1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "securec.h"
17 #include "bsl_bytes.h"
18 #include "bsl_sal.h"
19 #include "hitls_error.h"
20 #include "hitls.h"
21 #include "tls.h"
22 #include "hs_ctx.h"
23 #include "pack_common.h"
24 #include "pack.h"
25 #include "frame_msg.h"
26 #include "pack_frame_msg.h"
27
28 #define RECORD_BUF_LEN (18 * 1024)
29 #define TEST_CERT_LEN_TAG_SIZE 3
30
NewFrameTlsCtx(void)31 TLS_Ctx *NewFrameTlsCtx(void)
32 {
33 TLS_Ctx *tlsCtx = (TLS_Ctx *)BSL_SAL_Calloc(1u, sizeof(HITLS_Ctx));
34 if (tlsCtx == NULL) {
35 return NULL;
36 }
37
38 tlsCtx->hsCtx = (HS_Ctx *)BSL_SAL_Calloc(1u, sizeof(HS_Ctx));
39 if (tlsCtx->hsCtx == NULL) {
40 BSL_SAL_FREE(tlsCtx);
41 return NULL;
42 }
43 tlsCtx->hsCtx->clientRandom = tlsCtx->negotiatedInfo.clientRandom;
44 tlsCtx->hsCtx->serverRandom = tlsCtx->negotiatedInfo.serverRandom;
45 return tlsCtx;
46 }
47
GenClientHelloMandatoryCtx(TLS_Ctx * tlsCtx,FRAME_Msg * msg)48 int32_t GenClientHelloMandatoryCtx(TLS_Ctx *tlsCtx, FRAME_Msg *msg)
49 {
50 ClientHelloMsg *clientHello = &msg->body.handshakeMsg.body.clientHello;
51 TLS_Config *tlsConfig = &tlsCtx->config.tlsConfig;
52 tlsConfig->maxVersion = clientHello->version;
53 int32_t ret = memcpy_s(tlsCtx->hsCtx->clientRandom, HS_RANDOM_SIZE, clientHello->randomValue, HS_RANDOM_SIZE);
54 if (ret != EOK) {
55 return HITLS_MEMCPY_FAIL;
56 }
57
58 if (clientHello->sessionIdSize > 0) {
59 #if defined(HITLS_TLS_FEATURE_SESSION) || defined(HITLS_TLS_PROTO_TLS13)
60 tlsCtx->hsCtx->sessionId = (uint8_t *)BSL_SAL_Dump(clientHello->sessionId, clientHello->sessionIdSize);
61 if (tlsCtx->hsCtx->sessionId == NULL) {
62 return HITLS_MEMALLOC_FAIL;
63 }
64 tlsCtx->hsCtx->sessionIdSize = clientHello->sessionIdSize;
65 #endif
66 }
67
68 #ifdef HITLS_TLS_PROTO_DTLS12
69 if (IS_SUPPORT_DATAGRAM(tlsConfig->originVersionMask) && clientHello->cookieLen > 0) {
70 tlsCtx->negotiatedInfo.cookieSize = clientHello->cookieLen;
71 tlsCtx->negotiatedInfo.cookie = (uint8_t *)BSL_SAL_Dump(clientHello->cookie, clientHello->cookieLen);
72 if (tlsCtx->negotiatedInfo.cookie == NULL) {
73 return HITLS_MEMALLOC_FAIL;
74 }
75 }
76 #endif
77
78 tlsConfig->cipherSuitesSize = clientHello->cipherSuitesSize;
79 uint32_t suitsLen = clientHello->cipherSuitesSize * sizeof(uint16_t);
80 tlsConfig->cipherSuites = (uint16_t *)BSL_SAL_Dump(clientHello->cipherSuites, suitsLen);
81 if (tlsConfig->cipherSuites == NULL) {
82 return HITLS_MEMALLOC_FAIL;
83 }
84
85 return HITLS_SUCCESS;
86 }
87
GenClientHelloExtensionCtx(TLS_Ctx * tlsCtx,FRAME_Msg * msg)88 int32_t GenClientHelloExtensionCtx(TLS_Ctx *tlsCtx, FRAME_Msg *msg)
89 {
90 ClientHelloMsg *clientHello = &msg->body.handshakeMsg.body.clientHello;
91 TLS_Config *tlsConfig = &tlsCtx->config.tlsConfig;
92 tlsConfig->isSupportExtendMasterSecret = clientHello->extension.flag.haveExtendedMasterSecret;
93 tlsConfig->signAlgorithmsSize = clientHello->extension.content.signatureAlgorithmsSize;
94 if (tlsConfig->signAlgorithmsSize > 0) {
95 uint32_t signAlgorithmsLen = tlsConfig->signAlgorithmsSize * sizeof(uint16_t);
96 tlsConfig->signAlgorithms = (uint16_t *)BSL_SAL_Dump(clientHello->extension.content.signatureAlgorithms,
97 signAlgorithmsLen);
98 if (tlsConfig->signAlgorithms == NULL) {
99 return HITLS_MEMALLOC_FAIL;
100 }
