mbed-os - mbed-os

EL4121 Embedded System » Code » mbed-os

mbed-os

Dependents: cobaLCDJoyMotor_Thread odometry_omni_3roda_v3 odometry_omni_3roda_v1 odometry_omni_3roda_v2 ... more

features/mbedtls/src/ssl_ticket.c@0:b74591d5ab33, 2017-12-11 (annotated)

Committer:: be_bryan
Date:: Mon Dec 11 17:54:04 2017 +0000
Revision:: 0:b74591d5ab33

motor ++

Who changed what in which revision?

User	Revision	Line number	New contents of line
be_bryan	0:b74591d5ab33	1	/*
be_bryan	0:b74591d5ab33	2	* TLS server tickets callbacks implementation
be_bryan	0:b74591d5ab33	3	*
be_bryan	0:b74591d5ab33	4	* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
be_bryan	0:b74591d5ab33	5	* SPDX-License-Identifier: Apache-2.0
be_bryan	0:b74591d5ab33	6	*
be_bryan	0:b74591d5ab33	7	* Licensed under the Apache License, Version 2.0 (the "License"); you may
be_bryan	0:b74591d5ab33	8	* not use this file except in compliance with the License.
be_bryan	0:b74591d5ab33	9	* You may obtain a copy of the License at
be_bryan	0:b74591d5ab33	10	*
be_bryan	0:b74591d5ab33	11	* http://www.apache.org/licenses/LICENSE-2.0
be_bryan	0:b74591d5ab33	12	*
be_bryan	0:b74591d5ab33	13	* Unless required by applicable law or agreed to in writing, software
be_bryan	0:b74591d5ab33	14	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
be_bryan	0:b74591d5ab33	15	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
be_bryan	0:b74591d5ab33	16	* See the License for the specific language governing permissions and
be_bryan	0:b74591d5ab33	17	* limitations under the License.
be_bryan	0:b74591d5ab33	18	*
be_bryan	0:b74591d5ab33	19	* This file is part of mbed TLS (https://tls.mbed.org)
be_bryan	0:b74591d5ab33	20	*/
be_bryan	0:b74591d5ab33	21
be_bryan	0:b74591d5ab33	22	#if !defined(MBEDTLS_CONFIG_FILE)
be_bryan	0:b74591d5ab33	23	#include "mbedtls/config.h"
be_bryan	0:b74591d5ab33	24	#else
be_bryan	0:b74591d5ab33	25	#include MBEDTLS_CONFIG_FILE
be_bryan	0:b74591d5ab33	26	#endif
be_bryan	0:b74591d5ab33	27
be_bryan	0:b74591d5ab33	28	#if defined(MBEDTLS_SSL_TICKET_C)
be_bryan	0:b74591d5ab33	29
be_bryan	0:b74591d5ab33	30	#if defined(MBEDTLS_PLATFORM_C)
be_bryan	0:b74591d5ab33	31	#include "mbedtls/platform.h"
be_bryan	0:b74591d5ab33	32	#else
be_bryan	0:b74591d5ab33	33	#include <stdlib.h>
be_bryan	0:b74591d5ab33	34	#define mbedtls_calloc calloc
be_bryan	0:b74591d5ab33	35	#define mbedtls_free free
be_bryan	0:b74591d5ab33	36	#endif
be_bryan	0:b74591d5ab33	37
be_bryan	0:b74591d5ab33	38	#include "mbedtls/ssl_ticket.h"
be_bryan	0:b74591d5ab33	39
be_bryan	0:b74591d5ab33	40	#include <string.h>
be_bryan	0:b74591d5ab33	41
be_bryan	0:b74591d5ab33	42	/* Implementation that should never be optimized out by the compiler */
be_bryan	0:b74591d5ab33	43	static void mbedtls_zeroize( void *v, size_t n ) {
be_bryan	0:b74591d5ab33	44	volatile unsigned char p = v; while( n-- ) p++ = 0;
be_bryan	0:b74591d5ab33	45	}
be_bryan	0:b74591d5ab33	46
be_bryan	0:b74591d5ab33	47	/*
be_bryan	0:b74591d5ab33	48	* Initialze context
be_bryan	0:b74591d5ab33	49	*/
be_bryan	0:b74591d5ab33	50	void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
be_bryan	0:b74591d5ab33	51	{
be_bryan	0:b74591d5ab33	52	memset( ctx, 0, sizeof( mbedtls_ssl_ticket_context ) );
