Modified mbed TLS headers for AES functionality only to reduce build size

Dependents:   BLE_Gateway_Linker_fix BLE_Gateway

Fork of mbedtls by sandbox

Committer:
electronichamsters
Date:
Mon Jul 10 04:00:25 2017 +0000
Revision:
5:f09f5ed830ca
Parent:
1:24750b9ad5ef
working gateway

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Christopher Haster 1:24750b9ad5ef 1 /*
Christopher Haster 1:24750b9ad5ef 2 * TLS server tickets callbacks implementation
Christopher Haster 1:24750b9ad5ef 3 *
Christopher Haster 1:24750b9ad5ef 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Christopher Haster 1:24750b9ad5ef 5 * SPDX-License-Identifier: Apache-2.0
Christopher Haster 1:24750b9ad5ef 6 *
Christopher Haster 1:24750b9ad5ef 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
Christopher Haster 1:24750b9ad5ef 8 * not use this file except in compliance with the License.
Christopher Haster 1:24750b9ad5ef 9 * You may obtain a copy of the License at
Christopher Haster 1:24750b9ad5ef 10 *
Christopher Haster 1:24750b9ad5ef 11 * http://www.apache.org/licenses/LICENSE-2.0
Christopher Haster 1:24750b9ad5ef 12 *
Christopher Haster 1:24750b9ad5ef 13 * Unless required by applicable law or agreed to in writing, software
Christopher Haster 1:24750b9ad5ef 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
Christopher Haster 1:24750b9ad5ef 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Christopher Haster 1:24750b9ad5ef 16 * See the License for the specific language governing permissions and
Christopher Haster 1:24750b9ad5ef 17 * limitations under the License.
Christopher Haster 1:24750b9ad5ef 18 *
Christopher Haster 1:24750b9ad5ef 19 * This file is part of mbed TLS (https://tls.mbed.org)
Christopher Haster 1:24750b9ad5ef 20 */
Christopher Haster 1:24750b9ad5ef 21
Christopher Haster 1:24750b9ad5ef 22 #if !defined(MBEDTLS_CONFIG_FILE)
Christopher Haster 1:24750b9ad5ef 23 #include "mbedtls/config.h"
Christopher Haster 1:24750b9ad5ef 24 #else
Christopher Haster 1:24750b9ad5ef 25 #include MBEDTLS_CONFIG_FILE
Christopher Haster 1:24750b9ad5ef 26 #endif
Christopher Haster 1:24750b9ad5ef 27
Christopher Haster 1:24750b9ad5ef 28 #if defined(MBEDTLS_SSL_TICKET_C)
Christopher Haster 1:24750b9ad5ef 29
Christopher Haster 1:24750b9ad5ef 30 #include "mbedtls/ssl_ticket.h"
Christopher Haster 1:24750b9ad5ef 31
Christopher Haster 1:24750b9ad5ef 32 #if defined(MBEDTLS_PLATFORM_C)
Christopher Haster 1:24750b9ad5ef 33 #include "mbedtls/platform.h"
Christopher Haster 1:24750b9ad5ef 34 #else
Christopher Haster 1:24750b9ad5ef 35 #include <stdlib.h>
Christopher Haster 1:24750b9ad5ef 36 #define mbedtls_calloc calloc
Christopher Haster 1:24750b9ad5ef 37 #define mbedtls_free free
Christopher Haster 1:24750b9ad5ef 38 #endif
Christopher Haster 1:24750b9ad5ef 39
Christopher Haster 1:24750b9ad5ef 40 #include <string.h>
Christopher Haster 1:24750b9ad5ef 41
Christopher Haster 1:24750b9ad5ef 42 /* Implementation that should never be optimized out by the compiler */
Christopher Haster 1:24750b9ad5ef 43 static void mbedtls_zeroize( void *v, size_t n ) {
Christopher Haster 1:24750b9ad5ef 44 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
Christopher Haster 1:24750b9ad5ef 45 }
Christopher Haster 1:24750b9ad5ef 46
Christopher Haster 1:24750b9ad5ef 47 /*
Christopher Haster 1:24750b9ad5ef 48 * Initialze context
Christopher Haster 1:24750b9ad5ef 49 */
Christopher Haster 1:24750b9ad5ef 50 void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
Christopher Haster 1:24750b9ad5ef 51 {
Christopher Haster 1:24750b9ad5ef 52 memset( ctx, 0, sizeof( mbedtls_ssl_ticket_context ) );
Christopher Haster 1:24750b9ad5ef 53
Christopher Haster 1:24750b9ad5ef 54 #if defined(MBEDTLS_THREADING_C)
