1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15 #include "hitls_build.h"
16 #ifdef HITLS_TLS_HOST_SERVER
17 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
18 #include "securec.h"
19 #include "tls_binlog_id.h"
20 #include "bsl_log_internal.h"
21 #include "bsl_log.h"
22 #include "bsl_bytes.h"
23 #include "bsl_sal.h"
24 #include "bsl_err_internal.h"
25 #include "hitls_error.h"
26 #include "hitls_crypt_type.h"
27 #include "hs_ctx.h"
28 #include "hs_msg.h"
29 #include "hs_common.h"
30 #include "parse_msg.h"
31 #include "parse_common.h"
32
33 #ifdef HITLS_TLS_SUITE_KX_ECDHE
34 /**
35 * @brief Parse the client ecdh message.
36 *
37 * @param ctx [IN] TLS context
38 * @param data [IN] message buffer
39 * @param len [IN] message buffer length
40 * @param hsMsg [OUT] Parsed message structure
41 *
42 * @retval HITLS_SUCCESS parsed successfully.
43 * @retval HITLS_PARSE_INVALID_MSG_LEN The message length is incorrect.
44 */
ParseClientKxMsgEcdhe(ParsePacket * pkt,ClientKeyExchangeMsg * msg)45 static int32_t ParseClientKxMsgEcdhe(ParsePacket *pkt, ClientKeyExchangeMsg *msg)
46 {
47 const char *logStr = BINGLOG_STR("clientKeyEx length error.");
48
49 /* Compatible with OpenSSL, add 3 bytes to the client key exchange */
50 #ifdef HITLS_TLS_PROTO_TLCP11
51 if (pkt->ctx->negotiatedInfo.version == HITLS_VERSION_TLCP_DTLCP11) {
52 // Curve type + Curve ID + Public key length
53 uint8_t minLen = sizeof(uint8_t) + sizeof(uint16_t) + sizeof(uint8_t);
54 if (pkt->bufLen - *pkt->bufOffset < minLen) {
55 return ParseErrorProcess(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID16222,
56 logStr, ALERT_DECODE_ERROR);
57 }
58 // Ignore the three bytes
59 *pkt->bufOffset += sizeof(uint8_t) + sizeof(uint16_t);
60 }
61 #endif
62 uint8_t pubKeySize = 0;
63 int32_t ret = ParseOneByteLengthField(pkt, &pubKeySize, &msg->data);
64 if (ret == HITLS_PARSE_INVALID_MSG_LEN) {
65 return ParseErrorProcess(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15635,
66 logStr, ALERT_DECODE_ERROR);
67 } else if (ret == HITLS_MEMALLOC_FAIL) {
68 return ParseErrorProcess(pkt->ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15637,
69 BINGLOG_STR("pubKey malloc fail."), ALERT_UNKNOWN);
70 }
71
72 if ((pkt->bufLen != *pkt->bufOffset) || (pubKeySize == 0)) {
73 return ParseErrorProcess(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15636,
74 BINGLOG_STR("length of client ecdh pubKeySize is incorrect."), ALERT_DECODE_ERROR);
75 }
76
77 msg->dataSize = pubKeySize;
78
79 return HITLS_SUCCESS;
80 }
81 #endif /* HITLS_TLS_SUITE_KX_ECDHE */
82 #ifdef HITLS_TLS_SUITE_KX_DHE
83 /**
84 * @brief Parse the Client Dhe message.
85 *
86 * @param ctx [IN] TLS context
87 * @param data [IN] message buffer
88 * @param len [IN] message buffer length
89 * @param hsMsg [OUT] Parsed message structure
90 *
91 * @retval HITLS_SUCCESS parsed successfully.
92 * @retval HITLS_PARSE_INVALID_MSG_LEN The message length is incorrect.
