Sergey Pastor / 1

Webserver+3d print

Dependents:   Nucleo

cyclone_ssl/ssl_common.c@0:8918a71cdbe9, 2017-02-04 (annotated)

Committer:
Sergunb
Date:
Sat Feb 04 18:15:49 2017 +0000
Revision:
0:8918a71cdbe9
nothing else

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Sergunb 0:8918a71cdbe9 1 /**
Sergunb 0:8918a71cdbe9 2 * @file ssl_common.c
Sergunb 0:8918a71cdbe9 3 * @brief Functions common to SSL 3.0 client and server
Sergunb 0:8918a71cdbe9 4 *
Sergunb 0:8918a71cdbe9 5 * @section License
Sergunb 0:8918a71cdbe9 6 *
Sergunb 0:8918a71cdbe9 7 * Copyright (C) 2010-2017 Oryx Embedded SARL. All rights reserved.
Sergunb 0:8918a71cdbe9 8 *
Sergunb 0:8918a71cdbe9 9 * This file is part of CycloneSSL Open.
Sergunb 0:8918a71cdbe9 10 *
Sergunb 0:8918a71cdbe9 11 * This program is free software; you can redistribute it and/or
Sergunb 0:8918a71cdbe9 12 * modify it under the terms of the GNU General Public License
Sergunb 0:8918a71cdbe9 13 * as published by the Free Software Foundation; either version 2
Sergunb 0:8918a71cdbe9 14 * of the License, or (at your option) any later version.
Sergunb 0:8918a71cdbe9 15 *
Sergunb 0:8918a71cdbe9 16 * This program is distributed in the hope that it will be useful,
Sergunb 0:8918a71cdbe9 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
Sergunb 0:8918a71cdbe9 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Sergunb 0:8918a71cdbe9 19 * GNU General Public License for more details.
Sergunb 0:8918a71cdbe9 20 *
Sergunb 0:8918a71cdbe9 21 * You should have received a copy of the GNU General Public License
Sergunb 0:8918a71cdbe9 22 * along with this program; if not, write to the Free Software Foundation,
Sergunb 0:8918a71cdbe9 23 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Sergunb 0:8918a71cdbe9 24 *
Sergunb 0:8918a71cdbe9 25 * @author Oryx Embedded SARL (www.oryx-embedded.com)
Sergunb 0:8918a71cdbe9 26 * @version 1.7.6
Sergunb 0:8918a71cdbe9 27 **/
Sergunb 0:8918a71cdbe9 28
Sergunb 0:8918a71cdbe9 29 //Switch to the appropriate trace level
Sergunb 0:8918a71cdbe9 30 #define TRACE_LEVEL TLS_TRACE_LEVEL
Sergunb 0:8918a71cdbe9 31
Sergunb 0:8918a71cdbe9 32 //Dependencies
Sergunb 0:8918a71cdbe9 33 #include <string.h>
Sergunb 0:8918a71cdbe9 34 #include "crypto.h"
Sergunb 0:8918a71cdbe9 35 #include "tls.h"
Sergunb 0:8918a71cdbe9 36 #include "ssl_common.h"
Sergunb 0:8918a71cdbe9 37 #include "debug.h"
Sergunb 0:8918a71cdbe9 38
Sergunb 0:8918a71cdbe9 39 //Check SSL library configuration
Sergunb 0:8918a71cdbe9 40 #if (TLS_SUPPORT == ENABLED)
Sergunb 0:8918a71cdbe9 41