Christopher Haster 1:24750b9ad5ef 55 mbedtls_mutex_init( &ctx->mutex );
Christopher Haster 1:24750b9ad5ef 56 #endif
Christopher Haster 1:24750b9ad5ef 57 }
Christopher Haster 1:24750b9ad5ef 58
Christopher Haster 1:24750b9ad5ef 59 #define MAX_KEY_BYTES 32 /* 256 bits */
Christopher Haster 1:24750b9ad5ef 60
Christopher Haster 1:24750b9ad5ef 61 /*
Christopher Haster 1:24750b9ad5ef 62 * Generate/update a key
Christopher Haster 1:24750b9ad5ef 63 */
Christopher Haster 1:24750b9ad5ef 64 static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
Christopher Haster 1:24750b9ad5ef 65 unsigned char index )
Christopher Haster 1:24750b9ad5ef 66 {
Christopher Haster 1:24750b9ad5ef 67 int ret;
Christopher Haster 1:24750b9ad5ef 68 unsigned char buf[MAX_KEY_BYTES];
Christopher Haster 1:24750b9ad5ef 69 mbedtls_ssl_ticket_key *key = ctx->keys + index;
Christopher Haster 1:24750b9ad5ef 70
Christopher Haster 1:24750b9ad5ef 71 #if defined(MBEDTLS_HAVE_TIME)
Christopher Haster 1:24750b9ad5ef 72 key->generation_time = (uint32_t) time( NULL );
Christopher Haster 1:24750b9ad5ef 73 #endif
Christopher Haster 1:24750b9ad5ef 74
Christopher Haster 1:24750b9ad5ef 75 if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 76 return( ret );
Christopher Haster 1:24750b9ad5ef 77
Christopher Haster 1:24750b9ad5ef 78 if( ( ret = ctx->f_rng( ctx->p_rng, buf, sizeof( buf ) ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 79 return( ret );
Christopher Haster 1:24750b9ad5ef 80
Christopher Haster 1:24750b9ad5ef 81 /* With GCM and CCM, same context can encrypt & decrypt */
Christopher Haster 1:24750b9ad5ef 82 ret = mbedtls_cipher_setkey( &key->ctx, buf,
Christopher Haster 1:24750b9ad5ef 83 mbedtls_cipher_get_key_bitlen( &key->ctx ),
Christopher Haster 1:24750b9ad5ef 84 MBEDTLS_ENCRYPT );
Christopher Haster 1:24750b9ad5ef 85
Christopher Haster 1:24750b9ad5ef 86 mbedtls_zeroize( buf, sizeof( buf ) );
Christopher Haster 1:24750b9ad5ef 87
Christopher Haster 1:24750b9ad5ef 88 return( ret );
Christopher Haster 1:24750b9ad5ef 89 }
Christopher Haster 1:24750b9ad5ef 90
Christopher Haster 1:24750b9ad5ef 91 /*
Christopher Haster 1:24750b9ad5ef 92 * Rotate/generate keys if necessary
Christopher Haster 1:24750b9ad5ef 93 */
Christopher Haster 1:24750b9ad5ef 94 static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
Christopher Haster 1:24750b9ad5ef 95 {
Christopher Haster 1:24750b9ad5ef 96 #if !defined(MBEDTLS_HAVE_TIME)
Christopher Haster 1:24750b9ad5ef 97 ((void) ctx);
Christopher Haster 1:24750b9ad5ef 98 #else
Christopher Haster 1:24750b9ad5ef 99 if( ctx->ticket_lifetime != 0 )
Christopher Haster 1:24750b9ad5ef 100 {
Christopher Haster 1:24750b9ad5ef 101 uint32_t current_time = (uint32_t) time( NULL );
Christopher Haster 1:24750b9ad5ef 102 uint32_t key_time = ctx->keys[ctx->active].generation_time;
Christopher Haster 1:24750b9ad5ef 103
Christopher Haster 1:24750b9ad5ef 104 if( current_time > key_time &&
Christopher Haster 1:24750b9ad5ef 105 current_time - key_time < ctx->ticket_lifetime )
Christopher Haster 1:24750b9ad5ef 106 {
Christopher Haster 1:24750b9ad5ef 107 return( 0 );
Christopher Haster 1:24750b9ad5ef 108 }
Christopher Haster 1:24750b9ad5ef 109
Christopher Haster 1:24750b9ad5ef 110 ctx->active = 1 - ctx->active;
Christopher Haster 1:24750b9ad5ef 111
Christopher Haster 1:24750b9ad5ef 112 return( ssl_ticket_gen_key( ctx, ctx->active ) );
Christopher Haster 1:24750b9ad5ef 113 }
Christopher Haster 1:24750b9ad5ef 114 else
Christopher Haster 1:24750b9ad5ef 115 #endif /* MBEDTLS_HAVE_TIME */
Christopher Haster 1:24750b9ad5ef 116 return( 0 );
Christopher Haster 1:24750b9ad5ef 117 }
Christopher Haster 1:24750b9ad5ef 118
Christopher Haster 1:24750b9ad5ef 119 /*