101 }
102
103 tlsConfig->groupsSize = clientHello->extension.content.supportedGroupsSize;
104 if (tlsConfig->groupsSize > 0) {
105 uint32_t groupsLen = tlsConfig->groupsSize * sizeof(uint16_t);
106 tlsConfig->groups = (uint16_t *)BSL_SAL_Dump(clientHello->extension.content.supportedGroups, groupsLen);
107 if (tlsConfig->groups == NULL) {
108 return HITLS_MEMALLOC_FAIL;
109 }
110 }
111
112 tlsConfig->pointFormatsSize = clientHello->extension.content.pointFormatsSize;
113 if (tlsConfig->pointFormatsSize > 0) {
114 uint32_t pointFormatsLen = tlsConfig->pointFormatsSize * sizeof(uint8_t);
115 tlsConfig->pointFormats = (uint8_t *)BSL_SAL_Dump(clientHello->extension.content.pointFormats, pointFormatsLen);
116 if (tlsConfig->pointFormats == NULL) {
117 return HITLS_MEMALLOC_FAIL;
118 }
119 }
120
121 return HITLS_SUCCESS;
122 }
123
PackClientHelloMsg(FRAME_Msg * msg)124 int32_t PackClientHelloMsg(FRAME_Msg *msg)
125 {
126 TLS_Ctx *tlsCtx = NewFrameTlsCtx();
127 if (tlsCtx == NULL) {
128 return HITLS_MEMCPY_FAIL;
129 }
130
131 int32_t ret = GenClientHelloMandatoryCtx(tlsCtx, msg);
132 if (ret != HITLS_SUCCESS) {
133 goto EXIT;
134 }
135
136 // extended information
137 ret = GenClientHelloExtensionCtx(tlsCtx, msg);
138 if (ret != HITLS_SUCCESS) {
139 goto EXIT;
140 }
141
142 uint32_t usedLen = 0;
143 ret = HS_PackMsg(tlsCtx, CLIENT_HELLO, &msg->buffer[msg->len], REC_MAX_PLAIN_LENGTH, &usedLen);
144 if (ret == HITLS_SUCCESS) {
145 msg->len += usedLen;
146 }
147
148 EXIT:
149 HITLS_Free(tlsCtx);
150 return ret;
151 }
152
PackServerHelloMsg(FRAME_Msg * msg)153 int32_t PackServerHelloMsg(FRAME_Msg *msg)
154 {
155 TLS_Ctx *tlsCtx = NewFrameTlsCtx();
156 if (tlsCtx == NULL) {
157 return HITLS_MEMCPY_FAIL;
158 }
159
160 ServerHelloMsg *serverHello = &msg->body.handshakeMsg.body.serverHello;
161 tlsCtx->negotiatedInfo.version = serverHello->version;
162
163 int32_t ret = 0;
164 ret = memcpy_s(tlsCtx->hsCtx->serverRandom, HS_RANDOM_SIZE, serverHello->randomValue, HS_RANDOM_SIZE);
165 if (ret != EOK) {
166 goto EXIT;
167 }
168
169 if (serverHello->sessionIdSize > 0) { // SessionId
170 #if defined(HITLS_TLS_FEATURE_SESSION) || defined(HITLS_TLS_PROTO_TLS13)
171 tlsCtx->hsCtx->sessionId = (uint8_t *)BSL_SAL_Dump(serverHello->sessionId, serverHello->sessionIdSize);
172 if (tlsCtx->hsCtx->sessionId == NULL) {
173 ret = HITLS_MEMALLOC_FAIL;
174 goto EXIT;
175 }
176 tlsCtx->hsCtx->sessionIdSize = serverHello->sessionIdSize;
177 #endif
178 }
179
180 tlsCtx->negotiatedInfo.cipherSuiteInfo.cipherSuite = serverHello->cipherSuite;
181 tlsCtx->negotiatedInfo.isExtendedMasterSecret = serverHello->haveExtendedMasterSecret;
182
183 uint32_t usedLen = 0;
184 ret = HS_PackMsg(tlsCtx, SERVER_HELLO, &msg->buffer[msg->len], REC_MAX_PLAIN_LENGTH, &usedLen);
185 if (ret == HITLS_SUCCESS) {
186 msg->len += usedLen;
187 }
188
189 EXIT:
190 HITLS_Free(tlsCtx);
191 return ret;
192 }
193
PackCertificateMsg(FRAME_Msg * msg)194 int32_t PackCertificateMsg(FRAME_Msg *msg)
195 {
196 CertificateMsg *certificate = &msg->body.handshakeMsg.body.certificate;
197 uint32_t allCertsLen = 0; // Total length of all certificates
198 uint32_t offset = msg->len + DTLS_HS_MSG_HEADER_SIZE; // Reserved packet header
199 // Indicates the offset of the total length of the certificate chain.