Sergunb 0:8918a71cdbe9 42 //pad1 pattern
Sergunb 0:8918a71cdbe9 43 const uint8_t sslPad1[48] =
Sergunb 0:8918a71cdbe9 44 {
Sergunb 0:8918a71cdbe9 45 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
Sergunb 0:8918a71cdbe9 46 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
Sergunb 0:8918a71cdbe9 47 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
Sergunb 0:8918a71cdbe9 48 };
Sergunb 0:8918a71cdbe9 49
Sergunb 0:8918a71cdbe9 50 //pad2 pattern
Sergunb 0:8918a71cdbe9 51 const uint8_t sslPad2[48] =
Sergunb 0:8918a71cdbe9 52 {
Sergunb 0:8918a71cdbe9 53 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
Sergunb 0:8918a71cdbe9 54 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
Sergunb 0:8918a71cdbe9 55 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C
Sergunb 0:8918a71cdbe9 56 };
Sergunb 0:8918a71cdbe9 57
Sergunb 0:8918a71cdbe9 58
Sergunb 0:8918a71cdbe9 59 /**
Sergunb 0:8918a71cdbe9 60 * @brief Key expansion function (SSL 3.0)
Sergunb 0:8918a71cdbe9 61 * @param[in] secret Pointer to the secret
Sergunb 0:8918a71cdbe9 62 * @param[in] secretLength Length of the secret
Sergunb 0:8918a71cdbe9 63 * @param[in] random Pointer to the random bytes
Sergunb 0:8918a71cdbe9 64 * @param[in] randomLength Length of the random bytes
Sergunb 0:8918a71cdbe9 65 * @param[out] output Pointer to the output
Sergunb 0:8918a71cdbe9 66 * @param[in] outputLength Desired output length
Sergunb 0:8918a71cdbe9 67 * @return Error code
Sergunb 0:8918a71cdbe9 68 **/
Sergunb 0:8918a71cdbe9 69
Sergunb 0:8918a71cdbe9 70 error_t sslExpandKey(const uint8_t *secret, size_t secretLength,
Sergunb 0:8918a71cdbe9 71 const uint8_t *random, size_t randomLength, uint8_t *output, size_t outputLength)
Sergunb 0:8918a71cdbe9 72 {
Sergunb 0:8918a71cdbe9 73 uint_t i;
Sergunb 0:8918a71cdbe9 74 size_t n;
Sergunb 0:8918a71cdbe9 75 char_t pad[16];
Sergunb 0:8918a71cdbe9 76 Md5Context *md5Context;
Sergunb 0:8918a71cdbe9 77 Sha1Context *sha1Context;
Sergunb 0:8918a71cdbe9 78
Sergunb 0:8918a71cdbe9 79 //Output length cannot exceed 256 bytes
Sergunb 0:8918a71cdbe9 80 if(outputLength > (sizeof(pad) * MD5_DIGEST_SIZE))
Sergunb 0:8918a71cdbe9 81 return ERROR_INVALID_LENGTH;
Sergunb 0:8918a71cdbe9 82
Sergunb 0:8918a71cdbe9 83 //Allocate a memory buffer to hold the MD5 context
Sergunb 0:8918a71cdbe9 84 md5Context = tlsAllocMem(sizeof(Md5Context));
Sergunb 0:8918a71cdbe9 85 //Allocate a memory buffer to hold the SHA-1 context
Sergunb 0:8918a71cdbe9 86 sha1Context = tlsAllocMem(sizeof(Sha1Context));
Sergunb 0:8918a71cdbe9 87
Sergunb 0:8918a71cdbe9 88 //Failed to allocate memory?
