1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "hitls_build.h"
17 #include "securec.h"
18 #include "tls_binlog_id.h"
19 #include "bsl_log_internal.h"
20 #include "bsl_err_internal.h"
21 #include "hitls.h"
22 #include "hitls_error.h"
23 #include "hitls_type.h"
24 #include "tls.h"
25 #include "hs.h"
26 #include "alert.h"
27 #include "conn_init.h"
28 #include "conn_common.h"
29 #include "rec.h"
30 #include "app.h"
31 #include "bsl_uio.h"
32 #include "record.h"
33 #include "hs_ctx.h"
34 #include "hs_state_recv.h"
35 #include "hs_state_send.h"
36 #include "hs_common.h"
37
38 #ifdef HITLS_TLS_PROTO_DTLS12
39 #define DTLS_MIN_MTU 256 /* Minimum MTU setting size */
40 #endif
41 #define DATA_MAX_LENGTH 1024
ConnectEventInIdleState(HITLS_Ctx * ctx)42 static int32_t ConnectEventInIdleState(HITLS_Ctx *ctx)
43 {
44 ctx->isClient = true; // Set the configuration as a client
45
46 int32_t ret = CONN_Init(ctx);
47 if (ret != HITLS_SUCCESS) {
48 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16487, "CONN_Init fail");
49 }
50
51 ChangeConnState(ctx, CM_STATE_HANDSHAKING);
52
53 // In idle state, after initialization, the handshake process is directly started. Therefore, the handshake status
54 // function is directly invoked.
55 return CommonEventInHandshakingState(ctx);
56 }
57
AcceptEventInIdleState(HITLS_Ctx * ctx)58 static int32_t AcceptEventInIdleState(HITLS_Ctx *ctx)
59 {
60 ctx->isClient = false; // Set the configuration as the server
61
62 int32_t ret = CONN_Init(ctx);
63 if (ret != HITLS_SUCCESS) {
64 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16488, "CONN_Init fail");
65 }
66
67 ChangeConnState(ctx, CM_STATE_HANDSHAKING);
68
69 // In idle state, after initialization, the handshake process is directly started. Therefore, the handshake status
70 // function is directly invoked.
71 return CommonEventInHandshakingState(ctx);
72 }
73
EstablishEventInTransportingState(HITLS_Ctx * ctx)74 static int32_t EstablishEventInTransportingState(HITLS_Ctx *ctx)
75 {
76 (void)ctx;
77 // In the renegotiation state, the renegotiation handshake procedure is started.
78 return HITLS_SUCCESS;
79 }
80
EstablishEventInRenegotiationState(HITLS_Ctx * ctx)81 static int32_t EstablishEventInRenegotiationState(HITLS_Ctx *ctx)
82 {
83 #ifdef HITLS_TLS_FEATURE_RENEGOTIATION
84 // In the renegotiation state, the renegotiation handshake procedure is started.
85 int32_t ret = CommonEventInRenegotiationState(ctx);
86 if (ret != HITLS_SUCCESS) {
87 if (ret == HITLS_REC_NORMAL_RECV_UNEXPECT_MSG && ctx->state != CM_STATE_ALERTED) {
88 // In this case, the HITLS initiates renegotiation, but the peer end does not respond to the renegotiation
89 // request but returns an APP message. In this case, the success message should be returned.
