Modified mbed TLS headers for AES functionality only to reduce build size

Dependents:   BLE_Gateway_Linker_fix BLE_Gateway

Fork of mbedtls by sandbox

Committer:
electronichamsters
Date:
Mon Jul 10 04:00:25 2017 +0000
Revision:
5:f09f5ed830ca
Parent:
1:24750b9ad5ef
working gateway

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Christopher Haster 1:24750b9ad5ef 1 /*
Christopher Haster 1:24750b9ad5ef 2 * SSLv3/TLSv1 shared functions
Christopher Haster 1:24750b9ad5ef 3 *
Christopher Haster 1:24750b9ad5ef 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Christopher Haster 1:24750b9ad5ef 5 * SPDX-License-Identifier: Apache-2.0
Christopher Haster 1:24750b9ad5ef 6 *
Christopher Haster 1:24750b9ad5ef 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
Christopher Haster 1:24750b9ad5ef 8 * not use this file except in compliance with the License.
Christopher Haster 1:24750b9ad5ef 9 * You may obtain a copy of the License at
Christopher Haster 1:24750b9ad5ef 10 *
Christopher Haster 1:24750b9ad5ef 11 * http://www.apache.org/licenses/LICENSE-2.0
Christopher Haster 1:24750b9ad5ef 12 *
Christopher Haster 1:24750b9ad5ef 13 * Unless required by applicable law or agreed to in writing, software
Christopher Haster 1:24750b9ad5ef 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
Christopher Haster 1:24750b9ad5ef 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Christopher Haster 1:24750b9ad5ef 16 * See the License for the specific language governing permissions and
Christopher Haster 1:24750b9ad5ef 17 * limitations under the License.
Christopher Haster 1:24750b9ad5ef 18 *
Christopher Haster 1:24750b9ad5ef 19 * This file is part of mbed TLS (https://tls.mbed.org)
Christopher Haster 1:24750b9ad5ef 20 */
Christopher Haster 1:24750b9ad5ef 21 /*
Christopher Haster 1:24750b9ad5ef 22 * The SSL 3.0 specification was drafted by Netscape in 1996,
Christopher Haster 1:24750b9ad5ef 23 * and became an IETF standard in 1999.
Christopher Haster 1:24750b9ad5ef 24 *
Christopher Haster 1:24750b9ad5ef 25 * http://wp.netscape.com/eng/ssl3/
Christopher Haster 1:24750b9ad5ef 26 * http://www.ietf.org/rfc/rfc2246.txt
Christopher Haster 1:24750b9ad5ef 27 * http://www.ietf.org/rfc/rfc4346.txt
Christopher Haster 1:24750b9ad5ef 28 */
Christopher Haster 1:24750b9ad5ef 29
Christopher Haster 1:24750b9ad5ef 30 #if !defined(MBEDTLS_CONFIG_FILE)
Christopher Haster 1:24750b9ad5ef 31 #include "mbedtls/config.h"
Christopher Haster 1:24750b9ad5ef 32 #else
Christopher Haster 1:24750b9ad5ef 33 #include MBEDTLS_CONFIG_FILE
Christopher Haster 1:24750b9ad5ef 34 #endif
Christopher Haster 1:24750b9ad5ef 35
Christopher Haster 1:24750b9ad5ef 36 #if defined(MBEDTLS_SSL_TLS_C)
Christopher Haster 1:24750b9ad5ef 37
Christopher Haster 1:24750b9ad5ef 38 #include "mbedtls/debug.h"
Christopher Haster 1:24750b9ad5ef 39 #include "mbedtls/ssl.h"
Christopher Haster 1:24750b9ad5ef 40 #include "mbedtls/ssl_internal.h"
Christopher Haster 1:24750b9ad5ef 41
Christopher Haster 1:24750b9ad5ef 42 #include <string.h>
Christopher Haster 1:24750b9ad5ef 43
Christopher Haster 1:24750b9ad5ef 44 #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
Christopher Haster 1:24750b9ad5ef 45 defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
Christopher Haster 1:24750b9ad5ef 46 #include "mbedtls/oid.h"
Christopher Haster 1:24750b9ad5ef 47 #endif
Christopher Haster 1:24750b9ad5ef 48
Christopher Haster 1:24750b9ad5ef 49 #if defined(MBEDTLS_PLATFORM_C)
Christopher Haster 1:24750b9ad5ef 50 #include "mbedtls/platform.h"
Christopher Haster 1:24750b9ad5ef 51 #else
Christopher Haster 1:24750b9ad5ef 52 #include <stdlib.h>
Christopher Haster 1:24750b9ad5ef 53 #define mbedtls_calloc calloc
Christopher Haster 1:24750b9ad5ef 54 #define mbedtls_free free
Christopher Haster 1:24750b9ad5ef 55 #endif
Christopher Haster 1:24750b9ad5ef 56
Christopher Haster 1:24750b9ad5ef 57 /* Implementation that should never be optimized out by the compiler */
Christopher Haster 1:24750b9ad5ef 58 static void mbedtls_zeroize( void *v, size_t n ) {
Christopher Haster 1:24750b9ad5ef 59 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
Christopher Haster 1:24750b9ad5ef 60 }
Christopher Haster 1:24750b9ad5ef 61
Christopher Haster 1:24750b9ad5ef 62 /* Length of the "epoch" field in the record header */
Christopher Haster 1:24750b9ad5ef 63 static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 64 {
Christopher Haster 1:24750b9ad5ef 65 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 66 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 67 return( 2 );
Christopher Haster 1:24750b9ad5ef 68 #else
Christopher Haster 1:24750b9ad5ef 69 ((void) ssl);
Christopher Haster 1:24750b9ad5ef 70 #endif
Christopher Haster 1:24750b9ad5ef 71 return( 0 );
Christopher Haster 1:24750b9ad5ef 72 }
Christopher Haster 1:24750b9ad5ef 73
Christopher Haster 1:24750b9ad5ef 74 /*
Christopher Haster 1:24750b9ad5ef 75 * Start a timer.
Christopher Haster 1:24750b9ad5ef 76 * Passing millisecs = 0 cancels a running timer.
Christopher Haster 1:24750b9ad5ef 77 */
Christopher Haster 1:24750b9ad5ef 78 static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs )
Christopher Haster 1:24750b9ad5ef 79 {
Christopher Haster 1:24750b9ad5ef 80 if( ssl->f_set_timer == NULL )
Christopher Haster 1:24750b9ad5ef 81 return;
Christopher Haster 1:24750b9ad5ef 82
Christopher Haster 1:24750b9ad5ef 83 MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) );
Christopher Haster 1:24750b9ad5ef 84 ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs );
Christopher Haster 1:24750b9ad5ef 85 }
Christopher Haster 1:24750b9ad5ef 86
Christopher Haster 1:24750b9ad5ef 87 /*
Christopher Haster 1:24750b9ad5ef 88 * Return -1 is timer is expired, 0 if it isn't.
Christopher Haster 1:24750b9ad5ef 89 */
Christopher Haster 1:24750b9ad5ef 90 static int ssl_check_timer( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 91 {
Christopher Haster 1:24750b9ad5ef 92 if( ssl->f_get_timer == NULL )
Christopher Haster 1:24750b9ad5ef 93 return( 0 );
Christopher Haster 1:24750b9ad5ef 94
Christopher Haster 1:24750b9ad5ef 95 if( ssl->f_get_timer( ssl->p_timer ) == 2 )
Christopher Haster 1:24750b9ad5ef 96 {
Christopher Haster 1:24750b9ad5ef 97 MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) );
Christopher Haster 1:24750b9ad5ef 98 return( -1 );
Christopher Haster 1:24750b9ad5ef 99 }
Christopher Haster 1:24750b9ad5ef 100
Christopher Haster 1:24750b9ad5ef 101 return( 0 );
Christopher Haster 1:24750b9ad5ef 102 }
Christopher Haster 1:24750b9ad5ef 103
Christopher Haster 1:24750b9ad5ef 104 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 105 /*
Christopher Haster 1:24750b9ad5ef 106 * Double the retransmit timeout value, within the allowed range,
Christopher Haster 1:24750b9ad5ef 107 * returning -1 if the maximum value has already been reached.
Christopher Haster 1:24750b9ad5ef 108 */
Christopher Haster 1:24750b9ad5ef 109 static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 110 {
Christopher Haster 1:24750b9ad5ef 111 uint32_t new_timeout;
Christopher Haster 1:24750b9ad5ef 112
Christopher Haster 1:24750b9ad5ef 113 if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max )
Christopher Haster 1:24750b9ad5ef 114 return( -1 );
Christopher Haster 1:24750b9ad5ef 115
Christopher Haster 1:24750b9ad5ef 116 new_timeout = 2 * ssl->handshake->retransmit_timeout;
Christopher Haster 1:24750b9ad5ef 117
Christopher Haster 1:24750b9ad5ef 118 /* Avoid arithmetic overflow and range overflow */
Christopher Haster 1:24750b9ad5ef 119 if( new_timeout < ssl->handshake->retransmit_timeout ||
Christopher Haster 1:24750b9ad5ef 120 new_timeout > ssl->conf->hs_timeout_max )
Christopher Haster 1:24750b9ad5ef 121 {
Christopher Haster 1:24750b9ad5ef 122 new_timeout = ssl->conf->hs_timeout_max;
Christopher Haster 1:24750b9ad5ef 123 }
Christopher Haster 1:24750b9ad5ef 124
Christopher Haster 1:24750b9ad5ef 125 ssl->handshake->retransmit_timeout = new_timeout;
Christopher Haster 1:24750b9ad5ef 126 MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
Christopher Haster 1:24750b9ad5ef 127 ssl->handshake->retransmit_timeout ) );
Christopher Haster 1:24750b9ad5ef 128
Christopher Haster 1:24750b9ad5ef 129 return( 0 );
Christopher Haster 1:24750b9ad5ef 130 }
Christopher Haster 1:24750b9ad5ef 131
Christopher Haster 1:24750b9ad5ef 132 static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 133 {
Christopher Haster 1:24750b9ad5ef 134 ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
Christopher Haster 1:24750b9ad5ef 135 MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
Christopher Haster 1:24750b9ad5ef 136 ssl->handshake->retransmit_timeout ) );
Christopher Haster 1:24750b9ad5ef 137 }
Christopher Haster 1:24750b9ad5ef 138 #endif /* MBEDTLS_SSL_PROTO_DTLS */
Christopher Haster 1:24750b9ad5ef 139
Christopher Haster 1:24750b9ad5ef 140 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
Christopher Haster 1:24750b9ad5ef 141 /*
Christopher Haster 1:24750b9ad5ef 142 * Convert max_fragment_length codes to length.
Christopher Haster 1:24750b9ad5ef 143 * RFC 6066 says:
Christopher Haster 1:24750b9ad5ef 144 * enum{
Christopher Haster 1:24750b9ad5ef 145 * 2^9(1), 2^10(2), 2^11(3), 2^12(4), (255)
Christopher Haster 1:24750b9ad5ef 146 * } MaxFragmentLength;
Christopher Haster 1:24750b9ad5ef 147 * and we add 0 -> extension unused
Christopher Haster 1:24750b9ad5ef 148 */
Christopher Haster 1:24750b9ad5ef 149 static unsigned int mfl_code_to_length[MBEDTLS_SSL_MAX_FRAG_LEN_INVALID] =
Christopher Haster 1:24750b9ad5ef 150 {
Christopher Haster 1:24750b9ad5ef 151 MBEDTLS_SSL_MAX_CONTENT_LEN, /* MBEDTLS_SSL_MAX_FRAG_LEN_NONE */
Christopher Haster 1:24750b9ad5ef 152 512, /* MBEDTLS_SSL_MAX_FRAG_LEN_512 */
Christopher Haster 1:24750b9ad5ef 153 1024, /* MBEDTLS_SSL_MAX_FRAG_LEN_1024 */
Christopher Haster 1:24750b9ad5ef 154 2048, /* MBEDTLS_SSL_MAX_FRAG_LEN_2048 */
Christopher Haster 1:24750b9ad5ef 155 4096, /* MBEDTLS_SSL_MAX_FRAG_LEN_4096 */
Christopher Haster 1:24750b9ad5ef 156 };
Christopher Haster 1:24750b9ad5ef 157 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
Christopher Haster 1:24750b9ad5ef 158
Christopher Haster 1:24750b9ad5ef 159 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 160 static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session *src )
Christopher Haster 1:24750b9ad5ef 161 {
Christopher Haster 1:24750b9ad5ef 162 mbedtls_ssl_session_free( dst );
Christopher Haster 1:24750b9ad5ef 163 memcpy( dst, src, sizeof( mbedtls_ssl_session ) );
Christopher Haster 1:24750b9ad5ef 164
Christopher Haster 1:24750b9ad5ef 165 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 166 if( src->peer_cert != NULL )
Christopher Haster 1:24750b9ad5ef 167 {
Christopher Haster 1:24750b9ad5ef 168 int ret;
Christopher Haster 1:24750b9ad5ef 169
Christopher Haster 1:24750b9ad5ef 170 dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
Christopher Haster 1:24750b9ad5ef 171 if( dst->peer_cert == NULL )
Christopher Haster 1:24750b9ad5ef 172 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 173
Christopher Haster 1:24750b9ad5ef 174 mbedtls_x509_crt_init( dst->peer_cert );
Christopher Haster 1:24750b9ad5ef 175
Christopher Haster 1:24750b9ad5ef 176 if( ( ret = mbedtls_x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p,
Christopher Haster 1:24750b9ad5ef 177 src->peer_cert->raw.len ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 178 {
Christopher Haster 1:24750b9ad5ef 179 mbedtls_free( dst->peer_cert );
Christopher Haster 1:24750b9ad5ef 180 dst->peer_cert = NULL;
Christopher Haster 1:24750b9ad5ef 181 return( ret );
Christopher Haster 1:24750b9ad5ef 182 }
Christopher Haster 1:24750b9ad5ef 183 }
Christopher Haster 1:24750b9ad5ef 184 #endif /* MBEDTLS_X509_CRT_PARSE_C */
Christopher Haster 1:24750b9ad5ef 185
Christopher Haster 1:24750b9ad5ef 186 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 187 if( src->ticket != NULL )
Christopher Haster 1:24750b9ad5ef 188 {
Christopher Haster 1:24750b9ad5ef 189 dst->ticket = mbedtls_calloc( 1, src->ticket_len );
Christopher Haster 1:24750b9ad5ef 190 if( dst->ticket == NULL )
Christopher Haster 1:24750b9ad5ef 191 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 192
Christopher Haster 1:24750b9ad5ef 193 memcpy( dst->ticket, src->ticket, src->ticket_len );
Christopher Haster 1:24750b9ad5ef 194 }
Christopher Haster 1:24750b9ad5ef 195 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
Christopher Haster 1:24750b9ad5ef 196
Christopher Haster 1:24750b9ad5ef 197 return( 0 );
Christopher Haster 1:24750b9ad5ef 198 }
Christopher Haster 1:24750b9ad5ef 199 #endif /* MBEDTLS_SSL_CLI_C */
Christopher Haster 1:24750b9ad5ef 200
Christopher Haster 1:24750b9ad5ef 201 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
Christopher Haster 1:24750b9ad5ef 202 int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 203 const unsigned char *key_enc, const unsigned char *key_dec,
Christopher Haster 1:24750b9ad5ef 204 size_t keylen,
Christopher Haster 1:24750b9ad5ef 205 const unsigned char *iv_enc, const unsigned char *iv_dec,
Christopher Haster 1:24750b9ad5ef 206 size_t ivlen,
Christopher Haster 1:24750b9ad5ef 207 const unsigned char *mac_enc, const unsigned char *mac_dec,
Christopher Haster 1:24750b9ad5ef 208 size_t maclen ) = NULL;
Christopher Haster 1:24750b9ad5ef 209 int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL;
Christopher Haster 1:24750b9ad5ef 210 int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL;
Christopher Haster 1:24750b9ad5ef 211 int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL;
Christopher Haster 1:24750b9ad5ef 212 int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL;
Christopher Haster 1:24750b9ad5ef 213 int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL;
Christopher Haster 1:24750b9ad5ef 214 #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
Christopher Haster 1:24750b9ad5ef 215
Christopher Haster 1:24750b9ad5ef 216 /*
Christopher Haster 1:24750b9ad5ef 217 * Key material generation
Christopher Haster 1:24750b9ad5ef 218 */
Christopher Haster 1:24750b9ad5ef 219 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 220 static int ssl3_prf( const unsigned char *secret, size_t slen,
Christopher Haster 1:24750b9ad5ef 221 const char *label,
Christopher Haster 1:24750b9ad5ef 222 const unsigned char *random, size_t rlen,
Christopher Haster 1:24750b9ad5ef 223 unsigned char *dstbuf, size_t dlen )
Christopher Haster 1:24750b9ad5ef 224 {
Christopher Haster 1:24750b9ad5ef 225 size_t i;
Christopher Haster 1:24750b9ad5ef 226 mbedtls_md5_context md5;
Christopher Haster 1:24750b9ad5ef 227 mbedtls_sha1_context sha1;
Christopher Haster 1:24750b9ad5ef 228 unsigned char padding[16];
Christopher Haster 1:24750b9ad5ef 229 unsigned char sha1sum[20];
Christopher Haster 1:24750b9ad5ef 230 ((void)label);
Christopher Haster 1:24750b9ad5ef 231
Christopher Haster 1:24750b9ad5ef 232 mbedtls_md5_init( &md5 );
Christopher Haster 1:24750b9ad5ef 233 mbedtls_sha1_init( &sha1 );
Christopher Haster 1:24750b9ad5ef 234
Christopher Haster 1:24750b9ad5ef 235 /*
Christopher Haster 1:24750b9ad5ef 236 * SSLv3:
Christopher Haster 1:24750b9ad5ef 237 * block =
Christopher Haster 1:24750b9ad5ef 238 * MD5( secret + SHA1( 'A' + secret + random ) ) +
Christopher Haster 1:24750b9ad5ef 239 * MD5( secret + SHA1( 'BB' + secret + random ) ) +
Christopher Haster 1:24750b9ad5ef 240 * MD5( secret + SHA1( 'CCC' + secret + random ) ) +
Christopher Haster 1:24750b9ad5ef 241 * ...
Christopher Haster 1:24750b9ad5ef 242 */
Christopher Haster 1:24750b9ad5ef 243 for( i = 0; i < dlen / 16; i++ )
Christopher Haster 1:24750b9ad5ef 244 {
Christopher Haster 1:24750b9ad5ef 245 memset( padding, (unsigned char) ('A' + i), 1 + i );
Christopher Haster 1:24750b9ad5ef 246
Christopher Haster 1:24750b9ad5ef 247 mbedtls_sha1_starts( &sha1 );
Christopher Haster 1:24750b9ad5ef 248 mbedtls_sha1_update( &sha1, padding, 1 + i );
Christopher Haster 1:24750b9ad5ef 249 mbedtls_sha1_update( &sha1, secret, slen );
Christopher Haster 1:24750b9ad5ef 250 mbedtls_sha1_update( &sha1, random, rlen );
Christopher Haster 1:24750b9ad5ef 251 mbedtls_sha1_finish( &sha1, sha1sum );
Christopher Haster 1:24750b9ad5ef 252
Christopher Haster 1:24750b9ad5ef 253 mbedtls_md5_starts( &md5 );
Christopher Haster 1:24750b9ad5ef 254 mbedtls_md5_update( &md5, secret, slen );
Christopher Haster 1:24750b9ad5ef 255 mbedtls_md5_update( &md5, sha1sum, 20 );
Christopher Haster 1:24750b9ad5ef 256 mbedtls_md5_finish( &md5, dstbuf + i * 16 );
Christopher Haster 1:24750b9ad5ef 257 }
Christopher Haster 1:24750b9ad5ef 258
Christopher Haster 1:24750b9ad5ef 259 mbedtls_md5_free( &md5 );
Christopher Haster 1:24750b9ad5ef 260 mbedtls_sha1_free( &sha1 );
Christopher Haster 1:24750b9ad5ef 261
Christopher Haster 1:24750b9ad5ef 262 mbedtls_zeroize( padding, sizeof( padding ) );
Christopher Haster 1:24750b9ad5ef 263 mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
Christopher Haster 1:24750b9ad5ef 264
Christopher Haster 1:24750b9ad5ef 265 return( 0 );
Christopher Haster 1:24750b9ad5ef 266 }
Christopher Haster 1:24750b9ad5ef 267 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
Christopher Haster 1:24750b9ad5ef 268
Christopher Haster 1:24750b9ad5ef 269 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster 1:24750b9ad5ef 270 static int tls1_prf( const unsigned char *secret, size_t slen,
Christopher Haster 1:24750b9ad5ef 271 const char *label,
Christopher Haster 1:24750b9ad5ef 272 const unsigned char *random, size_t rlen,
Christopher Haster 1:24750b9ad5ef 273 unsigned char *dstbuf, size_t dlen )
Christopher Haster 1:24750b9ad5ef 274 {
Christopher Haster 1:24750b9ad5ef 275 size_t nb, hs;
Christopher Haster 1:24750b9ad5ef 276 size_t i, j, k;
Christopher Haster 1:24750b9ad5ef 277 const unsigned char *S1, *S2;
Christopher Haster 1:24750b9ad5ef 278 unsigned char tmp[128];
Christopher Haster 1:24750b9ad5ef 279 unsigned char h_i[20];
Christopher Haster 1:24750b9ad5ef 280 const mbedtls_md_info_t *md_info;
Christopher Haster 1:24750b9ad5ef 281 mbedtls_md_context_t md_ctx;
Christopher Haster 1:24750b9ad5ef 282 int ret;
Christopher Haster 1:24750b9ad5ef 283
Christopher Haster 1:24750b9ad5ef 284 mbedtls_md_init( &md_ctx );
Christopher Haster 1:24750b9ad5ef 285
Christopher Haster 1:24750b9ad5ef 286 if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
Christopher Haster 1:24750b9ad5ef 287 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 288
Christopher Haster 1:24750b9ad5ef 289 hs = ( slen + 1 ) / 2;
Christopher Haster 1:24750b9ad5ef 290 S1 = secret;
Christopher Haster 1:24750b9ad5ef 291 S2 = secret + slen - hs;
Christopher Haster 1:24750b9ad5ef 292
Christopher Haster 1:24750b9ad5ef 293 nb = strlen( label );
Christopher Haster 1:24750b9ad5ef 294 memcpy( tmp + 20, label, nb );
Christopher Haster 1:24750b9ad5ef 295 memcpy( tmp + 20 + nb, random, rlen );
Christopher Haster 1:24750b9ad5ef 296 nb += rlen;
Christopher Haster 1:24750b9ad5ef 297
Christopher Haster 1:24750b9ad5ef 298 /*
Christopher Haster 1:24750b9ad5ef 299 * First compute P_md5(secret,label+random)[0..dlen]
Christopher Haster 1:24750b9ad5ef 300 */
Christopher Haster 1:24750b9ad5ef 301 if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 302 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 303
Christopher Haster 1:24750b9ad5ef 304 if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 305 return( ret );
Christopher Haster 1:24750b9ad5ef 306
Christopher Haster 1:24750b9ad5ef 307 mbedtls_md_hmac_starts( &md_ctx, S1, hs );
Christopher Haster 1:24750b9ad5ef 308 mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
Christopher Haster 1:24750b9ad5ef 309 mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
Christopher Haster 1:24750b9ad5ef 310
Christopher Haster 1:24750b9ad5ef 311 for( i = 0; i < dlen; i += 16 )
Christopher Haster 1:24750b9ad5ef 312 {
Christopher Haster 1:24750b9ad5ef 313 mbedtls_md_hmac_reset ( &md_ctx );
Christopher Haster 1:24750b9ad5ef 314 mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb );
Christopher Haster 1:24750b9ad5ef 315 mbedtls_md_hmac_finish( &md_ctx, h_i );
Christopher Haster 1:24750b9ad5ef 316
Christopher Haster 1:24750b9ad5ef 317 mbedtls_md_hmac_reset ( &md_ctx );
Christopher Haster 1:24750b9ad5ef 318 mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 );
Christopher Haster 1:24750b9ad5ef 319 mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
Christopher Haster 1:24750b9ad5ef 320
Christopher Haster 1:24750b9ad5ef 321 k = ( i + 16 > dlen ) ? dlen % 16 : 16;
Christopher Haster 1:24750b9ad5ef 322
Christopher Haster 1:24750b9ad5ef 323 for( j = 0; j < k; j++ )
Christopher Haster 1:24750b9ad5ef 324 dstbuf[i + j] = h_i[j];
Christopher Haster 1:24750b9ad5ef 325 }
Christopher Haster 1:24750b9ad5ef 326
Christopher Haster 1:24750b9ad5ef 327 mbedtls_md_free( &md_ctx );
Christopher Haster 1:24750b9ad5ef 328
Christopher Haster 1:24750b9ad5ef 329 /*
Christopher Haster 1:24750b9ad5ef 330 * XOR out with P_sha1(secret,label+random)[0..dlen]
Christopher Haster 1:24750b9ad5ef 331 */
Christopher Haster 1:24750b9ad5ef 332 if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 333 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 334
Christopher Haster 1:24750b9ad5ef 335 if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 336 return( ret );
Christopher Haster 1:24750b9ad5ef 337
Christopher Haster 1:24750b9ad5ef 338 mbedtls_md_hmac_starts( &md_ctx, S2, hs );
Christopher Haster 1:24750b9ad5ef 339 mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
Christopher Haster 1:24750b9ad5ef 340 mbedtls_md_hmac_finish( &md_ctx, tmp );
Christopher Haster 1:24750b9ad5ef 341
Christopher Haster 1:24750b9ad5ef 342 for( i = 0; i < dlen; i += 20 )
Christopher Haster 1:24750b9ad5ef 343 {
Christopher Haster 1:24750b9ad5ef 344 mbedtls_md_hmac_reset ( &md_ctx );
Christopher Haster 1:24750b9ad5ef 345 mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb );
Christopher Haster 1:24750b9ad5ef 346 mbedtls_md_hmac_finish( &md_ctx, h_i );
Christopher Haster 1:24750b9ad5ef 347
Christopher Haster 1:24750b9ad5ef 348 mbedtls_md_hmac_reset ( &md_ctx );
Christopher Haster 1:24750b9ad5ef 349 mbedtls_md_hmac_update( &md_ctx, tmp, 20 );
Christopher Haster 1:24750b9ad5ef 350 mbedtls_md_hmac_finish( &md_ctx, tmp );
Christopher Haster 1:24750b9ad5ef 351
Christopher Haster 1:24750b9ad5ef 352 k = ( i + 20 > dlen ) ? dlen % 20 : 20;
Christopher Haster 1:24750b9ad5ef 353
Christopher Haster 1:24750b9ad5ef 354 for( j = 0; j < k; j++ )
Christopher Haster 1:24750b9ad5ef 355 dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
Christopher Haster 1:24750b9ad5ef 356 }
Christopher Haster 1:24750b9ad5ef 357
Christopher Haster 1:24750b9ad5ef 358 mbedtls_md_free( &md_ctx );
Christopher Haster 1:24750b9ad5ef 359
Christopher Haster 1:24750b9ad5ef 360 mbedtls_zeroize( tmp, sizeof( tmp ) );
Christopher Haster 1:24750b9ad5ef 361 mbedtls_zeroize( h_i, sizeof( h_i ) );
Christopher Haster 1:24750b9ad5ef 362
Christopher Haster 1:24750b9ad5ef 363 return( 0 );
Christopher Haster 1:24750b9ad5ef 364 }
Christopher Haster 1:24750b9ad5ef 365 #endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
Christopher Haster 1:24750b9ad5ef 366
Christopher Haster 1:24750b9ad5ef 367 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 368 static int tls_prf_generic( mbedtls_md_type_t md_type,
Christopher Haster 1:24750b9ad5ef 369 const unsigned char *secret, size_t slen,
Christopher Haster 1:24750b9ad5ef 370 const char *label,
Christopher Haster 1:24750b9ad5ef 371 const unsigned char *random, size_t rlen,
Christopher Haster 1:24750b9ad5ef 372 unsigned char *dstbuf, size_t dlen )
Christopher Haster 1:24750b9ad5ef 373 {
Christopher Haster 1:24750b9ad5ef 374 size_t nb;
Christopher Haster 1:24750b9ad5ef 375 size_t i, j, k, md_len;
Christopher Haster 1:24750b9ad5ef 376 unsigned char tmp[128];
Christopher Haster 1:24750b9ad5ef 377 unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
Christopher Haster 1:24750b9ad5ef 378 const mbedtls_md_info_t *md_info;
Christopher Haster 1:24750b9ad5ef 379 mbedtls_md_context_t md_ctx;
Christopher Haster 1:24750b9ad5ef 380 int ret;
Christopher Haster 1:24750b9ad5ef 381
Christopher Haster 1:24750b9ad5ef 382 mbedtls_md_init( &md_ctx );
Christopher Haster 1:24750b9ad5ef 383
Christopher Haster 1:24750b9ad5ef 384 if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 385 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 386
Christopher Haster 1:24750b9ad5ef 387 md_len = mbedtls_md_get_size( md_info );
Christopher Haster 1:24750b9ad5ef 388
Christopher Haster 1:24750b9ad5ef 389 if( sizeof( tmp ) < md_len + strlen( label ) + rlen )
Christopher Haster 1:24750b9ad5ef 390 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 391
Christopher Haster 1:24750b9ad5ef 392 nb = strlen( label );
Christopher Haster 1:24750b9ad5ef 393 memcpy( tmp + md_len, label, nb );
Christopher Haster 1:24750b9ad5ef 394 memcpy( tmp + md_len + nb, random, rlen );
Christopher Haster 1:24750b9ad5ef 395 nb += rlen;
Christopher Haster 1:24750b9ad5ef 396
Christopher Haster 1:24750b9ad5ef 397 /*
Christopher Haster 1:24750b9ad5ef 398 * Compute P_<hash>(secret, label + random)[0..dlen]
Christopher Haster 1:24750b9ad5ef 399 */
Christopher Haster 1:24750b9ad5ef 400 if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 401 return( ret );
Christopher Haster 1:24750b9ad5ef 402
Christopher Haster 1:24750b9ad5ef 403 mbedtls_md_hmac_starts( &md_ctx, secret, slen );
Christopher Haster 1:24750b9ad5ef 404 mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb );
Christopher Haster 1:24750b9ad5ef 405 mbedtls_md_hmac_finish( &md_ctx, tmp );
Christopher Haster 1:24750b9ad5ef 406
Christopher Haster 1:24750b9ad5ef 407 for( i = 0; i < dlen; i += md_len )
Christopher Haster 1:24750b9ad5ef 408 {
Christopher Haster 1:24750b9ad5ef 409 mbedtls_md_hmac_reset ( &md_ctx );
Christopher Haster 1:24750b9ad5ef 410 mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb );
Christopher Haster 1:24750b9ad5ef 411 mbedtls_md_hmac_finish( &md_ctx, h_i );
Christopher Haster 1:24750b9ad5ef 412
Christopher Haster 1:24750b9ad5ef 413 mbedtls_md_hmac_reset ( &md_ctx );
Christopher Haster 1:24750b9ad5ef 414 mbedtls_md_hmac_update( &md_ctx, tmp, md_len );
Christopher Haster 1:24750b9ad5ef 415 mbedtls_md_hmac_finish( &md_ctx, tmp );
Christopher Haster 1:24750b9ad5ef 416
Christopher Haster 1:24750b9ad5ef 417 k = ( i + md_len > dlen ) ? dlen % md_len : md_len;
Christopher Haster 1:24750b9ad5ef 418
Christopher Haster 1:24750b9ad5ef 419 for( j = 0; j < k; j++ )
Christopher Haster 1:24750b9ad5ef 420 dstbuf[i + j] = h_i[j];
Christopher Haster 1:24750b9ad5ef 421 }
Christopher Haster 1:24750b9ad5ef 422
Christopher Haster 1:24750b9ad5ef 423 mbedtls_md_free( &md_ctx );
Christopher Haster 1:24750b9ad5ef 424
Christopher Haster 1:24750b9ad5ef 425 mbedtls_zeroize( tmp, sizeof( tmp ) );
Christopher Haster 1:24750b9ad5ef 426 mbedtls_zeroize( h_i, sizeof( h_i ) );
Christopher Haster 1:24750b9ad5ef 427
Christopher Haster 1:24750b9ad5ef 428 return( 0 );
Christopher Haster 1:24750b9ad5ef 429 }
Christopher Haster 1:24750b9ad5ef 430
Christopher Haster 1:24750b9ad5ef 431 #if defined(MBEDTLS_SHA256_C)
Christopher Haster 1:24750b9ad5ef 432 static int tls_prf_sha256( const unsigned char *secret, size_t slen,
Christopher Haster 1:24750b9ad5ef 433 const char *label,
Christopher Haster 1:24750b9ad5ef 434 const unsigned char *random, size_t rlen,
Christopher Haster 1:24750b9ad5ef 435 unsigned char *dstbuf, size_t dlen )
Christopher Haster 1:24750b9ad5ef 436 {
Christopher Haster 1:24750b9ad5ef 437 return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen,
Christopher Haster 1:24750b9ad5ef 438 label, random, rlen, dstbuf, dlen ) );
Christopher Haster 1:24750b9ad5ef 439 }
Christopher Haster 1:24750b9ad5ef 440 #endif /* MBEDTLS_SHA256_C */
Christopher Haster 1:24750b9ad5ef 441
Christopher Haster 1:24750b9ad5ef 442 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 443 static int tls_prf_sha384( const unsigned char *secret, size_t slen,
Christopher Haster 1:24750b9ad5ef 444 const char *label,
Christopher Haster 1:24750b9ad5ef 445 const unsigned char *random, size_t rlen,
Christopher Haster 1:24750b9ad5ef 446 unsigned char *dstbuf, size_t dlen )
Christopher Haster 1:24750b9ad5ef 447 {
Christopher Haster 1:24750b9ad5ef 448 return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen,
Christopher Haster 1:24750b9ad5ef 449 label, random, rlen, dstbuf, dlen ) );
Christopher Haster 1:24750b9ad5ef 450 }
Christopher Haster 1:24750b9ad5ef 451 #endif /* MBEDTLS_SHA512_C */
Christopher Haster 1:24750b9ad5ef 452 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 453
Christopher Haster 1:24750b9ad5ef 454 static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
Christopher Haster 1:24750b9ad5ef 455
Christopher Haster 1:24750b9ad5ef 456 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
Christopher Haster 1:24750b9ad5ef 457 defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster 1:24750b9ad5ef 458 static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t );
Christopher Haster 1:24750b9ad5ef 459 #endif
Christopher Haster 1:24750b9ad5ef 460
Christopher Haster 1:24750b9ad5ef 461 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 462 static void ssl_calc_verify_ssl( mbedtls_ssl_context *, unsigned char * );
Christopher Haster 1:24750b9ad5ef 463 static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int );
Christopher Haster 1:24750b9ad5ef 464 #endif
Christopher Haster 1:24750b9ad5ef 465
Christopher Haster 1:24750b9ad5ef 466 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster 1:24750b9ad5ef 467 static void ssl_calc_verify_tls( mbedtls_ssl_context *, unsigned char * );
Christopher Haster 1:24750b9ad5ef 468 static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int );
Christopher Haster 1:24750b9ad5ef 469 #endif
Christopher Haster 1:24750b9ad5ef 470
Christopher Haster 1:24750b9ad5ef 471 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 472 #if defined(MBEDTLS_SHA256_C)
Christopher Haster 1:24750b9ad5ef 473 static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
Christopher Haster 1:24750b9ad5ef 474 static void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *,unsigned char * );
Christopher Haster 1:24750b9ad5ef 475 static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
Christopher Haster 1:24750b9ad5ef 476 #endif
Christopher Haster 1:24750b9ad5ef 477
Christopher Haster 1:24750b9ad5ef 478 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 479 static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
Christopher Haster 1:24750b9ad5ef 480 static void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *, unsigned char * );
Christopher Haster 1:24750b9ad5ef 481 static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
Christopher Haster 1:24750b9ad5ef 482 #endif
Christopher Haster 1:24750b9ad5ef 483 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 484
Christopher Haster 1:24750b9ad5ef 485 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 486 {
Christopher Haster 1:24750b9ad5ef 487 int ret = 0;
Christopher Haster 1:24750b9ad5ef 488 unsigned char tmp[64];
Christopher Haster 1:24750b9ad5ef 489 unsigned char keyblk[256];
Christopher Haster 1:24750b9ad5ef 490 unsigned char *key1;
Christopher Haster 1:24750b9ad5ef 491 unsigned char *key2;
Christopher Haster 1:24750b9ad5ef 492 unsigned char *mac_enc;
Christopher Haster 1:24750b9ad5ef 493 unsigned char *mac_dec;
Christopher Haster 1:24750b9ad5ef 494 size_t iv_copy_len;
Christopher Haster 1:24750b9ad5ef 495 const mbedtls_cipher_info_t *cipher_info;
Christopher Haster 1:24750b9ad5ef 496 const mbedtls_md_info_t *md_info;
Christopher Haster 1:24750b9ad5ef 497
Christopher Haster 1:24750b9ad5ef 498 mbedtls_ssl_session *session = ssl->session_negotiate;
Christopher Haster 1:24750b9ad5ef 499 mbedtls_ssl_transform *transform = ssl->transform_negotiate;
Christopher Haster 1:24750b9ad5ef 500 mbedtls_ssl_handshake_params *handshake = ssl->handshake;
Christopher Haster 1:24750b9ad5ef 501
Christopher Haster 1:24750b9ad5ef 502 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
Christopher Haster 1:24750b9ad5ef 503
Christopher Haster 1:24750b9ad5ef 504 cipher_info = mbedtls_cipher_info_from_type( transform->ciphersuite_info->cipher );
Christopher Haster 1:24750b9ad5ef 505 if( cipher_info == NULL )
Christopher Haster 1:24750b9ad5ef 506 {
Christopher Haster 1:24750b9ad5ef 507 MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
Christopher Haster 1:24750b9ad5ef 508 transform->ciphersuite_info->cipher ) );
Christopher Haster 1:24750b9ad5ef 509 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 510 }
Christopher Haster 1:24750b9ad5ef 511
Christopher Haster 1:24750b9ad5ef 512 md_info = mbedtls_md_info_from_type( transform->ciphersuite_info->mac );
Christopher Haster 1:24750b9ad5ef 513 if( md_info == NULL )
Christopher Haster 1:24750b9ad5ef 514 {
Christopher Haster 1:24750b9ad5ef 515 MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
Christopher Haster 1:24750b9ad5ef 516 transform->ciphersuite_info->mac ) );
Christopher Haster 1:24750b9ad5ef 517 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 518 }
Christopher Haster 1:24750b9ad5ef 519
Christopher Haster 1:24750b9ad5ef 520 /*
Christopher Haster 1:24750b9ad5ef 521 * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions
Christopher Haster 1:24750b9ad5ef 522 */
Christopher Haster 1:24750b9ad5ef 523 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 524 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
Christopher Haster 1:24750b9ad5ef 525 {
Christopher Haster 1:24750b9ad5ef 526 handshake->tls_prf = ssl3_prf;
Christopher Haster 1:24750b9ad5ef 527 handshake->calc_verify = ssl_calc_verify_ssl;
Christopher Haster 1:24750b9ad5ef 528 handshake->calc_finished = ssl_calc_finished_ssl;
Christopher Haster 1:24750b9ad5ef 529 }
Christopher Haster 1:24750b9ad5ef 530 else
Christopher Haster 1:24750b9ad5ef 531 #endif
Christopher Haster 1:24750b9ad5ef 532 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster 1:24750b9ad5ef 533 if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
Christopher Haster 1:24750b9ad5ef 534 {
Christopher Haster 1:24750b9ad5ef 535 handshake->tls_prf = tls1_prf;
Christopher Haster 1:24750b9ad5ef 536 handshake->calc_verify = ssl_calc_verify_tls;
Christopher Haster 1:24750b9ad5ef 537 handshake->calc_finished = ssl_calc_finished_tls;
Christopher Haster 1:24750b9ad5ef 538 }
Christopher Haster 1:24750b9ad5ef 539 else
Christopher Haster 1:24750b9ad5ef 540 #endif
Christopher Haster 1:24750b9ad5ef 541 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 542 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 543 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
Christopher Haster 1:24750b9ad5ef 544 transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
Christopher Haster 1:24750b9ad5ef 545 {
Christopher Haster 1:24750b9ad5ef 546 handshake->tls_prf = tls_prf_sha384;
Christopher Haster 1:24750b9ad5ef 547 handshake->calc_verify = ssl_calc_verify_tls_sha384;
Christopher Haster 1:24750b9ad5ef 548 handshake->calc_finished = ssl_calc_finished_tls_sha384;
Christopher Haster 1:24750b9ad5ef 549 }
Christopher Haster 1:24750b9ad5ef 550 else
Christopher Haster 1:24750b9ad5ef 551 #endif
Christopher Haster 1:24750b9ad5ef 552 #if defined(MBEDTLS_SHA256_C)
Christopher Haster 1:24750b9ad5ef 553 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
Christopher Haster 1:24750b9ad5ef 554 {
Christopher Haster 1:24750b9ad5ef 555 handshake->tls_prf = tls_prf_sha256;
Christopher Haster 1:24750b9ad5ef 556 handshake->calc_verify = ssl_calc_verify_tls_sha256;
Christopher Haster 1:24750b9ad5ef 557 handshake->calc_finished = ssl_calc_finished_tls_sha256;
Christopher Haster 1:24750b9ad5ef 558 }
Christopher Haster 1:24750b9ad5ef 559 else
Christopher Haster 1:24750b9ad5ef 560 #endif
Christopher Haster 1:24750b9ad5ef 561 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 562 {
Christopher Haster 1:24750b9ad5ef 563 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 564 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 565 }
Christopher Haster 1:24750b9ad5ef 566
Christopher Haster 1:24750b9ad5ef 567 /*
Christopher Haster 1:24750b9ad5ef 568 * SSLv3:
Christopher Haster 1:24750b9ad5ef 569 * master =
Christopher Haster 1:24750b9ad5ef 570 * MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) +
Christopher Haster 1:24750b9ad5ef 571 * MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) +
Christopher Haster 1:24750b9ad5ef 572 * MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) )
Christopher Haster 1:24750b9ad5ef 573 *
Christopher Haster 1:24750b9ad5ef 574 * TLSv1+:
Christopher Haster 1:24750b9ad5ef 575 * master = PRF( premaster, "master secret", randbytes )[0..47]
Christopher Haster 1:24750b9ad5ef 576 */
Christopher Haster 1:24750b9ad5ef 577 if( handshake->resume == 0 )
Christopher Haster 1:24750b9ad5ef 578 {
Christopher Haster 1:24750b9ad5ef 579 MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
Christopher Haster 1:24750b9ad5ef 580 handshake->pmslen );
Christopher Haster 1:24750b9ad5ef 581
Christopher Haster 1:24750b9ad5ef 582 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
Christopher Haster 1:24750b9ad5ef 583 if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED )
Christopher Haster 1:24750b9ad5ef 584 {
Christopher Haster 1:24750b9ad5ef 585 unsigned char session_hash[48];
Christopher Haster 1:24750b9ad5ef 586 size_t hash_len;
Christopher Haster 1:24750b9ad5ef 587
Christopher Haster 1:24750b9ad5ef 588 MBEDTLS_SSL_DEBUG_MSG( 3, ( "using extended master secret" ) );
Christopher Haster 1:24750b9ad5ef 589
Christopher Haster 1:24750b9ad5ef 590 ssl->handshake->calc_verify( ssl, session_hash );
Christopher Haster 1:24750b9ad5ef 591
Christopher Haster 1:24750b9ad5ef 592 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 593 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
Christopher Haster 1:24750b9ad5ef 594 {
Christopher Haster 1:24750b9ad5ef 595 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 596 if( ssl->transform_negotiate->ciphersuite_info->mac ==
Christopher Haster 1:24750b9ad5ef 597 MBEDTLS_MD_SHA384 )
Christopher Haster 1:24750b9ad5ef 598 {
Christopher Haster 1:24750b9ad5ef 599 hash_len = 48;
Christopher Haster 1:24750b9ad5ef 600 }
Christopher Haster 1:24750b9ad5ef 601 else
Christopher Haster 1:24750b9ad5ef 602 #endif
Christopher Haster 1:24750b9ad5ef 603 hash_len = 32;
Christopher Haster 1:24750b9ad5ef 604 }
Christopher Haster 1:24750b9ad5ef 605 else
Christopher Haster 1:24750b9ad5ef 606 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 607 hash_len = 36;
Christopher Haster 1:24750b9ad5ef 608
Christopher Haster 1:24750b9ad5ef 609 MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len );
Christopher Haster 1:24750b9ad5ef 610
Christopher Haster 1:24750b9ad5ef 611 ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
Christopher Haster 1:24750b9ad5ef 612 "extended master secret",
Christopher Haster 1:24750b9ad5ef 613 session_hash, hash_len,
Christopher Haster 1:24750b9ad5ef 614 session->master, 48 );
Christopher Haster 1:24750b9ad5ef 615 if( ret != 0 )
Christopher Haster 1:24750b9ad5ef 616 {
Christopher Haster 1:24750b9ad5ef 617 MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
Christopher Haster 1:24750b9ad5ef 618 return( ret );
Christopher Haster 1:24750b9ad5ef 619 }
Christopher Haster 1:24750b9ad5ef 620
Christopher Haster 1:24750b9ad5ef 621 }
Christopher Haster 1:24750b9ad5ef 622 else
Christopher Haster 1:24750b9ad5ef 623 #endif
Christopher Haster 1:24750b9ad5ef 624 ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
Christopher Haster 1:24750b9ad5ef 625 "master secret",
Christopher Haster 1:24750b9ad5ef 626 handshake->randbytes, 64,
Christopher Haster 1:24750b9ad5ef 627 session->master, 48 );
Christopher Haster 1:24750b9ad5ef 628 if( ret != 0 )
Christopher Haster 1:24750b9ad5ef 629 {
Christopher Haster 1:24750b9ad5ef 630 MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
Christopher Haster 1:24750b9ad5ef 631 return( ret );
Christopher Haster 1:24750b9ad5ef 632 }
Christopher Haster 1:24750b9ad5ef 633
Christopher Haster 1:24750b9ad5ef 634 mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) );
Christopher Haster 1:24750b9ad5ef 635 }
Christopher Haster 1:24750b9ad5ef 636 else
Christopher Haster 1:24750b9ad5ef 637 MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
Christopher Haster 1:24750b9ad5ef 638
Christopher Haster 1:24750b9ad5ef 639 /*
Christopher Haster 1:24750b9ad5ef 640 * Swap the client and server random values.
Christopher Haster 1:24750b9ad5ef 641 */
Christopher Haster 1:24750b9ad5ef 642 memcpy( tmp, handshake->randbytes, 64 );
Christopher Haster 1:24750b9ad5ef 643 memcpy( handshake->randbytes, tmp + 32, 32 );
Christopher Haster 1:24750b9ad5ef 644 memcpy( handshake->randbytes + 32, tmp, 32 );
Christopher Haster 1:24750b9ad5ef 645 mbedtls_zeroize( tmp, sizeof( tmp ) );
Christopher Haster 1:24750b9ad5ef 646
Christopher Haster 1:24750b9ad5ef 647 /*
Christopher Haster 1:24750b9ad5ef 648 * SSLv3:
Christopher Haster 1:24750b9ad5ef 649 * key block =
Christopher Haster 1:24750b9ad5ef 650 * MD5( master + SHA1( 'A' + master + randbytes ) ) +
Christopher Haster 1:24750b9ad5ef 651 * MD5( master + SHA1( 'BB' + master + randbytes ) ) +
Christopher Haster 1:24750b9ad5ef 652 * MD5( master + SHA1( 'CCC' + master + randbytes ) ) +
Christopher Haster 1:24750b9ad5ef 653 * MD5( master + SHA1( 'DDDD' + master + randbytes ) ) +
Christopher Haster 1:24750b9ad5ef 654 * ...
Christopher Haster 1:24750b9ad5ef 655 *
Christopher Haster 1:24750b9ad5ef 656 * TLSv1:
Christopher Haster 1:24750b9ad5ef 657 * key block = PRF( master, "key expansion", randbytes )
Christopher Haster 1:24750b9ad5ef 658 */
Christopher Haster 1:24750b9ad5ef 659 ret = handshake->tls_prf( session->master, 48, "key expansion",
Christopher Haster 1:24750b9ad5ef 660 handshake->randbytes, 64, keyblk, 256 );
Christopher Haster 1:24750b9ad5ef 661 if( ret != 0 )
Christopher Haster 1:24750b9ad5ef 662 {
Christopher Haster 1:24750b9ad5ef 663 MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
Christopher Haster 1:24750b9ad5ef 664 return( ret );
Christopher Haster 1:24750b9ad5ef 665 }
Christopher Haster 1:24750b9ad5ef 666
Christopher Haster 1:24750b9ad5ef 667 MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
Christopher Haster 1:24750b9ad5ef 668 mbedtls_ssl_get_ciphersuite_name( session->ciphersuite ) ) );
Christopher Haster 1:24750b9ad5ef 669 MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", session->master, 48 );
Christopher Haster 1:24750b9ad5ef 670 MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
Christopher Haster 1:24750b9ad5ef 671 MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
Christopher Haster 1:24750b9ad5ef 672
Christopher Haster 1:24750b9ad5ef 673 mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) );
Christopher Haster 1:24750b9ad5ef 674
Christopher Haster 1:24750b9ad5ef 675 /*
Christopher Haster 1:24750b9ad5ef 676 * Determine the appropriate key, IV and MAC length.
Christopher Haster 1:24750b9ad5ef 677 */
Christopher Haster 1:24750b9ad5ef 678
Christopher Haster 1:24750b9ad5ef 679 transform->keylen = cipher_info->key_bitlen / 8;
Christopher Haster 1:24750b9ad5ef 680
Christopher Haster 1:24750b9ad5ef 681 if( cipher_info->mode == MBEDTLS_MODE_GCM ||
Christopher Haster 1:24750b9ad5ef 682 cipher_info->mode == MBEDTLS_MODE_CCM )
Christopher Haster 1:24750b9ad5ef 683 {
Christopher Haster 1:24750b9ad5ef 684 transform->maclen = 0;
Christopher Haster 1:24750b9ad5ef 685
Christopher Haster 1:24750b9ad5ef 686 transform->ivlen = 12;
Christopher Haster 1:24750b9ad5ef 687 transform->fixed_ivlen = 4;
Christopher Haster 1:24750b9ad5ef 688
Christopher Haster 1:24750b9ad5ef 689 /* Minimum length is expicit IV + tag */
Christopher Haster 1:24750b9ad5ef 690 transform->minlen = transform->ivlen - transform->fixed_ivlen
Christopher Haster 1:24750b9ad5ef 691 + ( transform->ciphersuite_info->flags &
Christopher Haster 1:24750b9ad5ef 692 MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16 );
Christopher Haster 1:24750b9ad5ef 693 }
Christopher Haster 1:24750b9ad5ef 694 else
Christopher Haster 1:24750b9ad5ef 695 {
Christopher Haster 1:24750b9ad5ef 696 /* Initialize HMAC contexts */
Christopher Haster 1:24750b9ad5ef 697 if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
Christopher Haster 1:24750b9ad5ef 698 ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 699 {
Christopher Haster 1:24750b9ad5ef 700 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
Christopher Haster 1:24750b9ad5ef 701 return( ret );
Christopher Haster 1:24750b9ad5ef 702 }
Christopher Haster 1:24750b9ad5ef 703
Christopher Haster 1:24750b9ad5ef 704 /* Get MAC length */
Christopher Haster 1:24750b9ad5ef 705 transform->maclen = mbedtls_md_get_size( md_info );
Christopher Haster 1:24750b9ad5ef 706
Christopher Haster 1:24750b9ad5ef 707 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
Christopher Haster 1:24750b9ad5ef 708 /*
Christopher Haster 1:24750b9ad5ef 709 * If HMAC is to be truncated, we shall keep the leftmost bytes,
Christopher Haster 1:24750b9ad5ef 710 * (rfc 6066 page 13 or rfc 2104 section 4),
Christopher Haster 1:24750b9ad5ef 711 * so we only need to adjust the length here.
Christopher Haster 1:24750b9ad5ef 712 */
Christopher Haster 1:24750b9ad5ef 713 if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
Christopher Haster 1:24750b9ad5ef 714 transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN;
Christopher Haster 1:24750b9ad5ef 715 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
Christopher Haster 1:24750b9ad5ef 716
Christopher Haster 1:24750b9ad5ef 717 /* IV length */
Christopher Haster 1:24750b9ad5ef 718 transform->ivlen = cipher_info->iv_size;
Christopher Haster 1:24750b9ad5ef 719
Christopher Haster 1:24750b9ad5ef 720 /* Minimum length */
Christopher Haster 1:24750b9ad5ef 721 if( cipher_info->mode == MBEDTLS_MODE_STREAM )
Christopher Haster 1:24750b9ad5ef 722 transform->minlen = transform->maclen;
Christopher Haster 1:24750b9ad5ef 723 else
Christopher Haster 1:24750b9ad5ef 724 {
Christopher Haster 1:24750b9ad5ef 725 /*
Christopher Haster 1:24750b9ad5ef 726 * GenericBlockCipher:
Christopher Haster 1:24750b9ad5ef 727 * 1. if EtM is in use: one block plus MAC
Christopher Haster 1:24750b9ad5ef 728 * otherwise: * first multiple of blocklen greater than maclen
Christopher Haster 1:24750b9ad5ef 729 * 2. IV except for SSL3 and TLS 1.0
Christopher Haster 1:24750b9ad5ef 730 */
Christopher Haster 1:24750b9ad5ef 731 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
Christopher Haster 1:24750b9ad5ef 732 if( session->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
Christopher Haster 1:24750b9ad5ef 733 {
Christopher Haster 1:24750b9ad5ef 734 transform->minlen = transform->maclen
Christopher Haster 1:24750b9ad5ef 735 + cipher_info->block_size;
Christopher Haster 1:24750b9ad5ef 736 }
Christopher Haster 1:24750b9ad5ef 737 else
Christopher Haster 1:24750b9ad5ef 738 #endif
Christopher Haster 1:24750b9ad5ef 739 {
Christopher Haster 1:24750b9ad5ef 740 transform->minlen = transform->maclen
Christopher Haster 1:24750b9ad5ef 741 + cipher_info->block_size
Christopher Haster 1:24750b9ad5ef 742 - transform->maclen % cipher_info->block_size;
Christopher Haster 1:24750b9ad5ef 743 }
Christopher Haster 1:24750b9ad5ef 744
Christopher Haster 1:24750b9ad5ef 745 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
Christopher Haster 1:24750b9ad5ef 746 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
Christopher Haster 1:24750b9ad5ef 747 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 )
Christopher Haster 1:24750b9ad5ef 748 ; /* No need to adjust minlen */
Christopher Haster 1:24750b9ad5ef 749 else
Christopher Haster 1:24750b9ad5ef 750 #endif
Christopher Haster 1:24750b9ad5ef 751 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 752 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 ||
Christopher Haster 1:24750b9ad5ef 753 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
Christopher Haster 1:24750b9ad5ef 754 {
Christopher Haster 1:24750b9ad5ef 755 transform->minlen += transform->ivlen;
Christopher Haster 1:24750b9ad5ef 756 }
Christopher Haster 1:24750b9ad5ef 757 else
Christopher Haster 1:24750b9ad5ef 758 #endif
Christopher Haster 1:24750b9ad5ef 759 {
Christopher Haster 1:24750b9ad5ef 760 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 761 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 762 }
Christopher Haster 1:24750b9ad5ef 763 }
Christopher Haster 1:24750b9ad5ef 764 }
Christopher Haster 1:24750b9ad5ef 765
Christopher Haster 1:24750b9ad5ef 766 MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
Christopher Haster 1:24750b9ad5ef 767 transform->keylen, transform->minlen, transform->ivlen,
Christopher Haster 1:24750b9ad5ef 768 transform->maclen ) );
Christopher Haster 1:24750b9ad5ef 769
Christopher Haster 1:24750b9ad5ef 770 /*
Christopher Haster 1:24750b9ad5ef 771 * Finally setup the cipher contexts, IVs and MAC secrets.
Christopher Haster 1:24750b9ad5ef 772 */
Christopher Haster 1:24750b9ad5ef 773 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 774 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
Christopher Haster 1:24750b9ad5ef 775 {
Christopher Haster 1:24750b9ad5ef 776 key1 = keyblk + transform->maclen * 2;
Christopher Haster 1:24750b9ad5ef 777 key2 = keyblk + transform->maclen * 2 + transform->keylen;
Christopher Haster 1:24750b9ad5ef 778
Christopher Haster 1:24750b9ad5ef 779 mac_enc = keyblk;
Christopher Haster 1:24750b9ad5ef 780 mac_dec = keyblk + transform->maclen;
Christopher Haster 1:24750b9ad5ef 781
Christopher Haster 1:24750b9ad5ef 782 /*
Christopher Haster 1:24750b9ad5ef 783 * This is not used in TLS v1.1.
Christopher Haster 1:24750b9ad5ef 784 */
Christopher Haster 1:24750b9ad5ef 785 iv_copy_len = ( transform->fixed_ivlen ) ?
Christopher Haster 1:24750b9ad5ef 786 transform->fixed_ivlen : transform->ivlen;
Christopher Haster 1:24750b9ad5ef 787 memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len );
Christopher Haster 1:24750b9ad5ef 788 memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
Christopher Haster 1:24750b9ad5ef 789 iv_copy_len );
Christopher Haster 1:24750b9ad5ef 790 }
Christopher Haster 1:24750b9ad5ef 791 else
Christopher Haster 1:24750b9ad5ef 792 #endif /* MBEDTLS_SSL_CLI_C */
Christopher Haster 1:24750b9ad5ef 793 #if defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 794 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
Christopher Haster 1:24750b9ad5ef 795 {
Christopher Haster 1:24750b9ad5ef 796 key1 = keyblk + transform->maclen * 2 + transform->keylen;
Christopher Haster 1:24750b9ad5ef 797 key2 = keyblk + transform->maclen * 2;
Christopher Haster 1:24750b9ad5ef 798
Christopher Haster 1:24750b9ad5ef 799 mac_enc = keyblk + transform->maclen;
Christopher Haster 1:24750b9ad5ef 800 mac_dec = keyblk;
Christopher Haster 1:24750b9ad5ef 801
Christopher Haster 1:24750b9ad5ef 802 /*
Christopher Haster 1:24750b9ad5ef 803 * This is not used in TLS v1.1.
Christopher Haster 1:24750b9ad5ef 804 */
Christopher Haster 1:24750b9ad5ef 805 iv_copy_len = ( transform->fixed_ivlen ) ?