be_bryan	0:b74591d5ab33	53
be_bryan	0:b74591d5ab33	54	#if defined(MBEDTLS_THREADING_C)
be_bryan	0:b74591d5ab33	55	mbedtls_mutex_init( &ctx->mutex );
be_bryan	0:b74591d5ab33	56	#endif
be_bryan	0:b74591d5ab33	57	}
be_bryan	0:b74591d5ab33	58
be_bryan	0:b74591d5ab33	59	#define MAX_KEY_BYTES 32 /* 256 bits */
be_bryan	0:b74591d5ab33	60
be_bryan	0:b74591d5ab33	61	/*
be_bryan	0:b74591d5ab33	62	* Generate/update a key
be_bryan	0:b74591d5ab33	63	*/
be_bryan	0:b74591d5ab33	64	static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
be_bryan	0:b74591d5ab33	65	unsigned char index )
be_bryan	0:b74591d5ab33	66	{
be_bryan	0:b74591d5ab33	67	int ret;
be_bryan	0:b74591d5ab33	68	unsigned char buf[MAX_KEY_BYTES];
be_bryan	0:b74591d5ab33	69	mbedtls_ssl_ticket_key *key = ctx->keys + index;
be_bryan	0:b74591d5ab33	70
be_bryan	0:b74591d5ab33	71	#if defined(MBEDTLS_HAVE_TIME)
be_bryan	0:b74591d5ab33	72	key->generation_time = (uint32_t) mbedtls_time( NULL );
be_bryan	0:b74591d5ab33	73	#endif
be_bryan	0:b74591d5ab33	74
be_bryan	0:b74591d5ab33	75	if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 )
be_bryan	0:b74591d5ab33	76	return( ret );
be_bryan	0:b74591d5ab33	77
be_bryan	0:b74591d5ab33	78	if( ( ret = ctx->f_rng( ctx->p_rng, buf, sizeof( buf ) ) ) != 0 )
be_bryan	0:b74591d5ab33	79	return( ret );
be_bryan	0:b74591d5ab33	80
be_bryan	0:b74591d5ab33	81	/* With GCM and CCM, same context can encrypt & decrypt */
be_bryan	0:b74591d5ab33	82	ret = mbedtls_cipher_setkey( &key->ctx, buf,
be_bryan	0:b74591d5ab33	83	mbedtls_cipher_get_key_bitlen( &key->ctx ),
be_bryan	0:b74591d5ab33	84	MBEDTLS_ENCRYPT );
be_bryan	0:b74591d5ab33	85
be_bryan	0:b74591d5ab33	86	mbedtls_zeroize( buf, sizeof( buf ) );
be_bryan	0:b74591d5ab33	87
be_bryan	0:b74591d5ab33	88	return( ret );
be_bryan	0:b74591d5ab33	89	}
be_bryan	0:b74591d5ab33	90
be_bryan	0:b74591d5ab33	91	/*
be_bryan	0:b74591d5ab33	92	* Rotate/generate keys if necessary
be_bryan	0:b74591d5ab33	93	*/
be_bryan	0:b74591d5ab33	94	static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
be_bryan	0:b74591d5ab33	95	{
be_bryan	0:b74591d5ab33	96	#if !defined(MBEDTLS_HAVE_TIME)
be_bryan	0:b74591d5ab33	97	((void) ctx);
be_bryan	0:b74591d5ab33	98	#else
be_bryan	0:b74591d5ab33	99	if( ctx->ticket_lifetime != 0 )
be_bryan	0:b74591d5ab33	100	{
be_bryan	0:b74591d5ab33	101	uint32_t current_time = (uint32_t) mbedtls_time( NULL );
be_bryan	0:b74591d5ab33	102	uint32_t key_time = ctx->keys[ctx->active].generation_time;
be_bryan	0:b74591d5ab33	103
be_bryan	0:b74591d5ab33	104	if( current_time > key_time &&
be_bryan	0:b74591d5ab33	105	current_time - key_time < ctx->ticket_lifetime )
be_bryan	0:b74591d5ab33	106	{
be_bryan	0:b74591d5ab33	107	return( 0 );
be_bryan	0:b74591d5ab33	108	}
be_bryan	0:b74591d5ab33	109
be_bryan	0:b74591d5ab33	110	ctx->active = 1 - ctx->active;
be_bryan	0:b74591d5ab33	111
be_bryan	0:b74591d5ab33	112	return( ssl_ticket_gen_key( ctx, ctx->active ) );
be_bryan	0:b74591d5ab33	113	}
be_bryan	0:b74591d5ab33	114	else
be_bryan	0:b74591d5ab33	115	#endif /* MBEDTLS_HAVE_TIME */
be_bryan	0:b74591d5ab33	116	return( 0 );
be_bryan	0:b74591d5ab33	117	}
be_bryan	0:b74591d5ab33	118
be_bryan	0:b74591d5ab33	119	/*
be_bryan	0:b74591d5ab33	120	* Setup context for actual use