Christopher Haster 1:24750b9ad5ef 120 * Setup context for actual use
Christopher Haster 1:24750b9ad5ef 121 */
Christopher Haster 1:24750b9ad5ef 122 int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
Christopher Haster 1:24750b9ad5ef 123 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
Christopher Haster 1:24750b9ad5ef 124 mbedtls_cipher_type_t cipher,
Christopher Haster 1:24750b9ad5ef 125 uint32_t lifetime )
Christopher Haster 1:24750b9ad5ef 126 {
Christopher Haster 1:24750b9ad5ef 127 int ret;
Christopher Haster 1:24750b9ad5ef 128 const mbedtls_cipher_info_t *cipher_info;
Christopher Haster 1:24750b9ad5ef 129
Christopher Haster 1:24750b9ad5ef 130 ctx->f_rng = f_rng;
Christopher Haster 1:24750b9ad5ef 131 ctx->p_rng = p_rng;
Christopher Haster 1:24750b9ad5ef 132
Christopher Haster 1:24750b9ad5ef 133 ctx->ticket_lifetime = lifetime;
Christopher Haster 1:24750b9ad5ef 134
Christopher Haster 1:24750b9ad5ef 135 cipher_info = mbedtls_cipher_info_from_type( cipher);
Christopher Haster 1:24750b9ad5ef 136 if( cipher_info == NULL )
Christopher Haster 1:24750b9ad5ef 137 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 138
Christopher Haster 1:24750b9ad5ef 139 if( cipher_info->mode != MBEDTLS_MODE_GCM &&
Christopher Haster 1:24750b9ad5ef 140 cipher_info->mode != MBEDTLS_MODE_CCM )
Christopher Haster 1:24750b9ad5ef 141 {
Christopher Haster 1:24750b9ad5ef 142 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 143 }
Christopher Haster 1:24750b9ad5ef 144
Christopher Haster 1:24750b9ad5ef 145 if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES )
Christopher Haster 1:24750b9ad5ef 146 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 147
Christopher Haster 1:24750b9ad5ef 148 if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 ||
Christopher Haster 1:24750b9ad5ef 149 ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 150 {
Christopher Haster 1:24750b9ad5ef 151 return( ret );
Christopher Haster 1:24750b9ad5ef 152 }
Christopher Haster 1:24750b9ad5ef 153
Christopher Haster 1:24750b9ad5ef 154 if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 ||
Christopher Haster 1:24750b9ad5ef 155 ( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 156 {
Christopher Haster 1:24750b9ad5ef 157 return( ret );
Christopher Haster 1:24750b9ad5ef 158 }
Christopher Haster 1:24750b9ad5ef 159
Christopher Haster 1:24750b9ad5ef 160 return( 0 );
Christopher Haster 1:24750b9ad5ef 161 }
Christopher Haster 1:24750b9ad5ef 162
Christopher Haster 1:24750b9ad5ef 163 /*
Christopher Haster 1:24750b9ad5ef 164 * Serialize a session in the following format:
Christopher Haster 1:24750b9ad5ef 165 * 0 . n-1 session structure, n = sizeof(mbedtls_ssl_session)
Christopher Haster 1:24750b9ad5ef 166 * n . n+2 peer_cert length = m (0 if no certificate)
Christopher Haster 1:24750b9ad5ef 167 * n+3 . n+2+m peer cert ASN.1
Christopher Haster 1:24750b9ad5ef 168 */
Christopher Haster 1:24750b9ad5ef 169 static int ssl_save_session( const mbedtls_ssl_session *session,
Christopher Haster 1:24750b9ad5ef 170 unsigned char *buf, size_t buf_len,
Christopher Haster 1:24750b9ad5ef 171 size_t *olen )
Christopher Haster 1:24750b9ad5ef 172 {
Christopher Haster 1:24750b9ad5ef 173 unsigned char *p = buf;
Christopher Haster 1:24750b9ad5ef 174 size_t left = buf_len;
Christopher Haster 1:24750b9ad5ef 175 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 176 size_t cert_len;
Christopher Haster 1:24750b9ad5ef 177 #endif /* MBEDTLS_X509_CRT_PARSE_C */
Christopher Haster 1:24750b9ad5ef 178
Christopher Haster 1:24750b9ad5ef 179 if( left < sizeof( mbedtls_ssl_session ) )
Christopher Haster 1:24750b9ad5ef 180 return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