Christopher Haster 1:24750b9ad5ef 806 transform->fixed_ivlen : transform->ivlen;
Christopher Haster 1:24750b9ad5ef 807 memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len );
Christopher Haster 1:24750b9ad5ef 808 memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
Christopher Haster 1:24750b9ad5ef 809 iv_copy_len );
Christopher Haster 1:24750b9ad5ef 810 }
Christopher Haster 1:24750b9ad5ef 811 else
Christopher Haster 1:24750b9ad5ef 812 #endif /* MBEDTLS_SSL_SRV_C */
Christopher Haster 1:24750b9ad5ef 813 {
Christopher Haster 1:24750b9ad5ef 814 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 815 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 816 }
Christopher Haster 1:24750b9ad5ef 817
Christopher Haster 1:24750b9ad5ef 818 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 819 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
Christopher Haster 1:24750b9ad5ef 820 {
Christopher Haster 1:24750b9ad5ef 821 if( transform->maclen > sizeof transform->mac_enc )
Christopher Haster 1:24750b9ad5ef 822 {
Christopher Haster 1:24750b9ad5ef 823 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 824 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 825 }
Christopher Haster 1:24750b9ad5ef 826
Christopher Haster 1:24750b9ad5ef 827 memcpy( transform->mac_enc, mac_enc, transform->maclen );
Christopher Haster 1:24750b9ad5ef 828 memcpy( transform->mac_dec, mac_dec, transform->maclen );
Christopher Haster 1:24750b9ad5ef 829 }
Christopher Haster 1:24750b9ad5ef 830 else
Christopher Haster 1:24750b9ad5ef 831 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
Christopher Haster 1:24750b9ad5ef 832 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
Christopher Haster 1:24750b9ad5ef 833 defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 834 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
Christopher Haster 1:24750b9ad5ef 835 {
Christopher Haster 1:24750b9ad5ef 836 mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen );
Christopher Haster 1:24750b9ad5ef 837 mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen );
Christopher Haster 1:24750b9ad5ef 838 }
Christopher Haster 1:24750b9ad5ef 839 else
Christopher Haster 1:24750b9ad5ef 840 #endif
Christopher Haster 1:24750b9ad5ef 841 {
Christopher Haster 1:24750b9ad5ef 842 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 843 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 844 }
Christopher Haster 1:24750b9ad5ef 845
Christopher Haster 1:24750b9ad5ef 846 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
Christopher Haster 1:24750b9ad5ef 847 if( mbedtls_ssl_hw_record_init != NULL )
Christopher Haster 1:24750b9ad5ef 848 {
Christopher Haster 1:24750b9ad5ef 849 int ret = 0;
Christopher Haster 1:24750b9ad5ef 850
Christopher Haster 1:24750b9ad5ef 851 MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) );
Christopher Haster 1:24750b9ad5ef 852
Christopher Haster 1:24750b9ad5ef 853 if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen,
Christopher Haster 1:24750b9ad5ef 854 transform->iv_enc, transform->iv_dec,
Christopher Haster 1:24750b9ad5ef 855 iv_copy_len,
Christopher Haster 1:24750b9ad5ef 856 mac_enc, mac_dec,
Christopher Haster 1:24750b9ad5ef 857 transform->maclen ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 858 {
Christopher Haster 1:24750b9ad5ef 859 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret );
Christopher Haster 1:24750b9ad5ef 860 return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
Christopher Haster 1:24750b9ad5ef 861 }
Christopher Haster 1:24750b9ad5ef 862 }
Christopher Haster 1:24750b9ad5ef 863 #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
Christopher Haster 1:24750b9ad5ef 864
Christopher Haster 1:24750b9ad5ef 865 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
Christopher Haster 1:24750b9ad5ef 866 if( ssl->conf->f_export_keys != NULL )
Christopher Haster 1:24750b9ad5ef 867 {
Christopher Haster 1:24750b9ad5ef 868 ssl->conf->f_export_keys( ssl->conf->p_export_keys,
Christopher Haster 1:24750b9ad5ef 869 session->master, keyblk,
Christopher Haster 1:24750b9ad5ef 870 transform->maclen, transform->keylen,
Christopher Haster 1:24750b9ad5ef 871 iv_copy_len );
Christopher Haster 1:24750b9ad5ef 872 }
Christopher Haster 1:24750b9ad5ef 873 #endif
Christopher Haster 1:24750b9ad5ef 874
Christopher Haster 1:24750b9ad5ef 875 if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
Christopher Haster 1:24750b9ad5ef 876 cipher_info ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 877 {
Christopher Haster 1:24750b9ad5ef 878 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
Christopher Haster 1:24750b9ad5ef 879 return( ret );
Christopher Haster 1:24750b9ad5ef 880 }
Christopher Haster 1:24750b9ad5ef 881
Christopher Haster 1:24750b9ad5ef 882 if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
Christopher Haster 1:24750b9ad5ef 883 cipher_info ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 884 {
Christopher Haster 1:24750b9ad5ef 885 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
Christopher Haster 1:24750b9ad5ef 886 return( ret );
Christopher Haster 1:24750b9ad5ef 887 }
Christopher Haster 1:24750b9ad5ef 888
Christopher Haster 1:24750b9ad5ef 889 if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
Christopher Haster 1:24750b9ad5ef 890 cipher_info->key_bitlen,
Christopher Haster 1:24750b9ad5ef 891 MBEDTLS_ENCRYPT ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 892 {
Christopher Haster 1:24750b9ad5ef 893 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
Christopher Haster 1:24750b9ad5ef 894 return( ret );
Christopher Haster 1:24750b9ad5ef 895 }
Christopher Haster 1:24750b9ad5ef 896
Christopher Haster 1:24750b9ad5ef 897 if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
Christopher Haster 1:24750b9ad5ef 898 cipher_info->key_bitlen,
Christopher Haster 1:24750b9ad5ef 899 MBEDTLS_DECRYPT ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 900 {
Christopher Haster 1:24750b9ad5ef 901 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
Christopher Haster 1:24750b9ad5ef 902 return( ret );
Christopher Haster 1:24750b9ad5ef 903 }
Christopher Haster 1:24750b9ad5ef 904
Christopher Haster 1:24750b9ad5ef 905 #if defined(MBEDTLS_CIPHER_MODE_CBC)
Christopher Haster 1:24750b9ad5ef 906 if( cipher_info->mode == MBEDTLS_MODE_CBC )
Christopher Haster 1:24750b9ad5ef 907 {
Christopher Haster 1:24750b9ad5ef 908 if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
Christopher Haster 1:24750b9ad5ef 909 MBEDTLS_PADDING_NONE ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 910 {
Christopher Haster 1:24750b9ad5ef 911 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
Christopher Haster 1:24750b9ad5ef 912 return( ret );
Christopher Haster 1:24750b9ad5ef 913 }
Christopher Haster 1:24750b9ad5ef 914
Christopher Haster 1:24750b9ad5ef 915 if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec,
Christopher Haster 1:24750b9ad5ef 916 MBEDTLS_PADDING_NONE ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 917 {
Christopher Haster 1:24750b9ad5ef 918 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
Christopher Haster 1:24750b9ad5ef 919 return( ret );
Christopher Haster 1:24750b9ad5ef 920 }
Christopher Haster 1:24750b9ad5ef 921 }
Christopher Haster 1:24750b9ad5ef 922 #endif /* MBEDTLS_CIPHER_MODE_CBC */
Christopher Haster 1:24750b9ad5ef 923
Christopher Haster 1:24750b9ad5ef 924 mbedtls_zeroize( keyblk, sizeof( keyblk ) );
Christopher Haster 1:24750b9ad5ef 925
Christopher Haster 1:24750b9ad5ef 926 #if defined(MBEDTLS_ZLIB_SUPPORT)
Christopher Haster 1:24750b9ad5ef 927 // Initialize compression
Christopher Haster 1:24750b9ad5ef 928 //
Christopher Haster 1:24750b9ad5ef 929 if( session->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
Christopher Haster 1:24750b9ad5ef 930 {
Christopher Haster 1:24750b9ad5ef 931 if( ssl->compress_buf == NULL )
Christopher Haster 1:24750b9ad5ef 932 {
Christopher Haster 1:24750b9ad5ef 933 MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) );
Christopher Haster 1:24750b9ad5ef 934 ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_BUFFER_LEN );
Christopher Haster 1:24750b9ad5ef 935 if( ssl->compress_buf == NULL )
Christopher Haster 1:24750b9ad5ef 936 {
Christopher Haster 1:24750b9ad5ef 937 MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
Christopher Haster 1:24750b9ad5ef 938 MBEDTLS_SSL_BUFFER_LEN ) );
Christopher Haster 1:24750b9ad5ef 939 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 940 }
Christopher Haster 1:24750b9ad5ef 941 }
Christopher Haster 1:24750b9ad5ef 942
Christopher Haster 1:24750b9ad5ef 943 MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) );
Christopher Haster 1:24750b9ad5ef 944
Christopher Haster 1:24750b9ad5ef 945 memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) );
Christopher Haster 1:24750b9ad5ef 946 memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) );
Christopher Haster 1:24750b9ad5ef 947
Christopher Haster 1:24750b9ad5ef 948 if( deflateInit( &transform->ctx_deflate,
Christopher Haster 1:24750b9ad5ef 949 Z_DEFAULT_COMPRESSION ) != Z_OK ||
Christopher Haster 1:24750b9ad5ef 950 inflateInit( &transform->ctx_inflate ) != Z_OK )
Christopher Haster 1:24750b9ad5ef 951 {
Christopher Haster 1:24750b9ad5ef 952 MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) );
Christopher Haster 1:24750b9ad5ef 953 return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
Christopher Haster 1:24750b9ad5ef 954 }
Christopher Haster 1:24750b9ad5ef 955 }
Christopher Haster 1:24750b9ad5ef 956 #endif /* MBEDTLS_ZLIB_SUPPORT */
Christopher Haster 1:24750b9ad5ef 957
Christopher Haster 1:24750b9ad5ef 958 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
Christopher Haster 1:24750b9ad5ef 959
Christopher Haster 1:24750b9ad5ef 960 return( 0 );
Christopher Haster 1:24750b9ad5ef 961 }
Christopher Haster 1:24750b9ad5ef 962
Christopher Haster 1:24750b9ad5ef 963 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 964 void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] )
Christopher Haster 1:24750b9ad5ef 965 {
Christopher Haster 1:24750b9ad5ef 966 mbedtls_md5_context md5;
Christopher Haster 1:24750b9ad5ef 967 mbedtls_sha1_context sha1;
Christopher Haster 1:24750b9ad5ef 968 unsigned char pad_1[48];
Christopher Haster 1:24750b9ad5ef 969 unsigned char pad_2[48];
Christopher Haster 1:24750b9ad5ef 970
Christopher Haster 1:24750b9ad5ef 971 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) );
Christopher Haster 1:24750b9ad5ef 972
Christopher Haster 1:24750b9ad5ef 973 mbedtls_md5_init( &md5 );
Christopher Haster 1:24750b9ad5ef 974 mbedtls_sha1_init( &sha1 );
Christopher Haster 1:24750b9ad5ef 975
Christopher Haster 1:24750b9ad5ef 976 mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
Christopher Haster 1:24750b9ad5ef 977 mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
Christopher Haster 1:24750b9ad5ef 978
Christopher Haster 1:24750b9ad5ef 979 memset( pad_1, 0x36, 48 );
Christopher Haster 1:24750b9ad5ef 980 memset( pad_2, 0x5C, 48 );
Christopher Haster 1:24750b9ad5ef 981
Christopher Haster 1:24750b9ad5ef 982 mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 );
Christopher Haster 1:24750b9ad5ef 983 mbedtls_md5_update( &md5, pad_1, 48 );
Christopher Haster 1:24750b9ad5ef 984 mbedtls_md5_finish( &md5, hash );
Christopher Haster 1:24750b9ad5ef 985
Christopher Haster 1:24750b9ad5ef 986 mbedtls_md5_starts( &md5 );
Christopher Haster 1:24750b9ad5ef 987 mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 );
Christopher Haster 1:24750b9ad5ef 988 mbedtls_md5_update( &md5, pad_2, 48 );
Christopher Haster 1:24750b9ad5ef 989 mbedtls_md5_update( &md5, hash, 16 );
Christopher Haster 1:24750b9ad5ef 990 mbedtls_md5_finish( &md5, hash );
Christopher Haster 1:24750b9ad5ef 991
Christopher Haster 1:24750b9ad5ef 992 mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 );
Christopher Haster 1:24750b9ad5ef 993 mbedtls_sha1_update( &sha1, pad_1, 40 );
Christopher Haster 1:24750b9ad5ef 994 mbedtls_sha1_finish( &sha1, hash + 16 );
Christopher Haster 1:24750b9ad5ef 995
Christopher Haster 1:24750b9ad5ef 996 mbedtls_sha1_starts( &sha1 );
Christopher Haster 1:24750b9ad5ef 997 mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 );
Christopher Haster 1:24750b9ad5ef 998 mbedtls_sha1_update( &sha1, pad_2, 40 );
Christopher Haster 1:24750b9ad5ef 999 mbedtls_sha1_update( &sha1, hash + 16, 20 );
Christopher Haster 1:24750b9ad5ef 1000 mbedtls_sha1_finish( &sha1, hash + 16 );
Christopher Haster 1:24750b9ad5ef 1001
Christopher Haster 1:24750b9ad5ef 1002 MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
Christopher Haster 1:24750b9ad5ef 1003 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
Christopher Haster 1:24750b9ad5ef 1004
Christopher Haster 1:24750b9ad5ef 1005 mbedtls_md5_free( &md5 );
Christopher Haster 1:24750b9ad5ef 1006 mbedtls_sha1_free( &sha1 );
Christopher Haster 1:24750b9ad5ef 1007
Christopher Haster 1:24750b9ad5ef 1008 return;
Christopher Haster 1:24750b9ad5ef 1009 }
Christopher Haster 1:24750b9ad5ef 1010 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
Christopher Haster 1:24750b9ad5ef 1011
Christopher Haster 1:24750b9ad5ef 1012 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster 1:24750b9ad5ef 1013 void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] )
Christopher Haster 1:24750b9ad5ef 1014 {
Christopher Haster 1:24750b9ad5ef 1015 mbedtls_md5_context md5;
Christopher Haster 1:24750b9ad5ef 1016 mbedtls_sha1_context sha1;
Christopher Haster 1:24750b9ad5ef 1017
Christopher Haster 1:24750b9ad5ef 1018 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) );
Christopher Haster 1:24750b9ad5ef 1019
Christopher Haster 1:24750b9ad5ef 1020 mbedtls_md5_init( &md5 );
Christopher Haster 1:24750b9ad5ef 1021 mbedtls_sha1_init( &sha1 );
Christopher Haster 1:24750b9ad5ef 1022
Christopher Haster 1:24750b9ad5ef 1023 mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
Christopher Haster 1:24750b9ad5ef 1024 mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
Christopher Haster 1:24750b9ad5ef 1025
Christopher Haster 1:24750b9ad5ef 1026 mbedtls_md5_finish( &md5, hash );
Christopher Haster 1:24750b9ad5ef 1027 mbedtls_sha1_finish( &sha1, hash + 16 );
Christopher Haster 1:24750b9ad5ef 1028
Christopher Haster 1:24750b9ad5ef 1029 MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
Christopher Haster 1:24750b9ad5ef 1030 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
Christopher Haster 1:24750b9ad5ef 1031
Christopher Haster 1:24750b9ad5ef 1032 mbedtls_md5_free( &md5 );
Christopher Haster 1:24750b9ad5ef 1033 mbedtls_sha1_free( &sha1 );
Christopher Haster 1:24750b9ad5ef 1034
Christopher Haster 1:24750b9ad5ef 1035 return;
Christopher Haster 1:24750b9ad5ef 1036 }
Christopher Haster 1:24750b9ad5ef 1037 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
Christopher Haster 1:24750b9ad5ef 1038
Christopher Haster 1:24750b9ad5ef 1039 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 1040 #if defined(MBEDTLS_SHA256_C)
Christopher Haster 1:24750b9ad5ef 1041 void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] )
Christopher Haster 1:24750b9ad5ef 1042 {
Christopher Haster 1:24750b9ad5ef 1043 mbedtls_sha256_context sha256;
Christopher Haster 1:24750b9ad5ef 1044
Christopher Haster 1:24750b9ad5ef 1045 mbedtls_sha256_init( &sha256 );
Christopher Haster 1:24750b9ad5ef 1046
Christopher Haster 1:24750b9ad5ef 1047 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
Christopher Haster 1:24750b9ad5ef 1048
Christopher Haster 1:24750b9ad5ef 1049 mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
Christopher Haster 1:24750b9ad5ef 1050 mbedtls_sha256_finish( &sha256, hash );
Christopher Haster 1:24750b9ad5ef 1051
Christopher Haster 1:24750b9ad5ef 1052 MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 );
Christopher Haster 1:24750b9ad5ef 1053 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
Christopher Haster 1:24750b9ad5ef 1054
Christopher Haster 1:24750b9ad5ef 1055 mbedtls_sha256_free( &sha256 );
Christopher Haster 1:24750b9ad5ef 1056
Christopher Haster 1:24750b9ad5ef 1057 return;
Christopher Haster 1:24750b9ad5ef 1058 }
Christopher Haster 1:24750b9ad5ef 1059 #endif /* MBEDTLS_SHA256_C */
Christopher Haster 1:24750b9ad5ef 1060
Christopher Haster 1:24750b9ad5ef 1061 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 1062 void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] )
Christopher Haster 1:24750b9ad5ef 1063 {
Christopher Haster 1:24750b9ad5ef 1064 mbedtls_sha512_context sha512;
Christopher Haster 1:24750b9ad5ef 1065
Christopher Haster 1:24750b9ad5ef 1066 mbedtls_sha512_init( &sha512 );
Christopher Haster 1:24750b9ad5ef 1067
Christopher Haster 1:24750b9ad5ef 1068 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
Christopher Haster 1:24750b9ad5ef 1069
Christopher Haster 1:24750b9ad5ef 1070 mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
Christopher Haster 1:24750b9ad5ef 1071 mbedtls_sha512_finish( &sha512, hash );
Christopher Haster 1:24750b9ad5ef 1072
Christopher Haster 1:24750b9ad5ef 1073 MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 );
Christopher Haster 1:24750b9ad5ef 1074 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
Christopher Haster 1:24750b9ad5ef 1075
Christopher Haster 1:24750b9ad5ef 1076 mbedtls_sha512_free( &sha512 );
Christopher Haster 1:24750b9ad5ef 1077
Christopher Haster 1:24750b9ad5ef 1078 return;
Christopher Haster 1:24750b9ad5ef 1079 }
Christopher Haster 1:24750b9ad5ef 1080 #endif /* MBEDTLS_SHA512_C */
Christopher Haster 1:24750b9ad5ef 1081 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 1082
Christopher Haster 1:24750b9ad5ef 1083 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
Christopher Haster 1:24750b9ad5ef 1084 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
Christopher Haster 1:24750b9ad5ef 1085 {
Christopher Haster 1:24750b9ad5ef 1086 unsigned char *p = ssl->handshake->premaster;
Christopher Haster 1:24750b9ad5ef 1087 unsigned char *end = p + sizeof( ssl->handshake->premaster );
Christopher Haster 1:24750b9ad5ef 1088 const unsigned char *psk = ssl->conf->psk;
Christopher Haster 1:24750b9ad5ef 1089 size_t psk_len = ssl->conf->psk_len;
Christopher Haster 1:24750b9ad5ef 1090
Christopher Haster 1:24750b9ad5ef 1091 /* If the psk callback was called, use its result */
Christopher Haster 1:24750b9ad5ef 1092 if( ssl->handshake->psk != NULL )
Christopher Haster 1:24750b9ad5ef 1093 {
Christopher Haster 1:24750b9ad5ef 1094 psk = ssl->handshake->psk;
Christopher Haster 1:24750b9ad5ef 1095 psk_len = ssl->handshake->psk_len;
Christopher Haster 1:24750b9ad5ef 1096 }
Christopher Haster 1:24750b9ad5ef 1097
Christopher Haster 1:24750b9ad5ef 1098 /*
Christopher Haster 1:24750b9ad5ef 1099 * PMS = struct {
Christopher Haster 1:24750b9ad5ef 1100 * opaque other_secret<0..2^16-1>;
Christopher Haster 1:24750b9ad5ef 1101 * opaque psk<0..2^16-1>;
Christopher Haster 1:24750b9ad5ef 1102 * };
Christopher Haster 1:24750b9ad5ef 1103 * with "other_secret" depending on the particular key exchange
Christopher Haster 1:24750b9ad5ef 1104 */
Christopher Haster 1:24750b9ad5ef 1105 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Christopher Haster 1:24750b9ad5ef 1106 if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK )
Christopher Haster 1:24750b9ad5ef 1107 {
Christopher Haster 1:24750b9ad5ef 1108 if( end - p < 2 )
Christopher Haster 1:24750b9ad5ef 1109 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 1110
Christopher Haster 1:24750b9ad5ef 1111 *(p++) = (unsigned char)( psk_len >> 8 );
Christopher Haster 1:24750b9ad5ef 1112 *(p++) = (unsigned char)( psk_len );
Christopher Haster 1:24750b9ad5ef 1113
Christopher Haster 1:24750b9ad5ef 1114 if( end < p || (size_t)( end - p ) < psk_len )
Christopher Haster 1:24750b9ad5ef 1115 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 1116
Christopher Haster 1:24750b9ad5ef 1117 memset( p, 0, psk_len );
Christopher Haster 1:24750b9ad5ef 1118 p += psk_len;
Christopher Haster 1:24750b9ad5ef 1119 }
Christopher Haster 1:24750b9ad5ef 1120 else
Christopher Haster 1:24750b9ad5ef 1121 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Christopher Haster 1:24750b9ad5ef 1122 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
Christopher Haster 1:24750b9ad5ef 1123 if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
Christopher Haster 1:24750b9ad5ef 1124 {
Christopher Haster 1:24750b9ad5ef 1125 /*
Christopher Haster 1:24750b9ad5ef 1126 * other_secret already set by the ClientKeyExchange message,
Christopher Haster 1:24750b9ad5ef 1127 * and is 48 bytes long
Christopher Haster 1:24750b9ad5ef 1128 */
Christopher Haster 1:24750b9ad5ef 1129 *p++ = 0;
Christopher Haster 1:24750b9ad5ef 1130 *p++ = 48;
Christopher Haster 1:24750b9ad5ef 1131 p += 48;
Christopher Haster 1:24750b9ad5ef 1132 }
Christopher Haster 1:24750b9ad5ef 1133 else
Christopher Haster 1:24750b9ad5ef 1134 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
Christopher Haster 1:24750b9ad5ef 1135 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
Christopher Haster 1:24750b9ad5ef 1136 if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
Christopher Haster 1:24750b9ad5ef 1137 {
Christopher Haster 1:24750b9ad5ef 1138 int ret;
Christopher Haster 1:24750b9ad5ef 1139 size_t len;
Christopher Haster 1:24750b9ad5ef 1140
Christopher Haster 1:24750b9ad5ef 1141 /* Write length only when we know the actual value */
Christopher Haster 1:24750b9ad5ef 1142 if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
Christopher Haster 1:24750b9ad5ef 1143 p + 2, end - ( p + 2 ), &len,
Christopher Haster 1:24750b9ad5ef 1144 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 1145 {
Christopher Haster 1:24750b9ad5ef 1146 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
Christopher Haster 1:24750b9ad5ef 1147 return( ret );
Christopher Haster 1:24750b9ad5ef 1148 }
Christopher Haster 1:24750b9ad5ef 1149 *(p++) = (unsigned char)( len >> 8 );
Christopher Haster 1:24750b9ad5ef 1150 *(p++) = (unsigned char)( len );
Christopher Haster 1:24750b9ad5ef 1151 p += len;
Christopher Haster 1:24750b9ad5ef 1152
Christopher Haster 1:24750b9ad5ef 1153 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
Christopher Haster 1:24750b9ad5ef 1154 }
Christopher Haster 1:24750b9ad5ef 1155 else
Christopher Haster 1:24750b9ad5ef 1156 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
Christopher Haster 1:24750b9ad5ef 1157 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Christopher Haster 1:24750b9ad5ef 1158 if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
Christopher Haster 1:24750b9ad5ef 1159 {
Christopher Haster 1:24750b9ad5ef 1160 int ret;
Christopher Haster 1:24750b9ad5ef 1161 size_t zlen;
Christopher Haster 1:24750b9ad5ef 1162
Christopher Haster 1:24750b9ad5ef 1163 if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
Christopher Haster 1:24750b9ad5ef 1164 p + 2, end - ( p + 2 ),
Christopher Haster 1:24750b9ad5ef 1165 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 1166 {
Christopher Haster 1:24750b9ad5ef 1167 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
Christopher Haster 1:24750b9ad5ef 1168 return( ret );
Christopher Haster 1:24750b9ad5ef 1169 }
Christopher Haster 1:24750b9ad5ef 1170
Christopher Haster 1:24750b9ad5ef 1171 *(p++) = (unsigned char)( zlen >> 8 );
Christopher Haster 1:24750b9ad5ef 1172 *(p++) = (unsigned char)( zlen );
Christopher Haster 1:24750b9ad5ef 1173 p += zlen;
Christopher Haster 1:24750b9ad5ef 1174
Christopher Haster 1:24750b9ad5ef 1175 MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
Christopher Haster 1:24750b9ad5ef 1176 }
Christopher Haster 1:24750b9ad5ef 1177 else
Christopher Haster 1:24750b9ad5ef 1178 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Christopher Haster 1:24750b9ad5ef 1179 {
Christopher Haster 1:24750b9ad5ef 1180 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1181 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1182 }
Christopher Haster 1:24750b9ad5ef 1183
Christopher Haster 1:24750b9ad5ef 1184 /* opaque psk<0..2^16-1>; */
Christopher Haster 1:24750b9ad5ef 1185 if( end - p < 2 )
Christopher Haster 1:24750b9ad5ef 1186 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 1187
Christopher Haster 1:24750b9ad5ef 1188 *(p++) = (unsigned char)( psk_len >> 8 );
Christopher Haster 1:24750b9ad5ef 1189 *(p++) = (unsigned char)( psk_len );
Christopher Haster 1:24750b9ad5ef 1190
Christopher Haster 1:24750b9ad5ef 1191 if( end < p || (size_t)( end - p ) < psk_len )
Christopher Haster 1:24750b9ad5ef 1192 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 1193
Christopher Haster 1:24750b9ad5ef 1194 memcpy( p, psk, psk_len );
Christopher Haster 1:24750b9ad5ef 1195 p += psk_len;
Christopher Haster 1:24750b9ad5ef 1196
Christopher Haster 1:24750b9ad5ef 1197 ssl->handshake->pmslen = p - ssl->handshake->premaster;
Christopher Haster 1:24750b9ad5ef 1198
Christopher Haster 1:24750b9ad5ef 1199 return( 0 );
Christopher Haster 1:24750b9ad5ef 1200 }
Christopher Haster 1:24750b9ad5ef 1201 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
Christopher Haster 1:24750b9ad5ef 1202
Christopher Haster 1:24750b9ad5ef 1203 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 1204 /*
Christopher Haster 1:24750b9ad5ef 1205 * SSLv3.0 MAC functions
Christopher Haster 1:24750b9ad5ef 1206 */
Christopher Haster 1:24750b9ad5ef 1207 static void ssl_mac( mbedtls_md_context_t *md_ctx, unsigned char *secret,
Christopher Haster 1:24750b9ad5ef 1208 unsigned char *buf, size_t len,
Christopher Haster 1:24750b9ad5ef 1209 unsigned char *ctr, int type )
Christopher Haster 1:24750b9ad5ef 1210 {
Christopher Haster 1:24750b9ad5ef 1211 unsigned char header[11];
Christopher Haster 1:24750b9ad5ef 1212 unsigned char padding[48];
Christopher Haster 1:24750b9ad5ef 1213 int padlen;
Christopher Haster 1:24750b9ad5ef 1214 int md_size = mbedtls_md_get_size( md_ctx->md_info );
Christopher Haster 1:24750b9ad5ef 1215 int md_type = mbedtls_md_get_type( md_ctx->md_info );
Christopher Haster 1:24750b9ad5ef 1216
Christopher Haster 1:24750b9ad5ef 1217 /* Only MD5 and SHA-1 supported */
Christopher Haster 1:24750b9ad5ef 1218 if( md_type == MBEDTLS_MD_MD5 )
Christopher Haster 1:24750b9ad5ef 1219 padlen = 48;
Christopher Haster 1:24750b9ad5ef 1220 else
Christopher Haster 1:24750b9ad5ef 1221 padlen = 40;
Christopher Haster 1:24750b9ad5ef 1222
Christopher Haster 1:24750b9ad5ef 1223 memcpy( header, ctr, 8 );
Christopher Haster 1:24750b9ad5ef 1224 header[ 8] = (unsigned char) type;
Christopher Haster 1:24750b9ad5ef 1225 header[ 9] = (unsigned char)( len >> 8 );
Christopher Haster 1:24750b9ad5ef 1226 header[10] = (unsigned char)( len );
Christopher Haster 1:24750b9ad5ef 1227
Christopher Haster 1:24750b9ad5ef 1228 memset( padding, 0x36, padlen );
Christopher Haster 1:24750b9ad5ef 1229 mbedtls_md_starts( md_ctx );
Christopher Haster 1:24750b9ad5ef 1230 mbedtls_md_update( md_ctx, secret, md_size );
Christopher Haster 1:24750b9ad5ef 1231 mbedtls_md_update( md_ctx, padding, padlen );
Christopher Haster 1:24750b9ad5ef 1232 mbedtls_md_update( md_ctx, header, 11 );
Christopher Haster 1:24750b9ad5ef 1233 mbedtls_md_update( md_ctx, buf, len );
Christopher Haster 1:24750b9ad5ef 1234 mbedtls_md_finish( md_ctx, buf + len );
Christopher Haster 1:24750b9ad5ef 1235
Christopher Haster 1:24750b9ad5ef 1236 memset( padding, 0x5C, padlen );
Christopher Haster 1:24750b9ad5ef 1237 mbedtls_md_starts( md_ctx );
Christopher Haster 1:24750b9ad5ef 1238 mbedtls_md_update( md_ctx, secret, md_size );
Christopher Haster 1:24750b9ad5ef 1239 mbedtls_md_update( md_ctx, padding, padlen );
Christopher Haster 1:24750b9ad5ef 1240 mbedtls_md_update( md_ctx, buf + len, md_size );
Christopher Haster 1:24750b9ad5ef 1241 mbedtls_md_finish( md_ctx, buf + len );
Christopher Haster 1:24750b9ad5ef 1242 }
Christopher Haster 1:24750b9ad5ef 1243 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
Christopher Haster 1:24750b9ad5ef 1244
Christopher Haster 1:24750b9ad5ef 1245 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
Christopher Haster 1:24750b9ad5ef 1246 ( defined(MBEDTLS_CIPHER_MODE_CBC) && \
Christopher Haster 1:24750b9ad5ef 1247 ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) )
Christopher Haster 1:24750b9ad5ef 1248 #define SSL_SOME_MODES_USE_MAC
Christopher Haster 1:24750b9ad5ef 1249 #endif
Christopher Haster 1:24750b9ad5ef 1250
Christopher Haster 1:24750b9ad5ef 1251 /*
Christopher Haster 1:24750b9ad5ef 1252 * Encryption/decryption functions
Christopher Haster 1:24750b9ad5ef 1253 */
Christopher Haster 1:24750b9ad5ef 1254 static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 1255 {
Christopher Haster 1:24750b9ad5ef 1256 mbedtls_cipher_mode_t mode;
Christopher Haster 1:24750b9ad5ef 1257 int auth_done = 0;
Christopher Haster 1:24750b9ad5ef 1258
Christopher Haster 1:24750b9ad5ef 1259 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
Christopher Haster 1:24750b9ad5ef 1260
Christopher Haster 1:24750b9ad5ef 1261 if( ssl->session_out == NULL || ssl->transform_out == NULL )
Christopher Haster 1:24750b9ad5ef 1262 {
Christopher Haster 1:24750b9ad5ef 1263 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1264 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1265 }
Christopher Haster 1:24750b9ad5ef 1266
Christopher Haster 1:24750b9ad5ef 1267 mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc );
Christopher Haster 1:24750b9ad5ef 1268
Christopher Haster 1:24750b9ad5ef 1269 MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
Christopher Haster 1:24750b9ad5ef 1270 ssl->out_msg, ssl->out_msglen );
Christopher Haster 1:24750b9ad5ef 1271
Christopher Haster 1:24750b9ad5ef 1272 /*
Christopher Haster 1:24750b9ad5ef 1273 * Add MAC before if needed
Christopher Haster 1:24750b9ad5ef 1274 */
Christopher Haster 1:24750b9ad5ef 1275 #if defined(SSL_SOME_MODES_USE_MAC)
Christopher Haster 1:24750b9ad5ef 1276 if( mode == MBEDTLS_MODE_STREAM ||
Christopher Haster 1:24750b9ad5ef 1277 ( mode == MBEDTLS_MODE_CBC
Christopher Haster 1:24750b9ad5ef 1278 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
Christopher Haster 1:24750b9ad5ef 1279 && ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
Christopher Haster 1:24750b9ad5ef 1280 #endif
Christopher Haster 1:24750b9ad5ef 1281 ) )
Christopher Haster 1:24750b9ad5ef 1282 {
Christopher Haster 1:24750b9ad5ef 1283 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 1284 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
Christopher Haster 1:24750b9ad5ef 1285 {
Christopher Haster 1:24750b9ad5ef 1286 ssl_mac( &ssl->transform_out->md_ctx_enc,
Christopher Haster 1:24750b9ad5ef 1287 ssl->transform_out->mac_enc,
Christopher Haster 1:24750b9ad5ef 1288 ssl->out_msg, ssl->out_msglen,
Christopher Haster 1:24750b9ad5ef 1289 ssl->out_ctr, ssl->out_msgtype );
Christopher Haster 1:24750b9ad5ef 1290 }
Christopher Haster 1:24750b9ad5ef 1291 else
Christopher Haster 1:24750b9ad5ef 1292 #endif
Christopher Haster 1:24750b9ad5ef 1293 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
Christopher Haster 1:24750b9ad5ef 1294 defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 1295 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
Christopher Haster 1:24750b9ad5ef 1296 {
Christopher Haster 1:24750b9ad5ef 1297 mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 );
Christopher Haster 1:24750b9ad5ef 1298 mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 );
Christopher Haster 1:24750b9ad5ef 1299 mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 );
Christopher Haster 1:24750b9ad5ef 1300 mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
Christopher Haster 1:24750b9ad5ef 1301 ssl->out_msg, ssl->out_msglen );
Christopher Haster 1:24750b9ad5ef 1302 mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc,
Christopher Haster 1:24750b9ad5ef 1303 ssl->out_msg + ssl->out_msglen );
Christopher Haster 1:24750b9ad5ef 1304 mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
Christopher Haster 1:24750b9ad5ef 1305 }
Christopher Haster 1:24750b9ad5ef 1306 else
Christopher Haster 1:24750b9ad5ef 1307 #endif
Christopher Haster 1:24750b9ad5ef 1308 {
Christopher Haster 1:24750b9ad5ef 1309 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1310 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1311 }
Christopher Haster 1:24750b9ad5ef 1312
Christopher Haster 1:24750b9ad5ef 1313 MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac",
Christopher Haster 1:24750b9ad5ef 1314 ssl->out_msg + ssl->out_msglen,
Christopher Haster 1:24750b9ad5ef 1315 ssl->transform_out->maclen );
Christopher Haster 1:24750b9ad5ef 1316
Christopher Haster 1:24750b9ad5ef 1317 ssl->out_msglen += ssl->transform_out->maclen;
Christopher Haster 1:24750b9ad5ef 1318 auth_done++;
Christopher Haster 1:24750b9ad5ef 1319 }
Christopher Haster 1:24750b9ad5ef 1320 #endif /* AEAD not the only option */
Christopher Haster 1:24750b9ad5ef 1321
Christopher Haster 1:24750b9ad5ef 1322 /*
Christopher Haster 1:24750b9ad5ef 1323 * Encrypt
Christopher Haster 1:24750b9ad5ef 1324 */
Christopher Haster 1:24750b9ad5ef 1325 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
Christopher Haster 1:24750b9ad5ef 1326 if( mode == MBEDTLS_MODE_STREAM )
Christopher Haster 1:24750b9ad5ef 1327 {
Christopher Haster 1:24750b9ad5ef 1328 int ret;
Christopher Haster 1:24750b9ad5ef 1329 size_t olen = 0;
Christopher Haster 1:24750b9ad5ef 1330
Christopher Haster 1:24750b9ad5ef 1331 MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
Christopher Haster 1:24750b9ad5ef 1332 "including %d bytes of padding",
Christopher Haster 1:24750b9ad5ef 1333 ssl->out_msglen, 0 ) );
Christopher Haster 1:24750b9ad5ef 1334
Christopher Haster 1:24750b9ad5ef 1335 if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
Christopher Haster 1:24750b9ad5ef 1336 ssl->transform_out->iv_enc,
Christopher Haster 1:24750b9ad5ef 1337 ssl->transform_out->ivlen,
Christopher Haster 1:24750b9ad5ef 1338 ssl->out_msg, ssl->out_msglen,
Christopher Haster 1:24750b9ad5ef 1339 ssl->out_msg, &olen ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 1340 {
Christopher Haster 1:24750b9ad5ef 1341 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
Christopher Haster 1:24750b9ad5ef 1342 return( ret );
Christopher Haster 1:24750b9ad5ef 1343 }
Christopher Haster 1:24750b9ad5ef 1344
Christopher Haster 1:24750b9ad5ef 1345 if( ssl->out_msglen != olen )
Christopher Haster 1:24750b9ad5ef 1346 {
Christopher Haster 1:24750b9ad5ef 1347 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1348 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1349 }
Christopher Haster 1:24750b9ad5ef 1350 }
Christopher Haster 1:24750b9ad5ef 1351 else
Christopher Haster 1:24750b9ad5ef 1352 #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
Christopher Haster 1:24750b9ad5ef 1353 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
Christopher Haster 1:24750b9ad5ef 1354 if( mode == MBEDTLS_MODE_GCM ||
Christopher Haster 1:24750b9ad5ef 1355 mode == MBEDTLS_MODE_CCM )
Christopher Haster 1:24750b9ad5ef 1356 {
Christopher Haster 1:24750b9ad5ef 1357 int ret;
Christopher Haster 1:24750b9ad5ef 1358 size_t enc_msglen, olen;
Christopher Haster 1:24750b9ad5ef 1359 unsigned char *enc_msg;
Christopher Haster 1:24750b9ad5ef 1360 unsigned char add_data[13];
Christopher Haster 1:24750b9ad5ef 1361 unsigned char taglen = ssl->transform_out->ciphersuite_info->flags &
Christopher Haster 1:24750b9ad5ef 1362 MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
Christopher Haster 1:24750b9ad5ef 1363
Christopher Haster 1:24750b9ad5ef 1364 memcpy( add_data, ssl->out_ctr, 8 );
Christopher Haster 1:24750b9ad5ef 1365 add_data[8] = ssl->out_msgtype;
Christopher Haster 1:24750b9ad5ef 1366 mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
Christopher Haster 1:24750b9ad5ef 1367 ssl->conf->transport, add_data + 9 );
Christopher Haster 1:24750b9ad5ef 1368 add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF;
Christopher Haster 1:24750b9ad5ef 1369 add_data[12] = ssl->out_msglen & 0xFF;
Christopher Haster 1:24750b9ad5ef 1370
Christopher Haster 1:24750b9ad5ef 1371 MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
Christopher Haster 1:24750b9ad5ef 1372 add_data, 13 );
Christopher Haster 1:24750b9ad5ef 1373
Christopher Haster 1:24750b9ad5ef 1374 /*
Christopher Haster 1:24750b9ad5ef 1375 * Generate IV
Christopher Haster 1:24750b9ad5ef 1376 */
Christopher Haster 1:24750b9ad5ef 1377 #if defined(MBEDTLS_SSL_AEAD_RANDOM_IV)
Christopher Haster 1:24750b9ad5ef 1378 ret = ssl->conf->f_rng( ssl->conf->p_rng,
Christopher Haster 1:24750b9ad5ef 1379 ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
Christopher Haster 1:24750b9ad5ef 1380 ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
Christopher Haster 1:24750b9ad5ef 1381 if( ret != 0 )
Christopher Haster 1:24750b9ad5ef 1382 return( ret );
Christopher Haster 1:24750b9ad5ef 1383
Christopher Haster 1:24750b9ad5ef 1384 memcpy( ssl->out_iv,
Christopher Haster 1:24750b9ad5ef 1385 ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
Christopher Haster 1:24750b9ad5ef 1386 ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
Christopher Haster 1:24750b9ad5ef 1387 #else
Christopher Haster 1:24750b9ad5ef 1388 if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 )
Christopher Haster 1:24750b9ad5ef 1389 {
Christopher Haster 1:24750b9ad5ef 1390 /* Reminder if we ever add an AEAD mode with a different size */
Christopher Haster 1:24750b9ad5ef 1391 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1392 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1393 }
Christopher Haster 1:24750b9ad5ef 1394
Christopher Haster 1:24750b9ad5ef 1395 memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
Christopher Haster 1:24750b9ad5ef 1396 ssl->out_ctr, 8 );
Christopher Haster 1:24750b9ad5ef 1397 memcpy( ssl->out_iv, ssl->out_ctr, 8 );
Christopher Haster 1:24750b9ad5ef 1398 #endif
Christopher Haster 1:24750b9ad5ef 1399
Christopher Haster 1:24750b9ad5ef 1400 MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
Christopher Haster 1:24750b9ad5ef 1401 ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
Christopher Haster 1:24750b9ad5ef 1402
Christopher Haster 1:24750b9ad5ef 1403 /*
Christopher Haster 1:24750b9ad5ef 1404 * Fix pointer positions and message length with added IV
Christopher Haster 1:24750b9ad5ef 1405 */
Christopher Haster 1:24750b9ad5ef 1406 enc_msg = ssl->out_msg;
Christopher Haster 1:24750b9ad5ef 1407 enc_msglen = ssl->out_msglen;
Christopher Haster 1:24750b9ad5ef 1408 ssl->out_msglen += ssl->transform_out->ivlen -
Christopher Haster 1:24750b9ad5ef 1409 ssl->transform_out->fixed_ivlen;
Christopher Haster 1:24750b9ad5ef 1410
Christopher Haster 1:24750b9ad5ef 1411 MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
Christopher Haster 1:24750b9ad5ef 1412 "including %d bytes of padding",
Christopher Haster 1:24750b9ad5ef 1413 ssl->out_msglen, 0 ) );
Christopher Haster 1:24750b9ad5ef 1414
Christopher Haster 1:24750b9ad5ef 1415 /*
Christopher Haster 1:24750b9ad5ef 1416 * Encrypt and authenticate
Christopher Haster 1:24750b9ad5ef 1417 */
Christopher Haster 1:24750b9ad5ef 1418 if( ( ret = mbedtls_cipher_auth_encrypt( &ssl->transform_out->cipher_ctx_enc,
Christopher Haster 1:24750b9ad5ef 1419 ssl->transform_out->iv_enc,
Christopher Haster 1:24750b9ad5ef 1420 ssl->transform_out->ivlen,
Christopher Haster 1:24750b9ad5ef 1421 add_data, 13,
Christopher Haster 1:24750b9ad5ef 1422 enc_msg, enc_msglen,
Christopher Haster 1:24750b9ad5ef 1423 enc_msg, &olen,
Christopher Haster 1:24750b9ad5ef 1424 enc_msg + enc_msglen, taglen ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 1425 {
Christopher Haster 1:24750b9ad5ef 1426 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret );
Christopher Haster 1:24750b9ad5ef 1427 return( ret );
Christopher Haster 1:24750b9ad5ef 1428 }
Christopher Haster 1:24750b9ad5ef 1429
Christopher Haster 1:24750b9ad5ef 1430 if( olen != enc_msglen )
Christopher Haster 1:24750b9ad5ef 1431 {
Christopher Haster 1:24750b9ad5ef 1432 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1433 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1434 }
Christopher Haster 1:24750b9ad5ef 1435
Christopher Haster 1:24750b9ad5ef 1436 ssl->out_msglen += taglen;
Christopher Haster 1:24750b9ad5ef 1437 auth_done++;
Christopher Haster 1:24750b9ad5ef 1438
Christopher Haster 1:24750b9ad5ef 1439 MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen );
Christopher Haster 1:24750b9ad5ef 1440 }
Christopher Haster 1:24750b9ad5ef 1441 else
Christopher Haster 1:24750b9ad5ef 1442 #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
Christopher Haster 1:24750b9ad5ef 1443 #if defined(MBEDTLS_CIPHER_MODE_CBC) && \
Christopher Haster 1:24750b9ad5ef 1444 ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) )
Christopher Haster 1:24750b9ad5ef 1445 if( mode == MBEDTLS_MODE_CBC )
Christopher Haster 1:24750b9ad5ef 1446 {
Christopher Haster 1:24750b9ad5ef 1447 int ret;
Christopher Haster 1:24750b9ad5ef 1448 unsigned char *enc_msg;
Christopher Haster 1:24750b9ad5ef 1449 size_t enc_msglen, padlen, olen = 0, i;
Christopher Haster 1:24750b9ad5ef 1450
Christopher Haster 1:24750b9ad5ef 1451 padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) %
Christopher Haster 1:24750b9ad5ef 1452 ssl->transform_out->ivlen;
Christopher Haster 1:24750b9ad5ef 1453 if( padlen == ssl->transform_out->ivlen )
Christopher Haster 1:24750b9ad5ef 1454 padlen = 0;
Christopher Haster 1:24750b9ad5ef 1455
Christopher Haster 1:24750b9ad5ef 1456 for( i = 0; i <= padlen; i++ )
Christopher Haster 1:24750b9ad5ef 1457 ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen;
Christopher Haster 1:24750b9ad5ef 1458
Christopher Haster 1:24750b9ad5ef 1459 ssl->out_msglen += padlen + 1;
Christopher Haster 1:24750b9ad5ef 1460
Christopher Haster 1:24750b9ad5ef 1461 enc_msglen = ssl->out_msglen;
Christopher Haster 1:24750b9ad5ef 1462 enc_msg = ssl->out_msg;
Christopher Haster 1:24750b9ad5ef 1463
Christopher Haster 1:24750b9ad5ef 1464 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 1465 /*
Christopher Haster 1:24750b9ad5ef 1466 * Prepend per-record IV for block cipher in TLS v1.1 and up as per
Christopher Haster 1:24750b9ad5ef 1467 * Method 1 (6.2.3.2. in RFC4346 and RFC5246)
Christopher Haster 1:24750b9ad5ef 1468 */
Christopher Haster 1:24750b9ad5ef 1469 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
Christopher Haster 1:24750b9ad5ef 1470 {
Christopher Haster 1:24750b9ad5ef 1471 /*
Christopher Haster 1:24750b9ad5ef 1472 * Generate IV
Christopher Haster 1:24750b9ad5ef 1473 */
Christopher Haster 1:24750b9ad5ef 1474 ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc,
Christopher Haster 1:24750b9ad5ef 1475 ssl->transform_out->ivlen );
Christopher Haster 1:24750b9ad5ef 1476 if( ret != 0 )
Christopher Haster 1:24750b9ad5ef 1477 return( ret );
Christopher Haster 1:24750b9ad5ef 1478
Christopher Haster 1:24750b9ad5ef 1479 memcpy( ssl->out_iv, ssl->transform_out->iv_enc,
Christopher Haster 1:24750b9ad5ef 1480 ssl->transform_out->ivlen );
Christopher Haster 1:24750b9ad5ef 1481
Christopher Haster 1:24750b9ad5ef 1482 /*
Christopher Haster 1:24750b9ad5ef 1483 * Fix pointer positions and message length with added IV
Christopher Haster 1:24750b9ad5ef 1484 */
Christopher Haster 1:24750b9ad5ef 1485 enc_msg = ssl->out_msg;
Christopher Haster 1:24750b9ad5ef 1486 enc_msglen = ssl->out_msglen;
Christopher Haster 1:24750b9ad5ef 1487 ssl->out_msglen += ssl->transform_out->ivlen;
Christopher Haster 1:24750b9ad5ef 1488 }
Christopher Haster 1:24750b9ad5ef 1489 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 1490
Christopher Haster 1:24750b9ad5ef 1491 MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
Christopher Haster 1:24750b9ad5ef 1492 "including %d bytes of IV and %d bytes of padding",
Christopher Haster 1:24750b9ad5ef 1493 ssl->out_msglen, ssl->transform_out->ivlen,
Christopher Haster 1:24750b9ad5ef 1494 padlen + 1 ) );
Christopher Haster 1:24750b9ad5ef 1495
Christopher Haster 1:24750b9ad5ef 1496 if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
Christopher Haster 1:24750b9ad5ef 1497 ssl->transform_out->iv_enc,
Christopher Haster 1:24750b9ad5ef 1498 ssl->transform_out->ivlen,
Christopher Haster 1:24750b9ad5ef 1499 enc_msg, enc_msglen,
Christopher Haster 1:24750b9ad5ef 1500 enc_msg, &olen ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 1501 {
Christopher Haster 1:24750b9ad5ef 1502 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
Christopher Haster 1:24750b9ad5ef 1503 return( ret );
Christopher Haster 1:24750b9ad5ef 1504 }
Christopher Haster 1:24750b9ad5ef 1505
Christopher Haster 1:24750b9ad5ef 1506 if( enc_msglen != olen )
Christopher Haster 1:24750b9ad5ef 1507 {
Christopher Haster 1:24750b9ad5ef 1508 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1509 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1510 }
Christopher Haster 1:24750b9ad5ef 1511
Christopher Haster 1:24750b9ad5ef 1512 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
Christopher Haster 1:24750b9ad5ef 1513 if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
Christopher Haster 1:24750b9ad5ef 1514 {
Christopher Haster 1:24750b9ad5ef 1515 /*
Christopher Haster 1:24750b9ad5ef 1516 * Save IV in SSL3 and TLS1
Christopher Haster 1:24750b9ad5ef 1517 */
Christopher Haster 1:24750b9ad5ef 1518 memcpy( ssl->transform_out->iv_enc,
Christopher Haster 1:24750b9ad5ef 1519 ssl->transform_out->cipher_ctx_enc.iv,
Christopher Haster 1:24750b9ad5ef 1520 ssl->transform_out->ivlen );
Christopher Haster 1:24750b9ad5ef 1521 }
Christopher Haster 1:24750b9ad5ef 1522 #endif
Christopher Haster 1:24750b9ad5ef 1523
Christopher Haster 1:24750b9ad5ef 1524 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
Christopher Haster 1:24750b9ad5ef 1525 if( auth_done == 0 )
Christopher Haster 1:24750b9ad5ef 1526 {
Christopher Haster 1:24750b9ad5ef 1527 /*
Christopher Haster 1:24750b9ad5ef 1528 * MAC(MAC_write_key, seq_num +
Christopher Haster 1:24750b9ad5ef 1529 * TLSCipherText.type +
Christopher Haster 1:24750b9ad5ef 1530 * TLSCipherText.version +
Christopher Haster 1:24750b9ad5ef 1531 * length_of( (IV +) ENC(...) ) +
Christopher Haster 1:24750b9ad5ef 1532 * IV + // except for TLS 1.0
Christopher Haster 1:24750b9ad5ef 1533 * ENC(content + padding + padding_length));
Christopher Haster 1:24750b9ad5ef 1534 */
Christopher Haster 1:24750b9ad5ef 1535 unsigned char pseudo_hdr[13];
Christopher Haster 1:24750b9ad5ef 1536
Christopher Haster 1:24750b9ad5ef 1537 MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
Christopher Haster 1:24750b9ad5ef 1538
Christopher Haster 1:24750b9ad5ef 1539 memcpy( pseudo_hdr + 0, ssl->out_ctr, 8 );
Christopher Haster 1:24750b9ad5ef 1540 memcpy( pseudo_hdr + 8, ssl->out_hdr, 3 );
Christopher Haster 1:24750b9ad5ef 1541 pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF );
Christopher Haster 1:24750b9ad5ef 1542 pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen ) & 0xFF );
Christopher Haster 1:24750b9ad5ef 1543
Christopher Haster 1:24750b9ad5ef 1544 MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
Christopher Haster 1:24750b9ad5ef 1545
Christopher Haster 1:24750b9ad5ef 1546 mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 );
Christopher Haster 1:24750b9ad5ef 1547 mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
Christopher Haster 1:24750b9ad5ef 1548 ssl->out_iv, ssl->out_msglen );
Christopher Haster 1:24750b9ad5ef 1549 mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc,
Christopher Haster 1:24750b9ad5ef 1550 ssl->out_iv + ssl->out_msglen );
Christopher Haster 1:24750b9ad5ef 1551 mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
Christopher Haster 1:24750b9ad5ef 1552
Christopher Haster 1:24750b9ad5ef 1553 ssl->out_msglen += ssl->transform_out->maclen;
Christopher Haster 1:24750b9ad5ef 1554 auth_done++;
Christopher Haster 1:24750b9ad5ef 1555 }
Christopher Haster 1:24750b9ad5ef 1556 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
Christopher Haster 1:24750b9ad5ef 1557 }
Christopher Haster 1:24750b9ad5ef 1558 else
Christopher Haster 1:24750b9ad5ef 1559 #endif /* MBEDTLS_CIPHER_MODE_CBC &&
Christopher Haster 1:24750b9ad5ef 1560 ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */
Christopher Haster 1:24750b9ad5ef 1561 {
Christopher Haster 1:24750b9ad5ef 1562 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1563 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1564 }
Christopher Haster 1:24750b9ad5ef 1565
Christopher Haster 1:24750b9ad5ef 1566 /* Make extra sure authentication was performed, exactly once */
Christopher Haster 1:24750b9ad5ef 1567 if( auth_done != 1 )
Christopher Haster 1:24750b9ad5ef 1568 {
Christopher Haster 1:24750b9ad5ef 1569 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1570 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1571 }
Christopher Haster 1:24750b9ad5ef 1572
Christopher Haster 1:24750b9ad5ef 1573 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
Christopher Haster 1:24750b9ad5ef 1574
Christopher Haster 1:24750b9ad5ef 1575 return( 0 );
Christopher Haster 1:24750b9ad5ef 1576 }
Christopher Haster 1:24750b9ad5ef 1577
Christopher Haster 1:24750b9ad5ef 1578 #define SSL_MAX_MAC_SIZE 48
Christopher Haster 1:24750b9ad5ef 1579
Christopher Haster 1:24750b9ad5ef 1580 static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 1581 {
Christopher Haster 1:24750b9ad5ef 1582 size_t i;
Christopher Haster 1:24750b9ad5ef 1583 mbedtls_cipher_mode_t mode;
Christopher Haster 1:24750b9ad5ef 1584 int auth_done = 0;
Christopher Haster 1:24750b9ad5ef 1585 #if defined(SSL_SOME_MODES_USE_MAC)
Christopher Haster 1:24750b9ad5ef 1586 size_t padlen = 0, correct = 1;
Christopher Haster 1:24750b9ad5ef 1587 #endif
Christopher Haster 1:24750b9ad5ef 1588
Christopher Haster 1:24750b9ad5ef 1589 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
Christopher Haster 1:24750b9ad5ef 1590
Christopher Haster 1:24750b9ad5ef 1591 if( ssl->session_in == NULL || ssl->transform_in == NULL )
Christopher Haster 1:24750b9ad5ef 1592 {
Christopher Haster 1:24750b9ad5ef 1593 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1594 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1595 }
Christopher Haster 1:24750b9ad5ef 1596
Christopher Haster 1:24750b9ad5ef 1597 mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec );
Christopher Haster 1:24750b9ad5ef 1598
Christopher Haster 1:24750b9ad5ef 1599 if( ssl->in_msglen < ssl->transform_in->minlen )
Christopher Haster 1:24750b9ad5ef 1600 {
Christopher Haster 1:24750b9ad5ef 1601 MBEDTLS_SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
Christopher Haster 1:24750b9ad5ef 1602 ssl->in_msglen, ssl->transform_in->minlen ) );
Christopher Haster 1:24750b9ad5ef 1603 return( MBEDTLS_ERR_SSL_INVALID_MAC );
Christopher Haster 1:24750b9ad5ef 1604 }
Christopher Haster 1:24750b9ad5ef 1605
Christopher Haster 1:24750b9ad5ef 1606 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
Christopher Haster 1:24750b9ad5ef 1607 if( mode == MBEDTLS_MODE_STREAM )
Christopher Haster 1:24750b9ad5ef 1608 {
Christopher Haster 1:24750b9ad5ef 1609 int ret;
Christopher Haster 1:24750b9ad5ef 1610 size_t olen = 0;
Christopher Haster 1:24750b9ad5ef 1611
Christopher Haster 1:24750b9ad5ef 1612 padlen = 0;
Christopher Haster 1:24750b9ad5ef 1613
Christopher Haster 1:24750b9ad5ef 1614 if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
Christopher Haster 1:24750b9ad5ef 1615 ssl->transform_in->iv_dec,
Christopher Haster 1:24750b9ad5ef 1616 ssl->transform_in->ivlen,
Christopher Haster 1:24750b9ad5ef 1617 ssl->in_msg, ssl->in_msglen,
Christopher Haster 1:24750b9ad5ef 1618 ssl->in_msg, &olen ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 1619 {
Christopher Haster 1:24750b9ad5ef 1620 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
Christopher Haster 1:24750b9ad5ef 1621 return( ret );
Christopher Haster 1:24750b9ad5ef 1622 }
Christopher Haster 1:24750b9ad5ef 1623
Christopher Haster 1:24750b9ad5ef 1624 if( ssl->in_msglen != olen )
Christopher Haster 1:24750b9ad5ef 1625 {
Christopher Haster 1:24750b9ad5ef 1626 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1627 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1628 }
Christopher Haster 1:24750b9ad5ef 1629 }
Christopher Haster 1:24750b9ad5ef 1630 else
Christopher Haster 1:24750b9ad5ef 1631 #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
Christopher Haster 1:24750b9ad5ef 1632 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
Christopher Haster 1:24750b9ad5ef 1633 if( mode == MBEDTLS_MODE_GCM ||
Christopher Haster 1:24750b9ad5ef 1634 mode == MBEDTLS_MODE_CCM )
Christopher Haster 1:24750b9ad5ef 1635 {
Christopher Haster 1:24750b9ad5ef 1636 int ret;
Christopher Haster 1:24750b9ad5ef 1637 size_t dec_msglen, olen;
Christopher Haster 1:24750b9ad5ef 1638 unsigned char *dec_msg;
Christopher Haster 1:24750b9ad5ef 1639 unsigned char *dec_msg_result;
Christopher Haster 1:24750b9ad5ef 1640 unsigned char add_data[13];
Christopher Haster 1:24750b9ad5ef 1641 unsigned char taglen = ssl->transform_in->ciphersuite_info->flags &
Christopher Haster 1:24750b9ad5ef 1642 MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
Christopher Haster 1:24750b9ad5ef 1643 size_t explicit_iv_len = ssl->transform_in->ivlen -
Christopher Haster 1:24750b9ad5ef 1644 ssl->transform_in->fixed_ivlen;
Christopher Haster 1:24750b9ad5ef 1645
Christopher Haster 1:24750b9ad5ef 1646 if( ssl->in_msglen < explicit_iv_len + taglen )
Christopher Haster 1:24750b9ad5ef 1647 {
Christopher Haster 1:24750b9ad5ef 1648 MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
Christopher Haster 1:24750b9ad5ef 1649 "+ taglen (%d)", ssl->in_msglen,
Christopher Haster 1:24750b9ad5ef 1650 explicit_iv_len, taglen ) );
Christopher Haster 1:24750b9ad5ef 1651 return( MBEDTLS_ERR_SSL_INVALID_MAC );
Christopher Haster 1:24750b9ad5ef 1652 }
Christopher Haster 1:24750b9ad5ef 1653 dec_msglen = ssl->in_msglen - explicit_iv_len - taglen;
Christopher Haster 1:24750b9ad5ef 1654
Christopher Haster 1:24750b9ad5ef 1655 dec_msg = ssl->in_msg;
Christopher Haster 1:24750b9ad5ef 1656 dec_msg_result = ssl->in_msg;
Christopher Haster 1:24750b9ad5ef 1657 ssl->in_msglen = dec_msglen;
Christopher Haster 1:24750b9ad5ef 1658
Christopher Haster 1:24750b9ad5ef 1659 memcpy( add_data, ssl->in_ctr, 8 );
Christopher Haster 1:24750b9ad5ef 1660 add_data[8] = ssl->in_msgtype;
Christopher Haster 1:24750b9ad5ef 1661 mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
Christopher Haster 1:24750b9ad5ef 1662 ssl->conf->transport, add_data + 9 );
Christopher Haster 1:24750b9ad5ef 1663 add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF;
Christopher Haster 1:24750b9ad5ef 1664 add_data[12] = ssl->in_msglen & 0xFF;
Christopher Haster 1:24750b9ad5ef 1665
Christopher Haster 1:24750b9ad5ef 1666 MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
Christopher Haster 1:24750b9ad5ef 1667 add_data, 13 );
Christopher Haster 1:24750b9ad5ef 1668
Christopher Haster 1:24750b9ad5ef 1669 memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
Christopher Haster 1:24750b9ad5ef 1670 ssl->in_iv,
Christopher Haster 1:24750b9ad5ef 1671 ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen );
Christopher Haster 1:24750b9ad5ef 1672
Christopher Haster 1:24750b9ad5ef 1673 MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec,
Christopher Haster 1:24750b9ad5ef 1674 ssl->transform_in->ivlen );
Christopher Haster 1:24750b9ad5ef 1675 MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen );
Christopher Haster 1:24750b9ad5ef 1676
Christopher Haster 1:24750b9ad5ef 1677 /*
Christopher Haster 1:24750b9ad5ef 1678 * Decrypt and authenticate
Christopher Haster 1:24750b9ad5ef 1679 */
Christopher Haster 1:24750b9ad5ef 1680 if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec,
Christopher Haster 1:24750b9ad5ef 1681 ssl->transform_in->iv_dec,
Christopher Haster 1:24750b9ad5ef 1682 ssl->transform_in->ivlen,
Christopher Haster 1:24750b9ad5ef 1683 add_data, 13,
Christopher Haster 1:24750b9ad5ef 1684 dec_msg, dec_msglen,
Christopher Haster 1:24750b9ad5ef 1685 dec_msg_result, &olen,
Christopher Haster 1:24750b9ad5ef 1686 dec_msg + dec_msglen, taglen ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 1687 {
Christopher Haster 1:24750b9ad5ef 1688 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret );
Christopher Haster 1:24750b9ad5ef 1689
Christopher Haster 1:24750b9ad5ef 1690 if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
Christopher Haster 1:24750b9ad5ef 1691 return( MBEDTLS_ERR_SSL_INVALID_MAC );
Christopher Haster 1:24750b9ad5ef 1692
Christopher Haster 1:24750b9ad5ef 1693 return( ret );
Christopher Haster 1:24750b9ad5ef 1694 }
Christopher Haster 1:24750b9ad5ef 1695 auth_done++;
Christopher Haster 1:24750b9ad5ef 1696
Christopher Haster 1:24750b9ad5ef 1697 if( olen != dec_msglen )
Christopher Haster 1:24750b9ad5ef 1698 {
Christopher Haster 1:24750b9ad5ef 1699 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1700 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1701 }
Christopher Haster 1:24750b9ad5ef 1702 }
Christopher Haster 1:24750b9ad5ef 1703 else
Christopher Haster 1:24750b9ad5ef 1704 #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
Christopher Haster 1:24750b9ad5ef 1705 #if defined(MBEDTLS_CIPHER_MODE_CBC) && \
Christopher Haster 1:24750b9ad5ef 1706 ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) )
Christopher Haster 1:24750b9ad5ef 1707 if( mode == MBEDTLS_MODE_CBC )
Christopher Haster 1:24750b9ad5ef 1708 {
Christopher Haster 1:24750b9ad5ef 1709 /*
Christopher Haster 1:24750b9ad5ef 1710 * Decrypt and check the padding
Christopher Haster 1:24750b9ad5ef 1711 */
Christopher Haster 1:24750b9ad5ef 1712 int ret;
Christopher Haster 1:24750b9ad5ef 1713 unsigned char *dec_msg;
Christopher Haster 1:24750b9ad5ef 1714 unsigned char *dec_msg_result;
Christopher Haster 1:24750b9ad5ef 1715 size_t dec_msglen;
Christopher Haster 1:24750b9ad5ef 1716 size_t minlen = 0;
Christopher Haster 1:24750b9ad5ef 1717 size_t olen = 0;
Christopher Haster 1:24750b9ad5ef 1718
Christopher Haster 1:24750b9ad5ef 1719 /*
Christopher Haster 1:24750b9ad5ef 1720 * Check immediate ciphertext sanity
Christopher Haster 1:24750b9ad5ef 1721 */
Christopher Haster 1:24750b9ad5ef 1722 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 1723 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
Christopher Haster 1:24750b9ad5ef 1724 minlen += ssl->transform_in->ivlen;
Christopher Haster 1:24750b9ad5ef 1725 #endif
Christopher Haster 1:24750b9ad5ef 1726
Christopher Haster 1:24750b9ad5ef 1727 if( ssl->in_msglen < minlen + ssl->transform_in->ivlen ||
Christopher Haster 1:24750b9ad5ef 1728 ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 )
Christopher Haster 1:24750b9ad5ef 1729 {
Christopher Haster 1:24750b9ad5ef 1730 MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) "
Christopher Haster 1:24750b9ad5ef 1731 "+ 1 ) ( + expl IV )", ssl->in_msglen,
Christopher Haster 1:24750b9ad5ef 1732 ssl->transform_in->ivlen,
Christopher Haster 1:24750b9ad5ef 1733 ssl->transform_in->maclen ) );
Christopher Haster 1:24750b9ad5ef 1734 return( MBEDTLS_ERR_SSL_INVALID_MAC );
Christopher Haster 1:24750b9ad5ef 1735 }
Christopher Haster 1:24750b9ad5ef 1736
Christopher Haster 1:24750b9ad5ef 1737 dec_msglen = ssl->in_msglen;
Christopher Haster 1:24750b9ad5ef 1738 dec_msg = ssl->in_msg;
Christopher Haster 1:24750b9ad5ef 1739 dec_msg_result = ssl->in_msg;
Christopher Haster 1:24750b9ad5ef 1740
Christopher Haster 1:24750b9ad5ef 1741 /*
Christopher Haster 1:24750b9ad5ef 1742 * Authenticate before decrypt if enabled
Christopher Haster 1:24750b9ad5ef 1743 */
Christopher Haster 1:24750b9ad5ef 1744 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
Christopher Haster 1:24750b9ad5ef 1745 if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
Christopher Haster 1:24750b9ad5ef 1746 {
Christopher Haster 1:24750b9ad5ef 1747 unsigned char computed_mac[SSL_MAX_MAC_SIZE];
Christopher Haster 1:24750b9ad5ef 1748 unsigned char pseudo_hdr[13];
Christopher Haster 1:24750b9ad5ef 1749
Christopher Haster 1:24750b9ad5ef 1750 MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
Christopher Haster 1:24750b9ad5ef 1751
Christopher Haster 1:24750b9ad5ef 1752 dec_msglen -= ssl->transform_in->maclen;
Christopher Haster 1:24750b9ad5ef 1753 ssl->in_msglen -= ssl->transform_in->maclen;
Christopher Haster 1:24750b9ad5ef 1754
Christopher Haster 1:24750b9ad5ef 1755 memcpy( pseudo_hdr + 0, ssl->in_ctr, 8 );
Christopher Haster 1:24750b9ad5ef 1756 memcpy( pseudo_hdr + 8, ssl->in_hdr, 3 );
Christopher Haster 1:24750b9ad5ef 1757 pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF );
Christopher Haster 1:24750b9ad5ef 1758 pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen ) & 0xFF );
Christopher Haster 1:24750b9ad5ef 1759
Christopher Haster 1:24750b9ad5ef 1760 MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
Christopher Haster 1:24750b9ad5ef 1761
Christopher Haster 1:24750b9ad5ef 1762 mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 );
Christopher Haster 1:24750b9ad5ef 1763 mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec,
Christopher Haster 1:24750b9ad5ef 1764 ssl->in_iv, ssl->in_msglen );
Christopher Haster 1:24750b9ad5ef 1765 mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, computed_mac );
Christopher Haster 1:24750b9ad5ef 1766 mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
Christopher Haster 1:24750b9ad5ef 1767
Christopher Haster 1:24750b9ad5ef 1768 MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen,
Christopher Haster 1:24750b9ad5ef 1769 ssl->transform_in->maclen );
Christopher Haster 1:24750b9ad5ef 1770 MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", computed_mac,
Christopher Haster 1:24750b9ad5ef 1771 ssl->transform_in->maclen );
Christopher Haster 1:24750b9ad5ef 1772
Christopher Haster 1:24750b9ad5ef 1773 if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, computed_mac,
Christopher Haster 1:24750b9ad5ef 1774 ssl->transform_in->maclen ) != 0 )
Christopher Haster 1:24750b9ad5ef 1775 {
Christopher Haster 1:24750b9ad5ef 1776 MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
Christopher Haster 1:24750b9ad5ef 1777
Christopher Haster 1:24750b9ad5ef 1778 return( MBEDTLS_ERR_SSL_INVALID_MAC );
Christopher Haster 1:24750b9ad5ef 1779 }
Christopher Haster 1:24750b9ad5ef 1780 auth_done++;
Christopher Haster 1:24750b9ad5ef 1781 }
Christopher Haster 1:24750b9ad5ef 1782 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
Christopher Haster 1:24750b9ad5ef 1783
Christopher Haster 1:24750b9ad5ef 1784 /*
Christopher Haster 1:24750b9ad5ef 1785 * Check length sanity
Christopher Haster 1:24750b9ad5ef 1786 */
Christopher Haster 1:24750b9ad5ef 1787 if( ssl->in_msglen % ssl->transform_in->ivlen != 0 )
Christopher Haster 1:24750b9ad5ef 1788 {
Christopher Haster 1:24750b9ad5ef 1789 MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
Christopher Haster 1:24750b9ad5ef 1790 ssl->in_msglen, ssl->transform_in->ivlen ) );
Christopher Haster 1:24750b9ad5ef 1791 return( MBEDTLS_ERR_SSL_INVALID_MAC );
Christopher Haster 1:24750b9ad5ef 1792 }
Christopher Haster 1:24750b9ad5ef 1793
Christopher Haster 1:24750b9ad5ef 1794 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 1795 /*
Christopher Haster 1:24750b9ad5ef 1796 * Initialize for prepended IV for block cipher in TLS v1.1 and up
Christopher Haster 1:24750b9ad5ef 1797 */
Christopher Haster 1:24750b9ad5ef 1798 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
Christopher Haster 1:24750b9ad5ef 1799 {
Christopher Haster 1:24750b9ad5ef 1800 dec_msglen -= ssl->transform_in->ivlen;
Christopher Haster 1:24750b9ad5ef 1801 ssl->in_msglen -= ssl->transform_in->ivlen;
Christopher Haster 1:24750b9ad5ef 1802
Christopher Haster 1:24750b9ad5ef 1803 for( i = 0; i < ssl->transform_in->ivlen; i++ )
Christopher Haster 1:24750b9ad5ef 1804 ssl->transform_in->iv_dec[i] = ssl->in_iv[i];
Christopher Haster 1:24750b9ad5ef 1805 }
Christopher Haster 1:24750b9ad5ef 1806 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 1807
Christopher Haster 1:24750b9ad5ef 1808 if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
Christopher Haster 1:24750b9ad5ef 1809 ssl->transform_in->iv_dec,
Christopher Haster 1:24750b9ad5ef 1810 ssl->transform_in->ivlen,
Christopher Haster 1:24750b9ad5ef 1811 dec_msg, dec_msglen,
Christopher Haster 1:24750b9ad5ef 1812 dec_msg_result, &olen ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 1813 {
Christopher Haster 1:24750b9ad5ef 1814 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
Christopher Haster 1:24750b9ad5ef 1815 return( ret );
Christopher Haster 1:24750b9ad5ef 1816 }
Christopher Haster 1:24750b9ad5ef 1817
Christopher Haster 1:24750b9ad5ef 1818 if( dec_msglen != olen )
Christopher Haster 1:24750b9ad5ef 1819 {
Christopher Haster 1:24750b9ad5ef 1820 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1821 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1822 }
Christopher Haster 1:24750b9ad5ef 1823
Christopher Haster 1:24750b9ad5ef 1824 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
Christopher Haster 1:24750b9ad5ef 1825 if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
Christopher Haster 1:24750b9ad5ef 1826 {
Christopher Haster 1:24750b9ad5ef 1827 /*
Christopher Haster 1:24750b9ad5ef 1828 * Save IV in SSL3 and TLS1
Christopher Haster 1:24750b9ad5ef 1829 */
Christopher Haster 1:24750b9ad5ef 1830 memcpy( ssl->transform_in->iv_dec,
Christopher Haster 1:24750b9ad5ef 1831 ssl->transform_in->cipher_ctx_dec.iv,
Christopher Haster 1:24750b9ad5ef 1832 ssl->transform_in->ivlen );
Christopher Haster 1:24750b9ad5ef 1833 }
Christopher Haster 1:24750b9ad5ef 1834 #endif
Christopher Haster 1:24750b9ad5ef 1835
Christopher Haster 1:24750b9ad5ef 1836 padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
Christopher Haster 1:24750b9ad5ef 1837
Christopher Haster 1:24750b9ad5ef 1838 if( ssl->in_msglen < ssl->transform_in->maclen + padlen &&
Christopher Haster 1:24750b9ad5ef 1839 auth_done == 0 )
Christopher Haster 1:24750b9ad5ef 1840 {
Christopher Haster 1:24750b9ad5ef 1841 #if defined(MBEDTLS_SSL_DEBUG_ALL)
Christopher Haster 1:24750b9ad5ef 1842 MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
Christopher Haster 1:24750b9ad5ef 1843 ssl->in_msglen, ssl->transform_in->maclen, padlen ) );
Christopher Haster 1:24750b9ad5ef 1844 #endif
Christopher Haster 1:24750b9ad5ef 1845 padlen = 0;
Christopher Haster 1:24750b9ad5ef 1846 correct = 0;
Christopher Haster 1:24750b9ad5ef 1847 }
Christopher Haster 1:24750b9ad5ef 1848
Christopher Haster 1:24750b9ad5ef 1849 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 1850 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
Christopher Haster 1:24750b9ad5ef 1851 {
Christopher Haster 1:24750b9ad5ef 1852 if( padlen > ssl->transform_in->ivlen )
Christopher Haster 1:24750b9ad5ef 1853 {
Christopher Haster 1:24750b9ad5ef 1854 #if defined(MBEDTLS_SSL_DEBUG_ALL)
Christopher Haster 1:24750b9ad5ef 1855 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
Christopher Haster 1:24750b9ad5ef 1856 "should be no more than %d",
Christopher Haster 1:24750b9ad5ef 1857 padlen, ssl->transform_in->ivlen ) );
Christopher Haster 1:24750b9ad5ef 1858 #endif
Christopher Haster 1:24750b9ad5ef 1859 correct = 0;
Christopher Haster 1:24750b9ad5ef 1860 }
Christopher Haster 1:24750b9ad5ef 1861 }
Christopher Haster 1:24750b9ad5ef 1862 else
Christopher Haster 1:24750b9ad5ef 1863 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
Christopher Haster 1:24750b9ad5ef 1864 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
Christopher Haster 1:24750b9ad5ef 1865 defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 1866 if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
Christopher Haster 1:24750b9ad5ef 1867 {
Christopher Haster 1:24750b9ad5ef 1868 /*
Christopher Haster 1:24750b9ad5ef 1869 * TLSv1+: always check the padding up to the first failure
Christopher Haster 1:24750b9ad5ef 1870 * and fake check up to 256 bytes of padding
Christopher Haster 1:24750b9ad5ef 1871 */
Christopher Haster 1:24750b9ad5ef 1872 size_t pad_count = 0, real_count = 1;
Christopher Haster 1:24750b9ad5ef 1873 size_t padding_idx = ssl->in_msglen - padlen - 1;
Christopher Haster 1:24750b9ad5ef 1874
Christopher Haster 1:24750b9ad5ef 1875 /*
Christopher Haster 1:24750b9ad5ef 1876 * Padding is guaranteed to be incorrect if:
Christopher Haster 1:24750b9ad5ef 1877 * 1. padlen >= ssl->in_msglen
Christopher Haster 1:24750b9ad5ef 1878 *
Christopher Haster 1:24750b9ad5ef 1879 * 2. padding_idx >= MBEDTLS_SSL_MAX_CONTENT_LEN +
Christopher Haster 1:24750b9ad5ef 1880 * ssl->transform_in->maclen
Christopher Haster 1:24750b9ad5ef 1881 *
Christopher Haster 1:24750b9ad5ef 1882 * In both cases we reset padding_idx to a safe value (0) to
Christopher Haster 1:24750b9ad5ef 1883 * prevent out-of-buffer reads.