be_bryan	0:b74591d5ab33	121	*/
be_bryan	0:b74591d5ab33	122	int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
be_bryan	0:b74591d5ab33	123	int (f_rng)(void , unsigned char , size_t), void p_rng,
be_bryan	0:b74591d5ab33	124	mbedtls_cipher_type_t cipher,
be_bryan	0:b74591d5ab33	125	uint32_t lifetime )
be_bryan	0:b74591d5ab33	126	{
be_bryan	0:b74591d5ab33	127	int ret;
be_bryan	0:b74591d5ab33	128	const mbedtls_cipher_info_t *cipher_info;
be_bryan	0:b74591d5ab33	129
be_bryan	0:b74591d5ab33	130	ctx->f_rng = f_rng;
be_bryan	0:b74591d5ab33	131	ctx->p_rng = p_rng;
be_bryan	0:b74591d5ab33	132
be_bryan	0:b74591d5ab33	133	ctx->ticket_lifetime = lifetime;
be_bryan	0:b74591d5ab33	134
be_bryan	0:b74591d5ab33	135	cipher_info = mbedtls_cipher_info_from_type( cipher);
be_bryan	0:b74591d5ab33	136	if( cipher_info == NULL )
be_bryan	0:b74591d5ab33	137	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
be_bryan	0:b74591d5ab33	138
be_bryan	0:b74591d5ab33	139	if( cipher_info->mode != MBEDTLS_MODE_GCM &&
be_bryan	0:b74591d5ab33	140	cipher_info->mode != MBEDTLS_MODE_CCM )
be_bryan	0:b74591d5ab33	141	{
be_bryan	0:b74591d5ab33	142	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
be_bryan	0:b74591d5ab33	143	}
be_bryan	0:b74591d5ab33	144
be_bryan	0:b74591d5ab33	145	if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES )
be_bryan	0:b74591d5ab33	146	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
be_bryan	0:b74591d5ab33	147
be_bryan	0:b74591d5ab33	148	if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 \|\|
be_bryan	0:b74591d5ab33	149	( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 )
be_bryan	0:b74591d5ab33	150	{
be_bryan	0:b74591d5ab33	151	return( ret );
be_bryan	0:b74591d5ab33	152	}
be_bryan	0:b74591d5ab33	153
be_bryan	0:b74591d5ab33	154	if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 \|\|
be_bryan	0:b74591d5ab33	155	( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 )
be_bryan	0:b74591d5ab33	156	{
be_bryan	0:b74591d5ab33	157	return( ret );
be_bryan	0:b74591d5ab33	158	}
be_bryan	0:b74591d5ab33	159
be_bryan	0:b74591d5ab33	160	return( 0 );
be_bryan	0:b74591d5ab33	161	}
be_bryan	0:b74591d5ab33	162
be_bryan	0:b74591d5ab33	163	/*
be_bryan	0:b74591d5ab33	164	* Serialize a session in the following format:
be_bryan	0:b74591d5ab33	165	* 0 . n-1 session structure, n = sizeof(mbedtls_ssl_session)
be_bryan	0:b74591d5ab33	166	* n . n+2 peer_cert length = m (0 if no certificate)
be_bryan	0:b74591d5ab33	167	* n+3 . n+2+m peer cert ASN.1
be_bryan	0:b74591d5ab33	168	*/
be_bryan	0:b74591d5ab33	169	static int ssl_save_session( const mbedtls_ssl_session *session,
be_bryan	0:b74591d5ab33	170	unsigned char *buf, size_t buf_len,
be_bryan	0:b74591d5ab33	171	size_t *olen )
be_bryan	0:b74591d5ab33	172	{
be_bryan	0:b74591d5ab33	173	unsigned char *p = buf;
be_bryan	0:b74591d5ab33	174	size_t left = buf_len;
be_bryan	0:b74591d5ab33	175	#if defined(MBEDTLS_X509_CRT_PARSE_C)
be_bryan	0:b74591d5ab33	176	size_t cert_len;
be_bryan	0:b74591d5ab33	177	#endif /* MBEDTLS_X509_CRT_PARSE_C */
be_bryan	0:b74591d5ab33	178
be_bryan	0:b74591d5ab33	179	if( left < sizeof( mbedtls_ssl_session ) )
be_bryan	0:b74591d5ab33	180	return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
