1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15 #include "hitls_build.h"
16 #include "securec.h"
17 #include "bsl_bytes.h"
18 #include "tls_binlog_id.h"
19 #include "bsl_log_internal.h"
20 #include "bsl_log.h"
21 #include "bsl_sal.h"
22 #include "bsl_err_internal.h"
23 #include "hitls_error.h"
24 #include "parse_common.h"
25
26 #define UINT24_SIZE 3u
27
ParseVersion(ParsePacket * pkt,uint16_t * version)28 int32_t ParseVersion(ParsePacket *pkt, uint16_t *version)
29 {
30 int32_t ret = ParseBytesToUint16(pkt, version);
31 if (ret != HITLS_SUCCESS) {
32 return ParseErrorProcess(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15645,
33 BINGLOG_STR("parse version failed"), ALERT_DECODE_ERROR);
34 }
35 return HITLS_SUCCESS;
36 }
37
ParseRandom(ParsePacket * pkt,uint8_t * random,uint32_t randomSize)38 int32_t ParseRandom(ParsePacket *pkt, uint8_t *random, uint32_t randomSize)
39 {
40 int32_t ret = ParseCopyBytesToArray(pkt, random, randomSize);
41 if (ret != HITLS_SUCCESS) {
42 return ParseErrorProcess(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15646,
43 BINGLOG_STR("parse random failed."), ALERT_DECODE_ERROR);
44 }
45 return HITLS_SUCCESS;
46 }
47
ParseSessionId(ParsePacket * pkt,uint8_t * idSize,uint8_t ** id)48 int32_t ParseSessionId(ParsePacket *pkt, uint8_t *idSize, uint8_t **id)
49 {
50 int32_t ret = ParseOneByteLengthField(pkt, idSize, id);
51 if (ret == HITLS_PARSE_INVALID_MSG_LEN) {
52 return ParseErrorProcess(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15647,
53 BINGLOG_STR("parse sessionId failed."), ALERT_DECODE_ERROR);
54 } else if (ret == HITLS_MEMALLOC_FAIL) {
55 return ParseErrorProcess(pkt->ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15651,
56 BINGLOG_STR("sessionId malloc fail."), ALERT_UNKNOWN);
57 }
58 if (*idSize == 0u) {
59 return HITLS_SUCCESS;
60 }
61 /* According to RFC 5246, the length of sessionId cannot exceed 32 bytes */
62 if (*idSize > TLS_HS_MAX_SESSION_ID_SIZE) {
63 return ParseErrorProcess(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15649,
64 BINGLOG_STR("sessionId length over 32."), ALERT_DECODE_ERROR);
65 }
66
67 /* The session ID length must be greater than or equal to 24 bytes according to the company security redline */
68 if (*idSize < TLS_HS_MIN_SESSION_ID_SIZE) {
69 return ParseErrorProcess(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15650,
70 BINGLOG_STR("sessionId length less than 24."), ALERT_DECODE_ERROR);
71 }
72
73 return HITLS_SUCCESS;
74 }
75
ParseCookie(ParsePacket * pkt,uint8_t * cookieLen,uint8_t ** cookie)76 int32_t ParseCookie(ParsePacket *pkt, uint8_t *cookieLen, uint8_t **cookie)
77 {
78 int32_t ret = ParseOneByteLengthField(pkt, cookieLen, cookie);
79 if (ret == HITLS_PARSE_INVALID_MSG_LEN) {
80 return ParseErrorProcess(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15652,
81 BINGLOG_STR("parse cookie failed."), ALERT_DECODE_ERROR);
82 } else if (ret == HITLS_MEMALLOC_FAIL) {
83 return ParseErrorProcess(pkt->ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15654,
84 BINGLOG_STR("cookie malloc failed."), ALERT_UNKNOWN);
85 }
86 return HITLS_SUCCESS;
87 }
88
ParseBytesToUint8(ParsePacket * pkt,uint8_t * object)89 int32_t ParseBytesToUint8(ParsePacket *pkt, uint8_t *object)
90 {
91 if (pkt->bufLen - *pkt->bufOffset < sizeof(uint8_t)) {
92 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16975, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "bufLen err", 0, 0, 0, 0);
93 return HITLS_PARSE_INVALID_MSG_LEN;
94 }
95 *object = (uint8_t)pkt->buf[*pkt->bufOffset];
96 *pkt->bufOffset += sizeof(uint8_t);
97 return HITLS_SUCCESS;
98 }
99
ParseBytesToUint16(ParsePacket * pkt,uint16_t * object)100 int32_t ParseBytesToUint16(ParsePacket *pkt, uint16_t *object)
101 {
102 if (pkt->bufLen - *pkt->bufOffset < sizeof(uint16_t)) {
103 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16976, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "bufLen err", 0, 0, 0, 0);
104 return HITLS_PARSE_INVALID_MSG_LEN;
105 }
106 *object = BSL_ByteToUint16(&pkt->buf[*pkt->bufOffset]);
107 *pkt->bufOffset += sizeof(uint16_t);
108 return HITLS_SUCCESS;
109 }
110
ParseBytesToUint24(ParsePacket * pkt,uint32_t * object)111 int32_t ParseBytesToUint24(ParsePacket *pkt, uint32_t *object)
112 {
113 if (pkt->bufLen - *pkt->bufOffset < UINT24_SIZE) {
114 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16977, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "bufLen err", 0, 0, 0, 0);
115 return HITLS_PARSE_INVALID_MSG_LEN;
116 }