Sergunb 0:8918a71cdbe9 89 if(md5Context == NULL || sha1Context == NULL)
Sergunb 0:8918a71cdbe9 90 {
Sergunb 0:8918a71cdbe9 91 //Release previously allocated resources
Sergunb 0:8918a71cdbe9 92 tlsFreeMem(md5Context);
Sergunb 0:8918a71cdbe9 93 tlsFreeMem(sha1Context);
Sergunb 0:8918a71cdbe9 94
Sergunb 0:8918a71cdbe9 95 //Report an error
Sergunb 0:8918a71cdbe9 96 return ERROR_OUT_OF_MEMORY;
Sergunb 0:8918a71cdbe9 97 }
Sergunb 0:8918a71cdbe9 98
Sergunb 0:8918a71cdbe9 99 //Loop until enough output has been generated
Sergunb 0:8918a71cdbe9 100 for(i = 0; outputLength > 0; i++)
Sergunb 0:8918a71cdbe9 101 {
Sergunb 0:8918a71cdbe9 102 //Generate pad
Sergunb 0:8918a71cdbe9 103 memset(pad, 'A' + i, i + 1);
Sergunb 0:8918a71cdbe9 104
Sergunb 0:8918a71cdbe9 105 //Compute SHA(pad + secret + random)
Sergunb 0:8918a71cdbe9 106 sha1Init(sha1Context);
Sergunb 0:8918a71cdbe9 107 sha1Update(sha1Context, pad, i + 1);
Sergunb 0:8918a71cdbe9 108 sha1Update(sha1Context, secret, secretLength);
Sergunb 0:8918a71cdbe9 109 sha1Update(sha1Context, random, randomLength);
Sergunb 0:8918a71cdbe9 110 sha1Final(sha1Context, NULL);
Sergunb 0:8918a71cdbe9 111
Sergunb 0:8918a71cdbe9 112 //Then compute MD5(secret + SHA(pad + secret + random))
Sergunb 0:8918a71cdbe9 113 md5Init(md5Context);
Sergunb 0:8918a71cdbe9 114 md5Update(md5Context, secret, secretLength);
Sergunb 0:8918a71cdbe9 115 md5Update(md5Context, sha1Context->digest, SHA1_DIGEST_SIZE);
Sergunb 0:8918a71cdbe9 116 md5Final(md5Context, NULL);
Sergunb 0:8918a71cdbe9 117
Sergunb 0:8918a71cdbe9 118 //Calculate the number of bytes to copy
Sergunb 0:8918a71cdbe9 119 n = MIN(outputLength, MD5_DIGEST_SIZE);
Sergunb 0:8918a71cdbe9 120 //Copy the resulting hash value
Sergunb 0:8918a71cdbe9 121 memcpy(output, md5Context->digest, n);
Sergunb 0:8918a71cdbe9 122
Sergunb 0:8918a71cdbe9 123 //Advance data pointer
Sergunb 0:8918a71cdbe9 124 output += n;
Sergunb 0:8918a71cdbe9 125 //Decrement byte counter
Sergunb 0:8918a71cdbe9 126 outputLength -= n;
Sergunb 0:8918a71cdbe9 127 }
Sergunb 0:8918a71cdbe9 128
Sergunb 0:8918a71cdbe9 129 //Release previously allocated resources
Sergunb 0:8918a71cdbe9 130 tlsFreeMem(md5Context);
Sergunb 0:8918a71cdbe9 131 tlsFreeMem(sha1Context);
Sergunb 0:8918a71cdbe9 132
Sergunb 0:8918a71cdbe9 133 //Successful processing
Sergunb 0:8918a71cdbe9 134 return NO_ERROR;
Sergunb 0:8918a71cdbe9 135 }
Sergunb 0:8918a71cdbe9 136
Sergunb 0:8918a71cdbe9 137
Sergunb 0:8918a71cdbe9 138 /**
Sergunb 0:8918a71cdbe9 139 * @brief Compute message authentication code (SSL 3.0)
Sergunb 0:8918a71cdbe9 140 * @param[in] context Pointer to the TLS context
Sergunb 0:8918a71cdbe9 141 * @param[in] secret MAC secret
Sergunb 0:8918a71cdbe9 142 * @param[in] seqNum 64-bit sequence number
Sergunb 0:8918a71cdbe9 143 * @param[in] record Pointer to the TLS record
Sergunb 0:8918a71cdbe9 144 * @param[in] data Pointer to the record data
Sergunb 0:8918a71cdbe9 145 * @param[in] length Length of the data
Sergunb 0:8918a71cdbe9 146 * @param[out] mac The computed MAC value