200 uint32_t certsLenOffset = offset;
201 offset += TEST_CERT_LEN_TAG_SIZE; // Total length of the reserved certificate chain
202
203 CERT_Item *cur = certificate->cert;
204 while (cur != NULL) {
205 BSL_Uint24ToByte(cur->dataSize, &msg->buffer[offset]);
206 offset += TEST_CERT_LEN_TAG_SIZE;
207 int32_t ret = memcpy_s(&msg->buffer[offset], RECORD_BUF_LEN - offset, cur->data, cur->dataSize);
208 if (ret != EOK) {
209 return HITLS_MEMCPY_FAIL;
210 }
211
212 offset += cur->dataSize;
213 allCertsLen += TEST_CERT_LEN_TAG_SIZE + cur->dataSize;
214 cur = cur->next;
215 }
216 // Indicates the total length of the certificate chain.
217 BSL_Uint24ToByte(allCertsLen, &msg->buffer[certsLenOffset]);
218
219 /* Assemble the packet header. */
220 const uint32_t sequence = 1;
221 const uint32_t bodyLen = TEST_CERT_LEN_TAG_SIZE + allCertsLen;
222 PackDtlsMsgHeader(CERTIFICATE, sequence, bodyLen, &msg->buffer[msg->len]);
223 msg->len += DTLS_HS_MSG_HEADER_SIZE + bodyLen;
224
225 return HITLS_SUCCESS;
226 }
227
PackServerKxMsg(FRAME_Msg * msg)228 int32_t PackServerKxMsg(FRAME_Msg *msg)
229 {
230 ServerKeyExchangeMsg *serverKx = &msg->body.handshakeMsg.body.serverKeyExchange;
231 uint32_t offset = msg->len + DTLS_HS_MSG_HEADER_SIZE; // Reserved packet header
232
233 /* Curve Type and Curve ID */
234 msg->buffer[offset] = (uint8_t)(serverKx->keyEx.ecdh.ecPara.type);
235 offset += sizeof(uint8_t);
236 BSL_Uint16ToByte((uint16_t)(serverKx->keyEx.ecdh.ecPara.param.namedcurve), &msg->buffer[offset]);
237 offset += sizeof(uint16_t);
238
239 /* Public key length and public key content */
240 msg->buffer[offset] = (uint8_t)serverKx->keyEx.ecdh.pubKeySize;
241 offset += sizeof(uint8_t);
242 int32_t ret = memcpy_s(&msg->buffer[offset], RECORD_BUF_LEN - offset,
243 serverKx->keyEx.ecdh.pubKey, serverKx->keyEx.ecdh.pubKeySize);
244 if (ret != EOK) {
245 return HITLS_MEMCPY_FAIL;
246 }
247 offset += serverKx->keyEx.ecdh.pubKeySize;
248
249 /* signature algorithm */
250 BSL_Uint16ToByte(serverKx->keyEx.ecdh.signAlgorithm, &msg->buffer[offset]);
251 offset += sizeof(uint16_t);
252
253 /* Signature Length */
254 BSL_Uint16ToByte(serverKx->keyEx.ecdh.signSize, &msg->buffer[offset]);
255 offset += sizeof(uint16_t);
256
257 ret = memcpy_s(&msg->buffer[offset], RECORD_BUF_LEN - offset,
258 serverKx->keyEx.ecdh.signData, serverKx->keyEx.ecdh.signSize);
259 if (ret != EOK) {
260 return HITLS_MEMCPY_FAIL;
261 }
262 offset += serverKx->keyEx.ecdh.signSize;
263
264 /* Assemble the packet header. */
265 const uint32_t sequence = msg->body.handshakeMsg.sequence;
266 const uint32_t bodyLen = sizeof(uint8_t) + sizeof(uint16_t) + sizeof(uint8_t) + serverKx->keyEx.ecdh.pubKeySize +
267 sizeof(uint16_t) + sizeof(uint16_t) + serverKx->keyEx.ecdh.signSize;
268 PackDtlsMsgHeader(SERVER_KEY_EXCHANGE, sequence, bodyLen, &msg->buffer[msg->len]);