117 *object = BSL_ByteToUint24(&pkt->buf[*pkt->bufOffset]);
118 *pkt->bufOffset += UINT24_SIZE;
119 return HITLS_SUCCESS;
120 }
121
ParseBytesToUint32(ParsePacket * pkt,uint32_t * object)122 int32_t ParseBytesToUint32(ParsePacket *pkt, uint32_t *object)
123 {
124 if (pkt->bufLen - *pkt->bufOffset < sizeof(uint32_t)) {
125 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16978, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "bufLen err", 0, 0, 0, 0);
126 return HITLS_PARSE_INVALID_MSG_LEN;
127 }
128 *object = BSL_ByteToUint32(&pkt->buf[*pkt->bufOffset]);
129 *pkt->bufOffset += sizeof(uint32_t);
130 return HITLS_SUCCESS;
131 }
132
ParseOneByteLengthField(ParsePacket * pkt,uint8_t * objectSize,uint8_t ** object)133 int32_t ParseOneByteLengthField(ParsePacket *pkt, uint8_t *objectSize, uint8_t **object)
134 {
135 int32_t ret = ParseBytesToUint8(pkt, objectSize);
136 if (ret != HITLS_SUCCESS) {
137 return ret;
138 }
139
140 return ParseBytesToArray(pkt, object, *objectSize);
141 }
142
ParseTwoByteLengthField(ParsePacket * pkt,uint16_t * objectSize,uint8_t ** object)143 int32_t ParseTwoByteLengthField(ParsePacket *pkt, uint16_t *objectSize, uint8_t **object)
144 {
145 int32_t ret = ParseBytesToUint16(pkt, objectSize);
146 if (ret != HITLS_SUCCESS) {
147 return ret;
148 }
149
150 return ParseBytesToArray(pkt, object, *objectSize);
151 }
152
ParseBytesToArray(ParsePacket * pkt,uint8_t ** object,uint32_t length)153 int32_t ParseBytesToArray(ParsePacket *pkt, uint8_t **object, uint32_t length)
154 {
155 BSL_SAL_FREE(*object);
156 if (pkt->bufLen - *pkt->bufOffset < length) {
157 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16979, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "bufLen err", 0, 0, 0, 0);
158 return HITLS_PARSE_INVALID_MSG_LEN;
159 }
160 if (length == 0) {
161 return HITLS_SUCCESS;
162 }
163
164 *object = (uint8_t *)BSL_SAL_Malloc(length);
165 if (*object == NULL) {
166 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16980, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "Malloc fail", 0, 0, 0, 0);
167 return HITLS_MEMALLOC_FAIL;
168 }
169
170 (void)memcpy_s(*object, length, &pkt->buf[*pkt->bufOffset], length);
171 *pkt->bufOffset += length;
172
173 return HITLS_SUCCESS;
174 }
175
ParseCopyBytesToArray(ParsePacket * pkt,uint8_t * object,uint32_t length)176 int32_t ParseCopyBytesToArray(ParsePacket *pkt, uint8_t *object, uint32_t length)
177 {
178 if (pkt->bufLen - *pkt->bufOffset < length) {
179 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16981, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "bufLen err", 0, 0, 0, 0);
180 return HITLS_PARSE_INVALID_MSG_LEN;
181 }
182 (void)memcpy_s(object, length, &pkt->buf[*pkt->bufOffset], length);
183 *pkt->bufOffset += length;
184 return HITLS_SUCCESS;
185 }
186
ParseErrorProcess(TLS_Ctx * ctx,int32_t err,uint32_t logId,const void * format,ALERT_Description description)187 int32_t ParseErrorProcess(TLS_Ctx *ctx, int32_t err, uint32_t logId, const void *format,
188 ALERT_Description description)
189 {
190 BSL_ERR_PUSH_ERROR(err);
191 if (format != NULL) {
192 BSL_LOG_BINLOG_FIXLEN(logId, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, format, 0, 0, 0, 0);
193 }
194 if (description != ALERT_UNKNOWN) {
195 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, description);
196 }
197 return err;
198 }
199
CheckPeerSignScheme(HITLS_Ctx * ctx,CERT_Pair * peerCert,uint16_t signScheme)200 int32_t CheckPeerSignScheme(HITLS_Ctx *ctx, CERT_Pair *peerCert, uint16_t signScheme)
201 {
202 if (peerCert == NULL) {
203 return RETURN_ERROR_NUMBER_PROCESS(HITLS_PARSE_UNSUPPORT_SIGN_ALG, BINLOG_ID17160, "peerCert null");
204 }
205 HITLS_Config *config = &ctx->config.tlsConfig;
206 HITLS_CERT_Key *pubkey = NULL;
207 int32_t ret = SAL_CERT_X509Ctrl(config, peerCert->cert, CERT_CTRL_GET_PUB_KEY, NULL, (void *)&pubkey);
208 if (ret != HITLS_SUCCESS) {
209 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID17140, "get pubkey fail");
210 }
211 uint32_t keyType = TLS_CERT_KEY_TYPE_UNKNOWN;
212 ret = SAL_CERT_KeyCtrl(config, pubkey, CERT_KEY_CTRL_GET_TYPE, NULL, (void *)&keyType);
213 SAL_CERT_KeyFree(config->certMgrCtx, pubkey);
214 if (ret != HITLS_SUCCESS) {
215 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID17099, "get pubkey type fail");
216 }
217
218 if (keyType != SAL_CERT_SignScheme2CertKeyType(ctx, signScheme)) {
219 return RETURN_ERROR_NUMBER_PROCESS(HITLS_PARSE_UNSUPPORT_SIGN_ALG, BINLOG_ID17156, "signScheme err");
220 }
221
222 return HITLS_SUCCESS;
223 }
224