Sergunb 0:8918a71cdbe9 147 * @return Error code
Sergunb 0:8918a71cdbe9 148 **/
Sergunb 0:8918a71cdbe9 149
Sergunb 0:8918a71cdbe9 150 error_t sslComputeMac(TlsContext *context, const void *secret, TlsSequenceNumber seqNum,
Sergunb 0:8918a71cdbe9 151 const TlsRecord *record, const uint8_t *data, size_t length, uint8_t *mac)
Sergunb 0:8918a71cdbe9 152 {
Sergunb 0:8918a71cdbe9 153 size_t padLength;
Sergunb 0:8918a71cdbe9 154 HashContext *hashContext;
Sergunb 0:8918a71cdbe9 155 const HashAlgo *hash;
Sergunb 0:8918a71cdbe9 156
Sergunb 0:8918a71cdbe9 157 //Hash function that will be used to compute MAC
Sergunb 0:8918a71cdbe9 158 hash = context->hashAlgo;
Sergunb 0:8918a71cdbe9 159 //Point to the hash context
Sergunb 0:8918a71cdbe9 160 hashContext = (HashContext *) context->hmacContext.hashContext;
Sergunb 0:8918a71cdbe9 161
Sergunb 0:8918a71cdbe9 162 //The length of pad1 and pad2 depends on hash algorithm
Sergunb 0:8918a71cdbe9 163 if(hash == MD5_HASH_ALGO)
Sergunb 0:8918a71cdbe9 164 {
Sergunb 0:8918a71cdbe9 165 //48-byte long patterns are used with MD5
Sergunb 0:8918a71cdbe9 166 padLength = 48;
Sergunb 0:8918a71cdbe9 167 }
Sergunb 0:8918a71cdbe9 168 else if(hash == SHA1_HASH_ALGO)
Sergunb 0:8918a71cdbe9 169 {
Sergunb 0:8918a71cdbe9 170 //40-byte long patterns are used with SHA-1
Sergunb 0:8918a71cdbe9 171 padLength = 40;
Sergunb 0:8918a71cdbe9 172 }
Sergunb 0:8918a71cdbe9 173 else
Sergunb 0:8918a71cdbe9 174 {
Sergunb 0:8918a71cdbe9 175 //SSL 3.0 supports only MD5 and SHA-1 hash functions
Sergunb 0:8918a71cdbe9 176 return ERROR_INVALID_PARAMETER;
Sergunb 0:8918a71cdbe9 177 }
Sergunb 0:8918a71cdbe9 178
Sergunb 0:8918a71cdbe9 179 //Compute hash(secret + pad1 + seqNum + type + length + data)
Sergunb 0:8918a71cdbe9 180 hash->init(hashContext);
Sergunb 0:8918a71cdbe9 181 hash->update(hashContext, secret, context->macKeyLen);
Sergunb 0:8918a71cdbe9 182 hash->update(hashContext, sslPad1, padLength);
Sergunb 0:8918a71cdbe9 183 hash->update(hashContext, seqNum, sizeof(TlsSequenceNumber));
Sergunb 0:8918a71cdbe9 184 hash->update(hashContext, &record->type, sizeof(record->type));
Sergunb 0:8918a71cdbe9 185 hash->update(hashContext, (void *) &record->length, sizeof(record->length));
Sergunb 0:8918a71cdbe9 186 hash->update(hashContext, data, length);
Sergunb 0:8918a71cdbe9 187 hash->final(hashContext, mac);
Sergunb 0:8918a71cdbe9 188
Sergunb 0:8918a71cdbe9 189 //Then compute hash(secret + pad2 + hash(secret + pad1 + seqNum + type + length + data))
Sergunb 0:8918a71cdbe9 190 hash->init(hashContext);
Sergunb 0:8918a71cdbe9 191 hash->update(hashContext, secret, context->macKeyLen);
Sergunb 0:8918a71cdbe9 192 hash->update(hashContext, sslPad2, padLength);
Sergunb 0:8918a71cdbe9 193 hash->update(hashContext, mac, hash->digestSize);
Sergunb 0:8918a71cdbe9 194 hash->final(hashContext, mac);
Sergunb 0:8918a71cdbe9 195
Sergunb 0:8918a71cdbe9 196 //Successful processing
Sergunb 0:8918a71cdbe9 197 return NO_ERROR;
Sergunb 0:8918a71cdbe9 198 }
Sergunb 0:8918a71cdbe9 199
Sergunb 0:8918a71cdbe9 200 #endif
Sergunb 0:8918a71cdbe9 201