A super trimmed down TLS stack, GPL licensed

Dependents:   MiniTLS-HTTPS-Example

MiniTLS - A super trimmed down TLS/SSL Library for embedded devices Author: Donatien Garnier Copyright (C) 2013-2014 AppNearMe Ltd

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

tls/tls_record.c

Committer:
MiniTLS
Date:
2014-06-06
Revision:
0:35aa5be3b78d

File content as of revision 0:35aa5be3b78d:

/*
MuTLS - A super trimmed down TLS/SSL Library for embedded devices
Author: Donatien Garnier
Copyright (C) 2013-2014 AppNearMe Ltd

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*//**
 * \file tls_record.c
 * \copyright Copyright (c) AppNearMe Ltd 2013
 * \author Donatien Garnier
 */

#define __DEBUG__ 0
#ifndef __MODULE__
#define __MODULE__ "tls_record.c"
#endif

#include "core/fwk.h"
#include "inc/mutls_config.h"
#include "inc/mutls_errors.h"
#include "tls_record.h"
#include "tls_alert.h"

#include "tls_handshake.h"
#include "tls_socket.h"

#include "socket/socket.h"

#include "crypto/crypto_aes_128_cbc.h"
#include "crypto/crypto_hmac_sha1.h"

static mutls_err_t record_wait_readable(tls_record_t* record);
static mutls_err_t record_wait_writeable(tls_record_t* record);

static mutls_err_t record_socket_read(tls_record_t* record, size_t size);
static mutls_err_t record_socket_write(tls_record_t* record, buffer_t* data);

static mutls_err_t tls_mac_append( const uint8_t* key, tls_content_type_t content_type, tls_protocol_version_t version,
    uint64_t sequence_number, buffer_t* buffer );
static mutls_err_t tls_mac_check( const uint8_t* key, tls_content_type_t content_type, tls_protocol_version_t version,
    uint64_t sequence_number, buffer_t* buffer );

typedef struct __tls_fragment_header
{
  tls_content_type_t type;
  tls_protocol_version_t version;
  uint16_t length; //(MAX 2^14 + 2048 = 18432)
} tls_fragment_header_t;

#define FRAGMENT_HEADER_SIZE 5

#define DEFAULT_READ_TIMEOUT 20000
#define DEFAULT_WRITE_TIMEOUT 20000

mutls_err_t tls_record_init(tls_record_t* record, tls_socket_t* sock, uint8_t* buf, size_t buf_size)
{

  record->handshake_done = false;

  //Open BSD socket
  record->socket_fd = socket_socket();
  if(record->socket_fd < 0)
  {
    ERR("Could not create socket descriptor");
    return MUTLS_ERR_SOCKET_ERROR;
  }

  record->read_timeout = DEFAULT_READ_TIMEOUT;
  record->write_timeout = DEFAULT_WRITE_TIMEOUT;

  if(buf_size >= TLS_DEFAULT_MAX_FRAGMENT_SIZE)
  {
    record->max_fragment_size = TLS_DEFAULT_MAX_FRAGMENT_SIZE;
  }
  else if( buf_size >= 4096 + TLS_ENCRYPTION_MAX_OVERHEAD )
  {
    record->max_fragment_size = 4096;
  }
  else if( buf_size >= 2048 + TLS_ENCRYPTION_MAX_OVERHEAD )
  {
    record->max_fragment_size = 2048;
  }
  else if( buf_size >= 1024 + TLS_ENCRYPTION_MAX_OVERHEAD )
  {
    record->max_fragment_size = 1024;
  }
  else if( buf_size >= 512 + TLS_ENCRYPTION_MAX_OVERHEAD )
  {
    record->max_fragment_size = 512;
  }
  else
  {
    ERR("Buffer is too small");
    return MUTLS_ERR_BUFFER_TOO_SMALL;
  }

  DBG("Max fragment size: %d bytes", record->max_fragment_size);

  if( (buf_size != TLS_DEFAULT_MAX_FRAGMENT_SIZE)
      && (buf_size != (record->max_fragment_size + TLS_ENCRYPTION_MAX_OVERHEAD)) )
  {
    WARN("Buffer size is not optimum");
  }

