad | 0:cdf462088d13 | 5224 | ssl->state++; |
markrad | 0:cdf462088d13 | 5225 | |
markrad | 0:cdf462088d13 | 5226 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); |
markrad | 0:cdf462088d13 | 5227 | } |
markrad | 0:cdf462088d13 | 5228 | |
markrad | 0:cdf462088d13 | 5229 | int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 5230 | { |
markrad | 0:cdf462088d13 | 5231 | int ret, hash_len; |
markrad | 0:cdf462088d13 | 5232 | |
markrad | 0:cdf462088d13 | 5233 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) ); |
markrad | 0:cdf462088d13 | 5234 | |
markrad | 0:cdf462088d13 | 5235 | /* |
markrad | 0:cdf462088d13 | 5236 | * Set the out_msg pointer to the correct location based on IV length |
markrad | 0:cdf462088d13 | 5237 | */ |
markrad | 0:cdf462088d13 | 5238 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 5239 | { |
markrad | 0:cdf462088d13 | 5240 | ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen - |
markrad | 0:cdf462088d13 | 5241 | ssl->transform_negotiate->fixed_ivlen; |
markrad | 0:cdf462088d13 | 5242 | } |
markrad | 0:cdf462088d13 | 5243 | else |
markrad | 0:cdf462088d13 | 5244 | ssl->out_msg = ssl->out_iv; |
markrad | 0:cdf462088d13 | 5245 | |
markrad | 0:cdf462088d13 | 5246 | ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); |
markrad | 0:cdf462088d13 | 5247 | |
markrad | 0:cdf462088d13 | 5248 | /* |
markrad | 0:cdf462088d13 | 5249 | * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites |
markrad | 0:cdf462088d13 | 5250 | * may define some other value. Currently (early 2016), no defined |
markrad | 0:cdf462088d13 | 5251 | * ciphersuite does this (and this is unlikely to change as activity has |
markrad | 0:cdf462088d13 | 5252 | * moved to TLS 1.3 now) so we can keep the hardcoded 12 here. |
markrad | 0:cdf462088d13 | 5253 | */ |
markrad | 0:cdf462088d13 | 5254 | hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12; |
markrad | 0:cdf462088d13 | 5255 | |
markrad | 0:cdf462088d13 | 5256 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 5257 | ssl->verify_data_len = hash_len; |
markrad | 0:cdf462088d13 | 5258 | memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len ); |
markrad | 0:cdf462088d13 | 5259 | #endif |
markrad | 0:cdf462088d13 | 5260 | |
markrad | 0:cdf462088d13 | 5261 | ssl->out_msglen = 4 + hash_len; |
markrad | 0:cdf462088d13 | 5262 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
markrad | 0:cdf462088d13 | 5263 | ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED; |
markrad | 0:cdf462088d13 | 5264 | |
markrad | 0:cdf462088d13 | 5265 | /* |
markrad | 0:cdf462088d13 | 5266 | * In case of session resuming, invert the client and server |
markrad | 0:cdf462088d13 | 5267 | * ChangeCipherSpec messages order. |
markrad | 0:cdf462088d13 | 5268 | */ |
markrad | 0:cdf462088d13 | 5269 | if( ssl->handshake->resume != 0 ) |
markrad | 0:cdf462088d13 | 5270 | { |
markrad | 0:cdf462088d13 | 5271 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 5272 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 5273 | ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; |
markrad | 0:cdf462088d13 | 5274 | #endif |
markrad | 0:cdf462088d13 | 5275 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 5276 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 5277 | ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; |
markrad | 0:cdf462088d13 | 5278 | #endif |
markrad | 0:cdf462088d13 | 5279 | } |
markrad | 0:cdf462088d13 | 5280 | else |
markrad | 0:cdf462088d13 | 5281 | ssl->state++; |
markrad | 0:cdf462088d13 | 5282 | |
markrad | 0:cdf462088d13 | 5283 | /* |
markrad | 0:cdf462088d13 | 5284 | * Switch to our negotiated transform and session parameters for outbound |
markrad | 0:cdf462088d13 | 5285 | * data. |
markrad | 0:cdf462088d13 | 5286 | */ |
markrad | 0:cdf462088d13 | 5287 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); |
markrad | 0:cdf462088d13 | 5288 | |
markrad | 0:cdf462088d13 | 5289 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5290 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 5291 | { |
markrad | 0:cdf462088d13 | 5292 | unsigned char i; |
markrad | 0:cdf462088d13 | 5293 | |
markrad | 0:cdf462088d13 | 5294 | /* Remember current epoch settings for resending */ |
markrad | 0:cdf462088d13 | 5295 | ssl->handshake->alt_transform_out = ssl->transform_out; |
markrad | 0:cdf462088d13 | 5296 | memcpy( ssl->handshake->alt_out_ctr, ssl->out_ctr, 8 ); |
markrad | 0:cdf462088d13 | 5297 | |
markrad | 0:cdf462088d13 | 5298 | /* Set sequence_number to zero */ |
markrad | 0:cdf462088d13 | 5299 | memset( ssl->out_ctr + 2, 0, 6 ); |
markrad | 0:cdf462088d13 | 5300 | |
markrad | 0:cdf462088d13 | 5301 | /* Increment epoch */ |
markrad | 0:cdf462088d13 | 5302 | for( i = 2; i > 0; i-- ) |
markrad | 0:cdf462088d13 | 5303 | if( ++ssl->out_ctr[i - 1] != 0 ) |
markrad | 0:cdf462088d13 | 5304 | break; |
markrad | 0:cdf462088d13 | 5305 | |
markrad | 0:cdf462088d13 | 5306 | /* The loop goes to its end iff the counter is wrapping */ |
markrad | 0:cdf462088d13 | 5307 | if( i == 0 ) |
markrad | 0:cdf462088d13 | 5308 | { |
markrad | 0:cdf462088d13 | 5309 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); |
markrad | 0:cdf462088d13 | 5310 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
markrad | 0:cdf462088d13 | 5311 | } |
markrad | 0:cdf462088d13 | 5312 | } |
markrad | 0:cdf462088d13 | 5313 | else |
markrad | 0:cdf462088d13 | 5314 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 5315 | memset( ssl->out_ctr, 0, 8 ); |
markrad | 0:cdf462088d13 | 5316 | |
markrad | 0:cdf462088d13 | 5317 | ssl->transform_out = ssl->transform_negotiate; |
markrad | 0:cdf462088d13 | 5318 | ssl->session_out = ssl->session_negotiate; |
markrad | 0:cdf462088d13 | 5319 | |
markrad | 0:cdf462088d13 | 5320 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 5321 | if( mbedtls_ssl_hw_record_activate != NULL ) |
markrad | 0:cdf462088d13 | 5322 | { |
markrad | 0:cdf462088d13 | 5323 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5324 | { |
markrad | 0:cdf462088d13 | 5325 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
markrad | 0:cdf462088d13 | 5326 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 5327 | } |
markrad | 0:cdf462088d13 | 5328 | } |
markrad | 0:cdf462088d13 | 5329 | #endif |
markrad | 0:cdf462088d13 | 5330 | |
markrad | 0:cdf462088d13 | 5331 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5332 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 5333 | mbedtls_ssl_send_flight_completed( ssl ); |
markrad | 0:cdf462088d13 | 5334 | #endif |
markrad | 0:cdf462088d13 | 5335 | |
markrad | 0:cdf462088d13 | 5336 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5337 | { |
markrad | 0:cdf462088d13 | 5338 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 5339 | return( ret ); |
markrad | 0:cdf462088d13 | 5340 | } |
markrad | 0:cdf462088d13 | 5341 | |
markrad | 0:cdf462088d13 | 5342 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) ); |
markrad | 0:cdf462088d13 | 5343 | |
markrad | 0:cdf462088d13 | 5344 | return( 0 ); |
markrad | 0:cdf462088d13 | 5345 | } |
markrad | 0:cdf462088d13 | 5346 | |
markrad | 0:cdf462088d13 | 5347 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 5348 | #define SSL_MAX_HASH_LEN 36 |
markrad | 0:cdf462088d13 | 5349 | #else |
markrad | 0:cdf462088d13 | 5350 | #define SSL_MAX_HASH_LEN 12 |
markrad | 0:cdf462088d13 | 5351 | #endif |
markrad | 0:cdf462088d13 | 5352 | |
markrad | 0:cdf462088d13 | 5353 | int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 5354 | { |
markrad | 0:cdf462088d13 | 5355 | int ret; |
markrad | 0:cdf462088d13 | 5356 | unsigned int hash_len; |
markrad | 0:cdf462088d13 | 5357 | unsigned char buf[SSL_MAX_HASH_LEN]; |
markrad | 0:cdf462088d13 | 5358 | |
markrad | 0:cdf462088d13 | 5359 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); |
markrad | 0:cdf462088d13 | 5360 | |
markrad | 0:cdf462088d13 | 5361 | ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 ); |
markrad | 0:cdf462088d13 | 5362 | |
markrad | 0:cdf462088d13 | 5363 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5364 | { |
markrad | 0:cdf462088d13 | 5365 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
markrad | 0:cdf462088d13 | 5366 | return( ret ); |
markrad | 0:cdf462088d13 | 5367 | } |
markrad | 0:cdf462088d13 | 5368 | |
markrad | 0:cdf462088d13 | 5369 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
markrad | 0:cdf462088d13 | 5370 | { |
markrad | 0:cdf462088d13 | 5371 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 5372 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 5373 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 5374 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 5375 | } |
markrad | 0:cdf462088d13 | 5376 | |
markrad | 0:cdf462088d13 | 5377 | /* There is currently no ciphersuite using another length with TLS 1.2 */ |
markrad | 0:cdf462088d13 | 5378 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 5379 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 5380 | hash_len = 36; |
markrad | 0:cdf462088d13 | 5381 | else |
markrad | 0:cdf462088d13 | 5382 | #endif |
markrad | 0:cdf462088d13 | 5383 | hash_len = 12; |
markrad | 0:cdf462088d13 | 5384 | |
markrad | 0:cdf462088d13 | 5385 | if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED || |
markrad | 0:cdf462088d13 | 5386 | ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len ) |
markrad | 0:cdf462088d13 | 5387 | { |
markrad | 0:cdf462088d13 | 5388 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 5389 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 5390 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
markrad | 0:cdf462088d13 | 5391 | return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); |
markrad | 0:cdf462088d13 | 5392 | } |
markrad | 0:cdf462088d13 | 5393 | |
markrad | 0:cdf462088d13 | 5394 | if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), |
markrad | 0:cdf462088d13 | 5395 | buf, hash_len ) != 0 ) |
markrad | 0:cdf462088d13 | 5396 | { |
markrad | 0:cdf462088d13 | 5397 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
Jasper Wallace |
2:bbdeda018a3c | 5398 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 5399 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
markrad | 0:cdf462088d13 | 5400 | return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); |
markrad | 0:cdf462088d13 | 5401 | } |
markrad | 0:cdf462088d13 | 5402 | |
markrad | 0:cdf462088d13 | 5403 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 5404 | ssl->verify_data_len = hash_len; |
markrad | 0:cdf462088d13 | 5405 | memcpy( ssl->peer_verify_data, buf, hash_len ); |
markrad | 0:cdf462088d13 | 5406 | #endif |
markrad | 0:cdf462088d13 | 5407 | |
markrad | 0:cdf462088d13 | 5408 | if( ssl->handshake->resume != 0 ) |
markrad | 0:cdf462088d13 | 5409 | { |
markrad | 0:cdf462088d13 | 5410 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 5411 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 5412 | ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; |
markrad | 0:cdf462088d13 | 5413 | #endif |
markrad | 0:cdf462088d13 | 5414 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 5415 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 5416 | ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; |
markrad | 0:cdf462088d13 | 5417 | #endif |
markrad | 0:cdf462088d13 | 5418 | } |
markrad | 0:cdf462088d13 | 5419 | else |
markrad | 0:cdf462088d13 | 5420 | ssl->state++; |
markrad | 0:cdf462088d13 | 5421 | |
markrad | 0:cdf462088d13 | 5422 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5423 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 5424 | mbedtls_ssl_recv_flight_completed( ssl ); |
markrad | 0:cdf462088d13 | 5425 | #endif |
markrad | 0:cdf462088d13 | 5426 | |
markrad | 0:cdf462088d13 | 5427 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) ); |
markrad | 0:cdf462088d13 | 5428 | |
markrad | 0:cdf462088d13 | 5429 | return( 0 ); |
markrad | 0:cdf462088d13 | 5430 | } |
markrad | 0:cdf462088d13 | 5431 | |
markrad | 0:cdf462088d13 | 5432 | static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) |
markrad | 0:cdf462088d13 | 5433 | { |
markrad | 0:cdf462088d13 | 5434 | memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); |
markrad | 0:cdf462088d13 | 5435 | |
markrad | 0:cdf462088d13 | 5436 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 5437 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 5438 | mbedtls_md5_init( &handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 5439 | mbedtls_sha1_init( &handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 5440 | mbedtls_md5_starts( &handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 5441 | mbedtls_sha1_starts( &handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 5442 | #endif |
markrad | 0:cdf462088d13 | 5443 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 5444 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 5445 | mbedtls_sha256_init( &handshake->fin_sha256 ); |
markrad | 0:cdf462088d13 | 5446 | mbedtls_sha256_starts( &handshake->fin_sha256, 0 ); |
markrad | 0:cdf462088d13 | 5447 | #endif |
markrad | 0:cdf462088d13 | 5448 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 5449 | mbedtls_sha512_init( &handshake->fin_sha512 ); |
markrad | 0:cdf462088d13 | 5450 | mbedtls_sha512_starts( &handshake->fin_sha512, 1 ); |
markrad | 0:cdf462088d13 | 5451 | #endif |
markrad | 0:cdf462088d13 | 5452 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 5453 | |
markrad | 0:cdf462088d13 | 5454 | handshake->update_checksum = ssl_update_checksum_start; |
Jasper Wallace |
2:bbdeda018a3c | 5455 | |
Jasper Wallace |
2:bbdeda018a3c | 5456 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ |
Jasper Wallace |
2:bbdeda018a3c | 5457 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
Jasper Wallace |
2:bbdeda018a3c | 5458 | mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs ); |
Jasper Wallace |
2:bbdeda018a3c | 5459 | #endif |
markrad | 0:cdf462088d13 | 5460 | |
markrad | 0:cdf462088d13 | 5461 | #if defined(MBEDTLS_DHM_C) |
markrad | 0:cdf462088d13 | 5462 | mbedtls_dhm_init( &handshake->dhm_ctx ); |
markrad | 0:cdf462088d13 | 5463 | #endif |
markrad | 0:cdf462088d13 | 5464 | #if defined(MBEDTLS_ECDH_C) |
markrad | 0:cdf462088d13 | 5465 | mbedtls_ecdh_init( &handshake->ecdh_ctx ); |
markrad | 0:cdf462088d13 | 5466 | #endif |
markrad | 0:cdf462088d13 | 5467 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
markrad | 0:cdf462088d13 | 5468 | mbedtls_ecjpake_init( &handshake->ecjpake_ctx ); |
markrad | 0:cdf462088d13 | 5469 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 5470 | handshake->ecjpake_cache = NULL; |
markrad | 0:cdf462088d13 | 5471 | handshake->ecjpake_cache_len = 0; |
markrad | 0:cdf462088d13 | 5472 | #endif |
markrad | 0:cdf462088d13 | 5473 | #endif |
markrad | 0:cdf462088d13 | 5474 | |
markrad | 0:cdf462088d13 | 5475 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
markrad | 0:cdf462088d13 | 5476 | handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET; |
markrad | 0:cdf462088d13 | 5477 | #endif |
markrad | 0:cdf462088d13 | 5478 | } |
markrad | 0:cdf462088d13 | 5479 | |
markrad | 0:cdf462088d13 | 5480 | static void ssl_transform_init( mbedtls_ssl_transform *transform ) |
markrad | 0:cdf462088d13 | 5481 | { |
markrad | 0:cdf462088d13 | 5482 | memset( transform, 0, sizeof(mbedtls_ssl_transform) ); |
markrad | 0:cdf462088d13 | 5483 | |
markrad | 0:cdf462088d13 | 5484 | mbedtls_cipher_init( &transform->cipher_ctx_enc ); |
markrad | 0:cdf462088d13 | 5485 | mbedtls_cipher_init( &transform->cipher_ctx_dec ); |
markrad | 0:cdf462088d13 | 5486 | |
markrad | 0:cdf462088d13 | 5487 | mbedtls_md_init( &transform->md_ctx_enc ); |
markrad | 0:cdf462088d13 | 5488 | mbedtls_md_init( &transform->md_ctx_dec ); |
markrad | 0:cdf462088d13 | 5489 | } |
markrad | 0:cdf462088d13 | 5490 | |
markrad | 0:cdf462088d13 | 5491 | void mbedtls_ssl_session_init( mbedtls_ssl_session *session ) |
markrad | 0:cdf462088d13 | 5492 | { |
markrad | 0:cdf462088d13 | 5493 | memset( session, 0, sizeof(mbedtls_ssl_session) ); |
markrad | 0:cdf462088d13 | 5494 | } |
markrad | 0:cdf462088d13 | 5495 | |
markrad | 0:cdf462088d13 | 5496 | static int ssl_handshake_init( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 5497 | { |
markrad | 0:cdf462088d13 | 5498 | /* Clear old handshake information if present */ |
markrad | 0:cdf462088d13 | 5499 | if( ssl->transform_negotiate ) |
markrad | 0:cdf462088d13 | 5500 | mbedtls_ssl_transform_free( ssl->transform_negotiate ); |
markrad | 0:cdf462088d13 | 5501 | if( ssl->session_negotiate ) |
markrad | 0:cdf462088d13 | 5502 | mbedtls_ssl_session_free( ssl->session_negotiate ); |
markrad | 0:cdf462088d13 | 5503 | if( ssl->handshake ) |
markrad | 0:cdf462088d13 | 5504 | mbedtls_ssl_handshake_free( ssl->handshake ); |
markrad | 0:cdf462088d13 | 5505 | |
markrad | 0:cdf462088d13 | 5506 | /* |
markrad | 0:cdf462088d13 | 5507 | * Either the pointers are now NULL or cleared properly and can be freed. |
markrad | 0:cdf462088d13 | 5508 | * Now allocate missing structures. |
markrad | 0:cdf462088d13 | 5509 | */ |
markrad | 0:cdf462088d13 | 5510 | if( ssl->transform_negotiate == NULL ) |
markrad | 0:cdf462088d13 | 5511 | { |
markrad | 0:cdf462088d13 | 5512 | ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) ); |
markrad | 0:cdf462088d13 | 5513 | } |
markrad | 0:cdf462088d13 | 5514 | |
markrad | 0:cdf462088d13 | 5515 | if( ssl->session_negotiate == NULL ) |
markrad | 0:cdf462088d13 | 5516 | { |
markrad | 0:cdf462088d13 | 5517 | ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) ); |
markrad | 0:cdf462088d13 | 5518 | } |
markrad | 0:cdf462088d13 | 5519 | |
markrad | 0:cdf462088d13 | 5520 | if( ssl->handshake == NULL ) |
markrad | 0:cdf462088d13 | 5521 | { |
markrad | 0:cdf462088d13 | 5522 | ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) ); |
markrad | 0:cdf462088d13 | 5523 | } |
markrad | 0:cdf462088d13 | 5524 | |
markrad | 0:cdf462088d13 | 5525 | /* All pointers should exist and can be directly freed without issue */ |
markrad | 0:cdf462088d13 | 5526 | if( ssl->handshake == NULL || |
markrad | 0:cdf462088d13 | 5527 | ssl->transform_negotiate == NULL || |
markrad | 0:cdf462088d13 | 5528 | ssl->session_negotiate == NULL ) |
markrad | 0:cdf462088d13 | 5529 | { |
markrad | 0:cdf462088d13 | 5530 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) ); |
markrad | 0:cdf462088d13 | 5531 | |
markrad | 0:cdf462088d13 | 5532 | mbedtls_free( ssl->handshake ); |
markrad | 0:cdf462088d13 | 5533 | mbedtls_free( ssl->transform_negotiate ); |
markrad | 0:cdf462088d13 | 5534 | mbedtls_free( ssl->session_negotiate ); |
markrad | 0:cdf462088d13 | 5535 | |
markrad | 0:cdf462088d13 | 5536 | ssl->handshake = NULL; |
markrad | 0:cdf462088d13 | 5537 | ssl->transform_negotiate = NULL; |
markrad | 0:cdf462088d13 | 5538 | ssl->session_negotiate = NULL; |
markrad | 0:cdf462088d13 | 5539 | |
markrad | 0:cdf462088d13 | 5540 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 5541 | } |
markrad | 0:cdf462088d13 | 5542 | |
markrad | 0:cdf462088d13 | 5543 | /* Initialize structures */ |
markrad | 0:cdf462088d13 | 5544 | mbedtls_ssl_session_init( ssl->session_negotiate ); |
markrad | 0:cdf462088d13 | 5545 | ssl_transform_init( ssl->transform_negotiate ); |
markrad | 0:cdf462088d13 | 5546 | ssl_handshake_params_init( ssl->handshake ); |
markrad | 0:cdf462088d13 | 5547 | |
markrad | 0:cdf462088d13 | 5548 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5549 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 5550 | { |
markrad | 0:cdf462088d13 | 5551 | ssl->handshake->alt_transform_out = ssl->transform_out; |
markrad | 0:cdf462088d13 | 5552 | |
markrad | 0:cdf462088d13 | 5553 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 5554 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; |
markrad | 0:cdf462088d13 | 5555 | else |
markrad | 0:cdf462088d13 | 5556 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
markrad | 0:cdf462088d13 | 5557 | |
markrad | 0:cdf462088d13 | 5558 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 5559 | } |
markrad | 0:cdf462088d13 | 5560 | #endif |
markrad | 0:cdf462088d13 | 5561 | |
markrad | 0:cdf462088d13 | 5562 | return( 0 ); |
markrad | 0:cdf462088d13 | 5563 | } |
markrad | 0:cdf462088d13 | 5564 | |
markrad | 0:cdf462088d13 | 5565 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 5566 | /* Dummy cookie callbacks for defaults */ |
markrad | 0:cdf462088d13 | 5567 | static int ssl_cookie_write_dummy( void *ctx, |
markrad | 0:cdf462088d13 | 5568 | unsigned char **p, unsigned char *end, |