Christopher Haster 1:24750b9ad5ef 1884 */
Christopher Haster 1:24750b9ad5ef 1885 correct &= ( ssl->in_msglen >= padlen + 1 );
Christopher Haster 1:24750b9ad5ef 1886 correct &= ( padding_idx < MBEDTLS_SSL_MAX_CONTENT_LEN +
Christopher Haster 1:24750b9ad5ef 1887 ssl->transform_in->maclen );
Christopher Haster 1:24750b9ad5ef 1888
Christopher Haster 1:24750b9ad5ef 1889 padding_idx *= correct;
Christopher Haster 1:24750b9ad5ef 1890
Christopher Haster 1:24750b9ad5ef 1891 for( i = 1; i <= 256; i++ )
Christopher Haster 1:24750b9ad5ef 1892 {
Christopher Haster 1:24750b9ad5ef 1893 real_count &= ( i <= padlen );
Christopher Haster 1:24750b9ad5ef 1894 pad_count += real_count *
Christopher Haster 1:24750b9ad5ef 1895 ( ssl->in_msg[padding_idx + i] == padlen - 1 );
Christopher Haster 1:24750b9ad5ef 1896 }
Christopher Haster 1:24750b9ad5ef 1897
Christopher Haster 1:24750b9ad5ef 1898 correct &= ( pad_count == padlen ); /* Only 1 on correct padding */
Christopher Haster 1:24750b9ad5ef 1899
Christopher Haster 1:24750b9ad5ef 1900 #if defined(MBEDTLS_SSL_DEBUG_ALL)
Christopher Haster 1:24750b9ad5ef 1901 if( padlen > 0 && correct == 0 )
Christopher Haster 1:24750b9ad5ef 1902 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
Christopher Haster 1:24750b9ad5ef 1903 #endif
Christopher Haster 1:24750b9ad5ef 1904 padlen &= correct * 0x1FF;
Christopher Haster 1:24750b9ad5ef 1905 }
Christopher Haster 1:24750b9ad5ef 1906 else
Christopher Haster 1:24750b9ad5ef 1907 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
Christopher Haster 1:24750b9ad5ef 1908 MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 1909 {
Christopher Haster 1:24750b9ad5ef 1910 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1911 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1912 }
Christopher Haster 1:24750b9ad5ef 1913
Christopher Haster 1:24750b9ad5ef 1914 ssl->in_msglen -= padlen;
Christopher Haster 1:24750b9ad5ef 1915 }
Christopher Haster 1:24750b9ad5ef 1916 else
Christopher Haster 1:24750b9ad5ef 1917 #endif /* MBEDTLS_CIPHER_MODE_CBC &&
Christopher Haster 1:24750b9ad5ef 1918 ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */
Christopher Haster 1:24750b9ad5ef 1919 {
Christopher Haster 1:24750b9ad5ef 1920 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1921 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1922 }
Christopher Haster 1:24750b9ad5ef 1923
Christopher Haster 1:24750b9ad5ef 1924 MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption",
Christopher Haster 1:24750b9ad5ef 1925 ssl->in_msg, ssl->in_msglen );
Christopher Haster 1:24750b9ad5ef 1926
Christopher Haster 1:24750b9ad5ef 1927 /*
Christopher Haster 1:24750b9ad5ef 1928 * Authenticate if not done yet.
Christopher Haster 1:24750b9ad5ef 1929 * Compute the MAC regardless of the padding result (RFC4346, CBCTIME).
Christopher Haster 1:24750b9ad5ef 1930 */
Christopher Haster 1:24750b9ad5ef 1931 #if defined(SSL_SOME_MODES_USE_MAC)
Christopher Haster 1:24750b9ad5ef 1932 if( auth_done == 0 )
Christopher Haster 1:24750b9ad5ef 1933 {
Christopher Haster 1:24750b9ad5ef 1934 unsigned char tmp[SSL_MAX_MAC_SIZE];
Christopher Haster 1:24750b9ad5ef 1935
Christopher Haster 1:24750b9ad5ef 1936 ssl->in_msglen -= ssl->transform_in->maclen;
Christopher Haster 1:24750b9ad5ef 1937
Christopher Haster 1:24750b9ad5ef 1938 ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 );
Christopher Haster 1:24750b9ad5ef 1939 ssl->in_len[1] = (unsigned char)( ssl->in_msglen );
Christopher Haster 1:24750b9ad5ef 1940
Christopher Haster 1:24750b9ad5ef 1941 memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen );
Christopher Haster 1:24750b9ad5ef 1942
Christopher Haster 1:24750b9ad5ef 1943 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 1944 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
Christopher Haster 1:24750b9ad5ef 1945 {
Christopher Haster 1:24750b9ad5ef 1946 ssl_mac( &ssl->transform_in->md_ctx_dec,
Christopher Haster 1:24750b9ad5ef 1947 ssl->transform_in->mac_dec,
Christopher Haster 1:24750b9ad5ef 1948 ssl->in_msg, ssl->in_msglen,
Christopher Haster 1:24750b9ad5ef 1949 ssl->in_ctr, ssl->in_msgtype );
Christopher Haster 1:24750b9ad5ef 1950 }
Christopher Haster 1:24750b9ad5ef 1951 else
Christopher Haster 1:24750b9ad5ef 1952 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
Christopher Haster 1:24750b9ad5ef 1953 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
Christopher Haster 1:24750b9ad5ef 1954 defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 1955 if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
Christopher Haster 1:24750b9ad5ef 1956 {
Christopher Haster 1:24750b9ad5ef 1957 /*
Christopher Haster 1:24750b9ad5ef 1958 * Process MAC and always update for padlen afterwards to make
Christopher Haster 1:24750b9ad5ef 1959 * total time independent of padlen
Christopher Haster 1:24750b9ad5ef 1960 *
Christopher Haster 1:24750b9ad5ef 1961 * extra_run compensates MAC check for padlen
Christopher Haster 1:24750b9ad5ef 1962 *
Christopher Haster 1:24750b9ad5ef 1963 * Known timing attacks:
Christopher Haster 1:24750b9ad5ef 1964 * - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf)
Christopher Haster 1:24750b9ad5ef 1965 *
Christopher Haster 1:24750b9ad5ef 1966 * We use ( ( Lx + 8 ) / 64 ) to handle 'negative Lx' values
Christopher Haster 1:24750b9ad5ef 1967 * correctly. (We round down instead of up, so -56 is the correct
Christopher Haster 1:24750b9ad5ef 1968 * value for our calculations instead of -55)
Christopher Haster 1:24750b9ad5ef 1969 */
Christopher Haster 1:24750b9ad5ef 1970 size_t j, extra_run = 0;
Christopher Haster 1:24750b9ad5ef 1971 extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
Christopher Haster 1:24750b9ad5ef 1972 ( 13 + ssl->in_msglen + 8 ) / 64;
Christopher Haster 1:24750b9ad5ef 1973
Christopher Haster 1:24750b9ad5ef 1974 extra_run &= correct * 0xFF;
Christopher Haster 1:24750b9ad5ef 1975
Christopher Haster 1:24750b9ad5ef 1976 mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 );
Christopher Haster 1:24750b9ad5ef 1977 mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 );
Christopher Haster 1:24750b9ad5ef 1978 mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 );
Christopher Haster 1:24750b9ad5ef 1979 mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg,
Christopher Haster 1:24750b9ad5ef 1980 ssl->in_msglen );
Christopher Haster 1:24750b9ad5ef 1981 mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec,
Christopher Haster 1:24750b9ad5ef 1982 ssl->in_msg + ssl->in_msglen );
Christopher Haster 1:24750b9ad5ef 1983 /* Call mbedtls_md_process at least once due to cache attacks */
Christopher Haster 1:24750b9ad5ef 1984 for( j = 0; j < extra_run + 1; j++ )
Christopher Haster 1:24750b9ad5ef 1985 mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
Christopher Haster 1:24750b9ad5ef 1986
Christopher Haster 1:24750b9ad5ef 1987 mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
Christopher Haster 1:24750b9ad5ef 1988 }
Christopher Haster 1:24750b9ad5ef 1989 else
Christopher Haster 1:24750b9ad5ef 1990 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
Christopher Haster 1:24750b9ad5ef 1991 MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 1992 {
Christopher Haster 1:24750b9ad5ef 1993 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 1994 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 1995 }
Christopher Haster 1:24750b9ad5ef 1996
Christopher Haster 1:24750b9ad5ef 1997 MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen );
Christopher Haster 1:24750b9ad5ef 1998 MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
Christopher Haster 1:24750b9ad5ef 1999 ssl->transform_in->maclen );
Christopher Haster 1:24750b9ad5ef 2000
Christopher Haster 1:24750b9ad5ef 2001 if( mbedtls_ssl_safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen,
Christopher Haster 1:24750b9ad5ef 2002 ssl->transform_in->maclen ) != 0 )
Christopher Haster 1:24750b9ad5ef 2003 {
Christopher Haster 1:24750b9ad5ef 2004 #if defined(MBEDTLS_SSL_DEBUG_ALL)
Christopher Haster 1:24750b9ad5ef 2005 MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
Christopher Haster 1:24750b9ad5ef 2006 #endif
Christopher Haster 1:24750b9ad5ef 2007 correct = 0;
Christopher Haster 1:24750b9ad5ef 2008 }
Christopher Haster 1:24750b9ad5ef 2009 auth_done++;
Christopher Haster 1:24750b9ad5ef 2010
Christopher Haster 1:24750b9ad5ef 2011 /*
Christopher Haster 1:24750b9ad5ef 2012 * Finally check the correct flag
Christopher Haster 1:24750b9ad5ef 2013 */
Christopher Haster 1:24750b9ad5ef 2014 if( correct == 0 )
Christopher Haster 1:24750b9ad5ef 2015 return( MBEDTLS_ERR_SSL_INVALID_MAC );
Christopher Haster 1:24750b9ad5ef 2016 }
Christopher Haster 1:24750b9ad5ef 2017 #endif /* SSL_SOME_MODES_USE_MAC */
Christopher Haster 1:24750b9ad5ef 2018
Christopher Haster 1:24750b9ad5ef 2019 /* Make extra sure authentication was performed, exactly once */
Christopher Haster 1:24750b9ad5ef 2020 if( auth_done != 1 )
Christopher Haster 1:24750b9ad5ef 2021 {
Christopher Haster 1:24750b9ad5ef 2022 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 2023 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 2024 }
Christopher Haster 1:24750b9ad5ef 2025
Christopher Haster 1:24750b9ad5ef 2026 if( ssl->in_msglen == 0 )
Christopher Haster 1:24750b9ad5ef 2027 {
Christopher Haster 1:24750b9ad5ef 2028 ssl->nb_zero++;
Christopher Haster 1:24750b9ad5ef 2029
Christopher Haster 1:24750b9ad5ef 2030 /*
Christopher Haster 1:24750b9ad5ef 2031 * Three or more empty messages may be a DoS attack
Christopher Haster 1:24750b9ad5ef 2032 * (excessive CPU consumption).
Christopher Haster 1:24750b9ad5ef 2033 */
Christopher Haster 1:24750b9ad5ef 2034 if( ssl->nb_zero > 3 )
Christopher Haster 1:24750b9ad5ef 2035 {
Christopher Haster 1:24750b9ad5ef 2036 MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
Christopher Haster 1:24750b9ad5ef 2037 "messages, possible DoS attack" ) );
Christopher Haster 1:24750b9ad5ef 2038 return( MBEDTLS_ERR_SSL_INVALID_MAC );
Christopher Haster 1:24750b9ad5ef 2039 }
Christopher Haster 1:24750b9ad5ef 2040 }
Christopher Haster 1:24750b9ad5ef 2041 else
Christopher Haster 1:24750b9ad5ef 2042 ssl->nb_zero = 0;
Christopher Haster 1:24750b9ad5ef 2043
Christopher Haster 1:24750b9ad5ef 2044 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 2045 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 2046 {
Christopher Haster 1:24750b9ad5ef 2047 ; /* in_ctr read from peer, not maintained internally */
Christopher Haster 1:24750b9ad5ef 2048 }
Christopher Haster 1:24750b9ad5ef 2049 else
Christopher Haster 1:24750b9ad5ef 2050 #endif
Christopher Haster 1:24750b9ad5ef 2051 {
Christopher Haster 1:24750b9ad5ef 2052 for( i = 8; i > ssl_ep_len( ssl ); i-- )
Christopher Haster 1:24750b9ad5ef 2053 if( ++ssl->in_ctr[i - 1] != 0 )
Christopher Haster 1:24750b9ad5ef 2054 break;
Christopher Haster 1:24750b9ad5ef 2055
Christopher Haster 1:24750b9ad5ef 2056 /* The loop goes to its end iff the counter is wrapping */
Christopher Haster 1:24750b9ad5ef 2057 if( i == ssl_ep_len( ssl ) )
Christopher Haster 1:24750b9ad5ef 2058 {
Christopher Haster 1:24750b9ad5ef 2059 MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
Christopher Haster 1:24750b9ad5ef 2060 return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
Christopher Haster 1:24750b9ad5ef 2061 }
Christopher Haster 1:24750b9ad5ef 2062 }
Christopher Haster 1:24750b9ad5ef 2063
Christopher Haster 1:24750b9ad5ef 2064 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
Christopher Haster 1:24750b9ad5ef 2065
Christopher Haster 1:24750b9ad5ef 2066 return( 0 );
Christopher Haster 1:24750b9ad5ef 2067 }
Christopher Haster 1:24750b9ad5ef 2068
Christopher Haster 1:24750b9ad5ef 2069 #undef MAC_NONE
Christopher Haster 1:24750b9ad5ef 2070 #undef MAC_PLAINTEXT
Christopher Haster 1:24750b9ad5ef 2071 #undef MAC_CIPHERTEXT
Christopher Haster 1:24750b9ad5ef 2072
Christopher Haster 1:24750b9ad5ef 2073 #if defined(MBEDTLS_ZLIB_SUPPORT)
Christopher Haster 1:24750b9ad5ef 2074 /*
Christopher Haster 1:24750b9ad5ef 2075 * Compression/decompression functions
Christopher Haster 1:24750b9ad5ef 2076 */
Christopher Haster 1:24750b9ad5ef 2077 static int ssl_compress_buf( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 2078 {
Christopher Haster 1:24750b9ad5ef 2079 int ret;
Christopher Haster 1:24750b9ad5ef 2080 unsigned char *msg_post = ssl->out_msg;
Christopher Haster 1:24750b9ad5ef 2081 size_t len_pre = ssl->out_msglen;
Christopher Haster 1:24750b9ad5ef 2082 unsigned char *msg_pre = ssl->compress_buf;
Christopher Haster 1:24750b9ad5ef 2083
Christopher Haster 1:24750b9ad5ef 2084 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> compress buf" ) );
Christopher Haster 1:24750b9ad5ef 2085
Christopher Haster 1:24750b9ad5ef 2086 if( len_pre == 0 )
Christopher Haster 1:24750b9ad5ef 2087 return( 0 );
Christopher Haster 1:24750b9ad5ef 2088
Christopher Haster 1:24750b9ad5ef 2089 memcpy( msg_pre, ssl->out_msg, len_pre );
Christopher Haster 1:24750b9ad5ef 2090
Christopher Haster 1:24750b9ad5ef 2091 MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
Christopher Haster 1:24750b9ad5ef 2092 ssl->out_msglen ) );
Christopher Haster 1:24750b9ad5ef 2093
Christopher Haster 1:24750b9ad5ef 2094 MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
Christopher Haster 1:24750b9ad5ef 2095 ssl->out_msg, ssl->out_msglen );
Christopher Haster 1:24750b9ad5ef 2096
Christopher Haster 1:24750b9ad5ef 2097 ssl->transform_out->ctx_deflate.next_in = msg_pre;
Christopher Haster 1:24750b9ad5ef 2098 ssl->transform_out->ctx_deflate.avail_in = len_pre;
Christopher Haster 1:24750b9ad5ef 2099 ssl->transform_out->ctx_deflate.next_out = msg_post;
Christopher Haster 1:24750b9ad5ef 2100 ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN;
Christopher Haster 1:24750b9ad5ef 2101
Christopher Haster 1:24750b9ad5ef 2102 ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
Christopher Haster 1:24750b9ad5ef 2103 if( ret != Z_OK )
Christopher Haster 1:24750b9ad5ef 2104 {
Christopher Haster 1:24750b9ad5ef 2105 MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) );
Christopher Haster 1:24750b9ad5ef 2106 return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
Christopher Haster 1:24750b9ad5ef 2107 }
Christopher Haster 1:24750b9ad5ef 2108
Christopher Haster 1:24750b9ad5ef 2109 ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN -
Christopher Haster 1:24750b9ad5ef 2110 ssl->transform_out->ctx_deflate.avail_out;
Christopher Haster 1:24750b9ad5ef 2111
Christopher Haster 1:24750b9ad5ef 2112 MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
Christopher Haster 1:24750b9ad5ef 2113 ssl->out_msglen ) );
Christopher Haster 1:24750b9ad5ef 2114
Christopher Haster 1:24750b9ad5ef 2115 MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
Christopher Haster 1:24750b9ad5ef 2116 ssl->out_msg, ssl->out_msglen );
Christopher Haster 1:24750b9ad5ef 2117
Christopher Haster 1:24750b9ad5ef 2118 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= compress buf" ) );
Christopher Haster 1:24750b9ad5ef 2119
Christopher Haster 1:24750b9ad5ef 2120 return( 0 );
Christopher Haster 1:24750b9ad5ef 2121 }
Christopher Haster 1:24750b9ad5ef 2122
Christopher Haster 1:24750b9ad5ef 2123 static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 2124 {
Christopher Haster 1:24750b9ad5ef 2125 int ret;
Christopher Haster 1:24750b9ad5ef 2126 unsigned char *msg_post = ssl->in_msg;
Christopher Haster 1:24750b9ad5ef 2127 size_t len_pre = ssl->in_msglen;
Christopher Haster 1:24750b9ad5ef 2128 unsigned char *msg_pre = ssl->compress_buf;
Christopher Haster 1:24750b9ad5ef 2129
Christopher Haster 1:24750b9ad5ef 2130 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) );
Christopher Haster 1:24750b9ad5ef 2131
Christopher Haster 1:24750b9ad5ef 2132 if( len_pre == 0 )
Christopher Haster 1:24750b9ad5ef 2133 return( 0 );
Christopher Haster 1:24750b9ad5ef 2134
Christopher Haster 1:24750b9ad5ef 2135 memcpy( msg_pre, ssl->in_msg, len_pre );
Christopher Haster 1:24750b9ad5ef 2136
Christopher Haster 1:24750b9ad5ef 2137 MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
Christopher Haster 1:24750b9ad5ef 2138 ssl->in_msglen ) );
Christopher Haster 1:24750b9ad5ef 2139
Christopher Haster 1:24750b9ad5ef 2140 MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
Christopher Haster 1:24750b9ad5ef 2141 ssl->in_msg, ssl->in_msglen );
Christopher Haster 1:24750b9ad5ef 2142
Christopher Haster 1:24750b9ad5ef 2143 ssl->transform_in->ctx_inflate.next_in = msg_pre;
Christopher Haster 1:24750b9ad5ef 2144 ssl->transform_in->ctx_inflate.avail_in = len_pre;
Christopher Haster 1:24750b9ad5ef 2145 ssl->transform_in->ctx_inflate.next_out = msg_post;
Christopher Haster 1:24750b9ad5ef 2146 ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_MAX_CONTENT_LEN;
Christopher Haster 1:24750b9ad5ef 2147
Christopher Haster 1:24750b9ad5ef 2148 ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
Christopher Haster 1:24750b9ad5ef 2149 if( ret != Z_OK )
Christopher Haster 1:24750b9ad5ef 2150 {
Christopher Haster 1:24750b9ad5ef 2151 MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) );
Christopher Haster 1:24750b9ad5ef 2152 return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
Christopher Haster 1:24750b9ad5ef 2153 }
Christopher Haster 1:24750b9ad5ef 2154
Christopher Haster 1:24750b9ad5ef 2155 ssl->in_msglen = MBEDTLS_SSL_MAX_CONTENT_LEN -
Christopher Haster 1:24750b9ad5ef 2156 ssl->transform_in->ctx_inflate.avail_out;
Christopher Haster 1:24750b9ad5ef 2157
Christopher Haster 1:24750b9ad5ef 2158 MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
Christopher Haster 1:24750b9ad5ef 2159 ssl->in_msglen ) );
Christopher Haster 1:24750b9ad5ef 2160
Christopher Haster 1:24750b9ad5ef 2161 MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
Christopher Haster 1:24750b9ad5ef 2162 ssl->in_msg, ssl->in_msglen );
Christopher Haster 1:24750b9ad5ef 2163
Christopher Haster 1:24750b9ad5ef 2164 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) );
Christopher Haster 1:24750b9ad5ef 2165
Christopher Haster 1:24750b9ad5ef 2166 return( 0 );
Christopher Haster 1:24750b9ad5ef 2167 }
Christopher Haster 1:24750b9ad5ef 2168 #endif /* MBEDTLS_ZLIB_SUPPORT */
Christopher Haster 1:24750b9ad5ef 2169
Christopher Haster 1:24750b9ad5ef 2170 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 2171 static int ssl_write_hello_request( mbedtls_ssl_context *ssl );
Christopher Haster 1:24750b9ad5ef 2172
Christopher Haster 1:24750b9ad5ef 2173 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 2174 static int ssl_resend_hello_request( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 2175 {
Christopher Haster 1:24750b9ad5ef 2176 /* If renegotiation is not enforced, retransmit until we would reach max
Christopher Haster 1:24750b9ad5ef 2177 * timeout if we were using the usual handshake doubling scheme */
Christopher Haster 1:24750b9ad5ef 2178 if( ssl->conf->renego_max_records < 0 )
Christopher Haster 1:24750b9ad5ef 2179 {
Christopher Haster 1:24750b9ad5ef 2180 uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1;
Christopher Haster 1:24750b9ad5ef 2181 unsigned char doublings = 1;
Christopher Haster 1:24750b9ad5ef 2182
Christopher Haster 1:24750b9ad5ef 2183 while( ratio != 0 )
Christopher Haster 1:24750b9ad5ef 2184 {
Christopher Haster 1:24750b9ad5ef 2185 ++doublings;
Christopher Haster 1:24750b9ad5ef 2186 ratio >>= 1;
Christopher Haster 1:24750b9ad5ef 2187 }
Christopher Haster 1:24750b9ad5ef 2188
Christopher Haster 1:24750b9ad5ef 2189 if( ++ssl->renego_records_seen > doublings )
Christopher Haster 1:24750b9ad5ef 2190 {
Christopher Haster 1:24750b9ad5ef 2191 MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) );
Christopher Haster 1:24750b9ad5ef 2192 return( 0 );
Christopher Haster 1:24750b9ad5ef 2193 }
Christopher Haster 1:24750b9ad5ef 2194 }
Christopher Haster 1:24750b9ad5ef 2195
Christopher Haster 1:24750b9ad5ef 2196 return( ssl_write_hello_request( ssl ) );
Christopher Haster 1:24750b9ad5ef 2197 }
Christopher Haster 1:24750b9ad5ef 2198 #endif
Christopher Haster 1:24750b9ad5ef 2199 #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
Christopher Haster 1:24750b9ad5ef 2200
Christopher Haster 1:24750b9ad5ef 2201 /*
Christopher Haster 1:24750b9ad5ef 2202 * Fill the input message buffer by appending data to it.
Christopher Haster 1:24750b9ad5ef 2203 * The amount of data already fetched is in ssl->in_left.
Christopher Haster 1:24750b9ad5ef 2204 *
Christopher Haster 1:24750b9ad5ef 2205 * If we return 0, is it guaranteed that (at least) nb_want bytes are
Christopher Haster 1:24750b9ad5ef 2206 * available (from this read and/or a previous one). Otherwise, an error code
Christopher Haster 1:24750b9ad5ef 2207 * is returned (possibly EOF or WANT_READ).
Christopher Haster 1:24750b9ad5ef 2208 *
Christopher Haster 1:24750b9ad5ef 2209 * With stream transport (TLS) on success ssl->in_left == nb_want, but
Christopher Haster 1:24750b9ad5ef 2210 * with datagram transport (DTLS) on success ssl->in_left >= nb_want,
Christopher Haster 1:24750b9ad5ef 2211 * since we always read a whole datagram at once.
Christopher Haster 1:24750b9ad5ef 2212 *
Christopher Haster 1:24750b9ad5ef 2213 * For DTLS, it is up to the caller to set ssl->next_record_offset when
Christopher Haster 1:24750b9ad5ef 2214 * they're done reading a record.
Christopher Haster 1:24750b9ad5ef 2215 */
Christopher Haster 1:24750b9ad5ef 2216 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
Christopher Haster 1:24750b9ad5ef 2217 {
Christopher Haster 1:24750b9ad5ef 2218 int ret;
Christopher Haster 1:24750b9ad5ef 2219 size_t len;
Christopher Haster 1:24750b9ad5ef 2220
Christopher Haster 1:24750b9ad5ef 2221 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
Christopher Haster 1:24750b9ad5ef 2222
Christopher Haster 1:24750b9ad5ef 2223 if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
Christopher Haster 1:24750b9ad5ef 2224 {
Christopher Haster 1:24750b9ad5ef 2225 MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
Christopher Haster 1:24750b9ad5ef 2226 "or mbedtls_ssl_set_bio()" ) );
Christopher Haster 1:24750b9ad5ef 2227 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 2228 }
Christopher Haster 1:24750b9ad5ef 2229
Christopher Haster 1:24750b9ad5ef 2230 if( nb_want > MBEDTLS_SSL_BUFFER_LEN - (size_t)( ssl->in_hdr - ssl->in_buf ) )
Christopher Haster 1:24750b9ad5ef 2231 {
Christopher Haster 1:24750b9ad5ef 2232 MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) );
Christopher Haster 1:24750b9ad5ef 2233 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 2234 }
Christopher Haster 1:24750b9ad5ef 2235
Christopher Haster 1:24750b9ad5ef 2236 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 2237 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 2238 {
Christopher Haster 1:24750b9ad5ef 2239 uint32_t timeout;
Christopher Haster 1:24750b9ad5ef 2240
Christopher Haster 1:24750b9ad5ef 2241 /* Just to be sure */
Christopher Haster 1:24750b9ad5ef 2242 if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL )
Christopher Haster 1:24750b9ad5ef 2243 {
Christopher Haster 1:24750b9ad5ef 2244 MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use "
Christopher Haster 1:24750b9ad5ef 2245 "mbedtls_ssl_set_timer_cb() for DTLS" ) );
Christopher Haster 1:24750b9ad5ef 2246 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 2247 }
Christopher Haster 1:24750b9ad5ef 2248
Christopher Haster 1:24750b9ad5ef 2249 /*
Christopher Haster 1:24750b9ad5ef 2250 * The point is, we need to always read a full datagram at once, so we
Christopher Haster 1:24750b9ad5ef 2251 * sometimes read more then requested, and handle the additional data.
Christopher Haster 1:24750b9ad5ef 2252 * It could be the rest of the current record (while fetching the
Christopher Haster 1:24750b9ad5ef 2253 * header) and/or some other records in the same datagram.
Christopher Haster 1:24750b9ad5ef 2254 */
Christopher Haster 1:24750b9ad5ef 2255
Christopher Haster 1:24750b9ad5ef 2256 /*
Christopher Haster 1:24750b9ad5ef 2257 * Move to the next record in the already read datagram if applicable
Christopher Haster 1:24750b9ad5ef 2258 */
Christopher Haster 1:24750b9ad5ef 2259 if( ssl->next_record_offset != 0 )
Christopher Haster 1:24750b9ad5ef 2260 {
Christopher Haster 1:24750b9ad5ef 2261 if( ssl->in_left < ssl->next_record_offset )
Christopher Haster 1:24750b9ad5ef 2262 {
Christopher Haster 1:24750b9ad5ef 2263 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 2264 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 2265 }
Christopher Haster 1:24750b9ad5ef 2266
Christopher Haster 1:24750b9ad5ef 2267 ssl->in_left -= ssl->next_record_offset;
Christopher Haster 1:24750b9ad5ef 2268
Christopher Haster 1:24750b9ad5ef 2269 if( ssl->in_left != 0 )
Christopher Haster 1:24750b9ad5ef 2270 {
Christopher Haster 1:24750b9ad5ef 2271 MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d",
Christopher Haster 1:24750b9ad5ef 2272 ssl->next_record_offset ) );
Christopher Haster 1:24750b9ad5ef 2273 memmove( ssl->in_hdr,
Christopher Haster 1:24750b9ad5ef 2274 ssl->in_hdr + ssl->next_record_offset,
Christopher Haster 1:24750b9ad5ef 2275 ssl->in_left );
Christopher Haster 1:24750b9ad5ef 2276 }
Christopher Haster 1:24750b9ad5ef 2277
Christopher Haster 1:24750b9ad5ef 2278 ssl->next_record_offset = 0;
Christopher Haster 1:24750b9ad5ef 2279 }
Christopher Haster 1:24750b9ad5ef 2280
Christopher Haster 1:24750b9ad5ef 2281 MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
Christopher Haster 1:24750b9ad5ef 2282 ssl->in_left, nb_want ) );
Christopher Haster 1:24750b9ad5ef 2283
Christopher Haster 1:24750b9ad5ef 2284 /*
Christopher Haster 1:24750b9ad5ef 2285 * Done if we already have enough data.
Christopher Haster 1:24750b9ad5ef 2286 */
Christopher Haster 1:24750b9ad5ef 2287 if( nb_want <= ssl->in_left)
Christopher Haster 1:24750b9ad5ef 2288 {
Christopher Haster 1:24750b9ad5ef 2289 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
Christopher Haster 1:24750b9ad5ef 2290 return( 0 );
Christopher Haster 1:24750b9ad5ef 2291 }
Christopher Haster 1:24750b9ad5ef 2292
Christopher Haster 1:24750b9ad5ef 2293 /*
Christopher Haster 1:24750b9ad5ef 2294 * A record can't be split accross datagrams. If we need to read but
Christopher Haster 1:24750b9ad5ef 2295 * are not at the beginning of a new record, the caller did something
Christopher Haster 1:24750b9ad5ef 2296 * wrong.
Christopher Haster 1:24750b9ad5ef 2297 */
Christopher Haster 1:24750b9ad5ef 2298 if( ssl->in_left != 0 )
Christopher Haster 1:24750b9ad5ef 2299 {
Christopher Haster 1:24750b9ad5ef 2300 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 2301 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 2302 }
Christopher Haster 1:24750b9ad5ef 2303
Christopher Haster 1:24750b9ad5ef 2304 /*
Christopher Haster 1:24750b9ad5ef 2305 * Don't even try to read if time's out already.
Christopher Haster 1:24750b9ad5ef 2306 * This avoids by-passing the timer when repeatedly receiving messages
Christopher Haster 1:24750b9ad5ef 2307 * that will end up being dropped.
Christopher Haster 1:24750b9ad5ef 2308 */
Christopher Haster 1:24750b9ad5ef 2309 if( ssl_check_timer( ssl ) != 0 )
Christopher Haster 1:24750b9ad5ef 2310 ret = MBEDTLS_ERR_SSL_TIMEOUT;
Christopher Haster 1:24750b9ad5ef 2311 else
Christopher Haster 1:24750b9ad5ef 2312 {
Christopher Haster 1:24750b9ad5ef 2313 len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf );
Christopher Haster 1:24750b9ad5ef 2314
Christopher Haster 1:24750b9ad5ef 2315 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
Christopher Haster 1:24750b9ad5ef 2316 timeout = ssl->handshake->retransmit_timeout;
Christopher Haster 1:24750b9ad5ef 2317 else
Christopher Haster 1:24750b9ad5ef 2318 timeout = ssl->conf->read_timeout;
Christopher Haster 1:24750b9ad5ef 2319
Christopher Haster 1:24750b9ad5ef 2320 MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) );
Christopher Haster 1:24750b9ad5ef 2321
Christopher Haster 1:24750b9ad5ef 2322 if( ssl->f_recv_timeout != NULL )
Christopher Haster 1:24750b9ad5ef 2323 ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
Christopher Haster 1:24750b9ad5ef 2324 timeout );
Christopher Haster 1:24750b9ad5ef 2325 else
Christopher Haster 1:24750b9ad5ef 2326 ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len );
Christopher Haster 1:24750b9ad5ef 2327
Christopher Haster 1:24750b9ad5ef 2328 MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
Christopher Haster 1:24750b9ad5ef 2329
Christopher Haster 1:24750b9ad5ef 2330 if( ret == 0 )
Christopher Haster 1:24750b9ad5ef 2331 return( MBEDTLS_ERR_SSL_CONN_EOF );
Christopher Haster 1:24750b9ad5ef 2332 }
Christopher Haster 1:24750b9ad5ef 2333
Christopher Haster 1:24750b9ad5ef 2334 if( ret == MBEDTLS_ERR_SSL_TIMEOUT )
Christopher Haster 1:24750b9ad5ef 2335 {
Christopher Haster 1:24750b9ad5ef 2336 MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) );
Christopher Haster 1:24750b9ad5ef 2337 ssl_set_timer( ssl, 0 );
Christopher Haster 1:24750b9ad5ef 2338
Christopher Haster 1:24750b9ad5ef 2339 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
Christopher Haster 1:24750b9ad5ef 2340 {
Christopher Haster 1:24750b9ad5ef 2341 if( ssl_double_retransmit_timeout( ssl ) != 0 )
Christopher Haster 1:24750b9ad5ef 2342 {
Christopher Haster 1:24750b9ad5ef 2343 MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) );
Christopher Haster 1:24750b9ad5ef 2344 return( MBEDTLS_ERR_SSL_TIMEOUT );
Christopher Haster 1:24750b9ad5ef 2345 }
Christopher Haster 1:24750b9ad5ef 2346
Christopher Haster 1:24750b9ad5ef 2347 if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 2348 {
Christopher Haster 1:24750b9ad5ef 2349 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
Christopher Haster 1:24750b9ad5ef 2350 return( ret );
Christopher Haster 1:24750b9ad5ef 2351 }
Christopher Haster 1:24750b9ad5ef 2352
Christopher Haster 1:24750b9ad5ef 2353 return( MBEDTLS_ERR_SSL_WANT_READ );
Christopher Haster 1:24750b9ad5ef 2354 }
Christopher Haster 1:24750b9ad5ef 2355 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 2356 else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
Christopher Haster 1:24750b9ad5ef 2357 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
Christopher Haster 1:24750b9ad5ef 2358 {
Christopher Haster 1:24750b9ad5ef 2359 if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 2360 {
Christopher Haster 1:24750b9ad5ef 2361 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
Christopher Haster 1:24750b9ad5ef 2362 return( ret );
Christopher Haster 1:24750b9ad5ef 2363 }
Christopher Haster 1:24750b9ad5ef 2364
Christopher Haster 1:24750b9ad5ef 2365 return( MBEDTLS_ERR_SSL_WANT_READ );
Christopher Haster 1:24750b9ad5ef 2366 }
Christopher Haster 1:24750b9ad5ef 2367 #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
Christopher Haster 1:24750b9ad5ef 2368 }
Christopher Haster 1:24750b9ad5ef 2369
Christopher Haster 1:24750b9ad5ef 2370 if( ret < 0 )
Christopher Haster 1:24750b9ad5ef 2371 return( ret );
Christopher Haster 1:24750b9ad5ef 2372
Christopher Haster 1:24750b9ad5ef 2373 ssl->in_left = ret;
Christopher Haster 1:24750b9ad5ef 2374 }
Christopher Haster 1:24750b9ad5ef 2375 else
Christopher Haster 1:24750b9ad5ef 2376 #endif
Christopher Haster 1:24750b9ad5ef 2377 {
Christopher Haster 1:24750b9ad5ef 2378 MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
Christopher Haster 1:24750b9ad5ef 2379 ssl->in_left, nb_want ) );
Christopher Haster 1:24750b9ad5ef 2380
Christopher Haster 1:24750b9ad5ef 2381 while( ssl->in_left < nb_want )
Christopher Haster 1:24750b9ad5ef 2382 {
Christopher Haster 1:24750b9ad5ef 2383 len = nb_want - ssl->in_left;
Christopher Haster 1:24750b9ad5ef 2384
Christopher Haster 1:24750b9ad5ef 2385 if( ssl_check_timer( ssl ) != 0 )
Christopher Haster 1:24750b9ad5ef 2386 ret = MBEDTLS_ERR_SSL_TIMEOUT;
Christopher Haster 1:24750b9ad5ef 2387 else
Christopher Haster 1:24750b9ad5ef 2388 {
Christopher Haster 1:24750b9ad5ef 2389 if( ssl->f_recv_timeout != NULL )
Christopher Haster 1:24750b9ad5ef 2390 {
Christopher Haster 1:24750b9ad5ef 2391 ret = ssl->f_recv_timeout( ssl->p_bio,
Christopher Haster 1:24750b9ad5ef 2392 ssl->in_hdr + ssl->in_left, len,
Christopher Haster 1:24750b9ad5ef 2393 ssl->conf->read_timeout );
Christopher Haster 1:24750b9ad5ef 2394 }
Christopher Haster 1:24750b9ad5ef 2395 else
Christopher Haster 1:24750b9ad5ef 2396 {
Christopher Haster 1:24750b9ad5ef 2397 ret = ssl->f_recv( ssl->p_bio,
Christopher Haster 1:24750b9ad5ef 2398 ssl->in_hdr + ssl->in_left, len );
Christopher Haster 1:24750b9ad5ef 2399 }
Christopher Haster 1:24750b9ad5ef 2400 }
Christopher Haster 1:24750b9ad5ef 2401
Christopher Haster 1:24750b9ad5ef 2402 MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
Christopher Haster 1:24750b9ad5ef 2403 ssl->in_left, nb_want ) );
Christopher Haster 1:24750b9ad5ef 2404 MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
Christopher Haster 1:24750b9ad5ef 2405
Christopher Haster 1:24750b9ad5ef 2406 if( ret == 0 )
Christopher Haster 1:24750b9ad5ef 2407 return( MBEDTLS_ERR_SSL_CONN_EOF );
Christopher Haster 1:24750b9ad5ef 2408
Christopher Haster 1:24750b9ad5ef 2409 if( ret < 0 )
Christopher Haster 1:24750b9ad5ef 2410 return( ret );
Christopher Haster 1:24750b9ad5ef 2411
Christopher Haster 1:24750b9ad5ef 2412 ssl->in_left += ret;
Christopher Haster 1:24750b9ad5ef 2413 }
Christopher Haster 1:24750b9ad5ef 2414 }
Christopher Haster 1:24750b9ad5ef 2415
Christopher Haster 1:24750b9ad5ef 2416 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
Christopher Haster 1:24750b9ad5ef 2417
Christopher Haster 1:24750b9ad5ef 2418 return( 0 );
Christopher Haster 1:24750b9ad5ef 2419 }
Christopher Haster 1:24750b9ad5ef 2420
Christopher Haster 1:24750b9ad5ef 2421 /*
Christopher Haster 1:24750b9ad5ef 2422 * Flush any data not yet written
Christopher Haster 1:24750b9ad5ef 2423 */
Christopher Haster 1:24750b9ad5ef 2424 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 2425 {
Christopher Haster 1:24750b9ad5ef 2426 int ret;
Christopher Haster 1:24750b9ad5ef 2427 unsigned char *buf, i;
Christopher Haster 1:24750b9ad5ef 2428
Christopher Haster 1:24750b9ad5ef 2429 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
Christopher Haster 1:24750b9ad5ef 2430
Christopher Haster 1:24750b9ad5ef 2431 if( ssl->f_send == NULL )
Christopher Haster 1:24750b9ad5ef 2432 {
Christopher Haster 1:24750b9ad5ef 2433 MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
Christopher Haster 1:24750b9ad5ef 2434 "or mbedtls_ssl_set_bio()" ) );
Christopher Haster 1:24750b9ad5ef 2435 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 2436 }
Christopher Haster 1:24750b9ad5ef 2437
Christopher Haster 1:24750b9ad5ef 2438 /* Avoid incrementing counter if data is flushed */
Christopher Haster 1:24750b9ad5ef 2439 if( ssl->out_left == 0 )
Christopher Haster 1:24750b9ad5ef 2440 {
Christopher Haster 1:24750b9ad5ef 2441 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
Christopher Haster 1:24750b9ad5ef 2442 return( 0 );
Christopher Haster 1:24750b9ad5ef 2443 }
Christopher Haster 1:24750b9ad5ef 2444
Christopher Haster 1:24750b9ad5ef 2445 while( ssl->out_left > 0 )
Christopher Haster 1:24750b9ad5ef 2446 {
Christopher Haster 1:24750b9ad5ef 2447 MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
Christopher Haster 1:24750b9ad5ef 2448 mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
Christopher Haster 1:24750b9ad5ef 2449
Christopher Haster 1:24750b9ad5ef 2450 buf = ssl->out_hdr + mbedtls_ssl_hdr_len( ssl ) +
Christopher Haster 1:24750b9ad5ef 2451 ssl->out_msglen - ssl->out_left;
Christopher Haster 1:24750b9ad5ef 2452 ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
Christopher Haster 1:24750b9ad5ef 2453
Christopher Haster 1:24750b9ad5ef 2454 MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret );
Christopher Haster 1:24750b9ad5ef 2455
Christopher Haster 1:24750b9ad5ef 2456 if( ret <= 0 )
Christopher Haster 1:24750b9ad5ef 2457 return( ret );
Christopher Haster 1:24750b9ad5ef 2458
Christopher Haster 1:24750b9ad5ef 2459 ssl->out_left -= ret;
Christopher Haster 1:24750b9ad5ef 2460 }
Christopher Haster 1:24750b9ad5ef 2461
Christopher Haster 1:24750b9ad5ef 2462 for( i = 8; i > ssl_ep_len( ssl ); i-- )
Christopher Haster 1:24750b9ad5ef 2463 if( ++ssl->out_ctr[i - 1] != 0 )
Christopher Haster 1:24750b9ad5ef 2464 break;
Christopher Haster 1:24750b9ad5ef 2465
Christopher Haster 1:24750b9ad5ef 2466 /* The loop goes to its end iff the counter is wrapping */
Christopher Haster 1:24750b9ad5ef 2467 if( i == ssl_ep_len( ssl ) )
Christopher Haster 1:24750b9ad5ef 2468 {
Christopher Haster 1:24750b9ad5ef 2469 MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
Christopher Haster 1:24750b9ad5ef 2470 return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
Christopher Haster 1:24750b9ad5ef 2471 }
Christopher Haster 1:24750b9ad5ef 2472
Christopher Haster 1:24750b9ad5ef 2473 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
Christopher Haster 1:24750b9ad5ef 2474
Christopher Haster 1:24750b9ad5ef 2475 return( 0 );
Christopher Haster 1:24750b9ad5ef 2476 }
Christopher Haster 1:24750b9ad5ef 2477
Christopher Haster 1:24750b9ad5ef 2478 /*
Christopher Haster 1:24750b9ad5ef 2479 * Functions to handle the DTLS retransmission state machine
Christopher Haster 1:24750b9ad5ef 2480 */
Christopher Haster 1:24750b9ad5ef 2481 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 2482 /*
Christopher Haster 1:24750b9ad5ef 2483 * Append current handshake message to current outgoing flight
Christopher Haster 1:24750b9ad5ef 2484 */
Christopher Haster 1:24750b9ad5ef 2485 static int ssl_flight_append( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 2486 {
Christopher Haster 1:24750b9ad5ef 2487 mbedtls_ssl_flight_item *msg;
Christopher Haster 1:24750b9ad5ef 2488
Christopher Haster 1:24750b9ad5ef 2489 /* Allocate space for current message */
Christopher Haster 1:24750b9ad5ef 2490 if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 2491 {
Christopher Haster 1:24750b9ad5ef 2492 MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed",
Christopher Haster 1:24750b9ad5ef 2493 sizeof( mbedtls_ssl_flight_item ) ) );
Christopher Haster 1:24750b9ad5ef 2494 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 2495 }
Christopher Haster 1:24750b9ad5ef 2496
Christopher Haster 1:24750b9ad5ef 2497 if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 2498 {
Christopher Haster 1:24750b9ad5ef 2499 MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) );
Christopher Haster 1:24750b9ad5ef 2500 mbedtls_free( msg );
Christopher Haster 1:24750b9ad5ef 2501 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 2502 }
Christopher Haster 1:24750b9ad5ef 2503
Christopher Haster 1:24750b9ad5ef 2504 /* Copy current handshake message with headers */
Christopher Haster 1:24750b9ad5ef 2505 memcpy( msg->p, ssl->out_msg, ssl->out_msglen );
Christopher Haster 1:24750b9ad5ef 2506 msg->len = ssl->out_msglen;
Christopher Haster 1:24750b9ad5ef 2507 msg->type = ssl->out_msgtype;
Christopher Haster 1:24750b9ad5ef 2508 msg->next = NULL;
Christopher Haster 1:24750b9ad5ef 2509
Christopher Haster 1:24750b9ad5ef 2510 /* Append to the current flight */
Christopher Haster 1:24750b9ad5ef 2511 if( ssl->handshake->flight == NULL )
Christopher Haster 1:24750b9ad5ef 2512 ssl->handshake->flight = msg;
Christopher Haster 1:24750b9ad5ef 2513 else
Christopher Haster 1:24750b9ad5ef 2514 {
Christopher Haster 1:24750b9ad5ef 2515 mbedtls_ssl_flight_item *cur = ssl->handshake->flight;
Christopher Haster 1:24750b9ad5ef 2516 while( cur->next != NULL )
Christopher Haster 1:24750b9ad5ef 2517 cur = cur->next;
Christopher Haster 1:24750b9ad5ef 2518 cur->next = msg;
Christopher Haster 1:24750b9ad5ef 2519 }
Christopher Haster 1:24750b9ad5ef 2520
Christopher Haster 1:24750b9ad5ef 2521 return( 0 );
Christopher Haster 1:24750b9ad5ef 2522 }
Christopher Haster 1:24750b9ad5ef 2523
Christopher Haster 1:24750b9ad5ef 2524 /*
Christopher Haster 1:24750b9ad5ef 2525 * Free the current flight of handshake messages
Christopher Haster 1:24750b9ad5ef 2526 */
Christopher Haster 1:24750b9ad5ef 2527 static void ssl_flight_free( mbedtls_ssl_flight_item *flight )
Christopher Haster 1:24750b9ad5ef 2528 {
Christopher Haster 1:24750b9ad5ef 2529 mbedtls_ssl_flight_item *cur = flight;
Christopher Haster 1:24750b9ad5ef 2530 mbedtls_ssl_flight_item *next;
Christopher Haster 1:24750b9ad5ef 2531
Christopher Haster 1:24750b9ad5ef 2532 while( cur != NULL )
Christopher Haster 1:24750b9ad5ef 2533 {
Christopher Haster 1:24750b9ad5ef 2534 next = cur->next;
Christopher Haster 1:24750b9ad5ef 2535
Christopher Haster 1:24750b9ad5ef 2536 mbedtls_free( cur->p );
Christopher Haster 1:24750b9ad5ef 2537 mbedtls_free( cur );
Christopher Haster 1:24750b9ad5ef 2538
Christopher Haster 1:24750b9ad5ef 2539 cur = next;
Christopher Haster 1:24750b9ad5ef 2540 }
Christopher Haster 1:24750b9ad5ef 2541 }
Christopher Haster 1:24750b9ad5ef 2542
Christopher Haster 1:24750b9ad5ef 2543 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
Christopher Haster 1:24750b9ad5ef 2544 static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
Christopher Haster 1:24750b9ad5ef 2545 #endif
Christopher Haster 1:24750b9ad5ef 2546
Christopher Haster 1:24750b9ad5ef 2547 /*
Christopher Haster 1:24750b9ad5ef 2548 * Swap transform_out and out_ctr with the alternative ones
Christopher Haster 1:24750b9ad5ef 2549 */
Christopher Haster 1:24750b9ad5ef 2550 static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 2551 {
Christopher Haster 1:24750b9ad5ef 2552 mbedtls_ssl_transform *tmp_transform;
Christopher Haster 1:24750b9ad5ef 2553 unsigned char tmp_out_ctr[8];
Christopher Haster 1:24750b9ad5ef 2554
Christopher Haster 1:24750b9ad5ef 2555 if( ssl->transform_out == ssl->handshake->alt_transform_out )
Christopher Haster 1:24750b9ad5ef 2556 {
Christopher Haster 1:24750b9ad5ef 2557 MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) );
Christopher Haster 1:24750b9ad5ef 2558 return;
Christopher Haster 1:24750b9ad5ef 2559 }
Christopher Haster 1:24750b9ad5ef 2560
Christopher Haster 1:24750b9ad5ef 2561 MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
Christopher Haster 1:24750b9ad5ef 2562
Christopher Haster 1:24750b9ad5ef 2563 /* Swap transforms */
Christopher Haster 1:24750b9ad5ef 2564 tmp_transform = ssl->transform_out;
Christopher Haster 1:24750b9ad5ef 2565 ssl->transform_out = ssl->handshake->alt_transform_out;
Christopher Haster 1:24750b9ad5ef 2566 ssl->handshake->alt_transform_out = tmp_transform;
Christopher Haster 1:24750b9ad5ef 2567
Christopher Haster 1:24750b9ad5ef 2568 /* Swap epoch + sequence_number */
Christopher Haster 1:24750b9ad5ef 2569 memcpy( tmp_out_ctr, ssl->out_ctr, 8 );
Christopher Haster 1:24750b9ad5ef 2570 memcpy( ssl->out_ctr, ssl->handshake->alt_out_ctr, 8 );
Christopher Haster 1:24750b9ad5ef 2571 memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 );
Christopher Haster 1:24750b9ad5ef 2572
Christopher Haster 1:24750b9ad5ef 2573 /* Adjust to the newly activated transform */
Christopher Haster 1:24750b9ad5ef 2574 if( ssl->transform_out != NULL &&
Christopher Haster 1:24750b9ad5ef 2575 ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
Christopher Haster 1:24750b9ad5ef 2576 {
Christopher Haster 1:24750b9ad5ef 2577 ssl->out_msg = ssl->out_iv + ssl->transform_out->ivlen -
Christopher Haster 1:24750b9ad5ef 2578 ssl->transform_out->fixed_ivlen;
Christopher Haster 1:24750b9ad5ef 2579 }
Christopher Haster 1:24750b9ad5ef 2580 else
Christopher Haster 1:24750b9ad5ef 2581 ssl->out_msg = ssl->out_iv;
Christopher Haster 1:24750b9ad5ef 2582
Christopher Haster 1:24750b9ad5ef 2583 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
Christopher Haster 1:24750b9ad5ef 2584 if( mbedtls_ssl_hw_record_activate != NULL )
Christopher Haster 1:24750b9ad5ef 2585 {
Christopher Haster 1:24750b9ad5ef 2586 if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 2587 {
Christopher Haster 1:24750b9ad5ef 2588 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
Christopher Haster 1:24750b9ad5ef 2589 return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
Christopher Haster 1:24750b9ad5ef 2590 }
Christopher Haster 1:24750b9ad5ef 2591 }
Christopher Haster 1:24750b9ad5ef 2592 #endif
Christopher Haster 1:24750b9ad5ef 2593 }
Christopher Haster 1:24750b9ad5ef 2594
Christopher Haster 1:24750b9ad5ef 2595 /*
Christopher Haster 1:24750b9ad5ef 2596 * Retransmit the current flight of messages.
Christopher Haster 1:24750b9ad5ef 2597 *
Christopher Haster 1:24750b9ad5ef 2598 * Need to remember the current message in case flush_output returns
Christopher Haster 1:24750b9ad5ef 2599 * WANT_WRITE, causing us to exit this function and come back later.
Christopher Haster 1:24750b9ad5ef 2600 * This function must be called until state is no longer SENDING.
Christopher Haster 1:24750b9ad5ef 2601 */
Christopher Haster 1:24750b9ad5ef 2602 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 2603 {
Christopher Haster 1:24750b9ad5ef 2604 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) );
Christopher Haster 1:24750b9ad5ef 2605
Christopher Haster 1:24750b9ad5ef 2606 if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
Christopher Haster 1:24750b9ad5ef 2607 {
Christopher Haster 1:24750b9ad5ef 2608 MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise resending" ) );
Christopher Haster 1:24750b9ad5ef 2609
Christopher Haster 1:24750b9ad5ef 2610 ssl->handshake->cur_msg = ssl->handshake->flight;
Christopher Haster 1:24750b9ad5ef 2611 ssl_swap_epochs( ssl );
Christopher Haster 1:24750b9ad5ef 2612
Christopher Haster 1:24750b9ad5ef 2613 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
Christopher Haster 1:24750b9ad5ef 2614 }
Christopher Haster 1:24750b9ad5ef 2615
Christopher Haster 1:24750b9ad5ef 2616 while( ssl->handshake->cur_msg != NULL )
Christopher Haster 1:24750b9ad5ef 2617 {
Christopher Haster 1:24750b9ad5ef 2618 int ret;
Christopher Haster 1:24750b9ad5ef 2619 mbedtls_ssl_flight_item *cur = ssl->handshake->cur_msg;
Christopher Haster 1:24750b9ad5ef 2620
Christopher Haster 1:24750b9ad5ef 2621 /* Swap epochs before sending Finished: we can't do it after
Christopher Haster 1:24750b9ad5ef 2622 * sending ChangeCipherSpec, in case write returns WANT_READ.
Christopher Haster 1:24750b9ad5ef 2623 * Must be done before copying, may change out_msg pointer */
Christopher Haster 1:24750b9ad5ef 2624 if( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
Christopher Haster 1:24750b9ad5ef 2625 cur->p[0] == MBEDTLS_SSL_HS_FINISHED )
Christopher Haster 1:24750b9ad5ef 2626 {
Christopher Haster 1:24750b9ad5ef 2627 ssl_swap_epochs( ssl );
Christopher Haster 1:24750b9ad5ef 2628 }
Christopher Haster 1:24750b9ad5ef 2629
Christopher Haster 1:24750b9ad5ef 2630 memcpy( ssl->out_msg, cur->p, cur->len );
Christopher Haster 1:24750b9ad5ef 2631 ssl->out_msglen = cur->len;
Christopher Haster 1:24750b9ad5ef 2632 ssl->out_msgtype = cur->type;
Christopher Haster 1:24750b9ad5ef 2633
Christopher Haster 1:24750b9ad5ef 2634 ssl->handshake->cur_msg = cur->next;
Christopher Haster 1:24750b9ad5ef 2635
Christopher Haster 1:24750b9ad5ef 2636 MBEDTLS_SSL_DEBUG_BUF( 3, "resent handshake message header", ssl->out_msg, 12 );
Christopher Haster 1:24750b9ad5ef 2637
Christopher Haster 1:24750b9ad5ef 2638 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 2639 {
Christopher Haster 1:24750b9ad5ef 2640 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
Christopher Haster 1:24750b9ad5ef 2641 return( ret );
Christopher Haster 1:24750b9ad5ef 2642 }
Christopher Haster 1:24750b9ad5ef 2643 }
Christopher Haster 1:24750b9ad5ef 2644
Christopher Haster 1:24750b9ad5ef 2645 if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
Christopher Haster 1:24750b9ad5ef 2646 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
Christopher Haster 1:24750b9ad5ef 2647 else
Christopher Haster 1:24750b9ad5ef 2648 {
Christopher Haster 1:24750b9ad5ef 2649 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
Christopher Haster 1:24750b9ad5ef 2650 ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
Christopher Haster 1:24750b9ad5ef 2651 }
Christopher Haster 1:24750b9ad5ef 2652
Christopher Haster 1:24750b9ad5ef 2653 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) );
Christopher Haster 1:24750b9ad5ef 2654
Christopher Haster 1:24750b9ad5ef 2655 return( 0 );
Christopher Haster 1:24750b9ad5ef 2656 }
Christopher Haster 1:24750b9ad5ef 2657
Christopher Haster 1:24750b9ad5ef 2658 /*
Christopher Haster 1:24750b9ad5ef 2659 * To be called when the last message of an incoming flight is received.
Christopher Haster 1:24750b9ad5ef 2660 */
Christopher Haster 1:24750b9ad5ef 2661 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 2662 {
Christopher Haster 1:24750b9ad5ef 2663 /* We won't need to resend that one any more */
Christopher Haster 1:24750b9ad5ef 2664 ssl_flight_free( ssl->handshake->flight );
Christopher Haster 1:24750b9ad5ef 2665 ssl->handshake->flight = NULL;
Christopher Haster 1:24750b9ad5ef 2666 ssl->handshake->cur_msg = NULL;
Christopher Haster 1:24750b9ad5ef 2667
Christopher Haster 1:24750b9ad5ef 2668 /* The next incoming flight will start with this msg_seq */
Christopher Haster 1:24750b9ad5ef 2669 ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq;
Christopher Haster 1:24750b9ad5ef 2670
Christopher Haster 1:24750b9ad5ef 2671 /* Cancel timer */
Christopher Haster 1:24750b9ad5ef 2672 ssl_set_timer( ssl, 0 );
Christopher Haster 1:24750b9ad5ef 2673
Christopher Haster 1:24750b9ad5ef 2674 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
Christopher Haster 1:24750b9ad5ef 2675 ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
Christopher Haster 1:24750b9ad5ef 2676 {
Christopher Haster 1:24750b9ad5ef 2677 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
Christopher Haster 1:24750b9ad5ef 2678 }
Christopher Haster 1:24750b9ad5ef 2679 else
Christopher Haster 1:24750b9ad5ef 2680 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
Christopher Haster 1:24750b9ad5ef 2681 }
Christopher Haster 1:24750b9ad5ef 2682
Christopher Haster 1:24750b9ad5ef 2683 /*
Christopher Haster 1:24750b9ad5ef 2684 * To be called when the last message of an outgoing flight is send.
Christopher Haster 1:24750b9ad5ef 2685 */
Christopher Haster 1:24750b9ad5ef 2686 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 2687 {
Christopher Haster 1:24750b9ad5ef 2688 ssl_reset_retransmit_timeout( ssl );
Christopher Haster 1:24750b9ad5ef 2689 ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
Christopher Haster 1:24750b9ad5ef 2690
Christopher Haster 1:24750b9ad5ef 2691 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
Christopher Haster 1:24750b9ad5ef 2692 ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
Christopher Haster 1:24750b9ad5ef 2693 {
Christopher Haster 1:24750b9ad5ef 2694 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
Christopher Haster 1:24750b9ad5ef 2695 }
Christopher Haster 1:24750b9ad5ef 2696 else
Christopher Haster 1:24750b9ad5ef 2697 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
Christopher Haster 1:24750b9ad5ef 2698 }
Christopher Haster 1:24750b9ad5ef 2699 #endif /* MBEDTLS_SSL_PROTO_DTLS */
Christopher Haster 1:24750b9ad5ef 2700
Christopher Haster 1:24750b9ad5ef 2701 /*
Christopher Haster 1:24750b9ad5ef 2702 * Record layer functions
Christopher Haster 1:24750b9ad5ef 2703 */
Christopher Haster 1:24750b9ad5ef 2704
Christopher Haster 1:24750b9ad5ef 2705 /*
Christopher Haster 1:24750b9ad5ef 2706 * Write current record.
Christopher Haster 1:24750b9ad5ef 2707 * Uses ssl->out_msgtype, ssl->out_msglen and bytes at ssl->out_msg.