269 msg->len += DTLS_HS_MSG_HEADER_SIZE + bodyLen;
270
271 return HITLS_SUCCESS;
272 }
273
PackServerHelloDoneMsg(FRAME_Msg * msg)274 int32_t PackServerHelloDoneMsg(FRAME_Msg *msg)
275 {
276 /* Assemble the packet header. */
277 const uint32_t sequence = msg->body.handshakeMsg.sequence;
278 const uint32_t bodyLen = 0;
279 PackDtlsMsgHeader(SERVER_HELLO_DONE, sequence, bodyLen, &msg->buffer[msg->len]);
280 msg->len += DTLS_HS_MSG_HEADER_SIZE + bodyLen;
281
282 return HITLS_SUCCESS;
283 }
284
PackClientKxMsg(FRAME_Msg * msg)285 int32_t PackClientKxMsg(FRAME_Msg *msg)
286 {
287 ClientKeyExchangeMsg *clientKx = &msg->body.handshakeMsg.body.clientKeyExchange;
288 uint32_t offset = msg->len + DTLS_HS_MSG_HEADER_SIZE; // Reserved packet header
289 msg->buffer[offset] = (uint8_t)clientKx->dataSize;
290 offset += sizeof(uint8_t);
291 int32_t ret = memcpy_s(&msg->buffer[offset], RECORD_BUF_LEN - offset, clientKx->data, clientKx->dataSize);
292 if (ret != EOK) {
293 return HITLS_MEMCPY_FAIL;
294 }
295
296 /* Assemble the packet header. */
297 const uint32_t sequence = msg->body.handshakeMsg.sequence;
298 const uint32_t bodyLen = clientKx->dataSize + sizeof(uint8_t);
299 PackDtlsMsgHeader(CLIENT_KEY_EXCHANGE, sequence, bodyLen, &msg->buffer[msg->len]);
300 msg->len += DTLS_HS_MSG_HEADER_SIZE + bodyLen;
301
302 return HITLS_SUCCESS;
303 }
304
PackFinishMsg(FRAME_Msg * msg)305 int32_t PackFinishMsg(FRAME_Msg *msg)
306 {
307 TLS_Ctx *tlsCtx = NewFrameTlsCtx();
308 if (tlsCtx == NULL) {
309 return HITLS_MEMCPY_FAIL;
310 }
311
312 FinishedMsg *finished = &msg->body.handshakeMsg.body.finished;
313 int32_t ret = 0;
314 tlsCtx->hsCtx->verifyCtx = (VerifyCtx*)BSL_SAL_Calloc(1u, sizeof(VerifyCtx));
315 if (tlsCtx->hsCtx->verifyCtx == NULL) {
316 ret = HITLS_MEMALLOC_FAIL;
317 goto EXIT;
318 }
319
320 tlsCtx->hsCtx->verifyCtx->verifyDataSize = finished->verifyDataSize;
321 ret = memcpy_s(tlsCtx->hsCtx->verifyCtx->verifyData, MAX_SIGN_SIZE,
322 finished->verifyData, finished->verifyDataSize);
323 if (ret != EOK) {
324 goto EXIT;
325 }
326
327 uint32_t usedLen = 0;
328 ret = HS_PackMsg(tlsCtx, FINISHED, &msg->buffer[msg->len], REC_MAX_PLAIN_LENGTH, &usedLen);
329 if (ret == HITLS_SUCCESS) {
330 msg->len += usedLen;
331 }
332
333 EXIT:
334 HITLS_Free(tlsCtx);
335 return ret;
336 }
337
PackHandShakeMsg(FRAME_Msg * msg)338 int32_t PackHandShakeMsg(FRAME_Msg *msg)
339 {
340 HS_MsgType type = msg->body.handshakeMsg.type;
341 uint32_t ret = HITLS_SUCCESS;
342 switch (type) {
343 case CLIENT_HELLO:
344 ret = PackClientHelloMsg(msg);
345 break;
346 case SERVER_HELLO:
347 ret = PackServerHelloMsg(msg);
348 break;
349 case CERTIFICATE:
350 ret = PackCertificateMsg(msg);
351 break;
352 case SERVER_KEY_EXCHANGE:
353 ret = PackServerKxMsg(msg);
354 break;
355 case SERVER_HELLO_DONE:
356 ret = PackServerHelloDoneMsg(msg);