markrad | 0:cdf462088d13 | 5569 | const unsigned char *cli_id, size_t cli_id_len ) |
markrad | 0:cdf462088d13 | 5570 | { |
markrad | 0:cdf462088d13 | 5571 | ((void) ctx); |
markrad | 0:cdf462088d13 | 5572 | ((void) p); |
markrad | 0:cdf462088d13 | 5573 | ((void) end); |
markrad | 0:cdf462088d13 | 5574 | ((void) cli_id); |
markrad | 0:cdf462088d13 | 5575 | ((void) cli_id_len); |
markrad | 0:cdf462088d13 | 5576 | |
markrad | 0:cdf462088d13 | 5577 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 5578 | } |
markrad | 0:cdf462088d13 | 5579 | |
markrad | 0:cdf462088d13 | 5580 | static int ssl_cookie_check_dummy( void *ctx, |
markrad | 0:cdf462088d13 | 5581 | const unsigned char *cookie, size_t cookie_len, |
markrad | 0:cdf462088d13 | 5582 | const unsigned char *cli_id, size_t cli_id_len ) |
markrad | 0:cdf462088d13 | 5583 | { |
markrad | 0:cdf462088d13 | 5584 | ((void) ctx); |
markrad | 0:cdf462088d13 | 5585 | ((void) cookie); |
markrad | 0:cdf462088d13 | 5586 | ((void) cookie_len); |
markrad | 0:cdf462088d13 | 5587 | ((void) cli_id); |
markrad | 0:cdf462088d13 | 5588 | ((void) cli_id_len); |
markrad | 0:cdf462088d13 | 5589 | |
markrad | 0:cdf462088d13 | 5590 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 5591 | } |
markrad | 0:cdf462088d13 | 5592 | #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 5593 | |
markrad | 0:cdf462088d13 | 5594 | /* |
markrad | 0:cdf462088d13 | 5595 | * Initialize an SSL context |
markrad | 0:cdf462088d13 | 5596 | */ |
markrad | 0:cdf462088d13 | 5597 | void mbedtls_ssl_init( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 5598 | { |
markrad | 0:cdf462088d13 | 5599 | memset( ssl, 0, sizeof( mbedtls_ssl_context ) ); |
markrad | 0:cdf462088d13 | 5600 | } |
markrad | 0:cdf462088d13 | 5601 | |
markrad | 0:cdf462088d13 | 5602 | /* |
markrad | 0:cdf462088d13 | 5603 | * Setup an SSL context |
markrad | 0:cdf462088d13 | 5604 | */ |
markrad | 0:cdf462088d13 | 5605 | int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 5606 | const mbedtls_ssl_config *conf ) |
markrad | 0:cdf462088d13 | 5607 | { |
markrad | 0:cdf462088d13 | 5608 | int ret; |
markrad | 0:cdf462088d13 | 5609 | const size_t len = MBEDTLS_SSL_BUFFER_LEN; |
markrad | 0:cdf462088d13 | 5610 | |
markrad | 0:cdf462088d13 | 5611 | ssl->conf = conf; |
markrad | 0:cdf462088d13 | 5612 | |
markrad | 0:cdf462088d13 | 5613 | /* |
markrad | 0:cdf462088d13 | 5614 | * Prepare base structures |
markrad | 0:cdf462088d13 | 5615 | */ |
markrad | 0:cdf462088d13 | 5616 | if( ( ssl-> in_buf = mbedtls_calloc( 1, len ) ) == NULL || |
markrad | 0:cdf462088d13 | 5617 | ( ssl->out_buf = mbedtls_calloc( 1, len ) ) == NULL ) |
markrad | 0:cdf462088d13 | 5618 | { |
markrad | 0:cdf462088d13 | 5619 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", len ) ); |
markrad | 0:cdf462088d13 | 5620 | mbedtls_free( ssl->in_buf ); |
markrad | 0:cdf462088d13 | 5621 | ssl->in_buf = NULL; |
markrad | 0:cdf462088d13 | 5622 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 5623 | } |
markrad | 0:cdf462088d13 | 5624 | |
markrad | 0:cdf462088d13 | 5625 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5626 | if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 5627 | { |
markrad | 0:cdf462088d13 | 5628 | ssl->out_hdr = ssl->out_buf; |
markrad | 0:cdf462088d13 | 5629 | ssl->out_ctr = ssl->out_buf + 3; |
markrad | 0:cdf462088d13 | 5630 | ssl->out_len = ssl->out_buf + 11; |
markrad | 0:cdf462088d13 | 5631 | ssl->out_iv = ssl->out_buf + 13; |
markrad | 0:cdf462088d13 | 5632 | ssl->out_msg = ssl->out_buf + 13; |
markrad | 0:cdf462088d13 | 5633 | |
markrad | 0:cdf462088d13 | 5634 | ssl->in_hdr = ssl->in_buf; |
markrad | 0:cdf462088d13 | 5635 | ssl->in_ctr = ssl->in_buf + 3; |
markrad | 0:cdf462088d13 | 5636 | ssl->in_len = ssl->in_buf + 11; |
markrad | 0:cdf462088d13 | 5637 | ssl->in_iv = ssl->in_buf + 13; |
markrad | 0:cdf462088d13 | 5638 | ssl->in_msg = ssl->in_buf + 13; |
markrad | 0:cdf462088d13 | 5639 | } |
markrad | 0:cdf462088d13 | 5640 | else |
markrad | 0:cdf462088d13 | 5641 | #endif |
markrad | 0:cdf462088d13 | 5642 | { |
markrad | 0:cdf462088d13 | 5643 | ssl->out_ctr = ssl->out_buf; |
markrad | 0:cdf462088d13 | 5644 | ssl->out_hdr = ssl->out_buf + 8; |
markrad | 0:cdf462088d13 | 5645 | ssl->out_len = ssl->out_buf + 11; |
markrad | 0:cdf462088d13 | 5646 | ssl->out_iv = ssl->out_buf + 13; |
markrad | 0:cdf462088d13 | 5647 | ssl->out_msg = ssl->out_buf + 13; |
markrad | 0:cdf462088d13 | 5648 | |
markrad | 0:cdf462088d13 | 5649 | ssl->in_ctr = ssl->in_buf; |
markrad | 0:cdf462088d13 | 5650 | ssl->in_hdr = ssl->in_buf + 8; |
markrad | 0:cdf462088d13 | 5651 | ssl->in_len = ssl->in_buf + 11; |
markrad | 0:cdf462088d13 | 5652 | ssl->in_iv = ssl->in_buf + 13; |
markrad | 0:cdf462088d13 | 5653 | ssl->in_msg = ssl->in_buf + 13; |
markrad | 0:cdf462088d13 | 5654 | } |
markrad | 0:cdf462088d13 | 5655 | |
markrad | 0:cdf462088d13 | 5656 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5657 | return( ret ); |
markrad | 0:cdf462088d13 | 5658 | |
markrad | 0:cdf462088d13 | 5659 | return( 0 ); |
markrad | 0:cdf462088d13 | 5660 | } |
markrad | 0:cdf462088d13 | 5661 | |
markrad | 0:cdf462088d13 | 5662 | /* |
markrad | 0:cdf462088d13 | 5663 | * Reset an initialized and used SSL context for re-use while retaining |
markrad | 0:cdf462088d13 | 5664 | * all application-set variables, function pointers and data. |
markrad | 0:cdf462088d13 | 5665 | * |
markrad | 0:cdf462088d13 | 5666 | * If partial is non-zero, keep data in the input buffer and client ID. |
markrad | 0:cdf462088d13 | 5667 | * (Use when a DTLS client reconnects from the same port.) |
markrad | 0:cdf462088d13 | 5668 | */ |
markrad | 0:cdf462088d13 | 5669 | static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) |
markrad | 0:cdf462088d13 | 5670 | { |
markrad | 0:cdf462088d13 | 5671 | int ret; |
markrad | 0:cdf462088d13 | 5672 | |
markrad | 0:cdf462088d13 | 5673 | ssl->state = MBEDTLS_SSL_HELLO_REQUEST; |
markrad | 0:cdf462088d13 | 5674 | |
markrad | 0:cdf462088d13 | 5675 | /* Cancel any possibly running timer */ |
markrad | 0:cdf462088d13 | 5676 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 5677 | |
markrad | 0:cdf462088d13 | 5678 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 5679 | ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; |
markrad | 0:cdf462088d13 | 5680 | ssl->renego_records_seen = 0; |
markrad | 0:cdf462088d13 | 5681 | |
markrad | 0:cdf462088d13 | 5682 | ssl->verify_data_len = 0; |
markrad | 0:cdf462088d13 | 5683 | memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); |
markrad | 0:cdf462088d13 | 5684 | memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); |
markrad | 0:cdf462088d13 | 5685 | #endif |
markrad | 0:cdf462088d13 | 5686 | ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; |
markrad | 0:cdf462088d13 | 5687 | |
markrad | 0:cdf462088d13 | 5688 | ssl->in_offt = NULL; |
markrad | 0:cdf462088d13 | 5689 | |
markrad | 0:cdf462088d13 | 5690 | ssl->in_msg = ssl->in_buf + 13; |
markrad | 0:cdf462088d13 | 5691 | ssl->in_msgtype = 0; |
markrad | 0:cdf462088d13 | 5692 | ssl->in_msglen = 0; |
markrad | 0:cdf462088d13 | 5693 | if( partial == 0 ) |
markrad | 0:cdf462088d13 | 5694 | ssl->in_left = 0; |
markrad | 0:cdf462088d13 | 5695 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5696 | ssl->next_record_offset = 0; |
markrad | 0:cdf462088d13 | 5697 | ssl->in_epoch = 0; |
markrad | 0:cdf462088d13 | 5698 | #endif |
markrad | 0:cdf462088d13 | 5699 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 5700 | ssl_dtls_replay_reset( ssl ); |
markrad | 0:cdf462088d13 | 5701 | #endif |
markrad | 0:cdf462088d13 | 5702 | |
markrad | 0:cdf462088d13 | 5703 | ssl->in_hslen = 0; |
markrad | 0:cdf462088d13 | 5704 | ssl->nb_zero = 0; |
Jasper Wallace |
2:bbdeda018a3c | 5705 | |
Jasper Wallace |
2:bbdeda018a3c | 5706 | ssl->keep_current_message = 0; |
markrad | 0:cdf462088d13 | 5707 | |
markrad | 0:cdf462088d13 | 5708 | ssl->out_msg = ssl->out_buf + 13; |
markrad | 0:cdf462088d13 | 5709 | ssl->out_msgtype = 0; |
markrad | 0:cdf462088d13 | 5710 | ssl->out_msglen = 0; |
markrad | 0:cdf462088d13 | 5711 | ssl->out_left = 0; |
markrad | 0:cdf462088d13 | 5712 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
markrad | 0:cdf462088d13 | 5713 | if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ) |
markrad | 0:cdf462088d13 | 5714 | ssl->split_done = 0; |
markrad | 0:cdf462088d13 | 5715 | #endif |
markrad | 0:cdf462088d13 | 5716 | |
markrad | 0:cdf462088d13 | 5717 | ssl->transform_in = NULL; |
markrad | 0:cdf462088d13 | 5718 | ssl->transform_out = NULL; |
markrad | 0:cdf462088d13 | 5719 | |
markrad | 0:cdf462088d13 | 5720 | memset( ssl->out_buf, 0, MBEDTLS_SSL_BUFFER_LEN ); |
markrad | 0:cdf462088d13 | 5721 | if( partial == 0 ) |
markrad | 0:cdf462088d13 | 5722 | memset( ssl->in_buf, 0, MBEDTLS_SSL_BUFFER_LEN ); |
markrad | 0:cdf462088d13 | 5723 | |
markrad | 0:cdf462088d13 | 5724 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 5725 | if( mbedtls_ssl_hw_record_reset != NULL ) |
markrad | 0:cdf462088d13 | 5726 | { |
markrad | 0:cdf462088d13 | 5727 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_reset()" ) ); |
markrad | 0:cdf462088d13 | 5728 | if( ( ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5729 | { |
markrad | 0:cdf462088d13 | 5730 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_reset", ret ); |
markrad | 0:cdf462088d13 | 5731 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
markrad | 0:cdf462088d13 | 5732 | } |
markrad | 0:cdf462088d13 | 5733 | } |
markrad | 0:cdf462088d13 | 5734 | #endif |
markrad | 0:cdf462088d13 | 5735 | |
markrad | 0:cdf462088d13 | 5736 | if( ssl->transform ) |
markrad | 0:cdf462088d13 | 5737 | { |
markrad | 0:cdf462088d13 | 5738 | mbedtls_ssl_transform_free( ssl->transform ); |
markrad | 0:cdf462088d13 | 5739 | mbedtls_free( ssl->transform ); |
markrad | 0:cdf462088d13 | 5740 | ssl->transform = NULL; |
markrad | 0:cdf462088d13 | 5741 | } |
markrad | 0:cdf462088d13 | 5742 | |
markrad | 0:cdf462088d13 | 5743 | if( ssl->session ) |
markrad | 0:cdf462088d13 | 5744 | { |
markrad | 0:cdf462088d13 | 5745 | mbedtls_ssl_session_free( ssl->session ); |
markrad | 0:cdf462088d13 | 5746 | mbedtls_free( ssl->session ); |
markrad | 0:cdf462088d13 | 5747 | ssl->session = NULL; |
markrad | 0:cdf462088d13 | 5748 | } |
markrad | 0:cdf462088d13 | 5749 | |
markrad | 0:cdf462088d13 | 5750 | #if defined(MBEDTLS_SSL_ALPN) |
markrad | 0:cdf462088d13 | 5751 | ssl->alpn_chosen = NULL; |
markrad | 0:cdf462088d13 | 5752 | #endif |
markrad | 0:cdf462088d13 | 5753 | |
markrad | 0:cdf462088d13 | 5754 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 5755 | if( partial == 0 ) |
markrad | 0:cdf462088d13 | 5756 | { |
markrad | 0:cdf462088d13 | 5757 | mbedtls_free( ssl->cli_id ); |
markrad | 0:cdf462088d13 | 5758 | ssl->cli_id = NULL; |
markrad | 0:cdf462088d13 | 5759 | ssl->cli_id_len = 0; |
markrad | 0:cdf462088d13 | 5760 | } |
markrad | 0:cdf462088d13 | 5761 | #endif |
markrad | 0:cdf462088d13 | 5762 | |
markrad | 0:cdf462088d13 | 5763 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5764 | return( ret ); |
markrad | 0:cdf462088d13 | 5765 | |
markrad | 0:cdf462088d13 | 5766 | return( 0 ); |
markrad | 0:cdf462088d13 | 5767 | } |
markrad | 0:cdf462088d13 | 5768 | |
markrad | 0:cdf462088d13 | 5769 | /* |
markrad | 0:cdf462088d13 | 5770 | * Reset an initialized and used SSL context for re-use while retaining |
markrad | 0:cdf462088d13 | 5771 | * all application-set variables, function pointers and data. |
markrad | 0:cdf462088d13 | 5772 | */ |
markrad | 0:cdf462088d13 | 5773 | int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 5774 | { |
markrad | 0:cdf462088d13 | 5775 | return( ssl_session_reset_int( ssl, 0 ) ); |
markrad | 0:cdf462088d13 | 5776 | } |
markrad | 0:cdf462088d13 | 5777 | |
markrad | 0:cdf462088d13 | 5778 | /* |
markrad | 0:cdf462088d13 | 5779 | * SSL set accessors |
markrad | 0:cdf462088d13 | 5780 | */ |
markrad | 0:cdf462088d13 | 5781 | void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ) |
markrad | 0:cdf462088d13 | 5782 | { |
markrad | 0:cdf462088d13 | 5783 | conf->endpoint = endpoint; |
markrad | 0:cdf462088d13 | 5784 | } |
markrad | 0:cdf462088d13 | 5785 | |
markrad | 0:cdf462088d13 | 5786 | void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ) |
markrad | 0:cdf462088d13 | 5787 | { |
markrad | 0:cdf462088d13 | 5788 | conf->transport = transport; |
markrad | 0:cdf462088d13 | 5789 | } |
markrad | 0:cdf462088d13 | 5790 | |
markrad | 0:cdf462088d13 | 5791 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 5792 | void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ) |
markrad | 0:cdf462088d13 | 5793 | { |
markrad | 0:cdf462088d13 | 5794 | conf->anti_replay = mode; |
markrad | 0:cdf462088d13 | 5795 | } |
markrad | 0:cdf462088d13 | 5796 | #endif |
markrad | 0:cdf462088d13 | 5797 | |
markrad | 0:cdf462088d13 | 5798 | #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) |
markrad | 0:cdf462088d13 | 5799 | void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ) |
markrad | 0:cdf462088d13 | 5800 | { |
markrad | 0:cdf462088d13 | 5801 | conf->badmac_limit = limit; |
markrad | 0:cdf462088d13 | 5802 | } |
markrad | 0:cdf462088d13 | 5803 | #endif |
markrad | 0:cdf462088d13 | 5804 | |
markrad | 0:cdf462088d13 | 5805 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 5806 | void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ) |
markrad | 0:cdf462088d13 | 5807 | { |
markrad | 0:cdf462088d13 | 5808 | conf->hs_timeout_min = min; |
markrad | 0:cdf462088d13 | 5809 | conf->hs_timeout_max = max; |
markrad | 0:cdf462088d13 | 5810 | } |
markrad | 0:cdf462088d13 | 5811 | #endif |
markrad | 0:cdf462088d13 | 5812 | |
markrad | 0:cdf462088d13 | 5813 | void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ) |
markrad | 0:cdf462088d13 | 5814 | { |
markrad | 0:cdf462088d13 | 5815 | conf->authmode = authmode; |
markrad | 0:cdf462088d13 | 5816 | } |
markrad | 0:cdf462088d13 | 5817 | |
markrad | 0:cdf462088d13 | 5818 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 5819 | void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5820 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
markrad | 0:cdf462088d13 | 5821 | void *p_vrfy ) |
markrad | 0:cdf462088d13 | 5822 | { |
markrad | 0:cdf462088d13 | 5823 | conf->f_vrfy = f_vrfy; |
markrad | 0:cdf462088d13 | 5824 | conf->p_vrfy = p_vrfy; |
markrad | 0:cdf462088d13 | 5825 | } |
markrad | 0:cdf462088d13 | 5826 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
markrad | 0:cdf462088d13 | 5827 | |
markrad | 0:cdf462088d13 | 5828 | void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5829 | int (*f_rng)(void *, unsigned char *, size_t), |
markrad | 0:cdf462088d13 | 5830 | void *p_rng ) |
markrad | 0:cdf462088d13 | 5831 | { |
markrad | 0:cdf462088d13 | 5832 | conf->f_rng = f_rng; |
markrad | 0:cdf462088d13 | 5833 | conf->p_rng = p_rng; |
markrad | 0:cdf462088d13 | 5834 | } |
markrad | 0:cdf462088d13 | 5835 | |
markrad | 0:cdf462088d13 | 5836 | void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5837 | void (*f_dbg)(void *, int, const char *, int, const char *), |
markrad | 0:cdf462088d13 | 5838 | void *p_dbg ) |
markrad | 0:cdf462088d13 | 5839 | { |
markrad | 0:cdf462088d13 | 5840 | conf->f_dbg = f_dbg; |
markrad | 0:cdf462088d13 | 5841 | conf->p_dbg = p_dbg; |
markrad | 0:cdf462088d13 | 5842 | } |
markrad | 0:cdf462088d13 | 5843 | |
markrad | 0:cdf462088d13 | 5844 | void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 5845 | void *p_bio, |
markrad | 0:cdf462088d13 | 5846 | mbedtls_ssl_send_t *f_send, |
markrad | 0:cdf462088d13 | 5847 | mbedtls_ssl_recv_t *f_recv, |
markrad | 0:cdf462088d13 | 5848 | mbedtls_ssl_recv_timeout_t *f_recv_timeout ) |
markrad | 0:cdf462088d13 | 5849 | { |
markrad | 0:cdf462088d13 | 5850 | ssl->p_bio = p_bio; |
markrad | 0:cdf462088d13 | 5851 | ssl->f_send = f_send; |
markrad | 0:cdf462088d13 | 5852 | ssl->f_recv = f_recv; |
markrad | 0:cdf462088d13 | 5853 | ssl->f_recv_timeout = f_recv_timeout; |
markrad | 0:cdf462088d13 | 5854 | } |
markrad | 0:cdf462088d13 | 5855 | |
markrad | 0:cdf462088d13 | 5856 | void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) |
markrad | 0:cdf462088d13 | 5857 | { |
markrad | 0:cdf462088d13 | 5858 | conf->read_timeout = timeout; |
markrad | 0:cdf462088d13 | 5859 | } |
markrad | 0:cdf462088d13 | 5860 | |
markrad | 0:cdf462088d13 | 5861 | void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 5862 | void *p_timer, |
markrad | 0:cdf462088d13 | 5863 | mbedtls_ssl_set_timer_t *f_set_timer, |
markrad | 0:cdf462088d13 | 5864 | mbedtls_ssl_get_timer_t *f_get_timer ) |
markrad | 0:cdf462088d13 | 5865 | { |
markrad | 0:cdf462088d13 | 5866 | ssl->p_timer = p_timer; |
markrad | 0:cdf462088d13 | 5867 | ssl->f_set_timer = f_set_timer; |
markrad | 0:cdf462088d13 | 5868 | ssl->f_get_timer = f_get_timer; |
markrad | 0:cdf462088d13 | 5869 | |
markrad | 0:cdf462088d13 | 5870 | /* Make sure we start with no timer running */ |
markrad | 0:cdf462088d13 | 5871 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 5872 | } |
markrad | 0:cdf462088d13 | 5873 | |
markrad | 0:cdf462088d13 | 5874 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 5875 | void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5876 | void *p_cache, |
markrad | 0:cdf462088d13 | 5877 | int (*f_get_cache)(void *, mbedtls_ssl_session *), |
markrad | 0:cdf462088d13 | 5878 | int (*f_set_cache)(void *, const mbedtls_ssl_session *) ) |
markrad | 0:cdf462088d13 | 5879 | { |
markrad | 0:cdf462088d13 | 5880 | conf->p_cache = p_cache; |
markrad | 0:cdf462088d13 | 5881 | conf->f_get_cache = f_get_cache; |
markrad | 0:cdf462088d13 | 5882 | conf->f_set_cache = f_set_cache; |
markrad | 0:cdf462088d13 | 5883 | } |
markrad | 0:cdf462088d13 | 5884 | #endif /* MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 5885 | |
markrad | 0:cdf462088d13 | 5886 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 5887 | int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ) |
markrad | 0:cdf462088d13 | 5888 | { |
markrad | 0:cdf462088d13 | 5889 | int ret; |
markrad | 0:cdf462088d13 | 5890 | |
markrad | 0:cdf462088d13 | 5891 | if( ssl == NULL || |
markrad | 0:cdf462088d13 | 5892 | session == NULL || |
markrad | 0:cdf462088d13 | 5893 | ssl->session_negotiate == NULL || |
markrad | 0:cdf462088d13 | 5894 | ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 5895 | { |
markrad | 0:cdf462088d13 | 5896 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 5897 | } |
markrad | 0:cdf462088d13 | 5898 | |
markrad | 0:cdf462088d13 | 5899 | if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 ) |
markrad | 0:cdf462088d13 | 5900 | return( ret ); |
markrad | 0:cdf462088d13 | 5901 | |
markrad | 0:cdf462088d13 | 5902 | ssl->handshake->resume = 1; |
markrad | 0:cdf462088d13 | 5903 | |
markrad | 0:cdf462088d13 | 5904 | return( 0 ); |
markrad | 0:cdf462088d13 | 5905 | } |
markrad | 0:cdf462088d13 | 5906 | #endif /* MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 5907 | |
markrad | 0:cdf462088d13 | 5908 | void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5909 | const int *ciphersuites ) |
markrad | 0:cdf462088d13 | 5910 | { |
markrad | 0:cdf462088d13 | 5911 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites; |
markrad | 0:cdf462088d13 | 5912 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites; |
markrad | 0:cdf462088d13 | 5913 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites; |
markrad | 0:cdf462088d13 | 5914 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites; |
markrad | 0:cdf462088d13 | 5915 | } |
markrad | 0:cdf462088d13 | 5916 | |
markrad | 0:cdf462088d13 | 5917 | void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5918 | const int *ciphersuites, |
markrad | 0:cdf462088d13 | 5919 | int major, int minor ) |
markrad | 0:cdf462088d13 | 5920 | { |
markrad | 0:cdf462088d13 | 5921 | if( major != MBEDTLS_SSL_MAJOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 5922 | return; |
markrad | 0:cdf462088d13 | 5923 | |
markrad | 0:cdf462088d13 | 5924 | if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 5925 | return; |
markrad | 0:cdf462088d13 | 5926 | |
markrad | 0:cdf462088d13 | 5927 | conf->ciphersuite_list[minor] = ciphersuites; |
markrad | 0:cdf462088d13 | 5928 | } |
markrad | 0:cdf462088d13 | 5929 | |
markrad | 0:cdf462088d13 | 5930 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 5931 | void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5932 | const mbedtls_x509_crt_profile *profile ) |
markrad | 0:cdf462088d13 | 5933 | { |