  //Initialize with oldest protocol version by default (as recommended by RFC 5246's Annex E)
#if MUTLS_CFG_PROTOCOL_SSL_3
  record->version.major = SSL_3_VERSION_MAJOR;
  record->version.minor = SSL_3_VERSION_MINOR;
#elif MUTLS_CFG_PROTOCOL_TLS_1_0
  record->version.major = TLS_1_0_VERSION_MAJOR;
  record->version.minor = TLS_1_0_VERSION_MINOR;
#elif MUTLS_CFG_PROTOCOL_TLS_1_1
  record->version.major = TLS_1_1_VERSION_MAJOR;
  record->version.minor = TLS_1_1_VERSION_MINOR;
#elif MUTLS_CFG_PROTOCOL_TLS_1_2
  record->version.major = TLS_1_2_VERSION_MAJOR;
  record->version.minor = TLS_1_2_VERSION_MINOR;
#else
#error No SSL/TLS protocol version enabled
#endif

  buffer_init(&record->buffer, buf, buf_size);

  record->tls_socket = sock;

  //Init security
  record->security_rx_state = TLS_SECURITY_NONE;
  record->security_tx_state = TLS_SECURITY_NONE;

  //Memset keys
  memset(&record->client_write_mac_key, 0, TLS_HMAC_SHA1_KEY_SIZE);
  memset(&record->server_write_mac_key, 0, TLS_HMAC_SHA1_KEY_SIZE);
  memset(&record->client_write_cipher_key, 0, AES_128_KEY_SIZE);
  memset(&record->server_write_cipher_key, 0, AES_128_KEY_SIZE);

  return MUTLS_OK;
}

void tls_record_set_protocol_version(tls_record_t* record, uint8_t major, uint8_t minor)
{
  record->version.major = major;
  record->version.minor = minor;
}

void tls_record_get_protocol_version(tls_record_t* record, uint8_t* major, uint8_t* minor)
{
  *major = record->version.major;
  *minor = record->version.minor;
}

mutls_err_t tls_record_change_cipher_spec(tls_record_t* record, bool tx_nrx)
{
  if(tx_nrx)
  {
    if(record->security_tx_state == TLS_SECURITY_INTIALIZED)
    {
      record->security_tx_state = TLS_SECURITY_ACTIVE;
      return MUTLS_OK;
    }
    else
    {
      return MUTLS_ERR_PROTOCOL_NON_CONFORMANT;
    }
  }
  else
  {
    if(record->security_rx_state == TLS_SECURITY_INTIALIZED)
    {
      record->security_rx_state = TLS_SECURITY_ACTIVE;
      return MUTLS_OK;
    }
    else
    {
      return MUTLS_ERR_PROTOCOL_NON_CONFORMANT;
    }
  }
}

bool tls_record_is_secure(tls_record_t* record)
{
  if( record->security_tx_state != TLS_SECURITY_ACTIVE )
  {
    return false;
  }
  if( record->security_rx_state != TLS_SECURITY_ACTIVE )
  {
    return false;
  }
  return true;
}

mutls_err_t tls_record_connect(tls_record_t* record, const char* hostname, uint16_t port)
{
  DBG("Trying to connect to %s:%d", hostname, port);

  int r = socket_connect(record->socket_fd, hostname, port);
  if(r < 0)
  {
    socket_close(record->socket_fd);
    record->socket_fd = -1;
    return MUTLS_ERR_SOCKET_ERROR;
  }

  return MUTLS_OK;
}

mutls_err_t tls_record_process(tls_record_t* record)
{
  //Reset buffer length
  buffer_reset(&record->buffer);

  //Read header
  mutls_err_t ret = record_socket_read(record, FRAGMENT_HEADER_SIZE);
  if(ret == MUTLS_ERR_SOCKET_CLOSED)
  {
    return MUTLS_ERR_SOCKET_CLOSED;
  }
  else if(ret)
  {
    ERR("Socket err %d", ret);
    tls_alert_send( record, TLS_ALERT_FATAL, INTERNAL_ERROR, &record->buffer);
    return ret;
  }

