1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15 #include "hitls_build.h"
16 #if defined(HITLS_TLS_PROTO_DTLS12) && defined(HITLS_BSL_UIO_UDP) && defined(HITLS_TLS_HOST_SERVER)
17 #include <stdint.h>
18 #include "securec.h"
19 #include "tls_binlog_id.h"
20 #include "bsl_log_internal.h"
21 #include "bsl_log.h"
22 #include "bsl_err_internal.h"
23 #include "bsl_bytes.h"
24 #include "hitls_error.h"
25 #include "hitls_security.h"
26 #include "tls.h"
27 #ifdef HITLS_TLS_FEATURE_SECURITY
28 #include "security.h"
29 #endif
30 #include "hs_ctx.h"
31 #include "pack_common.h"
32 #include "pack_extensions.h"
33
34 // Pack the mandatory content of the HelloVerifyRequest message
PackHelloVerifyReqMandatoryField(const TLS_Ctx * ctx,uint8_t * buf,uint32_t bufLen,uint32_t * usedLen)35 static int32_t PackHelloVerifyReqMandatoryField(const TLS_Ctx *ctx, uint8_t *buf, uint32_t bufLen, uint32_t *usedLen)
36 {
37 const TLS_NegotiatedInfo *negotiatedInfo = &ctx->negotiatedInfo;
38 /* According to rfc6347 4.2.1, message with the cookie length of 0 can be sent,
39 but it is meaningless and will be trapped in an infinite loop.
40 Therefore, cannot sent cookies with the length of 0 here. */
41 if (negotiatedInfo->cookieSize == 0) {
42 BSL_ERR_PUSH_ERROR(HITLS_PACK_COOKIE_ERR);
43 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15828, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
44 "cookieSize is 0.", 0, 0, 0, 0);
45 return HITLS_PACK_COOKIE_ERR;
46 }
47
48 /* The bufLen must be able to pack at least the version number (2 bytes) + cookiesize (1 byte) + cookie (xx bytes) */
49 if (bufLen < (sizeof(uint16_t) + sizeof(uint8_t) + negotiatedInfo->cookieSize)) {
50 BSL_ERR_PUSH_ERROR(HITLS_PACK_NOT_ENOUGH_BUF_LENGTH);
51 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17329, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
52 "pack hello verify request mandatory field error, the bufLen(%u) is not enough.", bufLen, NULL, NULL, NULL);
53 return HITLS_PACK_NOT_ENOUGH_BUF_LENGTH;
54 }
55
56 uint32_t offset = 0u;
57 uint16_t version = HITLS_VERSION_DTLS10;
58 if (IS_SUPPORT_TLCP(ctx->config.tlsConfig.originVersionMask)) {
59 version = HITLS_VERSION_TLCP_DTLCP11;
60 }
61
62 BSL_Uint16ToByte(version, &buf[offset]); // version number
63 offset += sizeof(uint16_t);
64
65 buf[offset] = (uint8_t)negotiatedInfo->cookieSize;
66 offset++;
67 /* assemble the cookie */
68 (void)memcpy_s(&buf[offset], bufLen - offset, negotiatedInfo->cookie, negotiatedInfo->cookieSize);
69 offset += negotiatedInfo->cookieSize;
70 *usedLen = offset;
71 return HITLS_SUCCESS;
72 }
73
74 // Pack the HelloVerifyRequest message.
PackHelloVerifyRequest(TLS_Ctx * ctx,uint8_t * buf,uint32_t bufLen,uint32_t * usedLen)75 int32_t PackHelloVerifyRequest(TLS_Ctx *ctx, uint8_t *buf, uint32_t bufLen, uint32_t *usedLen)
76 {
77 uint32_t offset = 0u;
78 uint32_t msgLen = 0u;
79
80 int32_t ret = PackHelloVerifyReqMandatoryField(ctx, buf, bufLen, &msgLen);
81 if (ret != HITLS_SUCCESS) {
82 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17330, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
83 "pack hello verify request mandatory content fail.", 0, 0, 0, 0);
84 return ret;
85 }
86 offset += msgLen;
87
88 *usedLen = offset;
89 return HITLS_SUCCESS;
90 }
91 #endif /* HITLS_TLS_PROTO_DTLS12 && HITLS_BSL_UIO_UDP && HITLS_TLS_HOST_SERVER */