be_bryan	0:b74591d5ab33	181
be_bryan	0:b74591d5ab33	182	memcpy( p, session, sizeof( mbedtls_ssl_session ) );
be_bryan	0:b74591d5ab33	183	p += sizeof( mbedtls_ssl_session );
be_bryan	0:b74591d5ab33	184	left -= sizeof( mbedtls_ssl_session );
be_bryan	0:b74591d5ab33	185
be_bryan	0:b74591d5ab33	186	#if defined(MBEDTLS_X509_CRT_PARSE_C)
be_bryan	0:b74591d5ab33	187	if( session->peer_cert == NULL )
be_bryan	0:b74591d5ab33	188	cert_len = 0;
be_bryan	0:b74591d5ab33	189	else
be_bryan	0:b74591d5ab33	190	cert_len = session->peer_cert->raw.len;
be_bryan	0:b74591d5ab33	191
be_bryan	0:b74591d5ab33	192	if( left < 3 + cert_len )
be_bryan	0:b74591d5ab33	193	return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
be_bryan	0:b74591d5ab33	194
be_bryan	0:b74591d5ab33	195	*p++ = (unsigned char)( cert_len >> 16 & 0xFF );
be_bryan	0:b74591d5ab33	196	*p++ = (unsigned char)( cert_len >> 8 & 0xFF );
be_bryan	0:b74591d5ab33	197	*p++ = (unsigned char)( cert_len & 0xFF );
be_bryan	0:b74591d5ab33	198
be_bryan	0:b74591d5ab33	199	if( session->peer_cert != NULL )
be_bryan	0:b74591d5ab33	200	memcpy( p, session->peer_cert->raw.p, cert_len );
be_bryan	0:b74591d5ab33	201
be_bryan	0:b74591d5ab33	202	p += cert_len;
be_bryan	0:b74591d5ab33	203	#endif /* MBEDTLS_X509_CRT_PARSE_C */
be_bryan	0:b74591d5ab33	204
be_bryan	0:b74591d5ab33	205	*olen = p - buf;
be_bryan	0:b74591d5ab33	206
be_bryan	0:b74591d5ab33	207	return( 0 );
be_bryan	0:b74591d5ab33	208	}
be_bryan	0:b74591d5ab33	209
be_bryan	0:b74591d5ab33	210	/*
be_bryan	0:b74591d5ab33	211	* Unserialise session, see ssl_save_session()
be_bryan	0:b74591d5ab33	212	*/
be_bryan	0:b74591d5ab33	213	static int ssl_load_session( mbedtls_ssl_session *session,
be_bryan	0:b74591d5ab33	214	const unsigned char *buf, size_t len )
be_bryan	0:b74591d5ab33	215	{
be_bryan	0:b74591d5ab33	216	const unsigned char *p = buf;
be_bryan	0:b74591d5ab33	217	const unsigned char * const end = buf + len;
be_bryan	0:b74591d5ab33	218	#if defined(MBEDTLS_X509_CRT_PARSE_C)
be_bryan	0:b74591d5ab33	219	size_t cert_len;
be_bryan	0:b74591d5ab33	220	#endif /* MBEDTLS_X509_CRT_PARSE_C */
be_bryan	0:b74591d5ab33	221
be_bryan	0:b74591d5ab33	222	if( p + sizeof( mbedtls_ssl_session ) > end )
be_bryan	0:b74591d5ab33	223	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
be_bryan	0:b74591d5ab33	224
be_bryan	0:b74591d5ab33	225	memcpy( session, p, sizeof( mbedtls_ssl_session ) );
be_bryan	0:b74591d5ab33	226	p += sizeof( mbedtls_ssl_session );
be_bryan	0:b74591d5ab33	227
be_bryan	0:b74591d5ab33	228	#if defined(MBEDTLS_X509_CRT_PARSE_C)
be_bryan	0:b74591d5ab33	229	if( p + 3 > end )
be_bryan	0:b74591d5ab33	230	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
be_bryan	0:b74591d5ab33	231
be_bryan	0:b74591d5ab33	232	cert_len = ( p[0] << 16 ) \| ( p[1] << 8 ) \| p[2];
be_bryan	0:b74591d5ab33	233	p += 3;
be_bryan	0:b74591d5ab33	234
be_bryan	0:b74591d5ab33	235	if( cert_len == 0 )
be_bryan	0:b74591d5ab33	236	{
be_bryan	0:b74591d5ab33	237	session->peer_cert = NULL;
be_bryan	0:b74591d5ab33	238	}
be_bryan	0:b74591d5ab33	239	else
be_bryan	0:b74591d5ab33	240	{
be_bryan	0:b74591d5ab33	241	int ret;
be_bryan	0:b74591d5ab33	242
be_bryan	0:b74591d5ab33	243	if( p + cert_len > end )