  //Read version
  tls_fragment_header_t header;

  header.type = buffer_nu8_read(&record->buffer);
  header.version.major = buffer_nu8_read(&record->buffer);
  header.version.minor = buffer_nu8_read(&record->buffer);
  header.length = buffer_nu16_read(&record->buffer);

#if 1 //TODO how to relax this?
  if( (header.version.major != record->version.major) || (header.version.minor != record->version.minor) )
  {
    ERR("Version mismatch");
    tls_alert_send( record, TLS_ALERT_FATAL, PROTOCOL_VERSION, &record->buffer);
    return MUTLS_ERR_PROTOCOL_VERSION;
  }
#endif
  //Check content type
  //Check that encryption level is OK for this content type
  switch( header.type )
  {
  //All of these are OK in plain mode
  case TLS_CHANGE_CIPHER_SPEC:
  case TLS_ALERT:
  case TLS_HANDSHAKE:
    break;
  //This is only acceptable in ciphered mode:
  case TLS_APPLICATION_DATA:
    if( (!tls_record_is_secure(record)) || (!record->handshake_done) )
    {
      tls_alert_send( record, TLS_ALERT_FATAL, INSUFFICIENT_SECURITY, &record->buffer);
      return MUTLS_ERR_PROTOCOL_NON_CONFORMANT;
    }
    break;
  default:
    tls_alert_send( record, TLS_ALERT_FATAL, ILLEGAL_PARAMETER, &record->buffer);
    return MUTLS_ERR_PROTOCOL_NON_CONFORMANT;
  }

  //Reset buffer
  buffer_reset(&record->buffer);

  //Read payload
  ret = record_socket_read(record, header.length);
  if(ret)
  {
    ERR("Socket err %d", ret);
    tls_alert_send( record, TLS_ALERT_FATAL, INTERNAL_ERROR, &record->buffer);
    return ret;
  }

  if( record->security_rx_state == TLS_SECURITY_ACTIVE )
  {
    DBG("IV + Ciphertext");
    DBG_BLOCK(buffer_dump(&record->buffer);)

    buffer_t buffer_iv_header;
    if( (buffer_length(&record->buffer) < 2*AES_128_BLOCK_SIZE) || ( (buffer_length(&record->buffer) % AES_128_BLOCK_SIZE) != 0 ) )
    {
      tls_alert_send( record, TLS_ALERT_FATAL, UNEXPECTED_MESSAGE, &record->buffer );
      return MUTLS_ERR_PROTOCOL_NON_CONFORMANT;
    }
    buffer_byref(&buffer_iv_header, buffer_current_read_position(&record->buffer), AES_128_BLOCK_SIZE); //Extract IV vector
    buffer_n_discard(&record->buffer, AES_128_BLOCK_SIZE);

    //Decrypt message
    ret = crypto_aes_128_cbc_decrypt( &record->cipher_rx, &buffer_iv_header, &record->buffer );
    if(ret)
    {
      ERR("Failed to decipher, ret %d", ret);
      tls_alert_send( record, TLS_ALERT_FATAL, DECRYPT_ERROR, &record->buffer );
      return ret;
    }

    DBG("Plaintext + MAC + padding + padding length");
    DBG_BLOCK(buffer_dump(&record->buffer);)

    //Check and remove padding
    size_t padding_length = *(buffer_current_write_position(&record->buffer) - 1);

    if( padding_length + 1 > buffer_length(&record->buffer) )
    {
      ERR("Wrong padding length");
      tls_alert_send( record, TLS_ALERT_FATAL, BAD_RECORD_MAC, &record->buffer );
      return MUTLS_ERR_CRYPTO;
    }

    int p;
    //Check each padding byte
    for(p = 0; p < padding_length; p++)
    {
      if( *(buffer_current_write_position(&record->buffer) - 1 - p) != padding_length )
      {
        ERR("Wrong padding");
        tls_alert_send( record, TLS_ALERT_FATAL, BAD_RECORD_MAC, &record->buffer );
        return MUTLS_ERR_CRYPTO;
      }
    }