90 return HITLS_SUCCESS;
91 }
92 return ret;
93 }
94 return HITLS_SUCCESS;
95 #else
96 (void)ctx;
97 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15405, BSL_LOG_LEVEL_FATAL, BSL_LOG_BINLOG_TYPE_RUN,
98 "invalid conn states %d", CM_STATE_RENEGOTIATION, NULL, NULL, NULL);
99 return HITLS_INTERNAL_EXCEPTION;
100 #endif
101 }
102
CloseEventInRenegotiationState(HITLS_Ctx * ctx)103 static int32_t CloseEventInRenegotiationState(HITLS_Ctx *ctx)
104 {
105 #ifdef HITLS_TLS_FEATURE_RENEGOTIATION
106 if ((ctx->shutdownState & HITLS_SENT_SHUTDOWN) == 0) {
107 ALERT_Send(ctx, ALERT_LEVEL_WARNING, ALERT_CLOSE_NOTIFY);
108 int32_t ret = ALERT_Flush(ctx);
109 if (ret != HITLS_SUCCESS) {
110 ChangeConnState(ctx, CM_STATE_ALERTED);
111 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16528, "ALERT_Flush fail");
112 }
113 ctx->shutdownState |= HITLS_SENT_SHUTDOWN;
114 }
115 /* In the renegotiation state, if the HITLS_Close function is called, the connection is directly disconnected
116 * and read/write operations are not allowed. */
117 ctx->shutdownState |= HITLS_RECEIVED_SHUTDOWN;
118 ChangeConnState(ctx, CM_STATE_CLOSED);
119 return HITLS_SUCCESS;
120 #else
121 (void)ctx;
122 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15406, BSL_LOG_LEVEL_FATAL, BSL_LOG_BINLOG_TYPE_RUN,
123 "invalid conn states %d", CM_STATE_RENEGOTIATION, NULL, NULL, NULL);
124 return HITLS_INTERNAL_EXCEPTION;
125 #endif
126 }
127
EstablishEventInAlertedState(HITLS_Ctx * ctx)128 static int32_t EstablishEventInAlertedState(HITLS_Ctx *ctx)
129 {
130 (void)ctx;
131 // Directly return a message indicating that the link status is abnormal.
132 return HITLS_CM_LINK_FATAL_ALERTED;
133 }
134
EstablishEventInClosedState(HITLS_Ctx * ctx)135 static int32_t EstablishEventInClosedState(HITLS_Ctx *ctx)
136 {
137 (void)ctx;
138 // Directly return a message indicating that the link status is abnormal.
139 return HITLS_CM_LINK_CLOSED;
140 }
141
CloseEventInIdleState(HITLS_Ctx * ctx)142 static int32_t CloseEventInIdleState(HITLS_Ctx *ctx)
143 {
144 ChangeConnState(ctx, CM_STATE_CLOSED);
145 ctx->shutdownState |= (HITLS_SENT_SHUTDOWN | HITLS_RECEIVED_SHUTDOWN);
146 return HITLS_SUCCESS;
147 }
148
CloseEventInHandshakingState(HITLS_Ctx * ctx)149 static int32_t CloseEventInHandshakingState(HITLS_Ctx *ctx)
150 {
151 if ((ctx->shutdownState & HITLS_SENT_SHUTDOWN) == 0) {
152 ALERT_Send(ctx, ALERT_LEVEL_WARNING, ALERT_CLOSE_NOTIFY);
153 int32_t ret = ALERT_Flush(ctx);
154 if (ret != HITLS_SUCCESS) {
155 ChangeConnState(ctx, CM_STATE_ALERTED);
156 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16463, "ALERT_Flush fail");
157 }
158 ctx->shutdownState |= HITLS_SENT_SHUTDOWN;
159 }
160 /* In the handshaking state, if the close function is called, the connection is directly disconnected
161 * and read/write operations are not allowed. */
162 ctx->shutdownState |= HITLS_RECEIVED_SHUTDOWN;
163 ChangeConnState(ctx, CM_STATE_CLOSED);
164 return HITLS_SUCCESS;
165 }
166
CloseEventInTransportingState(HITLS_Ctx * ctx)167 static int32_t CloseEventInTransportingState(HITLS_Ctx *ctx)
168 {
169 if ((ctx->shutdownState & HITLS_SENT_SHUTDOWN) == 0) {
170 ALERT_Send(ctx, ALERT_LEVEL_WARNING, ALERT_CLOSE_NOTIFY);
171 int32_t ret = ALERT_Flush(ctx);
172 if (ret != HITLS_SUCCESS) {
173 ChangeConnState(ctx, CM_STATE_ALERTING);
174 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16490, "ALERT_Flush fail");
175 }
176 ctx->shutdownState |= HITLS_SENT_SHUTDOWN;
177 }
178
179 ChangeConnState(ctx, CM_STATE_CLOSED);
180 return HITLS_SUCCESS;
181 }
182
CloseEventInAlertingState(HITLS_Ctx * ctx)183 static int32_t CloseEventInAlertingState(HITLS_Ctx *ctx)
184 {
185 /* If there are fatal alerts that are not sent, the system continues to send the alert. Otherwise, the system sends
186 * the close_notify alert */
187 ALERT_Send(ctx, ALERT_LEVEL_WARNING, ALERT_CLOSE_NOTIFY);
188 return CommonEventInAlertingState(ctx);
189 }
190
CloseEventInAlertedState(HITLS_Ctx * ctx)191 static int32_t CloseEventInAlertedState(HITLS_Ctx *ctx)
192 {
193 /*
194 * 1. Receive a fatal alert from the peer end.