be_bryan	0:b74591d5ab33	244	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
be_bryan	0:b74591d5ab33	245
be_bryan	0:b74591d5ab33	246	session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
be_bryan	0:b74591d5ab33	247
be_bryan	0:b74591d5ab33	248	if( session->peer_cert == NULL )
be_bryan	0:b74591d5ab33	249	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
be_bryan	0:b74591d5ab33	250
be_bryan	0:b74591d5ab33	251	mbedtls_x509_crt_init( session->peer_cert );
be_bryan	0:b74591d5ab33	252
be_bryan	0:b74591d5ab33	253	if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
be_bryan	0:b74591d5ab33	254	p, cert_len ) ) != 0 )
be_bryan	0:b74591d5ab33	255	{
be_bryan	0:b74591d5ab33	256	mbedtls_x509_crt_free( session->peer_cert );
be_bryan	0:b74591d5ab33	257	mbedtls_free( session->peer_cert );
be_bryan	0:b74591d5ab33	258	session->peer_cert = NULL;
be_bryan	0:b74591d5ab33	259	return( ret );
be_bryan	0:b74591d5ab33	260	}
be_bryan	0:b74591d5ab33	261
be_bryan	0:b74591d5ab33	262	p += cert_len;
be_bryan	0:b74591d5ab33	263	}
be_bryan	0:b74591d5ab33	264	#endif /* MBEDTLS_X509_CRT_PARSE_C */
be_bryan	0:b74591d5ab33	265
be_bryan	0:b74591d5ab33	266	if( p != end )
be_bryan	0:b74591d5ab33	267	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
be_bryan	0:b74591d5ab33	268
be_bryan	0:b74591d5ab33	269	return( 0 );
be_bryan	0:b74591d5ab33	270	}
be_bryan	0:b74591d5ab33	271
be_bryan	0:b74591d5ab33	272	/*
be_bryan	0:b74591d5ab33	273	* Create session ticket, with the following structure:
be_bryan	0:b74591d5ab33	274	*
be_bryan	0:b74591d5ab33	275	* struct {
be_bryan	0:b74591d5ab33	276	* opaque key_name[4];
be_bryan	0:b74591d5ab33	277	* opaque iv[12];
be_bryan	0:b74591d5ab33	278	* opaque encrypted_state<0..2^16-1>;
be_bryan	0:b74591d5ab33	279	* opaque tag[16];
be_bryan	0:b74591d5ab33	280	* } ticket;
be_bryan	0:b74591d5ab33	281	*
be_bryan	0:b74591d5ab33	282	* The key_name, iv, and length of encrypted_state are the additional
be_bryan	0:b74591d5ab33	283	* authenticated data.
be_bryan	0:b74591d5ab33	284	*/
be_bryan	0:b74591d5ab33	285	int mbedtls_ssl_ticket_write( void *p_ticket,
be_bryan	0:b74591d5ab33	286	const mbedtls_ssl_session *session,
be_bryan	0:b74591d5ab33	287	unsigned char *start,
be_bryan	0:b74591d5ab33	288	const unsigned char *end,
be_bryan	0:b74591d5ab33	289	size_t *tlen,
be_bryan	0:b74591d5ab33	290	uint32_t *ticket_lifetime )
be_bryan	0:b74591d5ab33	291	{
be_bryan	0:b74591d5ab33	292	int ret;
be_bryan	0:b74591d5ab33	293	mbedtls_ssl_ticket_context *ctx = p_ticket;
be_bryan	0:b74591d5ab33	294	mbedtls_ssl_ticket_key *key;
be_bryan	0:b74591d5ab33	295	unsigned char *key_name = start;
be_bryan	0:b74591d5ab33	296	unsigned char *iv = start + 4;
be_bryan	0:b74591d5ab33	297	unsigned char *state_len_bytes = iv + 12;
be_bryan	0:b74591d5ab33	298	unsigned char *state = state_len_bytes + 2;
be_bryan	0:b74591d5ab33	299	unsigned char *tag;
be_bryan	0:b74591d5ab33	300	size_t clear_len, ciph_len;
be_bryan	0:b74591d5ab33	301
be_bryan	0:b74591d5ab33	302	*tlen = 0;
be_bryan	0:b74591d5ab33	303
be_bryan	0:b74591d5ab33	304	if( ctx == NULL \|\| ctx->f_rng == NULL )
be_bryan	0:b74591d5ab33	305	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
be_bryan	0:b74591d5ab33	306
be_bryan	0:b74591d5ab33	307	/* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag,