    //Remove trailing padding + padding length
    buffer_set_length(&record->buffer, buffer_length(&record->buffer) - 1 - padding_length);

    DBG("Plaintext + MAC");
    DBG_BLOCK(buffer_dump(&record->buffer);)

    //Check MAC
    ret = tls_mac_check( record->server_write_mac_key, header.type, header.version, record->sequence_number_rx, &record->buffer );
    if(ret)
    {
      ERR("MAC Check failed, ret %d", ret);
      tls_alert_send( record, TLS_ALERT_FATAL, BAD_RECORD_MAC, &record->buffer );
      return ret;
    }

    DBG("Plaintext");
    DBG_BLOCK(buffer_dump(&record->buffer);)

    //Increment seq number
    record->sequence_number_rx++;
  }
  else
  {
    //No security
  }

  //Now dispatch depending on content type
  switch( header.type )
  {
  case TLS_CHANGE_CIPHER_SPEC:
    ret = tls_record_change_cipher_spec(record, false);
    if(ret)
    {
      ERR("Invalid change cipher spec request, ret %d", ret);
      tls_alert_send( record, TLS_ALERT_FATAL, UNEXPECTED_MESSAGE, &record->buffer );
      return ret;
    }
    break;
  case TLS_ALERT:
    ret = tls_alert_process( record, &record->buffer );
    if(ret)
    {
      tls_record_close(record);
      //Close connection in any case
      if(ret == MUTLS_ERR_CONNECTION_CLOSED)
      {
        DBG("Connection closed by remote party");
        return MUTLS_OK;
      }
      //FIXME Do something
      ERR("Alert received, ret %d", ret);
      return ret;
    }
    break;
  case TLS_HANDSHAKE:
    if(/*(record->tls_socket->handshake != NULL) &&*/ !tls_handshake_is_done(&record->tls_socket->handshake))
    {
      ret = tls_handshake_process(&record->tls_socket->handshake, &record->buffer );
      if(ret)
      {
        ERR("Handshake process returned %d", ret);
        //TLS alert already sent by handshake function
        tls_handshake_clean(&record->tls_socket->handshake); //Cleanup handshake
        //record->tls_socket->handshake = NULL;
        return ret;
      }
      if(tls_handshake_is_done(&record->tls_socket->handshake))
      {
        tls_handshake_clean(&record->tls_socket->handshake); //Cleanup handshake
        //record->tls_socket->handshake = NULL;
        record->handshake_done = true; //Enable application data layer
      }
      return MUTLS_OK;
    }
    else
    {
      ERR("Unexpected handshake message, ret %d", ret);
      tls_alert_send( record, TLS_ALERT_FATAL, UNEXPECTED_MESSAGE, &record->buffer );
      return ret;
    }
  case TLS_APPLICATION_DATA:
    //Pass message to socket layer
    return tls_socket_readable_callback(record->tls_socket,  &record->buffer);
  default:
    //Has already been checked above
    return MUTLS_ERR_PROTOCOL_NON_CONFORMANT;
  }

  return MUTLS_OK;
}

mutls_err_t tls_record_send(tls_record_t* record, tls_content_type_t content_type, buffer_t* payload)
{
  mutls_err_t ret;
  int padding_item;
  /*
  struct {
      opaque IV[SecurityParameters.record_iv_length];
      block-ciphered struct {
          opaque content[TLSCompressed.length];
          opaque MAC[SecurityParameters.mac_length];
          uint8 padding[GenericBlockCipher.padding_length];
          uint8 padding_length;
      };
  } GenericBlockCipher;
  */

  //Check content type
  //Check that encryption level is OK for this content type
  switch( content_type )
  {
  //All of these are OK in plain mode
  case TLS_CHANGE_CIPHER_SPEC:
  case TLS_ALERT:
  case TLS_HANDSHAKE:
    break;
  //This is only acceptable in ciphered mode:
  case TLS_APPLICATION_DATA:
    if( (!tls_record_is_secure(record)) || (!record->handshake_done) )
    {
      tls_alert_send( record, TLS_ALERT_FATAL, INSUFFICIENT_SECURITY, &record->buffer);
      return MUTLS_ERR_PROTOCOL_NON_CONFORMANT;
    }
    break;
  default:
    tls_alert_send( record, TLS_ALERT_FATAL, ILLEGAL_PARAMETER, &record->buffer);
    return MUTLS_ERR_PROTOCOL_NON_CONFORMANT;
  }

