• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is part of the openHiTLS project.
3  *
4  * openHiTLS is licensed under the Mulan PSL v2.
5  * You can use this software according to the terms and conditions of the Mulan PSL v2.
6  * You may obtain a copy of Mulan PSL v2 at:
7  *
8  *     http://license.coscl.org.cn/MulanPSL2
9  *
10  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11  * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12  * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13  * See the Mulan PSL v2 for more details.
14  */
15 #include "hitls_build.h"
16 #if defined(HITLS_TLS_PROTO_TLS13) && defined(HITLS_TLS_HOST_SERVER)
17 #include <stdint.h>
18 #include "tls_binlog_id.h"
19 #include "bsl_log_internal.h"
20 #include "bsl_log.h"
21 #include "bsl_err_internal.h"
22 #include "bsl_bytes.h"
23 #include "hitls_error.h"
24 #include "tls.h"
25 #include "hs_ctx.h"
26 #include "hs_extensions.h"
27 #include "pack_common.h"
28 #include "pack_extensions.h"
29 #include "custom_extensions.h"
30 
PackEncryptedSupportedGroups(const TLS_Ctx * ctx,uint8_t * buf,uint32_t bufLen,uint32_t * usedLen)31 static int32_t PackEncryptedSupportedGroups(const TLS_Ctx *ctx, uint8_t *buf, uint32_t bufLen, uint32_t *usedLen)
32 {
33     int32_t ret = HITLS_SUCCESS;
34     uint16_t exMsgHeaderLen;
35     uint16_t exMsgDataLen;
36     uint32_t offset = 0u;
37     const TLS_Config *config = &(ctx->config.tlsConfig);
38 
39     if (config->groupsSize == 0) {
40         *usedLen = 0;
41         return HITLS_SUCCESS;
42     }
43 
44     if (config->groups == NULL) {
45         return HITLS_SUCCESS;
46     }
47 
48     /* Calculate the extension length */
49     exMsgHeaderLen = sizeof(uint16_t);
50     exMsgDataLen = sizeof(uint16_t) * (uint16_t)config->groupsSize;
51 
52     /* Pack the extension header */
53     ret = PackExtensionHeader(HS_EX_TYPE_SUPPORTED_GROUPS, exMsgHeaderLen + exMsgDataLen, buf, bufLen);
54     if (ret != HITLS_SUCCESS) {
55         return ret;
56     }
57     offset += HS_EX_HEADER_LEN;
58 
59     /* Pack the extended support group */
60     BSL_Uint16ToByte(exMsgDataLen, &buf[offset]);
61     offset += sizeof(uint16_t);
62     for (uint32_t index = 0; index < config->groupsSize; index++) {
63         BSL_Uint16ToByte(config->groups[index], &buf[offset]);
64         offset += sizeof(uint16_t);
65     }
66 
67     *usedLen = offset;
68     return HITLS_SUCCESS;
69 }
70 
71 /**
72  * @brief Pack the Encrypted_extensions extension.
73  *
74  * @param ctx [IN] TLS context
75  * @param buf [OUT] Return the handshake message buffer.
76  * @param bufLen [IN] Maximum buffer size of the handshake message.
77  * @param usedLen [OUT] Returned message length
78  *
79  * @retval HITLS_SUCCESS succeeded.
80  * @retval For other error codes, see hitls_error.h.
81  */
PackEncryptedExs(const TLS_Ctx * ctx,uint8_t * buf,uint32_t bufLen,uint32_t * usedLen)82 static int32_t PackEncryptedExs(const TLS_Ctx *ctx, uint8_t *buf, uint32_t bufLen, uint32_t *usedLen)
83 {
84     int32_t ret = HITLS_SUCCESS;
85     uint32_t listSize;
86     uint32_t exLen = 0u;
87     uint32_t offset = 0u;
88 
89     const PackExtInfo extMsgList[] = {
90         {.exMsgType = HS_EX_TYPE_SUPPORTED_GROUPS,
91          .needPack = true,
92          .packFunc = PackEncryptedSupportedGroups},
93         {.exMsgType = HS_EX_TYPE_EARLY_DATA,    /* This field is available only in 0-rrt mode */
94          .needPack = false,
95          .packFunc = NULL},
96 #ifdef HITLS_TLS_FEATURE_SNI
97         {.exMsgType = HS_EX_TYPE_SERVER_NAME,    /* During extension, only empty SNI extensions are encapsulated. */
98          .needPack = ctx->negotiatedInfo.isSniStateOK,
99          .packFunc = NULL},
100 #endif /* HITLS_TLS_FEATURE_SNI */
101 #ifdef HITLS_TLS_FEATURE_ALPN
102         {.exMsgType = HS_EX_TYPE_APP_LAYER_PROTOCOLS,
103          .needPack = (ctx->negotiatedInfo.alpnSelected != NULL),
104          .packFunc = PackServerSelectAlpnProto},
105 #endif /* HITLS_TLS_FEATURE_ALPN */
106     };
107 
108 #ifdef HITLS_TLS_FEATURE_CUSTOM_EXTENSION
109     exLen = 0u;
110     if (IsPackNeedCustomExtensions(CUSTOM_EXT_FROM_CTX(ctx), HITLS_EX_TYPE_ENCRYPTED_EXTENSIONS)) {
111         ret = PackCustomExtensions(ctx, &buf[offset], bufLen - offset, &exLen, HITLS_EX_TYPE_ENCRYPTED_EXTENSIONS, NULL, 0);
112         if (ret != HITLS_SUCCESS) {
113             return ret;
114         }
115         offset += exLen;
116     }
117 #endif /* HITLS_TLS_FEATURE_CUSTOM_EXTENSION */
118 
119     /* Calculate the number of extended types */
120     listSize = sizeof(extMsgList) / sizeof(extMsgList[0]);
121 
122     /* Pack the Server Hello extension */
123     for (uint32_t index = 0; index < listSize; index++) {
124         if (extMsgList[index].needPack == false) {
125             continue;
126         }
127         /* Empty extension */
128         if (extMsgList[index].packFunc == NULL) {
129             exLen = 0u;
130             ret = PackEmptyExtension(extMsgList[index].exMsgType, extMsgList[index].needPack,
131                 &buf[offset], bufLen - offset, &exLen);
132             if (ret != HITLS_SUCCESS) {
133                 return ret;
134             }
135             offset += exLen;
136         }
137         /* Non-empty extension */
138         if (extMsgList[index].packFunc != NULL) {
139             exLen = 0u;
140             ret = extMsgList[index].packFunc(ctx, &buf[offset], bufLen - offset, &exLen);
141             if (ret != HITLS_SUCCESS) {
142                 return ret;
143             }
144             offset += exLen;
145         }
146     }
147 
148     *usedLen = offset;
149     return HITLS_SUCCESS;
150 }
151 
152 /**
153 * @brief Pack the Encrypted_extensions message.
154 *
155 * @param ctx [IN] TLS context
156 * @param buf [OUT] Return the handshake message buffer.
157 * @param bufLen [IN] Maximum buffer size of the handshake message.
158 * @param len [OUT] Returned message length
159 *
160 * @retval HITLS_SUCCESS succeeded.
161 * @retval HITLS_PACK_NOT_ENOUGH_BUF_LENGTH The message buffer length is insufficient.
162  */
PackEncryptedExtensions(const TLS_Ctx * ctx,uint8_t * buf,uint32_t bufLen,uint32_t * usedLen)163 int32_t PackEncryptedExtensions(const TLS_Ctx *ctx, uint8_t *buf, uint32_t bufLen, uint32_t *usedLen)
164 {
165     int32_t ret = HITLS_SUCCESS;
166     uint32_t headerLen = 0u;
167     uint32_t exLen = 0u;
168 
169     /* Obtain the message header length */
170     headerLen = sizeof(uint16_t);
171     /* If the length of the message structure is smaller than the length of the message header,
172        an error code is returned */
173     if (bufLen < headerLen) {
174         return PackBufLenError(BINLOG_ID15851, BINGLOG_STR("Encrypted Extension"));
175     }
176 
177     /* Pack the encrypted_extensions extension */
178     ret = PackEncryptedExs(ctx, &buf[headerLen], bufLen - headerLen, &exLen);
179     if (ret != HITLS_SUCCESS) {
180         return ret;
181     }
182 
183     /* Update the message length */
184     if (exLen > 0u) {
185         BSL_Uint16ToByte((uint16_t)exLen, buf);
186         *usedLen = exLen + headerLen;
187     } else {
188         BSL_Uint16ToByte((uint16_t) 0, buf);
189         *usedLen = 0 + headerLen;
190     }
191 
192     return HITLS_SUCCESS;
193 }
194 #endif /* HITLS_TLS_PROTO_TLS13 && HITLS_TLS_HOST_SERVER */
195