takashi kadono
/
Nucleo446_SSD1331
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
mbed-os/features/mbedtls/src/ssl_tls.c@0:8fdf9a60065b, 2018-10-10 (annotated)
- Committer:
- kadonotakashi
- Date:
- Wed Oct 10 00:33:53 2018 +0000
- Revision:
- 0:8fdf9a60065b
how to make mbed librry
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| kadonotakashi | 0:8fdf9a60065b | 1 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2 | * SSLv3/TLSv1 shared functions |
| kadonotakashi | 0:8fdf9a60065b | 3 | * |
| kadonotakashi | 0:8fdf9a60065b | 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
| kadonotakashi | 0:8fdf9a60065b | 5 | * SPDX-License-Identifier: Apache-2.0 |
| kadonotakashi | 0:8fdf9a60065b | 6 | * |
| kadonotakashi | 0:8fdf9a60065b | 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| kadonotakashi | 0:8fdf9a60065b | 8 | * not use this file except in compliance with the License. |
| kadonotakashi | 0:8fdf9a60065b | 9 | * You may obtain a copy of the License at |
| kadonotakashi | 0:8fdf9a60065b | 10 | * |
| kadonotakashi | 0:8fdf9a60065b | 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
| kadonotakashi | 0:8fdf9a60065b | 12 | * |
| kadonotakashi | 0:8fdf9a60065b | 13 | * Unless required by applicable law or agreed to in writing, software |
| kadonotakashi | 0:8fdf9a60065b | 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| kadonotakashi | 0:8fdf9a60065b | 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| kadonotakashi | 0:8fdf9a60065b | 16 | * See the License for the specific language governing permissions and |
| kadonotakashi | 0:8fdf9a60065b | 17 | * limitations under the License. |
| kadonotakashi | 0:8fdf9a60065b | 18 | * |
| kadonotakashi | 0:8fdf9a60065b | 19 | * This file is part of mbed TLS (https://tls.mbed.org) |
| kadonotakashi | 0:8fdf9a60065b | 20 | */ |
| kadonotakashi | 0:8fdf9a60065b | 21 | /* |
| kadonotakashi | 0:8fdf9a60065b | 22 | * The SSL 3.0 specification was drafted by Netscape in 1996, |
| kadonotakashi | 0:8fdf9a60065b | 23 | * and became an IETF standard in 1999. |
| kadonotakashi | 0:8fdf9a60065b | 24 | * |
| kadonotakashi | 0:8fdf9a60065b | 25 | * http://wp.netscape.com/eng/ssl3/ |
| kadonotakashi | 0:8fdf9a60065b | 26 | * http://www.ietf.org/rfc/rfc2246.txt |
| kadonotakashi | 0:8fdf9a60065b | 27 | * http://www.ietf.org/rfc/rfc4346.txt |
| kadonotakashi | 0:8fdf9a60065b | 28 | */ |
| kadonotakashi | 0:8fdf9a60065b | 29 | |
| kadonotakashi | 0:8fdf9a60065b | 30 | #if !defined(MBEDTLS_CONFIG_FILE) |
| kadonotakashi | 0:8fdf9a60065b | 31 | #include "mbedtls/config.h" |
| kadonotakashi | 0:8fdf9a60065b | 32 | #else |
| kadonotakashi | 0:8fdf9a60065b | 33 | #include MBEDTLS_CONFIG_FILE |
| kadonotakashi | 0:8fdf9a60065b | 34 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 35 | |
| kadonotakashi | 0:8fdf9a60065b | 36 | #if defined(MBEDTLS_SSL_TLS_C) |
| kadonotakashi | 0:8fdf9a60065b | 37 | |
| kadonotakashi | 0:8fdf9a60065b | 38 | #if defined(MBEDTLS_PLATFORM_C) |
| kadonotakashi | 0:8fdf9a60065b | 39 | #include "mbedtls/platform.h" |
| kadonotakashi | 0:8fdf9a60065b | 40 | #else |
| kadonotakashi | 0:8fdf9a60065b | 41 | #include <stdlib.h> |
| kadonotakashi | 0:8fdf9a60065b | 42 | #define mbedtls_calloc calloc |
| kadonotakashi | 0:8fdf9a60065b | 43 | #define mbedtls_free free |
| kadonotakashi | 0:8fdf9a60065b | 44 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 45 | |
| kadonotakashi | 0:8fdf9a60065b | 46 | #include "mbedtls/debug.h" |
| kadonotakashi | 0:8fdf9a60065b | 47 | #include "mbedtls/ssl.h" |
| kadonotakashi | 0:8fdf9a60065b | 48 | #include "mbedtls/ssl_internal.h" |
| kadonotakashi | 0:8fdf9a60065b | 49 | #include "mbedtls/platform_util.h" |
| kadonotakashi | 0:8fdf9a60065b | 50 | |
| kadonotakashi | 0:8fdf9a60065b | 51 | #include <string.h> |
| kadonotakashi | 0:8fdf9a60065b | 52 | |
| kadonotakashi | 0:8fdf9a60065b | 53 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| kadonotakashi | 0:8fdf9a60065b | 54 | #include "mbedtls/oid.h" |
| kadonotakashi | 0:8fdf9a60065b | 55 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 56 | |
| kadonotakashi | 0:8fdf9a60065b | 57 | static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 58 | static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 59 | |
| kadonotakashi | 0:8fdf9a60065b | 60 | /* Length of the "epoch" field in the record header */ |
| kadonotakashi | 0:8fdf9a60065b | 61 | static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 62 | { |
| kadonotakashi | 0:8fdf9a60065b | 63 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 64 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 65 | return( 2 ); |
| kadonotakashi | 0:8fdf9a60065b | 66 | #else |
| kadonotakashi | 0:8fdf9a60065b | 67 | ((void) ssl); |
| kadonotakashi | 0:8fdf9a60065b | 68 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 69 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 70 | } |
| kadonotakashi | 0:8fdf9a60065b | 71 | |
| kadonotakashi | 0:8fdf9a60065b | 72 | /* |
| kadonotakashi | 0:8fdf9a60065b | 73 | * Start a timer. |
| kadonotakashi | 0:8fdf9a60065b | 74 | * Passing millisecs = 0 cancels a running timer. |
| kadonotakashi | 0:8fdf9a60065b | 75 | */ |
| kadonotakashi | 0:8fdf9a60065b | 76 | static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ) |
| kadonotakashi | 0:8fdf9a60065b | 77 | { |
| kadonotakashi | 0:8fdf9a60065b | 78 | if( ssl->f_set_timer == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 79 | return; |
| kadonotakashi | 0:8fdf9a60065b | 80 | |
| kadonotakashi | 0:8fdf9a60065b | 81 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) ); |
| kadonotakashi | 0:8fdf9a60065b | 82 | ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs ); |
| kadonotakashi | 0:8fdf9a60065b | 83 | } |
| kadonotakashi | 0:8fdf9a60065b | 84 | |
| kadonotakashi | 0:8fdf9a60065b | 85 | /* |
| kadonotakashi | 0:8fdf9a60065b | 86 | * Return -1 is timer is expired, 0 if it isn't. |
| kadonotakashi | 0:8fdf9a60065b | 87 | */ |
| kadonotakashi | 0:8fdf9a60065b | 88 | static int ssl_check_timer( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 89 | { |
| kadonotakashi | 0:8fdf9a60065b | 90 | if( ssl->f_get_timer == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 91 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 92 | |
| kadonotakashi | 0:8fdf9a60065b | 93 | if( ssl->f_get_timer( ssl->p_timer ) == 2 ) |
| kadonotakashi | 0:8fdf9a60065b | 94 | { |
| kadonotakashi | 0:8fdf9a60065b | 95 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 96 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 97 | } |
| kadonotakashi | 0:8fdf9a60065b | 98 | |
| kadonotakashi | 0:8fdf9a60065b | 99 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 100 | } |
| kadonotakashi | 0:8fdf9a60065b | 101 | |
| kadonotakashi | 0:8fdf9a60065b | 102 | static void ssl_update_out_pointers( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 103 | mbedtls_ssl_transform *transform ); |
| kadonotakashi | 0:8fdf9a60065b | 104 | static void ssl_update_in_pointers( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 105 | mbedtls_ssl_transform *transform ); |
| kadonotakashi | 0:8fdf9a60065b | 106 | |
| kadonotakashi | 0:8fdf9a60065b | 107 | #define SSL_DONT_FORCE_FLUSH 0 |
| kadonotakashi | 0:8fdf9a60065b | 108 | #define SSL_FORCE_FLUSH 1 |
| kadonotakashi | 0:8fdf9a60065b | 109 | |
| kadonotakashi | 0:8fdf9a60065b | 110 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 111 | |
| kadonotakashi | 0:8fdf9a60065b | 112 | /* Forward declarations for functions related to message buffering. */ |
| kadonotakashi | 0:8fdf9a60065b | 113 | static void ssl_buffering_free( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 114 | static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 115 | uint8_t slot ); |
| kadonotakashi | 0:8fdf9a60065b | 116 | static void ssl_free_buffered_record( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 117 | static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 118 | static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 119 | static int ssl_buffer_message( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 120 | static int ssl_buffer_future_record( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 121 | static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 122 | |
| kadonotakashi | 0:8fdf9a60065b | 123 | static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 124 | static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 125 | { |
| kadonotakashi | 0:8fdf9a60065b | 126 | size_t mtu = ssl_get_current_mtu( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 127 | |
| kadonotakashi | 0:8fdf9a60065b | 128 | if( mtu != 0 && mtu < MBEDTLS_SSL_OUT_BUFFER_LEN ) |
| kadonotakashi | 0:8fdf9a60065b | 129 | return( mtu ); |
| kadonotakashi | 0:8fdf9a60065b | 130 | |
| kadonotakashi | 0:8fdf9a60065b | 131 | return( MBEDTLS_SSL_OUT_BUFFER_LEN ); |
| kadonotakashi | 0:8fdf9a60065b | 132 | } |
| kadonotakashi | 0:8fdf9a60065b | 133 | |
| kadonotakashi | 0:8fdf9a60065b | 134 | static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 135 | { |
| kadonotakashi | 0:8fdf9a60065b | 136 | size_t const bytes_written = ssl->out_left; |
| kadonotakashi | 0:8fdf9a60065b | 137 | size_t const mtu = ssl_get_maximum_datagram_size( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 138 | |
| kadonotakashi | 0:8fdf9a60065b | 139 | /* Double-check that the write-index hasn't gone |
| kadonotakashi | 0:8fdf9a60065b | 140 | * past what we can transmit in a single datagram. */ |
| kadonotakashi | 0:8fdf9a60065b | 141 | if( bytes_written > mtu ) |
| kadonotakashi | 0:8fdf9a60065b | 142 | { |
| kadonotakashi | 0:8fdf9a60065b | 143 | /* Should never happen... */ |
| kadonotakashi | 0:8fdf9a60065b | 144 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 145 | } |
| kadonotakashi | 0:8fdf9a60065b | 146 | |
| kadonotakashi | 0:8fdf9a60065b | 147 | return( (int) ( mtu - bytes_written ) ); |
| kadonotakashi | 0:8fdf9a60065b | 148 | } |
| kadonotakashi | 0:8fdf9a60065b | 149 | |
| kadonotakashi | 0:8fdf9a60065b | 150 | static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 151 | { |
| kadonotakashi | 0:8fdf9a60065b | 152 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 153 | size_t remaining, expansion; |
| kadonotakashi | 0:8fdf9a60065b | 154 | size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN; |
| kadonotakashi | 0:8fdf9a60065b | 155 | |
| kadonotakashi | 0:8fdf9a60065b | 156 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| kadonotakashi | 0:8fdf9a60065b | 157 | const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 158 | |
| kadonotakashi | 0:8fdf9a60065b | 159 | if( max_len > mfl ) |
| kadonotakashi | 0:8fdf9a60065b | 160 | max_len = mfl; |
| kadonotakashi | 0:8fdf9a60065b | 161 | |
| kadonotakashi | 0:8fdf9a60065b | 162 | /* By the standard (RFC 6066 Sect. 4), the MFL extension |
| kadonotakashi | 0:8fdf9a60065b | 163 | * only limits the maximum record payload size, so in theory |
| kadonotakashi | 0:8fdf9a60065b | 164 | * we would be allowed to pack multiple records of payload size |
| kadonotakashi | 0:8fdf9a60065b | 165 | * MFL into a single datagram. However, this would mean that there's |
| kadonotakashi | 0:8fdf9a60065b | 166 | * no way to explicitly communicate MTU restrictions to the peer. |
| kadonotakashi | 0:8fdf9a60065b | 167 | * |
| kadonotakashi | 0:8fdf9a60065b | 168 | * The following reduction of max_len makes sure that we never |
| kadonotakashi | 0:8fdf9a60065b | 169 | * write datagrams larger than MFL + Record Expansion Overhead. |
| kadonotakashi | 0:8fdf9a60065b | 170 | */ |
| kadonotakashi | 0:8fdf9a60065b | 171 | if( max_len <= ssl->out_left ) |
| kadonotakashi | 0:8fdf9a60065b | 172 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 173 | |
| kadonotakashi | 0:8fdf9a60065b | 174 | max_len -= ssl->out_left; |
| kadonotakashi | 0:8fdf9a60065b | 175 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 176 | |
| kadonotakashi | 0:8fdf9a60065b | 177 | ret = ssl_get_remaining_space_in_datagram( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 178 | if( ret < 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 179 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 180 | remaining = (size_t) ret; |
| kadonotakashi | 0:8fdf9a60065b | 181 | |
| kadonotakashi | 0:8fdf9a60065b | 182 | ret = mbedtls_ssl_get_record_expansion( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 183 | if( ret < 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 184 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 185 | expansion = (size_t) ret; |
| kadonotakashi | 0:8fdf9a60065b | 186 | |
| kadonotakashi | 0:8fdf9a60065b | 187 | if( remaining <= expansion ) |
| kadonotakashi | 0:8fdf9a60065b | 188 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 189 | |
| kadonotakashi | 0:8fdf9a60065b | 190 | remaining -= expansion; |
| kadonotakashi | 0:8fdf9a60065b | 191 | if( remaining >= max_len ) |
| kadonotakashi | 0:8fdf9a60065b | 192 | remaining = max_len; |
| kadonotakashi | 0:8fdf9a60065b | 193 | |
| kadonotakashi | 0:8fdf9a60065b | 194 | return( (int) remaining ); |
| kadonotakashi | 0:8fdf9a60065b | 195 | } |
| kadonotakashi | 0:8fdf9a60065b | 196 | |
| kadonotakashi | 0:8fdf9a60065b | 197 | /* |
| kadonotakashi | 0:8fdf9a60065b | 198 | * Double the retransmit timeout value, within the allowed range, |
| kadonotakashi | 0:8fdf9a60065b | 199 | * returning -1 if the maximum value has already been reached. |
| kadonotakashi | 0:8fdf9a60065b | 200 | */ |
| kadonotakashi | 0:8fdf9a60065b | 201 | static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 202 | { |
| kadonotakashi | 0:8fdf9a60065b | 203 | uint32_t new_timeout; |
| kadonotakashi | 0:8fdf9a60065b | 204 | |
| kadonotakashi | 0:8fdf9a60065b | 205 | if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max ) |
| kadonotakashi | 0:8fdf9a60065b | 206 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 207 | |
| kadonotakashi | 0:8fdf9a60065b | 208 | /* Implement the final paragraph of RFC 6347 section 4.1.1.1 |
| kadonotakashi | 0:8fdf9a60065b | 209 | * in the following way: after the initial transmission and a first |
| kadonotakashi | 0:8fdf9a60065b | 210 | * retransmission, back off to a temporary estimated MTU of 508 bytes. |
| kadonotakashi | 0:8fdf9a60065b | 211 | * This value is guaranteed to be deliverable (if not guaranteed to be |
| kadonotakashi | 0:8fdf9a60065b | 212 | * delivered) of any compliant IPv4 (and IPv6) network, and should work |
| kadonotakashi | 0:8fdf9a60065b | 213 | * on most non-IP stacks too. */ |
| kadonotakashi | 0:8fdf9a60065b | 214 | if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min ) |
| kadonotakashi | 0:8fdf9a60065b | 215 | ssl->handshake->mtu = 508; |
| kadonotakashi | 0:8fdf9a60065b | 216 | |
| kadonotakashi | 0:8fdf9a60065b | 217 | new_timeout = 2 * ssl->handshake->retransmit_timeout; |
| kadonotakashi | 0:8fdf9a60065b | 218 | |
| kadonotakashi | 0:8fdf9a60065b | 219 | /* Avoid arithmetic overflow and range overflow */ |
| kadonotakashi | 0:8fdf9a60065b | 220 | if( new_timeout < ssl->handshake->retransmit_timeout || |
| kadonotakashi | 0:8fdf9a60065b | 221 | new_timeout > ssl->conf->hs_timeout_max ) |
| kadonotakashi | 0:8fdf9a60065b | 222 | { |
| kadonotakashi | 0:8fdf9a60065b | 223 | new_timeout = ssl->conf->hs_timeout_max; |
| kadonotakashi | 0:8fdf9a60065b | 224 | } |
| kadonotakashi | 0:8fdf9a60065b | 225 | |
| kadonotakashi | 0:8fdf9a60065b | 226 | ssl->handshake->retransmit_timeout = new_timeout; |
| kadonotakashi | 0:8fdf9a60065b | 227 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", |
| kadonotakashi | 0:8fdf9a60065b | 228 | ssl->handshake->retransmit_timeout ) ); |
| kadonotakashi | 0:8fdf9a60065b | 229 | |
| kadonotakashi | 0:8fdf9a60065b | 230 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 231 | } |
| kadonotakashi | 0:8fdf9a60065b | 232 | |
| kadonotakashi | 0:8fdf9a60065b | 233 | static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 234 | { |
| kadonotakashi | 0:8fdf9a60065b | 235 | ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; |
| kadonotakashi | 0:8fdf9a60065b | 236 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", |
| kadonotakashi | 0:8fdf9a60065b | 237 | ssl->handshake->retransmit_timeout ) ); |
| kadonotakashi | 0:8fdf9a60065b | 238 | } |
| kadonotakashi | 0:8fdf9a60065b | 239 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 240 | |
| kadonotakashi | 0:8fdf9a60065b | 241 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| kadonotakashi | 0:8fdf9a60065b | 242 | /* |
| kadonotakashi | 0:8fdf9a60065b | 243 | * Convert max_fragment_length codes to length. |
| kadonotakashi | 0:8fdf9a60065b | 244 | * RFC 6066 says: |
| kadonotakashi | 0:8fdf9a60065b | 245 | * enum{ |
| kadonotakashi | 0:8fdf9a60065b | 246 | * 2^9(1), 2^10(2), 2^11(3), 2^12(4), (255) |
| kadonotakashi | 0:8fdf9a60065b | 247 | * } MaxFragmentLength; |
| kadonotakashi | 0:8fdf9a60065b | 248 | * and we add 0 -> extension unused |
| kadonotakashi | 0:8fdf9a60065b | 249 | */ |
| kadonotakashi | 0:8fdf9a60065b | 250 | static unsigned int ssl_mfl_code_to_length( int mfl ) |
| kadonotakashi | 0:8fdf9a60065b | 251 | { |
| kadonotakashi | 0:8fdf9a60065b | 252 | switch( mfl ) |
| kadonotakashi | 0:8fdf9a60065b | 253 | { |
| kadonotakashi | 0:8fdf9a60065b | 254 | case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: |
| kadonotakashi | 0:8fdf9a60065b | 255 | return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); |
| kadonotakashi | 0:8fdf9a60065b | 256 | case MBEDTLS_SSL_MAX_FRAG_LEN_512: |
| kadonotakashi | 0:8fdf9a60065b | 257 | return 512; |
| kadonotakashi | 0:8fdf9a60065b | 258 | case MBEDTLS_SSL_MAX_FRAG_LEN_1024: |
| kadonotakashi | 0:8fdf9a60065b | 259 | return 1024; |
| kadonotakashi | 0:8fdf9a60065b | 260 | case MBEDTLS_SSL_MAX_FRAG_LEN_2048: |
| kadonotakashi | 0:8fdf9a60065b | 261 | return 2048; |
| kadonotakashi | 0:8fdf9a60065b | 262 | case MBEDTLS_SSL_MAX_FRAG_LEN_4096: |
| kadonotakashi | 0:8fdf9a60065b | 263 | return 4096; |
| kadonotakashi | 0:8fdf9a60065b | 264 | default: |
| kadonotakashi | 0:8fdf9a60065b | 265 | return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); |
| kadonotakashi | 0:8fdf9a60065b | 266 | } |
| kadonotakashi | 0:8fdf9a60065b | 267 | } |
| kadonotakashi | 0:8fdf9a60065b | 268 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
| kadonotakashi | 0:8fdf9a60065b | 269 | |
| kadonotakashi | 0:8fdf9a60065b | 270 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 271 | static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session *src ) |
| kadonotakashi | 0:8fdf9a60065b | 272 | { |
| kadonotakashi | 0:8fdf9a60065b | 273 | mbedtls_ssl_session_free( dst ); |
| kadonotakashi | 0:8fdf9a60065b | 274 | memcpy( dst, src, sizeof( mbedtls_ssl_session ) ); |
| kadonotakashi | 0:8fdf9a60065b | 275 | |
| kadonotakashi | 0:8fdf9a60065b | 276 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| kadonotakashi | 0:8fdf9a60065b | 277 | if( src->peer_cert != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 278 | { |
| kadonotakashi | 0:8fdf9a60065b | 279 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 280 | |
| kadonotakashi | 0:8fdf9a60065b | 281 | dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) ); |
| kadonotakashi | 0:8fdf9a60065b | 282 | if( dst->peer_cert == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 283 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 284 | |
| kadonotakashi | 0:8fdf9a60065b | 285 | mbedtls_x509_crt_init( dst->peer_cert ); |
| kadonotakashi | 0:8fdf9a60065b | 286 | |
| kadonotakashi | 0:8fdf9a60065b | 287 | if( ( ret = mbedtls_x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p, |
| kadonotakashi | 0:8fdf9a60065b | 288 | src->peer_cert->raw.len ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 289 | { |
| kadonotakashi | 0:8fdf9a60065b | 290 | mbedtls_free( dst->peer_cert ); |
| kadonotakashi | 0:8fdf9a60065b | 291 | dst->peer_cert = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 292 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 293 | } |
| kadonotakashi | 0:8fdf9a60065b | 294 | } |
| kadonotakashi | 0:8fdf9a60065b | 295 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| kadonotakashi | 0:8fdf9a60065b | 296 | |
| kadonotakashi | 0:8fdf9a60065b | 297 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 298 | if( src->ticket != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 299 | { |
| kadonotakashi | 0:8fdf9a60065b | 300 | dst->ticket = mbedtls_calloc( 1, src->ticket_len ); |
| kadonotakashi | 0:8fdf9a60065b | 301 | if( dst->ticket == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 302 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 303 | |
| kadonotakashi | 0:8fdf9a60065b | 304 | memcpy( dst->ticket, src->ticket, src->ticket_len ); |
| kadonotakashi | 0:8fdf9a60065b | 305 | } |
| kadonotakashi | 0:8fdf9a60065b | 306 | #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ |
| kadonotakashi | 0:8fdf9a60065b | 307 | |
| kadonotakashi | 0:8fdf9a60065b | 308 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 309 | } |
| kadonotakashi | 0:8fdf9a60065b | 310 | #endif /* MBEDTLS_SSL_CLI_C */ |
| kadonotakashi | 0:8fdf9a60065b | 311 | |
| kadonotakashi | 0:8fdf9a60065b | 312 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| kadonotakashi | 0:8fdf9a60065b | 313 | int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 314 | const unsigned char *key_enc, const unsigned char *key_dec, |
| kadonotakashi | 0:8fdf9a60065b | 315 | size_t keylen, |
| kadonotakashi | 0:8fdf9a60065b | 316 | const unsigned char *iv_enc, const unsigned char *iv_dec, |
| kadonotakashi | 0:8fdf9a60065b | 317 | size_t ivlen, |
| kadonotakashi | 0:8fdf9a60065b | 318 | const unsigned char *mac_enc, const unsigned char *mac_dec, |
| kadonotakashi | 0:8fdf9a60065b | 319 | size_t maclen ) = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 320 | int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 321 | int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 322 | int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 323 | int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 324 | int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 325 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
| kadonotakashi | 0:8fdf9a60065b | 326 | |
| kadonotakashi | 0:8fdf9a60065b | 327 | /* |
| kadonotakashi | 0:8fdf9a60065b | 328 | * Key material generation |
| kadonotakashi | 0:8fdf9a60065b | 329 | */ |
| kadonotakashi | 0:8fdf9a60065b | 330 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 331 | static int ssl3_prf( const unsigned char *secret, size_t slen, |
| kadonotakashi | 0:8fdf9a60065b | 332 | const char *label, |
| kadonotakashi | 0:8fdf9a60065b | 333 | const unsigned char *random, size_t rlen, |
| kadonotakashi | 0:8fdf9a60065b | 334 | unsigned char *dstbuf, size_t dlen ) |
| kadonotakashi | 0:8fdf9a60065b | 335 | { |
| kadonotakashi | 0:8fdf9a60065b | 336 | int ret = 0; |
| kadonotakashi | 0:8fdf9a60065b | 337 | size_t i; |
| kadonotakashi | 0:8fdf9a60065b | 338 | mbedtls_md5_context md5; |
| kadonotakashi | 0:8fdf9a60065b | 339 | mbedtls_sha1_context sha1; |
| kadonotakashi | 0:8fdf9a60065b | 340 | unsigned char padding[16]; |
| kadonotakashi | 0:8fdf9a60065b | 341 | unsigned char sha1sum[20]; |
| kadonotakashi | 0:8fdf9a60065b | 342 | ((void)label); |
| kadonotakashi | 0:8fdf9a60065b | 343 | |
| kadonotakashi | 0:8fdf9a60065b | 344 | mbedtls_md5_init( &md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 345 | mbedtls_sha1_init( &sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 346 | |
| kadonotakashi | 0:8fdf9a60065b | 347 | /* |
| kadonotakashi | 0:8fdf9a60065b | 348 | * SSLv3: |
| kadonotakashi | 0:8fdf9a60065b | 349 | * block = |
| kadonotakashi | 0:8fdf9a60065b | 350 | * MD5( secret + SHA1( 'A' + secret + random ) ) + |
| kadonotakashi | 0:8fdf9a60065b | 351 | * MD5( secret + SHA1( 'BB' + secret + random ) ) + |
| kadonotakashi | 0:8fdf9a60065b | 352 | * MD5( secret + SHA1( 'CCC' + secret + random ) ) + |
| kadonotakashi | 0:8fdf9a60065b | 353 | * ... |
| kadonotakashi | 0:8fdf9a60065b | 354 | */ |
| kadonotakashi | 0:8fdf9a60065b | 355 | for( i = 0; i < dlen / 16; i++ ) |
| kadonotakashi | 0:8fdf9a60065b | 356 | { |
| kadonotakashi | 0:8fdf9a60065b | 357 | memset( padding, (unsigned char) ('A' + i), 1 + i ); |
| kadonotakashi | 0:8fdf9a60065b | 358 | |
| kadonotakashi | 0:8fdf9a60065b | 359 | if( ( ret = mbedtls_sha1_starts_ret( &sha1 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 360 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 361 | if( ( ret = mbedtls_sha1_update_ret( &sha1, padding, 1 + i ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 362 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 363 | if( ( ret = mbedtls_sha1_update_ret( &sha1, secret, slen ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 364 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 365 | if( ( ret = mbedtls_sha1_update_ret( &sha1, random, rlen ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 366 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 367 | if( ( ret = mbedtls_sha1_finish_ret( &sha1, sha1sum ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 368 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 369 | |
| kadonotakashi | 0:8fdf9a60065b | 370 | if( ( ret = mbedtls_md5_starts_ret( &md5 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 371 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 372 | if( ( ret = mbedtls_md5_update_ret( &md5, secret, slen ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 373 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 374 | if( ( ret = mbedtls_md5_update_ret( &md5, sha1sum, 20 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 375 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 376 | if( ( ret = mbedtls_md5_finish_ret( &md5, dstbuf + i * 16 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 377 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 378 | } |
| kadonotakashi | 0:8fdf9a60065b | 379 | |
| kadonotakashi | 0:8fdf9a60065b | 380 | exit: |
| kadonotakashi | 0:8fdf9a60065b | 381 | mbedtls_md5_free( &md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 382 | mbedtls_sha1_free( &sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 383 | |
| kadonotakashi | 0:8fdf9a60065b | 384 | mbedtls_platform_zeroize( padding, sizeof( padding ) ); |
| kadonotakashi | 0:8fdf9a60065b | 385 | mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) ); |
| kadonotakashi | 0:8fdf9a60065b | 386 | |
| kadonotakashi | 0:8fdf9a60065b | 387 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 388 | } |
| kadonotakashi | 0:8fdf9a60065b | 389 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| kadonotakashi | 0:8fdf9a60065b | 390 | |
| kadonotakashi | 0:8fdf9a60065b | 391 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 392 | static int tls1_prf( const unsigned char *secret, size_t slen, |
| kadonotakashi | 0:8fdf9a60065b | 393 | const char *label, |
| kadonotakashi | 0:8fdf9a60065b | 394 | const unsigned char *random, size_t rlen, |
| kadonotakashi | 0:8fdf9a60065b | 395 | unsigned char *dstbuf, size_t dlen ) |
| kadonotakashi | 0:8fdf9a60065b | 396 | { |
| kadonotakashi | 0:8fdf9a60065b | 397 | size_t nb, hs; |
| kadonotakashi | 0:8fdf9a60065b | 398 | size_t i, j, k; |
| kadonotakashi | 0:8fdf9a60065b | 399 | const unsigned char *S1, *S2; |
| kadonotakashi | 0:8fdf9a60065b | 400 | unsigned char tmp[128]; |
| kadonotakashi | 0:8fdf9a60065b | 401 | unsigned char h_i[20]; |
| kadonotakashi | 0:8fdf9a60065b | 402 | const mbedtls_md_info_t *md_info; |
| kadonotakashi | 0:8fdf9a60065b | 403 | mbedtls_md_context_t md_ctx; |
| kadonotakashi | 0:8fdf9a60065b | 404 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 405 | |
| kadonotakashi | 0:8fdf9a60065b | 406 | mbedtls_md_init( &md_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 407 | |
| kadonotakashi | 0:8fdf9a60065b | 408 | if( sizeof( tmp ) < 20 + strlen( label ) + rlen ) |
| kadonotakashi | 0:8fdf9a60065b | 409 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 410 | |
| kadonotakashi | 0:8fdf9a60065b | 411 | hs = ( slen + 1 ) / 2; |
| kadonotakashi | 0:8fdf9a60065b | 412 | S1 = secret; |
| kadonotakashi | 0:8fdf9a60065b | 413 | S2 = secret + slen - hs; |
| kadonotakashi | 0:8fdf9a60065b | 414 | |
| kadonotakashi | 0:8fdf9a60065b | 415 | nb = strlen( label ); |
| kadonotakashi | 0:8fdf9a60065b | 416 | memcpy( tmp + 20, label, nb ); |
| kadonotakashi | 0:8fdf9a60065b | 417 | memcpy( tmp + 20 + nb, random, rlen ); |
| kadonotakashi | 0:8fdf9a60065b | 418 | nb += rlen; |
| kadonotakashi | 0:8fdf9a60065b | 419 | |
| kadonotakashi | 0:8fdf9a60065b | 420 | /* |
| kadonotakashi | 0:8fdf9a60065b | 421 | * First compute P_md5(secret,label+random)[0..dlen] |
| kadonotakashi | 0:8fdf9a60065b | 422 | */ |
| kadonotakashi | 0:8fdf9a60065b | 423 | if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 424 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 425 | |
| kadonotakashi | 0:8fdf9a60065b | 426 | if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 427 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 428 | |
| kadonotakashi | 0:8fdf9a60065b | 429 | mbedtls_md_hmac_starts( &md_ctx, S1, hs ); |
| kadonotakashi | 0:8fdf9a60065b | 430 | mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); |
| kadonotakashi | 0:8fdf9a60065b | 431 | mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); |
| kadonotakashi | 0:8fdf9a60065b | 432 | |
| kadonotakashi | 0:8fdf9a60065b | 433 | for( i = 0; i < dlen; i += 16 ) |
| kadonotakashi | 0:8fdf9a60065b | 434 | { |
| kadonotakashi | 0:8fdf9a60065b | 435 | mbedtls_md_hmac_reset ( &md_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 436 | mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb ); |
| kadonotakashi | 0:8fdf9a60065b | 437 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
| kadonotakashi | 0:8fdf9a60065b | 438 | |
| kadonotakashi | 0:8fdf9a60065b | 439 | mbedtls_md_hmac_reset ( &md_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 440 | mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 441 | mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); |
| kadonotakashi | 0:8fdf9a60065b | 442 | |
| kadonotakashi | 0:8fdf9a60065b | 443 | k = ( i + 16 > dlen ) ? dlen % 16 : 16; |
| kadonotakashi | 0:8fdf9a60065b | 444 | |
| kadonotakashi | 0:8fdf9a60065b | 445 | for( j = 0; j < k; j++ ) |
| kadonotakashi | 0:8fdf9a60065b | 446 | dstbuf[i + j] = h_i[j]; |
| kadonotakashi | 0:8fdf9a60065b | 447 | } |
| kadonotakashi | 0:8fdf9a60065b | 448 | |
| kadonotakashi | 0:8fdf9a60065b | 449 | mbedtls_md_free( &md_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 450 | |
| kadonotakashi | 0:8fdf9a60065b | 451 | /* |
| kadonotakashi | 0:8fdf9a60065b | 452 | * XOR out with P_sha1(secret,label+random)[0..dlen] |
| kadonotakashi | 0:8fdf9a60065b | 453 | */ |
| kadonotakashi | 0:8fdf9a60065b | 454 | if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 455 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 456 | |
| kadonotakashi | 0:8fdf9a60065b | 457 | if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 458 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 459 | |
| kadonotakashi | 0:8fdf9a60065b | 460 | mbedtls_md_hmac_starts( &md_ctx, S2, hs ); |
| kadonotakashi | 0:8fdf9a60065b | 461 | mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); |
| kadonotakashi | 0:8fdf9a60065b | 462 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
| kadonotakashi | 0:8fdf9a60065b | 463 | |
| kadonotakashi | 0:8fdf9a60065b | 464 | for( i = 0; i < dlen; i += 20 ) |
| kadonotakashi | 0:8fdf9a60065b | 465 | { |
| kadonotakashi | 0:8fdf9a60065b | 466 | mbedtls_md_hmac_reset ( &md_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 467 | mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb ); |
| kadonotakashi | 0:8fdf9a60065b | 468 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
| kadonotakashi | 0:8fdf9a60065b | 469 | |
| kadonotakashi | 0:8fdf9a60065b | 470 | mbedtls_md_hmac_reset ( &md_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 471 | mbedtls_md_hmac_update( &md_ctx, tmp, 20 ); |
| kadonotakashi | 0:8fdf9a60065b | 472 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
| kadonotakashi | 0:8fdf9a60065b | 473 | |
| kadonotakashi | 0:8fdf9a60065b | 474 | k = ( i + 20 > dlen ) ? dlen % 20 : 20; |
| kadonotakashi | 0:8fdf9a60065b | 475 | |
| kadonotakashi | 0:8fdf9a60065b | 476 | for( j = 0; j < k; j++ ) |
| kadonotakashi | 0:8fdf9a60065b | 477 | dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] ); |
| kadonotakashi | 0:8fdf9a60065b | 478 | } |
| kadonotakashi | 0:8fdf9a60065b | 479 | |
| kadonotakashi | 0:8fdf9a60065b | 480 | mbedtls_md_free( &md_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 481 | |
| kadonotakashi | 0:8fdf9a60065b | 482 | mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); |
| kadonotakashi | 0:8fdf9a60065b | 483 | mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); |
| kadonotakashi | 0:8fdf9a60065b | 484 | |
| kadonotakashi | 0:8fdf9a60065b | 485 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 486 | } |
| kadonotakashi | 0:8fdf9a60065b | 487 | #endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */ |
| kadonotakashi | 0:8fdf9a60065b | 488 | |
| kadonotakashi | 0:8fdf9a60065b | 489 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 490 | static int tls_prf_generic( mbedtls_md_type_t md_type, |
| kadonotakashi | 0:8fdf9a60065b | 491 | const unsigned char *secret, size_t slen, |
| kadonotakashi | 0:8fdf9a60065b | 492 | const char *label, |
| kadonotakashi | 0:8fdf9a60065b | 493 | const unsigned char *random, size_t rlen, |
| kadonotakashi | 0:8fdf9a60065b | 494 | unsigned char *dstbuf, size_t dlen ) |
| kadonotakashi | 0:8fdf9a60065b | 495 | { |
| kadonotakashi | 0:8fdf9a60065b | 496 | size_t nb; |
| kadonotakashi | 0:8fdf9a60065b | 497 | size_t i, j, k, md_len; |
| kadonotakashi | 0:8fdf9a60065b | 498 | unsigned char tmp[128]; |
| kadonotakashi | 0:8fdf9a60065b | 499 | unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; |
| kadonotakashi | 0:8fdf9a60065b | 500 | const mbedtls_md_info_t *md_info; |
| kadonotakashi | 0:8fdf9a60065b | 501 | mbedtls_md_context_t md_ctx; |
| kadonotakashi | 0:8fdf9a60065b | 502 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 503 | |
| kadonotakashi | 0:8fdf9a60065b | 504 | mbedtls_md_init( &md_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 505 | |
| kadonotakashi | 0:8fdf9a60065b | 506 | if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 507 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 508 | |
| kadonotakashi | 0:8fdf9a60065b | 509 | md_len = mbedtls_md_get_size( md_info ); |
| kadonotakashi | 0:8fdf9a60065b | 510 | |
| kadonotakashi | 0:8fdf9a60065b | 511 | if( sizeof( tmp ) < md_len + strlen( label ) + rlen ) |
| kadonotakashi | 0:8fdf9a60065b | 512 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 513 | |
| kadonotakashi | 0:8fdf9a60065b | 514 | nb = strlen( label ); |
| kadonotakashi | 0:8fdf9a60065b | 515 | memcpy( tmp + md_len, label, nb ); |
| kadonotakashi | 0:8fdf9a60065b | 516 | memcpy( tmp + md_len + nb, random, rlen ); |
| kadonotakashi | 0:8fdf9a60065b | 517 | nb += rlen; |
| kadonotakashi | 0:8fdf9a60065b | 518 | |
| kadonotakashi | 0:8fdf9a60065b | 519 | /* |
| kadonotakashi | 0:8fdf9a60065b | 520 | * Compute P_<hash>(secret, label + random)[0..dlen] |
| kadonotakashi | 0:8fdf9a60065b | 521 | */ |
| kadonotakashi | 0:8fdf9a60065b | 522 | if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 523 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 524 | |
| kadonotakashi | 0:8fdf9a60065b | 525 | mbedtls_md_hmac_starts( &md_ctx, secret, slen ); |
| kadonotakashi | 0:8fdf9a60065b | 526 | mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb ); |
| kadonotakashi | 0:8fdf9a60065b | 527 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
| kadonotakashi | 0:8fdf9a60065b | 528 | |
| kadonotakashi | 0:8fdf9a60065b | 529 | for( i = 0; i < dlen; i += md_len ) |
| kadonotakashi | 0:8fdf9a60065b | 530 | { |
| kadonotakashi | 0:8fdf9a60065b | 531 | mbedtls_md_hmac_reset ( &md_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 532 | mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb ); |
| kadonotakashi | 0:8fdf9a60065b | 533 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
| kadonotakashi | 0:8fdf9a60065b | 534 | |
| kadonotakashi | 0:8fdf9a60065b | 535 | mbedtls_md_hmac_reset ( &md_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 536 | mbedtls_md_hmac_update( &md_ctx, tmp, md_len ); |
| kadonotakashi | 0:8fdf9a60065b | 537 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
| kadonotakashi | 0:8fdf9a60065b | 538 | |
| kadonotakashi | 0:8fdf9a60065b | 539 | k = ( i + md_len > dlen ) ? dlen % md_len : md_len; |
| kadonotakashi | 0:8fdf9a60065b | 540 | |
| kadonotakashi | 0:8fdf9a60065b | 541 | for( j = 0; j < k; j++ ) |
| kadonotakashi | 0:8fdf9a60065b | 542 | dstbuf[i + j] = h_i[j]; |
| kadonotakashi | 0:8fdf9a60065b | 543 | } |
| kadonotakashi | 0:8fdf9a60065b | 544 | |
| kadonotakashi | 0:8fdf9a60065b | 545 | mbedtls_md_free( &md_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 546 | |
| kadonotakashi | 0:8fdf9a60065b | 547 | mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); |
| kadonotakashi | 0:8fdf9a60065b | 548 | mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); |
| kadonotakashi | 0:8fdf9a60065b | 549 | |
| kadonotakashi | 0:8fdf9a60065b | 550 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 551 | } |
| kadonotakashi | 0:8fdf9a60065b | 552 | |
| kadonotakashi | 0:8fdf9a60065b | 553 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 554 | static int tls_prf_sha256( const unsigned char *secret, size_t slen, |
| kadonotakashi | 0:8fdf9a60065b | 555 | const char *label, |
| kadonotakashi | 0:8fdf9a60065b | 556 | const unsigned char *random, size_t rlen, |
| kadonotakashi | 0:8fdf9a60065b | 557 | unsigned char *dstbuf, size_t dlen ) |
| kadonotakashi | 0:8fdf9a60065b | 558 | { |
| kadonotakashi | 0:8fdf9a60065b | 559 | return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen, |
| kadonotakashi | 0:8fdf9a60065b | 560 | label, random, rlen, dstbuf, dlen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 561 | } |
| kadonotakashi | 0:8fdf9a60065b | 562 | #endif /* MBEDTLS_SHA256_C */ |
| kadonotakashi | 0:8fdf9a60065b | 563 | |
| kadonotakashi | 0:8fdf9a60065b | 564 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 565 | static int tls_prf_sha384( const unsigned char *secret, size_t slen, |
| kadonotakashi | 0:8fdf9a60065b | 566 | const char *label, |
| kadonotakashi | 0:8fdf9a60065b | 567 | const unsigned char *random, size_t rlen, |
| kadonotakashi | 0:8fdf9a60065b | 568 | unsigned char *dstbuf, size_t dlen ) |
| kadonotakashi | 0:8fdf9a60065b | 569 | { |
| kadonotakashi | 0:8fdf9a60065b | 570 | return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen, |
| kadonotakashi | 0:8fdf9a60065b | 571 | label, random, rlen, dstbuf, dlen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 572 | } |
| kadonotakashi | 0:8fdf9a60065b | 573 | #endif /* MBEDTLS_SHA512_C */ |
| kadonotakashi | 0:8fdf9a60065b | 574 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 575 | |
| kadonotakashi | 0:8fdf9a60065b | 576 | static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); |
| kadonotakashi | 0:8fdf9a60065b | 577 | |
| kadonotakashi | 0:8fdf9a60065b | 578 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 579 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 580 | static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t ); |
| kadonotakashi | 0:8fdf9a60065b | 581 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 582 | |
| kadonotakashi | 0:8fdf9a60065b | 583 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 584 | static void ssl_calc_verify_ssl( mbedtls_ssl_context *, unsigned char * ); |
| kadonotakashi | 0:8fdf9a60065b | 585 | static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int ); |
| kadonotakashi | 0:8fdf9a60065b | 586 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 587 | |
| kadonotakashi | 0:8fdf9a60065b | 588 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 589 | static void ssl_calc_verify_tls( mbedtls_ssl_context *, unsigned char * ); |
| kadonotakashi | 0:8fdf9a60065b | 590 | static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int ); |
| kadonotakashi | 0:8fdf9a60065b | 591 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 592 | |
| kadonotakashi | 0:8fdf9a60065b | 593 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 594 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 595 | static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); |
| kadonotakashi | 0:8fdf9a60065b | 596 | static void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *,unsigned char * ); |
| kadonotakashi | 0:8fdf9a60065b | 597 | static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); |
| kadonotakashi | 0:8fdf9a60065b | 598 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 599 | |
| kadonotakashi | 0:8fdf9a60065b | 600 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 601 | static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); |
| kadonotakashi | 0:8fdf9a60065b | 602 | static void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *, unsigned char * ); |
| kadonotakashi | 0:8fdf9a60065b | 603 | static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); |
| kadonotakashi | 0:8fdf9a60065b | 604 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 605 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 606 | |
| kadonotakashi | 0:8fdf9a60065b | 607 | int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 608 | { |
| kadonotakashi | 0:8fdf9a60065b | 609 | int ret = 0; |
| kadonotakashi | 0:8fdf9a60065b | 610 | unsigned char tmp[64]; |
| kadonotakashi | 0:8fdf9a60065b | 611 | unsigned char keyblk[256]; |
| kadonotakashi | 0:8fdf9a60065b | 612 | unsigned char *key1; |
| kadonotakashi | 0:8fdf9a60065b | 613 | unsigned char *key2; |
| kadonotakashi | 0:8fdf9a60065b | 614 | unsigned char *mac_enc; |
| kadonotakashi | 0:8fdf9a60065b | 615 | unsigned char *mac_dec; |
| kadonotakashi | 0:8fdf9a60065b | 616 | size_t mac_key_len; |
| kadonotakashi | 0:8fdf9a60065b | 617 | size_t iv_copy_len; |
| kadonotakashi | 0:8fdf9a60065b | 618 | const mbedtls_cipher_info_t *cipher_info; |
| kadonotakashi | 0:8fdf9a60065b | 619 | const mbedtls_md_info_t *md_info; |
| kadonotakashi | 0:8fdf9a60065b | 620 | |
| kadonotakashi | 0:8fdf9a60065b | 621 | mbedtls_ssl_session *session = ssl->session_negotiate; |
| kadonotakashi | 0:8fdf9a60065b | 622 | mbedtls_ssl_transform *transform = ssl->transform_negotiate; |
| kadonotakashi | 0:8fdf9a60065b | 623 | mbedtls_ssl_handshake_params *handshake = ssl->handshake; |
| kadonotakashi | 0:8fdf9a60065b | 624 | |
| kadonotakashi | 0:8fdf9a60065b | 625 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 626 | |
| kadonotakashi | 0:8fdf9a60065b | 627 | cipher_info = mbedtls_cipher_info_from_type( transform->ciphersuite_info->cipher ); |
| kadonotakashi | 0:8fdf9a60065b | 628 | if( cipher_info == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 629 | { |
| kadonotakashi | 0:8fdf9a60065b | 630 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found", |
| kadonotakashi | 0:8fdf9a60065b | 631 | transform->ciphersuite_info->cipher ) ); |
| kadonotakashi | 0:8fdf9a60065b | 632 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 633 | } |
| kadonotakashi | 0:8fdf9a60065b | 634 | |
| kadonotakashi | 0:8fdf9a60065b | 635 | md_info = mbedtls_md_info_from_type( transform->ciphersuite_info->mac ); |
| kadonotakashi | 0:8fdf9a60065b | 636 | if( md_info == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 637 | { |
| kadonotakashi | 0:8fdf9a60065b | 638 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found", |
| kadonotakashi | 0:8fdf9a60065b | 639 | transform->ciphersuite_info->mac ) ); |
| kadonotakashi | 0:8fdf9a60065b | 640 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 641 | } |
| kadonotakashi | 0:8fdf9a60065b | 642 | |
| kadonotakashi | 0:8fdf9a60065b | 643 | /* |
| kadonotakashi | 0:8fdf9a60065b | 644 | * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions |
| kadonotakashi | 0:8fdf9a60065b | 645 | */ |
| kadonotakashi | 0:8fdf9a60065b | 646 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 647 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| kadonotakashi | 0:8fdf9a60065b | 648 | { |
| kadonotakashi | 0:8fdf9a60065b | 649 | handshake->tls_prf = ssl3_prf; |
| kadonotakashi | 0:8fdf9a60065b | 650 | handshake->calc_verify = ssl_calc_verify_ssl; |
| kadonotakashi | 0:8fdf9a60065b | 651 | handshake->calc_finished = ssl_calc_finished_ssl; |
| kadonotakashi | 0:8fdf9a60065b | 652 | } |
| kadonotakashi | 0:8fdf9a60065b | 653 | else |
| kadonotakashi | 0:8fdf9a60065b | 654 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 655 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 656 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) |
| kadonotakashi | 0:8fdf9a60065b | 657 | { |
| kadonotakashi | 0:8fdf9a60065b | 658 | handshake->tls_prf = tls1_prf; |
| kadonotakashi | 0:8fdf9a60065b | 659 | handshake->calc_verify = ssl_calc_verify_tls; |
| kadonotakashi | 0:8fdf9a60065b | 660 | handshake->calc_finished = ssl_calc_finished_tls; |
| kadonotakashi | 0:8fdf9a60065b | 661 | } |
| kadonotakashi | 0:8fdf9a60065b | 662 | else |
| kadonotakashi | 0:8fdf9a60065b | 663 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 664 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 665 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 666 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && |
| kadonotakashi | 0:8fdf9a60065b | 667 | transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) |
| kadonotakashi | 0:8fdf9a60065b | 668 | { |
| kadonotakashi | 0:8fdf9a60065b | 669 | handshake->tls_prf = tls_prf_sha384; |
| kadonotakashi | 0:8fdf9a60065b | 670 | handshake->calc_verify = ssl_calc_verify_tls_sha384; |
| kadonotakashi | 0:8fdf9a60065b | 671 | handshake->calc_finished = ssl_calc_finished_tls_sha384; |
| kadonotakashi | 0:8fdf9a60065b | 672 | } |
| kadonotakashi | 0:8fdf9a60065b | 673 | else |
| kadonotakashi | 0:8fdf9a60065b | 674 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 675 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 676 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
| kadonotakashi | 0:8fdf9a60065b | 677 | { |
| kadonotakashi | 0:8fdf9a60065b | 678 | handshake->tls_prf = tls_prf_sha256; |
| kadonotakashi | 0:8fdf9a60065b | 679 | handshake->calc_verify = ssl_calc_verify_tls_sha256; |
| kadonotakashi | 0:8fdf9a60065b | 680 | handshake->calc_finished = ssl_calc_finished_tls_sha256; |
| kadonotakashi | 0:8fdf9a60065b | 681 | } |
| kadonotakashi | 0:8fdf9a60065b | 682 | else |
| kadonotakashi | 0:8fdf9a60065b | 683 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 684 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 685 | { |
| kadonotakashi | 0:8fdf9a60065b | 686 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 687 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 688 | } |
| kadonotakashi | 0:8fdf9a60065b | 689 | |
| kadonotakashi | 0:8fdf9a60065b | 690 | /* |
| kadonotakashi | 0:8fdf9a60065b | 691 | * SSLv3: |
| kadonotakashi | 0:8fdf9a60065b | 692 | * master = |
| kadonotakashi | 0:8fdf9a60065b | 693 | * MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) + |
| kadonotakashi | 0:8fdf9a60065b | 694 | * MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) + |
| kadonotakashi | 0:8fdf9a60065b | 695 | * MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) ) |
| kadonotakashi | 0:8fdf9a60065b | 696 | * |
| kadonotakashi | 0:8fdf9a60065b | 697 | * TLSv1+: |
| kadonotakashi | 0:8fdf9a60065b | 698 | * master = PRF( premaster, "master secret", randbytes )[0..47] |
| kadonotakashi | 0:8fdf9a60065b | 699 | */ |
| kadonotakashi | 0:8fdf9a60065b | 700 | if( handshake->resume == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 701 | { |
| kadonotakashi | 0:8fdf9a60065b | 702 | MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster, |
| kadonotakashi | 0:8fdf9a60065b | 703 | handshake->pmslen ); |
| kadonotakashi | 0:8fdf9a60065b | 704 | |
| kadonotakashi | 0:8fdf9a60065b | 705 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
| kadonotakashi | 0:8fdf9a60065b | 706 | if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) |
| kadonotakashi | 0:8fdf9a60065b | 707 | { |
| kadonotakashi | 0:8fdf9a60065b | 708 | unsigned char session_hash[48]; |
| kadonotakashi | 0:8fdf9a60065b | 709 | size_t hash_len; |
| kadonotakashi | 0:8fdf9a60065b | 710 | |
| kadonotakashi | 0:8fdf9a60065b | 711 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using extended master secret" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 712 | |
| kadonotakashi | 0:8fdf9a60065b | 713 | ssl->handshake->calc_verify( ssl, session_hash ); |
| kadonotakashi | 0:8fdf9a60065b | 714 | |
| kadonotakashi | 0:8fdf9a60065b | 715 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 716 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
| kadonotakashi | 0:8fdf9a60065b | 717 | { |
| kadonotakashi | 0:8fdf9a60065b | 718 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 719 | if( ssl->transform_negotiate->ciphersuite_info->mac == |
| kadonotakashi | 0:8fdf9a60065b | 720 | MBEDTLS_MD_SHA384 ) |
| kadonotakashi | 0:8fdf9a60065b | 721 | { |
| kadonotakashi | 0:8fdf9a60065b | 722 | hash_len = 48; |
| kadonotakashi | 0:8fdf9a60065b | 723 | } |
| kadonotakashi | 0:8fdf9a60065b | 724 | else |
| kadonotakashi | 0:8fdf9a60065b | 725 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 726 | hash_len = 32; |
| kadonotakashi | 0:8fdf9a60065b | 727 | } |
| kadonotakashi | 0:8fdf9a60065b | 728 | else |
| kadonotakashi | 0:8fdf9a60065b | 729 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 730 | hash_len = 36; |
| kadonotakashi | 0:8fdf9a60065b | 731 | |
| kadonotakashi | 0:8fdf9a60065b | 732 | MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len ); |
| kadonotakashi | 0:8fdf9a60065b | 733 | |
| kadonotakashi | 0:8fdf9a60065b | 734 | ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, |
| kadonotakashi | 0:8fdf9a60065b | 735 | "extended master secret", |
| kadonotakashi | 0:8fdf9a60065b | 736 | session_hash, hash_len, |
| kadonotakashi | 0:8fdf9a60065b | 737 | session->master, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 738 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 739 | { |
| kadonotakashi | 0:8fdf9a60065b | 740 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 741 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 742 | } |
| kadonotakashi | 0:8fdf9a60065b | 743 | |
| kadonotakashi | 0:8fdf9a60065b | 744 | } |
| kadonotakashi | 0:8fdf9a60065b | 745 | else |
| kadonotakashi | 0:8fdf9a60065b | 746 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 747 | ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, |
| kadonotakashi | 0:8fdf9a60065b | 748 | "master secret", |
| kadonotakashi | 0:8fdf9a60065b | 749 | handshake->randbytes, 64, |
| kadonotakashi | 0:8fdf9a60065b | 750 | session->master, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 751 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 752 | { |
| kadonotakashi | 0:8fdf9a60065b | 753 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 754 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 755 | } |
| kadonotakashi | 0:8fdf9a60065b | 756 | |
| kadonotakashi | 0:8fdf9a60065b | 757 | mbedtls_platform_zeroize( handshake->premaster, |
| kadonotakashi | 0:8fdf9a60065b | 758 | sizeof(handshake->premaster) ); |
| kadonotakashi | 0:8fdf9a60065b | 759 | } |
| kadonotakashi | 0:8fdf9a60065b | 760 | else |
| kadonotakashi | 0:8fdf9a60065b | 761 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 762 | |
| kadonotakashi | 0:8fdf9a60065b | 763 | /* |
| kadonotakashi | 0:8fdf9a60065b | 764 | * Swap the client and server random values. |
| kadonotakashi | 0:8fdf9a60065b | 765 | */ |
| kadonotakashi | 0:8fdf9a60065b | 766 | memcpy( tmp, handshake->randbytes, 64 ); |
| kadonotakashi | 0:8fdf9a60065b | 767 | memcpy( handshake->randbytes, tmp + 32, 32 ); |
| kadonotakashi | 0:8fdf9a60065b | 768 | memcpy( handshake->randbytes + 32, tmp, 32 ); |
| kadonotakashi | 0:8fdf9a60065b | 769 | mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); |
| kadonotakashi | 0:8fdf9a60065b | 770 | |
| kadonotakashi | 0:8fdf9a60065b | 771 | /* |
| kadonotakashi | 0:8fdf9a60065b | 772 | * SSLv3: |
| kadonotakashi | 0:8fdf9a60065b | 773 | * key block = |
| kadonotakashi | 0:8fdf9a60065b | 774 | * MD5( master + SHA1( 'A' + master + randbytes ) ) + |
| kadonotakashi | 0:8fdf9a60065b | 775 | * MD5( master + SHA1( 'BB' + master + randbytes ) ) + |
| kadonotakashi | 0:8fdf9a60065b | 776 | * MD5( master + SHA1( 'CCC' + master + randbytes ) ) + |
| kadonotakashi | 0:8fdf9a60065b | 777 | * MD5( master + SHA1( 'DDDD' + master + randbytes ) ) + |
| kadonotakashi | 0:8fdf9a60065b | 778 | * ... |
| kadonotakashi | 0:8fdf9a60065b | 779 | * |
| kadonotakashi | 0:8fdf9a60065b | 780 | * TLSv1: |
| kadonotakashi | 0:8fdf9a60065b | 781 | * key block = PRF( master, "key expansion", randbytes ) |
| kadonotakashi | 0:8fdf9a60065b | 782 | */ |
| kadonotakashi | 0:8fdf9a60065b | 783 | ret = handshake->tls_prf( session->master, 48, "key expansion", |
| kadonotakashi | 0:8fdf9a60065b | 784 | handshake->randbytes, 64, keyblk, 256 ); |
| kadonotakashi | 0:8fdf9a60065b | 785 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 786 | { |
| kadonotakashi | 0:8fdf9a60065b | 787 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 788 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 789 | } |
| kadonotakashi | 0:8fdf9a60065b | 790 | |
| kadonotakashi | 0:8fdf9a60065b | 791 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", |
| kadonotakashi | 0:8fdf9a60065b | 792 | mbedtls_ssl_get_ciphersuite_name( session->ciphersuite ) ) ); |
| kadonotakashi | 0:8fdf9a60065b | 793 | MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", session->master, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 794 | MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 ); |
| kadonotakashi | 0:8fdf9a60065b | 795 | MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); |
| kadonotakashi | 0:8fdf9a60065b | 796 | |
| kadonotakashi | 0:8fdf9a60065b | 797 | mbedtls_platform_zeroize( handshake->randbytes, |
| kadonotakashi | 0:8fdf9a60065b | 798 | sizeof( handshake->randbytes ) ); |
| kadonotakashi | 0:8fdf9a60065b | 799 | |
| kadonotakashi | 0:8fdf9a60065b | 800 | /* |
| kadonotakashi | 0:8fdf9a60065b | 801 | * Determine the appropriate key, IV and MAC length. |
| kadonotakashi | 0:8fdf9a60065b | 802 | */ |
| kadonotakashi | 0:8fdf9a60065b | 803 | |
| kadonotakashi | 0:8fdf9a60065b | 804 | transform->keylen = cipher_info->key_bitlen / 8; |
| kadonotakashi | 0:8fdf9a60065b | 805 | |
| kadonotakashi | 0:8fdf9a60065b | 806 | if( cipher_info->mode == MBEDTLS_MODE_GCM || |
| kadonotakashi | 0:8fdf9a60065b | 807 | cipher_info->mode == MBEDTLS_MODE_CCM || |
| kadonotakashi | 0:8fdf9a60065b | 808 | cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY ) |
| kadonotakashi | 0:8fdf9a60065b | 809 | { |
| kadonotakashi | 0:8fdf9a60065b | 810 | size_t taglen, explicit_ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 811 | |
| kadonotakashi | 0:8fdf9a60065b | 812 | transform->maclen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 813 | mac_key_len = 0; |
| kadonotakashi | 0:8fdf9a60065b | 814 | |
| kadonotakashi | 0:8fdf9a60065b | 815 | /* All modes haves 96-bit IVs; |
| kadonotakashi | 0:8fdf9a60065b | 816 | * GCM and CCM has 4 implicit and 8 explicit bytes |
| kadonotakashi | 0:8fdf9a60065b | 817 | * ChachaPoly has all 12 bytes implicit |
| kadonotakashi | 0:8fdf9a60065b | 818 | */ |
| kadonotakashi | 0:8fdf9a60065b | 819 | transform->ivlen = 12; |
| kadonotakashi | 0:8fdf9a60065b | 820 | if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY ) |
| kadonotakashi | 0:8fdf9a60065b | 821 | transform->fixed_ivlen = 12; |
| kadonotakashi | 0:8fdf9a60065b | 822 | else |
| kadonotakashi | 0:8fdf9a60065b | 823 | transform->fixed_ivlen = 4; |
| kadonotakashi | 0:8fdf9a60065b | 824 | |
| kadonotakashi | 0:8fdf9a60065b | 825 | /* All modes have 128-bit tags, except CCM_8 (ciphersuite flag) */ |
| kadonotakashi | 0:8fdf9a60065b | 826 | taglen = transform->ciphersuite_info->flags & |
| kadonotakashi | 0:8fdf9a60065b | 827 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; |
| kadonotakashi | 0:8fdf9a60065b | 828 | |
| kadonotakashi | 0:8fdf9a60065b | 829 | |
| kadonotakashi | 0:8fdf9a60065b | 830 | /* Minimum length of encrypted record */ |
| kadonotakashi | 0:8fdf9a60065b | 831 | explicit_ivlen = transform->ivlen - transform->fixed_ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 832 | transform->minlen = explicit_ivlen + taglen; |
| kadonotakashi | 0:8fdf9a60065b | 833 | } |
| kadonotakashi | 0:8fdf9a60065b | 834 | else |
| kadonotakashi | 0:8fdf9a60065b | 835 | { |
| kadonotakashi | 0:8fdf9a60065b | 836 | /* Initialize HMAC contexts */ |
| kadonotakashi | 0:8fdf9a60065b | 837 | if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 || |
| kadonotakashi | 0:8fdf9a60065b | 838 | ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 839 | { |
| kadonotakashi | 0:8fdf9a60065b | 840 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 841 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 842 | } |
| kadonotakashi | 0:8fdf9a60065b | 843 | |
| kadonotakashi | 0:8fdf9a60065b | 844 | /* Get MAC length */ |
| kadonotakashi | 0:8fdf9a60065b | 845 | mac_key_len = mbedtls_md_get_size( md_info ); |
| kadonotakashi | 0:8fdf9a60065b | 846 | transform->maclen = mac_key_len; |
| kadonotakashi | 0:8fdf9a60065b | 847 | |
| kadonotakashi | 0:8fdf9a60065b | 848 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
| kadonotakashi | 0:8fdf9a60065b | 849 | /* |
| kadonotakashi | 0:8fdf9a60065b | 850 | * If HMAC is to be truncated, we shall keep the leftmost bytes, |
| kadonotakashi | 0:8fdf9a60065b | 851 | * (rfc 6066 page 13 or rfc 2104 section 4), |
| kadonotakashi | 0:8fdf9a60065b | 852 | * so we only need to adjust the length here. |
| kadonotakashi | 0:8fdf9a60065b | 853 | */ |
| kadonotakashi | 0:8fdf9a60065b | 854 | if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) |
| kadonotakashi | 0:8fdf9a60065b | 855 | { |
| kadonotakashi | 0:8fdf9a60065b | 856 | transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN; |
| kadonotakashi | 0:8fdf9a60065b | 857 | |
| kadonotakashi | 0:8fdf9a60065b | 858 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) |
| kadonotakashi | 0:8fdf9a60065b | 859 | /* Fall back to old, non-compliant version of the truncated |
| kadonotakashi | 0:8fdf9a60065b | 860 | * HMAC implementation which also truncates the key |
| kadonotakashi | 0:8fdf9a60065b | 861 | * (Mbed TLS versions from 1.3 to 2.6.0) */ |
| kadonotakashi | 0:8fdf9a60065b | 862 | mac_key_len = transform->maclen; |
| kadonotakashi | 0:8fdf9a60065b | 863 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 864 | } |
| kadonotakashi | 0:8fdf9a60065b | 865 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
| kadonotakashi | 0:8fdf9a60065b | 866 | |
| kadonotakashi | 0:8fdf9a60065b | 867 | /* IV length */ |
| kadonotakashi | 0:8fdf9a60065b | 868 | transform->ivlen = cipher_info->iv_size; |
| kadonotakashi | 0:8fdf9a60065b | 869 | |
| kadonotakashi | 0:8fdf9a60065b | 870 | /* Minimum length */ |
| kadonotakashi | 0:8fdf9a60065b | 871 | if( cipher_info->mode == MBEDTLS_MODE_STREAM ) |
| kadonotakashi | 0:8fdf9a60065b | 872 | transform->minlen = transform->maclen; |
| kadonotakashi | 0:8fdf9a60065b | 873 | else |
| kadonotakashi | 0:8fdf9a60065b | 874 | { |
| kadonotakashi | 0:8fdf9a60065b | 875 | /* |
| kadonotakashi | 0:8fdf9a60065b | 876 | * GenericBlockCipher: |
| kadonotakashi | 0:8fdf9a60065b | 877 | * 1. if EtM is in use: one block plus MAC |
| kadonotakashi | 0:8fdf9a60065b | 878 | * otherwise: * first multiple of blocklen greater than maclen |
| kadonotakashi | 0:8fdf9a60065b | 879 | * 2. IV except for SSL3 and TLS 1.0 |
| kadonotakashi | 0:8fdf9a60065b | 880 | */ |
| kadonotakashi | 0:8fdf9a60065b | 881 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| kadonotakashi | 0:8fdf9a60065b | 882 | if( session->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) |
| kadonotakashi | 0:8fdf9a60065b | 883 | { |
| kadonotakashi | 0:8fdf9a60065b | 884 | transform->minlen = transform->maclen |
| kadonotakashi | 0:8fdf9a60065b | 885 | + cipher_info->block_size; |
| kadonotakashi | 0:8fdf9a60065b | 886 | } |
| kadonotakashi | 0:8fdf9a60065b | 887 | else |
| kadonotakashi | 0:8fdf9a60065b | 888 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 889 | { |
| kadonotakashi | 0:8fdf9a60065b | 890 | transform->minlen = transform->maclen |
| kadonotakashi | 0:8fdf9a60065b | 891 | + cipher_info->block_size |
| kadonotakashi | 0:8fdf9a60065b | 892 | - transform->maclen % cipher_info->block_size; |
| kadonotakashi | 0:8fdf9a60065b | 893 | } |
| kadonotakashi | 0:8fdf9a60065b | 894 | |
| kadonotakashi | 0:8fdf9a60065b | 895 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
| kadonotakashi | 0:8fdf9a60065b | 896 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || |
| kadonotakashi | 0:8fdf9a60065b | 897 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 ) |
| kadonotakashi | 0:8fdf9a60065b | 898 | ; /* No need to adjust minlen */ |
| kadonotakashi | 0:8fdf9a60065b | 899 | else |
| kadonotakashi | 0:8fdf9a60065b | 900 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 901 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 902 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 || |
| kadonotakashi | 0:8fdf9a60065b | 903 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
| kadonotakashi | 0:8fdf9a60065b | 904 | { |
| kadonotakashi | 0:8fdf9a60065b | 905 | transform->minlen += transform->ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 906 | } |
| kadonotakashi | 0:8fdf9a60065b | 907 | else |
| kadonotakashi | 0:8fdf9a60065b | 908 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 909 | { |
| kadonotakashi | 0:8fdf9a60065b | 910 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 911 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 912 | } |
| kadonotakashi | 0:8fdf9a60065b | 913 | } |
| kadonotakashi | 0:8fdf9a60065b | 914 | } |
| kadonotakashi | 0:8fdf9a60065b | 915 | |
| kadonotakashi | 0:8fdf9a60065b | 916 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d", |
| kadonotakashi | 0:8fdf9a60065b | 917 | transform->keylen, transform->minlen, transform->ivlen, |
| kadonotakashi | 0:8fdf9a60065b | 918 | transform->maclen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 919 | |
| kadonotakashi | 0:8fdf9a60065b | 920 | /* |
| kadonotakashi | 0:8fdf9a60065b | 921 | * Finally setup the cipher contexts, IVs and MAC secrets. |
| kadonotakashi | 0:8fdf9a60065b | 922 | */ |
| kadonotakashi | 0:8fdf9a60065b | 923 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 924 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| kadonotakashi | 0:8fdf9a60065b | 925 | { |
| kadonotakashi | 0:8fdf9a60065b | 926 | key1 = keyblk + mac_key_len * 2; |
| kadonotakashi | 0:8fdf9a60065b | 927 | key2 = keyblk + mac_key_len * 2 + transform->keylen; |
| kadonotakashi | 0:8fdf9a60065b | 928 | |
| kadonotakashi | 0:8fdf9a60065b | 929 | mac_enc = keyblk; |
| kadonotakashi | 0:8fdf9a60065b | 930 | mac_dec = keyblk + mac_key_len; |
| kadonotakashi | 0:8fdf9a60065b | 931 | |
| kadonotakashi | 0:8fdf9a60065b | 932 | /* |
| kadonotakashi | 0:8fdf9a60065b | 933 | * This is not used in TLS v1.1. |
| kadonotakashi | 0:8fdf9a60065b | 934 | */ |
| kadonotakashi | 0:8fdf9a60065b | 935 | iv_copy_len = ( transform->fixed_ivlen ) ? |
| kadonotakashi | 0:8fdf9a60065b | 936 | transform->fixed_ivlen : transform->ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 937 | memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len ); |
| kadonotakashi | 0:8fdf9a60065b | 938 | memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len, |
| kadonotakashi | 0:8fdf9a60065b | 939 | iv_copy_len ); |
| kadonotakashi | 0:8fdf9a60065b | 940 | } |
| kadonotakashi | 0:8fdf9a60065b | 941 | else |
| kadonotakashi | 0:8fdf9a60065b | 942 | #endif /* MBEDTLS_SSL_CLI_C */ |
| kadonotakashi | 0:8fdf9a60065b | 943 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 944 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| kadonotakashi | 0:8fdf9a60065b | 945 | { |
| kadonotakashi | 0:8fdf9a60065b | 946 | key1 = keyblk + mac_key_len * 2 + transform->keylen; |
| kadonotakashi | 0:8fdf9a60065b | 947 | key2 = keyblk + mac_key_len * 2; |
| kadonotakashi | 0:8fdf9a60065b | 948 | |
| kadonotakashi | 0:8fdf9a60065b | 949 | mac_enc = keyblk + mac_key_len; |
| kadonotakashi | 0:8fdf9a60065b | 950 | mac_dec = keyblk; |
| kadonotakashi | 0:8fdf9a60065b | 951 | |
| kadonotakashi | 0:8fdf9a60065b | 952 | /* |
| kadonotakashi | 0:8fdf9a60065b | 953 | * This is not used in TLS v1.1. |
| kadonotakashi | 0:8fdf9a60065b | 954 | */ |
| kadonotakashi | 0:8fdf9a60065b | 955 | iv_copy_len = ( transform->fixed_ivlen ) ? |
| kadonotakashi | 0:8fdf9a60065b | 956 | transform->fixed_ivlen : transform->ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 957 | memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len ); |
| kadonotakashi | 0:8fdf9a60065b | 958 | memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len, |
| kadonotakashi | 0:8fdf9a60065b | 959 | iv_copy_len ); |
| kadonotakashi | 0:8fdf9a60065b | 960 | } |
| kadonotakashi | 0:8fdf9a60065b | 961 | else |
| kadonotakashi | 0:8fdf9a60065b | 962 | #endif /* MBEDTLS_SSL_SRV_C */ |
| kadonotakashi | 0:8fdf9a60065b | 963 | { |
| kadonotakashi | 0:8fdf9a60065b | 964 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 965 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 966 | } |
| kadonotakashi | 0:8fdf9a60065b | 967 | |
| kadonotakashi | 0:8fdf9a60065b | 968 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 969 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| kadonotakashi | 0:8fdf9a60065b | 970 | { |
| kadonotakashi | 0:8fdf9a60065b | 971 | if( mac_key_len > sizeof transform->mac_enc ) |
| kadonotakashi | 0:8fdf9a60065b | 972 | { |
| kadonotakashi | 0:8fdf9a60065b | 973 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 974 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 975 | } |
| kadonotakashi | 0:8fdf9a60065b | 976 | |
| kadonotakashi | 0:8fdf9a60065b | 977 | memcpy( transform->mac_enc, mac_enc, mac_key_len ); |
| kadonotakashi | 0:8fdf9a60065b | 978 | memcpy( transform->mac_dec, mac_dec, mac_key_len ); |
| kadonotakashi | 0:8fdf9a60065b | 979 | } |
| kadonotakashi | 0:8fdf9a60065b | 980 | else |
| kadonotakashi | 0:8fdf9a60065b | 981 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| kadonotakashi | 0:8fdf9a60065b | 982 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 983 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 984 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
| kadonotakashi | 0:8fdf9a60065b | 985 | { |
| kadonotakashi | 0:8fdf9a60065b | 986 | /* For HMAC-based ciphersuites, initialize the HMAC transforms. |
| kadonotakashi | 0:8fdf9a60065b | 987 | For AEAD-based ciphersuites, there is nothing to do here. */ |
| kadonotakashi | 0:8fdf9a60065b | 988 | if( mac_key_len != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 989 | { |
| kadonotakashi | 0:8fdf9a60065b | 990 | mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len ); |
| kadonotakashi | 0:8fdf9a60065b | 991 | mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len ); |
| kadonotakashi | 0:8fdf9a60065b | 992 | } |
| kadonotakashi | 0:8fdf9a60065b | 993 | } |
| kadonotakashi | 0:8fdf9a60065b | 994 | else |
| kadonotakashi | 0:8fdf9a60065b | 995 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 996 | { |
| kadonotakashi | 0:8fdf9a60065b | 997 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 998 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 999 | } |
| kadonotakashi | 0:8fdf9a60065b | 1000 | |
| kadonotakashi | 0:8fdf9a60065b | 1001 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| kadonotakashi | 0:8fdf9a60065b | 1002 | if( mbedtls_ssl_hw_record_init != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 1003 | { |
| kadonotakashi | 0:8fdf9a60065b | 1004 | int ret = 0; |
| kadonotakashi | 0:8fdf9a60065b | 1005 | |
| kadonotakashi | 0:8fdf9a60065b | 1006 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1007 | |
| kadonotakashi | 0:8fdf9a60065b | 1008 | if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen, |
| kadonotakashi | 0:8fdf9a60065b | 1009 | transform->iv_enc, transform->iv_dec, |
| kadonotakashi | 0:8fdf9a60065b | 1010 | iv_copy_len, |
| kadonotakashi | 0:8fdf9a60065b | 1011 | mac_enc, mac_dec, |
| kadonotakashi | 0:8fdf9a60065b | 1012 | mac_key_len ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1013 | { |
| kadonotakashi | 0:8fdf9a60065b | 1014 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1015 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 1016 | } |
| kadonotakashi | 0:8fdf9a60065b | 1017 | } |
| kadonotakashi | 0:8fdf9a60065b | 1018 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
| kadonotakashi | 0:8fdf9a60065b | 1019 | |
| kadonotakashi | 0:8fdf9a60065b | 1020 | #if defined(MBEDTLS_SSL_EXPORT_KEYS) |
| kadonotakashi | 0:8fdf9a60065b | 1021 | if( ssl->conf->f_export_keys != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 1022 | { |
| kadonotakashi | 0:8fdf9a60065b | 1023 | ssl->conf->f_export_keys( ssl->conf->p_export_keys, |
| kadonotakashi | 0:8fdf9a60065b | 1024 | session->master, keyblk, |
| kadonotakashi | 0:8fdf9a60065b | 1025 | mac_key_len, transform->keylen, |
| kadonotakashi | 0:8fdf9a60065b | 1026 | iv_copy_len ); |
| kadonotakashi | 0:8fdf9a60065b | 1027 | } |
| kadonotakashi | 0:8fdf9a60065b | 1028 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 1029 | |
| kadonotakashi | 0:8fdf9a60065b | 1030 | if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1031 | cipher_info ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1032 | { |
| kadonotakashi | 0:8fdf9a60065b | 1033 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1034 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1035 | } |
| kadonotakashi | 0:8fdf9a60065b | 1036 | |
| kadonotakashi | 0:8fdf9a60065b | 1037 | if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, |
| kadonotakashi | 0:8fdf9a60065b | 1038 | cipher_info ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1039 | { |
| kadonotakashi | 0:8fdf9a60065b | 1040 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1041 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1042 | } |
| kadonotakashi | 0:8fdf9a60065b | 1043 | |
| kadonotakashi | 0:8fdf9a60065b | 1044 | if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, |
| kadonotakashi | 0:8fdf9a60065b | 1045 | cipher_info->key_bitlen, |
| kadonotakashi | 0:8fdf9a60065b | 1046 | MBEDTLS_ENCRYPT ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1047 | { |
| kadonotakashi | 0:8fdf9a60065b | 1048 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1049 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1050 | } |
| kadonotakashi | 0:8fdf9a60065b | 1051 | |
| kadonotakashi | 0:8fdf9a60065b | 1052 | if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, |
| kadonotakashi | 0:8fdf9a60065b | 1053 | cipher_info->key_bitlen, |
| kadonotakashi | 0:8fdf9a60065b | 1054 | MBEDTLS_DECRYPT ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1055 | { |
| kadonotakashi | 0:8fdf9a60065b | 1056 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1057 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1058 | } |
| kadonotakashi | 0:8fdf9a60065b | 1059 | |
| kadonotakashi | 0:8fdf9a60065b | 1060 | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
| kadonotakashi | 0:8fdf9a60065b | 1061 | if( cipher_info->mode == MBEDTLS_MODE_CBC ) |
| kadonotakashi | 0:8fdf9a60065b | 1062 | { |
| kadonotakashi | 0:8fdf9a60065b | 1063 | if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1064 | MBEDTLS_PADDING_NONE ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1065 | { |
| kadonotakashi | 0:8fdf9a60065b | 1066 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1067 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1068 | } |
| kadonotakashi | 0:8fdf9a60065b | 1069 | |
| kadonotakashi | 0:8fdf9a60065b | 1070 | if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec, |
| kadonotakashi | 0:8fdf9a60065b | 1071 | MBEDTLS_PADDING_NONE ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1072 | { |
| kadonotakashi | 0:8fdf9a60065b | 1073 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1074 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1075 | } |
| kadonotakashi | 0:8fdf9a60065b | 1076 | } |
| kadonotakashi | 0:8fdf9a60065b | 1077 | #endif /* MBEDTLS_CIPHER_MODE_CBC */ |
| kadonotakashi | 0:8fdf9a60065b | 1078 | |
| kadonotakashi | 0:8fdf9a60065b | 1079 | mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1080 | |
| kadonotakashi | 0:8fdf9a60065b | 1081 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| kadonotakashi | 0:8fdf9a60065b | 1082 | // Initialize compression |
| kadonotakashi | 0:8fdf9a60065b | 1083 | // |
| kadonotakashi | 0:8fdf9a60065b | 1084 | if( session->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
| kadonotakashi | 0:8fdf9a60065b | 1085 | { |
| kadonotakashi | 0:8fdf9a60065b | 1086 | if( ssl->compress_buf == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 1087 | { |
| kadonotakashi | 0:8fdf9a60065b | 1088 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1089 | ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_COMPRESS_BUFFER_LEN ); |
| kadonotakashi | 0:8fdf9a60065b | 1090 | if( ssl->compress_buf == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 1091 | { |
| kadonotakashi | 0:8fdf9a60065b | 1092 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", |
| kadonotakashi | 0:8fdf9a60065b | 1093 | MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1094 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 1095 | } |
| kadonotakashi | 0:8fdf9a60065b | 1096 | } |
| kadonotakashi | 0:8fdf9a60065b | 1097 | |
| kadonotakashi | 0:8fdf9a60065b | 1098 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1099 | |
| kadonotakashi | 0:8fdf9a60065b | 1100 | memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1101 | memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1102 | |
| kadonotakashi | 0:8fdf9a60065b | 1103 | if( deflateInit( &transform->ctx_deflate, |
| kadonotakashi | 0:8fdf9a60065b | 1104 | Z_DEFAULT_COMPRESSION ) != Z_OK || |
| kadonotakashi | 0:8fdf9a60065b | 1105 | inflateInit( &transform->ctx_inflate ) != Z_OK ) |
| kadonotakashi | 0:8fdf9a60065b | 1106 | { |
| kadonotakashi | 0:8fdf9a60065b | 1107 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1108 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 1109 | } |
| kadonotakashi | 0:8fdf9a60065b | 1110 | } |
| kadonotakashi | 0:8fdf9a60065b | 1111 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
| kadonotakashi | 0:8fdf9a60065b | 1112 | |
| kadonotakashi | 0:8fdf9a60065b | 1113 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1114 | |
| kadonotakashi | 0:8fdf9a60065b | 1115 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 1116 | } |
| kadonotakashi | 0:8fdf9a60065b | 1117 | |
| kadonotakashi | 0:8fdf9a60065b | 1118 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 1119 | void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] ) |
| kadonotakashi | 0:8fdf9a60065b | 1120 | { |
| kadonotakashi | 0:8fdf9a60065b | 1121 | mbedtls_md5_context md5; |
| kadonotakashi | 0:8fdf9a60065b | 1122 | mbedtls_sha1_context sha1; |
| kadonotakashi | 0:8fdf9a60065b | 1123 | unsigned char pad_1[48]; |
| kadonotakashi | 0:8fdf9a60065b | 1124 | unsigned char pad_2[48]; |
| kadonotakashi | 0:8fdf9a60065b | 1125 | |
| kadonotakashi | 0:8fdf9a60065b | 1126 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1127 | |
| kadonotakashi | 0:8fdf9a60065b | 1128 | mbedtls_md5_init( &md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 1129 | mbedtls_sha1_init( &sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 1130 | |
| kadonotakashi | 0:8fdf9a60065b | 1131 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 1132 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 1133 | |
| kadonotakashi | 0:8fdf9a60065b | 1134 | memset( pad_1, 0x36, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 1135 | memset( pad_2, 0x5C, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 1136 | |
| kadonotakashi | 0:8fdf9a60065b | 1137 | mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 1138 | mbedtls_md5_update_ret( &md5, pad_1, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 1139 | mbedtls_md5_finish_ret( &md5, hash ); |
| kadonotakashi | 0:8fdf9a60065b | 1140 | |
| kadonotakashi | 0:8fdf9a60065b | 1141 | mbedtls_md5_starts_ret( &md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 1142 | mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 1143 | mbedtls_md5_update_ret( &md5, pad_2, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 1144 | mbedtls_md5_update_ret( &md5, hash, 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 1145 | mbedtls_md5_finish_ret( &md5, hash ); |
| kadonotakashi | 0:8fdf9a60065b | 1146 | |
| kadonotakashi | 0:8fdf9a60065b | 1147 | mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 1148 | mbedtls_sha1_update_ret( &sha1, pad_1, 40 ); |
| kadonotakashi | 0:8fdf9a60065b | 1149 | mbedtls_sha1_finish_ret( &sha1, hash + 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 1150 | |
| kadonotakashi | 0:8fdf9a60065b | 1151 | mbedtls_sha1_starts_ret( &sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 1152 | mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 1153 | mbedtls_sha1_update_ret( &sha1, pad_2, 40 ); |
| kadonotakashi | 0:8fdf9a60065b | 1154 | mbedtls_sha1_update_ret( &sha1, hash + 16, 20 ); |
| kadonotakashi | 0:8fdf9a60065b | 1155 | mbedtls_sha1_finish_ret( &sha1, hash + 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 1156 | |
| kadonotakashi | 0:8fdf9a60065b | 1157 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); |
| kadonotakashi | 0:8fdf9a60065b | 1158 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1159 | |
| kadonotakashi | 0:8fdf9a60065b | 1160 | mbedtls_md5_free( &md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 1161 | mbedtls_sha1_free( &sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 1162 | |
| kadonotakashi | 0:8fdf9a60065b | 1163 | return; |
| kadonotakashi | 0:8fdf9a60065b | 1164 | } |
| kadonotakashi | 0:8fdf9a60065b | 1165 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| kadonotakashi | 0:8fdf9a60065b | 1166 | |
| kadonotakashi | 0:8fdf9a60065b | 1167 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 1168 | void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] ) |
| kadonotakashi | 0:8fdf9a60065b | 1169 | { |
| kadonotakashi | 0:8fdf9a60065b | 1170 | mbedtls_md5_context md5; |
| kadonotakashi | 0:8fdf9a60065b | 1171 | mbedtls_sha1_context sha1; |
| kadonotakashi | 0:8fdf9a60065b | 1172 | |
| kadonotakashi | 0:8fdf9a60065b | 1173 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1174 | |
| kadonotakashi | 0:8fdf9a60065b | 1175 | mbedtls_md5_init( &md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 1176 | mbedtls_sha1_init( &sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 1177 | |
| kadonotakashi | 0:8fdf9a60065b | 1178 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 1179 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 1180 | |
| kadonotakashi | 0:8fdf9a60065b | 1181 | mbedtls_md5_finish_ret( &md5, hash ); |
| kadonotakashi | 0:8fdf9a60065b | 1182 | mbedtls_sha1_finish_ret( &sha1, hash + 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 1183 | |
| kadonotakashi | 0:8fdf9a60065b | 1184 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); |
| kadonotakashi | 0:8fdf9a60065b | 1185 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1186 | |
| kadonotakashi | 0:8fdf9a60065b | 1187 | mbedtls_md5_free( &md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 1188 | mbedtls_sha1_free( &sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 1189 | |
| kadonotakashi | 0:8fdf9a60065b | 1190 | return; |
| kadonotakashi | 0:8fdf9a60065b | 1191 | } |
| kadonotakashi | 0:8fdf9a60065b | 1192 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
| kadonotakashi | 0:8fdf9a60065b | 1193 | |
| kadonotakashi | 0:8fdf9a60065b | 1194 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 1195 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 1196 | void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] ) |
| kadonotakashi | 0:8fdf9a60065b | 1197 | { |
| kadonotakashi | 0:8fdf9a60065b | 1198 | mbedtls_sha256_context sha256; |
| kadonotakashi | 0:8fdf9a60065b | 1199 | |
| kadonotakashi | 0:8fdf9a60065b | 1200 | mbedtls_sha256_init( &sha256 ); |
| kadonotakashi | 0:8fdf9a60065b | 1201 | |
| kadonotakashi | 0:8fdf9a60065b | 1202 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1203 | |
| kadonotakashi | 0:8fdf9a60065b | 1204 | mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); |
| kadonotakashi | 0:8fdf9a60065b | 1205 | mbedtls_sha256_finish_ret( &sha256, hash ); |
| kadonotakashi | 0:8fdf9a60065b | 1206 | |
| kadonotakashi | 0:8fdf9a60065b | 1207 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 ); |