93 */
ParseClientKxMsgDhe(ParsePacket * pkt,ClientKeyExchangeMsg * msg)94 static int32_t ParseClientKxMsgDhe(ParsePacket *pkt, ClientKeyExchangeMsg *msg)
95 {
96 uint16_t pubKeySize = 0;
97 int32_t ret = ParseTwoByteLengthField(pkt, &pubKeySize, &msg->data);
98 if (ret == HITLS_PARSE_INVALID_MSG_LEN) {
99 return ParseErrorProcess(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15638,
100 BINGLOG_STR("clientKeyEx length error."), ALERT_DECODE_ERROR);
101 } else if (ret == HITLS_MEMALLOC_FAIL) {
102 return ParseErrorProcess(pkt->ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15640,
103 BINGLOG_STR("pubKey malloc fail."), ALERT_UNKNOWN);
104 }
105
106 if ((pkt->bufLen != *pkt->bufOffset) || (pubKeySize == 0)) {
107 return ParseErrorProcess(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15639,
108 BINGLOG_STR("length of client dh pubKeySize is incorrect."), ALERT_DECODE_ERROR);
109 }
110
111 msg->dataSize = (uint32_t)pubKeySize;
112 return HITLS_SUCCESS;
113 }
114 #endif /* HITLS_TLS_SUITE_KX_DHE */
115 #if defined(HITLS_TLS_SUITE_KX_RSA) || defined(HITLS_TLS_PROTO_TLCP11)
ParseClientKxMsgRsa(ParsePacket * pkt,ClientKeyExchangeMsg * msg)116 static int32_t ParseClientKxMsgRsa(ParsePacket *pkt, ClientKeyExchangeMsg *msg)
117 {
118 uint32_t encLen = pkt->bufLen - *pkt->bufOffset;
119 const char *logStr = BINGLOG_STR("Parse RSA Premaster Secret error.");
120 int32_t ret = 0;
121
122 uint16_t parsedEncLen = 0;
123 ret = ParseBytesToUint16(pkt, &parsedEncLen);
124 if (ret != HITLS_SUCCESS) {
125 return ParseErrorProcess(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15641,
126 logStr, ALERT_DECODE_ERROR);
127 }
128 encLen = parsedEncLen;
129
130 if ((encLen != (pkt->bufLen - *pkt->bufOffset)) || (encLen == 0)) {
131 return ParseErrorProcess(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15642,
132 logStr, ALERT_DECODE_ERROR);
133 }
134
135 ret = ParseBytesToArray(pkt, &msg->data, encLen);
136 if (ret == HITLS_MEMALLOC_FAIL) {
137 return ParseErrorProcess(pkt->ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15643,
138 BINGLOG_STR("pubKey malloc fail."), ALERT_UNKNOWN);
139 }
140
141 msg->dataSize = encLen;
142
143 return HITLS_SUCCESS;
144 }
145 #endif /* HITLS_TLS_SUITE_KX_RSA || HITLS_TLS_PROTO_TLCP11 */
146
147 #ifdef HITLS_TLS_FEATURE_PSK
ParseClientKxMsgIdentity(ParsePacket * pkt,ClientKeyExchangeMsg * msg)148 static int32_t ParseClientKxMsgIdentity(ParsePacket *pkt, ClientKeyExchangeMsg *msg)
149 {
150 uint16_t identityLen = 0;
151 int32_t ret = ParseBytesToUint16(pkt, &identityLen);
152 if (ret != HITLS_SUCCESS) {
153 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16972, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
154 "ParseBytesToUint16 fail, ret %d", ret, 0, 0, 0);
155 BSL_ERR_PUSH_ERROR(HITLS_CONFIG_INVALID_LENGTH);
156 return HITLS_CONFIG_INVALID_LENGTH;
157 }
158
159 if ((identityLen > pkt->bufLen - *pkt->bufOffset) || (identityLen > HS_PSK_IDENTITY_MAX_LEN)) {
160 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16973, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