195 * 2. A fatal alert has been sent to the peer end.
196 * 3. Receive the close notification from the peer end.
197 */
198 // Read and write operations are not allowed in the alerted state
199 ChangeConnState(ctx, CM_STATE_CLOSED);
200 ctx->shutdownState |= (HITLS_SENT_SHUTDOWN | HITLS_RECEIVED_SHUTDOWN);
201 return HITLS_SUCCESS;
202 }
203
CloseEventInClosedState(HITLS_Ctx * ctx)204 static int32_t CloseEventInClosedState(HITLS_Ctx *ctx)
205 {
206 int32_t ret;
207
208 /* When a user invokes the close function for the first time, a close notify message is sent to the peer end. When
209 * the user invokes the close function for the second time, the user attempts to receive the close notify message.
210 */
211 if ((ctx->shutdownState & HITLS_RECEIVED_SHUTDOWN) == 0) {
212 uint8_t data[DATA_MAX_LENGTH]; // Discard the received APP message.
213 uint32_t readLen = 0;
214
215 ALERT_CleanInfo(ctx);
216
217 ret = APP_Read(ctx, data, sizeof(data), &readLen);
218 if (ret == HITLS_SUCCESS) {
219 return HITLS_SUCCESS;
220 }
221
222 if (ALERT_GetFlag(ctx) == false) {
223 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16491, "Read fail");
224 }
225
226 int32_t alertRet = AlertEventProcess(ctx);
227 if (alertRet == HITLS_CM_LINK_CLOSED) {
228 return HITLS_SUCCESS;
229 }
230 if (alertRet != HITLS_SUCCESS) {
231 return RETURN_ERROR_NUMBER_PROCESS(alertRet, BINLOG_ID16492, "AlertEventProcess fail");
232 }
233 return ret;
234 }
235
236 if ((ctx->shutdownState & HITLS_SENT_SHUTDOWN) == 0) {
237 ALERT_Send(ctx, ALERT_LEVEL_WARNING, ALERT_CLOSE_NOTIFY);
238 ret = ALERT_Flush(ctx);
239 if (ret != HITLS_SUCCESS) {
240 ChangeConnState(ctx, CM_STATE_ALERTING);
241 return ret;
242 }
243 ctx->shutdownState |= HITLS_SENT_SHUTDOWN;
244 }
245
246 ChangeConnState(ctx, CM_STATE_CLOSED);
247 return HITLS_SUCCESS;
248 }
249
250 // Check and process the CTX status before HITLS_Connect and HITLS_Accept.
