• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is part of the openHiTLS project.
3  *
4  * openHiTLS is licensed under the Mulan PSL v2.
5  * You can use this software according to the terms and conditions of the Mulan PSL v2.
6  * You may obtain a copy of Mulan PSL v2 at:
7  *
8  *     http://license.coscl.org.cn/MulanPSL2
9  *
10  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11  * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12  * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13  * See the Mulan PSL v2 for more details.
14  */
15 #include "hitls_build.h"
16 #ifdef HITLS_TLS_FEATURE_ALPN
17 #include <stdint.h>
18 #include "securec.h"
19 #include "hitls_error.h"
20 #include "bsl_err_internal.h"
21 #include "bsl_sal.h"
22 #include "tls_binlog_id.h"
23 #include "hs_ctx.h"
24 #include "tls.h"
25 #include "alpn.h"
26 
27 #define MAX_PROTOCOL_LEN 65536
28 
ALPN_SelectProtocol(uint8_t ** out,uint32_t * outLen,uint8_t * clientAlpnList,uint32_t clientAlpnListLen,uint8_t * servAlpnList,uint32_t servAlpnListLen)29 int32_t ALPN_SelectProtocol(uint8_t **out, uint32_t *outLen, uint8_t *clientAlpnList, uint32_t clientAlpnListLen,
30     uint8_t *servAlpnList, uint32_t servAlpnListLen)
31 {
32     if (out == NULL || outLen == NULL || clientAlpnList == NULL || servAlpnList == NULL ||
33         servAlpnListLen == 0 || clientAlpnListLen == 0) {
34         BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16690, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "intput null", 0, 0, 0, 0);
35         BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
36         return HITLS_NULL_INPUT;
37     }
38 
39     uint32_t i, j;
40     for (i = 0; i < servAlpnListLen;) {
41         for (j = 0; j < clientAlpnListLen;) {
42             if (servAlpnList[i] == clientAlpnList[j] &&
43                 (memcmp(&servAlpnList[i + 1], &clientAlpnList[j + 1], servAlpnList[i]) == 0)) {
44                 *out = &servAlpnList[i + 1];
45                 *outLen = servAlpnList[i];
46                 return HITLS_SUCCESS;
47             }
48             j = j + clientAlpnList[j];
49             ++j;
50         }
51         i = i + servAlpnList[i];
52         ++i;
53     }
54 
55     return HITLS_SUCCESS;
56 }
57 
SelectProtocol(TLS_Ctx * ctx,uint8_t * alpnSelected,uint16_t alpnSelectedSize)58 static int32_t SelectProtocol(TLS_Ctx *ctx, uint8_t *alpnSelected, uint16_t alpnSelectedSize)
59 {
60     uint8_t *protoMatch = NULL;
61     uint32_t protoMatchLen = 0;
62 
63     int32_t ret = ALPN_SelectProtocol(&protoMatch, &protoMatchLen, alpnSelected,
64         alpnSelectedSize, ctx->config.tlsConfig.alpnList, ctx->config.tlsConfig.alpnListSize);
65     if (ret != HITLS_SUCCESS) {
66         BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15258, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
67             "client check proposed protocol fail due to invalid params.", 0, 0, 0, 0);
68         ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
69         return ret;
70     } else if (protoMatch == NULL) {
71         /* The RFC 7301 does not specify the behavior when the client selectedProto does not match the local
72          * configuration list. */
73         BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_ALPN_PROTOCOL_NO_MATCH);
74         BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15259, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
75             "server proposed protocol is not supported by client", 0, 0, 0, 0);
76         return HITLS_SUCCESS;
77     }
78 
79     uint8_t *alpnSelectedTmp = (uint8_t *)BSL_SAL_Calloc(1u, (protoMatchLen + 1));
80     if (alpnSelectedTmp == NULL) {
81         BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15260, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
82             "client malloc selected alpn mem failed.", 0, 0, 0, 0);
83         ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
84         BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
85         return HITLS_MEMALLOC_FAIL;
86     }
87 
88     if (memcpy_s(alpnSelectedTmp, protoMatchLen + 1, protoMatch,
89         protoMatchLen) != EOK) {
90         BSL_SAL_FREE(alpnSelectedTmp);
91         BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15261, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
92             "client copy selected alpn failed.", 0, 0, 0, 0);
93         ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
94         BSL_ERR_PUSH_ERROR(HITLS_MEMCPY_FAIL);
95         return HITLS_MEMCPY_FAIL;
96     }
97 
98     BSL_SAL_FREE(ctx->negotiatedInfo.alpnSelected);
99     ctx->negotiatedInfo.alpnSelected = alpnSelectedTmp;
100     ctx->negotiatedInfo.alpnSelectedSize = protoMatchLen;
101 
102     return HITLS_SUCCESS;
103 }
104 
ClientCheckNegotiatedAlpn(TLS_Ctx * ctx,bool haveSelectedAlpn,uint8_t * alpnSelected,uint16_t alpnSelectedSize)105 int32_t ClientCheckNegotiatedAlpn(
106     TLS_Ctx *ctx, bool haveSelectedAlpn, uint8_t *alpnSelected, uint16_t alpnSelectedSize)
107 {
108     if ((!ctx->hsCtx->extFlag.haveAlpn) && haveSelectedAlpn) {
109         BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15257, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
110             "client did not send but get selected alpn protocol.", 0, 0, 0, 0);
111         ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_UNSUPPORTED_EXTENSION);
112         BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_UNSUPPORT_EXTENSION_TYPE);
113         return HITLS_MSG_HANDLE_UNSUPPORT_EXTENSION_TYPE;
114     }
115 
116     if (alpnSelectedSize == 0) {
117         return HITLS_SUCCESS;
118     }
119 
120     int32_t ret = SelectProtocol(ctx, alpnSelected, alpnSelectedSize);
121     if (ret != HITLS_SUCCESS) {
122         return ret;
123     }
124 
125     BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15262, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
126         "ALPN protocol: %s.", ctx->negotiatedInfo.alpnSelected, 0, 0, 0);
127     return HITLS_SUCCESS;
128 }
129 #endif /* HITLS_TLS_FEATURE_ALPN */