  //Buffer must have enough space to add IV (head) + MAC (tail) + padding (tail)

  buffer_t header_iv;
  uint8_t header_iv_data[AES_128_BLOCK_SIZE];
  if( record->security_tx_state == TLS_SECURITY_ACTIVE )
  {
    //FIXME generate a random IV

    DBG("Plaintext");
    DBG_BLOCK(buffer_dump(payload);)

    //Compute & append MAC
    DBG("Sequence number: %d", record->sequence_number_tx);
    ret = tls_mac_append( record->client_write_mac_key, content_type, record->version, record->sequence_number_tx, payload );
    if(ret)
    {
      ERR("Could not append MAC, ret %d", ret);
      return ret;
    }

    //Increment sequence number
    record->sequence_number_tx++;

    DBG("Plaintext + MAC");
    DBG_BLOCK(buffer_dump(payload);)

    //Add padding
    size_t padding_length = AES_128_BLOCK_SIZE - (buffer_length(payload) % AES_128_BLOCK_SIZE) - 1;
    if(buffer_space(payload) < padding_length)
    {
      return MUTLS_ERR_BUFFER_TOO_SMALL;
    }

    for(padding_item = 0; padding_item < padding_length; padding_item++)
    {
      buffer_nu8_write(payload, padding_length);
    }

    buffer_nu8_write(payload, padding_length);

    DBG("Plaintext + MAC + Padding + Padding Length");
    DBG_BLOCK(buffer_dump(payload);)

    buffer_init( &header_iv, header_iv_data, AES_128_BLOCK_SIZE );

    crypto_prng_get(record->tls_socket->mutls->prng, buffer_current_write_position(&header_iv), AES_128_BLOCK_SIZE);
    buffer_n_skip(&header_iv, AES_128_BLOCK_SIZE);

    //Encrypt message
    ret = crypto_aes_128_cbc_encrypt( &record->cipher_tx, &header_iv, payload );
    if(ret)
    {
      ERR("Failed to encipher, ret %d", ret);
      return ret;
    }

    DBG("Ciphertext");
    DBG_BLOCK(buffer_dump(payload);)
  }
  else
  {
    buffer_init( &header_iv, NULL, 0 ); //0 Length
  }

  //Now send message header
  tls_fragment_header_t header;
  header.type = content_type;
  header.version.major = record->version.major;
  header.version.minor = record->version.minor;
  header.length = buffer_length( &header_iv ) + buffer_length(payload);

  buffer_t header_fragment;
  uint8_t header_fragment_data[FRAGMENT_HEADER_SIZE];

  buffer_init( &header_fragment, header_fragment_data, FRAGMENT_HEADER_SIZE );

  buffer_nu8_write(&header_fragment, header.type);
  buffer_nu8_write(&header_fragment, header.version.major);
  buffer_nu8_write(&header_fragment, header.version.minor);
  buffer_nu16_write(&header_fragment, header.length);

  //Send fragment header
  ret = record_socket_write(record, &header_fragment);
  if(ret)
  {
    return ret;
  }

  //Send IV
  ret = record_socket_write(record, &header_iv);
  if(ret)
  {
    return ret;
  }

  //Send payload
  ret = record_socket_write(record, payload);
  if(ret)
  {
    return ret;
  }

  return MUTLS_OK;
}

mutls_err_t tls_record_set_keys(tls_record_t* record, tls_security_type_t security, const uint8_t* client_write_mac_key, const uint8_t* server_write_mac_key,
    const uint8_t* client_write_cipher_key, const uint8_t* server_write_cipher_key)
{
  if(security != TLS_SECURITY_TYPE_AES_128_CBC_SHA)
  {
    return MUTLS_ERR_NOT_IMPLEMENTED;
  }