ProcessCtxState(HITLS_Ctx * ctx)251 int32_t ProcessCtxState(HITLS_Ctx *ctx)
252 {
253 int32_t ret;
254
255 if (ctx == NULL) {
256 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16493, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "input null", 0, 0, 0, 0);
257 return HITLS_NULL_INPUT;
258 }
259
260 /* Process the unsent alert message first, and then enter the corresponding state processing function based on the
261 * processing result */
262 if (GetConnState(ctx) == CM_STATE_ALERTING) {
263 ret = CommonEventInAlertingState(ctx);
264 if (ret != HITLS_SUCCESS) {
265 /* If the alert fails to be sent, a response is returned to the user */
266 return ret;
267 }
268 }
269
270 if ((GetConnState(ctx) >= CM_STATE_END) || (GetConnState(ctx) == CM_STATE_ALERTING)) {
271 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16494, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
272 "internal exception occurs", 0, 0, 0, 0);
273 /* If the alert message is sent successfully, the system switches to another state. Otherwise, an internal
274 * exception occurs */
275 return HITLS_INTERNAL_EXCEPTION;
276 }
277
278 return HITLS_SUCCESS;
279 }
280
HITLS_SetEndPoint(HITLS_Ctx * ctx,bool isClient)281 int32_t HITLS_SetEndPoint(HITLS_Ctx *ctx, bool isClient)
282 {
283 if (ctx == NULL) {
284 return HITLS_NULL_INPUT;
285 }
286
287 if (GetConnState(ctx) != CM_STATE_IDLE) {
288 return HITLS_MSG_HANDLE_STATE_ILLEGAL;
289 }
290
291 ctx->isClient = isClient;
292
293 int32_t ret = CONN_Init(ctx);
294 if (ret != HITLS_SUCCESS) {
295 return ret;
296 }
297
298 ChangeConnState(ctx, CM_STATE_HANDSHAKING);
299 return HITLS_SUCCESS;
300 }
301
ProcessEvent(HITLS_Ctx * ctx,ManageEventProcess proc)302 static int32_t ProcessEvent(HITLS_Ctx *ctx, ManageEventProcess proc)
303 {
304 return proc(ctx);
305 }
306
HITLS_Connect(HITLS_Ctx * ctx)307 int32_t HITLS_Connect(HITLS_Ctx *ctx)
308 {
309 int32_t ret = ProcessCtxState(ctx);
310 // Process the alerting state
311 if (ret != HITLS_SUCCESS) {
312 return ret;
313 }
314 ctx->allowAppOut = false;
315
316 ManageEventProcess connectEventProcess[CM_STATE_END] = {
317 ConnectEventInIdleState,
318 CommonEventInHandshakingState,
319 EstablishEventInTransportingState,
320 EstablishEventInRenegotiationState,
321 NULL, // The alerting phase has been processed in the ProcessCtxState function
322 EstablishEventInAlertedState,
323 EstablishEventInClosedState
324 };
325
326 ManageEventProcess proc = connectEventProcess[GetConnState(ctx)];
327 return ProcessEvent(ctx, proc);
328 }
329
HITLS_Accept(HITLS_Ctx * ctx)330 int32_t HITLS_Accept(HITLS_Ctx *ctx)
331 {
332 int32_t ret = ProcessCtxState(ctx);
333 if (ret != HITLS_SUCCESS) {
334 return ret;
335 }
336 ctx->allowAppOut = false;
337 #ifdef HITLS_TLS_FEATURE_PHA
338 ret = CommonCheckPostHandshakeAuth(ctx);
339 if (ret != HITLS_SUCCESS) {
340 return ret;
341 }
342 #endif
343 ManageEventProcess acceptEventProcess[CM_STATE_END] = {
344 AcceptEventInIdleState,
345 CommonEventInHandshakingState,
346 EstablishEventInTransportingState,
347 EstablishEventInRenegotiationState,
348 NULL,
349 EstablishEventInAlertedState,
350 EstablishEventInClosedState
351 };
352
353 ManageEventProcess proc = acceptEventProcess[GetConnState(ctx)];
354 return ProcessEvent(ctx, proc);
355 }
356
HITLS_Close(HITLS_Ctx * ctx)357 int32_t HITLS_Close(HITLS_Ctx *ctx)
358 {
359 if (ctx == NULL) {
360 return HITLS_NULL_INPUT;
361 }
362
363 ctx->userShutDown = 1;
364
365 if (ctx->config.tlsConfig.isQuietShutdown) {
366 ctx->shutdownState |= (HITLS_SENT_SHUTDOWN | HITLS_RECEIVED_SHUTDOWN);
367 ChangeConnState(ctx, CM_STATE_CLOSED);
368 return HITLS_SUCCESS;
369 }
370
371 ManageEventProcess closeEventProcess[CM_STATE_END] = {
372 CloseEventInIdleState,
373 CloseEventInHandshakingState, // Notify is sent to the peer end when the close interface is invoked during and
374 // after link establishment.
375 CloseEventInTransportingState, // Therefore, the same function is used for processing.
376 CloseEventInRenegotiationState, // In the renegotiation process, invoking the close function also sends a notify
377 // message to the peer end.