Christopher Haster 1:24750b9ad5ef 181
Christopher Haster 1:24750b9ad5ef 182 memcpy( p, session, sizeof( mbedtls_ssl_session ) );
Christopher Haster 1:24750b9ad5ef 183 p += sizeof( mbedtls_ssl_session );
Christopher Haster 1:24750b9ad5ef 184 left -= sizeof( mbedtls_ssl_session );
Christopher Haster 1:24750b9ad5ef 185
Christopher Haster 1:24750b9ad5ef 186 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 187 if( session->peer_cert == NULL )
Christopher Haster 1:24750b9ad5ef 188 cert_len = 0;
Christopher Haster 1:24750b9ad5ef 189 else
Christopher Haster 1:24750b9ad5ef 190 cert_len = session->peer_cert->raw.len;
Christopher Haster 1:24750b9ad5ef 191
Christopher Haster 1:24750b9ad5ef 192 if( left < 3 + cert_len )
Christopher Haster 1:24750b9ad5ef 193 return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
Christopher Haster 1:24750b9ad5ef 194
Christopher Haster 1:24750b9ad5ef 195 *p++ = (unsigned char)( cert_len >> 16 & 0xFF );
Christopher Haster 1:24750b9ad5ef 196 *p++ = (unsigned char)( cert_len >> 8 & 0xFF );
Christopher Haster 1:24750b9ad5ef 197 *p++ = (unsigned char)( cert_len & 0xFF );
Christopher Haster 1:24750b9ad5ef 198
Christopher Haster 1:24750b9ad5ef 199 if( session->peer_cert != NULL )
Christopher Haster 1:24750b9ad5ef 200 memcpy( p, session->peer_cert->raw.p, cert_len );
Christopher Haster 1:24750b9ad5ef 201
Christopher Haster 1:24750b9ad5ef 202 p += cert_len;
Christopher Haster 1:24750b9ad5ef 203 #endif /* MBEDTLS_X509_CRT_PARSE_C */
Christopher Haster 1:24750b9ad5ef 204
Christopher Haster 1:24750b9ad5ef 205 *olen = p - buf;
Christopher Haster 1:24750b9ad5ef 206
Christopher Haster 1:24750b9ad5ef 207 return( 0 );
Christopher Haster 1:24750b9ad5ef 208 }
Christopher Haster 1:24750b9ad5ef 209
Christopher Haster 1:24750b9ad5ef 210 /*
Christopher Haster 1:24750b9ad5ef 211 * Unserialise session, see ssl_save_session()
Christopher Haster 1:24750b9ad5ef 212 */
Christopher Haster 1:24750b9ad5ef 213 static int ssl_load_session( mbedtls_ssl_session *session,
Christopher Haster 1:24750b9ad5ef 214 const unsigned char *buf, size_t len )
Christopher Haster 1:24750b9ad5ef 215 {
Christopher Haster 1:24750b9ad5ef 216 const unsigned char *p = buf;
Christopher Haster 1:24750b9ad5ef 217 const unsigned char * const end = buf + len;
Christopher Haster 1:24750b9ad5ef 218 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 219 size_t cert_len;
Christopher Haster 1:24750b9ad5ef 220 #endif /* MBEDTLS_X509_CRT_PARSE_C */
Christopher Haster 1:24750b9ad5ef 221
Christopher Haster 1:24750b9ad5ef 222 if( p + sizeof( mbedtls_ssl_session ) > end )
Christopher Haster 1:24750b9ad5ef 223 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 224
Christopher Haster 1:24750b9ad5ef 225 memcpy( session, p, sizeof( mbedtls_ssl_session ) );
Christopher Haster 1:24750b9ad5ef 226 p += sizeof( mbedtls_ssl_session );
Christopher Haster 1:24750b9ad5ef 227
Christopher Haster 1:24750b9ad5ef 228 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 229 if( p + 3 > end )
Christopher Haster 1:24750b9ad5ef 230 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 231
Christopher Haster 1:24750b9ad5ef 232 cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
Christopher Haster 1:24750b9ad5ef 233 p += 3;
Christopher Haster 1:24750b9ad5ef 234
Christopher Haster 1:24750b9ad5ef 235 if( cert_len == 0 )
Christopher Haster 1:24750b9ad5ef 236 {
Christopher Haster 1:24750b9ad5ef 237 session->peer_cert = NULL;
Christopher Haster 1:24750b9ad5ef 238 }
Christopher Haster 1:24750b9ad5ef 239 else
Christopher Haster 1:24750b9ad5ef 240 {
Christopher Haster 1:24750b9ad5ef 241 int ret;
Christopher Haster 1:24750b9ad5ef 242
Christopher Haster 1:24750b9ad5ef 243 if( p + cert_len > end )