357 break;
358 case CLIENT_KEY_EXCHANGE:
359 ret = PackClientKxMsg(msg);
360 break;
361 case FINISHED:
362 ret = PackFinishMsg(msg);
363 break;
364 default:
365 ret = HITLS_PACK_UNSUPPORT_HANDSHAKE_MSG;
366 }
367
368 return ret;
369 }
370
PackCCSMsg(FRAME_Msg * msg)371 int32_t PackCCSMsg(FRAME_Msg *msg)
372 {
373 FRAME_CcsMsg *ccsMsg = &msg->body.ccsMsg;
374 uint32_t offset = msg->len;
375 msg->buffer[offset] = ccsMsg->type;
376 msg->len += sizeof(uint8_t);
377
378 return HITLS_SUCCESS;
379 }
380
PackAlertMsg(FRAME_Msg * msg)381 int32_t PackAlertMsg(FRAME_Msg *msg)
382 {
383 FRAME_AlertMsg *alertMsg = &msg->body.alertMsg;
384 uint32_t offset = msg->len;
385 msg->buffer[offset] = alertMsg->level;
386 offset += sizeof(uint8_t);
387 msg->buffer[offset] = alertMsg->description;
388 msg->len += sizeof(uint8_t) + sizeof(uint8_t);
389 return HITLS_SUCCESS;
390 }
391
PackAppData(FRAME_Msg * msg)392 int32_t PackAppData(FRAME_Msg *msg)
393 {
394 FRAME_AppMsg *appMsg = &msg->body.appMsg;
395 uint32_t offset = msg->len;
396 BSL_Uint32ToByte(appMsg->len, &msg->buffer[offset]);
397 offset += sizeof(uint32_t);
398 int32_t ret = memcpy_s(&msg->buffer[offset], RECORD_BUF_LEN - offset, appMsg->buffer, appMsg->len);
399 if (ret != EOK) {
400 return HITLS_MEMCPY_FAIL;
401 }
402 msg->len += sizeof(uint32_t) + appMsg->len;
403 return HITLS_SUCCESS;
404 }
405
406 // Pack header
PackRecordHeader(FRAME_Msg * msg)407 int32_t PackRecordHeader(FRAME_Msg *msg)
408 {
409 uint32_t offset = 0;
410 msg->buffer[offset] = msg->type;
411 offset += sizeof(uint8_t);
412 BSL_Uint16ToByte(msg->version, &msg->buffer[offset]);
413 offset += sizeof(uint16_t);
414
415 #ifdef HITLS_TLS_PROTO_DTLS12
416 if (IS_TRANSTYPE_DATAGRAM(msg->transportType)) {
417 BSL_Uint64ToByte(msg->epochSeq, &msg->buffer[offset]);
418 offset += sizeof(uint64_t);
419 }
420 #endif
421
422 BSL_Uint16ToByte(msg->bodyLen, &msg->buffer[offset]);
423 offset += sizeof(uint16_t);
424 msg->len = offset;
425 return HITLS_SUCCESS;
426 }
427
PackFrameMsg(FRAME_Msg * msg)428 int32_t PackFrameMsg(FRAME_Msg *msg)
429 {
430 // Apply for an 18 KB buffer for storing the current message.
431 msg->buffer = (uint8_t *)BSL_SAL_Calloc(1u, RECORD_BUF_LEN);
432 if (msg->buffer == NULL) {
433 return HITLS_MEMALLOC_FAIL;
434 }
435
436 msg->len = RECORD_BUF_LEN; // The length must be the same as the length of the applied 18 KB buffer.
437
438 // pack Header
439 PackRecordHeader(msg);
440
441 // pack Body
442 uint32_t ret = HITLS_SUCCESS;
443 switch (msg->type) {
444 case REC_TYPE_HANDSHAKE:
445 ret = PackHandShakeMsg(msg);
446 break;
447 case REC_TYPE_CHANGE_CIPHER_SPEC:
448 ret = PackCCSMsg(msg);
449 break;
450 case REC_TYPE_ALERT:
451 ret = PackAlertMsg(msg);
452 break;
453 case REC_TYPE_APP:
454 ret = PackAppData(msg);
455 break;
456 default:
457 break;
458 }
459
460 return ret;
461 }