378 CloseEventInAlertingState,
379 CloseEventInAlertedState,
380 CloseEventInClosedState};
381
382 if (GetConnState(ctx) >= CM_STATE_END) {
383 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16497, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
384 "internal exception occurs", 0, 0, 0, 0);
385 return HITLS_INTERNAL_EXCEPTION;
386 }
387
388 int32_t ret;
389
390 do {
391 ManageEventProcess proc = closeEventProcess[GetConnState(ctx)];
392 ret = ProcessEvent(ctx, proc);
393 if (ret != HITLS_SUCCESS) {
394 return ret;
395 }
396 } while (GetConnState(ctx) != CM_STATE_CLOSED);
397
398 return HITLS_SUCCESS;
399 }
400
HITLS_GetError(const HITLS_Ctx * ctx,int32_t ret)401 int32_t HITLS_GetError(const HITLS_Ctx *ctx, int32_t ret)
402 {
403 if (ctx == NULL) {
404 /* Unknown error */
405 return RETURN_ERROR_NUMBER_PROCESS(HITLS_ERR_SYSCALL, BINLOG_ID16498, "ctx null");
406 }
407
408 /* No internal error occurs in the SSL */
409 if (ret == HITLS_SUCCESS) {
410 return HITLS_SUCCESS;
411 }
412
413 /* HANDSHAKING state */
414 if (ctx->state == CM_STATE_HANDSHAKING) {
415 /* In non-blocking mode, I/O read/write failure is acceptable and link establishment is allowed */
416 if (ret == HITLS_REC_NORMAL_IO_BUSY || ret == HITLS_REC_NORMAL_RECV_BUF_EMPTY) {
417 return (ctx->isClient == true) ? HITLS_WANT_CONNECT : HITLS_WANT_ACCEPT;
418 }
419
420 /* Unacceptable exceptions occur on the underlying I/O */
421 if (ret == HITLS_REC_ERR_IO_EXCEPTION) {
422 return RETURN_ERROR_NUMBER_PROCESS(HITLS_ERR_SYSCALL, BINLOG_ID16499, "Unacceptable exceptions occured");
423 }
424
425 /* The TLS protocol is incorrect */
426 return RETURN_ERROR_NUMBER_PROCESS(HITLS_ERR_TLS, BINLOG_ID16500, "TLS protocol err");
427 }
428
429 /* TRANSPORTING state */
430 if (ctx->state == CM_STATE_TRANSPORTING) {
431 /* An I/O read/write failure occurs in non-blocking mode. This failure is acceptable and data can be written */
432 if (ret == HITLS_REC_NORMAL_IO_BUSY) {
433 return RETURN_ERROR_NUMBER_PROCESS(HITLS_WANT_WRITE, BINLOG_ID16501, "This failure is acceptable");
434 }
435
436 /* An I/O read/write failure occurs in non-blocking mode. This failure is acceptable and data can be read
437 * continuously */
438 if (ret == HITLS_REC_NORMAL_RECV_BUF_EMPTY) {
439 return RETURN_ERROR_NUMBER_PROCESS(HITLS_WANT_READ, BINLOG_ID16502, "This failure is acceptable");
440 }
441
442 /* Unacceptable exceptions occur on the underlying I/O */
443 if (ret == HITLS_REC_ERR_IO_EXCEPTION) {
444 return RETURN_ERROR_NUMBER_PROCESS(HITLS_ERR_SYSCALL, BINLOG_ID16503, "Unacceptable exceptions occured");
445 }
446
447 /* The TLS protocol is incorrect */
448 return RETURN_ERROR_NUMBER_PROCESS(HITLS_ERR_TLS, BINLOG_ID16504, "TLS protocol err");
449 }
450
451 /* ALERTING state */
452 if (ctx->state == CM_STATE_ALERTING) {
453 if (ret == HITLS_REC_NORMAL_IO_BUSY) {