be_bryan	0:b74591d5ab33	308	* in addition to session itself, that will be checked when writing it. */
be_bryan	0:b74591d5ab33	309	if( end - start < 4 + 12 + 2 + 16 )
be_bryan	0:b74591d5ab33	310	return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
be_bryan	0:b74591d5ab33	311
be_bryan	0:b74591d5ab33	312	#if defined(MBEDTLS_THREADING_C)
be_bryan	0:b74591d5ab33	313	if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
be_bryan	0:b74591d5ab33	314	return( ret );
be_bryan	0:b74591d5ab33	315	#endif
be_bryan	0:b74591d5ab33	316
be_bryan	0:b74591d5ab33	317	if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
be_bryan	0:b74591d5ab33	318	goto cleanup;
be_bryan	0:b74591d5ab33	319
be_bryan	0:b74591d5ab33	320	key = &ctx->keys[ctx->active];
be_bryan	0:b74591d5ab33	321
be_bryan	0:b74591d5ab33	322	*ticket_lifetime = ctx->ticket_lifetime;
be_bryan	0:b74591d5ab33	323
be_bryan	0:b74591d5ab33	324	memcpy( key_name, key->name, 4 );
be_bryan	0:b74591d5ab33	325
be_bryan	0:b74591d5ab33	326	if( ( ret = ctx->f_rng( ctx->p_rng, iv, 12 ) ) != 0 )
be_bryan	0:b74591d5ab33	327	goto cleanup;
be_bryan	0:b74591d5ab33	328
be_bryan	0:b74591d5ab33	329	/* Dump session state */
be_bryan	0:b74591d5ab33	330	if( ( ret = ssl_save_session( session,
be_bryan	0:b74591d5ab33	331	state, end - state, &clear_len ) ) != 0 \|\|
be_bryan	0:b74591d5ab33	332	(unsigned long) clear_len > 65535 )
be_bryan	0:b74591d5ab33	333	{
be_bryan	0:b74591d5ab33	334	goto cleanup;
be_bryan	0:b74591d5ab33	335	}
be_bryan	0:b74591d5ab33	336	state_len_bytes[0] = ( clear_len >> 8 ) & 0xff;
be_bryan	0:b74591d5ab33	337	state_len_bytes[1] = ( clear_len ) & 0xff;
be_bryan	0:b74591d5ab33	338
be_bryan	0:b74591d5ab33	339	/* Encrypt and authenticate */
be_bryan	0:b74591d5ab33	340	tag = state + clear_len;
be_bryan	0:b74591d5ab33	341	if( ( ret = mbedtls_cipher_auth_encrypt( &key->ctx,
be_bryan	0:b74591d5ab33	342	iv, 12, key_name, 4 + 12 + 2,
be_bryan	0:b74591d5ab33	343	state, clear_len, state, &ciph_len, tag, 16 ) ) != 0 )
be_bryan	0:b74591d5ab33	344	{
be_bryan	0:b74591d5ab33	345	goto cleanup;
be_bryan	0:b74591d5ab33	346	}
be_bryan	0:b74591d5ab33	347	if( ciph_len != clear_len )
be_bryan	0:b74591d5ab33	348	{
be_bryan	0:b74591d5ab33	349	ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
be_bryan	0:b74591d5ab33	350	goto cleanup;
be_bryan	0:b74591d5ab33	351	}
be_bryan	0:b74591d5ab33	352
be_bryan	0:b74591d5ab33	353	*tlen = 4 + 12 + 2 + 16 + ciph_len;
be_bryan	0:b74591d5ab33	354
be_bryan	0:b74591d5ab33	355	cleanup:
be_bryan	0:b74591d5ab33	356	#if defined(MBEDTLS_THREADING_C)
be_bryan	0:b74591d5ab33	357	if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
be_bryan	0:b74591d5ab33	358	return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
be_bryan	0:b74591d5ab33	359	#endif
be_bryan	0:b74591d5ab33	360
be_bryan	0:b74591d5ab33	361	return( ret );
be_bryan	0:b74591d5ab33	362	}
be_bryan	0:b74591d5ab33	363
be_bryan	0:b74591d5ab33	364	/*
be_bryan	0:b74591d5ab33	365	* Select key based on name
be_bryan	0:b74591d5ab33	366	*/
be_bryan	0:b74591d5ab33	367	static mbedtls_ssl_ticket_key *ssl_ticket_select_key(
be_bryan	0:b74591d5ab33	368	mbedtls_ssl_ticket_context *ctx,
be_bryan	0:b74591d5ab33	369	const unsigned char name[4] )