markrad | 0:cdf462088d13 | 5934 | conf->cert_profile = profile; |
markrad | 0:cdf462088d13 | 5935 | } |
markrad | 0:cdf462088d13 | 5936 | |
markrad | 0:cdf462088d13 | 5937 | /* Append a new keycert entry to a (possibly empty) list */ |
markrad | 0:cdf462088d13 | 5938 | static int ssl_append_key_cert( mbedtls_ssl_key_cert **head, |
markrad | 0:cdf462088d13 | 5939 | mbedtls_x509_crt *cert, |
markrad | 0:cdf462088d13 | 5940 | mbedtls_pk_context *key ) |
markrad | 0:cdf462088d13 | 5941 | { |
markrad | 0:cdf462088d13 | 5942 | mbedtls_ssl_key_cert *new; |
markrad | 0:cdf462088d13 | 5943 | |
markrad | 0:cdf462088d13 | 5944 | new = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) ); |
markrad | 0:cdf462088d13 | 5945 | if( new == NULL ) |
markrad | 0:cdf462088d13 | 5946 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 5947 | |
markrad | 0:cdf462088d13 | 5948 | new->cert = cert; |
markrad | 0:cdf462088d13 | 5949 | new->key = key; |
markrad | 0:cdf462088d13 | 5950 | new->next = NULL; |
markrad | 0:cdf462088d13 | 5951 | |
markrad | 0:cdf462088d13 | 5952 | /* Update head is the list was null, else add to the end */ |
markrad | 0:cdf462088d13 | 5953 | if( *head == NULL ) |
markrad | 0:cdf462088d13 | 5954 | { |
markrad | 0:cdf462088d13 | 5955 | *head = new; |
markrad | 0:cdf462088d13 | 5956 | } |
markrad | 0:cdf462088d13 | 5957 | else |
markrad | 0:cdf462088d13 | 5958 | { |
markrad | 0:cdf462088d13 | 5959 | mbedtls_ssl_key_cert *cur = *head; |
markrad | 0:cdf462088d13 | 5960 | while( cur->next != NULL ) |
markrad | 0:cdf462088d13 | 5961 | cur = cur->next; |
markrad | 0:cdf462088d13 | 5962 | cur->next = new; |
markrad | 0:cdf462088d13 | 5963 | } |
markrad | 0:cdf462088d13 | 5964 | |
markrad | 0:cdf462088d13 | 5965 | return( 0 ); |
markrad | 0:cdf462088d13 | 5966 | } |
markrad | 0:cdf462088d13 | 5967 | |
markrad | 0:cdf462088d13 | 5968 | int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5969 | mbedtls_x509_crt *own_cert, |
markrad | 0:cdf462088d13 | 5970 | mbedtls_pk_context *pk_key ) |
markrad | 0:cdf462088d13 | 5971 | { |
markrad | 0:cdf462088d13 | 5972 | return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) ); |
markrad | 0:cdf462088d13 | 5973 | } |
markrad | 0:cdf462088d13 | 5974 | |
markrad | 0:cdf462088d13 | 5975 | void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 5976 | mbedtls_x509_crt *ca_chain, |
markrad | 0:cdf462088d13 | 5977 | mbedtls_x509_crl *ca_crl ) |
markrad | 0:cdf462088d13 | 5978 | { |
markrad | 0:cdf462088d13 | 5979 | conf->ca_chain = ca_chain; |
markrad | 0:cdf462088d13 | 5980 | conf->ca_crl = ca_crl; |
markrad | 0:cdf462088d13 | 5981 | } |
markrad | 0:cdf462088d13 | 5982 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
markrad | 0:cdf462088d13 | 5983 | |
markrad | 0:cdf462088d13 | 5984 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
markrad | 0:cdf462088d13 | 5985 | int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 5986 | mbedtls_x509_crt *own_cert, |
markrad | 0:cdf462088d13 | 5987 | mbedtls_pk_context *pk_key ) |
markrad | 0:cdf462088d13 | 5988 | { |
markrad | 0:cdf462088d13 | 5989 | return( ssl_append_key_cert( &ssl->handshake->sni_key_cert, |
markrad | 0:cdf462088d13 | 5990 | own_cert, pk_key ) ); |
markrad | 0:cdf462088d13 | 5991 | } |
markrad | 0:cdf462088d13 | 5992 | |
markrad | 0:cdf462088d13 | 5993 | void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 5994 | mbedtls_x509_crt *ca_chain, |
markrad | 0:cdf462088d13 | 5995 | mbedtls_x509_crl *ca_crl ) |
markrad | 0:cdf462088d13 | 5996 | { |
markrad | 0:cdf462088d13 | 5997 | ssl->handshake->sni_ca_chain = ca_chain; |
markrad | 0:cdf462088d13 | 5998 | ssl->handshake->sni_ca_crl = ca_crl; |
markrad | 0:cdf462088d13 | 5999 | } |
markrad | 0:cdf462088d13 | 6000 | |
markrad | 0:cdf462088d13 | 6001 | void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 6002 | int authmode ) |
markrad | 0:cdf462088d13 | 6003 | { |
markrad | 0:cdf462088d13 | 6004 | ssl->handshake->sni_authmode = authmode; |
markrad | 0:cdf462088d13 | 6005 | } |
markrad | 0:cdf462088d13 | 6006 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
markrad | 0:cdf462088d13 | 6007 | |
markrad | 0:cdf462088d13 | 6008 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
markrad | 0:cdf462088d13 | 6009 | /* |
markrad | 0:cdf462088d13 | 6010 | * Set EC J-PAKE password for current handshake |
markrad | 0:cdf462088d13 | 6011 | */ |
markrad | 0:cdf462088d13 | 6012 | int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 6013 | const unsigned char *pw, |
markrad | 0:cdf462088d13 | 6014 | size_t pw_len ) |
markrad | 0:cdf462088d13 | 6015 | { |
markrad | 0:cdf462088d13 | 6016 | mbedtls_ecjpake_role role; |
markrad | 0:cdf462088d13 | 6017 | |
markrad | 0:cdf462088d13 | 6018 | if( ssl->handshake == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 6019 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6020 | |
markrad | 0:cdf462088d13 | 6021 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 6022 | role = MBEDTLS_ECJPAKE_SERVER; |
markrad | 0:cdf462088d13 | 6023 | else |
markrad | 0:cdf462088d13 | 6024 | role = MBEDTLS_ECJPAKE_CLIENT; |
markrad | 0:cdf462088d13 | 6025 | |
markrad | 0:cdf462088d13 | 6026 | return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx, |
markrad | 0:cdf462088d13 | 6027 | role, |
markrad | 0:cdf462088d13 | 6028 | MBEDTLS_MD_SHA256, |
markrad | 0:cdf462088d13 | 6029 | MBEDTLS_ECP_DP_SECP256R1, |
markrad | 0:cdf462088d13 | 6030 | pw, pw_len ) ); |
markrad | 0:cdf462088d13 | 6031 | } |
markrad | 0:cdf462088d13 | 6032 | #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
markrad | 0:cdf462088d13 | 6033 | |
markrad | 0:cdf462088d13 | 6034 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
markrad | 0:cdf462088d13 | 6035 | int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 6036 | const unsigned char *psk, size_t psk_len, |
markrad | 0:cdf462088d13 | 6037 | const unsigned char *psk_identity, size_t psk_identity_len ) |
markrad | 0:cdf462088d13 | 6038 | { |
markrad | 0:cdf462088d13 | 6039 | if( psk == NULL || psk_identity == NULL ) |
markrad | 0:cdf462088d13 | 6040 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6041 | |
markrad | 0:cdf462088d13 | 6042 | if( psk_len > MBEDTLS_PSK_MAX_LEN ) |
markrad | 0:cdf462088d13 | 6043 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6044 | |
markrad | 0:cdf462088d13 | 6045 | /* Identity len will be encoded on two bytes */ |
markrad | 0:cdf462088d13 | 6046 | if( ( psk_identity_len >> 16 ) != 0 || |
markrad | 0:cdf462088d13 | 6047 | psk_identity_len > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
markrad | 0:cdf462088d13 | 6048 | { |
markrad | 0:cdf462088d13 | 6049 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6050 | } |
markrad | 0:cdf462088d13 | 6051 | |
markrad | 0:cdf462088d13 | 6052 | if( conf->psk != NULL || conf->psk_identity != NULL ) |
markrad | 0:cdf462088d13 | 6053 | { |
markrad | 0:cdf462088d13 | 6054 | mbedtls_free( conf->psk ); |
markrad | 0:cdf462088d13 | 6055 | mbedtls_free( conf->psk_identity ); |
markrad | 0:cdf462088d13 | 6056 | conf->psk = NULL; |
markrad | 0:cdf462088d13 | 6057 | conf->psk_identity = NULL; |
markrad | 0:cdf462088d13 | 6058 | } |
markrad | 0:cdf462088d13 | 6059 | |
markrad | 0:cdf462088d13 | 6060 | if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL || |
markrad | 0:cdf462088d13 | 6061 | ( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL ) |
markrad | 0:cdf462088d13 | 6062 | { |
markrad | 0:cdf462088d13 | 6063 | mbedtls_free( conf->psk ); |
markrad | 0:cdf462088d13 | 6064 | mbedtls_free( conf->psk_identity ); |
markrad | 0:cdf462088d13 | 6065 | conf->psk = NULL; |
markrad | 0:cdf462088d13 | 6066 | conf->psk_identity = NULL; |
markrad | 0:cdf462088d13 | 6067 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 6068 | } |
markrad | 0:cdf462088d13 | 6069 | |
markrad | 0:cdf462088d13 | 6070 | conf->psk_len = psk_len; |
markrad | 0:cdf462088d13 | 6071 | conf->psk_identity_len = psk_identity_len; |
markrad | 0:cdf462088d13 | 6072 | |
markrad | 0:cdf462088d13 | 6073 | memcpy( conf->psk, psk, conf->psk_len ); |
markrad | 0:cdf462088d13 | 6074 | memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len ); |
markrad | 0:cdf462088d13 | 6075 | |
markrad | 0:cdf462088d13 | 6076 | return( 0 ); |
markrad | 0:cdf462088d13 | 6077 | } |
markrad | 0:cdf462088d13 | 6078 | |
markrad | 0:cdf462088d13 | 6079 | int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 6080 | const unsigned char *psk, size_t psk_len ) |
markrad | 0:cdf462088d13 | 6081 | { |
markrad | 0:cdf462088d13 | 6082 | if( psk == NULL || ssl->handshake == NULL ) |
markrad | 0:cdf462088d13 | 6083 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6084 | |
markrad | 0:cdf462088d13 | 6085 | if( psk_len > MBEDTLS_PSK_MAX_LEN ) |
markrad | 0:cdf462088d13 | 6086 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6087 | |
markrad | 0:cdf462088d13 | 6088 | if( ssl->handshake->psk != NULL ) |
markrad | 0:cdf462088d13 | 6089 | mbedtls_free( ssl->handshake->psk ); |
markrad | 0:cdf462088d13 | 6090 | |
markrad | 0:cdf462088d13 | 6091 | if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) |
markrad | 0:cdf462088d13 | 6092 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 6093 | |
markrad | 0:cdf462088d13 | 6094 | ssl->handshake->psk_len = psk_len; |
markrad | 0:cdf462088d13 | 6095 | memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len ); |
markrad | 0:cdf462088d13 | 6096 | |
markrad | 0:cdf462088d13 | 6097 | return( 0 ); |
markrad | 0:cdf462088d13 | 6098 | } |
markrad | 0:cdf462088d13 | 6099 | |
markrad | 0:cdf462088d13 | 6100 | void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 6101 | int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, |
markrad | 0:cdf462088d13 | 6102 | size_t), |
markrad | 0:cdf462088d13 | 6103 | void *p_psk ) |
markrad | 0:cdf462088d13 | 6104 | { |
markrad | 0:cdf462088d13 | 6105 | conf->f_psk = f_psk; |
markrad | 0:cdf462088d13 | 6106 | conf->p_psk = p_psk; |
markrad | 0:cdf462088d13 | 6107 | } |
markrad | 0:cdf462088d13 | 6108 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
markrad | 0:cdf462088d13 | 6109 | |
markrad | 0:cdf462088d13 | 6110 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 6111 | int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ) |
markrad | 0:cdf462088d13 | 6112 | { |
markrad | 0:cdf462088d13 | 6113 | int ret; |
markrad | 0:cdf462088d13 | 6114 | |
markrad | 0:cdf462088d13 | 6115 | if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 || |
markrad | 0:cdf462088d13 | 6116 | ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6117 | { |
markrad | 0:cdf462088d13 | 6118 | mbedtls_mpi_free( &conf->dhm_P ); |
markrad | 0:cdf462088d13 | 6119 | mbedtls_mpi_free( &conf->dhm_G ); |
markrad | 0:cdf462088d13 | 6120 | return( ret ); |
markrad | 0:cdf462088d13 | 6121 | } |
markrad | 0:cdf462088d13 | 6122 | |
markrad | 0:cdf462088d13 | 6123 | return( 0 ); |
markrad | 0:cdf462088d13 | 6124 | } |
markrad | 0:cdf462088d13 | 6125 | |
markrad | 0:cdf462088d13 | 6126 | int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ) |
markrad | 0:cdf462088d13 | 6127 | { |
markrad | 0:cdf462088d13 | 6128 | int ret; |
markrad | 0:cdf462088d13 | 6129 | |
markrad | 0:cdf462088d13 | 6130 | if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 || |
markrad | 0:cdf462088d13 | 6131 | ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6132 | { |
markrad | 0:cdf462088d13 | 6133 | mbedtls_mpi_free( &conf->dhm_P ); |
markrad | 0:cdf462088d13 | 6134 | mbedtls_mpi_free( &conf->dhm_G ); |
markrad | 0:cdf462088d13 | 6135 | return( ret ); |
markrad | 0:cdf462088d13 | 6136 | } |
markrad | 0:cdf462088d13 | 6137 | |
markrad | 0:cdf462088d13 | 6138 | return( 0 ); |
markrad | 0:cdf462088d13 | 6139 | } |
markrad | 0:cdf462088d13 | 6140 | #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 6141 | |
markrad | 0:cdf462088d13 | 6142 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6143 | /* |
markrad | 0:cdf462088d13 | 6144 | * Set the minimum length for Diffie-Hellman parameters |
markrad | 0:cdf462088d13 | 6145 | */ |
markrad | 0:cdf462088d13 | 6146 | void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 6147 | unsigned int bitlen ) |
markrad | 0:cdf462088d13 | 6148 | { |
markrad | 0:cdf462088d13 | 6149 | conf->dhm_min_bitlen = bitlen; |
markrad | 0:cdf462088d13 | 6150 | } |
markrad | 0:cdf462088d13 | 6151 | #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 6152 | |
markrad | 0:cdf462088d13 | 6153 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
markrad | 0:cdf462088d13 | 6154 | /* |
markrad | 0:cdf462088d13 | 6155 | * Set allowed/preferred hashes for handshake signatures |
markrad | 0:cdf462088d13 | 6156 | */ |
markrad | 0:cdf462088d13 | 6157 | void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 6158 | const int *hashes ) |
markrad | 0:cdf462088d13 | 6159 | { |
markrad | 0:cdf462088d13 | 6160 | conf->sig_hashes = hashes; |
markrad | 0:cdf462088d13 | 6161 | } |
markrad | 0:cdf462088d13 | 6162 | #endif |
markrad | 0:cdf462088d13 | 6163 | |
markrad | 0:cdf462088d13 | 6164 | #if defined(MBEDTLS_ECP_C) |
markrad | 0:cdf462088d13 | 6165 | /* |
markrad | 0:cdf462088d13 | 6166 | * Set the allowed elliptic curves |
markrad | 0:cdf462088d13 | 6167 | */ |
markrad | 0:cdf462088d13 | 6168 | void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 6169 | const mbedtls_ecp_group_id *curve_list ) |
markrad | 0:cdf462088d13 | 6170 | { |
markrad | 0:cdf462088d13 | 6171 | conf->curve_list = curve_list; |
markrad | 0:cdf462088d13 | 6172 | } |
markrad | 0:cdf462088d13 | 6173 | #endif |
markrad | 0:cdf462088d13 | 6174 | |
markrad | 0:cdf462088d13 | 6175 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 6176 | int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) |
markrad | 0:cdf462088d13 | 6177 | { |
markrad | 0:cdf462088d13 | 6178 | size_t hostname_len; |
markrad | 0:cdf462088d13 | 6179 | |
markrad | 0:cdf462088d13 | 6180 | if( hostname == NULL ) |
markrad | 0:cdf462088d13 | 6181 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6182 | |
markrad | 0:cdf462088d13 | 6183 | hostname_len = strlen( hostname ); |
markrad | 0:cdf462088d13 | 6184 | |
markrad | 0:cdf462088d13 | 6185 | if( hostname_len + 1 == 0 ) |
markrad | 0:cdf462088d13 | 6186 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6187 | |
markrad | 0:cdf462088d13 | 6188 | if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) |
markrad | 0:cdf462088d13 | 6189 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6190 | |
markrad | 0:cdf462088d13 | 6191 | ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); |
markrad | 0:cdf462088d13 | 6192 | |
markrad | 0:cdf462088d13 | 6193 | if( ssl->hostname == NULL ) |
markrad | 0:cdf462088d13 | 6194 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
markrad | 0:cdf462088d13 | 6195 | |
markrad | 0:cdf462088d13 | 6196 | memcpy( ssl->hostname, hostname, hostname_len ); |
markrad | 0:cdf462088d13 | 6197 | |
markrad | 0:cdf462088d13 | 6198 | ssl->hostname[hostname_len] = '\0'; |
markrad | 0:cdf462088d13 | 6199 | |
markrad | 0:cdf462088d13 | 6200 | return( 0 ); |
markrad | 0:cdf462088d13 | 6201 | } |
markrad | 0:cdf462088d13 | 6202 | #endif |
markrad | 0:cdf462088d13 | 6203 | |
markrad | 0:cdf462088d13 | 6204 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
markrad | 0:cdf462088d13 | 6205 | void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 6206 | int (*f_sni)(void *, mbedtls_ssl_context *, |
markrad | 0:cdf462088d13 | 6207 | const unsigned char *, size_t), |
markrad | 0:cdf462088d13 | 6208 | void *p_sni ) |
markrad | 0:cdf462088d13 | 6209 | { |
markrad | 0:cdf462088d13 | 6210 | conf->f_sni = f_sni; |
markrad | 0:cdf462088d13 | 6211 | conf->p_sni = p_sni; |
markrad | 0:cdf462088d13 | 6212 | } |
markrad | 0:cdf462088d13 | 6213 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
markrad | 0:cdf462088d13 | 6214 | |
markrad | 0:cdf462088d13 | 6215 | #if defined(MBEDTLS_SSL_ALPN) |
markrad | 0:cdf462088d13 | 6216 | int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ) |
markrad | 0:cdf462088d13 | 6217 | { |
markrad | 0:cdf462088d13 | 6218 | size_t cur_len, tot_len; |
markrad | 0:cdf462088d13 | 6219 | const char **p; |
markrad | 0:cdf462088d13 | 6220 | |
markrad | 0:cdf462088d13 | 6221 | /* |
markrad | 0:cdf462088d13 | 6222 | * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings |
markrad | 0:cdf462088d13 | 6223 | * MUST NOT be truncated." |
markrad | 0:cdf462088d13 | 6224 | * We check lengths now rather than later. |
markrad | 0:cdf462088d13 | 6225 | */ |
markrad | 0:cdf462088d13 | 6226 | tot_len = 0; |
markrad | 0:cdf462088d13 | 6227 | for( p = protos; *p != NULL; p++ ) |
markrad | 0:cdf462088d13 | 6228 | { |
markrad | 0:cdf462088d13 | 6229 | cur_len = strlen( *p ); |
markrad | 0:cdf462088d13 | 6230 | tot_len += cur_len; |
markrad | 0:cdf462088d13 | 6231 | |
markrad | 0:cdf462088d13 | 6232 | if( cur_len == 0 || cur_len > 255 || tot_len > 65535 ) |
markrad | 0:cdf462088d13 | 6233 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6234 | } |
markrad | 0:cdf462088d13 | 6235 | |
markrad | 0:cdf462088d13 | 6236 | conf->alpn_list = protos; |
markrad | 0:cdf462088d13 | 6237 | |
markrad | 0:cdf462088d13 | 6238 | return( 0 ); |
markrad | 0:cdf462088d13 | 6239 | } |
markrad | 0:cdf462088d13 | 6240 | |
markrad | 0:cdf462088d13 | 6241 | const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6242 | { |
markrad | 0:cdf462088d13 | 6243 | return( ssl->alpn_chosen ); |
markrad | 0:cdf462088d13 | 6244 | } |
markrad | 0:cdf462088d13 | 6245 | #endif /* MBEDTLS_SSL_ALPN */ |
markrad | 0:cdf462088d13 | 6246 | |
markrad | 0:cdf462088d13 | 6247 | void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) |
markrad | 0:cdf462088d13 | 6248 | { |
markrad | 0:cdf462088d13 | 6249 | conf->max_major_ver = major; |
markrad | 0:cdf462088d13 | 6250 | conf->max_minor_ver = minor; |
markrad | 0:cdf462088d13 | 6251 | } |
markrad | 0:cdf462088d13 | 6252 | |
markrad | 0:cdf462088d13 | 6253 | void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ) |
markrad | 0:cdf462088d13 | 6254 | { |
markrad | 0:cdf462088d13 | 6255 | conf->min_major_ver = major; |
markrad | 0:cdf462088d13 | 6256 | conf->min_minor_ver = minor; |
markrad | 0:cdf462088d13 | 6257 | } |
markrad | 0:cdf462088d13 | 6258 | |
markrad | 0:cdf462088d13 | 6259 | #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6260 | void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ) |
markrad | 0:cdf462088d13 | 6261 | { |
markrad | 0:cdf462088d13 | 6262 | conf->fallback = fallback; |
markrad | 0:cdf462088d13 | 6263 | } |
markrad | 0:cdf462088d13 | 6264 | #endif |
markrad | 0:cdf462088d13 | 6265 | |
Jasper Wallace |
2:bbdeda018a3c | 6266 | #if defined(MBEDTLS_SSL_SRV_C) |
Jasper Wallace |
2:bbdeda018a3c | 6267 | void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, |
Jasper Wallace |
2:bbdeda018a3c | 6268 | char cert_req_ca_list ) |
Jasper Wallace |
2:bbdeda018a3c | 6269 | { |
Jasper Wallace |
2:bbdeda018a3c | 6270 | conf->cert_req_ca_list = cert_req_ca_list; |
Jasper Wallace |
2:bbdeda018a3c | 6271 | } |
Jasper Wallace |
2:bbdeda018a3c | 6272 | #endif |
Jasper Wallace |
2:bbdeda018a3c | 6273 | |
markrad | 0:cdf462088d13 | 6274 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 6275 | void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ) |
markrad | 0:cdf462088d13 | 6276 | { |
markrad | 0:cdf462088d13 | 6277 | conf->encrypt_then_mac = etm; |
markrad | 0:cdf462088d13 | 6278 | } |
markrad | 0:cdf462088d13 | 6279 | #endif |
markrad | 0:cdf462088d13 | 6280 | |
markrad | 0:cdf462088d13 | 6281 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
markrad | 0:cdf462088d13 | 6282 | void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ) |
markrad | 0:cdf462088d13 | 6283 | { |
markrad | 0:cdf462088d13 | 6284 | conf->extended_ms = ems; |
markrad | 0:cdf462088d13 | 6285 | } |
markrad | 0:cdf462088d13 | 6286 | #endif |
markrad | 0:cdf462088d13 | 6287 | |
markrad | 0:cdf462088d13 | 6288 | #if defined(MBEDTLS_ARC4_C) |
markrad | 0:cdf462088d13 | 6289 | void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ) |
markrad | 0:cdf462088d13 | 6290 | { |
markrad | 0:cdf462088d13 | 6291 | conf->arc4_disabled = arc4; |
markrad | 0:cdf462088d13 | 6292 | } |
markrad | 0:cdf462088d13 | 6293 | #endif |
markrad | 0:cdf462088d13 | 6294 | |
markrad | 0:cdf462088d13 | 6295 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
markrad | 0:cdf462088d13 | 6296 | int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code ) |
markrad | 0:cdf462088d13 | 6297 | { |
markrad | 0:cdf462088d13 | 6298 | if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID || |
markrad | 0:cdf462088d13 | 6299 | mfl_code_to_length[mfl_code] > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
markrad | 0:cdf462088d13 | 6300 | { |
markrad | 0:cdf462088d13 | 6301 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6302 | } |
markrad | 0:cdf462088d13 | 6303 | |
markrad | 0:cdf462088d13 | 6304 | conf->mfl_code = mfl_code; |
markrad | 0:cdf462088d13 | 6305 | |
markrad | 0:cdf462088d13 | 6306 | return( 0 ); |
markrad | 0:cdf462088d13 | 6307 | } |
markrad | 0:cdf462088d13 | 6308 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
markrad | 0:cdf462088d13 | 6309 | |
markrad | 0:cdf462088d13 | 6310 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
markrad | 0:cdf462088d13 | 6311 | void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ) |
markrad | 0:cdf462088d13 | 6312 | { |
markrad | 0:cdf462088d13 | 6313 | conf->trunc_hmac = truncate; |
markrad | 0:cdf462088d13 | 6314 | } |
markrad | 0:cdf462088d13 | 6315 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
markrad | 0:cdf462088d13 | 6316 | |
markrad | 0:cdf462088d13 | 6317 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
markrad | 0:cdf462088d13 | 6318 | void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split ) |
markrad | 0:cdf462088d13 | 6319 | { |
markrad | 0:cdf462088d13 | 6320 | conf->cbc_record_splitting = split; |
markrad | 0:cdf462088d13 | 6321 | } |
markrad | 0:cdf462088d13 | 6322 | #endif |
markrad | 0:cdf462088d13 | 6323 | |
markrad | 0:cdf462088d13 | 6324 | void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ) |
markrad | 0:cdf462088d13 | 6325 | { |
markrad | 0:cdf462088d13 | 6326 | conf->allow_legacy_renegotiation = allow_legacy; |
markrad | 0:cdf462088d13 | 6327 | } |
markrad | 0:cdf462088d13 | 6328 | |
markrad | 0:cdf462088d13 | 6329 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 6330 | void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ) |
markrad | 0:cdf462088d13 | 6331 | { |
markrad | 0:cdf462088d13 | 6332 | conf->disable_renegotiation = renegotiation; |
markrad | 0:cdf462088d13 | 6333 | } |
markrad | 0:cdf462088d13 | 6334 | |
markrad | 0:cdf462088d13 | 6335 | void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ) |
markrad | 0:cdf462088d13 | 6336 | { |
markrad | 0:cdf462088d13 | 6337 | conf->renego_max_records = max_records; |
markrad | 0:cdf462088d13 | 6338 | } |
markrad | 0:cdf462088d13 | 6339 | |
markrad | 0:cdf462088d13 | 6340 | void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 6341 | const unsigned char period[8] ) |
markrad | 0:cdf462088d13 | 6342 | { |
markrad | 0:cdf462088d13 | 6343 | memcpy( conf->renego_period, period, 8 ); |
markrad | 0:cdf462088d13 | 6344 | } |
markrad | 0:cdf462088d13 | 6345 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
markrad | 0:cdf462088d13 | 6346 | |
markrad | 0:cdf462088d13 | 6347 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
markrad | 0:cdf462088d13 | 6348 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6349 | void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ) |
markrad | 0:cdf462088d13 | 6350 | { |
markrad | 0:cdf462088d13 | 6351 | conf->session_tickets = use_tickets; |
markrad | 0:cdf462088d13 | 6352 | } |
markrad | 0:cdf462088d13 | 6353 | #endif |
markrad | 0:cdf462088d13 | 6354 | |
markrad | 0:cdf462088d13 | 6355 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 6356 | void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 6357 | mbedtls_ssl_ticket_write_t *f_ticket_write, |
markrad | 0:cdf462088d13 | 6358 | mbedtls_ssl_ticket_parse_t *f_ticket_parse, |
markrad | 0:cdf462088d13 | 6359 | void *p_ticket ) |
markrad | 0:cdf462088d13 | 6360 | { |
markrad | 0:cdf462088d13 | 6361 | conf->f_ticket_write = f_ticket_write; |
markrad | 0:cdf462088d13 | 6362 | conf->f_ticket_parse = f_ticket_parse; |
markrad | 0:cdf462088d13 | 6363 | conf->p_ticket = p_ticket; |
markrad | 0:cdf462088d13 | 6364 | } |
markrad | 0:cdf462088d13 | 6365 | #endif |
markrad | 0:cdf462088d13 | 6366 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
markrad | 0:cdf462088d13 | 6367 | |
markrad | 0:cdf462088d13 | 6368 | #if defined(MBEDTLS_SSL_EXPORT_KEYS) |
markrad | 0:cdf462088d13 | 6369 | void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 6370 | mbedtls_ssl_export_keys_t *f_export_keys, |
markrad | 0:cdf462088d13 | 6371 | void *p_export_keys ) |
markrad | 0:cdf462088d13 | 6372 | { |
markrad | 0:cdf462088d13 | 6373 | conf->f_export_keys = f_export_keys; |
markrad | 0:cdf462088d13 | 6374 | conf->p_export_keys = p_export_keys; |
markrad | 0:cdf462088d13 | 6375 | } |
markrad | 0:cdf462088d13 | 6376 | #endif |
markrad | 0:cdf462088d13 | 6377 | |
markrad | 0:cdf462088d13 | 6378 | /* |
markrad | 0:cdf462088d13 | 6379 | * SSL get accessors |
markrad | 0:cdf462088d13 | 6380 | */ |
markrad | 0:cdf462088d13 | 6381 | size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6382 | { |
markrad | 0:cdf462088d13 | 6383 | return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); |
markrad | 0:cdf462088d13 | 6384 | } |
markrad | 0:cdf462088d13 | 6385 | |
markrad | 0:cdf462088d13 | 6386 | uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6387 | { |
markrad | 0:cdf462088d13 | 6388 | if( ssl->session != NULL ) |
markrad | 0:cdf462088d13 | 6389 | return( ssl->session->verify_result ); |
markrad | 0:cdf462088d13 | 6390 | |
markrad | 0:cdf462088d13 | 6391 | if( ssl->session_negotiate != NULL ) |
markrad | 0:cdf462088d13 | 6392 | return( ssl->session_negotiate->verify_result ); |
markrad | 0:cdf462088d13 | 6393 | |
markrad | 0:cdf462088d13 | 6394 | return( 0xFFFFFFFF ); |
markrad | 0:cdf462088d13 | 6395 | } |
markrad | 0:cdf462088d13 | 6396 | |
markrad | 0:cdf462088d13 | 6397 | const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6398 | { |
markrad | 0:cdf462088d13 | 6399 | if( ssl == NULL || ssl->session == NULL ) |
markrad | 0:cdf462088d13 | 6400 | return( NULL ); |
markrad | 0:cdf462088d13 | 6401 | |
markrad | 0:cdf462088d13 | 6402 | return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite ); |
markrad | 0:cdf462088d13 | 6403 | } |
markrad | 0:cdf462088d13 | 6404 | |
markrad | 0:cdf462088d13 | 6405 | const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6406 | { |
markrad | 0:cdf462088d13 | 6407 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6408 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 6409 | { |
markrad | 0:cdf462088d13 | 6410 | switch( ssl->minor_ver ) |
markrad | 0:cdf462088d13 | 6411 | { |
markrad | 0:cdf462088d13 | 6412 | case MBEDTLS_SSL_MINOR_VERSION_2: |
markrad | 0:cdf462088d13 | 6413 | return( "DTLSv1.0" ); |
markrad | 0:cdf462088d13 | 6414 | |
markrad | 0:cdf462088d13 | 6415 | case MBEDTLS_SSL_MINOR_VERSION_3: |
markrad | 0:cdf462088d13 | 6416 | return( "DTLSv1.2" ); |
markrad | 0:cdf462088d13 | 6417 | |
markrad | 0:cdf462088d13 | 6418 | default: |
markrad | 0:cdf462088d13 | 6419 | return( "unknown (DTLS)" ); |
markrad | 0:cdf462088d13 | 6420 | } |
markrad | 0:cdf462088d13 | 6421 | } |
markrad | 0:cdf462088d13 | 6422 | #endif |
markrad | 0:cdf462088d13 | 6423 | |
markrad | 0:cdf462088d13 | 6424 | switch( ssl->minor_ver ) |
markrad | 0:cdf462088d13 | 6425 | { |
markrad | 0:cdf462088d13 | 6426 | case MBEDTLS_SSL_MINOR_VERSION_0: |
markrad | 0:cdf462088d13 | 6427 | return( "SSLv3.0" ); |
markrad | 0:cdf462088d13 | 6428 | |
markrad | 0:cdf462088d13 | 6429 | case MBEDTLS_SSL_MINOR_VERSION_1: |
markrad | 0:cdf462088d13 | 6430 | return( "TLSv1.0" ); |
markrad | 0:cdf462088d13 | 6431 | |
markrad | 0:cdf462088d13 | 6432 | case MBEDTLS_SSL_MINOR_VERSION_2: |
markrad | 0:cdf462088d13 | 6433 | return( "TLSv1.1" ); |
markrad | 0:cdf462088d13 | 6434 | |
markrad | 0:cdf462088d13 | 6435 | case MBEDTLS_SSL_MINOR_VERSION_3: |
markrad | 0:cdf462088d13 | 6436 | return( "TLSv1.2" ); |
markrad | 0:cdf462088d13 | 6437 | |
markrad | 0:cdf462088d13 | 6438 | default: |
markrad | 0:cdf462088d13 | 6439 | return( "unknown" ); |
markrad | 0:cdf462088d13 | 6440 | } |
markrad | 0:cdf462088d13 | 6441 | } |
markrad | 0:cdf462088d13 | 6442 | |
markrad | 0:cdf462088d13 | 6443 | int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6444 | { |
markrad | 0:cdf462088d13 | 6445 | size_t transform_expansion; |
markrad | 0:cdf462088d13 | 6446 | const mbedtls_ssl_transform *transform = ssl->transform_out; |
markrad | 0:cdf462088d13 | 6447 | |
markrad | 0:cdf462088d13 | 6448 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 6449 | if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL ) |
markrad | 0:cdf462088d13 | 6450 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
markrad | 0:cdf462088d13 | 6451 | #endif |
markrad | 0:cdf462088d13 | 6452 | |
markrad | 0:cdf462088d13 | 6453 | if( transform == NULL ) |
markrad | 0:cdf462088d13 | 6454 | return( (int) mbedtls_ssl_hdr_len( ssl ) ); |
markrad | 0:cdf462088d13 | 6455 | |
markrad | 0:cdf462088d13 | 6456 | switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) ) |
markrad | 0:cdf462088d13 | 6457 | { |
markrad | 0:cdf462088d13 | 6458 | case MBEDTLS_MODE_GCM: |
markrad | 0:cdf462088d13 | 6459 | case MBEDTLS_MODE_CCM: |
markrad | 0:cdf462088d13 | 6460 | case MBEDTLS_MODE_STREAM: |
markrad | 0:cdf462088d13 | 6461 | transform_expansion = transform->minlen; |
markrad | 0:cdf462088d13 | 6462 | break; |
markrad | 0:cdf462088d13 | 6463 | |
markrad | 0:cdf462088d13 | 6464 | case MBEDTLS_MODE_CBC: |
markrad | 0:cdf462088d13 | 6465 | transform_expansion = transform->maclen |
markrad | 0:cdf462088d13 | 6466 | + mbedtls_cipher_get_block_size( &transform->cipher_ctx_enc ); |
markrad | 0:cdf462088d13 | 6467 | break; |
markrad | 0:cdf462088d13 | 6468 | |
markrad | 0:cdf462088d13 | 6469 | default: |
markrad | 0:cdf462088d13 | 6470 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 6471 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 6472 | } |
markrad | 0:cdf462088d13 | 6473 | |
markrad | 0:cdf462088d13 | 6474 | return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) ); |
markrad | 0:cdf462088d13 | 6475 | } |
markrad | 0:cdf462088d13 | 6476 | |
markrad | 0:cdf462088d13 | 6477 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
markrad | 0:cdf462088d13 | 6478 | size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6479 | { |
markrad | 0:cdf462088d13 | 6480 | size_t max_len; |
markrad | 0:cdf462088d13 | 6481 | |
markrad | 0:cdf462088d13 | 6482 | /* |
markrad | 0:cdf462088d13 | 6483 | * Assume mfl_code is correct since it was checked when set |
markrad | 0:cdf462088d13 | 6484 | */ |
markrad | 0:cdf462088d13 | 6485 | max_len = mfl_code_to_length[ssl->conf->mfl_code]; |
markrad | 0:cdf462088d13 | 6486 | |
markrad | 0:cdf462088d13 | 6487 | /* |
markrad | 0:cdf462088d13 | 6488 | * Check if a smaller max length was negotiated |
markrad | 0:cdf462088d13 | 6489 | */ |
markrad | 0:cdf462088d13 | 6490 | if( ssl->session_out != NULL && |
markrad | 0:cdf462088d13 | 6491 | mfl_code_to_length[ssl->session_out->mfl_code] < max_len ) |
markrad | 0:cdf462088d13 | 6492 | { |
markrad | 0:cdf462088d13 | 6493 | max_len = mfl_code_to_length[ssl->session_out->mfl_code]; |
markrad | 0:cdf462088d13 | 6494 | } |
markrad | 0:cdf462088d13 | 6495 | |
markrad | 0:cdf462088d13 | 6496 | return max_len; |
markrad | 0:cdf462088d13 | 6497 | } |
markrad | 0:cdf462088d13 | 6498 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
markrad | 0:cdf462088d13 | 6499 | |
markrad | 0:cdf462088d13 | 6500 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 6501 | const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6502 | { |
markrad | 0:cdf462088d13 | 6503 | if( ssl == NULL || ssl->session == NULL ) |
markrad | 0:cdf462088d13 | 6504 | return( NULL ); |
markrad | 0:cdf462088d13 | 6505 | |
markrad | 0:cdf462088d13 | 6506 | return( ssl->session->peer_cert ); |
markrad | 0:cdf462088d13 | 6507 | } |
markrad | 0:cdf462088d13 | 6508 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
markrad | 0:cdf462088d13 | 6509 | |
markrad | 0:cdf462088d13 | 6510 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6511 | int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *dst ) |
markrad | 0:cdf462088d13 | 6512 | { |
markrad | 0:cdf462088d13 | 6513 | if( ssl == NULL || |
markrad | 0:cdf462088d13 | 6514 | dst == NULL || |
markrad | 0:cdf462088d13 | 6515 | ssl->session == NULL || |
markrad | 0:cdf462088d13 | 6516 | ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 6517 | { |
markrad | 0:cdf462088d13 | 6518 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6519 | } |
markrad | 0:cdf462088d13 | 6520 | |
markrad | 0:cdf462088d13 | 6521 | return( ssl_session_copy( dst, ssl->session ) ); |
markrad | 0:cdf462088d13 | 6522 | } |
markrad | 0:cdf462088d13 | 6523 | #endif /* MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 6524 | |
markrad | 0:cdf462088d13 | 6525 | /* |
markrad | 0:cdf462088d13 | 6526 | * Perform a single step of the SSL handshake |
markrad | 0:cdf462088d13 | 6527 | */ |
markrad | 0:cdf462088d13 | 6528 | int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6529 | { |
markrad | 0:cdf462088d13 | 6530 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
markrad | 0:cdf462088d13 | 6531 | |
markrad | 0:cdf462088d13 | 6532 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 6533 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6534 | |
markrad | 0:cdf462088d13 | 6535 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6536 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 6537 | ret = mbedtls_ssl_handshake_client_step( ssl ); |
markrad | 0:cdf462088d13 | 6538 | #endif |
markrad | 0:cdf462088d13 | 6539 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 6540 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 6541 | ret = mbedtls_ssl_handshake_server_step( ssl ); |
markrad | 0:cdf462088d13 | 6542 | #endif |
markrad | 0:cdf462088d13 | 6543 | |
markrad | 0:cdf462088d13 | 6544 | return( ret ); |
markrad | 0:cdf462088d13 | 6545 | } |
markrad | 0:cdf462088d13 | 6546 | |
markrad | 0:cdf462088d13 | 6547 | /* |
markrad | 0:cdf462088d13 | 6548 | * Perform the SSL handshake |
markrad | 0:cdf462088d13 | 6549 | */ |
markrad | 0:cdf462088d13 | 6550 | int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6551 | { |
markrad | 0:cdf462088d13 | 6552 | int ret = 0; |
markrad | 0:cdf462088d13 | 6553 | |
markrad | 0:cdf462088d13 | 6554 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 6555 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6556 | |
markrad | 0:cdf462088d13 | 6557 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); |
markrad | 0:cdf462088d13 | 6558 | |
markrad | 0:cdf462088d13 | 6559 | while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 6560 | { |
markrad | 0:cdf462088d13 | 6561 | ret = mbedtls_ssl_handshake_step( ssl ); |
markrad | 0:cdf462088d13 | 6562 | |
markrad | 0:cdf462088d13 | 6563 | if( ret != 0 ) |
markrad | 0:cdf462088d13 | 6564 | break; |
markrad | 0:cdf462088d13 | 6565 | } |
markrad | 0:cdf462088d13 | 6566 | |
markrad | 0:cdf462088d13 | 6567 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) ); |
markrad | 0:cdf462088d13 | 6568 | |
markrad | 0:cdf462088d13 | 6569 | return( ret ); |
markrad | 0:cdf462088d13 | 6570 | } |
markrad | 0:cdf462088d13 | 6571 | |
markrad | 0:cdf462088d13 | 6572 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 6573 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 6574 | /* |
markrad | 0:cdf462088d13 | 6575 | * Write HelloRequest to request renegotiation on server |
markrad | 0:cdf462088d13 | 6576 | */ |
markrad | 0:cdf462088d13 | 6577 | static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6578 | { |
markrad | 0:cdf462088d13 | 6579 | int ret; |
markrad | 0:cdf462088d13 | 6580 | |
markrad | 0:cdf462088d13 | 6581 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) ); |
markrad | 0:cdf462088d13 | 6582 | |
markrad | 0:cdf462088d13 | 6583 | ssl->out_msglen = 4; |
markrad | 0:cdf462088d13 | 6584 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
markrad | 0:cdf462088d13 | 6585 | ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; |
markrad | 0:cdf462088d13 | 6586 | |
markrad | 0:cdf462088d13 | 6587 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6588 | { |
markrad | 0:cdf462088d13 | 6589 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 6590 | return( ret ); |
markrad | 0:cdf462088d13 | 6591 | } |
markrad | 0:cdf462088d13 | 6592 | |
markrad | 0:cdf462088d13 | 6593 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) ); |
markrad | 0:cdf462088d13 | 6594 | |
markrad | 0:cdf462088d13 | 6595 | return( 0 ); |
markrad | 0:cdf462088d13 | 6596 | } |
markrad | 0:cdf462088d13 | 6597 | #endif /* MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 6598 | |
markrad | 0:cdf462088d13 | 6599 | /* |
markrad | 0:cdf462088d13 | 6600 | * Actually renegotiate current connection, triggered by either: |
markrad | 0:cdf462088d13 | 6601 | * - any side: calling mbedtls_ssl_renegotiate(), |
markrad | 0:cdf462088d13 | 6602 | * - client: receiving a HelloRequest during mbedtls_ssl_read(), |
markrad | 0:cdf462088d13 | 6603 | * - server: receiving any handshake message on server during mbedtls_ssl_read() after |
markrad | 0:cdf462088d13 | 6604 | * the initial handshake is completed. |
markrad | 0:cdf462088d13 | 6605 | * If the handshake doesn't complete due to waiting for I/O, it will continue |
markrad | 0:cdf462088d13 | 6606 | * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively. |
markrad | 0:cdf462088d13 | 6607 | */ |
markrad | 0:cdf462088d13 | 6608 | static int ssl_start_renegotiation( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6609 | { |
markrad | 0:cdf462088d13 | 6610 | int ret; |
markrad | 0:cdf462088d13 | 6611 | |
markrad | 0:cdf462088d13 | 6612 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) ); |
markrad | 0:cdf462088d13 | 6613 | |
markrad | 0:cdf462088d13 | 6614 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6615 | return( ret ); |
markrad | 0:cdf462088d13 | 6616 | |
markrad | 0:cdf462088d13 | 6617 | /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and |
markrad | 0:cdf462088d13 | 6618 | * the ServerHello will have message_seq = 1" */ |
markrad | 0:cdf462088d13 | 6619 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6620 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 6621 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
markrad | 0:cdf462088d13 | 6622 | { |
markrad | 0:cdf462088d13 | 6623 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 6624 | ssl->handshake->out_msg_seq = 1; |
markrad | 0:cdf462088d13 | 6625 | else |
markrad | 0:cdf462088d13 | 6626 | ssl->handshake->in_msg_seq = 1; |
markrad | 0:cdf462088d13 | 6627 | } |
markrad | 0:cdf462088d13 | 6628 | #endif |
markrad | 0:cdf462088d13 | 6629 | |
markrad | 0:cdf462088d13 | 6630 | ssl->state = MBEDTLS_SSL_HELLO_REQUEST; |
markrad | 0:cdf462088d13 | 6631 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; |
markrad | 0:cdf462088d13 | 6632 | |
markrad | 0:cdf462088d13 | 6633 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6634 | { |
markrad | 0:cdf462088d13 | 6635 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
markrad | 0:cdf462088d13 | 6636 | return( ret ); |
markrad | 0:cdf462088d13 | 6637 | } |
markrad | 0:cdf462088d13 | 6638 | |
markrad | 0:cdf462088d13 | 6639 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) ); |
markrad | 0:cdf462088d13 | 6640 | |
markrad | 0:cdf462088d13 | 6641 | return( 0 ); |
markrad | 0:cdf462088d13 | 6642 | } |
markrad | 0:cdf462088d13 | 6643 | |
markrad | 0:cdf462088d13 | 6644 | /* |
markrad | 0:cdf462088d13 | 6645 | * Renegotiate current connection on client, |
markrad | 0:cdf462088d13 | 6646 | * or request renegotiation on server |
markrad | 0:cdf462088d13 | 6647 | */ |
markrad | 0:cdf462088d13 | 6648 | int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6649 | { |
markrad | 0:cdf462088d13 | 6650 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
markrad | 0:cdf462088d13 | 6651 | |
markrad | 0:cdf462088d13 | 6652 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 6653 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6654 | |
markrad | 0:cdf462088d13 | 6655 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 6656 | /* On server, just send the request */ |
markrad | 0:cdf462088d13 | 6657 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 6658 | { |
markrad | 0:cdf462088d13 | 6659 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 6660 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6661 | |
markrad | 0:cdf462088d13 | 6662 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; |
markrad | 0:cdf462088d13 | 6663 | |
markrad | 0:cdf462088d13 | 6664 | /* Did we already try/start sending HelloRequest? */ |
markrad | 0:cdf462088d13 | 6665 | if( ssl->out_left != 0 ) |
markrad | 0:cdf462088d13 | 6666 | return( mbedtls_ssl_flush_output( ssl ) ); |
markrad | 0:cdf462088d13 | 6667 | |
markrad | 0:cdf462088d13 | 6668 | return( ssl_write_hello_request( ssl ) ); |
markrad | 0:cdf462088d13 | 6669 | } |
markrad | 0:cdf462088d13 | 6670 | #endif /* MBEDTLS_SSL_SRV_C */ |
markrad | 0:cdf462088d13 | 6671 | |
markrad | 0:cdf462088d13 | 6672 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6673 | /* |
markrad | 0:cdf462088d13 | 6674 | * On client, either start the renegotiation process or, |
markrad | 0:cdf462088d13 | 6675 | * if already in progress, continue the handshake |
markrad | 0:cdf462088d13 | 6676 | */ |
markrad | 0:cdf462088d13 | 6677 | if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
markrad | 0:cdf462088d13 | 6678 | { |
markrad | 0:cdf462088d13 | 6679 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 6680 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6681 | |
markrad | 0:cdf462088d13 | 6682 | if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6683 | { |
markrad | 0:cdf462088d13 | 6684 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); |
markrad | 0:cdf462088d13 | 6685 | return( ret ); |
markrad | 0:cdf462088d13 | 6686 | } |
markrad | 0:cdf462088d13 | 6687 | } |
markrad | 0:cdf462088d13 | 6688 | else |
markrad | 0:cdf462088d13 | 6689 | { |
markrad | 0:cdf462088d13 | 6690 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6691 | { |
markrad | 0:cdf462088d13 | 6692 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
markrad | 0:cdf462088d13 | 6693 | return( ret ); |
markrad | 0:cdf462088d13 | 6694 | } |
markrad | 0:cdf462088d13 | 6695 | } |
markrad | 0:cdf462088d13 | 6696 | #endif /* MBEDTLS_SSL_CLI_C */ |
markrad | 0:cdf462088d13 | 6697 | |
markrad | 0:cdf462088d13 | 6698 | return( ret ); |
markrad | 0:cdf462088d13 | 6699 | } |
markrad | 0:cdf462088d13 | 6700 | |
markrad | 0:cdf462088d13 | 6701 | /* |
markrad | 0:cdf462088d13 | 6702 | * Check record counters and renegotiate if they're above the limit. |
markrad | 0:cdf462088d13 | 6703 | */ |
markrad | 0:cdf462088d13 | 6704 | static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 6705 | { |
Jasper Wallace |
1:9ebc941037d5 | 6706 | size_t ep_len = ssl_ep_len( ssl ); |
Jasper Wallace |
1:9ebc941037d5 | 6707 | int in_ctr_cmp; |
Jasper Wallace |
1:9ebc941037d5 | 6708 | int out_ctr_cmp; |
Jasper Wallace |
1:9ebc941037d5 | 6709 | |
markrad | 0:cdf462088d13 | 6710 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || |
markrad | 0:cdf462088d13 | 6711 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || |
markrad | 0:cdf462088d13 | 6712 | ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) |
markrad | 0:cdf462088d13 | 6713 | { |
markrad | 0:cdf462088d13 | 6714 | return( 0 ); |
markrad | 0:cdf462088d13 | 6715 | } |
markrad | 0:cdf462088d13 | 6716 | |
Jasper Wallace |
1:9ebc941037d5 | 6717 | in_ctr_cmp = memcmp( ssl->in_ctr + ep_len, |
Jasper Wallace |
1:9ebc941037d5 | 6718 | ssl->conf->renego_period + ep_len, 8 - ep_len ); |
Jasper Wallace |
1:9ebc941037d5 | 6719 | out_ctr_cmp = memcmp( ssl->out_ctr + ep_len, |
Jasper Wallace |
1:9ebc941037d5 | 6720 | ssl->conf->renego_period + ep_len, 8 - ep_len ); |
Jasper Wallace |
1:9ebc941037d5 | 6721 | |
Jasper Wallace |
1:9ebc941037d5 | 6722 | if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 ) |
markrad | 0:cdf462088d13 | 6723 | { |
markrad | 0:cdf462088d13 | 6724 | return( 0 ); |
markrad | 0:cdf462088d13 | 6725 | } |
markrad | 0:cdf462088d13 | 6726 | |
markrad | 0:cdf462088d13 | 6727 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) ); |
markrad | 0:cdf462088d13 | 6728 | return( mbedtls_ssl_renegotiate( ssl ) ); |
markrad | 0:cdf462088d13 | 6729 | } |
markrad | 0:cdf462088d13 | 6730 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
markrad | 0:cdf462088d13 | 6731 | |
markrad | 0:cdf462088d13 | 6732 | /* |
markrad | 0:cdf462088d13 | 6733 | * Receive application data decrypted from the SSL layer |
markrad | 0:cdf462088d13 | 6734 | */ |
markrad | 0:cdf462088d13 | 6735 | int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 6736 | { |
Jasper Wallace |
2:bbdeda018a3c | 6737 | int ret; |
markrad | 0:cdf462088d13 | 6738 | size_t n; |
markrad | 0:cdf462088d13 | 6739 | |
markrad | 0:cdf462088d13 | 6740 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 6741 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 6742 | |
markrad | 0:cdf462088d13 | 6743 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) ); |
markrad | 0:cdf462088d13 | 6744 | |
markrad | 0:cdf462088d13 | 6745 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6746 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 6747 | { |
markrad | 0:cdf462088d13 | 6748 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6749 | return( ret ); |
markrad | 0:cdf462088d13 | 6750 | |
markrad | 0:cdf462088d13 | 6751 | if( ssl->handshake != NULL && |
markrad | 0:cdf462088d13 | 6752 | ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) |
markrad | 0:cdf462088d13 | 6753 | { |
markrad | 0:cdf462088d13 | 6754 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6755 | return( ret ); |
markrad | 0:cdf462088d13 | 6756 | } |
markrad | 0:cdf462088d13 | 6757 | } |
markrad | 0:cdf462088d13 | 6758 | #endif |
markrad | 0:cdf462088d13 | 6759 | |
Jasper Wallace |
2:bbdeda018a3c | 6760 | /* |
Jasper Wallace |
2:bbdeda018a3c | 6761 | * Check if renegotiation is necessary and/or handshake is |
Jasper Wallace |
2:bbdeda018a3c | 6762 | * in process. If yes, perform/continue, and fall through |
Jasper Wallace |
2:bbdeda018a3c | 6763 | * if an unexpected packet is received while the client |
Jasper Wallace |
2:bbdeda018a3c | 6764 | * is waiting for the ServerHello. |
Jasper Wallace |
2:bbdeda018a3c | 6765 | * |
Jasper Wallace |
2:bbdeda018a3c | 6766 | * (There is no equivalent to the last condition on |
Jasper Wallace |
2:bbdeda018a3c | 6767 | * the server-side as it is not treated as within |
Jasper Wallace |
2:bbdeda018a3c | 6768 | * a handshake while waiting for the ClientHello |
Jasper Wallace |
2:bbdeda018a3c | 6769 | * after a renegotiation request.) |
Jasper Wallace |
2:bbdeda018a3c | 6770 | */ |
Jasper Wallace |
2:bbdeda018a3c | 6771 | |
markrad | 0:cdf462088d13 | 6772 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Jasper Wallace |
2:bbdeda018a3c | 6773 | ret = ssl_check_ctr_renegotiate( ssl ); |
Jasper Wallace |
2:bbdeda018a3c | 6774 | if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && |
Jasper Wallace |
2:bbdeda018a3c | 6775 | ret != 0 ) |
markrad | 0:cdf462088d13 | 6776 | { |
markrad | 0:cdf462088d13 | 6777 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); |
markrad | 0:cdf462088d13 | 6778 | return( ret ); |
markrad | 0:cdf462088d13 | 6779 | } |
markrad | 0:cdf462088d13 | 6780 | #endif |
markrad | 0:cdf462088d13 | 6781 | |
markrad | 0:cdf462088d13 | 6782 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 6783 | { |
markrad | 0:cdf462088d13 | 6784 | ret = mbedtls_ssl_handshake( ssl ); |
Jasper Wallace |
2:bbdeda018a3c | 6785 | if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && |
Jasper Wallace |
2:bbdeda018a3c | 6786 | ret != 0 ) |
markrad | 0:cdf462088d13 | 6787 | { |
markrad | 0:cdf462088d13 | 6788 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
markrad | 0:cdf462088d13 | 6789 | return( ret ); |
markrad | 0:cdf462088d13 | 6790 | } |
markrad | 0:cdf462088d13 | 6791 | } |
markrad | 0:cdf462088d13 | 6792 | |
Jasper Wallace |
2:bbdeda018a3c | 6793 | /* |
Jasper Wallace |
2:bbdeda018a3c | 6794 | * TODO |
Jasper Wallace |
2:bbdeda018a3c | 6795 | * |
Jasper Wallace |
2:bbdeda018a3c | 6796 | * The logic should be streamlined here: |
Jasper Wallace |
2:bbdeda018a3c | 6797 | * |
Jasper Wallace |
2:bbdeda018a3c | 6798 | * Instead of |
Jasper Wallace |
2:bbdeda018a3c | 6799 | * |
Jasper Wallace |
2:bbdeda018a3c | 6800 | * - Manually checking whether ssl->in_offt is NULL |
Jasper Wallace |
2:bbdeda018a3c | 6801 | * - Fetching a new record if yes |
Jasper Wallace |
2:bbdeda018a3c | 6802 | * - Setting ssl->in_offt if one finds an application record |
Jasper Wallace |
2:bbdeda018a3c | 6803 | * - Resetting keep_current_message after handling the application data |
Jasper Wallace |
2:bbdeda018a3c | 6804 | * |
Jasper Wallace |
2:bbdeda018a3c | 6805 | * one should |
Jasper Wallace |
2:bbdeda018a3c | 6806 | * |
Jasper Wallace |
2:bbdeda018a3c | 6807 | * - Adapt read_record to set ssl->in_offt automatically |
Jasper Wallace |
2:bbdeda018a3c | 6808 | * when a new application data record is processed. |
Jasper Wallace |
2:bbdeda018a3c | 6809 | * - Always call mbedtls_ssl_read_record here. |
Jasper Wallace |
2:bbdeda018a3c | 6810 | * |
Jasper Wallace |
2:bbdeda018a3c | 6811 | * This way, the logic of ssl_read would be much clearer: |
Jasper Wallace |
2:bbdeda018a3c | 6812 | * |
Jasper Wallace |
2:bbdeda018a3c | 6813 | * (1) Always call record layer and see what kind of record is on |
Jasper Wallace |
2:bbdeda018a3c | 6814 | * and have it ready for consumption (in particular, in_offt |
Jasper Wallace |
2:bbdeda018a3c | 6815 | * properly set for application data records). |
Jasper Wallace |
2:bbdeda018a3c | 6816 | * (2) If it's application data (either freshly fetched |
Jasper Wallace |
2:bbdeda018a3c | 6817 | * or something already being partially processed), |
Jasper Wallace |
2:bbdeda018a3c | 6818 | * serve the read request from it. |
Jasper Wallace |
2:bbdeda018a3c | 6819 | * (3) If it's something different from application data, |
Jasper Wallace |
2:bbdeda018a3c | 6820 | * handle it accordingly, e.g. potentially start a |
Jasper Wallace |
2:bbdeda018a3c | 6821 | * renegotiation. |
Jasper Wallace |
2:bbdeda018a3c | 6822 | * |
Jasper Wallace |
2:bbdeda018a3c | 6823 | * This will also remove the need to manually reset |
Jasper Wallace |
2:bbdeda018a3c | 6824 | * ssl->keep_current_message = 0 below. |
Jasper Wallace |
2:bbdeda018a3c | 6825 | * |
Jasper Wallace |
2:bbdeda018a3c | 6826 | */ |
Jasper Wallace |
2:bbdeda018a3c | 6827 | |
markrad | 0:cdf462088d13 | 6828 | if( ssl->in_offt == NULL ) |
markrad | 0:cdf462088d13 | 6829 | { |
markrad | 0:cdf462088d13 | 6830 | /* Start timer if not already running */ |
markrad | 0:cdf462088d13 | 6831 | if( ssl->f_get_timer != NULL && |
markrad | 0:cdf462088d13 | 6832 | ssl->f_get_timer( ssl->p_timer ) == -1 ) |
markrad | 0:cdf462088d13 | 6833 | { |
markrad | 0:cdf462088d13 | 6834 | ssl_set_timer( ssl, ssl->conf->read_timeout ); |
markrad | 0:cdf462088d13 | 6835 | } |
markrad | 0:cdf462088d13 | 6836 | |
Jasper Wallace |
2:bbdeda018a3c | 6837 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
Jasper Wallace |
2:bbdeda018a3c | 6838 | { |
Jasper Wallace |
2:bbdeda018a3c | 6839 | if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) |
Jasper Wallace |
2:bbdeda018a3c | 6840 | return( 0 ); |
Jasper Wallace |
2:bbdeda018a3c | 6841 | |
Jasper Wallace |
2:bbdeda018a3c | 6842 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
Jasper Wallace |
2:bbdeda018a3c | 6843 | return( ret ); |
markrad | 0:cdf462088d13 | 6844 | } |
markrad | 0:cdf462088d13 | 6845 | |
markrad | 0:cdf462088d13 | 6846 | if( ssl->in_msglen == 0 && |
markrad | 0:cdf462088d13 | 6847 | ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
markrad | 0:cdf462088d13 | 6848 | { |
markrad | 0:cdf462088d13 | 6849 | /* |
markrad | 0:cdf462088d13 | 6850 | * OpenSSL sends empty messages to randomize the IV |
markrad | 0:cdf462088d13 | 6851 | */ |
markrad | 0:cdf462088d13 | 6852 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6853 | { |
markrad | 0:cdf462088d13 | 6854 | if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) |
markrad | 0:cdf462088d13 | 6855 | return( 0 ); |
markrad | 0:cdf462088d13 | 6856 | |
markrad | 0:cdf462088d13 | 6857 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
markrad | 0:cdf462088d13 | 6858 | return( ret ); |
markrad | 0:cdf462088d13 | 6859 | } |
markrad | 0:cdf462088d13 | 6860 | } |
markrad | 0:cdf462088d13 | 6861 | |
markrad | 0:cdf462088d13 | 6862 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 6863 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
markrad | 0:cdf462088d13 | 6864 | { |
markrad | 0:cdf462088d13 | 6865 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) ); |
markrad | 0:cdf462088d13 | 6866 | |
Jasper Wallace |
2:bbdeda018a3c | 6867 | /* |
Jasper Wallace |
2:bbdeda018a3c | 6868 | * - For client-side, expect SERVER_HELLO_REQUEST. |
Jasper Wallace |
2:bbdeda018a3c | 6869 | * - For server-side, expect CLIENT_HELLO. |
Jasper Wallace |
2:bbdeda018a3c | 6870 | * - Fail (TLS) or silently drop record (DTLS) in other cases. |
Jasper Wallace |
2:bbdeda018a3c | 6871 | */ |
Jasper Wallace |
2:bbdeda018a3c | 6872 | |
markrad | 0:cdf462088d13 | 6873 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 6874 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && |
markrad | 0:cdf462088d13 | 6875 | ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST || |
Jasper Wallace |
2:bbdeda018a3c | 6876 | ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) ) |
markrad | 0:cdf462088d13 | 6877 | { |
markrad | 0:cdf462088d13 | 6878 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) ); |
markrad | 0:cdf462088d13 | 6879 | |
markrad | 0:cdf462088d13 | 6880 | /* With DTLS, drop the packet (probably from last handshake) */ |
markrad | 0:cdf462088d13 | 6881 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6882 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 6883 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 6884 | #endif |
markrad | 0:cdf462088d13 | 6885 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 6886 | } |
Jasper Wallace |
2:bbdeda018a3c | 6887 | #endif /* MBEDTLS_SSL_CLI_C */ |
Jasper Wallace |
2:bbdeda018a3c | 6888 | |
Jasper Wallace |
2:bbdeda018a3c | 6889 | #if defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 6890 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 6891 | ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) |
markrad | 0:cdf462088d13 | 6892 | { |
markrad | 0:cdf462088d13 | 6893 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) ); |
markrad | 0:cdf462088d13 | 6894 | |
markrad | 0:cdf462088d13 | 6895 | /* With DTLS, drop the packet (probably from last handshake) */ |
markrad | 0:cdf462088d13 | 6896 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6897 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 6898 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 6899 | #endif |
markrad | 0:cdf462088d13 | 6900 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 6901 | } |
Jasper Wallace |
2:bbdeda018a3c | 6902 | #endif /* MBEDTLS_SSL_SRV_C */ |
Jasper Wallace |
2:bbdeda018a3c | 6903 | |
Jasper Wallace |
2:bbdeda018a3c | 6904 | /* Determine whether renegotiation attempt should be accepted */ |
markrad | 0:cdf462088d13 | 6905 | |
markrad | 0:cdf462088d13 | 6906 | if( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || |
markrad | 0:cdf462088d13 | 6907 | ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && |
markrad | 0:cdf462088d13 | 6908 | ssl->conf->allow_legacy_renegotiation == |
markrad | 0:cdf462088d13 | 6909 | MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) |
markrad | 0:cdf462088d13 | 6910 | { |
Jasper Wallace |
2:bbdeda018a3c | 6911 | /* |
Jasper Wallace |
2:bbdeda018a3c | 6912 | * Refuse renegotiation |
Jasper Wallace |
2:bbdeda018a3c | 6913 | */ |
Jasper Wallace |
2:bbdeda018a3c | 6914 | |
markrad | 0:cdf462088d13 | 6915 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) ); |
markrad | 0:cdf462088d13 | 6916 | |
markrad | 0:cdf462088d13 | 6917 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
markrad | 0:cdf462088d13 | 6918 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
markrad | 0:cdf462088d13 | 6919 | { |
Jasper Wallace |
2:bbdeda018a3c | 6920 | /* SSLv3 does not have a "no_renegotiation" warning, so |
Jasper Wallace |
2:bbdeda018a3c | 6921 | we send a fatal alert and abort the connection. */ |
Jasper Wallace |
2:bbdeda018a3c | 6922 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Jasper Wallace |
2:bbdeda018a3c | 6923 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
Jasper Wallace |
2:bbdeda018a3c | 6924 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 6925 | } |
markrad | 0:cdf462088d13 | 6926 | else |
markrad | 0:cdf462088d13 | 6927 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
markrad | 0:cdf462088d13 | 6928 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
markrad | 0:cdf462088d13 | 6929 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 6930 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
markrad | 0:cdf462088d13 | 6931 | { |
markrad | 0:cdf462088d13 | 6932 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
markrad | 0:cdf462088d13 | 6933 | MBEDTLS_SSL_ALERT_LEVEL_WARNING, |
markrad | 0:cdf462088d13 | 6934 | MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 ) |
markrad | 0:cdf462088d13 | 6935 | { |
markrad | 0:cdf462088d13 | 6936 | return( ret ); |
markrad | 0:cdf462088d13 | 6937 | } |
markrad | 0:cdf462088d13 | 6938 | } |
markrad | 0:cdf462088d13 | 6939 | else |
markrad | 0:cdf462088d13 | 6940 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || |
markrad | 0:cdf462088d13 | 6941 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 6942 | { |
markrad | 0:cdf462088d13 | 6943 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
markrad | 0:cdf462088d13 | 6944 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
markrad | 0:cdf462088d13 | 6945 | } |
markrad | 0:cdf462088d13 | 6946 | } |
markrad | 0:cdf462088d13 | 6947 | else |
markrad | 0:cdf462088d13 | 6948 | { |
Jasper Wallace |
2:bbdeda018a3c | 6949 | /* |
Jasper Wallace |
2:bbdeda018a3c | 6950 | * Accept renegotiation request |
Jasper Wallace |
2:bbdeda018a3c | 6951 | */ |
Jasper Wallace |
2:bbdeda018a3c | 6952 | |
markrad | 0:cdf462088d13 | 6953 | /* DTLS clients need to know renego is server-initiated */ |
markrad | 0:cdf462088d13 | 6954 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 6955 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
markrad | 0:cdf462088d13 | 6956 | ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 6957 | { |
markrad | 0:cdf462088d13 | 6958 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; |
markrad | 0:cdf462088d13 | 6959 | } |
markrad | 0:cdf462088d13 | 6960 | #endif |
markrad | 0:cdf462088d13 | 6961 | ret = ssl_start_renegotiation( ssl ); |
Jasper Wallace |
2:bbdeda018a3c | 6962 | if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && |
Jasper Wallace |
2:bbdeda018a3c | 6963 | ret != 0 ) |
markrad | 0:cdf462088d13 | 6964 | { |
markrad | 0:cdf462088d13 | 6965 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); |
markrad | 0:cdf462088d13 | 6966 | return( ret ); |
markrad | 0:cdf462088d13 | 6967 | } |
markrad | 0:cdf462088d13 | 6968 | } |
markrad | 0:cdf462088d13 | 6969 | |
Jasper Wallace |
2:bbdeda018a3c | 6970 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 6971 | } |
markrad | 0:cdf462088d13 | 6972 | else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
markrad | 0:cdf462088d13 | 6973 | { |
markrad | 0:cdf462088d13 | 6974 | if( ssl->conf->renego_max_records >= 0 ) |
markrad | 0:cdf462088d13 | 6975 | { |
markrad | 0:cdf462088d13 | 6976 | if( ++ssl->renego_records_seen > ssl->conf->renego_max_records ) |
markrad | 0:cdf462088d13 | 6977 | { |
markrad | 0:cdf462088d13 | 6978 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, " |
markrad | 0:cdf462088d13 | 6979 | "but not honored by client" ) ); |
markrad | 0:cdf462088d13 | 6980 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 6981 | } |
markrad | 0:cdf462088d13 | 6982 | } |
markrad | 0:cdf462088d13 | 6983 | } |
markrad | 0:cdf462088d13 | 6984 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
markrad | 0:cdf462088d13 | 6985 | |
markrad | 0:cdf462088d13 | 6986 | /* Fatal and closure alerts handled by mbedtls_ssl_read_record() */ |
markrad | 0:cdf462088d13 | 6987 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) |
markrad | 0:cdf462088d13 | 6988 | { |
markrad | 0:cdf462088d13 | 6989 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) ); |
markrad | 0:cdf462088d13 | 6990 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
markrad | 0:cdf462088d13 | 6991 | } |
markrad | 0:cdf462088d13 | 6992 | |
markrad | 0:cdf462088d13 | 6993 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
markrad | 0:cdf462088d13 | 6994 | { |
markrad | 0:cdf462088d13 | 6995 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) ); |