Christopher Haster 1:24750b9ad5ef 2708 */
Christopher Haster 1:24750b9ad5ef 2709 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 2710 {
Christopher Haster 1:24750b9ad5ef 2711 int ret, done = 0;
Christopher Haster 1:24750b9ad5ef 2712 size_t len = ssl->out_msglen;
Christopher Haster 1:24750b9ad5ef 2713
Christopher Haster 1:24750b9ad5ef 2714 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
Christopher Haster 1:24750b9ad5ef 2715
Christopher Haster 1:24750b9ad5ef 2716 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 2717 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
Christopher Haster 1:24750b9ad5ef 2718 ssl->handshake != NULL &&
Christopher Haster 1:24750b9ad5ef 2719 ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
Christopher Haster 1:24750b9ad5ef 2720 {
Christopher Haster 1:24750b9ad5ef 2721 ; /* Skip special handshake treatment when resending */
Christopher Haster 1:24750b9ad5ef 2722 }
Christopher Haster 1:24750b9ad5ef 2723 else
Christopher Haster 1:24750b9ad5ef 2724 #endif
Christopher Haster 1:24750b9ad5ef 2725 if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
Christopher Haster 1:24750b9ad5ef 2726 {
Christopher Haster 1:24750b9ad5ef 2727 if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST &&
Christopher Haster 1:24750b9ad5ef 2728 ssl->handshake == NULL )
Christopher Haster 1:24750b9ad5ef 2729 {
Christopher Haster 1:24750b9ad5ef 2730 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 2731 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 2732 }
Christopher Haster 1:24750b9ad5ef 2733
Christopher Haster 1:24750b9ad5ef 2734 ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 );
Christopher Haster 1:24750b9ad5ef 2735 ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 );
Christopher Haster 1:24750b9ad5ef 2736 ssl->out_msg[3] = (unsigned char)( ( len - 4 ) );
Christopher Haster 1:24750b9ad5ef 2737
Christopher Haster 1:24750b9ad5ef 2738 /*
Christopher Haster 1:24750b9ad5ef 2739 * DTLS has additional fields in the Handshake layer,
Christopher Haster 1:24750b9ad5ef 2740 * between the length field and the actual payload:
Christopher Haster 1:24750b9ad5ef 2741 * uint16 message_seq;
Christopher Haster 1:24750b9ad5ef 2742 * uint24 fragment_offset;
Christopher Haster 1:24750b9ad5ef 2743 * uint24 fragment_length;
Christopher Haster 1:24750b9ad5ef 2744 */
Christopher Haster 1:24750b9ad5ef 2745 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 2746 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 2747 {
Christopher Haster 1:24750b9ad5ef 2748 /* Make room for the additional DTLS fields */
Christopher Haster 1:24750b9ad5ef 2749 memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 );
Christopher Haster 1:24750b9ad5ef 2750 ssl->out_msglen += 8;
Christopher Haster 1:24750b9ad5ef 2751 len += 8;
Christopher Haster 1:24750b9ad5ef 2752
Christopher Haster 1:24750b9ad5ef 2753 /* Write message_seq and update it, except for HelloRequest */
Christopher Haster 1:24750b9ad5ef 2754 if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST )
Christopher Haster 1:24750b9ad5ef 2755 {
Christopher Haster 1:24750b9ad5ef 2756 ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
Christopher Haster 1:24750b9ad5ef 2757 ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
Christopher Haster 1:24750b9ad5ef 2758 ++( ssl->handshake->out_msg_seq );
Christopher Haster 1:24750b9ad5ef 2759 }
Christopher Haster 1:24750b9ad5ef 2760 else
Christopher Haster 1:24750b9ad5ef 2761 {
Christopher Haster 1:24750b9ad5ef 2762 ssl->out_msg[4] = 0;
Christopher Haster 1:24750b9ad5ef 2763 ssl->out_msg[5] = 0;
Christopher Haster 1:24750b9ad5ef 2764 }
Christopher Haster 1:24750b9ad5ef 2765
Christopher Haster 1:24750b9ad5ef 2766 /* We don't fragment, so frag_offset = 0 and frag_len = len */
Christopher Haster 1:24750b9ad5ef 2767 memset( ssl->out_msg + 6, 0x00, 3 );
Christopher Haster 1:24750b9ad5ef 2768 memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
Christopher Haster 1:24750b9ad5ef 2769 }
Christopher Haster 1:24750b9ad5ef 2770 #endif /* MBEDTLS_SSL_PROTO_DTLS */
Christopher Haster 1:24750b9ad5ef 2771
Christopher Haster 1:24750b9ad5ef 2772 if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST )
Christopher Haster 1:24750b9ad5ef 2773 ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
Christopher Haster 1:24750b9ad5ef 2774 }
Christopher Haster 1:24750b9ad5ef 2775
Christopher Haster 1:24750b9ad5ef 2776 /* Save handshake and CCS messages for resending */
Christopher Haster 1:24750b9ad5ef 2777 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 2778 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
Christopher Haster 1:24750b9ad5ef 2779 ssl->handshake != NULL &&
Christopher Haster 1:24750b9ad5ef 2780 ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING &&
Christopher Haster 1:24750b9ad5ef 2781 ( ssl->out_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ||
Christopher Haster 1:24750b9ad5ef 2782 ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) )
Christopher Haster 1:24750b9ad5ef 2783 {
Christopher Haster 1:24750b9ad5ef 2784 if( ( ret = ssl_flight_append( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 2785 {
Christopher Haster 1:24750b9ad5ef 2786 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret );
Christopher Haster 1:24750b9ad5ef 2787 return( ret );
Christopher Haster 1:24750b9ad5ef 2788 }
Christopher Haster 1:24750b9ad5ef 2789 }
Christopher Haster 1:24750b9ad5ef 2790 #endif
Christopher Haster 1:24750b9ad5ef 2791
Christopher Haster 1:24750b9ad5ef 2792 #if defined(MBEDTLS_ZLIB_SUPPORT)
Christopher Haster 1:24750b9ad5ef 2793 if( ssl->transform_out != NULL &&
Christopher Haster 1:24750b9ad5ef 2794 ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
Christopher Haster 1:24750b9ad5ef 2795 {
Christopher Haster 1:24750b9ad5ef 2796 if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 2797 {
Christopher Haster 1:24750b9ad5ef 2798 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compress_buf", ret );
Christopher Haster 1:24750b9ad5ef 2799 return( ret );
Christopher Haster 1:24750b9ad5ef 2800 }
Christopher Haster 1:24750b9ad5ef 2801
Christopher Haster 1:24750b9ad5ef 2802 len = ssl->out_msglen;
Christopher Haster 1:24750b9ad5ef 2803 }
Christopher Haster 1:24750b9ad5ef 2804 #endif /*MBEDTLS_ZLIB_SUPPORT */
Christopher Haster 1:24750b9ad5ef 2805
Christopher Haster 1:24750b9ad5ef 2806 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
Christopher Haster 1:24750b9ad5ef 2807 if( mbedtls_ssl_hw_record_write != NULL )
Christopher Haster 1:24750b9ad5ef 2808 {
Christopher Haster 1:24750b9ad5ef 2809 MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_write()" ) );
Christopher Haster 1:24750b9ad5ef 2810
Christopher Haster 1:24750b9ad5ef 2811 ret = mbedtls_ssl_hw_record_write( ssl );
Christopher Haster 1:24750b9ad5ef 2812 if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH )
Christopher Haster 1:24750b9ad5ef 2813 {
Christopher Haster 1:24750b9ad5ef 2814 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_write", ret );
Christopher Haster 1:24750b9ad5ef 2815 return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
Christopher Haster 1:24750b9ad5ef 2816 }
Christopher Haster 1:24750b9ad5ef 2817
Christopher Haster 1:24750b9ad5ef 2818 if( ret == 0 )
Christopher Haster 1:24750b9ad5ef 2819 done = 1;
Christopher Haster 1:24750b9ad5ef 2820 }
Christopher Haster 1:24750b9ad5ef 2821 #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
Christopher Haster 1:24750b9ad5ef 2822 if( !done )
Christopher Haster 1:24750b9ad5ef 2823 {
Christopher Haster 1:24750b9ad5ef 2824 ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
Christopher Haster 1:24750b9ad5ef 2825 mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
Christopher Haster 1:24750b9ad5ef 2826 ssl->conf->transport, ssl->out_hdr + 1 );
Christopher Haster 1:24750b9ad5ef 2827
Christopher Haster 1:24750b9ad5ef 2828 ssl->out_len[0] = (unsigned char)( len >> 8 );
Christopher Haster 1:24750b9ad5ef 2829 ssl->out_len[1] = (unsigned char)( len );
Christopher Haster 1:24750b9ad5ef 2830
Christopher Haster 1:24750b9ad5ef 2831 if( ssl->transform_out != NULL )
Christopher Haster 1:24750b9ad5ef 2832 {
Christopher Haster 1:24750b9ad5ef 2833 if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 2834 {
Christopher Haster 1:24750b9ad5ef 2835 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
Christopher Haster 1:24750b9ad5ef 2836 return( ret );
Christopher Haster 1:24750b9ad5ef 2837 }
Christopher Haster 1:24750b9ad5ef 2838
Christopher Haster 1:24750b9ad5ef 2839 len = ssl->out_msglen;
Christopher Haster 1:24750b9ad5ef 2840 ssl->out_len[0] = (unsigned char)( len >> 8 );
Christopher Haster 1:24750b9ad5ef 2841 ssl->out_len[1] = (unsigned char)( len );
Christopher Haster 1:24750b9ad5ef 2842 }
Christopher Haster 1:24750b9ad5ef 2843
Christopher Haster 1:24750b9ad5ef 2844 ssl->out_left = mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen;
Christopher Haster 1:24750b9ad5ef 2845
Christopher Haster 1:24750b9ad5ef 2846 MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
Christopher Haster 1:24750b9ad5ef 2847 "version = [%d:%d], msglen = %d",
Christopher Haster 1:24750b9ad5ef 2848 ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2],
Christopher Haster 1:24750b9ad5ef 2849 ( ssl->out_len[0] << 8 ) | ssl->out_len[1] ) );
Christopher Haster 1:24750b9ad5ef 2850
Christopher Haster 1:24750b9ad5ef 2851 MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
Christopher Haster 1:24750b9ad5ef 2852 ssl->out_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen );
Christopher Haster 1:24750b9ad5ef 2853 }
Christopher Haster 1:24750b9ad5ef 2854
Christopher Haster 1:24750b9ad5ef 2855 if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 2856 {
Christopher Haster 1:24750b9ad5ef 2857 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
Christopher Haster 1:24750b9ad5ef 2858 return( ret );
Christopher Haster 1:24750b9ad5ef 2859 }
Christopher Haster 1:24750b9ad5ef 2860
Christopher Haster 1:24750b9ad5ef 2861 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) );
Christopher Haster 1:24750b9ad5ef 2862
Christopher Haster 1:24750b9ad5ef 2863 return( 0 );
Christopher Haster 1:24750b9ad5ef 2864 }
Christopher Haster 1:24750b9ad5ef 2865
Christopher Haster 1:24750b9ad5ef 2866 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 2867 /*
Christopher Haster 1:24750b9ad5ef 2868 * Mark bits in bitmask (used for DTLS HS reassembly)
Christopher Haster 1:24750b9ad5ef 2869 */
Christopher Haster 1:24750b9ad5ef 2870 static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len )
Christopher Haster 1:24750b9ad5ef 2871 {
Christopher Haster 1:24750b9ad5ef 2872 unsigned int start_bits, end_bits;
Christopher Haster 1:24750b9ad5ef 2873
Christopher Haster 1:24750b9ad5ef 2874 start_bits = 8 - ( offset % 8 );
Christopher Haster 1:24750b9ad5ef 2875 if( start_bits != 8 )
Christopher Haster 1:24750b9ad5ef 2876 {
Christopher Haster 1:24750b9ad5ef 2877 size_t first_byte_idx = offset / 8;
Christopher Haster 1:24750b9ad5ef 2878
Christopher Haster 1:24750b9ad5ef 2879 /* Special case */
Christopher Haster 1:24750b9ad5ef 2880 if( len <= start_bits )
Christopher Haster 1:24750b9ad5ef 2881 {
Christopher Haster 1:24750b9ad5ef 2882 for( ; len != 0; len-- )
Christopher Haster 1:24750b9ad5ef 2883 mask[first_byte_idx] |= 1 << ( start_bits - len );
Christopher Haster 1:24750b9ad5ef 2884
Christopher Haster 1:24750b9ad5ef 2885 /* Avoid potential issues with offset or len becoming invalid */
Christopher Haster 1:24750b9ad5ef 2886 return;
Christopher Haster 1:24750b9ad5ef 2887 }
Christopher Haster 1:24750b9ad5ef 2888
Christopher Haster 1:24750b9ad5ef 2889 offset += start_bits; /* Now offset % 8 == 0 */
Christopher Haster 1:24750b9ad5ef 2890 len -= start_bits;
Christopher Haster 1:24750b9ad5ef 2891
Christopher Haster 1:24750b9ad5ef 2892 for( ; start_bits != 0; start_bits-- )
Christopher Haster 1:24750b9ad5ef 2893 mask[first_byte_idx] |= 1 << ( start_bits - 1 );
Christopher Haster 1:24750b9ad5ef 2894 }
Christopher Haster 1:24750b9ad5ef 2895
Christopher Haster 1:24750b9ad5ef 2896 end_bits = len % 8;
Christopher Haster 1:24750b9ad5ef 2897 if( end_bits != 0 )
Christopher Haster 1:24750b9ad5ef 2898 {
Christopher Haster 1:24750b9ad5ef 2899 size_t last_byte_idx = ( offset + len ) / 8;
Christopher Haster 1:24750b9ad5ef 2900
Christopher Haster 1:24750b9ad5ef 2901 len -= end_bits; /* Now len % 8 == 0 */
Christopher Haster 1:24750b9ad5ef 2902
Christopher Haster 1:24750b9ad5ef 2903 for( ; end_bits != 0; end_bits-- )
Christopher Haster 1:24750b9ad5ef 2904 mask[last_byte_idx] |= 1 << ( 8 - end_bits );
Christopher Haster 1:24750b9ad5ef 2905 }
Christopher Haster 1:24750b9ad5ef 2906
Christopher Haster 1:24750b9ad5ef 2907 memset( mask + offset / 8, 0xFF, len / 8 );
Christopher Haster 1:24750b9ad5ef 2908 }
Christopher Haster 1:24750b9ad5ef 2909
Christopher Haster 1:24750b9ad5ef 2910 /*
Christopher Haster 1:24750b9ad5ef 2911 * Check that bitmask is full
Christopher Haster 1:24750b9ad5ef 2912 */
Christopher Haster 1:24750b9ad5ef 2913 static int ssl_bitmask_check( unsigned char *mask, size_t len )
Christopher Haster 1:24750b9ad5ef 2914 {
Christopher Haster 1:24750b9ad5ef 2915 size_t i;
Christopher Haster 1:24750b9ad5ef 2916
Christopher Haster 1:24750b9ad5ef 2917 for( i = 0; i < len / 8; i++ )
Christopher Haster 1:24750b9ad5ef 2918 if( mask[i] != 0xFF )
Christopher Haster 1:24750b9ad5ef 2919 return( -1 );
Christopher Haster 1:24750b9ad5ef 2920
Christopher Haster 1:24750b9ad5ef 2921 for( i = 0; i < len % 8; i++ )
Christopher Haster 1:24750b9ad5ef 2922 if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 )
Christopher Haster 1:24750b9ad5ef 2923 return( -1 );
Christopher Haster 1:24750b9ad5ef 2924
Christopher Haster 1:24750b9ad5ef 2925 return( 0 );
Christopher Haster 1:24750b9ad5ef 2926 }
Christopher Haster 1:24750b9ad5ef 2927
Christopher Haster 1:24750b9ad5ef 2928 /*
Christopher Haster 1:24750b9ad5ef 2929 * Reassemble fragmented DTLS handshake messages.
Christopher Haster 1:24750b9ad5ef 2930 *
Christopher Haster 1:24750b9ad5ef 2931 * Use a temporary buffer for reassembly, divided in two parts:
Christopher Haster 1:24750b9ad5ef 2932 * - the first holds the reassembled message (including handshake header),
Christopher Haster 1:24750b9ad5ef 2933 * - the second holds a bitmask indicating which parts of the message
Christopher Haster 1:24750b9ad5ef 2934 * (excluding headers) have been received so far.
Christopher Haster 1:24750b9ad5ef 2935 */
Christopher Haster 1:24750b9ad5ef 2936 static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 2937 {
Christopher Haster 1:24750b9ad5ef 2938 unsigned char *msg, *bitmask;
Christopher Haster 1:24750b9ad5ef 2939 size_t frag_len, frag_off;
Christopher Haster 1:24750b9ad5ef 2940 size_t msg_len = ssl->in_hslen - 12; /* Without headers */
Christopher Haster 1:24750b9ad5ef 2941
Christopher Haster 1:24750b9ad5ef 2942 if( ssl->handshake == NULL )
Christopher Haster 1:24750b9ad5ef 2943 {
Christopher Haster 1:24750b9ad5ef 2944 MBEDTLS_SSL_DEBUG_MSG( 1, ( "not supported outside handshake (for now)" ) );
Christopher Haster 1:24750b9ad5ef 2945 return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
Christopher Haster 1:24750b9ad5ef 2946 }
Christopher Haster 1:24750b9ad5ef 2947
Christopher Haster 1:24750b9ad5ef 2948 /*
Christopher Haster 1:24750b9ad5ef 2949 * For first fragment, check size and allocate buffer
Christopher Haster 1:24750b9ad5ef 2950 */
Christopher Haster 1:24750b9ad5ef 2951 if( ssl->handshake->hs_msg == NULL )
Christopher Haster 1:24750b9ad5ef 2952 {
Christopher Haster 1:24750b9ad5ef 2953 size_t alloc_len;
Christopher Haster 1:24750b9ad5ef 2954
Christopher Haster 1:24750b9ad5ef 2955 MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
Christopher Haster 1:24750b9ad5ef 2956 msg_len ) );
Christopher Haster 1:24750b9ad5ef 2957
Christopher Haster 1:24750b9ad5ef 2958 if( ssl->in_hslen > MBEDTLS_SSL_MAX_CONTENT_LEN )
Christopher Haster 1:24750b9ad5ef 2959 {
Christopher Haster 1:24750b9ad5ef 2960 MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too large" ) );
Christopher Haster 1:24750b9ad5ef 2961 return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
Christopher Haster 1:24750b9ad5ef 2962 }
Christopher Haster 1:24750b9ad5ef 2963
Christopher Haster 1:24750b9ad5ef 2964 /* The bitmask needs one bit per byte of message excluding header */
Christopher Haster 1:24750b9ad5ef 2965 alloc_len = 12 + msg_len + msg_len / 8 + ( msg_len % 8 != 0 );
Christopher Haster 1:24750b9ad5ef 2966
Christopher Haster 1:24750b9ad5ef 2967 ssl->handshake->hs_msg = mbedtls_calloc( 1, alloc_len );
Christopher Haster 1:24750b9ad5ef 2968 if( ssl->handshake->hs_msg == NULL )
Christopher Haster 1:24750b9ad5ef 2969 {
Christopher Haster 1:24750b9ad5ef 2970 MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", alloc_len ) );
Christopher Haster 1:24750b9ad5ef 2971 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 2972 }
Christopher Haster 1:24750b9ad5ef 2973
Christopher Haster 1:24750b9ad5ef 2974 /* Prepare final header: copy msg_type, length and message_seq,
Christopher Haster 1:24750b9ad5ef 2975 * then add standardised fragment_offset and fragment_length */
Christopher Haster 1:24750b9ad5ef 2976 memcpy( ssl->handshake->hs_msg, ssl->in_msg, 6 );
Christopher Haster 1:24750b9ad5ef 2977 memset( ssl->handshake->hs_msg + 6, 0, 3 );
Christopher Haster 1:24750b9ad5ef 2978 memcpy( ssl->handshake->hs_msg + 9,
Christopher Haster 1:24750b9ad5ef 2979 ssl->handshake->hs_msg + 1, 3 );
Christopher Haster 1:24750b9ad5ef 2980 }
Christopher Haster 1:24750b9ad5ef 2981 else
Christopher Haster 1:24750b9ad5ef 2982 {
Christopher Haster 1:24750b9ad5ef 2983 /* Make sure msg_type and length are consistent */
Christopher Haster 1:24750b9ad5ef 2984 if( memcmp( ssl->handshake->hs_msg, ssl->in_msg, 4 ) != 0 )
Christopher Haster 1:24750b9ad5ef 2985 {
Christopher Haster 1:24750b9ad5ef 2986 MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment header mismatch" ) );
Christopher Haster 1:24750b9ad5ef 2987 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 2988 }
Christopher Haster 1:24750b9ad5ef 2989 }
Christopher Haster 1:24750b9ad5ef 2990
Christopher Haster 1:24750b9ad5ef 2991 msg = ssl->handshake->hs_msg + 12;
Christopher Haster 1:24750b9ad5ef 2992 bitmask = msg + msg_len;
Christopher Haster 1:24750b9ad5ef 2993
Christopher Haster 1:24750b9ad5ef 2994 /*
Christopher Haster 1:24750b9ad5ef 2995 * Check and copy current fragment
Christopher Haster 1:24750b9ad5ef 2996 */
Christopher Haster 1:24750b9ad5ef 2997 frag_off = ( ssl->in_msg[6] << 16 ) |
Christopher Haster 1:24750b9ad5ef 2998 ( ssl->in_msg[7] << 8 ) |
Christopher Haster 1:24750b9ad5ef 2999 ssl->in_msg[8];
Christopher Haster 1:24750b9ad5ef 3000 frag_len = ( ssl->in_msg[9] << 16 ) |
Christopher Haster 1:24750b9ad5ef 3001 ( ssl->in_msg[10] << 8 ) |
Christopher Haster 1:24750b9ad5ef 3002 ssl->in_msg[11];
Christopher Haster 1:24750b9ad5ef 3003
Christopher Haster 1:24750b9ad5ef 3004 if( frag_off + frag_len > msg_len )
Christopher Haster 1:24750b9ad5ef 3005 {
Christopher Haster 1:24750b9ad5ef 3006 MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment offset/len: %d + %d > %d",
Christopher Haster 1:24750b9ad5ef 3007 frag_off, frag_len, msg_len ) );
Christopher Haster 1:24750b9ad5ef 3008 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3009 }
Christopher Haster 1:24750b9ad5ef 3010
Christopher Haster 1:24750b9ad5ef 3011 if( frag_len + 12 > ssl->in_msglen )
Christopher Haster 1:24750b9ad5ef 3012 {
Christopher Haster 1:24750b9ad5ef 3013 MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment length: %d + 12 > %d",
Christopher Haster 1:24750b9ad5ef 3014 frag_len, ssl->in_msglen ) );
Christopher Haster 1:24750b9ad5ef 3015 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3016 }
Christopher Haster 1:24750b9ad5ef 3017
Christopher Haster 1:24750b9ad5ef 3018 MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
Christopher Haster 1:24750b9ad5ef 3019 frag_off, frag_len ) );
Christopher Haster 1:24750b9ad5ef 3020
Christopher Haster 1:24750b9ad5ef 3021 memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
Christopher Haster 1:24750b9ad5ef 3022 ssl_bitmask_set( bitmask, frag_off, frag_len );
Christopher Haster 1:24750b9ad5ef 3023
Christopher Haster 1:24750b9ad5ef 3024 /*
Christopher Haster 1:24750b9ad5ef 3025 * Do we have the complete message by now?
Christopher Haster 1:24750b9ad5ef 3026 * If yes, finalize it, else ask to read the next record.
Christopher Haster 1:24750b9ad5ef 3027 */
Christopher Haster 1:24750b9ad5ef 3028 if( ssl_bitmask_check( bitmask, msg_len ) != 0 )
Christopher Haster 1:24750b9ad5ef 3029 {
Christopher Haster 1:24750b9ad5ef 3030 MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) );
Christopher Haster 1:24750b9ad5ef 3031 return( MBEDTLS_ERR_SSL_WANT_READ );
Christopher Haster 1:24750b9ad5ef 3032 }
Christopher Haster 1:24750b9ad5ef 3033
Christopher Haster 1:24750b9ad5ef 3034 MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) );
Christopher Haster 1:24750b9ad5ef 3035
Christopher Haster 1:24750b9ad5ef 3036 if( frag_len + 12 < ssl->in_msglen )
Christopher Haster 1:24750b9ad5ef 3037 {
Christopher Haster 1:24750b9ad5ef 3038 /*
Christopher Haster 1:24750b9ad5ef 3039 * We'got more handshake messages in the same record.
Christopher Haster 1:24750b9ad5ef 3040 * This case is not handled now because no know implementation does
Christopher Haster 1:24750b9ad5ef 3041 * that and it's hard to test, so we prefer to fail cleanly for now.
Christopher Haster 1:24750b9ad5ef 3042 */
Christopher Haster 1:24750b9ad5ef 3043 MBEDTLS_SSL_DEBUG_MSG( 1, ( "last fragment not alone in its record" ) );
Christopher Haster 1:24750b9ad5ef 3044 return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
Christopher Haster 1:24750b9ad5ef 3045 }
Christopher Haster 1:24750b9ad5ef 3046
Christopher Haster 1:24750b9ad5ef 3047 if( ssl->in_left > ssl->next_record_offset )
Christopher Haster 1:24750b9ad5ef 3048 {
Christopher Haster 1:24750b9ad5ef 3049 /*
Christopher Haster 1:24750b9ad5ef 3050 * We've got more data in the buffer after the current record,
Christopher Haster 1:24750b9ad5ef 3051 * that we don't want to overwrite. Move it before writing the
Christopher Haster 1:24750b9ad5ef 3052 * reassembled message, and adjust in_left and next_record_offset.
Christopher Haster 1:24750b9ad5ef 3053 */
Christopher Haster 1:24750b9ad5ef 3054 unsigned char *cur_remain = ssl->in_hdr + ssl->next_record_offset;
Christopher Haster 1:24750b9ad5ef 3055 unsigned char *new_remain = ssl->in_msg + ssl->in_hslen;
Christopher Haster 1:24750b9ad5ef 3056 size_t remain_len = ssl->in_left - ssl->next_record_offset;
Christopher Haster 1:24750b9ad5ef 3057
Christopher Haster 1:24750b9ad5ef 3058 /* First compute and check new lengths */
Christopher Haster 1:24750b9ad5ef 3059 ssl->next_record_offset = new_remain - ssl->in_hdr;
Christopher Haster 1:24750b9ad5ef 3060 ssl->in_left = ssl->next_record_offset + remain_len;
Christopher Haster 1:24750b9ad5ef 3061
Christopher Haster 1:24750b9ad5ef 3062 if( ssl->in_left > MBEDTLS_SSL_BUFFER_LEN -
Christopher Haster 1:24750b9ad5ef 3063 (size_t)( ssl->in_hdr - ssl->in_buf ) )
Christopher Haster 1:24750b9ad5ef 3064 {
Christopher Haster 1:24750b9ad5ef 3065 MBEDTLS_SSL_DEBUG_MSG( 1, ( "reassembled message too large for buffer" ) );
Christopher Haster 1:24750b9ad5ef 3066 return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
Christopher Haster 1:24750b9ad5ef 3067 }
Christopher Haster 1:24750b9ad5ef 3068
Christopher Haster 1:24750b9ad5ef 3069 memmove( new_remain, cur_remain, remain_len );
Christopher Haster 1:24750b9ad5ef 3070 }
Christopher Haster 1:24750b9ad5ef 3071
Christopher Haster 1:24750b9ad5ef 3072 memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen );
Christopher Haster 1:24750b9ad5ef 3073
Christopher Haster 1:24750b9ad5ef 3074 mbedtls_free( ssl->handshake->hs_msg );
Christopher Haster 1:24750b9ad5ef 3075 ssl->handshake->hs_msg = NULL;
Christopher Haster 1:24750b9ad5ef 3076
Christopher Haster 1:24750b9ad5ef 3077 MBEDTLS_SSL_DEBUG_BUF( 3, "reassembled handshake message",
Christopher Haster 1:24750b9ad5ef 3078 ssl->in_msg, ssl->in_hslen );
Christopher Haster 1:24750b9ad5ef 3079
Christopher Haster 1:24750b9ad5ef 3080 return( 0 );
Christopher Haster 1:24750b9ad5ef 3081 }
Christopher Haster 1:24750b9ad5ef 3082 #endif /* MBEDTLS_SSL_PROTO_DTLS */
Christopher Haster 1:24750b9ad5ef 3083
Christopher Haster 1:24750b9ad5ef 3084 static int ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 3085 {
Christopher Haster 1:24750b9ad5ef 3086 if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
Christopher Haster 1:24750b9ad5ef 3087 {
Christopher Haster 1:24750b9ad5ef 3088 MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d",
Christopher Haster 1:24750b9ad5ef 3089 ssl->in_msglen ) );
Christopher Haster 1:24750b9ad5ef 3090 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3091 }
Christopher Haster 1:24750b9ad5ef 3092
Christopher Haster 1:24750b9ad5ef 3093 ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + (
Christopher Haster 1:24750b9ad5ef 3094 ( ssl->in_msg[1] << 16 ) |
Christopher Haster 1:24750b9ad5ef 3095 ( ssl->in_msg[2] << 8 ) |
Christopher Haster 1:24750b9ad5ef 3096 ssl->in_msg[3] );
Christopher Haster 1:24750b9ad5ef 3097
Christopher Haster 1:24750b9ad5ef 3098 MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
Christopher Haster 1:24750b9ad5ef 3099 " %d, type = %d, hslen = %d",
Christopher Haster 1:24750b9ad5ef 3100 ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
Christopher Haster 1:24750b9ad5ef 3101
Christopher Haster 1:24750b9ad5ef 3102 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 3103 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 3104 {
Christopher Haster 1:24750b9ad5ef 3105 int ret;
Christopher Haster 1:24750b9ad5ef 3106 unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
Christopher Haster 1:24750b9ad5ef 3107
Christopher Haster 1:24750b9ad5ef 3108 /* ssl->handshake is NULL when receiving ClientHello for renego */
Christopher Haster 1:24750b9ad5ef 3109 if( ssl->handshake != NULL &&
Christopher Haster 1:24750b9ad5ef 3110 recv_msg_seq != ssl->handshake->in_msg_seq )
Christopher Haster 1:24750b9ad5ef 3111 {
Christopher Haster 1:24750b9ad5ef 3112 /* Retransmit only on last message from previous flight, to avoid
Christopher Haster 1:24750b9ad5ef 3113 * too many retransmissions.
Christopher Haster 1:24750b9ad5ef 3114 * Besides, No sane server ever retransmits HelloVerifyRequest */
Christopher Haster 1:24750b9ad5ef 3115 if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 &&
Christopher Haster 1:24750b9ad5ef 3116 ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
Christopher Haster 1:24750b9ad5ef 3117 {
Christopher Haster 1:24750b9ad5ef 3118 MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
Christopher Haster 1:24750b9ad5ef 3119 "message_seq = %d, start_of_flight = %d",
Christopher Haster 1:24750b9ad5ef 3120 recv_msg_seq,
Christopher Haster 1:24750b9ad5ef 3121 ssl->handshake->in_flight_start_seq ) );
Christopher Haster 1:24750b9ad5ef 3122
Christopher Haster 1:24750b9ad5ef 3123 if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3124 {
Christopher Haster 1:24750b9ad5ef 3125 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
Christopher Haster 1:24750b9ad5ef 3126 return( ret );
Christopher Haster 1:24750b9ad5ef 3127 }
Christopher Haster 1:24750b9ad5ef 3128 }
Christopher Haster 1:24750b9ad5ef 3129 else
Christopher Haster 1:24750b9ad5ef 3130 {
Christopher Haster 1:24750b9ad5ef 3131 MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
Christopher Haster 1:24750b9ad5ef 3132 "message_seq = %d, expected = %d",
Christopher Haster 1:24750b9ad5ef 3133 recv_msg_seq,
Christopher Haster 1:24750b9ad5ef 3134 ssl->handshake->in_msg_seq ) );
Christopher Haster 1:24750b9ad5ef 3135 }
Christopher Haster 1:24750b9ad5ef 3136
Christopher Haster 1:24750b9ad5ef 3137 return( MBEDTLS_ERR_SSL_WANT_READ );
Christopher Haster 1:24750b9ad5ef 3138 }
Christopher Haster 1:24750b9ad5ef 3139 /* Wait until message completion to increment in_msg_seq */
Christopher Haster 1:24750b9ad5ef 3140
Christopher Haster 1:24750b9ad5ef 3141 /* Reassemble if current message is fragmented or reassembly is
Christopher Haster 1:24750b9ad5ef 3142 * already in progress */
Christopher Haster 1:24750b9ad5ef 3143 if( ssl->in_msglen < ssl->in_hslen ||
Christopher Haster 1:24750b9ad5ef 3144 memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 ||
Christopher Haster 1:24750b9ad5ef 3145 memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 ||
Christopher Haster 1:24750b9ad5ef 3146 ( ssl->handshake != NULL && ssl->handshake->hs_msg != NULL ) )
Christopher Haster 1:24750b9ad5ef 3147 {
Christopher Haster 1:24750b9ad5ef 3148 MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) );
Christopher Haster 1:24750b9ad5ef 3149
Christopher Haster 1:24750b9ad5ef 3150 if( ( ret = ssl_reassemble_dtls_handshake( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3151 {
Christopher Haster 1:24750b9ad5ef 3152 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_reassemble_dtls_handshake", ret );
Christopher Haster 1:24750b9ad5ef 3153 return( ret );
Christopher Haster 1:24750b9ad5ef 3154 }
Christopher Haster 1:24750b9ad5ef 3155 }
Christopher Haster 1:24750b9ad5ef 3156 }
Christopher Haster 1:24750b9ad5ef 3157 else
Christopher Haster 1:24750b9ad5ef 3158 #endif /* MBEDTLS_SSL_PROTO_DTLS */
Christopher Haster 1:24750b9ad5ef 3159 /* With TLS we don't handle fragmentation (for now) */
Christopher Haster 1:24750b9ad5ef 3160 if( ssl->in_msglen < ssl->in_hslen )
Christopher Haster 1:24750b9ad5ef 3161 {
Christopher Haster 1:24750b9ad5ef 3162 MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
Christopher Haster 1:24750b9ad5ef 3163 return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
Christopher Haster 1:24750b9ad5ef 3164 }
Christopher Haster 1:24750b9ad5ef 3165
Christopher Haster 1:24750b9ad5ef 3166 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
Christopher Haster 1:24750b9ad5ef 3167 ssl->handshake != NULL )
Christopher Haster 1:24750b9ad5ef 3168 {
Christopher Haster 1:24750b9ad5ef 3169 ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
Christopher Haster 1:24750b9ad5ef 3170 }
Christopher Haster 1:24750b9ad5ef 3171
Christopher Haster 1:24750b9ad5ef 3172 /* Handshake message is complete, increment counter */
Christopher Haster 1:24750b9ad5ef 3173 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 3174 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
Christopher Haster 1:24750b9ad5ef 3175 ssl->handshake != NULL )
Christopher Haster 1:24750b9ad5ef 3176 {
Christopher Haster 1:24750b9ad5ef 3177 ssl->handshake->in_msg_seq++;
Christopher Haster 1:24750b9ad5ef 3178 }
Christopher Haster 1:24750b9ad5ef 3179 #endif
Christopher Haster 1:24750b9ad5ef 3180
Christopher Haster 1:24750b9ad5ef 3181 return( 0 );
Christopher Haster 1:24750b9ad5ef 3182 }
Christopher Haster 1:24750b9ad5ef 3183
Christopher Haster 1:24750b9ad5ef 3184 /*
Christopher Haster 1:24750b9ad5ef 3185 * DTLS anti-replay: RFC 6347 4.1.2.6
Christopher Haster 1:24750b9ad5ef 3186 *
Christopher Haster 1:24750b9ad5ef 3187 * in_window is a field of bits numbered from 0 (lsb) to 63 (msb).
Christopher Haster 1:24750b9ad5ef 3188 * Bit n is set iff record number in_window_top - n has been seen.
Christopher Haster 1:24750b9ad5ef 3189 *
Christopher Haster 1:24750b9ad5ef 3190 * Usually, in_window_top is the last record number seen and the lsb of
Christopher Haster 1:24750b9ad5ef 3191 * in_window is set. The only exception is the initial state (record number 0
Christopher Haster 1:24750b9ad5ef 3192 * not seen yet).
Christopher Haster 1:24750b9ad5ef 3193 */
Christopher Haster 1:24750b9ad5ef 3194 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
Christopher Haster 1:24750b9ad5ef 3195 static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 3196 {
Christopher Haster 1:24750b9ad5ef 3197 ssl->in_window_top = 0;
Christopher Haster 1:24750b9ad5ef 3198 ssl->in_window = 0;
Christopher Haster 1:24750b9ad5ef 3199 }
Christopher Haster 1:24750b9ad5ef 3200
Christopher Haster 1:24750b9ad5ef 3201 static inline uint64_t ssl_load_six_bytes( unsigned char *buf )
Christopher Haster 1:24750b9ad5ef 3202 {
Christopher Haster 1:24750b9ad5ef 3203 return( ( (uint64_t) buf[0] << 40 ) |
Christopher Haster 1:24750b9ad5ef 3204 ( (uint64_t) buf[1] << 32 ) |
Christopher Haster 1:24750b9ad5ef 3205 ( (uint64_t) buf[2] << 24 ) |
Christopher Haster 1:24750b9ad5ef 3206 ( (uint64_t) buf[3] << 16 ) |
Christopher Haster 1:24750b9ad5ef 3207 ( (uint64_t) buf[4] << 8 ) |
Christopher Haster 1:24750b9ad5ef 3208 ( (uint64_t) buf[5] ) );
Christopher Haster 1:24750b9ad5ef 3209 }
Christopher Haster 1:24750b9ad5ef 3210
Christopher Haster 1:24750b9ad5ef 3211 /*
Christopher Haster 1:24750b9ad5ef 3212 * Return 0 if sequence number is acceptable, -1 otherwise
Christopher Haster 1:24750b9ad5ef 3213 */
Christopher Haster 1:24750b9ad5ef 3214 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 3215 {
Christopher Haster 1:24750b9ad5ef 3216 uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
Christopher Haster 1:24750b9ad5ef 3217 uint64_t bit;
Christopher Haster 1:24750b9ad5ef 3218
Christopher Haster 1:24750b9ad5ef 3219 if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
Christopher Haster 1:24750b9ad5ef 3220 return( 0 );
Christopher Haster 1:24750b9ad5ef 3221
Christopher Haster 1:24750b9ad5ef 3222 if( rec_seqnum > ssl->in_window_top )
Christopher Haster 1:24750b9ad5ef 3223 return( 0 );
Christopher Haster 1:24750b9ad5ef 3224
Christopher Haster 1:24750b9ad5ef 3225 bit = ssl->in_window_top - rec_seqnum;
Christopher Haster 1:24750b9ad5ef 3226
Christopher Haster 1:24750b9ad5ef 3227 if( bit >= 64 )
Christopher Haster 1:24750b9ad5ef 3228 return( -1 );
Christopher Haster 1:24750b9ad5ef 3229
Christopher Haster 1:24750b9ad5ef 3230 if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3231 return( -1 );
Christopher Haster 1:24750b9ad5ef 3232
Christopher Haster 1:24750b9ad5ef 3233 return( 0 );
Christopher Haster 1:24750b9ad5ef 3234 }
Christopher Haster 1:24750b9ad5ef 3235
Christopher Haster 1:24750b9ad5ef 3236 /*
Christopher Haster 1:24750b9ad5ef 3237 * Update replay window on new validated record
Christopher Haster 1:24750b9ad5ef 3238 */
Christopher Haster 1:24750b9ad5ef 3239 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 3240 {
Christopher Haster 1:24750b9ad5ef 3241 uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
Christopher Haster 1:24750b9ad5ef 3242
Christopher Haster 1:24750b9ad5ef 3243 if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
Christopher Haster 1:24750b9ad5ef 3244 return;
Christopher Haster 1:24750b9ad5ef 3245
Christopher Haster 1:24750b9ad5ef 3246 if( rec_seqnum > ssl->in_window_top )
Christopher Haster 1:24750b9ad5ef 3247 {
Christopher Haster 1:24750b9ad5ef 3248 /* Update window_top and the contents of the window */
Christopher Haster 1:24750b9ad5ef 3249 uint64_t shift = rec_seqnum - ssl->in_window_top;
Christopher Haster 1:24750b9ad5ef 3250
Christopher Haster 1:24750b9ad5ef 3251 if( shift >= 64 )
Christopher Haster 1:24750b9ad5ef 3252 ssl->in_window = 1;
Christopher Haster 1:24750b9ad5ef 3253 else
Christopher Haster 1:24750b9ad5ef 3254 {
Christopher Haster 1:24750b9ad5ef 3255 ssl->in_window <<= shift;
Christopher Haster 1:24750b9ad5ef 3256 ssl->in_window |= 1;
Christopher Haster 1:24750b9ad5ef 3257 }
Christopher Haster 1:24750b9ad5ef 3258
Christopher Haster 1:24750b9ad5ef 3259 ssl->in_window_top = rec_seqnum;
Christopher Haster 1:24750b9ad5ef 3260 }
Christopher Haster 1:24750b9ad5ef 3261 else
Christopher Haster 1:24750b9ad5ef 3262 {
Christopher Haster 1:24750b9ad5ef 3263 /* Mark that number as seen in the current window */
Christopher Haster 1:24750b9ad5ef 3264 uint64_t bit = ssl->in_window_top - rec_seqnum;
Christopher Haster 1:24750b9ad5ef 3265
Christopher Haster 1:24750b9ad5ef 3266 if( bit < 64 ) /* Always true, but be extra sure */
Christopher Haster 1:24750b9ad5ef 3267 ssl->in_window |= (uint64_t) 1 << bit;
Christopher Haster 1:24750b9ad5ef 3268 }
Christopher Haster 1:24750b9ad5ef 3269 }
Christopher Haster 1:24750b9ad5ef 3270 #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Christopher Haster 1:24750b9ad5ef 3271
Christopher Haster 1:24750b9ad5ef 3272 #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 3273 /* Forward declaration */
Christopher Haster 1:24750b9ad5ef 3274 static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
Christopher Haster 1:24750b9ad5ef 3275
Christopher Haster 1:24750b9ad5ef 3276 /*
Christopher Haster 1:24750b9ad5ef 3277 * Without any SSL context, check if a datagram looks like a ClientHello with
Christopher Haster 1:24750b9ad5ef 3278 * a valid cookie, and if it doesn't, generate a HelloVerifyRequest message.
Christopher Haster 1:24750b9ad5ef 3279 * Both input and output include full DTLS headers.
Christopher Haster 1:24750b9ad5ef 3280 *
Christopher Haster 1:24750b9ad5ef 3281 * - if cookie is valid, return 0
Christopher Haster 1:24750b9ad5ef 3282 * - if ClientHello looks superficially valid but cookie is not,
Christopher Haster 1:24750b9ad5ef 3283 * fill obuf and set olen, then
Christopher Haster 1:24750b9ad5ef 3284 * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
Christopher Haster 1:24750b9ad5ef 3285 * - otherwise return a specific error code
Christopher Haster 1:24750b9ad5ef 3286 */
Christopher Haster 1:24750b9ad5ef 3287 static int ssl_check_dtls_clihlo_cookie(
Christopher Haster 1:24750b9ad5ef 3288 mbedtls_ssl_cookie_write_t *f_cookie_write,
Christopher Haster 1:24750b9ad5ef 3289 mbedtls_ssl_cookie_check_t *f_cookie_check,
Christopher Haster 1:24750b9ad5ef 3290 void *p_cookie,
Christopher Haster 1:24750b9ad5ef 3291 const unsigned char *cli_id, size_t cli_id_len,
Christopher Haster 1:24750b9ad5ef 3292 const unsigned char *in, size_t in_len,
Christopher Haster 1:24750b9ad5ef 3293 unsigned char *obuf, size_t buf_len, size_t *olen )
Christopher Haster 1:24750b9ad5ef 3294 {
Christopher Haster 1:24750b9ad5ef 3295 size_t sid_len, cookie_len;
Christopher Haster 1:24750b9ad5ef 3296 unsigned char *p;
Christopher Haster 1:24750b9ad5ef 3297
Christopher Haster 1:24750b9ad5ef 3298 if( f_cookie_write == NULL || f_cookie_check == NULL )
Christopher Haster 1:24750b9ad5ef 3299 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 3300
Christopher Haster 1:24750b9ad5ef 3301 /*
Christopher Haster 1:24750b9ad5ef 3302 * Structure of ClientHello with record and handshake headers,
Christopher Haster 1:24750b9ad5ef 3303 * and expected values. We don't need to check a lot, more checks will be
Christopher Haster 1:24750b9ad5ef 3304 * done when actually parsing the ClientHello - skipping those checks
Christopher Haster 1:24750b9ad5ef 3305 * avoids code duplication and does not make cookie forging any easier.
Christopher Haster 1:24750b9ad5ef 3306 *
Christopher Haster 1:24750b9ad5ef 3307 * 0-0 ContentType type; copied, must be handshake
Christopher Haster 1:24750b9ad5ef 3308 * 1-2 ProtocolVersion version; copied
Christopher Haster 1:24750b9ad5ef 3309 * 3-4 uint16 epoch; copied, must be 0
Christopher Haster 1:24750b9ad5ef 3310 * 5-10 uint48 sequence_number; copied
Christopher Haster 1:24750b9ad5ef 3311 * 11-12 uint16 length; (ignored)
Christopher Haster 1:24750b9ad5ef 3312 *
Christopher Haster 1:24750b9ad5ef 3313 * 13-13 HandshakeType msg_type; (ignored)
Christopher Haster 1:24750b9ad5ef 3314 * 14-16 uint24 length; (ignored)
Christopher Haster 1:24750b9ad5ef 3315 * 17-18 uint16 message_seq; copied
Christopher Haster 1:24750b9ad5ef 3316 * 19-21 uint24 fragment_offset; copied, must be 0
Christopher Haster 1:24750b9ad5ef 3317 * 22-24 uint24 fragment_length; (ignored)
Christopher Haster 1:24750b9ad5ef 3318 *
Christopher Haster 1:24750b9ad5ef 3319 * 25-26 ProtocolVersion client_version; (ignored)
Christopher Haster 1:24750b9ad5ef 3320 * 27-58 Random random; (ignored)
Christopher Haster 1:24750b9ad5ef 3321 * 59-xx SessionID session_id; 1 byte len + sid_len content
Christopher Haster 1:24750b9ad5ef 3322 * 60+ opaque cookie<0..2^8-1>; 1 byte len + content
Christopher Haster 1:24750b9ad5ef 3323 * ...
Christopher Haster 1:24750b9ad5ef 3324 *
Christopher Haster 1:24750b9ad5ef 3325 * Minimum length is 61 bytes.
Christopher Haster 1:24750b9ad5ef 3326 */
Christopher Haster 1:24750b9ad5ef 3327 if( in_len < 61 ||
Christopher Haster 1:24750b9ad5ef 3328 in[0] != MBEDTLS_SSL_MSG_HANDSHAKE ||
Christopher Haster 1:24750b9ad5ef 3329 in[3] != 0 || in[4] != 0 ||
Christopher Haster 1:24750b9ad5ef 3330 in[19] != 0 || in[20] != 0 || in[21] != 0 )
Christopher Haster 1:24750b9ad5ef 3331 {
Christopher Haster 1:24750b9ad5ef 3332 return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
Christopher Haster 1:24750b9ad5ef 3333 }
Christopher Haster 1:24750b9ad5ef 3334
Christopher Haster 1:24750b9ad5ef 3335 sid_len = in[59];
Christopher Haster 1:24750b9ad5ef 3336 if( sid_len > in_len - 61 )
Christopher Haster 1:24750b9ad5ef 3337 return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
Christopher Haster 1:24750b9ad5ef 3338
Christopher Haster 1:24750b9ad5ef 3339 cookie_len = in[60 + sid_len];
Christopher Haster 1:24750b9ad5ef 3340 if( cookie_len > in_len - 60 )
Christopher Haster 1:24750b9ad5ef 3341 return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
Christopher Haster 1:24750b9ad5ef 3342
Christopher Haster 1:24750b9ad5ef 3343 if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len,
Christopher Haster 1:24750b9ad5ef 3344 cli_id, cli_id_len ) == 0 )
Christopher Haster 1:24750b9ad5ef 3345 {
Christopher Haster 1:24750b9ad5ef 3346 /* Valid cookie */
Christopher Haster 1:24750b9ad5ef 3347 return( 0 );
Christopher Haster 1:24750b9ad5ef 3348 }
Christopher Haster 1:24750b9ad5ef 3349
Christopher Haster 1:24750b9ad5ef 3350 /*
Christopher Haster 1:24750b9ad5ef 3351 * If we get here, we've got an invalid cookie, let's prepare HVR.
Christopher Haster 1:24750b9ad5ef 3352 *
Christopher Haster 1:24750b9ad5ef 3353 * 0-0 ContentType type; copied
Christopher Haster 1:24750b9ad5ef 3354 * 1-2 ProtocolVersion version; copied
Christopher Haster 1:24750b9ad5ef 3355 * 3-4 uint16 epoch; copied
Christopher Haster 1:24750b9ad5ef 3356 * 5-10 uint48 sequence_number; copied
Christopher Haster 1:24750b9ad5ef 3357 * 11-12 uint16 length; olen - 13
Christopher Haster 1:24750b9ad5ef 3358 *
Christopher Haster 1:24750b9ad5ef 3359 * 13-13 HandshakeType msg_type; hello_verify_request
Christopher Haster 1:24750b9ad5ef 3360 * 14-16 uint24 length; olen - 25
Christopher Haster 1:24750b9ad5ef 3361 * 17-18 uint16 message_seq; copied
Christopher Haster 1:24750b9ad5ef 3362 * 19-21 uint24 fragment_offset; copied
Christopher Haster 1:24750b9ad5ef 3363 * 22-24 uint24 fragment_length; olen - 25
Christopher Haster 1:24750b9ad5ef 3364 *
Christopher Haster 1:24750b9ad5ef 3365 * 25-26 ProtocolVersion server_version; 0xfe 0xff
Christopher Haster 1:24750b9ad5ef 3366 * 27-27 opaque cookie<0..2^8-1>; cookie_len = olen - 27, cookie
Christopher Haster 1:24750b9ad5ef 3367 *
Christopher Haster 1:24750b9ad5ef 3368 * Minimum length is 28.
Christopher Haster 1:24750b9ad5ef 3369 */
Christopher Haster 1:24750b9ad5ef 3370 if( buf_len < 28 )
Christopher Haster 1:24750b9ad5ef 3371 return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
Christopher Haster 1:24750b9ad5ef 3372
Christopher Haster 1:24750b9ad5ef 3373 /* Copy most fields and adapt others */
Christopher Haster 1:24750b9ad5ef 3374 memcpy( obuf, in, 25 );
Christopher Haster 1:24750b9ad5ef 3375 obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST;
Christopher Haster 1:24750b9ad5ef 3376 obuf[25] = 0xfe;
Christopher Haster 1:24750b9ad5ef 3377 obuf[26] = 0xff;
Christopher Haster 1:24750b9ad5ef 3378
Christopher Haster 1:24750b9ad5ef 3379 /* Generate and write actual cookie */
Christopher Haster 1:24750b9ad5ef 3380 p = obuf + 28;
Christopher Haster 1:24750b9ad5ef 3381 if( f_cookie_write( p_cookie,
Christopher Haster 1:24750b9ad5ef 3382 &p, obuf + buf_len, cli_id, cli_id_len ) != 0 )
Christopher Haster 1:24750b9ad5ef 3383 {
Christopher Haster 1:24750b9ad5ef 3384 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 3385 }
Christopher Haster 1:24750b9ad5ef 3386
Christopher Haster 1:24750b9ad5ef 3387 *olen = p - obuf;
Christopher Haster 1:24750b9ad5ef 3388
Christopher Haster 1:24750b9ad5ef 3389 /* Go back and fill length fields */
Christopher Haster 1:24750b9ad5ef 3390 obuf[27] = (unsigned char)( *olen - 28 );
Christopher Haster 1:24750b9ad5ef 3391
Christopher Haster 1:24750b9ad5ef 3392 obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 );
Christopher Haster 1:24750b9ad5ef 3393 obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 );
Christopher Haster 1:24750b9ad5ef 3394 obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) );
Christopher Haster 1:24750b9ad5ef 3395
Christopher Haster 1:24750b9ad5ef 3396 obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 );
Christopher Haster 1:24750b9ad5ef 3397 obuf[12] = (unsigned char)( ( *olen - 13 ) );
Christopher Haster 1:24750b9ad5ef 3398
Christopher Haster 1:24750b9ad5ef 3399 return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
Christopher Haster 1:24750b9ad5ef 3400 }
Christopher Haster 1:24750b9ad5ef 3401
Christopher Haster 1:24750b9ad5ef 3402 /*
Christopher Haster 1:24750b9ad5ef 3403 * Handle possible client reconnect with the same UDP quadruplet
Christopher Haster 1:24750b9ad5ef 3404 * (RFC 6347 Section 4.2.8).
Christopher Haster 1:24750b9ad5ef 3405 *
Christopher Haster 1:24750b9ad5ef 3406 * Called by ssl_parse_record_header() in case we receive an epoch 0 record
Christopher Haster 1:24750b9ad5ef 3407 * that looks like a ClientHello.
Christopher Haster 1:24750b9ad5ef 3408 *
Christopher Haster 1:24750b9ad5ef 3409 * - if the input looks like a ClientHello without cookies,
Christopher Haster 1:24750b9ad5ef 3410 * send back HelloVerifyRequest, then
Christopher Haster 1:24750b9ad5ef 3411 * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
Christopher Haster 1:24750b9ad5ef 3412 * - if the input looks like a ClientHello with a valid cookie,
Christopher Haster 1:24750b9ad5ef 3413 * reset the session of the current context, and
Christopher Haster 1:24750b9ad5ef 3414 * return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
Christopher Haster 1:24750b9ad5ef 3415 * - if anything goes wrong, return a specific error code
Christopher Haster 1:24750b9ad5ef 3416 *
Christopher Haster 1:24750b9ad5ef 3417 * mbedtls_ssl_read_record() will ignore the record if anything else than
Christopher Haster 1:24750b9ad5ef 3418 * MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function
Christopher Haster 1:24750b9ad5ef 3419 * cannot not return 0.
Christopher Haster 1:24750b9ad5ef 3420 */
Christopher Haster 1:24750b9ad5ef 3421 static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 3422 {
Christopher Haster 1:24750b9ad5ef 3423 int ret;
Christopher Haster 1:24750b9ad5ef 3424 size_t len;
Christopher Haster 1:24750b9ad5ef 3425
Christopher Haster 1:24750b9ad5ef 3426 ret = ssl_check_dtls_clihlo_cookie(
Christopher Haster 1:24750b9ad5ef 3427 ssl->conf->f_cookie_write,
Christopher Haster 1:24750b9ad5ef 3428 ssl->conf->f_cookie_check,
Christopher Haster 1:24750b9ad5ef 3429 ssl->conf->p_cookie,
Christopher Haster 1:24750b9ad5ef 3430 ssl->cli_id, ssl->cli_id_len,
Christopher Haster 1:24750b9ad5ef 3431 ssl->in_buf, ssl->in_left,
Christopher Haster 1:24750b9ad5ef 3432 ssl->out_buf, MBEDTLS_SSL_MAX_CONTENT_LEN, &len );
Christopher Haster 1:24750b9ad5ef 3433
Christopher Haster 1:24750b9ad5ef 3434 MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret );
Christopher Haster 1:24750b9ad5ef 3435
Christopher Haster 1:24750b9ad5ef 3436 if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
Christopher Haster 1:24750b9ad5ef 3437 {
Christopher Haster 1:24750b9ad5ef 3438 /* Dont check write errors as we can't do anything here.
Christopher Haster 1:24750b9ad5ef 3439 * If the error is permanent we'll catch it later,
Christopher Haster 1:24750b9ad5ef 3440 * if it's not, then hopefully it'll work next time. */
Christopher Haster 1:24750b9ad5ef 3441 (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len );
Christopher Haster 1:24750b9ad5ef 3442
Christopher Haster 1:24750b9ad5ef 3443 return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
Christopher Haster 1:24750b9ad5ef 3444 }
Christopher Haster 1:24750b9ad5ef 3445
Christopher Haster 1:24750b9ad5ef 3446 if( ret == 0 )
Christopher Haster 1:24750b9ad5ef 3447 {
Christopher Haster 1:24750b9ad5ef 3448 /* Got a valid cookie, partially reset context */
Christopher Haster 1:24750b9ad5ef 3449 if( ( ret = ssl_session_reset_int( ssl, 1 ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3450 {
Christopher Haster 1:24750b9ad5ef 3451 MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret );
Christopher Haster 1:24750b9ad5ef 3452 return( ret );
Christopher Haster 1:24750b9ad5ef 3453 }
Christopher Haster 1:24750b9ad5ef 3454
Christopher Haster 1:24750b9ad5ef 3455 return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT );
Christopher Haster 1:24750b9ad5ef 3456 }
Christopher Haster 1:24750b9ad5ef 3457
Christopher Haster 1:24750b9ad5ef 3458 return( ret );
Christopher Haster 1:24750b9ad5ef 3459 }
Christopher Haster 1:24750b9ad5ef 3460 #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
Christopher Haster 1:24750b9ad5ef 3461
Christopher Haster 1:24750b9ad5ef 3462 /*
Christopher Haster 1:24750b9ad5ef 3463 * ContentType type;
Christopher Haster 1:24750b9ad5ef 3464 * ProtocolVersion version;
Christopher Haster 1:24750b9ad5ef 3465 * uint16 epoch; // DTLS only
Christopher Haster 1:24750b9ad5ef 3466 * uint48 sequence_number; // DTLS only
Christopher Haster 1:24750b9ad5ef 3467 * uint16 length;
Christopher Haster 1:24750b9ad5ef 3468 */
Christopher Haster 1:24750b9ad5ef 3469 static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 3470 {
Christopher Haster 1:24750b9ad5ef 3471 int ret;
Christopher Haster 1:24750b9ad5ef 3472 int major_ver, minor_ver;
Christopher Haster 1:24750b9ad5ef 3473
Christopher Haster 1:24750b9ad5ef 3474 MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) );
Christopher Haster 1:24750b9ad5ef 3475
Christopher Haster 1:24750b9ad5ef 3476 ssl->in_msgtype = ssl->in_hdr[0];
Christopher Haster 1:24750b9ad5ef 3477 ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
Christopher Haster 1:24750b9ad5ef 3478 mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 );
Christopher Haster 1:24750b9ad5ef 3479
Christopher Haster 1:24750b9ad5ef 3480 MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
Christopher Haster 1:24750b9ad5ef 3481 "version = [%d:%d], msglen = %d",
Christopher Haster 1:24750b9ad5ef 3482 ssl->in_msgtype,
Christopher Haster 1:24750b9ad5ef 3483 major_ver, minor_ver, ssl->in_msglen ) );
Christopher Haster 1:24750b9ad5ef 3484
Christopher Haster 1:24750b9ad5ef 3485 /* Check record type */
Christopher Haster 1:24750b9ad5ef 3486 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
Christopher Haster 1:24750b9ad5ef 3487 ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT &&
Christopher Haster 1:24750b9ad5ef 3488 ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
Christopher Haster 1:24750b9ad5ef 3489 ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
Christopher Haster 1:24750b9ad5ef 3490 {
Christopher Haster 1:24750b9ad5ef 3491 MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
Christopher Haster 1:24750b9ad5ef 3492
Christopher Haster 1:24750b9ad5ef 3493 if( ( ret = mbedtls_ssl_send_alert_message( ssl,
Christopher Haster 1:24750b9ad5ef 3494 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
Christopher Haster 1:24750b9ad5ef 3495 MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3496 {
Christopher Haster 1:24750b9ad5ef 3497 return( ret );
Christopher Haster 1:24750b9ad5ef 3498 }
Christopher Haster 1:24750b9ad5ef 3499
Christopher Haster 1:24750b9ad5ef 3500 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3501 }
Christopher Haster 1:24750b9ad5ef 3502
Christopher Haster 1:24750b9ad5ef 3503 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 3504 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 3505 {
Christopher Haster 1:24750b9ad5ef 3506 /* Drop unexpected ChangeCipherSpec messages */
Christopher Haster 1:24750b9ad5ef 3507 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
Christopher Haster 1:24750b9ad5ef 3508 ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
Christopher Haster 1:24750b9ad5ef 3509 ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
Christopher Haster 1:24750b9ad5ef 3510 {
Christopher Haster 1:24750b9ad5ef 3511 MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
Christopher Haster 1:24750b9ad5ef 3512 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3513 }
Christopher Haster 1:24750b9ad5ef 3514
Christopher Haster 1:24750b9ad5ef 3515 /* Drop unexpected ApplicationData records,
Christopher Haster 1:24750b9ad5ef 3516 * except at the beginning of renegotiations */
Christopher Haster 1:24750b9ad5ef 3517 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
Christopher Haster 1:24750b9ad5ef 3518 ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
Christopher Haster 1:24750b9ad5ef 3519 #if defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 3520 && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
Christopher Haster 1:24750b9ad5ef 3521 ssl->state == MBEDTLS_SSL_SERVER_HELLO )
Christopher Haster 1:24750b9ad5ef 3522 #endif
Christopher Haster 1:24750b9ad5ef 3523 )
Christopher Haster 1:24750b9ad5ef 3524 {
Christopher Haster 1:24750b9ad5ef 3525 MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
Christopher Haster 1:24750b9ad5ef 3526 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3527 }
Christopher Haster 1:24750b9ad5ef 3528 }
Christopher Haster 1:24750b9ad5ef 3529 #endif
Christopher Haster 1:24750b9ad5ef 3530
Christopher Haster 1:24750b9ad5ef 3531 /* Check version */
Christopher Haster 1:24750b9ad5ef 3532 if( major_ver != ssl->major_ver )
Christopher Haster 1:24750b9ad5ef 3533 {
Christopher Haster 1:24750b9ad5ef 3534 MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
Christopher Haster 1:24750b9ad5ef 3535 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3536 }
Christopher Haster 1:24750b9ad5ef 3537
Christopher Haster 1:24750b9ad5ef 3538 if( minor_ver > ssl->conf->max_minor_ver )
Christopher Haster 1:24750b9ad5ef 3539 {
Christopher Haster 1:24750b9ad5ef 3540 MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
Christopher Haster 1:24750b9ad5ef 3541 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3542 }
Christopher Haster 1:24750b9ad5ef 3543
Christopher Haster 1:24750b9ad5ef 3544 /* Check epoch (and sequence number) with DTLS */
Christopher Haster 1:24750b9ad5ef 3545 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 3546 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 3547 {
Christopher Haster 1:24750b9ad5ef 3548 unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
Christopher Haster 1:24750b9ad5ef 3549
Christopher Haster 1:24750b9ad5ef 3550 if( rec_epoch != ssl->in_epoch )
Christopher Haster 1:24750b9ad5ef 3551 {
Christopher Haster 1:24750b9ad5ef 3552 MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
Christopher Haster 1:24750b9ad5ef 3553 "expected %d, received %d",
Christopher Haster 1:24750b9ad5ef 3554 ssl->in_epoch, rec_epoch ) );
Christopher Haster 1:24750b9ad5ef 3555
Christopher Haster 1:24750b9ad5ef 3556 #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 3557 /*
Christopher Haster 1:24750b9ad5ef 3558 * Check for an epoch 0 ClientHello. We can't use in_msg here to
Christopher Haster 1:24750b9ad5ef 3559 * access the first byte of record content (handshake type), as we
Christopher Haster 1:24750b9ad5ef 3560 * have an active transform (possibly iv_len != 0), so use the
Christopher Haster 1:24750b9ad5ef 3561 * fact that the record header len is 13 instead.
Christopher Haster 1:24750b9ad5ef 3562 */
Christopher Haster 1:24750b9ad5ef 3563 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
Christopher Haster 1:24750b9ad5ef 3564 ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
Christopher Haster 1:24750b9ad5ef 3565 rec_epoch == 0 &&
Christopher Haster 1:24750b9ad5ef 3566 ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
Christopher Haster 1:24750b9ad5ef 3567 ssl->in_left > 13 &&
Christopher Haster 1:24750b9ad5ef 3568 ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO )
Christopher Haster 1:24750b9ad5ef 3569 {
Christopher Haster 1:24750b9ad5ef 3570 MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect "
Christopher Haster 1:24750b9ad5ef 3571 "from the same port" ) );
Christopher Haster 1:24750b9ad5ef 3572 return( ssl_handle_possible_reconnect( ssl ) );
Christopher Haster 1:24750b9ad5ef 3573 }
Christopher Haster 1:24750b9ad5ef 3574 else
Christopher Haster 1:24750b9ad5ef 3575 #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
Christopher Haster 1:24750b9ad5ef 3576 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3577 }
Christopher Haster 1:24750b9ad5ef 3578
Christopher Haster 1:24750b9ad5ef 3579 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
Christopher Haster 1:24750b9ad5ef 3580 /* Replay detection only works for the current epoch */
Christopher Haster 1:24750b9ad5ef 3581 if( rec_epoch == ssl->in_epoch &&
Christopher Haster 1:24750b9ad5ef 3582 mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
Christopher Haster 1:24750b9ad5ef 3583 {
Christopher Haster 1:24750b9ad5ef 3584 MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) );
Christopher Haster 1:24750b9ad5ef 3585 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3586 }
Christopher Haster 1:24750b9ad5ef 3587 #endif
Christopher Haster 1:24750b9ad5ef 3588 }
Christopher Haster 1:24750b9ad5ef 3589 #endif /* MBEDTLS_SSL_PROTO_DTLS */
Christopher Haster 1:24750b9ad5ef 3590
Christopher Haster 1:24750b9ad5ef 3591 /* Check length against the size of our buffer */
Christopher Haster 1:24750b9ad5ef 3592 if( ssl->in_msglen > MBEDTLS_SSL_BUFFER_LEN
Christopher Haster 1:24750b9ad5ef 3593 - (size_t)( ssl->in_msg - ssl->in_buf ) )
Christopher Haster 1:24750b9ad5ef 3594 {
Christopher Haster 1:24750b9ad5ef 3595 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
Christopher Haster 1:24750b9ad5ef 3596 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3597 }
Christopher Haster 1:24750b9ad5ef 3598
Christopher Haster 1:24750b9ad5ef 3599 /* Check length against bounds of the current transform and version */
Christopher Haster 1:24750b9ad5ef 3600 if( ssl->transform_in == NULL )
Christopher Haster 1:24750b9ad5ef 3601 {
Christopher Haster 1:24750b9ad5ef 3602 if( ssl->in_msglen < 1 ||
Christopher Haster 1:24750b9ad5ef 3603 ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
Christopher Haster 1:24750b9ad5ef 3604 {
Christopher Haster 1:24750b9ad5ef 3605 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
Christopher Haster 1:24750b9ad5ef 3606 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3607 }
Christopher Haster 1:24750b9ad5ef 3608 }
Christopher Haster 1:24750b9ad5ef 3609 else
Christopher Haster 1:24750b9ad5ef 3610 {
Christopher Haster 1:24750b9ad5ef 3611 if( ssl->in_msglen < ssl->transform_in->minlen )
Christopher Haster 1:24750b9ad5ef 3612 {
Christopher Haster 1:24750b9ad5ef 3613 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
Christopher Haster 1:24750b9ad5ef 3614 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3615 }
Christopher Haster 1:24750b9ad5ef 3616
Christopher Haster 1:24750b9ad5ef 3617 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 3618 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
Christopher Haster 1:24750b9ad5ef 3619 ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN )
Christopher Haster 1:24750b9ad5ef 3620 {
Christopher Haster 1:24750b9ad5ef 3621 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
Christopher Haster 1:24750b9ad5ef 3622 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3623 }
Christopher Haster 1:24750b9ad5ef 3624 #endif
Christopher Haster 1:24750b9ad5ef 3625 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
Christopher Haster 1:24750b9ad5ef 3626 defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 3627 /*
Christopher Haster 1:24750b9ad5ef 3628 * TLS encrypted messages can have up to 256 bytes of padding
Christopher Haster 1:24750b9ad5ef 3629 */
Christopher Haster 1:24750b9ad5ef 3630 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 &&
Christopher Haster 1:24750b9ad5ef 3631 ssl->in_msglen > ssl->transform_in->minlen +
Christopher Haster 1:24750b9ad5ef 3632 MBEDTLS_SSL_MAX_CONTENT_LEN + 256 )
Christopher Haster 1:24750b9ad5ef 3633 {
Christopher Haster 1:24750b9ad5ef 3634 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
Christopher Haster 1:24750b9ad5ef 3635 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3636 }
Christopher Haster 1:24750b9ad5ef 3637 #endif
Christopher Haster 1:24750b9ad5ef 3638 }
Christopher Haster 1:24750b9ad5ef 3639
Christopher Haster 1:24750b9ad5ef 3640 return( 0 );
Christopher Haster 1:24750b9ad5ef 3641 }
Christopher Haster 1:24750b9ad5ef 3642
Christopher Haster 1:24750b9ad5ef 3643 /*
Christopher Haster 1:24750b9ad5ef 3644 * If applicable, decrypt (and decompress) record content
Christopher Haster 1:24750b9ad5ef 3645 */
Christopher Haster 1:24750b9ad5ef 3646 static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 3647 {
Christopher Haster 1:24750b9ad5ef 3648 int ret, done = 0;
Christopher Haster 1:24750b9ad5ef 3649
Christopher Haster 1:24750b9ad5ef 3650 MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
Christopher Haster 1:24750b9ad5ef 3651 ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen );
Christopher Haster 1:24750b9ad5ef 3652
Christopher Haster 1:24750b9ad5ef 3653 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
Christopher Haster 1:24750b9ad5ef 3654 if( mbedtls_ssl_hw_record_read != NULL )
Christopher Haster 1:24750b9ad5ef 3655 {
Christopher Haster 1:24750b9ad5ef 3656 MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_read()" ) );
Christopher Haster 1:24750b9ad5ef 3657
Christopher Haster 1:24750b9ad5ef 3658 ret = mbedtls_ssl_hw_record_read( ssl );
Christopher Haster 1:24750b9ad5ef 3659 if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH )
Christopher Haster 1:24750b9ad5ef 3660 {
Christopher Haster 1:24750b9ad5ef 3661 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_read", ret );
Christopher Haster 1:24750b9ad5ef 3662 return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
Christopher Haster 1:24750b9ad5ef 3663 }
Christopher Haster 1:24750b9ad5ef 3664
Christopher Haster 1:24750b9ad5ef 3665 if( ret == 0 )
Christopher Haster 1:24750b9ad5ef 3666 done = 1;
Christopher Haster 1:24750b9ad5ef 3667 }
Christopher Haster 1:24750b9ad5ef 3668 #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
Christopher Haster 1:24750b9ad5ef 3669 if( !done && ssl->transform_in != NULL )
Christopher Haster 1:24750b9ad5ef 3670 {
Christopher Haster 1:24750b9ad5ef 3671 if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3672 {
Christopher Haster 1:24750b9ad5ef 3673 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
Christopher Haster 1:24750b9ad5ef 3674 return( ret );
Christopher Haster 1:24750b9ad5ef 3675 }
Christopher Haster 1:24750b9ad5ef 3676
Christopher Haster 1:24750b9ad5ef 3677 MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
Christopher Haster 1:24750b9ad5ef 3678 ssl->in_msg, ssl->in_msglen );
Christopher Haster 1:24750b9ad5ef 3679
Christopher Haster 1:24750b9ad5ef 3680 if( ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
Christopher Haster 1:24750b9ad5ef 3681 {
Christopher Haster 1:24750b9ad5ef 3682 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
Christopher Haster 1:24750b9ad5ef 3683 return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Christopher Haster 1:24750b9ad5ef 3684 }
Christopher Haster 1:24750b9ad5ef 3685 }
Christopher Haster 1:24750b9ad5ef 3686
Christopher Haster 1:24750b9ad5ef 3687 #if defined(MBEDTLS_ZLIB_SUPPORT)
Christopher Haster 1:24750b9ad5ef 3688 if( ssl->transform_in != NULL &&
Christopher Haster 1:24750b9ad5ef 3689 ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
Christopher Haster 1:24750b9ad5ef 3690 {
Christopher Haster 1:24750b9ad5ef 3691 if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3692 {
Christopher Haster 1:24750b9ad5ef 3693 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret );
Christopher Haster 1:24750b9ad5ef 3694 return( ret );
Christopher Haster 1:24750b9ad5ef 3695 }
Christopher Haster 1:24750b9ad5ef 3696
Christopher Haster 1:24750b9ad5ef 3697 // TODO: what's the purpose of these lines? is in_len used?