| kadonotakashi | 0:8fdf9a60065b | 1208 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1209 | |
| kadonotakashi | 0:8fdf9a60065b | 1210 | mbedtls_sha256_free( &sha256 ); |
| kadonotakashi | 0:8fdf9a60065b | 1211 | |
| kadonotakashi | 0:8fdf9a60065b | 1212 | return; |
| kadonotakashi | 0:8fdf9a60065b | 1213 | } |
| kadonotakashi | 0:8fdf9a60065b | 1214 | #endif /* MBEDTLS_SHA256_C */ |
| kadonotakashi | 0:8fdf9a60065b | 1215 | |
| kadonotakashi | 0:8fdf9a60065b | 1216 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 1217 | void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] ) |
| kadonotakashi | 0:8fdf9a60065b | 1218 | { |
| kadonotakashi | 0:8fdf9a60065b | 1219 | mbedtls_sha512_context sha512; |
| kadonotakashi | 0:8fdf9a60065b | 1220 | |
| kadonotakashi | 0:8fdf9a60065b | 1221 | mbedtls_sha512_init( &sha512 ); |
| kadonotakashi | 0:8fdf9a60065b | 1222 | |
| kadonotakashi | 0:8fdf9a60065b | 1223 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1224 | |
| kadonotakashi | 0:8fdf9a60065b | 1225 | mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); |
| kadonotakashi | 0:8fdf9a60065b | 1226 | mbedtls_sha512_finish_ret( &sha512, hash ); |
| kadonotakashi | 0:8fdf9a60065b | 1227 | |
| kadonotakashi | 0:8fdf9a60065b | 1228 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 1229 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1230 | |
| kadonotakashi | 0:8fdf9a60065b | 1231 | mbedtls_sha512_free( &sha512 ); |
| kadonotakashi | 0:8fdf9a60065b | 1232 | |
| kadonotakashi | 0:8fdf9a60065b | 1233 | return; |
| kadonotakashi | 0:8fdf9a60065b | 1234 | } |
| kadonotakashi | 0:8fdf9a60065b | 1235 | #endif /* MBEDTLS_SHA512_C */ |
| kadonotakashi | 0:8fdf9a60065b | 1236 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 1237 | |
| kadonotakashi | 0:8fdf9a60065b | 1238 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 1239 | int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) |
| kadonotakashi | 0:8fdf9a60065b | 1240 | { |
| kadonotakashi | 0:8fdf9a60065b | 1241 | unsigned char *p = ssl->handshake->premaster; |
| kadonotakashi | 0:8fdf9a60065b | 1242 | unsigned char *end = p + sizeof( ssl->handshake->premaster ); |
| kadonotakashi | 0:8fdf9a60065b | 1243 | const unsigned char *psk = ssl->conf->psk; |
| kadonotakashi | 0:8fdf9a60065b | 1244 | size_t psk_len = ssl->conf->psk_len; |
| kadonotakashi | 0:8fdf9a60065b | 1245 | |
| kadonotakashi | 0:8fdf9a60065b | 1246 | /* If the psk callback was called, use its result */ |
| kadonotakashi | 0:8fdf9a60065b | 1247 | if( ssl->handshake->psk != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 1248 | { |
| kadonotakashi | 0:8fdf9a60065b | 1249 | psk = ssl->handshake->psk; |
| kadonotakashi | 0:8fdf9a60065b | 1250 | psk_len = ssl->handshake->psk_len; |
| kadonotakashi | 0:8fdf9a60065b | 1251 | } |
| kadonotakashi | 0:8fdf9a60065b | 1252 | |
| kadonotakashi | 0:8fdf9a60065b | 1253 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1254 | * PMS = struct { |
| kadonotakashi | 0:8fdf9a60065b | 1255 | * opaque other_secret<0..2^16-1>; |
| kadonotakashi | 0:8fdf9a60065b | 1256 | * opaque psk<0..2^16-1>; |
| kadonotakashi | 0:8fdf9a60065b | 1257 | * }; |
| kadonotakashi | 0:8fdf9a60065b | 1258 | * with "other_secret" depending on the particular key exchange |
| kadonotakashi | 0:8fdf9a60065b | 1259 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1260 | #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 1261 | if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK ) |
| kadonotakashi | 0:8fdf9a60065b | 1262 | { |
| kadonotakashi | 0:8fdf9a60065b | 1263 | if( end - p < 2 ) |
| kadonotakashi | 0:8fdf9a60065b | 1264 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 1265 | |
| kadonotakashi | 0:8fdf9a60065b | 1266 | *(p++) = (unsigned char)( psk_len >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1267 | *(p++) = (unsigned char)( psk_len ); |
| kadonotakashi | 0:8fdf9a60065b | 1268 | |
| kadonotakashi | 0:8fdf9a60065b | 1269 | if( end < p || (size_t)( end - p ) < psk_len ) |
| kadonotakashi | 0:8fdf9a60065b | 1270 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 1271 | |
| kadonotakashi | 0:8fdf9a60065b | 1272 | memset( p, 0, psk_len ); |
| kadonotakashi | 0:8fdf9a60065b | 1273 | p += psk_len; |
| kadonotakashi | 0:8fdf9a60065b | 1274 | } |
| kadonotakashi | 0:8fdf9a60065b | 1275 | else |
| kadonotakashi | 0:8fdf9a60065b | 1276 | #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ |
| kadonotakashi | 0:8fdf9a60065b | 1277 | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 1278 | if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) |
| kadonotakashi | 0:8fdf9a60065b | 1279 | { |
| kadonotakashi | 0:8fdf9a60065b | 1280 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1281 | * other_secret already set by the ClientKeyExchange message, |
| kadonotakashi | 0:8fdf9a60065b | 1282 | * and is 48 bytes long |
| kadonotakashi | 0:8fdf9a60065b | 1283 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1284 | if( end - p < 2 ) |
| kadonotakashi | 0:8fdf9a60065b | 1285 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 1286 | |
| kadonotakashi | 0:8fdf9a60065b | 1287 | *p++ = 0; |
| kadonotakashi | 0:8fdf9a60065b | 1288 | *p++ = 48; |
| kadonotakashi | 0:8fdf9a60065b | 1289 | p += 48; |
| kadonotakashi | 0:8fdf9a60065b | 1290 | } |
| kadonotakashi | 0:8fdf9a60065b | 1291 | else |
| kadonotakashi | 0:8fdf9a60065b | 1292 | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ |
| kadonotakashi | 0:8fdf9a60065b | 1293 | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 1294 | if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) |
| kadonotakashi | 0:8fdf9a60065b | 1295 | { |
| kadonotakashi | 0:8fdf9a60065b | 1296 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 1297 | size_t len; |
| kadonotakashi | 0:8fdf9a60065b | 1298 | |
| kadonotakashi | 0:8fdf9a60065b | 1299 | /* Write length only when we know the actual value */ |
| kadonotakashi | 0:8fdf9a60065b | 1300 | if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, |
| kadonotakashi | 0:8fdf9a60065b | 1301 | p + 2, end - ( p + 2 ), &len, |
| kadonotakashi | 0:8fdf9a60065b | 1302 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1303 | { |
| kadonotakashi | 0:8fdf9a60065b | 1304 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1305 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1306 | } |
| kadonotakashi | 0:8fdf9a60065b | 1307 | *(p++) = (unsigned char)( len >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1308 | *(p++) = (unsigned char)( len ); |
| kadonotakashi | 0:8fdf9a60065b | 1309 | p += len; |
| kadonotakashi | 0:8fdf9a60065b | 1310 | |
| kadonotakashi | 0:8fdf9a60065b | 1311 | MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); |
| kadonotakashi | 0:8fdf9a60065b | 1312 | } |
| kadonotakashi | 0:8fdf9a60065b | 1313 | else |
| kadonotakashi | 0:8fdf9a60065b | 1314 | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ |
| kadonotakashi | 0:8fdf9a60065b | 1315 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 1316 | if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) |
| kadonotakashi | 0:8fdf9a60065b | 1317 | { |
| kadonotakashi | 0:8fdf9a60065b | 1318 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 1319 | size_t zlen; |
| kadonotakashi | 0:8fdf9a60065b | 1320 | |
| kadonotakashi | 0:8fdf9a60065b | 1321 | if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, |
| kadonotakashi | 0:8fdf9a60065b | 1322 | p + 2, end - ( p + 2 ), |
| kadonotakashi | 0:8fdf9a60065b | 1323 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1324 | { |
| kadonotakashi | 0:8fdf9a60065b | 1325 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1326 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1327 | } |
| kadonotakashi | 0:8fdf9a60065b | 1328 | |
| kadonotakashi | 0:8fdf9a60065b | 1329 | *(p++) = (unsigned char)( zlen >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1330 | *(p++) = (unsigned char)( zlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1331 | p += zlen; |
| kadonotakashi | 0:8fdf9a60065b | 1332 | |
| kadonotakashi | 0:8fdf9a60065b | 1333 | MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); |
| kadonotakashi | 0:8fdf9a60065b | 1334 | } |
| kadonotakashi | 0:8fdf9a60065b | 1335 | else |
| kadonotakashi | 0:8fdf9a60065b | 1336 | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ |
| kadonotakashi | 0:8fdf9a60065b | 1337 | { |
| kadonotakashi | 0:8fdf9a60065b | 1338 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1339 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 1340 | } |
| kadonotakashi | 0:8fdf9a60065b | 1341 | |
| kadonotakashi | 0:8fdf9a60065b | 1342 | /* opaque psk<0..2^16-1>; */ |
| kadonotakashi | 0:8fdf9a60065b | 1343 | if( end - p < 2 ) |
| kadonotakashi | 0:8fdf9a60065b | 1344 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 1345 | |
| kadonotakashi | 0:8fdf9a60065b | 1346 | *(p++) = (unsigned char)( psk_len >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1347 | *(p++) = (unsigned char)( psk_len ); |
| kadonotakashi | 0:8fdf9a60065b | 1348 | |
| kadonotakashi | 0:8fdf9a60065b | 1349 | if( end < p || (size_t)( end - p ) < psk_len ) |
| kadonotakashi | 0:8fdf9a60065b | 1350 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 1351 | |
| kadonotakashi | 0:8fdf9a60065b | 1352 | memcpy( p, psk, psk_len ); |
| kadonotakashi | 0:8fdf9a60065b | 1353 | p += psk_len; |
| kadonotakashi | 0:8fdf9a60065b | 1354 | |
| kadonotakashi | 0:8fdf9a60065b | 1355 | ssl->handshake->pmslen = p - ssl->handshake->premaster; |
| kadonotakashi | 0:8fdf9a60065b | 1356 | |
| kadonotakashi | 0:8fdf9a60065b | 1357 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 1358 | } |
| kadonotakashi | 0:8fdf9a60065b | 1359 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
| kadonotakashi | 0:8fdf9a60065b | 1360 | |
| kadonotakashi | 0:8fdf9a60065b | 1361 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 1362 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1363 | * SSLv3.0 MAC functions |
| kadonotakashi | 0:8fdf9a60065b | 1364 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1365 | #define SSL_MAC_MAX_BYTES 20 /* MD-5 or SHA-1 */ |
| kadonotakashi | 0:8fdf9a60065b | 1366 | static void ssl_mac( mbedtls_md_context_t *md_ctx, |
| kadonotakashi | 0:8fdf9a60065b | 1367 | const unsigned char *secret, |
| kadonotakashi | 0:8fdf9a60065b | 1368 | const unsigned char *buf, size_t len, |
| kadonotakashi | 0:8fdf9a60065b | 1369 | const unsigned char *ctr, int type, |
| kadonotakashi | 0:8fdf9a60065b | 1370 | unsigned char out[SSL_MAC_MAX_BYTES] ) |
| kadonotakashi | 0:8fdf9a60065b | 1371 | { |
| kadonotakashi | 0:8fdf9a60065b | 1372 | unsigned char header[11]; |
| kadonotakashi | 0:8fdf9a60065b | 1373 | unsigned char padding[48]; |
| kadonotakashi | 0:8fdf9a60065b | 1374 | int padlen; |
| kadonotakashi | 0:8fdf9a60065b | 1375 | int md_size = mbedtls_md_get_size( md_ctx->md_info ); |
| kadonotakashi | 0:8fdf9a60065b | 1376 | int md_type = mbedtls_md_get_type( md_ctx->md_info ); |
| kadonotakashi | 0:8fdf9a60065b | 1377 | |
| kadonotakashi | 0:8fdf9a60065b | 1378 | /* Only MD5 and SHA-1 supported */ |
| kadonotakashi | 0:8fdf9a60065b | 1379 | if( md_type == MBEDTLS_MD_MD5 ) |
| kadonotakashi | 0:8fdf9a60065b | 1380 | padlen = 48; |
| kadonotakashi | 0:8fdf9a60065b | 1381 | else |
| kadonotakashi | 0:8fdf9a60065b | 1382 | padlen = 40; |
| kadonotakashi | 0:8fdf9a60065b | 1383 | |
| kadonotakashi | 0:8fdf9a60065b | 1384 | memcpy( header, ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1385 | header[ 8] = (unsigned char) type; |
| kadonotakashi | 0:8fdf9a60065b | 1386 | header[ 9] = (unsigned char)( len >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1387 | header[10] = (unsigned char)( len ); |
| kadonotakashi | 0:8fdf9a60065b | 1388 | |
| kadonotakashi | 0:8fdf9a60065b | 1389 | memset( padding, 0x36, padlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1390 | mbedtls_md_starts( md_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 1391 | mbedtls_md_update( md_ctx, secret, md_size ); |
| kadonotakashi | 0:8fdf9a60065b | 1392 | mbedtls_md_update( md_ctx, padding, padlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1393 | mbedtls_md_update( md_ctx, header, 11 ); |
| kadonotakashi | 0:8fdf9a60065b | 1394 | mbedtls_md_update( md_ctx, buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 1395 | mbedtls_md_finish( md_ctx, out ); |
| kadonotakashi | 0:8fdf9a60065b | 1396 | |
| kadonotakashi | 0:8fdf9a60065b | 1397 | memset( padding, 0x5C, padlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1398 | mbedtls_md_starts( md_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 1399 | mbedtls_md_update( md_ctx, secret, md_size ); |
| kadonotakashi | 0:8fdf9a60065b | 1400 | mbedtls_md_update( md_ctx, padding, padlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1401 | mbedtls_md_update( md_ctx, out, md_size ); |
| kadonotakashi | 0:8fdf9a60065b | 1402 | mbedtls_md_finish( md_ctx, out ); |
| kadonotakashi | 0:8fdf9a60065b | 1403 | } |
| kadonotakashi | 0:8fdf9a60065b | 1404 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| kadonotakashi | 0:8fdf9a60065b | 1405 | |
| kadonotakashi | 0:8fdf9a60065b | 1406 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ |
| kadonotakashi | 0:8fdf9a60065b | 1407 | ( defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
| kadonotakashi | 0:8fdf9a60065b | 1408 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C)) ) |
| kadonotakashi | 0:8fdf9a60065b | 1409 | #define SSL_SOME_MODES_USE_MAC |
| kadonotakashi | 0:8fdf9a60065b | 1410 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 1411 | |
| kadonotakashi | 0:8fdf9a60065b | 1412 | /* The function below is only used in the Lucky 13 counter-measure in |
| kadonotakashi | 0:8fdf9a60065b | 1413 | * ssl_decrypt_buf(). These are the defines that guard the call site. */ |
| kadonotakashi | 0:8fdf9a60065b | 1414 | #if defined(SSL_SOME_MODES_USE_MAC) && \ |
| kadonotakashi | 0:8fdf9a60065b | 1415 | ( defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 1416 | defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 1417 | defined(MBEDTLS_SSL_PROTO_TLS1_2) ) |
| kadonotakashi | 0:8fdf9a60065b | 1418 | /* This function makes sure every byte in the memory region is accessed |
| kadonotakashi | 0:8fdf9a60065b | 1419 | * (in ascending addresses order) */ |
| kadonotakashi | 0:8fdf9a60065b | 1420 | static void ssl_read_memory( unsigned char *p, size_t len ) |
| kadonotakashi | 0:8fdf9a60065b | 1421 | { |
| kadonotakashi | 0:8fdf9a60065b | 1422 | unsigned char acc = 0; |
| kadonotakashi | 0:8fdf9a60065b | 1423 | volatile unsigned char force; |
| kadonotakashi | 0:8fdf9a60065b | 1424 | |
| kadonotakashi | 0:8fdf9a60065b | 1425 | for( ; len != 0; p++, len-- ) |
| kadonotakashi | 0:8fdf9a60065b | 1426 | acc ^= *p; |
| kadonotakashi | 0:8fdf9a60065b | 1427 | |
| kadonotakashi | 0:8fdf9a60065b | 1428 | force = acc; |
| kadonotakashi | 0:8fdf9a60065b | 1429 | (void) force; |
| kadonotakashi | 0:8fdf9a60065b | 1430 | } |
| kadonotakashi | 0:8fdf9a60065b | 1431 | #endif /* SSL_SOME_MODES_USE_MAC && ( TLS1 || TLS1_1 || TLS1_2 ) */ |
| kadonotakashi | 0:8fdf9a60065b | 1432 | |
| kadonotakashi | 0:8fdf9a60065b | 1433 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1434 | * Encryption/decryption functions |
| kadonotakashi | 0:8fdf9a60065b | 1435 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1436 | static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 1437 | { |
| kadonotakashi | 0:8fdf9a60065b | 1438 | mbedtls_cipher_mode_t mode; |
| kadonotakashi | 0:8fdf9a60065b | 1439 | int auth_done = 0; |
| kadonotakashi | 0:8fdf9a60065b | 1440 | |
| kadonotakashi | 0:8fdf9a60065b | 1441 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1442 | |
| kadonotakashi | 0:8fdf9a60065b | 1443 | if( ssl->session_out == NULL || ssl->transform_out == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 1444 | { |
| kadonotakashi | 0:8fdf9a60065b | 1445 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1446 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 1447 | } |
| kadonotakashi | 0:8fdf9a60065b | 1448 | |
| kadonotakashi | 0:8fdf9a60065b | 1449 | mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ); |
| kadonotakashi | 0:8fdf9a60065b | 1450 | |
| kadonotakashi | 0:8fdf9a60065b | 1451 | MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload", |
| kadonotakashi | 0:8fdf9a60065b | 1452 | ssl->out_msg, ssl->out_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 1453 | |
| kadonotakashi | 0:8fdf9a60065b | 1454 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1455 | * Add MAC before if needed |
| kadonotakashi | 0:8fdf9a60065b | 1456 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1457 | #if defined(SSL_SOME_MODES_USE_MAC) |
| kadonotakashi | 0:8fdf9a60065b | 1458 | if( mode == MBEDTLS_MODE_STREAM || |
| kadonotakashi | 0:8fdf9a60065b | 1459 | ( mode == MBEDTLS_MODE_CBC |
| kadonotakashi | 0:8fdf9a60065b | 1460 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| kadonotakashi | 0:8fdf9a60065b | 1461 | && ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED |
| kadonotakashi | 0:8fdf9a60065b | 1462 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 1463 | ) ) |
| kadonotakashi | 0:8fdf9a60065b | 1464 | { |
| kadonotakashi | 0:8fdf9a60065b | 1465 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 1466 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1467 | { |
| kadonotakashi | 0:8fdf9a60065b | 1468 | unsigned char mac[SSL_MAC_MAX_BYTES]; |
| kadonotakashi | 0:8fdf9a60065b | 1469 | |
| kadonotakashi | 0:8fdf9a60065b | 1470 | ssl_mac( &ssl->transform_out->md_ctx_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1471 | ssl->transform_out->mac_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1472 | ssl->out_msg, ssl->out_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 1473 | ssl->out_ctr, ssl->out_msgtype, |
| kadonotakashi | 0:8fdf9a60065b | 1474 | mac ); |
| kadonotakashi | 0:8fdf9a60065b | 1475 | |
| kadonotakashi | 0:8fdf9a60065b | 1476 | memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen ); |
| kadonotakashi | 0:8fdf9a60065b | 1477 | } |
| kadonotakashi | 0:8fdf9a60065b | 1478 | else |
| kadonotakashi | 0:8fdf9a60065b | 1479 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 1480 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 1481 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 1482 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
| kadonotakashi | 0:8fdf9a60065b | 1483 | { |
| kadonotakashi | 0:8fdf9a60065b | 1484 | unsigned char mac[MBEDTLS_SSL_MAC_ADD]; |
| kadonotakashi | 0:8fdf9a60065b | 1485 | |
| kadonotakashi | 0:8fdf9a60065b | 1486 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1487 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 ); |
| kadonotakashi | 0:8fdf9a60065b | 1488 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 ); |
| kadonotakashi | 0:8fdf9a60065b | 1489 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1490 | ssl->out_msg, ssl->out_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 1491 | mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac ); |
| kadonotakashi | 0:8fdf9a60065b | 1492 | mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); |
| kadonotakashi | 0:8fdf9a60065b | 1493 | |
| kadonotakashi | 0:8fdf9a60065b | 1494 | memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen ); |
| kadonotakashi | 0:8fdf9a60065b | 1495 | } |
| kadonotakashi | 0:8fdf9a60065b | 1496 | else |
| kadonotakashi | 0:8fdf9a60065b | 1497 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 1498 | { |
| kadonotakashi | 0:8fdf9a60065b | 1499 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1500 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 1501 | } |
| kadonotakashi | 0:8fdf9a60065b | 1502 | |
| kadonotakashi | 0:8fdf9a60065b | 1503 | MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", |
| kadonotakashi | 0:8fdf9a60065b | 1504 | ssl->out_msg + ssl->out_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 1505 | ssl->transform_out->maclen ); |
| kadonotakashi | 0:8fdf9a60065b | 1506 | |
| kadonotakashi | 0:8fdf9a60065b | 1507 | ssl->out_msglen += ssl->transform_out->maclen; |
| kadonotakashi | 0:8fdf9a60065b | 1508 | auth_done++; |
| kadonotakashi | 0:8fdf9a60065b | 1509 | } |
| kadonotakashi | 0:8fdf9a60065b | 1510 | #endif /* AEAD not the only option */ |
| kadonotakashi | 0:8fdf9a60065b | 1511 | |
| kadonotakashi | 0:8fdf9a60065b | 1512 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1513 | * Encrypt |
| kadonotakashi | 0:8fdf9a60065b | 1514 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1515 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) |
| kadonotakashi | 0:8fdf9a60065b | 1516 | if( mode == MBEDTLS_MODE_STREAM ) |
| kadonotakashi | 0:8fdf9a60065b | 1517 | { |
| kadonotakashi | 0:8fdf9a60065b | 1518 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 1519 | size_t olen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 1520 | |
| kadonotakashi | 0:8fdf9a60065b | 1521 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
| kadonotakashi | 0:8fdf9a60065b | 1522 | "including %d bytes of padding", |
| kadonotakashi | 0:8fdf9a60065b | 1523 | ssl->out_msglen, 0 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1524 | |
| kadonotakashi | 0:8fdf9a60065b | 1525 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1526 | ssl->transform_out->iv_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1527 | ssl->transform_out->ivlen, |
| kadonotakashi | 0:8fdf9a60065b | 1528 | ssl->out_msg, ssl->out_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 1529 | ssl->out_msg, &olen ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1530 | { |
| kadonotakashi | 0:8fdf9a60065b | 1531 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1532 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1533 | } |
| kadonotakashi | 0:8fdf9a60065b | 1534 | |
| kadonotakashi | 0:8fdf9a60065b | 1535 | if( ssl->out_msglen != olen ) |
| kadonotakashi | 0:8fdf9a60065b | 1536 | { |
| kadonotakashi | 0:8fdf9a60065b | 1537 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1538 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 1539 | } |
| kadonotakashi | 0:8fdf9a60065b | 1540 | } |
| kadonotakashi | 0:8fdf9a60065b | 1541 | else |
| kadonotakashi | 0:8fdf9a60065b | 1542 | #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ |
| kadonotakashi | 0:8fdf9a60065b | 1543 | #if defined(MBEDTLS_GCM_C) || \ |
| kadonotakashi | 0:8fdf9a60065b | 1544 | defined(MBEDTLS_CCM_C) || \ |
| kadonotakashi | 0:8fdf9a60065b | 1545 | defined(MBEDTLS_CHACHAPOLY_C) |
| kadonotakashi | 0:8fdf9a60065b | 1546 | if( mode == MBEDTLS_MODE_GCM || |
| kadonotakashi | 0:8fdf9a60065b | 1547 | mode == MBEDTLS_MODE_CCM || |
| kadonotakashi | 0:8fdf9a60065b | 1548 | mode == MBEDTLS_MODE_CHACHAPOLY ) |
| kadonotakashi | 0:8fdf9a60065b | 1549 | { |
| kadonotakashi | 0:8fdf9a60065b | 1550 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 1551 | size_t enc_msglen, olen; |
| kadonotakashi | 0:8fdf9a60065b | 1552 | unsigned char *enc_msg; |
| kadonotakashi | 0:8fdf9a60065b | 1553 | unsigned char add_data[13]; |
| kadonotakashi | 0:8fdf9a60065b | 1554 | unsigned char iv[12]; |
| kadonotakashi | 0:8fdf9a60065b | 1555 | mbedtls_ssl_transform *transform = ssl->transform_out; |
| kadonotakashi | 0:8fdf9a60065b | 1556 | unsigned char taglen = transform->ciphersuite_info->flags & |
| kadonotakashi | 0:8fdf9a60065b | 1557 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; |
| kadonotakashi | 0:8fdf9a60065b | 1558 | size_t explicit_ivlen = transform->ivlen - transform->fixed_ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 1559 | |
| kadonotakashi | 0:8fdf9a60065b | 1560 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1561 | * Prepare additional authenticated data |
| kadonotakashi | 0:8fdf9a60065b | 1562 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1563 | memcpy( add_data, ssl->out_ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1564 | add_data[8] = ssl->out_msgtype; |
| kadonotakashi | 0:8fdf9a60065b | 1565 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
| kadonotakashi | 0:8fdf9a60065b | 1566 | ssl->conf->transport, add_data + 9 ); |
| kadonotakashi | 0:8fdf9a60065b | 1567 | add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF; |
| kadonotakashi | 0:8fdf9a60065b | 1568 | add_data[12] = ssl->out_msglen & 0xFF; |
| kadonotakashi | 0:8fdf9a60065b | 1569 | |
| kadonotakashi | 0:8fdf9a60065b | 1570 | MBEDTLS_SSL_DEBUG_BUF( 4, "additional data for AEAD", add_data, 13 ); |
| kadonotakashi | 0:8fdf9a60065b | 1571 | |
| kadonotakashi | 0:8fdf9a60065b | 1572 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1573 | * Generate IV |
| kadonotakashi | 0:8fdf9a60065b | 1574 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1575 | if( transform->ivlen == 12 && transform->fixed_ivlen == 4 ) |
| kadonotakashi | 0:8fdf9a60065b | 1576 | { |
| kadonotakashi | 0:8fdf9a60065b | 1577 | /* GCM and CCM: fixed || explicit (=seqnum) */ |
| kadonotakashi | 0:8fdf9a60065b | 1578 | memcpy( iv, transform->iv_enc, transform->fixed_ivlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1579 | memcpy( iv + transform->fixed_ivlen, ssl->out_ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1580 | memcpy( ssl->out_iv, ssl->out_ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1581 | |
| kadonotakashi | 0:8fdf9a60065b | 1582 | } |
| kadonotakashi | 0:8fdf9a60065b | 1583 | else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 ) |
| kadonotakashi | 0:8fdf9a60065b | 1584 | { |
| kadonotakashi | 0:8fdf9a60065b | 1585 | /* ChachaPoly: fixed XOR sequence number */ |
| kadonotakashi | 0:8fdf9a60065b | 1586 | unsigned char i; |
| kadonotakashi | 0:8fdf9a60065b | 1587 | |
| kadonotakashi | 0:8fdf9a60065b | 1588 | memcpy( iv, transform->iv_enc, transform->fixed_ivlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1589 | |
| kadonotakashi | 0:8fdf9a60065b | 1590 | for( i = 0; i < 8; i++ ) |
| kadonotakashi | 0:8fdf9a60065b | 1591 | iv[i+4] ^= ssl->out_ctr[i]; |
| kadonotakashi | 0:8fdf9a60065b | 1592 | } |
| kadonotakashi | 0:8fdf9a60065b | 1593 | else |
| kadonotakashi | 0:8fdf9a60065b | 1594 | { |
| kadonotakashi | 0:8fdf9a60065b | 1595 | /* Reminder if we ever add an AEAD mode with a different size */ |
| kadonotakashi | 0:8fdf9a60065b | 1596 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1597 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 1598 | } |
| kadonotakashi | 0:8fdf9a60065b | 1599 | |
| kadonotakashi | 0:8fdf9a60065b | 1600 | MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)", |
| kadonotakashi | 0:8fdf9a60065b | 1601 | iv, transform->ivlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1602 | MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)", |
| kadonotakashi | 0:8fdf9a60065b | 1603 | ssl->out_iv, explicit_ivlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1604 | |
| kadonotakashi | 0:8fdf9a60065b | 1605 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1606 | * Fix message length with added IV |
| kadonotakashi | 0:8fdf9a60065b | 1607 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1608 | enc_msg = ssl->out_msg; |
| kadonotakashi | 0:8fdf9a60065b | 1609 | enc_msglen = ssl->out_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 1610 | ssl->out_msglen += explicit_ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 1611 | |
| kadonotakashi | 0:8fdf9a60065b | 1612 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
| kadonotakashi | 0:8fdf9a60065b | 1613 | "including 0 bytes of padding", |
| kadonotakashi | 0:8fdf9a60065b | 1614 | ssl->out_msglen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1615 | |
| kadonotakashi | 0:8fdf9a60065b | 1616 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1617 | * Encrypt and authenticate |
| kadonotakashi | 0:8fdf9a60065b | 1618 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1619 | if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1620 | iv, transform->ivlen, |
| kadonotakashi | 0:8fdf9a60065b | 1621 | add_data, 13, |
| kadonotakashi | 0:8fdf9a60065b | 1622 | enc_msg, enc_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 1623 | enc_msg, &olen, |
| kadonotakashi | 0:8fdf9a60065b | 1624 | enc_msg + enc_msglen, taglen ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1625 | { |
| kadonotakashi | 0:8fdf9a60065b | 1626 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1627 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1628 | } |
| kadonotakashi | 0:8fdf9a60065b | 1629 | |
| kadonotakashi | 0:8fdf9a60065b | 1630 | if( olen != enc_msglen ) |
| kadonotakashi | 0:8fdf9a60065b | 1631 | { |
| kadonotakashi | 0:8fdf9a60065b | 1632 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1633 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 1634 | } |
| kadonotakashi | 0:8fdf9a60065b | 1635 | |
| kadonotakashi | 0:8fdf9a60065b | 1636 | ssl->out_msglen += taglen; |
| kadonotakashi | 0:8fdf9a60065b | 1637 | auth_done++; |
| kadonotakashi | 0:8fdf9a60065b | 1638 | |
| kadonotakashi | 0:8fdf9a60065b | 1639 | MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen ); |
| kadonotakashi | 0:8fdf9a60065b | 1640 | } |
| kadonotakashi | 0:8fdf9a60065b | 1641 | else |
| kadonotakashi | 0:8fdf9a60065b | 1642 | #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ |
| kadonotakashi | 0:8fdf9a60065b | 1643 | #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
| kadonotakashi | 0:8fdf9a60065b | 1644 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) ) |
| kadonotakashi | 0:8fdf9a60065b | 1645 | if( mode == MBEDTLS_MODE_CBC ) |
| kadonotakashi | 0:8fdf9a60065b | 1646 | { |
| kadonotakashi | 0:8fdf9a60065b | 1647 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 1648 | unsigned char *enc_msg; |
| kadonotakashi | 0:8fdf9a60065b | 1649 | size_t enc_msglen, padlen, olen = 0, i; |
| kadonotakashi | 0:8fdf9a60065b | 1650 | |
| kadonotakashi | 0:8fdf9a60065b | 1651 | padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) % |
| kadonotakashi | 0:8fdf9a60065b | 1652 | ssl->transform_out->ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 1653 | if( padlen == ssl->transform_out->ivlen ) |
| kadonotakashi | 0:8fdf9a60065b | 1654 | padlen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 1655 | |
| kadonotakashi | 0:8fdf9a60065b | 1656 | for( i = 0; i <= padlen; i++ ) |
| kadonotakashi | 0:8fdf9a60065b | 1657 | ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen; |
| kadonotakashi | 0:8fdf9a60065b | 1658 | |
| kadonotakashi | 0:8fdf9a60065b | 1659 | ssl->out_msglen += padlen + 1; |
| kadonotakashi | 0:8fdf9a60065b | 1660 | |
| kadonotakashi | 0:8fdf9a60065b | 1661 | enc_msglen = ssl->out_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 1662 | enc_msg = ssl->out_msg; |
| kadonotakashi | 0:8fdf9a60065b | 1663 | |
| kadonotakashi | 0:8fdf9a60065b | 1664 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 1665 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1666 | * Prepend per-record IV for block cipher in TLS v1.1 and up as per |
| kadonotakashi | 0:8fdf9a60065b | 1667 | * Method 1 (6.2.3.2. in RFC4346 and RFC5246) |
| kadonotakashi | 0:8fdf9a60065b | 1668 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1669 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
| kadonotakashi | 0:8fdf9a60065b | 1670 | { |
| kadonotakashi | 0:8fdf9a60065b | 1671 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1672 | * Generate IV |
| kadonotakashi | 0:8fdf9a60065b | 1673 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1674 | ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1675 | ssl->transform_out->ivlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1676 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1677 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1678 | |
| kadonotakashi | 0:8fdf9a60065b | 1679 | memcpy( ssl->out_iv, ssl->transform_out->iv_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1680 | ssl->transform_out->ivlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1681 | |
| kadonotakashi | 0:8fdf9a60065b | 1682 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1683 | * Fix pointer positions and message length with added IV |
| kadonotakashi | 0:8fdf9a60065b | 1684 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1685 | enc_msg = ssl->out_msg; |
| kadonotakashi | 0:8fdf9a60065b | 1686 | enc_msglen = ssl->out_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 1687 | ssl->out_msglen += ssl->transform_out->ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 1688 | } |
| kadonotakashi | 0:8fdf9a60065b | 1689 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 1690 | |
| kadonotakashi | 0:8fdf9a60065b | 1691 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
| kadonotakashi | 0:8fdf9a60065b | 1692 | "including %d bytes of IV and %d bytes of padding", |
| kadonotakashi | 0:8fdf9a60065b | 1693 | ssl->out_msglen, ssl->transform_out->ivlen, |
| kadonotakashi | 0:8fdf9a60065b | 1694 | padlen + 1 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1695 | |
| kadonotakashi | 0:8fdf9a60065b | 1696 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1697 | ssl->transform_out->iv_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1698 | ssl->transform_out->ivlen, |
| kadonotakashi | 0:8fdf9a60065b | 1699 | enc_msg, enc_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 1700 | enc_msg, &olen ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1701 | { |
| kadonotakashi | 0:8fdf9a60065b | 1702 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1703 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1704 | } |
| kadonotakashi | 0:8fdf9a60065b | 1705 | |
| kadonotakashi | 0:8fdf9a60065b | 1706 | if( enc_msglen != olen ) |
| kadonotakashi | 0:8fdf9a60065b | 1707 | { |
| kadonotakashi | 0:8fdf9a60065b | 1708 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1709 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 1710 | } |
| kadonotakashi | 0:8fdf9a60065b | 1711 | |
| kadonotakashi | 0:8fdf9a60065b | 1712 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
| kadonotakashi | 0:8fdf9a60065b | 1713 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) |
| kadonotakashi | 0:8fdf9a60065b | 1714 | { |
| kadonotakashi | 0:8fdf9a60065b | 1715 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1716 | * Save IV in SSL3 and TLS1 |
| kadonotakashi | 0:8fdf9a60065b | 1717 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1718 | memcpy( ssl->transform_out->iv_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1719 | ssl->transform_out->cipher_ctx_enc.iv, |
| kadonotakashi | 0:8fdf9a60065b | 1720 | ssl->transform_out->ivlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1721 | } |
| kadonotakashi | 0:8fdf9a60065b | 1722 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 1723 | |
| kadonotakashi | 0:8fdf9a60065b | 1724 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| kadonotakashi | 0:8fdf9a60065b | 1725 | if( auth_done == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1726 | { |
| kadonotakashi | 0:8fdf9a60065b | 1727 | unsigned char mac[MBEDTLS_SSL_MAC_ADD]; |
| kadonotakashi | 0:8fdf9a60065b | 1728 | |
| kadonotakashi | 0:8fdf9a60065b | 1729 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1730 | * MAC(MAC_write_key, seq_num + |
| kadonotakashi | 0:8fdf9a60065b | 1731 | * TLSCipherText.type + |
| kadonotakashi | 0:8fdf9a60065b | 1732 | * TLSCipherText.version + |
| kadonotakashi | 0:8fdf9a60065b | 1733 | * length_of( (IV +) ENC(...) ) + |
| kadonotakashi | 0:8fdf9a60065b | 1734 | * IV + // except for TLS 1.0 |
| kadonotakashi | 0:8fdf9a60065b | 1735 | * ENC(content + padding + padding_length)); |
| kadonotakashi | 0:8fdf9a60065b | 1736 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1737 | unsigned char pseudo_hdr[13]; |
| kadonotakashi | 0:8fdf9a60065b | 1738 | |
| kadonotakashi | 0:8fdf9a60065b | 1739 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1740 | |
| kadonotakashi | 0:8fdf9a60065b | 1741 | memcpy( pseudo_hdr + 0, ssl->out_ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1742 | memcpy( pseudo_hdr + 8, ssl->out_hdr, 3 ); |
| kadonotakashi | 0:8fdf9a60065b | 1743 | pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF ); |
| kadonotakashi | 0:8fdf9a60065b | 1744 | pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen ) & 0xFF ); |
| kadonotakashi | 0:8fdf9a60065b | 1745 | |
| kadonotakashi | 0:8fdf9a60065b | 1746 | MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 ); |
| kadonotakashi | 0:8fdf9a60065b | 1747 | |
| kadonotakashi | 0:8fdf9a60065b | 1748 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 ); |
| kadonotakashi | 0:8fdf9a60065b | 1749 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, |
| kadonotakashi | 0:8fdf9a60065b | 1750 | ssl->out_iv, ssl->out_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 1751 | mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac ); |
| kadonotakashi | 0:8fdf9a60065b | 1752 | mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); |
| kadonotakashi | 0:8fdf9a60065b | 1753 | |
| kadonotakashi | 0:8fdf9a60065b | 1754 | memcpy( ssl->out_iv + ssl->out_msglen, mac, |
| kadonotakashi | 0:8fdf9a60065b | 1755 | ssl->transform_out->maclen ); |
| kadonotakashi | 0:8fdf9a60065b | 1756 | |
| kadonotakashi | 0:8fdf9a60065b | 1757 | ssl->out_msglen += ssl->transform_out->maclen; |
| kadonotakashi | 0:8fdf9a60065b | 1758 | auth_done++; |
| kadonotakashi | 0:8fdf9a60065b | 1759 | } |
| kadonotakashi | 0:8fdf9a60065b | 1760 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
| kadonotakashi | 0:8fdf9a60065b | 1761 | } |
| kadonotakashi | 0:8fdf9a60065b | 1762 | else |
| kadonotakashi | 0:8fdf9a60065b | 1763 | #endif /* MBEDTLS_CIPHER_MODE_CBC && |
| kadonotakashi | 0:8fdf9a60065b | 1764 | ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */ |
| kadonotakashi | 0:8fdf9a60065b | 1765 | { |
| kadonotakashi | 0:8fdf9a60065b | 1766 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1767 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 1768 | } |
| kadonotakashi | 0:8fdf9a60065b | 1769 | |
| kadonotakashi | 0:8fdf9a60065b | 1770 | /* Make extra sure authentication was performed, exactly once */ |
| kadonotakashi | 0:8fdf9a60065b | 1771 | if( auth_done != 1 ) |
| kadonotakashi | 0:8fdf9a60065b | 1772 | { |
| kadonotakashi | 0:8fdf9a60065b | 1773 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1774 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 1775 | } |
| kadonotakashi | 0:8fdf9a60065b | 1776 | |
| kadonotakashi | 0:8fdf9a60065b | 1777 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1778 | |
| kadonotakashi | 0:8fdf9a60065b | 1779 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 1780 | } |
| kadonotakashi | 0:8fdf9a60065b | 1781 | |
| kadonotakashi | 0:8fdf9a60065b | 1782 | static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 1783 | { |
| kadonotakashi | 0:8fdf9a60065b | 1784 | mbedtls_cipher_mode_t mode; |
| kadonotakashi | 0:8fdf9a60065b | 1785 | int auth_done = 0; |
| kadonotakashi | 0:8fdf9a60065b | 1786 | #if defined(SSL_SOME_MODES_USE_MAC) |
| kadonotakashi | 0:8fdf9a60065b | 1787 | size_t padlen = 0, correct = 1; |
| kadonotakashi | 0:8fdf9a60065b | 1788 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 1789 | |
| kadonotakashi | 0:8fdf9a60065b | 1790 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1791 | |
| kadonotakashi | 0:8fdf9a60065b | 1792 | if( ssl->session_in == NULL || ssl->transform_in == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 1793 | { |
| kadonotakashi | 0:8fdf9a60065b | 1794 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1795 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 1796 | } |
| kadonotakashi | 0:8fdf9a60065b | 1797 | |
| kadonotakashi | 0:8fdf9a60065b | 1798 | mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec ); |
| kadonotakashi | 0:8fdf9a60065b | 1799 | |
| kadonotakashi | 0:8fdf9a60065b | 1800 | if( ssl->in_msglen < ssl->transform_in->minlen ) |
| kadonotakashi | 0:8fdf9a60065b | 1801 | { |
| kadonotakashi | 0:8fdf9a60065b | 1802 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)", |
| kadonotakashi | 0:8fdf9a60065b | 1803 | ssl->in_msglen, ssl->transform_in->minlen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1804 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| kadonotakashi | 0:8fdf9a60065b | 1805 | } |
| kadonotakashi | 0:8fdf9a60065b | 1806 | |
| kadonotakashi | 0:8fdf9a60065b | 1807 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) |
| kadonotakashi | 0:8fdf9a60065b | 1808 | if( mode == MBEDTLS_MODE_STREAM ) |
| kadonotakashi | 0:8fdf9a60065b | 1809 | { |
| kadonotakashi | 0:8fdf9a60065b | 1810 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 1811 | size_t olen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 1812 | |
| kadonotakashi | 0:8fdf9a60065b | 1813 | padlen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 1814 | |
| kadonotakashi | 0:8fdf9a60065b | 1815 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, |
| kadonotakashi | 0:8fdf9a60065b | 1816 | ssl->transform_in->iv_dec, |
| kadonotakashi | 0:8fdf9a60065b | 1817 | ssl->transform_in->ivlen, |
| kadonotakashi | 0:8fdf9a60065b | 1818 | ssl->in_msg, ssl->in_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 1819 | ssl->in_msg, &olen ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1820 | { |
| kadonotakashi | 0:8fdf9a60065b | 1821 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1822 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1823 | } |
| kadonotakashi | 0:8fdf9a60065b | 1824 | |
| kadonotakashi | 0:8fdf9a60065b | 1825 | if( ssl->in_msglen != olen ) |
| kadonotakashi | 0:8fdf9a60065b | 1826 | { |
| kadonotakashi | 0:8fdf9a60065b | 1827 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1828 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 1829 | } |
| kadonotakashi | 0:8fdf9a60065b | 1830 | } |
| kadonotakashi | 0:8fdf9a60065b | 1831 | else |
| kadonotakashi | 0:8fdf9a60065b | 1832 | #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ |
| kadonotakashi | 0:8fdf9a60065b | 1833 | #if defined(MBEDTLS_GCM_C) || \ |
| kadonotakashi | 0:8fdf9a60065b | 1834 | defined(MBEDTLS_CCM_C) || \ |
| kadonotakashi | 0:8fdf9a60065b | 1835 | defined(MBEDTLS_CHACHAPOLY_C) |
| kadonotakashi | 0:8fdf9a60065b | 1836 | if( mode == MBEDTLS_MODE_GCM || |
| kadonotakashi | 0:8fdf9a60065b | 1837 | mode == MBEDTLS_MODE_CCM || |
| kadonotakashi | 0:8fdf9a60065b | 1838 | mode == MBEDTLS_MODE_CHACHAPOLY ) |
| kadonotakashi | 0:8fdf9a60065b | 1839 | { |
| kadonotakashi | 0:8fdf9a60065b | 1840 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 1841 | size_t dec_msglen, olen; |
| kadonotakashi | 0:8fdf9a60065b | 1842 | unsigned char *dec_msg; |
| kadonotakashi | 0:8fdf9a60065b | 1843 | unsigned char *dec_msg_result; |
| kadonotakashi | 0:8fdf9a60065b | 1844 | unsigned char add_data[13]; |
| kadonotakashi | 0:8fdf9a60065b | 1845 | unsigned char iv[12]; |
| kadonotakashi | 0:8fdf9a60065b | 1846 | mbedtls_ssl_transform *transform = ssl->transform_in; |
| kadonotakashi | 0:8fdf9a60065b | 1847 | unsigned char taglen = transform->ciphersuite_info->flags & |
| kadonotakashi | 0:8fdf9a60065b | 1848 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; |
| kadonotakashi | 0:8fdf9a60065b | 1849 | size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 1850 | |
| kadonotakashi | 0:8fdf9a60065b | 1851 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1852 | * Compute and update sizes |
| kadonotakashi | 0:8fdf9a60065b | 1853 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1854 | if( ssl->in_msglen < explicit_iv_len + taglen ) |
| kadonotakashi | 0:8fdf9a60065b | 1855 | { |
| kadonotakashi | 0:8fdf9a60065b | 1856 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) " |
| kadonotakashi | 0:8fdf9a60065b | 1857 | "+ taglen (%d)", ssl->in_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 1858 | explicit_iv_len, taglen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1859 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| kadonotakashi | 0:8fdf9a60065b | 1860 | } |
| kadonotakashi | 0:8fdf9a60065b | 1861 | dec_msglen = ssl->in_msglen - explicit_iv_len - taglen; |
| kadonotakashi | 0:8fdf9a60065b | 1862 | |
| kadonotakashi | 0:8fdf9a60065b | 1863 | dec_msg = ssl->in_msg; |
| kadonotakashi | 0:8fdf9a60065b | 1864 | dec_msg_result = ssl->in_msg; |
| kadonotakashi | 0:8fdf9a60065b | 1865 | ssl->in_msglen = dec_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 1866 | |
| kadonotakashi | 0:8fdf9a60065b | 1867 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1868 | * Prepare additional authenticated data |
| kadonotakashi | 0:8fdf9a60065b | 1869 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1870 | memcpy( add_data, ssl->in_ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1871 | add_data[8] = ssl->in_msgtype; |
| kadonotakashi | 0:8fdf9a60065b | 1872 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
| kadonotakashi | 0:8fdf9a60065b | 1873 | ssl->conf->transport, add_data + 9 ); |
| kadonotakashi | 0:8fdf9a60065b | 1874 | add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF; |
| kadonotakashi | 0:8fdf9a60065b | 1875 | add_data[12] = ssl->in_msglen & 0xFF; |
| kadonotakashi | 0:8fdf9a60065b | 1876 | |
| kadonotakashi | 0:8fdf9a60065b | 1877 | MBEDTLS_SSL_DEBUG_BUF( 4, "additional data for AEAD", add_data, 13 ); |
| kadonotakashi | 0:8fdf9a60065b | 1878 | |
| kadonotakashi | 0:8fdf9a60065b | 1879 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1880 | * Prepare IV |
| kadonotakashi | 0:8fdf9a60065b | 1881 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1882 | if( transform->ivlen == 12 && transform->fixed_ivlen == 4 ) |
| kadonotakashi | 0:8fdf9a60065b | 1883 | { |
| kadonotakashi | 0:8fdf9a60065b | 1884 | /* GCM and CCM: fixed || explicit (transmitted) */ |
| kadonotakashi | 0:8fdf9a60065b | 1885 | memcpy( iv, transform->iv_dec, transform->fixed_ivlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1886 | memcpy( iv + transform->fixed_ivlen, ssl->in_iv, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1887 | |
| kadonotakashi | 0:8fdf9a60065b | 1888 | } |
| kadonotakashi | 0:8fdf9a60065b | 1889 | else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 ) |
| kadonotakashi | 0:8fdf9a60065b | 1890 | { |
| kadonotakashi | 0:8fdf9a60065b | 1891 | /* ChachaPoly: fixed XOR sequence number */ |
| kadonotakashi | 0:8fdf9a60065b | 1892 | unsigned char i; |
| kadonotakashi | 0:8fdf9a60065b | 1893 | |
| kadonotakashi | 0:8fdf9a60065b | 1894 | memcpy( iv, transform->iv_dec, transform->fixed_ivlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1895 | |
| kadonotakashi | 0:8fdf9a60065b | 1896 | for( i = 0; i < 8; i++ ) |
| kadonotakashi | 0:8fdf9a60065b | 1897 | iv[i+4] ^= ssl->in_ctr[i]; |
| kadonotakashi | 0:8fdf9a60065b | 1898 | } |
| kadonotakashi | 0:8fdf9a60065b | 1899 | else |
| kadonotakashi | 0:8fdf9a60065b | 1900 | { |
| kadonotakashi | 0:8fdf9a60065b | 1901 | /* Reminder if we ever add an AEAD mode with a different size */ |
| kadonotakashi | 0:8fdf9a60065b | 1902 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1903 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 1904 | } |
| kadonotakashi | 0:8fdf9a60065b | 1905 | |
| kadonotakashi | 0:8fdf9a60065b | 1906 | MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen ); |
| kadonotakashi | 0:8fdf9a60065b | 1907 | MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen ); |
| kadonotakashi | 0:8fdf9a60065b | 1908 | |
| kadonotakashi | 0:8fdf9a60065b | 1909 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1910 | * Decrypt and authenticate |
| kadonotakashi | 0:8fdf9a60065b | 1911 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1912 | if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec, |
| kadonotakashi | 0:8fdf9a60065b | 1913 | iv, transform->ivlen, |
| kadonotakashi | 0:8fdf9a60065b | 1914 | add_data, 13, |
| kadonotakashi | 0:8fdf9a60065b | 1915 | dec_msg, dec_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 1916 | dec_msg_result, &olen, |
| kadonotakashi | 0:8fdf9a60065b | 1917 | dec_msg + dec_msglen, taglen ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 1918 | { |
| kadonotakashi | 0:8fdf9a60065b | 1919 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1920 | |
| kadonotakashi | 0:8fdf9a60065b | 1921 | if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ) |
| kadonotakashi | 0:8fdf9a60065b | 1922 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| kadonotakashi | 0:8fdf9a60065b | 1923 | |
| kadonotakashi | 0:8fdf9a60065b | 1924 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 1925 | } |
| kadonotakashi | 0:8fdf9a60065b | 1926 | auth_done++; |
| kadonotakashi | 0:8fdf9a60065b | 1927 | |
| kadonotakashi | 0:8fdf9a60065b | 1928 | if( olen != dec_msglen ) |
| kadonotakashi | 0:8fdf9a60065b | 1929 | { |
| kadonotakashi | 0:8fdf9a60065b | 1930 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1931 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 1932 | } |
| kadonotakashi | 0:8fdf9a60065b | 1933 | } |
| kadonotakashi | 0:8fdf9a60065b | 1934 | else |
| kadonotakashi | 0:8fdf9a60065b | 1935 | #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ |
| kadonotakashi | 0:8fdf9a60065b | 1936 | #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
| kadonotakashi | 0:8fdf9a60065b | 1937 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) ) |
| kadonotakashi | 0:8fdf9a60065b | 1938 | if( mode == MBEDTLS_MODE_CBC ) |
| kadonotakashi | 0:8fdf9a60065b | 1939 | { |
| kadonotakashi | 0:8fdf9a60065b | 1940 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1941 | * Decrypt and check the padding |
| kadonotakashi | 0:8fdf9a60065b | 1942 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1943 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 1944 | unsigned char *dec_msg; |
| kadonotakashi | 0:8fdf9a60065b | 1945 | unsigned char *dec_msg_result; |
| kadonotakashi | 0:8fdf9a60065b | 1946 | size_t dec_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 1947 | size_t minlen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 1948 | size_t olen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 1949 | |
| kadonotakashi | 0:8fdf9a60065b | 1950 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1951 | * Check immediate ciphertext sanity |
| kadonotakashi | 0:8fdf9a60065b | 1952 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1953 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 1954 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
| kadonotakashi | 0:8fdf9a60065b | 1955 | minlen += ssl->transform_in->ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 1956 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 1957 | |
| kadonotakashi | 0:8fdf9a60065b | 1958 | if( ssl->in_msglen < minlen + ssl->transform_in->ivlen || |
| kadonotakashi | 0:8fdf9a60065b | 1959 | ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 ) |
| kadonotakashi | 0:8fdf9a60065b | 1960 | { |
| kadonotakashi | 0:8fdf9a60065b | 1961 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) " |
| kadonotakashi | 0:8fdf9a60065b | 1962 | "+ 1 ) ( + expl IV )", ssl->in_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 1963 | ssl->transform_in->ivlen, |
| kadonotakashi | 0:8fdf9a60065b | 1964 | ssl->transform_in->maclen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1965 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| kadonotakashi | 0:8fdf9a60065b | 1966 | } |
| kadonotakashi | 0:8fdf9a60065b | 1967 | |
| kadonotakashi | 0:8fdf9a60065b | 1968 | dec_msglen = ssl->in_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 1969 | dec_msg = ssl->in_msg; |
| kadonotakashi | 0:8fdf9a60065b | 1970 | dec_msg_result = ssl->in_msg; |
| kadonotakashi | 0:8fdf9a60065b | 1971 | |
| kadonotakashi | 0:8fdf9a60065b | 1972 | /* |
| kadonotakashi | 0:8fdf9a60065b | 1973 | * Authenticate before decrypt if enabled |
| kadonotakashi | 0:8fdf9a60065b | 1974 | */ |
| kadonotakashi | 0:8fdf9a60065b | 1975 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| kadonotakashi | 0:8fdf9a60065b | 1976 | if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) |
| kadonotakashi | 0:8fdf9a60065b | 1977 | { |
| kadonotakashi | 0:8fdf9a60065b | 1978 | unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; |
| kadonotakashi | 0:8fdf9a60065b | 1979 | unsigned char pseudo_hdr[13]; |
| kadonotakashi | 0:8fdf9a60065b | 1980 | |
| kadonotakashi | 0:8fdf9a60065b | 1981 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 1982 | |
| kadonotakashi | 0:8fdf9a60065b | 1983 | dec_msglen -= ssl->transform_in->maclen; |
| kadonotakashi | 0:8fdf9a60065b | 1984 | ssl->in_msglen -= ssl->transform_in->maclen; |
| kadonotakashi | 0:8fdf9a60065b | 1985 | |
| kadonotakashi | 0:8fdf9a60065b | 1986 | memcpy( pseudo_hdr + 0, ssl->in_ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 1987 | memcpy( pseudo_hdr + 8, ssl->in_hdr, 3 ); |
| kadonotakashi | 0:8fdf9a60065b | 1988 | pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF ); |
| kadonotakashi | 0:8fdf9a60065b | 1989 | pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen ) & 0xFF ); |
| kadonotakashi | 0:8fdf9a60065b | 1990 | |
| kadonotakashi | 0:8fdf9a60065b | 1991 | MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 ); |
| kadonotakashi | 0:8fdf9a60065b | 1992 | |
| kadonotakashi | 0:8fdf9a60065b | 1993 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 ); |
| kadonotakashi | 0:8fdf9a60065b | 1994 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, |
| kadonotakashi | 0:8fdf9a60065b | 1995 | ssl->in_iv, ssl->in_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 1996 | mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect ); |
| kadonotakashi | 0:8fdf9a60065b | 1997 | mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); |
| kadonotakashi | 0:8fdf9a60065b | 1998 | |
| kadonotakashi | 0:8fdf9a60065b | 1999 | MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 2000 | ssl->transform_in->maclen ); |
| kadonotakashi | 0:8fdf9a60065b | 2001 | MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, |
| kadonotakashi | 0:8fdf9a60065b | 2002 | ssl->transform_in->maclen ); |
| kadonotakashi | 0:8fdf9a60065b | 2003 | |
| kadonotakashi | 0:8fdf9a60065b | 2004 | if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, mac_expect, |
| kadonotakashi | 0:8fdf9a60065b | 2005 | ssl->transform_in->maclen ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2006 | { |
| kadonotakashi | 0:8fdf9a60065b | 2007 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2008 | |
| kadonotakashi | 0:8fdf9a60065b | 2009 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| kadonotakashi | 0:8fdf9a60065b | 2010 | } |
| kadonotakashi | 0:8fdf9a60065b | 2011 | auth_done++; |
| kadonotakashi | 0:8fdf9a60065b | 2012 | } |
| kadonotakashi | 0:8fdf9a60065b | 2013 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
| kadonotakashi | 0:8fdf9a60065b | 2014 | |
| kadonotakashi | 0:8fdf9a60065b | 2015 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2016 | * Check length sanity |
| kadonotakashi | 0:8fdf9a60065b | 2017 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2018 | if( ssl->in_msglen % ssl->transform_in->ivlen != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2019 | { |
| kadonotakashi | 0:8fdf9a60065b | 2020 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0", |
| kadonotakashi | 0:8fdf9a60065b | 2021 | ssl->in_msglen, ssl->transform_in->ivlen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2022 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| kadonotakashi | 0:8fdf9a60065b | 2023 | } |
| kadonotakashi | 0:8fdf9a60065b | 2024 | |
| kadonotakashi | 0:8fdf9a60065b | 2025 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 2026 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2027 | * Initialize for prepended IV for block cipher in TLS v1.1 and up |
| kadonotakashi | 0:8fdf9a60065b | 2028 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2029 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
| kadonotakashi | 0:8fdf9a60065b | 2030 | { |
| kadonotakashi | 0:8fdf9a60065b | 2031 | unsigned char i; |
| kadonotakashi | 0:8fdf9a60065b | 2032 | dec_msglen -= ssl->transform_in->ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 2033 | ssl->in_msglen -= ssl->transform_in->ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 2034 | |
| kadonotakashi | 0:8fdf9a60065b | 2035 | for( i = 0; i < ssl->transform_in->ivlen; i++ ) |
| kadonotakashi | 0:8fdf9a60065b | 2036 | ssl->transform_in->iv_dec[i] = ssl->in_iv[i]; |
| kadonotakashi | 0:8fdf9a60065b | 2037 | } |
| kadonotakashi | 0:8fdf9a60065b | 2038 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 2039 | |
| kadonotakashi | 0:8fdf9a60065b | 2040 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, |
| kadonotakashi | 0:8fdf9a60065b | 2041 | ssl->transform_in->iv_dec, |
| kadonotakashi | 0:8fdf9a60065b | 2042 | ssl->transform_in->ivlen, |
| kadonotakashi | 0:8fdf9a60065b | 2043 | dec_msg, dec_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 2044 | dec_msg_result, &olen ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2045 | { |
| kadonotakashi | 0:8fdf9a60065b | 2046 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2047 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2048 | } |
| kadonotakashi | 0:8fdf9a60065b | 2049 | |
| kadonotakashi | 0:8fdf9a60065b | 2050 | if( dec_msglen != olen ) |
| kadonotakashi | 0:8fdf9a60065b | 2051 | { |
| kadonotakashi | 0:8fdf9a60065b | 2052 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2053 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 2054 | } |
| kadonotakashi | 0:8fdf9a60065b | 2055 | |
| kadonotakashi | 0:8fdf9a60065b | 2056 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
| kadonotakashi | 0:8fdf9a60065b | 2057 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) |
| kadonotakashi | 0:8fdf9a60065b | 2058 | { |
| kadonotakashi | 0:8fdf9a60065b | 2059 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2060 | * Save IV in SSL3 and TLS1 |
| kadonotakashi | 0:8fdf9a60065b | 2061 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2062 | memcpy( ssl->transform_in->iv_dec, |
| kadonotakashi | 0:8fdf9a60065b | 2063 | ssl->transform_in->cipher_ctx_dec.iv, |
| kadonotakashi | 0:8fdf9a60065b | 2064 | ssl->transform_in->ivlen ); |
| kadonotakashi | 0:8fdf9a60065b | 2065 | } |
| kadonotakashi | 0:8fdf9a60065b | 2066 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2067 | |
| kadonotakashi | 0:8fdf9a60065b | 2068 | padlen = 1 + ssl->in_msg[ssl->in_msglen - 1]; |
| kadonotakashi | 0:8fdf9a60065b | 2069 | |
| kadonotakashi | 0:8fdf9a60065b | 2070 | if( ssl->in_msglen < ssl->transform_in->maclen + padlen && |
| kadonotakashi | 0:8fdf9a60065b | 2071 | auth_done == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2072 | { |
| kadonotakashi | 0:8fdf9a60065b | 2073 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
| kadonotakashi | 0:8fdf9a60065b | 2074 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)", |
| kadonotakashi | 0:8fdf9a60065b | 2075 | ssl->in_msglen, ssl->transform_in->maclen, padlen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2076 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2077 | padlen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 2078 | correct = 0; |
| kadonotakashi | 0:8fdf9a60065b | 2079 | } |
| kadonotakashi | 0:8fdf9a60065b | 2080 | |
| kadonotakashi | 0:8fdf9a60065b | 2081 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 2082 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2083 | { |
| kadonotakashi | 0:8fdf9a60065b | 2084 | if( padlen > ssl->transform_in->ivlen ) |
| kadonotakashi | 0:8fdf9a60065b | 2085 | { |
| kadonotakashi | 0:8fdf9a60065b | 2086 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
| kadonotakashi | 0:8fdf9a60065b | 2087 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, " |
| kadonotakashi | 0:8fdf9a60065b | 2088 | "should be no more than %d", |
| kadonotakashi | 0:8fdf9a60065b | 2089 | padlen, ssl->transform_in->ivlen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2090 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2091 | correct = 0; |
| kadonotakashi | 0:8fdf9a60065b | 2092 | } |
| kadonotakashi | 0:8fdf9a60065b | 2093 | } |
| kadonotakashi | 0:8fdf9a60065b | 2094 | else |
| kadonotakashi | 0:8fdf9a60065b | 2095 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| kadonotakashi | 0:8fdf9a60065b | 2096 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 2097 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 2098 | if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2099 | { |
| kadonotakashi | 0:8fdf9a60065b | 2100 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2101 | * TLSv1+: always check the padding up to the first failure |
| kadonotakashi | 0:8fdf9a60065b | 2102 | * and fake check up to 256 bytes of padding |
| kadonotakashi | 0:8fdf9a60065b | 2103 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2104 | size_t pad_count = 0, real_count = 1; |
| kadonotakashi | 0:8fdf9a60065b | 2105 | size_t padding_idx = ssl->in_msglen - padlen; |
| kadonotakashi | 0:8fdf9a60065b | 2106 | size_t i; |
| kadonotakashi | 0:8fdf9a60065b | 2107 | |
| kadonotakashi | 0:8fdf9a60065b | 2108 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2109 | * Padding is guaranteed to be incorrect if: |
| kadonotakashi | 0:8fdf9a60065b | 2110 | * 1. padlen > ssl->in_msglen |
| kadonotakashi | 0:8fdf9a60065b | 2111 | * |
| kadonotakashi | 0:8fdf9a60065b | 2112 | * 2. padding_idx > MBEDTLS_SSL_IN_CONTENT_LEN + |
| kadonotakashi | 0:8fdf9a60065b | 2113 | * ssl->transform_in->maclen |
| kadonotakashi | 0:8fdf9a60065b | 2114 | * |
| kadonotakashi | 0:8fdf9a60065b | 2115 | * In both cases we reset padding_idx to a safe value (0) to |
| kadonotakashi | 0:8fdf9a60065b | 2116 | * prevent out-of-buffer reads. |
| kadonotakashi | 0:8fdf9a60065b | 2117 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2118 | correct &= ( padlen <= ssl->in_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 2119 | correct &= ( padding_idx <= MBEDTLS_SSL_IN_CONTENT_LEN + |
| kadonotakashi | 0:8fdf9a60065b | 2120 | ssl->transform_in->maclen ); |
| kadonotakashi | 0:8fdf9a60065b | 2121 | |
| kadonotakashi | 0:8fdf9a60065b | 2122 | padding_idx *= correct; |
| kadonotakashi | 0:8fdf9a60065b | 2123 | |
| kadonotakashi | 0:8fdf9a60065b | 2124 | for( i = 0; i < 256; i++ ) |
| kadonotakashi | 0:8fdf9a60065b | 2125 | { |
| kadonotakashi | 0:8fdf9a60065b | 2126 | real_count &= ( i < padlen ); |
| kadonotakashi | 0:8fdf9a60065b | 2127 | pad_count += real_count * |
| kadonotakashi | 0:8fdf9a60065b | 2128 | ( ssl->in_msg[padding_idx + i] == padlen - 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 2129 | } |
| kadonotakashi | 0:8fdf9a60065b | 2130 | |
| kadonotakashi | 0:8fdf9a60065b | 2131 | correct &= ( pad_count == padlen ); /* Only 1 on correct padding */ |
| kadonotakashi | 0:8fdf9a60065b | 2132 | |
| kadonotakashi | 0:8fdf9a60065b | 2133 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
| kadonotakashi | 0:8fdf9a60065b | 2134 | if( padlen > 0 && correct == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2135 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2136 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2137 | padlen &= correct * 0x1FF; |
| kadonotakashi | 0:8fdf9a60065b | 2138 | } |
| kadonotakashi | 0:8fdf9a60065b | 2139 | else |
| kadonotakashi | 0:8fdf9a60065b | 2140 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
| kadonotakashi | 0:8fdf9a60065b | 2141 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 2142 | { |
| kadonotakashi | 0:8fdf9a60065b | 2143 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2144 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 2145 | } |
| kadonotakashi | 0:8fdf9a60065b | 2146 | |
| kadonotakashi | 0:8fdf9a60065b | 2147 | ssl->in_msglen -= padlen; |
| kadonotakashi | 0:8fdf9a60065b | 2148 | } |
| kadonotakashi | 0:8fdf9a60065b | 2149 | else |
| kadonotakashi | 0:8fdf9a60065b | 2150 | #endif /* MBEDTLS_CIPHER_MODE_CBC && |
| kadonotakashi | 0:8fdf9a60065b | 2151 | ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */ |
| kadonotakashi | 0:8fdf9a60065b | 2152 | { |
| kadonotakashi | 0:8fdf9a60065b | 2153 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2154 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 2155 | } |
| kadonotakashi | 0:8fdf9a60065b | 2156 | |
| kadonotakashi | 0:8fdf9a60065b | 2157 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
| kadonotakashi | 0:8fdf9a60065b | 2158 | MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption", |
| kadonotakashi | 0:8fdf9a60065b | 2159 | ssl->in_msg, ssl->in_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 2160 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2161 | |
| kadonotakashi | 0:8fdf9a60065b | 2162 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2163 | * Authenticate if not done yet. |
| kadonotakashi | 0:8fdf9a60065b | 2164 | * Compute the MAC regardless of the padding result (RFC4346, CBCTIME). |
| kadonotakashi | 0:8fdf9a60065b | 2165 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2166 | #if defined(SSL_SOME_MODES_USE_MAC) |
| kadonotakashi | 0:8fdf9a60065b | 2167 | if( auth_done == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2168 | { |
| kadonotakashi | 0:8fdf9a60065b | 2169 | unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; |
| kadonotakashi | 0:8fdf9a60065b | 2170 | |
| kadonotakashi | 0:8fdf9a60065b | 2171 | ssl->in_msglen -= ssl->transform_in->maclen; |
| kadonotakashi | 0:8fdf9a60065b | 2172 | |
| kadonotakashi | 0:8fdf9a60065b | 2173 | ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 2174 | ssl->in_len[1] = (unsigned char)( ssl->in_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 2175 | |
| kadonotakashi | 0:8fdf9a60065b | 2176 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 2177 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2178 | { |
| kadonotakashi | 0:8fdf9a60065b | 2179 | ssl_mac( &ssl->transform_in->md_ctx_dec, |
| kadonotakashi | 0:8fdf9a60065b | 2180 | ssl->transform_in->mac_dec, |
| kadonotakashi | 0:8fdf9a60065b | 2181 | ssl->in_msg, ssl->in_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 2182 | ssl->in_ctr, ssl->in_msgtype, |
| kadonotakashi | 0:8fdf9a60065b | 2183 | mac_expect ); |
| kadonotakashi | 0:8fdf9a60065b | 2184 | } |
| kadonotakashi | 0:8fdf9a60065b | 2185 | else |
| kadonotakashi | 0:8fdf9a60065b | 2186 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| kadonotakashi | 0:8fdf9a60065b | 2187 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 2188 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 2189 | if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2190 | { |
| kadonotakashi | 0:8fdf9a60065b | 2191 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2192 | * Process MAC and always update for padlen afterwards to make |
| kadonotakashi | 0:8fdf9a60065b | 2193 | * total time independent of padlen. |
| kadonotakashi | 0:8fdf9a60065b | 2194 | * |
| kadonotakashi | 0:8fdf9a60065b | 2195 | * Known timing attacks: |
| kadonotakashi | 0:8fdf9a60065b | 2196 | * - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf) |
| kadonotakashi | 0:8fdf9a60065b | 2197 | * |
| kadonotakashi | 0:8fdf9a60065b | 2198 | * To compensate for different timings for the MAC calculation |
| kadonotakashi | 0:8fdf9a60065b | 2199 | * depending on how much padding was removed (which is determined |
| kadonotakashi | 0:8fdf9a60065b | 2200 | * by padlen), process extra_run more blocks through the hash |
| kadonotakashi | 0:8fdf9a60065b | 2201 | * function. |
| kadonotakashi | 0:8fdf9a60065b | 2202 | * |
| kadonotakashi | 0:8fdf9a60065b | 2203 | * The formula in the paper is |
| kadonotakashi | 0:8fdf9a60065b | 2204 | * extra_run = ceil( (L1-55) / 64 ) - ceil( (L2-55) / 64 ) |
| kadonotakashi | 0:8fdf9a60065b | 2205 | * where L1 is the size of the header plus the decrypted message |
| kadonotakashi | 0:8fdf9a60065b | 2206 | * plus CBC padding and L2 is the size of the header plus the |
| kadonotakashi | 0:8fdf9a60065b | 2207 | * decrypted message. This is for an underlying hash function |
| kadonotakashi | 0:8fdf9a60065b | 2208 | * with 64-byte blocks. |
| kadonotakashi | 0:8fdf9a60065b | 2209 | * We use ( (Lx+8) / 64 ) to handle 'negative Lx' values |
| kadonotakashi | 0:8fdf9a60065b | 2210 | * correctly. We round down instead of up, so -56 is the correct |
| kadonotakashi | 0:8fdf9a60065b | 2211 | * value for our calculations instead of -55. |
| kadonotakashi | 0:8fdf9a60065b | 2212 | * |
| kadonotakashi | 0:8fdf9a60065b | 2213 | * Repeat the formula rather than defining a block_size variable. |
| kadonotakashi | 0:8fdf9a60065b | 2214 | * This avoids requiring division by a variable at runtime |
| kadonotakashi | 0:8fdf9a60065b | 2215 | * (which would be marginally less efficient and would require |
| kadonotakashi | 0:8fdf9a60065b | 2216 | * linking an extra division function in some builds). |
| kadonotakashi | 0:8fdf9a60065b | 2217 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2218 | size_t j, extra_run = 0; |
| kadonotakashi | 0:8fdf9a60065b | 2219 | |
| kadonotakashi | 0:8fdf9a60065b | 2220 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2221 | * The next two sizes are the minimum and maximum values of |
| kadonotakashi | 0:8fdf9a60065b | 2222 | * in_msglen over all padlen values. |
| kadonotakashi | 0:8fdf9a60065b | 2223 | * |
| kadonotakashi | 0:8fdf9a60065b | 2224 | * They're independent of padlen, since we previously did |
| kadonotakashi | 0:8fdf9a60065b | 2225 | * in_msglen -= padlen. |
| kadonotakashi | 0:8fdf9a60065b | 2226 | * |
| kadonotakashi | 0:8fdf9a60065b | 2227 | * Note that max_len + maclen is never more than the buffer |
| kadonotakashi | 0:8fdf9a60065b | 2228 | * length, as we previously did in_msglen -= maclen too. |
| kadonotakashi | 0:8fdf9a60065b | 2229 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2230 | const size_t max_len = ssl->in_msglen + padlen; |
| kadonotakashi | 0:8fdf9a60065b | 2231 | const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0; |
| kadonotakashi | 0:8fdf9a60065b | 2232 | |
| kadonotakashi | 0:8fdf9a60065b | 2233 | switch( ssl->transform_in->ciphersuite_info->mac ) |
| kadonotakashi | 0:8fdf9a60065b | 2234 | { |
| kadonotakashi | 0:8fdf9a60065b | 2235 | #if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \ |
| kadonotakashi | 0:8fdf9a60065b | 2236 | defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 2237 | case MBEDTLS_MD_MD5: |
| kadonotakashi | 0:8fdf9a60065b | 2238 | case MBEDTLS_MD_SHA1: |
| kadonotakashi | 0:8fdf9a60065b | 2239 | case MBEDTLS_MD_SHA256: |
| kadonotakashi | 0:8fdf9a60065b | 2240 | /* 8 bytes of message size, 64-byte compression blocks */ |
| kadonotakashi | 0:8fdf9a60065b | 2241 | extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 - |
| kadonotakashi | 0:8fdf9a60065b | 2242 | ( 13 + ssl->in_msglen + 8 ) / 64; |
| kadonotakashi | 0:8fdf9a60065b | 2243 | break; |
| kadonotakashi | 0:8fdf9a60065b | 2244 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2245 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 2246 | case MBEDTLS_MD_SHA384: |
| kadonotakashi | 0:8fdf9a60065b | 2247 | /* 16 bytes of message size, 128-byte compression blocks */ |
| kadonotakashi | 0:8fdf9a60065b | 2248 | extra_run = ( 13 + ssl->in_msglen + padlen + 16 ) / 128 - |
| kadonotakashi | 0:8fdf9a60065b | 2249 | ( 13 + ssl->in_msglen + 16 ) / 128; |
| kadonotakashi | 0:8fdf9a60065b | 2250 | break; |
| kadonotakashi | 0:8fdf9a60065b | 2251 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2252 | default: |
| kadonotakashi | 0:8fdf9a60065b | 2253 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2254 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 2255 | } |
| kadonotakashi | 0:8fdf9a60065b | 2256 | |
| kadonotakashi | 0:8fdf9a60065b | 2257 | extra_run &= correct * 0xFF; |
| kadonotakashi | 0:8fdf9a60065b | 2258 | |
| kadonotakashi | 0:8fdf9a60065b | 2259 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 2260 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 ); |
| kadonotakashi | 0:8fdf9a60065b | 2261 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 ); |
| kadonotakashi | 0:8fdf9a60065b | 2262 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, |
| kadonotakashi | 0:8fdf9a60065b | 2263 | ssl->in_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 2264 | /* Make sure we access everything even when padlen > 0. This |
| kadonotakashi | 0:8fdf9a60065b | 2265 | * makes the synchronisation requirements for just-in-time |
| kadonotakashi | 0:8fdf9a60065b | 2266 | * Prime+Probe attacks much tighter and hopefully impractical. */ |
| kadonotakashi | 0:8fdf9a60065b | 2267 | ssl_read_memory( ssl->in_msg + ssl->in_msglen, padlen ); |
| kadonotakashi | 0:8fdf9a60065b | 2268 | mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect ); |
| kadonotakashi | 0:8fdf9a60065b | 2269 | |
| kadonotakashi | 0:8fdf9a60065b | 2270 | /* Call mbedtls_md_process at least once due to cache attacks |
| kadonotakashi | 0:8fdf9a60065b | 2271 | * that observe whether md_process() was called of not */ |
| kadonotakashi | 0:8fdf9a60065b | 2272 | for( j = 0; j < extra_run + 1; j++ ) |
| kadonotakashi | 0:8fdf9a60065b | 2273 | mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); |
| kadonotakashi | 0:8fdf9a60065b | 2274 | |
| kadonotakashi | 0:8fdf9a60065b | 2275 | mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); |
| kadonotakashi | 0:8fdf9a60065b | 2276 | |
| kadonotakashi | 0:8fdf9a60065b | 2277 | /* Make sure we access all the memory that could contain the MAC, |
| kadonotakashi | 0:8fdf9a60065b | 2278 | * before we check it in the next code block. This makes the |
| kadonotakashi | 0:8fdf9a60065b | 2279 | * synchronisation requirements for just-in-time Prime+Probe |
| kadonotakashi | 0:8fdf9a60065b | 2280 | * attacks much tighter and hopefully impractical. */ |
| kadonotakashi | 0:8fdf9a60065b | 2281 | ssl_read_memory( ssl->in_msg + min_len, |
| kadonotakashi | 0:8fdf9a60065b | 2282 | max_len - min_len + ssl->transform_in->maclen ); |
| kadonotakashi | 0:8fdf9a60065b | 2283 | } |
| kadonotakashi | 0:8fdf9a60065b | 2284 | else |
| kadonotakashi | 0:8fdf9a60065b | 2285 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
| kadonotakashi | 0:8fdf9a60065b | 2286 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 2287 | { |
| kadonotakashi | 0:8fdf9a60065b | 2288 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2289 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 2290 | } |
| kadonotakashi | 0:8fdf9a60065b | 2291 | |
| kadonotakashi | 0:8fdf9a60065b | 2292 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
| kadonotakashi | 0:8fdf9a60065b | 2293 | MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen ); |
| kadonotakashi | 0:8fdf9a60065b | 2294 | MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_msg + ssl->in_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 2295 | ssl->transform_in->maclen ); |
| kadonotakashi | 0:8fdf9a60065b | 2296 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2297 | |
| kadonotakashi | 0:8fdf9a60065b | 2298 | if( mbedtls_ssl_safer_memcmp( ssl->in_msg + ssl->in_msglen, mac_expect, |
| kadonotakashi | 0:8fdf9a60065b | 2299 | ssl->transform_in->maclen ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2300 | { |
| kadonotakashi | 0:8fdf9a60065b | 2301 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
| kadonotakashi | 0:8fdf9a60065b | 2302 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2303 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2304 | correct = 0; |
| kadonotakashi | 0:8fdf9a60065b | 2305 | } |
| kadonotakashi | 0:8fdf9a60065b | 2306 | auth_done++; |
| kadonotakashi | 0:8fdf9a60065b | 2307 | |
| kadonotakashi | 0:8fdf9a60065b | 2308 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2309 | * Finally check the correct flag |
| kadonotakashi | 0:8fdf9a60065b | 2310 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2311 | if( correct == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2312 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| kadonotakashi | 0:8fdf9a60065b | 2313 | } |
| kadonotakashi | 0:8fdf9a60065b | 2314 | #endif /* SSL_SOME_MODES_USE_MAC */ |
| kadonotakashi | 0:8fdf9a60065b | 2315 | |
| kadonotakashi | 0:8fdf9a60065b | 2316 | /* Make extra sure authentication was performed, exactly once */ |
| kadonotakashi | 0:8fdf9a60065b | 2317 | if( auth_done != 1 ) |
| kadonotakashi | 0:8fdf9a60065b | 2318 | { |
| kadonotakashi | 0:8fdf9a60065b | 2319 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2320 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 2321 | } |
| kadonotakashi | 0:8fdf9a60065b | 2322 | |
| kadonotakashi | 0:8fdf9a60065b | 2323 | if( ssl->in_msglen == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2324 | { |
| kadonotakashi | 0:8fdf9a60065b | 2325 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 2326 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 |
| kadonotakashi | 0:8fdf9a60065b | 2327 | && ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
| kadonotakashi | 0:8fdf9a60065b | 2328 | { |
| kadonotakashi | 0:8fdf9a60065b | 2329 | /* TLS v1.2 explicitly disallows zero-length messages which are not application data */ |
| kadonotakashi | 0:8fdf9a60065b | 2330 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2331 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 2332 | } |
| kadonotakashi | 0:8fdf9a60065b | 2333 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 2334 | |
| kadonotakashi | 0:8fdf9a60065b | 2335 | ssl->nb_zero++; |
| kadonotakashi | 0:8fdf9a60065b | 2336 | |
| kadonotakashi | 0:8fdf9a60065b | 2337 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2338 | * Three or more empty messages may be a DoS attack |
| kadonotakashi | 0:8fdf9a60065b | 2339 | * (excessive CPU consumption). |
| kadonotakashi | 0:8fdf9a60065b | 2340 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2341 | if( ssl->nb_zero > 3 ) |
| kadonotakashi | 0:8fdf9a60065b | 2342 | { |
| kadonotakashi | 0:8fdf9a60065b | 2343 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty " |
| kadonotakashi | 0:8fdf9a60065b | 2344 | "messages, possible DoS attack" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2345 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| kadonotakashi | 0:8fdf9a60065b | 2346 | } |
| kadonotakashi | 0:8fdf9a60065b | 2347 | } |
| kadonotakashi | 0:8fdf9a60065b | 2348 | else |
| kadonotakashi | 0:8fdf9a60065b | 2349 | ssl->nb_zero = 0; |
| kadonotakashi | 0:8fdf9a60065b | 2350 | |
| kadonotakashi | 0:8fdf9a60065b | 2351 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 2352 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 2353 | { |
| kadonotakashi | 0:8fdf9a60065b | 2354 | ; /* in_ctr read from peer, not maintained internally */ |
| kadonotakashi | 0:8fdf9a60065b | 2355 | } |
| kadonotakashi | 0:8fdf9a60065b | 2356 | else |
| kadonotakashi | 0:8fdf9a60065b | 2357 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2358 | { |
| kadonotakashi | 0:8fdf9a60065b | 2359 | unsigned char i; |
| kadonotakashi | 0:8fdf9a60065b | 2360 | for( i = 8; i > ssl_ep_len( ssl ); i-- ) |
| kadonotakashi | 0:8fdf9a60065b | 2361 | if( ++ssl->in_ctr[i - 1] != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2362 | break; |
| kadonotakashi | 0:8fdf9a60065b | 2363 | |
| kadonotakashi | 0:8fdf9a60065b | 2364 | /* The loop goes to its end iff the counter is wrapping */ |
| kadonotakashi | 0:8fdf9a60065b | 2365 | if( i == ssl_ep_len( ssl ) ) |
| kadonotakashi | 0:8fdf9a60065b | 2366 | { |
| kadonotakashi | 0:8fdf9a60065b | 2367 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2368 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
| kadonotakashi | 0:8fdf9a60065b | 2369 | } |
| kadonotakashi | 0:8fdf9a60065b | 2370 | } |
| kadonotakashi | 0:8fdf9a60065b | 2371 | |
| kadonotakashi | 0:8fdf9a60065b | 2372 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2373 | |
| kadonotakashi | 0:8fdf9a60065b | 2374 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 2375 | } |
| kadonotakashi | 0:8fdf9a60065b | 2376 | |
| kadonotakashi | 0:8fdf9a60065b | 2377 | #undef MAC_NONE |
| kadonotakashi | 0:8fdf9a60065b | 2378 | #undef MAC_PLAINTEXT |
| kadonotakashi | 0:8fdf9a60065b | 2379 | #undef MAC_CIPHERTEXT |
| kadonotakashi | 0:8fdf9a60065b | 2380 | |
| kadonotakashi | 0:8fdf9a60065b | 2381 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| kadonotakashi | 0:8fdf9a60065b | 2382 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2383 | * Compression/decompression functions |
| kadonotakashi | 0:8fdf9a60065b | 2384 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2385 | static int ssl_compress_buf( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 2386 | { |
| kadonotakashi | 0:8fdf9a60065b | 2387 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 2388 | unsigned char *msg_post = ssl->out_msg; |
| kadonotakashi | 0:8fdf9a60065b | 2389 | ptrdiff_t bytes_written = ssl->out_msg - ssl->out_buf; |
| kadonotakashi | 0:8fdf9a60065b | 2390 | size_t len_pre = ssl->out_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 2391 | unsigned char *msg_pre = ssl->compress_buf; |
| kadonotakashi | 0:8fdf9a60065b | 2392 | |
| kadonotakashi | 0:8fdf9a60065b | 2393 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> compress buf" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2394 | |
| kadonotakashi | 0:8fdf9a60065b | 2395 | if( len_pre == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2396 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 2397 | |
| kadonotakashi | 0:8fdf9a60065b | 2398 | memcpy( msg_pre, ssl->out_msg, len_pre ); |
| kadonotakashi | 0:8fdf9a60065b | 2399 | |
| kadonotakashi | 0:8fdf9a60065b | 2400 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ", |
| kadonotakashi | 0:8fdf9a60065b | 2401 | ssl->out_msglen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2402 | |
| kadonotakashi | 0:8fdf9a60065b | 2403 | MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload", |
| kadonotakashi | 0:8fdf9a60065b | 2404 | ssl->out_msg, ssl->out_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 2405 | |
| kadonotakashi | 0:8fdf9a60065b | 2406 | ssl->transform_out->ctx_deflate.next_in = msg_pre; |
| kadonotakashi | 0:8fdf9a60065b | 2407 | ssl->transform_out->ctx_deflate.avail_in = len_pre; |
| kadonotakashi | 0:8fdf9a60065b | 2408 | ssl->transform_out->ctx_deflate.next_out = msg_post; |
| kadonotakashi | 0:8fdf9a60065b | 2409 | ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_OUT_BUFFER_LEN - bytes_written; |
| kadonotakashi | 0:8fdf9a60065b | 2410 | |
| kadonotakashi | 0:8fdf9a60065b | 2411 | ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH ); |
| kadonotakashi | 0:8fdf9a60065b | 2412 | if( ret != Z_OK ) |
| kadonotakashi | 0:8fdf9a60065b | 2413 | { |
| kadonotakashi | 0:8fdf9a60065b | 2414 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2415 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 2416 | } |
| kadonotakashi | 0:8fdf9a60065b | 2417 | |
| kadonotakashi | 0:8fdf9a60065b | 2418 | ssl->out_msglen = MBEDTLS_SSL_OUT_BUFFER_LEN - |
| kadonotakashi | 0:8fdf9a60065b | 2419 | ssl->transform_out->ctx_deflate.avail_out - bytes_written; |
| kadonotakashi | 0:8fdf9a60065b | 2420 | |
| kadonotakashi | 0:8fdf9a60065b | 2421 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ", |
| kadonotakashi | 0:8fdf9a60065b | 2422 | ssl->out_msglen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2423 | |
| kadonotakashi | 0:8fdf9a60065b | 2424 | MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload", |
| kadonotakashi | 0:8fdf9a60065b | 2425 | ssl->out_msg, ssl->out_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 2426 | |
| kadonotakashi | 0:8fdf9a60065b | 2427 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= compress buf" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2428 | |
| kadonotakashi | 0:8fdf9a60065b | 2429 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 2430 | } |
| kadonotakashi | 0:8fdf9a60065b | 2431 | |
| kadonotakashi | 0:8fdf9a60065b | 2432 | static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 2433 | { |
| kadonotakashi | 0:8fdf9a60065b | 2434 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 2435 | unsigned char *msg_post = ssl->in_msg; |
| kadonotakashi | 0:8fdf9a60065b | 2436 | ptrdiff_t header_bytes = ssl->in_msg - ssl->in_buf; |
| kadonotakashi | 0:8fdf9a60065b | 2437 | size_t len_pre = ssl->in_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 2438 | unsigned char *msg_pre = ssl->compress_buf; |
| kadonotakashi | 0:8fdf9a60065b | 2439 | |
| kadonotakashi | 0:8fdf9a60065b | 2440 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2441 | |
| kadonotakashi | 0:8fdf9a60065b | 2442 | if( len_pre == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2443 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 2444 | |
| kadonotakashi | 0:8fdf9a60065b | 2445 | memcpy( msg_pre, ssl->in_msg, len_pre ); |
| kadonotakashi | 0:8fdf9a60065b | 2446 | |
| kadonotakashi | 0:8fdf9a60065b | 2447 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ", |
| kadonotakashi | 0:8fdf9a60065b | 2448 | ssl->in_msglen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2449 | |
| kadonotakashi | 0:8fdf9a60065b | 2450 | MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload", |
| kadonotakashi | 0:8fdf9a60065b | 2451 | ssl->in_msg, ssl->in_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 2452 | |
| kadonotakashi | 0:8fdf9a60065b | 2453 | ssl->transform_in->ctx_inflate.next_in = msg_pre; |
| kadonotakashi | 0:8fdf9a60065b | 2454 | ssl->transform_in->ctx_inflate.avail_in = len_pre; |
| kadonotakashi | 0:8fdf9a60065b | 2455 | ssl->transform_in->ctx_inflate.next_out = msg_post; |
| kadonotakashi | 0:8fdf9a60065b | 2456 | ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_IN_BUFFER_LEN - |
| kadonotakashi | 0:8fdf9a60065b | 2457 | header_bytes; |
| kadonotakashi | 0:8fdf9a60065b | 2458 | |
| kadonotakashi | 0:8fdf9a60065b | 2459 | ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); |
| kadonotakashi | 0:8fdf9a60065b | 2460 | if( ret != Z_OK ) |
| kadonotakashi | 0:8fdf9a60065b | 2461 | { |
| kadonotakashi | 0:8fdf9a60065b | 2462 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2463 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 2464 | } |
| kadonotakashi | 0:8fdf9a60065b | 2465 | |
| kadonotakashi | 0:8fdf9a60065b | 2466 | ssl->in_msglen = MBEDTLS_SSL_IN_BUFFER_LEN - |
| kadonotakashi | 0:8fdf9a60065b | 2467 | ssl->transform_in->ctx_inflate.avail_out - header_bytes; |
| kadonotakashi | 0:8fdf9a60065b | 2468 | |
| kadonotakashi | 0:8fdf9a60065b | 2469 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", |
| kadonotakashi | 0:8fdf9a60065b | 2470 | ssl->in_msglen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2471 | |
| kadonotakashi | 0:8fdf9a60065b | 2472 | MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload", |
| kadonotakashi | 0:8fdf9a60065b | 2473 | ssl->in_msg, ssl->in_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 2474 | |
| kadonotakashi | 0:8fdf9a60065b | 2475 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2476 | |
| kadonotakashi | 0:8fdf9a60065b | 2477 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 2478 | } |
| kadonotakashi | 0:8fdf9a60065b | 2479 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
| kadonotakashi | 0:8fdf9a60065b | 2480 | |
| kadonotakashi | 0:8fdf9a60065b | 2481 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 2482 | static int ssl_write_hello_request( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 2483 | |
| kadonotakashi | 0:8fdf9a60065b | 2484 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 2485 | static int ssl_resend_hello_request( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 2486 | { |
| kadonotakashi | 0:8fdf9a60065b | 2487 | /* If renegotiation is not enforced, retransmit until we would reach max |
| kadonotakashi | 0:8fdf9a60065b | 2488 | * timeout if we were using the usual handshake doubling scheme */ |
| kadonotakashi | 0:8fdf9a60065b | 2489 | if( ssl->conf->renego_max_records < 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2490 | { |
| kadonotakashi | 0:8fdf9a60065b | 2491 | uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; |
| kadonotakashi | 0:8fdf9a60065b | 2492 | unsigned char doublings = 1; |
| kadonotakashi | 0:8fdf9a60065b | 2493 | |
| kadonotakashi | 0:8fdf9a60065b | 2494 | while( ratio != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2495 | { |
| kadonotakashi | 0:8fdf9a60065b | 2496 | ++doublings; |
| kadonotakashi | 0:8fdf9a60065b | 2497 | ratio >>= 1; |
| kadonotakashi | 0:8fdf9a60065b | 2498 | } |
| kadonotakashi | 0:8fdf9a60065b | 2499 | |
| kadonotakashi | 0:8fdf9a60065b | 2500 | if( ++ssl->renego_records_seen > doublings ) |
| kadonotakashi | 0:8fdf9a60065b | 2501 | { |
| kadonotakashi | 0:8fdf9a60065b | 2502 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2503 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 2504 | } |
| kadonotakashi | 0:8fdf9a60065b | 2505 | } |
| kadonotakashi | 0:8fdf9a60065b | 2506 | |
| kadonotakashi | 0:8fdf9a60065b | 2507 | return( ssl_write_hello_request( ssl ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2508 | } |
| kadonotakashi | 0:8fdf9a60065b | 2509 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2510 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
| kadonotakashi | 0:8fdf9a60065b | 2511 | |
| kadonotakashi | 0:8fdf9a60065b | 2512 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2513 | * Fill the input message buffer by appending data to it. |
| kadonotakashi | 0:8fdf9a60065b | 2514 | * The amount of data already fetched is in ssl->in_left. |
| kadonotakashi | 0:8fdf9a60065b | 2515 | * |
| kadonotakashi | 0:8fdf9a60065b | 2516 | * If we return 0, is it guaranteed that (at least) nb_want bytes are |
| kadonotakashi | 0:8fdf9a60065b | 2517 | * available (from this read and/or a previous one). Otherwise, an error code |
| kadonotakashi | 0:8fdf9a60065b | 2518 | * is returned (possibly EOF or WANT_READ). |
| kadonotakashi | 0:8fdf9a60065b | 2519 | * |
| kadonotakashi | 0:8fdf9a60065b | 2520 | * With stream transport (TLS) on success ssl->in_left == nb_want, but |
| kadonotakashi | 0:8fdf9a60065b | 2521 | * with datagram transport (DTLS) on success ssl->in_left >= nb_want, |
| kadonotakashi | 0:8fdf9a60065b | 2522 | * since we always read a whole datagram at once. |
| kadonotakashi | 0:8fdf9a60065b | 2523 | * |
| kadonotakashi | 0:8fdf9a60065b | 2524 | * For DTLS, it is up to the caller to set ssl->next_record_offset when |
| kadonotakashi | 0:8fdf9a60065b | 2525 | * they're done reading a record. |
| kadonotakashi | 0:8fdf9a60065b | 2526 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2527 | int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) |
| kadonotakashi | 0:8fdf9a60065b | 2528 | { |
| kadonotakashi | 0:8fdf9a60065b | 2529 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 2530 | size_t len; |
| kadonotakashi | 0:8fdf9a60065b | 2531 | |
| kadonotakashi | 0:8fdf9a60065b | 2532 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2533 | |
| kadonotakashi | 0:8fdf9a60065b | 2534 | if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 2535 | { |
| kadonotakashi | 0:8fdf9a60065b | 2536 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " |
| kadonotakashi | 0:8fdf9a60065b | 2537 | "or mbedtls_ssl_set_bio()" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2538 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 2539 | } |
| kadonotakashi | 0:8fdf9a60065b | 2540 | |
| kadonotakashi | 0:8fdf9a60065b | 2541 | if( nb_want > MBEDTLS_SSL_IN_BUFFER_LEN - (size_t)( ssl->in_hdr - ssl->in_buf ) ) |
| kadonotakashi | 0:8fdf9a60065b | 2542 | { |
| kadonotakashi | 0:8fdf9a60065b | 2543 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2544 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 2545 | } |
| kadonotakashi | 0:8fdf9a60065b | 2546 | |
| kadonotakashi | 0:8fdf9a60065b | 2547 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 2548 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 2549 | { |
| kadonotakashi | 0:8fdf9a60065b | 2550 | uint32_t timeout; |
| kadonotakashi | 0:8fdf9a60065b | 2551 | |
| kadonotakashi | 0:8fdf9a60065b | 2552 | /* Just to be sure */ |
| kadonotakashi | 0:8fdf9a60065b | 2553 | if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 2554 | { |
| kadonotakashi | 0:8fdf9a60065b | 2555 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use " |
| kadonotakashi | 0:8fdf9a60065b | 2556 | "mbedtls_ssl_set_timer_cb() for DTLS" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2557 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 2558 | } |
| kadonotakashi | 0:8fdf9a60065b | 2559 | |
| kadonotakashi | 0:8fdf9a60065b | 2560 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2561 | * The point is, we need to always read a full datagram at once, so we |
| kadonotakashi | 0:8fdf9a60065b | 2562 | * sometimes read more then requested, and handle the additional data. |
| kadonotakashi | 0:8fdf9a60065b | 2563 | * It could be the rest of the current record (while fetching the |
| kadonotakashi | 0:8fdf9a60065b | 2564 | * header) and/or some other records in the same datagram. |
| kadonotakashi | 0:8fdf9a60065b | 2565 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2566 | |
| kadonotakashi | 0:8fdf9a60065b | 2567 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2568 | * Move to the next record in the already read datagram if applicable |
| kadonotakashi | 0:8fdf9a60065b | 2569 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2570 | if( ssl->next_record_offset != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2571 | { |
| kadonotakashi | 0:8fdf9a60065b | 2572 | if( ssl->in_left < ssl->next_record_offset ) |
| kadonotakashi | 0:8fdf9a60065b | 2573 | { |
| kadonotakashi | 0:8fdf9a60065b | 2574 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2575 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 2576 | } |
| kadonotakashi | 0:8fdf9a60065b | 2577 | |
| kadonotakashi | 0:8fdf9a60065b | 2578 | ssl->in_left -= ssl->next_record_offset; |
| kadonotakashi | 0:8fdf9a60065b | 2579 | |
| kadonotakashi | 0:8fdf9a60065b | 2580 | if( ssl->in_left != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2581 | { |
| kadonotakashi | 0:8fdf9a60065b | 2582 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d", |
| kadonotakashi | 0:8fdf9a60065b | 2583 | ssl->next_record_offset ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2584 | memmove( ssl->in_hdr, |
| kadonotakashi | 0:8fdf9a60065b | 2585 | ssl->in_hdr + ssl->next_record_offset, |
| kadonotakashi | 0:8fdf9a60065b | 2586 | ssl->in_left ); |
| kadonotakashi | 0:8fdf9a60065b | 2587 | } |
| kadonotakashi | 0:8fdf9a60065b | 2588 | |
| kadonotakashi | 0:8fdf9a60065b | 2589 | ssl->next_record_offset = 0; |
| kadonotakashi | 0:8fdf9a60065b | 2590 | } |
| kadonotakashi | 0:8fdf9a60065b | 2591 | |
| kadonotakashi | 0:8fdf9a60065b | 2592 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
| kadonotakashi | 0:8fdf9a60065b | 2593 | ssl->in_left, nb_want ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2594 | |
| kadonotakashi | 0:8fdf9a60065b | 2595 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2596 | * Done if we already have enough data. |
| kadonotakashi | 0:8fdf9a60065b | 2597 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2598 | if( nb_want <= ssl->in_left) |
| kadonotakashi | 0:8fdf9a60065b | 2599 | { |
| kadonotakashi | 0:8fdf9a60065b | 2600 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2601 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 2602 | } |
| kadonotakashi | 0:8fdf9a60065b | 2603 | |
| kadonotakashi | 0:8fdf9a60065b | 2604 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2605 | * A record can't be split accross datagrams. If we need to read but |
| kadonotakashi | 0:8fdf9a60065b | 2606 | * are not at the beginning of a new record, the caller did something |
| kadonotakashi | 0:8fdf9a60065b | 2607 | * wrong. |
| kadonotakashi | 0:8fdf9a60065b | 2608 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2609 | if( ssl->in_left != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2610 | { |
| kadonotakashi | 0:8fdf9a60065b | 2611 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2612 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 2613 | } |
| kadonotakashi | 0:8fdf9a60065b | 2614 | |
| kadonotakashi | 0:8fdf9a60065b | 2615 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2616 | * Don't even try to read if time's out already. |
| kadonotakashi | 0:8fdf9a60065b | 2617 | * This avoids by-passing the timer when repeatedly receiving messages |
| kadonotakashi | 0:8fdf9a60065b | 2618 | * that will end up being dropped. |
| kadonotakashi | 0:8fdf9a60065b | 2619 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2620 | if( ssl_check_timer( ssl ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2621 | { |
| kadonotakashi | 0:8fdf9a60065b | 2622 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "timer has expired" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2623 | ret = MBEDTLS_ERR_SSL_TIMEOUT; |
| kadonotakashi | 0:8fdf9a60065b | 2624 | } |
| kadonotakashi | 0:8fdf9a60065b | 2625 | else |
| kadonotakashi | 0:8fdf9a60065b | 2626 | { |
| kadonotakashi | 0:8fdf9a60065b | 2627 | len = MBEDTLS_SSL_IN_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf ); |
| kadonotakashi | 0:8fdf9a60065b | 2628 | |
| kadonotakashi | 0:8fdf9a60065b | 2629 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| kadonotakashi | 0:8fdf9a60065b | 2630 | timeout = ssl->handshake->retransmit_timeout; |
| kadonotakashi | 0:8fdf9a60065b | 2631 | else |
| kadonotakashi | 0:8fdf9a60065b | 2632 | timeout = ssl->conf->read_timeout; |
| kadonotakashi | 0:8fdf9a60065b | 2633 | |
| kadonotakashi | 0:8fdf9a60065b | 2634 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2635 | |
| kadonotakashi | 0:8fdf9a60065b | 2636 | if( ssl->f_recv_timeout != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 2637 | ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len, |
| kadonotakashi | 0:8fdf9a60065b | 2638 | timeout ); |
| kadonotakashi | 0:8fdf9a60065b | 2639 | else |
| kadonotakashi | 0:8fdf9a60065b | 2640 | ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len ); |
| kadonotakashi | 0:8fdf9a60065b | 2641 | |
| kadonotakashi | 0:8fdf9a60065b | 2642 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2643 | |
| kadonotakashi | 0:8fdf9a60065b | 2644 | if( ret == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2645 | return( MBEDTLS_ERR_SSL_CONN_EOF ); |
| kadonotakashi | 0:8fdf9a60065b | 2646 | } |
| kadonotakashi | 0:8fdf9a60065b | 2647 | |
| kadonotakashi | 0:8fdf9a60065b | 2648 | if( ret == MBEDTLS_ERR_SSL_TIMEOUT ) |
| kadonotakashi | 0:8fdf9a60065b | 2649 | { |
| kadonotakashi | 0:8fdf9a60065b | 2650 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2651 | ssl_set_timer( ssl, 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 2652 | |
| kadonotakashi | 0:8fdf9a60065b | 2653 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| kadonotakashi | 0:8fdf9a60065b | 2654 | { |
| kadonotakashi | 0:8fdf9a60065b | 2655 | if( ssl_double_retransmit_timeout( ssl ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2656 | { |
| kadonotakashi | 0:8fdf9a60065b | 2657 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2658 | return( MBEDTLS_ERR_SSL_TIMEOUT ); |
| kadonotakashi | 0:8fdf9a60065b | 2659 | } |
| kadonotakashi | 0:8fdf9a60065b | 2660 | |
| kadonotakashi | 0:8fdf9a60065b | 2661 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2662 | { |
| kadonotakashi | 0:8fdf9a60065b | 2663 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2664 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2665 | } |
| kadonotakashi | 0:8fdf9a60065b | 2666 | |
| kadonotakashi | 0:8fdf9a60065b | 2667 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
| kadonotakashi | 0:8fdf9a60065b | 2668 | } |
| kadonotakashi | 0:8fdf9a60065b | 2669 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 2670 | else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| kadonotakashi | 0:8fdf9a60065b | 2671 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
| kadonotakashi | 0:8fdf9a60065b | 2672 | { |
| kadonotakashi | 0:8fdf9a60065b | 2673 | if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2674 | { |
| kadonotakashi | 0:8fdf9a60065b | 2675 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2676 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2677 | } |
| kadonotakashi | 0:8fdf9a60065b | 2678 | |
| kadonotakashi | 0:8fdf9a60065b | 2679 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
| kadonotakashi | 0:8fdf9a60065b | 2680 | } |
| kadonotakashi | 0:8fdf9a60065b | 2681 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
| kadonotakashi | 0:8fdf9a60065b | 2682 | } |
| kadonotakashi | 0:8fdf9a60065b | 2683 | |
| kadonotakashi | 0:8fdf9a60065b | 2684 | if( ret < 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2685 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2686 | |
| kadonotakashi | 0:8fdf9a60065b | 2687 | ssl->in_left = ret; |
| kadonotakashi | 0:8fdf9a60065b | 2688 | } |
| kadonotakashi | 0:8fdf9a60065b | 2689 | else |
| kadonotakashi | 0:8fdf9a60065b | 2690 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2691 | { |
| kadonotakashi | 0:8fdf9a60065b | 2692 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
| kadonotakashi | 0:8fdf9a60065b | 2693 | ssl->in_left, nb_want ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2694 | |
| kadonotakashi | 0:8fdf9a60065b | 2695 | while( ssl->in_left < nb_want ) |
| kadonotakashi | 0:8fdf9a60065b | 2696 | { |
| kadonotakashi | 0:8fdf9a60065b | 2697 | len = nb_want - ssl->in_left; |
| kadonotakashi | 0:8fdf9a60065b | 2698 | |
| kadonotakashi | 0:8fdf9a60065b | 2699 | if( ssl_check_timer( ssl ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2700 | ret = MBEDTLS_ERR_SSL_TIMEOUT; |
| kadonotakashi | 0:8fdf9a60065b | 2701 | else |
| kadonotakashi | 0:8fdf9a60065b | 2702 | { |
| kadonotakashi | 0:8fdf9a60065b | 2703 | if( ssl->f_recv_timeout != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 2704 | { |
| kadonotakashi | 0:8fdf9a60065b | 2705 | ret = ssl->f_recv_timeout( ssl->p_bio, |
| kadonotakashi | 0:8fdf9a60065b | 2706 | ssl->in_hdr + ssl->in_left, len, |
| kadonotakashi | 0:8fdf9a60065b | 2707 | ssl->conf->read_timeout ); |
| kadonotakashi | 0:8fdf9a60065b | 2708 | } |
| kadonotakashi | 0:8fdf9a60065b | 2709 | else |
| kadonotakashi | 0:8fdf9a60065b | 2710 | { |
| kadonotakashi | 0:8fdf9a60065b | 2711 | ret = ssl->f_recv( ssl->p_bio, |
| kadonotakashi | 0:8fdf9a60065b | 2712 | ssl->in_hdr + ssl->in_left, len ); |
| kadonotakashi | 0:8fdf9a60065b | 2713 | } |
| kadonotakashi | 0:8fdf9a60065b | 2714 | } |
| kadonotakashi | 0:8fdf9a60065b | 2715 | |
| kadonotakashi | 0:8fdf9a60065b | 2716 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
| kadonotakashi | 0:8fdf9a60065b | 2717 | ssl->in_left, nb_want ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2718 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2719 | |
| kadonotakashi | 0:8fdf9a60065b | 2720 | if( ret == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2721 | return( MBEDTLS_ERR_SSL_CONN_EOF ); |
| kadonotakashi | 0:8fdf9a60065b | 2722 | |
| kadonotakashi | 0:8fdf9a60065b | 2723 | if( ret < 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2724 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2725 | |
| kadonotakashi | 0:8fdf9a60065b | 2726 | if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) |
| kadonotakashi | 0:8fdf9a60065b | 2727 | { |
| kadonotakashi | 0:8fdf9a60065b | 2728 | MBEDTLS_SSL_DEBUG_MSG( 1, |
| kadonotakashi | 0:8fdf9a60065b | 2729 | ( "f_recv returned %d bytes but only %lu were requested", |
| kadonotakashi | 0:8fdf9a60065b | 2730 | ret, (unsigned long)len ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2731 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 2732 | } |
| kadonotakashi | 0:8fdf9a60065b | 2733 | |
| kadonotakashi | 0:8fdf9a60065b | 2734 | ssl->in_left += ret; |
| kadonotakashi | 0:8fdf9a60065b | 2735 | } |
| kadonotakashi | 0:8fdf9a60065b | 2736 | } |
| kadonotakashi | 0:8fdf9a60065b | 2737 | |
| kadonotakashi | 0:8fdf9a60065b | 2738 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2739 | |
| kadonotakashi | 0:8fdf9a60065b | 2740 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 2741 | } |
| kadonotakashi | 0:8fdf9a60065b | 2742 | |
| kadonotakashi | 0:8fdf9a60065b | 2743 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2744 | * Flush any data not yet written |
| kadonotakashi | 0:8fdf9a60065b | 2745 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2746 | int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 2747 | { |
| kadonotakashi | 0:8fdf9a60065b | 2748 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 2749 | unsigned char *buf; |
| kadonotakashi | 0:8fdf9a60065b | 2750 | |
| kadonotakashi | 0:8fdf9a60065b | 2751 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2752 | |
| kadonotakashi | 0:8fdf9a60065b | 2753 | if( ssl->f_send == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 2754 | { |
| kadonotakashi | 0:8fdf9a60065b | 2755 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " |
| kadonotakashi | 0:8fdf9a60065b | 2756 | "or mbedtls_ssl_set_bio()" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2757 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 2758 | } |
| kadonotakashi | 0:8fdf9a60065b | 2759 | |
| kadonotakashi | 0:8fdf9a60065b | 2760 | /* Avoid incrementing counter if data is flushed */ |
| kadonotakashi | 0:8fdf9a60065b | 2761 | if( ssl->out_left == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2762 | { |
| kadonotakashi | 0:8fdf9a60065b | 2763 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2764 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 2765 | } |
| kadonotakashi | 0:8fdf9a60065b | 2766 | |
| kadonotakashi | 0:8fdf9a60065b | 2767 | while( ssl->out_left > 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2768 | { |
| kadonotakashi | 0:8fdf9a60065b | 2769 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d", |
| kadonotakashi | 0:8fdf9a60065b | 2770 | mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2771 | |
| kadonotakashi | 0:8fdf9a60065b | 2772 | buf = ssl->out_hdr - ssl->out_left; |
| kadonotakashi | 0:8fdf9a60065b | 2773 | ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left ); |
| kadonotakashi | 0:8fdf9a60065b | 2774 | |
| kadonotakashi | 0:8fdf9a60065b | 2775 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2776 | |
| kadonotakashi | 0:8fdf9a60065b | 2777 | if( ret <= 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2778 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2779 | |
| kadonotakashi | 0:8fdf9a60065b | 2780 | if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) |
| kadonotakashi | 0:8fdf9a60065b | 2781 | { |
| kadonotakashi | 0:8fdf9a60065b | 2782 | MBEDTLS_SSL_DEBUG_MSG( 1, |
| kadonotakashi | 0:8fdf9a60065b | 2783 | ( "f_send returned %d bytes but only %lu bytes were sent", |
| kadonotakashi | 0:8fdf9a60065b | 2784 | ret, (unsigned long)ssl->out_left ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2785 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 2786 | } |
| kadonotakashi | 0:8fdf9a60065b | 2787 | |
| kadonotakashi | 0:8fdf9a60065b | 2788 | ssl->out_left -= ret; |
| kadonotakashi | 0:8fdf9a60065b | 2789 | } |
| kadonotakashi | 0:8fdf9a60065b | 2790 | |
| kadonotakashi | 0:8fdf9a60065b | 2791 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 2792 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 2793 | { |
| kadonotakashi | 0:8fdf9a60065b | 2794 | ssl->out_hdr = ssl->out_buf; |
| kadonotakashi | 0:8fdf9a60065b | 2795 | } |
| kadonotakashi | 0:8fdf9a60065b | 2796 | else |
| kadonotakashi | 0:8fdf9a60065b | 2797 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2798 | { |
| kadonotakashi | 0:8fdf9a60065b | 2799 | ssl->out_hdr = ssl->out_buf + 8; |
| kadonotakashi | 0:8fdf9a60065b | 2800 | } |
| kadonotakashi | 0:8fdf9a60065b | 2801 | ssl_update_out_pointers( ssl, ssl->transform_out ); |
| kadonotakashi | 0:8fdf9a60065b | 2802 | |
| kadonotakashi | 0:8fdf9a60065b | 2803 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2804 | |
| kadonotakashi | 0:8fdf9a60065b | 2805 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 2806 | } |
| kadonotakashi | 0:8fdf9a60065b | 2807 | |
| kadonotakashi | 0:8fdf9a60065b | 2808 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2809 | * Functions to handle the DTLS retransmission state machine |
| kadonotakashi | 0:8fdf9a60065b | 2810 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2811 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 2812 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2813 | * Append current handshake message to current outgoing flight |
| kadonotakashi | 0:8fdf9a60065b | 2814 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2815 | static int ssl_flight_append( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 2816 | { |
| kadonotakashi | 0:8fdf9a60065b | 2817 | mbedtls_ssl_flight_item *msg; |
| kadonotakashi | 0:8fdf9a60065b | 2818 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_flight_append" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2819 | MBEDTLS_SSL_DEBUG_BUF( 4, "message appended to flight", |
| kadonotakashi | 0:8fdf9a60065b | 2820 | ssl->out_msg, ssl->out_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 2821 | |
| kadonotakashi | 0:8fdf9a60065b | 2822 | /* Allocate space for current message */ |
| kadonotakashi | 0:8fdf9a60065b | 2823 | if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 2824 | { |
| kadonotakashi | 0:8fdf9a60065b | 2825 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", |
| kadonotakashi | 0:8fdf9a60065b | 2826 | sizeof( mbedtls_ssl_flight_item ) ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2827 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 2828 | } |
| kadonotakashi | 0:8fdf9a60065b | 2829 | |
| kadonotakashi | 0:8fdf9a60065b | 2830 | if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 2831 | { |
| kadonotakashi | 0:8fdf9a60065b | 2832 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2833 | mbedtls_free( msg ); |
| kadonotakashi | 0:8fdf9a60065b | 2834 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 2835 | } |
| kadonotakashi | 0:8fdf9a60065b | 2836 | |
| kadonotakashi | 0:8fdf9a60065b | 2837 | /* Copy current handshake message with headers */ |
| kadonotakashi | 0:8fdf9a60065b | 2838 | memcpy( msg->p, ssl->out_msg, ssl->out_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 2839 | msg->len = ssl->out_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 2840 | msg->type = ssl->out_msgtype; |
| kadonotakashi | 0:8fdf9a60065b | 2841 | msg->next = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 2842 | |
| kadonotakashi | 0:8fdf9a60065b | 2843 | /* Append to the current flight */ |
| kadonotakashi | 0:8fdf9a60065b | 2844 | if( ssl->handshake->flight == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 2845 | ssl->handshake->flight = msg; |
| kadonotakashi | 0:8fdf9a60065b | 2846 | else |
| kadonotakashi | 0:8fdf9a60065b | 2847 | { |
| kadonotakashi | 0:8fdf9a60065b | 2848 | mbedtls_ssl_flight_item *cur = ssl->handshake->flight; |
| kadonotakashi | 0:8fdf9a60065b | 2849 | while( cur->next != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 2850 | cur = cur->next; |
| kadonotakashi | 0:8fdf9a60065b | 2851 | cur->next = msg; |
| kadonotakashi | 0:8fdf9a60065b | 2852 | } |
| kadonotakashi | 0:8fdf9a60065b | 2853 | |
| kadonotakashi | 0:8fdf9a60065b | 2854 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_flight_append" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2855 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 2856 | } |
| kadonotakashi | 0:8fdf9a60065b | 2857 | |
| kadonotakashi | 0:8fdf9a60065b | 2858 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2859 | * Free the current flight of handshake messages |
| kadonotakashi | 0:8fdf9a60065b | 2860 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2861 | static void ssl_flight_free( mbedtls_ssl_flight_item *flight ) |
| kadonotakashi | 0:8fdf9a60065b | 2862 | { |
| kadonotakashi | 0:8fdf9a60065b | 2863 | mbedtls_ssl_flight_item *cur = flight; |
| kadonotakashi | 0:8fdf9a60065b | 2864 | mbedtls_ssl_flight_item *next; |
| kadonotakashi | 0:8fdf9a60065b | 2865 | |
| kadonotakashi | 0:8fdf9a60065b | 2866 | while( cur != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 2867 | { |
| kadonotakashi | 0:8fdf9a60065b | 2868 | next = cur->next; |
| kadonotakashi | 0:8fdf9a60065b | 2869 | |
| kadonotakashi | 0:8fdf9a60065b | 2870 | mbedtls_free( cur->p ); |
| kadonotakashi | 0:8fdf9a60065b | 2871 | mbedtls_free( cur ); |
| kadonotakashi | 0:8fdf9a60065b | 2872 | |
| kadonotakashi | 0:8fdf9a60065b | 2873 | cur = next; |
| kadonotakashi | 0:8fdf9a60065b | 2874 | } |
| kadonotakashi | 0:8fdf9a60065b | 2875 | } |
| kadonotakashi | 0:8fdf9a60065b | 2876 | |
| kadonotakashi | 0:8fdf9a60065b | 2877 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| kadonotakashi | 0:8fdf9a60065b | 2878 | static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 2879 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2880 | |
| kadonotakashi | 0:8fdf9a60065b | 2881 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2882 | * Swap transform_out and out_ctr with the alternative ones |
| kadonotakashi | 0:8fdf9a60065b | 2883 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2884 | static void ssl_swap_epochs( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 2885 | { |
| kadonotakashi | 0:8fdf9a60065b | 2886 | mbedtls_ssl_transform *tmp_transform; |
| kadonotakashi | 0:8fdf9a60065b | 2887 | unsigned char tmp_out_ctr[8]; |
| kadonotakashi | 0:8fdf9a60065b | 2888 | |
| kadonotakashi | 0:8fdf9a60065b | 2889 | if( ssl->transform_out == ssl->handshake->alt_transform_out ) |
| kadonotakashi | 0:8fdf9a60065b | 2890 | { |
| kadonotakashi | 0:8fdf9a60065b | 2891 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2892 | return; |
| kadonotakashi | 0:8fdf9a60065b | 2893 | } |
| kadonotakashi | 0:8fdf9a60065b | 2894 | |
| kadonotakashi | 0:8fdf9a60065b | 2895 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2896 | |
| kadonotakashi | 0:8fdf9a60065b | 2897 | /* Swap transforms */ |
| kadonotakashi | 0:8fdf9a60065b | 2898 | tmp_transform = ssl->transform_out; |
| kadonotakashi | 0:8fdf9a60065b | 2899 | ssl->transform_out = ssl->handshake->alt_transform_out; |
| kadonotakashi | 0:8fdf9a60065b | 2900 | ssl->handshake->alt_transform_out = tmp_transform; |
| kadonotakashi | 0:8fdf9a60065b | 2901 | |
| kadonotakashi | 0:8fdf9a60065b | 2902 | /* Swap epoch + sequence_number */ |
| kadonotakashi | 0:8fdf9a60065b | 2903 | memcpy( tmp_out_ctr, ssl->cur_out_ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 2904 | memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 2905 | memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 2906 | |
| kadonotakashi | 0:8fdf9a60065b | 2907 | /* Adjust to the newly activated transform */ |
| kadonotakashi | 0:8fdf9a60065b | 2908 | ssl_update_out_pointers( ssl, ssl->transform_out ); |
| kadonotakashi | 0:8fdf9a60065b | 2909 | |
| kadonotakashi | 0:8fdf9a60065b | 2910 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| kadonotakashi | 0:8fdf9a60065b | 2911 | if( mbedtls_ssl_hw_record_activate != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 2912 | { |
| kadonotakashi | 0:8fdf9a60065b | 2913 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2914 | { |
| kadonotakashi | 0:8fdf9a60065b | 2915 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2916 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 2917 | } |
| kadonotakashi | 0:8fdf9a60065b | 2918 | } |
| kadonotakashi | 0:8fdf9a60065b | 2919 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 2920 | } |
| kadonotakashi | 0:8fdf9a60065b | 2921 | |
| kadonotakashi | 0:8fdf9a60065b | 2922 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2923 | * Retransmit the current flight of messages. |
| kadonotakashi | 0:8fdf9a60065b | 2924 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2925 | int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 2926 | { |
| kadonotakashi | 0:8fdf9a60065b | 2927 | int ret = 0; |
| kadonotakashi | 0:8fdf9a60065b | 2928 | |
| kadonotakashi | 0:8fdf9a60065b | 2929 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2930 | |
| kadonotakashi | 0:8fdf9a60065b | 2931 | ret = mbedtls_ssl_flight_transmit( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 2932 | |
| kadonotakashi | 0:8fdf9a60065b | 2933 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2934 | |
| kadonotakashi | 0:8fdf9a60065b | 2935 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2936 | } |
| kadonotakashi | 0:8fdf9a60065b | 2937 | |
| kadonotakashi | 0:8fdf9a60065b | 2938 | /* |
| kadonotakashi | 0:8fdf9a60065b | 2939 | * Transmit or retransmit the current flight of messages. |
| kadonotakashi | 0:8fdf9a60065b | 2940 | * |
| kadonotakashi | 0:8fdf9a60065b | 2941 | * Need to remember the current message in case flush_output returns |
| kadonotakashi | 0:8fdf9a60065b | 2942 | * WANT_WRITE, causing us to exit this function and come back later. |
| kadonotakashi | 0:8fdf9a60065b | 2943 | * This function must be called until state is no longer SENDING. |
| kadonotakashi | 0:8fdf9a60065b | 2944 | */ |
| kadonotakashi | 0:8fdf9a60065b | 2945 | int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 2946 | { |
| kadonotakashi | 0:8fdf9a60065b | 2947 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 2948 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2949 | |
| kadonotakashi | 0:8fdf9a60065b | 2950 | if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) |
| kadonotakashi | 0:8fdf9a60065b | 2951 | { |
| kadonotakashi | 0:8fdf9a60065b | 2952 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise flight transmission" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2953 | |
| kadonotakashi | 0:8fdf9a60065b | 2954 | ssl->handshake->cur_msg = ssl->handshake->flight; |
| kadonotakashi | 0:8fdf9a60065b | 2955 | ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12; |
| kadonotakashi | 0:8fdf9a60065b | 2956 | ssl_swap_epochs( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 2957 | |
| kadonotakashi | 0:8fdf9a60065b | 2958 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; |
| kadonotakashi | 0:8fdf9a60065b | 2959 | } |
| kadonotakashi | 0:8fdf9a60065b | 2960 | |
| kadonotakashi | 0:8fdf9a60065b | 2961 | while( ssl->handshake->cur_msg != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 2962 | { |
| kadonotakashi | 0:8fdf9a60065b | 2963 | size_t max_frag_len; |
| kadonotakashi | 0:8fdf9a60065b | 2964 | const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg; |
| kadonotakashi | 0:8fdf9a60065b | 2965 | |
| kadonotakashi | 0:8fdf9a60065b | 2966 | int const is_finished = |
| kadonotakashi | 0:8fdf9a60065b | 2967 | ( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE && |
| kadonotakashi | 0:8fdf9a60065b | 2968 | cur->p[0] == MBEDTLS_SSL_HS_FINISHED ); |
| kadonotakashi | 0:8fdf9a60065b | 2969 | |
| kadonotakashi | 0:8fdf9a60065b | 2970 | uint8_t const force_flush = ssl->disable_datagram_packing == 1 ? |
| kadonotakashi | 0:8fdf9a60065b | 2971 | SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH; |
| kadonotakashi | 0:8fdf9a60065b | 2972 | |
| kadonotakashi | 0:8fdf9a60065b | 2973 | /* Swap epochs before sending Finished: we can't do it after |
| kadonotakashi | 0:8fdf9a60065b | 2974 | * sending ChangeCipherSpec, in case write returns WANT_READ. |
| kadonotakashi | 0:8fdf9a60065b | 2975 | * Must be done before copying, may change out_msg pointer */ |
| kadonotakashi | 0:8fdf9a60065b | 2976 | if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) ) |
| kadonotakashi | 0:8fdf9a60065b | 2977 | { |
| kadonotakashi | 0:8fdf9a60065b | 2978 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 2979 | ssl_swap_epochs( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 2980 | } |
| kadonotakashi | 0:8fdf9a60065b | 2981 | |
| kadonotakashi | 0:8fdf9a60065b | 2982 | ret = ssl_get_remaining_payload_in_datagram( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 2983 | if( ret < 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2984 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2985 | max_frag_len = (size_t) ret; |
| kadonotakashi | 0:8fdf9a60065b | 2986 | |
| kadonotakashi | 0:8fdf9a60065b | 2987 | /* CCS is copied as is, while HS messages may need fragmentation */ |
| kadonotakashi | 0:8fdf9a60065b | 2988 | if( cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) |
| kadonotakashi | 0:8fdf9a60065b | 2989 | { |
| kadonotakashi | 0:8fdf9a60065b | 2990 | if( max_frag_len == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2991 | { |
| kadonotakashi | 0:8fdf9a60065b | 2992 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 2993 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 2994 | |
| kadonotakashi | 0:8fdf9a60065b | 2995 | continue; |
| kadonotakashi | 0:8fdf9a60065b | 2996 | } |
| kadonotakashi | 0:8fdf9a60065b | 2997 | |
| kadonotakashi | 0:8fdf9a60065b | 2998 | memcpy( ssl->out_msg, cur->p, cur->len ); |
| kadonotakashi | 0:8fdf9a60065b | 2999 | ssl->out_msglen = cur->len; |
| kadonotakashi | 0:8fdf9a60065b | 3000 | ssl->out_msgtype = cur->type; |
| kadonotakashi | 0:8fdf9a60065b | 3001 | |
| kadonotakashi | 0:8fdf9a60065b | 3002 | /* Update position inside current message */ |
| kadonotakashi | 0:8fdf9a60065b | 3003 | ssl->handshake->cur_msg_p += cur->len; |
| kadonotakashi | 0:8fdf9a60065b | 3004 | } |
| kadonotakashi | 0:8fdf9a60065b | 3005 | else |
| kadonotakashi | 0:8fdf9a60065b | 3006 | { |
| kadonotakashi | 0:8fdf9a60065b | 3007 | const unsigned char * const p = ssl->handshake->cur_msg_p; |
| kadonotakashi | 0:8fdf9a60065b | 3008 | const size_t hs_len = cur->len - 12; |
| kadonotakashi | 0:8fdf9a60065b | 3009 | const size_t frag_off = p - ( cur->p + 12 ); |
| kadonotakashi | 0:8fdf9a60065b | 3010 | const size_t rem_len = hs_len - frag_off; |
| kadonotakashi | 0:8fdf9a60065b | 3011 | size_t cur_hs_frag_len, max_hs_frag_len; |
| kadonotakashi | 0:8fdf9a60065b | 3012 | |
| kadonotakashi | 0:8fdf9a60065b | 3013 | if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) ) |
| kadonotakashi | 0:8fdf9a60065b | 3014 | { |
| kadonotakashi | 0:8fdf9a60065b | 3015 | if( is_finished ) |
| kadonotakashi | 0:8fdf9a60065b | 3016 | ssl_swap_epochs( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 3017 | |
| kadonotakashi | 0:8fdf9a60065b | 3018 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3019 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3020 | |
| kadonotakashi | 0:8fdf9a60065b | 3021 | continue; |
| kadonotakashi | 0:8fdf9a60065b | 3022 | } |
| kadonotakashi | 0:8fdf9a60065b | 3023 | max_hs_frag_len = max_frag_len - 12; |
| kadonotakashi | 0:8fdf9a60065b | 3024 | |
| kadonotakashi | 0:8fdf9a60065b | 3025 | cur_hs_frag_len = rem_len > max_hs_frag_len ? |
| kadonotakashi | 0:8fdf9a60065b | 3026 | max_hs_frag_len : rem_len; |
| kadonotakashi | 0:8fdf9a60065b | 3027 | |
| kadonotakashi | 0:8fdf9a60065b | 3028 | if( frag_off == 0 && cur_hs_frag_len != hs_len ) |
| kadonotakashi | 0:8fdf9a60065b | 3029 | { |
| kadonotakashi | 0:8fdf9a60065b | 3030 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message (%u > %u)", |
| kadonotakashi | 0:8fdf9a60065b | 3031 | (unsigned) cur_hs_frag_len, |
| kadonotakashi | 0:8fdf9a60065b | 3032 | (unsigned) max_hs_frag_len ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3033 | } |
| kadonotakashi | 0:8fdf9a60065b | 3034 | |
| kadonotakashi | 0:8fdf9a60065b | 3035 | /* Messages are stored with handshake headers as if not fragmented, |
| kadonotakashi | 0:8fdf9a60065b | 3036 | * copy beginning of headers then fill fragmentation fields. |
| kadonotakashi | 0:8fdf9a60065b | 3037 | * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ |
| kadonotakashi | 0:8fdf9a60065b | 3038 | memcpy( ssl->out_msg, cur->p, 6 ); |
| kadonotakashi | 0:8fdf9a60065b | 3039 | |
| kadonotakashi | 0:8fdf9a60065b | 3040 | ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff ); |
| kadonotakashi | 0:8fdf9a60065b | 3041 | ssl->out_msg[7] = ( ( frag_off >> 8 ) & 0xff ); |
| kadonotakashi | 0:8fdf9a60065b | 3042 | ssl->out_msg[8] = ( ( frag_off ) & 0xff ); |
| kadonotakashi | 0:8fdf9a60065b | 3043 | |
| kadonotakashi | 0:8fdf9a60065b | 3044 | ssl->out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff ); |
| kadonotakashi | 0:8fdf9a60065b | 3045 | ssl->out_msg[10] = ( ( cur_hs_frag_len >> 8 ) & 0xff ); |
| kadonotakashi | 0:8fdf9a60065b | 3046 | ssl->out_msg[11] = ( ( cur_hs_frag_len ) & 0xff ); |
| kadonotakashi | 0:8fdf9a60065b | 3047 | |
| kadonotakashi | 0:8fdf9a60065b | 3048 | MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 ); |
| kadonotakashi | 0:8fdf9a60065b | 3049 | |
| kadonotakashi | 0:8fdf9a60065b | 3050 | /* Copy the handshake message content and set records fields */ |
| kadonotakashi | 0:8fdf9a60065b | 3051 | memcpy( ssl->out_msg + 12, p, cur_hs_frag_len ); |
| kadonotakashi | 0:8fdf9a60065b | 3052 | ssl->out_msglen = cur_hs_frag_len + 12; |
| kadonotakashi | 0:8fdf9a60065b | 3053 | ssl->out_msgtype = cur->type; |
| kadonotakashi | 0:8fdf9a60065b | 3054 | |
| kadonotakashi | 0:8fdf9a60065b | 3055 | /* Update position inside current message */ |
| kadonotakashi | 0:8fdf9a60065b | 3056 | ssl->handshake->cur_msg_p += cur_hs_frag_len; |
| kadonotakashi | 0:8fdf9a60065b | 3057 | } |
| kadonotakashi | 0:8fdf9a60065b | 3058 | |
| kadonotakashi | 0:8fdf9a60065b | 3059 | /* If done with the current message move to the next one if any */ |
| kadonotakashi | 0:8fdf9a60065b | 3060 | if( ssl->handshake->cur_msg_p >= cur->p + cur->len ) |
| kadonotakashi | 0:8fdf9a60065b | 3061 | { |
| kadonotakashi | 0:8fdf9a60065b | 3062 | if( cur->next != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 3063 | { |
| kadonotakashi | 0:8fdf9a60065b | 3064 | ssl->handshake->cur_msg = cur->next; |
| kadonotakashi | 0:8fdf9a60065b | 3065 | ssl->handshake->cur_msg_p = cur->next->p + 12; |
| kadonotakashi | 0:8fdf9a60065b | 3066 | } |
| kadonotakashi | 0:8fdf9a60065b | 3067 | else |
| kadonotakashi | 0:8fdf9a60065b | 3068 | { |
| kadonotakashi | 0:8fdf9a60065b | 3069 | ssl->handshake->cur_msg = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 3070 | ssl->handshake->cur_msg_p = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 3071 | } |
| kadonotakashi | 0:8fdf9a60065b | 3072 | } |
| kadonotakashi | 0:8fdf9a60065b | 3073 | |
| kadonotakashi | 0:8fdf9a60065b | 3074 | /* Actually send the message out */ |
| kadonotakashi | 0:8fdf9a60065b | 3075 | if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3076 | { |
| kadonotakashi | 0:8fdf9a60065b | 3077 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3078 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3079 | } |
| kadonotakashi | 0:8fdf9a60065b | 3080 | } |
| kadonotakashi | 0:8fdf9a60065b | 3081 | |
| kadonotakashi | 0:8fdf9a60065b | 3082 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3083 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3084 | |
| kadonotakashi | 0:8fdf9a60065b | 3085 | /* Update state and set timer */ |
| kadonotakashi | 0:8fdf9a60065b | 3086 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
| kadonotakashi | 0:8fdf9a60065b | 3087 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
| kadonotakashi | 0:8fdf9a60065b | 3088 | else |
| kadonotakashi | 0:8fdf9a60065b | 3089 | { |
| kadonotakashi | 0:8fdf9a60065b | 3090 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
| kadonotakashi | 0:8fdf9a60065b | 3091 | ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); |
| kadonotakashi | 0:8fdf9a60065b | 3092 | } |
| kadonotakashi | 0:8fdf9a60065b | 3093 | |
| kadonotakashi | 0:8fdf9a60065b | 3094 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_flight_transmit" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3095 | |
| kadonotakashi | 0:8fdf9a60065b | 3096 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 3097 | } |
| kadonotakashi | 0:8fdf9a60065b | 3098 | |
| kadonotakashi | 0:8fdf9a60065b | 3099 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3100 | * To be called when the last message of an incoming flight is received. |
| kadonotakashi | 0:8fdf9a60065b | 3101 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3102 | void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3103 | { |
| kadonotakashi | 0:8fdf9a60065b | 3104 | /* We won't need to resend that one any more */ |
| kadonotakashi | 0:8fdf9a60065b | 3105 | ssl_flight_free( ssl->handshake->flight ); |
| kadonotakashi | 0:8fdf9a60065b | 3106 | ssl->handshake->flight = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 3107 | ssl->handshake->cur_msg = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 3108 | |
| kadonotakashi | 0:8fdf9a60065b | 3109 | /* The next incoming flight will start with this msg_seq */ |
| kadonotakashi | 0:8fdf9a60065b | 3110 | ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq; |
| kadonotakashi | 0:8fdf9a60065b | 3111 | |
| kadonotakashi | 0:8fdf9a60065b | 3112 | /* We don't want to remember CCS's across flight boundaries. */ |
| kadonotakashi | 0:8fdf9a60065b | 3113 | ssl->handshake->buffering.seen_ccs = 0; |
| kadonotakashi | 0:8fdf9a60065b | 3114 | |
| kadonotakashi | 0:8fdf9a60065b | 3115 | /* Clear future message buffering structure. */ |
| kadonotakashi | 0:8fdf9a60065b | 3116 | ssl_buffering_free( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 3117 | |
| kadonotakashi | 0:8fdf9a60065b | 3118 | /* Cancel timer */ |
| kadonotakashi | 0:8fdf9a60065b | 3119 | ssl_set_timer( ssl, 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 3120 | |
| kadonotakashi | 0:8fdf9a60065b | 3121 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
| kadonotakashi | 0:8fdf9a60065b | 3122 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
| kadonotakashi | 0:8fdf9a60065b | 3123 | { |
| kadonotakashi | 0:8fdf9a60065b | 3124 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
| kadonotakashi | 0:8fdf9a60065b | 3125 | } |
| kadonotakashi | 0:8fdf9a60065b | 3126 | else |
| kadonotakashi | 0:8fdf9a60065b | 3127 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; |
| kadonotakashi | 0:8fdf9a60065b | 3128 | } |
| kadonotakashi | 0:8fdf9a60065b | 3129 | |
| kadonotakashi | 0:8fdf9a60065b | 3130 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3131 | * To be called when the last message of an outgoing flight is send. |
| kadonotakashi | 0:8fdf9a60065b | 3132 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3133 | void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3134 | { |
| kadonotakashi | 0:8fdf9a60065b | 3135 | ssl_reset_retransmit_timeout( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 3136 | ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); |
| kadonotakashi | 0:8fdf9a60065b | 3137 | |
| kadonotakashi | 0:8fdf9a60065b | 3138 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
| kadonotakashi | 0:8fdf9a60065b | 3139 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
| kadonotakashi | 0:8fdf9a60065b | 3140 | { |
| kadonotakashi | 0:8fdf9a60065b | 3141 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
| kadonotakashi | 0:8fdf9a60065b | 3142 | } |
| kadonotakashi | 0:8fdf9a60065b | 3143 | else |
| kadonotakashi | 0:8fdf9a60065b | 3144 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
| kadonotakashi | 0:8fdf9a60065b | 3145 | } |
| kadonotakashi | 0:8fdf9a60065b | 3146 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 3147 | |
| kadonotakashi | 0:8fdf9a60065b | 3148 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3149 | * Handshake layer functions |
| kadonotakashi | 0:8fdf9a60065b | 3150 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3151 | |
| kadonotakashi | 0:8fdf9a60065b | 3152 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3153 | * Write (DTLS: or queue) current handshake (including CCS) message. |
| kadonotakashi | 0:8fdf9a60065b | 3154 | * |
| kadonotakashi | 0:8fdf9a60065b | 3155 | * - fill in handshake headers |
| kadonotakashi | 0:8fdf9a60065b | 3156 | * - update handshake checksum |
| kadonotakashi | 0:8fdf9a60065b | 3157 | * - DTLS: save message for resending |
| kadonotakashi | 0:8fdf9a60065b | 3158 | * - then pass to the record layer |
| kadonotakashi | 0:8fdf9a60065b | 3159 | * |
| kadonotakashi | 0:8fdf9a60065b | 3160 | * DTLS: except for HelloRequest, messages are only queued, and will only be |
| kadonotakashi | 0:8fdf9a60065b | 3161 | * actually sent when calling flight_transmit() or resend(). |
| kadonotakashi | 0:8fdf9a60065b | 3162 | * |
| kadonotakashi | 0:8fdf9a60065b | 3163 | * Inputs: |
| kadonotakashi | 0:8fdf9a60065b | 3164 | * - ssl->out_msglen: 4 + actual handshake message len |
| kadonotakashi | 0:8fdf9a60065b | 3165 | * (4 is the size of handshake headers for TLS) |
| kadonotakashi | 0:8fdf9a60065b | 3166 | * - ssl->out_msg[0]: the handshake type (ClientHello, ServerHello, etc) |
| kadonotakashi | 0:8fdf9a60065b | 3167 | * - ssl->out_msg + 4: the handshake message body |
| kadonotakashi | 0:8fdf9a60065b | 3168 | * |
| kadonotakashi | 0:8fdf9a60065b | 3169 | * Outputs, ie state before passing to flight_append() or write_record(): |
| kadonotakashi | 0:8fdf9a60065b | 3170 | * - ssl->out_msglen: the length of the record contents |
| kadonotakashi | 0:8fdf9a60065b | 3171 | * (including handshake headers but excluding record headers) |
| kadonotakashi | 0:8fdf9a60065b | 3172 | * - ssl->out_msg: the record contents (handshake headers + content) |
| kadonotakashi | 0:8fdf9a60065b | 3173 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3174 | int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3175 | { |
| kadonotakashi | 0:8fdf9a60065b | 3176 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 3177 | const size_t hs_len = ssl->out_msglen - 4; |
| kadonotakashi | 0:8fdf9a60065b | 3178 | const unsigned char hs_type = ssl->out_msg[0]; |
| kadonotakashi | 0:8fdf9a60065b | 3179 | |
| kadonotakashi | 0:8fdf9a60065b | 3180 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write handshake message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3181 | |
| kadonotakashi | 0:8fdf9a60065b | 3182 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3183 | * Sanity checks |
| kadonotakashi | 0:8fdf9a60065b | 3184 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3185 | if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && |
| kadonotakashi | 0:8fdf9a60065b | 3186 | ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) |
| kadonotakashi | 0:8fdf9a60065b | 3187 | { |
| kadonotakashi | 0:8fdf9a60065b | 3188 | /* In SSLv3, the client might send a NoCertificate alert. */ |
| kadonotakashi | 0:8fdf9a60065b | 3189 | #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 3190 | if( ! ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && |
| kadonotakashi | 0:8fdf9a60065b | 3191 | ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT && |
| kadonotakashi | 0:8fdf9a60065b | 3192 | ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) ) |
| kadonotakashi | 0:8fdf9a60065b | 3193 | #endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ |
| kadonotakashi | 0:8fdf9a60065b | 3194 | { |
| kadonotakashi | 0:8fdf9a60065b | 3195 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3196 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 3197 | } |
| kadonotakashi | 0:8fdf9a60065b | 3198 | } |
| kadonotakashi | 0:8fdf9a60065b | 3199 | |
| kadonotakashi | 0:8fdf9a60065b | 3200 | if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
| kadonotakashi | 0:8fdf9a60065b | 3201 | hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && |
| kadonotakashi | 0:8fdf9a60065b | 3202 | ssl->handshake == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 3203 | { |
| kadonotakashi | 0:8fdf9a60065b | 3204 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3205 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 3206 | } |
| kadonotakashi | 0:8fdf9a60065b | 3207 | |
| kadonotakashi | 0:8fdf9a60065b | 3208 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 3209 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| kadonotakashi | 0:8fdf9a60065b | 3210 | ssl->handshake != NULL && |
| kadonotakashi | 0:8fdf9a60065b | 3211 | ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) |
| kadonotakashi | 0:8fdf9a60065b | 3212 | { |
| kadonotakashi | 0:8fdf9a60065b | 3213 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3214 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 3215 | } |
| kadonotakashi | 0:8fdf9a60065b | 3216 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 3217 | |
| kadonotakashi | 0:8fdf9a60065b | 3218 | /* Double-check that we did not exceed the bounds |
| kadonotakashi | 0:8fdf9a60065b | 3219 | * of the outgoing record buffer. |
| kadonotakashi | 0:8fdf9a60065b | 3220 | * This should never fail as the various message |
| kadonotakashi | 0:8fdf9a60065b | 3221 | * writing functions must obey the bounds of the |
| kadonotakashi | 0:8fdf9a60065b | 3222 | * outgoing record buffer, but better be safe. |
| kadonotakashi | 0:8fdf9a60065b | 3223 | * |
| kadonotakashi | 0:8fdf9a60065b | 3224 | * Note: We deliberately do not check for the MTU or MFL here. |
| kadonotakashi | 0:8fdf9a60065b | 3225 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3226 | if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN ) |
| kadonotakashi | 0:8fdf9a60065b | 3227 | { |
| kadonotakashi | 0:8fdf9a60065b | 3228 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: " |
| kadonotakashi | 0:8fdf9a60065b | 3229 | "size %u, maximum %u", |
| kadonotakashi | 0:8fdf9a60065b | 3230 | (unsigned) ssl->out_msglen, |
| kadonotakashi | 0:8fdf9a60065b | 3231 | (unsigned) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3232 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 3233 | } |
| kadonotakashi | 0:8fdf9a60065b | 3234 | |
| kadonotakashi | 0:8fdf9a60065b | 3235 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3236 | * Fill handshake headers |
| kadonotakashi | 0:8fdf9a60065b | 3237 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3238 | if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
| kadonotakashi | 0:8fdf9a60065b | 3239 | { |
| kadonotakashi | 0:8fdf9a60065b | 3240 | ssl->out_msg[1] = (unsigned char)( hs_len >> 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 3241 | ssl->out_msg[2] = (unsigned char)( hs_len >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 3242 | ssl->out_msg[3] = (unsigned char)( hs_len ); |
| kadonotakashi | 0:8fdf9a60065b | 3243 | |
| kadonotakashi | 0:8fdf9a60065b | 3244 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3245 | * DTLS has additional fields in the Handshake layer, |
| kadonotakashi | 0:8fdf9a60065b | 3246 | * between the length field and the actual payload: |
| kadonotakashi | 0:8fdf9a60065b | 3247 | * uint16 message_seq; |
| kadonotakashi | 0:8fdf9a60065b | 3248 | * uint24 fragment_offset; |
| kadonotakashi | 0:8fdf9a60065b | 3249 | * uint24 fragment_length; |
| kadonotakashi | 0:8fdf9a60065b | 3250 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3251 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 3252 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 3253 | { |
| kadonotakashi | 0:8fdf9a60065b | 3254 | /* Make room for the additional DTLS fields */ |
| kadonotakashi | 0:8fdf9a60065b | 3255 | if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 ) |
| kadonotakashi | 0:8fdf9a60065b | 3256 | { |
| kadonotakashi | 0:8fdf9a60065b | 3257 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: " |
| kadonotakashi | 0:8fdf9a60065b | 3258 | "size %u, maximum %u", |
| kadonotakashi | 0:8fdf9a60065b | 3259 | (unsigned) ( hs_len ), |
| kadonotakashi | 0:8fdf9a60065b | 3260 | (unsigned) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3261 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 3262 | } |
| kadonotakashi | 0:8fdf9a60065b | 3263 | |
| kadonotakashi | 0:8fdf9a60065b | 3264 | memmove( ssl->out_msg + 12, ssl->out_msg + 4, hs_len ); |
| kadonotakashi | 0:8fdf9a60065b | 3265 | ssl->out_msglen += 8; |
| kadonotakashi | 0:8fdf9a60065b | 3266 | |
| kadonotakashi | 0:8fdf9a60065b | 3267 | /* Write message_seq and update it, except for HelloRequest */ |
| kadonotakashi | 0:8fdf9a60065b | 3268 | if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) |
| kadonotakashi | 0:8fdf9a60065b | 3269 | { |
| kadonotakashi | 0:8fdf9a60065b | 3270 | ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; |
| kadonotakashi | 0:8fdf9a60065b | 3271 | ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; |
| kadonotakashi | 0:8fdf9a60065b | 3272 | ++( ssl->handshake->out_msg_seq ); |
| kadonotakashi | 0:8fdf9a60065b | 3273 | } |
| kadonotakashi | 0:8fdf9a60065b | 3274 | else |
| kadonotakashi | 0:8fdf9a60065b | 3275 | { |
| kadonotakashi | 0:8fdf9a60065b | 3276 | ssl->out_msg[4] = 0; |
| kadonotakashi | 0:8fdf9a60065b | 3277 | ssl->out_msg[5] = 0; |
| kadonotakashi | 0:8fdf9a60065b | 3278 | } |
| kadonotakashi | 0:8fdf9a60065b | 3279 | |
| kadonotakashi | 0:8fdf9a60065b | 3280 | /* Handshake hashes are computed without fragmentation, |
| kadonotakashi | 0:8fdf9a60065b | 3281 | * so set frag_offset = 0 and frag_len = hs_len for now */ |
| kadonotakashi | 0:8fdf9a60065b | 3282 | memset( ssl->out_msg + 6, 0x00, 3 ); |
| kadonotakashi | 0:8fdf9a60065b | 3283 | memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 ); |
| kadonotakashi | 0:8fdf9a60065b | 3284 | } |
| kadonotakashi | 0:8fdf9a60065b | 3285 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 3286 | |
| kadonotakashi | 0:8fdf9a60065b | 3287 | /* Update running hashes of handshake messages seen */ |
| kadonotakashi | 0:8fdf9a60065b | 3288 | if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) |
| kadonotakashi | 0:8fdf9a60065b | 3289 | ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 3290 | } |
| kadonotakashi | 0:8fdf9a60065b | 3291 | |
| kadonotakashi | 0:8fdf9a60065b | 3292 | /* Either send now, or just save to be sent (and resent) later */ |
| kadonotakashi | 0:8fdf9a60065b | 3293 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 3294 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| kadonotakashi | 0:8fdf9a60065b | 3295 | ( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || |
| kadonotakashi | 0:8fdf9a60065b | 3296 | hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) ) |
| kadonotakashi | 0:8fdf9a60065b | 3297 | { |
| kadonotakashi | 0:8fdf9a60065b | 3298 | if( ( ret = ssl_flight_append( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3299 | { |
| kadonotakashi | 0:8fdf9a60065b | 3300 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3301 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3302 | } |
| kadonotakashi | 0:8fdf9a60065b | 3303 | } |
| kadonotakashi | 0:8fdf9a60065b | 3304 | else |
| kadonotakashi | 0:8fdf9a60065b | 3305 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 3306 | { |
| kadonotakashi | 0:8fdf9a60065b | 3307 | if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3308 | { |
| kadonotakashi | 0:8fdf9a60065b | 3309 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3310 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3311 | } |
| kadonotakashi | 0:8fdf9a60065b | 3312 | } |
| kadonotakashi | 0:8fdf9a60065b | 3313 | |
| kadonotakashi | 0:8fdf9a60065b | 3314 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write handshake message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3315 | |
| kadonotakashi | 0:8fdf9a60065b | 3316 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 3317 | } |
| kadonotakashi | 0:8fdf9a60065b | 3318 | |
| kadonotakashi | 0:8fdf9a60065b | 3319 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3320 | * Record layer functions |
| kadonotakashi | 0:8fdf9a60065b | 3321 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3322 | |
| kadonotakashi | 0:8fdf9a60065b | 3323 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3324 | * Write current record. |
| kadonotakashi | 0:8fdf9a60065b | 3325 | * |
| kadonotakashi | 0:8fdf9a60065b | 3326 | * Uses: |
| kadonotakashi | 0:8fdf9a60065b | 3327 | * - ssl->out_msgtype: type of the message (AppData, Handshake, Alert, CCS) |
| kadonotakashi | 0:8fdf9a60065b | 3328 | * - ssl->out_msglen: length of the record content (excl headers) |
| kadonotakashi | 0:8fdf9a60065b | 3329 | * - ssl->out_msg: record content |
| kadonotakashi | 0:8fdf9a60065b | 3330 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3331 | int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) |
| kadonotakashi | 0:8fdf9a60065b | 3332 | { |
| kadonotakashi | 0:8fdf9a60065b | 3333 | int ret, done = 0; |
| kadonotakashi | 0:8fdf9a60065b | 3334 | size_t len = ssl->out_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 3335 | uint8_t flush = force_flush; |
| kadonotakashi | 0:8fdf9a60065b | 3336 | |
| kadonotakashi | 0:8fdf9a60065b | 3337 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3338 | |
| kadonotakashi | 0:8fdf9a60065b | 3339 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| kadonotakashi | 0:8fdf9a60065b | 3340 | if( ssl->transform_out != NULL && |
| kadonotakashi | 0:8fdf9a60065b | 3341 | ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
| kadonotakashi | 0:8fdf9a60065b | 3342 | { |
| kadonotakashi | 0:8fdf9a60065b | 3343 | if( ( ret = ssl_compress_buf( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3344 | { |
| kadonotakashi | 0:8fdf9a60065b | 3345 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compress_buf", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3346 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3347 | } |
| kadonotakashi | 0:8fdf9a60065b | 3348 | |
| kadonotakashi | 0:8fdf9a60065b | 3349 | len = ssl->out_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 3350 | } |
| kadonotakashi | 0:8fdf9a60065b | 3351 | #endif /*MBEDTLS_ZLIB_SUPPORT */ |
| kadonotakashi | 0:8fdf9a60065b | 3352 | |
| kadonotakashi | 0:8fdf9a60065b | 3353 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| kadonotakashi | 0:8fdf9a60065b | 3354 | if( mbedtls_ssl_hw_record_write != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 3355 | { |
| kadonotakashi | 0:8fdf9a60065b | 3356 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_write()" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3357 | |
| kadonotakashi | 0:8fdf9a60065b | 3358 | ret = mbedtls_ssl_hw_record_write( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 3359 | if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) |
| kadonotakashi | 0:8fdf9a60065b | 3360 | { |
| kadonotakashi | 0:8fdf9a60065b | 3361 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_write", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3362 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 3363 | } |
| kadonotakashi | 0:8fdf9a60065b | 3364 | |
| kadonotakashi | 0:8fdf9a60065b | 3365 | if( ret == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3366 | done = 1; |
| kadonotakashi | 0:8fdf9a60065b | 3367 | } |
| kadonotakashi | 0:8fdf9a60065b | 3368 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
| kadonotakashi | 0:8fdf9a60065b | 3369 | if( !done ) |
| kadonotakashi | 0:8fdf9a60065b | 3370 | { |
| kadonotakashi | 0:8fdf9a60065b | 3371 | unsigned i; |
| kadonotakashi | 0:8fdf9a60065b | 3372 | size_t protected_record_size; |
| kadonotakashi | 0:8fdf9a60065b | 3373 | |
| kadonotakashi | 0:8fdf9a60065b | 3374 | ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; |
| kadonotakashi | 0:8fdf9a60065b | 3375 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
| kadonotakashi | 0:8fdf9a60065b | 3376 | ssl->conf->transport, ssl->out_hdr + 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 3377 | |
| kadonotakashi | 0:8fdf9a60065b | 3378 | memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 3379 | ssl->out_len[0] = (unsigned char)( len >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 3380 | ssl->out_len[1] = (unsigned char)( len ); |
| kadonotakashi | 0:8fdf9a60065b | 3381 | |
| kadonotakashi | 0:8fdf9a60065b | 3382 | if( ssl->transform_out != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 3383 | { |
| kadonotakashi | 0:8fdf9a60065b | 3384 | if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3385 | { |
| kadonotakashi | 0:8fdf9a60065b | 3386 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3387 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3388 | } |
| kadonotakashi | 0:8fdf9a60065b | 3389 | |
| kadonotakashi | 0:8fdf9a60065b | 3390 | len = ssl->out_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 3391 | ssl->out_len[0] = (unsigned char)( len >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 3392 | ssl->out_len[1] = (unsigned char)( len ); |
| kadonotakashi | 0:8fdf9a60065b | 3393 | } |
| kadonotakashi | 0:8fdf9a60065b | 3394 | |
| kadonotakashi | 0:8fdf9a60065b | 3395 | protected_record_size = len + mbedtls_ssl_hdr_len( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 3396 | |
| kadonotakashi | 0:8fdf9a60065b | 3397 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 3398 | /* In case of DTLS, double-check that we don't exceed |
| kadonotakashi | 0:8fdf9a60065b | 3399 | * the remaining space in the datagram. */ |
| kadonotakashi | 0:8fdf9a60065b | 3400 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 3401 | { |
| kadonotakashi | 0:8fdf9a60065b | 3402 | ret = ssl_get_remaining_space_in_datagram( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 3403 | if( ret < 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3404 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3405 | |
| kadonotakashi | 0:8fdf9a60065b | 3406 | if( protected_record_size > (size_t) ret ) |
| kadonotakashi | 0:8fdf9a60065b | 3407 | { |
| kadonotakashi | 0:8fdf9a60065b | 3408 | /* Should never happen */ |
| kadonotakashi | 0:8fdf9a60065b | 3409 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 3410 | } |
| kadonotakashi | 0:8fdf9a60065b | 3411 | } |
| kadonotakashi | 0:8fdf9a60065b | 3412 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 3413 | |
| kadonotakashi | 0:8fdf9a60065b | 3414 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, " |
| kadonotakashi | 0:8fdf9a60065b | 3415 | "version = [%d:%d], msglen = %d", |
| kadonotakashi | 0:8fdf9a60065b | 3416 | ssl->out_hdr[0], ssl->out_hdr[1], |
| kadonotakashi | 0:8fdf9a60065b | 3417 | ssl->out_hdr[2], len ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3418 | |
| kadonotakashi | 0:8fdf9a60065b | 3419 | MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network", |
| kadonotakashi | 0:8fdf9a60065b | 3420 | ssl->out_hdr, protected_record_size ); |
| kadonotakashi | 0:8fdf9a60065b | 3421 | |
| kadonotakashi | 0:8fdf9a60065b | 3422 | ssl->out_left += protected_record_size; |
| kadonotakashi | 0:8fdf9a60065b | 3423 | ssl->out_hdr += protected_record_size; |
| kadonotakashi | 0:8fdf9a60065b | 3424 | ssl_update_out_pointers( ssl, ssl->transform_out ); |
| kadonotakashi | 0:8fdf9a60065b | 3425 | |
| kadonotakashi | 0:8fdf9a60065b | 3426 | for( i = 8; i > ssl_ep_len( ssl ); i-- ) |
| kadonotakashi | 0:8fdf9a60065b | 3427 | if( ++ssl->cur_out_ctr[i - 1] != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3428 | break; |
| kadonotakashi | 0:8fdf9a60065b | 3429 | |
| kadonotakashi | 0:8fdf9a60065b | 3430 | /* The loop goes to its end iff the counter is wrapping */ |
| kadonotakashi | 0:8fdf9a60065b | 3431 | if( i == ssl_ep_len( ssl ) ) |
| kadonotakashi | 0:8fdf9a60065b | 3432 | { |
| kadonotakashi | 0:8fdf9a60065b | 3433 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3434 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
| kadonotakashi | 0:8fdf9a60065b | 3435 | } |
| kadonotakashi | 0:8fdf9a60065b | 3436 | } |
| kadonotakashi | 0:8fdf9a60065b | 3437 | |
| kadonotakashi | 0:8fdf9a60065b | 3438 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 3439 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| kadonotakashi | 0:8fdf9a60065b | 3440 | flush == SSL_DONT_FORCE_FLUSH ) |
| kadonotakashi | 0:8fdf9a60065b | 3441 | { |
| kadonotakashi | 0:8fdf9a60065b | 3442 | size_t remaining; |
| kadonotakashi | 0:8fdf9a60065b | 3443 | ret = ssl_get_remaining_payload_in_datagram( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 3444 | if( ret < 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3445 | { |
| kadonotakashi | 0:8fdf9a60065b | 3446 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_remaining_payload_in_datagram", |
| kadonotakashi | 0:8fdf9a60065b | 3447 | ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3448 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3449 | } |
| kadonotakashi | 0:8fdf9a60065b | 3450 | |
| kadonotakashi | 0:8fdf9a60065b | 3451 | remaining = (size_t) ret; |
| kadonotakashi | 0:8fdf9a60065b | 3452 | if( remaining == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3453 | { |
| kadonotakashi | 0:8fdf9a60065b | 3454 | flush = SSL_FORCE_FLUSH; |
| kadonotakashi | 0:8fdf9a60065b | 3455 | } |
| kadonotakashi | 0:8fdf9a60065b | 3456 | else |
| kadonotakashi | 0:8fdf9a60065b | 3457 | { |
| kadonotakashi | 0:8fdf9a60065b | 3458 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Still %u bytes available in current datagram", (unsigned) remaining ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3459 | } |
| kadonotakashi | 0:8fdf9a60065b | 3460 | } |
| kadonotakashi | 0:8fdf9a60065b | 3461 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 3462 | |
| kadonotakashi | 0:8fdf9a60065b | 3463 | if( ( flush == SSL_FORCE_FLUSH ) && |
| kadonotakashi | 0:8fdf9a60065b | 3464 | ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3465 | { |
| kadonotakashi | 0:8fdf9a60065b | 3466 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3467 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3468 | } |
| kadonotakashi | 0:8fdf9a60065b | 3469 | |
| kadonotakashi | 0:8fdf9a60065b | 3470 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3471 | |
| kadonotakashi | 0:8fdf9a60065b | 3472 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 3473 | } |
| kadonotakashi | 0:8fdf9a60065b | 3474 | |
| kadonotakashi | 0:8fdf9a60065b | 3475 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 3476 | |
| kadonotakashi | 0:8fdf9a60065b | 3477 | static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3478 | { |
| kadonotakashi | 0:8fdf9a60065b | 3479 | if( ssl->in_msglen < ssl->in_hslen || |
| kadonotakashi | 0:8fdf9a60065b | 3480 | memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 || |
| kadonotakashi | 0:8fdf9a60065b | 3481 | memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3482 | { |
| kadonotakashi | 0:8fdf9a60065b | 3483 | return( 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 3484 | } |
| kadonotakashi | 0:8fdf9a60065b | 3485 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 3486 | } |
| kadonotakashi | 0:8fdf9a60065b | 3487 | |
| kadonotakashi | 0:8fdf9a60065b | 3488 | static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3489 | { |
| kadonotakashi | 0:8fdf9a60065b | 3490 | return( ( ssl->in_msg[9] << 16 ) | |
| kadonotakashi | 0:8fdf9a60065b | 3491 | ( ssl->in_msg[10] << 8 ) | |
| kadonotakashi | 0:8fdf9a60065b | 3492 | ssl->in_msg[11] ); |
| kadonotakashi | 0:8fdf9a60065b | 3493 | } |
| kadonotakashi | 0:8fdf9a60065b | 3494 | |
| kadonotakashi | 0:8fdf9a60065b | 3495 | static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3496 | { |
| kadonotakashi | 0:8fdf9a60065b | 3497 | return( ( ssl->in_msg[6] << 16 ) | |
| kadonotakashi | 0:8fdf9a60065b | 3498 | ( ssl->in_msg[7] << 8 ) | |
| kadonotakashi | 0:8fdf9a60065b | 3499 | ssl->in_msg[8] ); |
| kadonotakashi | 0:8fdf9a60065b | 3500 | } |
| kadonotakashi | 0:8fdf9a60065b | 3501 | |
| kadonotakashi | 0:8fdf9a60065b | 3502 | static int ssl_check_hs_header( mbedtls_ssl_context const *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3503 | { |
| kadonotakashi | 0:8fdf9a60065b | 3504 | uint32_t msg_len, frag_off, frag_len; |
| kadonotakashi | 0:8fdf9a60065b | 3505 | |
| kadonotakashi | 0:8fdf9a60065b | 3506 | msg_len = ssl_get_hs_total_len( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 3507 | frag_off = ssl_get_hs_frag_off( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 3508 | frag_len = ssl_get_hs_frag_len( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 3509 | |
| kadonotakashi | 0:8fdf9a60065b | 3510 | if( frag_off > msg_len ) |
| kadonotakashi | 0:8fdf9a60065b | 3511 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 3512 | |
| kadonotakashi | 0:8fdf9a60065b | 3513 | if( frag_len > msg_len - frag_off ) |
| kadonotakashi | 0:8fdf9a60065b | 3514 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 3515 | |
| kadonotakashi | 0:8fdf9a60065b | 3516 | if( frag_len + 12 > ssl->in_msglen ) |
| kadonotakashi | 0:8fdf9a60065b | 3517 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 3518 | |
| kadonotakashi | 0:8fdf9a60065b | 3519 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 3520 | } |
| kadonotakashi | 0:8fdf9a60065b | 3521 | |
| kadonotakashi | 0:8fdf9a60065b | 3522 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3523 | * Mark bits in bitmask (used for DTLS HS reassembly) |
| kadonotakashi | 0:8fdf9a60065b | 3524 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3525 | static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len ) |
| kadonotakashi | 0:8fdf9a60065b | 3526 | { |
| kadonotakashi | 0:8fdf9a60065b | 3527 | unsigned int start_bits, end_bits; |
| kadonotakashi | 0:8fdf9a60065b | 3528 | |
| kadonotakashi | 0:8fdf9a60065b | 3529 | start_bits = 8 - ( offset % 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 3530 | if( start_bits != 8 ) |
| kadonotakashi | 0:8fdf9a60065b | 3531 | { |
| kadonotakashi | 0:8fdf9a60065b | 3532 | size_t first_byte_idx = offset / 8; |
| kadonotakashi | 0:8fdf9a60065b | 3533 | |
| kadonotakashi | 0:8fdf9a60065b | 3534 | /* Special case */ |
| kadonotakashi | 0:8fdf9a60065b | 3535 | if( len <= start_bits ) |
| kadonotakashi | 0:8fdf9a60065b | 3536 | { |
| kadonotakashi | 0:8fdf9a60065b | 3537 | for( ; len != 0; len-- ) |
| kadonotakashi | 0:8fdf9a60065b | 3538 | mask[first_byte_idx] |= 1 << ( start_bits - len ); |
| kadonotakashi | 0:8fdf9a60065b | 3539 | |
| kadonotakashi | 0:8fdf9a60065b | 3540 | /* Avoid potential issues with offset or len becoming invalid */ |
| kadonotakashi | 0:8fdf9a60065b | 3541 | return; |
| kadonotakashi | 0:8fdf9a60065b | 3542 | } |
| kadonotakashi | 0:8fdf9a60065b | 3543 | |
| kadonotakashi | 0:8fdf9a60065b | 3544 | offset += start_bits; /* Now offset % 8 == 0 */ |
| kadonotakashi | 0:8fdf9a60065b | 3545 | len -= start_bits; |
| kadonotakashi | 0:8fdf9a60065b | 3546 | |
| kadonotakashi | 0:8fdf9a60065b | 3547 | for( ; start_bits != 0; start_bits-- ) |
| kadonotakashi | 0:8fdf9a60065b | 3548 | mask[first_byte_idx] |= 1 << ( start_bits - 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 3549 | } |
| kadonotakashi | 0:8fdf9a60065b | 3550 | |
| kadonotakashi | 0:8fdf9a60065b | 3551 | end_bits = len % 8; |
| kadonotakashi | 0:8fdf9a60065b | 3552 | if( end_bits != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3553 | { |
| kadonotakashi | 0:8fdf9a60065b | 3554 | size_t last_byte_idx = ( offset + len ) / 8; |
| kadonotakashi | 0:8fdf9a60065b | 3555 | |
| kadonotakashi | 0:8fdf9a60065b | 3556 | len -= end_bits; /* Now len % 8 == 0 */ |
| kadonotakashi | 0:8fdf9a60065b | 3557 | |
| kadonotakashi | 0:8fdf9a60065b | 3558 | for( ; end_bits != 0; end_bits-- ) |
| kadonotakashi | 0:8fdf9a60065b | 3559 | mask[last_byte_idx] |= 1 << ( 8 - end_bits ); |
| kadonotakashi | 0:8fdf9a60065b | 3560 | } |
| kadonotakashi | 0:8fdf9a60065b | 3561 | |
| kadonotakashi | 0:8fdf9a60065b | 3562 | memset( mask + offset / 8, 0xFF, len / 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 3563 | } |
| kadonotakashi | 0:8fdf9a60065b | 3564 | |
| kadonotakashi | 0:8fdf9a60065b | 3565 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3566 | * Check that bitmask is full |
| kadonotakashi | 0:8fdf9a60065b | 3567 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3568 | static int ssl_bitmask_check( unsigned char *mask, size_t len ) |
| kadonotakashi | 0:8fdf9a60065b | 3569 | { |
| kadonotakashi | 0:8fdf9a60065b | 3570 | size_t i; |
| kadonotakashi | 0:8fdf9a60065b | 3571 | |
| kadonotakashi | 0:8fdf9a60065b | 3572 | for( i = 0; i < len / 8; i++ ) |
| kadonotakashi | 0:8fdf9a60065b | 3573 | if( mask[i] != 0xFF ) |
| kadonotakashi | 0:8fdf9a60065b | 3574 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 3575 | |
| kadonotakashi | 0:8fdf9a60065b | 3576 | for( i = 0; i < len % 8; i++ ) |
| kadonotakashi | 0:8fdf9a60065b | 3577 | if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3578 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 3579 | |
| kadonotakashi | 0:8fdf9a60065b | 3580 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 3581 | } |
| kadonotakashi | 0:8fdf9a60065b | 3582 | |
| kadonotakashi | 0:8fdf9a60065b | 3583 | /* msg_len does not include the handshake header */ |
| kadonotakashi | 0:8fdf9a60065b | 3584 | static size_t ssl_get_reassembly_buffer_size( size_t msg_len, |
| kadonotakashi | 0:8fdf9a60065b | 3585 | unsigned add_bitmap ) |
| kadonotakashi | 0:8fdf9a60065b | 3586 | { |
| kadonotakashi | 0:8fdf9a60065b | 3587 | size_t alloc_len; |
| kadonotakashi | 0:8fdf9a60065b | 3588 | |
| kadonotakashi | 0:8fdf9a60065b | 3589 | alloc_len = 12; /* Handshake header */ |
| kadonotakashi | 0:8fdf9a60065b | 3590 | alloc_len += msg_len; /* Content buffer */ |
| kadonotakashi | 0:8fdf9a60065b | 3591 | |
| kadonotakashi | 0:8fdf9a60065b | 3592 | if( add_bitmap ) |
| kadonotakashi | 0:8fdf9a60065b | 3593 | alloc_len += msg_len / 8 + ( msg_len % 8 != 0 ); /* Bitmap */ |
| kadonotakashi | 0:8fdf9a60065b | 3594 | |
| kadonotakashi | 0:8fdf9a60065b | 3595 | return( alloc_len ); |
| kadonotakashi | 0:8fdf9a60065b | 3596 | } |
| kadonotakashi | 0:8fdf9a60065b | 3597 | |
| kadonotakashi | 0:8fdf9a60065b | 3598 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 3599 | |
| kadonotakashi | 0:8fdf9a60065b | 3600 | static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3601 | { |
| kadonotakashi | 0:8fdf9a60065b | 3602 | return( ( ssl->in_msg[1] << 16 ) | |
| kadonotakashi | 0:8fdf9a60065b | 3603 | ( ssl->in_msg[2] << 8 ) | |
| kadonotakashi | 0:8fdf9a60065b | 3604 | ssl->in_msg[3] ); |
| kadonotakashi | 0:8fdf9a60065b | 3605 | } |
| kadonotakashi | 0:8fdf9a60065b | 3606 | |
| kadonotakashi | 0:8fdf9a60065b | 3607 | int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3608 | { |
| kadonotakashi | 0:8fdf9a60065b | 3609 | if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) ) |
| kadonotakashi | 0:8fdf9a60065b | 3610 | { |
| kadonotakashi | 0:8fdf9a60065b | 3611 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d", |
| kadonotakashi | 0:8fdf9a60065b | 3612 | ssl->in_msglen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3613 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 3614 | } |
| kadonotakashi | 0:8fdf9a60065b | 3615 | |
| kadonotakashi | 0:8fdf9a60065b | 3616 | ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 3617 | |
| kadonotakashi | 0:8fdf9a60065b | 3618 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" |
| kadonotakashi | 0:8fdf9a60065b | 3619 | " %d, type = %d, hslen = %d", |
| kadonotakashi | 0:8fdf9a60065b | 3620 | ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3621 | |
| kadonotakashi | 0:8fdf9a60065b | 3622 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 3623 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 3624 | { |
| kadonotakashi | 0:8fdf9a60065b | 3625 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 3626 | unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; |
| kadonotakashi | 0:8fdf9a60065b | 3627 | |
| kadonotakashi | 0:8fdf9a60065b | 3628 | if( ssl_check_hs_header( ssl ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3629 | { |
| kadonotakashi | 0:8fdf9a60065b | 3630 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid handshake header" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3631 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 3632 | } |
| kadonotakashi | 0:8fdf9a60065b | 3633 | |
| kadonotakashi | 0:8fdf9a60065b | 3634 | if( ssl->handshake != NULL && |
| kadonotakashi | 0:8fdf9a60065b | 3635 | ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && |
| kadonotakashi | 0:8fdf9a60065b | 3636 | recv_msg_seq != ssl->handshake->in_msg_seq ) || |
| kadonotakashi | 0:8fdf9a60065b | 3637 | ( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && |
| kadonotakashi | 0:8fdf9a60065b | 3638 | ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) ) |
| kadonotakashi | 0:8fdf9a60065b | 3639 | { |
| kadonotakashi | 0:8fdf9a60065b | 3640 | if( recv_msg_seq > ssl->handshake->in_msg_seq ) |
| kadonotakashi | 0:8fdf9a60065b | 3641 | { |
| kadonotakashi | 0:8fdf9a60065b | 3642 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "received future handshake message of sequence number %u (next %u)", |
| kadonotakashi | 0:8fdf9a60065b | 3643 | recv_msg_seq, |
| kadonotakashi | 0:8fdf9a60065b | 3644 | ssl->handshake->in_msg_seq ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3645 | return( MBEDTLS_ERR_SSL_EARLY_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 3646 | } |
| kadonotakashi | 0:8fdf9a60065b | 3647 | |
| kadonotakashi | 0:8fdf9a60065b | 3648 | /* Retransmit only on last message from previous flight, to avoid |
| kadonotakashi | 0:8fdf9a60065b | 3649 | * too many retransmissions. |
| kadonotakashi | 0:8fdf9a60065b | 3650 | * Besides, No sane server ever retransmits HelloVerifyRequest */ |
| kadonotakashi | 0:8fdf9a60065b | 3651 | if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 && |
| kadonotakashi | 0:8fdf9a60065b | 3652 | ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST ) |
| kadonotakashi | 0:8fdf9a60065b | 3653 | { |
| kadonotakashi | 0:8fdf9a60065b | 3654 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, " |
| kadonotakashi | 0:8fdf9a60065b | 3655 | "message_seq = %d, start_of_flight = %d", |
| kadonotakashi | 0:8fdf9a60065b | 3656 | recv_msg_seq, |
| kadonotakashi | 0:8fdf9a60065b | 3657 | ssl->handshake->in_flight_start_seq ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3658 | |
| kadonotakashi | 0:8fdf9a60065b | 3659 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3660 | { |
| kadonotakashi | 0:8fdf9a60065b | 3661 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3662 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3663 | } |
| kadonotakashi | 0:8fdf9a60065b | 3664 | } |
| kadonotakashi | 0:8fdf9a60065b | 3665 | else |
| kadonotakashi | 0:8fdf9a60065b | 3666 | { |
| kadonotakashi | 0:8fdf9a60065b | 3667 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: " |
| kadonotakashi | 0:8fdf9a60065b | 3668 | "message_seq = %d, expected = %d", |
| kadonotakashi | 0:8fdf9a60065b | 3669 | recv_msg_seq, |
| kadonotakashi | 0:8fdf9a60065b | 3670 | ssl->handshake->in_msg_seq ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3671 | } |
| kadonotakashi | 0:8fdf9a60065b | 3672 | |
| kadonotakashi | 0:8fdf9a60065b | 3673 | return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); |
| kadonotakashi | 0:8fdf9a60065b | 3674 | } |
| kadonotakashi | 0:8fdf9a60065b | 3675 | /* Wait until message completion to increment in_msg_seq */ |
| kadonotakashi | 0:8fdf9a60065b | 3676 | |
| kadonotakashi | 0:8fdf9a60065b | 3677 | /* Message reassembly is handled alongside buffering of future |
| kadonotakashi | 0:8fdf9a60065b | 3678 | * messages; the commonality is that both handshake fragments and |
| kadonotakashi | 0:8fdf9a60065b | 3679 | * future messages cannot be forwarded immediately to the |
| kadonotakashi | 0:8fdf9a60065b | 3680 | * handshake logic layer. */ |
| kadonotakashi | 0:8fdf9a60065b | 3681 | if( ssl_hs_is_proper_fragment( ssl ) == 1 ) |
| kadonotakashi | 0:8fdf9a60065b | 3682 | { |
| kadonotakashi | 0:8fdf9a60065b | 3683 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3684 | return( MBEDTLS_ERR_SSL_EARLY_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 3685 | } |
| kadonotakashi | 0:8fdf9a60065b | 3686 | } |
| kadonotakashi | 0:8fdf9a60065b | 3687 | else |
| kadonotakashi | 0:8fdf9a60065b | 3688 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 3689 | /* With TLS we don't handle fragmentation (for now) */ |
| kadonotakashi | 0:8fdf9a60065b | 3690 | if( ssl->in_msglen < ssl->in_hslen ) |
| kadonotakashi | 0:8fdf9a60065b | 3691 | { |
| kadonotakashi | 0:8fdf9a60065b | 3692 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3693 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
| kadonotakashi | 0:8fdf9a60065b | 3694 | } |
| kadonotakashi | 0:8fdf9a60065b | 3695 | |
| kadonotakashi | 0:8fdf9a60065b | 3696 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 3697 | } |
| kadonotakashi | 0:8fdf9a60065b | 3698 | |
| kadonotakashi | 0:8fdf9a60065b | 3699 | void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3700 | { |
| kadonotakashi | 0:8fdf9a60065b | 3701 | mbedtls_ssl_handshake_params * const hs = ssl->handshake; |
| kadonotakashi | 0:8fdf9a60065b | 3702 | |
| kadonotakashi | 0:8fdf9a60065b | 3703 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 3704 | { |
| kadonotakashi | 0:8fdf9a60065b | 3705 | ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); |
| kadonotakashi | 0:8fdf9a60065b | 3706 | } |
| kadonotakashi | 0:8fdf9a60065b | 3707 | |
| kadonotakashi | 0:8fdf9a60065b | 3708 | /* Handshake message is complete, increment counter */ |
| kadonotakashi | 0:8fdf9a60065b | 3709 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 3710 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| kadonotakashi | 0:8fdf9a60065b | 3711 | ssl->handshake != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 3712 | { |
| kadonotakashi | 0:8fdf9a60065b | 3713 | unsigned offset; |
| kadonotakashi | 0:8fdf9a60065b | 3714 | mbedtls_ssl_hs_buffer *hs_buf; |
| kadonotakashi | 0:8fdf9a60065b | 3715 | |
| kadonotakashi | 0:8fdf9a60065b | 3716 | /* Increment handshake sequence number */ |
| kadonotakashi | 0:8fdf9a60065b | 3717 | hs->in_msg_seq++; |
| kadonotakashi | 0:8fdf9a60065b | 3718 | |
| kadonotakashi | 0:8fdf9a60065b | 3719 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3720 | * Clear up handshake buffering and reassembly structure. |
| kadonotakashi | 0:8fdf9a60065b | 3721 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3722 | |
| kadonotakashi | 0:8fdf9a60065b | 3723 | /* Free first entry */ |
| kadonotakashi | 0:8fdf9a60065b | 3724 | ssl_buffering_free_slot( ssl, 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 3725 | |
| kadonotakashi | 0:8fdf9a60065b | 3726 | /* Shift all other entries */ |
| kadonotakashi | 0:8fdf9a60065b | 3727 | for( offset = 0, hs_buf = &hs->buffering.hs[0]; |
| kadonotakashi | 0:8fdf9a60065b | 3728 | offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS; |
| kadonotakashi | 0:8fdf9a60065b | 3729 | offset++, hs_buf++ ) |
| kadonotakashi | 0:8fdf9a60065b | 3730 | { |
| kadonotakashi | 0:8fdf9a60065b | 3731 | *hs_buf = *(hs_buf + 1); |
| kadonotakashi | 0:8fdf9a60065b | 3732 | } |
| kadonotakashi | 0:8fdf9a60065b | 3733 | |
| kadonotakashi | 0:8fdf9a60065b | 3734 | /* Create a fresh last entry */ |
| kadonotakashi | 0:8fdf9a60065b | 3735 | memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3736 | } |
| kadonotakashi | 0:8fdf9a60065b | 3737 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 3738 | } |
| kadonotakashi | 0:8fdf9a60065b | 3739 | |
| kadonotakashi | 0:8fdf9a60065b | 3740 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3741 | * DTLS anti-replay: RFC 6347 4.1.2.6 |
| kadonotakashi | 0:8fdf9a60065b | 3742 | * |
| kadonotakashi | 0:8fdf9a60065b | 3743 | * in_window is a field of bits numbered from 0 (lsb) to 63 (msb). |
| kadonotakashi | 0:8fdf9a60065b | 3744 | * Bit n is set iff record number in_window_top - n has been seen. |
| kadonotakashi | 0:8fdf9a60065b | 3745 | * |
| kadonotakashi | 0:8fdf9a60065b | 3746 | * Usually, in_window_top is the last record number seen and the lsb of |
| kadonotakashi | 0:8fdf9a60065b | 3747 | * in_window is set. The only exception is the initial state (record number 0 |
| kadonotakashi | 0:8fdf9a60065b | 3748 | * not seen yet). |
| kadonotakashi | 0:8fdf9a60065b | 3749 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3750 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| kadonotakashi | 0:8fdf9a60065b | 3751 | static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3752 | { |
| kadonotakashi | 0:8fdf9a60065b | 3753 | ssl->in_window_top = 0; |
| kadonotakashi | 0:8fdf9a60065b | 3754 | ssl->in_window = 0; |
| kadonotakashi | 0:8fdf9a60065b | 3755 | } |
| kadonotakashi | 0:8fdf9a60065b | 3756 | |
| kadonotakashi | 0:8fdf9a60065b | 3757 | static inline uint64_t ssl_load_six_bytes( unsigned char *buf ) |
| kadonotakashi | 0:8fdf9a60065b | 3758 | { |
| kadonotakashi | 0:8fdf9a60065b | 3759 | return( ( (uint64_t) buf[0] << 40 ) | |
| kadonotakashi | 0:8fdf9a60065b | 3760 | ( (uint64_t) buf[1] << 32 ) | |
| kadonotakashi | 0:8fdf9a60065b | 3761 | ( (uint64_t) buf[2] << 24 ) | |
| kadonotakashi | 0:8fdf9a60065b | 3762 | ( (uint64_t) buf[3] << 16 ) | |
| kadonotakashi | 0:8fdf9a60065b | 3763 | ( (uint64_t) buf[4] << 8 ) | |
| kadonotakashi | 0:8fdf9a60065b | 3764 | ( (uint64_t) buf[5] ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3765 | } |
| kadonotakashi | 0:8fdf9a60065b | 3766 | |
| kadonotakashi | 0:8fdf9a60065b | 3767 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3768 | * Return 0 if sequence number is acceptable, -1 otherwise |
| kadonotakashi | 0:8fdf9a60065b | 3769 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3770 | int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3771 | { |
| kadonotakashi | 0:8fdf9a60065b | 3772 | uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); |
| kadonotakashi | 0:8fdf9a60065b | 3773 | uint64_t bit; |
| kadonotakashi | 0:8fdf9a60065b | 3774 | |
| kadonotakashi | 0:8fdf9a60065b | 3775 | if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) |
| kadonotakashi | 0:8fdf9a60065b | 3776 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 3777 | |
| kadonotakashi | 0:8fdf9a60065b | 3778 | if( rec_seqnum > ssl->in_window_top ) |
| kadonotakashi | 0:8fdf9a60065b | 3779 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 3780 | |
| kadonotakashi | 0:8fdf9a60065b | 3781 | bit = ssl->in_window_top - rec_seqnum; |
| kadonotakashi | 0:8fdf9a60065b | 3782 | |
| kadonotakashi | 0:8fdf9a60065b | 3783 | if( bit >= 64 ) |
| kadonotakashi | 0:8fdf9a60065b | 3784 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 3785 | |
| kadonotakashi | 0:8fdf9a60065b | 3786 | if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3787 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 3788 | |
| kadonotakashi | 0:8fdf9a60065b | 3789 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 3790 | } |
| kadonotakashi | 0:8fdf9a60065b | 3791 | |
| kadonotakashi | 0:8fdf9a60065b | 3792 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3793 | * Update replay window on new validated record |
| kadonotakashi | 0:8fdf9a60065b | 3794 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3795 | void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3796 | { |
| kadonotakashi | 0:8fdf9a60065b | 3797 | uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); |
| kadonotakashi | 0:8fdf9a60065b | 3798 | |
| kadonotakashi | 0:8fdf9a60065b | 3799 | if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) |
| kadonotakashi | 0:8fdf9a60065b | 3800 | return; |
| kadonotakashi | 0:8fdf9a60065b | 3801 | |
| kadonotakashi | 0:8fdf9a60065b | 3802 | if( rec_seqnum > ssl->in_window_top ) |
| kadonotakashi | 0:8fdf9a60065b | 3803 | { |
| kadonotakashi | 0:8fdf9a60065b | 3804 | /* Update window_top and the contents of the window */ |
| kadonotakashi | 0:8fdf9a60065b | 3805 | uint64_t shift = rec_seqnum - ssl->in_window_top; |
| kadonotakashi | 0:8fdf9a60065b | 3806 | |
| kadonotakashi | 0:8fdf9a60065b | 3807 | if( shift >= 64 ) |
| kadonotakashi | 0:8fdf9a60065b | 3808 | ssl->in_window = 1; |
| kadonotakashi | 0:8fdf9a60065b | 3809 | else |
| kadonotakashi | 0:8fdf9a60065b | 3810 | { |
| kadonotakashi | 0:8fdf9a60065b | 3811 | ssl->in_window <<= shift; |
| kadonotakashi | 0:8fdf9a60065b | 3812 | ssl->in_window |= 1; |
| kadonotakashi | 0:8fdf9a60065b | 3813 | } |
| kadonotakashi | 0:8fdf9a60065b | 3814 | |
| kadonotakashi | 0:8fdf9a60065b | 3815 | ssl->in_window_top = rec_seqnum; |
| kadonotakashi | 0:8fdf9a60065b | 3816 | } |
| kadonotakashi | 0:8fdf9a60065b | 3817 | else |
| kadonotakashi | 0:8fdf9a60065b | 3818 | { |
| kadonotakashi | 0:8fdf9a60065b | 3819 | /* Mark that number as seen in the current window */ |
| kadonotakashi | 0:8fdf9a60065b | 3820 | uint64_t bit = ssl->in_window_top - rec_seqnum; |
| kadonotakashi | 0:8fdf9a60065b | 3821 | |
| kadonotakashi | 0:8fdf9a60065b | 3822 | if( bit < 64 ) /* Always true, but be extra sure */ |
| kadonotakashi | 0:8fdf9a60065b | 3823 | ssl->in_window |= (uint64_t) 1 << bit; |
| kadonotakashi | 0:8fdf9a60065b | 3824 | } |
| kadonotakashi | 0:8fdf9a60065b | 3825 | } |
| kadonotakashi | 0:8fdf9a60065b | 3826 | #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ |
| kadonotakashi | 0:8fdf9a60065b | 3827 | |
| kadonotakashi | 0:8fdf9a60065b | 3828 | #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 3829 | /* Forward declaration */ |
| kadonotakashi | 0:8fdf9a60065b | 3830 | static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ); |
| kadonotakashi | 0:8fdf9a60065b | 3831 | |
| kadonotakashi | 0:8fdf9a60065b | 3832 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3833 | * Without any SSL context, check if a datagram looks like a ClientHello with |
| kadonotakashi | 0:8fdf9a60065b | 3834 | * a valid cookie, and if it doesn't, generate a HelloVerifyRequest message. |
| kadonotakashi | 0:8fdf9a60065b | 3835 | * Both input and output include full DTLS headers. |
| kadonotakashi | 0:8fdf9a60065b | 3836 | * |
| kadonotakashi | 0:8fdf9a60065b | 3837 | * - if cookie is valid, return 0 |
| kadonotakashi | 0:8fdf9a60065b | 3838 | * - if ClientHello looks superficially valid but cookie is not, |
| kadonotakashi | 0:8fdf9a60065b | 3839 | * fill obuf and set olen, then |
| kadonotakashi | 0:8fdf9a60065b | 3840 | * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED |
| kadonotakashi | 0:8fdf9a60065b | 3841 | * - otherwise return a specific error code |
| kadonotakashi | 0:8fdf9a60065b | 3842 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3843 | static int ssl_check_dtls_clihlo_cookie( |
| kadonotakashi | 0:8fdf9a60065b | 3844 | mbedtls_ssl_cookie_write_t *f_cookie_write, |
| kadonotakashi | 0:8fdf9a60065b | 3845 | mbedtls_ssl_cookie_check_t *f_cookie_check, |
| kadonotakashi | 0:8fdf9a60065b | 3846 | void *p_cookie, |
| kadonotakashi | 0:8fdf9a60065b | 3847 | const unsigned char *cli_id, size_t cli_id_len, |
| kadonotakashi | 0:8fdf9a60065b | 3848 | const unsigned char *in, size_t in_len, |
| kadonotakashi | 0:8fdf9a60065b | 3849 | unsigned char *obuf, size_t buf_len, size_t *olen ) |
| kadonotakashi | 0:8fdf9a60065b | 3850 | { |
| kadonotakashi | 0:8fdf9a60065b | 3851 | size_t sid_len, cookie_len; |
| kadonotakashi | 0:8fdf9a60065b | 3852 | unsigned char *p; |
| kadonotakashi | 0:8fdf9a60065b | 3853 | |
| kadonotakashi | 0:8fdf9a60065b | 3854 | if( f_cookie_write == NULL || f_cookie_check == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 3855 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 3856 | |
| kadonotakashi | 0:8fdf9a60065b | 3857 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3858 | * Structure of ClientHello with record and handshake headers, |
| kadonotakashi | 0:8fdf9a60065b | 3859 | * and expected values. We don't need to check a lot, more checks will be |
| kadonotakashi | 0:8fdf9a60065b | 3860 | * done when actually parsing the ClientHello - skipping those checks |
| kadonotakashi | 0:8fdf9a60065b | 3861 | * avoids code duplication and does not make cookie forging any easier. |
| kadonotakashi | 0:8fdf9a60065b | 3862 | * |
| kadonotakashi | 0:8fdf9a60065b | 3863 | * 0-0 ContentType type; copied, must be handshake |
| kadonotakashi | 0:8fdf9a60065b | 3864 | * 1-2 ProtocolVersion version; copied |
| kadonotakashi | 0:8fdf9a60065b | 3865 | * 3-4 uint16 epoch; copied, must be 0 |
| kadonotakashi | 0:8fdf9a60065b | 3866 | * 5-10 uint48 sequence_number; copied |
| kadonotakashi | 0:8fdf9a60065b | 3867 | * 11-12 uint16 length; (ignored) |
| kadonotakashi | 0:8fdf9a60065b | 3868 | * |
| kadonotakashi | 0:8fdf9a60065b | 3869 | * 13-13 HandshakeType msg_type; (ignored) |
| kadonotakashi | 0:8fdf9a60065b | 3870 | * 14-16 uint24 length; (ignored) |
| kadonotakashi | 0:8fdf9a60065b | 3871 | * 17-18 uint16 message_seq; copied |
| kadonotakashi | 0:8fdf9a60065b | 3872 | * 19-21 uint24 fragment_offset; copied, must be 0 |
| kadonotakashi | 0:8fdf9a60065b | 3873 | * 22-24 uint24 fragment_length; (ignored) |
| kadonotakashi | 0:8fdf9a60065b | 3874 | * |
| kadonotakashi | 0:8fdf9a60065b | 3875 | * 25-26 ProtocolVersion client_version; (ignored) |
| kadonotakashi | 0:8fdf9a60065b | 3876 | * 27-58 Random random; (ignored) |
| kadonotakashi | 0:8fdf9a60065b | 3877 | * 59-xx SessionID session_id; 1 byte len + sid_len content |
| kadonotakashi | 0:8fdf9a60065b | 3878 | * 60+ opaque cookie<0..2^8-1>; 1 byte len + content |
| kadonotakashi | 0:8fdf9a60065b | 3879 | * ... |
| kadonotakashi | 0:8fdf9a60065b | 3880 | * |
| kadonotakashi | 0:8fdf9a60065b | 3881 | * Minimum length is 61 bytes. |
| kadonotakashi | 0:8fdf9a60065b | 3882 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3883 | if( in_len < 61 || |
| kadonotakashi | 0:8fdf9a60065b | 3884 | in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || |
| kadonotakashi | 0:8fdf9a60065b | 3885 | in[3] != 0 || in[4] != 0 || |
| kadonotakashi | 0:8fdf9a60065b | 3886 | in[19] != 0 || in[20] != 0 || in[21] != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3887 | { |
| kadonotakashi | 0:8fdf9a60065b | 3888 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
| kadonotakashi | 0:8fdf9a60065b | 3889 | } |
| kadonotakashi | 0:8fdf9a60065b | 3890 | |
| kadonotakashi | 0:8fdf9a60065b | 3891 | sid_len = in[59]; |
| kadonotakashi | 0:8fdf9a60065b | 3892 | if( sid_len > in_len - 61 ) |
| kadonotakashi | 0:8fdf9a60065b | 3893 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
| kadonotakashi | 0:8fdf9a60065b | 3894 | |
| kadonotakashi | 0:8fdf9a60065b | 3895 | cookie_len = in[60 + sid_len]; |
| kadonotakashi | 0:8fdf9a60065b | 3896 | if( cookie_len > in_len - 60 ) |
| kadonotakashi | 0:8fdf9a60065b | 3897 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
| kadonotakashi | 0:8fdf9a60065b | 3898 | |
| kadonotakashi | 0:8fdf9a60065b | 3899 | if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len, |
| kadonotakashi | 0:8fdf9a60065b | 3900 | cli_id, cli_id_len ) == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3901 | { |
| kadonotakashi | 0:8fdf9a60065b | 3902 | /* Valid cookie */ |
| kadonotakashi | 0:8fdf9a60065b | 3903 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 3904 | } |
| kadonotakashi | 0:8fdf9a60065b | 3905 | |
| kadonotakashi | 0:8fdf9a60065b | 3906 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3907 | * If we get here, we've got an invalid cookie, let's prepare HVR. |
| kadonotakashi | 0:8fdf9a60065b | 3908 | * |
| kadonotakashi | 0:8fdf9a60065b | 3909 | * 0-0 ContentType type; copied |
| kadonotakashi | 0:8fdf9a60065b | 3910 | * 1-2 ProtocolVersion version; copied |
| kadonotakashi | 0:8fdf9a60065b | 3911 | * 3-4 uint16 epoch; copied |
| kadonotakashi | 0:8fdf9a60065b | 3912 | * 5-10 uint48 sequence_number; copied |
| kadonotakashi | 0:8fdf9a60065b | 3913 | * 11-12 uint16 length; olen - 13 |
| kadonotakashi | 0:8fdf9a60065b | 3914 | * |
| kadonotakashi | 0:8fdf9a60065b | 3915 | * 13-13 HandshakeType msg_type; hello_verify_request |
| kadonotakashi | 0:8fdf9a60065b | 3916 | * 14-16 uint24 length; olen - 25 |
| kadonotakashi | 0:8fdf9a60065b | 3917 | * 17-18 uint16 message_seq; copied |
| kadonotakashi | 0:8fdf9a60065b | 3918 | * 19-21 uint24 fragment_offset; copied |
| kadonotakashi | 0:8fdf9a60065b | 3919 | * 22-24 uint24 fragment_length; olen - 25 |
| kadonotakashi | 0:8fdf9a60065b | 3920 | * |
| kadonotakashi | 0:8fdf9a60065b | 3921 | * 25-26 ProtocolVersion server_version; 0xfe 0xff |
| kadonotakashi | 0:8fdf9a60065b | 3922 | * 27-27 opaque cookie<0..2^8-1>; cookie_len = olen - 27, cookie |
| kadonotakashi | 0:8fdf9a60065b | 3923 | * |
| kadonotakashi | 0:8fdf9a60065b | 3924 | * Minimum length is 28. |
| kadonotakashi | 0:8fdf9a60065b | 3925 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3926 | if( buf_len < 28 ) |
| kadonotakashi | 0:8fdf9a60065b | 3927 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); |
| kadonotakashi | 0:8fdf9a60065b | 3928 | |
| kadonotakashi | 0:8fdf9a60065b | 3929 | /* Copy most fields and adapt others */ |
| kadonotakashi | 0:8fdf9a60065b | 3930 | memcpy( obuf, in, 25 ); |
| kadonotakashi | 0:8fdf9a60065b | 3931 | obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; |
| kadonotakashi | 0:8fdf9a60065b | 3932 | obuf[25] = 0xfe; |
| kadonotakashi | 0:8fdf9a60065b | 3933 | obuf[26] = 0xff; |
| kadonotakashi | 0:8fdf9a60065b | 3934 | |
| kadonotakashi | 0:8fdf9a60065b | 3935 | /* Generate and write actual cookie */ |
| kadonotakashi | 0:8fdf9a60065b | 3936 | p = obuf + 28; |
| kadonotakashi | 0:8fdf9a60065b | 3937 | if( f_cookie_write( p_cookie, |
| kadonotakashi | 0:8fdf9a60065b | 3938 | &p, obuf + buf_len, cli_id, cli_id_len ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 3939 | { |
| kadonotakashi | 0:8fdf9a60065b | 3940 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 3941 | } |
| kadonotakashi | 0:8fdf9a60065b | 3942 | |
| kadonotakashi | 0:8fdf9a60065b | 3943 | *olen = p - obuf; |
| kadonotakashi | 0:8fdf9a60065b | 3944 | |
| kadonotakashi | 0:8fdf9a60065b | 3945 | /* Go back and fill length fields */ |
| kadonotakashi | 0:8fdf9a60065b | 3946 | obuf[27] = (unsigned char)( *olen - 28 ); |
| kadonotakashi | 0:8fdf9a60065b | 3947 | |
| kadonotakashi | 0:8fdf9a60065b | 3948 | obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 3949 | obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 3950 | obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3951 | |
| kadonotakashi | 0:8fdf9a60065b | 3952 | obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 3953 | obuf[12] = (unsigned char)( ( *olen - 13 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 3954 | |
| kadonotakashi | 0:8fdf9a60065b | 3955 | return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); |
| kadonotakashi | 0:8fdf9a60065b | 3956 | } |
| kadonotakashi | 0:8fdf9a60065b | 3957 | |
| kadonotakashi | 0:8fdf9a60065b | 3958 | /* |
| kadonotakashi | 0:8fdf9a60065b | 3959 | * Handle possible client reconnect with the same UDP quadruplet |
| kadonotakashi | 0:8fdf9a60065b | 3960 | * (RFC 6347 Section 4.2.8). |
| kadonotakashi | 0:8fdf9a60065b | 3961 | * |
| kadonotakashi | 0:8fdf9a60065b | 3962 | * Called by ssl_parse_record_header() in case we receive an epoch 0 record |
| kadonotakashi | 0:8fdf9a60065b | 3963 | * that looks like a ClientHello. |
| kadonotakashi | 0:8fdf9a60065b | 3964 | * |
| kadonotakashi | 0:8fdf9a60065b | 3965 | * - if the input looks like a ClientHello without cookies, |
| kadonotakashi | 0:8fdf9a60065b | 3966 | * send back HelloVerifyRequest, then |
| kadonotakashi | 0:8fdf9a60065b | 3967 | * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED |
| kadonotakashi | 0:8fdf9a60065b | 3968 | * - if the input looks like a ClientHello with a valid cookie, |
| kadonotakashi | 0:8fdf9a60065b | 3969 | * reset the session of the current context, and |
| kadonotakashi | 0:8fdf9a60065b | 3970 | * return MBEDTLS_ERR_SSL_CLIENT_RECONNECT |
| kadonotakashi | 0:8fdf9a60065b | 3971 | * - if anything goes wrong, return a specific error code |
| kadonotakashi | 0:8fdf9a60065b | 3972 | * |
| kadonotakashi | 0:8fdf9a60065b | 3973 | * mbedtls_ssl_read_record() will ignore the record if anything else than |
| kadonotakashi | 0:8fdf9a60065b | 3974 | * MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function |
| kadonotakashi | 0:8fdf9a60065b | 3975 | * cannot not return 0. |
| kadonotakashi | 0:8fdf9a60065b | 3976 | */ |
| kadonotakashi | 0:8fdf9a60065b | 3977 | static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 3978 | { |
| kadonotakashi | 0:8fdf9a60065b | 3979 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 3980 | size_t len; |
| kadonotakashi | 0:8fdf9a60065b | 3981 | |
| kadonotakashi | 0:8fdf9a60065b | 3982 | ret = ssl_check_dtls_clihlo_cookie( |
| kadonotakashi | 0:8fdf9a60065b | 3983 | ssl->conf->f_cookie_write, |
| kadonotakashi | 0:8fdf9a60065b | 3984 | ssl->conf->f_cookie_check, |
| kadonotakashi | 0:8fdf9a60065b | 3985 | ssl->conf->p_cookie, |
| kadonotakashi | 0:8fdf9a60065b | 3986 | ssl->cli_id, ssl->cli_id_len, |
| kadonotakashi | 0:8fdf9a60065b | 3987 | ssl->in_buf, ssl->in_left, |
| kadonotakashi | 0:8fdf9a60065b | 3988 | ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len ); |
| kadonotakashi | 0:8fdf9a60065b | 3989 | |
| kadonotakashi | 0:8fdf9a60065b | 3990 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 3991 | |
| kadonotakashi | 0:8fdf9a60065b | 3992 | if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) |
| kadonotakashi | 0:8fdf9a60065b | 3993 | { |
| kadonotakashi | 0:8fdf9a60065b | 3994 | /* Don't check write errors as we can't do anything here. |
| kadonotakashi | 0:8fdf9a60065b | 3995 | * If the error is permanent we'll catch it later, |
| kadonotakashi | 0:8fdf9a60065b | 3996 | * if it's not, then hopefully it'll work next time. */ |
| kadonotakashi | 0:8fdf9a60065b | 3997 | (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 3998 | |
| kadonotakashi | 0:8fdf9a60065b | 3999 | return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); |
| kadonotakashi | 0:8fdf9a60065b | 4000 | } |
| kadonotakashi | 0:8fdf9a60065b | 4001 | |
| kadonotakashi | 0:8fdf9a60065b | 4002 | if( ret == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4003 | { |
| kadonotakashi | 0:8fdf9a60065b | 4004 | /* Got a valid cookie, partially reset context */ |
| kadonotakashi | 0:8fdf9a60065b | 4005 | if( ( ret = ssl_session_reset_int( ssl, 1 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4006 | { |
| kadonotakashi | 0:8fdf9a60065b | 4007 | MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4008 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4009 | } |
| kadonotakashi | 0:8fdf9a60065b | 4010 | |
| kadonotakashi | 0:8fdf9a60065b | 4011 | return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT ); |
| kadonotakashi | 0:8fdf9a60065b | 4012 | } |
| kadonotakashi | 0:8fdf9a60065b | 4013 | |
| kadonotakashi | 0:8fdf9a60065b | 4014 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4015 | } |
| kadonotakashi | 0:8fdf9a60065b | 4016 | #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ |
| kadonotakashi | 0:8fdf9a60065b | 4017 | |
| kadonotakashi | 0:8fdf9a60065b | 4018 | /* |
| kadonotakashi | 0:8fdf9a60065b | 4019 | * ContentType type; |
| kadonotakashi | 0:8fdf9a60065b | 4020 | * ProtocolVersion version; |
| kadonotakashi | 0:8fdf9a60065b | 4021 | * uint16 epoch; // DTLS only |
| kadonotakashi | 0:8fdf9a60065b | 4022 | * uint48 sequence_number; // DTLS only |
| kadonotakashi | 0:8fdf9a60065b | 4023 | * uint16 length; |
| kadonotakashi | 0:8fdf9a60065b | 4024 | * |
| kadonotakashi | 0:8fdf9a60065b | 4025 | * Return 0 if header looks sane (and, for DTLS, the record is expected) |
| kadonotakashi | 0:8fdf9a60065b | 4026 | * MBEDTLS_ERR_SSL_INVALID_RECORD if the header looks bad, |
| kadonotakashi | 0:8fdf9a60065b | 4027 | * MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected. |
| kadonotakashi | 0:8fdf9a60065b | 4028 | * |
| kadonotakashi | 0:8fdf9a60065b | 4029 | * With DTLS, mbedtls_ssl_read_record() will: |
| kadonotakashi | 0:8fdf9a60065b | 4030 | * 1. proceed with the record if this function returns 0 |
| kadonotakashi | 0:8fdf9a60065b | 4031 | * 2. drop only the current record if this function returns UNEXPECTED_RECORD |
| kadonotakashi | 0:8fdf9a60065b | 4032 | * 3. return CLIENT_RECONNECT if this function return that value |
| kadonotakashi | 0:8fdf9a60065b | 4033 | * 4. drop the whole datagram if this function returns anything else. |
| kadonotakashi | 0:8fdf9a60065b | 4034 | * Point 2 is needed when the peer is resending, and we have already received |
| kadonotakashi | 0:8fdf9a60065b | 4035 | * the first record from a datagram but are still waiting for the others. |
| kadonotakashi | 0:8fdf9a60065b | 4036 | */ |
| kadonotakashi | 0:8fdf9a60065b | 4037 | static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 4038 | { |
| kadonotakashi | 0:8fdf9a60065b | 4039 | int major_ver, minor_ver; |
| kadonotakashi | 0:8fdf9a60065b | 4040 | |
| kadonotakashi | 0:8fdf9a60065b | 4041 | MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4042 | |
| kadonotakashi | 0:8fdf9a60065b | 4043 | ssl->in_msgtype = ssl->in_hdr[0]; |
| kadonotakashi | 0:8fdf9a60065b | 4044 | ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; |
| kadonotakashi | 0:8fdf9a60065b | 4045 | mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 4046 | |
| kadonotakashi | 0:8fdf9a60065b | 4047 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " |
| kadonotakashi | 0:8fdf9a60065b | 4048 | "version = [%d:%d], msglen = %d", |
| kadonotakashi | 0:8fdf9a60065b | 4049 | ssl->in_msgtype, |
| kadonotakashi | 0:8fdf9a60065b | 4050 | major_ver, minor_ver, ssl->in_msglen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4051 | |
| kadonotakashi | 0:8fdf9a60065b | 4052 | /* Check record type */ |
| kadonotakashi | 0:8fdf9a60065b | 4053 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && |
| kadonotakashi | 0:8fdf9a60065b | 4054 | ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT && |
| kadonotakashi | 0:8fdf9a60065b | 4055 | ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && |
| kadonotakashi | 0:8fdf9a60065b | 4056 | ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
| kadonotakashi | 0:8fdf9a60065b | 4057 | { |
| kadonotakashi | 0:8fdf9a60065b | 4058 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4059 | |
| kadonotakashi | 0:8fdf9a60065b | 4060 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 4061 | /* Silently ignore invalid DTLS records as recommended by RFC 6347 |
| kadonotakashi | 0:8fdf9a60065b | 4062 | * Section 4.1.2.7 */ |
| kadonotakashi | 0:8fdf9a60065b | 4063 | if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 4064 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 4065 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 4066 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 4067 | |
| kadonotakashi | 0:8fdf9a60065b | 4068 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 4069 | } |
| kadonotakashi | 0:8fdf9a60065b | 4070 | |
| kadonotakashi | 0:8fdf9a60065b | 4071 | /* Check version */ |
| kadonotakashi | 0:8fdf9a60065b | 4072 | if( major_ver != ssl->major_ver ) |
| kadonotakashi | 0:8fdf9a60065b | 4073 | { |
| kadonotakashi | 0:8fdf9a60065b | 4074 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4075 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 4076 | } |
| kadonotakashi | 0:8fdf9a60065b | 4077 | |
| kadonotakashi | 0:8fdf9a60065b | 4078 | if( minor_ver > ssl->conf->max_minor_ver ) |
| kadonotakashi | 0:8fdf9a60065b | 4079 | { |
| kadonotakashi | 0:8fdf9a60065b | 4080 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4081 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 4082 | } |
| kadonotakashi | 0:8fdf9a60065b | 4083 | |
| kadonotakashi | 0:8fdf9a60065b | 4084 | /* Check length against the size of our buffer */ |
| kadonotakashi | 0:8fdf9a60065b | 4085 | if( ssl->in_msglen > MBEDTLS_SSL_IN_BUFFER_LEN |
| kadonotakashi | 0:8fdf9a60065b | 4086 | - (size_t)( ssl->in_msg - ssl->in_buf ) ) |
| kadonotakashi | 0:8fdf9a60065b | 4087 | { |
| kadonotakashi | 0:8fdf9a60065b | 4088 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4089 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 4090 | } |
| kadonotakashi | 0:8fdf9a60065b | 4091 | |
| kadonotakashi | 0:8fdf9a60065b | 4092 | /* |
| kadonotakashi | 0:8fdf9a60065b | 4093 | * DTLS-related tests. |
| kadonotakashi | 0:8fdf9a60065b | 4094 | * Check epoch before checking length constraint because |
| kadonotakashi | 0:8fdf9a60065b | 4095 | * the latter varies with the epoch. E.g., if a ChangeCipherSpec |
| kadonotakashi | 0:8fdf9a60065b | 4096 | * message gets duplicated before the corresponding Finished message, |
| kadonotakashi | 0:8fdf9a60065b | 4097 | * the second ChangeCipherSpec should be discarded because it belongs |
| kadonotakashi | 0:8fdf9a60065b | 4098 | * to an old epoch, but not because its length is shorter than |
| kadonotakashi | 0:8fdf9a60065b | 4099 | * the minimum record length for packets using the new record transform. |
| kadonotakashi | 0:8fdf9a60065b | 4100 | * Note that these two kinds of failures are handled differently, |
| kadonotakashi | 0:8fdf9a60065b | 4101 | * as an unexpected record is silently skipped but an invalid |
| kadonotakashi | 0:8fdf9a60065b | 4102 | * record leads to the entire datagram being dropped. |
| kadonotakashi | 0:8fdf9a60065b | 4103 | */ |
| kadonotakashi | 0:8fdf9a60065b | 4104 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 4105 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 4106 | { |
| kadonotakashi | 0:8fdf9a60065b | 4107 | unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; |
| kadonotakashi | 0:8fdf9a60065b | 4108 | |
| kadonotakashi | 0:8fdf9a60065b | 4109 | /* Check epoch (and sequence number) with DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 4110 | if( rec_epoch != ssl->in_epoch ) |
| kadonotakashi | 0:8fdf9a60065b | 4111 | { |
| kadonotakashi | 0:8fdf9a60065b | 4112 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: " |
| kadonotakashi | 0:8fdf9a60065b | 4113 | "expected %d, received %d", |
| kadonotakashi | 0:8fdf9a60065b | 4114 | ssl->in_epoch, rec_epoch ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4115 | |
| kadonotakashi | 0:8fdf9a60065b | 4116 | #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 4117 | /* |
| kadonotakashi | 0:8fdf9a60065b | 4118 | * Check for an epoch 0 ClientHello. We can't use in_msg here to |
| kadonotakashi | 0:8fdf9a60065b | 4119 | * access the first byte of record content (handshake type), as we |
| kadonotakashi | 0:8fdf9a60065b | 4120 | * have an active transform (possibly iv_len != 0), so use the |
| kadonotakashi | 0:8fdf9a60065b | 4121 | * fact that the record header len is 13 instead. |
| kadonotakashi | 0:8fdf9a60065b | 4122 | */ |
| kadonotakashi | 0:8fdf9a60065b | 4123 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| kadonotakashi | 0:8fdf9a60065b | 4124 | ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && |
| kadonotakashi | 0:8fdf9a60065b | 4125 | rec_epoch == 0 && |
| kadonotakashi | 0:8fdf9a60065b | 4126 | ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
| kadonotakashi | 0:8fdf9a60065b | 4127 | ssl->in_left > 13 && |
| kadonotakashi | 0:8fdf9a60065b | 4128 | ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO ) |
| kadonotakashi | 0:8fdf9a60065b | 4129 | { |
| kadonotakashi | 0:8fdf9a60065b | 4130 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect " |
| kadonotakashi | 0:8fdf9a60065b | 4131 | "from the same port" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4132 | return( ssl_handle_possible_reconnect( ssl ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4133 | } |
| kadonotakashi | 0:8fdf9a60065b | 4134 | else |
| kadonotakashi | 0:8fdf9a60065b | 4135 | #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ |
| kadonotakashi | 0:8fdf9a60065b | 4136 | { |
| kadonotakashi | 0:8fdf9a60065b | 4137 | /* Consider buffering the record. */ |
| kadonotakashi | 0:8fdf9a60065b | 4138 | if( rec_epoch == (unsigned int) ssl->in_epoch + 1 ) |
| kadonotakashi | 0:8fdf9a60065b | 4139 | { |
| kadonotakashi | 0:8fdf9a60065b | 4140 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Consider record for buffering" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4141 | return( MBEDTLS_ERR_SSL_EARLY_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 4142 | } |
| kadonotakashi | 0:8fdf9a60065b | 4143 | |
| kadonotakashi | 0:8fdf9a60065b | 4144 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 4145 | } |
| kadonotakashi | 0:8fdf9a60065b | 4146 | } |
| kadonotakashi | 0:8fdf9a60065b | 4147 | |
| kadonotakashi | 0:8fdf9a60065b | 4148 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| kadonotakashi | 0:8fdf9a60065b | 4149 | /* Replay detection only works for the current epoch */ |
| kadonotakashi | 0:8fdf9a60065b | 4150 | if( rec_epoch == ssl->in_epoch && |
| kadonotakashi | 0:8fdf9a60065b | 4151 | mbedtls_ssl_dtls_replay_check( ssl ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4152 | { |
| kadonotakashi | 0:8fdf9a60065b | 4153 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4154 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 4155 | } |
| kadonotakashi | 0:8fdf9a60065b | 4156 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 4157 | |
| kadonotakashi | 0:8fdf9a60065b | 4158 | /* Drop unexpected ApplicationData records, |
| kadonotakashi | 0:8fdf9a60065b | 4159 | * except at the beginning of renegotiations */ |
| kadonotakashi | 0:8fdf9a60065b | 4160 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && |
| kadonotakashi | 0:8fdf9a60065b | 4161 | ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER |
| kadonotakashi | 0:8fdf9a60065b | 4162 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 4163 | && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && |
| kadonotakashi | 0:8fdf9a60065b | 4164 | ssl->state == MBEDTLS_SSL_SERVER_HELLO ) |
| kadonotakashi | 0:8fdf9a60065b | 4165 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 4166 | ) |
| kadonotakashi | 0:8fdf9a60065b | 4167 | { |
| kadonotakashi | 0:8fdf9a60065b | 4168 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4169 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 4170 | } |
| kadonotakashi | 0:8fdf9a60065b | 4171 | } |
| kadonotakashi | 0:8fdf9a60065b | 4172 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 4173 | |
| kadonotakashi | 0:8fdf9a60065b | 4174 | |
| kadonotakashi | 0:8fdf9a60065b | 4175 | /* Check length against bounds of the current transform and version */ |
| kadonotakashi | 0:8fdf9a60065b | 4176 | if( ssl->transform_in == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4177 | { |
| kadonotakashi | 0:8fdf9a60065b | 4178 | if( ssl->in_msglen < 1 || |
| kadonotakashi | 0:8fdf9a60065b | 4179 | ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN ) |
| kadonotakashi | 0:8fdf9a60065b | 4180 | { |
| kadonotakashi | 0:8fdf9a60065b | 4181 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4182 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 4183 | } |
| kadonotakashi | 0:8fdf9a60065b | 4184 | } |
| kadonotakashi | 0:8fdf9a60065b | 4185 | else |
| kadonotakashi | 0:8fdf9a60065b | 4186 | { |
| kadonotakashi | 0:8fdf9a60065b | 4187 | if( ssl->in_msglen < ssl->transform_in->minlen ) |
| kadonotakashi | 0:8fdf9a60065b | 4188 | { |
| kadonotakashi | 0:8fdf9a60065b | 4189 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4190 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 4191 | } |
| kadonotakashi | 0:8fdf9a60065b | 4192 | |
| kadonotakashi | 0:8fdf9a60065b | 4193 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 4194 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && |
| kadonotakashi | 0:8fdf9a60065b | 4195 | ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_IN_CONTENT_LEN ) |
| kadonotakashi | 0:8fdf9a60065b | 4196 | { |
| kadonotakashi | 0:8fdf9a60065b | 4197 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4198 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 4199 | } |
| kadonotakashi | 0:8fdf9a60065b | 4200 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 4201 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 4202 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 4203 | /* |
| kadonotakashi | 0:8fdf9a60065b | 4204 | * TLS encrypted messages can have up to 256 bytes of padding |
| kadonotakashi | 0:8fdf9a60065b | 4205 | */ |
| kadonotakashi | 0:8fdf9a60065b | 4206 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 && |
| kadonotakashi | 0:8fdf9a60065b | 4207 | ssl->in_msglen > ssl->transform_in->minlen + |
| kadonotakashi | 0:8fdf9a60065b | 4208 | MBEDTLS_SSL_IN_CONTENT_LEN + 256 ) |
| kadonotakashi | 0:8fdf9a60065b | 4209 | { |
| kadonotakashi | 0:8fdf9a60065b | 4210 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4211 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 4212 | } |
| kadonotakashi | 0:8fdf9a60065b | 4213 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 4214 | } |
| kadonotakashi | 0:8fdf9a60065b | 4215 | |
| kadonotakashi | 0:8fdf9a60065b | 4216 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4217 | } |
| kadonotakashi | 0:8fdf9a60065b | 4218 | |
| kadonotakashi | 0:8fdf9a60065b | 4219 | /* |
| kadonotakashi | 0:8fdf9a60065b | 4220 | * If applicable, decrypt (and decompress) record content |
| kadonotakashi | 0:8fdf9a60065b | 4221 | */ |
| kadonotakashi | 0:8fdf9a60065b | 4222 | static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 4223 | { |
| kadonotakashi | 0:8fdf9a60065b | 4224 | int ret, done = 0; |
| kadonotakashi | 0:8fdf9a60065b | 4225 | |
| kadonotakashi | 0:8fdf9a60065b | 4226 | MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network", |
| kadonotakashi | 0:8fdf9a60065b | 4227 | ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 4228 | |
| kadonotakashi | 0:8fdf9a60065b | 4229 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| kadonotakashi | 0:8fdf9a60065b | 4230 | if( mbedtls_ssl_hw_record_read != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4231 | { |
| kadonotakashi | 0:8fdf9a60065b | 4232 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_read()" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4233 | |
| kadonotakashi | 0:8fdf9a60065b | 4234 | ret = mbedtls_ssl_hw_record_read( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4235 | if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) |
| kadonotakashi | 0:8fdf9a60065b | 4236 | { |
| kadonotakashi | 0:8fdf9a60065b | 4237 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_read", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4238 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 4239 | } |
| kadonotakashi | 0:8fdf9a60065b | 4240 | |
| kadonotakashi | 0:8fdf9a60065b | 4241 | if( ret == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4242 | done = 1; |
| kadonotakashi | 0:8fdf9a60065b | 4243 | } |
| kadonotakashi | 0:8fdf9a60065b | 4244 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
| kadonotakashi | 0:8fdf9a60065b | 4245 | if( !done && ssl->transform_in != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4246 | { |
| kadonotakashi | 0:8fdf9a60065b | 4247 | if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4248 | { |
| kadonotakashi | 0:8fdf9a60065b | 4249 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4250 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4251 | } |
| kadonotakashi | 0:8fdf9a60065b | 4252 | |
| kadonotakashi | 0:8fdf9a60065b | 4253 | MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt", |
| kadonotakashi | 0:8fdf9a60065b | 4254 | ssl->in_msg, ssl->in_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 4255 | |
| kadonotakashi | 0:8fdf9a60065b | 4256 | if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN ) |
| kadonotakashi | 0:8fdf9a60065b | 4257 | { |
| kadonotakashi | 0:8fdf9a60065b | 4258 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4259 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 4260 | } |
| kadonotakashi | 0:8fdf9a60065b | 4261 | } |
| kadonotakashi | 0:8fdf9a60065b | 4262 | |
| kadonotakashi | 0:8fdf9a60065b | 4263 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| kadonotakashi | 0:8fdf9a60065b | 4264 | if( ssl->transform_in != NULL && |
| kadonotakashi | 0:8fdf9a60065b | 4265 | ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
| kadonotakashi | 0:8fdf9a60065b | 4266 | { |
| kadonotakashi | 0:8fdf9a60065b | 4267 | if( ( ret = ssl_decompress_buf( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4268 | { |
| kadonotakashi | 0:8fdf9a60065b | 4269 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4270 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4271 | } |
| kadonotakashi | 0:8fdf9a60065b | 4272 | } |
| kadonotakashi | 0:8fdf9a60065b | 4273 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
| kadonotakashi | 0:8fdf9a60065b | 4274 | |
| kadonotakashi | 0:8fdf9a60065b | 4275 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| kadonotakashi | 0:8fdf9a60065b | 4276 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 4277 | { |
| kadonotakashi | 0:8fdf9a60065b | 4278 | mbedtls_ssl_dtls_replay_update( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4279 | } |
| kadonotakashi | 0:8fdf9a60065b | 4280 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 4281 | |
| kadonotakashi | 0:8fdf9a60065b | 4282 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4283 | } |
| kadonotakashi | 0:8fdf9a60065b | 4284 | |
| kadonotakashi | 0:8fdf9a60065b | 4285 | static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4286 | |
| kadonotakashi | 0:8fdf9a60065b | 4287 | /* |
| kadonotakashi | 0:8fdf9a60065b | 4288 | * Read a record. |
| kadonotakashi | 0:8fdf9a60065b | 4289 | * |
| kadonotakashi | 0:8fdf9a60065b | 4290 | * Silently ignore non-fatal alert (and for DTLS, invalid records as well, |
| kadonotakashi | 0:8fdf9a60065b | 4291 | * RFC 6347 4.1.2.7) and continue reading until a valid record is found. |
| kadonotakashi | 0:8fdf9a60065b | 4292 | * |
| kadonotakashi | 0:8fdf9a60065b | 4293 | */ |
| kadonotakashi | 0:8fdf9a60065b | 4294 | |
| kadonotakashi | 0:8fdf9a60065b | 4295 | /* Helper functions for mbedtls_ssl_read_record(). */ |
| kadonotakashi | 0:8fdf9a60065b | 4296 | static int ssl_consume_current_message( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4297 | static int ssl_get_next_record( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4298 | static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4299 | |
| kadonotakashi | 0:8fdf9a60065b | 4300 | int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 4301 | unsigned update_hs_digest ) |
| kadonotakashi | 0:8fdf9a60065b | 4302 | { |
| kadonotakashi | 0:8fdf9a60065b | 4303 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 4304 | |
| kadonotakashi | 0:8fdf9a60065b | 4305 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4306 | |
| kadonotakashi | 0:8fdf9a60065b | 4307 | if( ssl->keep_current_message == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4308 | { |
| kadonotakashi | 0:8fdf9a60065b | 4309 | do { |
| kadonotakashi | 0:8fdf9a60065b | 4310 | |
| kadonotakashi | 0:8fdf9a60065b | 4311 | ret = ssl_consume_current_message( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4312 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4313 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4314 | |
| kadonotakashi | 0:8fdf9a60065b | 4315 | if( ssl_record_is_in_progress( ssl ) == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4316 | { |
| kadonotakashi | 0:8fdf9a60065b | 4317 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 4318 | int have_buffered = 0; |
| kadonotakashi | 0:8fdf9a60065b | 4319 | |
| kadonotakashi | 0:8fdf9a60065b | 4320 | /* We only check for buffered messages if the |
| kadonotakashi | 0:8fdf9a60065b | 4321 | * current datagram is fully consumed. */ |
| kadonotakashi | 0:8fdf9a60065b | 4322 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| kadonotakashi | 0:8fdf9a60065b | 4323 | ssl_next_record_is_in_datagram( ssl ) == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4324 | { |
| kadonotakashi | 0:8fdf9a60065b | 4325 | if( ssl_load_buffered_message( ssl ) == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4326 | have_buffered = 1; |
| kadonotakashi | 0:8fdf9a60065b | 4327 | } |
| kadonotakashi | 0:8fdf9a60065b | 4328 | |
| kadonotakashi | 0:8fdf9a60065b | 4329 | if( have_buffered == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4330 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 4331 | { |
| kadonotakashi | 0:8fdf9a60065b | 4332 | ret = ssl_get_next_record( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4333 | if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ) |
| kadonotakashi | 0:8fdf9a60065b | 4334 | continue; |
| kadonotakashi | 0:8fdf9a60065b | 4335 | |
| kadonotakashi | 0:8fdf9a60065b | 4336 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4337 | { |
| kadonotakashi | 0:8fdf9a60065b | 4338 | MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_get_next_record" ), ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4339 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4340 | } |
| kadonotakashi | 0:8fdf9a60065b | 4341 | } |
| kadonotakashi | 0:8fdf9a60065b | 4342 | } |
| kadonotakashi | 0:8fdf9a60065b | 4343 | |
| kadonotakashi | 0:8fdf9a60065b | 4344 | ret = mbedtls_ssl_handle_message_type( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4345 | |
| kadonotakashi | 0:8fdf9a60065b | 4346 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 4347 | if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE ) |
| kadonotakashi | 0:8fdf9a60065b | 4348 | { |
| kadonotakashi | 0:8fdf9a60065b | 4349 | /* Buffer future message */ |
| kadonotakashi | 0:8fdf9a60065b | 4350 | ret = ssl_buffer_message( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4351 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4352 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4353 | |
| kadonotakashi | 0:8fdf9a60065b | 4354 | ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; |
| kadonotakashi | 0:8fdf9a60065b | 4355 | } |
| kadonotakashi | 0:8fdf9a60065b | 4356 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 4357 | |
| kadonotakashi | 0:8fdf9a60065b | 4358 | } while( MBEDTLS_ERR_SSL_NON_FATAL == ret || |
| kadonotakashi | 0:8fdf9a60065b | 4359 | MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4360 | |
| kadonotakashi | 0:8fdf9a60065b | 4361 | if( 0 != ret ) |
| kadonotakashi | 0:8fdf9a60065b | 4362 | { |
| kadonotakashi | 0:8fdf9a60065b | 4363 | MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4364 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4365 | } |
| kadonotakashi | 0:8fdf9a60065b | 4366 | |
| kadonotakashi | 0:8fdf9a60065b | 4367 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
| kadonotakashi | 0:8fdf9a60065b | 4368 | update_hs_digest == 1 ) |
| kadonotakashi | 0:8fdf9a60065b | 4369 | { |
| kadonotakashi | 0:8fdf9a60065b | 4370 | mbedtls_ssl_update_handshake_status( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4371 | } |
| kadonotakashi | 0:8fdf9a60065b | 4372 | } |
| kadonotakashi | 0:8fdf9a60065b | 4373 | else |
| kadonotakashi | 0:8fdf9a60065b | 4374 | { |
| kadonotakashi | 0:8fdf9a60065b | 4375 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "reuse previously read message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4376 | ssl->keep_current_message = 0; |
| kadonotakashi | 0:8fdf9a60065b | 4377 | } |
| kadonotakashi | 0:8fdf9a60065b | 4378 | |
| kadonotakashi | 0:8fdf9a60065b | 4379 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4380 | |
| kadonotakashi | 0:8fdf9a60065b | 4381 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4382 | } |
| kadonotakashi | 0:8fdf9a60065b | 4383 | |
| kadonotakashi | 0:8fdf9a60065b | 4384 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 4385 | static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 4386 | { |
| kadonotakashi | 0:8fdf9a60065b | 4387 | if( ssl->in_left > ssl->next_record_offset ) |
| kadonotakashi | 0:8fdf9a60065b | 4388 | return( 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 4389 | |
| kadonotakashi | 0:8fdf9a60065b | 4390 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4391 | } |
| kadonotakashi | 0:8fdf9a60065b | 4392 | |
| kadonotakashi | 0:8fdf9a60065b | 4393 | static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 4394 | { |
| kadonotakashi | 0:8fdf9a60065b | 4395 | mbedtls_ssl_handshake_params * const hs = ssl->handshake; |
| kadonotakashi | 0:8fdf9a60065b | 4396 | mbedtls_ssl_hs_buffer * hs_buf; |
| kadonotakashi | 0:8fdf9a60065b | 4397 | int ret = 0; |
| kadonotakashi | 0:8fdf9a60065b | 4398 | |
| kadonotakashi | 0:8fdf9a60065b | 4399 | if( hs == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4400 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 4401 | |
| kadonotakashi | 0:8fdf9a60065b | 4402 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4403 | |
| kadonotakashi | 0:8fdf9a60065b | 4404 | if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC || |
| kadonotakashi | 0:8fdf9a60065b | 4405 | ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) |
| kadonotakashi | 0:8fdf9a60065b | 4406 | { |
| kadonotakashi | 0:8fdf9a60065b | 4407 | /* Check if we have seen a ChangeCipherSpec before. |
| kadonotakashi | 0:8fdf9a60065b | 4408 | * If yes, synthesize a CCS record. */ |
| kadonotakashi | 0:8fdf9a60065b | 4409 | if( !hs->buffering.seen_ccs ) |
| kadonotakashi | 0:8fdf9a60065b | 4410 | { |
| kadonotakashi | 0:8fdf9a60065b | 4411 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "CCS not seen in the current flight" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4412 | ret = -1; |
| kadonotakashi | 0:8fdf9a60065b | 4413 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 4414 | } |
| kadonotakashi | 0:8fdf9a60065b | 4415 | |
| kadonotakashi | 0:8fdf9a60065b | 4416 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Injecting buffered CCS message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4417 | ssl->in_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; |
| kadonotakashi | 0:8fdf9a60065b | 4418 | ssl->in_msglen = 1; |
| kadonotakashi | 0:8fdf9a60065b | 4419 | ssl->in_msg[0] = 1; |
| kadonotakashi | 0:8fdf9a60065b | 4420 | |
| kadonotakashi | 0:8fdf9a60065b | 4421 | /* As long as they are equal, the exact value doesn't matter. */ |
| kadonotakashi | 0:8fdf9a60065b | 4422 | ssl->in_left = 0; |
| kadonotakashi | 0:8fdf9a60065b | 4423 | ssl->next_record_offset = 0; |
| kadonotakashi | 0:8fdf9a60065b | 4424 | |
| kadonotakashi | 0:8fdf9a60065b | 4425 | hs->buffering.seen_ccs = 0; |
| kadonotakashi | 0:8fdf9a60065b | 4426 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 4427 | } |
| kadonotakashi | 0:8fdf9a60065b | 4428 | |
| kadonotakashi | 0:8fdf9a60065b | 4429 | #if defined(MBEDTLS_DEBUG_C) |
| kadonotakashi | 0:8fdf9a60065b | 4430 | /* Debug only */ |
| kadonotakashi | 0:8fdf9a60065b | 4431 | { |
| kadonotakashi | 0:8fdf9a60065b | 4432 | unsigned offset; |
| kadonotakashi | 0:8fdf9a60065b | 4433 | for( offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ ) |
| kadonotakashi | 0:8fdf9a60065b | 4434 | { |
| kadonotakashi | 0:8fdf9a60065b | 4435 | hs_buf = &hs->buffering.hs[offset]; |
| kadonotakashi | 0:8fdf9a60065b | 4436 | if( hs_buf->is_valid == 1 ) |
| kadonotakashi | 0:8fdf9a60065b | 4437 | { |
| kadonotakashi | 0:8fdf9a60065b | 4438 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Future message with sequence number %u %s buffered.", |
| kadonotakashi | 0:8fdf9a60065b | 4439 | hs->in_msg_seq + offset, |
| kadonotakashi | 0:8fdf9a60065b | 4440 | hs_buf->is_complete ? "fully" : "partially" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4441 | } |
| kadonotakashi | 0:8fdf9a60065b | 4442 | } |
| kadonotakashi | 0:8fdf9a60065b | 4443 | } |
| kadonotakashi | 0:8fdf9a60065b | 4444 | #endif /* MBEDTLS_DEBUG_C */ |
| kadonotakashi | 0:8fdf9a60065b | 4445 | |
| kadonotakashi | 0:8fdf9a60065b | 4446 | /* Check if we have buffered and/or fully reassembled the |
| kadonotakashi | 0:8fdf9a60065b | 4447 | * next handshake message. */ |
| kadonotakashi | 0:8fdf9a60065b | 4448 | hs_buf = &hs->buffering.hs[0]; |
| kadonotakashi | 0:8fdf9a60065b | 4449 | if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) ) |
| kadonotakashi | 0:8fdf9a60065b | 4450 | { |
| kadonotakashi | 0:8fdf9a60065b | 4451 | /* Synthesize a record containing the buffered HS message. */ |
| kadonotakashi | 0:8fdf9a60065b | 4452 | size_t msg_len = ( hs_buf->data[1] << 16 ) | |
| kadonotakashi | 0:8fdf9a60065b | 4453 | ( hs_buf->data[2] << 8 ) | |
| kadonotakashi | 0:8fdf9a60065b | 4454 | hs_buf->data[3]; |
| kadonotakashi | 0:8fdf9a60065b | 4455 | |
| kadonotakashi | 0:8fdf9a60065b | 4456 | /* Double-check that we haven't accidentally buffered |
| kadonotakashi | 0:8fdf9a60065b | 4457 | * a message that doesn't fit into the input buffer. */ |
| kadonotakashi | 0:8fdf9a60065b | 4458 | if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN ) |
| kadonotakashi | 0:8fdf9a60065b | 4459 | { |
| kadonotakashi | 0:8fdf9a60065b | 4460 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4461 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 4462 | } |
| kadonotakashi | 0:8fdf9a60065b | 4463 | |
| kadonotakashi | 0:8fdf9a60065b | 4464 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message has been buffered - load" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4465 | MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered handshake message (incl. header)", |
| kadonotakashi | 0:8fdf9a60065b | 4466 | hs_buf->data, msg_len + 12 ); |
| kadonotakashi | 0:8fdf9a60065b | 4467 | |
| kadonotakashi | 0:8fdf9a60065b | 4468 | ssl->in_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
| kadonotakashi | 0:8fdf9a60065b | 4469 | ssl->in_hslen = msg_len + 12; |
| kadonotakashi | 0:8fdf9a60065b | 4470 | ssl->in_msglen = msg_len + 12; |
| kadonotakashi | 0:8fdf9a60065b | 4471 | memcpy( ssl->in_msg, hs_buf->data, ssl->in_hslen ); |
| kadonotakashi | 0:8fdf9a60065b | 4472 | |
| kadonotakashi | 0:8fdf9a60065b | 4473 | ret = 0; |
| kadonotakashi | 0:8fdf9a60065b | 4474 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 4475 | } |
| kadonotakashi | 0:8fdf9a60065b | 4476 | else |
| kadonotakashi | 0:8fdf9a60065b | 4477 | { |
| kadonotakashi | 0:8fdf9a60065b | 4478 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message %u not or only partially bufffered", |
| kadonotakashi | 0:8fdf9a60065b | 4479 | hs->in_msg_seq ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4480 | } |
| kadonotakashi | 0:8fdf9a60065b | 4481 | |
| kadonotakashi | 0:8fdf9a60065b | 4482 | ret = -1; |
| kadonotakashi | 0:8fdf9a60065b | 4483 | |
| kadonotakashi | 0:8fdf9a60065b | 4484 | exit: |
| kadonotakashi | 0:8fdf9a60065b | 4485 | |
| kadonotakashi | 0:8fdf9a60065b | 4486 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4487 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4488 | } |
| kadonotakashi | 0:8fdf9a60065b | 4489 | |
| kadonotakashi | 0:8fdf9a60065b | 4490 | static int ssl_buffer_make_space( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 4491 | size_t desired ) |
| kadonotakashi | 0:8fdf9a60065b | 4492 | { |
| kadonotakashi | 0:8fdf9a60065b | 4493 | int offset; |
| kadonotakashi | 0:8fdf9a60065b | 4494 | mbedtls_ssl_handshake_params * const hs = ssl->handshake; |
| kadonotakashi | 0:8fdf9a60065b | 4495 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Attempt to free buffered messages to have %u bytes available", |
| kadonotakashi | 0:8fdf9a60065b | 4496 | (unsigned) desired ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4497 | |
| kadonotakashi | 0:8fdf9a60065b | 4498 | /* Get rid of future records epoch first, if such exist. */ |
| kadonotakashi | 0:8fdf9a60065b | 4499 | ssl_free_buffered_record( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4500 | |
| kadonotakashi | 0:8fdf9a60065b | 4501 | /* Check if we have enough space available now. */ |
| kadonotakashi | 0:8fdf9a60065b | 4502 | if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - |
| kadonotakashi | 0:8fdf9a60065b | 4503 | hs->buffering.total_bytes_buffered ) ) |
| kadonotakashi | 0:8fdf9a60065b | 4504 | { |
| kadonotakashi | 0:8fdf9a60065b | 4505 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing future epoch record" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4506 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4507 | } |
| kadonotakashi | 0:8fdf9a60065b | 4508 | |
| kadonotakashi | 0:8fdf9a60065b | 4509 | /* We don't have enough space to buffer the next expected handshake |
| kadonotakashi | 0:8fdf9a60065b | 4510 | * message. Remove buffers used for future messages to gain space, |
| kadonotakashi | 0:8fdf9a60065b | 4511 | * starting with the most distant one. */ |
| kadonotakashi | 0:8fdf9a60065b | 4512 | for( offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1; |
| kadonotakashi | 0:8fdf9a60065b | 4513 | offset >= 0; offset-- ) |
| kadonotakashi | 0:8fdf9a60065b | 4514 | { |
| kadonotakashi | 0:8fdf9a60065b | 4515 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Free buffering slot %d to make space for reassembly of next handshake message", |
| kadonotakashi | 0:8fdf9a60065b | 4516 | offset ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4517 | |
| kadonotakashi | 0:8fdf9a60065b | 4518 | ssl_buffering_free_slot( ssl, (uint8_t) offset ); |
| kadonotakashi | 0:8fdf9a60065b | 4519 | |
| kadonotakashi | 0:8fdf9a60065b | 4520 | /* Check if we have enough space available now. */ |
| kadonotakashi | 0:8fdf9a60065b | 4521 | if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - |
| kadonotakashi | 0:8fdf9a60065b | 4522 | hs->buffering.total_bytes_buffered ) ) |
| kadonotakashi | 0:8fdf9a60065b | 4523 | { |
| kadonotakashi | 0:8fdf9a60065b | 4524 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing buffered HS messages" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4525 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4526 | } |
| kadonotakashi | 0:8fdf9a60065b | 4527 | } |
| kadonotakashi | 0:8fdf9a60065b | 4528 | |
| kadonotakashi | 0:8fdf9a60065b | 4529 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 4530 | } |
| kadonotakashi | 0:8fdf9a60065b | 4531 | |
| kadonotakashi | 0:8fdf9a60065b | 4532 | static int ssl_buffer_message( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 4533 | { |
| kadonotakashi | 0:8fdf9a60065b | 4534 | int ret = 0; |
| kadonotakashi | 0:8fdf9a60065b | 4535 | mbedtls_ssl_handshake_params * const hs = ssl->handshake; |
| kadonotakashi | 0:8fdf9a60065b | 4536 | |
| kadonotakashi | 0:8fdf9a60065b | 4537 | if( hs == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4538 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4539 | |
| kadonotakashi | 0:8fdf9a60065b | 4540 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_buffer_message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4541 | |
| kadonotakashi | 0:8fdf9a60065b | 4542 | switch( ssl->in_msgtype ) |
| kadonotakashi | 0:8fdf9a60065b | 4543 | { |
| kadonotakashi | 0:8fdf9a60065b | 4544 | case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: |
| kadonotakashi | 0:8fdf9a60065b | 4545 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Remember CCS message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4546 | |
| kadonotakashi | 0:8fdf9a60065b | 4547 | hs->buffering.seen_ccs = 1; |
| kadonotakashi | 0:8fdf9a60065b | 4548 | break; |
| kadonotakashi | 0:8fdf9a60065b | 4549 | |
| kadonotakashi | 0:8fdf9a60065b | 4550 | case MBEDTLS_SSL_MSG_HANDSHAKE: |
| kadonotakashi | 0:8fdf9a60065b | 4551 | { |
| kadonotakashi | 0:8fdf9a60065b | 4552 | unsigned recv_msg_seq_offset; |
| kadonotakashi | 0:8fdf9a60065b | 4553 | unsigned recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; |
| kadonotakashi | 0:8fdf9a60065b | 4554 | mbedtls_ssl_hs_buffer *hs_buf; |
| kadonotakashi | 0:8fdf9a60065b | 4555 | size_t msg_len = ssl->in_hslen - 12; |
| kadonotakashi | 0:8fdf9a60065b | 4556 | |
| kadonotakashi | 0:8fdf9a60065b | 4557 | /* We should never receive an old handshake |
| kadonotakashi | 0:8fdf9a60065b | 4558 | * message - double-check nonetheless. */ |
| kadonotakashi | 0:8fdf9a60065b | 4559 | if( recv_msg_seq < ssl->handshake->in_msg_seq ) |
| kadonotakashi | 0:8fdf9a60065b | 4560 | { |
| kadonotakashi | 0:8fdf9a60065b | 4561 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4562 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 4563 | } |
| kadonotakashi | 0:8fdf9a60065b | 4564 | |
| kadonotakashi | 0:8fdf9a60065b | 4565 | recv_msg_seq_offset = recv_msg_seq - ssl->handshake->in_msg_seq; |
| kadonotakashi | 0:8fdf9a60065b | 4566 | if( recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS ) |
| kadonotakashi | 0:8fdf9a60065b | 4567 | { |
| kadonotakashi | 0:8fdf9a60065b | 4568 | /* Silently ignore -- message too far in the future */ |
| kadonotakashi | 0:8fdf9a60065b | 4569 | MBEDTLS_SSL_DEBUG_MSG( 2, |
| kadonotakashi | 0:8fdf9a60065b | 4570 | ( "Ignore future HS message with sequence number %u, " |
| kadonotakashi | 0:8fdf9a60065b | 4571 | "buffering window %u - %u", |
| kadonotakashi | 0:8fdf9a60065b | 4572 | recv_msg_seq, ssl->handshake->in_msg_seq, |
| kadonotakashi | 0:8fdf9a60065b | 4573 | ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS - 1 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4574 | |
| kadonotakashi | 0:8fdf9a60065b | 4575 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 4576 | } |
| kadonotakashi | 0:8fdf9a60065b | 4577 | |
| kadonotakashi | 0:8fdf9a60065b | 4578 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering HS message with sequence number %u, offset %u ", |
| kadonotakashi | 0:8fdf9a60065b | 4579 | recv_msg_seq, recv_msg_seq_offset ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4580 | |
| kadonotakashi | 0:8fdf9a60065b | 4581 | hs_buf = &hs->buffering.hs[ recv_msg_seq_offset ]; |
| kadonotakashi | 0:8fdf9a60065b | 4582 | |
| kadonotakashi | 0:8fdf9a60065b | 4583 | /* Check if the buffering for this seq nr has already commenced. */ |
| kadonotakashi | 0:8fdf9a60065b | 4584 | if( !hs_buf->is_valid ) |
| kadonotakashi | 0:8fdf9a60065b | 4585 | { |
| kadonotakashi | 0:8fdf9a60065b | 4586 | size_t reassembly_buf_sz; |
| kadonotakashi | 0:8fdf9a60065b | 4587 | |
| kadonotakashi | 0:8fdf9a60065b | 4588 | hs_buf->is_fragmented = |
| kadonotakashi | 0:8fdf9a60065b | 4589 | ( ssl_hs_is_proper_fragment( ssl ) == 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 4590 | |
| kadonotakashi | 0:8fdf9a60065b | 4591 | /* We copy the message back into the input buffer |
| kadonotakashi | 0:8fdf9a60065b | 4592 | * after reassembly, so check that it's not too large. |
| kadonotakashi | 0:8fdf9a60065b | 4593 | * This is an implementation-specific limitation |
| kadonotakashi | 0:8fdf9a60065b | 4594 | * and not one from the standard, hence it is not |
| kadonotakashi | 0:8fdf9a60065b | 4595 | * checked in ssl_check_hs_header(). */ |
| kadonotakashi | 0:8fdf9a60065b | 4596 | if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN ) |
| kadonotakashi | 0:8fdf9a60065b | 4597 | { |
| kadonotakashi | 0:8fdf9a60065b | 4598 | /* Ignore message */ |
| kadonotakashi | 0:8fdf9a60065b | 4599 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 4600 | } |
| kadonotakashi | 0:8fdf9a60065b | 4601 | |
| kadonotakashi | 0:8fdf9a60065b | 4602 | /* Check if we have enough space to buffer the message. */ |
| kadonotakashi | 0:8fdf9a60065b | 4603 | if( hs->buffering.total_bytes_buffered > |
| kadonotakashi | 0:8fdf9a60065b | 4604 | MBEDTLS_SSL_DTLS_MAX_BUFFERING ) |
| kadonotakashi | 0:8fdf9a60065b | 4605 | { |
| kadonotakashi | 0:8fdf9a60065b | 4606 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4607 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 4608 | } |
| kadonotakashi | 0:8fdf9a60065b | 4609 | |
| kadonotakashi | 0:8fdf9a60065b | 4610 | reassembly_buf_sz = ssl_get_reassembly_buffer_size( msg_len, |
| kadonotakashi | 0:8fdf9a60065b | 4611 | hs_buf->is_fragmented ); |
| kadonotakashi | 0:8fdf9a60065b | 4612 | |
| kadonotakashi | 0:8fdf9a60065b | 4613 | if( reassembly_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - |
| kadonotakashi | 0:8fdf9a60065b | 4614 | hs->buffering.total_bytes_buffered ) ) |
| kadonotakashi | 0:8fdf9a60065b | 4615 | { |
| kadonotakashi | 0:8fdf9a60065b | 4616 | if( recv_msg_seq_offset > 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4617 | { |
| kadonotakashi | 0:8fdf9a60065b | 4618 | /* If we can't buffer a future message because |
| kadonotakashi | 0:8fdf9a60065b | 4619 | * of space limitations -- ignore. */ |
| kadonotakashi | 0:8fdf9a60065b | 4620 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n", |
| kadonotakashi | 0:8fdf9a60065b | 4621 | (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, |
| kadonotakashi | 0:8fdf9a60065b | 4622 | (unsigned) hs->buffering.total_bytes_buffered ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4623 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 4624 | } |
| kadonotakashi | 0:8fdf9a60065b | 4625 | else |
| kadonotakashi | 0:8fdf9a60065b | 4626 | { |
| kadonotakashi | 0:8fdf9a60065b | 4627 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- attempt to make space by freeing buffered future messages\n", |
| kadonotakashi | 0:8fdf9a60065b | 4628 | (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, |
| kadonotakashi | 0:8fdf9a60065b | 4629 | (unsigned) hs->buffering.total_bytes_buffered ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4630 | } |
| kadonotakashi | 0:8fdf9a60065b | 4631 | |
| kadonotakashi | 0:8fdf9a60065b | 4632 | if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4633 | { |
| kadonotakashi | 0:8fdf9a60065b | 4634 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u (%u with bitmap) would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n", |
| kadonotakashi | 0:8fdf9a60065b | 4635 | (unsigned) msg_len, |
| kadonotakashi | 0:8fdf9a60065b | 4636 | (unsigned) reassembly_buf_sz, |
| kadonotakashi | 0:8fdf9a60065b | 4637 | MBEDTLS_SSL_DTLS_MAX_BUFFERING, |
| kadonotakashi | 0:8fdf9a60065b | 4638 | (unsigned) hs->buffering.total_bytes_buffered ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4639 | ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; |
| kadonotakashi | 0:8fdf9a60065b | 4640 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 4641 | } |
| kadonotakashi | 0:8fdf9a60065b | 4642 | } |
| kadonotakashi | 0:8fdf9a60065b | 4643 | |
| kadonotakashi | 0:8fdf9a60065b | 4644 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d", |
| kadonotakashi | 0:8fdf9a60065b | 4645 | msg_len ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4646 | |
| kadonotakashi | 0:8fdf9a60065b | 4647 | hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz ); |
| kadonotakashi | 0:8fdf9a60065b | 4648 | if( hs_buf->data == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4649 | { |
| kadonotakashi | 0:8fdf9a60065b | 4650 | ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; |
| kadonotakashi | 0:8fdf9a60065b | 4651 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 4652 | } |
| kadonotakashi | 0:8fdf9a60065b | 4653 | hs_buf->data_len = reassembly_buf_sz; |
| kadonotakashi | 0:8fdf9a60065b | 4654 | |
| kadonotakashi | 0:8fdf9a60065b | 4655 | /* Prepare final header: copy msg_type, length and message_seq, |
| kadonotakashi | 0:8fdf9a60065b | 4656 | * then add standardised fragment_offset and fragment_length */ |
| kadonotakashi | 0:8fdf9a60065b | 4657 | memcpy( hs_buf->data, ssl->in_msg, 6 ); |
| kadonotakashi | 0:8fdf9a60065b | 4658 | memset( hs_buf->data + 6, 0, 3 ); |
| kadonotakashi | 0:8fdf9a60065b | 4659 | memcpy( hs_buf->data + 9, hs_buf->data + 1, 3 ); |
| kadonotakashi | 0:8fdf9a60065b | 4660 | |
| kadonotakashi | 0:8fdf9a60065b | 4661 | hs_buf->is_valid = 1; |
| kadonotakashi | 0:8fdf9a60065b | 4662 | |
| kadonotakashi | 0:8fdf9a60065b | 4663 | hs->buffering.total_bytes_buffered += reassembly_buf_sz; |
| kadonotakashi | 0:8fdf9a60065b | 4664 | } |
| kadonotakashi | 0:8fdf9a60065b | 4665 | else |
| kadonotakashi | 0:8fdf9a60065b | 4666 | { |
| kadonotakashi | 0:8fdf9a60065b | 4667 | /* Make sure msg_type and length are consistent */ |
| kadonotakashi | 0:8fdf9a60065b | 4668 | if( memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4669 | { |
| kadonotakashi | 0:8fdf9a60065b | 4670 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Fragment header mismatch - ignore" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4671 | /* Ignore */ |
| kadonotakashi | 0:8fdf9a60065b | 4672 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 4673 | } |
| kadonotakashi | 0:8fdf9a60065b | 4674 | } |
| kadonotakashi | 0:8fdf9a60065b | 4675 | |
| kadonotakashi | 0:8fdf9a60065b | 4676 | if( !hs_buf->is_complete ) |
| kadonotakashi | 0:8fdf9a60065b | 4677 | { |
| kadonotakashi | 0:8fdf9a60065b | 4678 | size_t frag_len, frag_off; |
| kadonotakashi | 0:8fdf9a60065b | 4679 | unsigned char * const msg = hs_buf->data + 12; |
| kadonotakashi | 0:8fdf9a60065b | 4680 | |
| kadonotakashi | 0:8fdf9a60065b | 4681 | /* |
| kadonotakashi | 0:8fdf9a60065b | 4682 | * Check and copy current fragment |
| kadonotakashi | 0:8fdf9a60065b | 4683 | */ |
| kadonotakashi | 0:8fdf9a60065b | 4684 | |
| kadonotakashi | 0:8fdf9a60065b | 4685 | /* Validation of header fields already done in |
| kadonotakashi | 0:8fdf9a60065b | 4686 | * mbedtls_ssl_prepare_handshake_record(). */ |
| kadonotakashi | 0:8fdf9a60065b | 4687 | frag_off = ssl_get_hs_frag_off( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4688 | frag_len = ssl_get_hs_frag_len( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4689 | |
| kadonotakashi | 0:8fdf9a60065b | 4690 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d", |
| kadonotakashi | 0:8fdf9a60065b | 4691 | frag_off, frag_len ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4692 | memcpy( msg + frag_off, ssl->in_msg + 12, frag_len ); |
| kadonotakashi | 0:8fdf9a60065b | 4693 | |
| kadonotakashi | 0:8fdf9a60065b | 4694 | if( hs_buf->is_fragmented ) |
| kadonotakashi | 0:8fdf9a60065b | 4695 | { |
| kadonotakashi | 0:8fdf9a60065b | 4696 | unsigned char * const bitmask = msg + msg_len; |
| kadonotakashi | 0:8fdf9a60065b | 4697 | ssl_bitmask_set( bitmask, frag_off, frag_len ); |
| kadonotakashi | 0:8fdf9a60065b | 4698 | hs_buf->is_complete = ( ssl_bitmask_check( bitmask, |
| kadonotakashi | 0:8fdf9a60065b | 4699 | msg_len ) == 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4700 | } |
| kadonotakashi | 0:8fdf9a60065b | 4701 | else |
| kadonotakashi | 0:8fdf9a60065b | 4702 | { |
| kadonotakashi | 0:8fdf9a60065b | 4703 | hs_buf->is_complete = 1; |
| kadonotakashi | 0:8fdf9a60065b | 4704 | } |
| kadonotakashi | 0:8fdf9a60065b | 4705 | |
| kadonotakashi | 0:8fdf9a60065b | 4706 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "message %scomplete", |
| kadonotakashi | 0:8fdf9a60065b | 4707 | hs_buf->is_complete ? "" : "not yet " ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4708 | } |
| kadonotakashi | 0:8fdf9a60065b | 4709 | |
| kadonotakashi | 0:8fdf9a60065b | 4710 | break; |
| kadonotakashi | 0:8fdf9a60065b | 4711 | } |
| kadonotakashi | 0:8fdf9a60065b | 4712 | |
| kadonotakashi | 0:8fdf9a60065b | 4713 | default: |
| kadonotakashi | 0:8fdf9a60065b | 4714 | /* We don't buffer other types of messages. */ |
| kadonotakashi | 0:8fdf9a60065b | 4715 | break; |
| kadonotakashi | 0:8fdf9a60065b | 4716 | } |
| kadonotakashi | 0:8fdf9a60065b | 4717 | |
| kadonotakashi | 0:8fdf9a60065b | 4718 | exit: |
| kadonotakashi | 0:8fdf9a60065b | 4719 | |
| kadonotakashi | 0:8fdf9a60065b | 4720 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_buffer_message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4721 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4722 | } |
| kadonotakashi | 0:8fdf9a60065b | 4723 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 4724 | |
| kadonotakashi | 0:8fdf9a60065b | 4725 | static int ssl_consume_current_message( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 4726 | { |
| kadonotakashi | 0:8fdf9a60065b | 4727 | /* |
| kadonotakashi | 0:8fdf9a60065b | 4728 | * Consume last content-layer message and potentially |
| kadonotakashi | 0:8fdf9a60065b | 4729 | * update in_msglen which keeps track of the contents' |
| kadonotakashi | 0:8fdf9a60065b | 4730 | * consumption state. |
| kadonotakashi | 0:8fdf9a60065b | 4731 | * |
| kadonotakashi | 0:8fdf9a60065b | 4732 | * (1) Handshake messages: |
| kadonotakashi | 0:8fdf9a60065b | 4733 | * Remove last handshake message, move content |
| kadonotakashi | 0:8fdf9a60065b | 4734 | * and adapt in_msglen. |
| kadonotakashi | 0:8fdf9a60065b | 4735 | * |
| kadonotakashi | 0:8fdf9a60065b | 4736 | * (2) Alert messages: |
| kadonotakashi | 0:8fdf9a60065b | 4737 | * Consume whole record content, in_msglen = 0. |
| kadonotakashi | 0:8fdf9a60065b | 4738 | * |
| kadonotakashi | 0:8fdf9a60065b | 4739 | * (3) Change cipher spec: |
| kadonotakashi | 0:8fdf9a60065b | 4740 | * Consume whole record content, in_msglen = 0. |
| kadonotakashi | 0:8fdf9a60065b | 4741 | * |
| kadonotakashi | 0:8fdf9a60065b | 4742 | * (4) Application data: |
| kadonotakashi | 0:8fdf9a60065b | 4743 | * Don't do anything - the record layer provides |
| kadonotakashi | 0:8fdf9a60065b | 4744 | * the application data as a stream transport |
| kadonotakashi | 0:8fdf9a60065b | 4745 | * and consumes through mbedtls_ssl_read only. |
| kadonotakashi | 0:8fdf9a60065b | 4746 | * |
| kadonotakashi | 0:8fdf9a60065b | 4747 | */ |
| kadonotakashi | 0:8fdf9a60065b | 4748 | |
| kadonotakashi | 0:8fdf9a60065b | 4749 | /* Case (1): Handshake messages */ |
| kadonotakashi | 0:8fdf9a60065b | 4750 | if( ssl->in_hslen != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4751 | { |
| kadonotakashi | 0:8fdf9a60065b | 4752 | /* Hard assertion to be sure that no application data |
| kadonotakashi | 0:8fdf9a60065b | 4753 | * is in flight, as corrupting ssl->in_msglen during |
| kadonotakashi | 0:8fdf9a60065b | 4754 | * ssl->in_offt != NULL is fatal. */ |
| kadonotakashi | 0:8fdf9a60065b | 4755 | if( ssl->in_offt != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4756 | { |
| kadonotakashi | 0:8fdf9a60065b | 4757 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4758 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 4759 | } |
| kadonotakashi | 0:8fdf9a60065b | 4760 | |
| kadonotakashi | 0:8fdf9a60065b | 4761 | /* |
| kadonotakashi | 0:8fdf9a60065b | 4762 | * Get next Handshake message in the current record |
| kadonotakashi | 0:8fdf9a60065b | 4763 | */ |
| kadonotakashi | 0:8fdf9a60065b | 4764 | |
| kadonotakashi | 0:8fdf9a60065b | 4765 | /* Notes: |
| kadonotakashi | 0:8fdf9a60065b | 4766 | * (1) in_hslen is not necessarily the size of the |
| kadonotakashi | 0:8fdf9a60065b | 4767 | * current handshake content: If DTLS handshake |
| kadonotakashi | 0:8fdf9a60065b | 4768 | * fragmentation is used, that's the fragment |
| kadonotakashi | 0:8fdf9a60065b | 4769 | * size instead. Using the total handshake message |
| kadonotakashi | 0:8fdf9a60065b | 4770 | * size here is faulty and should be changed at |
| kadonotakashi | 0:8fdf9a60065b | 4771 | * some point. |
| kadonotakashi | 0:8fdf9a60065b | 4772 | * (2) While it doesn't seem to cause problems, one |
| kadonotakashi | 0:8fdf9a60065b | 4773 | * has to be very careful not to assume that in_hslen |
| kadonotakashi | 0:8fdf9a60065b | 4774 | * is always <= in_msglen in a sensible communication. |
| kadonotakashi | 0:8fdf9a60065b | 4775 | * Again, it's wrong for DTLS handshake fragmentation. |
| kadonotakashi | 0:8fdf9a60065b | 4776 | * The following check is therefore mandatory, and |
| kadonotakashi | 0:8fdf9a60065b | 4777 | * should not be treated as a silently corrected assertion. |
| kadonotakashi | 0:8fdf9a60065b | 4778 | * Additionally, ssl->in_hslen might be arbitrarily out of |
| kadonotakashi | 0:8fdf9a60065b | 4779 | * bounds after handling a DTLS message with an unexpected |
| kadonotakashi | 0:8fdf9a60065b | 4780 | * sequence number, see mbedtls_ssl_prepare_handshake_record. |
| kadonotakashi | 0:8fdf9a60065b | 4781 | */ |
| kadonotakashi | 0:8fdf9a60065b | 4782 | if( ssl->in_hslen < ssl->in_msglen ) |
| kadonotakashi | 0:8fdf9a60065b | 4783 | { |
| kadonotakashi | 0:8fdf9a60065b | 4784 | ssl->in_msglen -= ssl->in_hslen; |
| kadonotakashi | 0:8fdf9a60065b | 4785 | memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen, |
| kadonotakashi | 0:8fdf9a60065b | 4786 | ssl->in_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 4787 | |
| kadonotakashi | 0:8fdf9a60065b | 4788 | MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record", |
| kadonotakashi | 0:8fdf9a60065b | 4789 | ssl->in_msg, ssl->in_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 4790 | } |
| kadonotakashi | 0:8fdf9a60065b | 4791 | else |
| kadonotakashi | 0:8fdf9a60065b | 4792 | { |
| kadonotakashi | 0:8fdf9a60065b | 4793 | ssl->in_msglen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 4794 | } |
| kadonotakashi | 0:8fdf9a60065b | 4795 | |
| kadonotakashi | 0:8fdf9a60065b | 4796 | ssl->in_hslen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 4797 | } |
| kadonotakashi | 0:8fdf9a60065b | 4798 | /* Case (4): Application data */ |
| kadonotakashi | 0:8fdf9a60065b | 4799 | else if( ssl->in_offt != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4800 | { |
| kadonotakashi | 0:8fdf9a60065b | 4801 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4802 | } |
| kadonotakashi | 0:8fdf9a60065b | 4803 | /* Everything else (CCS & Alerts) */ |
| kadonotakashi | 0:8fdf9a60065b | 4804 | else |
| kadonotakashi | 0:8fdf9a60065b | 4805 | { |
| kadonotakashi | 0:8fdf9a60065b | 4806 | ssl->in_msglen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 4807 | } |
| kadonotakashi | 0:8fdf9a60065b | 4808 | |
| kadonotakashi | 0:8fdf9a60065b | 4809 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4810 | } |
| kadonotakashi | 0:8fdf9a60065b | 4811 | |
| kadonotakashi | 0:8fdf9a60065b | 4812 | static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 4813 | { |
| kadonotakashi | 0:8fdf9a60065b | 4814 | if( ssl->in_msglen > 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4815 | return( 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 4816 | |
| kadonotakashi | 0:8fdf9a60065b | 4817 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4818 | } |
| kadonotakashi | 0:8fdf9a60065b | 4819 | |
| kadonotakashi | 0:8fdf9a60065b | 4820 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 4821 | |
| kadonotakashi | 0:8fdf9a60065b | 4822 | static void ssl_free_buffered_record( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 4823 | { |
| kadonotakashi | 0:8fdf9a60065b | 4824 | mbedtls_ssl_handshake_params * const hs = ssl->handshake; |
| kadonotakashi | 0:8fdf9a60065b | 4825 | if( hs == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4826 | return; |
| kadonotakashi | 0:8fdf9a60065b | 4827 | |
| kadonotakashi | 0:8fdf9a60065b | 4828 | if( hs->buffering.future_record.data != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4829 | { |
| kadonotakashi | 0:8fdf9a60065b | 4830 | hs->buffering.total_bytes_buffered -= |
| kadonotakashi | 0:8fdf9a60065b | 4831 | hs->buffering.future_record.len; |
| kadonotakashi | 0:8fdf9a60065b | 4832 | |
| kadonotakashi | 0:8fdf9a60065b | 4833 | mbedtls_free( hs->buffering.future_record.data ); |
| kadonotakashi | 0:8fdf9a60065b | 4834 | hs->buffering.future_record.data = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 4835 | } |
| kadonotakashi | 0:8fdf9a60065b | 4836 | } |
| kadonotakashi | 0:8fdf9a60065b | 4837 | |
| kadonotakashi | 0:8fdf9a60065b | 4838 | static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 4839 | { |
| kadonotakashi | 0:8fdf9a60065b | 4840 | mbedtls_ssl_handshake_params * const hs = ssl->handshake; |
| kadonotakashi | 0:8fdf9a60065b | 4841 | unsigned char * rec; |
| kadonotakashi | 0:8fdf9a60065b | 4842 | size_t rec_len; |
| kadonotakashi | 0:8fdf9a60065b | 4843 | unsigned rec_epoch; |
| kadonotakashi | 0:8fdf9a60065b | 4844 | |
| kadonotakashi | 0:8fdf9a60065b | 4845 | if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 4846 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4847 | |
| kadonotakashi | 0:8fdf9a60065b | 4848 | if( hs == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4849 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4850 | |
| kadonotakashi | 0:8fdf9a60065b | 4851 | rec = hs->buffering.future_record.data; |
| kadonotakashi | 0:8fdf9a60065b | 4852 | rec_len = hs->buffering.future_record.len; |
| kadonotakashi | 0:8fdf9a60065b | 4853 | rec_epoch = hs->buffering.future_record.epoch; |
| kadonotakashi | 0:8fdf9a60065b | 4854 | |
| kadonotakashi | 0:8fdf9a60065b | 4855 | if( rec == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4856 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4857 | |
| kadonotakashi | 0:8fdf9a60065b | 4858 | /* Only consider loading future records if the |
| kadonotakashi | 0:8fdf9a60065b | 4859 | * input buffer is empty. */ |
| kadonotakashi | 0:8fdf9a60065b | 4860 | if( ssl_next_record_is_in_datagram( ssl ) == 1 ) |
| kadonotakashi | 0:8fdf9a60065b | 4861 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4862 | |
| kadonotakashi | 0:8fdf9a60065b | 4863 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_record" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4864 | |
| kadonotakashi | 0:8fdf9a60065b | 4865 | if( rec_epoch != ssl->in_epoch ) |
| kadonotakashi | 0:8fdf9a60065b | 4866 | { |
| kadonotakashi | 0:8fdf9a60065b | 4867 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffered record not from current epoch." ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4868 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 4869 | } |
| kadonotakashi | 0:8fdf9a60065b | 4870 | |
| kadonotakashi | 0:8fdf9a60065b | 4871 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Found buffered record from current epoch - load" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4872 | |
| kadonotakashi | 0:8fdf9a60065b | 4873 | /* Double-check that the record is not too large */ |
| kadonotakashi | 0:8fdf9a60065b | 4874 | if( rec_len > MBEDTLS_SSL_IN_BUFFER_LEN - |
| kadonotakashi | 0:8fdf9a60065b | 4875 | (size_t)( ssl->in_hdr - ssl->in_buf ) ) |
| kadonotakashi | 0:8fdf9a60065b | 4876 | { |
| kadonotakashi | 0:8fdf9a60065b | 4877 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4878 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 4879 | } |
| kadonotakashi | 0:8fdf9a60065b | 4880 | |
| kadonotakashi | 0:8fdf9a60065b | 4881 | memcpy( ssl->in_hdr, rec, rec_len ); |
| kadonotakashi | 0:8fdf9a60065b | 4882 | ssl->in_left = rec_len; |
| kadonotakashi | 0:8fdf9a60065b | 4883 | ssl->next_record_offset = 0; |
| kadonotakashi | 0:8fdf9a60065b | 4884 | |
| kadonotakashi | 0:8fdf9a60065b | 4885 | ssl_free_buffered_record( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4886 | |
| kadonotakashi | 0:8fdf9a60065b | 4887 | exit: |
| kadonotakashi | 0:8fdf9a60065b | 4888 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_record" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4889 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4890 | } |
| kadonotakashi | 0:8fdf9a60065b | 4891 | |
| kadonotakashi | 0:8fdf9a60065b | 4892 | static int ssl_buffer_future_record( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 4893 | { |
| kadonotakashi | 0:8fdf9a60065b | 4894 | mbedtls_ssl_handshake_params * const hs = ssl->handshake; |
| kadonotakashi | 0:8fdf9a60065b | 4895 | size_t const rec_hdr_len = 13; |
| kadonotakashi | 0:8fdf9a60065b | 4896 | size_t const total_buf_sz = rec_hdr_len + ssl->in_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 4897 | |
| kadonotakashi | 0:8fdf9a60065b | 4898 | /* Don't buffer future records outside handshakes. */ |
| kadonotakashi | 0:8fdf9a60065b | 4899 | if( hs == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4900 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4901 | |
| kadonotakashi | 0:8fdf9a60065b | 4902 | /* Only buffer handshake records (we are only interested |
| kadonotakashi | 0:8fdf9a60065b | 4903 | * in Finished messages). */ |
| kadonotakashi | 0:8fdf9a60065b | 4904 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
| kadonotakashi | 0:8fdf9a60065b | 4905 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4906 | |
| kadonotakashi | 0:8fdf9a60065b | 4907 | /* Don't buffer more than one future epoch record. */ |
| kadonotakashi | 0:8fdf9a60065b | 4908 | if( hs->buffering.future_record.data != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4909 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4910 | |
| kadonotakashi | 0:8fdf9a60065b | 4911 | /* Don't buffer record if there's not enough buffering space remaining. */ |
| kadonotakashi | 0:8fdf9a60065b | 4912 | if( total_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - |
| kadonotakashi | 0:8fdf9a60065b | 4913 | hs->buffering.total_bytes_buffered ) ) |
| kadonotakashi | 0:8fdf9a60065b | 4914 | { |
| kadonotakashi | 0:8fdf9a60065b | 4915 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n", |
| kadonotakashi | 0:8fdf9a60065b | 4916 | (unsigned) total_buf_sz, MBEDTLS_SSL_DTLS_MAX_BUFFERING, |
| kadonotakashi | 0:8fdf9a60065b | 4917 | (unsigned) hs->buffering.total_bytes_buffered ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4918 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4919 | } |
| kadonotakashi | 0:8fdf9a60065b | 4920 | |
| kadonotakashi | 0:8fdf9a60065b | 4921 | /* Buffer record */ |
| kadonotakashi | 0:8fdf9a60065b | 4922 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u", |
| kadonotakashi | 0:8fdf9a60065b | 4923 | ssl->in_epoch + 1 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4924 | MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", ssl->in_hdr, |
| kadonotakashi | 0:8fdf9a60065b | 4925 | rec_hdr_len + ssl->in_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 4926 | |
| kadonotakashi | 0:8fdf9a60065b | 4927 | /* ssl_parse_record_header() only considers records |
| kadonotakashi | 0:8fdf9a60065b | 4928 | * of the next epoch as candidates for buffering. */ |
| kadonotakashi | 0:8fdf9a60065b | 4929 | hs->buffering.future_record.epoch = ssl->in_epoch + 1; |
| kadonotakashi | 0:8fdf9a60065b | 4930 | hs->buffering.future_record.len = total_buf_sz; |
| kadonotakashi | 0:8fdf9a60065b | 4931 | |
| kadonotakashi | 0:8fdf9a60065b | 4932 | hs->buffering.future_record.data = |
| kadonotakashi | 0:8fdf9a60065b | 4933 | mbedtls_calloc( 1, hs->buffering.future_record.len ); |
| kadonotakashi | 0:8fdf9a60065b | 4934 | if( hs->buffering.future_record.data == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 4935 | { |
| kadonotakashi | 0:8fdf9a60065b | 4936 | /* If we run out of RAM trying to buffer a |
| kadonotakashi | 0:8fdf9a60065b | 4937 | * record from the next epoch, just ignore. */ |
| kadonotakashi | 0:8fdf9a60065b | 4938 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4939 | } |
| kadonotakashi | 0:8fdf9a60065b | 4940 | |
| kadonotakashi | 0:8fdf9a60065b | 4941 | memcpy( hs->buffering.future_record.data, ssl->in_hdr, total_buf_sz ); |
| kadonotakashi | 0:8fdf9a60065b | 4942 | |
| kadonotakashi | 0:8fdf9a60065b | 4943 | hs->buffering.total_bytes_buffered += total_buf_sz; |
| kadonotakashi | 0:8fdf9a60065b | 4944 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 4945 | } |
| kadonotakashi | 0:8fdf9a60065b | 4946 | |
| kadonotakashi | 0:8fdf9a60065b | 4947 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 4948 | |
| kadonotakashi | 0:8fdf9a60065b | 4949 | static int ssl_get_next_record( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 4950 | { |
| kadonotakashi | 0:8fdf9a60065b | 4951 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 4952 | |
| kadonotakashi | 0:8fdf9a60065b | 4953 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 4954 | /* We might have buffered a future record; if so, |
| kadonotakashi | 0:8fdf9a60065b | 4955 | * and if the epoch matches now, load it. |
| kadonotakashi | 0:8fdf9a60065b | 4956 | * On success, this call will set ssl->in_left to |
| kadonotakashi | 0:8fdf9a60065b | 4957 | * the length of the buffered record, so that |
| kadonotakashi | 0:8fdf9a60065b | 4958 | * the calls to ssl_fetch_input() below will |
| kadonotakashi | 0:8fdf9a60065b | 4959 | * essentially be no-ops. */ |
| kadonotakashi | 0:8fdf9a60065b | 4960 | ret = ssl_load_buffered_record( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4961 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4962 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4963 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 4964 | |
| kadonotakashi | 0:8fdf9a60065b | 4965 | if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4966 | { |
| kadonotakashi | 0:8fdf9a60065b | 4967 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4968 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4969 | } |
| kadonotakashi | 0:8fdf9a60065b | 4970 | |
| kadonotakashi | 0:8fdf9a60065b | 4971 | if( ( ret = ssl_parse_record_header( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4972 | { |
| kadonotakashi | 0:8fdf9a60065b | 4973 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 4974 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| kadonotakashi | 0:8fdf9a60065b | 4975 | ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT ) |
| kadonotakashi | 0:8fdf9a60065b | 4976 | { |
| kadonotakashi | 0:8fdf9a60065b | 4977 | if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE ) |
| kadonotakashi | 0:8fdf9a60065b | 4978 | { |
| kadonotakashi | 0:8fdf9a60065b | 4979 | ret = ssl_buffer_future_record( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4980 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 4981 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 4982 | |
| kadonotakashi | 0:8fdf9a60065b | 4983 | /* Fall through to handling of unexpected records */ |
| kadonotakashi | 0:8fdf9a60065b | 4984 | ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; |
| kadonotakashi | 0:8fdf9a60065b | 4985 | } |
| kadonotakashi | 0:8fdf9a60065b | 4986 | |
| kadonotakashi | 0:8fdf9a60065b | 4987 | if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ) |
| kadonotakashi | 0:8fdf9a60065b | 4988 | { |
| kadonotakashi | 0:8fdf9a60065b | 4989 | /* Skip unexpected record (but not whole datagram) */ |
| kadonotakashi | 0:8fdf9a60065b | 4990 | ssl->next_record_offset = ssl->in_msglen |
| kadonotakashi | 0:8fdf9a60065b | 4991 | + mbedtls_ssl_hdr_len( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 4992 | |
| kadonotakashi | 0:8fdf9a60065b | 4993 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record " |
| kadonotakashi | 0:8fdf9a60065b | 4994 | "(header)" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 4995 | } |
| kadonotakashi | 0:8fdf9a60065b | 4996 | else |
| kadonotakashi | 0:8fdf9a60065b | 4997 | { |
| kadonotakashi | 0:8fdf9a60065b | 4998 | /* Skip invalid record and the rest of the datagram */ |
| kadonotakashi | 0:8fdf9a60065b | 4999 | ssl->next_record_offset = 0; |
| kadonotakashi | 0:8fdf9a60065b | 5000 | ssl->in_left = 0; |
| kadonotakashi | 0:8fdf9a60065b | 5001 | |
| kadonotakashi | 0:8fdf9a60065b | 5002 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record " |
| kadonotakashi | 0:8fdf9a60065b | 5003 | "(header)" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5004 | } |
| kadonotakashi | 0:8fdf9a60065b | 5005 | |
| kadonotakashi | 0:8fdf9a60065b | 5006 | /* Get next record */ |
| kadonotakashi | 0:8fdf9a60065b | 5007 | return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); |
| kadonotakashi | 0:8fdf9a60065b | 5008 | } |
| kadonotakashi | 0:8fdf9a60065b | 5009 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5010 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5011 | } |
| kadonotakashi | 0:8fdf9a60065b | 5012 | |
| kadonotakashi | 0:8fdf9a60065b | 5013 | /* |
| kadonotakashi | 0:8fdf9a60065b | 5014 | * Read and optionally decrypt the message contents |
| kadonotakashi | 0:8fdf9a60065b | 5015 | */ |
| kadonotakashi | 0:8fdf9a60065b | 5016 | if( ( ret = mbedtls_ssl_fetch_input( ssl, |
| kadonotakashi | 0:8fdf9a60065b | 5017 | mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5018 | { |
| kadonotakashi | 0:8fdf9a60065b | 5019 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5020 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5021 | } |
| kadonotakashi | 0:8fdf9a60065b | 5022 | |
| kadonotakashi | 0:8fdf9a60065b | 5023 | /* Done reading this record, get ready for the next one */ |
| kadonotakashi | 0:8fdf9a60065b | 5024 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 5025 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 5026 | { |
| kadonotakashi | 0:8fdf9a60065b | 5027 | ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 5028 | if( ssl->next_record_offset < ssl->in_left ) |
| kadonotakashi | 0:8fdf9a60065b | 5029 | { |
| kadonotakashi | 0:8fdf9a60065b | 5030 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5031 | } |
| kadonotakashi | 0:8fdf9a60065b | 5032 | } |
| kadonotakashi | 0:8fdf9a60065b | 5033 | else |
| kadonotakashi | 0:8fdf9a60065b | 5034 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5035 | ssl->in_left = 0; |
| kadonotakashi | 0:8fdf9a60065b | 5036 | |
| kadonotakashi | 0:8fdf9a60065b | 5037 | if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5038 | { |
| kadonotakashi | 0:8fdf9a60065b | 5039 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 5040 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 5041 | { |
| kadonotakashi | 0:8fdf9a60065b | 5042 | /* Silently discard invalid records */ |
| kadonotakashi | 0:8fdf9a60065b | 5043 | if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD || |
| kadonotakashi | 0:8fdf9a60065b | 5044 | ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
| kadonotakashi | 0:8fdf9a60065b | 5045 | { |
| kadonotakashi | 0:8fdf9a60065b | 5046 | /* Except when waiting for Finished as a bad mac here |
| kadonotakashi | 0:8fdf9a60065b | 5047 | * probably means something went wrong in the handshake |
| kadonotakashi | 0:8fdf9a60065b | 5048 | * (eg wrong psk used, mitm downgrade attempt, etc.) */ |
| kadonotakashi | 0:8fdf9a60065b | 5049 | if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED || |
| kadonotakashi | 0:8fdf9a60065b | 5050 | ssl->state == MBEDTLS_SSL_SERVER_FINISHED ) |
| kadonotakashi | 0:8fdf9a60065b | 5051 | { |
| kadonotakashi | 0:8fdf9a60065b | 5052 | #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) |
| kadonotakashi | 0:8fdf9a60065b | 5053 | if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
| kadonotakashi | 0:8fdf9a60065b | 5054 | { |
| kadonotakashi | 0:8fdf9a60065b | 5055 | mbedtls_ssl_send_alert_message( ssl, |
| kadonotakashi | 0:8fdf9a60065b | 5056 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5057 | MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); |
| kadonotakashi | 0:8fdf9a60065b | 5058 | } |
| kadonotakashi | 0:8fdf9a60065b | 5059 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5060 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5061 | } |
| kadonotakashi | 0:8fdf9a60065b | 5062 | |
| kadonotakashi | 0:8fdf9a60065b | 5063 | #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) |
| kadonotakashi | 0:8fdf9a60065b | 5064 | if( ssl->conf->badmac_limit != 0 && |
| kadonotakashi | 0:8fdf9a60065b | 5065 | ++ssl->badmac_seen >= ssl->conf->badmac_limit ) |
| kadonotakashi | 0:8fdf9a60065b | 5066 | { |
| kadonotakashi | 0:8fdf9a60065b | 5067 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5068 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| kadonotakashi | 0:8fdf9a60065b | 5069 | } |
| kadonotakashi | 0:8fdf9a60065b | 5070 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5071 | |
| kadonotakashi | 0:8fdf9a60065b | 5072 | /* As above, invalid records cause |
| kadonotakashi | 0:8fdf9a60065b | 5073 | * dismissal of the whole datagram. */ |
| kadonotakashi | 0:8fdf9a60065b | 5074 | |
| kadonotakashi | 0:8fdf9a60065b | 5075 | ssl->next_record_offset = 0; |
| kadonotakashi | 0:8fdf9a60065b | 5076 | ssl->in_left = 0; |
| kadonotakashi | 0:8fdf9a60065b | 5077 | |
| kadonotakashi | 0:8fdf9a60065b | 5078 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5079 | return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); |
| kadonotakashi | 0:8fdf9a60065b | 5080 | } |
| kadonotakashi | 0:8fdf9a60065b | 5081 | |
| kadonotakashi | 0:8fdf9a60065b | 5082 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5083 | } |
| kadonotakashi | 0:8fdf9a60065b | 5084 | else |
| kadonotakashi | 0:8fdf9a60065b | 5085 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5086 | { |
| kadonotakashi | 0:8fdf9a60065b | 5087 | /* Error out (and send alert) on invalid records */ |
| kadonotakashi | 0:8fdf9a60065b | 5088 | #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) |
| kadonotakashi | 0:8fdf9a60065b | 5089 | if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
| kadonotakashi | 0:8fdf9a60065b | 5090 | { |
| kadonotakashi | 0:8fdf9a60065b | 5091 | mbedtls_ssl_send_alert_message( ssl, |
| kadonotakashi | 0:8fdf9a60065b | 5092 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5093 | MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); |
| kadonotakashi | 0:8fdf9a60065b | 5094 | } |
| kadonotakashi | 0:8fdf9a60065b | 5095 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5096 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5097 | } |
| kadonotakashi | 0:8fdf9a60065b | 5098 | } |
| kadonotakashi | 0:8fdf9a60065b | 5099 | |
| kadonotakashi | 0:8fdf9a60065b | 5100 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5101 | } |
| kadonotakashi | 0:8fdf9a60065b | 5102 | |
| kadonotakashi | 0:8fdf9a60065b | 5103 | int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 5104 | { |
| kadonotakashi | 0:8fdf9a60065b | 5105 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 5106 | |
| kadonotakashi | 0:8fdf9a60065b | 5107 | /* |
| kadonotakashi | 0:8fdf9a60065b | 5108 | * Handle particular types of records |
| kadonotakashi | 0:8fdf9a60065b | 5109 | */ |
| kadonotakashi | 0:8fdf9a60065b | 5110 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
| kadonotakashi | 0:8fdf9a60065b | 5111 | { |
| kadonotakashi | 0:8fdf9a60065b | 5112 | if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5113 | { |
| kadonotakashi | 0:8fdf9a60065b | 5114 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5115 | } |
| kadonotakashi | 0:8fdf9a60065b | 5116 | } |
| kadonotakashi | 0:8fdf9a60065b | 5117 | |
| kadonotakashi | 0:8fdf9a60065b | 5118 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) |
| kadonotakashi | 0:8fdf9a60065b | 5119 | { |
| kadonotakashi | 0:8fdf9a60065b | 5120 | if( ssl->in_msglen != 1 ) |
| kadonotakashi | 0:8fdf9a60065b | 5121 | { |
| kadonotakashi | 0:8fdf9a60065b | 5122 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %d", |
| kadonotakashi | 0:8fdf9a60065b | 5123 | ssl->in_msglen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5124 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 5125 | } |
| kadonotakashi | 0:8fdf9a60065b | 5126 | |
| kadonotakashi | 0:8fdf9a60065b | 5127 | if( ssl->in_msg[0] != 1 ) |
| kadonotakashi | 0:8fdf9a60065b | 5128 | { |
| kadonotakashi | 0:8fdf9a60065b | 5129 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, content: %02x", |
| kadonotakashi | 0:8fdf9a60065b | 5130 | ssl->in_msg[0] ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5131 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 5132 | } |
| kadonotakashi | 0:8fdf9a60065b | 5133 | |
| kadonotakashi | 0:8fdf9a60065b | 5134 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 5135 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| kadonotakashi | 0:8fdf9a60065b | 5136 | ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && |
| kadonotakashi | 0:8fdf9a60065b | 5137 | ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) |
| kadonotakashi | 0:8fdf9a60065b | 5138 | { |
| kadonotakashi | 0:8fdf9a60065b | 5139 | if( ssl->handshake == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 5140 | { |
| kadonotakashi | 0:8fdf9a60065b | 5141 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping ChangeCipherSpec outside handshake" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5142 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 5143 | } |
| kadonotakashi | 0:8fdf9a60065b | 5144 | |
| kadonotakashi | 0:8fdf9a60065b | 5145 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "received out-of-order ChangeCipherSpec - remember" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5146 | return( MBEDTLS_ERR_SSL_EARLY_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 5147 | } |
| kadonotakashi | 0:8fdf9a60065b | 5148 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5149 | } |
| kadonotakashi | 0:8fdf9a60065b | 5150 | |
| kadonotakashi | 0:8fdf9a60065b | 5151 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) |
| kadonotakashi | 0:8fdf9a60065b | 5152 | { |
| kadonotakashi | 0:8fdf9a60065b | 5153 | if( ssl->in_msglen != 2 ) |
| kadonotakashi | 0:8fdf9a60065b | 5154 | { |
| kadonotakashi | 0:8fdf9a60065b | 5155 | /* Note: Standard allows for more than one 2 byte alert |
| kadonotakashi | 0:8fdf9a60065b | 5156 | to be packed in a single message, but Mbed TLS doesn't |
| kadonotakashi | 0:8fdf9a60065b | 5157 | currently support this. */ |
| kadonotakashi | 0:8fdf9a60065b | 5158 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d", |
| kadonotakashi | 0:8fdf9a60065b | 5159 | ssl->in_msglen ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5160 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| kadonotakashi | 0:8fdf9a60065b | 5161 | } |
| kadonotakashi | 0:8fdf9a60065b | 5162 | |
| kadonotakashi | 0:8fdf9a60065b | 5163 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]", |
| kadonotakashi | 0:8fdf9a60065b | 5164 | ssl->in_msg[0], ssl->in_msg[1] ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5165 | |
| kadonotakashi | 0:8fdf9a60065b | 5166 | /* |
| kadonotakashi | 0:8fdf9a60065b | 5167 | * Ignore non-fatal alerts, except close_notify and no_renegotiation |
| kadonotakashi | 0:8fdf9a60065b | 5168 | */ |
| kadonotakashi | 0:8fdf9a60065b | 5169 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL ) |
| kadonotakashi | 0:8fdf9a60065b | 5170 | { |
| kadonotakashi | 0:8fdf9a60065b | 5171 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)", |
| kadonotakashi | 0:8fdf9a60065b | 5172 | ssl->in_msg[1] ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5173 | return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 5174 | } |
| kadonotakashi | 0:8fdf9a60065b | 5175 | |
| kadonotakashi | 0:8fdf9a60065b | 5176 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
| kadonotakashi | 0:8fdf9a60065b | 5177 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) |
| kadonotakashi | 0:8fdf9a60065b | 5178 | { |
| kadonotakashi | 0:8fdf9a60065b | 5179 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5180 | return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ); |
| kadonotakashi | 0:8fdf9a60065b | 5181 | } |
| kadonotakashi | 0:8fdf9a60065b | 5182 | |
| kadonotakashi | 0:8fdf9a60065b | 5183 | #if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 5184 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
| kadonotakashi | 0:8fdf9a60065b | 5185 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) |
| kadonotakashi | 0:8fdf9a60065b | 5186 | { |
| kadonotakashi | 0:8fdf9a60065b | 5187 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no renegotiation alert" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5188 | /* Will be handled when trying to parse ServerHello */ |
| kadonotakashi | 0:8fdf9a60065b | 5189 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5190 | } |
| kadonotakashi | 0:8fdf9a60065b | 5191 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5192 | |
| kadonotakashi | 0:8fdf9a60065b | 5193 | #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 5194 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && |
| kadonotakashi | 0:8fdf9a60065b | 5195 | ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| kadonotakashi | 0:8fdf9a60065b | 5196 | ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
| kadonotakashi | 0:8fdf9a60065b | 5197 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) |
| kadonotakashi | 0:8fdf9a60065b | 5198 | { |
| kadonotakashi | 0:8fdf9a60065b | 5199 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5200 | /* Will be handled in mbedtls_ssl_parse_certificate() */ |
| kadonotakashi | 0:8fdf9a60065b | 5201 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5202 | } |
| kadonotakashi | 0:8fdf9a60065b | 5203 | #endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ |
| kadonotakashi | 0:8fdf9a60065b | 5204 | |
| kadonotakashi | 0:8fdf9a60065b | 5205 | /* Silently ignore: fetch new message */ |
| kadonotakashi | 0:8fdf9a60065b | 5206 | return MBEDTLS_ERR_SSL_NON_FATAL; |
| kadonotakashi | 0:8fdf9a60065b | 5207 | } |
| kadonotakashi | 0:8fdf9a60065b | 5208 | |
| kadonotakashi | 0:8fdf9a60065b | 5209 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 5210 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| kadonotakashi | 0:8fdf9a60065b | 5211 | ssl->handshake != NULL && |
| kadonotakashi | 0:8fdf9a60065b | 5212 | ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
| kadonotakashi | 0:8fdf9a60065b | 5213 | { |
| kadonotakashi | 0:8fdf9a60065b | 5214 | ssl_handshake_wrapup_free_hs_transform( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 5215 | } |
| kadonotakashi | 0:8fdf9a60065b | 5216 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5217 | |
| kadonotakashi | 0:8fdf9a60065b | 5218 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5219 | } |
| kadonotakashi | 0:8fdf9a60065b | 5220 | |
| kadonotakashi | 0:8fdf9a60065b | 5221 | int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 5222 | { |
| kadonotakashi | 0:8fdf9a60065b | 5223 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 5224 | |
| kadonotakashi | 0:8fdf9a60065b | 5225 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
| kadonotakashi | 0:8fdf9a60065b | 5226 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5227 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5228 | { |
| kadonotakashi | 0:8fdf9a60065b | 5229 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5230 | } |
| kadonotakashi | 0:8fdf9a60065b | 5231 | |
| kadonotakashi | 0:8fdf9a60065b | 5232 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5233 | } |
| kadonotakashi | 0:8fdf9a60065b | 5234 | |
| kadonotakashi | 0:8fdf9a60065b | 5235 | int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 5236 | unsigned char level, |
| kadonotakashi | 0:8fdf9a60065b | 5237 | unsigned char message ) |
| kadonotakashi | 0:8fdf9a60065b | 5238 | { |
| kadonotakashi | 0:8fdf9a60065b | 5239 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 5240 | |
| kadonotakashi | 0:8fdf9a60065b | 5241 | if( ssl == NULL || ssl->conf == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 5242 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 5243 | |
| kadonotakashi | 0:8fdf9a60065b | 5244 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5245 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message )); |
| kadonotakashi | 0:8fdf9a60065b | 5246 | |
| kadonotakashi | 0:8fdf9a60065b | 5247 | ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; |
| kadonotakashi | 0:8fdf9a60065b | 5248 | ssl->out_msglen = 2; |
| kadonotakashi | 0:8fdf9a60065b | 5249 | ssl->out_msg[0] = level; |
| kadonotakashi | 0:8fdf9a60065b | 5250 | ssl->out_msg[1] = message; |
| kadonotakashi | 0:8fdf9a60065b | 5251 | |
| kadonotakashi | 0:8fdf9a60065b | 5252 | if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5253 | { |
| kadonotakashi | 0:8fdf9a60065b | 5254 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5255 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5256 | } |
| kadonotakashi | 0:8fdf9a60065b | 5257 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5258 | |
| kadonotakashi | 0:8fdf9a60065b | 5259 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5260 | } |
| kadonotakashi | 0:8fdf9a60065b | 5261 | |
| kadonotakashi | 0:8fdf9a60065b | 5262 | /* |
| kadonotakashi | 0:8fdf9a60065b | 5263 | * Handshake functions |
| kadonotakashi | 0:8fdf9a60065b | 5264 | */ |
| kadonotakashi | 0:8fdf9a60065b | 5265 | #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ |
| kadonotakashi | 0:8fdf9a60065b | 5266 | !defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ |
| kadonotakashi | 0:8fdf9a60065b | 5267 | !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ |
| kadonotakashi | 0:8fdf9a60065b | 5268 | !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ |
| kadonotakashi | 0:8fdf9a60065b | 5269 | !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ |
| kadonotakashi | 0:8fdf9a60065b | 5270 | !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ |
| kadonotakashi | 0:8fdf9a60065b | 5271 | !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 5272 | /* No certificate support -> dummy functions */ |
| kadonotakashi | 0:8fdf9a60065b | 5273 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 5274 | { |
| kadonotakashi | 0:8fdf9a60065b | 5275 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
| kadonotakashi | 0:8fdf9a60065b | 5276 | |
| kadonotakashi | 0:8fdf9a60065b | 5277 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5278 | |
| kadonotakashi | 0:8fdf9a60065b | 5279 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
| kadonotakashi | 0:8fdf9a60065b | 5280 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
| kadonotakashi | 0:8fdf9a60065b | 5281 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
| kadonotakashi | 0:8fdf9a60065b | 5282 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
| kadonotakashi | 0:8fdf9a60065b | 5283 | { |
| kadonotakashi | 0:8fdf9a60065b | 5284 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5285 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 5286 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5287 | } |
| kadonotakashi | 0:8fdf9a60065b | 5288 | |
| kadonotakashi | 0:8fdf9a60065b | 5289 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5290 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 5291 | } |
| kadonotakashi | 0:8fdf9a60065b | 5292 | |
| kadonotakashi | 0:8fdf9a60065b | 5293 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 5294 | { |
| kadonotakashi | 0:8fdf9a60065b | 5295 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
| kadonotakashi | 0:8fdf9a60065b | 5296 | |
| kadonotakashi | 0:8fdf9a60065b | 5297 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5298 | |
| kadonotakashi | 0:8fdf9a60065b | 5299 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
| kadonotakashi | 0:8fdf9a60065b | 5300 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
| kadonotakashi | 0:8fdf9a60065b | 5301 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
| kadonotakashi | 0:8fdf9a60065b | 5302 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
| kadonotakashi | 0:8fdf9a60065b | 5303 | { |
| kadonotakashi | 0:8fdf9a60065b | 5304 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5305 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 5306 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5307 | } |
| kadonotakashi | 0:8fdf9a60065b | 5308 | |
| kadonotakashi | 0:8fdf9a60065b | 5309 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5310 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 5311 | } |
| kadonotakashi | 0:8fdf9a60065b | 5312 | |
| kadonotakashi | 0:8fdf9a60065b | 5313 | #else |
| kadonotakashi | 0:8fdf9a60065b | 5314 | /* Some certificate support -> implement write and parse */ |
| kadonotakashi | 0:8fdf9a60065b | 5315 | |
| kadonotakashi | 0:8fdf9a60065b | 5316 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 5317 | { |
| kadonotakashi | 0:8fdf9a60065b | 5318 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
| kadonotakashi | 0:8fdf9a60065b | 5319 | size_t i, n; |
| kadonotakashi | 0:8fdf9a60065b | 5320 | const mbedtls_x509_crt *crt; |
| kadonotakashi | 0:8fdf9a60065b | 5321 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
| kadonotakashi | 0:8fdf9a60065b | 5322 | |
| kadonotakashi | 0:8fdf9a60065b | 5323 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5324 | |
| kadonotakashi | 0:8fdf9a60065b | 5325 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
| kadonotakashi | 0:8fdf9a60065b | 5326 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
| kadonotakashi | 0:8fdf9a60065b | 5327 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
| kadonotakashi | 0:8fdf9a60065b | 5328 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
| kadonotakashi | 0:8fdf9a60065b | 5329 | { |
| kadonotakashi | 0:8fdf9a60065b | 5330 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5331 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 5332 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5333 | } |
| kadonotakashi | 0:8fdf9a60065b | 5334 | |
| kadonotakashi | 0:8fdf9a60065b | 5335 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 5336 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| kadonotakashi | 0:8fdf9a60065b | 5337 | { |
| kadonotakashi | 0:8fdf9a60065b | 5338 | if( ssl->client_auth == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5339 | { |
| kadonotakashi | 0:8fdf9a60065b | 5340 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5341 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 5342 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5343 | } |
| kadonotakashi | 0:8fdf9a60065b | 5344 | |
| kadonotakashi | 0:8fdf9a60065b | 5345 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 5346 | /* |
| kadonotakashi | 0:8fdf9a60065b | 5347 | * If using SSLv3 and got no cert, send an Alert message |
| kadonotakashi | 0:8fdf9a60065b | 5348 | * (otherwise an empty Certificate message will be sent). |
| kadonotakashi | 0:8fdf9a60065b | 5349 | */ |
| kadonotakashi | 0:8fdf9a60065b | 5350 | if( mbedtls_ssl_own_cert( ssl ) == NULL && |
| kadonotakashi | 0:8fdf9a60065b | 5351 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5352 | { |
| kadonotakashi | 0:8fdf9a60065b | 5353 | ssl->out_msglen = 2; |
| kadonotakashi | 0:8fdf9a60065b | 5354 | ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; |
| kadonotakashi | 0:8fdf9a60065b | 5355 | ssl->out_msg[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING; |
| kadonotakashi | 0:8fdf9a60065b | 5356 | ssl->out_msg[1] = MBEDTLS_SSL_ALERT_MSG_NO_CERT; |
| kadonotakashi | 0:8fdf9a60065b | 5357 | |
| kadonotakashi | 0:8fdf9a60065b | 5358 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5359 | goto write_msg; |
| kadonotakashi | 0:8fdf9a60065b | 5360 | } |
| kadonotakashi | 0:8fdf9a60065b | 5361 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| kadonotakashi | 0:8fdf9a60065b | 5362 | } |
| kadonotakashi | 0:8fdf9a60065b | 5363 | #endif /* MBEDTLS_SSL_CLI_C */ |
| kadonotakashi | 0:8fdf9a60065b | 5364 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 5365 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| kadonotakashi | 0:8fdf9a60065b | 5366 | { |
| kadonotakashi | 0:8fdf9a60065b | 5367 | if( mbedtls_ssl_own_cert( ssl ) == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 5368 | { |
| kadonotakashi | 0:8fdf9a60065b | 5369 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5370 | return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED ); |
| kadonotakashi | 0:8fdf9a60065b | 5371 | } |
| kadonotakashi | 0:8fdf9a60065b | 5372 | } |
| kadonotakashi | 0:8fdf9a60065b | 5373 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5374 | |
| kadonotakashi | 0:8fdf9a60065b | 5375 | MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5376 | |
| kadonotakashi | 0:8fdf9a60065b | 5377 | /* |
| kadonotakashi | 0:8fdf9a60065b | 5378 | * 0 . 0 handshake type |
| kadonotakashi | 0:8fdf9a60065b | 5379 | * 1 . 3 handshake length |
| kadonotakashi | 0:8fdf9a60065b | 5380 | * 4 . 6 length of all certs |
| kadonotakashi | 0:8fdf9a60065b | 5381 | * 7 . 9 length of cert. 1 |
| kadonotakashi | 0:8fdf9a60065b | 5382 | * 10 . n-1 peer certificate |
| kadonotakashi | 0:8fdf9a60065b | 5383 | * n . n+2 length of cert. 2 |
| kadonotakashi | 0:8fdf9a60065b | 5384 | * n+3 . ... upper level cert, etc. |
| kadonotakashi | 0:8fdf9a60065b | 5385 | */ |
| kadonotakashi | 0:8fdf9a60065b | 5386 | i = 7; |
| kadonotakashi | 0:8fdf9a60065b | 5387 | crt = mbedtls_ssl_own_cert( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 5388 | |
| kadonotakashi | 0:8fdf9a60065b | 5389 | while( crt != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 5390 | { |
| kadonotakashi | 0:8fdf9a60065b | 5391 | n = crt->raw.len; |
| kadonotakashi | 0:8fdf9a60065b | 5392 | if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i ) |
| kadonotakashi | 0:8fdf9a60065b | 5393 | { |
| kadonotakashi | 0:8fdf9a60065b | 5394 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d", |
| kadonotakashi | 0:8fdf9a60065b | 5395 | i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5396 | return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); |
| kadonotakashi | 0:8fdf9a60065b | 5397 | } |
| kadonotakashi | 0:8fdf9a60065b | 5398 | |
| kadonotakashi | 0:8fdf9a60065b | 5399 | ssl->out_msg[i ] = (unsigned char)( n >> 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 5400 | ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 5401 | ssl->out_msg[i + 2] = (unsigned char)( n ); |
| kadonotakashi | 0:8fdf9a60065b | 5402 | |
| kadonotakashi | 0:8fdf9a60065b | 5403 | i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); |
| kadonotakashi | 0:8fdf9a60065b | 5404 | i += n; crt = crt->next; |
| kadonotakashi | 0:8fdf9a60065b | 5405 | } |
| kadonotakashi | 0:8fdf9a60065b | 5406 | |
| kadonotakashi | 0:8fdf9a60065b | 5407 | ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 5408 | ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 5409 | ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5410 | |
| kadonotakashi | 0:8fdf9a60065b | 5411 | ssl->out_msglen = i; |
| kadonotakashi | 0:8fdf9a60065b | 5412 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
| kadonotakashi | 0:8fdf9a60065b | 5413 | ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; |
| kadonotakashi | 0:8fdf9a60065b | 5414 | |
| kadonotakashi | 0:8fdf9a60065b | 5415 | #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 5416 | write_msg: |
| kadonotakashi | 0:8fdf9a60065b | 5417 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5418 | |
| kadonotakashi | 0:8fdf9a60065b | 5419 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 5420 | |
| kadonotakashi | 0:8fdf9a60065b | 5421 | if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5422 | { |
| kadonotakashi | 0:8fdf9a60065b | 5423 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5424 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5425 | } |
| kadonotakashi | 0:8fdf9a60065b | 5426 | |
| kadonotakashi | 0:8fdf9a60065b | 5427 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5428 | |
| kadonotakashi | 0:8fdf9a60065b | 5429 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5430 | } |
| kadonotakashi | 0:8fdf9a60065b | 5431 | |
| kadonotakashi | 0:8fdf9a60065b | 5432 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 5433 | { |
| kadonotakashi | 0:8fdf9a60065b | 5434 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
| kadonotakashi | 0:8fdf9a60065b | 5435 | size_t i, n; |
| kadonotakashi | 0:8fdf9a60065b | 5436 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
| kadonotakashi | 0:8fdf9a60065b | 5437 | int authmode = ssl->conf->authmode; |
| kadonotakashi | 0:8fdf9a60065b | 5438 | uint8_t alert; |
| kadonotakashi | 0:8fdf9a60065b | 5439 | |
| kadonotakashi | 0:8fdf9a60065b | 5440 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5441 | |
| kadonotakashi | 0:8fdf9a60065b | 5442 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
| kadonotakashi | 0:8fdf9a60065b | 5443 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
| kadonotakashi | 0:8fdf9a60065b | 5444 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
| kadonotakashi | 0:8fdf9a60065b | 5445 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
| kadonotakashi | 0:8fdf9a60065b | 5446 | { |
| kadonotakashi | 0:8fdf9a60065b | 5447 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5448 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 5449 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5450 | } |
| kadonotakashi | 0:8fdf9a60065b | 5451 | |
| kadonotakashi | 0:8fdf9a60065b | 5452 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 5453 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| kadonotakashi | 0:8fdf9a60065b | 5454 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) |
| kadonotakashi | 0:8fdf9a60065b | 5455 | { |
| kadonotakashi | 0:8fdf9a60065b | 5456 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5457 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 5458 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5459 | } |
| kadonotakashi | 0:8fdf9a60065b | 5460 | |
| kadonotakashi | 0:8fdf9a60065b | 5461 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| kadonotakashi | 0:8fdf9a60065b | 5462 | if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ) |
| kadonotakashi | 0:8fdf9a60065b | 5463 | authmode = ssl->handshake->sni_authmode; |
| kadonotakashi | 0:8fdf9a60065b | 5464 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5465 | |
| kadonotakashi | 0:8fdf9a60065b | 5466 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| kadonotakashi | 0:8fdf9a60065b | 5467 | authmode == MBEDTLS_SSL_VERIFY_NONE ) |
| kadonotakashi | 0:8fdf9a60065b | 5468 | { |
| kadonotakashi | 0:8fdf9a60065b | 5469 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; |
| kadonotakashi | 0:8fdf9a60065b | 5470 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5471 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 5472 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5473 | } |
| kadonotakashi | 0:8fdf9a60065b | 5474 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5475 | |
| kadonotakashi | 0:8fdf9a60065b | 5476 | if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5477 | { |
| kadonotakashi | 0:8fdf9a60065b | 5478 | /* mbedtls_ssl_read_record may have sent an alert already. We |
| kadonotakashi | 0:8fdf9a60065b | 5479 | let it decide whether to alert. */ |
| kadonotakashi | 0:8fdf9a60065b | 5480 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5481 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5482 | } |
| kadonotakashi | 0:8fdf9a60065b | 5483 | |
| kadonotakashi | 0:8fdf9a60065b | 5484 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 5485 | |
| kadonotakashi | 0:8fdf9a60065b | 5486 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 5487 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 5488 | /* |
| kadonotakashi | 0:8fdf9a60065b | 5489 | * Check if the client sent an empty certificate |
| kadonotakashi | 0:8fdf9a60065b | 5490 | */ |
| kadonotakashi | 0:8fdf9a60065b | 5491 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| kadonotakashi | 0:8fdf9a60065b | 5492 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5493 | { |
| kadonotakashi | 0:8fdf9a60065b | 5494 | if( ssl->in_msglen == 2 && |
| kadonotakashi | 0:8fdf9a60065b | 5495 | ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT && |
| kadonotakashi | 0:8fdf9a60065b | 5496 | ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
| kadonotakashi | 0:8fdf9a60065b | 5497 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) |
| kadonotakashi | 0:8fdf9a60065b | 5498 | { |
| kadonotakashi | 0:8fdf9a60065b | 5499 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5500 | |
| kadonotakashi | 0:8fdf9a60065b | 5501 | /* The client was asked for a certificate but didn't send |
| kadonotakashi | 0:8fdf9a60065b | 5502 | one. The client should know what's going on, so we |
| kadonotakashi | 0:8fdf9a60065b | 5503 | don't send an alert. */ |
| kadonotakashi | 0:8fdf9a60065b | 5504 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; |
| kadonotakashi | 0:8fdf9a60065b | 5505 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) |
| kadonotakashi | 0:8fdf9a60065b | 5506 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5507 | else |
| kadonotakashi | 0:8fdf9a60065b | 5508 | return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); |
| kadonotakashi | 0:8fdf9a60065b | 5509 | } |
| kadonotakashi | 0:8fdf9a60065b | 5510 | } |
| kadonotakashi | 0:8fdf9a60065b | 5511 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| kadonotakashi | 0:8fdf9a60065b | 5512 | |
| kadonotakashi | 0:8fdf9a60065b | 5513 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 5514 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 5515 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| kadonotakashi | 0:8fdf9a60065b | 5516 | ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5517 | { |
| kadonotakashi | 0:8fdf9a60065b | 5518 | if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) && |
| kadonotakashi | 0:8fdf9a60065b | 5519 | ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
| kadonotakashi | 0:8fdf9a60065b | 5520 | ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && |
| kadonotakashi | 0:8fdf9a60065b | 5521 | memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5522 | { |
| kadonotakashi | 0:8fdf9a60065b | 5523 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5524 | |
| kadonotakashi | 0:8fdf9a60065b | 5525 | /* The client was asked for a certificate but didn't send |
| kadonotakashi | 0:8fdf9a60065b | 5526 | one. The client should know what's going on, so we |
| kadonotakashi | 0:8fdf9a60065b | 5527 | don't send an alert. */ |
| kadonotakashi | 0:8fdf9a60065b | 5528 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; |
| kadonotakashi | 0:8fdf9a60065b | 5529 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) |
| kadonotakashi | 0:8fdf9a60065b | 5530 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5531 | else |
| kadonotakashi | 0:8fdf9a60065b | 5532 | return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); |
| kadonotakashi | 0:8fdf9a60065b | 5533 | } |
| kadonotakashi | 0:8fdf9a60065b | 5534 | } |
| kadonotakashi | 0:8fdf9a60065b | 5535 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
| kadonotakashi | 0:8fdf9a60065b | 5536 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 5537 | #endif /* MBEDTLS_SSL_SRV_C */ |
| kadonotakashi | 0:8fdf9a60065b | 5538 | |
| kadonotakashi | 0:8fdf9a60065b | 5539 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
| kadonotakashi | 0:8fdf9a60065b | 5540 | { |
| kadonotakashi | 0:8fdf9a60065b | 5541 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5542 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5543 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 5544 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 5545 | } |
| kadonotakashi | 0:8fdf9a60065b | 5546 | |
| kadonotakashi | 0:8fdf9a60065b | 5547 | if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE || |
| kadonotakashi | 0:8fdf9a60065b | 5548 | ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 ) |
| kadonotakashi | 0:8fdf9a60065b | 5549 | { |
| kadonotakashi | 0:8fdf9a60065b | 5550 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5551 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5552 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 5553 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| kadonotakashi | 0:8fdf9a60065b | 5554 | } |
| kadonotakashi | 0:8fdf9a60065b | 5555 | |
| kadonotakashi | 0:8fdf9a60065b | 5556 | i = mbedtls_ssl_hs_hdr_len( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 5557 | |
| kadonotakashi | 0:8fdf9a60065b | 5558 | /* |
| kadonotakashi | 0:8fdf9a60065b | 5559 | * Same message structure as in mbedtls_ssl_write_certificate() |
| kadonotakashi | 0:8fdf9a60065b | 5560 | */ |
| kadonotakashi | 0:8fdf9a60065b | 5561 | n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; |
| kadonotakashi | 0:8fdf9a60065b | 5562 | |
| kadonotakashi | 0:8fdf9a60065b | 5563 | if( ssl->in_msg[i] != 0 || |
| kadonotakashi | 0:8fdf9a60065b | 5564 | ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) |
| kadonotakashi | 0:8fdf9a60065b | 5565 | { |
| kadonotakashi | 0:8fdf9a60065b | 5566 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5567 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5568 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 5569 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| kadonotakashi | 0:8fdf9a60065b | 5570 | } |
| kadonotakashi | 0:8fdf9a60065b | 5571 | |
| kadonotakashi | 0:8fdf9a60065b | 5572 | /* In case we tried to reuse a session but it failed */ |
| kadonotakashi | 0:8fdf9a60065b | 5573 | if( ssl->session_negotiate->peer_cert != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 5574 | { |
| kadonotakashi | 0:8fdf9a60065b | 5575 | mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert ); |
| kadonotakashi | 0:8fdf9a60065b | 5576 | mbedtls_free( ssl->session_negotiate->peer_cert ); |
| kadonotakashi | 0:8fdf9a60065b | 5577 | } |
| kadonotakashi | 0:8fdf9a60065b | 5578 | |
| kadonotakashi | 0:8fdf9a60065b | 5579 | if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1, |
| kadonotakashi | 0:8fdf9a60065b | 5580 | sizeof( mbedtls_x509_crt ) ) ) == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 5581 | { |
| kadonotakashi | 0:8fdf9a60065b | 5582 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", |
| kadonotakashi | 0:8fdf9a60065b | 5583 | sizeof( mbedtls_x509_crt ) ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5584 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5585 | MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 5586 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 5587 | } |
| kadonotakashi | 0:8fdf9a60065b | 5588 | |
| kadonotakashi | 0:8fdf9a60065b | 5589 | mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert ); |
| kadonotakashi | 0:8fdf9a60065b | 5590 | |
| kadonotakashi | 0:8fdf9a60065b | 5591 | i += 3; |
| kadonotakashi | 0:8fdf9a60065b | 5592 | |
| kadonotakashi | 0:8fdf9a60065b | 5593 | while( i < ssl->in_hslen ) |
| kadonotakashi | 0:8fdf9a60065b | 5594 | { |
| kadonotakashi | 0:8fdf9a60065b | 5595 | if ( i + 3 > ssl->in_hslen ) { |
| kadonotakashi | 0:8fdf9a60065b | 5596 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5597 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5598 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 5599 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| kadonotakashi | 0:8fdf9a60065b | 5600 | } |
| kadonotakashi | 0:8fdf9a60065b | 5601 | if( ssl->in_msg[i] != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5602 | { |
| kadonotakashi | 0:8fdf9a60065b | 5603 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5604 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5605 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 5606 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| kadonotakashi | 0:8fdf9a60065b | 5607 | } |
| kadonotakashi | 0:8fdf9a60065b | 5608 | |
| kadonotakashi | 0:8fdf9a60065b | 5609 | n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) |
| kadonotakashi | 0:8fdf9a60065b | 5610 | | (unsigned int) ssl->in_msg[i + 2]; |
| kadonotakashi | 0:8fdf9a60065b | 5611 | i += 3; |
| kadonotakashi | 0:8fdf9a60065b | 5612 | |
| kadonotakashi | 0:8fdf9a60065b | 5613 | if( n < 128 || i + n > ssl->in_hslen ) |
| kadonotakashi | 0:8fdf9a60065b | 5614 | { |
| kadonotakashi | 0:8fdf9a60065b | 5615 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5616 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5617 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 5618 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| kadonotakashi | 0:8fdf9a60065b | 5619 | } |
| kadonotakashi | 0:8fdf9a60065b | 5620 | |
| kadonotakashi | 0:8fdf9a60065b | 5621 | ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert, |
| kadonotakashi | 0:8fdf9a60065b | 5622 | ssl->in_msg + i, n ); |
| kadonotakashi | 0:8fdf9a60065b | 5623 | switch( ret ) |
| kadonotakashi | 0:8fdf9a60065b | 5624 | { |
| kadonotakashi | 0:8fdf9a60065b | 5625 | case 0: /*ok*/ |
| kadonotakashi | 0:8fdf9a60065b | 5626 | case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: |
| kadonotakashi | 0:8fdf9a60065b | 5627 | /* Ignore certificate with an unknown algorithm: maybe a |
| kadonotakashi | 0:8fdf9a60065b | 5628 | prior certificate was already trusted. */ |
| kadonotakashi | 0:8fdf9a60065b | 5629 | break; |
| kadonotakashi | 0:8fdf9a60065b | 5630 | |
| kadonotakashi | 0:8fdf9a60065b | 5631 | case MBEDTLS_ERR_X509_ALLOC_FAILED: |
| kadonotakashi | 0:8fdf9a60065b | 5632 | alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR; |
| kadonotakashi | 0:8fdf9a60065b | 5633 | goto crt_parse_der_failed; |
| kadonotakashi | 0:8fdf9a60065b | 5634 | |
| kadonotakashi | 0:8fdf9a60065b | 5635 | case MBEDTLS_ERR_X509_UNKNOWN_VERSION: |
| kadonotakashi | 0:8fdf9a60065b | 5636 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
| kadonotakashi | 0:8fdf9a60065b | 5637 | goto crt_parse_der_failed; |
| kadonotakashi | 0:8fdf9a60065b | 5638 | |
| kadonotakashi | 0:8fdf9a60065b | 5639 | default: |
| kadonotakashi | 0:8fdf9a60065b | 5640 | alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; |
| kadonotakashi | 0:8fdf9a60065b | 5641 | crt_parse_der_failed: |
| kadonotakashi | 0:8fdf9a60065b | 5642 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert ); |
| kadonotakashi | 0:8fdf9a60065b | 5643 | MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5644 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5645 | } |
| kadonotakashi | 0:8fdf9a60065b | 5646 | |
| kadonotakashi | 0:8fdf9a60065b | 5647 | i += n; |
| kadonotakashi | 0:8fdf9a60065b | 5648 | } |
| kadonotakashi | 0:8fdf9a60065b | 5649 | |
| kadonotakashi | 0:8fdf9a60065b | 5650 | MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert ); |
| kadonotakashi | 0:8fdf9a60065b | 5651 | |
| kadonotakashi | 0:8fdf9a60065b | 5652 | /* |
| kadonotakashi | 0:8fdf9a60065b | 5653 | * On client, make sure the server cert doesn't change during renego to |
| kadonotakashi | 0:8fdf9a60065b | 5654 | * avoid "triple handshake" attack: https://secure-resumption.com/ |
| kadonotakashi | 0:8fdf9a60065b | 5655 | */ |
| kadonotakashi | 0:8fdf9a60065b | 5656 | #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 5657 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && |
| kadonotakashi | 0:8fdf9a60065b | 5658 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
| kadonotakashi | 0:8fdf9a60065b | 5659 | { |
| kadonotakashi | 0:8fdf9a60065b | 5660 | if( ssl->session->peer_cert == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 5661 | { |
| kadonotakashi | 0:8fdf9a60065b | 5662 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5663 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5664 | MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED ); |
| kadonotakashi | 0:8fdf9a60065b | 5665 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| kadonotakashi | 0:8fdf9a60065b | 5666 | } |
| kadonotakashi | 0:8fdf9a60065b | 5667 | |
| kadonotakashi | 0:8fdf9a60065b | 5668 | if( ssl->session->peer_cert->raw.len != |
| kadonotakashi | 0:8fdf9a60065b | 5669 | ssl->session_negotiate->peer_cert->raw.len || |
| kadonotakashi | 0:8fdf9a60065b | 5670 | memcmp( ssl->session->peer_cert->raw.p, |
| kadonotakashi | 0:8fdf9a60065b | 5671 | ssl->session_negotiate->peer_cert->raw.p, |
| kadonotakashi | 0:8fdf9a60065b | 5672 | ssl->session->peer_cert->raw.len ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5673 | { |
| kadonotakashi | 0:8fdf9a60065b | 5674 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5675 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5676 | MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED ); |
| kadonotakashi | 0:8fdf9a60065b | 5677 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| kadonotakashi | 0:8fdf9a60065b | 5678 | } |
| kadonotakashi | 0:8fdf9a60065b | 5679 | } |
| kadonotakashi | 0:8fdf9a60065b | 5680 | #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ |
| kadonotakashi | 0:8fdf9a60065b | 5681 | |
| kadonotakashi | 0:8fdf9a60065b | 5682 | if( authmode != MBEDTLS_SSL_VERIFY_NONE ) |
| kadonotakashi | 0:8fdf9a60065b | 5683 | { |
| kadonotakashi | 0:8fdf9a60065b | 5684 | mbedtls_x509_crt *ca_chain; |
| kadonotakashi | 0:8fdf9a60065b | 5685 | mbedtls_x509_crl *ca_crl; |
| kadonotakashi | 0:8fdf9a60065b | 5686 | |
| kadonotakashi | 0:8fdf9a60065b | 5687 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| kadonotakashi | 0:8fdf9a60065b | 5688 | if( ssl->handshake->sni_ca_chain != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 5689 | { |
| kadonotakashi | 0:8fdf9a60065b | 5690 | ca_chain = ssl->handshake->sni_ca_chain; |
| kadonotakashi | 0:8fdf9a60065b | 5691 | ca_crl = ssl->handshake->sni_ca_crl; |
| kadonotakashi | 0:8fdf9a60065b | 5692 | } |
| kadonotakashi | 0:8fdf9a60065b | 5693 | else |
| kadonotakashi | 0:8fdf9a60065b | 5694 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5695 | { |
| kadonotakashi | 0:8fdf9a60065b | 5696 | ca_chain = ssl->conf->ca_chain; |
| kadonotakashi | 0:8fdf9a60065b | 5697 | ca_crl = ssl->conf->ca_crl; |
| kadonotakashi | 0:8fdf9a60065b | 5698 | } |
| kadonotakashi | 0:8fdf9a60065b | 5699 | |
| kadonotakashi | 0:8fdf9a60065b | 5700 | /* |
| kadonotakashi | 0:8fdf9a60065b | 5701 | * Main check: verify certificate |
| kadonotakashi | 0:8fdf9a60065b | 5702 | */ |
| kadonotakashi | 0:8fdf9a60065b | 5703 | ret = mbedtls_x509_crt_verify_with_profile( |
| kadonotakashi | 0:8fdf9a60065b | 5704 | ssl->session_negotiate->peer_cert, |
| kadonotakashi | 0:8fdf9a60065b | 5705 | ca_chain, ca_crl, |
| kadonotakashi | 0:8fdf9a60065b | 5706 | ssl->conf->cert_profile, |
| kadonotakashi | 0:8fdf9a60065b | 5707 | ssl->hostname, |
| kadonotakashi | 0:8fdf9a60065b | 5708 | &ssl->session_negotiate->verify_result, |
| kadonotakashi | 0:8fdf9a60065b | 5709 | ssl->conf->f_vrfy, ssl->conf->p_vrfy ); |
| kadonotakashi | 0:8fdf9a60065b | 5710 | |
| kadonotakashi | 0:8fdf9a60065b | 5711 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5712 | { |
| kadonotakashi | 0:8fdf9a60065b | 5713 | MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5714 | } |
| kadonotakashi | 0:8fdf9a60065b | 5715 | |
| kadonotakashi | 0:8fdf9a60065b | 5716 | /* |
| kadonotakashi | 0:8fdf9a60065b | 5717 | * Secondary checks: always done, but change 'ret' only if it was 0 |
| kadonotakashi | 0:8fdf9a60065b | 5718 | */ |
| kadonotakashi | 0:8fdf9a60065b | 5719 | |
| kadonotakashi | 0:8fdf9a60065b | 5720 | #if defined(MBEDTLS_ECP_C) |
| kadonotakashi | 0:8fdf9a60065b | 5721 | { |
| kadonotakashi | 0:8fdf9a60065b | 5722 | const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk; |
| kadonotakashi | 0:8fdf9a60065b | 5723 | |
| kadonotakashi | 0:8fdf9a60065b | 5724 | /* If certificate uses an EC key, make sure the curve is OK */ |
| kadonotakashi | 0:8fdf9a60065b | 5725 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) && |
| kadonotakashi | 0:8fdf9a60065b | 5726 | mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5727 | { |
| kadonotakashi | 0:8fdf9a60065b | 5728 | ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; |
| kadonotakashi | 0:8fdf9a60065b | 5729 | |
| kadonotakashi | 0:8fdf9a60065b | 5730 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5731 | if( ret == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5732 | ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; |
| kadonotakashi | 0:8fdf9a60065b | 5733 | } |
| kadonotakashi | 0:8fdf9a60065b | 5734 | } |
| kadonotakashi | 0:8fdf9a60065b | 5735 | #endif /* MBEDTLS_ECP_C */ |
| kadonotakashi | 0:8fdf9a60065b | 5736 | |
| kadonotakashi | 0:8fdf9a60065b | 5737 | if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert, |
| kadonotakashi | 0:8fdf9a60065b | 5738 | ciphersuite_info, |
| kadonotakashi | 0:8fdf9a60065b | 5739 | ! ssl->conf->endpoint, |
| kadonotakashi | 0:8fdf9a60065b | 5740 | &ssl->session_negotiate->verify_result ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5741 | { |
| kadonotakashi | 0:8fdf9a60065b | 5742 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5743 | if( ret == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5744 | ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; |
| kadonotakashi | 0:8fdf9a60065b | 5745 | } |
| kadonotakashi | 0:8fdf9a60065b | 5746 | |
| kadonotakashi | 0:8fdf9a60065b | 5747 | /* mbedtls_x509_crt_verify_with_profile is supposed to report a |
| kadonotakashi | 0:8fdf9a60065b | 5748 | * verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED, |
| kadonotakashi | 0:8fdf9a60065b | 5749 | * with details encoded in the verification flags. All other kinds |
| kadonotakashi | 0:8fdf9a60065b | 5750 | * of error codes, including those from the user provided f_vrfy |
| kadonotakashi | 0:8fdf9a60065b | 5751 | * functions, are treated as fatal and lead to a failure of |
| kadonotakashi | 0:8fdf9a60065b | 5752 | * ssl_parse_certificate even if verification was optional. */ |
| kadonotakashi | 0:8fdf9a60065b | 5753 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && |
| kadonotakashi | 0:8fdf9a60065b | 5754 | ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || |
| kadonotakashi | 0:8fdf9a60065b | 5755 | ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) ) |
| kadonotakashi | 0:8fdf9a60065b | 5756 | { |
| kadonotakashi | 0:8fdf9a60065b | 5757 | ret = 0; |
| kadonotakashi | 0:8fdf9a60065b | 5758 | } |
| kadonotakashi | 0:8fdf9a60065b | 5759 | |
| kadonotakashi | 0:8fdf9a60065b | 5760 | if( ca_chain == NULL && authmode == MBEDTLS_SSL_VERIFY_REQUIRED ) |
| kadonotakashi | 0:8fdf9a60065b | 5761 | { |
| kadonotakashi | 0:8fdf9a60065b | 5762 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5763 | ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED; |
| kadonotakashi | 0:8fdf9a60065b | 5764 | } |
| kadonotakashi | 0:8fdf9a60065b | 5765 | |
| kadonotakashi | 0:8fdf9a60065b | 5766 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5767 | { |
| kadonotakashi | 0:8fdf9a60065b | 5768 | /* The certificate may have been rejected for several reasons. |
| kadonotakashi | 0:8fdf9a60065b | 5769 | Pick one and send the corresponding alert. Which alert to send |
| kadonotakashi | 0:8fdf9a60065b | 5770 | may be a subject of debate in some cases. */ |
| kadonotakashi | 0:8fdf9a60065b | 5771 | if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER ) |
| kadonotakashi | 0:8fdf9a60065b | 5772 | alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED; |
| kadonotakashi | 0:8fdf9a60065b | 5773 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH ) |
| kadonotakashi | 0:8fdf9a60065b | 5774 | alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; |
| kadonotakashi | 0:8fdf9a60065b | 5775 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE ) |
| kadonotakashi | 0:8fdf9a60065b | 5776 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
| kadonotakashi | 0:8fdf9a60065b | 5777 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE ) |
| kadonotakashi | 0:8fdf9a60065b | 5778 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
| kadonotakashi | 0:8fdf9a60065b | 5779 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE ) |
| kadonotakashi | 0:8fdf9a60065b | 5780 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
| kadonotakashi | 0:8fdf9a60065b | 5781 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK ) |
| kadonotakashi | 0:8fdf9a60065b | 5782 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
| kadonotakashi | 0:8fdf9a60065b | 5783 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY ) |
| kadonotakashi | 0:8fdf9a60065b | 5784 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
| kadonotakashi | 0:8fdf9a60065b | 5785 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED ) |
| kadonotakashi | 0:8fdf9a60065b | 5786 | alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED; |
| kadonotakashi | 0:8fdf9a60065b | 5787 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED ) |
| kadonotakashi | 0:8fdf9a60065b | 5788 | alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED; |
| kadonotakashi | 0:8fdf9a60065b | 5789 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) |
| kadonotakashi | 0:8fdf9a60065b | 5790 | alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA; |
| kadonotakashi | 0:8fdf9a60065b | 5791 | else |
| kadonotakashi | 0:8fdf9a60065b | 5792 | alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN; |
| kadonotakashi | 0:8fdf9a60065b | 5793 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5794 | alert ); |
| kadonotakashi | 0:8fdf9a60065b | 5795 | } |
| kadonotakashi | 0:8fdf9a60065b | 5796 | |
| kadonotakashi | 0:8fdf9a60065b | 5797 | #if defined(MBEDTLS_DEBUG_C) |
| kadonotakashi | 0:8fdf9a60065b | 5798 | if( ssl->session_negotiate->verify_result != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5799 | { |
| kadonotakashi | 0:8fdf9a60065b | 5800 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x", |
| kadonotakashi | 0:8fdf9a60065b | 5801 | ssl->session_negotiate->verify_result ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5802 | } |
| kadonotakashi | 0:8fdf9a60065b | 5803 | else |
| kadonotakashi | 0:8fdf9a60065b | 5804 | { |
| kadonotakashi | 0:8fdf9a60065b | 5805 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5806 | } |
| kadonotakashi | 0:8fdf9a60065b | 5807 | #endif /* MBEDTLS_DEBUG_C */ |
| kadonotakashi | 0:8fdf9a60065b | 5808 | } |
| kadonotakashi | 0:8fdf9a60065b | 5809 | |
| kadonotakashi | 0:8fdf9a60065b | 5810 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5811 | |
| kadonotakashi | 0:8fdf9a60065b | 5812 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5813 | } |
| kadonotakashi | 0:8fdf9a60065b | 5814 | #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED |
| kadonotakashi | 0:8fdf9a60065b | 5815 | !MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
| kadonotakashi | 0:8fdf9a60065b | 5816 | !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED |
| kadonotakashi | 0:8fdf9a60065b | 5817 | !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
| kadonotakashi | 0:8fdf9a60065b | 5818 | !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
| kadonotakashi | 0:8fdf9a60065b | 5819 | !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED |
| kadonotakashi | 0:8fdf9a60065b | 5820 | !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ |
| kadonotakashi | 0:8fdf9a60065b | 5821 | |
| kadonotakashi | 0:8fdf9a60065b | 5822 | int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 5823 | { |
| kadonotakashi | 0:8fdf9a60065b | 5824 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 5825 | |
| kadonotakashi | 0:8fdf9a60065b | 5826 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5827 | |
| kadonotakashi | 0:8fdf9a60065b | 5828 | ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; |
| kadonotakashi | 0:8fdf9a60065b | 5829 | ssl->out_msglen = 1; |
| kadonotakashi | 0:8fdf9a60065b | 5830 | ssl->out_msg[0] = 1; |
| kadonotakashi | 0:8fdf9a60065b | 5831 | |
| kadonotakashi | 0:8fdf9a60065b | 5832 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 5833 | |
| kadonotakashi | 0:8fdf9a60065b | 5834 | if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5835 | { |
| kadonotakashi | 0:8fdf9a60065b | 5836 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5837 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5838 | } |
| kadonotakashi | 0:8fdf9a60065b | 5839 | |
| kadonotakashi | 0:8fdf9a60065b | 5840 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5841 | |
| kadonotakashi | 0:8fdf9a60065b | 5842 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5843 | } |
| kadonotakashi | 0:8fdf9a60065b | 5844 | |
| kadonotakashi | 0:8fdf9a60065b | 5845 | int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 5846 | { |
| kadonotakashi | 0:8fdf9a60065b | 5847 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 5848 | |
| kadonotakashi | 0:8fdf9a60065b | 5849 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5850 | |
| kadonotakashi | 0:8fdf9a60065b | 5851 | if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5852 | { |
| kadonotakashi | 0:8fdf9a60065b | 5853 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5854 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5855 | } |
| kadonotakashi | 0:8fdf9a60065b | 5856 | |
| kadonotakashi | 0:8fdf9a60065b | 5857 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) |
| kadonotakashi | 0:8fdf9a60065b | 5858 | { |
| kadonotakashi | 0:8fdf9a60065b | 5859 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5860 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5861 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 5862 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 5863 | } |
| kadonotakashi | 0:8fdf9a60065b | 5864 | |
| kadonotakashi | 0:8fdf9a60065b | 5865 | /* CCS records are only accepted if they have length 1 and content '1', |
| kadonotakashi | 0:8fdf9a60065b | 5866 | * so we don't need to check this here. */ |
| kadonotakashi | 0:8fdf9a60065b | 5867 | |
| kadonotakashi | 0:8fdf9a60065b | 5868 | /* |
| kadonotakashi | 0:8fdf9a60065b | 5869 | * Switch to our negotiated transform and session parameters for inbound |
| kadonotakashi | 0:8fdf9a60065b | 5870 | * data. |
| kadonotakashi | 0:8fdf9a60065b | 5871 | */ |
| kadonotakashi | 0:8fdf9a60065b | 5872 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5873 | ssl->transform_in = ssl->transform_negotiate; |
| kadonotakashi | 0:8fdf9a60065b | 5874 | ssl->session_in = ssl->session_negotiate; |
| kadonotakashi | 0:8fdf9a60065b | 5875 | |
| kadonotakashi | 0:8fdf9a60065b | 5876 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 5877 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 5878 | { |
| kadonotakashi | 0:8fdf9a60065b | 5879 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| kadonotakashi | 0:8fdf9a60065b | 5880 | ssl_dtls_replay_reset( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 5881 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5882 | |
| kadonotakashi | 0:8fdf9a60065b | 5883 | /* Increment epoch */ |
| kadonotakashi | 0:8fdf9a60065b | 5884 | if( ++ssl->in_epoch == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5885 | { |
| kadonotakashi | 0:8fdf9a60065b | 5886 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5887 | /* This is highly unlikely to happen for legitimate reasons, so |
| kadonotakashi | 0:8fdf9a60065b | 5888 | treat it as an attack and don't send an alert. */ |
| kadonotakashi | 0:8fdf9a60065b | 5889 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
| kadonotakashi | 0:8fdf9a60065b | 5890 | } |
| kadonotakashi | 0:8fdf9a60065b | 5891 | } |
| kadonotakashi | 0:8fdf9a60065b | 5892 | else |
| kadonotakashi | 0:8fdf9a60065b | 5893 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 5894 | memset( ssl->in_ctr, 0, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 5895 | |
| kadonotakashi | 0:8fdf9a60065b | 5896 | ssl_update_in_pointers( ssl, ssl->transform_negotiate ); |
| kadonotakashi | 0:8fdf9a60065b | 5897 | |
| kadonotakashi | 0:8fdf9a60065b | 5898 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| kadonotakashi | 0:8fdf9a60065b | 5899 | if( mbedtls_ssl_hw_record_activate != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 5900 | { |
| kadonotakashi | 0:8fdf9a60065b | 5901 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 5902 | { |
| kadonotakashi | 0:8fdf9a60065b | 5903 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 5904 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 5905 | MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 5906 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 5907 | } |
| kadonotakashi | 0:8fdf9a60065b | 5908 | } |
| kadonotakashi | 0:8fdf9a60065b | 5909 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5910 | |
| kadonotakashi | 0:8fdf9a60065b | 5911 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 5912 | |
| kadonotakashi | 0:8fdf9a60065b | 5913 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5914 | |
| kadonotakashi | 0:8fdf9a60065b | 5915 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5916 | } |
| kadonotakashi | 0:8fdf9a60065b | 5917 | |
| kadonotakashi | 0:8fdf9a60065b | 5918 | void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 5919 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info ) |
| kadonotakashi | 0:8fdf9a60065b | 5920 | { |
| kadonotakashi | 0:8fdf9a60065b | 5921 | ((void) ciphersuite_info); |
| kadonotakashi | 0:8fdf9a60065b | 5922 | |
| kadonotakashi | 0:8fdf9a60065b | 5923 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 5924 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 5925 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) |
| kadonotakashi | 0:8fdf9a60065b | 5926 | ssl->handshake->update_checksum = ssl_update_checksum_md5sha1; |
| kadonotakashi | 0:8fdf9a60065b | 5927 | else |
| kadonotakashi | 0:8fdf9a60065b | 5928 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5929 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 5930 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 5931 | if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) |
| kadonotakashi | 0:8fdf9a60065b | 5932 | ssl->handshake->update_checksum = ssl_update_checksum_sha384; |
| kadonotakashi | 0:8fdf9a60065b | 5933 | else |
| kadonotakashi | 0:8fdf9a60065b | 5934 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5935 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 5936 | if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 ) |
| kadonotakashi | 0:8fdf9a60065b | 5937 | ssl->handshake->update_checksum = ssl_update_checksum_sha256; |
| kadonotakashi | 0:8fdf9a60065b | 5938 | else |
| kadonotakashi | 0:8fdf9a60065b | 5939 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5940 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 5941 | { |
| kadonotakashi | 0:8fdf9a60065b | 5942 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 5943 | return; |
| kadonotakashi | 0:8fdf9a60065b | 5944 | } |
| kadonotakashi | 0:8fdf9a60065b | 5945 | } |
| kadonotakashi | 0:8fdf9a60065b | 5946 | |
| kadonotakashi | 0:8fdf9a60065b | 5947 | void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 5948 | { |
| kadonotakashi | 0:8fdf9a60065b | 5949 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 5950 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 5951 | mbedtls_md5_starts_ret( &ssl->handshake->fin_md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 5952 | mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 5953 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5954 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 5955 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 5956 | mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 5957 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5958 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 5959 | mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 5960 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5961 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 5962 | } |
| kadonotakashi | 0:8fdf9a60065b | 5963 | |
| kadonotakashi | 0:8fdf9a60065b | 5964 | static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 5965 | const unsigned char *buf, size_t len ) |
| kadonotakashi | 0:8fdf9a60065b | 5966 | { |
| kadonotakashi | 0:8fdf9a60065b | 5967 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 5968 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 5969 | mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 5970 | mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 5971 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5972 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 5973 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 5974 | mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 5975 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5976 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 5977 | mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 5978 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5979 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 5980 | } |
| kadonotakashi | 0:8fdf9a60065b | 5981 | |
| kadonotakashi | 0:8fdf9a60065b | 5982 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 5983 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 5984 | static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 5985 | const unsigned char *buf, size_t len ) |
| kadonotakashi | 0:8fdf9a60065b | 5986 | { |
| kadonotakashi | 0:8fdf9a60065b | 5987 | mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 5988 | mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 5989 | } |
| kadonotakashi | 0:8fdf9a60065b | 5990 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 5991 | |
| kadonotakashi | 0:8fdf9a60065b | 5992 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 5993 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 5994 | static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 5995 | const unsigned char *buf, size_t len ) |
| kadonotakashi | 0:8fdf9a60065b | 5996 | { |
| kadonotakashi | 0:8fdf9a60065b | 5997 | mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 5998 | } |
| kadonotakashi | 0:8fdf9a60065b | 5999 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6000 | |
| kadonotakashi | 0:8fdf9a60065b | 6001 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 6002 | static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 6003 | const unsigned char *buf, size_t len ) |
| kadonotakashi | 0:8fdf9a60065b | 6004 | { |
| kadonotakashi | 0:8fdf9a60065b | 6005 | mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 6006 | } |
| kadonotakashi | 0:8fdf9a60065b | 6007 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6008 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 6009 | |
| kadonotakashi | 0:8fdf9a60065b | 6010 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 6011 | static void ssl_calc_finished_ssl( |
| kadonotakashi | 0:8fdf9a60065b | 6012 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