  //Copy keys
  memcpy(&record->client_write_mac_key, client_write_mac_key, TLS_HMAC_SHA1_KEY_SIZE);
  memcpy(&record->server_write_mac_key, server_write_mac_key, TLS_HMAC_SHA1_KEY_SIZE);
  memcpy(&record->client_write_cipher_key, client_write_cipher_key, AES_128_KEY_SIZE);
  memcpy(&record->server_write_cipher_key, server_write_cipher_key, AES_128_KEY_SIZE);

  //Intialize cipher

  record->sequence_number_tx = 0;
  record->sequence_number_rx = 0;

  crypto_aes_128_init(&record->cipher_tx, record->client_write_cipher_key, expand_encryption_key);
  crypto_aes_128_init(&record->cipher_rx, record->server_write_cipher_key, expand_decryption_key);

  record->security_tx_state = TLS_SECURITY_INTIALIZED;
  record->security_rx_state = TLS_SECURITY_INTIALIZED;

  return MUTLS_OK;
}

mutls_err_t tls_record_close(tls_record_t* record)
{
  if(record->socket_fd < 0) //Already closed
  {
    return MUTLS_OK;
  }

  //Don't really care about the return
  tls_alert_send(record, TLS_ALERT_WARNING, CLOSE_NOTIFY, &record->buffer);

  //Close socket
  socket_close(record->socket_fd);
  record->socket_fd = -1;

  return MUTLS_OK;
}

mutls_err_t tls_record_set_read_timeout(tls_record_t* record, int timeout)
{
  record->read_timeout = timeout;

  return MUTLS_OK;
}

mutls_err_t tls_record_set_write_timeout(tls_record_t* record, int timeout)
{
  record->write_timeout = timeout;

  return MUTLS_OK;
}

mutls_err_t record_wait_readable(tls_record_t* record)
{
  if(record->socket_fd < 0)
  {
    return MUTLS_ERR_SOCKET_CLOSED;
  }

  //Wait for record to be readable
  int ret = socket_wait_readable(record->socket_fd, record->read_timeout );
  if( ret < 0 )
  {
    //Timeout
    return MUTLS_ERR_TIMEOUT;
  }
  return MUTLS_OK;
}

mutls_err_t record_wait_writeable(tls_record_t* record)
{
  if(record->socket_fd < 0)
  {
    return MUTLS_ERR_SOCKET_CLOSED;
  }

  //Wait for record to be writeable
  int ret = socket_wait_writeable(record->socket_fd, record->write_timeout );
  if( ret < 0 )
  {
    //Timeout
    return MUTLS_ERR_TIMEOUT;
  }
  return MUTLS_OK;
}

mutls_err_t record_socket_read(tls_record_t* record, size_t size)
{
  mutls_err_t ret;
  if(record->socket_fd < 0)
  {
    return MUTLS_ERR_SOCKET_CLOSED;
  }

  DBG("Trying to read %d bytes", size);
  while(size > 0)
  {
    //Read Fragment length
    if( buffer_space(&record->buffer) < size )
    {
      ERR("Won't be able to read packet (%d bytes to read - %d bytes of space)", size, buffer_space(&record->buffer));
      return MUTLS_ERR_BUFFER_TOO_SMALL;
    }

    ret = record_wait_readable(record);
    if(ret)
    {
     ERR("Timeout");
     return ret;
    }

    int count = socket_recv(record->socket_fd, buffer_current_write_position(&record->buffer), size - buffer_length(&record->buffer));
    if( count > 0 )
    {
      buffer_n_skip(&record->buffer, count);
      size -= count;
    }
    else if( count == 0 )
    {
      WARN("Socket closed");
      return MUTLS_ERR_SOCKET_CLOSED;
    }
    else
    {
      ERR("Error (returned %d)", count);
      return MUTLS_ERR_SOCKET_ERROR;
    }
  }

  DBG_BLOCK(buffer_dump(&record->buffer);)

  return MUTLS_OK;
}

mutls_err_t record_socket_write(tls_record_t* record, buffer_t* data)
{
  mutls_err_t ret;
  if(record->socket_fd < 0)
  {
    return MUTLS_ERR_SOCKET_CLOSED;
  }