Christopher Haster 1:24750b9ad5ef 3698 ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 );
Christopher Haster 1:24750b9ad5ef 3699 ssl->in_len[1] = (unsigned char)( ssl->in_msglen );
Christopher Haster 1:24750b9ad5ef 3700 }
Christopher Haster 1:24750b9ad5ef 3701 #endif /* MBEDTLS_ZLIB_SUPPORT */
Christopher Haster 1:24750b9ad5ef 3702
Christopher Haster 1:24750b9ad5ef 3703 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
Christopher Haster 1:24750b9ad5ef 3704 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 3705 {
Christopher Haster 1:24750b9ad5ef 3706 mbedtls_ssl_dtls_replay_update( ssl );
Christopher Haster 1:24750b9ad5ef 3707 }
Christopher Haster 1:24750b9ad5ef 3708 #endif
Christopher Haster 1:24750b9ad5ef 3709
Christopher Haster 1:24750b9ad5ef 3710 return( 0 );
Christopher Haster 1:24750b9ad5ef 3711 }
Christopher Haster 1:24750b9ad5ef 3712
Christopher Haster 1:24750b9ad5ef 3713 static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
Christopher Haster 1:24750b9ad5ef 3714
Christopher Haster 1:24750b9ad5ef 3715 /*
Christopher Haster 1:24750b9ad5ef 3716 * Read a record.
Christopher Haster 1:24750b9ad5ef 3717 *
Christopher Haster 1:24750b9ad5ef 3718 * Silently ignore non-fatal alert (and for DTLS, invalid records as well,
Christopher Haster 1:24750b9ad5ef 3719 * RFC 6347 4.1.2.7) and continue reading until a valid record is found.
Christopher Haster 1:24750b9ad5ef 3720 *
Christopher Haster 1:24750b9ad5ef 3721 */
Christopher Haster 1:24750b9ad5ef 3722 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 3723 {
Christopher Haster 1:24750b9ad5ef 3724 int ret;
Christopher Haster 1:24750b9ad5ef 3725
Christopher Haster 1:24750b9ad5ef 3726 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) );
Christopher Haster 1:24750b9ad5ef 3727
Christopher Haster 1:24750b9ad5ef 3728 if( ssl->in_hslen != 0 && ssl->in_hslen < ssl->in_msglen )
Christopher Haster 1:24750b9ad5ef 3729 {
Christopher Haster 1:24750b9ad5ef 3730 /*
Christopher Haster 1:24750b9ad5ef 3731 * Get next Handshake message in the current record
Christopher Haster 1:24750b9ad5ef 3732 */
Christopher Haster 1:24750b9ad5ef 3733 ssl->in_msglen -= ssl->in_hslen;
Christopher Haster 1:24750b9ad5ef 3734
Christopher Haster 1:24750b9ad5ef 3735 memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
Christopher Haster 1:24750b9ad5ef 3736 ssl->in_msglen );
Christopher Haster 1:24750b9ad5ef 3737
Christopher Haster 1:24750b9ad5ef 3738 MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record",
Christopher Haster 1:24750b9ad5ef 3739 ssl->in_msg, ssl->in_msglen );
Christopher Haster 1:24750b9ad5ef 3740
Christopher Haster 1:24750b9ad5ef 3741 if( ( ret = ssl_prepare_handshake_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3742 return( ret );
Christopher Haster 1:24750b9ad5ef 3743
Christopher Haster 1:24750b9ad5ef 3744 return( 0 );
Christopher Haster 1:24750b9ad5ef 3745 }
Christopher Haster 1:24750b9ad5ef 3746
Christopher Haster 1:24750b9ad5ef 3747 ssl->in_hslen = 0;
Christopher Haster 1:24750b9ad5ef 3748
Christopher Haster 1:24750b9ad5ef 3749 /*
Christopher Haster 1:24750b9ad5ef 3750 * Read the record header and parse it
Christopher Haster 1:24750b9ad5ef 3751 */
Christopher Haster 1:24750b9ad5ef 3752 read_record_header:
Christopher Haster 1:24750b9ad5ef 3753 if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3754 {
Christopher Haster 1:24750b9ad5ef 3755 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
Christopher Haster 1:24750b9ad5ef 3756 return( ret );
Christopher Haster 1:24750b9ad5ef 3757 }
Christopher Haster 1:24750b9ad5ef 3758
Christopher Haster 1:24750b9ad5ef 3759 if( ( ret = ssl_parse_record_header( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3760 {
Christopher Haster 1:24750b9ad5ef 3761 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 3762 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
Christopher Haster 1:24750b9ad5ef 3763 ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
Christopher Haster 1:24750b9ad5ef 3764 {
Christopher Haster 1:24750b9ad5ef 3765 /* Ignore bad record and get next one; drop the whole datagram
Christopher Haster 1:24750b9ad5ef 3766 * since current header cannot be trusted to find the next record
Christopher Haster 1:24750b9ad5ef 3767 * in current datagram */
Christopher Haster 1:24750b9ad5ef 3768 ssl->next_record_offset = 0;
Christopher Haster 1:24750b9ad5ef 3769 ssl->in_left = 0;
Christopher Haster 1:24750b9ad5ef 3770
Christopher Haster 1:24750b9ad5ef 3771 MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (header)" ) );
Christopher Haster 1:24750b9ad5ef 3772 goto read_record_header;
Christopher Haster 1:24750b9ad5ef 3773 }
Christopher Haster 1:24750b9ad5ef 3774 #endif
Christopher Haster 1:24750b9ad5ef 3775 return( ret );
Christopher Haster 1:24750b9ad5ef 3776 }
Christopher Haster 1:24750b9ad5ef 3777
Christopher Haster 1:24750b9ad5ef 3778 /*
Christopher Haster 1:24750b9ad5ef 3779 * Read and optionally decrypt the message contents
Christopher Haster 1:24750b9ad5ef 3780 */
Christopher Haster 1:24750b9ad5ef 3781 if( ( ret = mbedtls_ssl_fetch_input( ssl,
Christopher Haster 1:24750b9ad5ef 3782 mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3783 {
Christopher Haster 1:24750b9ad5ef 3784 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
Christopher Haster 1:24750b9ad5ef 3785 return( ret );
Christopher Haster 1:24750b9ad5ef 3786 }
Christopher Haster 1:24750b9ad5ef 3787
Christopher Haster 1:24750b9ad5ef 3788 /* Done reading this record, get ready for the next one */
Christopher Haster 1:24750b9ad5ef 3789 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 3790 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 3791 ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
Christopher Haster 1:24750b9ad5ef 3792 else
Christopher Haster 1:24750b9ad5ef 3793 #endif
Christopher Haster 1:24750b9ad5ef 3794 ssl->in_left = 0;
Christopher Haster 1:24750b9ad5ef 3795
Christopher Haster 1:24750b9ad5ef 3796 if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3797 {
Christopher Haster 1:24750b9ad5ef 3798 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 3799 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 3800 {
Christopher Haster 1:24750b9ad5ef 3801 /* Silently discard invalid records */
Christopher Haster 1:24750b9ad5ef 3802 if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD ||
Christopher Haster 1:24750b9ad5ef 3803 ret == MBEDTLS_ERR_SSL_INVALID_MAC )
Christopher Haster 1:24750b9ad5ef 3804 {
Christopher Haster 1:24750b9ad5ef 3805 /* Except when waiting for Finished as a bad mac here
Christopher Haster 1:24750b9ad5ef 3806 * probably means something went wrong in the handshake
Christopher Haster 1:24750b9ad5ef 3807 * (eg wrong psk used, mitm downgrade attempt, etc.) */
Christopher Haster 1:24750b9ad5ef 3808 if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED ||
Christopher Haster 1:24750b9ad5ef 3809 ssl->state == MBEDTLS_SSL_SERVER_FINISHED )
Christopher Haster 1:24750b9ad5ef 3810 {
Christopher Haster 1:24750b9ad5ef 3811 #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
Christopher Haster 1:24750b9ad5ef 3812 if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
Christopher Haster 1:24750b9ad5ef 3813 {
Christopher Haster 1:24750b9ad5ef 3814 mbedtls_ssl_send_alert_message( ssl,
Christopher Haster 1:24750b9ad5ef 3815 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
Christopher Haster 1:24750b9ad5ef 3816 MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
Christopher Haster 1:24750b9ad5ef 3817 }
Christopher Haster 1:24750b9ad5ef 3818 #endif
Christopher Haster 1:24750b9ad5ef 3819 return( ret );
Christopher Haster 1:24750b9ad5ef 3820 }
Christopher Haster 1:24750b9ad5ef 3821
Christopher Haster 1:24750b9ad5ef 3822 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
Christopher Haster 1:24750b9ad5ef 3823 if( ssl->conf->badmac_limit != 0 &&
Christopher Haster 1:24750b9ad5ef 3824 ++ssl->badmac_seen >= ssl->conf->badmac_limit )
Christopher Haster 1:24750b9ad5ef 3825 {
Christopher Haster 1:24750b9ad5ef 3826 MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) );
Christopher Haster 1:24750b9ad5ef 3827 return( MBEDTLS_ERR_SSL_INVALID_MAC );
Christopher Haster 1:24750b9ad5ef 3828 }
Christopher Haster 1:24750b9ad5ef 3829 #endif
Christopher Haster 1:24750b9ad5ef 3830
Christopher Haster 1:24750b9ad5ef 3831 MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) );
Christopher Haster 1:24750b9ad5ef 3832 goto read_record_header;
Christopher Haster 1:24750b9ad5ef 3833 }
Christopher Haster 1:24750b9ad5ef 3834
Christopher Haster 1:24750b9ad5ef 3835 return( ret );
Christopher Haster 1:24750b9ad5ef 3836 }
Christopher Haster 1:24750b9ad5ef 3837 else
Christopher Haster 1:24750b9ad5ef 3838 #endif
Christopher Haster 1:24750b9ad5ef 3839 {
Christopher Haster 1:24750b9ad5ef 3840 /* Error out (and send alert) on invalid records */
Christopher Haster 1:24750b9ad5ef 3841 #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
Christopher Haster 1:24750b9ad5ef 3842 if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
Christopher Haster 1:24750b9ad5ef 3843 {
Christopher Haster 1:24750b9ad5ef 3844 mbedtls_ssl_send_alert_message( ssl,
Christopher Haster 1:24750b9ad5ef 3845 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
Christopher Haster 1:24750b9ad5ef 3846 MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
Christopher Haster 1:24750b9ad5ef 3847 }
Christopher Haster 1:24750b9ad5ef 3848 #endif
Christopher Haster 1:24750b9ad5ef 3849 return( ret );
Christopher Haster 1:24750b9ad5ef 3850 }
Christopher Haster 1:24750b9ad5ef 3851 }
Christopher Haster 1:24750b9ad5ef 3852
Christopher Haster 1:24750b9ad5ef 3853 /*
Christopher Haster 1:24750b9ad5ef 3854 * When we sent the last flight of the handshake, we MUST respond to a
Christopher Haster 1:24750b9ad5ef 3855 * retransmit of the peer's previous flight with a retransmit. (In
Christopher Haster 1:24750b9ad5ef 3856 * practice, only the Finished message will make it, other messages
Christopher Haster 1:24750b9ad5ef 3857 * including CCS use the old transform so they're dropped as invalid.)
Christopher Haster 1:24750b9ad5ef 3858 *
Christopher Haster 1:24750b9ad5ef 3859 * If the record we received is not a handshake message, however, it
Christopher Haster 1:24750b9ad5ef 3860 * means the peer received our last flight so we can clean up
Christopher Haster 1:24750b9ad5ef 3861 * handshake info.
Christopher Haster 1:24750b9ad5ef 3862 *
Christopher Haster 1:24750b9ad5ef 3863 * This check needs to be done before prepare_handshake() due to an edge
Christopher Haster 1:24750b9ad5ef 3864 * case: if the client immediately requests renegotiation, this
Christopher Haster 1:24750b9ad5ef 3865 * finishes the current handshake first, avoiding the new ClientHello
Christopher Haster 1:24750b9ad5ef 3866 * being mistaken for an ancient message in the current handshake.
Christopher Haster 1:24750b9ad5ef 3867 */
Christopher Haster 1:24750b9ad5ef 3868 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 3869 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
Christopher Haster 1:24750b9ad5ef 3870 ssl->handshake != NULL &&
Christopher Haster 1:24750b9ad5ef 3871 ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
Christopher Haster 1:24750b9ad5ef 3872 {
Christopher Haster 1:24750b9ad5ef 3873 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
Christopher Haster 1:24750b9ad5ef 3874 ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
Christopher Haster 1:24750b9ad5ef 3875 {
Christopher Haster 1:24750b9ad5ef 3876 MBEDTLS_SSL_DEBUG_MSG( 2, ( "received retransmit of last flight" ) );
Christopher Haster 1:24750b9ad5ef 3877
Christopher Haster 1:24750b9ad5ef 3878 if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3879 {
Christopher Haster 1:24750b9ad5ef 3880 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
Christopher Haster 1:24750b9ad5ef 3881 return( ret );
Christopher Haster 1:24750b9ad5ef 3882 }
Christopher Haster 1:24750b9ad5ef 3883
Christopher Haster 1:24750b9ad5ef 3884 return( MBEDTLS_ERR_SSL_WANT_READ );
Christopher Haster 1:24750b9ad5ef 3885 }
Christopher Haster 1:24750b9ad5ef 3886 else
Christopher Haster 1:24750b9ad5ef 3887 {
Christopher Haster 1:24750b9ad5ef 3888 ssl_handshake_wrapup_free_hs_transform( ssl );
Christopher Haster 1:24750b9ad5ef 3889 }
Christopher Haster 1:24750b9ad5ef 3890 }
Christopher Haster 1:24750b9ad5ef 3891 #endif
Christopher Haster 1:24750b9ad5ef 3892
Christopher Haster 1:24750b9ad5ef 3893 /*
Christopher Haster 1:24750b9ad5ef 3894 * Handle particular types of records
Christopher Haster 1:24750b9ad5ef 3895 */
Christopher Haster 1:24750b9ad5ef 3896 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
Christopher Haster 1:24750b9ad5ef 3897 {
Christopher Haster 1:24750b9ad5ef 3898 if( ( ret = ssl_prepare_handshake_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3899 return( ret );
Christopher Haster 1:24750b9ad5ef 3900 }
Christopher Haster 1:24750b9ad5ef 3901
Christopher Haster 1:24750b9ad5ef 3902 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
Christopher Haster 1:24750b9ad5ef 3903 {
Christopher Haster 1:24750b9ad5ef 3904 MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
Christopher Haster 1:24750b9ad5ef 3905 ssl->in_msg[0], ssl->in_msg[1] ) );
Christopher Haster 1:24750b9ad5ef 3906
Christopher Haster 1:24750b9ad5ef 3907 /*
Christopher Haster 1:24750b9ad5ef 3908 * Ignore non-fatal alerts, except close_notify and no_renegotiation
Christopher Haster 1:24750b9ad5ef 3909 */
Christopher Haster 1:24750b9ad5ef 3910 if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL )
Christopher Haster 1:24750b9ad5ef 3911 {
Christopher Haster 1:24750b9ad5ef 3912 MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)",
Christopher Haster 1:24750b9ad5ef 3913 ssl->in_msg[1] ) );
Christopher Haster 1:24750b9ad5ef 3914 return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE );
Christopher Haster 1:24750b9ad5ef 3915 }
Christopher Haster 1:24750b9ad5ef 3916
Christopher Haster 1:24750b9ad5ef 3917 if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
Christopher Haster 1:24750b9ad5ef 3918 ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY )
Christopher Haster 1:24750b9ad5ef 3919 {
Christopher Haster 1:24750b9ad5ef 3920 MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
Christopher Haster 1:24750b9ad5ef 3921 return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY );
Christopher Haster 1:24750b9ad5ef 3922 }
Christopher Haster 1:24750b9ad5ef 3923
Christopher Haster 1:24750b9ad5ef 3924 #if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED)
Christopher Haster 1:24750b9ad5ef 3925 if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
Christopher Haster 1:24750b9ad5ef 3926 ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION )
Christopher Haster 1:24750b9ad5ef 3927 {
Christopher Haster 1:24750b9ad5ef 3928 MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
Christopher Haster 1:24750b9ad5ef 3929 /* Will be handled when trying to parse ServerHello */
Christopher Haster 1:24750b9ad5ef 3930 return( 0 );
Christopher Haster 1:24750b9ad5ef 3931 }
Christopher Haster 1:24750b9ad5ef 3932 #endif
Christopher Haster 1:24750b9ad5ef 3933
Christopher Haster 1:24750b9ad5ef 3934 #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 3935 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
Christopher Haster 1:24750b9ad5ef 3936 ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
Christopher Haster 1:24750b9ad5ef 3937 ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
Christopher Haster 1:24750b9ad5ef 3938 ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
Christopher Haster 1:24750b9ad5ef 3939 {
Christopher Haster 1:24750b9ad5ef 3940 MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
Christopher Haster 1:24750b9ad5ef 3941 /* Will be handled in mbedtls_ssl_parse_certificate() */
Christopher Haster 1:24750b9ad5ef 3942 return( 0 );
Christopher Haster 1:24750b9ad5ef 3943 }
Christopher Haster 1:24750b9ad5ef 3944 #endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
Christopher Haster 1:24750b9ad5ef 3945
Christopher Haster 1:24750b9ad5ef 3946 /* Silently ignore: fetch new message */
Christopher Haster 1:24750b9ad5ef 3947 goto read_record_header;
Christopher Haster 1:24750b9ad5ef 3948 }
Christopher Haster 1:24750b9ad5ef 3949
Christopher Haster 1:24750b9ad5ef 3950 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) );
Christopher Haster 1:24750b9ad5ef 3951
Christopher Haster 1:24750b9ad5ef 3952 return( 0 );
Christopher Haster 1:24750b9ad5ef 3953 }
Christopher Haster 1:24750b9ad5ef 3954
Christopher Haster 1:24750b9ad5ef 3955 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 3956 {
Christopher Haster 1:24750b9ad5ef 3957 int ret;
Christopher Haster 1:24750b9ad5ef 3958
Christopher Haster 1:24750b9ad5ef 3959 if( ( ret = mbedtls_ssl_send_alert_message( ssl,
Christopher Haster 1:24750b9ad5ef 3960 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
Christopher Haster 1:24750b9ad5ef 3961 MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3962 {
Christopher Haster 1:24750b9ad5ef 3963 return( ret );
Christopher Haster 1:24750b9ad5ef 3964 }
Christopher Haster 1:24750b9ad5ef 3965
Christopher Haster 1:24750b9ad5ef 3966 return( 0 );
Christopher Haster 1:24750b9ad5ef 3967 }
Christopher Haster 1:24750b9ad5ef 3968
Christopher Haster 1:24750b9ad5ef 3969 int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 3970 unsigned char level,
Christopher Haster 1:24750b9ad5ef 3971 unsigned char message )
Christopher Haster 1:24750b9ad5ef 3972 {
Christopher Haster 1:24750b9ad5ef 3973 int ret;
Christopher Haster 1:24750b9ad5ef 3974
Christopher Haster 1:24750b9ad5ef 3975 if( ssl == NULL || ssl->conf == NULL )
Christopher Haster 1:24750b9ad5ef 3976 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 3977
Christopher Haster 1:24750b9ad5ef 3978 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
Christopher Haster 1:24750b9ad5ef 3979
Christopher Haster 1:24750b9ad5ef 3980 ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
Christopher Haster 1:24750b9ad5ef 3981 ssl->out_msglen = 2;
Christopher Haster 1:24750b9ad5ef 3982 ssl->out_msg[0] = level;
Christopher Haster 1:24750b9ad5ef 3983 ssl->out_msg[1] = message;
Christopher Haster 1:24750b9ad5ef 3984
Christopher Haster 1:24750b9ad5ef 3985 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 3986 {
Christopher Haster 1:24750b9ad5ef 3987 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
Christopher Haster 1:24750b9ad5ef 3988 return( ret );
Christopher Haster 1:24750b9ad5ef 3989 }
Christopher Haster 1:24750b9ad5ef 3990
Christopher Haster 1:24750b9ad5ef 3991 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) );
Christopher Haster 1:24750b9ad5ef 3992
Christopher Haster 1:24750b9ad5ef 3993 return( 0 );
Christopher Haster 1:24750b9ad5ef 3994 }
Christopher Haster 1:24750b9ad5ef 3995
Christopher Haster 1:24750b9ad5ef 3996 /*
Christopher Haster 1:24750b9ad5ef 3997 * Handshake functions
Christopher Haster 1:24750b9ad5ef 3998 */
Christopher Haster 1:24750b9ad5ef 3999 #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
Christopher Haster 1:24750b9ad5ef 4000 !defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
Christopher Haster 1:24750b9ad5ef 4001 !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
Christopher Haster 1:24750b9ad5ef 4002 !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
Christopher Haster 1:24750b9ad5ef 4003 !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
Christopher Haster 1:24750b9ad5ef 4004 !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
Christopher Haster 1:24750b9ad5ef 4005 !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
Christopher Haster 1:24750b9ad5ef 4006 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 4007 {
Christopher Haster 1:24750b9ad5ef 4008 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
Christopher Haster 1:24750b9ad5ef 4009
Christopher Haster 1:24750b9ad5ef 4010 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
Christopher Haster 1:24750b9ad5ef 4011
Christopher Haster 1:24750b9ad5ef 4012 if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
Christopher Haster 1:24750b9ad5ef 4013 ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
Christopher Haster 1:24750b9ad5ef 4014 ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
Christopher Haster 1:24750b9ad5ef 4015 ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
Christopher Haster 1:24750b9ad5ef 4016 {
Christopher Haster 1:24750b9ad5ef 4017 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
Christopher Haster 1:24750b9ad5ef 4018 ssl->state++;
Christopher Haster 1:24750b9ad5ef 4019 return( 0 );
Christopher Haster 1:24750b9ad5ef 4020 }
Christopher Haster 1:24750b9ad5ef 4021
Christopher Haster 1:24750b9ad5ef 4022 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 4023 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 4024 }
Christopher Haster 1:24750b9ad5ef 4025
Christopher Haster 1:24750b9ad5ef 4026 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 4027 {
Christopher Haster 1:24750b9ad5ef 4028 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
Christopher Haster 1:24750b9ad5ef 4029
Christopher Haster 1:24750b9ad5ef 4030 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
Christopher Haster 1:24750b9ad5ef 4031
Christopher Haster 1:24750b9ad5ef 4032 if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
Christopher Haster 1:24750b9ad5ef 4033 ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
Christopher Haster 1:24750b9ad5ef 4034 ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
Christopher Haster 1:24750b9ad5ef 4035 ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
Christopher Haster 1:24750b9ad5ef 4036 {
Christopher Haster 1:24750b9ad5ef 4037 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
Christopher Haster 1:24750b9ad5ef 4038 ssl->state++;
Christopher Haster 1:24750b9ad5ef 4039 return( 0 );
Christopher Haster 1:24750b9ad5ef 4040 }
Christopher Haster 1:24750b9ad5ef 4041
Christopher Haster 1:24750b9ad5ef 4042 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 4043 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 4044 }
Christopher Haster 1:24750b9ad5ef 4045 #else
Christopher Haster 1:24750b9ad5ef 4046 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 4047 {
Christopher Haster 1:24750b9ad5ef 4048 int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
Christopher Haster 1:24750b9ad5ef 4049 size_t i, n;
Christopher Haster 1:24750b9ad5ef 4050 const mbedtls_x509_crt *crt;
Christopher Haster 1:24750b9ad5ef 4051 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
Christopher Haster 1:24750b9ad5ef 4052
Christopher Haster 1:24750b9ad5ef 4053 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
Christopher Haster 1:24750b9ad5ef 4054
Christopher Haster 1:24750b9ad5ef 4055 if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
Christopher Haster 1:24750b9ad5ef 4056 ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
Christopher Haster 1:24750b9ad5ef 4057 ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
Christopher Haster 1:24750b9ad5ef 4058 ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
Christopher Haster 1:24750b9ad5ef 4059 {
Christopher Haster 1:24750b9ad5ef 4060 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
Christopher Haster 1:24750b9ad5ef 4061 ssl->state++;
Christopher Haster 1:24750b9ad5ef 4062 return( 0 );
Christopher Haster 1:24750b9ad5ef 4063 }
Christopher Haster 1:24750b9ad5ef 4064
Christopher Haster 1:24750b9ad5ef 4065 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 4066 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
Christopher Haster 1:24750b9ad5ef 4067 {
Christopher Haster 1:24750b9ad5ef 4068 if( ssl->client_auth == 0 )
Christopher Haster 1:24750b9ad5ef 4069 {
Christopher Haster 1:24750b9ad5ef 4070 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
Christopher Haster 1:24750b9ad5ef 4071 ssl->state++;
Christopher Haster 1:24750b9ad5ef 4072 return( 0 );
Christopher Haster 1:24750b9ad5ef 4073 }
Christopher Haster 1:24750b9ad5ef 4074
Christopher Haster 1:24750b9ad5ef 4075 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 4076 /*
Christopher Haster 1:24750b9ad5ef 4077 * If using SSLv3 and got no cert, send an Alert message
Christopher Haster 1:24750b9ad5ef 4078 * (otherwise an empty Certificate message will be sent).
Christopher Haster 1:24750b9ad5ef 4079 */
Christopher Haster 1:24750b9ad5ef 4080 if( mbedtls_ssl_own_cert( ssl ) == NULL &&
Christopher Haster 1:24750b9ad5ef 4081 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
Christopher Haster 1:24750b9ad5ef 4082 {
Christopher Haster 1:24750b9ad5ef 4083 ssl->out_msglen = 2;
Christopher Haster 1:24750b9ad5ef 4084 ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
Christopher Haster 1:24750b9ad5ef 4085 ssl->out_msg[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING;
Christopher Haster 1:24750b9ad5ef 4086 ssl->out_msg[1] = MBEDTLS_SSL_ALERT_MSG_NO_CERT;
Christopher Haster 1:24750b9ad5ef 4087
Christopher Haster 1:24750b9ad5ef 4088 MBEDTLS_SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) );
Christopher Haster 1:24750b9ad5ef 4089 goto write_msg;
Christopher Haster 1:24750b9ad5ef 4090 }
Christopher Haster 1:24750b9ad5ef 4091 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
Christopher Haster 1:24750b9ad5ef 4092 }
Christopher Haster 1:24750b9ad5ef 4093 #endif /* MBEDTLS_SSL_CLI_C */
Christopher Haster 1:24750b9ad5ef 4094 #if defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 4095 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
Christopher Haster 1:24750b9ad5ef 4096 {
Christopher Haster 1:24750b9ad5ef 4097 if( mbedtls_ssl_own_cert( ssl ) == NULL )
Christopher Haster 1:24750b9ad5ef 4098 {
Christopher Haster 1:24750b9ad5ef 4099 MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
Christopher Haster 1:24750b9ad5ef 4100 return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED );
Christopher Haster 1:24750b9ad5ef 4101 }
Christopher Haster 1:24750b9ad5ef 4102 }
Christopher Haster 1:24750b9ad5ef 4103 #endif
Christopher Haster 1:24750b9ad5ef 4104
Christopher Haster 1:24750b9ad5ef 4105 MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) );
Christopher Haster 1:24750b9ad5ef 4106
Christopher Haster 1:24750b9ad5ef 4107 /*
Christopher Haster 1:24750b9ad5ef 4108 * 0 . 0 handshake type
Christopher Haster 1:24750b9ad5ef 4109 * 1 . 3 handshake length
Christopher Haster 1:24750b9ad5ef 4110 * 4 . 6 length of all certs
Christopher Haster 1:24750b9ad5ef 4111 * 7 . 9 length of cert. 1
Christopher Haster 1:24750b9ad5ef 4112 * 10 . n-1 peer certificate
Christopher Haster 1:24750b9ad5ef 4113 * n . n+2 length of cert. 2
Christopher Haster 1:24750b9ad5ef 4114 * n+3 . ... upper level cert, etc.
Christopher Haster 1:24750b9ad5ef 4115 */
Christopher Haster 1:24750b9ad5ef 4116 i = 7;
Christopher Haster 1:24750b9ad5ef 4117 crt = mbedtls_ssl_own_cert( ssl );
Christopher Haster 1:24750b9ad5ef 4118
Christopher Haster 1:24750b9ad5ef 4119 while( crt != NULL )
Christopher Haster 1:24750b9ad5ef 4120 {
Christopher Haster 1:24750b9ad5ef 4121 n = crt->raw.len;
Christopher Haster 1:24750b9ad5ef 4122 if( n > MBEDTLS_SSL_MAX_CONTENT_LEN - 3 - i )
Christopher Haster 1:24750b9ad5ef 4123 {
Christopher Haster 1:24750b9ad5ef 4124 MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
Christopher Haster 1:24750b9ad5ef 4125 i + 3 + n, MBEDTLS_SSL_MAX_CONTENT_LEN ) );
Christopher Haster 1:24750b9ad5ef 4126 return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
Christopher Haster 1:24750b9ad5ef 4127 }
Christopher Haster 1:24750b9ad5ef 4128
Christopher Haster 1:24750b9ad5ef 4129 ssl->out_msg[i ] = (unsigned char)( n >> 16 );
Christopher Haster 1:24750b9ad5ef 4130 ssl->out_msg[i + 1] = (unsigned char)( n >> 8 );
Christopher Haster 1:24750b9ad5ef 4131 ssl->out_msg[i + 2] = (unsigned char)( n );
Christopher Haster 1:24750b9ad5ef 4132
Christopher Haster 1:24750b9ad5ef 4133 i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
Christopher Haster 1:24750b9ad5ef 4134 i += n; crt = crt->next;
Christopher Haster 1:24750b9ad5ef 4135 }
Christopher Haster 1:24750b9ad5ef 4136
Christopher Haster 1:24750b9ad5ef 4137 ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 );
Christopher Haster 1:24750b9ad5ef 4138 ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 );
Christopher Haster 1:24750b9ad5ef 4139 ssl->out_msg[6] = (unsigned char)( ( i - 7 ) );
Christopher Haster 1:24750b9ad5ef 4140
Christopher Haster 1:24750b9ad5ef 4141 ssl->out_msglen = i;
Christopher Haster 1:24750b9ad5ef 4142 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
Christopher Haster 1:24750b9ad5ef 4143 ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE;
Christopher Haster 1:24750b9ad5ef 4144
Christopher Haster 1:24750b9ad5ef 4145 #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 4146 write_msg:
Christopher Haster 1:24750b9ad5ef 4147 #endif
Christopher Haster 1:24750b9ad5ef 4148
Christopher Haster 1:24750b9ad5ef 4149 ssl->state++;
Christopher Haster 1:24750b9ad5ef 4150
Christopher Haster 1:24750b9ad5ef 4151 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 4152 {
Christopher Haster 1:24750b9ad5ef 4153 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
Christopher Haster 1:24750b9ad5ef 4154 return( ret );
Christopher Haster 1:24750b9ad5ef 4155 }
Christopher Haster 1:24750b9ad5ef 4156
Christopher Haster 1:24750b9ad5ef 4157 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
Christopher Haster 1:24750b9ad5ef 4158
Christopher Haster 1:24750b9ad5ef 4159 return( ret );
Christopher Haster 1:24750b9ad5ef 4160 }
Christopher Haster 1:24750b9ad5ef 4161
Christopher Haster 1:24750b9ad5ef 4162 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 4163 {
Christopher Haster 1:24750b9ad5ef 4164 int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
Christopher Haster 1:24750b9ad5ef 4165 size_t i, n;
Christopher Haster 1:24750b9ad5ef 4166 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
Christopher Haster 1:24750b9ad5ef 4167 int authmode = ssl->conf->authmode;
Christopher Haster 1:24750b9ad5ef 4168
Christopher Haster 1:24750b9ad5ef 4169 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
Christopher Haster 1:24750b9ad5ef 4170
Christopher Haster 1:24750b9ad5ef 4171 if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
Christopher Haster 1:24750b9ad5ef 4172 ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
Christopher Haster 1:24750b9ad5ef 4173 ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
Christopher Haster 1:24750b9ad5ef 4174 ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
Christopher Haster 1:24750b9ad5ef 4175 {
Christopher Haster 1:24750b9ad5ef 4176 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
Christopher Haster 1:24750b9ad5ef 4177 ssl->state++;
Christopher Haster 1:24750b9ad5ef 4178 return( 0 );
Christopher Haster 1:24750b9ad5ef 4179 }
Christopher Haster 1:24750b9ad5ef 4180
Christopher Haster 1:24750b9ad5ef 4181 #if defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 4182 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
Christopher Haster 1:24750b9ad5ef 4183 ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
Christopher Haster 1:24750b9ad5ef 4184 {
Christopher Haster 1:24750b9ad5ef 4185 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
Christopher Haster 1:24750b9ad5ef 4186 ssl->state++;
Christopher Haster 1:24750b9ad5ef 4187 return( 0 );
Christopher Haster 1:24750b9ad5ef 4188 }
Christopher Haster 1:24750b9ad5ef 4189
Christopher Haster 1:24750b9ad5ef 4190 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
Christopher Haster 1:24750b9ad5ef 4191 if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
Christopher Haster 1:24750b9ad5ef 4192 authmode = ssl->handshake->sni_authmode;
Christopher Haster 1:24750b9ad5ef 4193 #endif
Christopher Haster 1:24750b9ad5ef 4194
Christopher Haster 1:24750b9ad5ef 4195 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
Christopher Haster 1:24750b9ad5ef 4196 authmode == MBEDTLS_SSL_VERIFY_NONE )
Christopher Haster 1:24750b9ad5ef 4197 {
Christopher Haster 1:24750b9ad5ef 4198 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
Christopher Haster 1:24750b9ad5ef 4199 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
Christopher Haster 1:24750b9ad5ef 4200 ssl->state++;
Christopher Haster 1:24750b9ad5ef 4201 return( 0 );
Christopher Haster 1:24750b9ad5ef 4202 }
Christopher Haster 1:24750b9ad5ef 4203 #endif
Christopher Haster 1:24750b9ad5ef 4204
Christopher Haster 1:24750b9ad5ef 4205 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 4206 {
Christopher Haster 1:24750b9ad5ef 4207 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
Christopher Haster 1:24750b9ad5ef 4208 return( ret );
Christopher Haster 1:24750b9ad5ef 4209 }
Christopher Haster 1:24750b9ad5ef 4210
Christopher Haster 1:24750b9ad5ef 4211 ssl->state++;
Christopher Haster 1:24750b9ad5ef 4212
Christopher Haster 1:24750b9ad5ef 4213 #if defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 4214 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 4215 /*
Christopher Haster 1:24750b9ad5ef 4216 * Check if the client sent an empty certificate
Christopher Haster 1:24750b9ad5ef 4217 */
Christopher Haster 1:24750b9ad5ef 4218 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
Christopher Haster 1:24750b9ad5ef 4219 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
Christopher Haster 1:24750b9ad5ef 4220 {
Christopher Haster 1:24750b9ad5ef 4221 if( ssl->in_msglen == 2 &&
Christopher Haster 1:24750b9ad5ef 4222 ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT &&
Christopher Haster 1:24750b9ad5ef 4223 ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
Christopher Haster 1:24750b9ad5ef 4224 ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
Christopher Haster 1:24750b9ad5ef 4225 {
Christopher Haster 1:24750b9ad5ef 4226 MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
Christopher Haster 1:24750b9ad5ef 4227
Christopher Haster 1:24750b9ad5ef 4228 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
Christopher Haster 1:24750b9ad5ef 4229 if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
Christopher Haster 1:24750b9ad5ef 4230 return( 0 );
Christopher Haster 1:24750b9ad5ef 4231 else
Christopher Haster 1:24750b9ad5ef 4232 return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
Christopher Haster 1:24750b9ad5ef 4233 }
Christopher Haster 1:24750b9ad5ef 4234 }
Christopher Haster 1:24750b9ad5ef 4235 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
Christopher Haster 1:24750b9ad5ef 4236
Christopher Haster 1:24750b9ad5ef 4237 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
Christopher Haster 1:24750b9ad5ef 4238 defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 4239 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
Christopher Haster 1:24750b9ad5ef 4240 ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
Christopher Haster 1:24750b9ad5ef 4241 {
Christopher Haster 1:24750b9ad5ef 4242 if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
Christopher Haster 1:24750b9ad5ef 4243 ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
Christopher Haster 1:24750b9ad5ef 4244 ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
Christopher Haster 1:24750b9ad5ef 4245 memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
Christopher Haster 1:24750b9ad5ef 4246 {
Christopher Haster 1:24750b9ad5ef 4247 MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
Christopher Haster 1:24750b9ad5ef 4248
Christopher Haster 1:24750b9ad5ef 4249 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
Christopher Haster 1:24750b9ad5ef 4250 if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
Christopher Haster 1:24750b9ad5ef 4251 return( 0 );
Christopher Haster 1:24750b9ad5ef 4252 else
Christopher Haster 1:24750b9ad5ef 4253 return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
Christopher Haster 1:24750b9ad5ef 4254 }
Christopher Haster 1:24750b9ad5ef 4255 }
Christopher Haster 1:24750b9ad5ef 4256 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
Christopher Haster 1:24750b9ad5ef 4257 MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 4258 #endif /* MBEDTLS_SSL_SRV_C */
Christopher Haster 1:24750b9ad5ef 4259
Christopher Haster 1:24750b9ad5ef 4260 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
Christopher Haster 1:24750b9ad5ef 4261 {
Christopher Haster 1:24750b9ad5ef 4262 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
Christopher Haster 1:24750b9ad5ef 4263 return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
Christopher Haster 1:24750b9ad5ef 4264 }
Christopher Haster 1:24750b9ad5ef 4265
Christopher Haster 1:24750b9ad5ef 4266 if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE ||
Christopher Haster 1:24750b9ad5ef 4267 ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 )
Christopher Haster 1:24750b9ad5ef 4268 {
Christopher Haster 1:24750b9ad5ef 4269 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
Christopher Haster 1:24750b9ad5ef 4270 return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
Christopher Haster 1:24750b9ad5ef 4271 }
Christopher Haster 1:24750b9ad5ef 4272
Christopher Haster 1:24750b9ad5ef 4273 i = mbedtls_ssl_hs_hdr_len( ssl );
Christopher Haster 1:24750b9ad5ef 4274
Christopher Haster 1:24750b9ad5ef 4275 /*
Christopher Haster 1:24750b9ad5ef 4276 * Same message structure as in mbedtls_ssl_write_certificate()
Christopher Haster 1:24750b9ad5ef 4277 */
Christopher Haster 1:24750b9ad5ef 4278 n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2];
Christopher Haster 1:24750b9ad5ef 4279
Christopher Haster 1:24750b9ad5ef 4280 if( ssl->in_msg[i] != 0 ||
Christopher Haster 1:24750b9ad5ef 4281 ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) )
Christopher Haster 1:24750b9ad5ef 4282 {
Christopher Haster 1:24750b9ad5ef 4283 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
Christopher Haster 1:24750b9ad5ef 4284 return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
Christopher Haster 1:24750b9ad5ef 4285 }
Christopher Haster 1:24750b9ad5ef 4286
Christopher Haster 1:24750b9ad5ef 4287 /* In case we tried to reuse a session but it failed */
Christopher Haster 1:24750b9ad5ef 4288 if( ssl->session_negotiate->peer_cert != NULL )
Christopher Haster 1:24750b9ad5ef 4289 {
Christopher Haster 1:24750b9ad5ef 4290 mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
Christopher Haster 1:24750b9ad5ef 4291 mbedtls_free( ssl->session_negotiate->peer_cert );
Christopher Haster 1:24750b9ad5ef 4292 }
Christopher Haster 1:24750b9ad5ef 4293
Christopher Haster 1:24750b9ad5ef 4294 if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1,
Christopher Haster 1:24750b9ad5ef 4295 sizeof( mbedtls_x509_crt ) ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 4296 {
Christopher Haster 1:24750b9ad5ef 4297 MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
Christopher Haster 1:24750b9ad5ef 4298 sizeof( mbedtls_x509_crt ) ) );
Christopher Haster 1:24750b9ad5ef 4299 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 4300 }
Christopher Haster 1:24750b9ad5ef 4301
Christopher Haster 1:24750b9ad5ef 4302 mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
Christopher Haster 1:24750b9ad5ef 4303
Christopher Haster 1:24750b9ad5ef 4304 i += 3;
Christopher Haster 1:24750b9ad5ef 4305
Christopher Haster 1:24750b9ad5ef 4306 while( i < ssl->in_hslen )
Christopher Haster 1:24750b9ad5ef 4307 {
Christopher Haster 1:24750b9ad5ef 4308 if( ssl->in_msg[i] != 0 )
Christopher Haster 1:24750b9ad5ef 4309 {
Christopher Haster 1:24750b9ad5ef 4310 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
Christopher Haster 1:24750b9ad5ef 4311 return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
Christopher Haster 1:24750b9ad5ef 4312 }
Christopher Haster 1:24750b9ad5ef 4313
Christopher Haster 1:24750b9ad5ef 4314 n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
Christopher Haster 1:24750b9ad5ef 4315 | (unsigned int) ssl->in_msg[i + 2];
Christopher Haster 1:24750b9ad5ef 4316 i += 3;
Christopher Haster 1:24750b9ad5ef 4317
Christopher Haster 1:24750b9ad5ef 4318 if( n < 128 || i + n > ssl->in_hslen )
Christopher Haster 1:24750b9ad5ef 4319 {
Christopher Haster 1:24750b9ad5ef 4320 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
Christopher Haster 1:24750b9ad5ef 4321 return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
Christopher Haster 1:24750b9ad5ef 4322 }
Christopher Haster 1:24750b9ad5ef 4323
Christopher Haster 1:24750b9ad5ef 4324 ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
Christopher Haster 1:24750b9ad5ef 4325 ssl->in_msg + i, n );
Christopher Haster 1:24750b9ad5ef 4326 if( ret != 0 )
Christopher Haster 1:24750b9ad5ef 4327 {
Christopher Haster 1:24750b9ad5ef 4328 MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
Christopher Haster 1:24750b9ad5ef 4329 return( ret );
Christopher Haster 1:24750b9ad5ef 4330 }
Christopher Haster 1:24750b9ad5ef 4331
Christopher Haster 1:24750b9ad5ef 4332 i += n;
Christopher Haster 1:24750b9ad5ef 4333 }
Christopher Haster 1:24750b9ad5ef 4334
Christopher Haster 1:24750b9ad5ef 4335 MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
Christopher Haster 1:24750b9ad5ef 4336
Christopher Haster 1:24750b9ad5ef 4337 /*
Christopher Haster 1:24750b9ad5ef 4338 * On client, make sure the server cert doesn't change during renego to
Christopher Haster 1:24750b9ad5ef 4339 * avoid "triple handshake" attack: https://secure-resumption.com/
Christopher Haster 1:24750b9ad5ef 4340 */
Christopher Haster 1:24750b9ad5ef 4341 #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 4342 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
Christopher Haster 1:24750b9ad5ef 4343 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
Christopher Haster 1:24750b9ad5ef 4344 {
Christopher Haster 1:24750b9ad5ef 4345 if( ssl->session->peer_cert == NULL )
Christopher Haster 1:24750b9ad5ef 4346 {
Christopher Haster 1:24750b9ad5ef 4347 MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
Christopher Haster 1:24750b9ad5ef 4348 return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
Christopher Haster 1:24750b9ad5ef 4349 }
Christopher Haster 1:24750b9ad5ef 4350
Christopher Haster 1:24750b9ad5ef 4351 if( ssl->session->peer_cert->raw.len !=
Christopher Haster 1:24750b9ad5ef 4352 ssl->session_negotiate->peer_cert->raw.len ||
Christopher Haster 1:24750b9ad5ef 4353 memcmp( ssl->session->peer_cert->raw.p,
Christopher Haster 1:24750b9ad5ef 4354 ssl->session_negotiate->peer_cert->raw.p,
Christopher Haster 1:24750b9ad5ef 4355 ssl->session->peer_cert->raw.len ) != 0 )
Christopher Haster 1:24750b9ad5ef 4356 {
Christopher Haster 1:24750b9ad5ef 4357 MBEDTLS_SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) );
Christopher Haster 1:24750b9ad5ef 4358 return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
Christopher Haster 1:24750b9ad5ef 4359 }
Christopher Haster 1:24750b9ad5ef 4360 }
Christopher Haster 1:24750b9ad5ef 4361 #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
Christopher Haster 1:24750b9ad5ef 4362
Christopher Haster 1:24750b9ad5ef 4363 if( authmode != MBEDTLS_SSL_VERIFY_NONE )
Christopher Haster 1:24750b9ad5ef 4364 {
Christopher Haster 1:24750b9ad5ef 4365 mbedtls_x509_crt *ca_chain;
Christopher Haster 1:24750b9ad5ef 4366 mbedtls_x509_crl *ca_crl;
Christopher Haster 1:24750b9ad5ef 4367
Christopher Haster 1:24750b9ad5ef 4368 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
Christopher Haster 1:24750b9ad5ef 4369 if( ssl->handshake->sni_ca_chain != NULL )
Christopher Haster 1:24750b9ad5ef 4370 {
Christopher Haster 1:24750b9ad5ef 4371 ca_chain = ssl->handshake->sni_ca_chain;
Christopher Haster 1:24750b9ad5ef 4372 ca_crl = ssl->handshake->sni_ca_crl;
Christopher Haster 1:24750b9ad5ef 4373 }
Christopher Haster 1:24750b9ad5ef 4374 else
Christopher Haster 1:24750b9ad5ef 4375 #endif
Christopher Haster 1:24750b9ad5ef 4376 {
Christopher Haster 1:24750b9ad5ef 4377 ca_chain = ssl->conf->ca_chain;
Christopher Haster 1:24750b9ad5ef 4378 ca_crl = ssl->conf->ca_crl;
Christopher Haster 1:24750b9ad5ef 4379 }
Christopher Haster 1:24750b9ad5ef 4380
Christopher Haster 1:24750b9ad5ef 4381 if( ca_chain == NULL )
Christopher Haster 1:24750b9ad5ef 4382 {
Christopher Haster 1:24750b9ad5ef 4383 MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
Christopher Haster 1:24750b9ad5ef 4384 return( MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED );
Christopher Haster 1:24750b9ad5ef 4385 }
Christopher Haster 1:24750b9ad5ef 4386
Christopher Haster 1:24750b9ad5ef 4387 /*
Christopher Haster 1:24750b9ad5ef 4388 * Main check: verify certificate
Christopher Haster 1:24750b9ad5ef 4389 */
Christopher Haster 1:24750b9ad5ef 4390 ret = mbedtls_x509_crt_verify_with_profile(
Christopher Haster 1:24750b9ad5ef 4391 ssl->session_negotiate->peer_cert,
Christopher Haster 1:24750b9ad5ef 4392 ca_chain, ca_crl,
Christopher Haster 1:24750b9ad5ef 4393 ssl->conf->cert_profile,
Christopher Haster 1:24750b9ad5ef 4394 ssl->hostname,
Christopher Haster 1:24750b9ad5ef 4395 &ssl->session_negotiate->verify_result,
Christopher Haster 1:24750b9ad5ef 4396 ssl->conf->f_vrfy, ssl->conf->p_vrfy );
Christopher Haster 1:24750b9ad5ef 4397
Christopher Haster 1:24750b9ad5ef 4398 if( ret != 0 )
Christopher Haster 1:24750b9ad5ef 4399 {
Christopher Haster 1:24750b9ad5ef 4400 MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
Christopher Haster 1:24750b9ad5ef 4401 }
Christopher Haster 1:24750b9ad5ef 4402
Christopher Haster 1:24750b9ad5ef 4403 /*
Christopher Haster 1:24750b9ad5ef 4404 * Secondary checks: always done, but change 'ret' only if it was 0
Christopher Haster 1:24750b9ad5ef 4405 */
Christopher Haster 1:24750b9ad5ef 4406
Christopher Haster 1:24750b9ad5ef 4407 #if defined(MBEDTLS_ECP_C)
Christopher Haster 1:24750b9ad5ef 4408 {
Christopher Haster 1:24750b9ad5ef 4409 const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk;
Christopher Haster 1:24750b9ad5ef 4410
Christopher Haster 1:24750b9ad5ef 4411 /* If certificate uses an EC key, make sure the curve is OK */
Christopher Haster 1:24750b9ad5ef 4412 if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
Christopher Haster 1:24750b9ad5ef 4413 mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
Christopher Haster 1:24750b9ad5ef 4414 {
Christopher Haster 1:24750b9ad5ef 4415 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
Christopher Haster 1:24750b9ad5ef 4416 if( ret == 0 )
Christopher Haster 1:24750b9ad5ef 4417 ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
Christopher Haster 1:24750b9ad5ef 4418 }
Christopher Haster 1:24750b9ad5ef 4419 }
Christopher Haster 1:24750b9ad5ef 4420 #endif /* MBEDTLS_ECP_C */
Christopher Haster 1:24750b9ad5ef 4421
Christopher Haster 1:24750b9ad5ef 4422 if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
Christopher Haster 1:24750b9ad5ef 4423 ciphersuite_info,
Christopher Haster 1:24750b9ad5ef 4424 ! ssl->conf->endpoint,
Christopher Haster 1:24750b9ad5ef 4425 &ssl->session_negotiate->verify_result ) != 0 )
Christopher Haster 1:24750b9ad5ef 4426 {
Christopher Haster 1:24750b9ad5ef 4427 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
Christopher Haster 1:24750b9ad5ef 4428 if( ret == 0 )
Christopher Haster 1:24750b9ad5ef 4429 ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
Christopher Haster 1:24750b9ad5ef 4430 }
Christopher Haster 1:24750b9ad5ef 4431
Christopher Haster 1:24750b9ad5ef 4432 if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
Christopher Haster 1:24750b9ad5ef 4433 ret = 0;
Christopher Haster 1:24750b9ad5ef 4434 }
Christopher Haster 1:24750b9ad5ef 4435
Christopher Haster 1:24750b9ad5ef 4436 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
Christopher Haster 1:24750b9ad5ef 4437
Christopher Haster 1:24750b9ad5ef 4438 return( ret );
Christopher Haster 1:24750b9ad5ef 4439 }
Christopher Haster 1:24750b9ad5ef 4440 #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
Christopher Haster 1:24750b9ad5ef 4441 !MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
Christopher Haster 1:24750b9ad5ef 4442 !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
Christopher Haster 1:24750b9ad5ef 4443 !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Christopher Haster 1:24750b9ad5ef 4444 !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Christopher Haster 1:24750b9ad5ef 4445 !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
Christopher Haster 1:24750b9ad5ef 4446 !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
Christopher Haster 1:24750b9ad5ef 4447
Christopher Haster 1:24750b9ad5ef 4448 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 4449 {
Christopher Haster 1:24750b9ad5ef 4450 int ret;
Christopher Haster 1:24750b9ad5ef 4451
Christopher Haster 1:24750b9ad5ef 4452 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
Christopher Haster 1:24750b9ad5ef 4453
Christopher Haster 1:24750b9ad5ef 4454 ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
Christopher Haster 1:24750b9ad5ef 4455 ssl->out_msglen = 1;
Christopher Haster 1:24750b9ad5ef 4456 ssl->out_msg[0] = 1;
Christopher Haster 1:24750b9ad5ef 4457
Christopher Haster 1:24750b9ad5ef 4458 ssl->state++;
Christopher Haster 1:24750b9ad5ef 4459
Christopher Haster 1:24750b9ad5ef 4460 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 4461 {
Christopher Haster 1:24750b9ad5ef 4462 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
Christopher Haster 1:24750b9ad5ef 4463 return( ret );
Christopher Haster 1:24750b9ad5ef 4464 }
Christopher Haster 1:24750b9ad5ef 4465
Christopher Haster 1:24750b9ad5ef 4466 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
Christopher Haster 1:24750b9ad5ef 4467
Christopher Haster 1:24750b9ad5ef 4468 return( 0 );
Christopher Haster 1:24750b9ad5ef 4469 }
Christopher Haster 1:24750b9ad5ef 4470
Christopher Haster 1:24750b9ad5ef 4471 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 4472 {
Christopher Haster 1:24750b9ad5ef 4473 int ret;
Christopher Haster 1:24750b9ad5ef 4474
Christopher Haster 1:24750b9ad5ef 4475 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
Christopher Haster 1:24750b9ad5ef 4476
Christopher Haster 1:24750b9ad5ef 4477 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 4478 {
Christopher Haster 1:24750b9ad5ef 4479 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
Christopher Haster 1:24750b9ad5ef 4480 return( ret );
Christopher Haster 1:24750b9ad5ef 4481 }
Christopher Haster 1:24750b9ad5ef 4482
Christopher Haster 1:24750b9ad5ef 4483 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
Christopher Haster 1:24750b9ad5ef 4484 {
Christopher Haster 1:24750b9ad5ef 4485 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
Christopher Haster 1:24750b9ad5ef 4486 return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
Christopher Haster 1:24750b9ad5ef 4487 }
Christopher Haster 1:24750b9ad5ef 4488
Christopher Haster 1:24750b9ad5ef 4489 if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 )
Christopher Haster 1:24750b9ad5ef 4490 {
Christopher Haster 1:24750b9ad5ef 4491 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
Christopher Haster 1:24750b9ad5ef 4492 return( MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
Christopher Haster 1:24750b9ad5ef 4493 }
Christopher Haster 1:24750b9ad5ef 4494
Christopher Haster 1:24750b9ad5ef 4495 /*
Christopher Haster 1:24750b9ad5ef 4496 * Switch to our negotiated transform and session parameters for inbound
Christopher Haster 1:24750b9ad5ef 4497 * data.
Christopher Haster 1:24750b9ad5ef 4498 */
Christopher Haster 1:24750b9ad5ef 4499 MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
Christopher Haster 1:24750b9ad5ef 4500 ssl->transform_in = ssl->transform_negotiate;
Christopher Haster 1:24750b9ad5ef 4501 ssl->session_in = ssl->session_negotiate;
Christopher Haster 1:24750b9ad5ef 4502
Christopher Haster 1:24750b9ad5ef 4503 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 4504 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 4505 {
Christopher Haster 1:24750b9ad5ef 4506 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
Christopher Haster 1:24750b9ad5ef 4507 ssl_dtls_replay_reset( ssl );
Christopher Haster 1:24750b9ad5ef 4508 #endif
Christopher Haster 1:24750b9ad5ef 4509
Christopher Haster 1:24750b9ad5ef 4510 /* Increment epoch */
Christopher Haster 1:24750b9ad5ef 4511 if( ++ssl->in_epoch == 0 )
Christopher Haster 1:24750b9ad5ef 4512 {
Christopher Haster 1:24750b9ad5ef 4513 MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
Christopher Haster 1:24750b9ad5ef 4514 return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
Christopher Haster 1:24750b9ad5ef 4515 }
Christopher Haster 1:24750b9ad5ef 4516 }
Christopher Haster 1:24750b9ad5ef 4517 else
Christopher Haster 1:24750b9ad5ef 4518 #endif /* MBEDTLS_SSL_PROTO_DTLS */
Christopher Haster 1:24750b9ad5ef 4519 memset( ssl->in_ctr, 0, 8 );
Christopher Haster 1:24750b9ad5ef 4520
Christopher Haster 1:24750b9ad5ef 4521 /*
Christopher Haster 1:24750b9ad5ef 4522 * Set the in_msg pointer to the correct location based on IV length
Christopher Haster 1:24750b9ad5ef 4523 */
Christopher Haster 1:24750b9ad5ef 4524 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
Christopher Haster 1:24750b9ad5ef 4525 {
Christopher Haster 1:24750b9ad5ef 4526 ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen -
Christopher Haster 1:24750b9ad5ef 4527 ssl->transform_negotiate->fixed_ivlen;
Christopher Haster 1:24750b9ad5ef 4528 }
Christopher Haster 1:24750b9ad5ef 4529 else
Christopher Haster 1:24750b9ad5ef 4530 ssl->in_msg = ssl->in_iv;
Christopher Haster 1:24750b9ad5ef 4531
Christopher Haster 1:24750b9ad5ef 4532 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
Christopher Haster 1:24750b9ad5ef 4533 if( mbedtls_ssl_hw_record_activate != NULL )
Christopher Haster 1:24750b9ad5ef 4534 {
Christopher Haster 1:24750b9ad5ef 4535 if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 4536 {
Christopher Haster 1:24750b9ad5ef 4537 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
Christopher Haster 1:24750b9ad5ef 4538 return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
Christopher Haster 1:24750b9ad5ef 4539 }
Christopher Haster 1:24750b9ad5ef 4540 }
Christopher Haster 1:24750b9ad5ef 4541 #endif
Christopher Haster 1:24750b9ad5ef 4542
Christopher Haster 1:24750b9ad5ef 4543 ssl->state++;
Christopher Haster 1:24750b9ad5ef 4544
Christopher Haster 1:24750b9ad5ef 4545 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
Christopher Haster 1:24750b9ad5ef 4546
Christopher Haster 1:24750b9ad5ef 4547 return( 0 );
Christopher Haster 1:24750b9ad5ef 4548 }
Christopher Haster 1:24750b9ad5ef 4549
Christopher Haster 1:24750b9ad5ef 4550 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 4551 const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
Christopher Haster 1:24750b9ad5ef 4552 {
Christopher Haster 1:24750b9ad5ef 4553 ((void) ciphersuite_info);
Christopher Haster 1:24750b9ad5ef 4554
Christopher Haster 1:24750b9ad5ef 4555 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
Christopher Haster 1:24750b9ad5ef 4556 defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster 1:24750b9ad5ef 4557 if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
Christopher Haster 1:24750b9ad5ef 4558 ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
Christopher Haster 1:24750b9ad5ef 4559 else
Christopher Haster 1:24750b9ad5ef 4560 #endif
Christopher Haster 1:24750b9ad5ef 4561 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 4562 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 4563 if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
Christopher Haster 1:24750b9ad5ef 4564 ssl->handshake->update_checksum = ssl_update_checksum_sha384;
Christopher Haster 1:24750b9ad5ef 4565 else
Christopher Haster 1:24750b9ad5ef 4566 #endif
Christopher Haster 1:24750b9ad5ef 4567 #if defined(MBEDTLS_SHA256_C)
Christopher Haster 1:24750b9ad5ef 4568 if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 )
Christopher Haster 1:24750b9ad5ef 4569 ssl->handshake->update_checksum = ssl_update_checksum_sha256;
Christopher Haster 1:24750b9ad5ef 4570 else
Christopher Haster 1:24750b9ad5ef 4571 #endif
Christopher Haster 1:24750b9ad5ef 4572 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 4573 {
Christopher Haster 1:24750b9ad5ef 4574 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 4575 return;
Christopher Haster 1:24750b9ad5ef 4576 }
Christopher Haster 1:24750b9ad5ef 4577 }
Christopher Haster 1:24750b9ad5ef 4578
Christopher Haster 1:24750b9ad5ef 4579 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 4580 {
Christopher Haster 1:24750b9ad5ef 4581 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
Christopher Haster 1:24750b9ad5ef 4582 defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster 1:24750b9ad5ef 4583 mbedtls_md5_starts( &ssl->handshake->fin_md5 );
Christopher Haster 1:24750b9ad5ef 4584 mbedtls_sha1_starts( &ssl->handshake->fin_sha1 );
Christopher Haster 1:24750b9ad5ef 4585 #endif
Christopher Haster 1:24750b9ad5ef 4586 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 4587 #if defined(MBEDTLS_SHA256_C)
Christopher Haster 1:24750b9ad5ef 4588 mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
Christopher Haster 1:24750b9ad5ef 4589 #endif
Christopher Haster 1:24750b9ad5ef 4590 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 4591 mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 );
Christopher Haster 1:24750b9ad5ef 4592 #endif
Christopher Haster 1:24750b9ad5ef 4593 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 4594 }
Christopher Haster 1:24750b9ad5ef 4595
Christopher Haster 1:24750b9ad5ef 4596 static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 4597 const unsigned char *buf, size_t len )
Christopher Haster 1:24750b9ad5ef 4598 {
Christopher Haster 1:24750b9ad5ef 4599 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
Christopher Haster 1:24750b9ad5ef 4600 defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster 1:24750b9ad5ef 4601 mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len );
Christopher Haster 1:24750b9ad5ef 4602 mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len );
Christopher Haster 1:24750b9ad5ef 4603 #endif
Christopher Haster 1:24750b9ad5ef 4604 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 4605 #if defined(MBEDTLS_SHA256_C)
Christopher Haster 1:24750b9ad5ef 4606 mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
Christopher Haster 1:24750b9ad5ef 4607 #endif
Christopher Haster 1:24750b9ad5ef 4608 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 4609 mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
Christopher Haster 1:24750b9ad5ef 4610 #endif
Christopher Haster 1:24750b9ad5ef 4611 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 4612 }
Christopher Haster 1:24750b9ad5ef 4613
Christopher Haster 1:24750b9ad5ef 4614 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
Christopher Haster 1:24750b9ad5ef 4615 defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster 1:24750b9ad5ef 4616 static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 4617 const unsigned char *buf, size_t len )
Christopher Haster 1:24750b9ad5ef 4618 {
Christopher Haster 1:24750b9ad5ef 4619 mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len );
Christopher Haster 1:24750b9ad5ef 4620 mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len );
Christopher Haster 1:24750b9ad5ef 4621 }
Christopher Haster 1:24750b9ad5ef 4622 #endif
Christopher Haster 1:24750b9ad5ef 4623
Christopher Haster 1:24750b9ad5ef 4624 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 4625 #if defined(MBEDTLS_SHA256_C)
Christopher Haster 1:24750b9ad5ef 4626 static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 4627 const unsigned char *buf, size_t len )
Christopher Haster 1:24750b9ad5ef 4628 {
Christopher Haster 1:24750b9ad5ef 4629 mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
Christopher Haster 1:24750b9ad5ef 4630 }
Christopher Haster 1:24750b9ad5ef 4631 #endif
Christopher Haster 1:24750b9ad5ef 4632
Christopher Haster 1:24750b9ad5ef 4633 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 4634 static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 4635 const unsigned char *buf, size_t len )
Christopher Haster 1:24750b9ad5ef 4636 {
Christopher Haster 1:24750b9ad5ef 4637 mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
Christopher Haster 1:24750b9ad5ef 4638 }
Christopher Haster 1:24750b9ad5ef 4639 #endif
Christopher Haster 1:24750b9ad5ef 4640 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 4641
Christopher Haster 1:24750b9ad5ef 4642 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 4643 static void ssl_calc_finished_ssl(
Christopher Haster 1:24750b9ad5ef 4644 mbedtls_ssl_context *ssl, unsigned char *buf, int from )
Christopher Haster 1:24750b9ad5ef 4645 {
Christopher Haster 1:24750b9ad5ef 4646 const char *sender;
Christopher Haster 1:24750b9ad5ef 4647 mbedtls_md5_context md5;
Christopher Haster 1:24750b9ad5ef 4648 mbedtls_sha1_context sha1;
Christopher Haster 1:24750b9ad5ef 4649
Christopher Haster 1:24750b9ad5ef 4650 unsigned char padbuf[48];
Christopher Haster 1:24750b9ad5ef 4651 unsigned char md5sum[16];
Christopher Haster 1:24750b9ad5ef 4652 unsigned char sha1sum[20];
Christopher Haster 1:24750b9ad5ef 4653
Christopher Haster 1:24750b9ad5ef 4654 mbedtls_ssl_session *session = ssl->session_negotiate;
Christopher Haster 1:24750b9ad5ef 4655 if( !session )
Christopher Haster 1:24750b9ad5ef 4656 session = ssl->session;
Christopher Haster 1:24750b9ad5ef 4657
Christopher Haster 1:24750b9ad5ef 4658 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) );
Christopher Haster 1:24750b9ad5ef 4659
Christopher Haster 1:24750b9ad5ef 4660 mbedtls_md5_init( &md5 );
Christopher Haster 1:24750b9ad5ef 4661 mbedtls_sha1_init( &sha1 );
Christopher Haster 1:24750b9ad5ef 4662
Christopher Haster 1:24750b9ad5ef 4663 mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
Christopher Haster 1:24750b9ad5ef 4664 mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
Christopher Haster 1:24750b9ad5ef 4665
Christopher Haster 1:24750b9ad5ef 4666 /*
Christopher Haster 1:24750b9ad5ef 4667 * SSLv3:
Christopher Haster 1:24750b9ad5ef 4668 * hash =
Christopher Haster 1:24750b9ad5ef 4669 * MD5( master + pad2 +
Christopher Haster 1:24750b9ad5ef 4670 * MD5( handshake + sender + master + pad1 ) )
Christopher Haster 1:24750b9ad5ef 4671 * + SHA1( master + pad2 +
Christopher Haster 1:24750b9ad5ef 4672 * SHA1( handshake + sender + master + pad1 ) )
Christopher Haster 1:24750b9ad5ef 4673 */
Christopher Haster 1:24750b9ad5ef 4674
Christopher Haster 1:24750b9ad5ef 4675 #if !defined(MBEDTLS_MD5_ALT)
Christopher Haster 1:24750b9ad5ef 4676 MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
Christopher Haster 1:24750b9ad5ef 4677 md5.state, sizeof( md5.state ) );
Christopher Haster 1:24750b9ad5ef 4678 #endif
Christopher Haster 1:24750b9ad5ef 4679
Christopher Haster 1:24750b9ad5ef 4680 #if !defined(MBEDTLS_SHA1_ALT)
Christopher Haster 1:24750b9ad5ef 4681 MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
Christopher Haster 1:24750b9ad5ef 4682 sha1.state, sizeof( sha1.state ) );
Christopher Haster 1:24750b9ad5ef 4683 #endif
Christopher Haster 1:24750b9ad5ef 4684
Christopher Haster 1:24750b9ad5ef 4685 sender = ( from == MBEDTLS_SSL_IS_CLIENT ) ? "CLNT"
Christopher Haster 1:24750b9ad5ef 4686 : "SRVR";
Christopher Haster 1:24750b9ad5ef 4687
Christopher Haster 1:24750b9ad5ef 4688 memset( padbuf, 0x36, 48 );
Christopher Haster 1:24750b9ad5ef 4689
Christopher Haster 1:24750b9ad5ef 4690 mbedtls_md5_update( &md5, (const unsigned char *) sender, 4 );
Christopher Haster 1:24750b9ad5ef 4691 mbedtls_md5_update( &md5, session->master, 48 );
Christopher Haster 1:24750b9ad5ef 4692 mbedtls_md5_update( &md5, padbuf, 48 );
Christopher Haster 1:24750b9ad5ef 4693 mbedtls_md5_finish( &md5, md5sum );
Christopher Haster 1:24750b9ad5ef 4694
Christopher Haster 1:24750b9ad5ef 4695 mbedtls_sha1_update( &sha1, (const unsigned char *) sender, 4 );
Christopher Haster 1:24750b9ad5ef 4696 mbedtls_sha1_update( &sha1, session->master, 48 );
Christopher Haster 1:24750b9ad5ef 4697 mbedtls_sha1_update( &sha1, padbuf, 40 );
Christopher Haster 1:24750b9ad5ef 4698 mbedtls_sha1_finish( &sha1, sha1sum );
Christopher Haster 1:24750b9ad5ef 4699
Christopher Haster 1:24750b9ad5ef 4700 memset( padbuf, 0x5C, 48 );
Christopher Haster 1:24750b9ad5ef 4701
Christopher Haster 1:24750b9ad5ef 4702 mbedtls_md5_starts( &md5 );
Christopher Haster 1:24750b9ad5ef 4703 mbedtls_md5_update( &md5, session->master, 48 );
Christopher Haster 1:24750b9ad5ef 4704 mbedtls_md5_update( &md5, padbuf, 48 );
Christopher Haster 1:24750b9ad5ef 4705 mbedtls_md5_update( &md5, md5sum, 16 );
Christopher Haster 1:24750b9ad5ef 4706 mbedtls_md5_finish( &md5, buf );
Christopher Haster 1:24750b9ad5ef 4707
Christopher Haster 1:24750b9ad5ef 4708 mbedtls_sha1_starts( &sha1 );
Christopher Haster 1:24750b9ad5ef 4709 mbedtls_sha1_update( &sha1, session->master, 48 );
Christopher Haster 1:24750b9ad5ef 4710 mbedtls_sha1_update( &sha1, padbuf , 40 );
Christopher Haster 1:24750b9ad5ef 4711 mbedtls_sha1_update( &sha1, sha1sum, 20 );
Christopher Haster 1:24750b9ad5ef 4712 mbedtls_sha1_finish( &sha1, buf + 16 );
Christopher Haster 1:24750b9ad5ef 4713
Christopher Haster 1:24750b9ad5ef 4714 MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 );
Christopher Haster 1:24750b9ad5ef 4715
Christopher Haster 1:24750b9ad5ef 4716 mbedtls_md5_free( &md5 );
Christopher Haster 1:24750b9ad5ef 4717 mbedtls_sha1_free( &sha1 );
Christopher Haster 1:24750b9ad5ef 4718
Christopher Haster 1:24750b9ad5ef 4719 mbedtls_zeroize( padbuf, sizeof( padbuf ) );
Christopher Haster 1:24750b9ad5ef 4720 mbedtls_zeroize( md5sum, sizeof( md5sum ) );
Christopher Haster 1:24750b9ad5ef 4721 mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
Christopher Haster 1:24750b9ad5ef 4722
Christopher Haster 1:24750b9ad5ef 4723 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
Christopher Haster 1:24750b9ad5ef 4724 }
Christopher Haster 1:24750b9ad5ef 4725 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
Christopher Haster 1:24750b9ad5ef 4726
Christopher Haster 1:24750b9ad5ef 4727 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster 1:24750b9ad5ef 4728 static void ssl_calc_finished_tls(
Christopher Haster 1:24750b9ad5ef 4729 mbedtls_ssl_context *ssl, unsigned char *buf, int from )
Christopher Haster 1:24750b9ad5ef 4730 {
Christopher Haster 1:24750b9ad5ef 4731 int len = 12;
Christopher Haster 1:24750b9ad5ef 4732 const char *sender;
Christopher Haster 1:24750b9ad5ef 4733 mbedtls_md5_context md5;
Christopher Haster 1:24750b9ad5ef 4734 mbedtls_sha1_context sha1;
Christopher Haster 1:24750b9ad5ef 4735 unsigned char padbuf[36];
Christopher Haster 1:24750b9ad5ef 4736
Christopher Haster 1:24750b9ad5ef 4737 mbedtls_ssl_session *session = ssl->session_negotiate;
Christopher Haster 1:24750b9ad5ef 4738 if( !session )
Christopher Haster 1:24750b9ad5ef 4739 session = ssl->session;
Christopher Haster 1:24750b9ad5ef 4740
Christopher Haster 1:24750b9ad5ef 4741 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) );
Christopher Haster 1:24750b9ad5ef 4742
Christopher Haster 1:24750b9ad5ef 4743 mbedtls_md5_init( &md5 );
Christopher Haster 1:24750b9ad5ef 4744 mbedtls_sha1_init( &sha1 );
Christopher Haster 1:24750b9ad5ef 4745
Christopher Haster 1:24750b9ad5ef 4746 mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
Christopher Haster 1:24750b9ad5ef 4747 mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
Christopher Haster 1:24750b9ad5ef 4748
Christopher Haster 1:24750b9ad5ef 4749 /*
Christopher Haster 1:24750b9ad5ef 4750 * TLSv1:
Christopher Haster 1:24750b9ad5ef 4751 * hash = PRF( master, finished_label,
Christopher Haster 1:24750b9ad5ef 4752 * MD5( handshake ) + SHA1( handshake ) )[0..11]
Christopher Haster 1:24750b9ad5ef 4753 */
Christopher Haster 1:24750b9ad5ef 4754
Christopher Haster 1:24750b9ad5ef 4755 #if !defined(MBEDTLS_MD5_ALT)
Christopher Haster 1:24750b9ad5ef 4756 MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
Christopher Haster 1:24750b9ad5ef 4757 md5.state, sizeof( md5.state ) );
Christopher Haster 1:24750b9ad5ef 4758 #endif
Christopher Haster 1:24750b9ad5ef 4759
Christopher Haster 1:24750b9ad5ef 4760 #if !defined(MBEDTLS_SHA1_ALT)
Christopher Haster 1:24750b9ad5ef 4761 MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
Christopher Haster 1:24750b9ad5ef 4762 sha1.state, sizeof( sha1.state ) );
Christopher Haster 1:24750b9ad5ef 4763 #endif
Christopher Haster 1:24750b9ad5ef 4764
Christopher Haster 1:24750b9ad5ef 4765 sender = ( from == MBEDTLS_SSL_IS_CLIENT )
Christopher Haster 1:24750b9ad5ef 4766 ? "client finished"
Christopher Haster 1:24750b9ad5ef 4767 : "server finished";
Christopher Haster 1:24750b9ad5ef 4768
Christopher Haster 1:24750b9ad5ef 4769 mbedtls_md5_finish( &md5, padbuf );
Christopher Haster 1:24750b9ad5ef 4770 mbedtls_sha1_finish( &sha1, padbuf + 16 );
Christopher Haster 1:24750b9ad5ef 4771
Christopher Haster 1:24750b9ad5ef 4772 ssl->handshake->tls_prf( session->master, 48, sender,
Christopher Haster 1:24750b9ad5ef 4773 padbuf, 36, buf, len );
Christopher Haster 1:24750b9ad5ef 4774
Christopher Haster 1:24750b9ad5ef 4775 MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
Christopher Haster 1:24750b9ad5ef 4776
Christopher Haster 1:24750b9ad5ef 4777 mbedtls_md5_free( &md5 );
Christopher Haster 1:24750b9ad5ef 4778 mbedtls_sha1_free( &sha1 );
Christopher Haster 1:24750b9ad5ef 4779
Christopher Haster 1:24750b9ad5ef 4780 mbedtls_zeroize( padbuf, sizeof( padbuf ) );
Christopher Haster 1:24750b9ad5ef 4781
Christopher Haster 1:24750b9ad5ef 4782 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
Christopher Haster 1:24750b9ad5ef 4783 }
Christopher Haster 1:24750b9ad5ef 4784 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
Christopher Haster 1:24750b9ad5ef 4785
Christopher Haster 1:24750b9ad5ef 4786 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 4787 #if defined(MBEDTLS_SHA256_C)
Christopher Haster 1:24750b9ad5ef 4788 static void ssl_calc_finished_tls_sha256(
Christopher Haster 1:24750b9ad5ef 4789 mbedtls_ssl_context *ssl, unsigned char *buf, int from )
Christopher Haster 1:24750b9ad5ef 4790 {
Christopher Haster 1:24750b9ad5ef 4791 int len = 12;
Christopher Haster 1:24750b9ad5ef 4792 const char *sender;
Christopher Haster 1:24750b9ad5ef 4793 mbedtls_sha256_context sha256;
Christopher Haster 1:24750b9ad5ef 4794 unsigned char padbuf[32];
Christopher Haster 1:24750b9ad5ef 4795
Christopher Haster 1:24750b9ad5ef 4796 mbedtls_ssl_session *session = ssl->session_negotiate;
Christopher Haster 1:24750b9ad5ef 4797 if( !session )
Christopher Haster 1:24750b9ad5ef 4798 session = ssl->session;
Christopher Haster 1:24750b9ad5ef 4799
Christopher Haster 1:24750b9ad5ef 4800 mbedtls_sha256_init( &sha256 );
Christopher Haster 1:24750b9ad5ef 4801
Christopher Haster 1:24750b9ad5ef 4802 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) );
Christopher Haster 1:24750b9ad5ef 4803
Christopher Haster 1:24750b9ad5ef 4804 mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
Christopher Haster 1:24750b9ad5ef 4805
Christopher Haster 1:24750b9ad5ef 4806 /*
Christopher Haster 1:24750b9ad5ef 4807 * TLSv1.2:
Christopher Haster 1:24750b9ad5ef 4808 * hash = PRF( master, finished_label,
Christopher Haster 1:24750b9ad5ef 4809 * Hash( handshake ) )[0.11]
Christopher Haster 1:24750b9ad5ef 4810 */
Christopher Haster 1:24750b9ad5ef 4811
Christopher Haster 1:24750b9ad5ef 4812 #if !defined(MBEDTLS_SHA256_ALT)
Christopher Haster 1:24750b9ad5ef 4813 MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
Christopher Haster 1:24750b9ad5ef 4814 sha256.state, sizeof( sha256.state ) );
Christopher Haster 1:24750b9ad5ef 4815 #endif
Christopher Haster 1:24750b9ad5ef 4816
Christopher Haster 1:24750b9ad5ef 4817 sender = ( from == MBEDTLS_SSL_IS_CLIENT )
Christopher Haster 1:24750b9ad5ef 4818 ? "client finished"
Christopher Haster 1:24750b9ad5ef 4819 : "server finished";
Christopher Haster 1:24750b9ad5ef 4820
Christopher Haster 1:24750b9ad5ef 4821 mbedtls_sha256_finish( &sha256, padbuf );
Christopher Haster 1:24750b9ad5ef 4822
Christopher Haster 1:24750b9ad5ef 4823 ssl->handshake->tls_prf( session->master, 48, sender,
Christopher Haster 1:24750b9ad5ef 4824 padbuf, 32, buf, len );
Christopher Haster 1:24750b9ad5ef 4825
Christopher Haster 1:24750b9ad5ef 4826 MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
Christopher Haster 1:24750b9ad5ef 4827
Christopher Haster 1:24750b9ad5ef 4828 mbedtls_sha256_free( &sha256 );
Christopher Haster 1:24750b9ad5ef 4829
Christopher Haster 1:24750b9ad5ef 4830 mbedtls_zeroize( padbuf, sizeof( padbuf ) );
Christopher Haster 1:24750b9ad5ef 4831
Christopher Haster 1:24750b9ad5ef 4832 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
Christopher Haster 1:24750b9ad5ef 4833 }
Christopher Haster 1:24750b9ad5ef 4834 #endif /* MBEDTLS_SHA256_C */
Christopher Haster 1:24750b9ad5ef 4835
Christopher Haster 1:24750b9ad5ef 4836 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 4837 static void ssl_calc_finished_tls_sha384(
Christopher Haster 1:24750b9ad5ef 4838 mbedtls_ssl_context *ssl, unsigned char *buf, int from )
Christopher Haster 1:24750b9ad5ef 4839 {
Christopher Haster 1:24750b9ad5ef 4840 int len = 12;
Christopher Haster 1:24750b9ad5ef 4841 const char *sender;
Christopher Haster 1:24750b9ad5ef 4842 mbedtls_sha512_context sha512;
Christopher Haster 1:24750b9ad5ef 4843 unsigned char padbuf[48];
Christopher Haster 1:24750b9ad5ef 4844
Christopher Haster 1:24750b9ad5ef 4845 mbedtls_ssl_session *session = ssl->session_negotiate;
Christopher Haster 1:24750b9ad5ef 4846 if( !session )
Christopher Haster 1:24750b9ad5ef 4847 session = ssl->session;
Christopher Haster 1:24750b9ad5ef 4848
Christopher Haster 1:24750b9ad5ef 4849 mbedtls_sha512_init( &sha512 );
Christopher Haster 1:24750b9ad5ef 4850
Christopher Haster 1:24750b9ad5ef 4851 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) );
Christopher Haster 1:24750b9ad5ef 4852
Christopher Haster 1:24750b9ad5ef 4853 mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
Christopher Haster 1:24750b9ad5ef 4854
Christopher Haster 1:24750b9ad5ef 4855 /*
Christopher Haster 1:24750b9ad5ef 4856 * TLSv1.2:
Christopher Haster 1:24750b9ad5ef 4857 * hash = PRF( master, finished_label,
Christopher Haster 1:24750b9ad5ef 4858 * Hash( handshake ) )[0.11]
Christopher Haster 1:24750b9ad5ef 4859 */
Christopher Haster 1:24750b9ad5ef 4860
Christopher Haster 1:24750b9ad5ef 4861 #if !defined(MBEDTLS_SHA512_ALT)
Christopher Haster 1:24750b9ad5ef 4862 MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
Christopher Haster 1:24750b9ad5ef 4863 sha512.state, sizeof( sha512.state ) );
Christopher Haster 1:24750b9ad5ef 4864 #endif
Christopher Haster 1:24750b9ad5ef 4865
Christopher Haster 1:24750b9ad5ef 4866 sender = ( from == MBEDTLS_SSL_IS_CLIENT )
Christopher Haster 1:24750b9ad5ef 4867 ? "client finished"
Christopher Haster 1:24750b9ad5ef 4868 : "server finished";
Christopher Haster 1:24750b9ad5ef 4869
Christopher Haster 1:24750b9ad5ef 4870 mbedtls_sha512_finish( &sha512, padbuf );
Christopher Haster 1:24750b9ad5ef 4871
Christopher Haster 1:24750b9ad5ef 4872 ssl->handshake->tls_prf( session->master, 48, sender,
Christopher Haster 1:24750b9ad5ef 4873 padbuf, 48, buf, len );
Christopher Haster 1:24750b9ad5ef 4874
Christopher Haster 1:24750b9ad5ef 4875 MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
Christopher Haster 1:24750b9ad5ef 4876
Christopher Haster 1:24750b9ad5ef 4877 mbedtls_sha512_free( &sha512 );
Christopher Haster 1:24750b9ad5ef 4878
Christopher Haster 1:24750b9ad5ef 4879 mbedtls_zeroize( padbuf, sizeof( padbuf ) );
Christopher Haster 1:24750b9ad5ef 4880
Christopher Haster 1:24750b9ad5ef 4881 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
Christopher Haster 1:24750b9ad5ef 4882 }
Christopher Haster 1:24750b9ad5ef 4883 #endif /* MBEDTLS_SHA512_C */
Christopher Haster 1:24750b9ad5ef 4884 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 4885
Christopher Haster 1:24750b9ad5ef 4886 static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 4887 {
Christopher Haster 1:24750b9ad5ef 4888 MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) );
Christopher Haster 1:24750b9ad5ef 4889
Christopher Haster 1:24750b9ad5ef 4890 /*
Christopher Haster 1:24750b9ad5ef 4891 * Free our handshake params
Christopher Haster 1:24750b9ad5ef 4892 */
Christopher Haster 1:24750b9ad5ef 4893 mbedtls_ssl_handshake_free( ssl->handshake );
Christopher Haster 1:24750b9ad5ef 4894 mbedtls_free( ssl->handshake );
Christopher Haster 1:24750b9ad5ef 4895 ssl->handshake = NULL;
Christopher Haster 1:24750b9ad5ef 4896
Christopher Haster 1:24750b9ad5ef 4897 /*
Christopher Haster 1:24750b9ad5ef 4898 * Free the previous transform and swith in the current one
Christopher Haster 1:24750b9ad5ef 4899 */
Christopher Haster 1:24750b9ad5ef 4900 if( ssl->transform )
Christopher Haster 1:24750b9ad5ef 4901 {
Christopher Haster 1:24750b9ad5ef 4902 mbedtls_ssl_transform_free( ssl->transform );
Christopher Haster 1:24750b9ad5ef 4903 mbedtls_free( ssl->transform );
Christopher Haster 1:24750b9ad5ef 4904 }
Christopher Haster 1:24750b9ad5ef 4905 ssl->transform = ssl->transform_negotiate;
Christopher Haster 1:24750b9ad5ef 4906 ssl->transform_negotiate = NULL;
Christopher Haster 1:24750b9ad5ef 4907
Christopher Haster 1:24750b9ad5ef 4908 MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) );
Christopher Haster 1:24750b9ad5ef 4909 }
Christopher Haster 1:24750b9ad5ef 4910
Christopher Haster 1:24750b9ad5ef 4911 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 4912 {
Christopher Haster 1:24750b9ad5ef 4913 int resume = ssl->handshake->resume;
Christopher Haster 1:24750b9ad5ef 4914
Christopher Haster 1:24750b9ad5ef 4915 MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
Christopher Haster 1:24750b9ad5ef 4916
Christopher Haster 1:24750b9ad5ef 4917 #if defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 4918 if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
Christopher Haster 1:24750b9ad5ef 4919 {
Christopher Haster 1:24750b9ad5ef 4920 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE;
Christopher Haster 1:24750b9ad5ef 4921 ssl->renego_records_seen = 0;
Christopher Haster 1:24750b9ad5ef 4922 }
Christopher Haster 1:24750b9ad5ef 4923 #endif
Christopher Haster 1:24750b9ad5ef 4924
Christopher Haster 1:24750b9ad5ef 4925 /*
Christopher Haster 1:24750b9ad5ef 4926 * Free the previous session and switch in the current one
Christopher Haster 1:24750b9ad5ef 4927 */
Christopher Haster 1:24750b9ad5ef 4928 if( ssl->session )
Christopher Haster 1:24750b9ad5ef 4929 {
Christopher Haster 1:24750b9ad5ef 4930 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
Christopher Haster 1:24750b9ad5ef 4931 /* RFC 7366 3.1: keep the EtM state */
Christopher Haster 1:24750b9ad5ef 4932 ssl->session_negotiate->encrypt_then_mac =
Christopher Haster 1:24750b9ad5ef 4933 ssl->session->encrypt_then_mac;
Christopher Haster 1:24750b9ad5ef 4934 #endif
Christopher Haster 1:24750b9ad5ef 4935
Christopher Haster 1:24750b9ad5ef 4936 mbedtls_ssl_session_free( ssl->session );
Christopher Haster 1:24750b9ad5ef 4937 mbedtls_free( ssl->session );
Christopher Haster 1:24750b9ad5ef 4938 }
Christopher Haster 1:24750b9ad5ef 4939 ssl->session = ssl->session_negotiate;
Christopher Haster 1:24750b9ad5ef 4940 ssl->session_negotiate = NULL;
Christopher Haster 1:24750b9ad5ef 4941
Christopher Haster 1:24750b9ad5ef 4942 /*
Christopher Haster 1:24750b9ad5ef 4943 * Add cache entry
Christopher Haster 1:24750b9ad5ef 4944 */
Christopher Haster 1:24750b9ad5ef 4945 if( ssl->conf->f_set_cache != NULL &&
Christopher Haster 1:24750b9ad5ef 4946 ssl->session->id_len != 0 &&
Christopher Haster 1:24750b9ad5ef 4947 resume == 0 )
Christopher Haster 1:24750b9ad5ef 4948 {
Christopher Haster 1:24750b9ad5ef 4949 if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 )
Christopher Haster 1:24750b9ad5ef 4950 MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
Christopher Haster 1:24750b9ad5ef 4951 }
Christopher Haster 1:24750b9ad5ef 4952
Christopher Haster 1:24750b9ad5ef 4953 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 4954 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
Christopher Haster 1:24750b9ad5ef 4955 ssl->handshake->flight != NULL )
Christopher Haster 1:24750b9ad5ef 4956 {
Christopher Haster 1:24750b9ad5ef 4957 /* Cancel handshake timer */
Christopher Haster 1:24750b9ad5ef 4958 ssl_set_timer( ssl, 0 );
Christopher Haster 1:24750b9ad5ef 4959
Christopher Haster 1:24750b9ad5ef 4960 /* Keep last flight around in case we need to resend it:
Christopher Haster 1:24750b9ad5ef 4961 * we need the handshake and transform structures for that */
Christopher Haster 1:24750b9ad5ef 4962 MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) );
Christopher Haster 1:24750b9ad5ef 4963 }
Christopher Haster 1:24750b9ad5ef 4964 else
Christopher Haster 1:24750b9ad5ef 4965 #endif
Christopher Haster 1:24750b9ad5ef 4966 ssl_handshake_wrapup_free_hs_transform( ssl );
Christopher Haster 1:24750b9ad5ef 4967
Christopher Haster 1:24750b9ad5ef 4968 ssl->state++;
Christopher Haster 1:24750b9ad5ef 4969
Christopher Haster 1:24750b9ad5ef 4970 MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
Christopher Haster 1:24750b9ad5ef 4971 }
Christopher Haster 1:24750b9ad5ef 4972
Christopher Haster 1:24750b9ad5ef 4973 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 4974 {
Christopher Haster 1:24750b9ad5ef 4975 int ret, hash_len;
Christopher Haster 1:24750b9ad5ef 4976
Christopher Haster 1:24750b9ad5ef 4977 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
Christopher Haster 1:24750b9ad5ef 4978
Christopher Haster 1:24750b9ad5ef 4979 /*
Christopher Haster 1:24750b9ad5ef 4980 * Set the out_msg pointer to the correct location based on IV length
Christopher Haster 1:24750b9ad5ef 4981 */
Christopher Haster 1:24750b9ad5ef 4982 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
Christopher Haster 1:24750b9ad5ef 4983 {
Christopher Haster 1:24750b9ad5ef 4984 ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen -
Christopher Haster 1:24750b9ad5ef 4985 ssl->transform_negotiate->fixed_ivlen;
Christopher Haster 1:24750b9ad5ef 4986 }
Christopher Haster 1:24750b9ad5ef 4987 else
Christopher Haster 1:24750b9ad5ef 4988 ssl->out_msg = ssl->out_iv;
Christopher Haster 1:24750b9ad5ef 4989
Christopher Haster 1:24750b9ad5ef 4990 ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
Christopher Haster 1:24750b9ad5ef 4991
Christopher Haster 1:24750b9ad5ef 4992 // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
Christopher Haster 1:24750b9ad5ef 4993 hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12;
Christopher Haster 1:24750b9ad5ef 4994
Christopher Haster 1:24750b9ad5ef 4995 #if defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 4996 ssl->verify_data_len = hash_len;
Christopher Haster 1:24750b9ad5ef 4997 memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
Christopher Haster 1:24750b9ad5ef 4998 #endif
Christopher Haster 1:24750b9ad5ef 4999
Christopher Haster 1:24750b9ad5ef 5000 ssl->out_msglen = 4 + hash_len;
Christopher Haster 1:24750b9ad5ef 5001 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
Christopher Haster 1:24750b9ad5ef 5002 ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED;
Christopher Haster 1:24750b9ad5ef 5003
Christopher Haster 1:24750b9ad5ef 5004 /*
Christopher Haster 1:24750b9ad5ef 5005 * In case of session resuming, invert the client and server
Christopher Haster 1:24750b9ad5ef 5006 * ChangeCipherSpec messages order.
Christopher Haster 1:24750b9ad5ef 5007 */
Christopher Haster 1:24750b9ad5ef 5008 if( ssl->handshake->resume != 0 )
Christopher Haster 1:24750b9ad5ef 5009 {
Christopher Haster 1:24750b9ad5ef 5010 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 5011 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
Christopher Haster 1:24750b9ad5ef 5012 ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
Christopher Haster 1:24750b9ad5ef 5013 #endif
Christopher Haster 1:24750b9ad5ef 5014 #if defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 5015 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
Christopher Haster 1:24750b9ad5ef 5016 ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
Christopher Haster 1:24750b9ad5ef 5017 #endif
Christopher Haster 1:24750b9ad5ef 5018 }
Christopher Haster 1:24750b9ad5ef 5019 else
Christopher Haster 1:24750b9ad5ef 5020 ssl->state++;
Christopher Haster 1:24750b9ad5ef 5021
Christopher Haster 1:24750b9ad5ef 5022 /*
Christopher Haster 1:24750b9ad5ef 5023 * Switch to our negotiated transform and session parameters for outbound
Christopher Haster 1:24750b9ad5ef 5024 * data.
Christopher Haster 1:24750b9ad5ef 5025 */
Christopher Haster 1:24750b9ad5ef 5026 MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
Christopher Haster 1:24750b9ad5ef 5027
Christopher Haster 1:24750b9ad5ef 5028 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 5029 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 5030 {
Christopher Haster 1:24750b9ad5ef 5031 unsigned char i;
Christopher Haster 1:24750b9ad5ef 5032
Christopher Haster 1:24750b9ad5ef 5033 /* Remember current epoch settings for resending */
Christopher Haster 1:24750b9ad5ef 5034 ssl->handshake->alt_transform_out = ssl->transform_out;
Christopher Haster 1:24750b9ad5ef 5035 memcpy( ssl->handshake->alt_out_ctr, ssl->out_ctr, 8 );
Christopher Haster 1:24750b9ad5ef 5036
Christopher Haster 1:24750b9ad5ef 5037 /* Set sequence_number to zero */
Christopher Haster 1:24750b9ad5ef 5038 memset( ssl->out_ctr + 2, 0, 6 );
Christopher Haster 1:24750b9ad5ef 5039
Christopher Haster 1:24750b9ad5ef 5040 /* Increment epoch */
Christopher Haster 1:24750b9ad5ef 5041 for( i = 2; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 5042 if( ++ssl->out_ctr[i - 1] != 0 )
Christopher Haster 1:24750b9ad5ef 5043 break;
Christopher Haster 1:24750b9ad5ef 5044
Christopher Haster 1:24750b9ad5ef 5045 /* The loop goes to its end iff the counter is wrapping */
Christopher Haster 1:24750b9ad5ef 5046 if( i == 0 )
Christopher Haster 1:24750b9ad5ef 5047 {
Christopher Haster 1:24750b9ad5ef 5048 MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
Christopher Haster 1:24750b9ad5ef 5049 return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
Christopher Haster 1:24750b9ad5ef 5050 }
Christopher Haster 1:24750b9ad5ef 5051 }
Christopher Haster 1:24750b9ad5ef 5052 else
Christopher Haster 1:24750b9ad5ef 5053 #endif /* MBEDTLS_SSL_PROTO_DTLS */
Christopher Haster 1:24750b9ad5ef 5054 memset( ssl->out_ctr, 0, 8 );
Christopher Haster 1:24750b9ad5ef 5055
Christopher Haster 1:24750b9ad5ef 5056 ssl->transform_out = ssl->transform_negotiate;
Christopher Haster 1:24750b9ad5ef 5057 ssl->session_out = ssl->session_negotiate;
Christopher Haster 1:24750b9ad5ef 5058
Christopher Haster 1:24750b9ad5ef 5059 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
Christopher Haster 1:24750b9ad5ef 5060 if( mbedtls_ssl_hw_record_activate != NULL )
Christopher Haster 1:24750b9ad5ef 5061 {
Christopher Haster 1:24750b9ad5ef 5062 if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 5063 {
Christopher Haster 1:24750b9ad5ef 5064 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
Christopher Haster 1:24750b9ad5ef 5065 return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
Christopher Haster 1:24750b9ad5ef 5066 }
Christopher Haster 1:24750b9ad5ef 5067 }
Christopher Haster 1:24750b9ad5ef 5068 #endif
Christopher Haster 1:24750b9ad5ef 5069
Christopher Haster 1:24750b9ad5ef 5070 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 5071 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 5072 mbedtls_ssl_send_flight_completed( ssl );
Christopher Haster 1:24750b9ad5ef 5073 #endif
Christopher Haster 1:24750b9ad5ef 5074
Christopher Haster 1:24750b9ad5ef 5075 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 5076 {
Christopher Haster 1:24750b9ad5ef 5077 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
Christopher Haster 1:24750b9ad5ef 5078 return( ret );
Christopher Haster 1:24750b9ad5ef 5079 }
Christopher Haster 1:24750b9ad5ef 5080
Christopher Haster 1:24750b9ad5ef 5081 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
Christopher Haster 1:24750b9ad5ef 5082
Christopher Haster 1:24750b9ad5ef 5083 return( 0 );
Christopher Haster 1:24750b9ad5ef 5084 }
Christopher Haster 1:24750b9ad5ef 5085
Christopher Haster 1:24750b9ad5ef 5086 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 5087 #define SSL_MAX_HASH_LEN 36
Christopher Haster 1:24750b9ad5ef 5088 #else
Christopher Haster 1:24750b9ad5ef 5089 #define SSL_MAX_HASH_LEN 12
Christopher Haster 1:24750b9ad5ef 5090 #endif
Christopher Haster 1:24750b9ad5ef 5091
Christopher Haster 1:24750b9ad5ef 5092 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 5093 {
Christopher Haster 1:24750b9ad5ef 5094 int ret;
Christopher Haster 1:24750b9ad5ef 5095 unsigned int hash_len;
Christopher Haster 1:24750b9ad5ef 5096 unsigned char buf[SSL_MAX_HASH_LEN];
Christopher Haster 1:24750b9ad5ef 5097
Christopher Haster 1:24750b9ad5ef 5098 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
Christopher Haster 1:24750b9ad5ef 5099
Christopher Haster 1:24750b9ad5ef 5100 ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
Christopher Haster 1:24750b9ad5ef 5101
Christopher Haster 1:24750b9ad5ef 5102 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 5103 {
Christopher Haster 1:24750b9ad5ef 5104 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
Christopher Haster 1:24750b9ad5ef 5105 return( ret );
Christopher Haster 1:24750b9ad5ef 5106 }
Christopher Haster 1:24750b9ad5ef 5107
Christopher Haster 1:24750b9ad5ef 5108 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
Christopher Haster 1:24750b9ad5ef 5109 {
Christopher Haster 1:24750b9ad5ef 5110 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
Christopher Haster 1:24750b9ad5ef 5111 return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
Christopher Haster 1:24750b9ad5ef 5112 }
Christopher Haster 1:24750b9ad5ef 5113
Christopher Haster 1:24750b9ad5ef 5114 /* There is currently no ciphersuite using another length with TLS 1.2 */
Christopher Haster 1:24750b9ad5ef 5115 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 5116 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
Christopher Haster 1:24750b9ad5ef 5117 hash_len = 36;
Christopher Haster 1:24750b9ad5ef 5118 else
Christopher Haster 1:24750b9ad5ef 5119 #endif
Christopher Haster 1:24750b9ad5ef 5120 hash_len = 12;
Christopher Haster 1:24750b9ad5ef 5121
Christopher Haster 1:24750b9ad5ef 5122 if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED ||
Christopher Haster 1:24750b9ad5ef 5123 ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len )
Christopher Haster 1:24750b9ad5ef 5124 {
Christopher Haster 1:24750b9ad5ef 5125 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
Christopher Haster 1:24750b9ad5ef 5126 return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
Christopher Haster 1:24750b9ad5ef 5127 }
Christopher Haster 1:24750b9ad5ef 5128
Christopher Haster 1:24750b9ad5ef 5129 if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
Christopher Haster 1:24750b9ad5ef 5130 buf, hash_len ) != 0 )
Christopher Haster 1:24750b9ad5ef 5131 {
Christopher Haster 1:24750b9ad5ef 5132 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
Christopher Haster 1:24750b9ad5ef 5133 return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
Christopher Haster 1:24750b9ad5ef 5134 }
Christopher Haster 1:24750b9ad5ef 5135
Christopher Haster 1:24750b9ad5ef 5136 #if defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 5137 ssl->verify_data_len = hash_len;
Christopher Haster 1:24750b9ad5ef 5138 memcpy( ssl->peer_verify_data, buf, hash_len );
Christopher Haster 1:24750b9ad5ef 5139 #endif
Christopher Haster 1:24750b9ad5ef 5140
Christopher Haster 1:24750b9ad5ef 5141 if( ssl->handshake->resume != 0 )
Christopher Haster 1:24750b9ad5ef 5142 {
Christopher Haster 1:24750b9ad5ef 5143 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 5144 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
Christopher Haster 1:24750b9ad5ef 5145 ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
Christopher Haster 1:24750b9ad5ef 5146 #endif
Christopher Haster 1:24750b9ad5ef 5147 #if defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 5148 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
Christopher Haster 1:24750b9ad5ef 5149 ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
Christopher Haster 1:24750b9ad5ef 5150 #endif
Christopher Haster 1:24750b9ad5ef 5151 }
Christopher Haster 1:24750b9ad5ef 5152 else
Christopher Haster 1:24750b9ad5ef 5153 ssl->state++;
Christopher Haster 1:24750b9ad5ef 5154
Christopher Haster 1:24750b9ad5ef 5155 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 5156 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 5157 mbedtls_ssl_recv_flight_completed( ssl );
Christopher Haster 1:24750b9ad5ef 5158 #endif
Christopher Haster 1:24750b9ad5ef 5159
Christopher Haster 1:24750b9ad5ef 5160 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
Christopher Haster 1:24750b9ad5ef 5161
Christopher Haster 1:24750b9ad5ef 5162 return( 0 );
Christopher Haster 1:24750b9ad5ef 5163 }
Christopher Haster 1:24750b9ad5ef 5164
Christopher Haster 1:24750b9ad5ef 5165 static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
Christopher Haster 1:24750b9ad5ef 5166 {
Christopher Haster 1:24750b9ad5ef 5167 memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
Christopher Haster 1:24750b9ad5ef 5168
Christopher Haster 1:24750b9ad5ef 5169 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
Christopher Haster 1:24750b9ad5ef 5170 defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster 1:24750b9ad5ef 5171 mbedtls_md5_init( &handshake->fin_md5 );
Christopher Haster 1:24750b9ad5ef 5172 mbedtls_sha1_init( &handshake->fin_sha1 );
Christopher Haster 1:24750b9ad5ef 5173 mbedtls_md5_starts( &handshake->fin_md5 );
Christopher Haster 1:24750b9ad5ef 5174 mbedtls_sha1_starts( &handshake->fin_sha1 );
Christopher Haster 1:24750b9ad5ef 5175 #endif
Christopher Haster 1:24750b9ad5ef 5176 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 5177 #if defined(MBEDTLS_SHA256_C)
Christopher Haster 1:24750b9ad5ef 5178 mbedtls_sha256_init( &handshake->fin_sha256 );
Christopher Haster 1:24750b9ad5ef 5179 mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
Christopher Haster 1:24750b9ad5ef 5180 #endif
Christopher Haster 1:24750b9ad5ef 5181 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 5182 mbedtls_sha512_init( &handshake->fin_sha512 );
Christopher Haster 1:24750b9ad5ef 5183 mbedtls_sha512_starts( &handshake->fin_sha512, 1 );
Christopher Haster 1:24750b9ad5ef 5184 #endif
Christopher Haster 1:24750b9ad5ef 5185 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 5186
Christopher Haster 1:24750b9ad5ef 5187 handshake->update_checksum = ssl_update_checksum_start;
Christopher Haster 1:24750b9ad5ef 5188 handshake->sig_alg = MBEDTLS_SSL_HASH_SHA1;
Christopher Haster 1:24750b9ad5ef 5189
Christopher Haster 1:24750b9ad5ef 5190 #if defined(MBEDTLS_DHM_C)
Christopher Haster 1:24750b9ad5ef 5191 mbedtls_dhm_init( &handshake->dhm_ctx );
Christopher Haster 1:24750b9ad5ef 5192 #endif
Christopher Haster 1:24750b9ad5ef 5193 #if defined(MBEDTLS_ECDH_C)
Christopher Haster 1:24750b9ad5ef 5194 mbedtls_ecdh_init( &handshake->ecdh_ctx );
Christopher Haster 1:24750b9ad5ef 5195 #endif
Christopher Haster 1:24750b9ad5ef 5196 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Christopher Haster 1:24750b9ad5ef 5197 mbedtls_ecjpake_init( &handshake->ecjpake_ctx );
Christopher Haster 1:24750b9ad5ef 5198 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 5199 handshake->ecjpake_cache = NULL;
Christopher Haster 1:24750b9ad5ef 5200 handshake->ecjpake_cache_len = 0;
Christopher Haster 1:24750b9ad5ef 5201 #endif
Christopher Haster 1:24750b9ad5ef 5202 #endif
Christopher Haster 1:24750b9ad5ef 5203
Christopher Haster 1:24750b9ad5ef 5204 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
Christopher Haster 1:24750b9ad5ef 5205 handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET;
Christopher Haster 1:24750b9ad5ef 5206 #endif
Christopher Haster 1:24750b9ad5ef 5207 }
Christopher Haster 1:24750b9ad5ef 5208
Christopher Haster 1:24750b9ad5ef 5209 static void ssl_transform_init( mbedtls_ssl_transform *transform )
Christopher Haster 1:24750b9ad5ef 5210 {
Christopher Haster 1:24750b9ad5ef 5211 memset( transform, 0, sizeof(mbedtls_ssl_transform) );
Christopher Haster 1:24750b9ad5ef 5212
Christopher Haster 1:24750b9ad5ef 5213 mbedtls_cipher_init( &transform->cipher_ctx_enc );
Christopher Haster 1:24750b9ad5ef 5214 mbedtls_cipher_init( &transform->cipher_ctx_dec );
Christopher Haster 1:24750b9ad5ef 5215
Christopher Haster 1:24750b9ad5ef 5216 mbedtls_md_init( &transform->md_ctx_enc );
Christopher Haster 1:24750b9ad5ef 5217 mbedtls_md_init( &transform->md_ctx_dec );
Christopher Haster 1:24750b9ad5ef 5218 }
Christopher Haster 1:24750b9ad5ef 5219
Christopher Haster 1:24750b9ad5ef 5220 void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
Christopher Haster 1:24750b9ad5ef 5221 {
Christopher Haster 1:24750b9ad5ef 5222 memset( session, 0, sizeof(mbedtls_ssl_session) );
Christopher Haster 1:24750b9ad5ef 5223 }
Christopher Haster 1:24750b9ad5ef 5224
Christopher Haster 1:24750b9ad5ef 5225 static int ssl_handshake_init( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 5226 {
Christopher Haster 1:24750b9ad5ef 5227 /* Clear old handshake information if present */
Christopher Haster 1:24750b9ad5ef 5228 if( ssl->transform_negotiate )
Christopher Haster 1:24750b9ad5ef 5229 mbedtls_ssl_transform_free( ssl->transform_negotiate );
Christopher Haster 1:24750b9ad5ef 5230 if( ssl->session_negotiate )
Christopher Haster 1:24750b9ad5ef 5231 mbedtls_ssl_session_free( ssl->session_negotiate );
Christopher Haster 1:24750b9ad5ef 5232 if( ssl->handshake )
Christopher Haster 1:24750b9ad5ef 5233 mbedtls_ssl_handshake_free( ssl->handshake );
Christopher Haster 1:24750b9ad5ef 5234
Christopher Haster 1:24750b9ad5ef 5235 /*
Christopher Haster 1:24750b9ad5ef 5236 * Either the pointers are now NULL or cleared properly and can be freed.
Christopher Haster 1:24750b9ad5ef 5237 * Now allocate missing structures.
Christopher Haster 1:24750b9ad5ef 5238 */
Christopher Haster 1:24750b9ad5ef 5239 if( ssl->transform_negotiate == NULL )
Christopher Haster 1:24750b9ad5ef 5240 {
Christopher Haster 1:24750b9ad5ef 5241 ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) );
Christopher Haster 1:24750b9ad5ef 5242 }
Christopher Haster 1:24750b9ad5ef 5243
Christopher Haster 1:24750b9ad5ef 5244 if( ssl->session_negotiate == NULL )
Christopher Haster 1:24750b9ad5ef 5245 {
Christopher Haster 1:24750b9ad5ef 5246 ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) );
Christopher Haster 1:24750b9ad5ef 5247 }
Christopher Haster 1:24750b9ad5ef 5248
Christopher Haster 1:24750b9ad5ef 5249 if( ssl->handshake == NULL )
Christopher Haster 1:24750b9ad5ef 5250 {
Christopher Haster 1:24750b9ad5ef 5251 ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) );
Christopher Haster 1:24750b9ad5ef 5252 }
Christopher Haster 1:24750b9ad5ef 5253
Christopher Haster 1:24750b9ad5ef 5254 /* All pointers should exist and can be directly freed without issue */
Christopher Haster 1:24750b9ad5ef 5255 if( ssl->handshake == NULL ||
Christopher Haster 1:24750b9ad5ef 5256 ssl->transform_negotiate == NULL ||
Christopher Haster 1:24750b9ad5ef 5257 ssl->session_negotiate == NULL )
Christopher Haster 1:24750b9ad5ef 5258 {
Christopher Haster 1:24750b9ad5ef 5259 MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) );
Christopher Haster 1:24750b9ad5ef 5260
Christopher Haster 1:24750b9ad5ef 5261 mbedtls_free( ssl->handshake );
Christopher Haster 1:24750b9ad5ef 5262 mbedtls_free( ssl->transform_negotiate );
Christopher Haster 1:24750b9ad5ef 5263 mbedtls_free( ssl->session_negotiate );
Christopher Haster 1:24750b9ad5ef 5264
Christopher Haster 1:24750b9ad5ef 5265 ssl->handshake = NULL;
Christopher Haster 1:24750b9ad5ef 5266 ssl->transform_negotiate = NULL;
Christopher Haster 1:24750b9ad5ef 5267 ssl->session_negotiate = NULL;
Christopher Haster 1:24750b9ad5ef 5268
Christopher Haster 1:24750b9ad5ef 5269 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 5270 }
Christopher Haster 1:24750b9ad5ef 5271
Christopher Haster 1:24750b9ad5ef 5272 /* Initialize structures */
Christopher Haster 1:24750b9ad5ef 5273 mbedtls_ssl_session_init( ssl->session_negotiate );
Christopher Haster 1:24750b9ad5ef 5274 ssl_transform_init( ssl->transform_negotiate );
Christopher Haster 1:24750b9ad5ef 5275 ssl_handshake_params_init( ssl->handshake );
Christopher Haster 1:24750b9ad5ef 5276
Christopher Haster 1:24750b9ad5ef 5277 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 5278 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 5279 {
Christopher Haster 1:24750b9ad5ef 5280 ssl->handshake->alt_transform_out = ssl->transform_out;
Christopher Haster 1:24750b9ad5ef 5281
Christopher Haster 1:24750b9ad5ef 5282 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
Christopher Haster 1:24750b9ad5ef 5283 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
Christopher Haster 1:24750b9ad5ef 5284 else
Christopher Haster 1:24750b9ad5ef 5285 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
Christopher Haster 1:24750b9ad5ef 5286
Christopher Haster 1:24750b9ad5ef 5287 ssl_set_timer( ssl, 0 );
Christopher Haster 1:24750b9ad5ef 5288 }
Christopher Haster 1:24750b9ad5ef 5289 #endif
Christopher Haster 1:24750b9ad5ef 5290
Christopher Haster 1:24750b9ad5ef 5291 return( 0 );
Christopher Haster 1:24750b9ad5ef 5292 }
Christopher Haster 1:24750b9ad5ef 5293
Christopher Haster 1:24750b9ad5ef 5294 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 5295 /* Dummy cookie callbacks for defaults */
Christopher Haster 1:24750b9ad5ef 5296 static int ssl_cookie_write_dummy( void *ctx,
Christopher Haster 1:24750b9ad5ef 5297 unsigned char **p, unsigned char *end,
Christopher Haster 1:24750b9ad5ef 5298 const unsigned char *cli_id, size_t cli_id_len )
Christopher Haster 1:24750b9ad5ef 5299 {
Christopher Haster 1:24750b9ad5ef 5300 ((void) ctx);
Christopher Haster 1:24750b9ad5ef 5301 ((void) p);
Christopher Haster 1:24750b9ad5ef 5302 ((void) end);
Christopher Haster 1:24750b9ad5ef 5303 ((void) cli_id);
Christopher Haster 1:24750b9ad5ef 5304 ((void) cli_id_len);
Christopher Haster 1:24750b9ad5ef 5305
Christopher Haster 1:24750b9ad5ef 5306 return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
Christopher Haster 1:24750b9ad5ef 5307 }
Christopher Haster 1:24750b9ad5ef 5308
Christopher Haster 1:24750b9ad5ef 5309 static int ssl_cookie_check_dummy( void *ctx,
Christopher Haster 1:24750b9ad5ef 5310 const unsigned char *cookie, size_t cookie_len,
Christopher Haster 1:24750b9ad5ef 5311 const unsigned char *cli_id, size_t cli_id_len )
Christopher Haster 1:24750b9ad5ef 5312 {
Christopher Haster 1:24750b9ad5ef 5313 ((void) ctx);
Christopher Haster 1:24750b9ad5ef 5314 ((void) cookie);
Christopher Haster 1:24750b9ad5ef 5315 ((void) cookie_len);
Christopher Haster 1:24750b9ad5ef 5316 ((void) cli_id);
Christopher Haster 1:24750b9ad5ef 5317 ((void) cli_id_len);
Christopher Haster 1:24750b9ad5ef 5318
Christopher Haster 1:24750b9ad5ef 5319 return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
Christopher Haster 1:24750b9ad5ef 5320 }
Christopher Haster 1:24750b9ad5ef 5321 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
Christopher Haster 1:24750b9ad5ef 5322
Christopher Haster 1:24750b9ad5ef 5323 /*
Christopher Haster 1:24750b9ad5ef 5324 * Initialize an SSL context
Christopher Haster 1:24750b9ad5ef 5325 */
Christopher Haster 1:24750b9ad5ef 5326 void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 5327 {
Christopher Haster 1:24750b9ad5ef 5328 memset( ssl, 0, sizeof( mbedtls_ssl_context ) );
Christopher Haster 1:24750b9ad5ef 5329 }
Christopher Haster 1:24750b9ad5ef 5330
Christopher Haster 1:24750b9ad5ef 5331 /*
Christopher Haster 1:24750b9ad5ef 5332 * Setup an SSL context
Christopher Haster 1:24750b9ad5ef 5333 */
Christopher Haster 1:24750b9ad5ef 5334 int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 5335 const mbedtls_ssl_config *conf )
Christopher Haster 1:24750b9ad5ef 5336 {
Christopher Haster 1:24750b9ad5ef 5337 int ret;
Christopher Haster 1:24750b9ad5ef 5338 const size_t len = MBEDTLS_SSL_BUFFER_LEN;
Christopher Haster 1:24750b9ad5ef 5339
Christopher Haster 1:24750b9ad5ef 5340 ssl->conf = conf;
Christopher Haster 1:24750b9ad5ef 5341
Christopher Haster 1:24750b9ad5ef 5342 /*
Christopher Haster 1:24750b9ad5ef 5343 * Prepare base structures
Christopher Haster 1:24750b9ad5ef 5344 */
Christopher Haster 1:24750b9ad5ef 5345 if( ( ssl-> in_buf = mbedtls_calloc( 1, len ) ) == NULL ||
Christopher Haster 1:24750b9ad5ef 5346 ( ssl->out_buf = mbedtls_calloc( 1, len ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 5347 {
Christopher Haster 1:24750b9ad5ef 5348 MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", len ) );
Christopher Haster 1:24750b9ad5ef 5349 mbedtls_free( ssl->in_buf );
Christopher Haster 1:24750b9ad5ef 5350 ssl->in_buf = NULL;
Christopher Haster 1:24750b9ad5ef 5351 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 5352 }
Christopher Haster 1:24750b9ad5ef 5353
Christopher Haster 1:24750b9ad5ef 5354 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 5355 if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 5356 {
Christopher Haster 1:24750b9ad5ef 5357 ssl->out_hdr = ssl->out_buf;
Christopher Haster 1:24750b9ad5ef 5358 ssl->out_ctr = ssl->out_buf + 3;
Christopher Haster 1:24750b9ad5ef 5359 ssl->out_len = ssl->out_buf + 11;
Christopher Haster 1:24750b9ad5ef 5360 ssl->out_iv = ssl->out_buf + 13;
Christopher Haster 1:24750b9ad5ef 5361 ssl->out_msg = ssl->out_buf + 13;
Christopher Haster 1:24750b9ad5ef 5362
Christopher Haster 1:24750b9ad5ef 5363 ssl->in_hdr = ssl->in_buf;
Christopher Haster 1:24750b9ad5ef 5364 ssl->in_ctr = ssl->in_buf + 3;
Christopher Haster 1:24750b9ad5ef 5365 ssl->in_len = ssl->in_buf + 11;
Christopher Haster 1:24750b9ad5ef 5366 ssl->in_iv = ssl->in_buf + 13;
Christopher Haster 1:24750b9ad5ef 5367 ssl->in_msg = ssl->in_buf + 13;
Christopher Haster 1:24750b9ad5ef 5368 }
Christopher Haster 1:24750b9ad5ef 5369 else
Christopher Haster 1:24750b9ad5ef 5370 #endif
Christopher Haster 1:24750b9ad5ef 5371 {
Christopher Haster 1:24750b9ad5ef 5372 ssl->out_ctr = ssl->out_buf;
Christopher Haster 1:24750b9ad5ef 5373 ssl->out_hdr = ssl->out_buf + 8;
Christopher Haster 1:24750b9ad5ef 5374 ssl->out_len = ssl->out_buf + 11;
Christopher Haster 1:24750b9ad5ef 5375 ssl->out_iv = ssl->out_buf + 13;
Christopher Haster 1:24750b9ad5ef 5376 ssl->out_msg = ssl->out_buf + 13;
Christopher Haster 1:24750b9ad5ef 5377
Christopher Haster 1:24750b9ad5ef 5378 ssl->in_ctr = ssl->in_buf;
Christopher Haster 1:24750b9ad5ef 5379 ssl->in_hdr = ssl->in_buf + 8;
Christopher Haster 1:24750b9ad5ef 5380 ssl->in_len = ssl->in_buf + 11;
Christopher Haster 1:24750b9ad5ef 5381 ssl->in_iv = ssl->in_buf + 13;
Christopher Haster 1:24750b9ad5ef 5382 ssl->in_msg = ssl->in_buf + 13;
Christopher Haster 1:24750b9ad5ef 5383 }
Christopher Haster 1:24750b9ad5ef 5384
Christopher Haster 1:24750b9ad5ef 5385 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 5386 return( ret );
Christopher Haster 1:24750b9ad5ef 5387
Christopher Haster 1:24750b9ad5ef 5388 return( 0 );
Christopher Haster 1:24750b9ad5ef 5389 }
Christopher Haster 1:24750b9ad5ef 5390
Christopher Haster 1:24750b9ad5ef 5391 /*
Christopher Haster 1:24750b9ad5ef 5392 * Reset an initialized and used SSL context for re-use while retaining
Christopher Haster 1:24750b9ad5ef 5393 * all application-set variables, function pointers and data.
Christopher Haster 1:24750b9ad5ef 5394 *
Christopher Haster 1:24750b9ad5ef 5395 * If partial is non-zero, keep data in the input buffer and client ID.
Christopher Haster 1:24750b9ad5ef 5396 * (Use when a DTLS client reconnects from the same port.)
Christopher Haster 1:24750b9ad5ef 5397 */
Christopher Haster 1:24750b9ad5ef 5398 static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
Christopher Haster 1:24750b9ad5ef 5399 {
Christopher Haster 1:24750b9ad5ef 5400 int ret;
Christopher Haster 1:24750b9ad5ef 5401
Christopher Haster 1:24750b9ad5ef 5402 ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
Christopher Haster 1:24750b9ad5ef 5403
Christopher Haster 1:24750b9ad5ef 5404 /* Cancel any possibly running timer */
Christopher Haster 1:24750b9ad5ef 5405 ssl_set_timer( ssl, 0 );
Christopher Haster 1:24750b9ad5ef 5406
Christopher Haster 1:24750b9ad5ef 5407 #if defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 5408 ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
Christopher Haster 1:24750b9ad5ef 5409 ssl->renego_records_seen = 0;
Christopher Haster 1:24750b9ad5ef 5410
Christopher Haster 1:24750b9ad5ef 5411 ssl->verify_data_len = 0;
Christopher Haster 1:24750b9ad5ef 5412 memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
Christopher Haster 1:24750b9ad5ef 5413 memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
Christopher Haster 1:24750b9ad5ef 5414 #endif
Christopher Haster 1:24750b9ad5ef 5415 ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
Christopher Haster 1:24750b9ad5ef 5416
Christopher Haster 1:24750b9ad5ef 5417 ssl->in_offt = NULL;
Christopher Haster 1:24750b9ad5ef 5418
Christopher Haster 1:24750b9ad5ef 5419 ssl->in_msg = ssl->in_buf + 13;
Christopher Haster 1:24750b9ad5ef 5420 ssl->in_msgtype = 0;
Christopher Haster 1:24750b9ad5ef 5421 ssl->in_msglen = 0;
Christopher Haster 1:24750b9ad5ef 5422 if( partial == 0 )
Christopher Haster 1:24750b9ad5ef 5423 ssl->in_left = 0;
Christopher Haster 1:24750b9ad5ef 5424 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 5425 ssl->next_record_offset = 0;
Christopher Haster 1:24750b9ad5ef 5426 ssl->in_epoch = 0;
Christopher Haster 1:24750b9ad5ef 5427 #endif
Christopher Haster 1:24750b9ad5ef 5428 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
Christopher Haster 1:24750b9ad5ef 5429 ssl_dtls_replay_reset( ssl );
Christopher Haster 1:24750b9ad5ef 5430 #endif
Christopher Haster 1:24750b9ad5ef 5431
Christopher Haster 1:24750b9ad5ef 5432 ssl->in_hslen = 0;
Christopher Haster 1:24750b9ad5ef 5433 ssl->nb_zero = 0;
Christopher Haster 1:24750b9ad5ef 5434 ssl->record_read = 0;
Christopher Haster 1:24750b9ad5ef 5435
Christopher Haster 1:24750b9ad5ef 5436 ssl->out_msg = ssl->out_buf + 13;
Christopher Haster 1:24750b9ad5ef 5437 ssl->out_msgtype = 0;
Christopher Haster 1:24750b9ad5ef 5438 ssl->out_msglen = 0;
Christopher Haster 1:24750b9ad5ef 5439 ssl->out_left = 0;
Christopher Haster 1:24750b9ad5ef 5440 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
Christopher Haster 1:24750b9ad5ef 5441 if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED )
Christopher Haster 1:24750b9ad5ef 5442 ssl->split_done = 0;
Christopher Haster 1:24750b9ad5ef 5443 #endif
Christopher Haster 1:24750b9ad5ef 5444
Christopher Haster 1:24750b9ad5ef 5445 ssl->transform_in = NULL;
Christopher Haster 1:24750b9ad5ef 5446 ssl->transform_out = NULL;
Christopher Haster 1:24750b9ad5ef 5447
Christopher Haster 1:24750b9ad5ef 5448 memset( ssl->out_buf, 0, MBEDTLS_SSL_BUFFER_LEN );
Christopher Haster 1:24750b9ad5ef 5449 if( partial == 0 )
Christopher Haster 1:24750b9ad5ef 5450 memset( ssl->in_buf, 0, MBEDTLS_SSL_BUFFER_LEN );
Christopher Haster 1:24750b9ad5ef 5451
Christopher Haster 1:24750b9ad5ef 5452 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
Christopher Haster 1:24750b9ad5ef 5453 if( mbedtls_ssl_hw_record_reset != NULL )
Christopher Haster 1:24750b9ad5ef 5454 {
Christopher Haster 1:24750b9ad5ef 5455 MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_reset()" ) );
Christopher Haster 1:24750b9ad5ef 5456 if( ( ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 5457 {
Christopher Haster 1:24750b9ad5ef 5458 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_reset", ret );
Christopher Haster 1:24750b9ad5ef 5459 return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
Christopher Haster 1:24750b9ad5ef 5460 }
Christopher Haster 1:24750b9ad5ef 5461 }
Christopher Haster 1:24750b9ad5ef 5462 #endif
Christopher Haster 1:24750b9ad5ef 5463
Christopher Haster 1:24750b9ad5ef 5464 if( ssl->transform )
Christopher Haster 1:24750b9ad5ef 5465 {
Christopher Haster 1:24750b9ad5ef 5466 mbedtls_ssl_transform_free( ssl->transform );
Christopher Haster 1:24750b9ad5ef 5467 mbedtls_free( ssl->transform );
Christopher Haster 1:24750b9ad5ef 5468 ssl->transform = NULL;
Christopher Haster 1:24750b9ad5ef 5469 }
Christopher Haster 1:24750b9ad5ef 5470
Christopher Haster 1:24750b9ad5ef 5471 if( ssl->session )
Christopher Haster 1:24750b9ad5ef 5472 {
Christopher Haster 1:24750b9ad5ef 5473 mbedtls_ssl_session_free( ssl->session );
Christopher Haster 1:24750b9ad5ef 5474 mbedtls_free( ssl->session );
Christopher Haster 1:24750b9ad5ef 5475 ssl->session = NULL;
Christopher Haster 1:24750b9ad5ef 5476 }
Christopher Haster 1:24750b9ad5ef 5477
Christopher Haster 1:24750b9ad5ef 5478 #if defined(MBEDTLS_SSL_ALPN)
Christopher Haster 1:24750b9ad5ef 5479 ssl->alpn_chosen = NULL;
Christopher Haster 1:24750b9ad5ef 5480 #endif
Christopher Haster 1:24750b9ad5ef 5481
Christopher Haster 1:24750b9ad5ef 5482 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 5483 if( partial == 0 )
Christopher Haster 1:24750b9ad5ef 5484 {
Christopher Haster 1:24750b9ad5ef 5485 mbedtls_free( ssl->cli_id );
Christopher Haster 1:24750b9ad5ef 5486 ssl->cli_id = NULL;
Christopher Haster 1:24750b9ad5ef 5487 ssl->cli_id_len = 0;
Christopher Haster 1:24750b9ad5ef 5488 }
Christopher Haster 1:24750b9ad5ef 5489 #endif
Christopher Haster 1:24750b9ad5ef 5490
Christopher Haster 1:24750b9ad5ef 5491 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 5492 return( ret );
Christopher Haster 1:24750b9ad5ef 5493
Christopher Haster 1:24750b9ad5ef 5494 return( 0 );
Christopher Haster 1:24750b9ad5ef 5495 }
Christopher Haster 1:24750b9ad5ef 5496
Christopher Haster 1:24750b9ad5ef 5497 /*
Christopher Haster 1:24750b9ad5ef 5498 * Reset an initialized and used SSL context for re-use while retaining
Christopher Haster 1:24750b9ad5ef 5499 * all application-set variables, function pointers and data.
Christopher Haster 1:24750b9ad5ef 5500 */
Christopher Haster 1:24750b9ad5ef 5501 int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 5502 {
Christopher Haster 1:24750b9ad5ef 5503 return( ssl_session_reset_int( ssl, 0 ) );
Christopher Haster 1:24750b9ad5ef 5504 }
Christopher Haster 1:24750b9ad5ef 5505
Christopher Haster 1:24750b9ad5ef 5506 /*
Christopher Haster 1:24750b9ad5ef 5507 * SSL set accessors
Christopher Haster 1:24750b9ad5ef 5508 */
Christopher Haster 1:24750b9ad5ef 5509 void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint )
Christopher Haster 1:24750b9ad5ef 5510 {
Christopher Haster 1:24750b9ad5ef 5511 conf->endpoint = endpoint;
Christopher Haster 1:24750b9ad5ef 5512 }
Christopher Haster 1:24750b9ad5ef 5513
Christopher Haster 1:24750b9ad5ef 5514 void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport )
Christopher Haster 1:24750b9ad5ef 5515 {
Christopher Haster 1:24750b9ad5ef 5516 conf->transport = transport;
Christopher Haster 1:24750b9ad5ef 5517 }
Christopher Haster 1:24750b9ad5ef 5518
Christopher Haster 1:24750b9ad5ef 5519 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
Christopher Haster 1:24750b9ad5ef 5520 void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
Christopher Haster 1:24750b9ad5ef 5521 {
Christopher Haster 1:24750b9ad5ef 5522 conf->anti_replay = mode;
Christopher Haster 1:24750b9ad5ef 5523 }
Christopher Haster 1:24750b9ad5ef 5524 #endif
Christopher Haster 1:24750b9ad5ef 5525
Christopher Haster 1:24750b9ad5ef 5526 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
Christopher Haster 1:24750b9ad5ef 5527 void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
Christopher Haster 1:24750b9ad5ef 5528 {
Christopher Haster 1:24750b9ad5ef 5529 conf->badmac_limit = limit;
Christopher Haster 1:24750b9ad5ef 5530 }
Christopher Haster 1:24750b9ad5ef 5531 #endif
Christopher Haster 1:24750b9ad5ef 5532
Christopher Haster 1:24750b9ad5ef 5533 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 5534 void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max )
Christopher Haster 1:24750b9ad5ef 5535 {
Christopher Haster 1:24750b9ad5ef 5536 conf->hs_timeout_min = min;
Christopher Haster 1:24750b9ad5ef 5537 conf->hs_timeout_max = max;
Christopher Haster 1:24750b9ad5ef 5538 }
Christopher Haster 1:24750b9ad5ef 5539 #endif
Christopher Haster 1:24750b9ad5ef 5540
Christopher Haster 1:24750b9ad5ef 5541 void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode )
Christopher Haster 1:24750b9ad5ef 5542 {
Christopher Haster 1:24750b9ad5ef 5543 conf->authmode = authmode;
Christopher Haster 1:24750b9ad5ef 5544 }
Christopher Haster 1:24750b9ad5ef 5545
Christopher Haster 1:24750b9ad5ef 5546 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 5547 void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5548 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
Christopher Haster 1:24750b9ad5ef 5549 void *p_vrfy )
Christopher Haster 1:24750b9ad5ef 5550 {
Christopher Haster 1:24750b9ad5ef 5551 conf->f_vrfy = f_vrfy;
Christopher Haster 1:24750b9ad5ef 5552 conf->p_vrfy = p_vrfy;
Christopher Haster 1:24750b9ad5ef 5553 }
Christopher Haster 1:24750b9ad5ef 5554 #endif /* MBEDTLS_X509_CRT_PARSE_C */
Christopher Haster 1:24750b9ad5ef 5555
Christopher Haster 1:24750b9ad5ef 5556 void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5557 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 5558 void *p_rng )
Christopher Haster 1:24750b9ad5ef 5559 {
Christopher Haster 1:24750b9ad5ef 5560 conf->f_rng = f_rng;
Christopher Haster 1:24750b9ad5ef 5561 conf->p_rng = p_rng;
Christopher Haster 1:24750b9ad5ef 5562 }
Christopher Haster 1:24750b9ad5ef 5563
Christopher Haster 1:24750b9ad5ef 5564 void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5565 void (*f_dbg)(void *, int, const char *, int, const char *),
Christopher Haster 1:24750b9ad5ef 5566 void *p_dbg )
Christopher Haster 1:24750b9ad5ef 5567 {
Christopher Haster 1:24750b9ad5ef 5568 conf->f_dbg = f_dbg;
Christopher Haster 1:24750b9ad5ef 5569 conf->p_dbg = p_dbg;
Christopher Haster 1:24750b9ad5ef 5570 }
Christopher Haster 1:24750b9ad5ef 5571
Christopher Haster 1:24750b9ad5ef 5572 void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 5573 void *p_bio,
Christopher Haster 1:24750b9ad5ef 5574 int (*f_send)(void *, const unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 5575 int (*f_recv)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 5576 int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) )
Christopher Haster 1:24750b9ad5ef 5577 {
Christopher Haster 1:24750b9ad5ef 5578 ssl->p_bio = p_bio;
Christopher Haster 1:24750b9ad5ef 5579 ssl->f_send = f_send;
Christopher Haster 1:24750b9ad5ef 5580 ssl->f_recv = f_recv;
Christopher Haster 1:24750b9ad5ef 5581 ssl->f_recv_timeout = f_recv_timeout;
Christopher Haster 1:24750b9ad5ef 5582 }
Christopher Haster 1:24750b9ad5ef 5583
Christopher Haster 1:24750b9ad5ef 5584 void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
Christopher Haster 1:24750b9ad5ef 5585 {
Christopher Haster 1:24750b9ad5ef 5586 conf->read_timeout = timeout;
Christopher Haster 1:24750b9ad5ef 5587 }
Christopher Haster 1:24750b9ad5ef 5588
Christopher Haster 1:24750b9ad5ef 5589 void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 5590 void *p_timer,
Christopher Haster 1:24750b9ad5ef 5591 void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms),
Christopher Haster 1:24750b9ad5ef 5592 int (*f_get_timer)(void *) )
Christopher Haster 1:24750b9ad5ef 5593 {
Christopher Haster 1:24750b9ad5ef 5594 ssl->p_timer = p_timer;
Christopher Haster 1:24750b9ad5ef 5595 ssl->f_set_timer = f_set_timer;
Christopher Haster 1:24750b9ad5ef 5596 ssl->f_get_timer = f_get_timer;
Christopher Haster 1:24750b9ad5ef 5597
Christopher Haster 1:24750b9ad5ef 5598 /* Make sure we start with no timer running */
Christopher Haster 1:24750b9ad5ef 5599 ssl_set_timer( ssl, 0 );
Christopher Haster 1:24750b9ad5ef 5600 }
Christopher Haster 1:24750b9ad5ef 5601
Christopher Haster 1:24750b9ad5ef 5602 #if defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 5603 void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5604 void *p_cache,
Christopher Haster 1:24750b9ad5ef 5605 int (*f_get_cache)(void *, mbedtls_ssl_session *),
Christopher Haster 1:24750b9ad5ef 5606 int (*f_set_cache)(void *, const mbedtls_ssl_session *) )
Christopher Haster 1:24750b9ad5ef 5607 {
Christopher Haster 1:24750b9ad5ef 5608 conf->p_cache = p_cache;
Christopher Haster 1:24750b9ad5ef 5609 conf->f_get_cache = f_get_cache;
Christopher Haster 1:24750b9ad5ef 5610 conf->f_set_cache = f_set_cache;
Christopher Haster 1:24750b9ad5ef 5611 }
Christopher Haster 1:24750b9ad5ef 5612 #endif /* MBEDTLS_SSL_SRV_C */
Christopher Haster 1:24750b9ad5ef 5613
Christopher Haster 1:24750b9ad5ef 5614 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 5615 int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
Christopher Haster 1:24750b9ad5ef 5616 {
Christopher Haster 1:24750b9ad5ef 5617 int ret;
Christopher Haster 1:24750b9ad5ef 5618
Christopher Haster 1:24750b9ad5ef 5619 if( ssl == NULL ||
Christopher Haster 1:24750b9ad5ef 5620 session == NULL ||
Christopher Haster 1:24750b9ad5ef 5621 ssl->session_negotiate == NULL ||
Christopher Haster 1:24750b9ad5ef 5622 ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
Christopher Haster 1:24750b9ad5ef 5623 {
Christopher Haster 1:24750b9ad5ef 5624 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 5625 }
Christopher Haster 1:24750b9ad5ef 5626
Christopher Haster 1:24750b9ad5ef 5627 if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 5628 return( ret );
Christopher Haster 1:24750b9ad5ef 5629
Christopher Haster 1:24750b9ad5ef 5630 ssl->handshake->resume = 1;
Christopher Haster 1:24750b9ad5ef 5631
Christopher Haster 1:24750b9ad5ef 5632 return( 0 );
Christopher Haster 1:24750b9ad5ef 5633 }
Christopher Haster 1:24750b9ad5ef 5634 #endif /* MBEDTLS_SSL_CLI_C */
Christopher Haster 1:24750b9ad5ef 5635
Christopher Haster 1:24750b9ad5ef 5636 void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5637 const int *ciphersuites )
Christopher Haster 1:24750b9ad5ef 5638 {
Christopher Haster 1:24750b9ad5ef 5639 conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
Christopher Haster 1:24750b9ad5ef 5640 conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
Christopher Haster 1:24750b9ad5ef 5641 conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
Christopher Haster 1:24750b9ad5ef 5642 conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
Christopher Haster 1:24750b9ad5ef 5643 }
Christopher Haster 1:24750b9ad5ef 5644
Christopher Haster 1:24750b9ad5ef 5645 void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5646 const int *ciphersuites,
Christopher Haster 1:24750b9ad5ef 5647 int major, int minor )
Christopher Haster 1:24750b9ad5ef 5648 {
Christopher Haster 1:24750b9ad5ef 5649 if( major != MBEDTLS_SSL_MAJOR_VERSION_3 )
Christopher Haster 1:24750b9ad5ef 5650 return;
Christopher Haster 1:24750b9ad5ef 5651
Christopher Haster 1:24750b9ad5ef 5652 if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
Christopher Haster 1:24750b9ad5ef 5653 return;
Christopher Haster 1:24750b9ad5ef 5654
Christopher Haster 1:24750b9ad5ef 5655 conf->ciphersuite_list[minor] = ciphersuites;
Christopher Haster 1:24750b9ad5ef 5656 }
Christopher Haster 1:24750b9ad5ef 5657
Christopher Haster 1:24750b9ad5ef 5658 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 5659 void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5660 const mbedtls_x509_crt_profile *profile )
Christopher Haster 1:24750b9ad5ef 5661 {
Christopher Haster 1:24750b9ad5ef 5662 conf->cert_profile = profile;
Christopher Haster 1:24750b9ad5ef 5663 }
Christopher Haster 1:24750b9ad5ef 5664
Christopher Haster 1:24750b9ad5ef 5665 /* Append a new keycert entry to a (possibly empty) list */
Christopher Haster 1:24750b9ad5ef 5666 static int ssl_append_key_cert( mbedtls_ssl_key_cert **head,
Christopher Haster 1:24750b9ad5ef 5667 mbedtls_x509_crt *cert,
Christopher Haster 1:24750b9ad5ef 5668 mbedtls_pk_context *key )
Christopher Haster 1:24750b9ad5ef 5669 {
Christopher Haster 1:24750b9ad5ef 5670 mbedtls_ssl_key_cert *new;
Christopher Haster 1:24750b9ad5ef 5671
Christopher Haster 1:24750b9ad5ef 5672 new = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
Christopher Haster 1:24750b9ad5ef 5673 if( new == NULL )
Christopher Haster 1:24750b9ad5ef 5674 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 5675
Christopher Haster 1:24750b9ad5ef 5676 new->cert = cert;
Christopher Haster 1:24750b9ad5ef 5677 new->key = key;
Christopher Haster 1:24750b9ad5ef 5678 new->next = NULL;
Christopher Haster 1:24750b9ad5ef 5679
Christopher Haster 1:24750b9ad5ef 5680 /* Update head is the list was null, else add to the end */
Christopher Haster 1:24750b9ad5ef 5681 if( *head == NULL )
Christopher Haster 1:24750b9ad5ef 5682 {
Christopher Haster 1:24750b9ad5ef 5683 *head = new;
Christopher Haster 1:24750b9ad5ef 5684 }
Christopher Haster 1:24750b9ad5ef 5685 else
Christopher Haster 1:24750b9ad5ef 5686 {
Christopher Haster 1:24750b9ad5ef 5687 mbedtls_ssl_key_cert *cur = *head;
Christopher Haster 1:24750b9ad5ef 5688 while( cur->next != NULL )
Christopher Haster 1:24750b9ad5ef 5689 cur = cur->next;
Christopher Haster 1:24750b9ad5ef 5690 cur->next = new;
Christopher Haster 1:24750b9ad5ef 5691 }
Christopher Haster 1:24750b9ad5ef 5692
Christopher Haster 1:24750b9ad5ef 5693 return( 0 );
Christopher Haster 1:24750b9ad5ef 5694 }
Christopher Haster 1:24750b9ad5ef 5695
Christopher Haster 1:24750b9ad5ef 5696 int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5697 mbedtls_x509_crt *own_cert,
Christopher Haster 1:24750b9ad5ef 5698 mbedtls_pk_context *pk_key )
Christopher Haster 1:24750b9ad5ef 5699 {
Christopher Haster 1:24750b9ad5ef 5700 return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) );
Christopher Haster 1:24750b9ad5ef 5701 }
Christopher Haster 1:24750b9ad5ef 5702
Christopher Haster 1:24750b9ad5ef 5703 void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5704 mbedtls_x509_crt *ca_chain,
Christopher Haster 1:24750b9ad5ef 5705 mbedtls_x509_crl *ca_crl )
Christopher Haster 1:24750b9ad5ef 5706 {
Christopher Haster 1:24750b9ad5ef 5707 conf->ca_chain = ca_chain;
Christopher Haster 1:24750b9ad5ef 5708 conf->ca_crl = ca_crl;
Christopher Haster 1:24750b9ad5ef 5709 }
Christopher Haster 1:24750b9ad5ef 5710 #endif /* MBEDTLS_X509_CRT_PARSE_C */
Christopher Haster 1:24750b9ad5ef 5711
Christopher Haster 1:24750b9ad5ef 5712 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
Christopher Haster 1:24750b9ad5ef 5713 int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 5714 mbedtls_x509_crt *own_cert,
Christopher Haster 1:24750b9ad5ef 5715 mbedtls_pk_context *pk_key )
Christopher Haster 1:24750b9ad5ef 5716 {
Christopher Haster 1:24750b9ad5ef 5717 return( ssl_append_key_cert( &ssl->handshake->sni_key_cert,
Christopher Haster 1:24750b9ad5ef 5718 own_cert, pk_key ) );
Christopher Haster 1:24750b9ad5ef 5719 }
Christopher Haster 1:24750b9ad5ef 5720
Christopher Haster 1:24750b9ad5ef 5721 void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 5722 mbedtls_x509_crt *ca_chain,
Christopher Haster 1:24750b9ad5ef 5723 mbedtls_x509_crl *ca_crl )
Christopher Haster 1:24750b9ad5ef 5724 {
Christopher Haster 1:24750b9ad5ef 5725 ssl->handshake->sni_ca_chain = ca_chain;
Christopher Haster 1:24750b9ad5ef 5726 ssl->handshake->sni_ca_crl = ca_crl;
Christopher Haster 1:24750b9ad5ef 5727 }
Christopher Haster 1:24750b9ad5ef 5728
Christopher Haster 1:24750b9ad5ef 5729 void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 5730 int authmode )
Christopher Haster 1:24750b9ad5ef 5731 {
Christopher Haster 1:24750b9ad5ef 5732 ssl->handshake->sni_authmode = authmode;
Christopher Haster 1:24750b9ad5ef 5733 }
Christopher Haster 1:24750b9ad5ef 5734 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
Christopher Haster 1:24750b9ad5ef 5735
Christopher Haster 1:24750b9ad5ef 5736 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Christopher Haster 1:24750b9ad5ef 5737 /*
Christopher Haster 1:24750b9ad5ef 5738 * Set EC J-PAKE password for current handshake
Christopher Haster 1:24750b9ad5ef 5739 */
Christopher Haster 1:24750b9ad5ef 5740 int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 5741 const unsigned char *pw,
Christopher Haster 1:24750b9ad5ef 5742 size_t pw_len )
Christopher Haster 1:24750b9ad5ef 5743 {
Christopher Haster 1:24750b9ad5ef 5744 mbedtls_ecjpake_role role;
Christopher Haster 1:24750b9ad5ef 5745
Christopher Haster 1:24750b9ad5ef 5746 if( ssl->handshake == NULL && ssl->conf == NULL )
Christopher Haster 1:24750b9ad5ef 5747 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 5748
Christopher Haster 1:24750b9ad5ef 5749 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
Christopher Haster 1:24750b9ad5ef 5750 role = MBEDTLS_ECJPAKE_SERVER;
Christopher Haster 1:24750b9ad5ef 5751 else
Christopher Haster 1:24750b9ad5ef 5752 role = MBEDTLS_ECJPAKE_CLIENT;
Christopher Haster 1:24750b9ad5ef 5753
Christopher Haster 1:24750b9ad5ef 5754 return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
Christopher Haster 1:24750b9ad5ef 5755 role,
Christopher Haster 1:24750b9ad5ef 5756 MBEDTLS_MD_SHA256,
Christopher Haster 1:24750b9ad5ef 5757 MBEDTLS_ECP_DP_SECP256R1,
Christopher Haster 1:24750b9ad5ef 5758 pw, pw_len ) );
Christopher Haster 1:24750b9ad5ef 5759 }
Christopher Haster 1:24750b9ad5ef 5760 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
Christopher Haster 1:24750b9ad5ef 5761
Christopher Haster 1:24750b9ad5ef 5762 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
Christopher Haster 1:24750b9ad5ef 5763 int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5764 const unsigned char *psk, size_t psk_len,
Christopher Haster 1:24750b9ad5ef 5765 const unsigned char *psk_identity, size_t psk_identity_len )
Christopher Haster 1:24750b9ad5ef 5766 {
Christopher Haster 1:24750b9ad5ef 5767 if( psk == NULL || psk_identity == NULL )
Christopher Haster 1:24750b9ad5ef 5768 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 5769
Christopher Haster 1:24750b9ad5ef 5770 if( psk_len > MBEDTLS_PSK_MAX_LEN )
Christopher Haster 1:24750b9ad5ef 5771 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 5772
Christopher Haster 1:24750b9ad5ef 5773 /* Identity len will be encoded on two bytes */
Christopher Haster 1:24750b9ad5ef 5774 if( ( psk_identity_len >> 16 ) != 0 ||
Christopher Haster 1:24750b9ad5ef 5775 psk_identity_len > MBEDTLS_SSL_MAX_CONTENT_LEN )
Christopher Haster 1:24750b9ad5ef 5776 {
Christopher Haster 1:24750b9ad5ef 5777 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 5778 }
Christopher Haster 1:24750b9ad5ef 5779
Christopher Haster 1:24750b9ad5ef 5780 if( conf->psk != NULL || conf->psk_identity != NULL )
Christopher Haster 1:24750b9ad5ef 5781 {
Christopher Haster 1:24750b9ad5ef 5782 mbedtls_free( conf->psk );
Christopher Haster 1:24750b9ad5ef 5783 mbedtls_free( conf->psk_identity );
Christopher Haster 1:24750b9ad5ef 5784 conf->psk = NULL;
Christopher Haster 1:24750b9ad5ef 5785 conf->psk_identity = NULL;
Christopher Haster 1:24750b9ad5ef 5786 }
Christopher Haster 1:24750b9ad5ef 5787
Christopher Haster 1:24750b9ad5ef 5788 if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ||
Christopher Haster 1:24750b9ad5ef 5789 ( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 5790 {
Christopher Haster 1:24750b9ad5ef 5791 mbedtls_free( conf->psk );
Christopher Haster 1:24750b9ad5ef 5792 mbedtls_free( conf->psk_identity );
Christopher Haster 1:24750b9ad5ef 5793 conf->psk = NULL;
Christopher Haster 1:24750b9ad5ef 5794 conf->psk_identity = NULL;
Christopher Haster 1:24750b9ad5ef 5795 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 5796 }
Christopher Haster 1:24750b9ad5ef 5797
Christopher Haster 1:24750b9ad5ef 5798 conf->psk_len = psk_len;
Christopher Haster 1:24750b9ad5ef 5799 conf->psk_identity_len = psk_identity_len;
Christopher Haster 1:24750b9ad5ef 5800
Christopher Haster 1:24750b9ad5ef 5801 memcpy( conf->psk, psk, conf->psk_len );
Christopher Haster 1:24750b9ad5ef 5802 memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len );
Christopher Haster 1:24750b9ad5ef 5803
Christopher Haster 1:24750b9ad5ef 5804 return( 0 );
Christopher Haster 1:24750b9ad5ef 5805 }
Christopher Haster 1:24750b9ad5ef 5806
Christopher Haster 1:24750b9ad5ef 5807 int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 5808 const unsigned char *psk, size_t psk_len )
Christopher Haster 1:24750b9ad5ef 5809 {
Christopher Haster 1:24750b9ad5ef 5810 if( psk == NULL || ssl->handshake == NULL )
Christopher Haster 1:24750b9ad5ef 5811 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 5812
Christopher Haster 1:24750b9ad5ef 5813 if( psk_len > MBEDTLS_PSK_MAX_LEN )
Christopher Haster 1:24750b9ad5ef 5814 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 5815
Christopher Haster 1:24750b9ad5ef 5816 if( ssl->handshake->psk != NULL )
Christopher Haster 1:24750b9ad5ef 5817 mbedtls_free( ssl->handshake->psk );
Christopher Haster 1:24750b9ad5ef 5818
Christopher Haster 1:24750b9ad5ef 5819 if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 5820 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 5821
Christopher Haster 1:24750b9ad5ef 5822 ssl->handshake->psk_len = psk_len;
Christopher Haster 1:24750b9ad5ef 5823 memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len );
Christopher Haster 1:24750b9ad5ef 5824
Christopher Haster 1:24750b9ad5ef 5825 return( 0 );
Christopher Haster 1:24750b9ad5ef 5826 }
Christopher Haster 1:24750b9ad5ef 5827
Christopher Haster 1:24750b9ad5ef 5828 void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5829 int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
Christopher Haster 1:24750b9ad5ef 5830 size_t),
Christopher Haster 1:24750b9ad5ef 5831 void *p_psk )
Christopher Haster 1:24750b9ad5ef 5832 {
Christopher Haster 1:24750b9ad5ef 5833 conf->f_psk = f_psk;
Christopher Haster 1:24750b9ad5ef 5834 conf->p_psk = p_psk;
Christopher Haster 1:24750b9ad5ef 5835 }
Christopher Haster 1:24750b9ad5ef 5836 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
Christopher Haster 1:24750b9ad5ef 5837
Christopher Haster 1:24750b9ad5ef 5838 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 5839 int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G )
Christopher Haster 1:24750b9ad5ef 5840 {
Christopher Haster 1:24750b9ad5ef 5841 int ret;
Christopher Haster 1:24750b9ad5ef 5842
Christopher Haster 1:24750b9ad5ef 5843 if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 ||
Christopher Haster 1:24750b9ad5ef 5844 ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 5845 {
Christopher Haster 1:24750b9ad5ef 5846 mbedtls_mpi_free( &conf->dhm_P );
Christopher Haster 1:24750b9ad5ef 5847 mbedtls_mpi_free( &conf->dhm_G );
Christopher Haster 1:24750b9ad5ef 5848 return( ret );
Christopher Haster 1:24750b9ad5ef 5849 }
Christopher Haster 1:24750b9ad5ef 5850
Christopher Haster 1:24750b9ad5ef 5851 return( 0 );
Christopher Haster 1:24750b9ad5ef 5852 }
Christopher Haster 1:24750b9ad5ef 5853
Christopher Haster 1:24750b9ad5ef 5854 int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx )
Christopher Haster 1:24750b9ad5ef 5855 {
Christopher Haster 1:24750b9ad5ef 5856 int ret;
Christopher Haster 1:24750b9ad5ef 5857
Christopher Haster 1:24750b9ad5ef 5858 if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 ||
Christopher Haster 1:24750b9ad5ef 5859 ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 5860 {
Christopher Haster 1:24750b9ad5ef 5861 mbedtls_mpi_free( &conf->dhm_P );
Christopher Haster 1:24750b9ad5ef 5862 mbedtls_mpi_free( &conf->dhm_G );
Christopher Haster 1:24750b9ad5ef 5863 return( ret );
Christopher Haster 1:24750b9ad5ef 5864 }
Christopher Haster 1:24750b9ad5ef 5865
Christopher Haster 1:24750b9ad5ef 5866 return( 0 );
Christopher Haster 1:24750b9ad5ef 5867 }
Christopher Haster 1:24750b9ad5ef 5868 #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */
Christopher Haster 1:24750b9ad5ef 5869
Christopher Haster 1:24750b9ad5ef 5870 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 5871 /*
Christopher Haster 1:24750b9ad5ef 5872 * Set the minimum length for Diffie-Hellman parameters
Christopher Haster 1:24750b9ad5ef 5873 */
Christopher Haster 1:24750b9ad5ef 5874 void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5875 unsigned int bitlen )
Christopher Haster 1:24750b9ad5ef 5876 {
Christopher Haster 1:24750b9ad5ef 5877 conf->dhm_min_bitlen = bitlen;
Christopher Haster 1:24750b9ad5ef 5878 }
Christopher Haster 1:24750b9ad5ef 5879 #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
Christopher Haster 1:24750b9ad5ef 5880
Christopher Haster 1:24750b9ad5ef 5881 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
Christopher Haster 1:24750b9ad5ef 5882 /*
Christopher Haster 1:24750b9ad5ef 5883 * Set allowed/preferred hashes for handshake signatures
Christopher Haster 1:24750b9ad5ef 5884 */
Christopher Haster 1:24750b9ad5ef 5885 void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5886 const int *hashes )
Christopher Haster 1:24750b9ad5ef 5887 {
Christopher Haster 1:24750b9ad5ef 5888 conf->sig_hashes = hashes;
Christopher Haster 1:24750b9ad5ef 5889 }
Christopher Haster 1:24750b9ad5ef 5890 #endif
Christopher Haster 1:24750b9ad5ef 5891
Christopher Haster 1:24750b9ad5ef 5892 #if defined(MBEDTLS_ECP_C)
Christopher Haster 1:24750b9ad5ef 5893 /*
Christopher Haster 1:24750b9ad5ef 5894 * Set the allowed elliptic curves
Christopher Haster 1:24750b9ad5ef 5895 */
Christopher Haster 1:24750b9ad5ef 5896 void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5897 const mbedtls_ecp_group_id *curve_list )
Christopher Haster 1:24750b9ad5ef 5898 {
Christopher Haster 1:24750b9ad5ef 5899 conf->curve_list = curve_list;
Christopher Haster 1:24750b9ad5ef 5900 }
Christopher Haster 1:24750b9ad5ef 5901 #endif
Christopher Haster 1:24750b9ad5ef 5902
Christopher Haster 1:24750b9ad5ef 5903 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 5904 int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
Christopher Haster 1:24750b9ad5ef 5905 {
Christopher Haster 1:24750b9ad5ef 5906 size_t hostname_len;
Christopher Haster 1:24750b9ad5ef 5907
Christopher Haster 1:24750b9ad5ef 5908 if( hostname == NULL )
Christopher Haster 1:24750b9ad5ef 5909 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 5910
Christopher Haster 1:24750b9ad5ef 5911 hostname_len = strlen( hostname );
Christopher Haster 1:24750b9ad5ef 5912
Christopher Haster 1:24750b9ad5ef 5913 if( hostname_len + 1 == 0 )
Christopher Haster 1:24750b9ad5ef 5914 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 5915
Christopher Haster 1:24750b9ad5ef 5916 if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
Christopher Haster 1:24750b9ad5ef 5917 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 5918
Christopher Haster 1:24750b9ad5ef 5919 ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
Christopher Haster 1:24750b9ad5ef 5920
Christopher Haster 1:24750b9ad5ef 5921 if( ssl->hostname == NULL )
Christopher Haster 1:24750b9ad5ef 5922 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 5923
Christopher Haster 1:24750b9ad5ef 5924 memcpy( ssl->hostname, hostname, hostname_len );
Christopher Haster 1:24750b9ad5ef 5925
Christopher Haster 1:24750b9ad5ef 5926 ssl->hostname[hostname_len] = '\0';
Christopher Haster 1:24750b9ad5ef 5927
Christopher Haster 1:24750b9ad5ef 5928 return( 0 );
Christopher Haster 1:24750b9ad5ef 5929 }
Christopher Haster 1:24750b9ad5ef 5930 #endif
Christopher Haster 1:24750b9ad5ef 5931
Christopher Haster 1:24750b9ad5ef 5932 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
Christopher Haster 1:24750b9ad5ef 5933 void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 5934 int (*f_sni)(void *, mbedtls_ssl_context *,
Christopher Haster 1:24750b9ad5ef 5935 const unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 5936 void *p_sni )
Christopher Haster 1:24750b9ad5ef 5937 {
Christopher Haster 1:24750b9ad5ef 5938 conf->f_sni = f_sni;
Christopher Haster 1:24750b9ad5ef 5939 conf->p_sni = p_sni;
Christopher Haster 1:24750b9ad5ef 5940 }
Christopher Haster 1:24750b9ad5ef 5941 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
Christopher Haster 1:24750b9ad5ef 5942
Christopher Haster 1:24750b9ad5ef 5943 #if defined(MBEDTLS_SSL_ALPN)
Christopher Haster 1:24750b9ad5ef 5944 int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos )
Christopher Haster 1:24750b9ad5ef 5945 {
Christopher Haster 1:24750b9ad5ef 5946 size_t cur_len, tot_len;
Christopher Haster 1:24750b9ad5ef 5947 const char **p;
Christopher Haster 1:24750b9ad5ef 5948
Christopher Haster 1:24750b9ad5ef 5949 /*
Christopher Haster 1:24750b9ad5ef 5950 * "Empty strings MUST NOT be included and byte strings MUST NOT be
Christopher Haster 1:24750b9ad5ef 5951 * truncated". Check lengths now rather than later.
Christopher Haster 1:24750b9ad5ef 5952 */
Christopher Haster 1:24750b9ad5ef 5953 tot_len = 0;
Christopher Haster 1:24750b9ad5ef 5954 for( p = protos; *p != NULL; p++ )
Christopher Haster 1:24750b9ad5ef 5955 {
Christopher Haster 1:24750b9ad5ef 5956 cur_len = strlen( *p );
Christopher Haster 1:24750b9ad5ef 5957 tot_len += cur_len;
Christopher Haster 1:24750b9ad5ef 5958
Christopher Haster 1:24750b9ad5ef 5959 if( cur_len == 0 || cur_len > 255 || tot_len > 65535 )
Christopher Haster 1:24750b9ad5ef 5960 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 5961 }
Christopher Haster 1:24750b9ad5ef 5962
Christopher Haster 1:24750b9ad5ef 5963 conf->alpn_list = protos;
Christopher Haster 1:24750b9ad5ef 5964
Christopher Haster 1:24750b9ad5ef 5965 return( 0 );
Christopher Haster 1:24750b9ad5ef 5966 }
Christopher Haster 1:24750b9ad5ef 5967
Christopher Haster 1:24750b9ad5ef 5968 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 5969 {
Christopher Haster 1:24750b9ad5ef 5970 return( ssl->alpn_chosen );
Christopher Haster 1:24750b9ad5ef 5971 }
Christopher Haster 1:24750b9ad5ef 5972 #endif /* MBEDTLS_SSL_ALPN */
Christopher Haster 1:24750b9ad5ef 5973
Christopher Haster 1:24750b9ad5ef 5974 void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor )
Christopher Haster 1:24750b9ad5ef 5975 {
Christopher Haster 1:24750b9ad5ef 5976 conf->max_major_ver = major;
Christopher Haster 1:24750b9ad5ef 5977 conf->max_minor_ver = minor;
Christopher Haster 1:24750b9ad5ef 5978 }
Christopher Haster 1:24750b9ad5ef 5979
Christopher Haster 1:24750b9ad5ef 5980 void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor )
Christopher Haster 1:24750b9ad5ef 5981 {
Christopher Haster 1:24750b9ad5ef 5982 conf->min_major_ver = major;
Christopher Haster 1:24750b9ad5ef 5983 conf->min_minor_ver = minor;
Christopher Haster 1:24750b9ad5ef 5984 }
Christopher Haster 1:24750b9ad5ef 5985
Christopher Haster 1:24750b9ad5ef 5986 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 5987 void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback )
Christopher Haster 1:24750b9ad5ef 5988 {
Christopher Haster 1:24750b9ad5ef 5989 conf->fallback = fallback;
Christopher Haster 1:24750b9ad5ef 5990 }
Christopher Haster 1:24750b9ad5ef 5991 #endif
Christopher Haster 1:24750b9ad5ef 5992
Christopher Haster 1:24750b9ad5ef 5993 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
Christopher Haster 1:24750b9ad5ef 5994 void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
Christopher Haster 1:24750b9ad5ef 5995 {
Christopher Haster 1:24750b9ad5ef 5996 conf->encrypt_then_mac = etm;
Christopher Haster 1:24750b9ad5ef 5997 }
Christopher Haster 1:24750b9ad5ef 5998 #endif
Christopher Haster 1:24750b9ad5ef 5999
Christopher Haster 1:24750b9ad5ef 6000 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
Christopher Haster 1:24750b9ad5ef 6001 void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems )
Christopher Haster 1:24750b9ad5ef 6002 {
Christopher Haster 1:24750b9ad5ef 6003 conf->extended_ms = ems;
Christopher Haster 1:24750b9ad5ef 6004 }
Christopher Haster 1:24750b9ad5ef 6005 #endif
Christopher Haster 1:24750b9ad5ef 6006
Christopher Haster 1:24750b9ad5ef 6007 #if defined(MBEDTLS_ARC4_C)
Christopher Haster 1:24750b9ad5ef 6008 void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 )
Christopher Haster 1:24750b9ad5ef 6009 {
Christopher Haster 1:24750b9ad5ef 6010 conf->arc4_disabled = arc4;
Christopher Haster 1:24750b9ad5ef 6011 }
Christopher Haster 1:24750b9ad5ef 6012 #endif
Christopher Haster 1:24750b9ad5ef 6013
Christopher Haster 1:24750b9ad5ef 6014 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
Christopher Haster 1:24750b9ad5ef 6015 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
Christopher Haster 1:24750b9ad5ef 6016 {
Christopher Haster 1:24750b9ad5ef 6017 if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID ||
Christopher Haster 1:24750b9ad5ef 6018 mfl_code_to_length[mfl_code] > MBEDTLS_SSL_MAX_CONTENT_LEN )
Christopher Haster 1:24750b9ad5ef 6019 {
Christopher Haster 1:24750b9ad5ef 6020 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 6021 }
Christopher Haster 1:24750b9ad5ef 6022
Christopher Haster 1:24750b9ad5ef 6023 conf->mfl_code = mfl_code;
Christopher Haster 1:24750b9ad5ef 6024
Christopher Haster 1:24750b9ad5ef 6025 return( 0 );
Christopher Haster 1:24750b9ad5ef 6026 }
Christopher Haster 1:24750b9ad5ef 6027 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
Christopher Haster 1:24750b9ad5ef 6028
Christopher Haster 1:24750b9ad5ef 6029 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
Christopher Haster 1:24750b9ad5ef 6030 void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate )
Christopher Haster 1:24750b9ad5ef 6031 {
Christopher Haster 1:24750b9ad5ef 6032 conf->trunc_hmac = truncate;
Christopher Haster 1:24750b9ad5ef 6033 }
Christopher Haster 1:24750b9ad5ef 6034 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
Christopher Haster 1:24750b9ad5ef 6035
Christopher Haster 1:24750b9ad5ef 6036 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
Christopher Haster 1:24750b9ad5ef 6037 void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split )
Christopher Haster 1:24750b9ad5ef 6038 {
Christopher Haster 1:24750b9ad5ef 6039 conf->cbc_record_splitting = split;
Christopher Haster 1:24750b9ad5ef 6040 }
Christopher Haster 1:24750b9ad5ef 6041 #endif
Christopher Haster 1:24750b9ad5ef 6042
Christopher Haster 1:24750b9ad5ef 6043 void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
Christopher Haster 1:24750b9ad5ef 6044 {
Christopher Haster 1:24750b9ad5ef 6045 conf->allow_legacy_renegotiation = allow_legacy;
Christopher Haster 1:24750b9ad5ef 6046 }
Christopher Haster 1:24750b9ad5ef 6047
Christopher Haster 1:24750b9ad5ef 6048 #if defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 6049 void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation )
Christopher Haster 1:24750b9ad5ef 6050 {
Christopher Haster 1:24750b9ad5ef 6051 conf->disable_renegotiation = renegotiation;
Christopher Haster 1:24750b9ad5ef 6052 }
Christopher Haster 1:24750b9ad5ef 6053
Christopher Haster 1:24750b9ad5ef 6054 void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records )
Christopher Haster 1:24750b9ad5ef 6055 {
Christopher Haster 1:24750b9ad5ef 6056 conf->renego_max_records = max_records;
Christopher Haster 1:24750b9ad5ef 6057 }
Christopher Haster 1:24750b9ad5ef 6058
Christopher Haster 1:24750b9ad5ef 6059 void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 6060 const unsigned char period[8] )
Christopher Haster 1:24750b9ad5ef 6061 {
Christopher Haster 1:24750b9ad5ef 6062 memcpy( conf->renego_period, period, 8 );
Christopher Haster 1:24750b9ad5ef 6063 }
Christopher Haster 1:24750b9ad5ef 6064 #endif /* MBEDTLS_SSL_RENEGOTIATION */
Christopher Haster 1:24750b9ad5ef 6065
Christopher Haster 1:24750b9ad5ef 6066 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
Christopher Haster 1:24750b9ad5ef 6067 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 6068 void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets )
Christopher Haster 1:24750b9ad5ef 6069 {
Christopher Haster 1:24750b9ad5ef 6070 conf->session_tickets = use_tickets;
Christopher Haster 1:24750b9ad5ef 6071 }
Christopher Haster 1:24750b9ad5ef 6072 #endif
Christopher Haster 1:24750b9ad5ef 6073
Christopher Haster 1:24750b9ad5ef 6074 #if defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 6075 void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 6076 mbedtls_ssl_ticket_write_t *f_ticket_write,
Christopher Haster 1:24750b9ad5ef 6077 mbedtls_ssl_ticket_parse_t *f_ticket_parse,
Christopher Haster 1:24750b9ad5ef 6078 void *p_ticket )
Christopher Haster 1:24750b9ad5ef 6079 {
Christopher Haster 1:24750b9ad5ef 6080 conf->f_ticket_write = f_ticket_write;
Christopher Haster 1:24750b9ad5ef 6081 conf->f_ticket_parse = f_ticket_parse;
Christopher Haster 1:24750b9ad5ef 6082 conf->p_ticket = p_ticket;
Christopher Haster 1:24750b9ad5ef 6083 }
Christopher Haster 1:24750b9ad5ef 6084 #endif
Christopher Haster 1:24750b9ad5ef 6085 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
Christopher Haster 1:24750b9ad5ef 6086
Christopher Haster 1:24750b9ad5ef 6087 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
Christopher Haster 1:24750b9ad5ef 6088 void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 6089 mbedtls_ssl_export_keys_t *f_export_keys,
Christopher Haster 1:24750b9ad5ef 6090 void *p_export_keys )
Christopher Haster 1:24750b9ad5ef 6091 {
Christopher Haster 1:24750b9ad5ef 6092 conf->f_export_keys = f_export_keys;
Christopher Haster 1:24750b9ad5ef 6093 conf->p_export_keys = p_export_keys;
Christopher Haster 1:24750b9ad5ef 6094 }
Christopher Haster 1:24750b9ad5ef 6095 #endif
Christopher Haster 1:24750b9ad5ef 6096
Christopher Haster 1:24750b9ad5ef 6097 /*
Christopher Haster 1:24750b9ad5ef 6098 * SSL get accessors
Christopher Haster 1:24750b9ad5ef 6099 */
Christopher Haster 1:24750b9ad5ef 6100 size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6101 {
Christopher Haster 1:24750b9ad5ef 6102 return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
Christopher Haster 1:24750b9ad5ef 6103 }
Christopher Haster 1:24750b9ad5ef 6104
Christopher Haster 1:24750b9ad5ef 6105 uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6106 {
Christopher Haster 1:24750b9ad5ef 6107 if( ssl->session != NULL )
Christopher Haster 1:24750b9ad5ef 6108 return( ssl->session->verify_result );
Christopher Haster 1:24750b9ad5ef 6109
Christopher Haster 1:24750b9ad5ef 6110 if( ssl->session_negotiate != NULL )
Christopher Haster 1:24750b9ad5ef 6111 return( ssl->session_negotiate->verify_result );
Christopher Haster 1:24750b9ad5ef 6112
Christopher Haster 1:24750b9ad5ef 6113 return( 0xFFFFFFFF );
Christopher Haster 1:24750b9ad5ef 6114 }
Christopher Haster 1:24750b9ad5ef 6115
Christopher Haster 1:24750b9ad5ef 6116 const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6117 {
Christopher Haster 1:24750b9ad5ef 6118 if( ssl == NULL || ssl->session == NULL )
Christopher Haster 1:24750b9ad5ef 6119 return( NULL );
Christopher Haster 1:24750b9ad5ef 6120
Christopher Haster 1:24750b9ad5ef 6121 return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite );
Christopher Haster 1:24750b9ad5ef 6122 }
Christopher Haster 1:24750b9ad5ef 6123
Christopher Haster 1:24750b9ad5ef 6124 const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6125 {
Christopher Haster 1:24750b9ad5ef 6126 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 6127 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 6128 {
Christopher Haster 1:24750b9ad5ef 6129 switch( ssl->minor_ver )
Christopher Haster 1:24750b9ad5ef 6130 {
Christopher Haster 1:24750b9ad5ef 6131 case MBEDTLS_SSL_MINOR_VERSION_2:
Christopher Haster 1:24750b9ad5ef 6132 return( "DTLSv1.0" );
Christopher Haster 1:24750b9ad5ef 6133
Christopher Haster 1:24750b9ad5ef 6134 case MBEDTLS_SSL_MINOR_VERSION_3:
Christopher Haster 1:24750b9ad5ef 6135 return( "DTLSv1.2" );
Christopher Haster 1:24750b9ad5ef 6136
Christopher Haster 1:24750b9ad5ef 6137 default:
Christopher Haster 1:24750b9ad5ef 6138 return( "unknown (DTLS)" );
Christopher Haster 1:24750b9ad5ef 6139 }
Christopher Haster 1:24750b9ad5ef 6140 }
Christopher Haster 1:24750b9ad5ef 6141 #endif
Christopher Haster 1:24750b9ad5ef 6142
Christopher Haster 1:24750b9ad5ef 6143 switch( ssl->minor_ver )
Christopher Haster 1:24750b9ad5ef 6144 {
Christopher Haster 1:24750b9ad5ef 6145 case MBEDTLS_SSL_MINOR_VERSION_0:
Christopher Haster 1:24750b9ad5ef 6146 return( "SSLv3.0" );
Christopher Haster 1:24750b9ad5ef 6147
Christopher Haster 1:24750b9ad5ef 6148 case MBEDTLS_SSL_MINOR_VERSION_1:
Christopher Haster 1:24750b9ad5ef 6149 return( "TLSv1.0" );
Christopher Haster 1:24750b9ad5ef 6150
Christopher Haster 1:24750b9ad5ef 6151 case MBEDTLS_SSL_MINOR_VERSION_2:
Christopher Haster 1:24750b9ad5ef 6152 return( "TLSv1.1" );
Christopher Haster 1:24750b9ad5ef 6153
Christopher Haster 1:24750b9ad5ef 6154 case MBEDTLS_SSL_MINOR_VERSION_3:
Christopher Haster 1:24750b9ad5ef 6155 return( "TLSv1.2" );
Christopher Haster 1:24750b9ad5ef 6156
Christopher Haster 1:24750b9ad5ef 6157 default:
Christopher Haster 1:24750b9ad5ef 6158 return( "unknown" );
Christopher Haster 1:24750b9ad5ef 6159 }
Christopher Haster 1:24750b9ad5ef 6160 }
Christopher Haster 1:24750b9ad5ef 6161
Christopher Haster 1:24750b9ad5ef 6162 int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6163 {
Christopher Haster 1:24750b9ad5ef 6164 size_t transform_expansion;
Christopher Haster 1:24750b9ad5ef 6165 const mbedtls_ssl_transform *transform = ssl->transform_out;
Christopher Haster 1:24750b9ad5ef 6166
Christopher Haster 1:24750b9ad5ef 6167 #if defined(MBEDTLS_ZLIB_SUPPORT)
Christopher Haster 1:24750b9ad5ef 6168 if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
Christopher Haster 1:24750b9ad5ef 6169 return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
Christopher Haster 1:24750b9ad5ef 6170 #endif
Christopher Haster 1:24750b9ad5ef 6171
Christopher Haster 1:24750b9ad5ef 6172 if( transform == NULL )
Christopher Haster 1:24750b9ad5ef 6173 return( (int) mbedtls_ssl_hdr_len( ssl ) );
Christopher Haster 1:24750b9ad5ef 6174
Christopher Haster 1:24750b9ad5ef 6175 switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
Christopher Haster 1:24750b9ad5ef 6176 {
Christopher Haster 1:24750b9ad5ef 6177 case MBEDTLS_MODE_GCM:
Christopher Haster 1:24750b9ad5ef 6178 case MBEDTLS_MODE_CCM:
Christopher Haster 1:24750b9ad5ef 6179 case MBEDTLS_MODE_STREAM:
Christopher Haster 1:24750b9ad5ef 6180 transform_expansion = transform->minlen;
Christopher Haster 1:24750b9ad5ef 6181 break;
Christopher Haster 1:24750b9ad5ef 6182
Christopher Haster 1:24750b9ad5ef 6183 case MBEDTLS_MODE_CBC:
Christopher Haster 1:24750b9ad5ef 6184 transform_expansion = transform->maclen
Christopher Haster 1:24750b9ad5ef 6185 + mbedtls_cipher_get_block_size( &transform->cipher_ctx_enc );
Christopher Haster 1:24750b9ad5ef 6186 break;
Christopher Haster 1:24750b9ad5ef 6187
Christopher Haster 1:24750b9ad5ef 6188 default:
Christopher Haster 1:24750b9ad5ef 6189 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 6190 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 6191 }
Christopher Haster 1:24750b9ad5ef 6192
Christopher Haster 1:24750b9ad5ef 6193 return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
Christopher Haster 1:24750b9ad5ef 6194 }
Christopher Haster 1:24750b9ad5ef 6195
Christopher Haster 1:24750b9ad5ef 6196 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
Christopher Haster 1:24750b9ad5ef 6197 size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6198 {
Christopher Haster 1:24750b9ad5ef 6199 size_t max_len;
Christopher Haster 1:24750b9ad5ef 6200
Christopher Haster 1:24750b9ad5ef 6201 /*
Christopher Haster 1:24750b9ad5ef 6202 * Assume mfl_code is correct since it was checked when set
Christopher Haster 1:24750b9ad5ef 6203 */
Christopher Haster 1:24750b9ad5ef 6204 max_len = mfl_code_to_length[ssl->conf->mfl_code];
Christopher Haster 1:24750b9ad5ef 6205
Christopher Haster 1:24750b9ad5ef 6206 /*
Christopher Haster 1:24750b9ad5ef 6207 * Check if a smaller max length was negotiated
Christopher Haster 1:24750b9ad5ef 6208 */
Christopher Haster 1:24750b9ad5ef 6209 if( ssl->session_out != NULL &&
Christopher Haster 1:24750b9ad5ef 6210 mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
Christopher Haster 1:24750b9ad5ef 6211 {
Christopher Haster 1:24750b9ad5ef 6212 max_len = mfl_code_to_length[ssl->session_out->mfl_code];
Christopher Haster 1:24750b9ad5ef 6213 }
Christopher Haster 1:24750b9ad5ef 6214
Christopher Haster 1:24750b9ad5ef 6215 return max_len;
Christopher Haster 1:24750b9ad5ef 6216 }
Christopher Haster 1:24750b9ad5ef 6217 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
Christopher Haster 1:24750b9ad5ef 6218
Christopher Haster 1:24750b9ad5ef 6219 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 6220 const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6221 {
Christopher Haster 1:24750b9ad5ef 6222 if( ssl == NULL || ssl->session == NULL )
Christopher Haster 1:24750b9ad5ef 6223 return( NULL );
Christopher Haster 1:24750b9ad5ef 6224
Christopher Haster 1:24750b9ad5ef 6225 return( ssl->session->peer_cert );
Christopher Haster 1:24750b9ad5ef 6226 }
Christopher Haster 1:24750b9ad5ef 6227 #endif /* MBEDTLS_X509_CRT_PARSE_C */
Christopher Haster 1:24750b9ad5ef 6228
Christopher Haster 1:24750b9ad5ef 6229 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 6230 int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *dst )
Christopher Haster 1:24750b9ad5ef 6231 {
Christopher Haster 1:24750b9ad5ef 6232 if( ssl == NULL ||
Christopher Haster 1:24750b9ad5ef 6233 dst == NULL ||
Christopher Haster 1:24750b9ad5ef 6234 ssl->session == NULL ||
Christopher Haster 1:24750b9ad5ef 6235 ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
Christopher Haster 1:24750b9ad5ef 6236 {
Christopher Haster 1:24750b9ad5ef 6237 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 6238 }
Christopher Haster 1:24750b9ad5ef 6239
Christopher Haster 1:24750b9ad5ef 6240 return( ssl_session_copy( dst, ssl->session ) );
Christopher Haster 1:24750b9ad5ef 6241 }
Christopher Haster 1:24750b9ad5ef 6242 #endif /* MBEDTLS_SSL_CLI_C */
Christopher Haster 1:24750b9ad5ef 6243
Christopher Haster 1:24750b9ad5ef 6244 /*
Christopher Haster 1:24750b9ad5ef 6245 * Perform a single step of the SSL handshake
Christopher Haster 1:24750b9ad5ef 6246 */
Christopher Haster 1:24750b9ad5ef 6247 int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6248 {
Christopher Haster 1:24750b9ad5ef 6249 int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
Christopher Haster 1:24750b9ad5ef 6250
Christopher Haster 1:24750b9ad5ef 6251 if( ssl == NULL || ssl->conf == NULL )
Christopher Haster 1:24750b9ad5ef 6252 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 6253
Christopher Haster 1:24750b9ad5ef 6254 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 6255 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
Christopher Haster 1:24750b9ad5ef 6256 ret = mbedtls_ssl_handshake_client_step( ssl );
Christopher Haster 1:24750b9ad5ef 6257 #endif
Christopher Haster 1:24750b9ad5ef 6258 #if defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 6259 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
Christopher Haster 1:24750b9ad5ef 6260 ret = mbedtls_ssl_handshake_server_step( ssl );
Christopher Haster 1:24750b9ad5ef 6261 #endif
Christopher Haster 1:24750b9ad5ef 6262
Christopher Haster 1:24750b9ad5ef 6263 return( ret );
Christopher Haster 1:24750b9ad5ef 6264 }
Christopher Haster 1:24750b9ad5ef 6265
Christopher Haster 1:24750b9ad5ef 6266 /*
Christopher Haster 1:24750b9ad5ef 6267 * Perform the SSL handshake
Christopher Haster 1:24750b9ad5ef 6268 */
Christopher Haster 1:24750b9ad5ef 6269 int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6270 {
Christopher Haster 1:24750b9ad5ef 6271 int ret = 0;
Christopher Haster 1:24750b9ad5ef 6272
Christopher Haster 1:24750b9ad5ef 6273 if( ssl == NULL || ssl->conf == NULL )
Christopher Haster 1:24750b9ad5ef 6274 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 6275
Christopher Haster 1:24750b9ad5ef 6276 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
Christopher Haster 1:24750b9ad5ef 6277
Christopher Haster 1:24750b9ad5ef 6278 while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
Christopher Haster 1:24750b9ad5ef 6279 {
Christopher Haster 1:24750b9ad5ef 6280 ret = mbedtls_ssl_handshake_step( ssl );
Christopher Haster 1:24750b9ad5ef 6281
Christopher Haster 1:24750b9ad5ef 6282 if( ret != 0 )
Christopher Haster 1:24750b9ad5ef 6283 break;
Christopher Haster 1:24750b9ad5ef 6284 }
Christopher Haster 1:24750b9ad5ef 6285
Christopher Haster 1:24750b9ad5ef 6286 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) );
Christopher Haster 1:24750b9ad5ef 6287
Christopher Haster 1:24750b9ad5ef 6288 return( ret );
Christopher Haster 1:24750b9ad5ef 6289 }
Christopher Haster 1:24750b9ad5ef 6290
Christopher Haster 1:24750b9ad5ef 6291 #if defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 6292 #if defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 6293 /*
Christopher Haster 1:24750b9ad5ef 6294 * Write HelloRequest to request renegotiation on server
Christopher Haster 1:24750b9ad5ef 6295 */
Christopher Haster 1:24750b9ad5ef 6296 static int ssl_write_hello_request( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6297 {
Christopher Haster 1:24750b9ad5ef 6298 int ret;
Christopher Haster 1:24750b9ad5ef 6299
Christopher Haster 1:24750b9ad5ef 6300 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
Christopher Haster 1:24750b9ad5ef 6301
Christopher Haster 1:24750b9ad5ef 6302 ssl->out_msglen = 4;
Christopher Haster 1:24750b9ad5ef 6303 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
Christopher Haster 1:24750b9ad5ef 6304 ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST;
Christopher Haster 1:24750b9ad5ef 6305
Christopher Haster 1:24750b9ad5ef 6306 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6307 {
Christopher Haster 1:24750b9ad5ef 6308 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
Christopher Haster 1:24750b9ad5ef 6309 return( ret );
Christopher Haster 1:24750b9ad5ef 6310 }
Christopher Haster 1:24750b9ad5ef 6311
Christopher Haster 1:24750b9ad5ef 6312 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
Christopher Haster 1:24750b9ad5ef 6313
Christopher Haster 1:24750b9ad5ef 6314 return( 0 );
Christopher Haster 1:24750b9ad5ef 6315 }
Christopher Haster 1:24750b9ad5ef 6316 #endif /* MBEDTLS_SSL_SRV_C */
Christopher Haster 1:24750b9ad5ef 6317
Christopher Haster 1:24750b9ad5ef 6318 /*
Christopher Haster 1:24750b9ad5ef 6319 * Actually renegotiate current connection, triggered by either:
Christopher Haster 1:24750b9ad5ef 6320 * - any side: calling mbedtls_ssl_renegotiate(),
Christopher Haster 1:24750b9ad5ef 6321 * - client: receiving a HelloRequest during mbedtls_ssl_read(),
Christopher Haster 1:24750b9ad5ef 6322 * - server: receiving any handshake message on server during mbedtls_ssl_read() after
Christopher Haster 1:24750b9ad5ef 6323 * the initial handshake is completed.
Christopher Haster 1:24750b9ad5ef 6324 * If the handshake doesn't complete due to waiting for I/O, it will continue
Christopher Haster 1:24750b9ad5ef 6325 * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively.
Christopher Haster 1:24750b9ad5ef 6326 */
Christopher Haster 1:24750b9ad5ef 6327 static int ssl_start_renegotiation( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6328 {
Christopher Haster 1:24750b9ad5ef 6329 int ret;
Christopher Haster 1:24750b9ad5ef 6330
Christopher Haster 1:24750b9ad5ef 6331 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
Christopher Haster 1:24750b9ad5ef 6332
Christopher Haster 1:24750b9ad5ef 6333 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6334 return( ret );
Christopher Haster 1:24750b9ad5ef 6335
Christopher Haster 1:24750b9ad5ef 6336 /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and
Christopher Haster 1:24750b9ad5ef 6337 * the ServerHello will have message_seq = 1" */
Christopher Haster 1:24750b9ad5ef 6338 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 6339 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
Christopher Haster 1:24750b9ad5ef 6340 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
Christopher Haster 1:24750b9ad5ef 6341 {
Christopher Haster 1:24750b9ad5ef 6342 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
Christopher Haster 1:24750b9ad5ef 6343 ssl->handshake->out_msg_seq = 1;
Christopher Haster 1:24750b9ad5ef 6344 else
Christopher Haster 1:24750b9ad5ef 6345 ssl->handshake->in_msg_seq = 1;
Christopher Haster 1:24750b9ad5ef 6346 }
Christopher Haster 1:24750b9ad5ef 6347 #endif
Christopher Haster 1:24750b9ad5ef 6348
Christopher Haster 1:24750b9ad5ef 6349 ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
Christopher Haster 1:24750b9ad5ef 6350 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS;
Christopher Haster 1:24750b9ad5ef 6351
Christopher Haster 1:24750b9ad5ef 6352 if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6353 {
Christopher Haster 1:24750b9ad5ef 6354 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
Christopher Haster 1:24750b9ad5ef 6355 return( ret );
Christopher Haster 1:24750b9ad5ef 6356 }
Christopher Haster 1:24750b9ad5ef 6357
Christopher Haster 1:24750b9ad5ef 6358 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) );
Christopher Haster 1:24750b9ad5ef 6359
Christopher Haster 1:24750b9ad5ef 6360 return( 0 );
Christopher Haster 1:24750b9ad5ef 6361 }
Christopher Haster 1:24750b9ad5ef 6362
Christopher Haster 1:24750b9ad5ef 6363 /*
Christopher Haster 1:24750b9ad5ef 6364 * Renegotiate current connection on client,
Christopher Haster 1:24750b9ad5ef 6365 * or request renegotiation on server
Christopher Haster 1:24750b9ad5ef 6366 */
Christopher Haster 1:24750b9ad5ef 6367 int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6368 {
Christopher Haster 1:24750b9ad5ef 6369 int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
Christopher Haster 1:24750b9ad5ef 6370
Christopher Haster 1:24750b9ad5ef 6371 if( ssl == NULL || ssl->conf == NULL )
Christopher Haster 1:24750b9ad5ef 6372 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 6373
Christopher Haster 1:24750b9ad5ef 6374 #if defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 6375 /* On server, just send the request */
Christopher Haster 1:24750b9ad5ef 6376 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
Christopher Haster 1:24750b9ad5ef 6377 {
Christopher Haster 1:24750b9ad5ef 6378 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
Christopher Haster 1:24750b9ad5ef 6379 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 6380
Christopher Haster 1:24750b9ad5ef 6381 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
Christopher Haster 1:24750b9ad5ef 6382
Christopher Haster 1:24750b9ad5ef 6383 /* Did we already try/start sending HelloRequest? */
Christopher Haster 1:24750b9ad5ef 6384 if( ssl->out_left != 0 )
Christopher Haster 1:24750b9ad5ef 6385 return( mbedtls_ssl_flush_output( ssl ) );
Christopher Haster 1:24750b9ad5ef 6386
Christopher Haster 1:24750b9ad5ef 6387 return( ssl_write_hello_request( ssl ) );
Christopher Haster 1:24750b9ad5ef 6388 }
Christopher Haster 1:24750b9ad5ef 6389 #endif /* MBEDTLS_SSL_SRV_C */
Christopher Haster 1:24750b9ad5ef 6390
Christopher Haster 1:24750b9ad5ef 6391 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 6392 /*
Christopher Haster 1:24750b9ad5ef 6393 * On client, either start the renegotiation process or,
Christopher Haster 1:24750b9ad5ef 6394 * if already in progress, continue the handshake
Christopher Haster 1:24750b9ad5ef 6395 */
Christopher Haster 1:24750b9ad5ef 6396 if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
Christopher Haster 1:24750b9ad5ef 6397 {
Christopher Haster 1:24750b9ad5ef 6398 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
Christopher Haster 1:24750b9ad5ef 6399 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 6400
Christopher Haster 1:24750b9ad5ef 6401 if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6402 {
Christopher Haster 1:24750b9ad5ef 6403 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
Christopher Haster 1:24750b9ad5ef 6404 return( ret );
Christopher Haster 1:24750b9ad5ef 6405 }
Christopher Haster 1:24750b9ad5ef 6406 }
Christopher Haster 1:24750b9ad5ef 6407 else
Christopher Haster 1:24750b9ad5ef 6408 {
Christopher Haster 1:24750b9ad5ef 6409 if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6410 {
Christopher Haster 1:24750b9ad5ef 6411 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
Christopher Haster 1:24750b9ad5ef 6412 return( ret );
Christopher Haster 1:24750b9ad5ef 6413 }
Christopher Haster 1:24750b9ad5ef 6414 }
Christopher Haster 1:24750b9ad5ef 6415 #endif /* MBEDTLS_SSL_CLI_C */
Christopher Haster 1:24750b9ad5ef 6416
Christopher Haster 1:24750b9ad5ef 6417 return( ret );
Christopher Haster 1:24750b9ad5ef 6418 }
Christopher Haster 1:24750b9ad5ef 6419
Christopher Haster 1:24750b9ad5ef 6420 /*
Christopher Haster 1:24750b9ad5ef 6421 * Check record counters and renegotiate if they're above the limit.
Christopher Haster 1:24750b9ad5ef 6422 */
Christopher Haster 1:24750b9ad5ef 6423 static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6424 {
Christopher Haster 1:24750b9ad5ef 6425 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ||
Christopher Haster 1:24750b9ad5ef 6426 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ||
Christopher Haster 1:24750b9ad5ef 6427 ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
Christopher Haster 1:24750b9ad5ef 6428 {
Christopher Haster 1:24750b9ad5ef 6429 return( 0 );
Christopher Haster 1:24750b9ad5ef 6430 }
Christopher Haster 1:24750b9ad5ef 6431
Christopher Haster 1:24750b9ad5ef 6432 if( memcmp( ssl->in_ctr, ssl->conf->renego_period, 8 ) <= 0 &&
Christopher Haster 1:24750b9ad5ef 6433 memcmp( ssl->out_ctr, ssl->conf->renego_period, 8 ) <= 0 )
Christopher Haster 1:24750b9ad5ef 6434 {
Christopher Haster 1:24750b9ad5ef 6435 return( 0 );
Christopher Haster 1:24750b9ad5ef 6436 }
Christopher Haster 1:24750b9ad5ef 6437
Christopher Haster 1:24750b9ad5ef 6438 MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) );
Christopher Haster 1:24750b9ad5ef 6439 return( mbedtls_ssl_renegotiate( ssl ) );
Christopher Haster 1:24750b9ad5ef 6440 }
Christopher Haster 1:24750b9ad5ef 6441 #endif /* MBEDTLS_SSL_RENEGOTIATION */
Christopher Haster 1:24750b9ad5ef 6442
Christopher Haster 1:24750b9ad5ef 6443 /*
Christopher Haster 1:24750b9ad5ef 6444 * Receive application data decrypted from the SSL layer
Christopher Haster 1:24750b9ad5ef 6445 */
Christopher Haster 1:24750b9ad5ef 6446 int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
Christopher Haster 1:24750b9ad5ef 6447 {
Christopher Haster 1:24750b9ad5ef 6448 int ret, record_read = 0;
Christopher Haster 1:24750b9ad5ef 6449 size_t n;
Christopher Haster 1:24750b9ad5ef 6450
Christopher Haster 1:24750b9ad5ef 6451 if( ssl == NULL || ssl->conf == NULL )
Christopher Haster 1:24750b9ad5ef 6452 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 6453
Christopher Haster 1:24750b9ad5ef 6454 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
Christopher Haster 1:24750b9ad5ef 6455
Christopher Haster 1:24750b9ad5ef 6456 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 6457 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 6458 {
Christopher Haster 1:24750b9ad5ef 6459 if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6460 return( ret );
Christopher Haster 1:24750b9ad5ef 6461
Christopher Haster 1:24750b9ad5ef 6462 if( ssl->handshake != NULL &&
Christopher Haster 1:24750b9ad5ef 6463 ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
Christopher Haster 1:24750b9ad5ef 6464 {
Christopher Haster 1:24750b9ad5ef 6465 if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6466 return( ret );
Christopher Haster 1:24750b9ad5ef 6467 }
Christopher Haster 1:24750b9ad5ef 6468 }
Christopher Haster 1:24750b9ad5ef 6469 #endif
Christopher Haster 1:24750b9ad5ef 6470
Christopher Haster 1:24750b9ad5ef 6471 #if defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 6472 if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6473 {
Christopher Haster 1:24750b9ad5ef 6474 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
Christopher Haster 1:24750b9ad5ef 6475 return( ret );
Christopher Haster 1:24750b9ad5ef 6476 }
Christopher Haster 1:24750b9ad5ef 6477 #endif
Christopher Haster 1:24750b9ad5ef 6478
Christopher Haster 1:24750b9ad5ef 6479 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
Christopher Haster 1:24750b9ad5ef 6480 {
Christopher Haster 1:24750b9ad5ef 6481 ret = mbedtls_ssl_handshake( ssl );
Christopher Haster 1:24750b9ad5ef 6482 if( ret == MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO )
Christopher Haster 1:24750b9ad5ef 6483 {
Christopher Haster 1:24750b9ad5ef 6484 record_read = 1;
Christopher Haster 1:24750b9ad5ef 6485 }
Christopher Haster 1:24750b9ad5ef 6486 else if( ret != 0 )
Christopher Haster 1:24750b9ad5ef 6487 {
Christopher Haster 1:24750b9ad5ef 6488 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
Christopher Haster 1:24750b9ad5ef 6489 return( ret );
Christopher Haster 1:24750b9ad5ef 6490 }
Christopher Haster 1:24750b9ad5ef 6491 }
Christopher Haster 1:24750b9ad5ef 6492
Christopher Haster 1:24750b9ad5ef 6493 if( ssl->in_offt == NULL )
Christopher Haster 1:24750b9ad5ef 6494 {
Christopher Haster 1:24750b9ad5ef 6495 /* Start timer if not already running */
Christopher Haster 1:24750b9ad5ef 6496 if( ssl->f_get_timer != NULL &&
Christopher Haster 1:24750b9ad5ef 6497 ssl->f_get_timer( ssl->p_timer ) == -1 )
Christopher Haster 1:24750b9ad5ef 6498 {
Christopher Haster 1:24750b9ad5ef 6499 ssl_set_timer( ssl, ssl->conf->read_timeout );
Christopher Haster 1:24750b9ad5ef 6500 }
Christopher Haster 1:24750b9ad5ef 6501
Christopher Haster 1:24750b9ad5ef 6502 if( ! record_read )
Christopher Haster 1:24750b9ad5ef 6503 {
Christopher Haster 1:24750b9ad5ef 6504 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6505 {
Christopher Haster 1:24750b9ad5ef 6506 if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
Christopher Haster 1:24750b9ad5ef 6507 return( 0 );
Christopher Haster 1:24750b9ad5ef 6508
Christopher Haster 1:24750b9ad5ef 6509 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
Christopher Haster 1:24750b9ad5ef 6510 return( ret );
Christopher Haster 1:24750b9ad5ef 6511 }
Christopher Haster 1:24750b9ad5ef 6512 }
Christopher Haster 1:24750b9ad5ef 6513
Christopher Haster 1:24750b9ad5ef 6514 if( ssl->in_msglen == 0 &&
Christopher Haster 1:24750b9ad5ef 6515 ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA )
Christopher Haster 1:24750b9ad5ef 6516 {
Christopher Haster 1:24750b9ad5ef 6517 /*
Christopher Haster 1:24750b9ad5ef 6518 * OpenSSL sends empty messages to randomize the IV
Christopher Haster 1:24750b9ad5ef 6519 */
Christopher Haster 1:24750b9ad5ef 6520 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6521 {
Christopher Haster 1:24750b9ad5ef 6522 if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
Christopher Haster 1:24750b9ad5ef 6523 return( 0 );
Christopher Haster 1:24750b9ad5ef 6524
Christopher Haster 1:24750b9ad5ef 6525 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
Christopher Haster 1:24750b9ad5ef 6526 return( ret );
Christopher Haster 1:24750b9ad5ef 6527 }
Christopher Haster 1:24750b9ad5ef 6528 }
Christopher Haster 1:24750b9ad5ef 6529
Christopher Haster 1:24750b9ad5ef 6530 #if defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 6531 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
Christopher Haster 1:24750b9ad5ef 6532 {
Christopher Haster 1:24750b9ad5ef 6533 MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
Christopher Haster 1:24750b9ad5ef 6534
Christopher Haster 1:24750b9ad5ef 6535 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 6536 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
Christopher Haster 1:24750b9ad5ef 6537 ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ||
Christopher Haster 1:24750b9ad5ef 6538 ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) )
Christopher Haster 1:24750b9ad5ef 6539 {
Christopher Haster 1:24750b9ad5ef 6540 MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
Christopher Haster 1:24750b9ad5ef 6541
Christopher Haster 1:24750b9ad5ef 6542 /* With DTLS, drop the packet (probably from last handshake) */
Christopher Haster 1:24750b9ad5ef 6543 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 6544 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 6545 return( MBEDTLS_ERR_SSL_WANT_READ );
Christopher Haster 1:24750b9ad5ef 6546 #endif
Christopher Haster 1:24750b9ad5ef 6547 return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
Christopher Haster 1:24750b9ad5ef 6548 }
Christopher Haster 1:24750b9ad5ef 6549
Christopher Haster 1:24750b9ad5ef 6550 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
Christopher Haster 1:24750b9ad5ef 6551 ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
Christopher Haster 1:24750b9ad5ef 6552 {
Christopher Haster 1:24750b9ad5ef 6553 MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) );
Christopher Haster 1:24750b9ad5ef 6554
Christopher Haster 1:24750b9ad5ef 6555 /* With DTLS, drop the packet (probably from last handshake) */
Christopher Haster 1:24750b9ad5ef 6556 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 6557 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 6558 return( MBEDTLS_ERR_SSL_WANT_READ );
Christopher Haster 1:24750b9ad5ef 6559 #endif
Christopher Haster 1:24750b9ad5ef 6560 return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
Christopher Haster 1:24750b9ad5ef 6561 }
Christopher Haster 1:24750b9ad5ef 6562 #endif
Christopher Haster 1:24750b9ad5ef 6563
Christopher Haster 1:24750b9ad5ef 6564 if( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
Christopher Haster 1:24750b9ad5ef 6565 ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
Christopher Haster 1:24750b9ad5ef 6566 ssl->conf->allow_legacy_renegotiation ==
Christopher Haster 1:24750b9ad5ef 6567 MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) )
Christopher Haster 1:24750b9ad5ef 6568 {
Christopher Haster 1:24750b9ad5ef 6569 MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
Christopher Haster 1:24750b9ad5ef 6570
Christopher Haster 1:24750b9ad5ef 6571 #if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster 1:24750b9ad5ef 6572 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
Christopher Haster 1:24750b9ad5ef 6573 {
Christopher Haster 1:24750b9ad5ef 6574 /*
Christopher Haster 1:24750b9ad5ef 6575 * SSLv3 does not have a "no_renegotiation" alert
Christopher Haster 1:24750b9ad5ef 6576 */
Christopher Haster 1:24750b9ad5ef 6577 if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6578 return( ret );
Christopher Haster 1:24750b9ad5ef 6579 }
Christopher Haster 1:24750b9ad5ef 6580 else
Christopher Haster 1:24750b9ad5ef 6581 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
Christopher Haster 1:24750b9ad5ef 6582 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
Christopher Haster 1:24750b9ad5ef 6583 defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 6584 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
Christopher Haster 1:24750b9ad5ef 6585 {
Christopher Haster 1:24750b9ad5ef 6586 if( ( ret = mbedtls_ssl_send_alert_message( ssl,
Christopher Haster 1:24750b9ad5ef 6587 MBEDTLS_SSL_ALERT_LEVEL_WARNING,
Christopher Haster 1:24750b9ad5ef 6588 MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6589 {
Christopher Haster 1:24750b9ad5ef 6590 return( ret );
Christopher Haster 1:24750b9ad5ef 6591 }
Christopher Haster 1:24750b9ad5ef 6592 }
Christopher Haster 1:24750b9ad5ef 6593 else
Christopher Haster 1:24750b9ad5ef 6594 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 ||
Christopher Haster 1:24750b9ad5ef 6595 MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 6596 {
Christopher Haster 1:24750b9ad5ef 6597 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
Christopher Haster 1:24750b9ad5ef 6598 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Christopher Haster 1:24750b9ad5ef 6599 }
Christopher Haster 1:24750b9ad5ef 6600 }
Christopher Haster 1:24750b9ad5ef 6601 else
Christopher Haster 1:24750b9ad5ef 6602 {
Christopher Haster 1:24750b9ad5ef 6603 /* DTLS clients need to know renego is server-initiated */
Christopher Haster 1:24750b9ad5ef 6604 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 6605 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
Christopher Haster 1:24750b9ad5ef 6606 ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
Christopher Haster 1:24750b9ad5ef 6607 {
Christopher Haster 1:24750b9ad5ef 6608 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
Christopher Haster 1:24750b9ad5ef 6609 }
Christopher Haster 1:24750b9ad5ef 6610 #endif
Christopher Haster 1:24750b9ad5ef 6611 ret = ssl_start_renegotiation( ssl );
Christopher Haster 1:24750b9ad5ef 6612 if( ret == MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO )
Christopher Haster 1:24750b9ad5ef 6613 {
Christopher Haster 1:24750b9ad5ef 6614 record_read = 1;
Christopher Haster 1:24750b9ad5ef 6615 }
Christopher Haster 1:24750b9ad5ef 6616 else if( ret != 0 )
Christopher Haster 1:24750b9ad5ef 6617 {
Christopher Haster 1:24750b9ad5ef 6618 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
Christopher Haster 1:24750b9ad5ef 6619 return( ret );
Christopher Haster 1:24750b9ad5ef 6620 }
Christopher Haster 1:24750b9ad5ef 6621 }
Christopher Haster 1:24750b9ad5ef 6622
Christopher Haster 1:24750b9ad5ef 6623 /* If a non-handshake record was read during renego, fallthrough,
Christopher Haster 1:24750b9ad5ef 6624 * else tell the user they should call mbedtls_ssl_read() again */
Christopher Haster 1:24750b9ad5ef 6625 if( ! record_read )
Christopher Haster 1:24750b9ad5ef 6626 return( MBEDTLS_ERR_SSL_WANT_READ );
Christopher Haster 1:24750b9ad5ef 6627 }
Christopher Haster 1:24750b9ad5ef 6628 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
Christopher Haster 1:24750b9ad5ef 6629 {
Christopher Haster 1:24750b9ad5ef 6630
Christopher Haster 1:24750b9ad5ef 6631 if( ssl->conf->renego_max_records >= 0 )
Christopher Haster 1:24750b9ad5ef 6632 {
Christopher Haster 1:24750b9ad5ef 6633 if( ++ssl->renego_records_seen > ssl->conf->renego_max_records )
Christopher Haster 1:24750b9ad5ef 6634 {
Christopher Haster 1:24750b9ad5ef 6635 MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
Christopher Haster 1:24750b9ad5ef 6636 "but not honored by client" ) );
Christopher Haster 1:24750b9ad5ef 6637 return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
Christopher Haster 1:24750b9ad5ef 6638 }
Christopher Haster 1:24750b9ad5ef 6639 }
Christopher Haster 1:24750b9ad5ef 6640 }
Christopher Haster 1:24750b9ad5ef 6641 #endif /* MBEDTLS_SSL_RENEGOTIATION */
Christopher Haster 1:24750b9ad5ef 6642
Christopher Haster 1:24750b9ad5ef 6643 /* Fatal and closure alerts handled by mbedtls_ssl_read_record() */
Christopher Haster 1:24750b9ad5ef 6644 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
Christopher Haster 1:24750b9ad5ef 6645 {
Christopher Haster 1:24750b9ad5ef 6646 MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) );
Christopher Haster 1:24750b9ad5ef 6647 return( MBEDTLS_ERR_SSL_WANT_READ );
Christopher Haster 1:24750b9ad5ef 6648 }
Christopher Haster 1:24750b9ad5ef 6649
Christopher Haster 1:24750b9ad5ef 6650 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
Christopher Haster 1:24750b9ad5ef 6651 {
Christopher Haster 1:24750b9ad5ef 6652 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
Christopher Haster 1:24750b9ad5ef 6653 return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
Christopher Haster 1:24750b9ad5ef 6654 }
Christopher Haster 1:24750b9ad5ef 6655
Christopher Haster 1:24750b9ad5ef 6656 ssl->in_offt = ssl->in_msg;
Christopher Haster 1:24750b9ad5ef 6657
Christopher Haster 1:24750b9ad5ef 6658 /* We're going to return something now, cancel timer,
Christopher Haster 1:24750b9ad5ef 6659 * except if handshake (renegotiation) is in progress */
Christopher Haster 1:24750b9ad5ef 6660 if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
Christopher Haster 1:24750b9ad5ef 6661 ssl_set_timer( ssl, 0 );
Christopher Haster 1:24750b9ad5ef 6662
Christopher Haster 1:24750b9ad5ef 6663 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 6664 /* If we requested renego but received AppData, resend HelloRequest.
Christopher Haster 1:24750b9ad5ef 6665 * Do it now, after setting in_offt, to avoid taking this branch
Christopher Haster 1:24750b9ad5ef 6666 * again if ssl_write_hello_request() returns WANT_WRITE */
Christopher Haster 1:24750b9ad5ef 6667 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 6668 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
Christopher Haster 1:24750b9ad5ef 6669 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
Christopher Haster 1:24750b9ad5ef 6670 {
Christopher Haster 1:24750b9ad5ef 6671 if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6672 {
Christopher Haster 1:24750b9ad5ef 6673 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
Christopher Haster 1:24750b9ad5ef 6674 return( ret );
Christopher Haster 1:24750b9ad5ef 6675 }
Christopher Haster 1:24750b9ad5ef 6676 }
Christopher Haster 1:24750b9ad5ef 6677 #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
Christopher Haster 1:24750b9ad5ef 6678 #endif
Christopher Haster 1:24750b9ad5ef 6679 }
Christopher Haster 1:24750b9ad5ef 6680
Christopher Haster 1:24750b9ad5ef 6681 n = ( len < ssl->in_msglen )
Christopher Haster 1:24750b9ad5ef 6682 ? len : ssl->in_msglen;
Christopher Haster 1:24750b9ad5ef 6683
Christopher Haster 1:24750b9ad5ef 6684 memcpy( buf, ssl->in_offt, n );
Christopher Haster 1:24750b9ad5ef 6685 ssl->in_msglen -= n;
Christopher Haster 1:24750b9ad5ef 6686
Christopher Haster 1:24750b9ad5ef 6687 if( ssl->in_msglen == 0 )
Christopher Haster 1:24750b9ad5ef 6688 /* all bytes consumed */
Christopher Haster 1:24750b9ad5ef 6689 ssl->in_offt = NULL;
Christopher Haster 1:24750b9ad5ef 6690 else
Christopher Haster 1:24750b9ad5ef 6691 /* more data available */
Christopher Haster 1:24750b9ad5ef 6692 ssl->in_offt += n;
Christopher Haster 1:24750b9ad5ef 6693
Christopher Haster 1:24750b9ad5ef 6694 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) );
Christopher Haster 1:24750b9ad5ef 6695
Christopher Haster 1:24750b9ad5ef 6696 return( (int) n );
Christopher Haster 1:24750b9ad5ef 6697 }
Christopher Haster 1:24750b9ad5ef 6698
Christopher Haster 1:24750b9ad5ef 6699 /*
Christopher Haster 1:24750b9ad5ef 6700 * Send application data to be encrypted by the SSL layer,
Christopher Haster 1:24750b9ad5ef 6701 * taking care of max fragment length and buffer size
Christopher Haster 1:24750b9ad5ef 6702 */
Christopher Haster 1:24750b9ad5ef 6703 static int ssl_write_real( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 6704 const unsigned char *buf, size_t len )
Christopher Haster 1:24750b9ad5ef 6705 {
Christopher Haster 1:24750b9ad5ef 6706 int ret;
Christopher Haster 1:24750b9ad5ef 6707 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
Christopher Haster 1:24750b9ad5ef 6708 size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
Christopher Haster 1:24750b9ad5ef 6709
Christopher Haster 1:24750b9ad5ef 6710 if( len > max_len )
Christopher Haster 1:24750b9ad5ef 6711 {
Christopher Haster 1:24750b9ad5ef 6712 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 6713 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 6714 {
Christopher Haster 1:24750b9ad5ef 6715 MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
Christopher Haster 1:24750b9ad5ef 6716 "maximum fragment length: %d > %d",
Christopher Haster 1:24750b9ad5ef 6717 len, max_len ) );
Christopher Haster 1:24750b9ad5ef 6718 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 6719 }
Christopher Haster 1:24750b9ad5ef 6720 else
Christopher Haster 1:24750b9ad5ef 6721 #endif
Christopher Haster 1:24750b9ad5ef 6722 len = max_len;
Christopher Haster 1:24750b9ad5ef 6723 }
Christopher Haster 1:24750b9ad5ef 6724 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
Christopher Haster 1:24750b9ad5ef 6725
Christopher Haster 1:24750b9ad5ef 6726 if( ssl->out_left != 0 )
Christopher Haster 1:24750b9ad5ef 6727 {
Christopher Haster 1:24750b9ad5ef 6728 if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6729 {
Christopher Haster 1:24750b9ad5ef 6730 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
Christopher Haster 1:24750b9ad5ef 6731 return( ret );
Christopher Haster 1:24750b9ad5ef 6732 }
Christopher Haster 1:24750b9ad5ef 6733 }
Christopher Haster 1:24750b9ad5ef 6734 else
Christopher Haster 1:24750b9ad5ef 6735 {
Christopher Haster 1:24750b9ad5ef 6736 ssl->out_msglen = len;
Christopher Haster 1:24750b9ad5ef 6737 ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
Christopher Haster 1:24750b9ad5ef 6738 memcpy( ssl->out_msg, buf, len );
Christopher Haster 1:24750b9ad5ef 6739
Christopher Haster 1:24750b9ad5ef 6740 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6741 {
Christopher Haster 1:24750b9ad5ef 6742 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
Christopher Haster 1:24750b9ad5ef 6743 return( ret );
Christopher Haster 1:24750b9ad5ef 6744 }
Christopher Haster 1:24750b9ad5ef 6745 }
Christopher Haster 1:24750b9ad5ef 6746
Christopher Haster 1:24750b9ad5ef 6747 return( (int) len );
Christopher Haster 1:24750b9ad5ef 6748 }
Christopher Haster 1:24750b9ad5ef 6749
Christopher Haster 1:24750b9ad5ef 6750 /*
Christopher Haster 1:24750b9ad5ef 6751 * Write application data, doing 1/n-1 splitting if necessary.
Christopher Haster 1:24750b9ad5ef 6752 *
Christopher Haster 1:24750b9ad5ef 6753 * With non-blocking I/O, ssl_write_real() may return WANT_WRITE,
Christopher Haster 1:24750b9ad5ef 6754 * then the caller will call us again with the same arguments, so
Christopher Haster 1:24750b9ad5ef 6755 * remember wether we already did the split or not.
Christopher Haster 1:24750b9ad5ef 6756 */
Christopher Haster 1:24750b9ad5ef 6757 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
Christopher Haster 1:24750b9ad5ef 6758 static int ssl_write_split( mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 6759 const unsigned char *buf, size_t len )
Christopher Haster 1:24750b9ad5ef 6760 {
Christopher Haster 1:24750b9ad5ef 6761 int ret;
Christopher Haster 1:24750b9ad5ef 6762
Christopher Haster 1:24750b9ad5ef 6763 if( ssl->conf->cbc_record_splitting ==
Christopher Haster 1:24750b9ad5ef 6764 MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ||
Christopher Haster 1:24750b9ad5ef 6765 len <= 1 ||
Christopher Haster 1:24750b9ad5ef 6766 ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 ||
Christopher Haster 1:24750b9ad5ef 6767 mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc )
Christopher Haster 1:24750b9ad5ef 6768 != MBEDTLS_MODE_CBC )
Christopher Haster 1:24750b9ad5ef 6769 {
Christopher Haster 1:24750b9ad5ef 6770 return( ssl_write_real( ssl, buf, len ) );
Christopher Haster 1:24750b9ad5ef 6771 }
Christopher Haster 1:24750b9ad5ef 6772
Christopher Haster 1:24750b9ad5ef 6773 if( ssl->split_done == 0 )
Christopher Haster 1:24750b9ad5ef 6774 {
Christopher Haster 1:24750b9ad5ef 6775 if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 )
Christopher Haster 1:24750b9ad5ef 6776 return( ret );
Christopher Haster 1:24750b9ad5ef 6777 ssl->split_done = 1;
Christopher Haster 1:24750b9ad5ef 6778 }
Christopher Haster 1:24750b9ad5ef 6779
Christopher Haster 1:24750b9ad5ef 6780 if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 )
Christopher Haster 1:24750b9ad5ef 6781 return( ret );
Christopher Haster 1:24750b9ad5ef 6782 ssl->split_done = 0;
Christopher Haster 1:24750b9ad5ef 6783
Christopher Haster 1:24750b9ad5ef 6784 return( ret + 1 );
Christopher Haster 1:24750b9ad5ef 6785 }
Christopher Haster 1:24750b9ad5ef 6786 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
Christopher Haster 1:24750b9ad5ef 6787
Christopher Haster 1:24750b9ad5ef 6788 /*
Christopher Haster 1:24750b9ad5ef 6789 * Write application data (public-facing wrapper)
Christopher Haster 1:24750b9ad5ef 6790 */
Christopher Haster 1:24750b9ad5ef 6791 int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len )
Christopher Haster 1:24750b9ad5ef 6792 {
Christopher Haster 1:24750b9ad5ef 6793 int ret;
Christopher Haster 1:24750b9ad5ef 6794
Christopher Haster 1:24750b9ad5ef 6795 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );
Christopher Haster 1:24750b9ad5ef 6796
Christopher Haster 1:24750b9ad5ef 6797 if( ssl == NULL || ssl->conf == NULL )
Christopher Haster 1:24750b9ad5ef 6798 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 6799
Christopher Haster 1:24750b9ad5ef 6800 #if defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 6801 if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6802 {
Christopher Haster 1:24750b9ad5ef 6803 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
Christopher Haster 1:24750b9ad5ef 6804 return( ret );
Christopher Haster 1:24750b9ad5ef 6805 }
Christopher Haster 1:24750b9ad5ef 6806 #endif
Christopher Haster 1:24750b9ad5ef 6807
Christopher Haster 1:24750b9ad5ef 6808 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
Christopher Haster 1:24750b9ad5ef 6809 {
Christopher Haster 1:24750b9ad5ef 6810 if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6811 {
Christopher Haster 1:24750b9ad5ef 6812 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
Christopher Haster 1:24750b9ad5ef 6813 return( ret );
Christopher Haster 1:24750b9ad5ef 6814 }
Christopher Haster 1:24750b9ad5ef 6815 }
Christopher Haster 1:24750b9ad5ef 6816
Christopher Haster 1:24750b9ad5ef 6817 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
Christopher Haster 1:24750b9ad5ef 6818 ret = ssl_write_split( ssl, buf, len );
Christopher Haster 1:24750b9ad5ef 6819 #else
Christopher Haster 1:24750b9ad5ef 6820 ret = ssl_write_real( ssl, buf, len );
Christopher Haster 1:24750b9ad5ef 6821 #endif
Christopher Haster 1:24750b9ad5ef 6822
Christopher Haster 1:24750b9ad5ef 6823 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) );
Christopher Haster 1:24750b9ad5ef 6824
Christopher Haster 1:24750b9ad5ef 6825 return( ret );
Christopher Haster 1:24750b9ad5ef 6826 }
Christopher Haster 1:24750b9ad5ef 6827
Christopher Haster 1:24750b9ad5ef 6828 /*
Christopher Haster 1:24750b9ad5ef 6829 * Notify the peer that the connection is being closed
Christopher Haster 1:24750b9ad5ef 6830 */
Christopher Haster 1:24750b9ad5ef 6831 int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6832 {
Christopher Haster 1:24750b9ad5ef 6833 int ret;
Christopher Haster 1:24750b9ad5ef 6834
Christopher Haster 1:24750b9ad5ef 6835 if( ssl == NULL || ssl->conf == NULL )
Christopher Haster 1:24750b9ad5ef 6836 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 6837
Christopher Haster 1:24750b9ad5ef 6838 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
Christopher Haster 1:24750b9ad5ef 6839
Christopher Haster 1:24750b9ad5ef 6840 if( ssl->out_left != 0 )
Christopher Haster 1:24750b9ad5ef 6841 return( mbedtls_ssl_flush_output( ssl ) );
Christopher Haster 1:24750b9ad5ef 6842
Christopher Haster 1:24750b9ad5ef 6843 if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
Christopher Haster 1:24750b9ad5ef 6844 {
Christopher Haster 1:24750b9ad5ef 6845 if( ( ret = mbedtls_ssl_send_alert_message( ssl,
Christopher Haster 1:24750b9ad5ef 6846 MBEDTLS_SSL_ALERT_LEVEL_WARNING,
Christopher Haster 1:24750b9ad5ef 6847 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 6848 {
Christopher Haster 1:24750b9ad5ef 6849 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret );
Christopher Haster 1:24750b9ad5ef 6850 return( ret );
Christopher Haster 1:24750b9ad5ef 6851 }
Christopher Haster 1:24750b9ad5ef 6852 }
Christopher Haster 1:24750b9ad5ef 6853
Christopher Haster 1:24750b9ad5ef 6854 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
Christopher Haster 1:24750b9ad5ef 6855
Christopher Haster 1:24750b9ad5ef 6856 return( 0 );
Christopher Haster 1:24750b9ad5ef 6857 }
Christopher Haster 1:24750b9ad5ef 6858
Christopher Haster 1:24750b9ad5ef 6859 void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
Christopher Haster 1:24750b9ad5ef 6860 {
Christopher Haster 1:24750b9ad5ef 6861 if( transform == NULL )
Christopher Haster 1:24750b9ad5ef 6862 return;
Christopher Haster 1:24750b9ad5ef 6863
Christopher Haster 1:24750b9ad5ef 6864 #if defined(MBEDTLS_ZLIB_SUPPORT)
Christopher Haster 1:24750b9ad5ef 6865 deflateEnd( &transform->ctx_deflate );
Christopher Haster 1:24750b9ad5ef 6866 inflateEnd( &transform->ctx_inflate );
Christopher Haster 1:24750b9ad5ef 6867 #endif
Christopher Haster 1:24750b9ad5ef 6868
Christopher Haster 1:24750b9ad5ef 6869 mbedtls_cipher_free( &transform->cipher_ctx_enc );
Christopher Haster 1:24750b9ad5ef 6870 mbedtls_cipher_free( &transform->cipher_ctx_dec );
Christopher Haster 1:24750b9ad5ef 6871
Christopher Haster 1:24750b9ad5ef 6872 mbedtls_md_free( &transform->md_ctx_enc );
Christopher Haster 1:24750b9ad5ef 6873 mbedtls_md_free( &transform->md_ctx_dec );
Christopher Haster 1:24750b9ad5ef 6874
Christopher Haster 1:24750b9ad5ef 6875 mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
Christopher Haster 1:24750b9ad5ef 6876 }
Christopher Haster 1:24750b9ad5ef 6877
Christopher Haster 1:24750b9ad5ef 6878 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 6879 static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert )
Christopher Haster 1:24750b9ad5ef 6880 {
Christopher Haster 1:24750b9ad5ef 6881 mbedtls_ssl_key_cert *cur = key_cert, *next;
Christopher Haster 1:24750b9ad5ef 6882
Christopher Haster 1:24750b9ad5ef 6883 while( cur != NULL )
Christopher Haster 1:24750b9ad5ef 6884 {
Christopher Haster 1:24750b9ad5ef 6885 next = cur->next;
Christopher Haster 1:24750b9ad5ef 6886 mbedtls_free( cur );
Christopher Haster 1:24750b9ad5ef 6887 cur = next;
Christopher Haster 1:24750b9ad5ef 6888 }
Christopher Haster 1:24750b9ad5ef 6889 }
Christopher Haster 1:24750b9ad5ef 6890 #endif /* MBEDTLS_X509_CRT_PARSE_C */
Christopher Haster 1:24750b9ad5ef 6891
Christopher Haster 1:24750b9ad5ef 6892 void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
Christopher Haster 1:24750b9ad5ef 6893 {
Christopher Haster 1:24750b9ad5ef 6894 if( handshake == NULL )
Christopher Haster 1:24750b9ad5ef 6895 return;
Christopher Haster 1:24750b9ad5ef 6896
Christopher Haster 1:24750b9ad5ef 6897 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
Christopher Haster 1:24750b9ad5ef 6898 defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster 1:24750b9ad5ef 6899 mbedtls_md5_free( &handshake->fin_md5 );
Christopher Haster 1:24750b9ad5ef 6900 mbedtls_sha1_free( &handshake->fin_sha1 );
Christopher Haster 1:24750b9ad5ef 6901 #endif
Christopher Haster 1:24750b9ad5ef 6902 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster 1:24750b9ad5ef 6903 #if defined(MBEDTLS_SHA256_C)
Christopher Haster 1:24750b9ad5ef 6904 mbedtls_sha256_free( &handshake->fin_sha256 );
Christopher Haster 1:24750b9ad5ef 6905 #endif
Christopher Haster 1:24750b9ad5ef 6906 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 6907 mbedtls_sha512_free( &handshake->fin_sha512 );
Christopher Haster 1:24750b9ad5ef 6908 #endif
Christopher Haster 1:24750b9ad5ef 6909 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster 1:24750b9ad5ef 6910
Christopher Haster 1:24750b9ad5ef 6911 #if defined(MBEDTLS_DHM_C)
Christopher Haster 1:24750b9ad5ef 6912 mbedtls_dhm_free( &handshake->dhm_ctx );
Christopher Haster 1:24750b9ad5ef 6913 #endif
Christopher Haster 1:24750b9ad5ef 6914 #if defined(MBEDTLS_ECDH_C)
Christopher Haster 1:24750b9ad5ef 6915 mbedtls_ecdh_free( &handshake->ecdh_ctx );
Christopher Haster 1:24750b9ad5ef 6916 #endif
Christopher Haster 1:24750b9ad5ef 6917 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Christopher Haster 1:24750b9ad5ef 6918 mbedtls_ecjpake_free( &handshake->ecjpake_ctx );
Christopher Haster 1:24750b9ad5ef 6919 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 6920 mbedtls_free( handshake->ecjpake_cache );
Christopher Haster 1:24750b9ad5ef 6921 handshake->ecjpake_cache = NULL;
Christopher Haster 1:24750b9ad5ef 6922 handshake->ecjpake_cache_len = 0;
Christopher Haster 1:24750b9ad5ef 6923 #endif
Christopher Haster 1:24750b9ad5ef 6924 #endif
Christopher Haster 1:24750b9ad5ef 6925
Christopher Haster 1:24750b9ad5ef 6926 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
Christopher Haster 1:24750b9ad5ef 6927 /* explicit void pointer cast for buggy MS compiler */
Christopher Haster 1:24750b9ad5ef 6928 mbedtls_free( (void *) handshake->curves );
Christopher Haster 1:24750b9ad5ef 6929 #endif
Christopher Haster 1:24750b9ad5ef 6930
Christopher Haster 1:24750b9ad5ef 6931 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
Christopher Haster 1:24750b9ad5ef 6932 if( handshake->psk != NULL )
Christopher Haster 1:24750b9ad5ef 6933 {
Christopher Haster 1:24750b9ad5ef 6934 mbedtls_zeroize( handshake->psk, handshake->psk_len );
Christopher Haster 1:24750b9ad5ef 6935 mbedtls_free( handshake->psk );
Christopher Haster 1:24750b9ad5ef 6936 }
Christopher Haster 1:24750b9ad5ef 6937 #endif
Christopher Haster 1:24750b9ad5ef 6938
Christopher Haster 1:24750b9ad5ef 6939 #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
Christopher Haster 1:24750b9ad5ef 6940 defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
Christopher Haster 1:24750b9ad5ef 6941 /*
Christopher Haster 1:24750b9ad5ef 6942 * Free only the linked list wrapper, not the keys themselves
Christopher Haster 1:24750b9ad5ef 6943 * since the belong to the SNI callback
Christopher Haster 1:24750b9ad5ef 6944 */
Christopher Haster 1:24750b9ad5ef 6945 if( handshake->sni_key_cert != NULL )
Christopher Haster 1:24750b9ad5ef 6946 {
Christopher Haster 1:24750b9ad5ef 6947 mbedtls_ssl_key_cert *cur = handshake->sni_key_cert, *next;
Christopher Haster 1:24750b9ad5ef 6948
Christopher Haster 1:24750b9ad5ef 6949 while( cur != NULL )
Christopher Haster 1:24750b9ad5ef 6950 {
Christopher Haster 1:24750b9ad5ef 6951 next = cur->next;
Christopher Haster 1:24750b9ad5ef 6952 mbedtls_free( cur );
Christopher Haster 1:24750b9ad5ef 6953 cur = next;
Christopher Haster 1:24750b9ad5ef 6954 }
Christopher Haster 1:24750b9ad5ef 6955 }
Christopher Haster 1:24750b9ad5ef 6956 #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
Christopher Haster 1:24750b9ad5ef 6957
Christopher Haster 1:24750b9ad5ef 6958 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 6959 mbedtls_free( handshake->verify_cookie );
Christopher Haster 1:24750b9ad5ef 6960 mbedtls_free( handshake->hs_msg );
Christopher Haster 1:24750b9ad5ef 6961 ssl_flight_free( handshake->flight );
Christopher Haster 1:24750b9ad5ef 6962 #endif
Christopher Haster 1:24750b9ad5ef 6963
Christopher Haster 1:24750b9ad5ef 6964 mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) );
Christopher Haster 1:24750b9ad5ef 6965 }
Christopher Haster 1:24750b9ad5ef 6966
Christopher Haster 1:24750b9ad5ef 6967 void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
Christopher Haster 1:24750b9ad5ef 6968 {
Christopher Haster 1:24750b9ad5ef 6969 if( session == NULL )
Christopher Haster 1:24750b9ad5ef 6970 return;
Christopher Haster 1:24750b9ad5ef 6971
Christopher Haster 1:24750b9ad5ef 6972 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 6973 if( session->peer_cert != NULL )
Christopher Haster 1:24750b9ad5ef 6974 {
Christopher Haster 1:24750b9ad5ef 6975 mbedtls_x509_crt_free( session->peer_cert );
Christopher Haster 1:24750b9ad5ef 6976 mbedtls_free( session->peer_cert );
Christopher Haster 1:24750b9ad5ef 6977 }
Christopher Haster 1:24750b9ad5ef 6978 #endif
Christopher Haster 1:24750b9ad5ef 6979
Christopher Haster 1:24750b9ad5ef 6980 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 6981 mbedtls_free( session->ticket );
Christopher Haster 1:24750b9ad5ef 6982 #endif
Christopher Haster 1:24750b9ad5ef 6983
Christopher Haster 1:24750b9ad5ef 6984 mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) );
Christopher Haster 1:24750b9ad5ef 6985 }
Christopher Haster 1:24750b9ad5ef 6986
Christopher Haster 1:24750b9ad5ef 6987 /*
Christopher Haster 1:24750b9ad5ef 6988 * Free an SSL context
Christopher Haster 1:24750b9ad5ef 6989 */
Christopher Haster 1:24750b9ad5ef 6990 void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
Christopher Haster 1:24750b9ad5ef 6991 {
Christopher Haster 1:24750b9ad5ef 6992 if( ssl == NULL )
Christopher Haster 1:24750b9ad5ef 6993 return;
Christopher Haster 1:24750b9ad5ef 6994
Christopher Haster 1:24750b9ad5ef 6995 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) );
Christopher Haster 1:24750b9ad5ef 6996
Christopher Haster 1:24750b9ad5ef 6997 if( ssl->out_buf != NULL )
Christopher Haster 1:24750b9ad5ef 6998 {
Christopher Haster 1:24750b9ad5ef 6999 mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN );
Christopher Haster 1:24750b9ad5ef 7000 mbedtls_free( ssl->out_buf );
Christopher Haster 1:24750b9ad5ef 7001 }
Christopher Haster 1:24750b9ad5ef 7002
Christopher Haster 1:24750b9ad5ef 7003 if( ssl->in_buf != NULL )
Christopher Haster 1:24750b9ad5ef 7004 {
Christopher Haster 1:24750b9ad5ef 7005 mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN );
Christopher Haster 1:24750b9ad5ef 7006 mbedtls_free( ssl->in_buf );
Christopher Haster 1:24750b9ad5ef 7007 }
Christopher Haster 1:24750b9ad5ef 7008
Christopher Haster 1:24750b9ad5ef 7009 #if defined(MBEDTLS_ZLIB_SUPPORT)
Christopher Haster 1:24750b9ad5ef 7010 if( ssl->compress_buf != NULL )
Christopher Haster 1:24750b9ad5ef 7011 {
Christopher Haster 1:24750b9ad5ef 7012 mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN );
Christopher Haster 1:24750b9ad5ef 7013 mbedtls_free( ssl->compress_buf );
Christopher Haster 1:24750b9ad5ef 7014 }
Christopher Haster 1:24750b9ad5ef 7015 #endif
Christopher Haster 1:24750b9ad5ef 7016
Christopher Haster 1:24750b9ad5ef 7017 if( ssl->transform )
Christopher Haster 1:24750b9ad5ef 7018 {
Christopher Haster 1:24750b9ad5ef 7019 mbedtls_ssl_transform_free( ssl->transform );
Christopher Haster 1:24750b9ad5ef 7020 mbedtls_free( ssl->transform );
Christopher Haster 1:24750b9ad5ef 7021 }
Christopher Haster 1:24750b9ad5ef 7022
Christopher Haster 1:24750b9ad5ef 7023 if( ssl->handshake )
Christopher Haster 1:24750b9ad5ef 7024 {
Christopher Haster 1:24750b9ad5ef 7025 mbedtls_ssl_handshake_free( ssl->handshake );
Christopher Haster 1:24750b9ad5ef 7026 mbedtls_ssl_transform_free( ssl->transform_negotiate );
Christopher Haster 1:24750b9ad5ef 7027 mbedtls_ssl_session_free( ssl->session_negotiate );
Christopher Haster 1:24750b9ad5ef 7028
Christopher Haster 1:24750b9ad5ef 7029 mbedtls_free( ssl->handshake );
Christopher Haster 1:24750b9ad5ef 7030 mbedtls_free( ssl->transform_negotiate );
Christopher Haster 1:24750b9ad5ef 7031 mbedtls_free( ssl->session_negotiate );
Christopher Haster 1:24750b9ad5ef 7032 }
Christopher Haster 1:24750b9ad5ef 7033
Christopher Haster 1:24750b9ad5ef 7034 if( ssl->session )
Christopher Haster 1:24750b9ad5ef 7035 {
Christopher Haster 1:24750b9ad5ef 7036 mbedtls_ssl_session_free( ssl->session );
Christopher Haster 1:24750b9ad5ef 7037 mbedtls_free( ssl->session );
Christopher Haster 1:24750b9ad5ef 7038 }
Christopher Haster 1:24750b9ad5ef 7039
Christopher Haster 1:24750b9ad5ef 7040 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 7041 if( ssl->hostname != NULL )
Christopher Haster 1:24750b9ad5ef 7042 {
Christopher Haster 1:24750b9ad5ef 7043 mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
Christopher Haster 1:24750b9ad5ef 7044 mbedtls_free( ssl->hostname );
Christopher Haster 1:24750b9ad5ef 7045 }
Christopher Haster 1:24750b9ad5ef 7046 #endif
Christopher Haster 1:24750b9ad5ef 7047
Christopher Haster 1:24750b9ad5ef 7048 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
Christopher Haster 1:24750b9ad5ef 7049 if( mbedtls_ssl_hw_record_finish != NULL )
Christopher Haster 1:24750b9ad5ef 7050 {
Christopher Haster 1:24750b9ad5ef 7051 MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_finish()" ) );
Christopher Haster 1:24750b9ad5ef 7052 mbedtls_ssl_hw_record_finish( ssl );
Christopher Haster 1:24750b9ad5ef 7053 }
Christopher Haster 1:24750b9ad5ef 7054 #endif
Christopher Haster 1:24750b9ad5ef 7055
Christopher Haster 1:24750b9ad5ef 7056 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 7057 mbedtls_free( ssl->cli_id );
Christopher Haster 1:24750b9ad5ef 7058 #endif
Christopher Haster 1:24750b9ad5ef 7059
Christopher Haster 1:24750b9ad5ef 7060 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );
Christopher Haster 1:24750b9ad5ef 7061
Christopher Haster 1:24750b9ad5ef 7062 /* Actually clear after last debug message */
Christopher Haster 1:24750b9ad5ef 7063 mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
Christopher Haster 1:24750b9ad5ef 7064 }
Christopher Haster 1:24750b9ad5ef 7065
Christopher Haster 1:24750b9ad5ef 7066 /*
Christopher Haster 1:24750b9ad5ef 7067 * Initialze mbedtls_ssl_config
Christopher Haster 1:24750b9ad5ef 7068 */
Christopher Haster 1:24750b9ad5ef 7069 void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
Christopher Haster 1:24750b9ad5ef 7070 {
Christopher Haster 1:24750b9ad5ef 7071 memset( conf, 0, sizeof( mbedtls_ssl_config ) );
Christopher Haster 1:24750b9ad5ef 7072 }
Christopher Haster 1:24750b9ad5ef 7073
Christopher Haster 1:24750b9ad5ef 7074 static int ssl_preset_suiteb_ciphersuites[] = {
Christopher Haster 1:24750b9ad5ef 7075 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
Christopher Haster 1:24750b9ad5ef 7076 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
Christopher Haster 1:24750b9ad5ef 7077 0
Christopher Haster 1:24750b9ad5ef 7078 };
Christopher Haster 1:24750b9ad5ef 7079
Christopher Haster 1:24750b9ad5ef 7080 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
Christopher Haster 1:24750b9ad5ef 7081 static int ssl_preset_suiteb_hashes[] = {
Christopher Haster 1:24750b9ad5ef 7082 MBEDTLS_MD_SHA256,
Christopher Haster 1:24750b9ad5ef 7083 MBEDTLS_MD_SHA384,
Christopher Haster 1:24750b9ad5ef 7084 MBEDTLS_MD_NONE
Christopher Haster 1:24750b9ad5ef 7085 };
Christopher Haster 1:24750b9ad5ef 7086 #endif
Christopher Haster 1:24750b9ad5ef 7087
Christopher Haster 1:24750b9ad5ef 7088 #if defined(MBEDTLS_ECP_C)
Christopher Haster 1:24750b9ad5ef 7089 static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
Christopher Haster 1:24750b9ad5ef 7090 MBEDTLS_ECP_DP_SECP256R1,
Christopher Haster 1:24750b9ad5ef 7091 MBEDTLS_ECP_DP_SECP384R1,
Christopher Haster 1:24750b9ad5ef 7092 MBEDTLS_ECP_DP_NONE
Christopher Haster 1:24750b9ad5ef 7093 };
Christopher Haster 1:24750b9ad5ef 7094 #endif
Christopher Haster 1:24750b9ad5ef 7095
Christopher Haster 1:24750b9ad5ef 7096 /*
Christopher Haster 1:24750b9ad5ef 7097 * Load default in mbedtls_ssl_config
Christopher Haster 1:24750b9ad5ef 7098 */
Christopher Haster 1:24750b9ad5ef 7099 int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
Christopher Haster 1:24750b9ad5ef 7100 int endpoint, int transport, int preset )
Christopher Haster 1:24750b9ad5ef 7101 {
Christopher Haster 1:24750b9ad5ef 7102 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 7103 int ret;
Christopher Haster 1:24750b9ad5ef 7104 #endif
Christopher Haster 1:24750b9ad5ef 7105
Christopher Haster 1:24750b9ad5ef 7106 /* Use the functions here so that they are covered in tests,
Christopher Haster 1:24750b9ad5ef 7107 * but otherwise access member directly for efficiency */
Christopher Haster 1:24750b9ad5ef 7108 mbedtls_ssl_conf_endpoint( conf, endpoint );
Christopher Haster 1:24750b9ad5ef 7109 mbedtls_ssl_conf_transport( conf, transport );
Christopher Haster 1:24750b9ad5ef 7110
Christopher Haster 1:24750b9ad5ef 7111 /*
Christopher Haster 1:24750b9ad5ef 7112 * Things that are common to all presets
Christopher Haster 1:24750b9ad5ef 7113 */
Christopher Haster 1:24750b9ad5ef 7114 #if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 7115 if( endpoint == MBEDTLS_SSL_IS_CLIENT )
Christopher Haster 1:24750b9ad5ef 7116 {
Christopher Haster 1:24750b9ad5ef 7117 conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
Christopher Haster 1:24750b9ad5ef 7118 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
Christopher Haster 1:24750b9ad5ef 7119 conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
Christopher Haster 1:24750b9ad5ef 7120 #endif
Christopher Haster 1:24750b9ad5ef 7121 }
Christopher Haster 1:24750b9ad5ef 7122 #endif
Christopher Haster 1:24750b9ad5ef 7123
Christopher Haster 1:24750b9ad5ef 7124 #if defined(MBEDTLS_ARC4_C)
Christopher Haster 1:24750b9ad5ef 7125 conf->arc4_disabled = MBEDTLS_SSL_ARC4_DISABLED;
Christopher Haster 1:24750b9ad5ef 7126 #endif
Christopher Haster 1:24750b9ad5ef 7127
Christopher Haster 1:24750b9ad5ef 7128 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
Christopher Haster 1:24750b9ad5ef 7129 conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
Christopher Haster 1:24750b9ad5ef 7130 #endif
Christopher Haster 1:24750b9ad5ef 7131
Christopher Haster 1:24750b9ad5ef 7132 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
Christopher Haster 1:24750b9ad5ef 7133 conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
Christopher Haster 1:24750b9ad5ef 7134 #endif
Christopher Haster 1:24750b9ad5ef 7135
Christopher Haster 1:24750b9ad5ef 7136 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
Christopher Haster 1:24750b9ad5ef 7137 conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED;
Christopher Haster 1:24750b9ad5ef 7138 #endif
Christopher Haster 1:24750b9ad5ef 7139
Christopher Haster 1:24750b9ad5ef 7140 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 7141 conf->f_cookie_write = ssl_cookie_write_dummy;
Christopher Haster 1:24750b9ad5ef 7142 conf->f_cookie_check = ssl_cookie_check_dummy;
Christopher Haster 1:24750b9ad5ef 7143 #endif
Christopher Haster 1:24750b9ad5ef 7144
Christopher Haster 1:24750b9ad5ef 7145 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
Christopher Haster 1:24750b9ad5ef 7146 conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED;
Christopher Haster 1:24750b9ad5ef 7147 #endif
Christopher Haster 1:24750b9ad5ef 7148
Christopher Haster 1:24750b9ad5ef 7149 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 7150 conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN;
Christopher Haster 1:24750b9ad5ef 7151 conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX;
Christopher Haster 1:24750b9ad5ef 7152 #endif
Christopher Haster 1:24750b9ad5ef 7153
Christopher Haster 1:24750b9ad5ef 7154 #if defined(MBEDTLS_SSL_RENEGOTIATION)
Christopher Haster 1:24750b9ad5ef 7155 conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT;
Christopher Haster 1:24750b9ad5ef 7156 memset( conf->renego_period, 0xFF, 7 );
Christopher Haster 1:24750b9ad5ef 7157 conf->renego_period[7] = 0x00;
Christopher Haster 1:24750b9ad5ef 7158 #endif
Christopher Haster 1:24750b9ad5ef 7159
Christopher Haster 1:24750b9ad5ef 7160 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
Christopher Haster 1:24750b9ad5ef 7161 if( endpoint == MBEDTLS_SSL_IS_SERVER )
Christopher Haster 1:24750b9ad5ef 7162 {
Christopher Haster 1:24750b9ad5ef 7163 if( ( ret = mbedtls_ssl_conf_dh_param( conf,
Christopher Haster 1:24750b9ad5ef 7164 MBEDTLS_DHM_RFC5114_MODP_2048_P,
Christopher Haster 1:24750b9ad5ef 7165 MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 7166 {
Christopher Haster 1:24750b9ad5ef 7167 return( ret );
Christopher Haster 1:24750b9ad5ef 7168 }
Christopher Haster 1:24750b9ad5ef 7169 }
Christopher Haster 1:24750b9ad5ef 7170 #endif
Christopher Haster 1:24750b9ad5ef 7171
Christopher Haster 1:24750b9ad5ef 7172 /*
Christopher Haster 1:24750b9ad5ef 7173 * Preset-specific defaults
Christopher Haster 1:24750b9ad5ef 7174 */
Christopher Haster 1:24750b9ad5ef 7175 switch( preset )
Christopher Haster 1:24750b9ad5ef 7176 {
Christopher Haster 1:24750b9ad5ef 7177 /*
Christopher Haster 1:24750b9ad5ef 7178 * NSA Suite B
Christopher Haster 1:24750b9ad5ef 7179 */
Christopher Haster 1:24750b9ad5ef 7180 case MBEDTLS_SSL_PRESET_SUITEB:
Christopher Haster 1:24750b9ad5ef 7181 conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
Christopher Haster 1:24750b9ad5ef 7182 conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */
Christopher Haster 1:24750b9ad5ef 7183 conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
Christopher Haster 1:24750b9ad5ef 7184 conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
Christopher Haster 1:24750b9ad5ef 7185
Christopher Haster 1:24750b9ad5ef 7186 conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
Christopher Haster 1:24750b9ad5ef 7187 conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
Christopher Haster 1:24750b9ad5ef 7188 conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
Christopher Haster 1:24750b9ad5ef 7189 conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
Christopher Haster 1:24750b9ad5ef 7190 ssl_preset_suiteb_ciphersuites;
Christopher Haster 1:24750b9ad5ef 7191
Christopher Haster 1:24750b9ad5ef 7192 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 7193 conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
Christopher Haster 1:24750b9ad5ef 7194 #endif
Christopher Haster 1:24750b9ad5ef 7195
Christopher Haster 1:24750b9ad5ef 7196 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
Christopher Haster 1:24750b9ad5ef 7197 conf->sig_hashes = ssl_preset_suiteb_hashes;
Christopher Haster 1:24750b9ad5ef 7198 #endif
Christopher Haster 1:24750b9ad5ef 7199
Christopher Haster 1:24750b9ad5ef 7200 #if defined(MBEDTLS_ECP_C)
Christopher Haster 1:24750b9ad5ef 7201 conf->curve_list = ssl_preset_suiteb_curves;
Christopher Haster 1:24750b9ad5ef 7202 #endif
Christopher Haster 1:24750b9ad5ef 7203 break;
Christopher Haster 1:24750b9ad5ef 7204
Christopher Haster 1:24750b9ad5ef 7205 /*
Christopher Haster 1:24750b9ad5ef 7206 * Default
Christopher Haster 1:24750b9ad5ef 7207 */
Christopher Haster 1:24750b9ad5ef 7208 default:
Christopher Haster 1:24750b9ad5ef 7209 conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
Christopher Haster 1:24750b9ad5ef 7210 conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
Christopher Haster 1:24750b9ad5ef 7211 conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
Christopher Haster 1:24750b9ad5ef 7212 conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
Christopher Haster 1:24750b9ad5ef 7213
Christopher Haster 1:24750b9ad5ef 7214 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 7215 if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 7216 conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
Christopher Haster 1:24750b9ad5ef 7217 #endif
Christopher Haster 1:24750b9ad5ef 7218
Christopher Haster 1:24750b9ad5ef 7219 conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
Christopher Haster 1:24750b9ad5ef 7220 conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
Christopher Haster 1:24750b9ad5ef 7221 conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
Christopher Haster 1:24750b9ad5ef 7222 conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
Christopher Haster 1:24750b9ad5ef 7223 mbedtls_ssl_list_ciphersuites();
Christopher Haster 1:24750b9ad5ef 7224
Christopher Haster 1:24750b9ad5ef 7225 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 7226 conf->cert_profile = &mbedtls_x509_crt_profile_default;
Christopher Haster 1:24750b9ad5ef 7227 #endif
Christopher Haster 1:24750b9ad5ef 7228
Christopher Haster 1:24750b9ad5ef 7229 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
Christopher Haster 1:24750b9ad5ef 7230 conf->sig_hashes = mbedtls_md_list();
Christopher Haster 1:24750b9ad5ef 7231 #endif
Christopher Haster 1:24750b9ad5ef 7232
Christopher Haster 1:24750b9ad5ef 7233 #if defined(MBEDTLS_ECP_C)
Christopher Haster 1:24750b9ad5ef 7234 conf->curve_list = mbedtls_ecp_grp_id_list();
Christopher Haster 1:24750b9ad5ef 7235 #endif
Christopher Haster 1:24750b9ad5ef 7236
Christopher Haster 1:24750b9ad5ef 7237 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
Christopher Haster 1:24750b9ad5ef 7238 conf->dhm_min_bitlen = 1024;
Christopher Haster 1:24750b9ad5ef 7239 #endif
Christopher Haster 1:24750b9ad5ef 7240 }
Christopher Haster 1:24750b9ad5ef 7241
Christopher Haster 1:24750b9ad5ef 7242 return( 0 );
Christopher Haster 1:24750b9ad5ef 7243 }
Christopher Haster 1:24750b9ad5ef 7244
Christopher Haster 1:24750b9ad5ef 7245 /*
Christopher Haster 1:24750b9ad5ef 7246 * Free mbedtls_ssl_config
Christopher Haster 1:24750b9ad5ef 7247 */
Christopher Haster 1:24750b9ad5ef 7248 void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
Christopher Haster 1:24750b9ad5ef 7249 {
Christopher Haster 1:24750b9ad5ef 7250 #if defined(MBEDTLS_DHM_C)
Christopher Haster 1:24750b9ad5ef 7251 mbedtls_mpi_free( &conf->dhm_P );
Christopher Haster 1:24750b9ad5ef 7252 mbedtls_mpi_free( &conf->dhm_G );
Christopher Haster 1:24750b9ad5ef 7253 #endif
Christopher Haster 1:24750b9ad5ef 7254
Christopher Haster 1:24750b9ad5ef 7255 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
Christopher Haster 1:24750b9ad5ef 7256 if( conf->psk != NULL )
Christopher Haster 1:24750b9ad5ef 7257 {
Christopher Haster 1:24750b9ad5ef 7258 mbedtls_zeroize( conf->psk, conf->psk_len );
Christopher Haster 1:24750b9ad5ef 7259 mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len );
Christopher Haster 1:24750b9ad5ef 7260 mbedtls_free( conf->psk );
Christopher Haster 1:24750b9ad5ef 7261 mbedtls_free( conf->psk_identity );
Christopher Haster 1:24750b9ad5ef 7262 conf->psk_len = 0;
Christopher Haster 1:24750b9ad5ef 7263 conf->psk_identity_len = 0;
Christopher Haster 1:24750b9ad5ef 7264 }
Christopher Haster 1:24750b9ad5ef 7265 #endif
Christopher Haster 1:24750b9ad5ef 7266
Christopher Haster 1:24750b9ad5ef 7267 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 7268 ssl_key_cert_free( conf->key_cert );
Christopher Haster 1:24750b9ad5ef 7269 #endif
Christopher Haster 1:24750b9ad5ef 7270
Christopher Haster 1:24750b9ad5ef 7271 mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) );
Christopher Haster 1:24750b9ad5ef 7272 }
Christopher Haster 1:24750b9ad5ef 7273
Christopher Haster 1:24750b9ad5ef 7274 #if defined(MBEDTLS_PK_C) && \
Christopher Haster 1:24750b9ad5ef 7275 ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) )
Christopher Haster 1:24750b9ad5ef 7276 /*
Christopher Haster 1:24750b9ad5ef 7277 * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
Christopher Haster 1:24750b9ad5ef 7278 */
Christopher Haster 1:24750b9ad5ef 7279 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk )
Christopher Haster 1:24750b9ad5ef 7280 {
Christopher Haster 1:24750b9ad5ef 7281 #if defined(MBEDTLS_RSA_C)
Christopher Haster 1:24750b9ad5ef 7282 if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) )
Christopher Haster 1:24750b9ad5ef 7283 return( MBEDTLS_SSL_SIG_RSA );
Christopher Haster 1:24750b9ad5ef 7284 #endif
Christopher Haster 1:24750b9ad5ef 7285 #if defined(MBEDTLS_ECDSA_C)
Christopher Haster 1:24750b9ad5ef 7286 if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) )
Christopher Haster 1:24750b9ad5ef 7287 return( MBEDTLS_SSL_SIG_ECDSA );
Christopher Haster 1:24750b9ad5ef 7288 #endif
Christopher Haster 1:24750b9ad5ef 7289 return( MBEDTLS_SSL_SIG_ANON );
Christopher Haster 1:24750b9ad5ef 7290 }
Christopher Haster 1:24750b9ad5ef 7291
Christopher Haster 1:24750b9ad5ef 7292 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig )
Christopher Haster 1:24750b9ad5ef 7293 {
Christopher Haster 1:24750b9ad5ef 7294 switch( sig )
Christopher Haster 1:24750b9ad5ef 7295 {
Christopher Haster 1:24750b9ad5ef 7296 #if defined(MBEDTLS_RSA_C)
Christopher Haster 1:24750b9ad5ef 7297 case MBEDTLS_SSL_SIG_RSA:
Christopher Haster 1:24750b9ad5ef 7298 return( MBEDTLS_PK_RSA );
Christopher Haster 1:24750b9ad5ef 7299 #endif
Christopher Haster 1:24750b9ad5ef 7300 #if defined(MBEDTLS_ECDSA_C)
Christopher Haster 1:24750b9ad5ef 7301 case MBEDTLS_SSL_SIG_ECDSA:
Christopher Haster 1:24750b9ad5ef 7302 return( MBEDTLS_PK_ECDSA );
Christopher Haster 1:24750b9ad5ef 7303 #endif
Christopher Haster 1:24750b9ad5ef 7304 default:
Christopher Haster 1:24750b9ad5ef 7305 return( MBEDTLS_PK_NONE );
Christopher Haster 1:24750b9ad5ef 7306 }
Christopher Haster 1:24750b9ad5ef 7307 }
Christopher Haster 1:24750b9ad5ef 7308 #endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */
Christopher Haster 1:24750b9ad5ef 7309
Christopher Haster 1:24750b9ad5ef 7310 /*
Christopher Haster 1:24750b9ad5ef 7311 * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
Christopher Haster 1:24750b9ad5ef 7312 */
Christopher Haster 1:24750b9ad5ef 7313 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash )
Christopher Haster 1:24750b9ad5ef 7314 {
Christopher Haster 1:24750b9ad5ef 7315 switch( hash )
Christopher Haster 1:24750b9ad5ef 7316 {
Christopher Haster 1:24750b9ad5ef 7317 #if defined(MBEDTLS_MD5_C)
Christopher Haster 1:24750b9ad5ef 7318 case MBEDTLS_SSL_HASH_MD5:
Christopher Haster 1:24750b9ad5ef 7319 return( MBEDTLS_MD_MD5 );
Christopher Haster 1:24750b9ad5ef 7320 #endif
Christopher Haster 1:24750b9ad5ef 7321 #if defined(MBEDTLS_SHA1_C)
Christopher Haster 1:24750b9ad5ef 7322 case MBEDTLS_SSL_HASH_SHA1:
Christopher Haster 1:24750b9ad5ef 7323 return( MBEDTLS_MD_SHA1 );
Christopher Haster 1:24750b9ad5ef 7324 #endif
Christopher Haster 1:24750b9ad5ef 7325 #if defined(MBEDTLS_SHA256_C)
Christopher Haster 1:24750b9ad5ef 7326 case MBEDTLS_SSL_HASH_SHA224:
Christopher Haster 1:24750b9ad5ef 7327 return( MBEDTLS_MD_SHA224 );
Christopher Haster 1:24750b9ad5ef 7328 case MBEDTLS_SSL_HASH_SHA256:
Christopher Haster 1:24750b9ad5ef 7329 return( MBEDTLS_MD_SHA256 );
Christopher Haster 1:24750b9ad5ef 7330 #endif
Christopher Haster 1:24750b9ad5ef 7331 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 7332 case MBEDTLS_SSL_HASH_SHA384:
Christopher Haster 1:24750b9ad5ef 7333 return( MBEDTLS_MD_SHA384 );
Christopher Haster 1:24750b9ad5ef 7334 case MBEDTLS_SSL_HASH_SHA512:
Christopher Haster 1:24750b9ad5ef 7335 return( MBEDTLS_MD_SHA512 );
Christopher Haster 1:24750b9ad5ef 7336 #endif
Christopher Haster 1:24750b9ad5ef 7337 default:
Christopher Haster 1:24750b9ad5ef 7338 return( MBEDTLS_MD_NONE );
Christopher Haster 1:24750b9ad5ef 7339 }
Christopher Haster 1:24750b9ad5ef 7340 }
Christopher Haster 1:24750b9ad5ef 7341
Christopher Haster 1:24750b9ad5ef 7342 /*
Christopher Haster 1:24750b9ad5ef 7343 * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX
Christopher Haster 1:24750b9ad5ef 7344 */
Christopher Haster 1:24750b9ad5ef 7345 unsigned char mbedtls_ssl_hash_from_md_alg( int md )
Christopher Haster 1:24750b9ad5ef 7346 {
Christopher Haster 1:24750b9ad5ef 7347 switch( md )
Christopher Haster 1:24750b9ad5ef 7348 {
Christopher Haster 1:24750b9ad5ef 7349 #if defined(MBEDTLS_MD5_C)
Christopher Haster 1:24750b9ad5ef 7350 case MBEDTLS_MD_MD5:
Christopher Haster 1:24750b9ad5ef 7351 return( MBEDTLS_SSL_HASH_MD5 );
Christopher Haster 1:24750b9ad5ef 7352 #endif
Christopher Haster 1:24750b9ad5ef 7353 #if defined(MBEDTLS_SHA1_C)
Christopher Haster 1:24750b9ad5ef 7354 case MBEDTLS_MD_SHA1:
Christopher Haster 1:24750b9ad5ef 7355 return( MBEDTLS_SSL_HASH_SHA1 );
Christopher Haster 1:24750b9ad5ef 7356 #endif
Christopher Haster 1:24750b9ad5ef 7357 #if defined(MBEDTLS_SHA256_C)
Christopher Haster 1:24750b9ad5ef 7358 case MBEDTLS_MD_SHA224:
Christopher Haster 1:24750b9ad5ef 7359 return( MBEDTLS_SSL_HASH_SHA224 );
Christopher Haster 1:24750b9ad5ef 7360 case MBEDTLS_MD_SHA256:
Christopher Haster 1:24750b9ad5ef 7361 return( MBEDTLS_SSL_HASH_SHA256 );
Christopher Haster 1:24750b9ad5ef 7362 #endif
Christopher Haster 1:24750b9ad5ef 7363 #if defined(MBEDTLS_SHA512_C)
Christopher Haster 1:24750b9ad5ef 7364 case MBEDTLS_MD_SHA384:
Christopher Haster 1:24750b9ad5ef 7365 return( MBEDTLS_SSL_HASH_SHA384 );
Christopher Haster 1:24750b9ad5ef 7366 case MBEDTLS_MD_SHA512:
Christopher Haster 1:24750b9ad5ef 7367 return( MBEDTLS_SSL_HASH_SHA512 );
Christopher Haster 1:24750b9ad5ef 7368 #endif
Christopher Haster 1:24750b9ad5ef 7369 default:
Christopher Haster 1:24750b9ad5ef 7370 return( MBEDTLS_SSL_HASH_NONE );
Christopher Haster 1:24750b9ad5ef 7371 }
Christopher Haster 1:24750b9ad5ef 7372 }
Christopher Haster 1:24750b9ad5ef 7373
Christopher Haster 1:24750b9ad5ef 7374 #if defined(MBEDTLS_ECP_C)
Christopher Haster 1:24750b9ad5ef 7375 /*
Christopher Haster 1:24750b9ad5ef 7376 * Check if a curve proposed by the peer is in our list.
Christopher Haster 1:24750b9ad5ef 7377 * Return 0 if we're willing to use it, -1 otherwise.
Christopher Haster 1:24750b9ad5ef 7378 */
Christopher Haster 1:24750b9ad5ef 7379 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
Christopher Haster 1:24750b9ad5ef 7380 {
Christopher Haster 1:24750b9ad5ef 7381 const mbedtls_ecp_group_id *gid;
Christopher Haster 1:24750b9ad5ef 7382
Christopher Haster 1:24750b9ad5ef 7383 if( ssl->conf->curve_list == NULL )
Christopher Haster 1:24750b9ad5ef 7384 return( -1 );
Christopher Haster 1:24750b9ad5ef 7385
Christopher Haster 1:24750b9ad5ef 7386 for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
Christopher Haster 1:24750b9ad5ef 7387 if( *gid == grp_id )
Christopher Haster 1:24750b9ad5ef 7388 return( 0 );
Christopher Haster 1:24750b9ad5ef 7389
Christopher Haster 1:24750b9ad5ef 7390 return( -1 );
Christopher Haster 1:24750b9ad5ef 7391 }
Christopher Haster 1:24750b9ad5ef 7392 #endif /* MBEDTLS_ECP_C */
Christopher Haster 1:24750b9ad5ef 7393
Christopher Haster 1:24750b9ad5ef 7394 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
Christopher Haster 1:24750b9ad5ef 7395 /*
Christopher Haster 1:24750b9ad5ef 7396 * Check if a hash proposed by the peer is in our list.
Christopher Haster 1:24750b9ad5ef 7397 * Return 0 if we're willing to use it, -1 otherwise.
Christopher Haster 1:24750b9ad5ef 7398 */
Christopher Haster 1:24750b9ad5ef 7399 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
Christopher Haster 1:24750b9ad5ef 7400 mbedtls_md_type_t md )
Christopher Haster 1:24750b9ad5ef 7401 {
Christopher Haster 1:24750b9ad5ef 7402 const int *cur;
Christopher Haster 1:24750b9ad5ef 7403
Christopher Haster 1:24750b9ad5ef 7404 if( ssl->conf->sig_hashes == NULL )
Christopher Haster 1:24750b9ad5ef 7405 return( -1 );
Christopher Haster 1:24750b9ad5ef 7406
Christopher Haster 1:24750b9ad5ef 7407 for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
Christopher Haster 1:24750b9ad5ef 7408 if( *cur == (int) md )
Christopher Haster 1:24750b9ad5ef 7409 return( 0 );
Christopher Haster 1:24750b9ad5ef 7410
Christopher Haster 1:24750b9ad5ef 7411 return( -1 );
Christopher Haster 1:24750b9ad5ef 7412 }
Christopher Haster 1:24750b9ad5ef 7413 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
Christopher Haster 1:24750b9ad5ef 7414
Christopher Haster 1:24750b9ad5ef 7415 #if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster 1:24750b9ad5ef 7416 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
Christopher Haster 1:24750b9ad5ef 7417 const mbedtls_ssl_ciphersuite_t *ciphersuite,
Christopher Haster 1:24750b9ad5ef 7418 int cert_endpoint,
Christopher Haster 1:24750b9ad5ef 7419 uint32_t *flags )
Christopher Haster 1:24750b9ad5ef 7420 {
Christopher Haster 1:24750b9ad5ef 7421 int ret = 0;
Christopher Haster 1:24750b9ad5ef 7422 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
Christopher Haster 1:24750b9ad5ef 7423 int usage = 0;
Christopher Haster 1:24750b9ad5ef 7424 #endif
Christopher Haster 1:24750b9ad5ef 7425 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
Christopher Haster 1:24750b9ad5ef 7426 const char *ext_oid;
Christopher Haster 1:24750b9ad5ef 7427 size_t ext_len;
Christopher Haster 1:24750b9ad5ef 7428 #endif
Christopher Haster 1:24750b9ad5ef 7429
Christopher Haster 1:24750b9ad5ef 7430 #if !defined(MBEDTLS_X509_CHECK_KEY_USAGE) && \
Christopher Haster 1:24750b9ad5ef 7431 !defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
Christopher Haster 1:24750b9ad5ef 7432 ((void) cert);
Christopher Haster 1:24750b9ad5ef 7433 ((void) cert_endpoint);
Christopher Haster 1:24750b9ad5ef 7434 ((void) flags);
Christopher Haster 1:24750b9ad5ef 7435 #endif
Christopher Haster 1:24750b9ad5ef 7436
Christopher Haster 1:24750b9ad5ef 7437 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
Christopher Haster 1:24750b9ad5ef 7438 if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
Christopher Haster 1:24750b9ad5ef 7439 {
Christopher Haster 1:24750b9ad5ef 7440 /* Server part of the key exchange */
Christopher Haster 1:24750b9ad5ef 7441 switch( ciphersuite->key_exchange )
Christopher Haster 1:24750b9ad5ef 7442 {
Christopher Haster 1:24750b9ad5ef 7443 case MBEDTLS_KEY_EXCHANGE_RSA:
Christopher Haster 1:24750b9ad5ef 7444 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
Christopher Haster 1:24750b9ad5ef 7445 usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
Christopher Haster 1:24750b9ad5ef 7446 break;
Christopher Haster 1:24750b9ad5ef 7447
Christopher Haster 1:24750b9ad5ef 7448 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
Christopher Haster 1:24750b9ad5ef 7449 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Christopher Haster 1:24750b9ad5ef 7450 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Christopher Haster 1:24750b9ad5ef 7451 usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
Christopher Haster 1:24750b9ad5ef 7452 break;
Christopher Haster 1:24750b9ad5ef 7453
Christopher Haster 1:24750b9ad5ef 7454 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
Christopher Haster 1:24750b9ad5ef 7455 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Christopher Haster 1:24750b9ad5ef 7456 usage = MBEDTLS_X509_KU_KEY_AGREEMENT;
Christopher Haster 1:24750b9ad5ef 7457 break;
Christopher Haster 1:24750b9ad5ef 7458
Christopher Haster 1:24750b9ad5ef 7459 /* Don't use default: we want warnings when adding new values */
Christopher Haster 1:24750b9ad5ef 7460 case MBEDTLS_KEY_EXCHANGE_NONE:
Christopher Haster 1:24750b9ad5ef 7461 case MBEDTLS_KEY_EXCHANGE_PSK:
Christopher Haster 1:24750b9ad5ef 7462 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
Christopher Haster 1:24750b9ad5ef 7463 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
Christopher Haster 1:24750b9ad5ef 7464 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
Christopher Haster 1:24750b9ad5ef 7465 usage = 0;
Christopher Haster 1:24750b9ad5ef 7466 }
Christopher Haster 1:24750b9ad5ef 7467 }
Christopher Haster 1:24750b9ad5ef 7468 else
Christopher Haster 1:24750b9ad5ef 7469 {
Christopher Haster 1:24750b9ad5ef 7470 /* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */
Christopher Haster 1:24750b9ad5ef 7471 usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
Christopher Haster 1:24750b9ad5ef 7472 }
Christopher Haster 1:24750b9ad5ef 7473
Christopher Haster 1:24750b9ad5ef 7474 if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 )
Christopher Haster 1:24750b9ad5ef 7475 {
Christopher Haster 1:24750b9ad5ef 7476 *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
Christopher Haster 1:24750b9ad5ef 7477 ret = -1;
Christopher Haster 1:24750b9ad5ef 7478 }
Christopher Haster 1:24750b9ad5ef 7479 #else
Christopher Haster 1:24750b9ad5ef 7480 ((void) ciphersuite);
Christopher Haster 1:24750b9ad5ef 7481 #endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
Christopher Haster 1:24750b9ad5ef 7482
Christopher Haster 1:24750b9ad5ef 7483 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
Christopher Haster 1:24750b9ad5ef 7484 if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
Christopher Haster 1:24750b9ad5ef 7485 {
Christopher Haster 1:24750b9ad5ef 7486 ext_oid = MBEDTLS_OID_SERVER_AUTH;
Christopher Haster 1:24750b9ad5ef 7487 ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH );
Christopher Haster 1:24750b9ad5ef 7488 }
Christopher Haster 1:24750b9ad5ef 7489 else
Christopher Haster 1:24750b9ad5ef 7490 {
Christopher Haster 1:24750b9ad5ef 7491 ext_oid = MBEDTLS_OID_CLIENT_AUTH;
Christopher Haster 1:24750b9ad5ef 7492 ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH );
Christopher Haster 1:24750b9ad5ef 7493 }
Christopher Haster 1:24750b9ad5ef 7494
Christopher Haster 1:24750b9ad5ef 7495 if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
Christopher Haster 1:24750b9ad5ef 7496 {
Christopher Haster 1:24750b9ad5ef 7497 *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
Christopher Haster 1:24750b9ad5ef 7498 ret = -1;
Christopher Haster 1:24750b9ad5ef 7499 }
Christopher Haster 1:24750b9ad5ef 7500 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
Christopher Haster 1:24750b9ad5ef 7501
Christopher Haster 1:24750b9ad5ef 7502 return( ret );
Christopher Haster 1:24750b9ad5ef 7503 }
Christopher Haster 1:24750b9ad5ef 7504 #endif /* MBEDTLS_X509_CRT_PARSE_C */
Christopher Haster 1:24750b9ad5ef 7505
Christopher Haster 1:24750b9ad5ef 7506 /*
Christopher Haster 1:24750b9ad5ef 7507 * Convert version numbers to/from wire format
Christopher Haster 1:24750b9ad5ef 7508 * and, for DTLS, to/from TLS equivalent.
Christopher Haster 1:24750b9ad5ef 7509 *
Christopher Haster 1:24750b9ad5ef 7510 * For TLS this is the identity.
Christopher Haster 1:24750b9ad5ef 7511 * For DTLS, use one complement (v -> 255 - v, and then map as follows:
Christopher Haster 1:24750b9ad5ef 7512 * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1)
Christopher Haster 1:24750b9ad5ef 7513 * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2)
Christopher Haster 1:24750b9ad5ef 7514 */
Christopher Haster 1:24750b9ad5ef 7515 void mbedtls_ssl_write_version( int major, int minor, int transport,
Christopher Haster 1:24750b9ad5ef 7516 unsigned char ver[2] )
Christopher Haster 1:24750b9ad5ef 7517 {
Christopher Haster 1:24750b9ad5ef 7518 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 7519 if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 7520 {
Christopher Haster 1:24750b9ad5ef 7521 if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
Christopher Haster 1:24750b9ad5ef 7522 --minor; /* DTLS 1.0 stored as TLS 1.1 internally */
Christopher Haster 1:24750b9ad5ef 7523
Christopher Haster 1:24750b9ad5ef 7524 ver[0] = (unsigned char)( 255 - ( major - 2 ) );
Christopher Haster 1:24750b9ad5ef 7525 ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
Christopher Haster 1:24750b9ad5ef 7526 }
Christopher Haster 1:24750b9ad5ef 7527 else
Christopher Haster 1:24750b9ad5ef 7528 #else
Christopher Haster 1:24750b9ad5ef 7529 ((void) transport);
Christopher Haster 1:24750b9ad5ef 7530 #endif
Christopher Haster 1:24750b9ad5ef 7531 {
Christopher Haster 1:24750b9ad5ef 7532 ver[0] = (unsigned char) major;
Christopher Haster 1:24750b9ad5ef 7533 ver[1] = (unsigned char) minor;
Christopher Haster 1:24750b9ad5ef 7534 }
Christopher Haster 1:24750b9ad5ef 7535 }
Christopher Haster 1:24750b9ad5ef 7536
Christopher Haster 1:24750b9ad5ef 7537 void mbedtls_ssl_read_version( int *major, int *minor, int transport,
Christopher Haster 1:24750b9ad5ef 7538 const unsigned char ver[2] )
Christopher Haster 1:24750b9ad5ef 7539 {
Christopher Haster 1:24750b9ad5ef 7540 #if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster 1:24750b9ad5ef 7541 if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster 1:24750b9ad5ef 7542 {
Christopher Haster 1:24750b9ad5ef 7543 *major = 255 - ver[0] + 2;
Christopher Haster 1:24750b9ad5ef 7544 *minor = 255 - ver[1] + 1;
Christopher Haster 1:24750b9ad5ef 7545
Christopher Haster 1:24750b9ad5ef 7546 if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
Christopher Haster 1:24750b9ad5ef 7547 ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
Christopher Haster 1:24750b9ad5ef 7548 }
Christopher Haster 1:24750b9ad5ef 7549 else
Christopher Haster 1:24750b9ad5ef 7550 #else
Christopher Haster 1:24750b9ad5ef 7551 ((void) transport);
Christopher Haster 1:24750b9ad5ef 7552 #endif
Christopher Haster 1:24750b9ad5ef 7553 {
Christopher Haster 1:24750b9ad5ef 7554 *major = ver[0];
Christopher Haster 1:24750b9ad5ef 7555 *minor = ver[1];
Christopher Haster 1:24750b9ad5ef 7556 }
Christopher Haster 1:24750b9ad5ef 7557 }
Christopher Haster 1:24750b9ad5ef 7558
Christopher Haster 1:24750b9ad5ef 7559 #endif /* MBEDTLS_SSL_TLS_C */