454 return RETURN_ERROR_NUMBER_PROCESS(HITLS_WANT_WRITE, BINLOG_ID16505, "This failure is acceptable");
455 }
456
457 if (ret == HITLS_REC_NORMAL_RECV_BUF_EMPTY) {
458 return RETURN_ERROR_NUMBER_PROCESS(HITLS_WANT_READ, BINLOG_ID16506, "This failure is acceptable");
459 }
460 }
461
462 /* ALERTED state ,indicating that the TLS protocol is faulty and the link is abnormal */
463 if (ctx->state == CM_STATE_ALERTED) {
464 return RETURN_ERROR_NUMBER_PROCESS(HITLS_ERR_TLS, BINLOG_ID16507, "TLS protocol is faulty");
465 }
466
467 /* Unknown error */
468 return RETURN_ERROR_NUMBER_PROCESS(HITLS_ERR_SYSCALL, BINLOG_ID16508, "unknown error");
469 }
470
471 #ifdef HITLS_TLS_CONFIG_STATE
HITLS_IsHandShakeDone(const HITLS_Ctx * ctx,uint8_t * isDone)472 int32_t HITLS_IsHandShakeDone(const HITLS_Ctx *ctx, uint8_t *isDone)
473 {
474 if (ctx == NULL || isDone == NULL) {
475 return HITLS_NULL_INPUT;
476 }
477
478 *isDone = 0;
479 if (ctx->state == CM_STATE_TRANSPORTING) {
480 *isDone = 1;
481 }
482
483 return HITLS_SUCCESS;
484 }
485
HITLS_GetHandShakeState(const HITLS_Ctx * ctx,uint32_t * state)486 int32_t HITLS_GetHandShakeState(const HITLS_Ctx *ctx, uint32_t *state)
487 {
488 if (ctx == NULL || state == NULL) {
489 return HITLS_NULL_INPUT;
490 }
491
492 uint32_t hsState = TLS_IDLE;
493 /* In initialization state */
494 if (ctx->state == CM_STATE_IDLE) {
495 hsState = TLS_IDLE;
496 }
497
498 /* The link has been set up */
499 if (ctx->state == CM_STATE_TRANSPORTING) {
500 hsState = TLS_CONNECTED;
501 }
502
503 /* The link is being established. If hsctx is not empty, obtain the status */
504 if (ctx->state == CM_STATE_HANDSHAKING ||
505 ctx->state == CM_STATE_RENEGOTIATION) {
506 hsState = HS_GetState(ctx);
507 }
508
509 if (ctx->state == CM_STATE_ALERTING) {
510 /* If hsCtx is not empty, it indicates that the link is being established. Obtain the corresponding status */
511 if (ctx->hsCtx != NULL) {
512 hsState = HS_GetState(ctx);
513 } else {
514 /* After the link is established, the hsCtx is released. In this case, the hsCtx is in connected state */
515 hsState = TLS_CONNECTED;
516 }
517 }
518
519 if (ctx->state == CM_STATE_ALERTED || ctx->state == CM_STATE_CLOSED) {
520 if (ctx->preState == CM_STATE_IDLE && ctx->hsCtx == NULL) {
521 hsState = TLS_IDLE;
522 } else if (ctx->hsCtx != NULL) {
523 /* If the value of ctx->hsCtx is not NULL, it indicates that the link is being established */
524 hsState = HS_GetState(ctx);
525 } else {
526 /* If hsCtx is NULL, the link has been established */
527 hsState = TLS_CONNECTED;
528 }
529 }
530
531 *state = hsState;
532 return HITLS_SUCCESS;
533 }
534
HITLS_IsHandShaking(const HITLS_Ctx * ctx,uint8_t * isHandShaking)535 int32_t HITLS_IsHandShaking(const HITLS_Ctx *ctx, uint8_t *isHandShaking)
536 {
537 if (ctx == NULL || isHandShaking == NULL) {
538 return HITLS_NULL_INPUT;
539 }
540
541 *isHandShaking = 0;
542 uint32_t state = GetConnState(ctx);