be_bryan	0:b74591d5ab33	370	{
be_bryan	0:b74591d5ab33	371	unsigned char i;
be_bryan	0:b74591d5ab33	372
be_bryan	0:b74591d5ab33	373	for( i = 0; i < sizeof( ctx->keys ) / sizeof( *ctx->keys ); i++ )
be_bryan	0:b74591d5ab33	374	if( memcmp( name, ctx->keys[i].name, 4 ) == 0 )
be_bryan	0:b74591d5ab33	375	return( &ctx->keys[i] );
be_bryan	0:b74591d5ab33	376
be_bryan	0:b74591d5ab33	377	return( NULL );
be_bryan	0:b74591d5ab33	378	}
be_bryan	0:b74591d5ab33	379
be_bryan	0:b74591d5ab33	380	/*
be_bryan	0:b74591d5ab33	381	* Load session ticket (see mbedtls_ssl_ticket_write for structure)
be_bryan	0:b74591d5ab33	382	*/
be_bryan	0:b74591d5ab33	383	int mbedtls_ssl_ticket_parse( void *p_ticket,
be_bryan	0:b74591d5ab33	384	mbedtls_ssl_session *session,
be_bryan	0:b74591d5ab33	385	unsigned char *buf,
be_bryan	0:b74591d5ab33	386	size_t len )
be_bryan	0:b74591d5ab33	387	{
be_bryan	0:b74591d5ab33	388	int ret;
be_bryan	0:b74591d5ab33	389	mbedtls_ssl_ticket_context *ctx = p_ticket;
be_bryan	0:b74591d5ab33	390	mbedtls_ssl_ticket_key *key;
be_bryan	0:b74591d5ab33	391	unsigned char *key_name = buf;
be_bryan	0:b74591d5ab33	392	unsigned char *iv = buf + 4;
be_bryan	0:b74591d5ab33	393	unsigned char *enc_len_p = iv + 12;
be_bryan	0:b74591d5ab33	394	unsigned char *ticket = enc_len_p + 2;
be_bryan	0:b74591d5ab33	395	unsigned char *tag;
be_bryan	0:b74591d5ab33	396	size_t enc_len, clear_len;
be_bryan	0:b74591d5ab33	397
be_bryan	0:b74591d5ab33	398	if( ctx == NULL \|\| ctx->f_rng == NULL )
be_bryan	0:b74591d5ab33	399	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
be_bryan	0:b74591d5ab33	400
be_bryan	0:b74591d5ab33	401	/* See mbedtls_ssl_ticket_write() */
be_bryan	0:b74591d5ab33	402	if( len < 4 + 12 + 2 + 16 )
be_bryan	0:b74591d5ab33	403	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
be_bryan	0:b74591d5ab33	404
be_bryan	0:b74591d5ab33	405	#if defined(MBEDTLS_THREADING_C)
be_bryan	0:b74591d5ab33	406	if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
be_bryan	0:b74591d5ab33	407	return( ret );
be_bryan	0:b74591d5ab33	408	#endif
be_bryan	0:b74591d5ab33	409
be_bryan	0:b74591d5ab33	410	if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
be_bryan	0:b74591d5ab33	411	goto cleanup;
be_bryan	0:b74591d5ab33	412
be_bryan	0:b74591d5ab33	413	enc_len = ( enc_len_p[0] << 8 ) \| enc_len_p[1];
be_bryan	0:b74591d5ab33	414	tag = ticket + enc_len;
be_bryan	0:b74591d5ab33	415
be_bryan	0:b74591d5ab33	416	if( len != 4 + 12 + 2 + enc_len + 16 )
be_bryan	0:b74591d5ab33	417	{
be_bryan	0:b74591d5ab33	418	ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
be_bryan	0:b74591d5ab33	419	goto cleanup;
be_bryan	0:b74591d5ab33	420	}
be_bryan	0:b74591d5ab33	421
be_bryan	0:b74591d5ab33	422	/* Select key */
be_bryan	0:b74591d5ab33	423	if( ( key = ssl_ticket_select_key( ctx, key_name ) ) == NULL )
be_bryan	0:b74591d5ab33	424	{
be_bryan	0:b74591d5ab33	425	/* We can't know for sure but this is a likely option unless we're
be_bryan	0:b74591d5ab33	426	* under attack - this is only informative anyway */
be_bryan	0:b74591d5ab33	427	ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
be_bryan	0:b74591d5ab33	428	goto cleanup;
be_bryan	0:b74591d5ab33	429	}
be_bryan	0:b74591d5ab33	430