markrad | 0:cdf462088d13 | 6996 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
markrad | 0:cdf462088d13 | 6997 | } |
markrad | 0:cdf462088d13 | 6998 | |
markrad | 0:cdf462088d13 | 6999 | ssl->in_offt = ssl->in_msg; |
markrad | 0:cdf462088d13 | 7000 | |
markrad | 0:cdf462088d13 | 7001 | /* We're going to return something now, cancel timer, |
markrad | 0:cdf462088d13 | 7002 | * except if handshake (renegotiation) is in progress */ |
markrad | 0:cdf462088d13 | 7003 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 7004 | ssl_set_timer( ssl, 0 ); |
markrad | 0:cdf462088d13 | 7005 | |
markrad | 0:cdf462088d13 | 7006 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 7007 | /* If we requested renego but received AppData, resend HelloRequest. |
markrad | 0:cdf462088d13 | 7008 | * Do it now, after setting in_offt, to avoid taking this branch |
markrad | 0:cdf462088d13 | 7009 | * again if ssl_write_hello_request() returns WANT_WRITE */ |
markrad | 0:cdf462088d13 | 7010 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 7011 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
markrad | 0:cdf462088d13 | 7012 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
markrad | 0:cdf462088d13 | 7013 | { |
markrad | 0:cdf462088d13 | 7014 | if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 7015 | { |
markrad | 0:cdf462088d13 | 7016 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret ); |
markrad | 0:cdf462088d13 | 7017 | return( ret ); |
markrad | 0:cdf462088d13 | 7018 | } |
markrad | 0:cdf462088d13 | 7019 | } |
markrad | 0:cdf462088d13 | 7020 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
Jasper Wallace |
2:bbdeda018a3c | 7021 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
markrad | 0:cdf462088d13 | 7022 | } |
markrad | 0:cdf462088d13 | 7023 | |
markrad | 0:cdf462088d13 | 7024 | n = ( len < ssl->in_msglen ) |
markrad | 0:cdf462088d13 | 7025 | ? len : ssl->in_msglen; |
markrad | 0:cdf462088d13 | 7026 | |
markrad | 0:cdf462088d13 | 7027 | memcpy( buf, ssl->in_offt, n ); |
markrad | 0:cdf462088d13 | 7028 | ssl->in_msglen -= n; |
markrad | 0:cdf462088d13 | 7029 | |
markrad | 0:cdf462088d13 | 7030 | if( ssl->in_msglen == 0 ) |
Jasper Wallace |
2:bbdeda018a3c | 7031 | { |
Jasper Wallace |
2:bbdeda018a3c | 7032 | /* all bytes consumed */ |
markrad | 0:cdf462088d13 | 7033 | ssl->in_offt = NULL; |
Jasper Wallace |
2:bbdeda018a3c | 7034 | ssl->keep_current_message = 0; |
Jasper Wallace |
2:bbdeda018a3c | 7035 | } |
markrad | 0:cdf462088d13 | 7036 | else |
Jasper Wallace |
2:bbdeda018a3c | 7037 | { |
markrad | 0:cdf462088d13 | 7038 | /* more data available */ |
markrad | 0:cdf462088d13 | 7039 | ssl->in_offt += n; |
Jasper Wallace |
2:bbdeda018a3c | 7040 | } |
markrad | 0:cdf462088d13 | 7041 | |
markrad | 0:cdf462088d13 | 7042 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) ); |
markrad | 0:cdf462088d13 | 7043 | |
markrad | 0:cdf462088d13 | 7044 | return( (int) n ); |
markrad | 0:cdf462088d13 | 7045 | } |
markrad | 0:cdf462088d13 | 7046 | |
markrad | 0:cdf462088d13 | 7047 | /* |
markrad | 0:cdf462088d13 | 7048 | * Send application data to be encrypted by the SSL layer, |
markrad | 0:cdf462088d13 | 7049 | * taking care of max fragment length and buffer size |
markrad | 0:cdf462088d13 | 7050 | */ |
markrad | 0:cdf462088d13 | 7051 | static int ssl_write_real( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 7052 | const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 7053 | { |
markrad | 0:cdf462088d13 | 7054 | int ret; |
markrad | 0:cdf462088d13 | 7055 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
markrad | 0:cdf462088d13 | 7056 | size_t max_len = mbedtls_ssl_get_max_frag_len( ssl ); |
markrad | 0:cdf462088d13 | 7057 | |
markrad | 0:cdf462088d13 | 7058 | if( len > max_len ) |
markrad | 0:cdf462088d13 | 7059 | { |
markrad | 0:cdf462088d13 | 7060 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 7061 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 7062 | { |
markrad | 0:cdf462088d13 | 7063 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) " |
markrad | 0:cdf462088d13 | 7064 | "maximum fragment length: %d > %d", |
markrad | 0:cdf462088d13 | 7065 | len, max_len ) ); |
markrad | 0:cdf462088d13 | 7066 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 7067 | } |
markrad | 0:cdf462088d13 | 7068 | else |
markrad | 0:cdf462088d13 | 7069 | #endif |
markrad | 0:cdf462088d13 | 7070 | len = max_len; |
markrad | 0:cdf462088d13 | 7071 | } |
markrad | 0:cdf462088d13 | 7072 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
markrad | 0:cdf462088d13 | 7073 | |
markrad | 0:cdf462088d13 | 7074 | if( ssl->out_left != 0 ) |
markrad | 0:cdf462088d13 | 7075 | { |
markrad | 0:cdf462088d13 | 7076 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 7077 | { |
markrad | 0:cdf462088d13 | 7078 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); |
markrad | 0:cdf462088d13 | 7079 | return( ret ); |
markrad | 0:cdf462088d13 | 7080 | } |
markrad | 0:cdf462088d13 | 7081 | } |
markrad | 0:cdf462088d13 | 7082 | else |
markrad | 0:cdf462088d13 | 7083 | { |
markrad | 0:cdf462088d13 | 7084 | ssl->out_msglen = len; |
markrad | 0:cdf462088d13 | 7085 | ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; |
markrad | 0:cdf462088d13 | 7086 | memcpy( ssl->out_msg, buf, len ); |
markrad | 0:cdf462088d13 | 7087 | |
markrad | 0:cdf462088d13 | 7088 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 7089 | { |
markrad | 0:cdf462088d13 | 7090 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
markrad | 0:cdf462088d13 | 7091 | return( ret ); |
markrad | 0:cdf462088d13 | 7092 | } |
markrad | 0:cdf462088d13 | 7093 | } |
markrad | 0:cdf462088d13 | 7094 | |
markrad | 0:cdf462088d13 | 7095 | return( (int) len ); |
markrad | 0:cdf462088d13 | 7096 | } |
markrad | 0:cdf462088d13 | 7097 | |
markrad | 0:cdf462088d13 | 7098 | /* |
markrad | 0:cdf462088d13 | 7099 | * Write application data, doing 1/n-1 splitting if necessary. |
markrad | 0:cdf462088d13 | 7100 | * |
markrad | 0:cdf462088d13 | 7101 | * With non-blocking I/O, ssl_write_real() may return WANT_WRITE, |
markrad | 0:cdf462088d13 | 7102 | * then the caller will call us again with the same arguments, so |
markrad | 0:cdf462088d13 | 7103 | * remember wether we already did the split or not. |
markrad | 0:cdf462088d13 | 7104 | */ |
markrad | 0:cdf462088d13 | 7105 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
markrad | 0:cdf462088d13 | 7106 | static int ssl_write_split( mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 7107 | const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 7108 | { |
markrad | 0:cdf462088d13 | 7109 | int ret; |
markrad | 0:cdf462088d13 | 7110 | |
markrad | 0:cdf462088d13 | 7111 | if( ssl->conf->cbc_record_splitting == |
markrad | 0:cdf462088d13 | 7112 | MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || |
markrad | 0:cdf462088d13 | 7113 | len <= 1 || |
markrad | 0:cdf462088d13 | 7114 | ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 || |
markrad | 0:cdf462088d13 | 7115 | mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ) |
markrad | 0:cdf462088d13 | 7116 | != MBEDTLS_MODE_CBC ) |
markrad | 0:cdf462088d13 | 7117 | { |
markrad | 0:cdf462088d13 | 7118 | return( ssl_write_real( ssl, buf, len ) ); |
markrad | 0:cdf462088d13 | 7119 | } |
markrad | 0:cdf462088d13 | 7120 | |
markrad | 0:cdf462088d13 | 7121 | if( ssl->split_done == 0 ) |
markrad | 0:cdf462088d13 | 7122 | { |
markrad | 0:cdf462088d13 | 7123 | if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 ) |
markrad | 0:cdf462088d13 | 7124 | return( ret ); |
markrad | 0:cdf462088d13 | 7125 | ssl->split_done = 1; |
markrad | 0:cdf462088d13 | 7126 | } |
markrad | 0:cdf462088d13 | 7127 | |
markrad | 0:cdf462088d13 | 7128 | if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 ) |
markrad | 0:cdf462088d13 | 7129 | return( ret ); |
markrad | 0:cdf462088d13 | 7130 | ssl->split_done = 0; |
markrad | 0:cdf462088d13 | 7131 | |
markrad | 0:cdf462088d13 | 7132 | return( ret + 1 ); |
markrad | 0:cdf462088d13 | 7133 | } |
markrad | 0:cdf462088d13 | 7134 | #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ |
markrad | 0:cdf462088d13 | 7135 | |
markrad | 0:cdf462088d13 | 7136 | /* |
markrad | 0:cdf462088d13 | 7137 | * Write application data (public-facing wrapper) |
markrad | 0:cdf462088d13 | 7138 | */ |
markrad | 0:cdf462088d13 | 7139 | int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) |
markrad | 0:cdf462088d13 | 7140 | { |
markrad | 0:cdf462088d13 | 7141 | int ret; |
markrad | 0:cdf462088d13 | 7142 | |
markrad | 0:cdf462088d13 | 7143 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) ); |
markrad | 0:cdf462088d13 | 7144 | |
markrad | 0:cdf462088d13 | 7145 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 7146 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 7147 | |
markrad | 0:cdf462088d13 | 7148 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 7149 | if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 7150 | { |
markrad | 0:cdf462088d13 | 7151 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); |
markrad | 0:cdf462088d13 | 7152 | return( ret ); |
markrad | 0:cdf462088d13 | 7153 | } |
markrad | 0:cdf462088d13 | 7154 | #endif |
markrad | 0:cdf462088d13 | 7155 | |
markrad | 0:cdf462088d13 | 7156 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 7157 | { |
markrad | 0:cdf462088d13 | 7158 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
markrad | 0:cdf462088d13 | 7159 | { |
markrad | 0:cdf462088d13 | 7160 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
markrad | 0:cdf462088d13 | 7161 | return( ret ); |
markrad | 0:cdf462088d13 | 7162 | } |
markrad | 0:cdf462088d13 | 7163 | } |
markrad | 0:cdf462088d13 | 7164 | |
markrad | 0:cdf462088d13 | 7165 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
markrad | 0:cdf462088d13 | 7166 | ret = ssl_write_split( ssl, buf, len ); |
markrad | 0:cdf462088d13 | 7167 | #else |
markrad | 0:cdf462088d13 | 7168 | ret = ssl_write_real( ssl, buf, len ); |
markrad | 0:cdf462088d13 | 7169 | #endif |
markrad | 0:cdf462088d13 | 7170 | |
markrad | 0:cdf462088d13 | 7171 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) ); |
markrad | 0:cdf462088d13 | 7172 | |
markrad | 0:cdf462088d13 | 7173 | return( ret ); |
markrad | 0:cdf462088d13 | 7174 | } |
markrad | 0:cdf462088d13 | 7175 | |
markrad | 0:cdf462088d13 | 7176 | /* |
markrad | 0:cdf462088d13 | 7177 | * Notify the peer that the connection is being closed |
markrad | 0:cdf462088d13 | 7178 | */ |
markrad | 0:cdf462088d13 | 7179 | int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 7180 | { |
markrad | 0:cdf462088d13 | 7181 | int ret; |
markrad | 0:cdf462088d13 | 7182 | |
markrad | 0:cdf462088d13 | 7183 | if( ssl == NULL || ssl->conf == NULL ) |
markrad | 0:cdf462088d13 | 7184 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
markrad | 0:cdf462088d13 | 7185 | |
markrad | 0:cdf462088d13 | 7186 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); |
markrad | 0:cdf462088d13 | 7187 | |
markrad | 0:cdf462088d13 | 7188 | if( ssl->out_left != 0 ) |
markrad | 0:cdf462088d13 | 7189 | return( mbedtls_ssl_flush_output( ssl ) ); |
markrad | 0:cdf462088d13 | 7190 | |
markrad | 0:cdf462088d13 | 7191 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
markrad | 0:cdf462088d13 | 7192 | { |
markrad | 0:cdf462088d13 | 7193 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
markrad | 0:cdf462088d13 | 7194 | MBEDTLS_SSL_ALERT_LEVEL_WARNING, |
markrad | 0:cdf462088d13 | 7195 | MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 ) |
markrad | 0:cdf462088d13 | 7196 | { |
markrad | 0:cdf462088d13 | 7197 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret ); |
markrad | 0:cdf462088d13 | 7198 | return( ret ); |
markrad | 0:cdf462088d13 | 7199 | } |
markrad | 0:cdf462088d13 | 7200 | } |
markrad | 0:cdf462088d13 | 7201 | |
markrad | 0:cdf462088d13 | 7202 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) ); |
markrad | 0:cdf462088d13 | 7203 | |
markrad | 0:cdf462088d13 | 7204 | return( 0 ); |
markrad | 0:cdf462088d13 | 7205 | } |
markrad | 0:cdf462088d13 | 7206 | |
markrad | 0:cdf462088d13 | 7207 | void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) |
markrad | 0:cdf462088d13 | 7208 | { |
markrad | 0:cdf462088d13 | 7209 | if( transform == NULL ) |
markrad | 0:cdf462088d13 | 7210 | return; |
markrad | 0:cdf462088d13 | 7211 | |
markrad | 0:cdf462088d13 | 7212 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 7213 | deflateEnd( &transform->ctx_deflate ); |
markrad | 0:cdf462088d13 | 7214 | inflateEnd( &transform->ctx_inflate ); |
markrad | 0:cdf462088d13 | 7215 | #endif |
markrad | 0:cdf462088d13 | 7216 | |
markrad | 0:cdf462088d13 | 7217 | mbedtls_cipher_free( &transform->cipher_ctx_enc ); |
markrad | 0:cdf462088d13 | 7218 | mbedtls_cipher_free( &transform->cipher_ctx_dec ); |
markrad | 0:cdf462088d13 | 7219 | |
markrad | 0:cdf462088d13 | 7220 | mbedtls_md_free( &transform->md_ctx_enc ); |
markrad | 0:cdf462088d13 | 7221 | mbedtls_md_free( &transform->md_ctx_dec ); |
markrad | 0:cdf462088d13 | 7222 | |
markrad | 0:cdf462088d13 | 7223 | mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); |
markrad | 0:cdf462088d13 | 7224 | } |
markrad | 0:cdf462088d13 | 7225 | |
markrad | 0:cdf462088d13 | 7226 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 7227 | static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert ) |
markrad | 0:cdf462088d13 | 7228 | { |
markrad | 0:cdf462088d13 | 7229 | mbedtls_ssl_key_cert *cur = key_cert, *next; |
markrad | 0:cdf462088d13 | 7230 | |
markrad | 0:cdf462088d13 | 7231 | while( cur != NULL ) |
markrad | 0:cdf462088d13 | 7232 | { |
markrad | 0:cdf462088d13 | 7233 | next = cur->next; |
markrad | 0:cdf462088d13 | 7234 | mbedtls_free( cur ); |
markrad | 0:cdf462088d13 | 7235 | cur = next; |
markrad | 0:cdf462088d13 | 7236 | } |
markrad | 0:cdf462088d13 | 7237 | } |
markrad | 0:cdf462088d13 | 7238 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
markrad | 0:cdf462088d13 | 7239 | |
markrad | 0:cdf462088d13 | 7240 | void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) |
markrad | 0:cdf462088d13 | 7241 | { |
markrad | 0:cdf462088d13 | 7242 | if( handshake == NULL ) |
markrad | 0:cdf462088d13 | 7243 | return; |
markrad | 0:cdf462088d13 | 7244 | |
markrad | 0:cdf462088d13 | 7245 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
markrad | 0:cdf462088d13 | 7246 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 7247 | mbedtls_md5_free( &handshake->fin_md5 ); |
markrad | 0:cdf462088d13 | 7248 | mbedtls_sha1_free( &handshake->fin_sha1 ); |
markrad | 0:cdf462088d13 | 7249 | #endif |
markrad | 0:cdf462088d13 | 7250 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 7251 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 7252 | mbedtls_sha256_free( &handshake->fin_sha256 ); |
markrad | 0:cdf462088d13 | 7253 | #endif |
markrad | 0:cdf462088d13 | 7254 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 7255 | mbedtls_sha512_free( &handshake->fin_sha512 ); |
markrad | 0:cdf462088d13 | 7256 | #endif |
markrad | 0:cdf462088d13 | 7257 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 7258 | |
markrad | 0:cdf462088d13 | 7259 | #if defined(MBEDTLS_DHM_C) |
markrad | 0:cdf462088d13 | 7260 | mbedtls_dhm_free( &handshake->dhm_ctx ); |
markrad | 0:cdf462088d13 | 7261 | #endif |
markrad | 0:cdf462088d13 | 7262 | #if defined(MBEDTLS_ECDH_C) |
markrad | 0:cdf462088d13 | 7263 | mbedtls_ecdh_free( &handshake->ecdh_ctx ); |
markrad | 0:cdf462088d13 | 7264 | #endif |
markrad | 0:cdf462088d13 | 7265 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
markrad | 0:cdf462088d13 | 7266 | mbedtls_ecjpake_free( &handshake->ecjpake_ctx ); |
markrad | 0:cdf462088d13 | 7267 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 7268 | mbedtls_free( handshake->ecjpake_cache ); |
markrad | 0:cdf462088d13 | 7269 | handshake->ecjpake_cache = NULL; |
markrad | 0:cdf462088d13 | 7270 | handshake->ecjpake_cache_len = 0; |
markrad | 0:cdf462088d13 | 7271 | #endif |
markrad | 0:cdf462088d13 | 7272 | #endif |
markrad | 0:cdf462088d13 | 7273 | |
markrad | 0:cdf462088d13 | 7274 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ |
markrad | 0:cdf462088d13 | 7275 | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
markrad | 0:cdf462088d13 | 7276 | /* explicit void pointer cast for buggy MS compiler */ |
markrad | 0:cdf462088d13 | 7277 | mbedtls_free( (void *) handshake->curves ); |
markrad | 0:cdf462088d13 | 7278 | #endif |
markrad | 0:cdf462088d13 | 7279 | |
markrad | 0:cdf462088d13 | 7280 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
markrad | 0:cdf462088d13 | 7281 | if( handshake->psk != NULL ) |
markrad | 0:cdf462088d13 | 7282 | { |
markrad | 0:cdf462088d13 | 7283 | mbedtls_zeroize( handshake->psk, handshake->psk_len ); |
markrad | 0:cdf462088d13 | 7284 | mbedtls_free( handshake->psk ); |
markrad | 0:cdf462088d13 | 7285 | } |
markrad | 0:cdf462088d13 | 7286 | #endif |
markrad | 0:cdf462088d13 | 7287 | |
markrad | 0:cdf462088d13 | 7288 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ |
markrad | 0:cdf462088d13 | 7289 | defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
markrad | 0:cdf462088d13 | 7290 | /* |
markrad | 0:cdf462088d13 | 7291 | * Free only the linked list wrapper, not the keys themselves |
markrad | 0:cdf462088d13 | 7292 | * since the belong to the SNI callback |
markrad | 0:cdf462088d13 | 7293 | */ |
markrad | 0:cdf462088d13 | 7294 | if( handshake->sni_key_cert != NULL ) |
markrad | 0:cdf462088d13 | 7295 | { |
markrad | 0:cdf462088d13 | 7296 | mbedtls_ssl_key_cert *cur = handshake->sni_key_cert, *next; |
markrad | 0:cdf462088d13 | 7297 | |
markrad | 0:cdf462088d13 | 7298 | while( cur != NULL ) |
markrad | 0:cdf462088d13 | 7299 | { |
markrad | 0:cdf462088d13 | 7300 | next = cur->next; |
markrad | 0:cdf462088d13 | 7301 | mbedtls_free( cur ); |
markrad | 0:cdf462088d13 | 7302 | cur = next; |
markrad | 0:cdf462088d13 | 7303 | } |
markrad | 0:cdf462088d13 | 7304 | } |
markrad | 0:cdf462088d13 | 7305 | #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
markrad | 0:cdf462088d13 | 7306 | |
markrad | 0:cdf462088d13 | 7307 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 7308 | mbedtls_free( handshake->verify_cookie ); |
markrad | 0:cdf462088d13 | 7309 | mbedtls_free( handshake->hs_msg ); |
markrad | 0:cdf462088d13 | 7310 | ssl_flight_free( handshake->flight ); |
markrad | 0:cdf462088d13 | 7311 | #endif |
markrad | 0:cdf462088d13 | 7312 | |
markrad | 0:cdf462088d13 | 7313 | mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) ); |
markrad | 0:cdf462088d13 | 7314 | } |
markrad | 0:cdf462088d13 | 7315 | |
markrad | 0:cdf462088d13 | 7316 | void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) |
markrad | 0:cdf462088d13 | 7317 | { |
markrad | 0:cdf462088d13 | 7318 | if( session == NULL ) |
markrad | 0:cdf462088d13 | 7319 | return; |
markrad | 0:cdf462088d13 | 7320 | |
markrad | 0:cdf462088d13 | 7321 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 7322 | if( session->peer_cert != NULL ) |
markrad | 0:cdf462088d13 | 7323 | { |
markrad | 0:cdf462088d13 | 7324 | mbedtls_x509_crt_free( session->peer_cert ); |
markrad | 0:cdf462088d13 | 7325 | mbedtls_free( session->peer_cert ); |
markrad | 0:cdf462088d13 | 7326 | } |
markrad | 0:cdf462088d13 | 7327 | #endif |
markrad | 0:cdf462088d13 | 7328 | |
markrad | 0:cdf462088d13 | 7329 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 7330 | mbedtls_free( session->ticket ); |
markrad | 0:cdf462088d13 | 7331 | #endif |
markrad | 0:cdf462088d13 | 7332 | |
markrad | 0:cdf462088d13 | 7333 | mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) ); |
markrad | 0:cdf462088d13 | 7334 | } |
markrad | 0:cdf462088d13 | 7335 | |
markrad | 0:cdf462088d13 | 7336 | /* |
markrad | 0:cdf462088d13 | 7337 | * Free an SSL context |
markrad | 0:cdf462088d13 | 7338 | */ |
markrad | 0:cdf462088d13 | 7339 | void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) |
markrad | 0:cdf462088d13 | 7340 | { |
markrad | 0:cdf462088d13 | 7341 | if( ssl == NULL ) |
markrad | 0:cdf462088d13 | 7342 | return; |
markrad | 0:cdf462088d13 | 7343 | |
markrad | 0:cdf462088d13 | 7344 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) ); |
markrad | 0:cdf462088d13 | 7345 | |
markrad | 0:cdf462088d13 | 7346 | if( ssl->out_buf != NULL ) |
markrad | 0:cdf462088d13 | 7347 | { |
markrad | 0:cdf462088d13 | 7348 | mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN ); |
markrad | 0:cdf462088d13 | 7349 | mbedtls_free( ssl->out_buf ); |
markrad | 0:cdf462088d13 | 7350 | } |
markrad | 0:cdf462088d13 | 7351 | |
markrad | 0:cdf462088d13 | 7352 | if( ssl->in_buf != NULL ) |
markrad | 0:cdf462088d13 | 7353 | { |
markrad | 0:cdf462088d13 | 7354 | mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN ); |
markrad | 0:cdf462088d13 | 7355 | mbedtls_free( ssl->in_buf ); |
markrad | 0:cdf462088d13 | 7356 | } |
markrad | 0:cdf462088d13 | 7357 | |
markrad | 0:cdf462088d13 | 7358 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
markrad | 0:cdf462088d13 | 7359 | if( ssl->compress_buf != NULL ) |
markrad | 0:cdf462088d13 | 7360 | { |
markrad | 0:cdf462088d13 | 7361 | mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN ); |
markrad | 0:cdf462088d13 | 7362 | mbedtls_free( ssl->compress_buf ); |
markrad | 0:cdf462088d13 | 7363 | } |
markrad | 0:cdf462088d13 | 7364 | #endif |
markrad | 0:cdf462088d13 | 7365 | |
markrad | 0:cdf462088d13 | 7366 | if( ssl->transform ) |
markrad | 0:cdf462088d13 | 7367 | { |
markrad | 0:cdf462088d13 | 7368 | mbedtls_ssl_transform_free( ssl->transform ); |
markrad | 0:cdf462088d13 | 7369 | mbedtls_free( ssl->transform ); |
markrad | 0:cdf462088d13 | 7370 | } |
markrad | 0:cdf462088d13 | 7371 | |
markrad | 0:cdf462088d13 | 7372 | if( ssl->handshake ) |
markrad | 0:cdf462088d13 | 7373 | { |
markrad | 0:cdf462088d13 | 7374 | mbedtls_ssl_handshake_free( ssl->handshake ); |
markrad | 0:cdf462088d13 | 7375 | mbedtls_ssl_transform_free( ssl->transform_negotiate ); |
markrad | 0:cdf462088d13 | 7376 | mbedtls_ssl_session_free( ssl->session_negotiate ); |
markrad | 0:cdf462088d13 | 7377 | |
markrad | 0:cdf462088d13 | 7378 | mbedtls_free( ssl->handshake ); |
markrad | 0:cdf462088d13 | 7379 | mbedtls_free( ssl->transform_negotiate ); |
markrad | 0:cdf462088d13 | 7380 | mbedtls_free( ssl->session_negotiate ); |
markrad | 0:cdf462088d13 | 7381 | } |
markrad | 0:cdf462088d13 | 7382 | |
markrad | 0:cdf462088d13 | 7383 | if( ssl->session ) |
markrad | 0:cdf462088d13 | 7384 | { |
markrad | 0:cdf462088d13 | 7385 | mbedtls_ssl_session_free( ssl->session ); |
markrad | 0:cdf462088d13 | 7386 | mbedtls_free( ssl->session ); |
markrad | 0:cdf462088d13 | 7387 | } |
markrad | 0:cdf462088d13 | 7388 | |
markrad | 0:cdf462088d13 | 7389 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 7390 | if( ssl->hostname != NULL ) |
markrad | 0:cdf462088d13 | 7391 | { |
markrad | 0:cdf462088d13 | 7392 | mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); |
markrad | 0:cdf462088d13 | 7393 | mbedtls_free( ssl->hostname ); |
markrad | 0:cdf462088d13 | 7394 | } |
markrad | 0:cdf462088d13 | 7395 | #endif |
markrad | 0:cdf462088d13 | 7396 | |
markrad | 0:cdf462088d13 | 7397 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
markrad | 0:cdf462088d13 | 7398 | if( mbedtls_ssl_hw_record_finish != NULL ) |
markrad | 0:cdf462088d13 | 7399 | { |
markrad | 0:cdf462088d13 | 7400 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_finish()" ) ); |
markrad | 0:cdf462088d13 | 7401 | mbedtls_ssl_hw_record_finish( ssl ); |
markrad | 0:cdf462088d13 | 7402 | } |
markrad | 0:cdf462088d13 | 7403 | #endif |
markrad | 0:cdf462088d13 | 7404 | |
markrad | 0:cdf462088d13 | 7405 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 7406 | mbedtls_free( ssl->cli_id ); |
markrad | 0:cdf462088d13 | 7407 | #endif |
markrad | 0:cdf462088d13 | 7408 | |
markrad | 0:cdf462088d13 | 7409 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); |
markrad | 0:cdf462088d13 | 7410 | |
markrad | 0:cdf462088d13 | 7411 | /* Actually clear after last debug message */ |
markrad | 0:cdf462088d13 | 7412 | mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); |
markrad | 0:cdf462088d13 | 7413 | } |
markrad | 0:cdf462088d13 | 7414 | |
markrad | 0:cdf462088d13 | 7415 | /* |
markrad | 0:cdf462088d13 | 7416 | * Initialze mbedtls_ssl_config |
markrad | 0:cdf462088d13 | 7417 | */ |
markrad | 0:cdf462088d13 | 7418 | void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) |
markrad | 0:cdf462088d13 | 7419 | { |
markrad | 0:cdf462088d13 | 7420 | memset( conf, 0, sizeof( mbedtls_ssl_config ) ); |
markrad | 0:cdf462088d13 | 7421 | } |
markrad | 0:cdf462088d13 | 7422 | |
markrad | 0:cdf462088d13 | 7423 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
markrad | 0:cdf462088d13 | 7424 | static int ssl_preset_default_hashes[] = { |
markrad | 0:cdf462088d13 | 7425 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 7426 | MBEDTLS_MD_SHA512, |
markrad | 0:cdf462088d13 | 7427 | MBEDTLS_MD_SHA384, |
markrad | 0:cdf462088d13 | 7428 | #endif |
markrad | 0:cdf462088d13 | 7429 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 7430 | MBEDTLS_MD_SHA256, |
markrad | 0:cdf462088d13 | 7431 | MBEDTLS_MD_SHA224, |
markrad | 0:cdf462088d13 | 7432 | #endif |
Jasper Wallace |
2:bbdeda018a3c | 7433 | #if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE) |
markrad | 0:cdf462088d13 | 7434 | MBEDTLS_MD_SHA1, |
markrad | 0:cdf462088d13 | 7435 | #endif |
markrad | 0:cdf462088d13 | 7436 | MBEDTLS_MD_NONE |
markrad | 0:cdf462088d13 | 7437 | }; |
markrad | 0:cdf462088d13 | 7438 | #endif |
markrad | 0:cdf462088d13 | 7439 | |
markrad | 0:cdf462088d13 | 7440 | static int ssl_preset_suiteb_ciphersuites[] = { |
markrad | 0:cdf462088d13 | 7441 | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
markrad | 0:cdf462088d13 | 7442 | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
markrad | 0:cdf462088d13 | 7443 | 0 |
markrad | 0:cdf462088d13 | 7444 | }; |
markrad | 0:cdf462088d13 | 7445 | |
markrad | 0:cdf462088d13 | 7446 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
markrad | 0:cdf462088d13 | 7447 | static int ssl_preset_suiteb_hashes[] = { |
markrad | 0:cdf462088d13 | 7448 | MBEDTLS_MD_SHA256, |
markrad | 0:cdf462088d13 | 7449 | MBEDTLS_MD_SHA384, |
markrad | 0:cdf462088d13 | 7450 | MBEDTLS_MD_NONE |
markrad | 0:cdf462088d13 | 7451 | }; |
markrad | 0:cdf462088d13 | 7452 | #endif |
markrad | 0:cdf462088d13 | 7453 | |
markrad | 0:cdf462088d13 | 7454 | #if defined(MBEDTLS_ECP_C) |
markrad | 0:cdf462088d13 | 7455 | static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = { |
markrad | 0:cdf462088d13 | 7456 | MBEDTLS_ECP_DP_SECP256R1, |
markrad | 0:cdf462088d13 | 7457 | MBEDTLS_ECP_DP_SECP384R1, |
markrad | 0:cdf462088d13 | 7458 | MBEDTLS_ECP_DP_NONE |
markrad | 0:cdf462088d13 | 7459 | }; |
markrad | 0:cdf462088d13 | 7460 | #endif |
markrad | 0:cdf462088d13 | 7461 | |
markrad | 0:cdf462088d13 | 7462 | /* |
markrad | 0:cdf462088d13 | 7463 | * Load default in mbedtls_ssl_config |
markrad | 0:cdf462088d13 | 7464 | */ |
markrad | 0:cdf462088d13 | 7465 | int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, |
markrad | 0:cdf462088d13 | 7466 | int endpoint, int transport, int preset ) |
markrad | 0:cdf462088d13 | 7467 | { |
markrad | 0:cdf462088d13 | 7468 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 7469 | int ret; |
markrad | 0:cdf462088d13 | 7470 | #endif |
markrad | 0:cdf462088d13 | 7471 | |
markrad | 0:cdf462088d13 | 7472 | /* Use the functions here so that they are covered in tests, |
markrad | 0:cdf462088d13 | 7473 | * but otherwise access member directly for efficiency */ |
markrad | 0:cdf462088d13 | 7474 | mbedtls_ssl_conf_endpoint( conf, endpoint ); |
markrad | 0:cdf462088d13 | 7475 | mbedtls_ssl_conf_transport( conf, transport ); |
markrad | 0:cdf462088d13 | 7476 | |
markrad | 0:cdf462088d13 | 7477 | /* |
markrad | 0:cdf462088d13 | 7478 | * Things that are common to all presets |
markrad | 0:cdf462088d13 | 7479 | */ |
markrad | 0:cdf462088d13 | 7480 | #if defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 7481 | if( endpoint == MBEDTLS_SSL_IS_CLIENT ) |
markrad | 0:cdf462088d13 | 7482 | { |
markrad | 0:cdf462088d13 | 7483 | conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; |
markrad | 0:cdf462088d13 | 7484 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
markrad | 0:cdf462088d13 | 7485 | conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED; |
markrad | 0:cdf462088d13 | 7486 | #endif |
markrad | 0:cdf462088d13 | 7487 | } |
markrad | 0:cdf462088d13 | 7488 | #endif |
markrad | 0:cdf462088d13 | 7489 | |
markrad | 0:cdf462088d13 | 7490 | #if defined(MBEDTLS_ARC4_C) |
markrad | 0:cdf462088d13 | 7491 | conf->arc4_disabled = MBEDTLS_SSL_ARC4_DISABLED; |
markrad | 0:cdf462088d13 | 7492 | #endif |
markrad | 0:cdf462088d13 | 7493 | |
markrad | 0:cdf462088d13 | 7494 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
markrad | 0:cdf462088d13 | 7495 | conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; |
markrad | 0:cdf462088d13 | 7496 | #endif |
markrad | 0:cdf462088d13 | 7497 | |
markrad | 0:cdf462088d13 | 7498 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
markrad | 0:cdf462088d13 | 7499 | conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; |
markrad | 0:cdf462088d13 | 7500 | #endif |
markrad | 0:cdf462088d13 | 7501 | |
markrad | 0:cdf462088d13 | 7502 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
markrad | 0:cdf462088d13 | 7503 | conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED; |
markrad | 0:cdf462088d13 | 7504 | #endif |
markrad | 0:cdf462088d13 | 7505 | |
markrad | 0:cdf462088d13 | 7506 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 7507 | conf->f_cookie_write = ssl_cookie_write_dummy; |
markrad | 0:cdf462088d13 | 7508 | conf->f_cookie_check = ssl_cookie_check_dummy; |
markrad | 0:cdf462088d13 | 7509 | #endif |
markrad | 0:cdf462088d13 | 7510 | |
markrad | 0:cdf462088d13 | 7511 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
markrad | 0:cdf462088d13 | 7512 | conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED; |
markrad | 0:cdf462088d13 | 7513 | #endif |
markrad | 0:cdf462088d13 | 7514 | |
Jasper Wallace |
2:bbdeda018a3c | 7515 | #if defined(MBEDTLS_SSL_SRV_C) |
Jasper Wallace |
2:bbdeda018a3c | 7516 | conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; |
Jasper Wallace |
2:bbdeda018a3c | 7517 | #endif |
Jasper Wallace |
2:bbdeda018a3c | 7518 | |
markrad | 0:cdf462088d13 | 7519 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 7520 | conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN; |
markrad | 0:cdf462088d13 | 7521 | conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX; |
markrad | 0:cdf462088d13 | 7522 | #endif |
markrad | 0:cdf462088d13 | 7523 | |
markrad | 0:cdf462088d13 | 7524 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
markrad | 0:cdf462088d13 | 7525 | conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; |
Jasper Wallace |
1:9ebc941037d5 | 7526 | memset( conf->renego_period, 0x00, 2 ); |
Jasper Wallace |
1:9ebc941037d5 | 7527 | memset( conf->renego_period + 2, 0xFF, 6 ); |
markrad | 0:cdf462088d13 | 7528 | #endif |
markrad | 0:cdf462088d13 | 7529 | |
markrad | 0:cdf462088d13 | 7530 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
markrad | 0:cdf462088d13 | 7531 | if( endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 7532 | { |
markrad | 0:cdf462088d13 | 7533 | if( ( ret = mbedtls_ssl_conf_dh_param( conf, |
markrad | 0:cdf462088d13 | 7534 | MBEDTLS_DHM_RFC5114_MODP_2048_P, |
markrad | 0:cdf462088d13 | 7535 | MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 ) |
markrad | 0:cdf462088d13 | 7536 | { |
markrad | 0:cdf462088d13 | 7537 | return( ret ); |
markrad | 0:cdf462088d13 | 7538 | } |
markrad | 0:cdf462088d13 | 7539 | } |
markrad | 0:cdf462088d13 | 7540 | #endif |
markrad | 0:cdf462088d13 | 7541 | |
markrad | 0:cdf462088d13 | 7542 | /* |
markrad | 0:cdf462088d13 | 7543 | * Preset-specific defaults |
markrad | 0:cdf462088d13 | 7544 | */ |
markrad | 0:cdf462088d13 | 7545 | switch( preset ) |
markrad | 0:cdf462088d13 | 7546 | { |
markrad | 0:cdf462088d13 | 7547 | /* |
markrad | 0:cdf462088d13 | 7548 | * NSA Suite B |
markrad | 0:cdf462088d13 | 7549 | */ |
markrad | 0:cdf462088d13 | 7550 | case MBEDTLS_SSL_PRESET_SUITEB: |
markrad | 0:cdf462088d13 | 7551 | conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; |
markrad | 0:cdf462088d13 | 7552 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ |
markrad | 0:cdf462088d13 | 7553 | conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; |
markrad | 0:cdf462088d13 | 7554 | conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; |
markrad | 0:cdf462088d13 | 7555 | |
markrad | 0:cdf462088d13 | 7556 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = |
markrad | 0:cdf462088d13 | 7557 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = |
markrad | 0:cdf462088d13 | 7558 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = |
markrad | 0:cdf462088d13 | 7559 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = |
markrad | 0:cdf462088d13 | 7560 | ssl_preset_suiteb_ciphersuites; |
markrad | 0:cdf462088d13 | 7561 | |
markrad | 0:cdf462088d13 | 7562 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 7563 | conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; |
markrad | 0:cdf462088d13 | 7564 | #endif |
markrad | 0:cdf462088d13 | 7565 | |
markrad | 0:cdf462088d13 | 7566 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
markrad | 0:cdf462088d13 | 7567 | conf->sig_hashes = ssl_preset_suiteb_hashes; |
markrad | 0:cdf462088d13 | 7568 | #endif |
markrad | 0:cdf462088d13 | 7569 | |
markrad | 0:cdf462088d13 | 7570 | #if defined(MBEDTLS_ECP_C) |
markrad | 0:cdf462088d13 | 7571 | conf->curve_list = ssl_preset_suiteb_curves; |
markrad | 0:cdf462088d13 | 7572 | #endif |
markrad | 0:cdf462088d13 | 7573 | break; |
markrad | 0:cdf462088d13 | 7574 | |
markrad | 0:cdf462088d13 | 7575 | /* |
markrad | 0:cdf462088d13 | 7576 | * Default |
markrad | 0:cdf462088d13 | 7577 | */ |
markrad | 0:cdf462088d13 | 7578 | default: |
markrad | 0:cdf462088d13 | 7579 | conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; |
markrad | 0:cdf462088d13 | 7580 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */ |
markrad | 0:cdf462088d13 | 7581 | conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; |
markrad | 0:cdf462088d13 | 7582 | conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; |
markrad | 0:cdf462088d13 | 7583 | |
markrad | 0:cdf462088d13 | 7584 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 7585 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 7586 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2; |
markrad | 0:cdf462088d13 | 7587 | #endif |
markrad | 0:cdf462088d13 | 7588 | |
markrad | 0:cdf462088d13 | 7589 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = |
markrad | 0:cdf462088d13 | 7590 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = |
markrad | 0:cdf462088d13 | 7591 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = |
markrad | 0:cdf462088d13 | 7592 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = |
markrad | 0:cdf462088d13 | 7593 | mbedtls_ssl_list_ciphersuites(); |
markrad | 0:cdf462088d13 | 7594 | |
markrad | 0:cdf462088d13 | 7595 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 7596 | conf->cert_profile = &mbedtls_x509_crt_profile_default; |
markrad | 0:cdf462088d13 | 7597 | #endif |
markrad | 0:cdf462088d13 | 7598 | |
markrad | 0:cdf462088d13 | 7599 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
markrad | 0:cdf462088d13 | 7600 | conf->sig_hashes = ssl_preset_default_hashes; |
markrad | 0:cdf462088d13 | 7601 | #endif |
markrad | 0:cdf462088d13 | 7602 | |
markrad | 0:cdf462088d13 | 7603 | #if defined(MBEDTLS_ECP_C) |
markrad | 0:cdf462088d13 | 7604 | conf->curve_list = mbedtls_ecp_grp_id_list(); |
markrad | 0:cdf462088d13 | 7605 | #endif |
markrad | 0:cdf462088d13 | 7606 | |
markrad | 0:cdf462088d13 | 7607 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) |
markrad | 0:cdf462088d13 | 7608 | conf->dhm_min_bitlen = 1024; |
markrad | 0:cdf462088d13 | 7609 | #endif |
markrad | 0:cdf462088d13 | 7610 | } |
markrad | 0:cdf462088d13 | 7611 | |
markrad | 0:cdf462088d13 | 7612 | return( 0 ); |
markrad | 0:cdf462088d13 | 7613 | } |
markrad | 0:cdf462088d13 | 7614 | |
markrad | 0:cdf462088d13 | 7615 | /* |
markrad | 0:cdf462088d13 | 7616 | * Free mbedtls_ssl_config |
markrad | 0:cdf462088d13 | 7617 | */ |
markrad | 0:cdf462088d13 | 7618 | void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) |
markrad | 0:cdf462088d13 | 7619 | { |
markrad | 0:cdf462088d13 | 7620 | #if defined(MBEDTLS_DHM_C) |
markrad | 0:cdf462088d13 | 7621 | mbedtls_mpi_free( &conf->dhm_P ); |
markrad | 0:cdf462088d13 | 7622 | mbedtls_mpi_free( &conf->dhm_G ); |
markrad | 0:cdf462088d13 | 7623 | #endif |
markrad | 0:cdf462088d13 | 7624 | |
markrad | 0:cdf462088d13 | 7625 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
markrad | 0:cdf462088d13 | 7626 | if( conf->psk != NULL ) |
markrad | 0:cdf462088d13 | 7627 | { |
markrad | 0:cdf462088d13 | 7628 | mbedtls_zeroize( conf->psk, conf->psk_len ); |
markrad | 0:cdf462088d13 | 7629 | mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len ); |
markrad | 0:cdf462088d13 | 7630 | mbedtls_free( conf->psk ); |
markrad | 0:cdf462088d13 | 7631 | mbedtls_free( conf->psk_identity ); |
markrad | 0:cdf462088d13 | 7632 | conf->psk_len = 0; |
markrad | 0:cdf462088d13 | 7633 | conf->psk_identity_len = 0; |
markrad | 0:cdf462088d13 | 7634 | } |
markrad | 0:cdf462088d13 | 7635 | #endif |
markrad | 0:cdf462088d13 | 7636 | |
markrad | 0:cdf462088d13 | 7637 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 7638 | ssl_key_cert_free( conf->key_cert ); |
markrad | 0:cdf462088d13 | 7639 | #endif |
markrad | 0:cdf462088d13 | 7640 | |
markrad | 0:cdf462088d13 | 7641 | mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) ); |
markrad | 0:cdf462088d13 | 7642 | } |
markrad | 0:cdf462088d13 | 7643 | |
markrad | 0:cdf462088d13 | 7644 | #if defined(MBEDTLS_PK_C) && \ |
markrad | 0:cdf462088d13 | 7645 | ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) ) |
markrad | 0:cdf462088d13 | 7646 | /* |
markrad | 0:cdf462088d13 | 7647 | * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX |
markrad | 0:cdf462088d13 | 7648 | */ |
markrad | 0:cdf462088d13 | 7649 | unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ) |
markrad | 0:cdf462088d13 | 7650 | { |
markrad | 0:cdf462088d13 | 7651 | #if defined(MBEDTLS_RSA_C) |
markrad | 0:cdf462088d13 | 7652 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) ) |
markrad | 0:cdf462088d13 | 7653 | return( MBEDTLS_SSL_SIG_RSA ); |
markrad | 0:cdf462088d13 | 7654 | #endif |
markrad | 0:cdf462088d13 | 7655 | #if defined(MBEDTLS_ECDSA_C) |
markrad | 0:cdf462088d13 | 7656 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) ) |
markrad | 0:cdf462088d13 | 7657 | return( MBEDTLS_SSL_SIG_ECDSA ); |
markrad | 0:cdf462088d13 | 7658 | #endif |
markrad | 0:cdf462088d13 | 7659 | return( MBEDTLS_SSL_SIG_ANON ); |
markrad | 0:cdf462088d13 | 7660 | } |
markrad | 0:cdf462088d13 | 7661 | |
Jasper Wallace |
2:bbdeda018a3c | 7662 | unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type ) |
Jasper Wallace |
2:bbdeda018a3c | 7663 | { |
Jasper Wallace |
2:bbdeda018a3c | 7664 | switch( type ) { |
Jasper Wallace |
2:bbdeda018a3c | 7665 | case MBEDTLS_PK_RSA: |
Jasper Wallace |
2:bbdeda018a3c | 7666 | return( MBEDTLS_SSL_SIG_RSA ); |
Jasper Wallace |
2:bbdeda018a3c | 7667 | case MBEDTLS_PK_ECDSA: |
Jasper Wallace |
2:bbdeda018a3c | 7668 | case MBEDTLS_PK_ECKEY: |
Jasper Wallace |
2:bbdeda018a3c | 7669 | return( MBEDTLS_SSL_SIG_ECDSA ); |
Jasper Wallace |
2:bbdeda018a3c | 7670 | default: |
Jasper Wallace |
2:bbdeda018a3c | 7671 | return( MBEDTLS_SSL_SIG_ANON ); |
Jasper Wallace |
2:bbdeda018a3c | 7672 | } |
Jasper Wallace |
2:bbdeda018a3c | 7673 | } |
Jasper Wallace |
2:bbdeda018a3c | 7674 | |
markrad | 0:cdf462088d13 | 7675 | mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ) |
markrad | 0:cdf462088d13 | 7676 | { |
markrad | 0:cdf462088d13 | 7677 | switch( sig ) |
markrad | 0:cdf462088d13 | 7678 | { |
markrad | 0:cdf462088d13 | 7679 | #if defined(MBEDTLS_RSA_C) |
markrad | 0:cdf462088d13 | 7680 | case MBEDTLS_SSL_SIG_RSA: |
markrad | 0:cdf462088d13 | 7681 | return( MBEDTLS_PK_RSA ); |
markrad | 0:cdf462088d13 | 7682 | #endif |
markrad | 0:cdf462088d13 | 7683 | #if defined(MBEDTLS_ECDSA_C) |
markrad | 0:cdf462088d13 | 7684 | case MBEDTLS_SSL_SIG_ECDSA: |
markrad | 0:cdf462088d13 | 7685 | return( MBEDTLS_PK_ECDSA ); |
markrad | 0:cdf462088d13 | 7686 | #endif |
markrad | 0:cdf462088d13 | 7687 | default: |
markrad | 0:cdf462088d13 | 7688 | return( MBEDTLS_PK_NONE ); |
markrad | 0:cdf462088d13 | 7689 | } |
markrad | 0:cdf462088d13 | 7690 | } |
markrad | 0:cdf462088d13 | 7691 | #endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */ |
markrad | 0:cdf462088d13 | 7692 | |
Jasper Wallace |
2:bbdeda018a3c | 7693 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ |
Jasper Wallace |
2:bbdeda018a3c | 7694 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
Jasper Wallace |
2:bbdeda018a3c | 7695 | |
Jasper Wallace |
2:bbdeda018a3c | 7696 | /* Find an entry in a signature-hash set matching a given hash algorithm. */ |
Jasper Wallace |
2:bbdeda018a3c | 7697 | mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, |
Jasper Wallace |
2:bbdeda018a3c | 7698 | mbedtls_pk_type_t sig_alg ) |
Jasper Wallace |
2:bbdeda018a3c | 7699 | { |
Jasper Wallace |
2:bbdeda018a3c | 7700 | switch( sig_alg ) |
Jasper Wallace |
2:bbdeda018a3c | 7701 | { |
Jasper Wallace |
2:bbdeda018a3c | 7702 | case MBEDTLS_PK_RSA: |
Jasper Wallace |
2:bbdeda018a3c | 7703 | return( set->rsa ); |
Jasper Wallace |
2:bbdeda018a3c | 7704 | case MBEDTLS_PK_ECDSA: |
Jasper Wallace |
2:bbdeda018a3c | 7705 | return( set->ecdsa ); |
Jasper Wallace |
2:bbdeda018a3c | 7706 | default: |
Jasper Wallace |
2:bbdeda018a3c | 7707 | return( MBEDTLS_MD_NONE ); |
Jasper Wallace |
2:bbdeda018a3c | 7708 | } |
Jasper Wallace |
2:bbdeda018a3c | 7709 | } |
Jasper Wallace |
2:bbdeda018a3c | 7710 | |
Jasper Wallace |
2:bbdeda018a3c | 7711 | /* Add a signature-hash-pair to a signature-hash set */ |
Jasper Wallace |
2:bbdeda018a3c | 7712 | void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, |
Jasper Wallace |
2:bbdeda018a3c | 7713 | mbedtls_pk_type_t sig_alg, |
Jasper Wallace |
2:bbdeda018a3c | 7714 | mbedtls_md_type_t md_alg ) |
Jasper Wallace |
2:bbdeda018a3c | 7715 | { |
Jasper Wallace |
2:bbdeda018a3c | 7716 | switch( sig_alg ) |
Jasper Wallace |
2:bbdeda018a3c | 7717 | { |
Jasper Wallace |
2:bbdeda018a3c | 7718 | case MBEDTLS_PK_RSA: |
Jasper Wallace |
2:bbdeda018a3c | 7719 | if( set->rsa == MBEDTLS_MD_NONE ) |
Jasper Wallace |
2:bbdeda018a3c | 7720 | set->rsa = md_alg; |
Jasper Wallace |
2:bbdeda018a3c | 7721 | break; |
Jasper Wallace |
2:bbdeda018a3c | 7722 | |
Jasper Wallace |
2:bbdeda018a3c | 7723 | case MBEDTLS_PK_ECDSA: |
Jasper Wallace |
2:bbdeda018a3c | 7724 | if( set->ecdsa == MBEDTLS_MD_NONE ) |
Jasper Wallace |
2:bbdeda018a3c | 7725 | set->ecdsa = md_alg; |
Jasper Wallace |
2:bbdeda018a3c | 7726 | break; |
Jasper Wallace |
2:bbdeda018a3c | 7727 | |
Jasper Wallace |
2:bbdeda018a3c | 7728 | default: |
Jasper Wallace |
2:bbdeda018a3c | 7729 | break; |
Jasper Wallace |
2:bbdeda018a3c | 7730 | } |
Jasper Wallace |
2:bbdeda018a3c | 7731 | } |
Jasper Wallace |
2:bbdeda018a3c | 7732 | |
Jasper Wallace |
2:bbdeda018a3c | 7733 | /* Allow exactly one hash algorithm for each signature. */ |
Jasper Wallace |
2:bbdeda018a3c | 7734 | void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, |
Jasper Wallace |
2:bbdeda018a3c | 7735 | mbedtls_md_type_t md_alg ) |
Jasper Wallace |
2:bbdeda018a3c | 7736 | { |
Jasper Wallace |
2:bbdeda018a3c | 7737 | set->rsa = md_alg; |
Jasper Wallace |
2:bbdeda018a3c | 7738 | set->ecdsa = md_alg; |
Jasper Wallace |
2:bbdeda018a3c | 7739 | } |
Jasper Wallace |
2:bbdeda018a3c | 7740 | |
Jasper Wallace |
2:bbdeda018a3c | 7741 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2) && |
Jasper Wallace |
2:bbdeda018a3c | 7742 | MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ |
Jasper Wallace |
2:bbdeda018a3c | 7743 | |
markrad | 0:cdf462088d13 | 7744 | /* |
markrad | 0:cdf462088d13 | 7745 | * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX |
markrad | 0:cdf462088d13 | 7746 | */ |
markrad | 0:cdf462088d13 | 7747 | mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ) |
markrad | 0:cdf462088d13 | 7748 | { |
markrad | 0:cdf462088d13 | 7749 | switch( hash ) |
markrad | 0:cdf462088d13 | 7750 | { |
markrad | 0:cdf462088d13 | 7751 | #if defined(MBEDTLS_MD5_C) |
markrad | 0:cdf462088d13 | 7752 | case MBEDTLS_SSL_HASH_MD5: |
markrad | 0:cdf462088d13 | 7753 | return( MBEDTLS_MD_MD5 ); |
markrad | 0:cdf462088d13 | 7754 | #endif |
markrad | 0:cdf462088d13 | 7755 | #if defined(MBEDTLS_SHA1_C) |
markrad | 0:cdf462088d13 | 7756 | case MBEDTLS_SSL_HASH_SHA1: |
markrad | 0:cdf462088d13 | 7757 | return( MBEDTLS_MD_SHA1 ); |
markrad | 0:cdf462088d13 | 7758 | #endif |
markrad | 0:cdf462088d13 | 7759 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 7760 | case MBEDTLS_SSL_HASH_SHA224: |
markrad | 0:cdf462088d13 | 7761 | return( MBEDTLS_MD_SHA224 ); |
markrad | 0:cdf462088d13 | 7762 | case MBEDTLS_SSL_HASH_SHA256: |
markrad | 0:cdf462088d13 | 7763 | return( MBEDTLS_MD_SHA256 ); |
markrad | 0:cdf462088d13 | 7764 | #endif |
markrad | 0:cdf462088d13 | 7765 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 7766 | case MBEDTLS_SSL_HASH_SHA384: |
markrad | 0:cdf462088d13 | 7767 | return( MBEDTLS_MD_SHA384 ); |
markrad | 0:cdf462088d13 | 7768 | case MBEDTLS_SSL_HASH_SHA512: |
markrad | 0:cdf462088d13 | 7769 | return( MBEDTLS_MD_SHA512 ); |
markrad | 0:cdf462088d13 | 7770 | #endif |
markrad | 0:cdf462088d13 | 7771 | default: |
markrad | 0:cdf462088d13 | 7772 | return( MBEDTLS_MD_NONE ); |
markrad | 0:cdf462088d13 | 7773 | } |
markrad | 0:cdf462088d13 | 7774 | } |
markrad | 0:cdf462088d13 | 7775 | |
markrad | 0:cdf462088d13 | 7776 | /* |
markrad | 0:cdf462088d13 | 7777 | * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX |
markrad | 0:cdf462088d13 | 7778 | */ |
markrad | 0:cdf462088d13 | 7779 | unsigned char mbedtls_ssl_hash_from_md_alg( int md ) |
markrad | 0:cdf462088d13 | 7780 | { |
markrad | 0:cdf462088d13 | 7781 | switch( md ) |
markrad | 0:cdf462088d13 | 7782 | { |
markrad | 0:cdf462088d13 | 7783 | #if defined(MBEDTLS_MD5_C) |
markrad | 0:cdf462088d13 | 7784 | case MBEDTLS_MD_MD5: |
markrad | 0:cdf462088d13 | 7785 | return( MBEDTLS_SSL_HASH_MD5 ); |
markrad | 0:cdf462088d13 | 7786 | #endif |
markrad | 0:cdf462088d13 | 7787 | #if defined(MBEDTLS_SHA1_C) |
markrad | 0:cdf462088d13 | 7788 | case MBEDTLS_MD_SHA1: |
markrad | 0:cdf462088d13 | 7789 | return( MBEDTLS_SSL_HASH_SHA1 ); |
markrad | 0:cdf462088d13 | 7790 | #endif |
markrad | 0:cdf462088d13 | 7791 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 7792 | case MBEDTLS_MD_SHA224: |
markrad | 0:cdf462088d13 | 7793 | return( MBEDTLS_SSL_HASH_SHA224 ); |
markrad | 0:cdf462088d13 | 7794 | case MBEDTLS_MD_SHA256: |
markrad | 0:cdf462088d13 | 7795 | return( MBEDTLS_SSL_HASH_SHA256 ); |
markrad | 0:cdf462088d13 | 7796 | #endif |
markrad | 0:cdf462088d13 | 7797 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 7798 | case MBEDTLS_MD_SHA384: |
markrad | 0:cdf462088d13 | 7799 | return( MBEDTLS_SSL_HASH_SHA384 ); |
markrad | 0:cdf462088d13 | 7800 | case MBEDTLS_MD_SHA512: |
markrad | 0:cdf462088d13 | 7801 | return( MBEDTLS_SSL_HASH_SHA512 ); |
markrad | 0:cdf462088d13 | 7802 | #endif |
markrad | 0:cdf462088d13 | 7803 | default: |
markrad | 0:cdf462088d13 | 7804 | return( MBEDTLS_SSL_HASH_NONE ); |
markrad | 0:cdf462088d13 | 7805 | } |
markrad | 0:cdf462088d13 | 7806 | } |
markrad | 0:cdf462088d13 | 7807 | |
markrad | 0:cdf462088d13 | 7808 | #if defined(MBEDTLS_ECP_C) |
markrad | 0:cdf462088d13 | 7809 | /* |
markrad | 0:cdf462088d13 | 7810 | * Check if a curve proposed by the peer is in our list. |
markrad | 0:cdf462088d13 | 7811 | * Return 0 if we're willing to use it, -1 otherwise. |
markrad | 0:cdf462088d13 | 7812 | */ |
markrad | 0:cdf462088d13 | 7813 | int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ) |
markrad | 0:cdf462088d13 | 7814 | { |
markrad | 0:cdf462088d13 | 7815 | const mbedtls_ecp_group_id *gid; |
markrad | 0:cdf462088d13 | 7816 | |
markrad | 0:cdf462088d13 | 7817 | if( ssl->conf->curve_list == NULL ) |
markrad | 0:cdf462088d13 | 7818 | return( -1 ); |
markrad | 0:cdf462088d13 | 7819 | |
markrad | 0:cdf462088d13 | 7820 | for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) |
markrad | 0:cdf462088d13 | 7821 | if( *gid == grp_id ) |
markrad | 0:cdf462088d13 | 7822 | return( 0 ); |
markrad | 0:cdf462088d13 | 7823 | |
markrad | 0:cdf462088d13 | 7824 | return( -1 ); |
markrad | 0:cdf462088d13 | 7825 | } |
markrad | 0:cdf462088d13 | 7826 | #endif /* MBEDTLS_ECP_C */ |
markrad | 0:cdf462088d13 | 7827 | |
markrad | 0:cdf462088d13 | 7828 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
markrad | 0:cdf462088d13 | 7829 | /* |
markrad | 0:cdf462088d13 | 7830 | * Check if a hash proposed by the peer is in our list. |
markrad | 0:cdf462088d13 | 7831 | * Return 0 if we're willing to use it, -1 otherwise. |
markrad | 0:cdf462088d13 | 7832 | */ |
markrad | 0:cdf462088d13 | 7833 | int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, |
markrad | 0:cdf462088d13 | 7834 | mbedtls_md_type_t md ) |
markrad | 0:cdf462088d13 | 7835 | { |
markrad | 0:cdf462088d13 | 7836 | const int *cur; |
markrad | 0:cdf462088d13 | 7837 | |
markrad | 0:cdf462088d13 | 7838 | if( ssl->conf->sig_hashes == NULL ) |
markrad | 0:cdf462088d13 | 7839 | return( -1 ); |
markrad | 0:cdf462088d13 | 7840 | |
markrad | 0:cdf462088d13 | 7841 | for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) |
markrad | 0:cdf462088d13 | 7842 | if( *cur == (int) md ) |
markrad | 0:cdf462088d13 | 7843 | return( 0 ); |
markrad | 0:cdf462088d13 | 7844 | |
markrad | 0:cdf462088d13 | 7845 | return( -1 ); |
markrad | 0:cdf462088d13 | 7846 | } |
markrad | 0:cdf462088d13 | 7847 | #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ |
markrad | 0:cdf462088d13 | 7848 | |
markrad | 0:cdf462088d13 | 7849 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
markrad | 0:cdf462088d13 | 7850 | int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, |
markrad | 0:cdf462088d13 | 7851 | const mbedtls_ssl_ciphersuite_t *ciphersuite, |
markrad | 0:cdf462088d13 | 7852 | int cert_endpoint, |
markrad | 0:cdf462088d13 | 7853 | uint32_t *flags ) |
markrad | 0:cdf462088d13 | 7854 | { |
markrad | 0:cdf462088d13 | 7855 | int ret = 0; |
markrad | 0:cdf462088d13 | 7856 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) |
markrad | 0:cdf462088d13 | 7857 | int usage = 0; |
markrad | 0:cdf462088d13 | 7858 | #endif |
markrad | 0:cdf462088d13 | 7859 | #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
markrad | 0:cdf462088d13 | 7860 | const char *ext_oid; |
markrad | 0:cdf462088d13 | 7861 | size_t ext_len; |
markrad | 0:cdf462088d13 | 7862 | #endif |
markrad | 0:cdf462088d13 | 7863 | |
markrad | 0:cdf462088d13 | 7864 | #if !defined(MBEDTLS_X509_CHECK_KEY_USAGE) && \ |
markrad | 0:cdf462088d13 | 7865 | !defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
markrad | 0:cdf462088d13 | 7866 | ((void) cert); |
markrad | 0:cdf462088d13 | 7867 | ((void) cert_endpoint); |
markrad | 0:cdf462088d13 | 7868 | ((void) flags); |
markrad | 0:cdf462088d13 | 7869 | #endif |
markrad | 0:cdf462088d13 | 7870 | |
markrad | 0:cdf462088d13 | 7871 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) |
markrad | 0:cdf462088d13 | 7872 | if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 7873 | { |
markrad | 0:cdf462088d13 | 7874 | /* Server part of the key exchange */ |
markrad | 0:cdf462088d13 | 7875 | switch( ciphersuite->key_exchange ) |
markrad | 0:cdf462088d13 | 7876 | { |
markrad | 0:cdf462088d13 | 7877 | case MBEDTLS_KEY_EXCHANGE_RSA: |
markrad | 0:cdf462088d13 | 7878 | case MBEDTLS_KEY_EXCHANGE_RSA_PSK: |
markrad | 0:cdf462088d13 | 7879 | usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; |
markrad | 0:cdf462088d13 | 7880 | break; |
markrad | 0:cdf462088d13 | 7881 | |
markrad | 0:cdf462088d13 | 7882 | case MBEDTLS_KEY_EXCHANGE_DHE_RSA: |
markrad | 0:cdf462088d13 | 7883 | case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: |
markrad | 0:cdf462088d13 | 7884 | case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: |
markrad | 0:cdf462088d13 | 7885 | usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; |
markrad | 0:cdf462088d13 | 7886 | break; |
markrad | 0:cdf462088d13 | 7887 | |
markrad | 0:cdf462088d13 | 7888 | case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: |
markrad | 0:cdf462088d13 | 7889 | case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: |
markrad | 0:cdf462088d13 | 7890 | usage = MBEDTLS_X509_KU_KEY_AGREEMENT; |
markrad | 0:cdf462088d13 | 7891 | break; |
markrad | 0:cdf462088d13 | 7892 | |
markrad | 0:cdf462088d13 | 7893 | /* Don't use default: we want warnings when adding new values */ |
markrad | 0:cdf462088d13 | 7894 | case MBEDTLS_KEY_EXCHANGE_NONE: |
markrad | 0:cdf462088d13 | 7895 | case MBEDTLS_KEY_EXCHANGE_PSK: |
markrad | 0:cdf462088d13 | 7896 | case MBEDTLS_KEY_EXCHANGE_DHE_PSK: |
markrad | 0:cdf462088d13 | 7897 | case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: |
markrad | 0:cdf462088d13 | 7898 | case MBEDTLS_KEY_EXCHANGE_ECJPAKE: |
markrad | 0:cdf462088d13 | 7899 | usage = 0; |
markrad | 0:cdf462088d13 | 7900 | } |
markrad | 0:cdf462088d13 | 7901 | } |
markrad | 0:cdf462088d13 | 7902 | else |
markrad | 0:cdf462088d13 | 7903 | { |
markrad | 0:cdf462088d13 | 7904 | /* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */ |
markrad | 0:cdf462088d13 | 7905 | usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; |
markrad | 0:cdf462088d13 | 7906 | } |
markrad | 0:cdf462088d13 | 7907 | |
markrad | 0:cdf462088d13 | 7908 | if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 ) |
markrad | 0:cdf462088d13 | 7909 | { |
markrad | 0:cdf462088d13 | 7910 | *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE; |
markrad | 0:cdf462088d13 | 7911 | ret = -1; |
markrad | 0:cdf462088d13 | 7912 | } |
markrad | 0:cdf462088d13 | 7913 | #else |
markrad | 0:cdf462088d13 | 7914 | ((void) ciphersuite); |
markrad | 0:cdf462088d13 | 7915 | #endif /* MBEDTLS_X509_CHECK_KEY_USAGE */ |
markrad | 0:cdf462088d13 | 7916 | |
markrad | 0:cdf462088d13 | 7917 | #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
markrad | 0:cdf462088d13 | 7918 | if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) |
markrad | 0:cdf462088d13 | 7919 | { |
markrad | 0:cdf462088d13 | 7920 | ext_oid = MBEDTLS_OID_SERVER_AUTH; |
markrad | 0:cdf462088d13 | 7921 | ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH ); |
markrad | 0:cdf462088d13 | 7922 | } |
markrad | 0:cdf462088d13 | 7923 | else |
markrad | 0:cdf462088d13 | 7924 | { |
markrad | 0:cdf462088d13 | 7925 | ext_oid = MBEDTLS_OID_CLIENT_AUTH; |
markrad | 0:cdf462088d13 | 7926 | ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH ); |
markrad | 0:cdf462088d13 | 7927 | } |
markrad | 0:cdf462088d13 | 7928 | |
markrad | 0:cdf462088d13 | 7929 | if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 ) |
markrad | 0:cdf462088d13 | 7930 | { |
markrad | 0:cdf462088d13 | 7931 | *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE; |
markrad | 0:cdf462088d13 | 7932 | ret = -1; |
markrad | 0:cdf462088d13 | 7933 | } |
markrad | 0:cdf462088d13 | 7934 | #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ |
markrad | 0:cdf462088d13 | 7935 | |
markrad | 0:cdf462088d13 | 7936 | return( ret ); |
markrad | 0:cdf462088d13 | 7937 | } |
markrad | 0:cdf462088d13 | 7938 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
markrad | 0:cdf462088d13 | 7939 | |
markrad | 0:cdf462088d13 | 7940 | /* |
markrad | 0:cdf462088d13 | 7941 | * Convert version numbers to/from wire format |
markrad | 0:cdf462088d13 | 7942 | * and, for DTLS, to/from TLS equivalent. |
markrad | 0:cdf462088d13 | 7943 | * |
markrad | 0:cdf462088d13 | 7944 | * For TLS this is the identity. |
markrad | 0:cdf462088d13 | 7945 | * For DTLS, use 1's complement (v -> 255 - v, and then map as follows: |
markrad | 0:cdf462088d13 | 7946 | * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) |
markrad | 0:cdf462088d13 | 7947 | * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) |
markrad | 0:cdf462088d13 | 7948 | */ |
markrad | 0:cdf462088d13 | 7949 | void mbedtls_ssl_write_version( int major, int minor, int transport, |
markrad | 0:cdf462088d13 | 7950 | unsigned char ver[2] ) |
markrad | 0:cdf462088d13 | 7951 | { |
markrad | 0:cdf462088d13 | 7952 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 7953 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 7954 | { |
markrad | 0:cdf462088d13 | 7955 | if( minor == MBEDTLS_SSL_MINOR_VERSION_2 ) |
markrad | 0:cdf462088d13 | 7956 | --minor; /* DTLS 1.0 stored as TLS 1.1 internally */ |
markrad | 0:cdf462088d13 | 7957 | |
markrad | 0:cdf462088d13 | 7958 | ver[0] = (unsigned char)( 255 - ( major - 2 ) ); |
markrad | 0:cdf462088d13 | 7959 | ver[1] = (unsigned char)( 255 - ( minor - 1 ) ); |
markrad | 0:cdf462088d13 | 7960 | } |
markrad | 0:cdf462088d13 | 7961 | else |
markrad | 0:cdf462088d13 | 7962 | #else |
markrad | 0:cdf462088d13 | 7963 | ((void) transport); |
markrad | 0:cdf462088d13 | 7964 | #endif |
markrad | 0:cdf462088d13 | 7965 | { |
markrad | 0:cdf462088d13 | 7966 | ver[0] = (unsigned char) major; |
markrad | 0:cdf462088d13 | 7967 | ver[1] = (unsigned char) minor; |
markrad | 0:cdf462088d13 | 7968 | } |
markrad | 0:cdf462088d13 | 7969 | } |
markrad | 0:cdf462088d13 | 7970 | |
markrad | 0:cdf462088d13 | 7971 | void mbedtls_ssl_read_version( int *major, int *minor, int transport, |
markrad | 0:cdf462088d13 | 7972 | const unsigned char ver[2] ) |
markrad | 0:cdf462088d13 | 7973 | { |
markrad | 0:cdf462088d13 | 7974 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
markrad | 0:cdf462088d13 | 7975 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
markrad | 0:cdf462088d13 | 7976 | { |
markrad | 0:cdf462088d13 | 7977 | *major = 255 - ver[0] + 2; |
markrad | 0:cdf462088d13 | 7978 | *minor = 255 - ver[1] + 1; |
markrad | 0:cdf462088d13 | 7979 | |
markrad | 0:cdf462088d13 | 7980 | if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 ) |
markrad | 0:cdf462088d13 | 7981 | ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */ |
markrad | 0:cdf462088d13 | 7982 | } |
markrad | 0:cdf462088d13 | 7983 | else |
markrad | 0:cdf462088d13 | 7984 | #else |
markrad | 0:cdf462088d13 | 7985 | ((void) transport); |
markrad | 0:cdf462088d13 | 7986 | #endif |
markrad | 0:cdf462088d13 | 7987 | { |
markrad | 0:cdf462088d13 | 7988 | *major = ver[0]; |
markrad | 0:cdf462088d13 | 7989 | *minor = ver[1]; |
markrad | 0:cdf462088d13 | 7990 | } |
markrad | 0:cdf462088d13 | 7991 | } |
markrad | 0:cdf462088d13 | 7992 | |
markrad | 0:cdf462088d13 | 7993 | int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) |
markrad | 0:cdf462088d13 | 7994 | { |
markrad | 0:cdf462088d13 | 7995 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
markrad | 0:cdf462088d13 | 7996 | if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) |
markrad | 0:cdf462088d13 | 7997 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
markrad | 0:cdf462088d13 | 7998 | |
markrad | 0:cdf462088d13 | 7999 | switch( md ) |
markrad | 0:cdf462088d13 | 8000 | { |
markrad | 0:cdf462088d13 | 8001 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
markrad | 0:cdf462088d13 | 8002 | #if defined(MBEDTLS_MD5_C) |
markrad | 0:cdf462088d13 | 8003 | case MBEDTLS_SSL_HASH_MD5: |
Jasper Wallace |
1:9ebc941037d5 | 8004 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
markrad | 0:cdf462088d13 | 8005 | #endif |
markrad | 0:cdf462088d13 | 8006 | #if defined(MBEDTLS_SHA1_C) |
markrad | 0:cdf462088d13 | 8007 | case MBEDTLS_SSL_HASH_SHA1: |
markrad | 0:cdf462088d13 | 8008 | ssl->handshake->calc_verify = ssl_calc_verify_tls; |
markrad | 0:cdf462088d13 | 8009 | break; |
markrad | 0:cdf462088d13 | 8010 | #endif |
markrad | 0:cdf462088d13 | 8011 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
markrad | 0:cdf462088d13 | 8012 | #if defined(MBEDTLS_SHA512_C) |
markrad | 0:cdf462088d13 | 8013 | case MBEDTLS_SSL_HASH_SHA384: |
markrad | 0:cdf462088d13 | 8014 | ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384; |
markrad | 0:cdf462088d13 | 8015 | break; |
markrad | 0:cdf462088d13 | 8016 | #endif |
markrad | 0:cdf462088d13 | 8017 | #if defined(MBEDTLS_SHA256_C) |
markrad | 0:cdf462088d13 | 8018 | case MBEDTLS_SSL_HASH_SHA256: |
markrad | 0:cdf462088d13 | 8019 | ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256; |
markrad | 0:cdf462088d13 | 8020 | break; |
markrad | 0:cdf462088d13 | 8021 | #endif |
markrad | 0:cdf462088d13 | 8022 | default: |
markrad | 0:cdf462088d13 | 8023 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
markrad | 0:cdf462088d13 | 8024 | } |
markrad | 0:cdf462088d13 | 8025 | |
markrad | 0:cdf462088d13 | 8026 | return 0; |
markrad | 0:cdf462088d13 | 8027 | #else /* !MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 8028 | (void) ssl; |
markrad | 0:cdf462088d13 | 8029 | (void) md; |
markrad | 0:cdf462088d13 | 8030 | |
markrad | 0:cdf462088d13 | 8031 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
markrad | 0:cdf462088d13 | 8032 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
markrad | 0:cdf462088d13 | 8033 | } |
markrad | 0:cdf462088d13 | 8034 | |
markrad | 0:cdf462088d13 | 8035 | #endif /* MBEDTLS_SSL_TLS_C */ |