543 if ((state == CM_STATE_HANDSHAKING) || (state == CM_STATE_RENEGOTIATION)) {
544 *isHandShaking = 1;
545 }
546 return HITLS_SUCCESS;
547 }
548
HITLS_IsBeforeHandShake(const HITLS_Ctx * ctx,uint8_t * isBefore)549 int32_t HITLS_IsBeforeHandShake(const HITLS_Ctx *ctx, uint8_t *isBefore)
550 {
551 if (ctx == NULL || isBefore == NULL) {
552 return HITLS_NULL_INPUT;
553 }
554 *isBefore = 0;
555 if (GetConnState(ctx) == CM_STATE_IDLE) {
556 *isBefore = 1;
557 }
558 return HITLS_SUCCESS;
559 }
560 #endif /* HITLS_TLS_CONFIG_STATE */
561 #ifdef HITLS_TLS_PROTO_DTLS12
HITLS_SetMtu(HITLS_Ctx * ctx,long mtu)562 int32_t HITLS_SetMtu(HITLS_Ctx *ctx, long mtu)
563 {
564 if (ctx == NULL) {
565 return HITLS_NULL_INPUT;
566 }
567
568 if (mtu < DTLS_MIN_MTU) {
569 return HITLS_CONFIG_INVALID_LENGTH;
570 }
571
572 ctx->config.pmtu = (uint16_t)mtu;
573 return HITLS_SUCCESS;
574 }
575 #endif
576
577 #ifdef HITLS_TLS_CONNECTION_INFO_NEGOTIATION
HITLS_GetClientVersion(const HITLS_Ctx * ctx,uint16_t * clientVersion)578 int32_t HITLS_GetClientVersion(const HITLS_Ctx *ctx, uint16_t *clientVersion)
579 {
580 if (ctx == NULL || clientVersion == NULL) {
581 return HITLS_NULL_INPUT;
582 }
583 *clientVersion = ctx->negotiatedInfo.clientVersion;
584 return HITLS_SUCCESS;
585 }
586 #endif
587
588 #ifdef HITLS_TLS_CONFIG_STATE
HITLS_GetStateString(uint32_t state)589 const char *HITLS_GetStateString(uint32_t state)
590 {
591 return HS_GetStateStr(state);
592 }
593 #endif
594
HITLS_DoHandShake(HITLS_Ctx * ctx)595 int32_t HITLS_DoHandShake(HITLS_Ctx *ctx)
596 {
597 if (ctx == NULL) {
598 return HITLS_NULL_INPUT;
599 }
600
601 if (ctx->isClient) {
602 return HITLS_Connect(ctx);
603 } else {
604 return HITLS_Accept(ctx);
605 }
606 }
607 #ifdef HITLS_TLS_FEATURE_KEY_UPDATE
608 /* The updateType types are as follows: HITLS_UPDATE_NOT_REQUESTED (0), HITLS_UPDATE_REQUESTED (1) or
609 * HITLS_KEY_UPDATE_REQ_END(255). The local end sends 1 and the peer end sends 0 to the local end. The local end sends 0
610 * and the peer end does not send 0 to the local end.
611 */
HITLS_KeyUpdate(HITLS_Ctx * ctx,uint32_t updateType)612 int32_t HITLS_KeyUpdate(HITLS_Ctx *ctx, uint32_t updateType)
613 {
614 if (ctx == NULL) {
615 return HITLS_NULL_INPUT;
616 }
617 // Check whether the version is TLS1.3, whether the current status is transporting, and whether update is allowed.
618 int32_t ret = HS_CheckKeyUpdateState(ctx, updateType);
619 if (ret != HITLS_SUCCESS) {
620 return ret;
621 }
622 ctx->keyUpdateType = updateType;
623 ctx->isKeyUpdateRequest = true;
624 ret = HS_Init(ctx);
625 if (ret != HITLS_SUCCESS) {
626 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15955, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
627 "HS_Init fail when start keyupdate.", 0, 0, 0, 0);
628 return ret;
629 }
630 // Successfully sendKeyUpdate. Set isKeyUpdateRequest to false and keyUpdateType to HITLS_KEY_UPDATE_REQ_END.
631 ChangeConnState(ctx, CM_STATE_HANDSHAKING);
632 HS_ChangeState(ctx, TRY_SEND_KEY_UPDATE);
633
634 return HITLS_SUCCESS;
635 }
636
HITLS_GetKeyUpdateType(HITLS_Ctx * ctx)637 int32_t HITLS_GetKeyUpdateType(HITLS_Ctx *ctx)
638 {
639 if (ctx == NULL) {
640 return HITLS_NULL_INPUT;
641 }
642
643 if (ctx->isKeyUpdateRequest) {
644 return (int32_t)ctx->keyUpdateType;
645 }
646
647 return HITLS_KEY_UPDATE_REQ_END;
648 }
649 #endif
650 #ifdef HITLS_TLS_FEATURE_RENEGOTIATION
CheckRenegotiateValid(HITLS_Ctx * ctx)651 static int32_t CheckRenegotiateValid(HITLS_Ctx *ctx)
652 {
653 if (ctx == NULL) {
654 return HITLS_NULL_INPUT;
655 }
656
657 uint8_t isSupport = false;
658
659 (void)HITLS_GetRenegotiationSupport(ctx, &isSupport);
660 /* Renegotiation is disabled */
661 if (isSupport == false) {
662 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16071, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
663 "forbid renegotiate.", 0, 0, 0, 0);
664 return HITLS_CM_LINK_UNSUPPORT_SECURE_RENEGOTIATION;
665 }
666
667 /* If the version is TLS1.3 or the current link does not support security renegotiation, the system returns. */
668 if ((ctx->negotiatedInfo.version == HITLS_VERSION_TLS13) || (!ctx->negotiatedInfo.isSecureRenegotiation)) {
669 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15953, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
670 "unsupported renegotiate.", 0, 0, 0, 0);
671 return HITLS_CM_LINK_UNSUPPORT_SECURE_RENEGOTIATION;
672 }
673
674 /* If the link is not established, renegotiation cannot be performed. */
675 if ((ctx->state != CM_STATE_TRANSPORTING) && (ctx->state != CM_STATE_RENEGOTIATION)) {
676 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15954, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
677 "please complete the link establishment first.", 0, 0, 0, 0);
678 return HITLS_CM_LINK_UNESTABLISHED;
679 }
680
681 return HITLS_SUCCESS;
682 }
683
HITLS_Renegotiate(HITLS_Ctx * ctx)684 int32_t HITLS_Renegotiate(HITLS_Ctx *ctx)
685 {
686 int32_t ret = CheckRenegotiateValid(ctx);
687 if (ret != HITLS_SUCCESS) {
688 return ret;
689 }
690
691 if (ctx->negotiatedInfo.isRenegotiation) {
692 /* If the current state is renegotiation, no change is made. */
693 return HITLS_SUCCESS;
694 }
695
696 ctx->negotiatedInfo.isRenegotiation = true; /* Start renegotiation */
697
698 if (ctx->hsCtx != NULL) {
699 #if defined(HITLS_TLS_PROTO_DTLS12) && defined(HITLS_BSL_UIO_UDP)
700 /* The retransmission queue needs to be cleared in the dtls over UDP scenario. */
701 REC_RetransmitListClean(ctx->recCtx);
702 #endif
703 HS_DeInit(ctx);
704 }
705
706 ret = HS_Init(ctx);
707 if (ret != HITLS_SUCCESS) {
708 ctx->negotiatedInfo.isRenegotiation = false; /* renegotiation fails */
709 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15955, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
710 "HS_Init fail when start renegotiate.", 0, 0, 0, 0);
711 return ret;
712 }
713
714 ctx->userRenego = true; /* renegotiation initiated by the local end */
715 ctx->negotiatedInfo.renegotiationNum++;
716 ChangeConnState(ctx, CM_STATE_RENEGOTIATION);
717 return HITLS_SUCCESS;
718 }
719 #endif /* HITLS_TLS_FEATURE_RENEGOTIATION */
720
721 #ifdef HITLS_TLS_FEATURE_PHA
HITLS_VerifyClientPostHandshake(HITLS_Ctx * ctx)722 int32_t HITLS_VerifyClientPostHandshake(HITLS_Ctx *ctx)
723 {
724 if (ctx == NULL) {
725 return HITLS_NULL_INPUT;
726 }
727 if (ctx->isClient) {
728 return HITLS_INVALID_INPUT;
729 }
730 if (ctx->state != CM_STATE_TRANSPORTING || ctx->phaState != PHA_EXTENSION) {
731 return HITLS_MSG_HANDLE_STATE_ILLEGAL;
732 }
733 ctx->phaState = PHA_PENDING;
734 return HITLS_SUCCESS;
735 }
736 #endif