be_bryan	0:b74591d5ab33	431	/* Decrypt and authenticate */
be_bryan	0:b74591d5ab33	432	if( ( ret = mbedtls_cipher_auth_decrypt( &key->ctx, iv, 12,
be_bryan	0:b74591d5ab33	433	key_name, 4 + 12 + 2, ticket, enc_len,
be_bryan	0:b74591d5ab33	434	ticket, &clear_len, tag, 16 ) ) != 0 )
be_bryan	0:b74591d5ab33	435	{
be_bryan	0:b74591d5ab33	436	if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
be_bryan	0:b74591d5ab33	437	ret = MBEDTLS_ERR_SSL_INVALID_MAC;
be_bryan	0:b74591d5ab33	438
be_bryan	0:b74591d5ab33	439	goto cleanup;
be_bryan	0:b74591d5ab33	440	}
be_bryan	0:b74591d5ab33	441	if( clear_len != enc_len )
be_bryan	0:b74591d5ab33	442	{
be_bryan	0:b74591d5ab33	443	ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
be_bryan	0:b74591d5ab33	444	goto cleanup;
be_bryan	0:b74591d5ab33	445	}
be_bryan	0:b74591d5ab33	446
be_bryan	0:b74591d5ab33	447	/* Actually load session */
be_bryan	0:b74591d5ab33	448	if( ( ret = ssl_load_session( session, ticket, clear_len ) ) != 0 )
be_bryan	0:b74591d5ab33	449	goto cleanup;
be_bryan	0:b74591d5ab33	450
be_bryan	0:b74591d5ab33	451	#if defined(MBEDTLS_HAVE_TIME)
be_bryan	0:b74591d5ab33	452	{
be_bryan	0:b74591d5ab33	453	/* Check for expiration */
be_bryan	0:b74591d5ab33	454	mbedtls_time_t current_time = mbedtls_time( NULL );
be_bryan	0:b74591d5ab33	455
be_bryan	0:b74591d5ab33	456	if( current_time < session->start \|\|
be_bryan	0:b74591d5ab33	457	(uint32_t)( current_time - session->start ) > ctx->ticket_lifetime )
be_bryan	0:b74591d5ab33	458	{
be_bryan	0:b74591d5ab33	459	ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
be_bryan	0:b74591d5ab33	460	goto cleanup;
be_bryan	0:b74591d5ab33	461	}
be_bryan	0:b74591d5ab33	462	}
be_bryan	0:b74591d5ab33	463	#endif
be_bryan	0:b74591d5ab33	464
be_bryan	0:b74591d5ab33	465	cleanup:
be_bryan	0:b74591d5ab33	466	#if defined(MBEDTLS_THREADING_C)
be_bryan	0:b74591d5ab33	467	if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
be_bryan	0:b74591d5ab33	468	return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
be_bryan	0:b74591d5ab33	469	#endif
be_bryan	0:b74591d5ab33	470
be_bryan	0:b74591d5ab33	471	return( ret );
be_bryan	0:b74591d5ab33	472	}
be_bryan	0:b74591d5ab33	473
be_bryan	0:b74591d5ab33	474	/*
be_bryan	0:b74591d5ab33	475	* Free context
be_bryan	0:b74591d5ab33	476	*/
be_bryan	0:b74591d5ab33	477	void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx )
be_bryan	0:b74591d5ab33	478	{
be_bryan	0:b74591d5ab33	479	mbedtls_cipher_free( &ctx->keys[0].ctx );
be_bryan	0:b74591d5ab33	480	mbedtls_cipher_free( &ctx->keys[1].ctx );
be_bryan	0:b74591d5ab33	481
be_bryan	0:b74591d5ab33	482	#if defined(MBEDTLS_THREADING_C)
be_bryan	0:b74591d5ab33	483	mbedtls_mutex_free( &ctx->mutex );
be_bryan	0:b74591d5ab33	484	#endif
be_bryan	0:b74591d5ab33	485
be_bryan	0:b74591d5ab33	486	mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
be_bryan	0:b74591d5ab33	487	}
be_bryan	0:b74591d5ab33	488
be_bryan	0:b74591d5ab33	489	#endif /* MBEDTLS_SSL_TICKET_C */

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	12 Dec 2017
Imports:	1018
Forks:	0
Commits:	1
Dependents:	14
Dependencies:	0
Followers:	23

features/mbedtls/src/ssl_ticket.c@0:b74591d5ab33, 2017-12-11 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning