| User | Revision | Line number | New contents of line |
|---|
| kevman |
0:38ceb79fef03
|
1
|
/*
|
| kevman |
0:38ceb79fef03
|
2
|
* DTLS cookie callbacks implementation
|
| kevman |
0:38ceb79fef03
|
3
|
*
|
| kevman |
0:38ceb79fef03
|
4
|
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
| kevman |
0:38ceb79fef03
|
5
|
* SPDX-License-Identifier: Apache-2.0
|
| kevman |
0:38ceb79fef03
|
6
|
*
|
| kevman |
0:38ceb79fef03
|
7
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
| kevman |
0:38ceb79fef03
|
8
|
* not use this file except in compliance with the License.
|
| kevman |
0:38ceb79fef03
|
9
|
* You may obtain a copy of the License at
|
| kevman |
0:38ceb79fef03
|
10
|
*
|
| kevman |
0:38ceb79fef03
|
11
|
* http://www.apache.org/licenses/LICENSE-2.0
|
| kevman |
0:38ceb79fef03
|
12
|
*
|
| kevman |
0:38ceb79fef03
|
13
|
* Unless required by applicable law or agreed to in writing, software
|
| kevman |
0:38ceb79fef03
|
14
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
| kevman |
0:38ceb79fef03
|
15
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| kevman |
0:38ceb79fef03
|
16
|
* See the License for the specific language governing permissions and
|
| kevman |
0:38ceb79fef03
|
17
|
* limitations under the License.
|
| kevman |
0:38ceb79fef03
|
18
|
*
|
| kevman |
0:38ceb79fef03
|
19
|
* This file is part of mbed TLS (https://tls.mbed.org)
|
| kevman |
0:38ceb79fef03
|
20
|
*/
|
| kevman |
0:38ceb79fef03
|
21
|
/*
|
| kevman |
0:38ceb79fef03
|
22
|
* These session callbacks use a simple chained list
|
| kevman |
0:38ceb79fef03
|
23
|
* to store and retrieve the session information.
|
| kevman |
0:38ceb79fef03
|
24
|
*/
|
| kevman |
0:38ceb79fef03
|
25
|
|
| kevman |
0:38ceb79fef03
|
26
|
#if !defined(MBEDTLS_CONFIG_FILE)
|
| kevman |
0:38ceb79fef03
|
27
|
#include "mbedtls/config.h"
|
| kevman |
0:38ceb79fef03
|
28
|
#else
|
| kevman |
0:38ceb79fef03
|
29
|
#include MBEDTLS_CONFIG_FILE
|
| kevman |
0:38ceb79fef03
|
30
|
#endif
|
| kevman |
0:38ceb79fef03
|
31
|
|
| kevman |
0:38ceb79fef03
|
32
|
#if defined(MBEDTLS_SSL_COOKIE_C)
|
| kevman |
0:38ceb79fef03
|
33
|
|
| kevman |
0:38ceb79fef03
|
34
|
#if defined(MBEDTLS_PLATFORM_C)
|
| kevman |
0:38ceb79fef03
|
35
|
#include "mbedtls/platform.h"
|
| kevman |
0:38ceb79fef03
|
36
|
#else
|
| kevman |
0:38ceb79fef03
|
37
|
#define mbedtls_calloc calloc
|
| kevman |
0:38ceb79fef03
|
38
|
#define mbedtls_free free
|
| kevman |
0:38ceb79fef03
|
39
|
#endif
|
| kevman |
0:38ceb79fef03
|
40
|
|
| kevman |
0:38ceb79fef03
|
41
|
#include "mbedtls/ssl_cookie.h"
|
| kevman |
0:38ceb79fef03
|
42
|
#include "mbedtls/ssl_internal.h"
|
| kevman |
0:38ceb79fef03
|
43
|
#include "mbedtls/platform_util.h"
|
| kevman |
0:38ceb79fef03
|
44
|
|
| kevman |
0:38ceb79fef03
|
45
|
#include <string.h>
|
| kevman |
0:38ceb79fef03
|
46
|
|
| kevman |
0:38ceb79fef03
|
47
|
/*
|
| kevman |
0:38ceb79fef03
|
48
|
* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
|
| kevman |
0:38ceb79fef03
|
49
|
* available. Try SHA-256 first, 512 wastes resources since we need to stay
|
| kevman |
0:38ceb79fef03
|
50
|
* with max 32 bytes of cookie for DTLS 1.0
|
| kevman |
0:38ceb79fef03
|
51
|
*/
|
| kevman |
0:38ceb79fef03
|
52
|
#if defined(MBEDTLS_SHA256_C)
|
| kevman |
0:38ceb79fef03
|
53
|
#define COOKIE_MD MBEDTLS_MD_SHA224
|
| kevman |
0:38ceb79fef03
|
54
|
#define COOKIE_MD_OUTLEN 32
|
| kevman |
0:38ceb79fef03
|
55
|
#define COOKIE_HMAC_LEN 28
|
| kevman |
0:38ceb79fef03
|
56
|
#elif defined(MBEDTLS_SHA512_C)
|
| kevman |
0:38ceb79fef03
|
57
|
#define COOKIE_MD MBEDTLS_MD_SHA384
|
| kevman |
0:38ceb79fef03
|
58
|
#define COOKIE_MD_OUTLEN 48
|
| kevman |
0:38ceb79fef03
|
59
|
#define COOKIE_HMAC_LEN 28
|
| kevman |
0:38ceb79fef03
|
60
|
#elif defined(MBEDTLS_SHA1_C)
|
| kevman |
0:38ceb79fef03
|
61
|
#define COOKIE_MD MBEDTLS_MD_SHA1
|
| kevman |
0:38ceb79fef03
|
62
|
#define COOKIE_MD_OUTLEN 20
|
| kevman |
0:38ceb79fef03
|
63
|
#define COOKIE_HMAC_LEN 20
|
| kevman |
0:38ceb79fef03
|
64
|
#else
|
| kevman |
0:38ceb79fef03
|
65
|
#error "DTLS hello verify needs SHA-1 or SHA-2"
|
| kevman |
0:38ceb79fef03
|
66
|
#endif
|
| kevman |
0:38ceb79fef03
|
67
|
|
| kevman |
0:38ceb79fef03
|
68
|
/*
|
| kevman |
0:38ceb79fef03
|
69
|
* Cookies are formed of a 4-bytes timestamp (or serial number) and
|
| kevman |
0:38ceb79fef03
|
70
|
* an HMAC of timestemp and client ID.
|
| kevman |
0:38ceb79fef03
|
71
|
*/
|
| kevman |
0:38ceb79fef03
|
72
|
#define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN )
|
| kevman |
0:38ceb79fef03
|
73
|
|
| kevman |
0:38ceb79fef03
|
74
|
void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
|
| kevman |
0:38ceb79fef03
|
75
|
{
|
| kevman |
0:38ceb79fef03
|
76
|
mbedtls_md_init( &ctx->hmac_ctx );
|
| kevman |
0:38ceb79fef03
|
77
|
#if !defined(MBEDTLS_HAVE_TIME)
|
| kevman |
0:38ceb79fef03
|
78
|
ctx->serial = 0;
|
| kevman |
0:38ceb79fef03
|
79
|
#endif
|
| kevman |
0:38ceb79fef03
|
80
|
ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;
|
| kevman |
0:38ceb79fef03
|
81
|
|
| kevman |
0:38ceb79fef03
|
82
|
#if defined(MBEDTLS_THREADING_C)
|
| kevman |
0:38ceb79fef03
|
83
|
mbedtls_mutex_init( &ctx->mutex );
|
| kevman |
0:38ceb79fef03
|
84
|
#endif
|
| kevman |
0:38ceb79fef03
|
85
|
}
|
| kevman |
0:38ceb79fef03
|
86
|
|
| kevman |
0:38ceb79fef03
|
87
|
void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay )
|
| kevman |
0:38ceb79fef03
|
88
|
{
|
| kevman |
0:38ceb79fef03
|
89
|
ctx->timeout = delay;
|
| kevman |
0:38ceb79fef03
|
90
|
}
|
| kevman |
0:38ceb79fef03
|
91
|
|
| kevman |
0:38ceb79fef03
|
92
|
void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
|
| kevman |
0:38ceb79fef03
|
93
|
{
|
| kevman |
0:38ceb79fef03
|
94
|
mbedtls_md_free( &ctx->hmac_ctx );
|
| kevman |
0:38ceb79fef03
|
95
|
|
| kevman |
0:38ceb79fef03
|
96
|
#if defined(MBEDTLS_THREADING_C)
|
| kevman |
0:38ceb79fef03
|
97
|
mbedtls_mutex_free( &ctx->mutex );
|
| kevman |
0:38ceb79fef03
|
98
|
#endif
|
| kevman |
0:38ceb79fef03
|
99
|
|
| kevman |
0:38ceb79fef03
|
100
|
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
|
| kevman |
0:38ceb79fef03
|
101
|
}
|
| kevman |
0:38ceb79fef03
|
102
|
|
| kevman |
0:38ceb79fef03
|
103
|
int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
|
| kevman |
0:38ceb79fef03
|
104
|
int (*f_rng)(void *, unsigned char *, size_t),
|
| kevman |
0:38ceb79fef03
|
105
|
void *p_rng )
|
| kevman |
0:38ceb79fef03
|
106
|
{
|
| kevman |
0:38ceb79fef03
|
107
|
int ret;
|
| kevman |
0:38ceb79fef03
|
108
|
unsigned char key[COOKIE_MD_OUTLEN];
|
| kevman |
0:38ceb79fef03
|
109
|
|
| kevman |
0:38ceb79fef03
|
110
|
if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
|
| kevman |
0:38ceb79fef03
|
111
|
return( ret );
|
| kevman |
0:38ceb79fef03
|
112
|
|
| kevman |
0:38ceb79fef03
|
113
|
ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
|
| kevman |
0:38ceb79fef03
|
114
|
if( ret != 0 )
|
| kevman |
0:38ceb79fef03
|
115
|
return( ret );
|
| kevman |
0:38ceb79fef03
|
116
|
|
| kevman |
0:38ceb79fef03
|
117
|
ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
|
| kevman |
0:38ceb79fef03
|
118
|
if( ret != 0 )
|
| kevman |
0:38ceb79fef03
|
119
|
return( ret );
|
| kevman |
0:38ceb79fef03
|
120
|
|
| kevman |
0:38ceb79fef03
|
121
|
mbedtls_platform_zeroize( key, sizeof( key ) );
|
| kevman |
0:38ceb79fef03
|
122
|
|
| kevman |
0:38ceb79fef03
|
123
|
return( 0 );
|
| kevman |
0:38ceb79fef03
|
124
|
}
|
| kevman |
0:38ceb79fef03
|
125
|
|
| kevman |
0:38ceb79fef03
|
126
|
/*
|
| kevman |
0:38ceb79fef03
|
127
|
* Generate the HMAC part of a cookie
|
| kevman |
0:38ceb79fef03
|
128
|
*/
|
| kevman |
0:38ceb79fef03
|
129
|
static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
|
| kevman |
0:38ceb79fef03
|
130
|
const unsigned char time[4],
|
| kevman |
0:38ceb79fef03
|
131
|
unsigned char **p, unsigned char *end,
|
| kevman |
0:38ceb79fef03
|
132
|
const unsigned char *cli_id, size_t cli_id_len )
|
| kevman |
0:38ceb79fef03
|
133
|
{
|
| kevman |
0:38ceb79fef03
|
134
|
unsigned char hmac_out[COOKIE_MD_OUTLEN];
|
| kevman |
0:38ceb79fef03
|
135
|
|
| kevman |
0:38ceb79fef03
|
136
|
if( (size_t)( end - *p ) < COOKIE_HMAC_LEN )
|
| kevman |
0:38ceb79fef03
|
137
|
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
| kevman |
0:38ceb79fef03
|
138
|
|
| kevman |
0:38ceb79fef03
|
139
|
if( mbedtls_md_hmac_reset( hmac_ctx ) != 0 ||
|
| kevman |
0:38ceb79fef03
|
140
|
mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 ||
|
| kevman |
0:38ceb79fef03
|
141
|
mbedtls_md_hmac_update( hmac_ctx, cli_id, cli_id_len ) != 0 ||
|
| kevman |
0:38ceb79fef03
|
142
|
mbedtls_md_hmac_finish( hmac_ctx, hmac_out ) != 0 )
|
| kevman |
0:38ceb79fef03
|
143
|
{
|
| kevman |
0:38ceb79fef03
|
144
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
| kevman |
0:38ceb79fef03
|
145
|
}
|
| kevman |
0:38ceb79fef03
|
146
|
|
| kevman |
0:38ceb79fef03
|
147
|
memcpy( *p, hmac_out, COOKIE_HMAC_LEN );
|
| kevman |
0:38ceb79fef03
|
148
|
*p += COOKIE_HMAC_LEN;
|
| kevman |
0:38ceb79fef03
|
149
|
|
| kevman |
0:38ceb79fef03
|
150
|
return( 0 );
|
| kevman |
0:38ceb79fef03
|
151
|
}
|
| kevman |
0:38ceb79fef03
|
152
|
|
| kevman |
0:38ceb79fef03
|
153
|
/*
|
| kevman |
0:38ceb79fef03
|
154
|
* Generate cookie for DTLS ClientHello verification
|
| kevman |
0:38ceb79fef03
|
155
|
*/
|
| kevman |
0:38ceb79fef03
|
156
|
int mbedtls_ssl_cookie_write( void *p_ctx,
|
| kevman |
0:38ceb79fef03
|
157
|
unsigned char **p, unsigned char *end,
|
| kevman |
0:38ceb79fef03
|
158
|
const unsigned char *cli_id, size_t cli_id_len )
|
| kevman |
0:38ceb79fef03
|
159
|
{
|
| kevman |
0:38ceb79fef03
|
160
|
int ret;
|
| kevman |
0:38ceb79fef03
|
161
|
mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
|
| kevman |
0:38ceb79fef03
|
162
|
unsigned long t;
|
| kevman |
0:38ceb79fef03
|
163
|
|
| kevman |
0:38ceb79fef03
|
164
|
if( ctx == NULL || cli_id == NULL )
|
| kevman |
0:38ceb79fef03
|
165
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
| kevman |
0:38ceb79fef03
|
166
|
|
| kevman |
0:38ceb79fef03
|
167
|
if( (size_t)( end - *p ) < COOKIE_LEN )
|
| kevman |
0:38ceb79fef03
|
168
|
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
| kevman |
0:38ceb79fef03
|
169
|
|
| kevman |
0:38ceb79fef03
|
170
|
#if defined(MBEDTLS_HAVE_TIME)
|
| kevman |
0:38ceb79fef03
|
171
|
t = (unsigned long) mbedtls_time( NULL );
|
| kevman |
0:38ceb79fef03
|
172
|
#else
|
| kevman |
0:38ceb79fef03
|
173
|
t = ctx->serial++;
|
| kevman |
0:38ceb79fef03
|
174
|
#endif
|
| kevman |
0:38ceb79fef03
|
175
|
|
| kevman |
0:38ceb79fef03
|
176
|
(*p)[0] = (unsigned char)( t >> 24 );
|
| kevman |
0:38ceb79fef03
|
177
|
(*p)[1] = (unsigned char)( t >> 16 );
|
| kevman |
0:38ceb79fef03
|
178
|
(*p)[2] = (unsigned char)( t >> 8 );
|
| kevman |
0:38ceb79fef03
|
179
|
(*p)[3] = (unsigned char)( t );
|
| kevman |
0:38ceb79fef03
|
180
|
*p += 4;
|
| kevman |
0:38ceb79fef03
|
181
|
|
| kevman |
0:38ceb79fef03
|
182
|
#if defined(MBEDTLS_THREADING_C)
|
| kevman |
0:38ceb79fef03
|
183
|
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
| kevman |
0:38ceb79fef03
|
184
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret );
|
| kevman |
0:38ceb79fef03
|
185
|
#endif
|
| kevman |
0:38ceb79fef03
|
186
|
|
| kevman |
0:38ceb79fef03
|
187
|
ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
|
| kevman |
0:38ceb79fef03
|
188
|
p, end, cli_id, cli_id_len );
|
| kevman |
0:38ceb79fef03
|
189
|
|
| kevman |
0:38ceb79fef03
|
190
|
#if defined(MBEDTLS_THREADING_C)
|
| kevman |
0:38ceb79fef03
|
191
|
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
|
| kevman |
0:38ceb79fef03
|
192
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
|
| kevman |
0:38ceb79fef03
|
193
|
MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
| kevman |
0:38ceb79fef03
|
194
|
#endif
|
| kevman |
0:38ceb79fef03
|
195
|
|
| kevman |
0:38ceb79fef03
|
196
|
return( ret );
|
| kevman |
0:38ceb79fef03
|
197
|
}
|
| kevman |
0:38ceb79fef03
|
198
|
|
| kevman |
0:38ceb79fef03
|
199
|
/*
|
| kevman |
0:38ceb79fef03
|
200
|
* Check a cookie
|
| kevman |
0:38ceb79fef03
|
201
|
*/
|
| kevman |
0:38ceb79fef03
|
202
|
int mbedtls_ssl_cookie_check( void *p_ctx,
|
| kevman |
0:38ceb79fef03
|
203
|
const unsigned char *cookie, size_t cookie_len,
|
| kevman |
0:38ceb79fef03
|
204
|
const unsigned char *cli_id, size_t cli_id_len )
|
| kevman |
0:38ceb79fef03
|
205
|
{
|
| kevman |
0:38ceb79fef03
|
206
|
unsigned char ref_hmac[COOKIE_HMAC_LEN];
|
| kevman |
0:38ceb79fef03
|
207
|
int ret = 0;
|
| kevman |
0:38ceb79fef03
|
208
|
unsigned char *p = ref_hmac;
|
| kevman |
0:38ceb79fef03
|
209
|
mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
|
| kevman |
0:38ceb79fef03
|
210
|
unsigned long cur_time, cookie_time;
|
| kevman |
0:38ceb79fef03
|
211
|
|
| kevman |
0:38ceb79fef03
|
212
|
if( ctx == NULL || cli_id == NULL )
|
| kevman |
0:38ceb79fef03
|
213
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
| kevman |
0:38ceb79fef03
|
214
|
|
| kevman |
0:38ceb79fef03
|
215
|
if( cookie_len != COOKIE_LEN )
|
| kevman |
0:38ceb79fef03
|
216
|
return( -1 );
|
| kevman |
0:38ceb79fef03
|
217
|
|
| kevman |
0:38ceb79fef03
|
218
|
#if defined(MBEDTLS_THREADING_C)
|
| kevman |
0:38ceb79fef03
|
219
|
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
| kevman |
0:38ceb79fef03
|
220
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret );
|
| kevman |
0:38ceb79fef03
|
221
|
#endif
|
| kevman |
0:38ceb79fef03
|
222
|
|
| kevman |
0:38ceb79fef03
|
223
|
if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
|
| kevman |
0:38ceb79fef03
|
224
|
&p, p + sizeof( ref_hmac ),
|
| kevman |
0:38ceb79fef03
|
225
|
cli_id, cli_id_len ) != 0 )
|
| kevman |
0:38ceb79fef03
|
226
|
ret = -1;
|
| kevman |
0:38ceb79fef03
|
227
|
|
| kevman |
0:38ceb79fef03
|
228
|
#if defined(MBEDTLS_THREADING_C)
|
| kevman |
0:38ceb79fef03
|
229
|
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
|
| kevman |
0:38ceb79fef03
|
230
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
|
| kevman |
0:38ceb79fef03
|
231
|
MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
| kevman |
0:38ceb79fef03
|
232
|
#endif
|
| kevman |
0:38ceb79fef03
|
233
|
|
| kevman |
0:38ceb79fef03
|
234
|
if( ret != 0 )
|
| kevman |
0:38ceb79fef03
|
235
|
return( ret );
|
| kevman |
0:38ceb79fef03
|
236
|
|
| kevman |
0:38ceb79fef03
|
237
|
if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
|
| kevman |
0:38ceb79fef03
|
238
|
return( -1 );
|
| kevman |
0:38ceb79fef03
|
239
|
|
| kevman |
0:38ceb79fef03
|
240
|
#if defined(MBEDTLS_HAVE_TIME)
|
| kevman |
0:38ceb79fef03
|
241
|
cur_time = (unsigned long) mbedtls_time( NULL );
|
| kevman |
0:38ceb79fef03
|
242
|
#else
|
| kevman |
0:38ceb79fef03
|
243
|
cur_time = ctx->serial;
|
| kevman |
0:38ceb79fef03
|
244
|
#endif
|
| kevman |
0:38ceb79fef03
|
245
|
|
| kevman |
0:38ceb79fef03
|
246
|
cookie_time = ( (unsigned long) cookie[0] << 24 ) |
|
| kevman |
0:38ceb79fef03
|
247
|
( (unsigned long) cookie[1] << 16 ) |
|
| kevman |
0:38ceb79fef03
|
248
|
( (unsigned long) cookie[2] << 8 ) |
|
| kevman |
0:38ceb79fef03
|
249
|
( (unsigned long) cookie[3] );
|
| kevman |
0:38ceb79fef03
|
250
|
|
| kevman |
0:38ceb79fef03
|
251
|
if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout )
|
| kevman |
0:38ceb79fef03
|
252
|
return( -1 );
|
| kevman |
0:38ceb79fef03
|
253
|
|
| kevman |
0:38ceb79fef03
|
254
|
return( 0 );
|
| kevman |
0:38ceb79fef03
|
255
|
}
|
| kevman |
0:38ceb79fef03
|
256
|
#endif /* MBEDTLS_SSL_COOKIE_C */
|