Christopher Haster 1:24750b9ad5ef 244 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 245
Christopher Haster 1:24750b9ad5ef 246 session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
Christopher Haster 1:24750b9ad5ef 247
Christopher Haster 1:24750b9ad5ef 248 if( session->peer_cert == NULL )
Christopher Haster 1:24750b9ad5ef 249 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 250
Christopher Haster 1:24750b9ad5ef 251 mbedtls_x509_crt_init( session->peer_cert );
Christopher Haster 1:24750b9ad5ef 252
Christopher Haster 1:24750b9ad5ef 253 if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
Christopher Haster 1:24750b9ad5ef 254 p, cert_len ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 255 {
Christopher Haster 1:24750b9ad5ef 256 mbedtls_x509_crt_free( session->peer_cert );
Christopher Haster 1:24750b9ad5ef 257 mbedtls_free( session->peer_cert );
Christopher Haster 1:24750b9ad5ef 258 session->peer_cert = NULL;
Christopher Haster 1:24750b9ad5ef 259 return( ret );
Christopher Haster 1:24750b9ad5ef 260 }
Christopher Haster 1:24750b9ad5ef 261
Christopher Haster 1:24750b9ad5ef 262 p += cert_len;
Christopher Haster 1:24750b9ad5ef 263 }
Christopher Haster 1:24750b9ad5ef 264 #endif /* MBEDTLS_X509_CRT_PARSE_C */
Christopher Haster 1:24750b9ad5ef 265
Christopher Haster 1:24750b9ad5ef 266 if( p != end )
Christopher Haster 1:24750b9ad5ef 267 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 268
Christopher Haster 1:24750b9ad5ef 269 return( 0 );
Christopher Haster 1:24750b9ad5ef 270 }
Christopher Haster 1:24750b9ad5ef 271
Christopher Haster 1:24750b9ad5ef 272 /*
Christopher Haster 1:24750b9ad5ef 273 * Create session ticket, with the following structure:
Christopher Haster 1:24750b9ad5ef 274 *
Christopher Haster 1:24750b9ad5ef 275 * struct {
Christopher Haster 1:24750b9ad5ef 276 * opaque key_name[4];
Christopher Haster 1:24750b9ad5ef 277 * opaque iv[12];
Christopher Haster 1:24750b9ad5ef 278 * opaque encrypted_state<0..2^16-1>;
Christopher Haster 1:24750b9ad5ef 279 * opaque tag[16];
Christopher Haster 1:24750b9ad5ef 280 * } ticket;
Christopher Haster 1:24750b9ad5ef 281 *
Christopher Haster 1:24750b9ad5ef 282 * The key_name, iv, and length of encrypted_state are the additional
Christopher Haster 1:24750b9ad5ef 283 * authenticated data.
Christopher Haster 1:24750b9ad5ef 284 */
Christopher Haster 1:24750b9ad5ef 285 int mbedtls_ssl_ticket_write( void *p_ticket,
Christopher Haster 1:24750b9ad5ef 286 const mbedtls_ssl_session *session,
Christopher Haster 1:24750b9ad5ef 287 unsigned char *start,
Christopher Haster 1:24750b9ad5ef 288 const unsigned char *end,
Christopher Haster 1:24750b9ad5ef 289 size_t *tlen,
Christopher Haster 1:24750b9ad5ef 290 uint32_t *ticket_lifetime )
Christopher Haster 1:24750b9ad5ef 291 {
Christopher Haster 1:24750b9ad5ef 292 int ret;
Christopher Haster 1:24750b9ad5ef 293 mbedtls_ssl_ticket_context *ctx = p_ticket;
Christopher Haster 1:24750b9ad5ef 294 mbedtls_ssl_ticket_key *key;
Christopher Haster 1:24750b9ad5ef 295 unsigned char *key_name = start;
Christopher Haster 1:24750b9ad5ef 296 unsigned char *iv = start + 4;
Christopher Haster 1:24750b9ad5ef 297 unsigned char *state_len_bytes = iv + 12;
Christopher Haster 1:24750b9ad5ef 298 unsigned char *state = state_len_bytes + 2;
Christopher Haster 1:24750b9ad5ef 299 unsigned char *tag;
Christopher Haster 1:24750b9ad5ef 300 size_t clear_len, ciph_len;
Christopher Haster 1:24750b9ad5ef 301
Christopher Haster 1:24750b9ad5ef 302 *tlen = 0;
Christopher Haster 1:24750b9ad5ef 303
Christopher Haster 1:24750b9ad5ef 304 if( ctx == NULL || ctx->f_rng == NULL )
Christopher Haster 1:24750b9ad5ef 305 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 306
Christopher Haster 1:24750b9ad5ef 307 /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag,
Christopher Haster 1:24750b9ad5ef 308 * in addition to session itself, that will be checked when writing it. */
Christopher Haster 1:24750b9ad5ef 309 if( end - start < 4 + 12 + 2 + 16 )
Christopher Haster 1:24750b9ad5ef 310 return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
Christopher Haster 1:24750b9ad5ef 311
Christopher Haster 1:24750b9ad5ef 312 #if defined(MBEDTLS_THREADING_C)
Christopher Haster 1:24750b9ad5ef 313 if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 314 return( ret );
Christopher Haster 1:24750b9ad5ef 315 #endif
Christopher Haster 1:24750b9ad5ef 316
Christopher Haster 1:24750b9ad5ef 317 if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 318 goto cleanup;
Christopher Haster 1:24750b9ad5ef 319
Christopher Haster 1:24750b9ad5ef 320 key = &ctx->keys[ctx->active];
Christopher Haster 1:24750b9ad5ef 321
Christopher Haster 1:24750b9ad5ef 322 *ticket_lifetime = ctx->ticket_lifetime;
Christopher Haster 1:24750b9ad5ef 323
Christopher Haster 1:24750b9ad5ef 324 memcpy( key_name, key->name, 4 );
Christopher Haster 1:24750b9ad5ef 325
Christopher Haster 1:24750b9ad5ef 326 if( ( ret = ctx->f_rng( ctx->p_rng, iv, 12 ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 327 goto cleanup;
Christopher Haster 1:24750b9ad5ef 328
Christopher Haster 1:24750b9ad5ef 329 /* Dump session state */
Christopher Haster 1:24750b9ad5ef 330 if( ( ret = ssl_save_session( session,
Christopher Haster 1:24750b9ad5ef 331 state, end - state, &clear_len ) ) != 0 ||
Christopher Haster 1:24750b9ad5ef 332 (unsigned long) clear_len > 65535 )
Christopher Haster 1:24750b9ad5ef 333 {
Christopher Haster 1:24750b9ad5ef 334 goto cleanup;
Christopher Haster 1:24750b9ad5ef 335 }
Christopher Haster 1:24750b9ad5ef 336 state_len_bytes[0] = ( clear_len >> 8 ) & 0xff;
Christopher Haster 1:24750b9ad5ef 337 state_len_bytes[1] = ( clear_len ) & 0xff;
Christopher Haster 1:24750b9ad5ef 338
Christopher Haster 1:24750b9ad5ef 339 /* Encrypt and authenticate */
Christopher Haster 1:24750b9ad5ef 340 tag = state + clear_len;
Christopher Haster 1:24750b9ad5ef 341 if( ( ret = mbedtls_cipher_auth_encrypt( &key->ctx,
Christopher Haster 1:24750b9ad5ef 342 iv, 12, key_name, 4 + 12 + 2,
Christopher Haster 1:24750b9ad5ef 343 state, clear_len, state, &ciph_len, tag, 16 ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 344 {
Christopher Haster 1:24750b9ad5ef 345 goto cleanup;
Christopher Haster 1:24750b9ad5ef 346 }
Christopher Haster 1:24750b9ad5ef 347 if( ciph_len != clear_len )
Christopher Haster 1:24750b9ad5ef 348 {
Christopher Haster 1:24750b9ad5ef 349 ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
Christopher Haster 1:24750b9ad5ef 350 goto cleanup;
Christopher Haster 1:24750b9ad5ef 351 }
Christopher Haster 1:24750b9ad5ef 352
Christopher Haster 1:24750b9ad5ef 353 *tlen = 4 + 12 + 2 + 16 + ciph_len;
Christopher Haster 1:24750b9ad5ef 354
Christopher Haster 1:24750b9ad5ef 355 cleanup:
Christopher Haster 1:24750b9ad5ef 356 #if defined(MBEDTLS_THREADING_C)
Christopher Haster 1:24750b9ad5ef 357 if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
Christopher Haster 1:24750b9ad5ef 358 return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
Christopher Haster 1:24750b9ad5ef 359 #endif
Christopher Haster 1:24750b9ad5ef 360
Christopher Haster 1:24750b9ad5ef 361 return( ret );
Christopher Haster 1:24750b9ad5ef 362 }
Christopher Haster 1:24750b9ad5ef 363
Christopher Haster 1:24750b9ad5ef 364 /*
Christopher Haster 1:24750b9ad5ef 365 * Select key based on name
Christopher Haster 1:24750b9ad5ef 366 */
Christopher Haster 1:24750b9ad5ef 367 static mbedtls_ssl_ticket_key *ssl_ticket_select_key(
Christopher Haster 1:24750b9ad5ef 368 mbedtls_ssl_ticket_context *ctx,
Christopher Haster 1:24750b9ad5ef 369 const unsigned char name[4] )
Christopher Haster 1:24750b9ad5ef 370 {
Christopher Haster 1:24750b9ad5ef 371 unsigned char i;
Christopher Haster 1:24750b9ad5ef 372
Christopher Haster 1:24750b9ad5ef 373 for( i = 0; i < sizeof( ctx->keys ) / sizeof( *ctx->keys ); i++ )
Christopher Haster 1:24750b9ad5ef 374 if( memcmp( name, ctx->keys[i].name, 4 ) == 0 )
Christopher Haster 1:24750b9ad5ef 375 return( &ctx->keys[i] );
Christopher Haster 1:24750b9ad5ef 376
Christopher Haster 1:24750b9ad5ef 377 return( NULL );
Christopher Haster 1:24750b9ad5ef 378 }
Christopher Haster 1:24750b9ad5ef 379
Christopher Haster 1:24750b9ad5ef 380 /*
Christopher Haster 1:24750b9ad5ef 381 * Load session ticket (see mbedtls_ssl_ticket_write for structure)
Christopher Haster 1:24750b9ad5ef 382 */
Christopher Haster 1:24750b9ad5ef 383 int mbedtls_ssl_ticket_parse( void *p_ticket,
Christopher Haster 1:24750b9ad5ef 384 mbedtls_ssl_session *session,
Christopher Haster 1:24750b9ad5ef 385 unsigned char *buf,
Christopher Haster 1:24750b9ad5ef 386 size_t len )
Christopher Haster 1:24750b9ad5ef 387 {
Christopher Haster 1:24750b9ad5ef 388 int ret;
Christopher Haster 1:24750b9ad5ef 389 mbedtls_ssl_ticket_context *ctx = p_ticket;
Christopher Haster 1:24750b9ad5ef 390 mbedtls_ssl_ticket_key *key;
Christopher Haster 1:24750b9ad5ef 391 unsigned char *key_name = buf;
Christopher Haster 1:24750b9ad5ef 392 unsigned char *iv = buf + 4;
Christopher Haster 1:24750b9ad5ef 393 unsigned char *enc_len_p = iv + 12;
Christopher Haster 1:24750b9ad5ef 394 unsigned char *ticket = enc_len_p + 2;
Christopher Haster 1:24750b9ad5ef 395 unsigned char *tag;
Christopher Haster 1:24750b9ad5ef 396 size_t enc_len, clear_len;
Christopher Haster 1:24750b9ad5ef 397
Christopher Haster 1:24750b9ad5ef 398 if( ctx == NULL || ctx->f_rng == NULL )
Christopher Haster 1:24750b9ad5ef 399 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 400
Christopher Haster 1:24750b9ad5ef 401 /* See mbedtls_ssl_ticket_write() */
Christopher Haster 1:24750b9ad5ef 402 if( len < 4 + 12 + 2 + 16 )
Christopher Haster 1:24750b9ad5ef 403 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 404
Christopher Haster 1:24750b9ad5ef 405 #if defined(MBEDTLS_THREADING_C)
Christopher Haster 1:24750b9ad5ef 406 if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 407 return( ret );
Christopher Haster 1:24750b9ad5ef 408 #endif
Christopher Haster 1:24750b9ad5ef 409
Christopher Haster 1:24750b9ad5ef 410 if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 411 goto cleanup;
Christopher Haster 1:24750b9ad5ef 412
Christopher Haster 1:24750b9ad5ef 413 enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
Christopher Haster 1:24750b9ad5ef 414 tag = ticket + enc_len;
Christopher Haster 1:24750b9ad5ef 415
Christopher Haster 1:24750b9ad5ef 416 if( len != 4 + 12 + 2 + enc_len + 16 )
Christopher Haster 1:24750b9ad5ef 417 {
Christopher Haster 1:24750b9ad5ef 418 ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Christopher Haster 1:24750b9ad5ef 419 goto cleanup;
Christopher Haster 1:24750b9ad5ef 420 }
Christopher Haster 1:24750b9ad5ef 421
Christopher Haster 1:24750b9ad5ef 422 /* Select key */
Christopher Haster 1:24750b9ad5ef 423 if( ( key = ssl_ticket_select_key( ctx, key_name ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 424 {
Christopher Haster 1:24750b9ad5ef 425 /* We can't know for sure but this is a likely option unless we're
Christopher Haster 1:24750b9ad5ef 426 * under attack - this is only informative anyway */
Christopher Haster 1:24750b9ad5ef 427 ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
Christopher Haster 1:24750b9ad5ef 428 goto cleanup;
Christopher Haster 1:24750b9ad5ef 429 }
Christopher Haster 1:24750b9ad5ef 430
Christopher Haster 1:24750b9ad5ef 431 /* Decrypt and authenticate */
Christopher Haster 1:24750b9ad5ef 432 if( ( ret = mbedtls_cipher_auth_decrypt( &key->ctx, iv, 12,
Christopher Haster 1:24750b9ad5ef 433 key_name, 4 + 12 + 2, ticket, enc_len,
Christopher Haster 1:24750b9ad5ef 434 ticket, &clear_len, tag, 16 ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 435 {
Christopher Haster 1:24750b9ad5ef 436 if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
Christopher Haster 1:24750b9ad5ef 437 ret = MBEDTLS_ERR_SSL_INVALID_MAC;
Christopher Haster 1:24750b9ad5ef 438
Christopher Haster 1:24750b9ad5ef 439 goto cleanup;
Christopher Haster 1:24750b9ad5ef 440 }
Christopher Haster 1:24750b9ad5ef 441 if( clear_len != enc_len )
Christopher Haster 1:24750b9ad5ef 442 {
Christopher Haster 1:24750b9ad5ef 443 ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
Christopher Haster 1:24750b9ad5ef 444 goto cleanup;
Christopher Haster 1:24750b9ad5ef 445 }
Christopher Haster 1:24750b9ad5ef 446
Christopher Haster 1:24750b9ad5ef 447 /* Actually load session */
Christopher Haster 1:24750b9ad5ef 448 if( ( ret = ssl_load_session( session, ticket, clear_len ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 449 goto cleanup;
Christopher Haster 1:24750b9ad5ef 450
Christopher Haster 1:24750b9ad5ef 451 #if defined(MBEDTLS_HAVE_TIME)
Christopher Haster 1:24750b9ad5ef 452 {
Christopher Haster 1:24750b9ad5ef 453 /* Check for expiration */
Christopher Haster 1:24750b9ad5ef 454 time_t current_time = time( NULL );
Christopher Haster 1:24750b9ad5ef 455
Christopher Haster 1:24750b9ad5ef 456 if( current_time < session->start ||
Christopher Haster 1:24750b9ad5ef 457 (uint32_t)( current_time - session->start ) > ctx->ticket_lifetime )
Christopher Haster 1:24750b9ad5ef 458 {
Christopher Haster 1:24750b9ad5ef 459 ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
Christopher Haster 1:24750b9ad5ef 460 goto cleanup;
Christopher Haster 1:24750b9ad5ef 461 }
Christopher Haster 1:24750b9ad5ef 462 }
Christopher Haster 1:24750b9ad5ef 463 #endif
Christopher Haster 1:24750b9ad5ef 464
Christopher Haster 1:24750b9ad5ef 465 cleanup:
Christopher Haster 1:24750b9ad5ef 466 #if defined(MBEDTLS_THREADING_C)
Christopher Haster 1:24750b9ad5ef 467 if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
Christopher Haster 1:24750b9ad5ef 468 return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
Christopher Haster 1:24750b9ad5ef 469 #endif
Christopher Haster 1:24750b9ad5ef 470
Christopher Haster 1:24750b9ad5ef 471 return( ret );
Christopher Haster 1:24750b9ad5ef 472 }
Christopher Haster 1:24750b9ad5ef 473
Christopher Haster 1:24750b9ad5ef 474 /*
Christopher Haster 1:24750b9ad5ef 475 * Free context
Christopher Haster 1:24750b9ad5ef 476 */
Christopher Haster 1:24750b9ad5ef 477 void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx )
Christopher Haster 1:24750b9ad5ef 478 {
Christopher Haster 1:24750b9ad5ef 479 mbedtls_cipher_free( &ctx->keys[0].ctx );
Christopher Haster 1:24750b9ad5ef 480 mbedtls_cipher_free( &ctx->keys[1].ctx );
Christopher Haster 1:24750b9ad5ef 481
Christopher Haster 1:24750b9ad5ef 482 #if defined(MBEDTLS_THREADING_C)
Christopher Haster 1:24750b9ad5ef 483 mbedtls_mutex_free( &ctx->mutex );
Christopher Haster 1:24750b9ad5ef 484 #endif
Christopher Haster 1:24750b9ad5ef 485
Christopher Haster 1:24750b9ad5ef 486 mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
Christopher Haster 1:24750b9ad5ef 487 }
Christopher Haster 1:24750b9ad5ef 488
Christopher Haster 1:24750b9ad5ef 489 #endif /* MBEDTLS_SSL_TICKET_C */