  DBG("Trying to write %d bytes", buffer_length(data));
  DBG_BLOCK(buffer_dump(data);)
  while(buffer_length(data) > 0)
  {
    ret = record_wait_writeable(record);
    if(ret)
    {
     ERR("Timeout");
     return ret;
    }

    int count = socket_send(record->socket_fd, buffer_current_read_position(data), buffer_length(data));
    if( count > 0 )
    {
      buffer_n_discard(data, count);
    }
    else if( count == 0 )
    {
      WARN("Socket closed");
      return MUTLS_ERR_SOCKET_CLOSED;
    }
    else
    {
      ERR("Error (returned %d)", count);
      return MUTLS_ERR_SOCKET_ERROR;
    }
  }
  DBG("Done");
  return MUTLS_OK;
}


mutls_err_t tls_mac_append( const uint8_t* key, tls_content_type_t content_type, tls_protocol_version_t version,
    uint64_t sequence_number, buffer_t* buffer )
{
  crypto_hmac_sha1_t mac;
  crypto_hmac_sha1_init(&mac, key, TLS_HMAC_SHA1_KEY_SIZE);

  if( buffer_space(buffer) < HMAC_SHA1_SIZE )
  {
    return MUTLS_ERR_BUFFER_TOO_SMALL;
  }

  uint8_t header_buf[13];
  buffer_t header;

  buffer_init(&header, header_buf, 13);

  buffer_nu64_write(&header, sequence_number);

  buffer_nu8_write(&header, content_type);

  buffer_nu8_write(&header, version.major);
  buffer_nu8_write(&header, version.minor);

  buffer_nu16_write(&header, buffer_length(buffer));

  crypto_hmac_sha1_update(&mac, header_buf, 13);
  crypto_hmac_sha1_update(&mac, buffer_current_read_position(buffer), buffer_length(buffer));
  crypto_hmac_sha1_end(&mac, buffer_current_write_position(buffer));
  buffer_n_skip(buffer, HMAC_SHA1_SIZE);

  return MUTLS_OK;
}

mutls_err_t tls_mac_check( const uint8_t* key, tls_content_type_t content_type, tls_protocol_version_t version,
    uint64_t sequence_number, buffer_t* buffer )
{
  crypto_hmac_sha1_t mac;
  crypto_hmac_sha1_init(&mac, key, TLS_HMAC_SHA1_KEY_SIZE);

  if( buffer_length(buffer) < HMAC_SHA1_SIZE )
  {
    return MUTLS_ERR_PROTOCOL_NON_CONFORMANT;
  }

  size_t data_offset = buffer_get_read_offset(buffer);
  size_t data_length = buffer_length(buffer) - HMAC_SHA1_SIZE;

  uint8_t check[HMAC_SHA1_SIZE];

  uint8_t header_buf[13];
  buffer_t header;

  buffer_init(&header, header_buf, 13);

  buffer_nu64_write(&header, sequence_number);

  buffer_nu8_write(&header, content_type);

  buffer_nu8_write(&header, version.major);
  buffer_nu8_write(&header, version.minor);

  buffer_nu16_write(&header, data_length);

  crypto_hmac_sha1_update(&mac, header_buf, 13);
  crypto_hmac_sha1_update(&mac, buffer_current_read_position(buffer), data_length);
  buffer_n_discard(buffer, data_length);
  crypto_hmac_sha1_end(&mac, check);

  if( memcmp(buffer_current_read_position(buffer), check, HMAC_SHA1_SIZE) != 0 )
  {
    ERR("MAC differs; computed MAC was:");

    buffer_t computed_mac;
    buffer_byref(&computed_mac, check, HMAC_SHA1_SIZE);
    DBG_BLOCK(buffer_dump(&computed_mac);)

    return MUTLS_ERR_WRONG_MAC;
  }

  //Reset buffer position and discard MAC
  buffer_set_read_offset(buffer, data_offset);
  buffer_set_length(buffer, data_length);

  return MUTLS_OK;
}