| kadonotakashi | 0:8fdf9a60065b | 6013 | { |
| kadonotakashi | 0:8fdf9a60065b | 6014 | const char *sender; |
| kadonotakashi | 0:8fdf9a60065b | 6015 | mbedtls_md5_context md5; |
| kadonotakashi | 0:8fdf9a60065b | 6016 | mbedtls_sha1_context sha1; |
| kadonotakashi | 0:8fdf9a60065b | 6017 | |
| kadonotakashi | 0:8fdf9a60065b | 6018 | unsigned char padbuf[48]; |
| kadonotakashi | 0:8fdf9a60065b | 6019 | unsigned char md5sum[16]; |
| kadonotakashi | 0:8fdf9a60065b | 6020 | unsigned char sha1sum[20]; |
| kadonotakashi | 0:8fdf9a60065b | 6021 | |
| kadonotakashi | 0:8fdf9a60065b | 6022 | mbedtls_ssl_session *session = ssl->session_negotiate; |
| kadonotakashi | 0:8fdf9a60065b | 6023 | if( !session ) |
| kadonotakashi | 0:8fdf9a60065b | 6024 | session = ssl->session; |
| kadonotakashi | 0:8fdf9a60065b | 6025 | |
| kadonotakashi | 0:8fdf9a60065b | 6026 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6027 | |
| kadonotakashi | 0:8fdf9a60065b | 6028 | mbedtls_md5_init( &md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 6029 | mbedtls_sha1_init( &sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 6030 | |
| kadonotakashi | 0:8fdf9a60065b | 6031 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 6032 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 6033 | |
| kadonotakashi | 0:8fdf9a60065b | 6034 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6035 | * SSLv3: |
| kadonotakashi | 0:8fdf9a60065b | 6036 | * hash = |
| kadonotakashi | 0:8fdf9a60065b | 6037 | * MD5( master + pad2 + |
| kadonotakashi | 0:8fdf9a60065b | 6038 | * MD5( handshake + sender + master + pad1 ) ) |
| kadonotakashi | 0:8fdf9a60065b | 6039 | * + SHA1( master + pad2 + |
| kadonotakashi | 0:8fdf9a60065b | 6040 | * SHA1( handshake + sender + master + pad1 ) ) |
| kadonotakashi | 0:8fdf9a60065b | 6041 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6042 | |
| kadonotakashi | 0:8fdf9a60065b | 6043 | #if !defined(MBEDTLS_MD5_ALT) |
| kadonotakashi | 0:8fdf9a60065b | 6044 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) |
| kadonotakashi | 0:8fdf9a60065b | 6045 | md5.state, sizeof( md5.state ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6046 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6047 | |
| kadonotakashi | 0:8fdf9a60065b | 6048 | #if !defined(MBEDTLS_SHA1_ALT) |
| kadonotakashi | 0:8fdf9a60065b | 6049 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) |
| kadonotakashi | 0:8fdf9a60065b | 6050 | sha1.state, sizeof( sha1.state ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6051 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6052 | |
| kadonotakashi | 0:8fdf9a60065b | 6053 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) ? "CLNT" |
| kadonotakashi | 0:8fdf9a60065b | 6054 | : "SRVR"; |
| kadonotakashi | 0:8fdf9a60065b | 6055 | |
| kadonotakashi | 0:8fdf9a60065b | 6056 | memset( padbuf, 0x36, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 6057 | |
| kadonotakashi | 0:8fdf9a60065b | 6058 | mbedtls_md5_update_ret( &md5, (const unsigned char *) sender, 4 ); |
| kadonotakashi | 0:8fdf9a60065b | 6059 | mbedtls_md5_update_ret( &md5, session->master, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 6060 | mbedtls_md5_update_ret( &md5, padbuf, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 6061 | mbedtls_md5_finish_ret( &md5, md5sum ); |
| kadonotakashi | 0:8fdf9a60065b | 6062 | |
| kadonotakashi | 0:8fdf9a60065b | 6063 | mbedtls_sha1_update_ret( &sha1, (const unsigned char *) sender, 4 ); |
| kadonotakashi | 0:8fdf9a60065b | 6064 | mbedtls_sha1_update_ret( &sha1, session->master, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 6065 | mbedtls_sha1_update_ret( &sha1, padbuf, 40 ); |
| kadonotakashi | 0:8fdf9a60065b | 6066 | mbedtls_sha1_finish_ret( &sha1, sha1sum ); |
| kadonotakashi | 0:8fdf9a60065b | 6067 | |
| kadonotakashi | 0:8fdf9a60065b | 6068 | memset( padbuf, 0x5C, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 6069 | |
| kadonotakashi | 0:8fdf9a60065b | 6070 | mbedtls_md5_starts_ret( &md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 6071 | mbedtls_md5_update_ret( &md5, session->master, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 6072 | mbedtls_md5_update_ret( &md5, padbuf, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 6073 | mbedtls_md5_update_ret( &md5, md5sum, 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 6074 | mbedtls_md5_finish_ret( &md5, buf ); |
| kadonotakashi | 0:8fdf9a60065b | 6075 | |
| kadonotakashi | 0:8fdf9a60065b | 6076 | mbedtls_sha1_starts_ret( &sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 6077 | mbedtls_sha1_update_ret( &sha1, session->master, 48 ); |
| kadonotakashi | 0:8fdf9a60065b | 6078 | mbedtls_sha1_update_ret( &sha1, padbuf , 40 ); |
| kadonotakashi | 0:8fdf9a60065b | 6079 | mbedtls_sha1_update_ret( &sha1, sha1sum, 20 ); |
| kadonotakashi | 0:8fdf9a60065b | 6080 | mbedtls_sha1_finish_ret( &sha1, buf + 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 6081 | |
| kadonotakashi | 0:8fdf9a60065b | 6082 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 ); |
| kadonotakashi | 0:8fdf9a60065b | 6083 | |
| kadonotakashi | 0:8fdf9a60065b | 6084 | mbedtls_md5_free( &md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 6085 | mbedtls_sha1_free( &sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 6086 | |
| kadonotakashi | 0:8fdf9a60065b | 6087 | mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6088 | mbedtls_platform_zeroize( md5sum, sizeof( md5sum ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6089 | mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6090 | |
| kadonotakashi | 0:8fdf9a60065b | 6091 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6092 | } |
| kadonotakashi | 0:8fdf9a60065b | 6093 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| kadonotakashi | 0:8fdf9a60065b | 6094 | |
| kadonotakashi | 0:8fdf9a60065b | 6095 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 6096 | static void ssl_calc_finished_tls( |
| kadonotakashi | 0:8fdf9a60065b | 6097 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
| kadonotakashi | 0:8fdf9a60065b | 6098 | { |
| kadonotakashi | 0:8fdf9a60065b | 6099 | int len = 12; |
| kadonotakashi | 0:8fdf9a60065b | 6100 | const char *sender; |
| kadonotakashi | 0:8fdf9a60065b | 6101 | mbedtls_md5_context md5; |
| kadonotakashi | 0:8fdf9a60065b | 6102 | mbedtls_sha1_context sha1; |
| kadonotakashi | 0:8fdf9a60065b | 6103 | unsigned char padbuf[36]; |
| kadonotakashi | 0:8fdf9a60065b | 6104 | |
| kadonotakashi | 0:8fdf9a60065b | 6105 | mbedtls_ssl_session *session = ssl->session_negotiate; |
| kadonotakashi | 0:8fdf9a60065b | 6106 | if( !session ) |
| kadonotakashi | 0:8fdf9a60065b | 6107 | session = ssl->session; |
| kadonotakashi | 0:8fdf9a60065b | 6108 | |
| kadonotakashi | 0:8fdf9a60065b | 6109 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6110 | |
| kadonotakashi | 0:8fdf9a60065b | 6111 | mbedtls_md5_init( &md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 6112 | mbedtls_sha1_init( &sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 6113 | |
| kadonotakashi | 0:8fdf9a60065b | 6114 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 6115 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 6116 | |
| kadonotakashi | 0:8fdf9a60065b | 6117 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6118 | * TLSv1: |
| kadonotakashi | 0:8fdf9a60065b | 6119 | * hash = PRF( master, finished_label, |
| kadonotakashi | 0:8fdf9a60065b | 6120 | * MD5( handshake ) + SHA1( handshake ) )[0..11] |
| kadonotakashi | 0:8fdf9a60065b | 6121 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6122 | |
| kadonotakashi | 0:8fdf9a60065b | 6123 | #if !defined(MBEDTLS_MD5_ALT) |
| kadonotakashi | 0:8fdf9a60065b | 6124 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) |
| kadonotakashi | 0:8fdf9a60065b | 6125 | md5.state, sizeof( md5.state ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6126 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6127 | |
| kadonotakashi | 0:8fdf9a60065b | 6128 | #if !defined(MBEDTLS_SHA1_ALT) |
| kadonotakashi | 0:8fdf9a60065b | 6129 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) |
| kadonotakashi | 0:8fdf9a60065b | 6130 | sha1.state, sizeof( sha1.state ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6131 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6132 | |
| kadonotakashi | 0:8fdf9a60065b | 6133 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
| kadonotakashi | 0:8fdf9a60065b | 6134 | ? "client finished" |
| kadonotakashi | 0:8fdf9a60065b | 6135 | : "server finished"; |
| kadonotakashi | 0:8fdf9a60065b | 6136 | |
| kadonotakashi | 0:8fdf9a60065b | 6137 | mbedtls_md5_finish_ret( &md5, padbuf ); |
| kadonotakashi | 0:8fdf9a60065b | 6138 | mbedtls_sha1_finish_ret( &sha1, padbuf + 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 6139 | |
| kadonotakashi | 0:8fdf9a60065b | 6140 | ssl->handshake->tls_prf( session->master, 48, sender, |
| kadonotakashi | 0:8fdf9a60065b | 6141 | padbuf, 36, buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 6142 | |
| kadonotakashi | 0:8fdf9a60065b | 6143 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 6144 | |
| kadonotakashi | 0:8fdf9a60065b | 6145 | mbedtls_md5_free( &md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 6146 | mbedtls_sha1_free( &sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 6147 | |
| kadonotakashi | 0:8fdf9a60065b | 6148 | mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6149 | |
| kadonotakashi | 0:8fdf9a60065b | 6150 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6151 | } |
| kadonotakashi | 0:8fdf9a60065b | 6152 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
| kadonotakashi | 0:8fdf9a60065b | 6153 | |
| kadonotakashi | 0:8fdf9a60065b | 6154 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 6155 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 6156 | static void ssl_calc_finished_tls_sha256( |
| kadonotakashi | 0:8fdf9a60065b | 6157 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
| kadonotakashi | 0:8fdf9a60065b | 6158 | { |
| kadonotakashi | 0:8fdf9a60065b | 6159 | int len = 12; |
| kadonotakashi | 0:8fdf9a60065b | 6160 | const char *sender; |
| kadonotakashi | 0:8fdf9a60065b | 6161 | mbedtls_sha256_context sha256; |
| kadonotakashi | 0:8fdf9a60065b | 6162 | unsigned char padbuf[32]; |
| kadonotakashi | 0:8fdf9a60065b | 6163 | |
| kadonotakashi | 0:8fdf9a60065b | 6164 | mbedtls_ssl_session *session = ssl->session_negotiate; |
| kadonotakashi | 0:8fdf9a60065b | 6165 | if( !session ) |
| kadonotakashi | 0:8fdf9a60065b | 6166 | session = ssl->session; |
| kadonotakashi | 0:8fdf9a60065b | 6167 | |
| kadonotakashi | 0:8fdf9a60065b | 6168 | mbedtls_sha256_init( &sha256 ); |
| kadonotakashi | 0:8fdf9a60065b | 6169 | |
| kadonotakashi | 0:8fdf9a60065b | 6170 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6171 | |
| kadonotakashi | 0:8fdf9a60065b | 6172 | mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); |
| kadonotakashi | 0:8fdf9a60065b | 6173 | |
| kadonotakashi | 0:8fdf9a60065b | 6174 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6175 | * TLSv1.2: |
| kadonotakashi | 0:8fdf9a60065b | 6176 | * hash = PRF( master, finished_label, |
| kadonotakashi | 0:8fdf9a60065b | 6177 | * Hash( handshake ) )[0.11] |
| kadonotakashi | 0:8fdf9a60065b | 6178 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6179 | |
| kadonotakashi | 0:8fdf9a60065b | 6180 | #if !defined(MBEDTLS_SHA256_ALT) |
| kadonotakashi | 0:8fdf9a60065b | 6181 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *) |
| kadonotakashi | 0:8fdf9a60065b | 6182 | sha256.state, sizeof( sha256.state ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6183 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6184 | |
| kadonotakashi | 0:8fdf9a60065b | 6185 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
| kadonotakashi | 0:8fdf9a60065b | 6186 | ? "client finished" |
| kadonotakashi | 0:8fdf9a60065b | 6187 | : "server finished"; |
| kadonotakashi | 0:8fdf9a60065b | 6188 | |
| kadonotakashi | 0:8fdf9a60065b | 6189 | mbedtls_sha256_finish_ret( &sha256, padbuf ); |
| kadonotakashi | 0:8fdf9a60065b | 6190 | |
| kadonotakashi | 0:8fdf9a60065b | 6191 | ssl->handshake->tls_prf( session->master, 48, sender, |
| kadonotakashi | 0:8fdf9a60065b | 6192 | padbuf, 32, buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 6193 | |
| kadonotakashi | 0:8fdf9a60065b | 6194 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 6195 | |
| kadonotakashi | 0:8fdf9a60065b | 6196 | mbedtls_sha256_free( &sha256 ); |
| kadonotakashi | 0:8fdf9a60065b | 6197 | |
| kadonotakashi | 0:8fdf9a60065b | 6198 | mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6199 | |
| kadonotakashi | 0:8fdf9a60065b | 6200 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6201 | } |
| kadonotakashi | 0:8fdf9a60065b | 6202 | #endif /* MBEDTLS_SHA256_C */ |
| kadonotakashi | 0:8fdf9a60065b | 6203 | |
| kadonotakashi | 0:8fdf9a60065b | 6204 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 6205 | static void ssl_calc_finished_tls_sha384( |
| kadonotakashi | 0:8fdf9a60065b | 6206 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
| kadonotakashi | 0:8fdf9a60065b | 6207 | { |
| kadonotakashi | 0:8fdf9a60065b | 6208 | int len = 12; |
| kadonotakashi | 0:8fdf9a60065b | 6209 | const char *sender; |
| kadonotakashi | 0:8fdf9a60065b | 6210 | mbedtls_sha512_context sha512; |
| kadonotakashi | 0:8fdf9a60065b | 6211 | unsigned char padbuf[48]; |
| kadonotakashi | 0:8fdf9a60065b | 6212 | |
| kadonotakashi | 0:8fdf9a60065b | 6213 | mbedtls_ssl_session *session = ssl->session_negotiate; |
| kadonotakashi | 0:8fdf9a60065b | 6214 | if( !session ) |
| kadonotakashi | 0:8fdf9a60065b | 6215 | session = ssl->session; |
| kadonotakashi | 0:8fdf9a60065b | 6216 | |
| kadonotakashi | 0:8fdf9a60065b | 6217 | mbedtls_sha512_init( &sha512 ); |
| kadonotakashi | 0:8fdf9a60065b | 6218 | |
| kadonotakashi | 0:8fdf9a60065b | 6219 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6220 | |
| kadonotakashi | 0:8fdf9a60065b | 6221 | mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); |
| kadonotakashi | 0:8fdf9a60065b | 6222 | |
| kadonotakashi | 0:8fdf9a60065b | 6223 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6224 | * TLSv1.2: |
| kadonotakashi | 0:8fdf9a60065b | 6225 | * hash = PRF( master, finished_label, |
| kadonotakashi | 0:8fdf9a60065b | 6226 | * Hash( handshake ) )[0.11] |
| kadonotakashi | 0:8fdf9a60065b | 6227 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6228 | |
| kadonotakashi | 0:8fdf9a60065b | 6229 | #if !defined(MBEDTLS_SHA512_ALT) |
| kadonotakashi | 0:8fdf9a60065b | 6230 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) |
| kadonotakashi | 0:8fdf9a60065b | 6231 | sha512.state, sizeof( sha512.state ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6232 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6233 | |
| kadonotakashi | 0:8fdf9a60065b | 6234 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
| kadonotakashi | 0:8fdf9a60065b | 6235 | ? "client finished" |
| kadonotakashi | 0:8fdf9a60065b | 6236 | : "server finished"; |
| kadonotakashi | 0:8fdf9a60065b | 6237 | |
| kadonotakashi | 0:8fdf9a60065b | 6238 | mbedtls_sha512_finish_ret( &sha512, padbuf ); |
| kadonotakashi | 0:8fdf9a60065b | 6239 | |
| kadonotakashi | 0:8fdf9a60065b | 6240 | ssl->handshake->tls_prf( session->master, 48, sender, |
| kadonotakashi | 0:8fdf9a60065b | 6241 | padbuf, 48, buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 6242 | |
| kadonotakashi | 0:8fdf9a60065b | 6243 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 6244 | |
| kadonotakashi | 0:8fdf9a60065b | 6245 | mbedtls_sha512_free( &sha512 ); |
| kadonotakashi | 0:8fdf9a60065b | 6246 | |
| kadonotakashi | 0:8fdf9a60065b | 6247 | mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6248 | |
| kadonotakashi | 0:8fdf9a60065b | 6249 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6250 | } |
| kadonotakashi | 0:8fdf9a60065b | 6251 | #endif /* MBEDTLS_SHA512_C */ |
| kadonotakashi | 0:8fdf9a60065b | 6252 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 6253 | |
| kadonotakashi | 0:8fdf9a60065b | 6254 | static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 6255 | { |
| kadonotakashi | 0:8fdf9a60065b | 6256 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6257 | |
| kadonotakashi | 0:8fdf9a60065b | 6258 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6259 | * Free our handshake params |
| kadonotakashi | 0:8fdf9a60065b | 6260 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6261 | mbedtls_ssl_handshake_free( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 6262 | mbedtls_free( ssl->handshake ); |
| kadonotakashi | 0:8fdf9a60065b | 6263 | ssl->handshake = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6264 | |
| kadonotakashi | 0:8fdf9a60065b | 6265 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6266 | * Free the previous transform and swith in the current one |
| kadonotakashi | 0:8fdf9a60065b | 6267 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6268 | if( ssl->transform ) |
| kadonotakashi | 0:8fdf9a60065b | 6269 | { |
| kadonotakashi | 0:8fdf9a60065b | 6270 | mbedtls_ssl_transform_free( ssl->transform ); |
| kadonotakashi | 0:8fdf9a60065b | 6271 | mbedtls_free( ssl->transform ); |
| kadonotakashi | 0:8fdf9a60065b | 6272 | } |
| kadonotakashi | 0:8fdf9a60065b | 6273 | ssl->transform = ssl->transform_negotiate; |
| kadonotakashi | 0:8fdf9a60065b | 6274 | ssl->transform_negotiate = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6275 | |
| kadonotakashi | 0:8fdf9a60065b | 6276 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6277 | } |
| kadonotakashi | 0:8fdf9a60065b | 6278 | |
| kadonotakashi | 0:8fdf9a60065b | 6279 | void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 6280 | { |
| kadonotakashi | 0:8fdf9a60065b | 6281 | int resume = ssl->handshake->resume; |
| kadonotakashi | 0:8fdf9a60065b | 6282 | |
| kadonotakashi | 0:8fdf9a60065b | 6283 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6284 | |
| kadonotakashi | 0:8fdf9a60065b | 6285 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 6286 | if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
| kadonotakashi | 0:8fdf9a60065b | 6287 | { |
| kadonotakashi | 0:8fdf9a60065b | 6288 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE; |
| kadonotakashi | 0:8fdf9a60065b | 6289 | ssl->renego_records_seen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6290 | } |
| kadonotakashi | 0:8fdf9a60065b | 6291 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6292 | |
| kadonotakashi | 0:8fdf9a60065b | 6293 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6294 | * Free the previous session and switch in the current one |
| kadonotakashi | 0:8fdf9a60065b | 6295 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6296 | if( ssl->session ) |
| kadonotakashi | 0:8fdf9a60065b | 6297 | { |
| kadonotakashi | 0:8fdf9a60065b | 6298 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| kadonotakashi | 0:8fdf9a60065b | 6299 | /* RFC 7366 3.1: keep the EtM state */ |
| kadonotakashi | 0:8fdf9a60065b | 6300 | ssl->session_negotiate->encrypt_then_mac = |
| kadonotakashi | 0:8fdf9a60065b | 6301 | ssl->session->encrypt_then_mac; |
| kadonotakashi | 0:8fdf9a60065b | 6302 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6303 | |
| kadonotakashi | 0:8fdf9a60065b | 6304 | mbedtls_ssl_session_free( ssl->session ); |
| kadonotakashi | 0:8fdf9a60065b | 6305 | mbedtls_free( ssl->session ); |
| kadonotakashi | 0:8fdf9a60065b | 6306 | } |
| kadonotakashi | 0:8fdf9a60065b | 6307 | ssl->session = ssl->session_negotiate; |
| kadonotakashi | 0:8fdf9a60065b | 6308 | ssl->session_negotiate = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6309 | |
| kadonotakashi | 0:8fdf9a60065b | 6310 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6311 | * Add cache entry |
| kadonotakashi | 0:8fdf9a60065b | 6312 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6313 | if( ssl->conf->f_set_cache != NULL && |
| kadonotakashi | 0:8fdf9a60065b | 6314 | ssl->session->id_len != 0 && |
| kadonotakashi | 0:8fdf9a60065b | 6315 | resume == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6316 | { |
| kadonotakashi | 0:8fdf9a60065b | 6317 | if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6318 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6319 | } |
| kadonotakashi | 0:8fdf9a60065b | 6320 | |
| kadonotakashi | 0:8fdf9a60065b | 6321 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 6322 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| kadonotakashi | 0:8fdf9a60065b | 6323 | ssl->handshake->flight != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 6324 | { |
| kadonotakashi | 0:8fdf9a60065b | 6325 | /* Cancel handshake timer */ |
| kadonotakashi | 0:8fdf9a60065b | 6326 | ssl_set_timer( ssl, 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 6327 | |
| kadonotakashi | 0:8fdf9a60065b | 6328 | /* Keep last flight around in case we need to resend it: |
| kadonotakashi | 0:8fdf9a60065b | 6329 | * we need the handshake and transform structures for that */ |
| kadonotakashi | 0:8fdf9a60065b | 6330 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6331 | } |
| kadonotakashi | 0:8fdf9a60065b | 6332 | else |
| kadonotakashi | 0:8fdf9a60065b | 6333 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6334 | ssl_handshake_wrapup_free_hs_transform( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 6335 | |
| kadonotakashi | 0:8fdf9a60065b | 6336 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 6337 | |
| kadonotakashi | 0:8fdf9a60065b | 6338 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6339 | } |
| kadonotakashi | 0:8fdf9a60065b | 6340 | |
| kadonotakashi | 0:8fdf9a60065b | 6341 | int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 6342 | { |
| kadonotakashi | 0:8fdf9a60065b | 6343 | int ret, hash_len; |
| kadonotakashi | 0:8fdf9a60065b | 6344 | |
| kadonotakashi | 0:8fdf9a60065b | 6345 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6346 | |
| kadonotakashi | 0:8fdf9a60065b | 6347 | ssl_update_out_pointers( ssl, ssl->transform_negotiate ); |
| kadonotakashi | 0:8fdf9a60065b | 6348 | |
| kadonotakashi | 0:8fdf9a60065b | 6349 | ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); |
| kadonotakashi | 0:8fdf9a60065b | 6350 | |
| kadonotakashi | 0:8fdf9a60065b | 6351 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6352 | * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites |
| kadonotakashi | 0:8fdf9a60065b | 6353 | * may define some other value. Currently (early 2016), no defined |
| kadonotakashi | 0:8fdf9a60065b | 6354 | * ciphersuite does this (and this is unlikely to change as activity has |
| kadonotakashi | 0:8fdf9a60065b | 6355 | * moved to TLS 1.3 now) so we can keep the hardcoded 12 here. |
| kadonotakashi | 0:8fdf9a60065b | 6356 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6357 | hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12; |
| kadonotakashi | 0:8fdf9a60065b | 6358 | |
| kadonotakashi | 0:8fdf9a60065b | 6359 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 6360 | ssl->verify_data_len = hash_len; |
| kadonotakashi | 0:8fdf9a60065b | 6361 | memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len ); |
| kadonotakashi | 0:8fdf9a60065b | 6362 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6363 | |
| kadonotakashi | 0:8fdf9a60065b | 6364 | ssl->out_msglen = 4 + hash_len; |
| kadonotakashi | 0:8fdf9a60065b | 6365 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
| kadonotakashi | 0:8fdf9a60065b | 6366 | ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED; |
| kadonotakashi | 0:8fdf9a60065b | 6367 | |
| kadonotakashi | 0:8fdf9a60065b | 6368 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6369 | * In case of session resuming, invert the client and server |
| kadonotakashi | 0:8fdf9a60065b | 6370 | * ChangeCipherSpec messages order. |
| kadonotakashi | 0:8fdf9a60065b | 6371 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6372 | if( ssl->handshake->resume != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6373 | { |
| kadonotakashi | 0:8fdf9a60065b | 6374 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 6375 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| kadonotakashi | 0:8fdf9a60065b | 6376 | ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; |
| kadonotakashi | 0:8fdf9a60065b | 6377 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6378 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 6379 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| kadonotakashi | 0:8fdf9a60065b | 6380 | ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; |
| kadonotakashi | 0:8fdf9a60065b | 6381 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6382 | } |
| kadonotakashi | 0:8fdf9a60065b | 6383 | else |
| kadonotakashi | 0:8fdf9a60065b | 6384 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 6385 | |
| kadonotakashi | 0:8fdf9a60065b | 6386 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6387 | * Switch to our negotiated transform and session parameters for outbound |
| kadonotakashi | 0:8fdf9a60065b | 6388 | * data. |
| kadonotakashi | 0:8fdf9a60065b | 6389 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6390 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6391 | |
| kadonotakashi | 0:8fdf9a60065b | 6392 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 6393 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 6394 | { |
| kadonotakashi | 0:8fdf9a60065b | 6395 | unsigned char i; |
| kadonotakashi | 0:8fdf9a60065b | 6396 | |
| kadonotakashi | 0:8fdf9a60065b | 6397 | /* Remember current epoch settings for resending */ |
| kadonotakashi | 0:8fdf9a60065b | 6398 | ssl->handshake->alt_transform_out = ssl->transform_out; |
| kadonotakashi | 0:8fdf9a60065b | 6399 | memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 6400 | |
| kadonotakashi | 0:8fdf9a60065b | 6401 | /* Set sequence_number to zero */ |
| kadonotakashi | 0:8fdf9a60065b | 6402 | memset( ssl->cur_out_ctr + 2, 0, 6 ); |
| kadonotakashi | 0:8fdf9a60065b | 6403 | |
| kadonotakashi | 0:8fdf9a60065b | 6404 | /* Increment epoch */ |
| kadonotakashi | 0:8fdf9a60065b | 6405 | for( i = 2; i > 0; i-- ) |
| kadonotakashi | 0:8fdf9a60065b | 6406 | if( ++ssl->cur_out_ctr[i - 1] != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6407 | break; |
| kadonotakashi | 0:8fdf9a60065b | 6408 | |
| kadonotakashi | 0:8fdf9a60065b | 6409 | /* The loop goes to its end iff the counter is wrapping */ |
| kadonotakashi | 0:8fdf9a60065b | 6410 | if( i == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6411 | { |
| kadonotakashi | 0:8fdf9a60065b | 6412 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6413 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
| kadonotakashi | 0:8fdf9a60065b | 6414 | } |
| kadonotakashi | 0:8fdf9a60065b | 6415 | } |
| kadonotakashi | 0:8fdf9a60065b | 6416 | else |
| kadonotakashi | 0:8fdf9a60065b | 6417 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 6418 | memset( ssl->cur_out_ctr, 0, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 6419 | |
| kadonotakashi | 0:8fdf9a60065b | 6420 | ssl->transform_out = ssl->transform_negotiate; |
| kadonotakashi | 0:8fdf9a60065b | 6421 | ssl->session_out = ssl->session_negotiate; |
| kadonotakashi | 0:8fdf9a60065b | 6422 | |
| kadonotakashi | 0:8fdf9a60065b | 6423 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| kadonotakashi | 0:8fdf9a60065b | 6424 | if( mbedtls_ssl_hw_record_activate != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 6425 | { |
| kadonotakashi | 0:8fdf9a60065b | 6426 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6427 | { |
| kadonotakashi | 0:8fdf9a60065b | 6428 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 6429 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 6430 | } |
| kadonotakashi | 0:8fdf9a60065b | 6431 | } |
| kadonotakashi | 0:8fdf9a60065b | 6432 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6433 | |
| kadonotakashi | 0:8fdf9a60065b | 6434 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 6435 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 6436 | mbedtls_ssl_send_flight_completed( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 6437 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6438 | |
| kadonotakashi | 0:8fdf9a60065b | 6439 | if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6440 | { |
| kadonotakashi | 0:8fdf9a60065b | 6441 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 6442 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 6443 | } |
| kadonotakashi | 0:8fdf9a60065b | 6444 | |
| kadonotakashi | 0:8fdf9a60065b | 6445 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 6446 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| kadonotakashi | 0:8fdf9a60065b | 6447 | ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6448 | { |
| kadonotakashi | 0:8fdf9a60065b | 6449 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 6450 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 6451 | } |
| kadonotakashi | 0:8fdf9a60065b | 6452 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6453 | |
| kadonotakashi | 0:8fdf9a60065b | 6454 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6455 | |
| kadonotakashi | 0:8fdf9a60065b | 6456 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 6457 | } |
| kadonotakashi | 0:8fdf9a60065b | 6458 | |
| kadonotakashi | 0:8fdf9a60065b | 6459 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 6460 | #define SSL_MAX_HASH_LEN 36 |
| kadonotakashi | 0:8fdf9a60065b | 6461 | #else |
| kadonotakashi | 0:8fdf9a60065b | 6462 | #define SSL_MAX_HASH_LEN 12 |
| kadonotakashi | 0:8fdf9a60065b | 6463 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6464 | |
| kadonotakashi | 0:8fdf9a60065b | 6465 | int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 6466 | { |
| kadonotakashi | 0:8fdf9a60065b | 6467 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 6468 | unsigned int hash_len; |
| kadonotakashi | 0:8fdf9a60065b | 6469 | unsigned char buf[SSL_MAX_HASH_LEN]; |
| kadonotakashi | 0:8fdf9a60065b | 6470 | |
| kadonotakashi | 0:8fdf9a60065b | 6471 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6472 | |
| kadonotakashi | 0:8fdf9a60065b | 6473 | ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 6474 | |
| kadonotakashi | 0:8fdf9a60065b | 6475 | if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6476 | { |
| kadonotakashi | 0:8fdf9a60065b | 6477 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 6478 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 6479 | } |
| kadonotakashi | 0:8fdf9a60065b | 6480 | |
| kadonotakashi | 0:8fdf9a60065b | 6481 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
| kadonotakashi | 0:8fdf9a60065b | 6482 | { |
| kadonotakashi | 0:8fdf9a60065b | 6483 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6484 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 6485 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 6486 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 6487 | } |
| kadonotakashi | 0:8fdf9a60065b | 6488 | |
| kadonotakashi | 0:8fdf9a60065b | 6489 | /* There is currently no ciphersuite using another length with TLS 1.2 */ |
| kadonotakashi | 0:8fdf9a60065b | 6490 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 6491 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6492 | hash_len = 36; |
| kadonotakashi | 0:8fdf9a60065b | 6493 | else |
| kadonotakashi | 0:8fdf9a60065b | 6494 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6495 | hash_len = 12; |
| kadonotakashi | 0:8fdf9a60065b | 6496 | |
| kadonotakashi | 0:8fdf9a60065b | 6497 | if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED || |
| kadonotakashi | 0:8fdf9a60065b | 6498 | ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len ) |
| kadonotakashi | 0:8fdf9a60065b | 6499 | { |
| kadonotakashi | 0:8fdf9a60065b | 6500 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6501 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 6502 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 6503 | return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); |
| kadonotakashi | 0:8fdf9a60065b | 6504 | } |
| kadonotakashi | 0:8fdf9a60065b | 6505 | |
| kadonotakashi | 0:8fdf9a60065b | 6506 | if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), |
| kadonotakashi | 0:8fdf9a60065b | 6507 | buf, hash_len ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6508 | { |
| kadonotakashi | 0:8fdf9a60065b | 6509 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6510 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 6511 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 6512 | return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); |
| kadonotakashi | 0:8fdf9a60065b | 6513 | } |
| kadonotakashi | 0:8fdf9a60065b | 6514 | |
| kadonotakashi | 0:8fdf9a60065b | 6515 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 6516 | ssl->verify_data_len = hash_len; |
| kadonotakashi | 0:8fdf9a60065b | 6517 | memcpy( ssl->peer_verify_data, buf, hash_len ); |
| kadonotakashi | 0:8fdf9a60065b | 6518 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6519 | |
| kadonotakashi | 0:8fdf9a60065b | 6520 | if( ssl->handshake->resume != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6521 | { |
| kadonotakashi | 0:8fdf9a60065b | 6522 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 6523 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| kadonotakashi | 0:8fdf9a60065b | 6524 | ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; |
| kadonotakashi | 0:8fdf9a60065b | 6525 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6526 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 6527 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| kadonotakashi | 0:8fdf9a60065b | 6528 | ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; |
| kadonotakashi | 0:8fdf9a60065b | 6529 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6530 | } |
| kadonotakashi | 0:8fdf9a60065b | 6531 | else |
| kadonotakashi | 0:8fdf9a60065b | 6532 | ssl->state++; |
| kadonotakashi | 0:8fdf9a60065b | 6533 | |
| kadonotakashi | 0:8fdf9a60065b | 6534 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 6535 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 6536 | mbedtls_ssl_recv_flight_completed( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 6537 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6538 | |
| kadonotakashi | 0:8fdf9a60065b | 6539 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6540 | |
| kadonotakashi | 0:8fdf9a60065b | 6541 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 6542 | } |
| kadonotakashi | 0:8fdf9a60065b | 6543 | |
| kadonotakashi | 0:8fdf9a60065b | 6544 | static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) |
| kadonotakashi | 0:8fdf9a60065b | 6545 | { |
| kadonotakashi | 0:8fdf9a60065b | 6546 | memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6547 | |
| kadonotakashi | 0:8fdf9a60065b | 6548 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 6549 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 6550 | mbedtls_md5_init( &handshake->fin_md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 6551 | mbedtls_sha1_init( &handshake->fin_sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 6552 | mbedtls_md5_starts_ret( &handshake->fin_md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 6553 | mbedtls_sha1_starts_ret( &handshake->fin_sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 6554 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6555 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 6556 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 6557 | mbedtls_sha256_init( &handshake->fin_sha256 ); |
| kadonotakashi | 0:8fdf9a60065b | 6558 | mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 6559 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6560 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 6561 | mbedtls_sha512_init( &handshake->fin_sha512 ); |
| kadonotakashi | 0:8fdf9a60065b | 6562 | mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 6563 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6564 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 6565 | |
| kadonotakashi | 0:8fdf9a60065b | 6566 | handshake->update_checksum = ssl_update_checksum_start; |
| kadonotakashi | 0:8fdf9a60065b | 6567 | |
| kadonotakashi | 0:8fdf9a60065b | 6568 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ |
| kadonotakashi | 0:8fdf9a60065b | 6569 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 6570 | mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs ); |
| kadonotakashi | 0:8fdf9a60065b | 6571 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6572 | |
| kadonotakashi | 0:8fdf9a60065b | 6573 | #if defined(MBEDTLS_DHM_C) |
| kadonotakashi | 0:8fdf9a60065b | 6574 | mbedtls_dhm_init( &handshake->dhm_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 6575 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6576 | #if defined(MBEDTLS_ECDH_C) |
| kadonotakashi | 0:8fdf9a60065b | 6577 | mbedtls_ecdh_init( &handshake->ecdh_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 6578 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6579 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 6580 | mbedtls_ecjpake_init( &handshake->ecjpake_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 6581 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 6582 | handshake->ecjpake_cache = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6583 | handshake->ecjpake_cache_len = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6584 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6585 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6586 | |
| kadonotakashi | 0:8fdf9a60065b | 6587 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| kadonotakashi | 0:8fdf9a60065b | 6588 | handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET; |
| kadonotakashi | 0:8fdf9a60065b | 6589 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6590 | } |
| kadonotakashi | 0:8fdf9a60065b | 6591 | |
| kadonotakashi | 0:8fdf9a60065b | 6592 | static void ssl_transform_init( mbedtls_ssl_transform *transform ) |
| kadonotakashi | 0:8fdf9a60065b | 6593 | { |
| kadonotakashi | 0:8fdf9a60065b | 6594 | memset( transform, 0, sizeof(mbedtls_ssl_transform) ); |
| kadonotakashi | 0:8fdf9a60065b | 6595 | |
| kadonotakashi | 0:8fdf9a60065b | 6596 | mbedtls_cipher_init( &transform->cipher_ctx_enc ); |
| kadonotakashi | 0:8fdf9a60065b | 6597 | mbedtls_cipher_init( &transform->cipher_ctx_dec ); |
| kadonotakashi | 0:8fdf9a60065b | 6598 | |
| kadonotakashi | 0:8fdf9a60065b | 6599 | mbedtls_md_init( &transform->md_ctx_enc ); |
| kadonotakashi | 0:8fdf9a60065b | 6600 | mbedtls_md_init( &transform->md_ctx_dec ); |
| kadonotakashi | 0:8fdf9a60065b | 6601 | } |
| kadonotakashi | 0:8fdf9a60065b | 6602 | |
| kadonotakashi | 0:8fdf9a60065b | 6603 | void mbedtls_ssl_session_init( mbedtls_ssl_session *session ) |
| kadonotakashi | 0:8fdf9a60065b | 6604 | { |
| kadonotakashi | 0:8fdf9a60065b | 6605 | memset( session, 0, sizeof(mbedtls_ssl_session) ); |
| kadonotakashi | 0:8fdf9a60065b | 6606 | } |
| kadonotakashi | 0:8fdf9a60065b | 6607 | |
| kadonotakashi | 0:8fdf9a60065b | 6608 | static int ssl_handshake_init( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 6609 | { |
| kadonotakashi | 0:8fdf9a60065b | 6610 | /* Clear old handshake information if present */ |
| kadonotakashi | 0:8fdf9a60065b | 6611 | if( ssl->transform_negotiate ) |
| kadonotakashi | 0:8fdf9a60065b | 6612 | mbedtls_ssl_transform_free( ssl->transform_negotiate ); |
| kadonotakashi | 0:8fdf9a60065b | 6613 | if( ssl->session_negotiate ) |
| kadonotakashi | 0:8fdf9a60065b | 6614 | mbedtls_ssl_session_free( ssl->session_negotiate ); |
| kadonotakashi | 0:8fdf9a60065b | 6615 | if( ssl->handshake ) |
| kadonotakashi | 0:8fdf9a60065b | 6616 | mbedtls_ssl_handshake_free( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 6617 | |
| kadonotakashi | 0:8fdf9a60065b | 6618 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6619 | * Either the pointers are now NULL or cleared properly and can be freed. |
| kadonotakashi | 0:8fdf9a60065b | 6620 | * Now allocate missing structures. |
| kadonotakashi | 0:8fdf9a60065b | 6621 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6622 | if( ssl->transform_negotiate == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 6623 | { |
| kadonotakashi | 0:8fdf9a60065b | 6624 | ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) ); |
| kadonotakashi | 0:8fdf9a60065b | 6625 | } |
| kadonotakashi | 0:8fdf9a60065b | 6626 | |
| kadonotakashi | 0:8fdf9a60065b | 6627 | if( ssl->session_negotiate == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 6628 | { |
| kadonotakashi | 0:8fdf9a60065b | 6629 | ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) ); |
| kadonotakashi | 0:8fdf9a60065b | 6630 | } |
| kadonotakashi | 0:8fdf9a60065b | 6631 | |
| kadonotakashi | 0:8fdf9a60065b | 6632 | if( ssl->handshake == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 6633 | { |
| kadonotakashi | 0:8fdf9a60065b | 6634 | ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) ); |
| kadonotakashi | 0:8fdf9a60065b | 6635 | } |
| kadonotakashi | 0:8fdf9a60065b | 6636 | |
| kadonotakashi | 0:8fdf9a60065b | 6637 | /* All pointers should exist and can be directly freed without issue */ |
| kadonotakashi | 0:8fdf9a60065b | 6638 | if( ssl->handshake == NULL || |
| kadonotakashi | 0:8fdf9a60065b | 6639 | ssl->transform_negotiate == NULL || |
| kadonotakashi | 0:8fdf9a60065b | 6640 | ssl->session_negotiate == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 6641 | { |
| kadonotakashi | 0:8fdf9a60065b | 6642 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6643 | |
| kadonotakashi | 0:8fdf9a60065b | 6644 | mbedtls_free( ssl->handshake ); |
| kadonotakashi | 0:8fdf9a60065b | 6645 | mbedtls_free( ssl->transform_negotiate ); |
| kadonotakashi | 0:8fdf9a60065b | 6646 | mbedtls_free( ssl->session_negotiate ); |
| kadonotakashi | 0:8fdf9a60065b | 6647 | |
| kadonotakashi | 0:8fdf9a60065b | 6648 | ssl->handshake = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6649 | ssl->transform_negotiate = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6650 | ssl->session_negotiate = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6651 | |
| kadonotakashi | 0:8fdf9a60065b | 6652 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 6653 | } |
| kadonotakashi | 0:8fdf9a60065b | 6654 | |
| kadonotakashi | 0:8fdf9a60065b | 6655 | /* Initialize structures */ |
| kadonotakashi | 0:8fdf9a60065b | 6656 | mbedtls_ssl_session_init( ssl->session_negotiate ); |
| kadonotakashi | 0:8fdf9a60065b | 6657 | ssl_transform_init( ssl->transform_negotiate ); |
| kadonotakashi | 0:8fdf9a60065b | 6658 | ssl_handshake_params_init( ssl->handshake ); |
| kadonotakashi | 0:8fdf9a60065b | 6659 | |
| kadonotakashi | 0:8fdf9a60065b | 6660 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 6661 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 6662 | { |
| kadonotakashi | 0:8fdf9a60065b | 6663 | ssl->handshake->alt_transform_out = ssl->transform_out; |
| kadonotakashi | 0:8fdf9a60065b | 6664 | |
| kadonotakashi | 0:8fdf9a60065b | 6665 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| kadonotakashi | 0:8fdf9a60065b | 6666 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; |
| kadonotakashi | 0:8fdf9a60065b | 6667 | else |
| kadonotakashi | 0:8fdf9a60065b | 6668 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
| kadonotakashi | 0:8fdf9a60065b | 6669 | |
| kadonotakashi | 0:8fdf9a60065b | 6670 | ssl_set_timer( ssl, 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 6671 | } |
| kadonotakashi | 0:8fdf9a60065b | 6672 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6673 | |
| kadonotakashi | 0:8fdf9a60065b | 6674 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 6675 | } |
| kadonotakashi | 0:8fdf9a60065b | 6676 | |
| kadonotakashi | 0:8fdf9a60065b | 6677 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 6678 | /* Dummy cookie callbacks for defaults */ |
| kadonotakashi | 0:8fdf9a60065b | 6679 | static int ssl_cookie_write_dummy( void *ctx, |
| kadonotakashi | 0:8fdf9a60065b | 6680 | unsigned char **p, unsigned char *end, |
| kadonotakashi | 0:8fdf9a60065b | 6681 | const unsigned char *cli_id, size_t cli_id_len ) |
| kadonotakashi | 0:8fdf9a60065b | 6682 | { |
| kadonotakashi | 0:8fdf9a60065b | 6683 | ((void) ctx); |
| kadonotakashi | 0:8fdf9a60065b | 6684 | ((void) p); |
| kadonotakashi | 0:8fdf9a60065b | 6685 | ((void) end); |
| kadonotakashi | 0:8fdf9a60065b | 6686 | ((void) cli_id); |
| kadonotakashi | 0:8fdf9a60065b | 6687 | ((void) cli_id_len); |
| kadonotakashi | 0:8fdf9a60065b | 6688 | |
| kadonotakashi | 0:8fdf9a60065b | 6689 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
| kadonotakashi | 0:8fdf9a60065b | 6690 | } |
| kadonotakashi | 0:8fdf9a60065b | 6691 | |
| kadonotakashi | 0:8fdf9a60065b | 6692 | static int ssl_cookie_check_dummy( void *ctx, |
| kadonotakashi | 0:8fdf9a60065b | 6693 | const unsigned char *cookie, size_t cookie_len, |
| kadonotakashi | 0:8fdf9a60065b | 6694 | const unsigned char *cli_id, size_t cli_id_len ) |
| kadonotakashi | 0:8fdf9a60065b | 6695 | { |
| kadonotakashi | 0:8fdf9a60065b | 6696 | ((void) ctx); |
| kadonotakashi | 0:8fdf9a60065b | 6697 | ((void) cookie); |
| kadonotakashi | 0:8fdf9a60065b | 6698 | ((void) cookie_len); |
| kadonotakashi | 0:8fdf9a60065b | 6699 | ((void) cli_id); |
| kadonotakashi | 0:8fdf9a60065b | 6700 | ((void) cli_id_len); |
| kadonotakashi | 0:8fdf9a60065b | 6701 | |
| kadonotakashi | 0:8fdf9a60065b | 6702 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
| kadonotakashi | 0:8fdf9a60065b | 6703 | } |
| kadonotakashi | 0:8fdf9a60065b | 6704 | #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ |
| kadonotakashi | 0:8fdf9a60065b | 6705 | |
| kadonotakashi | 0:8fdf9a60065b | 6706 | /* Once ssl->out_hdr as the address of the beginning of the |
| kadonotakashi | 0:8fdf9a60065b | 6707 | * next outgoing record is set, deduce the other pointers. |
| kadonotakashi | 0:8fdf9a60065b | 6708 | * |
| kadonotakashi | 0:8fdf9a60065b | 6709 | * Note: For TLS, we save the implicit record sequence number |
| kadonotakashi | 0:8fdf9a60065b | 6710 | * (entering MAC computation) in the 8 bytes before ssl->out_hdr, |
| kadonotakashi | 0:8fdf9a60065b | 6711 | * and the caller has to make sure there's space for this. |
| kadonotakashi | 0:8fdf9a60065b | 6712 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6713 | |
| kadonotakashi | 0:8fdf9a60065b | 6714 | static void ssl_update_out_pointers( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 6715 | mbedtls_ssl_transform *transform ) |
| kadonotakashi | 0:8fdf9a60065b | 6716 | { |
| kadonotakashi | 0:8fdf9a60065b | 6717 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 6718 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 6719 | { |
| kadonotakashi | 0:8fdf9a60065b | 6720 | ssl->out_ctr = ssl->out_hdr + 3; |
| kadonotakashi | 0:8fdf9a60065b | 6721 | ssl->out_len = ssl->out_hdr + 11; |
| kadonotakashi | 0:8fdf9a60065b | 6722 | ssl->out_iv = ssl->out_hdr + 13; |
| kadonotakashi | 0:8fdf9a60065b | 6723 | } |
| kadonotakashi | 0:8fdf9a60065b | 6724 | else |
| kadonotakashi | 0:8fdf9a60065b | 6725 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6726 | { |
| kadonotakashi | 0:8fdf9a60065b | 6727 | ssl->out_ctr = ssl->out_hdr - 8; |
| kadonotakashi | 0:8fdf9a60065b | 6728 | ssl->out_len = ssl->out_hdr + 3; |
| kadonotakashi | 0:8fdf9a60065b | 6729 | ssl->out_iv = ssl->out_hdr + 5; |
| kadonotakashi | 0:8fdf9a60065b | 6730 | } |
| kadonotakashi | 0:8fdf9a60065b | 6731 | |
| kadonotakashi | 0:8fdf9a60065b | 6732 | /* Adjust out_msg to make space for explicit IV, if used. */ |
| kadonotakashi | 0:8fdf9a60065b | 6733 | if( transform != NULL && |
| kadonotakashi | 0:8fdf9a60065b | 6734 | ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
| kadonotakashi | 0:8fdf9a60065b | 6735 | { |
| kadonotakashi | 0:8fdf9a60065b | 6736 | ssl->out_msg = ssl->out_iv + transform->ivlen - transform->fixed_ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 6737 | } |
| kadonotakashi | 0:8fdf9a60065b | 6738 | else |
| kadonotakashi | 0:8fdf9a60065b | 6739 | ssl->out_msg = ssl->out_iv; |
| kadonotakashi | 0:8fdf9a60065b | 6740 | } |
| kadonotakashi | 0:8fdf9a60065b | 6741 | |
| kadonotakashi | 0:8fdf9a60065b | 6742 | /* Once ssl->in_hdr as the address of the beginning of the |
| kadonotakashi | 0:8fdf9a60065b | 6743 | * next incoming record is set, deduce the other pointers. |
| kadonotakashi | 0:8fdf9a60065b | 6744 | * |
| kadonotakashi | 0:8fdf9a60065b | 6745 | * Note: For TLS, we save the implicit record sequence number |
| kadonotakashi | 0:8fdf9a60065b | 6746 | * (entering MAC computation) in the 8 bytes before ssl->in_hdr, |
| kadonotakashi | 0:8fdf9a60065b | 6747 | * and the caller has to make sure there's space for this. |
| kadonotakashi | 0:8fdf9a60065b | 6748 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6749 | |
| kadonotakashi | 0:8fdf9a60065b | 6750 | static void ssl_update_in_pointers( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 6751 | mbedtls_ssl_transform *transform ) |
| kadonotakashi | 0:8fdf9a60065b | 6752 | { |
| kadonotakashi | 0:8fdf9a60065b | 6753 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 6754 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 6755 | { |
| kadonotakashi | 0:8fdf9a60065b | 6756 | ssl->in_ctr = ssl->in_hdr + 3; |
| kadonotakashi | 0:8fdf9a60065b | 6757 | ssl->in_len = ssl->in_hdr + 11; |
| kadonotakashi | 0:8fdf9a60065b | 6758 | ssl->in_iv = ssl->in_hdr + 13; |
| kadonotakashi | 0:8fdf9a60065b | 6759 | } |
| kadonotakashi | 0:8fdf9a60065b | 6760 | else |
| kadonotakashi | 0:8fdf9a60065b | 6761 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6762 | { |
| kadonotakashi | 0:8fdf9a60065b | 6763 | ssl->in_ctr = ssl->in_hdr - 8; |
| kadonotakashi | 0:8fdf9a60065b | 6764 | ssl->in_len = ssl->in_hdr + 3; |
| kadonotakashi | 0:8fdf9a60065b | 6765 | ssl->in_iv = ssl->in_hdr + 5; |
| kadonotakashi | 0:8fdf9a60065b | 6766 | } |
| kadonotakashi | 0:8fdf9a60065b | 6767 | |
| kadonotakashi | 0:8fdf9a60065b | 6768 | /* Offset in_msg from in_iv to allow space for explicit IV, if used. */ |
| kadonotakashi | 0:8fdf9a60065b | 6769 | if( transform != NULL && |
| kadonotakashi | 0:8fdf9a60065b | 6770 | ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
| kadonotakashi | 0:8fdf9a60065b | 6771 | { |
| kadonotakashi | 0:8fdf9a60065b | 6772 | ssl->in_msg = ssl->in_iv + transform->ivlen - transform->fixed_ivlen; |
| kadonotakashi | 0:8fdf9a60065b | 6773 | } |
| kadonotakashi | 0:8fdf9a60065b | 6774 | else |
| kadonotakashi | 0:8fdf9a60065b | 6775 | ssl->in_msg = ssl->in_iv; |
| kadonotakashi | 0:8fdf9a60065b | 6776 | } |
| kadonotakashi | 0:8fdf9a60065b | 6777 | |
| kadonotakashi | 0:8fdf9a60065b | 6778 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6779 | * Initialize an SSL context |
| kadonotakashi | 0:8fdf9a60065b | 6780 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6781 | void mbedtls_ssl_init( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 6782 | { |
| kadonotakashi | 0:8fdf9a60065b | 6783 | memset( ssl, 0, sizeof( mbedtls_ssl_context ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6784 | } |
| kadonotakashi | 0:8fdf9a60065b | 6785 | |
| kadonotakashi | 0:8fdf9a60065b | 6786 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6787 | * Setup an SSL context |
| kadonotakashi | 0:8fdf9a60065b | 6788 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6789 | |
| kadonotakashi | 0:8fdf9a60065b | 6790 | static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 6791 | { |
| kadonotakashi | 0:8fdf9a60065b | 6792 | /* Set the incoming and outgoing record pointers. */ |
| kadonotakashi | 0:8fdf9a60065b | 6793 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 6794 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 6795 | { |
| kadonotakashi | 0:8fdf9a60065b | 6796 | ssl->out_hdr = ssl->out_buf; |
| kadonotakashi | 0:8fdf9a60065b | 6797 | ssl->in_hdr = ssl->in_buf; |
| kadonotakashi | 0:8fdf9a60065b | 6798 | } |
| kadonotakashi | 0:8fdf9a60065b | 6799 | else |
| kadonotakashi | 0:8fdf9a60065b | 6800 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 6801 | { |
| kadonotakashi | 0:8fdf9a60065b | 6802 | ssl->out_hdr = ssl->out_buf + 8; |
| kadonotakashi | 0:8fdf9a60065b | 6803 | ssl->in_hdr = ssl->in_buf + 8; |
| kadonotakashi | 0:8fdf9a60065b | 6804 | } |
| kadonotakashi | 0:8fdf9a60065b | 6805 | |
| kadonotakashi | 0:8fdf9a60065b | 6806 | /* Derive other internal pointers. */ |
| kadonotakashi | 0:8fdf9a60065b | 6807 | ssl_update_out_pointers( ssl, NULL /* no transform enabled */ ); |
| kadonotakashi | 0:8fdf9a60065b | 6808 | ssl_update_in_pointers ( ssl, NULL /* no transform enabled */ ); |
| kadonotakashi | 0:8fdf9a60065b | 6809 | } |
| kadonotakashi | 0:8fdf9a60065b | 6810 | |
| kadonotakashi | 0:8fdf9a60065b | 6811 | int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 6812 | const mbedtls_ssl_config *conf ) |
| kadonotakashi | 0:8fdf9a60065b | 6813 | { |
| kadonotakashi | 0:8fdf9a60065b | 6814 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 6815 | |
| kadonotakashi | 0:8fdf9a60065b | 6816 | ssl->conf = conf; |
| kadonotakashi | 0:8fdf9a60065b | 6817 | |
| kadonotakashi | 0:8fdf9a60065b | 6818 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6819 | * Prepare base structures |
| kadonotakashi | 0:8fdf9a60065b | 6820 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6821 | |
| kadonotakashi | 0:8fdf9a60065b | 6822 | /* Set to NULL in case of an error condition */ |
| kadonotakashi | 0:8fdf9a60065b | 6823 | ssl->out_buf = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6824 | |
| kadonotakashi | 0:8fdf9a60065b | 6825 | ssl->in_buf = mbedtls_calloc( 1, MBEDTLS_SSL_IN_BUFFER_LEN ); |
| kadonotakashi | 0:8fdf9a60065b | 6826 | if( ssl->in_buf == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 6827 | { |
| kadonotakashi | 0:8fdf9a60065b | 6828 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_IN_BUFFER_LEN) ); |
| kadonotakashi | 0:8fdf9a60065b | 6829 | ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; |
| kadonotakashi | 0:8fdf9a60065b | 6830 | goto error; |
| kadonotakashi | 0:8fdf9a60065b | 6831 | } |
| kadonotakashi | 0:8fdf9a60065b | 6832 | |
| kadonotakashi | 0:8fdf9a60065b | 6833 | ssl->out_buf = mbedtls_calloc( 1, MBEDTLS_SSL_OUT_BUFFER_LEN ); |
| kadonotakashi | 0:8fdf9a60065b | 6834 | if( ssl->out_buf == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 6835 | { |
| kadonotakashi | 0:8fdf9a60065b | 6836 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_OUT_BUFFER_LEN) ); |
| kadonotakashi | 0:8fdf9a60065b | 6837 | ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; |
| kadonotakashi | 0:8fdf9a60065b | 6838 | goto error; |
| kadonotakashi | 0:8fdf9a60065b | 6839 | } |
| kadonotakashi | 0:8fdf9a60065b | 6840 | |
| kadonotakashi | 0:8fdf9a60065b | 6841 | ssl_reset_in_out_pointers( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 6842 | |
| kadonotakashi | 0:8fdf9a60065b | 6843 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6844 | goto error; |
| kadonotakashi | 0:8fdf9a60065b | 6845 | |
| kadonotakashi | 0:8fdf9a60065b | 6846 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 6847 | |
| kadonotakashi | 0:8fdf9a60065b | 6848 | error: |
| kadonotakashi | 0:8fdf9a60065b | 6849 | mbedtls_free( ssl->in_buf ); |
| kadonotakashi | 0:8fdf9a60065b | 6850 | mbedtls_free( ssl->out_buf ); |
| kadonotakashi | 0:8fdf9a60065b | 6851 | |
| kadonotakashi | 0:8fdf9a60065b | 6852 | ssl->conf = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6853 | |
| kadonotakashi | 0:8fdf9a60065b | 6854 | ssl->in_buf = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6855 | ssl->out_buf = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6856 | |
| kadonotakashi | 0:8fdf9a60065b | 6857 | ssl->in_hdr = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6858 | ssl->in_ctr = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6859 | ssl->in_len = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6860 | ssl->in_iv = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6861 | ssl->in_msg = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6862 | |
| kadonotakashi | 0:8fdf9a60065b | 6863 | ssl->out_hdr = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6864 | ssl->out_ctr = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6865 | ssl->out_len = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6866 | ssl->out_iv = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6867 | ssl->out_msg = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6868 | |
| kadonotakashi | 0:8fdf9a60065b | 6869 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 6870 | } |
| kadonotakashi | 0:8fdf9a60065b | 6871 | |
| kadonotakashi | 0:8fdf9a60065b | 6872 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6873 | * Reset an initialized and used SSL context for re-use while retaining |
| kadonotakashi | 0:8fdf9a60065b | 6874 | * all application-set variables, function pointers and data. |
| kadonotakashi | 0:8fdf9a60065b | 6875 | * |
| kadonotakashi | 0:8fdf9a60065b | 6876 | * If partial is non-zero, keep data in the input buffer and client ID. |
| kadonotakashi | 0:8fdf9a60065b | 6877 | * (Use when a DTLS client reconnects from the same port.) |
| kadonotakashi | 0:8fdf9a60065b | 6878 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6879 | static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) |
| kadonotakashi | 0:8fdf9a60065b | 6880 | { |
| kadonotakashi | 0:8fdf9a60065b | 6881 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 6882 | |
| kadonotakashi | 0:8fdf9a60065b | 6883 | #if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || \ |
| kadonotakashi | 0:8fdf9a60065b | 6884 | !defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 6885 | ((void) partial); |
| kadonotakashi | 0:8fdf9a60065b | 6886 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6887 | |
| kadonotakashi | 0:8fdf9a60065b | 6888 | ssl->state = MBEDTLS_SSL_HELLO_REQUEST; |
| kadonotakashi | 0:8fdf9a60065b | 6889 | |
| kadonotakashi | 0:8fdf9a60065b | 6890 | /* Cancel any possibly running timer */ |
| kadonotakashi | 0:8fdf9a60065b | 6891 | ssl_set_timer( ssl, 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 6892 | |
| kadonotakashi | 0:8fdf9a60065b | 6893 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 6894 | ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; |
| kadonotakashi | 0:8fdf9a60065b | 6895 | ssl->renego_records_seen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6896 | |
| kadonotakashi | 0:8fdf9a60065b | 6897 | ssl->verify_data_len = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6898 | memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); |
| kadonotakashi | 0:8fdf9a60065b | 6899 | memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); |
| kadonotakashi | 0:8fdf9a60065b | 6900 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6901 | ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; |
| kadonotakashi | 0:8fdf9a60065b | 6902 | |
| kadonotakashi | 0:8fdf9a60065b | 6903 | ssl->in_offt = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6904 | ssl_reset_in_out_pointers( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 6905 | |
| kadonotakashi | 0:8fdf9a60065b | 6906 | ssl->in_msgtype = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6907 | ssl->in_msglen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6908 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 6909 | ssl->next_record_offset = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6910 | ssl->in_epoch = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6911 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6912 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| kadonotakashi | 0:8fdf9a60065b | 6913 | ssl_dtls_replay_reset( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 6914 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6915 | |
| kadonotakashi | 0:8fdf9a60065b | 6916 | ssl->in_hslen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6917 | ssl->nb_zero = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6918 | |
| kadonotakashi | 0:8fdf9a60065b | 6919 | ssl->keep_current_message = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6920 | |
| kadonotakashi | 0:8fdf9a60065b | 6921 | ssl->out_msgtype = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6922 | ssl->out_msglen = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6923 | ssl->out_left = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6924 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
| kadonotakashi | 0:8fdf9a60065b | 6925 | if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ) |
| kadonotakashi | 0:8fdf9a60065b | 6926 | ssl->split_done = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6927 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6928 | |
| kadonotakashi | 0:8fdf9a60065b | 6929 | memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6930 | |
| kadonotakashi | 0:8fdf9a60065b | 6931 | ssl->transform_in = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6932 | ssl->transform_out = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6933 | |
| kadonotakashi | 0:8fdf9a60065b | 6934 | ssl->session_in = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6935 | ssl->session_out = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6936 | |
| kadonotakashi | 0:8fdf9a60065b | 6937 | memset( ssl->out_buf, 0, MBEDTLS_SSL_OUT_BUFFER_LEN ); |
| kadonotakashi | 0:8fdf9a60065b | 6938 | |
| kadonotakashi | 0:8fdf9a60065b | 6939 | #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 6940 | if( partial == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6941 | #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ |
| kadonotakashi | 0:8fdf9a60065b | 6942 | { |
| kadonotakashi | 0:8fdf9a60065b | 6943 | ssl->in_left = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6944 | memset( ssl->in_buf, 0, MBEDTLS_SSL_IN_BUFFER_LEN ); |
| kadonotakashi | 0:8fdf9a60065b | 6945 | } |
| kadonotakashi | 0:8fdf9a60065b | 6946 | |
| kadonotakashi | 0:8fdf9a60065b | 6947 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| kadonotakashi | 0:8fdf9a60065b | 6948 | if( mbedtls_ssl_hw_record_reset != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 6949 | { |
| kadonotakashi | 0:8fdf9a60065b | 6950 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_reset()" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 6951 | if( ( ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6952 | { |
| kadonotakashi | 0:8fdf9a60065b | 6953 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_reset", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 6954 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 6955 | } |
| kadonotakashi | 0:8fdf9a60065b | 6956 | } |
| kadonotakashi | 0:8fdf9a60065b | 6957 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6958 | |
| kadonotakashi | 0:8fdf9a60065b | 6959 | if( ssl->transform ) |
| kadonotakashi | 0:8fdf9a60065b | 6960 | { |
| kadonotakashi | 0:8fdf9a60065b | 6961 | mbedtls_ssl_transform_free( ssl->transform ); |
| kadonotakashi | 0:8fdf9a60065b | 6962 | mbedtls_free( ssl->transform ); |
| kadonotakashi | 0:8fdf9a60065b | 6963 | ssl->transform = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6964 | } |
| kadonotakashi | 0:8fdf9a60065b | 6965 | |
| kadonotakashi | 0:8fdf9a60065b | 6966 | if( ssl->session ) |
| kadonotakashi | 0:8fdf9a60065b | 6967 | { |
| kadonotakashi | 0:8fdf9a60065b | 6968 | mbedtls_ssl_session_free( ssl->session ); |
| kadonotakashi | 0:8fdf9a60065b | 6969 | mbedtls_free( ssl->session ); |
| kadonotakashi | 0:8fdf9a60065b | 6970 | ssl->session = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6971 | } |
| kadonotakashi | 0:8fdf9a60065b | 6972 | |
| kadonotakashi | 0:8fdf9a60065b | 6973 | #if defined(MBEDTLS_SSL_ALPN) |
| kadonotakashi | 0:8fdf9a60065b | 6974 | ssl->alpn_chosen = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6975 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6976 | |
| kadonotakashi | 0:8fdf9a60065b | 6977 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 6978 | #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) |
| kadonotakashi | 0:8fdf9a60065b | 6979 | if( partial == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6980 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6981 | { |
| kadonotakashi | 0:8fdf9a60065b | 6982 | mbedtls_free( ssl->cli_id ); |
| kadonotakashi | 0:8fdf9a60065b | 6983 | ssl->cli_id = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 6984 | ssl->cli_id_len = 0; |
| kadonotakashi | 0:8fdf9a60065b | 6985 | } |
| kadonotakashi | 0:8fdf9a60065b | 6986 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 6987 | |
| kadonotakashi | 0:8fdf9a60065b | 6988 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 6989 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 6990 | |
| kadonotakashi | 0:8fdf9a60065b | 6991 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 6992 | } |
| kadonotakashi | 0:8fdf9a60065b | 6993 | |
| kadonotakashi | 0:8fdf9a60065b | 6994 | /* |
| kadonotakashi | 0:8fdf9a60065b | 6995 | * Reset an initialized and used SSL context for re-use while retaining |
| kadonotakashi | 0:8fdf9a60065b | 6996 | * all application-set variables, function pointers and data. |
| kadonotakashi | 0:8fdf9a60065b | 6997 | */ |
| kadonotakashi | 0:8fdf9a60065b | 6998 | int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 6999 | { |
| kadonotakashi | 0:8fdf9a60065b | 7000 | return( ssl_session_reset_int( ssl, 0 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7001 | } |
| kadonotakashi | 0:8fdf9a60065b | 7002 | |
| kadonotakashi | 0:8fdf9a60065b | 7003 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7004 | * SSL set accessors |
| kadonotakashi | 0:8fdf9a60065b | 7005 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7006 | void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ) |
| kadonotakashi | 0:8fdf9a60065b | 7007 | { |
| kadonotakashi | 0:8fdf9a60065b | 7008 | conf->endpoint = endpoint; |
| kadonotakashi | 0:8fdf9a60065b | 7009 | } |
| kadonotakashi | 0:8fdf9a60065b | 7010 | |
| kadonotakashi | 0:8fdf9a60065b | 7011 | void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ) |
| kadonotakashi | 0:8fdf9a60065b | 7012 | { |
| kadonotakashi | 0:8fdf9a60065b | 7013 | conf->transport = transport; |
| kadonotakashi | 0:8fdf9a60065b | 7014 | } |
| kadonotakashi | 0:8fdf9a60065b | 7015 | |
| kadonotakashi | 0:8fdf9a60065b | 7016 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| kadonotakashi | 0:8fdf9a60065b | 7017 | void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ) |
| kadonotakashi | 0:8fdf9a60065b | 7018 | { |
| kadonotakashi | 0:8fdf9a60065b | 7019 | conf->anti_replay = mode; |
| kadonotakashi | 0:8fdf9a60065b | 7020 | } |
| kadonotakashi | 0:8fdf9a60065b | 7021 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7022 | |
| kadonotakashi | 0:8fdf9a60065b | 7023 | #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) |
| kadonotakashi | 0:8fdf9a60065b | 7024 | void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ) |
| kadonotakashi | 0:8fdf9a60065b | 7025 | { |
| kadonotakashi | 0:8fdf9a60065b | 7026 | conf->badmac_limit = limit; |
| kadonotakashi | 0:8fdf9a60065b | 7027 | } |
| kadonotakashi | 0:8fdf9a60065b | 7028 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7029 | |
| kadonotakashi | 0:8fdf9a60065b | 7030 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 7031 | |
| kadonotakashi | 0:8fdf9a60065b | 7032 | void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 7033 | unsigned allow_packing ) |
| kadonotakashi | 0:8fdf9a60065b | 7034 | { |
| kadonotakashi | 0:8fdf9a60065b | 7035 | ssl->disable_datagram_packing = !allow_packing; |
| kadonotakashi | 0:8fdf9a60065b | 7036 | } |
| kadonotakashi | 0:8fdf9a60065b | 7037 | |
| kadonotakashi | 0:8fdf9a60065b | 7038 | void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7039 | uint32_t min, uint32_t max ) |
| kadonotakashi | 0:8fdf9a60065b | 7040 | { |
| kadonotakashi | 0:8fdf9a60065b | 7041 | conf->hs_timeout_min = min; |
| kadonotakashi | 0:8fdf9a60065b | 7042 | conf->hs_timeout_max = max; |
| kadonotakashi | 0:8fdf9a60065b | 7043 | } |
| kadonotakashi | 0:8fdf9a60065b | 7044 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7045 | |
| kadonotakashi | 0:8fdf9a60065b | 7046 | void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ) |
| kadonotakashi | 0:8fdf9a60065b | 7047 | { |
| kadonotakashi | 0:8fdf9a60065b | 7048 | conf->authmode = authmode; |
| kadonotakashi | 0:8fdf9a60065b | 7049 | } |
| kadonotakashi | 0:8fdf9a60065b | 7050 | |
| kadonotakashi | 0:8fdf9a60065b | 7051 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| kadonotakashi | 0:8fdf9a60065b | 7052 | void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7053 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
| kadonotakashi | 0:8fdf9a60065b | 7054 | void *p_vrfy ) |
| kadonotakashi | 0:8fdf9a60065b | 7055 | { |
| kadonotakashi | 0:8fdf9a60065b | 7056 | conf->f_vrfy = f_vrfy; |
| kadonotakashi | 0:8fdf9a60065b | 7057 | conf->p_vrfy = p_vrfy; |
| kadonotakashi | 0:8fdf9a60065b | 7058 | } |
| kadonotakashi | 0:8fdf9a60065b | 7059 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| kadonotakashi | 0:8fdf9a60065b | 7060 | |
| kadonotakashi | 0:8fdf9a60065b | 7061 | void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7062 | int (*f_rng)(void *, unsigned char *, size_t), |
| kadonotakashi | 0:8fdf9a60065b | 7063 | void *p_rng ) |
| kadonotakashi | 0:8fdf9a60065b | 7064 | { |
| kadonotakashi | 0:8fdf9a60065b | 7065 | conf->f_rng = f_rng; |
| kadonotakashi | 0:8fdf9a60065b | 7066 | conf->p_rng = p_rng; |
| kadonotakashi | 0:8fdf9a60065b | 7067 | } |
| kadonotakashi | 0:8fdf9a60065b | 7068 | |
| kadonotakashi | 0:8fdf9a60065b | 7069 | void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7070 | void (*f_dbg)(void *, int, const char *, int, const char *), |
| kadonotakashi | 0:8fdf9a60065b | 7071 | void *p_dbg ) |
| kadonotakashi | 0:8fdf9a60065b | 7072 | { |
| kadonotakashi | 0:8fdf9a60065b | 7073 | conf->f_dbg = f_dbg; |
| kadonotakashi | 0:8fdf9a60065b | 7074 | conf->p_dbg = p_dbg; |
| kadonotakashi | 0:8fdf9a60065b | 7075 | } |
| kadonotakashi | 0:8fdf9a60065b | 7076 | |
| kadonotakashi | 0:8fdf9a60065b | 7077 | void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 7078 | void *p_bio, |
| kadonotakashi | 0:8fdf9a60065b | 7079 | mbedtls_ssl_send_t *f_send, |
| kadonotakashi | 0:8fdf9a60065b | 7080 | mbedtls_ssl_recv_t *f_recv, |
| kadonotakashi | 0:8fdf9a60065b | 7081 | mbedtls_ssl_recv_timeout_t *f_recv_timeout ) |
| kadonotakashi | 0:8fdf9a60065b | 7082 | { |
| kadonotakashi | 0:8fdf9a60065b | 7083 | ssl->p_bio = p_bio; |
| kadonotakashi | 0:8fdf9a60065b | 7084 | ssl->f_send = f_send; |
| kadonotakashi | 0:8fdf9a60065b | 7085 | ssl->f_recv = f_recv; |
| kadonotakashi | 0:8fdf9a60065b | 7086 | ssl->f_recv_timeout = f_recv_timeout; |
| kadonotakashi | 0:8fdf9a60065b | 7087 | } |
| kadonotakashi | 0:8fdf9a60065b | 7088 | |
| kadonotakashi | 0:8fdf9a60065b | 7089 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 7090 | void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ) |
| kadonotakashi | 0:8fdf9a60065b | 7091 | { |
| kadonotakashi | 0:8fdf9a60065b | 7092 | ssl->mtu = mtu; |
| kadonotakashi | 0:8fdf9a60065b | 7093 | } |
| kadonotakashi | 0:8fdf9a60065b | 7094 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7095 | |
| kadonotakashi | 0:8fdf9a60065b | 7096 | void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) |
| kadonotakashi | 0:8fdf9a60065b | 7097 | { |
| kadonotakashi | 0:8fdf9a60065b | 7098 | conf->read_timeout = timeout; |
| kadonotakashi | 0:8fdf9a60065b | 7099 | } |
| kadonotakashi | 0:8fdf9a60065b | 7100 | |
| kadonotakashi | 0:8fdf9a60065b | 7101 | void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 7102 | void *p_timer, |
| kadonotakashi | 0:8fdf9a60065b | 7103 | mbedtls_ssl_set_timer_t *f_set_timer, |
| kadonotakashi | 0:8fdf9a60065b | 7104 | mbedtls_ssl_get_timer_t *f_get_timer ) |
| kadonotakashi | 0:8fdf9a60065b | 7105 | { |
| kadonotakashi | 0:8fdf9a60065b | 7106 | ssl->p_timer = p_timer; |
| kadonotakashi | 0:8fdf9a60065b | 7107 | ssl->f_set_timer = f_set_timer; |
| kadonotakashi | 0:8fdf9a60065b | 7108 | ssl->f_get_timer = f_get_timer; |
| kadonotakashi | 0:8fdf9a60065b | 7109 | |
| kadonotakashi | 0:8fdf9a60065b | 7110 | /* Make sure we start with no timer running */ |
| kadonotakashi | 0:8fdf9a60065b | 7111 | ssl_set_timer( ssl, 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 7112 | } |
| kadonotakashi | 0:8fdf9a60065b | 7113 | |
| kadonotakashi | 0:8fdf9a60065b | 7114 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 7115 | void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7116 | void *p_cache, |
| kadonotakashi | 0:8fdf9a60065b | 7117 | int (*f_get_cache)(void *, mbedtls_ssl_session *), |
| kadonotakashi | 0:8fdf9a60065b | 7118 | int (*f_set_cache)(void *, const mbedtls_ssl_session *) ) |
| kadonotakashi | 0:8fdf9a60065b | 7119 | { |
| kadonotakashi | 0:8fdf9a60065b | 7120 | conf->p_cache = p_cache; |
| kadonotakashi | 0:8fdf9a60065b | 7121 | conf->f_get_cache = f_get_cache; |
| kadonotakashi | 0:8fdf9a60065b | 7122 | conf->f_set_cache = f_set_cache; |
| kadonotakashi | 0:8fdf9a60065b | 7123 | } |
| kadonotakashi | 0:8fdf9a60065b | 7124 | #endif /* MBEDTLS_SSL_SRV_C */ |
| kadonotakashi | 0:8fdf9a60065b | 7125 | |
| kadonotakashi | 0:8fdf9a60065b | 7126 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 7127 | int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ) |
| kadonotakashi | 0:8fdf9a60065b | 7128 | { |
| kadonotakashi | 0:8fdf9a60065b | 7129 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 7130 | |
| kadonotakashi | 0:8fdf9a60065b | 7131 | if( ssl == NULL || |
| kadonotakashi | 0:8fdf9a60065b | 7132 | session == NULL || |
| kadonotakashi | 0:8fdf9a60065b | 7133 | ssl->session_negotiate == NULL || |
| kadonotakashi | 0:8fdf9a60065b | 7134 | ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) |
| kadonotakashi | 0:8fdf9a60065b | 7135 | { |
| kadonotakashi | 0:8fdf9a60065b | 7136 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 7137 | } |
| kadonotakashi | 0:8fdf9a60065b | 7138 | |
| kadonotakashi | 0:8fdf9a60065b | 7139 | if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 7140 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 7141 | |
| kadonotakashi | 0:8fdf9a60065b | 7142 | ssl->handshake->resume = 1; |
| kadonotakashi | 0:8fdf9a60065b | 7143 | |
| kadonotakashi | 0:8fdf9a60065b | 7144 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 7145 | } |
| kadonotakashi | 0:8fdf9a60065b | 7146 | #endif /* MBEDTLS_SSL_CLI_C */ |
| kadonotakashi | 0:8fdf9a60065b | 7147 | |
| kadonotakashi | 0:8fdf9a60065b | 7148 | void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7149 | const int *ciphersuites ) |
| kadonotakashi | 0:8fdf9a60065b | 7150 | { |
| kadonotakashi | 0:8fdf9a60065b | 7151 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites; |
| kadonotakashi | 0:8fdf9a60065b | 7152 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites; |
| kadonotakashi | 0:8fdf9a60065b | 7153 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites; |
| kadonotakashi | 0:8fdf9a60065b | 7154 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites; |
| kadonotakashi | 0:8fdf9a60065b | 7155 | } |
| kadonotakashi | 0:8fdf9a60065b | 7156 | |
| kadonotakashi | 0:8fdf9a60065b | 7157 | void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7158 | const int *ciphersuites, |
| kadonotakashi | 0:8fdf9a60065b | 7159 | int major, int minor ) |
| kadonotakashi | 0:8fdf9a60065b | 7160 | { |
| kadonotakashi | 0:8fdf9a60065b | 7161 | if( major != MBEDTLS_SSL_MAJOR_VERSION_3 ) |
| kadonotakashi | 0:8fdf9a60065b | 7162 | return; |
| kadonotakashi | 0:8fdf9a60065b | 7163 | |
| kadonotakashi | 0:8fdf9a60065b | 7164 | if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 ) |
| kadonotakashi | 0:8fdf9a60065b | 7165 | return; |
| kadonotakashi | 0:8fdf9a60065b | 7166 | |
| kadonotakashi | 0:8fdf9a60065b | 7167 | conf->ciphersuite_list[minor] = ciphersuites; |
| kadonotakashi | 0:8fdf9a60065b | 7168 | } |
| kadonotakashi | 0:8fdf9a60065b | 7169 | |
| kadonotakashi | 0:8fdf9a60065b | 7170 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| kadonotakashi | 0:8fdf9a60065b | 7171 | void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7172 | const mbedtls_x509_crt_profile *profile ) |
| kadonotakashi | 0:8fdf9a60065b | 7173 | { |
| kadonotakashi | 0:8fdf9a60065b | 7174 | conf->cert_profile = profile; |
| kadonotakashi | 0:8fdf9a60065b | 7175 | } |
| kadonotakashi | 0:8fdf9a60065b | 7176 | |
| kadonotakashi | 0:8fdf9a60065b | 7177 | /* Append a new keycert entry to a (possibly empty) list */ |
| kadonotakashi | 0:8fdf9a60065b | 7178 | static int ssl_append_key_cert( mbedtls_ssl_key_cert **head, |
| kadonotakashi | 0:8fdf9a60065b | 7179 | mbedtls_x509_crt *cert, |
| kadonotakashi | 0:8fdf9a60065b | 7180 | mbedtls_pk_context *key ) |
| kadonotakashi | 0:8fdf9a60065b | 7181 | { |
| kadonotakashi | 0:8fdf9a60065b | 7182 | mbedtls_ssl_key_cert *new_cert; |
| kadonotakashi | 0:8fdf9a60065b | 7183 | |
| kadonotakashi | 0:8fdf9a60065b | 7184 | new_cert = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7185 | if( new_cert == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7186 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 7187 | |
| kadonotakashi | 0:8fdf9a60065b | 7188 | new_cert->cert = cert; |
| kadonotakashi | 0:8fdf9a60065b | 7189 | new_cert->key = key; |
| kadonotakashi | 0:8fdf9a60065b | 7190 | new_cert->next = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 7191 | |
| kadonotakashi | 0:8fdf9a60065b | 7192 | /* Update head is the list was null, else add to the end */ |
| kadonotakashi | 0:8fdf9a60065b | 7193 | if( *head == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7194 | { |
| kadonotakashi | 0:8fdf9a60065b | 7195 | *head = new_cert; |
| kadonotakashi | 0:8fdf9a60065b | 7196 | } |
| kadonotakashi | 0:8fdf9a60065b | 7197 | else |
| kadonotakashi | 0:8fdf9a60065b | 7198 | { |
| kadonotakashi | 0:8fdf9a60065b | 7199 | mbedtls_ssl_key_cert *cur = *head; |
| kadonotakashi | 0:8fdf9a60065b | 7200 | while( cur->next != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7201 | cur = cur->next; |
| kadonotakashi | 0:8fdf9a60065b | 7202 | cur->next = new_cert; |
| kadonotakashi | 0:8fdf9a60065b | 7203 | } |
| kadonotakashi | 0:8fdf9a60065b | 7204 | |
| kadonotakashi | 0:8fdf9a60065b | 7205 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 7206 | } |
| kadonotakashi | 0:8fdf9a60065b | 7207 | |
| kadonotakashi | 0:8fdf9a60065b | 7208 | int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7209 | mbedtls_x509_crt *own_cert, |
| kadonotakashi | 0:8fdf9a60065b | 7210 | mbedtls_pk_context *pk_key ) |
| kadonotakashi | 0:8fdf9a60065b | 7211 | { |
| kadonotakashi | 0:8fdf9a60065b | 7212 | return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7213 | } |
| kadonotakashi | 0:8fdf9a60065b | 7214 | |
| kadonotakashi | 0:8fdf9a60065b | 7215 | void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7216 | mbedtls_x509_crt *ca_chain, |
| kadonotakashi | 0:8fdf9a60065b | 7217 | mbedtls_x509_crl *ca_crl ) |
| kadonotakashi | 0:8fdf9a60065b | 7218 | { |
| kadonotakashi | 0:8fdf9a60065b | 7219 | conf->ca_chain = ca_chain; |
| kadonotakashi | 0:8fdf9a60065b | 7220 | conf->ca_crl = ca_crl; |
| kadonotakashi | 0:8fdf9a60065b | 7221 | } |
| kadonotakashi | 0:8fdf9a60065b | 7222 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| kadonotakashi | 0:8fdf9a60065b | 7223 | |
| kadonotakashi | 0:8fdf9a60065b | 7224 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| kadonotakashi | 0:8fdf9a60065b | 7225 | int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 7226 | mbedtls_x509_crt *own_cert, |
| kadonotakashi | 0:8fdf9a60065b | 7227 | mbedtls_pk_context *pk_key ) |
| kadonotakashi | 0:8fdf9a60065b | 7228 | { |
| kadonotakashi | 0:8fdf9a60065b | 7229 | return( ssl_append_key_cert( &ssl->handshake->sni_key_cert, |
| kadonotakashi | 0:8fdf9a60065b | 7230 | own_cert, pk_key ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7231 | } |
| kadonotakashi | 0:8fdf9a60065b | 7232 | |
| kadonotakashi | 0:8fdf9a60065b | 7233 | void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 7234 | mbedtls_x509_crt *ca_chain, |
| kadonotakashi | 0:8fdf9a60065b | 7235 | mbedtls_x509_crl *ca_crl ) |
| kadonotakashi | 0:8fdf9a60065b | 7236 | { |
| kadonotakashi | 0:8fdf9a60065b | 7237 | ssl->handshake->sni_ca_chain = ca_chain; |
| kadonotakashi | 0:8fdf9a60065b | 7238 | ssl->handshake->sni_ca_crl = ca_crl; |
| kadonotakashi | 0:8fdf9a60065b | 7239 | } |
| kadonotakashi | 0:8fdf9a60065b | 7240 | |
| kadonotakashi | 0:8fdf9a60065b | 7241 | void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 7242 | int authmode ) |
| kadonotakashi | 0:8fdf9a60065b | 7243 | { |
| kadonotakashi | 0:8fdf9a60065b | 7244 | ssl->handshake->sni_authmode = authmode; |
| kadonotakashi | 0:8fdf9a60065b | 7245 | } |
| kadonotakashi | 0:8fdf9a60065b | 7246 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
| kadonotakashi | 0:8fdf9a60065b | 7247 | |
| kadonotakashi | 0:8fdf9a60065b | 7248 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 7249 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7250 | * Set EC J-PAKE password for current handshake |
| kadonotakashi | 0:8fdf9a60065b | 7251 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7252 | int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 7253 | const unsigned char *pw, |
| kadonotakashi | 0:8fdf9a60065b | 7254 | size_t pw_len ) |
| kadonotakashi | 0:8fdf9a60065b | 7255 | { |
| kadonotakashi | 0:8fdf9a60065b | 7256 | mbedtls_ecjpake_role role; |
| kadonotakashi | 0:8fdf9a60065b | 7257 | |
| kadonotakashi | 0:8fdf9a60065b | 7258 | if( ssl->handshake == NULL || ssl->conf == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7259 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 7260 | |
| kadonotakashi | 0:8fdf9a60065b | 7261 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| kadonotakashi | 0:8fdf9a60065b | 7262 | role = MBEDTLS_ECJPAKE_SERVER; |
| kadonotakashi | 0:8fdf9a60065b | 7263 | else |
| kadonotakashi | 0:8fdf9a60065b | 7264 | role = MBEDTLS_ECJPAKE_CLIENT; |
| kadonotakashi | 0:8fdf9a60065b | 7265 | |
| kadonotakashi | 0:8fdf9a60065b | 7266 | return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx, |
| kadonotakashi | 0:8fdf9a60065b | 7267 | role, |
| kadonotakashi | 0:8fdf9a60065b | 7268 | MBEDTLS_MD_SHA256, |
| kadonotakashi | 0:8fdf9a60065b | 7269 | MBEDTLS_ECP_DP_SECP256R1, |
| kadonotakashi | 0:8fdf9a60065b | 7270 | pw, pw_len ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7271 | } |
| kadonotakashi | 0:8fdf9a60065b | 7272 | #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
| kadonotakashi | 0:8fdf9a60065b | 7273 | |
| kadonotakashi | 0:8fdf9a60065b | 7274 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 7275 | int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7276 | const unsigned char *psk, size_t psk_len, |
| kadonotakashi | 0:8fdf9a60065b | 7277 | const unsigned char *psk_identity, size_t psk_identity_len ) |
| kadonotakashi | 0:8fdf9a60065b | 7278 | { |
| kadonotakashi | 0:8fdf9a60065b | 7279 | if( psk == NULL || psk_identity == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7280 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 7281 | |
| kadonotakashi | 0:8fdf9a60065b | 7282 | if( psk_len > MBEDTLS_PSK_MAX_LEN ) |
| kadonotakashi | 0:8fdf9a60065b | 7283 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 7284 | |
| kadonotakashi | 0:8fdf9a60065b | 7285 | /* Identity len will be encoded on two bytes */ |
| kadonotakashi | 0:8fdf9a60065b | 7286 | if( ( psk_identity_len >> 16 ) != 0 || |
| kadonotakashi | 0:8fdf9a60065b | 7287 | psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) |
| kadonotakashi | 0:8fdf9a60065b | 7288 | { |
| kadonotakashi | 0:8fdf9a60065b | 7289 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 7290 | } |
| kadonotakashi | 0:8fdf9a60065b | 7291 | |
| kadonotakashi | 0:8fdf9a60065b | 7292 | if( conf->psk != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7293 | { |
| kadonotakashi | 0:8fdf9a60065b | 7294 | mbedtls_platform_zeroize( conf->psk, conf->psk_len ); |
| kadonotakashi | 0:8fdf9a60065b | 7295 | |
| kadonotakashi | 0:8fdf9a60065b | 7296 | mbedtls_free( conf->psk ); |
| kadonotakashi | 0:8fdf9a60065b | 7297 | conf->psk = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 7298 | conf->psk_len = 0; |
| kadonotakashi | 0:8fdf9a60065b | 7299 | } |
| kadonotakashi | 0:8fdf9a60065b | 7300 | if( conf->psk_identity != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7301 | { |
| kadonotakashi | 0:8fdf9a60065b | 7302 | mbedtls_free( conf->psk_identity ); |
| kadonotakashi | 0:8fdf9a60065b | 7303 | conf->psk_identity = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 7304 | conf->psk_identity_len = 0; |
| kadonotakashi | 0:8fdf9a60065b | 7305 | } |
| kadonotakashi | 0:8fdf9a60065b | 7306 | |
| kadonotakashi | 0:8fdf9a60065b | 7307 | if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL || |
| kadonotakashi | 0:8fdf9a60065b | 7308 | ( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7309 | { |
| kadonotakashi | 0:8fdf9a60065b | 7310 | mbedtls_free( conf->psk ); |
| kadonotakashi | 0:8fdf9a60065b | 7311 | mbedtls_free( conf->psk_identity ); |
| kadonotakashi | 0:8fdf9a60065b | 7312 | conf->psk = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 7313 | conf->psk_identity = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 7314 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 7315 | } |
| kadonotakashi | 0:8fdf9a60065b | 7316 | |
| kadonotakashi | 0:8fdf9a60065b | 7317 | conf->psk_len = psk_len; |
| kadonotakashi | 0:8fdf9a60065b | 7318 | conf->psk_identity_len = psk_identity_len; |
| kadonotakashi | 0:8fdf9a60065b | 7319 | |
| kadonotakashi | 0:8fdf9a60065b | 7320 | memcpy( conf->psk, psk, conf->psk_len ); |
| kadonotakashi | 0:8fdf9a60065b | 7321 | memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len ); |
| kadonotakashi | 0:8fdf9a60065b | 7322 | |
| kadonotakashi | 0:8fdf9a60065b | 7323 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 7324 | } |
| kadonotakashi | 0:8fdf9a60065b | 7325 | |
| kadonotakashi | 0:8fdf9a60065b | 7326 | int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 7327 | const unsigned char *psk, size_t psk_len ) |
| kadonotakashi | 0:8fdf9a60065b | 7328 | { |
| kadonotakashi | 0:8fdf9a60065b | 7329 | if( psk == NULL || ssl->handshake == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7330 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 7331 | |
| kadonotakashi | 0:8fdf9a60065b | 7332 | if( psk_len > MBEDTLS_PSK_MAX_LEN ) |
| kadonotakashi | 0:8fdf9a60065b | 7333 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 7334 | |
| kadonotakashi | 0:8fdf9a60065b | 7335 | if( ssl->handshake->psk != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7336 | { |
| kadonotakashi | 0:8fdf9a60065b | 7337 | mbedtls_platform_zeroize( ssl->handshake->psk, |
| kadonotakashi | 0:8fdf9a60065b | 7338 | ssl->handshake->psk_len ); |
| kadonotakashi | 0:8fdf9a60065b | 7339 | mbedtls_free( ssl->handshake->psk ); |
| kadonotakashi | 0:8fdf9a60065b | 7340 | ssl->handshake->psk_len = 0; |
| kadonotakashi | 0:8fdf9a60065b | 7341 | } |
| kadonotakashi | 0:8fdf9a60065b | 7342 | |
| kadonotakashi | 0:8fdf9a60065b | 7343 | if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7344 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 7345 | |
| kadonotakashi | 0:8fdf9a60065b | 7346 | ssl->handshake->psk_len = psk_len; |
| kadonotakashi | 0:8fdf9a60065b | 7347 | memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len ); |
| kadonotakashi | 0:8fdf9a60065b | 7348 | |
| kadonotakashi | 0:8fdf9a60065b | 7349 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 7350 | } |
| kadonotakashi | 0:8fdf9a60065b | 7351 | |
| kadonotakashi | 0:8fdf9a60065b | 7352 | void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7353 | int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, |
| kadonotakashi | 0:8fdf9a60065b | 7354 | size_t), |
| kadonotakashi | 0:8fdf9a60065b | 7355 | void *p_psk ) |
| kadonotakashi | 0:8fdf9a60065b | 7356 | { |
| kadonotakashi | 0:8fdf9a60065b | 7357 | conf->f_psk = f_psk; |
| kadonotakashi | 0:8fdf9a60065b | 7358 | conf->p_psk = p_psk; |
| kadonotakashi | 0:8fdf9a60065b | 7359 | } |
| kadonotakashi | 0:8fdf9a60065b | 7360 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
| kadonotakashi | 0:8fdf9a60065b | 7361 | |
| kadonotakashi | 0:8fdf9a60065b | 7362 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 7363 | |
| kadonotakashi | 0:8fdf9a60065b | 7364 | #if !defined(MBEDTLS_DEPRECATED_REMOVED) |
| kadonotakashi | 0:8fdf9a60065b | 7365 | int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ) |
| kadonotakashi | 0:8fdf9a60065b | 7366 | { |
| kadonotakashi | 0:8fdf9a60065b | 7367 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 7368 | |
| kadonotakashi | 0:8fdf9a60065b | 7369 | if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 || |
| kadonotakashi | 0:8fdf9a60065b | 7370 | ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 7371 | { |
| kadonotakashi | 0:8fdf9a60065b | 7372 | mbedtls_mpi_free( &conf->dhm_P ); |
| kadonotakashi | 0:8fdf9a60065b | 7373 | mbedtls_mpi_free( &conf->dhm_G ); |
| kadonotakashi | 0:8fdf9a60065b | 7374 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 7375 | } |
| kadonotakashi | 0:8fdf9a60065b | 7376 | |
| kadonotakashi | 0:8fdf9a60065b | 7377 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 7378 | } |
| kadonotakashi | 0:8fdf9a60065b | 7379 | #endif /* MBEDTLS_DEPRECATED_REMOVED */ |
| kadonotakashi | 0:8fdf9a60065b | 7380 | |
| kadonotakashi | 0:8fdf9a60065b | 7381 | int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7382 | const unsigned char *dhm_P, size_t P_len, |
| kadonotakashi | 0:8fdf9a60065b | 7383 | const unsigned char *dhm_G, size_t G_len ) |
| kadonotakashi | 0:8fdf9a60065b | 7384 | { |
| kadonotakashi | 0:8fdf9a60065b | 7385 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 7386 | |
| kadonotakashi | 0:8fdf9a60065b | 7387 | if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 || |
| kadonotakashi | 0:8fdf9a60065b | 7388 | ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 7389 | { |
| kadonotakashi | 0:8fdf9a60065b | 7390 | mbedtls_mpi_free( &conf->dhm_P ); |
| kadonotakashi | 0:8fdf9a60065b | 7391 | mbedtls_mpi_free( &conf->dhm_G ); |
| kadonotakashi | 0:8fdf9a60065b | 7392 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 7393 | } |
| kadonotakashi | 0:8fdf9a60065b | 7394 | |
| kadonotakashi | 0:8fdf9a60065b | 7395 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 7396 | } |
| kadonotakashi | 0:8fdf9a60065b | 7397 | |
| kadonotakashi | 0:8fdf9a60065b | 7398 | int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ) |
| kadonotakashi | 0:8fdf9a60065b | 7399 | { |
| kadonotakashi | 0:8fdf9a60065b | 7400 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 7401 | |
| kadonotakashi | 0:8fdf9a60065b | 7402 | if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 || |
| kadonotakashi | 0:8fdf9a60065b | 7403 | ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 7404 | { |
| kadonotakashi | 0:8fdf9a60065b | 7405 | mbedtls_mpi_free( &conf->dhm_P ); |
| kadonotakashi | 0:8fdf9a60065b | 7406 | mbedtls_mpi_free( &conf->dhm_G ); |
| kadonotakashi | 0:8fdf9a60065b | 7407 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 7408 | } |
| kadonotakashi | 0:8fdf9a60065b | 7409 | |
| kadonotakashi | 0:8fdf9a60065b | 7410 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 7411 | } |
| kadonotakashi | 0:8fdf9a60065b | 7412 | #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */ |
| kadonotakashi | 0:8fdf9a60065b | 7413 | |
| kadonotakashi | 0:8fdf9a60065b | 7414 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 7415 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7416 | * Set the minimum length for Diffie-Hellman parameters |
| kadonotakashi | 0:8fdf9a60065b | 7417 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7418 | void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7419 | unsigned int bitlen ) |
| kadonotakashi | 0:8fdf9a60065b | 7420 | { |
| kadonotakashi | 0:8fdf9a60065b | 7421 | conf->dhm_min_bitlen = bitlen; |
| kadonotakashi | 0:8fdf9a60065b | 7422 | } |
| kadonotakashi | 0:8fdf9a60065b | 7423 | #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ |
| kadonotakashi | 0:8fdf9a60065b | 7424 | |
| kadonotakashi | 0:8fdf9a60065b | 7425 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 7426 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7427 | * Set allowed/preferred hashes for handshake signatures |
| kadonotakashi | 0:8fdf9a60065b | 7428 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7429 | void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7430 | const int *hashes ) |
| kadonotakashi | 0:8fdf9a60065b | 7431 | { |
| kadonotakashi | 0:8fdf9a60065b | 7432 | conf->sig_hashes = hashes; |
| kadonotakashi | 0:8fdf9a60065b | 7433 | } |
| kadonotakashi | 0:8fdf9a60065b | 7434 | #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ |
| kadonotakashi | 0:8fdf9a60065b | 7435 | |
| kadonotakashi | 0:8fdf9a60065b | 7436 | #if defined(MBEDTLS_ECP_C) |
| kadonotakashi | 0:8fdf9a60065b | 7437 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7438 | * Set the allowed elliptic curves |
| kadonotakashi | 0:8fdf9a60065b | 7439 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7440 | void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7441 | const mbedtls_ecp_group_id *curve_list ) |
| kadonotakashi | 0:8fdf9a60065b | 7442 | { |
| kadonotakashi | 0:8fdf9a60065b | 7443 | conf->curve_list = curve_list; |
| kadonotakashi | 0:8fdf9a60065b | 7444 | } |
| kadonotakashi | 0:8fdf9a60065b | 7445 | #endif /* MBEDTLS_ECP_C */ |
| kadonotakashi | 0:8fdf9a60065b | 7446 | |
| kadonotakashi | 0:8fdf9a60065b | 7447 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| kadonotakashi | 0:8fdf9a60065b | 7448 | int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) |
| kadonotakashi | 0:8fdf9a60065b | 7449 | { |
| kadonotakashi | 0:8fdf9a60065b | 7450 | /* Initialize to suppress unnecessary compiler warning */ |
| kadonotakashi | 0:8fdf9a60065b | 7451 | size_t hostname_len = 0; |
| kadonotakashi | 0:8fdf9a60065b | 7452 | |
| kadonotakashi | 0:8fdf9a60065b | 7453 | /* Check if new hostname is valid before |
| kadonotakashi | 0:8fdf9a60065b | 7454 | * making any change to current one */ |
| kadonotakashi | 0:8fdf9a60065b | 7455 | if( hostname != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7456 | { |
| kadonotakashi | 0:8fdf9a60065b | 7457 | hostname_len = strlen( hostname ); |
| kadonotakashi | 0:8fdf9a60065b | 7458 | |
| kadonotakashi | 0:8fdf9a60065b | 7459 | if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) |
| kadonotakashi | 0:8fdf9a60065b | 7460 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 7461 | } |
| kadonotakashi | 0:8fdf9a60065b | 7462 | |
| kadonotakashi | 0:8fdf9a60065b | 7463 | /* Now it's clear that we will overwrite the old hostname, |
| kadonotakashi | 0:8fdf9a60065b | 7464 | * so we can free it safely */ |
| kadonotakashi | 0:8fdf9a60065b | 7465 | |
| kadonotakashi | 0:8fdf9a60065b | 7466 | if( ssl->hostname != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7467 | { |
| kadonotakashi | 0:8fdf9a60065b | 7468 | mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7469 | mbedtls_free( ssl->hostname ); |
| kadonotakashi | 0:8fdf9a60065b | 7470 | } |
| kadonotakashi | 0:8fdf9a60065b | 7471 | |
| kadonotakashi | 0:8fdf9a60065b | 7472 | /* Passing NULL as hostname shall clear the old one */ |
| kadonotakashi | 0:8fdf9a60065b | 7473 | |
| kadonotakashi | 0:8fdf9a60065b | 7474 | if( hostname == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7475 | { |
| kadonotakashi | 0:8fdf9a60065b | 7476 | ssl->hostname = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 7477 | } |
| kadonotakashi | 0:8fdf9a60065b | 7478 | else |
| kadonotakashi | 0:8fdf9a60065b | 7479 | { |
| kadonotakashi | 0:8fdf9a60065b | 7480 | ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 7481 | if( ssl->hostname == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7482 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| kadonotakashi | 0:8fdf9a60065b | 7483 | |
| kadonotakashi | 0:8fdf9a60065b | 7484 | memcpy( ssl->hostname, hostname, hostname_len ); |
| kadonotakashi | 0:8fdf9a60065b | 7485 | |
| kadonotakashi | 0:8fdf9a60065b | 7486 | ssl->hostname[hostname_len] = '\0'; |
| kadonotakashi | 0:8fdf9a60065b | 7487 | } |
| kadonotakashi | 0:8fdf9a60065b | 7488 | |
| kadonotakashi | 0:8fdf9a60065b | 7489 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 7490 | } |
| kadonotakashi | 0:8fdf9a60065b | 7491 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| kadonotakashi | 0:8fdf9a60065b | 7492 | |
| kadonotakashi | 0:8fdf9a60065b | 7493 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| kadonotakashi | 0:8fdf9a60065b | 7494 | void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7495 | int (*f_sni)(void *, mbedtls_ssl_context *, |
| kadonotakashi | 0:8fdf9a60065b | 7496 | const unsigned char *, size_t), |
| kadonotakashi | 0:8fdf9a60065b | 7497 | void *p_sni ) |
| kadonotakashi | 0:8fdf9a60065b | 7498 | { |
| kadonotakashi | 0:8fdf9a60065b | 7499 | conf->f_sni = f_sni; |
| kadonotakashi | 0:8fdf9a60065b | 7500 | conf->p_sni = p_sni; |
| kadonotakashi | 0:8fdf9a60065b | 7501 | } |
| kadonotakashi | 0:8fdf9a60065b | 7502 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
| kadonotakashi | 0:8fdf9a60065b | 7503 | |
| kadonotakashi | 0:8fdf9a60065b | 7504 | #if defined(MBEDTLS_SSL_ALPN) |
| kadonotakashi | 0:8fdf9a60065b | 7505 | int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ) |
| kadonotakashi | 0:8fdf9a60065b | 7506 | { |
| kadonotakashi | 0:8fdf9a60065b | 7507 | size_t cur_len, tot_len; |
| kadonotakashi | 0:8fdf9a60065b | 7508 | const char **p; |
| kadonotakashi | 0:8fdf9a60065b | 7509 | |
| kadonotakashi | 0:8fdf9a60065b | 7510 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7511 | * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings |
| kadonotakashi | 0:8fdf9a60065b | 7512 | * MUST NOT be truncated." |
| kadonotakashi | 0:8fdf9a60065b | 7513 | * We check lengths now rather than later. |
| kadonotakashi | 0:8fdf9a60065b | 7514 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7515 | tot_len = 0; |
| kadonotakashi | 0:8fdf9a60065b | 7516 | for( p = protos; *p != NULL; p++ ) |
| kadonotakashi | 0:8fdf9a60065b | 7517 | { |
| kadonotakashi | 0:8fdf9a60065b | 7518 | cur_len = strlen( *p ); |
| kadonotakashi | 0:8fdf9a60065b | 7519 | tot_len += cur_len; |
| kadonotakashi | 0:8fdf9a60065b | 7520 | |
| kadonotakashi | 0:8fdf9a60065b | 7521 | if( cur_len == 0 || cur_len > 255 || tot_len > 65535 ) |
| kadonotakashi | 0:8fdf9a60065b | 7522 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 7523 | } |
| kadonotakashi | 0:8fdf9a60065b | 7524 | |
| kadonotakashi | 0:8fdf9a60065b | 7525 | conf->alpn_list = protos; |
| kadonotakashi | 0:8fdf9a60065b | 7526 | |
| kadonotakashi | 0:8fdf9a60065b | 7527 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 7528 | } |
| kadonotakashi | 0:8fdf9a60065b | 7529 | |
| kadonotakashi | 0:8fdf9a60065b | 7530 | const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 7531 | { |
| kadonotakashi | 0:8fdf9a60065b | 7532 | return( ssl->alpn_chosen ); |
| kadonotakashi | 0:8fdf9a60065b | 7533 | } |
| kadonotakashi | 0:8fdf9a60065b | 7534 | #endif /* MBEDTLS_SSL_ALPN */ |
| kadonotakashi | 0:8fdf9a60065b | 7535 | |
| kadonotakashi | 0:8fdf9a60065b | 7536 | void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) |
| kadonotakashi | 0:8fdf9a60065b | 7537 | { |
| kadonotakashi | 0:8fdf9a60065b | 7538 | conf->max_major_ver = major; |
| kadonotakashi | 0:8fdf9a60065b | 7539 | conf->max_minor_ver = minor; |
| kadonotakashi | 0:8fdf9a60065b | 7540 | } |
| kadonotakashi | 0:8fdf9a60065b | 7541 | |
| kadonotakashi | 0:8fdf9a60065b | 7542 | void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ) |
| kadonotakashi | 0:8fdf9a60065b | 7543 | { |
| kadonotakashi | 0:8fdf9a60065b | 7544 | conf->min_major_ver = major; |
| kadonotakashi | 0:8fdf9a60065b | 7545 | conf->min_minor_ver = minor; |
| kadonotakashi | 0:8fdf9a60065b | 7546 | } |
| kadonotakashi | 0:8fdf9a60065b | 7547 | |
| kadonotakashi | 0:8fdf9a60065b | 7548 | #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 7549 | void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ) |
| kadonotakashi | 0:8fdf9a60065b | 7550 | { |
| kadonotakashi | 0:8fdf9a60065b | 7551 | conf->fallback = fallback; |
| kadonotakashi | 0:8fdf9a60065b | 7552 | } |
| kadonotakashi | 0:8fdf9a60065b | 7553 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7554 | |
| kadonotakashi | 0:8fdf9a60065b | 7555 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 7556 | void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7557 | char cert_req_ca_list ) |
| kadonotakashi | 0:8fdf9a60065b | 7558 | { |
| kadonotakashi | 0:8fdf9a60065b | 7559 | conf->cert_req_ca_list = cert_req_ca_list; |
| kadonotakashi | 0:8fdf9a60065b | 7560 | } |
| kadonotakashi | 0:8fdf9a60065b | 7561 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7562 | |
| kadonotakashi | 0:8fdf9a60065b | 7563 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| kadonotakashi | 0:8fdf9a60065b | 7564 | void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ) |
| kadonotakashi | 0:8fdf9a60065b | 7565 | { |
| kadonotakashi | 0:8fdf9a60065b | 7566 | conf->encrypt_then_mac = etm; |
| kadonotakashi | 0:8fdf9a60065b | 7567 | } |
| kadonotakashi | 0:8fdf9a60065b | 7568 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7569 | |
| kadonotakashi | 0:8fdf9a60065b | 7570 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
| kadonotakashi | 0:8fdf9a60065b | 7571 | void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ) |
| kadonotakashi | 0:8fdf9a60065b | 7572 | { |
| kadonotakashi | 0:8fdf9a60065b | 7573 | conf->extended_ms = ems; |
| kadonotakashi | 0:8fdf9a60065b | 7574 | } |
| kadonotakashi | 0:8fdf9a60065b | 7575 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7576 | |
| kadonotakashi | 0:8fdf9a60065b | 7577 | #if defined(MBEDTLS_ARC4_C) |
| kadonotakashi | 0:8fdf9a60065b | 7578 | void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ) |
| kadonotakashi | 0:8fdf9a60065b | 7579 | { |
| kadonotakashi | 0:8fdf9a60065b | 7580 | conf->arc4_disabled = arc4; |
| kadonotakashi | 0:8fdf9a60065b | 7581 | } |
| kadonotakashi | 0:8fdf9a60065b | 7582 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7583 | |
| kadonotakashi | 0:8fdf9a60065b | 7584 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| kadonotakashi | 0:8fdf9a60065b | 7585 | int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code ) |
| kadonotakashi | 0:8fdf9a60065b | 7586 | { |
| kadonotakashi | 0:8fdf9a60065b | 7587 | if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID || |
| kadonotakashi | 0:8fdf9a60065b | 7588 | ssl_mfl_code_to_length( mfl_code ) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ) |
| kadonotakashi | 0:8fdf9a60065b | 7589 | { |
| kadonotakashi | 0:8fdf9a60065b | 7590 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 7591 | } |
| kadonotakashi | 0:8fdf9a60065b | 7592 | |
| kadonotakashi | 0:8fdf9a60065b | 7593 | conf->mfl_code = mfl_code; |
| kadonotakashi | 0:8fdf9a60065b | 7594 | |
| kadonotakashi | 0:8fdf9a60065b | 7595 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 7596 | } |
| kadonotakashi | 0:8fdf9a60065b | 7597 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
| kadonotakashi | 0:8fdf9a60065b | 7598 | |
| kadonotakashi | 0:8fdf9a60065b | 7599 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
| kadonotakashi | 0:8fdf9a60065b | 7600 | void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ) |
| kadonotakashi | 0:8fdf9a60065b | 7601 | { |
| kadonotakashi | 0:8fdf9a60065b | 7602 | conf->trunc_hmac = truncate; |
| kadonotakashi | 0:8fdf9a60065b | 7603 | } |
| kadonotakashi | 0:8fdf9a60065b | 7604 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
| kadonotakashi | 0:8fdf9a60065b | 7605 | |
| kadonotakashi | 0:8fdf9a60065b | 7606 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
| kadonotakashi | 0:8fdf9a60065b | 7607 | void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split ) |
| kadonotakashi | 0:8fdf9a60065b | 7608 | { |
| kadonotakashi | 0:8fdf9a60065b | 7609 | conf->cbc_record_splitting = split; |
| kadonotakashi | 0:8fdf9a60065b | 7610 | } |
| kadonotakashi | 0:8fdf9a60065b | 7611 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7612 | |
| kadonotakashi | 0:8fdf9a60065b | 7613 | void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ) |
| kadonotakashi | 0:8fdf9a60065b | 7614 | { |
| kadonotakashi | 0:8fdf9a60065b | 7615 | conf->allow_legacy_renegotiation = allow_legacy; |
| kadonotakashi | 0:8fdf9a60065b | 7616 | } |
| kadonotakashi | 0:8fdf9a60065b | 7617 | |
| kadonotakashi | 0:8fdf9a60065b | 7618 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 7619 | void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ) |
| kadonotakashi | 0:8fdf9a60065b | 7620 | { |
| kadonotakashi | 0:8fdf9a60065b | 7621 | conf->disable_renegotiation = renegotiation; |
| kadonotakashi | 0:8fdf9a60065b | 7622 | } |
| kadonotakashi | 0:8fdf9a60065b | 7623 | |
| kadonotakashi | 0:8fdf9a60065b | 7624 | void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ) |
| kadonotakashi | 0:8fdf9a60065b | 7625 | { |
| kadonotakashi | 0:8fdf9a60065b | 7626 | conf->renego_max_records = max_records; |
| kadonotakashi | 0:8fdf9a60065b | 7627 | } |
| kadonotakashi | 0:8fdf9a60065b | 7628 | |
| kadonotakashi | 0:8fdf9a60065b | 7629 | void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7630 | const unsigned char period[8] ) |
| kadonotakashi | 0:8fdf9a60065b | 7631 | { |
| kadonotakashi | 0:8fdf9a60065b | 7632 | memcpy( conf->renego_period, period, 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 7633 | } |
| kadonotakashi | 0:8fdf9a60065b | 7634 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
| kadonotakashi | 0:8fdf9a60065b | 7635 | |
| kadonotakashi | 0:8fdf9a60065b | 7636 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| kadonotakashi | 0:8fdf9a60065b | 7637 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 7638 | void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ) |
| kadonotakashi | 0:8fdf9a60065b | 7639 | { |
| kadonotakashi | 0:8fdf9a60065b | 7640 | conf->session_tickets = use_tickets; |
| kadonotakashi | 0:8fdf9a60065b | 7641 | } |
| kadonotakashi | 0:8fdf9a60065b | 7642 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7643 | |
| kadonotakashi | 0:8fdf9a60065b | 7644 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 7645 | void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7646 | mbedtls_ssl_ticket_write_t *f_ticket_write, |
| kadonotakashi | 0:8fdf9a60065b | 7647 | mbedtls_ssl_ticket_parse_t *f_ticket_parse, |
| kadonotakashi | 0:8fdf9a60065b | 7648 | void *p_ticket ) |
| kadonotakashi | 0:8fdf9a60065b | 7649 | { |
| kadonotakashi | 0:8fdf9a60065b | 7650 | conf->f_ticket_write = f_ticket_write; |
| kadonotakashi | 0:8fdf9a60065b | 7651 | conf->f_ticket_parse = f_ticket_parse; |
| kadonotakashi | 0:8fdf9a60065b | 7652 | conf->p_ticket = p_ticket; |
| kadonotakashi | 0:8fdf9a60065b | 7653 | } |
| kadonotakashi | 0:8fdf9a60065b | 7654 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7655 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
| kadonotakashi | 0:8fdf9a60065b | 7656 | |
| kadonotakashi | 0:8fdf9a60065b | 7657 | #if defined(MBEDTLS_SSL_EXPORT_KEYS) |
| kadonotakashi | 0:8fdf9a60065b | 7658 | void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7659 | mbedtls_ssl_export_keys_t *f_export_keys, |
| kadonotakashi | 0:8fdf9a60065b | 7660 | void *p_export_keys ) |
| kadonotakashi | 0:8fdf9a60065b | 7661 | { |
| kadonotakashi | 0:8fdf9a60065b | 7662 | conf->f_export_keys = f_export_keys; |
| kadonotakashi | 0:8fdf9a60065b | 7663 | conf->p_export_keys = p_export_keys; |
| kadonotakashi | 0:8fdf9a60065b | 7664 | } |
| kadonotakashi | 0:8fdf9a60065b | 7665 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7666 | |
| kadonotakashi | 0:8fdf9a60065b | 7667 | #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) |
| kadonotakashi | 0:8fdf9a60065b | 7668 | void mbedtls_ssl_conf_async_private_cb( |
| kadonotakashi | 0:8fdf9a60065b | 7669 | mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 7670 | mbedtls_ssl_async_sign_t *f_async_sign, |
| kadonotakashi | 0:8fdf9a60065b | 7671 | mbedtls_ssl_async_decrypt_t *f_async_decrypt, |
| kadonotakashi | 0:8fdf9a60065b | 7672 | mbedtls_ssl_async_resume_t *f_async_resume, |
| kadonotakashi | 0:8fdf9a60065b | 7673 | mbedtls_ssl_async_cancel_t *f_async_cancel, |
| kadonotakashi | 0:8fdf9a60065b | 7674 | void *async_config_data ) |
| kadonotakashi | 0:8fdf9a60065b | 7675 | { |
| kadonotakashi | 0:8fdf9a60065b | 7676 | conf->f_async_sign_start = f_async_sign; |
| kadonotakashi | 0:8fdf9a60065b | 7677 | conf->f_async_decrypt_start = f_async_decrypt; |
| kadonotakashi | 0:8fdf9a60065b | 7678 | conf->f_async_resume = f_async_resume; |
| kadonotakashi | 0:8fdf9a60065b | 7679 | conf->f_async_cancel = f_async_cancel; |
| kadonotakashi | 0:8fdf9a60065b | 7680 | conf->p_async_config_data = async_config_data; |
| kadonotakashi | 0:8fdf9a60065b | 7681 | } |
| kadonotakashi | 0:8fdf9a60065b | 7682 | |
| kadonotakashi | 0:8fdf9a60065b | 7683 | void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf ) |
| kadonotakashi | 0:8fdf9a60065b | 7684 | { |
| kadonotakashi | 0:8fdf9a60065b | 7685 | return( conf->p_async_config_data ); |
| kadonotakashi | 0:8fdf9a60065b | 7686 | } |
| kadonotakashi | 0:8fdf9a60065b | 7687 | |
| kadonotakashi | 0:8fdf9a60065b | 7688 | void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 7689 | { |
| kadonotakashi | 0:8fdf9a60065b | 7690 | if( ssl->handshake == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7691 | return( NULL ); |
| kadonotakashi | 0:8fdf9a60065b | 7692 | else |
| kadonotakashi | 0:8fdf9a60065b | 7693 | return( ssl->handshake->user_async_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 7694 | } |
| kadonotakashi | 0:8fdf9a60065b | 7695 | |
| kadonotakashi | 0:8fdf9a60065b | 7696 | void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 7697 | void *ctx ) |
| kadonotakashi | 0:8fdf9a60065b | 7698 | { |
| kadonotakashi | 0:8fdf9a60065b | 7699 | if( ssl->handshake != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7700 | ssl->handshake->user_async_ctx = ctx; |
| kadonotakashi | 0:8fdf9a60065b | 7701 | } |
| kadonotakashi | 0:8fdf9a60065b | 7702 | #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ |
| kadonotakashi | 0:8fdf9a60065b | 7703 | |
| kadonotakashi | 0:8fdf9a60065b | 7704 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7705 | * SSL get accessors |
| kadonotakashi | 0:8fdf9a60065b | 7706 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7707 | size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 7708 | { |
| kadonotakashi | 0:8fdf9a60065b | 7709 | return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); |
| kadonotakashi | 0:8fdf9a60065b | 7710 | } |
| kadonotakashi | 0:8fdf9a60065b | 7711 | |
| kadonotakashi | 0:8fdf9a60065b | 7712 | int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 7713 | { |
| kadonotakashi | 0:8fdf9a60065b | 7714 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7715 | * Case A: We're currently holding back |
| kadonotakashi | 0:8fdf9a60065b | 7716 | * a message for further processing. |
| kadonotakashi | 0:8fdf9a60065b | 7717 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7718 | |
| kadonotakashi | 0:8fdf9a60065b | 7719 | if( ssl->keep_current_message == 1 ) |
| kadonotakashi | 0:8fdf9a60065b | 7720 | { |
| kadonotakashi | 0:8fdf9a60065b | 7721 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record held back for processing" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7722 | return( 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 7723 | } |
| kadonotakashi | 0:8fdf9a60065b | 7724 | |
| kadonotakashi | 0:8fdf9a60065b | 7725 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7726 | * Case B: Further records are pending in the current datagram. |
| kadonotakashi | 0:8fdf9a60065b | 7727 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7728 | |
| kadonotakashi | 0:8fdf9a60065b | 7729 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 7730 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| kadonotakashi | 0:8fdf9a60065b | 7731 | ssl->in_left > ssl->next_record_offset ) |
| kadonotakashi | 0:8fdf9a60065b | 7732 | { |
| kadonotakashi | 0:8fdf9a60065b | 7733 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7734 | return( 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 7735 | } |
| kadonotakashi | 0:8fdf9a60065b | 7736 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 7737 | |
| kadonotakashi | 0:8fdf9a60065b | 7738 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7739 | * Case C: A handshake message is being processed. |
| kadonotakashi | 0:8fdf9a60065b | 7740 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7741 | |
| kadonotakashi | 0:8fdf9a60065b | 7742 | if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen ) |
| kadonotakashi | 0:8fdf9a60065b | 7743 | { |
| kadonotakashi | 0:8fdf9a60065b | 7744 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake messages within current record" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7745 | return( 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 7746 | } |
| kadonotakashi | 0:8fdf9a60065b | 7747 | |
| kadonotakashi | 0:8fdf9a60065b | 7748 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7749 | * Case D: An application data message is being processed |
| kadonotakashi | 0:8fdf9a60065b | 7750 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7751 | if( ssl->in_offt != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7752 | { |
| kadonotakashi | 0:8fdf9a60065b | 7753 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data record is being processed" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7754 | return( 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 7755 | } |
| kadonotakashi | 0:8fdf9a60065b | 7756 | |
| kadonotakashi | 0:8fdf9a60065b | 7757 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7758 | * In all other cases, the rest of the message can be dropped. |
| kadonotakashi | 0:8fdf9a60065b | 7759 | * As in ssl_get_next_record, this needs to be adapted if |
| kadonotakashi | 0:8fdf9a60065b | 7760 | * we implement support for multiple alerts in single records. |
| kadonotakashi | 0:8fdf9a60065b | 7761 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7762 | |
| kadonotakashi | 0:8fdf9a60065b | 7763 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: nothing pending" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7764 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 7765 | } |
| kadonotakashi | 0:8fdf9a60065b | 7766 | |
| kadonotakashi | 0:8fdf9a60065b | 7767 | uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 7768 | { |
| kadonotakashi | 0:8fdf9a60065b | 7769 | if( ssl->session != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7770 | return( ssl->session->verify_result ); |
| kadonotakashi | 0:8fdf9a60065b | 7771 | |
| kadonotakashi | 0:8fdf9a60065b | 7772 | if( ssl->session_negotiate != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7773 | return( ssl->session_negotiate->verify_result ); |
| kadonotakashi | 0:8fdf9a60065b | 7774 | |
| kadonotakashi | 0:8fdf9a60065b | 7775 | return( 0xFFFFFFFF ); |
| kadonotakashi | 0:8fdf9a60065b | 7776 | } |
| kadonotakashi | 0:8fdf9a60065b | 7777 | |
| kadonotakashi | 0:8fdf9a60065b | 7778 | const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 7779 | { |
| kadonotakashi | 0:8fdf9a60065b | 7780 | if( ssl == NULL || ssl->session == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7781 | return( NULL ); |
| kadonotakashi | 0:8fdf9a60065b | 7782 | |
| kadonotakashi | 0:8fdf9a60065b | 7783 | return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite ); |
| kadonotakashi | 0:8fdf9a60065b | 7784 | } |
| kadonotakashi | 0:8fdf9a60065b | 7785 | |
| kadonotakashi | 0:8fdf9a60065b | 7786 | const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 7787 | { |
| kadonotakashi | 0:8fdf9a60065b | 7788 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 7789 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 7790 | { |
| kadonotakashi | 0:8fdf9a60065b | 7791 | switch( ssl->minor_ver ) |
| kadonotakashi | 0:8fdf9a60065b | 7792 | { |
| kadonotakashi | 0:8fdf9a60065b | 7793 | case MBEDTLS_SSL_MINOR_VERSION_2: |
| kadonotakashi | 0:8fdf9a60065b | 7794 | return( "DTLSv1.0" ); |
| kadonotakashi | 0:8fdf9a60065b | 7795 | |
| kadonotakashi | 0:8fdf9a60065b | 7796 | case MBEDTLS_SSL_MINOR_VERSION_3: |
| kadonotakashi | 0:8fdf9a60065b | 7797 | return( "DTLSv1.2" ); |
| kadonotakashi | 0:8fdf9a60065b | 7798 | |
| kadonotakashi | 0:8fdf9a60065b | 7799 | default: |
| kadonotakashi | 0:8fdf9a60065b | 7800 | return( "unknown (DTLS)" ); |
| kadonotakashi | 0:8fdf9a60065b | 7801 | } |
| kadonotakashi | 0:8fdf9a60065b | 7802 | } |
| kadonotakashi | 0:8fdf9a60065b | 7803 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7804 | |
| kadonotakashi | 0:8fdf9a60065b | 7805 | switch( ssl->minor_ver ) |
| kadonotakashi | 0:8fdf9a60065b | 7806 | { |
| kadonotakashi | 0:8fdf9a60065b | 7807 | case MBEDTLS_SSL_MINOR_VERSION_0: |
| kadonotakashi | 0:8fdf9a60065b | 7808 | return( "SSLv3.0" ); |
| kadonotakashi | 0:8fdf9a60065b | 7809 | |
| kadonotakashi | 0:8fdf9a60065b | 7810 | case MBEDTLS_SSL_MINOR_VERSION_1: |
| kadonotakashi | 0:8fdf9a60065b | 7811 | return( "TLSv1.0" ); |
| kadonotakashi | 0:8fdf9a60065b | 7812 | |
| kadonotakashi | 0:8fdf9a60065b | 7813 | case MBEDTLS_SSL_MINOR_VERSION_2: |
| kadonotakashi | 0:8fdf9a60065b | 7814 | return( "TLSv1.1" ); |
| kadonotakashi | 0:8fdf9a60065b | 7815 | |
| kadonotakashi | 0:8fdf9a60065b | 7816 | case MBEDTLS_SSL_MINOR_VERSION_3: |
| kadonotakashi | 0:8fdf9a60065b | 7817 | return( "TLSv1.2" ); |
| kadonotakashi | 0:8fdf9a60065b | 7818 | |
| kadonotakashi | 0:8fdf9a60065b | 7819 | default: |
| kadonotakashi | 0:8fdf9a60065b | 7820 | return( "unknown" ); |
| kadonotakashi | 0:8fdf9a60065b | 7821 | } |
| kadonotakashi | 0:8fdf9a60065b | 7822 | } |
| kadonotakashi | 0:8fdf9a60065b | 7823 | |
| kadonotakashi | 0:8fdf9a60065b | 7824 | int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 7825 | { |
| kadonotakashi | 0:8fdf9a60065b | 7826 | size_t transform_expansion = 0; |
| kadonotakashi | 0:8fdf9a60065b | 7827 | const mbedtls_ssl_transform *transform = ssl->transform_out; |
| kadonotakashi | 0:8fdf9a60065b | 7828 | unsigned block_size; |
| kadonotakashi | 0:8fdf9a60065b | 7829 | |
| kadonotakashi | 0:8fdf9a60065b | 7830 | if( transform == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7831 | return( (int) mbedtls_ssl_hdr_len( ssl ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7832 | |
| kadonotakashi | 0:8fdf9a60065b | 7833 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| kadonotakashi | 0:8fdf9a60065b | 7834 | if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7835 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
| kadonotakashi | 0:8fdf9a60065b | 7836 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7837 | |
| kadonotakashi | 0:8fdf9a60065b | 7838 | switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) ) |
| kadonotakashi | 0:8fdf9a60065b | 7839 | { |
| kadonotakashi | 0:8fdf9a60065b | 7840 | case MBEDTLS_MODE_GCM: |
| kadonotakashi | 0:8fdf9a60065b | 7841 | case MBEDTLS_MODE_CCM: |
| kadonotakashi | 0:8fdf9a60065b | 7842 | case MBEDTLS_MODE_CHACHAPOLY: |
| kadonotakashi | 0:8fdf9a60065b | 7843 | case MBEDTLS_MODE_STREAM: |
| kadonotakashi | 0:8fdf9a60065b | 7844 | transform_expansion = transform->minlen; |
| kadonotakashi | 0:8fdf9a60065b | 7845 | break; |
| kadonotakashi | 0:8fdf9a60065b | 7846 | |
| kadonotakashi | 0:8fdf9a60065b | 7847 | case MBEDTLS_MODE_CBC: |
| kadonotakashi | 0:8fdf9a60065b | 7848 | |
| kadonotakashi | 0:8fdf9a60065b | 7849 | block_size = mbedtls_cipher_get_block_size( |
| kadonotakashi | 0:8fdf9a60065b | 7850 | &transform->cipher_ctx_enc ); |
| kadonotakashi | 0:8fdf9a60065b | 7851 | |
| kadonotakashi | 0:8fdf9a60065b | 7852 | /* Expansion due to the addition of the MAC. */ |
| kadonotakashi | 0:8fdf9a60065b | 7853 | transform_expansion += transform->maclen; |
| kadonotakashi | 0:8fdf9a60065b | 7854 | |
| kadonotakashi | 0:8fdf9a60065b | 7855 | /* Expansion due to the addition of CBC padding; |
| kadonotakashi | 0:8fdf9a60065b | 7856 | * Theoretically up to 256 bytes, but we never use |
| kadonotakashi | 0:8fdf9a60065b | 7857 | * more than the block size of the underlying cipher. */ |
| kadonotakashi | 0:8fdf9a60065b | 7858 | transform_expansion += block_size; |
| kadonotakashi | 0:8fdf9a60065b | 7859 | |
| kadonotakashi | 0:8fdf9a60065b | 7860 | /* For TLS 1.1 or higher, an explicit IV is added |
| kadonotakashi | 0:8fdf9a60065b | 7861 | * after the record header. */ |
| kadonotakashi | 0:8fdf9a60065b | 7862 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 7863 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
| kadonotakashi | 0:8fdf9a60065b | 7864 | transform_expansion += block_size; |
| kadonotakashi | 0:8fdf9a60065b | 7865 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 7866 | |
| kadonotakashi | 0:8fdf9a60065b | 7867 | break; |
| kadonotakashi | 0:8fdf9a60065b | 7868 | |
| kadonotakashi | 0:8fdf9a60065b | 7869 | default: |
| kadonotakashi | 0:8fdf9a60065b | 7870 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7871 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 7872 | } |
| kadonotakashi | 0:8fdf9a60065b | 7873 | |
| kadonotakashi | 0:8fdf9a60065b | 7874 | return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7875 | } |
| kadonotakashi | 0:8fdf9a60065b | 7876 | |
| kadonotakashi | 0:8fdf9a60065b | 7877 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| kadonotakashi | 0:8fdf9a60065b | 7878 | size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 7879 | { |
| kadonotakashi | 0:8fdf9a60065b | 7880 | size_t max_len; |
| kadonotakashi | 0:8fdf9a60065b | 7881 | |
| kadonotakashi | 0:8fdf9a60065b | 7882 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7883 | * Assume mfl_code is correct since it was checked when set |
| kadonotakashi | 0:8fdf9a60065b | 7884 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7885 | max_len = ssl_mfl_code_to_length( ssl->conf->mfl_code ); |
| kadonotakashi | 0:8fdf9a60065b | 7886 | |
| kadonotakashi | 0:8fdf9a60065b | 7887 | /* Check if a smaller max length was negotiated */ |
| kadonotakashi | 0:8fdf9a60065b | 7888 | if( ssl->session_out != NULL && |
| kadonotakashi | 0:8fdf9a60065b | 7889 | ssl_mfl_code_to_length( ssl->session_out->mfl_code ) < max_len ) |
| kadonotakashi | 0:8fdf9a60065b | 7890 | { |
| kadonotakashi | 0:8fdf9a60065b | 7891 | max_len = ssl_mfl_code_to_length( ssl->session_out->mfl_code ); |
| kadonotakashi | 0:8fdf9a60065b | 7892 | } |
| kadonotakashi | 0:8fdf9a60065b | 7893 | |
| kadonotakashi | 0:8fdf9a60065b | 7894 | /* During a handshake, use the value being negotiated */ |
| kadonotakashi | 0:8fdf9a60065b | 7895 | if( ssl->session_negotiate != NULL && |
| kadonotakashi | 0:8fdf9a60065b | 7896 | ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ) < max_len ) |
| kadonotakashi | 0:8fdf9a60065b | 7897 | { |
| kadonotakashi | 0:8fdf9a60065b | 7898 | max_len = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ); |
| kadonotakashi | 0:8fdf9a60065b | 7899 | } |
| kadonotakashi | 0:8fdf9a60065b | 7900 | |
| kadonotakashi | 0:8fdf9a60065b | 7901 | return( max_len ); |
| kadonotakashi | 0:8fdf9a60065b | 7902 | } |
| kadonotakashi | 0:8fdf9a60065b | 7903 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
| kadonotakashi | 0:8fdf9a60065b | 7904 | |
| kadonotakashi | 0:8fdf9a60065b | 7905 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 7906 | static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 7907 | { |
| kadonotakashi | 0:8fdf9a60065b | 7908 | if( ssl->handshake == NULL || ssl->handshake->mtu == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 7909 | return( ssl->mtu ); |
| kadonotakashi | 0:8fdf9a60065b | 7910 | |
| kadonotakashi | 0:8fdf9a60065b | 7911 | if( ssl->mtu == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 7912 | return( ssl->handshake->mtu ); |
| kadonotakashi | 0:8fdf9a60065b | 7913 | |
| kadonotakashi | 0:8fdf9a60065b | 7914 | return( ssl->mtu < ssl->handshake->mtu ? |
| kadonotakashi | 0:8fdf9a60065b | 7915 | ssl->mtu : ssl->handshake->mtu ); |
| kadonotakashi | 0:8fdf9a60065b | 7916 | } |
| kadonotakashi | 0:8fdf9a60065b | 7917 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 7918 | |
| kadonotakashi | 0:8fdf9a60065b | 7919 | int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 7920 | { |
| kadonotakashi | 0:8fdf9a60065b | 7921 | size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; |
| kadonotakashi | 0:8fdf9a60065b | 7922 | |
| kadonotakashi | 0:8fdf9a60065b | 7923 | #if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ |
| kadonotakashi | 0:8fdf9a60065b | 7924 | !defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 7925 | (void) ssl; |
| kadonotakashi | 0:8fdf9a60065b | 7926 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7927 | |
| kadonotakashi | 0:8fdf9a60065b | 7928 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| kadonotakashi | 0:8fdf9a60065b | 7929 | const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 7930 | |
| kadonotakashi | 0:8fdf9a60065b | 7931 | if( max_len > mfl ) |
| kadonotakashi | 0:8fdf9a60065b | 7932 | max_len = mfl; |
| kadonotakashi | 0:8fdf9a60065b | 7933 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7934 | |
| kadonotakashi | 0:8fdf9a60065b | 7935 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 7936 | if( ssl_get_current_mtu( ssl ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 7937 | { |
| kadonotakashi | 0:8fdf9a60065b | 7938 | const size_t mtu = ssl_get_current_mtu( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 7939 | const int ret = mbedtls_ssl_get_record_expansion( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 7940 | const size_t overhead = (size_t) ret; |
| kadonotakashi | 0:8fdf9a60065b | 7941 | |
| kadonotakashi | 0:8fdf9a60065b | 7942 | if( ret < 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 7943 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 7944 | |
| kadonotakashi | 0:8fdf9a60065b | 7945 | if( mtu <= overhead ) |
| kadonotakashi | 0:8fdf9a60065b | 7946 | { |
| kadonotakashi | 0:8fdf9a60065b | 7947 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "MTU too low for record expansion" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7948 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
| kadonotakashi | 0:8fdf9a60065b | 7949 | } |
| kadonotakashi | 0:8fdf9a60065b | 7950 | |
| kadonotakashi | 0:8fdf9a60065b | 7951 | if( max_len > mtu - overhead ) |
| kadonotakashi | 0:8fdf9a60065b | 7952 | max_len = mtu - overhead; |
| kadonotakashi | 0:8fdf9a60065b | 7953 | } |
| kadonotakashi | 0:8fdf9a60065b | 7954 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 7955 | |
| kadonotakashi | 0:8fdf9a60065b | 7956 | #if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ |
| kadonotakashi | 0:8fdf9a60065b | 7957 | !defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 7958 | ((void) ssl); |
| kadonotakashi | 0:8fdf9a60065b | 7959 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 7960 | |
| kadonotakashi | 0:8fdf9a60065b | 7961 | return( (int) max_len ); |
| kadonotakashi | 0:8fdf9a60065b | 7962 | } |
| kadonotakashi | 0:8fdf9a60065b | 7963 | |
| kadonotakashi | 0:8fdf9a60065b | 7964 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| kadonotakashi | 0:8fdf9a60065b | 7965 | const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 7966 | { |
| kadonotakashi | 0:8fdf9a60065b | 7967 | if( ssl == NULL || ssl->session == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7968 | return( NULL ); |
| kadonotakashi | 0:8fdf9a60065b | 7969 | |
| kadonotakashi | 0:8fdf9a60065b | 7970 | return( ssl->session->peer_cert ); |
| kadonotakashi | 0:8fdf9a60065b | 7971 | } |
| kadonotakashi | 0:8fdf9a60065b | 7972 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| kadonotakashi | 0:8fdf9a60065b | 7973 | |
| kadonotakashi | 0:8fdf9a60065b | 7974 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 7975 | int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *dst ) |
| kadonotakashi | 0:8fdf9a60065b | 7976 | { |
| kadonotakashi | 0:8fdf9a60065b | 7977 | if( ssl == NULL || |
| kadonotakashi | 0:8fdf9a60065b | 7978 | dst == NULL || |
| kadonotakashi | 0:8fdf9a60065b | 7979 | ssl->session == NULL || |
| kadonotakashi | 0:8fdf9a60065b | 7980 | ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) |
| kadonotakashi | 0:8fdf9a60065b | 7981 | { |
| kadonotakashi | 0:8fdf9a60065b | 7982 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 7983 | } |
| kadonotakashi | 0:8fdf9a60065b | 7984 | |
| kadonotakashi | 0:8fdf9a60065b | 7985 | return( ssl_session_copy( dst, ssl->session ) ); |
| kadonotakashi | 0:8fdf9a60065b | 7986 | } |
| kadonotakashi | 0:8fdf9a60065b | 7987 | #endif /* MBEDTLS_SSL_CLI_C */ |
| kadonotakashi | 0:8fdf9a60065b | 7988 | |
| kadonotakashi | 0:8fdf9a60065b | 7989 | /* |
| kadonotakashi | 0:8fdf9a60065b | 7990 | * Perform a single step of the SSL handshake |
| kadonotakashi | 0:8fdf9a60065b | 7991 | */ |
| kadonotakashi | 0:8fdf9a60065b | 7992 | int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 7993 | { |
| kadonotakashi | 0:8fdf9a60065b | 7994 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
| kadonotakashi | 0:8fdf9a60065b | 7995 | |
| kadonotakashi | 0:8fdf9a60065b | 7996 | if( ssl == NULL || ssl->conf == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 7997 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 7998 | |
| kadonotakashi | 0:8fdf9a60065b | 7999 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 8000 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| kadonotakashi | 0:8fdf9a60065b | 8001 | ret = mbedtls_ssl_handshake_client_step( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 8002 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8003 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 8004 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| kadonotakashi | 0:8fdf9a60065b | 8005 | ret = mbedtls_ssl_handshake_server_step( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 8006 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8007 | |
| kadonotakashi | 0:8fdf9a60065b | 8008 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8009 | } |
| kadonotakashi | 0:8fdf9a60065b | 8010 | |
| kadonotakashi | 0:8fdf9a60065b | 8011 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8012 | * Perform the SSL handshake |
| kadonotakashi | 0:8fdf9a60065b | 8013 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8014 | int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 8015 | { |
| kadonotakashi | 0:8fdf9a60065b | 8016 | int ret = 0; |
| kadonotakashi | 0:8fdf9a60065b | 8017 | |
| kadonotakashi | 0:8fdf9a60065b | 8018 | if( ssl == NULL || ssl->conf == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8019 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 8020 | |
| kadonotakashi | 0:8fdf9a60065b | 8021 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8022 | |
| kadonotakashi | 0:8fdf9a60065b | 8023 | while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| kadonotakashi | 0:8fdf9a60065b | 8024 | { |
| kadonotakashi | 0:8fdf9a60065b | 8025 | ret = mbedtls_ssl_handshake_step( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 8026 | |
| kadonotakashi | 0:8fdf9a60065b | 8027 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8028 | break; |
| kadonotakashi | 0:8fdf9a60065b | 8029 | } |
| kadonotakashi | 0:8fdf9a60065b | 8030 | |
| kadonotakashi | 0:8fdf9a60065b | 8031 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8032 | |
| kadonotakashi | 0:8fdf9a60065b | 8033 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8034 | } |
| kadonotakashi | 0:8fdf9a60065b | 8035 | |
| kadonotakashi | 0:8fdf9a60065b | 8036 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 8037 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 8038 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8039 | * Write HelloRequest to request renegotiation on server |
| kadonotakashi | 0:8fdf9a60065b | 8040 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8041 | static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 8042 | { |
| kadonotakashi | 0:8fdf9a60065b | 8043 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 8044 | |
| kadonotakashi | 0:8fdf9a60065b | 8045 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8046 | |
| kadonotakashi | 0:8fdf9a60065b | 8047 | ssl->out_msglen = 4; |
| kadonotakashi | 0:8fdf9a60065b | 8048 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
| kadonotakashi | 0:8fdf9a60065b | 8049 | ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; |
| kadonotakashi | 0:8fdf9a60065b | 8050 | |
| kadonotakashi | 0:8fdf9a60065b | 8051 | if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8052 | { |
| kadonotakashi | 0:8fdf9a60065b | 8053 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8054 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8055 | } |
| kadonotakashi | 0:8fdf9a60065b | 8056 | |
| kadonotakashi | 0:8fdf9a60065b | 8057 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8058 | |
| kadonotakashi | 0:8fdf9a60065b | 8059 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 8060 | } |
| kadonotakashi | 0:8fdf9a60065b | 8061 | #endif /* MBEDTLS_SSL_SRV_C */ |
| kadonotakashi | 0:8fdf9a60065b | 8062 | |
| kadonotakashi | 0:8fdf9a60065b | 8063 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8064 | * Actually renegotiate current connection, triggered by either: |
| kadonotakashi | 0:8fdf9a60065b | 8065 | * - any side: calling mbedtls_ssl_renegotiate(), |
| kadonotakashi | 0:8fdf9a60065b | 8066 | * - client: receiving a HelloRequest during mbedtls_ssl_read(), |
| kadonotakashi | 0:8fdf9a60065b | 8067 | * - server: receiving any handshake message on server during mbedtls_ssl_read() after |
| kadonotakashi | 0:8fdf9a60065b | 8068 | * the initial handshake is completed. |
| kadonotakashi | 0:8fdf9a60065b | 8069 | * If the handshake doesn't complete due to waiting for I/O, it will continue |
| kadonotakashi | 0:8fdf9a60065b | 8070 | * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively. |
| kadonotakashi | 0:8fdf9a60065b | 8071 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8072 | static int ssl_start_renegotiation( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 8073 | { |
| kadonotakashi | 0:8fdf9a60065b | 8074 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 8075 | |
| kadonotakashi | 0:8fdf9a60065b | 8076 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8077 | |
| kadonotakashi | 0:8fdf9a60065b | 8078 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8079 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8080 | |
| kadonotakashi | 0:8fdf9a60065b | 8081 | /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and |
| kadonotakashi | 0:8fdf9a60065b | 8082 | * the ServerHello will have message_seq = 1" */ |
| kadonotakashi | 0:8fdf9a60065b | 8083 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 8084 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| kadonotakashi | 0:8fdf9a60065b | 8085 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
| kadonotakashi | 0:8fdf9a60065b | 8086 | { |
| kadonotakashi | 0:8fdf9a60065b | 8087 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| kadonotakashi | 0:8fdf9a60065b | 8088 | ssl->handshake->out_msg_seq = 1; |
| kadonotakashi | 0:8fdf9a60065b | 8089 | else |
| kadonotakashi | 0:8fdf9a60065b | 8090 | ssl->handshake->in_msg_seq = 1; |
| kadonotakashi | 0:8fdf9a60065b | 8091 | } |
| kadonotakashi | 0:8fdf9a60065b | 8092 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8093 | |
| kadonotakashi | 0:8fdf9a60065b | 8094 | ssl->state = MBEDTLS_SSL_HELLO_REQUEST; |
| kadonotakashi | 0:8fdf9a60065b | 8095 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; |
| kadonotakashi | 0:8fdf9a60065b | 8096 | |
| kadonotakashi | 0:8fdf9a60065b | 8097 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8098 | { |
| kadonotakashi | 0:8fdf9a60065b | 8099 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8100 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8101 | } |
| kadonotakashi | 0:8fdf9a60065b | 8102 | |
| kadonotakashi | 0:8fdf9a60065b | 8103 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8104 | |
| kadonotakashi | 0:8fdf9a60065b | 8105 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 8106 | } |
| kadonotakashi | 0:8fdf9a60065b | 8107 | |
| kadonotakashi | 0:8fdf9a60065b | 8108 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8109 | * Renegotiate current connection on client, |
| kadonotakashi | 0:8fdf9a60065b | 8110 | * or request renegotiation on server |
| kadonotakashi | 0:8fdf9a60065b | 8111 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8112 | int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 8113 | { |
| kadonotakashi | 0:8fdf9a60065b | 8114 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
| kadonotakashi | 0:8fdf9a60065b | 8115 | |
| kadonotakashi | 0:8fdf9a60065b | 8116 | if( ssl == NULL || ssl->conf == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8117 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 8118 | |
| kadonotakashi | 0:8fdf9a60065b | 8119 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 8120 | /* On server, just send the request */ |
| kadonotakashi | 0:8fdf9a60065b | 8121 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| kadonotakashi | 0:8fdf9a60065b | 8122 | { |
| kadonotakashi | 0:8fdf9a60065b | 8123 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| kadonotakashi | 0:8fdf9a60065b | 8124 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 8125 | |
| kadonotakashi | 0:8fdf9a60065b | 8126 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; |
| kadonotakashi | 0:8fdf9a60065b | 8127 | |
| kadonotakashi | 0:8fdf9a60065b | 8128 | /* Did we already try/start sending HelloRequest? */ |
| kadonotakashi | 0:8fdf9a60065b | 8129 | if( ssl->out_left != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8130 | return( mbedtls_ssl_flush_output( ssl ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8131 | |
| kadonotakashi | 0:8fdf9a60065b | 8132 | return( ssl_write_hello_request( ssl ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8133 | } |
| kadonotakashi | 0:8fdf9a60065b | 8134 | #endif /* MBEDTLS_SSL_SRV_C */ |
| kadonotakashi | 0:8fdf9a60065b | 8135 | |
| kadonotakashi | 0:8fdf9a60065b | 8136 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 8137 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8138 | * On client, either start the renegotiation process or, |
| kadonotakashi | 0:8fdf9a60065b | 8139 | * if already in progress, continue the handshake |
| kadonotakashi | 0:8fdf9a60065b | 8140 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8141 | if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
| kadonotakashi | 0:8fdf9a60065b | 8142 | { |
| kadonotakashi | 0:8fdf9a60065b | 8143 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| kadonotakashi | 0:8fdf9a60065b | 8144 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 8145 | |
| kadonotakashi | 0:8fdf9a60065b | 8146 | if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8147 | { |
| kadonotakashi | 0:8fdf9a60065b | 8148 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8149 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8150 | } |
| kadonotakashi | 0:8fdf9a60065b | 8151 | } |
| kadonotakashi | 0:8fdf9a60065b | 8152 | else |
| kadonotakashi | 0:8fdf9a60065b | 8153 | { |
| kadonotakashi | 0:8fdf9a60065b | 8154 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8155 | { |
| kadonotakashi | 0:8fdf9a60065b | 8156 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8157 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8158 | } |
| kadonotakashi | 0:8fdf9a60065b | 8159 | } |
| kadonotakashi | 0:8fdf9a60065b | 8160 | #endif /* MBEDTLS_SSL_CLI_C */ |
| kadonotakashi | 0:8fdf9a60065b | 8161 | |
| kadonotakashi | 0:8fdf9a60065b | 8162 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8163 | } |
| kadonotakashi | 0:8fdf9a60065b | 8164 | |
| kadonotakashi | 0:8fdf9a60065b | 8165 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8166 | * Check record counters and renegotiate if they're above the limit. |
| kadonotakashi | 0:8fdf9a60065b | 8167 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8168 | static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 8169 | { |
| kadonotakashi | 0:8fdf9a60065b | 8170 | size_t ep_len = ssl_ep_len( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 8171 | int in_ctr_cmp; |
| kadonotakashi | 0:8fdf9a60065b | 8172 | int out_ctr_cmp; |
| kadonotakashi | 0:8fdf9a60065b | 8173 | |
| kadonotakashi | 0:8fdf9a60065b | 8174 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || |
| kadonotakashi | 0:8fdf9a60065b | 8175 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || |
| kadonotakashi | 0:8fdf9a60065b | 8176 | ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) |
| kadonotakashi | 0:8fdf9a60065b | 8177 | { |
| kadonotakashi | 0:8fdf9a60065b | 8178 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 8179 | } |
| kadonotakashi | 0:8fdf9a60065b | 8180 | |
| kadonotakashi | 0:8fdf9a60065b | 8181 | in_ctr_cmp = memcmp( ssl->in_ctr + ep_len, |
| kadonotakashi | 0:8fdf9a60065b | 8182 | ssl->conf->renego_period + ep_len, 8 - ep_len ); |
| kadonotakashi | 0:8fdf9a60065b | 8183 | out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len, |
| kadonotakashi | 0:8fdf9a60065b | 8184 | ssl->conf->renego_period + ep_len, 8 - ep_len ); |
| kadonotakashi | 0:8fdf9a60065b | 8185 | |
| kadonotakashi | 0:8fdf9a60065b | 8186 | if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8187 | { |
| kadonotakashi | 0:8fdf9a60065b | 8188 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 8189 | } |
| kadonotakashi | 0:8fdf9a60065b | 8190 | |
| kadonotakashi | 0:8fdf9a60065b | 8191 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8192 | return( mbedtls_ssl_renegotiate( ssl ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8193 | } |
| kadonotakashi | 0:8fdf9a60065b | 8194 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
| kadonotakashi | 0:8fdf9a60065b | 8195 | |
| kadonotakashi | 0:8fdf9a60065b | 8196 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8197 | * Receive application data decrypted from the SSL layer |
| kadonotakashi | 0:8fdf9a60065b | 8198 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8199 | int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) |
| kadonotakashi | 0:8fdf9a60065b | 8200 | { |
| kadonotakashi | 0:8fdf9a60065b | 8201 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 8202 | size_t n; |
| kadonotakashi | 0:8fdf9a60065b | 8203 | |
| kadonotakashi | 0:8fdf9a60065b | 8204 | if( ssl == NULL || ssl->conf == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8205 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 8206 | |
| kadonotakashi | 0:8fdf9a60065b | 8207 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8208 | |
| kadonotakashi | 0:8fdf9a60065b | 8209 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 8210 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 8211 | { |
| kadonotakashi | 0:8fdf9a60065b | 8212 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8213 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8214 | |
| kadonotakashi | 0:8fdf9a60065b | 8215 | if( ssl->handshake != NULL && |
| kadonotakashi | 0:8fdf9a60065b | 8216 | ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) |
| kadonotakashi | 0:8fdf9a60065b | 8217 | { |
| kadonotakashi | 0:8fdf9a60065b | 8218 | if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8219 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8220 | } |
| kadonotakashi | 0:8fdf9a60065b | 8221 | } |
| kadonotakashi | 0:8fdf9a60065b | 8222 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8223 | |
| kadonotakashi | 0:8fdf9a60065b | 8224 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8225 | * Check if renegotiation is necessary and/or handshake is |
| kadonotakashi | 0:8fdf9a60065b | 8226 | * in process. If yes, perform/continue, and fall through |
| kadonotakashi | 0:8fdf9a60065b | 8227 | * if an unexpected packet is received while the client |
| kadonotakashi | 0:8fdf9a60065b | 8228 | * is waiting for the ServerHello. |
| kadonotakashi | 0:8fdf9a60065b | 8229 | * |
| kadonotakashi | 0:8fdf9a60065b | 8230 | * (There is no equivalent to the last condition on |
| kadonotakashi | 0:8fdf9a60065b | 8231 | * the server-side as it is not treated as within |
| kadonotakashi | 0:8fdf9a60065b | 8232 | * a handshake while waiting for the ClientHello |
| kadonotakashi | 0:8fdf9a60065b | 8233 | * after a renegotiation request.) |
| kadonotakashi | 0:8fdf9a60065b | 8234 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8235 | |
| kadonotakashi | 0:8fdf9a60065b | 8236 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 8237 | ret = ssl_check_ctr_renegotiate( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 8238 | if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && |
| kadonotakashi | 0:8fdf9a60065b | 8239 | ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8240 | { |
| kadonotakashi | 0:8fdf9a60065b | 8241 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8242 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8243 | } |
| kadonotakashi | 0:8fdf9a60065b | 8244 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8245 | |
| kadonotakashi | 0:8fdf9a60065b | 8246 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| kadonotakashi | 0:8fdf9a60065b | 8247 | { |
| kadonotakashi | 0:8fdf9a60065b | 8248 | ret = mbedtls_ssl_handshake( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 8249 | if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && |
| kadonotakashi | 0:8fdf9a60065b | 8250 | ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8251 | { |
| kadonotakashi | 0:8fdf9a60065b | 8252 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8253 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8254 | } |
| kadonotakashi | 0:8fdf9a60065b | 8255 | } |
| kadonotakashi | 0:8fdf9a60065b | 8256 | |
| kadonotakashi | 0:8fdf9a60065b | 8257 | /* Loop as long as no application data record is available */ |
| kadonotakashi | 0:8fdf9a60065b | 8258 | while( ssl->in_offt == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8259 | { |
| kadonotakashi | 0:8fdf9a60065b | 8260 | /* Start timer if not already running */ |
| kadonotakashi | 0:8fdf9a60065b | 8261 | if( ssl->f_get_timer != NULL && |
| kadonotakashi | 0:8fdf9a60065b | 8262 | ssl->f_get_timer( ssl->p_timer ) == -1 ) |
| kadonotakashi | 0:8fdf9a60065b | 8263 | { |
| kadonotakashi | 0:8fdf9a60065b | 8264 | ssl_set_timer( ssl, ssl->conf->read_timeout ); |
| kadonotakashi | 0:8fdf9a60065b | 8265 | } |
| kadonotakashi | 0:8fdf9a60065b | 8266 | |
| kadonotakashi | 0:8fdf9a60065b | 8267 | if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8268 | { |
| kadonotakashi | 0:8fdf9a60065b | 8269 | if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) |
| kadonotakashi | 0:8fdf9a60065b | 8270 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 8271 | |
| kadonotakashi | 0:8fdf9a60065b | 8272 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8273 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8274 | } |
| kadonotakashi | 0:8fdf9a60065b | 8275 | |
| kadonotakashi | 0:8fdf9a60065b | 8276 | if( ssl->in_msglen == 0 && |
| kadonotakashi | 0:8fdf9a60065b | 8277 | ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
| kadonotakashi | 0:8fdf9a60065b | 8278 | { |
| kadonotakashi | 0:8fdf9a60065b | 8279 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8280 | * OpenSSL sends empty messages to randomize the IV |
| kadonotakashi | 0:8fdf9a60065b | 8281 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8282 | if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8283 | { |
| kadonotakashi | 0:8fdf9a60065b | 8284 | if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) |
| kadonotakashi | 0:8fdf9a60065b | 8285 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 8286 | |
| kadonotakashi | 0:8fdf9a60065b | 8287 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8288 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8289 | } |
| kadonotakashi | 0:8fdf9a60065b | 8290 | } |
| kadonotakashi | 0:8fdf9a60065b | 8291 | |
| kadonotakashi | 0:8fdf9a60065b | 8292 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
| kadonotakashi | 0:8fdf9a60065b | 8293 | { |
| kadonotakashi | 0:8fdf9a60065b | 8294 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8295 | |
| kadonotakashi | 0:8fdf9a60065b | 8296 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8297 | * - For client-side, expect SERVER_HELLO_REQUEST. |
| kadonotakashi | 0:8fdf9a60065b | 8298 | * - For server-side, expect CLIENT_HELLO. |
| kadonotakashi | 0:8fdf9a60065b | 8299 | * - Fail (TLS) or silently drop record (DTLS) in other cases. |
| kadonotakashi | 0:8fdf9a60065b | 8300 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8301 | |
| kadonotakashi | 0:8fdf9a60065b | 8302 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 8303 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && |
| kadonotakashi | 0:8fdf9a60065b | 8304 | ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST || |
| kadonotakashi | 0:8fdf9a60065b | 8305 | ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) ) |
| kadonotakashi | 0:8fdf9a60065b | 8306 | { |
| kadonotakashi | 0:8fdf9a60065b | 8307 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8308 | |
| kadonotakashi | 0:8fdf9a60065b | 8309 | /* With DTLS, drop the packet (probably from last handshake) */ |
| kadonotakashi | 0:8fdf9a60065b | 8310 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 8311 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 8312 | { |
| kadonotakashi | 0:8fdf9a60065b | 8313 | continue; |
| kadonotakashi | 0:8fdf9a60065b | 8314 | } |
| kadonotakashi | 0:8fdf9a60065b | 8315 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8316 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 8317 | } |
| kadonotakashi | 0:8fdf9a60065b | 8318 | #endif /* MBEDTLS_SSL_CLI_C */ |
| kadonotakashi | 0:8fdf9a60065b | 8319 | |
| kadonotakashi | 0:8fdf9a60065b | 8320 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 8321 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| kadonotakashi | 0:8fdf9a60065b | 8322 | ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) |
| kadonotakashi | 0:8fdf9a60065b | 8323 | { |
| kadonotakashi | 0:8fdf9a60065b | 8324 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8325 | |
| kadonotakashi | 0:8fdf9a60065b | 8326 | /* With DTLS, drop the packet (probably from last handshake) */ |
| kadonotakashi | 0:8fdf9a60065b | 8327 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 8328 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 8329 | { |
| kadonotakashi | 0:8fdf9a60065b | 8330 | continue; |
| kadonotakashi | 0:8fdf9a60065b | 8331 | } |
| kadonotakashi | 0:8fdf9a60065b | 8332 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8333 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 8334 | } |
| kadonotakashi | 0:8fdf9a60065b | 8335 | #endif /* MBEDTLS_SSL_SRV_C */ |
| kadonotakashi | 0:8fdf9a60065b | 8336 | |
| kadonotakashi | 0:8fdf9a60065b | 8337 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 8338 | /* Determine whether renegotiation attempt should be accepted */ |
| kadonotakashi | 0:8fdf9a60065b | 8339 | if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || |
| kadonotakashi | 0:8fdf9a60065b | 8340 | ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && |
| kadonotakashi | 0:8fdf9a60065b | 8341 | ssl->conf->allow_legacy_renegotiation == |
| kadonotakashi | 0:8fdf9a60065b | 8342 | MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) ) |
| kadonotakashi | 0:8fdf9a60065b | 8343 | { |
| kadonotakashi | 0:8fdf9a60065b | 8344 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8345 | * Accept renegotiation request |
| kadonotakashi | 0:8fdf9a60065b | 8346 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8347 | |
| kadonotakashi | 0:8fdf9a60065b | 8348 | /* DTLS clients need to know renego is server-initiated */ |
| kadonotakashi | 0:8fdf9a60065b | 8349 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 8350 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| kadonotakashi | 0:8fdf9a60065b | 8351 | ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| kadonotakashi | 0:8fdf9a60065b | 8352 | { |
| kadonotakashi | 0:8fdf9a60065b | 8353 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; |
| kadonotakashi | 0:8fdf9a60065b | 8354 | } |
| kadonotakashi | 0:8fdf9a60065b | 8355 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8356 | ret = ssl_start_renegotiation( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 8357 | if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && |
| kadonotakashi | 0:8fdf9a60065b | 8358 | ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8359 | { |
| kadonotakashi | 0:8fdf9a60065b | 8360 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8361 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8362 | } |
| kadonotakashi | 0:8fdf9a60065b | 8363 | } |
| kadonotakashi | 0:8fdf9a60065b | 8364 | else |
| kadonotakashi | 0:8fdf9a60065b | 8365 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
| kadonotakashi | 0:8fdf9a60065b | 8366 | { |
| kadonotakashi | 0:8fdf9a60065b | 8367 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8368 | * Refuse renegotiation |
| kadonotakashi | 0:8fdf9a60065b | 8369 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8370 | |
| kadonotakashi | 0:8fdf9a60065b | 8371 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8372 | |
| kadonotakashi | 0:8fdf9a60065b | 8373 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| kadonotakashi | 0:8fdf9a60065b | 8374 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8375 | { |
| kadonotakashi | 0:8fdf9a60065b | 8376 | /* SSLv3 does not have a "no_renegotiation" warning, so |
| kadonotakashi | 0:8fdf9a60065b | 8377 | we send a fatal alert and abort the connection. */ |
| kadonotakashi | 0:8fdf9a60065b | 8378 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 8379 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 8380 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 8381 | } |
| kadonotakashi | 0:8fdf9a60065b | 8382 | else |
| kadonotakashi | 0:8fdf9a60065b | 8383 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| kadonotakashi | 0:8fdf9a60065b | 8384 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 8385 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 8386 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
| kadonotakashi | 0:8fdf9a60065b | 8387 | { |
| kadonotakashi | 0:8fdf9a60065b | 8388 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
| kadonotakashi | 0:8fdf9a60065b | 8389 | MBEDTLS_SSL_ALERT_LEVEL_WARNING, |
| kadonotakashi | 0:8fdf9a60065b | 8390 | MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8391 | { |
| kadonotakashi | 0:8fdf9a60065b | 8392 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8393 | } |
| kadonotakashi | 0:8fdf9a60065b | 8394 | } |
| kadonotakashi | 0:8fdf9a60065b | 8395 | else |
| kadonotakashi | 0:8fdf9a60065b | 8396 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || |
| kadonotakashi | 0:8fdf9a60065b | 8397 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 8398 | { |
| kadonotakashi | 0:8fdf9a60065b | 8399 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8400 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 8401 | } |
| kadonotakashi | 0:8fdf9a60065b | 8402 | } |
| kadonotakashi | 0:8fdf9a60065b | 8403 | |
| kadonotakashi | 0:8fdf9a60065b | 8404 | /* At this point, we don't know whether the renegotiation has been |
| kadonotakashi | 0:8fdf9a60065b | 8405 | * completed or not. The cases to consider are the following: |
| kadonotakashi | 0:8fdf9a60065b | 8406 | * 1) The renegotiation is complete. In this case, no new record |
| kadonotakashi | 0:8fdf9a60065b | 8407 | * has been read yet. |
| kadonotakashi | 0:8fdf9a60065b | 8408 | * 2) The renegotiation is incomplete because the client received |
| kadonotakashi | 0:8fdf9a60065b | 8409 | * an application data record while awaiting the ServerHello. |
| kadonotakashi | 0:8fdf9a60065b | 8410 | * 3) The renegotiation is incomplete because the client received |
| kadonotakashi | 0:8fdf9a60065b | 8411 | * a non-handshake, non-application data message while awaiting |
| kadonotakashi | 0:8fdf9a60065b | 8412 | * the ServerHello. |
| kadonotakashi | 0:8fdf9a60065b | 8413 | * In each of these case, looping will be the proper action: |
| kadonotakashi | 0:8fdf9a60065b | 8414 | * - For 1), the next iteration will read a new record and check |
| kadonotakashi | 0:8fdf9a60065b | 8415 | * if it's application data. |
| kadonotakashi | 0:8fdf9a60065b | 8416 | * - For 2), the loop condition isn't satisfied as application data |
| kadonotakashi | 0:8fdf9a60065b | 8417 | * is present, hence continue is the same as break |
| kadonotakashi | 0:8fdf9a60065b | 8418 | * - For 3), the loop condition is satisfied and read_record |
| kadonotakashi | 0:8fdf9a60065b | 8419 | * will re-deliver the message that was held back by the client |
| kadonotakashi | 0:8fdf9a60065b | 8420 | * when expecting the ServerHello. |
| kadonotakashi | 0:8fdf9a60065b | 8421 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8422 | continue; |
| kadonotakashi | 0:8fdf9a60065b | 8423 | } |
| kadonotakashi | 0:8fdf9a60065b | 8424 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 8425 | else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
| kadonotakashi | 0:8fdf9a60065b | 8426 | { |
| kadonotakashi | 0:8fdf9a60065b | 8427 | if( ssl->conf->renego_max_records >= 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8428 | { |
| kadonotakashi | 0:8fdf9a60065b | 8429 | if( ++ssl->renego_records_seen > ssl->conf->renego_max_records ) |
| kadonotakashi | 0:8fdf9a60065b | 8430 | { |
| kadonotakashi | 0:8fdf9a60065b | 8431 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, " |
| kadonotakashi | 0:8fdf9a60065b | 8432 | "but not honored by client" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8433 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 8434 | } |
| kadonotakashi | 0:8fdf9a60065b | 8435 | } |
| kadonotakashi | 0:8fdf9a60065b | 8436 | } |
| kadonotakashi | 0:8fdf9a60065b | 8437 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
| kadonotakashi | 0:8fdf9a60065b | 8438 | |
| kadonotakashi | 0:8fdf9a60065b | 8439 | /* Fatal and closure alerts handled by mbedtls_ssl_read_record() */ |
| kadonotakashi | 0:8fdf9a60065b | 8440 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) |
| kadonotakashi | 0:8fdf9a60065b | 8441 | { |
| kadonotakashi | 0:8fdf9a60065b | 8442 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8443 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
| kadonotakashi | 0:8fdf9a60065b | 8444 | } |
| kadonotakashi | 0:8fdf9a60065b | 8445 | |
| kadonotakashi | 0:8fdf9a60065b | 8446 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
| kadonotakashi | 0:8fdf9a60065b | 8447 | { |
| kadonotakashi | 0:8fdf9a60065b | 8448 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8449 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| kadonotakashi | 0:8fdf9a60065b | 8450 | } |
| kadonotakashi | 0:8fdf9a60065b | 8451 | |
| kadonotakashi | 0:8fdf9a60065b | 8452 | ssl->in_offt = ssl->in_msg; |
| kadonotakashi | 0:8fdf9a60065b | 8453 | |
| kadonotakashi | 0:8fdf9a60065b | 8454 | /* We're going to return something now, cancel timer, |
| kadonotakashi | 0:8fdf9a60065b | 8455 | * except if handshake (renegotiation) is in progress */ |
| kadonotakashi | 0:8fdf9a60065b | 8456 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
| kadonotakashi | 0:8fdf9a60065b | 8457 | ssl_set_timer( ssl, 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 8458 | |
| kadonotakashi | 0:8fdf9a60065b | 8459 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 8460 | /* If we requested renego but received AppData, resend HelloRequest. |
| kadonotakashi | 0:8fdf9a60065b | 8461 | * Do it now, after setting in_offt, to avoid taking this branch |
| kadonotakashi | 0:8fdf9a60065b | 8462 | * again if ssl_write_hello_request() returns WANT_WRITE */ |
| kadonotakashi | 0:8fdf9a60065b | 8463 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 8464 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| kadonotakashi | 0:8fdf9a60065b | 8465 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
| kadonotakashi | 0:8fdf9a60065b | 8466 | { |
| kadonotakashi | 0:8fdf9a60065b | 8467 | if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8468 | { |
| kadonotakashi | 0:8fdf9a60065b | 8469 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8470 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8471 | } |
| kadonotakashi | 0:8fdf9a60065b | 8472 | } |
| kadonotakashi | 0:8fdf9a60065b | 8473 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
| kadonotakashi | 0:8fdf9a60065b | 8474 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 8475 | } |
| kadonotakashi | 0:8fdf9a60065b | 8476 | |
| kadonotakashi | 0:8fdf9a60065b | 8477 | n = ( len < ssl->in_msglen ) |
| kadonotakashi | 0:8fdf9a60065b | 8478 | ? len : ssl->in_msglen; |
| kadonotakashi | 0:8fdf9a60065b | 8479 | |
| kadonotakashi | 0:8fdf9a60065b | 8480 | memcpy( buf, ssl->in_offt, n ); |
| kadonotakashi | 0:8fdf9a60065b | 8481 | ssl->in_msglen -= n; |
| kadonotakashi | 0:8fdf9a60065b | 8482 | |
| kadonotakashi | 0:8fdf9a60065b | 8483 | if( ssl->in_msglen == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8484 | { |
| kadonotakashi | 0:8fdf9a60065b | 8485 | /* all bytes consumed */ |
| kadonotakashi | 0:8fdf9a60065b | 8486 | ssl->in_offt = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 8487 | ssl->keep_current_message = 0; |
| kadonotakashi | 0:8fdf9a60065b | 8488 | } |
| kadonotakashi | 0:8fdf9a60065b | 8489 | else |
| kadonotakashi | 0:8fdf9a60065b | 8490 | { |
| kadonotakashi | 0:8fdf9a60065b | 8491 | /* more data available */ |
| kadonotakashi | 0:8fdf9a60065b | 8492 | ssl->in_offt += n; |
| kadonotakashi | 0:8fdf9a60065b | 8493 | } |
| kadonotakashi | 0:8fdf9a60065b | 8494 | |
| kadonotakashi | 0:8fdf9a60065b | 8495 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8496 | |
| kadonotakashi | 0:8fdf9a60065b | 8497 | return( (int) n ); |
| kadonotakashi | 0:8fdf9a60065b | 8498 | } |
| kadonotakashi | 0:8fdf9a60065b | 8499 | |
| kadonotakashi | 0:8fdf9a60065b | 8500 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8501 | * Send application data to be encrypted by the SSL layer, taking care of max |
| kadonotakashi | 0:8fdf9a60065b | 8502 | * fragment length and buffer size. |
| kadonotakashi | 0:8fdf9a60065b | 8503 | * |
| kadonotakashi | 0:8fdf9a60065b | 8504 | * According to RFC 5246 Section 6.2.1: |
| kadonotakashi | 0:8fdf9a60065b | 8505 | * |
| kadonotakashi | 0:8fdf9a60065b | 8506 | * Zero-length fragments of Application data MAY be sent as they are |
| kadonotakashi | 0:8fdf9a60065b | 8507 | * potentially useful as a traffic analysis countermeasure. |
| kadonotakashi | 0:8fdf9a60065b | 8508 | * |
| kadonotakashi | 0:8fdf9a60065b | 8509 | * Therefore, it is possible that the input message length is 0 and the |
| kadonotakashi | 0:8fdf9a60065b | 8510 | * corresponding return code is 0 on success. |
| kadonotakashi | 0:8fdf9a60065b | 8511 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8512 | static int ssl_write_real( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 8513 | const unsigned char *buf, size_t len ) |
| kadonotakashi | 0:8fdf9a60065b | 8514 | { |
| kadonotakashi | 0:8fdf9a60065b | 8515 | int ret = mbedtls_ssl_get_max_out_record_payload( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 8516 | const size_t max_len = (size_t) ret; |
| kadonotakashi | 0:8fdf9a60065b | 8517 | |
| kadonotakashi | 0:8fdf9a60065b | 8518 | if( ret < 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8519 | { |
| kadonotakashi | 0:8fdf9a60065b | 8520 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8521 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8522 | } |
| kadonotakashi | 0:8fdf9a60065b | 8523 | |
| kadonotakashi | 0:8fdf9a60065b | 8524 | if( len > max_len ) |
| kadonotakashi | 0:8fdf9a60065b | 8525 | { |
| kadonotakashi | 0:8fdf9a60065b | 8526 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 8527 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 8528 | { |
| kadonotakashi | 0:8fdf9a60065b | 8529 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) " |
| kadonotakashi | 0:8fdf9a60065b | 8530 | "maximum fragment length: %d > %d", |
| kadonotakashi | 0:8fdf9a60065b | 8531 | len, max_len ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8532 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 8533 | } |
| kadonotakashi | 0:8fdf9a60065b | 8534 | else |
| kadonotakashi | 0:8fdf9a60065b | 8535 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8536 | len = max_len; |
| kadonotakashi | 0:8fdf9a60065b | 8537 | } |
| kadonotakashi | 0:8fdf9a60065b | 8538 | |
| kadonotakashi | 0:8fdf9a60065b | 8539 | if( ssl->out_left != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8540 | { |
| kadonotakashi | 0:8fdf9a60065b | 8541 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8542 | * The user has previously tried to send the data and |
| kadonotakashi | 0:8fdf9a60065b | 8543 | * MBEDTLS_ERR_SSL_WANT_WRITE or the message was only partially |
| kadonotakashi | 0:8fdf9a60065b | 8544 | * written. In this case, we expect the high-level write function |
| kadonotakashi | 0:8fdf9a60065b | 8545 | * (e.g. mbedtls_ssl_write()) to be called with the same parameters |
| kadonotakashi | 0:8fdf9a60065b | 8546 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8547 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8548 | { |
| kadonotakashi | 0:8fdf9a60065b | 8549 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8550 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8551 | } |
| kadonotakashi | 0:8fdf9a60065b | 8552 | } |
| kadonotakashi | 0:8fdf9a60065b | 8553 | else |
| kadonotakashi | 0:8fdf9a60065b | 8554 | { |
| kadonotakashi | 0:8fdf9a60065b | 8555 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8556 | * The user is trying to send a message the first time, so we need to |
| kadonotakashi | 0:8fdf9a60065b | 8557 | * copy the data into the internal buffers and setup the data structure |
| kadonotakashi | 0:8fdf9a60065b | 8558 | * to keep track of partial writes |
| kadonotakashi | 0:8fdf9a60065b | 8559 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8560 | ssl->out_msglen = len; |
| kadonotakashi | 0:8fdf9a60065b | 8561 | ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; |
| kadonotakashi | 0:8fdf9a60065b | 8562 | memcpy( ssl->out_msg, buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 8563 | |
| kadonotakashi | 0:8fdf9a60065b | 8564 | if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8565 | { |
| kadonotakashi | 0:8fdf9a60065b | 8566 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8567 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8568 | } |
| kadonotakashi | 0:8fdf9a60065b | 8569 | } |
| kadonotakashi | 0:8fdf9a60065b | 8570 | |
| kadonotakashi | 0:8fdf9a60065b | 8571 | return( (int) len ); |
| kadonotakashi | 0:8fdf9a60065b | 8572 | } |
| kadonotakashi | 0:8fdf9a60065b | 8573 | |
| kadonotakashi | 0:8fdf9a60065b | 8574 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8575 | * Write application data, doing 1/n-1 splitting if necessary. |
| kadonotakashi | 0:8fdf9a60065b | 8576 | * |
| kadonotakashi | 0:8fdf9a60065b | 8577 | * With non-blocking I/O, ssl_write_real() may return WANT_WRITE, |
| kadonotakashi | 0:8fdf9a60065b | 8578 | * then the caller will call us again with the same arguments, so |
| kadonotakashi | 0:8fdf9a60065b | 8579 | * remember whether we already did the split or not. |
| kadonotakashi | 0:8fdf9a60065b | 8580 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8581 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
| kadonotakashi | 0:8fdf9a60065b | 8582 | static int ssl_write_split( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 8583 | const unsigned char *buf, size_t len ) |
| kadonotakashi | 0:8fdf9a60065b | 8584 | { |
| kadonotakashi | 0:8fdf9a60065b | 8585 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 8586 | |
| kadonotakashi | 0:8fdf9a60065b | 8587 | if( ssl->conf->cbc_record_splitting == |
| kadonotakashi | 0:8fdf9a60065b | 8588 | MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || |
| kadonotakashi | 0:8fdf9a60065b | 8589 | len <= 1 || |
| kadonotakashi | 0:8fdf9a60065b | 8590 | ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 || |
| kadonotakashi | 0:8fdf9a60065b | 8591 | mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ) |
| kadonotakashi | 0:8fdf9a60065b | 8592 | != MBEDTLS_MODE_CBC ) |
| kadonotakashi | 0:8fdf9a60065b | 8593 | { |
| kadonotakashi | 0:8fdf9a60065b | 8594 | return( ssl_write_real( ssl, buf, len ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8595 | } |
| kadonotakashi | 0:8fdf9a60065b | 8596 | |
| kadonotakashi | 0:8fdf9a60065b | 8597 | if( ssl->split_done == 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8598 | { |
| kadonotakashi | 0:8fdf9a60065b | 8599 | if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8600 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8601 | ssl->split_done = 1; |
| kadonotakashi | 0:8fdf9a60065b | 8602 | } |
| kadonotakashi | 0:8fdf9a60065b | 8603 | |
| kadonotakashi | 0:8fdf9a60065b | 8604 | if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8605 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8606 | ssl->split_done = 0; |
| kadonotakashi | 0:8fdf9a60065b | 8607 | |
| kadonotakashi | 0:8fdf9a60065b | 8608 | return( ret + 1 ); |
| kadonotakashi | 0:8fdf9a60065b | 8609 | } |
| kadonotakashi | 0:8fdf9a60065b | 8610 | #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ |
| kadonotakashi | 0:8fdf9a60065b | 8611 | |
| kadonotakashi | 0:8fdf9a60065b | 8612 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8613 | * Write application data (public-facing wrapper) |
| kadonotakashi | 0:8fdf9a60065b | 8614 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8615 | int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) |
| kadonotakashi | 0:8fdf9a60065b | 8616 | { |
| kadonotakashi | 0:8fdf9a60065b | 8617 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 8618 | |
| kadonotakashi | 0:8fdf9a60065b | 8619 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8620 | |
| kadonotakashi | 0:8fdf9a60065b | 8621 | if( ssl == NULL || ssl->conf == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8622 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 8623 | |
| kadonotakashi | 0:8fdf9a60065b | 8624 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 8625 | if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8626 | { |
| kadonotakashi | 0:8fdf9a60065b | 8627 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8628 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8629 | } |
| kadonotakashi | 0:8fdf9a60065b | 8630 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8631 | |
| kadonotakashi | 0:8fdf9a60065b | 8632 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| kadonotakashi | 0:8fdf9a60065b | 8633 | { |
| kadonotakashi | 0:8fdf9a60065b | 8634 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8635 | { |
| kadonotakashi | 0:8fdf9a60065b | 8636 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8637 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8638 | } |
| kadonotakashi | 0:8fdf9a60065b | 8639 | } |
| kadonotakashi | 0:8fdf9a60065b | 8640 | |
| kadonotakashi | 0:8fdf9a60065b | 8641 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
| kadonotakashi | 0:8fdf9a60065b | 8642 | ret = ssl_write_split( ssl, buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 8643 | #else |
| kadonotakashi | 0:8fdf9a60065b | 8644 | ret = ssl_write_real( ssl, buf, len ); |
| kadonotakashi | 0:8fdf9a60065b | 8645 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8646 | |
| kadonotakashi | 0:8fdf9a60065b | 8647 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8648 | |
| kadonotakashi | 0:8fdf9a60065b | 8649 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8650 | } |
| kadonotakashi | 0:8fdf9a60065b | 8651 | |
| kadonotakashi | 0:8fdf9a60065b | 8652 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8653 | * Notify the peer that the connection is being closed |
| kadonotakashi | 0:8fdf9a60065b | 8654 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8655 | int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 8656 | { |
| kadonotakashi | 0:8fdf9a60065b | 8657 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 8658 | |
| kadonotakashi | 0:8fdf9a60065b | 8659 | if( ssl == NULL || ssl->conf == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8660 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 8661 | |
| kadonotakashi | 0:8fdf9a60065b | 8662 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8663 | |
| kadonotakashi | 0:8fdf9a60065b | 8664 | if( ssl->out_left != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8665 | return( mbedtls_ssl_flush_output( ssl ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8666 | |
| kadonotakashi | 0:8fdf9a60065b | 8667 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
| kadonotakashi | 0:8fdf9a60065b | 8668 | { |
| kadonotakashi | 0:8fdf9a60065b | 8669 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
| kadonotakashi | 0:8fdf9a60065b | 8670 | MBEDTLS_SSL_ALERT_LEVEL_WARNING, |
| kadonotakashi | 0:8fdf9a60065b | 8671 | MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8672 | { |
| kadonotakashi | 0:8fdf9a60065b | 8673 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8674 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 8675 | } |
| kadonotakashi | 0:8fdf9a60065b | 8676 | } |
| kadonotakashi | 0:8fdf9a60065b | 8677 | |
| kadonotakashi | 0:8fdf9a60065b | 8678 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8679 | |
| kadonotakashi | 0:8fdf9a60065b | 8680 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 8681 | } |
| kadonotakashi | 0:8fdf9a60065b | 8682 | |
| kadonotakashi | 0:8fdf9a60065b | 8683 | void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) |
| kadonotakashi | 0:8fdf9a60065b | 8684 | { |
| kadonotakashi | 0:8fdf9a60065b | 8685 | if( transform == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8686 | return; |
| kadonotakashi | 0:8fdf9a60065b | 8687 | |
| kadonotakashi | 0:8fdf9a60065b | 8688 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| kadonotakashi | 0:8fdf9a60065b | 8689 | deflateEnd( &transform->ctx_deflate ); |
| kadonotakashi | 0:8fdf9a60065b | 8690 | inflateEnd( &transform->ctx_inflate ); |
| kadonotakashi | 0:8fdf9a60065b | 8691 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8692 | |
| kadonotakashi | 0:8fdf9a60065b | 8693 | mbedtls_cipher_free( &transform->cipher_ctx_enc ); |
| kadonotakashi | 0:8fdf9a60065b | 8694 | mbedtls_cipher_free( &transform->cipher_ctx_dec ); |
| kadonotakashi | 0:8fdf9a60065b | 8695 | |
| kadonotakashi | 0:8fdf9a60065b | 8696 | mbedtls_md_free( &transform->md_ctx_enc ); |
| kadonotakashi | 0:8fdf9a60065b | 8697 | mbedtls_md_free( &transform->md_ctx_dec ); |
| kadonotakashi | 0:8fdf9a60065b | 8698 | |
| kadonotakashi | 0:8fdf9a60065b | 8699 | mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8700 | } |
| kadonotakashi | 0:8fdf9a60065b | 8701 | |
| kadonotakashi | 0:8fdf9a60065b | 8702 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| kadonotakashi | 0:8fdf9a60065b | 8703 | static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert ) |
| kadonotakashi | 0:8fdf9a60065b | 8704 | { |
| kadonotakashi | 0:8fdf9a60065b | 8705 | mbedtls_ssl_key_cert *cur = key_cert, *next; |
| kadonotakashi | 0:8fdf9a60065b | 8706 | |
| kadonotakashi | 0:8fdf9a60065b | 8707 | while( cur != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8708 | { |
| kadonotakashi | 0:8fdf9a60065b | 8709 | next = cur->next; |
| kadonotakashi | 0:8fdf9a60065b | 8710 | mbedtls_free( cur ); |
| kadonotakashi | 0:8fdf9a60065b | 8711 | cur = next; |
| kadonotakashi | 0:8fdf9a60065b | 8712 | } |
| kadonotakashi | 0:8fdf9a60065b | 8713 | } |
| kadonotakashi | 0:8fdf9a60065b | 8714 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| kadonotakashi | 0:8fdf9a60065b | 8715 | |
| kadonotakashi | 0:8fdf9a60065b | 8716 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 8717 | |
| kadonotakashi | 0:8fdf9a60065b | 8718 | static void ssl_buffering_free( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 8719 | { |
| kadonotakashi | 0:8fdf9a60065b | 8720 | unsigned offset; |
| kadonotakashi | 0:8fdf9a60065b | 8721 | mbedtls_ssl_handshake_params * const hs = ssl->handshake; |
| kadonotakashi | 0:8fdf9a60065b | 8722 | |
| kadonotakashi | 0:8fdf9a60065b | 8723 | if( hs == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8724 | return; |
| kadonotakashi | 0:8fdf9a60065b | 8725 | |
| kadonotakashi | 0:8fdf9a60065b | 8726 | ssl_free_buffered_record( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 8727 | |
| kadonotakashi | 0:8fdf9a60065b | 8728 | for( offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ ) |
| kadonotakashi | 0:8fdf9a60065b | 8729 | ssl_buffering_free_slot( ssl, offset ); |
| kadonotakashi | 0:8fdf9a60065b | 8730 | } |
| kadonotakashi | 0:8fdf9a60065b | 8731 | |
| kadonotakashi | 0:8fdf9a60065b | 8732 | static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 8733 | uint8_t slot ) |
| kadonotakashi | 0:8fdf9a60065b | 8734 | { |
| kadonotakashi | 0:8fdf9a60065b | 8735 | mbedtls_ssl_handshake_params * const hs = ssl->handshake; |
| kadonotakashi | 0:8fdf9a60065b | 8736 | mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot]; |
| kadonotakashi | 0:8fdf9a60065b | 8737 | |
| kadonotakashi | 0:8fdf9a60065b | 8738 | if( slot >= MBEDTLS_SSL_MAX_BUFFERED_HS ) |
| kadonotakashi | 0:8fdf9a60065b | 8739 | return; |
| kadonotakashi | 0:8fdf9a60065b | 8740 | |
| kadonotakashi | 0:8fdf9a60065b | 8741 | if( hs_buf->is_valid == 1 ) |
| kadonotakashi | 0:8fdf9a60065b | 8742 | { |
| kadonotakashi | 0:8fdf9a60065b | 8743 | hs->buffering.total_bytes_buffered -= hs_buf->data_len; |
| kadonotakashi | 0:8fdf9a60065b | 8744 | mbedtls_free( hs_buf->data ); |
| kadonotakashi | 0:8fdf9a60065b | 8745 | memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8746 | } |
| kadonotakashi | 0:8fdf9a60065b | 8747 | } |
| kadonotakashi | 0:8fdf9a60065b | 8748 | |
| kadonotakashi | 0:8fdf9a60065b | 8749 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| kadonotakashi | 0:8fdf9a60065b | 8750 | |
| kadonotakashi | 0:8fdf9a60065b | 8751 | void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 8752 | { |
| kadonotakashi | 0:8fdf9a60065b | 8753 | mbedtls_ssl_handshake_params *handshake = ssl->handshake; |
| kadonotakashi | 0:8fdf9a60065b | 8754 | |
| kadonotakashi | 0:8fdf9a60065b | 8755 | if( handshake == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8756 | return; |
| kadonotakashi | 0:8fdf9a60065b | 8757 | |
| kadonotakashi | 0:8fdf9a60065b | 8758 | #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) |
| kadonotakashi | 0:8fdf9a60065b | 8759 | if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 8760 | { |
| kadonotakashi | 0:8fdf9a60065b | 8761 | ssl->conf->f_async_cancel( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 8762 | handshake->async_in_progress = 0; |
| kadonotakashi | 0:8fdf9a60065b | 8763 | } |
| kadonotakashi | 0:8fdf9a60065b | 8764 | #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ |
| kadonotakashi | 0:8fdf9a60065b | 8765 | |
| kadonotakashi | 0:8fdf9a60065b | 8766 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 8767 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 8768 | mbedtls_md5_free( &handshake->fin_md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 8769 | mbedtls_sha1_free( &handshake->fin_sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 8770 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8771 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 8772 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 8773 | mbedtls_sha256_free( &handshake->fin_sha256 ); |
| kadonotakashi | 0:8fdf9a60065b | 8774 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8775 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 8776 | mbedtls_sha512_free( &handshake->fin_sha512 ); |
| kadonotakashi | 0:8fdf9a60065b | 8777 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8778 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 8779 | |
| kadonotakashi | 0:8fdf9a60065b | 8780 | #if defined(MBEDTLS_DHM_C) |
| kadonotakashi | 0:8fdf9a60065b | 8781 | mbedtls_dhm_free( &handshake->dhm_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 8782 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8783 | #if defined(MBEDTLS_ECDH_C) |
| kadonotakashi | 0:8fdf9a60065b | 8784 | mbedtls_ecdh_free( &handshake->ecdh_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 8785 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8786 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 8787 | mbedtls_ecjpake_free( &handshake->ecjpake_ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 8788 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 8789 | mbedtls_free( handshake->ecjpake_cache ); |
| kadonotakashi | 0:8fdf9a60065b | 8790 | handshake->ecjpake_cache = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 8791 | handshake->ecjpake_cache_len = 0; |
| kadonotakashi | 0:8fdf9a60065b | 8792 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8793 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8794 | |
| kadonotakashi | 0:8fdf9a60065b | 8795 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ |
| kadonotakashi | 0:8fdf9a60065b | 8796 | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 8797 | /* explicit void pointer cast for buggy MS compiler */ |
| kadonotakashi | 0:8fdf9a60065b | 8798 | mbedtls_free( (void *) handshake->curves ); |
| kadonotakashi | 0:8fdf9a60065b | 8799 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8800 | |
| kadonotakashi | 0:8fdf9a60065b | 8801 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 8802 | if( handshake->psk != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8803 | { |
| kadonotakashi | 0:8fdf9a60065b | 8804 | mbedtls_platform_zeroize( handshake->psk, handshake->psk_len ); |
| kadonotakashi | 0:8fdf9a60065b | 8805 | mbedtls_free( handshake->psk ); |
| kadonotakashi | 0:8fdf9a60065b | 8806 | } |
| kadonotakashi | 0:8fdf9a60065b | 8807 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8808 | |
| kadonotakashi | 0:8fdf9a60065b | 8809 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ |
| kadonotakashi | 0:8fdf9a60065b | 8810 | defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| kadonotakashi | 0:8fdf9a60065b | 8811 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8812 | * Free only the linked list wrapper, not the keys themselves |
| kadonotakashi | 0:8fdf9a60065b | 8813 | * since the belong to the SNI callback |
| kadonotakashi | 0:8fdf9a60065b | 8814 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8815 | if( handshake->sni_key_cert != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8816 | { |
| kadonotakashi | 0:8fdf9a60065b | 8817 | mbedtls_ssl_key_cert *cur = handshake->sni_key_cert, *next; |
| kadonotakashi | 0:8fdf9a60065b | 8818 | |
| kadonotakashi | 0:8fdf9a60065b | 8819 | while( cur != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8820 | { |
| kadonotakashi | 0:8fdf9a60065b | 8821 | next = cur->next; |
| kadonotakashi | 0:8fdf9a60065b | 8822 | mbedtls_free( cur ); |
| kadonotakashi | 0:8fdf9a60065b | 8823 | cur = next; |
| kadonotakashi | 0:8fdf9a60065b | 8824 | } |
| kadonotakashi | 0:8fdf9a60065b | 8825 | } |
| kadonotakashi | 0:8fdf9a60065b | 8826 | #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
| kadonotakashi | 0:8fdf9a60065b | 8827 | |
| kadonotakashi | 0:8fdf9a60065b | 8828 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 8829 | mbedtls_free( handshake->verify_cookie ); |
| kadonotakashi | 0:8fdf9a60065b | 8830 | ssl_flight_free( handshake->flight ); |
| kadonotakashi | 0:8fdf9a60065b | 8831 | ssl_buffering_free( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 8832 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8833 | |
| kadonotakashi | 0:8fdf9a60065b | 8834 | mbedtls_platform_zeroize( handshake, |
| kadonotakashi | 0:8fdf9a60065b | 8835 | sizeof( mbedtls_ssl_handshake_params ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8836 | } |
| kadonotakashi | 0:8fdf9a60065b | 8837 | |
| kadonotakashi | 0:8fdf9a60065b | 8838 | void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) |
| kadonotakashi | 0:8fdf9a60065b | 8839 | { |
| kadonotakashi | 0:8fdf9a60065b | 8840 | if( session == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8841 | return; |
| kadonotakashi | 0:8fdf9a60065b | 8842 | |
| kadonotakashi | 0:8fdf9a60065b | 8843 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| kadonotakashi | 0:8fdf9a60065b | 8844 | if( session->peer_cert != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8845 | { |
| kadonotakashi | 0:8fdf9a60065b | 8846 | mbedtls_x509_crt_free( session->peer_cert ); |
| kadonotakashi | 0:8fdf9a60065b | 8847 | mbedtls_free( session->peer_cert ); |
| kadonotakashi | 0:8fdf9a60065b | 8848 | } |
| kadonotakashi | 0:8fdf9a60065b | 8849 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8850 | |
| kadonotakashi | 0:8fdf9a60065b | 8851 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 8852 | mbedtls_free( session->ticket ); |
| kadonotakashi | 0:8fdf9a60065b | 8853 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8854 | |
| kadonotakashi | 0:8fdf9a60065b | 8855 | mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8856 | } |
| kadonotakashi | 0:8fdf9a60065b | 8857 | |
| kadonotakashi | 0:8fdf9a60065b | 8858 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8859 | * Free an SSL context |
| kadonotakashi | 0:8fdf9a60065b | 8860 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8861 | void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) |
| kadonotakashi | 0:8fdf9a60065b | 8862 | { |
| kadonotakashi | 0:8fdf9a60065b | 8863 | if( ssl == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8864 | return; |
| kadonotakashi | 0:8fdf9a60065b | 8865 | |
| kadonotakashi | 0:8fdf9a60065b | 8866 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8867 | |
| kadonotakashi | 0:8fdf9a60065b | 8868 | if( ssl->out_buf != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8869 | { |
| kadonotakashi | 0:8fdf9a60065b | 8870 | mbedtls_platform_zeroize( ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN ); |
| kadonotakashi | 0:8fdf9a60065b | 8871 | mbedtls_free( ssl->out_buf ); |
| kadonotakashi | 0:8fdf9a60065b | 8872 | } |
| kadonotakashi | 0:8fdf9a60065b | 8873 | |
| kadonotakashi | 0:8fdf9a60065b | 8874 | if( ssl->in_buf != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8875 | { |
| kadonotakashi | 0:8fdf9a60065b | 8876 | mbedtls_platform_zeroize( ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN ); |
| kadonotakashi | 0:8fdf9a60065b | 8877 | mbedtls_free( ssl->in_buf ); |
| kadonotakashi | 0:8fdf9a60065b | 8878 | } |
| kadonotakashi | 0:8fdf9a60065b | 8879 | |
| kadonotakashi | 0:8fdf9a60065b | 8880 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| kadonotakashi | 0:8fdf9a60065b | 8881 | if( ssl->compress_buf != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8882 | { |
| kadonotakashi | 0:8fdf9a60065b | 8883 | mbedtls_platform_zeroize( ssl->compress_buf, MBEDTLS_SSL_COMPRESS_BUFFER_LEN ); |
| kadonotakashi | 0:8fdf9a60065b | 8884 | mbedtls_free( ssl->compress_buf ); |
| kadonotakashi | 0:8fdf9a60065b | 8885 | } |
| kadonotakashi | 0:8fdf9a60065b | 8886 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8887 | |
| kadonotakashi | 0:8fdf9a60065b | 8888 | if( ssl->transform ) |
| kadonotakashi | 0:8fdf9a60065b | 8889 | { |
| kadonotakashi | 0:8fdf9a60065b | 8890 | mbedtls_ssl_transform_free( ssl->transform ); |
| kadonotakashi | 0:8fdf9a60065b | 8891 | mbedtls_free( ssl->transform ); |
| kadonotakashi | 0:8fdf9a60065b | 8892 | } |
| kadonotakashi | 0:8fdf9a60065b | 8893 | |
| kadonotakashi | 0:8fdf9a60065b | 8894 | if( ssl->handshake ) |
| kadonotakashi | 0:8fdf9a60065b | 8895 | { |
| kadonotakashi | 0:8fdf9a60065b | 8896 | mbedtls_ssl_handshake_free( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 8897 | mbedtls_ssl_transform_free( ssl->transform_negotiate ); |
| kadonotakashi | 0:8fdf9a60065b | 8898 | mbedtls_ssl_session_free( ssl->session_negotiate ); |
| kadonotakashi | 0:8fdf9a60065b | 8899 | |
| kadonotakashi | 0:8fdf9a60065b | 8900 | mbedtls_free( ssl->handshake ); |
| kadonotakashi | 0:8fdf9a60065b | 8901 | mbedtls_free( ssl->transform_negotiate ); |
| kadonotakashi | 0:8fdf9a60065b | 8902 | mbedtls_free( ssl->session_negotiate ); |
| kadonotakashi | 0:8fdf9a60065b | 8903 | } |
| kadonotakashi | 0:8fdf9a60065b | 8904 | |
| kadonotakashi | 0:8fdf9a60065b | 8905 | if( ssl->session ) |
| kadonotakashi | 0:8fdf9a60065b | 8906 | { |
| kadonotakashi | 0:8fdf9a60065b | 8907 | mbedtls_ssl_session_free( ssl->session ); |
| kadonotakashi | 0:8fdf9a60065b | 8908 | mbedtls_free( ssl->session ); |
| kadonotakashi | 0:8fdf9a60065b | 8909 | } |
| kadonotakashi | 0:8fdf9a60065b | 8910 | |
| kadonotakashi | 0:8fdf9a60065b | 8911 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| kadonotakashi | 0:8fdf9a60065b | 8912 | if( ssl->hostname != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8913 | { |
| kadonotakashi | 0:8fdf9a60065b | 8914 | mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8915 | mbedtls_free( ssl->hostname ); |
| kadonotakashi | 0:8fdf9a60065b | 8916 | } |
| kadonotakashi | 0:8fdf9a60065b | 8917 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8918 | |
| kadonotakashi | 0:8fdf9a60065b | 8919 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| kadonotakashi | 0:8fdf9a60065b | 8920 | if( mbedtls_ssl_hw_record_finish != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 8921 | { |
| kadonotakashi | 0:8fdf9a60065b | 8922 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_finish()" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8923 | mbedtls_ssl_hw_record_finish( ssl ); |
| kadonotakashi | 0:8fdf9a60065b | 8924 | } |
| kadonotakashi | 0:8fdf9a60065b | 8925 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8926 | |
| kadonotakashi | 0:8fdf9a60065b | 8927 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 8928 | mbedtls_free( ssl->cli_id ); |
| kadonotakashi | 0:8fdf9a60065b | 8929 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8930 | |
| kadonotakashi | 0:8fdf9a60065b | 8931 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8932 | |
| kadonotakashi | 0:8fdf9a60065b | 8933 | /* Actually clear after last debug message */ |
| kadonotakashi | 0:8fdf9a60065b | 8934 | mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8935 | } |
| kadonotakashi | 0:8fdf9a60065b | 8936 | |
| kadonotakashi | 0:8fdf9a60065b | 8937 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8938 | * Initialze mbedtls_ssl_config |
| kadonotakashi | 0:8fdf9a60065b | 8939 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8940 | void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) |
| kadonotakashi | 0:8fdf9a60065b | 8941 | { |
| kadonotakashi | 0:8fdf9a60065b | 8942 | memset( conf, 0, sizeof( mbedtls_ssl_config ) ); |
| kadonotakashi | 0:8fdf9a60065b | 8943 | } |
| kadonotakashi | 0:8fdf9a60065b | 8944 | |
| kadonotakashi | 0:8fdf9a60065b | 8945 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 8946 | static int ssl_preset_default_hashes[] = { |
| kadonotakashi | 0:8fdf9a60065b | 8947 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 8948 | MBEDTLS_MD_SHA512, |
| kadonotakashi | 0:8fdf9a60065b | 8949 | MBEDTLS_MD_SHA384, |
| kadonotakashi | 0:8fdf9a60065b | 8950 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8951 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 8952 | MBEDTLS_MD_SHA256, |
| kadonotakashi | 0:8fdf9a60065b | 8953 | MBEDTLS_MD_SHA224, |
| kadonotakashi | 0:8fdf9a60065b | 8954 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8955 | #if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE) |
| kadonotakashi | 0:8fdf9a60065b | 8956 | MBEDTLS_MD_SHA1, |
| kadonotakashi | 0:8fdf9a60065b | 8957 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8958 | MBEDTLS_MD_NONE |
| kadonotakashi | 0:8fdf9a60065b | 8959 | }; |
| kadonotakashi | 0:8fdf9a60065b | 8960 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8961 | |
| kadonotakashi | 0:8fdf9a60065b | 8962 | static int ssl_preset_suiteb_ciphersuites[] = { |
| kadonotakashi | 0:8fdf9a60065b | 8963 | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| kadonotakashi | 0:8fdf9a60065b | 8964 | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
| kadonotakashi | 0:8fdf9a60065b | 8965 | 0 |
| kadonotakashi | 0:8fdf9a60065b | 8966 | }; |
| kadonotakashi | 0:8fdf9a60065b | 8967 | |
| kadonotakashi | 0:8fdf9a60065b | 8968 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 8969 | static int ssl_preset_suiteb_hashes[] = { |
| kadonotakashi | 0:8fdf9a60065b | 8970 | MBEDTLS_MD_SHA256, |
| kadonotakashi | 0:8fdf9a60065b | 8971 | MBEDTLS_MD_SHA384, |
| kadonotakashi | 0:8fdf9a60065b | 8972 | MBEDTLS_MD_NONE |
| kadonotakashi | 0:8fdf9a60065b | 8973 | }; |
| kadonotakashi | 0:8fdf9a60065b | 8974 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8975 | |
| kadonotakashi | 0:8fdf9a60065b | 8976 | #if defined(MBEDTLS_ECP_C) |
| kadonotakashi | 0:8fdf9a60065b | 8977 | static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = { |
| kadonotakashi | 0:8fdf9a60065b | 8978 | MBEDTLS_ECP_DP_SECP256R1, |
| kadonotakashi | 0:8fdf9a60065b | 8979 | MBEDTLS_ECP_DP_SECP384R1, |
| kadonotakashi | 0:8fdf9a60065b | 8980 | MBEDTLS_ECP_DP_NONE |
| kadonotakashi | 0:8fdf9a60065b | 8981 | }; |
| kadonotakashi | 0:8fdf9a60065b | 8982 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8983 | |
| kadonotakashi | 0:8fdf9a60065b | 8984 | /* |
| kadonotakashi | 0:8fdf9a60065b | 8985 | * Load default in mbedtls_ssl_config |
| kadonotakashi | 0:8fdf9a60065b | 8986 | */ |
| kadonotakashi | 0:8fdf9a60065b | 8987 | int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, |
| kadonotakashi | 0:8fdf9a60065b | 8988 | int endpoint, int transport, int preset ) |
| kadonotakashi | 0:8fdf9a60065b | 8989 | { |
| kadonotakashi | 0:8fdf9a60065b | 8990 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 8991 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 8992 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 8993 | |
| kadonotakashi | 0:8fdf9a60065b | 8994 | /* Use the functions here so that they are covered in tests, |
| kadonotakashi | 0:8fdf9a60065b | 8995 | * but otherwise access member directly for efficiency */ |
| kadonotakashi | 0:8fdf9a60065b | 8996 | mbedtls_ssl_conf_endpoint( conf, endpoint ); |
| kadonotakashi | 0:8fdf9a60065b | 8997 | mbedtls_ssl_conf_transport( conf, transport ); |
| kadonotakashi | 0:8fdf9a60065b | 8998 | |
| kadonotakashi | 0:8fdf9a60065b | 8999 | /* |
| kadonotakashi | 0:8fdf9a60065b | 9000 | * Things that are common to all presets |
| kadonotakashi | 0:8fdf9a60065b | 9001 | */ |
| kadonotakashi | 0:8fdf9a60065b | 9002 | #if defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 9003 | if( endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| kadonotakashi | 0:8fdf9a60065b | 9004 | { |
| kadonotakashi | 0:8fdf9a60065b | 9005 | conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; |
| kadonotakashi | 0:8fdf9a60065b | 9006 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| kadonotakashi | 0:8fdf9a60065b | 9007 | conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED; |
| kadonotakashi | 0:8fdf9a60065b | 9008 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9009 | } |
| kadonotakashi | 0:8fdf9a60065b | 9010 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9011 | |
| kadonotakashi | 0:8fdf9a60065b | 9012 | #if defined(MBEDTLS_ARC4_C) |
| kadonotakashi | 0:8fdf9a60065b | 9013 | conf->arc4_disabled = MBEDTLS_SSL_ARC4_DISABLED; |
| kadonotakashi | 0:8fdf9a60065b | 9014 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9015 | |
| kadonotakashi | 0:8fdf9a60065b | 9016 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| kadonotakashi | 0:8fdf9a60065b | 9017 | conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; |
| kadonotakashi | 0:8fdf9a60065b | 9018 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9019 | |
| kadonotakashi | 0:8fdf9a60065b | 9020 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
| kadonotakashi | 0:8fdf9a60065b | 9021 | conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; |
| kadonotakashi | 0:8fdf9a60065b | 9022 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9023 | |
| kadonotakashi | 0:8fdf9a60065b | 9024 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
| kadonotakashi | 0:8fdf9a60065b | 9025 | conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED; |
| kadonotakashi | 0:8fdf9a60065b | 9026 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9027 | |
| kadonotakashi | 0:8fdf9a60065b | 9028 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 9029 | conf->f_cookie_write = ssl_cookie_write_dummy; |
| kadonotakashi | 0:8fdf9a60065b | 9030 | conf->f_cookie_check = ssl_cookie_check_dummy; |
| kadonotakashi | 0:8fdf9a60065b | 9031 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9032 | |
| kadonotakashi | 0:8fdf9a60065b | 9033 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| kadonotakashi | 0:8fdf9a60065b | 9034 | conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED; |
| kadonotakashi | 0:8fdf9a60065b | 9035 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9036 | |
| kadonotakashi | 0:8fdf9a60065b | 9037 | #if defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 9038 | conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; |
| kadonotakashi | 0:8fdf9a60065b | 9039 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9040 | |
| kadonotakashi | 0:8fdf9a60065b | 9041 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 9042 | conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN; |
| kadonotakashi | 0:8fdf9a60065b | 9043 | conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX; |
| kadonotakashi | 0:8fdf9a60065b | 9044 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9045 | |
| kadonotakashi | 0:8fdf9a60065b | 9046 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| kadonotakashi | 0:8fdf9a60065b | 9047 | conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; |
| kadonotakashi | 0:8fdf9a60065b | 9048 | memset( conf->renego_period, 0x00, 2 ); |
| kadonotakashi | 0:8fdf9a60065b | 9049 | memset( conf->renego_period + 2, 0xFF, 6 ); |
| kadonotakashi | 0:8fdf9a60065b | 9050 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9051 | |
| kadonotakashi | 0:8fdf9a60065b | 9052 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
| kadonotakashi | 0:8fdf9a60065b | 9053 | if( endpoint == MBEDTLS_SSL_IS_SERVER ) |
| kadonotakashi | 0:8fdf9a60065b | 9054 | { |
| kadonotakashi | 0:8fdf9a60065b | 9055 | const unsigned char dhm_p[] = |
| kadonotakashi | 0:8fdf9a60065b | 9056 | MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; |
| kadonotakashi | 0:8fdf9a60065b | 9057 | const unsigned char dhm_g[] = |
| kadonotakashi | 0:8fdf9a60065b | 9058 | MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; |
| kadonotakashi | 0:8fdf9a60065b | 9059 | |
| kadonotakashi | 0:8fdf9a60065b | 9060 | if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf, |
| kadonotakashi | 0:8fdf9a60065b | 9061 | dhm_p, sizeof( dhm_p ), |
| kadonotakashi | 0:8fdf9a60065b | 9062 | dhm_g, sizeof( dhm_g ) ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9063 | { |
| kadonotakashi | 0:8fdf9a60065b | 9064 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9065 | } |
| kadonotakashi | 0:8fdf9a60065b | 9066 | } |
| kadonotakashi | 0:8fdf9a60065b | 9067 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9068 | |
| kadonotakashi | 0:8fdf9a60065b | 9069 | /* |
| kadonotakashi | 0:8fdf9a60065b | 9070 | * Preset-specific defaults |
| kadonotakashi | 0:8fdf9a60065b | 9071 | */ |
| kadonotakashi | 0:8fdf9a60065b | 9072 | switch( preset ) |
| kadonotakashi | 0:8fdf9a60065b | 9073 | { |
| kadonotakashi | 0:8fdf9a60065b | 9074 | /* |
| kadonotakashi | 0:8fdf9a60065b | 9075 | * NSA Suite B |
| kadonotakashi | 0:8fdf9a60065b | 9076 | */ |
| kadonotakashi | 0:8fdf9a60065b | 9077 | case MBEDTLS_SSL_PRESET_SUITEB: |
| kadonotakashi | 0:8fdf9a60065b | 9078 | conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; |
| kadonotakashi | 0:8fdf9a60065b | 9079 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ |
| kadonotakashi | 0:8fdf9a60065b | 9080 | conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; |
| kadonotakashi | 0:8fdf9a60065b | 9081 | conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; |
| kadonotakashi | 0:8fdf9a60065b | 9082 | |
| kadonotakashi | 0:8fdf9a60065b | 9083 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = |
| kadonotakashi | 0:8fdf9a60065b | 9084 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = |
| kadonotakashi | 0:8fdf9a60065b | 9085 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = |
| kadonotakashi | 0:8fdf9a60065b | 9086 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = |
| kadonotakashi | 0:8fdf9a60065b | 9087 | ssl_preset_suiteb_ciphersuites; |
| kadonotakashi | 0:8fdf9a60065b | 9088 | |
| kadonotakashi | 0:8fdf9a60065b | 9089 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| kadonotakashi | 0:8fdf9a60065b | 9090 | conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; |
| kadonotakashi | 0:8fdf9a60065b | 9091 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9092 | |
| kadonotakashi | 0:8fdf9a60065b | 9093 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 9094 | conf->sig_hashes = ssl_preset_suiteb_hashes; |
| kadonotakashi | 0:8fdf9a60065b | 9095 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9096 | |
| kadonotakashi | 0:8fdf9a60065b | 9097 | #if defined(MBEDTLS_ECP_C) |
| kadonotakashi | 0:8fdf9a60065b | 9098 | conf->curve_list = ssl_preset_suiteb_curves; |
| kadonotakashi | 0:8fdf9a60065b | 9099 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9100 | break; |
| kadonotakashi | 0:8fdf9a60065b | 9101 | |
| kadonotakashi | 0:8fdf9a60065b | 9102 | /* |
| kadonotakashi | 0:8fdf9a60065b | 9103 | * Default |
| kadonotakashi | 0:8fdf9a60065b | 9104 | */ |
| kadonotakashi | 0:8fdf9a60065b | 9105 | default: |
| kadonotakashi | 0:8fdf9a60065b | 9106 | conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION > |
| kadonotakashi | 0:8fdf9a60065b | 9107 | MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ? |
| kadonotakashi | 0:8fdf9a60065b | 9108 | MBEDTLS_SSL_MIN_MAJOR_VERSION : |
| kadonotakashi | 0:8fdf9a60065b | 9109 | MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION; |
| kadonotakashi | 0:8fdf9a60065b | 9110 | conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION > |
| kadonotakashi | 0:8fdf9a60065b | 9111 | MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ? |
| kadonotakashi | 0:8fdf9a60065b | 9112 | MBEDTLS_SSL_MIN_MINOR_VERSION : |
| kadonotakashi | 0:8fdf9a60065b | 9113 | MBEDTLS_SSL_MIN_VALID_MINOR_VERSION; |
| kadonotakashi | 0:8fdf9a60065b | 9114 | conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; |
| kadonotakashi | 0:8fdf9a60065b | 9115 | conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; |
| kadonotakashi | 0:8fdf9a60065b | 9116 | |
| kadonotakashi | 0:8fdf9a60065b | 9117 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 9118 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 9119 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2; |
| kadonotakashi | 0:8fdf9a60065b | 9120 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9121 | |
| kadonotakashi | 0:8fdf9a60065b | 9122 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = |
| kadonotakashi | 0:8fdf9a60065b | 9123 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = |
| kadonotakashi | 0:8fdf9a60065b | 9124 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = |
| kadonotakashi | 0:8fdf9a60065b | 9125 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = |
| kadonotakashi | 0:8fdf9a60065b | 9126 | mbedtls_ssl_list_ciphersuites(); |
| kadonotakashi | 0:8fdf9a60065b | 9127 | |
| kadonotakashi | 0:8fdf9a60065b | 9128 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| kadonotakashi | 0:8fdf9a60065b | 9129 | conf->cert_profile = &mbedtls_x509_crt_profile_default; |
| kadonotakashi | 0:8fdf9a60065b | 9130 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9131 | |
| kadonotakashi | 0:8fdf9a60065b | 9132 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 9133 | conf->sig_hashes = ssl_preset_default_hashes; |
| kadonotakashi | 0:8fdf9a60065b | 9134 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9135 | |
| kadonotakashi | 0:8fdf9a60065b | 9136 | #if defined(MBEDTLS_ECP_C) |
| kadonotakashi | 0:8fdf9a60065b | 9137 | conf->curve_list = mbedtls_ecp_grp_id_list(); |
| kadonotakashi | 0:8fdf9a60065b | 9138 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9139 | |
| kadonotakashi | 0:8fdf9a60065b | 9140 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) |
| kadonotakashi | 0:8fdf9a60065b | 9141 | conf->dhm_min_bitlen = 1024; |
| kadonotakashi | 0:8fdf9a60065b | 9142 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9143 | } |
| kadonotakashi | 0:8fdf9a60065b | 9144 | |
| kadonotakashi | 0:8fdf9a60065b | 9145 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 9146 | } |
| kadonotakashi | 0:8fdf9a60065b | 9147 | |
| kadonotakashi | 0:8fdf9a60065b | 9148 | /* |
| kadonotakashi | 0:8fdf9a60065b | 9149 | * Free mbedtls_ssl_config |
| kadonotakashi | 0:8fdf9a60065b | 9150 | */ |
| kadonotakashi | 0:8fdf9a60065b | 9151 | void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) |
| kadonotakashi | 0:8fdf9a60065b | 9152 | { |
| kadonotakashi | 0:8fdf9a60065b | 9153 | #if defined(MBEDTLS_DHM_C) |
| kadonotakashi | 0:8fdf9a60065b | 9154 | mbedtls_mpi_free( &conf->dhm_P ); |
| kadonotakashi | 0:8fdf9a60065b | 9155 | mbedtls_mpi_free( &conf->dhm_G ); |
| kadonotakashi | 0:8fdf9a60065b | 9156 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9157 | |
| kadonotakashi | 0:8fdf9a60065b | 9158 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 9159 | if( conf->psk != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 9160 | { |
| kadonotakashi | 0:8fdf9a60065b | 9161 | mbedtls_platform_zeroize( conf->psk, conf->psk_len ); |
| kadonotakashi | 0:8fdf9a60065b | 9162 | mbedtls_free( conf->psk ); |
| kadonotakashi | 0:8fdf9a60065b | 9163 | conf->psk = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 9164 | conf->psk_len = 0; |
| kadonotakashi | 0:8fdf9a60065b | 9165 | } |
| kadonotakashi | 0:8fdf9a60065b | 9166 | |
| kadonotakashi | 0:8fdf9a60065b | 9167 | if( conf->psk_identity != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 9168 | { |
| kadonotakashi | 0:8fdf9a60065b | 9169 | mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len ); |
| kadonotakashi | 0:8fdf9a60065b | 9170 | mbedtls_free( conf->psk_identity ); |
| kadonotakashi | 0:8fdf9a60065b | 9171 | conf->psk_identity = NULL; |
| kadonotakashi | 0:8fdf9a60065b | 9172 | conf->psk_identity_len = 0; |
| kadonotakashi | 0:8fdf9a60065b | 9173 | } |
| kadonotakashi | 0:8fdf9a60065b | 9174 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9175 | |
| kadonotakashi | 0:8fdf9a60065b | 9176 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| kadonotakashi | 0:8fdf9a60065b | 9177 | ssl_key_cert_free( conf->key_cert ); |
| kadonotakashi | 0:8fdf9a60065b | 9178 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9179 | |
| kadonotakashi | 0:8fdf9a60065b | 9180 | mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) ); |
| kadonotakashi | 0:8fdf9a60065b | 9181 | } |
| kadonotakashi | 0:8fdf9a60065b | 9182 | |
| kadonotakashi | 0:8fdf9a60065b | 9183 | #if defined(MBEDTLS_PK_C) && \ |
| kadonotakashi | 0:8fdf9a60065b | 9184 | ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) ) |
| kadonotakashi | 0:8fdf9a60065b | 9185 | /* |
| kadonotakashi | 0:8fdf9a60065b | 9186 | * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX |
| kadonotakashi | 0:8fdf9a60065b | 9187 | */ |
| kadonotakashi | 0:8fdf9a60065b | 9188 | unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ) |
| kadonotakashi | 0:8fdf9a60065b | 9189 | { |
| kadonotakashi | 0:8fdf9a60065b | 9190 | #if defined(MBEDTLS_RSA_C) |
| kadonotakashi | 0:8fdf9a60065b | 9191 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) ) |
| kadonotakashi | 0:8fdf9a60065b | 9192 | return( MBEDTLS_SSL_SIG_RSA ); |
| kadonotakashi | 0:8fdf9a60065b | 9193 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9194 | #if defined(MBEDTLS_ECDSA_C) |
| kadonotakashi | 0:8fdf9a60065b | 9195 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) ) |
| kadonotakashi | 0:8fdf9a60065b | 9196 | return( MBEDTLS_SSL_SIG_ECDSA ); |
| kadonotakashi | 0:8fdf9a60065b | 9197 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9198 | return( MBEDTLS_SSL_SIG_ANON ); |
| kadonotakashi | 0:8fdf9a60065b | 9199 | } |
| kadonotakashi | 0:8fdf9a60065b | 9200 | |
| kadonotakashi | 0:8fdf9a60065b | 9201 | unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type ) |
| kadonotakashi | 0:8fdf9a60065b | 9202 | { |
| kadonotakashi | 0:8fdf9a60065b | 9203 | switch( type ) { |
| kadonotakashi | 0:8fdf9a60065b | 9204 | case MBEDTLS_PK_RSA: |
| kadonotakashi | 0:8fdf9a60065b | 9205 | return( MBEDTLS_SSL_SIG_RSA ); |
| kadonotakashi | 0:8fdf9a60065b | 9206 | case MBEDTLS_PK_ECDSA: |
| kadonotakashi | 0:8fdf9a60065b | 9207 | case MBEDTLS_PK_ECKEY: |
| kadonotakashi | 0:8fdf9a60065b | 9208 | return( MBEDTLS_SSL_SIG_ECDSA ); |
| kadonotakashi | 0:8fdf9a60065b | 9209 | default: |
| kadonotakashi | 0:8fdf9a60065b | 9210 | return( MBEDTLS_SSL_SIG_ANON ); |
| kadonotakashi | 0:8fdf9a60065b | 9211 | } |
| kadonotakashi | 0:8fdf9a60065b | 9212 | } |
| kadonotakashi | 0:8fdf9a60065b | 9213 | |
| kadonotakashi | 0:8fdf9a60065b | 9214 | mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ) |
| kadonotakashi | 0:8fdf9a60065b | 9215 | { |
| kadonotakashi | 0:8fdf9a60065b | 9216 | switch( sig ) |
| kadonotakashi | 0:8fdf9a60065b | 9217 | { |
| kadonotakashi | 0:8fdf9a60065b | 9218 | #if defined(MBEDTLS_RSA_C) |
| kadonotakashi | 0:8fdf9a60065b | 9219 | case MBEDTLS_SSL_SIG_RSA: |
| kadonotakashi | 0:8fdf9a60065b | 9220 | return( MBEDTLS_PK_RSA ); |
| kadonotakashi | 0:8fdf9a60065b | 9221 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9222 | #if defined(MBEDTLS_ECDSA_C) |
| kadonotakashi | 0:8fdf9a60065b | 9223 | case MBEDTLS_SSL_SIG_ECDSA: |
| kadonotakashi | 0:8fdf9a60065b | 9224 | return( MBEDTLS_PK_ECDSA ); |
| kadonotakashi | 0:8fdf9a60065b | 9225 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9226 | default: |
| kadonotakashi | 0:8fdf9a60065b | 9227 | return( MBEDTLS_PK_NONE ); |
| kadonotakashi | 0:8fdf9a60065b | 9228 | } |
| kadonotakashi | 0:8fdf9a60065b | 9229 | } |
| kadonotakashi | 0:8fdf9a60065b | 9230 | #endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */ |
| kadonotakashi | 0:8fdf9a60065b | 9231 | |
| kadonotakashi | 0:8fdf9a60065b | 9232 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ |
| kadonotakashi | 0:8fdf9a60065b | 9233 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 9234 | |
| kadonotakashi | 0:8fdf9a60065b | 9235 | /* Find an entry in a signature-hash set matching a given hash algorithm. */ |
| kadonotakashi | 0:8fdf9a60065b | 9236 | mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, |
| kadonotakashi | 0:8fdf9a60065b | 9237 | mbedtls_pk_type_t sig_alg ) |
| kadonotakashi | 0:8fdf9a60065b | 9238 | { |
| kadonotakashi | 0:8fdf9a60065b | 9239 | switch( sig_alg ) |
| kadonotakashi | 0:8fdf9a60065b | 9240 | { |
| kadonotakashi | 0:8fdf9a60065b | 9241 | case MBEDTLS_PK_RSA: |
| kadonotakashi | 0:8fdf9a60065b | 9242 | return( set->rsa ); |
| kadonotakashi | 0:8fdf9a60065b | 9243 | case MBEDTLS_PK_ECDSA: |
| kadonotakashi | 0:8fdf9a60065b | 9244 | return( set->ecdsa ); |
| kadonotakashi | 0:8fdf9a60065b | 9245 | default: |
| kadonotakashi | 0:8fdf9a60065b | 9246 | return( MBEDTLS_MD_NONE ); |
| kadonotakashi | 0:8fdf9a60065b | 9247 | } |
| kadonotakashi | 0:8fdf9a60065b | 9248 | } |
| kadonotakashi | 0:8fdf9a60065b | 9249 | |
| kadonotakashi | 0:8fdf9a60065b | 9250 | /* Add a signature-hash-pair to a signature-hash set */ |
| kadonotakashi | 0:8fdf9a60065b | 9251 | void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, |
| kadonotakashi | 0:8fdf9a60065b | 9252 | mbedtls_pk_type_t sig_alg, |
| kadonotakashi | 0:8fdf9a60065b | 9253 | mbedtls_md_type_t md_alg ) |
| kadonotakashi | 0:8fdf9a60065b | 9254 | { |
| kadonotakashi | 0:8fdf9a60065b | 9255 | switch( sig_alg ) |
| kadonotakashi | 0:8fdf9a60065b | 9256 | { |
| kadonotakashi | 0:8fdf9a60065b | 9257 | case MBEDTLS_PK_RSA: |
| kadonotakashi | 0:8fdf9a60065b | 9258 | if( set->rsa == MBEDTLS_MD_NONE ) |
| kadonotakashi | 0:8fdf9a60065b | 9259 | set->rsa = md_alg; |
| kadonotakashi | 0:8fdf9a60065b | 9260 | break; |
| kadonotakashi | 0:8fdf9a60065b | 9261 | |
| kadonotakashi | 0:8fdf9a60065b | 9262 | case MBEDTLS_PK_ECDSA: |
| kadonotakashi | 0:8fdf9a60065b | 9263 | if( set->ecdsa == MBEDTLS_MD_NONE ) |
| kadonotakashi | 0:8fdf9a60065b | 9264 | set->ecdsa = md_alg; |
| kadonotakashi | 0:8fdf9a60065b | 9265 | break; |
| kadonotakashi | 0:8fdf9a60065b | 9266 | |
| kadonotakashi | 0:8fdf9a60065b | 9267 | default: |
| kadonotakashi | 0:8fdf9a60065b | 9268 | break; |
| kadonotakashi | 0:8fdf9a60065b | 9269 | } |
| kadonotakashi | 0:8fdf9a60065b | 9270 | } |
| kadonotakashi | 0:8fdf9a60065b | 9271 | |
| kadonotakashi | 0:8fdf9a60065b | 9272 | /* Allow exactly one hash algorithm for each signature. */ |
| kadonotakashi | 0:8fdf9a60065b | 9273 | void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, |
| kadonotakashi | 0:8fdf9a60065b | 9274 | mbedtls_md_type_t md_alg ) |
| kadonotakashi | 0:8fdf9a60065b | 9275 | { |
| kadonotakashi | 0:8fdf9a60065b | 9276 | set->rsa = md_alg; |
| kadonotakashi | 0:8fdf9a60065b | 9277 | set->ecdsa = md_alg; |
| kadonotakashi | 0:8fdf9a60065b | 9278 | } |
| kadonotakashi | 0:8fdf9a60065b | 9279 | |
| kadonotakashi | 0:8fdf9a60065b | 9280 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2) && |
| kadonotakashi | 0:8fdf9a60065b | 9281 | MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ |
| kadonotakashi | 0:8fdf9a60065b | 9282 | |
| kadonotakashi | 0:8fdf9a60065b | 9283 | /* |
| kadonotakashi | 0:8fdf9a60065b | 9284 | * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX |
| kadonotakashi | 0:8fdf9a60065b | 9285 | */ |
| kadonotakashi | 0:8fdf9a60065b | 9286 | mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ) |
| kadonotakashi | 0:8fdf9a60065b | 9287 | { |
| kadonotakashi | 0:8fdf9a60065b | 9288 | switch( hash ) |
| kadonotakashi | 0:8fdf9a60065b | 9289 | { |
| kadonotakashi | 0:8fdf9a60065b | 9290 | #if defined(MBEDTLS_MD5_C) |
| kadonotakashi | 0:8fdf9a60065b | 9291 | case MBEDTLS_SSL_HASH_MD5: |
| kadonotakashi | 0:8fdf9a60065b | 9292 | return( MBEDTLS_MD_MD5 ); |
| kadonotakashi | 0:8fdf9a60065b | 9293 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9294 | #if defined(MBEDTLS_SHA1_C) |
| kadonotakashi | 0:8fdf9a60065b | 9295 | case MBEDTLS_SSL_HASH_SHA1: |
| kadonotakashi | 0:8fdf9a60065b | 9296 | return( MBEDTLS_MD_SHA1 ); |
| kadonotakashi | 0:8fdf9a60065b | 9297 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9298 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 9299 | case MBEDTLS_SSL_HASH_SHA224: |
| kadonotakashi | 0:8fdf9a60065b | 9300 | return( MBEDTLS_MD_SHA224 ); |
| kadonotakashi | 0:8fdf9a60065b | 9301 | case MBEDTLS_SSL_HASH_SHA256: |
| kadonotakashi | 0:8fdf9a60065b | 9302 | return( MBEDTLS_MD_SHA256 ); |
| kadonotakashi | 0:8fdf9a60065b | 9303 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9304 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 9305 | case MBEDTLS_SSL_HASH_SHA384: |
| kadonotakashi | 0:8fdf9a60065b | 9306 | return( MBEDTLS_MD_SHA384 ); |
| kadonotakashi | 0:8fdf9a60065b | 9307 | case MBEDTLS_SSL_HASH_SHA512: |
| kadonotakashi | 0:8fdf9a60065b | 9308 | return( MBEDTLS_MD_SHA512 ); |
| kadonotakashi | 0:8fdf9a60065b | 9309 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9310 | default: |
| kadonotakashi | 0:8fdf9a60065b | 9311 | return( MBEDTLS_MD_NONE ); |
| kadonotakashi | 0:8fdf9a60065b | 9312 | } |
| kadonotakashi | 0:8fdf9a60065b | 9313 | } |
| kadonotakashi | 0:8fdf9a60065b | 9314 | |
| kadonotakashi | 0:8fdf9a60065b | 9315 | /* |
| kadonotakashi | 0:8fdf9a60065b | 9316 | * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX |
| kadonotakashi | 0:8fdf9a60065b | 9317 | */ |
| kadonotakashi | 0:8fdf9a60065b | 9318 | unsigned char mbedtls_ssl_hash_from_md_alg( int md ) |
| kadonotakashi | 0:8fdf9a60065b | 9319 | { |
| kadonotakashi | 0:8fdf9a60065b | 9320 | switch( md ) |
| kadonotakashi | 0:8fdf9a60065b | 9321 | { |
| kadonotakashi | 0:8fdf9a60065b | 9322 | #if defined(MBEDTLS_MD5_C) |
| kadonotakashi | 0:8fdf9a60065b | 9323 | case MBEDTLS_MD_MD5: |
| kadonotakashi | 0:8fdf9a60065b | 9324 | return( MBEDTLS_SSL_HASH_MD5 ); |
| kadonotakashi | 0:8fdf9a60065b | 9325 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9326 | #if defined(MBEDTLS_SHA1_C) |
| kadonotakashi | 0:8fdf9a60065b | 9327 | case MBEDTLS_MD_SHA1: |
| kadonotakashi | 0:8fdf9a60065b | 9328 | return( MBEDTLS_SSL_HASH_SHA1 ); |
| kadonotakashi | 0:8fdf9a60065b | 9329 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9330 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 9331 | case MBEDTLS_MD_SHA224: |
| kadonotakashi | 0:8fdf9a60065b | 9332 | return( MBEDTLS_SSL_HASH_SHA224 ); |
| kadonotakashi | 0:8fdf9a60065b | 9333 | case MBEDTLS_MD_SHA256: |
| kadonotakashi | 0:8fdf9a60065b | 9334 | return( MBEDTLS_SSL_HASH_SHA256 ); |
| kadonotakashi | 0:8fdf9a60065b | 9335 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9336 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 9337 | case MBEDTLS_MD_SHA384: |
| kadonotakashi | 0:8fdf9a60065b | 9338 | return( MBEDTLS_SSL_HASH_SHA384 ); |
| kadonotakashi | 0:8fdf9a60065b | 9339 | case MBEDTLS_MD_SHA512: |
| kadonotakashi | 0:8fdf9a60065b | 9340 | return( MBEDTLS_SSL_HASH_SHA512 ); |
| kadonotakashi | 0:8fdf9a60065b | 9341 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9342 | default: |
| kadonotakashi | 0:8fdf9a60065b | 9343 | return( MBEDTLS_SSL_HASH_NONE ); |
| kadonotakashi | 0:8fdf9a60065b | 9344 | } |
| kadonotakashi | 0:8fdf9a60065b | 9345 | } |
| kadonotakashi | 0:8fdf9a60065b | 9346 | |
| kadonotakashi | 0:8fdf9a60065b | 9347 | #if defined(MBEDTLS_ECP_C) |
| kadonotakashi | 0:8fdf9a60065b | 9348 | /* |
| kadonotakashi | 0:8fdf9a60065b | 9349 | * Check if a curve proposed by the peer is in our list. |
| kadonotakashi | 0:8fdf9a60065b | 9350 | * Return 0 if we're willing to use it, -1 otherwise. |
| kadonotakashi | 0:8fdf9a60065b | 9351 | */ |
| kadonotakashi | 0:8fdf9a60065b | 9352 | int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ) |
| kadonotakashi | 0:8fdf9a60065b | 9353 | { |
| kadonotakashi | 0:8fdf9a60065b | 9354 | const mbedtls_ecp_group_id *gid; |
| kadonotakashi | 0:8fdf9a60065b | 9355 | |
| kadonotakashi | 0:8fdf9a60065b | 9356 | if( ssl->conf->curve_list == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 9357 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 9358 | |
| kadonotakashi | 0:8fdf9a60065b | 9359 | for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) |
| kadonotakashi | 0:8fdf9a60065b | 9360 | if( *gid == grp_id ) |
| kadonotakashi | 0:8fdf9a60065b | 9361 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 9362 | |
| kadonotakashi | 0:8fdf9a60065b | 9363 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 9364 | } |
| kadonotakashi | 0:8fdf9a60065b | 9365 | #endif /* MBEDTLS_ECP_C */ |
| kadonotakashi | 0:8fdf9a60065b | 9366 | |
| kadonotakashi | 0:8fdf9a60065b | 9367 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| kadonotakashi | 0:8fdf9a60065b | 9368 | /* |
| kadonotakashi | 0:8fdf9a60065b | 9369 | * Check if a hash proposed by the peer is in our list. |
| kadonotakashi | 0:8fdf9a60065b | 9370 | * Return 0 if we're willing to use it, -1 otherwise. |
| kadonotakashi | 0:8fdf9a60065b | 9371 | */ |
| kadonotakashi | 0:8fdf9a60065b | 9372 | int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 9373 | mbedtls_md_type_t md ) |
| kadonotakashi | 0:8fdf9a60065b | 9374 | { |
| kadonotakashi | 0:8fdf9a60065b | 9375 | const int *cur; |
| kadonotakashi | 0:8fdf9a60065b | 9376 | |
| kadonotakashi | 0:8fdf9a60065b | 9377 | if( ssl->conf->sig_hashes == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 9378 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 9379 | |
| kadonotakashi | 0:8fdf9a60065b | 9380 | for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) |
| kadonotakashi | 0:8fdf9a60065b | 9381 | if( *cur == (int) md ) |
| kadonotakashi | 0:8fdf9a60065b | 9382 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 9383 | |
| kadonotakashi | 0:8fdf9a60065b | 9384 | return( -1 ); |
| kadonotakashi | 0:8fdf9a60065b | 9385 | } |
| kadonotakashi | 0:8fdf9a60065b | 9386 | #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ |
| kadonotakashi | 0:8fdf9a60065b | 9387 | |
| kadonotakashi | 0:8fdf9a60065b | 9388 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| kadonotakashi | 0:8fdf9a60065b | 9389 | int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, |
| kadonotakashi | 0:8fdf9a60065b | 9390 | const mbedtls_ssl_ciphersuite_t *ciphersuite, |
| kadonotakashi | 0:8fdf9a60065b | 9391 | int cert_endpoint, |
| kadonotakashi | 0:8fdf9a60065b | 9392 | uint32_t *flags ) |
| kadonotakashi | 0:8fdf9a60065b | 9393 | { |
| kadonotakashi | 0:8fdf9a60065b | 9394 | int ret = 0; |
| kadonotakashi | 0:8fdf9a60065b | 9395 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) |
| kadonotakashi | 0:8fdf9a60065b | 9396 | int usage = 0; |
| kadonotakashi | 0:8fdf9a60065b | 9397 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9398 | #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
| kadonotakashi | 0:8fdf9a60065b | 9399 | const char *ext_oid; |
| kadonotakashi | 0:8fdf9a60065b | 9400 | size_t ext_len; |
| kadonotakashi | 0:8fdf9a60065b | 9401 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9402 | |
| kadonotakashi | 0:8fdf9a60065b | 9403 | #if !defined(MBEDTLS_X509_CHECK_KEY_USAGE) && \ |
| kadonotakashi | 0:8fdf9a60065b | 9404 | !defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
| kadonotakashi | 0:8fdf9a60065b | 9405 | ((void) cert); |
| kadonotakashi | 0:8fdf9a60065b | 9406 | ((void) cert_endpoint); |
| kadonotakashi | 0:8fdf9a60065b | 9407 | ((void) flags); |
| kadonotakashi | 0:8fdf9a60065b | 9408 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9409 | |
| kadonotakashi | 0:8fdf9a60065b | 9410 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) |
| kadonotakashi | 0:8fdf9a60065b | 9411 | if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) |
| kadonotakashi | 0:8fdf9a60065b | 9412 | { |
| kadonotakashi | 0:8fdf9a60065b | 9413 | /* Server part of the key exchange */ |
| kadonotakashi | 0:8fdf9a60065b | 9414 | switch( ciphersuite->key_exchange ) |
| kadonotakashi | 0:8fdf9a60065b | 9415 | { |
| kadonotakashi | 0:8fdf9a60065b | 9416 | case MBEDTLS_KEY_EXCHANGE_RSA: |
| kadonotakashi | 0:8fdf9a60065b | 9417 | case MBEDTLS_KEY_EXCHANGE_RSA_PSK: |
| kadonotakashi | 0:8fdf9a60065b | 9418 | usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; |
| kadonotakashi | 0:8fdf9a60065b | 9419 | break; |
| kadonotakashi | 0:8fdf9a60065b | 9420 | |
| kadonotakashi | 0:8fdf9a60065b | 9421 | case MBEDTLS_KEY_EXCHANGE_DHE_RSA: |
| kadonotakashi | 0:8fdf9a60065b | 9422 | case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: |
| kadonotakashi | 0:8fdf9a60065b | 9423 | case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: |
| kadonotakashi | 0:8fdf9a60065b | 9424 | usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; |
| kadonotakashi | 0:8fdf9a60065b | 9425 | break; |
| kadonotakashi | 0:8fdf9a60065b | 9426 | |
| kadonotakashi | 0:8fdf9a60065b | 9427 | case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: |
| kadonotakashi | 0:8fdf9a60065b | 9428 | case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: |
| kadonotakashi | 0:8fdf9a60065b | 9429 | usage = MBEDTLS_X509_KU_KEY_AGREEMENT; |
| kadonotakashi | 0:8fdf9a60065b | 9430 | break; |
| kadonotakashi | 0:8fdf9a60065b | 9431 | |
| kadonotakashi | 0:8fdf9a60065b | 9432 | /* Don't use default: we want warnings when adding new values */ |
| kadonotakashi | 0:8fdf9a60065b | 9433 | case MBEDTLS_KEY_EXCHANGE_NONE: |
| kadonotakashi | 0:8fdf9a60065b | 9434 | case MBEDTLS_KEY_EXCHANGE_PSK: |
| kadonotakashi | 0:8fdf9a60065b | 9435 | case MBEDTLS_KEY_EXCHANGE_DHE_PSK: |
| kadonotakashi | 0:8fdf9a60065b | 9436 | case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: |
| kadonotakashi | 0:8fdf9a60065b | 9437 | case MBEDTLS_KEY_EXCHANGE_ECJPAKE: |
| kadonotakashi | 0:8fdf9a60065b | 9438 | usage = 0; |
| kadonotakashi | 0:8fdf9a60065b | 9439 | } |
| kadonotakashi | 0:8fdf9a60065b | 9440 | } |
| kadonotakashi | 0:8fdf9a60065b | 9441 | else |
| kadonotakashi | 0:8fdf9a60065b | 9442 | { |
| kadonotakashi | 0:8fdf9a60065b | 9443 | /* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */ |
| kadonotakashi | 0:8fdf9a60065b | 9444 | usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; |
| kadonotakashi | 0:8fdf9a60065b | 9445 | } |
| kadonotakashi | 0:8fdf9a60065b | 9446 | |
| kadonotakashi | 0:8fdf9a60065b | 9447 | if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9448 | { |
| kadonotakashi | 0:8fdf9a60065b | 9449 | *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE; |
| kadonotakashi | 0:8fdf9a60065b | 9450 | ret = -1; |
| kadonotakashi | 0:8fdf9a60065b | 9451 | } |
| kadonotakashi | 0:8fdf9a60065b | 9452 | #else |
| kadonotakashi | 0:8fdf9a60065b | 9453 | ((void) ciphersuite); |
| kadonotakashi | 0:8fdf9a60065b | 9454 | #endif /* MBEDTLS_X509_CHECK_KEY_USAGE */ |
| kadonotakashi | 0:8fdf9a60065b | 9455 | |
| kadonotakashi | 0:8fdf9a60065b | 9456 | #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
| kadonotakashi | 0:8fdf9a60065b | 9457 | if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) |
| kadonotakashi | 0:8fdf9a60065b | 9458 | { |
| kadonotakashi | 0:8fdf9a60065b | 9459 | ext_oid = MBEDTLS_OID_SERVER_AUTH; |
| kadonotakashi | 0:8fdf9a60065b | 9460 | ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH ); |
| kadonotakashi | 0:8fdf9a60065b | 9461 | } |
| kadonotakashi | 0:8fdf9a60065b | 9462 | else |
| kadonotakashi | 0:8fdf9a60065b | 9463 | { |
| kadonotakashi | 0:8fdf9a60065b | 9464 | ext_oid = MBEDTLS_OID_CLIENT_AUTH; |
| kadonotakashi | 0:8fdf9a60065b | 9465 | ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH ); |
| kadonotakashi | 0:8fdf9a60065b | 9466 | } |
| kadonotakashi | 0:8fdf9a60065b | 9467 | |
| kadonotakashi | 0:8fdf9a60065b | 9468 | if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9469 | { |
| kadonotakashi | 0:8fdf9a60065b | 9470 | *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE; |
| kadonotakashi | 0:8fdf9a60065b | 9471 | ret = -1; |
| kadonotakashi | 0:8fdf9a60065b | 9472 | } |
| kadonotakashi | 0:8fdf9a60065b | 9473 | #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ |
| kadonotakashi | 0:8fdf9a60065b | 9474 | |
| kadonotakashi | 0:8fdf9a60065b | 9475 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9476 | } |
| kadonotakashi | 0:8fdf9a60065b | 9477 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| kadonotakashi | 0:8fdf9a60065b | 9478 | |
| kadonotakashi | 0:8fdf9a60065b | 9479 | /* |
| kadonotakashi | 0:8fdf9a60065b | 9480 | * Convert version numbers to/from wire format |
| kadonotakashi | 0:8fdf9a60065b | 9481 | * and, for DTLS, to/from TLS equivalent. |
| kadonotakashi | 0:8fdf9a60065b | 9482 | * |
| kadonotakashi | 0:8fdf9a60065b | 9483 | * For TLS this is the identity. |
| kadonotakashi | 0:8fdf9a60065b | 9484 | * For DTLS, use 1's complement (v -> 255 - v, and then map as follows: |
| kadonotakashi | 0:8fdf9a60065b | 9485 | * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) |
| kadonotakashi | 0:8fdf9a60065b | 9486 | * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) |
| kadonotakashi | 0:8fdf9a60065b | 9487 | */ |
| kadonotakashi | 0:8fdf9a60065b | 9488 | void mbedtls_ssl_write_version( int major, int minor, int transport, |
| kadonotakashi | 0:8fdf9a60065b | 9489 | unsigned char ver[2] ) |
| kadonotakashi | 0:8fdf9a60065b | 9490 | { |
| kadonotakashi | 0:8fdf9a60065b | 9491 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 9492 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 9493 | { |
| kadonotakashi | 0:8fdf9a60065b | 9494 | if( minor == MBEDTLS_SSL_MINOR_VERSION_2 ) |
| kadonotakashi | 0:8fdf9a60065b | 9495 | --minor; /* DTLS 1.0 stored as TLS 1.1 internally */ |
| kadonotakashi | 0:8fdf9a60065b | 9496 | |
| kadonotakashi | 0:8fdf9a60065b | 9497 | ver[0] = (unsigned char)( 255 - ( major - 2 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 9498 | ver[1] = (unsigned char)( 255 - ( minor - 1 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 9499 | } |
| kadonotakashi | 0:8fdf9a60065b | 9500 | else |
| kadonotakashi | 0:8fdf9a60065b | 9501 | #else |
| kadonotakashi | 0:8fdf9a60065b | 9502 | ((void) transport); |
| kadonotakashi | 0:8fdf9a60065b | 9503 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9504 | { |
| kadonotakashi | 0:8fdf9a60065b | 9505 | ver[0] = (unsigned char) major; |
| kadonotakashi | 0:8fdf9a60065b | 9506 | ver[1] = (unsigned char) minor; |
| kadonotakashi | 0:8fdf9a60065b | 9507 | } |
| kadonotakashi | 0:8fdf9a60065b | 9508 | } |
| kadonotakashi | 0:8fdf9a60065b | 9509 | |
| kadonotakashi | 0:8fdf9a60065b | 9510 | void mbedtls_ssl_read_version( int *major, int *minor, int transport, |
| kadonotakashi | 0:8fdf9a60065b | 9511 | const unsigned char ver[2] ) |
| kadonotakashi | 0:8fdf9a60065b | 9512 | { |
| kadonotakashi | 0:8fdf9a60065b | 9513 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| kadonotakashi | 0:8fdf9a60065b | 9514 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| kadonotakashi | 0:8fdf9a60065b | 9515 | { |
| kadonotakashi | 0:8fdf9a60065b | 9516 | *major = 255 - ver[0] + 2; |
| kadonotakashi | 0:8fdf9a60065b | 9517 | *minor = 255 - ver[1] + 1; |
| kadonotakashi | 0:8fdf9a60065b | 9518 | |
| kadonotakashi | 0:8fdf9a60065b | 9519 | if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 ) |
| kadonotakashi | 0:8fdf9a60065b | 9520 | ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */ |
| kadonotakashi | 0:8fdf9a60065b | 9521 | } |
| kadonotakashi | 0:8fdf9a60065b | 9522 | else |
| kadonotakashi | 0:8fdf9a60065b | 9523 | #else |
| kadonotakashi | 0:8fdf9a60065b | 9524 | ((void) transport); |
| kadonotakashi | 0:8fdf9a60065b | 9525 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9526 | { |
| kadonotakashi | 0:8fdf9a60065b | 9527 | *major = ver[0]; |
| kadonotakashi | 0:8fdf9a60065b | 9528 | *minor = ver[1]; |
| kadonotakashi | 0:8fdf9a60065b | 9529 | } |
| kadonotakashi | 0:8fdf9a60065b | 9530 | } |
| kadonotakashi | 0:8fdf9a60065b | 9531 | |
| kadonotakashi | 0:8fdf9a60065b | 9532 | int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) |
| kadonotakashi | 0:8fdf9a60065b | 9533 | { |
| kadonotakashi | 0:8fdf9a60065b | 9534 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 9535 | if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) |
| kadonotakashi | 0:8fdf9a60065b | 9536 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
| kadonotakashi | 0:8fdf9a60065b | 9537 | |
| kadonotakashi | 0:8fdf9a60065b | 9538 | switch( md ) |
| kadonotakashi | 0:8fdf9a60065b | 9539 | { |
| kadonotakashi | 0:8fdf9a60065b | 9540 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 9541 | #if defined(MBEDTLS_MD5_C) |
| kadonotakashi | 0:8fdf9a60065b | 9542 | case MBEDTLS_SSL_HASH_MD5: |
| kadonotakashi | 0:8fdf9a60065b | 9543 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
| kadonotakashi | 0:8fdf9a60065b | 9544 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9545 | #if defined(MBEDTLS_SHA1_C) |
| kadonotakashi | 0:8fdf9a60065b | 9546 | case MBEDTLS_SSL_HASH_SHA1: |
| kadonotakashi | 0:8fdf9a60065b | 9547 | ssl->handshake->calc_verify = ssl_calc_verify_tls; |
| kadonotakashi | 0:8fdf9a60065b | 9548 | break; |
| kadonotakashi | 0:8fdf9a60065b | 9549 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9550 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
| kadonotakashi | 0:8fdf9a60065b | 9551 | #if defined(MBEDTLS_SHA512_C) |
| kadonotakashi | 0:8fdf9a60065b | 9552 | case MBEDTLS_SSL_HASH_SHA384: |
| kadonotakashi | 0:8fdf9a60065b | 9553 | ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384; |
| kadonotakashi | 0:8fdf9a60065b | 9554 | break; |
| kadonotakashi | 0:8fdf9a60065b | 9555 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9556 | #if defined(MBEDTLS_SHA256_C) |
| kadonotakashi | 0:8fdf9a60065b | 9557 | case MBEDTLS_SSL_HASH_SHA256: |
| kadonotakashi | 0:8fdf9a60065b | 9558 | ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256; |
| kadonotakashi | 0:8fdf9a60065b | 9559 | break; |
| kadonotakashi | 0:8fdf9a60065b | 9560 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 9561 | default: |
| kadonotakashi | 0:8fdf9a60065b | 9562 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
| kadonotakashi | 0:8fdf9a60065b | 9563 | } |
| kadonotakashi | 0:8fdf9a60065b | 9564 | |
| kadonotakashi | 0:8fdf9a60065b | 9565 | return 0; |
| kadonotakashi | 0:8fdf9a60065b | 9566 | #else /* !MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 9567 | (void) ssl; |
| kadonotakashi | 0:8fdf9a60065b | 9568 | (void) md; |
| kadonotakashi | 0:8fdf9a60065b | 9569 | |
| kadonotakashi | 0:8fdf9a60065b | 9570 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
| kadonotakashi | 0:8fdf9a60065b | 9571 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 9572 | } |
| kadonotakashi | 0:8fdf9a60065b | 9573 | |
| kadonotakashi | 0:8fdf9a60065b | 9574 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 9575 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| kadonotakashi | 0:8fdf9a60065b | 9576 | int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 9577 | unsigned char *output, |
| kadonotakashi | 0:8fdf9a60065b | 9578 | unsigned char *data, size_t data_len ) |
| kadonotakashi | 0:8fdf9a60065b | 9579 | { |
| kadonotakashi | 0:8fdf9a60065b | 9580 | int ret = 0; |
| kadonotakashi | 0:8fdf9a60065b | 9581 | mbedtls_md5_context mbedtls_md5; |
| kadonotakashi | 0:8fdf9a60065b | 9582 | mbedtls_sha1_context mbedtls_sha1; |
| kadonotakashi | 0:8fdf9a60065b | 9583 | |
| kadonotakashi | 0:8fdf9a60065b | 9584 | mbedtls_md5_init( &mbedtls_md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 9585 | mbedtls_sha1_init( &mbedtls_sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 9586 | |
| kadonotakashi | 0:8fdf9a60065b | 9587 | /* |
| kadonotakashi | 0:8fdf9a60065b | 9588 | * digitally-signed struct { |
| kadonotakashi | 0:8fdf9a60065b | 9589 | * opaque md5_hash[16]; |
| kadonotakashi | 0:8fdf9a60065b | 9590 | * opaque sha_hash[20]; |
| kadonotakashi | 0:8fdf9a60065b | 9591 | * }; |
| kadonotakashi | 0:8fdf9a60065b | 9592 | * |
| kadonotakashi | 0:8fdf9a60065b | 9593 | * md5_hash |
| kadonotakashi | 0:8fdf9a60065b | 9594 | * MD5(ClientHello.random + ServerHello.random |
| kadonotakashi | 0:8fdf9a60065b | 9595 | * + ServerParams); |
| kadonotakashi | 0:8fdf9a60065b | 9596 | * sha_hash |
| kadonotakashi | 0:8fdf9a60065b | 9597 | * SHA(ClientHello.random + ServerHello.random |
| kadonotakashi | 0:8fdf9a60065b | 9598 | * + ServerParams); |
| kadonotakashi | 0:8fdf9a60065b | 9599 | */ |
| kadonotakashi | 0:8fdf9a60065b | 9600 | if( ( ret = mbedtls_md5_starts_ret( &mbedtls_md5 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9601 | { |
| kadonotakashi | 0:8fdf9a60065b | 9602 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ret", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9603 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 9604 | } |
| kadonotakashi | 0:8fdf9a60065b | 9605 | if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, |
| kadonotakashi | 0:8fdf9a60065b | 9606 | ssl->handshake->randbytes, 64 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9607 | { |
| kadonotakashi | 0:8fdf9a60065b | 9608 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9609 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 9610 | } |
| kadonotakashi | 0:8fdf9a60065b | 9611 | if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, data, data_len ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9612 | { |
| kadonotakashi | 0:8fdf9a60065b | 9613 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9614 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 9615 | } |
| kadonotakashi | 0:8fdf9a60065b | 9616 | if( ( ret = mbedtls_md5_finish_ret( &mbedtls_md5, output ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9617 | { |
| kadonotakashi | 0:8fdf9a60065b | 9618 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ret", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9619 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 9620 | } |
| kadonotakashi | 0:8fdf9a60065b | 9621 | |
| kadonotakashi | 0:8fdf9a60065b | 9622 | if( ( ret = mbedtls_sha1_starts_ret( &mbedtls_sha1 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9623 | { |
| kadonotakashi | 0:8fdf9a60065b | 9624 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ret", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9625 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 9626 | } |
| kadonotakashi | 0:8fdf9a60065b | 9627 | if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, |
| kadonotakashi | 0:8fdf9a60065b | 9628 | ssl->handshake->randbytes, 64 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9629 | { |
| kadonotakashi | 0:8fdf9a60065b | 9630 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9631 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 9632 | } |
| kadonotakashi | 0:8fdf9a60065b | 9633 | if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, data, |
| kadonotakashi | 0:8fdf9a60065b | 9634 | data_len ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9635 | { |
| kadonotakashi | 0:8fdf9a60065b | 9636 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9637 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 9638 | } |
| kadonotakashi | 0:8fdf9a60065b | 9639 | if( ( ret = mbedtls_sha1_finish_ret( &mbedtls_sha1, |
| kadonotakashi | 0:8fdf9a60065b | 9640 | output + 16 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9641 | { |
| kadonotakashi | 0:8fdf9a60065b | 9642 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ret", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9643 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 9644 | } |
| kadonotakashi | 0:8fdf9a60065b | 9645 | |
| kadonotakashi | 0:8fdf9a60065b | 9646 | exit: |
| kadonotakashi | 0:8fdf9a60065b | 9647 | mbedtls_md5_free( &mbedtls_md5 ); |
| kadonotakashi | 0:8fdf9a60065b | 9648 | mbedtls_sha1_free( &mbedtls_sha1 ); |
| kadonotakashi | 0:8fdf9a60065b | 9649 | |
| kadonotakashi | 0:8fdf9a60065b | 9650 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9651 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 9652 | MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 9653 | |
| kadonotakashi | 0:8fdf9a60065b | 9654 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9655 | |
| kadonotakashi | 0:8fdf9a60065b | 9656 | } |
| kadonotakashi | 0:8fdf9a60065b | 9657 | #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ |
| kadonotakashi | 0:8fdf9a60065b | 9658 | MBEDTLS_SSL_PROTO_TLS1_1 */ |
| kadonotakashi | 0:8fdf9a60065b | 9659 | |
| kadonotakashi | 0:8fdf9a60065b | 9660 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| kadonotakashi | 0:8fdf9a60065b | 9661 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| kadonotakashi | 0:8fdf9a60065b | 9662 | int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, |
| kadonotakashi | 0:8fdf9a60065b | 9663 | unsigned char *hash, size_t *hashlen, |
| kadonotakashi | 0:8fdf9a60065b | 9664 | unsigned char *data, size_t data_len, |
| kadonotakashi | 0:8fdf9a60065b | 9665 | mbedtls_md_type_t md_alg ) |
| kadonotakashi | 0:8fdf9a60065b | 9666 | { |
| kadonotakashi | 0:8fdf9a60065b | 9667 | int ret = 0; |
| kadonotakashi | 0:8fdf9a60065b | 9668 | mbedtls_md_context_t ctx; |
| kadonotakashi | 0:8fdf9a60065b | 9669 | const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); |
| kadonotakashi | 0:8fdf9a60065b | 9670 | *hashlen = mbedtls_md_get_size( md_info ); |
| kadonotakashi | 0:8fdf9a60065b | 9671 | |
| kadonotakashi | 0:8fdf9a60065b | 9672 | mbedtls_md_init( &ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 9673 | |
| kadonotakashi | 0:8fdf9a60065b | 9674 | /* |
| kadonotakashi | 0:8fdf9a60065b | 9675 | * digitally-signed struct { |
| kadonotakashi | 0:8fdf9a60065b | 9676 | * opaque client_random[32]; |
| kadonotakashi | 0:8fdf9a60065b | 9677 | * opaque server_random[32]; |
| kadonotakashi | 0:8fdf9a60065b | 9678 | * ServerDHParams params; |
| kadonotakashi | 0:8fdf9a60065b | 9679 | * }; |
| kadonotakashi | 0:8fdf9a60065b | 9680 | */ |
| kadonotakashi | 0:8fdf9a60065b | 9681 | if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9682 | { |
| kadonotakashi | 0:8fdf9a60065b | 9683 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9684 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 9685 | } |
| kadonotakashi | 0:8fdf9a60065b | 9686 | if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9687 | { |
| kadonotakashi | 0:8fdf9a60065b | 9688 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9689 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 9690 | } |
| kadonotakashi | 0:8fdf9a60065b | 9691 | if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9692 | { |
| kadonotakashi | 0:8fdf9a60065b | 9693 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9694 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 9695 | } |
| kadonotakashi | 0:8fdf9a60065b | 9696 | if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9697 | { |
| kadonotakashi | 0:8fdf9a60065b | 9698 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9699 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 9700 | } |
| kadonotakashi | 0:8fdf9a60065b | 9701 | if( ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9702 | { |
| kadonotakashi | 0:8fdf9a60065b | 9703 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9704 | goto exit; |
| kadonotakashi | 0:8fdf9a60065b | 9705 | } |
| kadonotakashi | 0:8fdf9a60065b | 9706 | |
| kadonotakashi | 0:8fdf9a60065b | 9707 | exit: |
| kadonotakashi | 0:8fdf9a60065b | 9708 | mbedtls_md_free( &ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 9709 | |
| kadonotakashi | 0:8fdf9a60065b | 9710 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 9711 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| kadonotakashi | 0:8fdf9a60065b | 9712 | MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); |
| kadonotakashi | 0:8fdf9a60065b | 9713 | |
| kadonotakashi | 0:8fdf9a60065b | 9714 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 9715 | } |
| kadonotakashi | 0:8fdf9a60065b | 9716 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
| kadonotakashi | 0:8fdf9a60065b | 9717 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
| kadonotakashi | 0:8fdf9a60065b | 9718 | |
| kadonotakashi | 0:8fdf9a60065b | 9719 | #endif /* MBEDTLS_SSL_TLS_C */ |