161 "identityLen err", 0, 0, 0, 0);
162 BSL_ERR_PUSH_ERROR(HITLS_CONFIG_INVALID_LENGTH);
163 return HITLS_CONFIG_INVALID_LENGTH;
164 }
165
166 uint8_t *identity = NULL;
167 if (identityLen != 0) {
168 identity = (uint8_t *)BSL_SAL_Calloc(1u, (identityLen + 1) * sizeof(uint8_t));
169 if (identity == NULL) {
170 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16974, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
171 "Calloc fail", 0, 0, 0, 0);
172 BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
173 return HITLS_MEMALLOC_FAIL;
174 }
175 (void)memcpy_s(identity, identityLen + 1, &pkt->buf[*pkt->bufOffset], identityLen);
176 }
177 msg->pskIdentity = identity;
178 msg->pskIdentitySize = identityLen;
179 *pkt->bufOffset += identityLen;
180
181 return HITLS_SUCCESS;
182 }
183 #endif /* HITLS_TLS_FEATURE_PSK */
ParseClientKeyExchange(TLS_Ctx * ctx,const uint8_t * data,uint32_t len,HS_Msg * hsMsg)184 int32_t ParseClientKeyExchange(TLS_Ctx *ctx, const uint8_t *data, uint32_t len, HS_Msg *hsMsg)
185 {
186 int32_t ret;
187 uint32_t offset = 0u;
188 HS_Ctx *hsCtx = (HS_Ctx *)ctx->hsCtx;
189 ClientKeyExchangeMsg *msg = &hsMsg->body.clientKeyExchange;
190 ParsePacket pkt = {.ctx = ctx, .buf = data, .bufLen = len, .bufOffset = &offset};
191 #ifdef HITLS_TLS_FEATURE_PSK
192 if (IsPskNegotiation(ctx)) {
193 ret = ParseClientKxMsgIdentity(&pkt, msg);
194 if (ret != HITLS_SUCCESS) {
195 return ret;
196 }
197 }
198 #endif /* HITLS_TLS_FEATURE_PSK */
199 switch (hsCtx->kxCtx->keyExchAlgo) {
200 #ifdef HITLS_TLS_SUITE_KX_ECDHE
201 case HITLS_KEY_EXCH_ECDHE:
202 case HITLS_KEY_EXCH_ECDHE_PSK:
203 ret = ParseClientKxMsgEcdhe(&pkt, msg);
204 break;
205 #endif /* HITLS_TLS_SUITE_KX_ECDHE */
206 #ifdef HITLS_TLS_SUITE_KX_DHE
207 case HITLS_KEY_EXCH_DHE:
208 case HITLS_KEY_EXCH_DHE_PSK:
209 ret = ParseClientKxMsgDhe(&pkt, msg);
210 break;
211 #endif /* HITLS_TLS_SUITE_KX_DHE */
212 #if defined(HITLS_TLS_SUITE_KX_RSA) || defined(HITLS_TLS_PROTO_TLCP11)
213 case HITLS_KEY_EXCH_RSA:
214 case HITLS_KEY_EXCH_RSA_PSK:
215 case HITLS_KEY_EXCH_ECC:
216 ret = ParseClientKxMsgRsa(&pkt, msg);
217 break;
218 #endif /* HITLS_TLS_SUITE_KX_RSA || HITLS_TLS_PROTO_TLCP11 */
219 case HITLS_KEY_EXCH_PSK:
220 return HITLS_SUCCESS;
221 default:
222 ret = HITLS_PARSE_UNSUPPORT_KX_ALG;
223 break;
224 }
225 if (ret != HITLS_SUCCESS) {
226 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15644, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
227 "parse client key exchange msg fail.", 0, 0, 0, 0);
228 CleanClientKeyExchange(msg);
229 }
230
231 return ret;
232 }
233
CleanClientKeyExchange(ClientKeyExchangeMsg * msg)234 void CleanClientKeyExchange(ClientKeyExchangeMsg *msg)
235 {
236 if (msg == NULL) {
237 return;
238 }
239 #ifdef HITLS_TLS_FEATURE_PSK
240 BSL_SAL_FREE(msg->pskIdentity);
241 #endif /* HITLS_TLS_FEATURE_PSK */
242 BSL_SAL_FREE(msg->data);
243 return;
244 }
245 #endif /* HITLS_TLS_PROTO_TLS_BASIC || HITLS_TLS_PROTO_DTLS12 */
246 #endif /* HITLS_TLS_HOST_SERVER */