1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15 #include "hitls_build.h"
16 #ifdef HITLS_TLS_HOST_SERVER
17 #include "securec.h"
18 #include "tls_binlog_id.h"
19 #include "bsl_log_internal.h"
20 #include "bsl_log.h"
21 #include "bsl_sal.h"
22 #include "bsl_err_internal.h"
23 #include "bsl_bytes.h"
24 #include "bsl_list.h"
25 #include "hitls_error.h"
26 #include "hitls_cert_type.h"
27 #include "tls.h"
28 #include "hs_extensions.h"
29 #include "hs_common.h"
30 #include "parse_common.h"
31 #include "hs_ctx.h"
32 #include "alert.h"
33 #include "parse_extensions.h"
34 #include "custom_extensions.h"
35
36
StorePeerSupportGroup(TLS_Ctx * ctx,ClientHelloMsg * msg)37 static int32_t StorePeerSupportGroup(TLS_Ctx *ctx, ClientHelloMsg *msg)
38 {
39 (void)ctx;
40 (void)msg;
41 #ifdef HITLS_TLS_CONNECTION_INFO_NEGOTIATION
42 BSL_SAL_FREE(ctx->peerInfo.groups);
43 ctx->peerInfo.groups = (uint16_t *)BSL_SAL_Dump(
44 msg->extension.content.supportedGroups, msg->extension.content.supportedGroupsSize * sizeof(uint16_t));
45 if (ctx->peerInfo.groups == NULL) {
46 BSL_SAL_FREE(msg->extension.content.supportedGroups);
47 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15136, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
48 "supportedGroups dump fail when parse extensions msg.", 0, 0, 0, 0);
49 BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
50 return HITLS_MEMALLOC_FAIL;
51 }
52 ctx->peerInfo.groupsSize = msg->extension.content.supportedGroupsSize;
53 #endif
54 return HITLS_SUCCESS;
55 }
56
57 // Parse the supported group messages.
ParseClientSupportGroups(ParsePacket * pkt,ClientHelloMsg * msg)58 static int32_t ParseClientSupportGroups(ParsePacket *pkt, ClientHelloMsg *msg)
59 {
60 /* Parsed extensions of the same type */
61 if (msg->extension.flag.haveSupportedGroups == true) {
62 return ParseDupExtProcess(pkt->ctx, BINLOG_ID15132, BINGLOG_STR("ClientSupportGroups"));
63 }
64
65 uint16_t groupBufLen = 0;
66 int32_t ret = ParseBytesToUint16(pkt, &groupBufLen);
67 if (ret != HITLS_SUCCESS) {
68 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15133, BINGLOG_STR("supported groups"));
69 }
70
71 uint16_t groupLen = groupBufLen / sizeof(uint16_t);
72
73 /* If the length of the packet does not match the extended length, or the length is 0, the handshake message error
74 * is returned */
75 if (((groupBufLen & 1) != 0) || ((groupLen * sizeof(uint16_t)) != (pkt->bufLen - sizeof(uint16_t))) ||
76 (groupLen == 0)) {
77 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15134, BINGLOG_STR("supported groups"));
78 }
79
80 msg->extension.content.supportedGroups = (uint16_t *)BSL_SAL_Calloc(groupLen, sizeof(uint16_t));
81 if (msg->extension.content.supportedGroups == NULL) {
82 return ParseErrorProcess(pkt->ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15135,
83 BINGLOG_STR("supportedGroups malloc fail."), ALERT_UNKNOWN);
84 }
85
86 for (uint32_t i = 0; i < groupLen; i++) {
87 msg->extension.content.supportedGroups[i] = BSL_ByteToUint16(&pkt->buf[*pkt->bufOffset]);
88 *pkt->bufOffset += sizeof(uint16_t);
89 }
90
91 msg->extension.content.supportedGroupsSize = groupLen;
92 msg->extension.flag.haveSupportedGroups = true;
93
94 return StorePeerSupportGroup(pkt->ctx, msg);
95 }
96
97 // Parse the extension item of the client hello signature algorithm.
ParseClientSignatureAlgorithms(ParsePacket * pkt,ClientHelloMsg * msg)98 static int32_t ParseClientSignatureAlgorithms(ParsePacket *pkt, ClientHelloMsg *msg)
99 {
100 /* Parsed extensions of the same type */
101 if (msg->extension.flag.haveSignatureAlgorithms == true) {
102 return ParseDupExtProcess(pkt->ctx, BINLOG_ID15128, BINGLOG_STR("ClientSignatureAlgorithms"));
103 }
104
105 uint16_t signAlgBufLen = 0;
106 int32_t ret = ParseBytesToUint16(pkt, &signAlgBufLen);
107 if (ret != HITLS_SUCCESS) {
108 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15129, BINGLOG_STR("signatureAlgorithms"));
109 }
110
111 uint16_t signatureAlgorithmsSize = signAlgBufLen / sizeof(uint16_t);
112
113 // Add exception handling. The value of signAlgBufLen cannot be an odd number. Each algorithm occupies two bytes.
114 /* If the packet length does not match the extended length or the length is 0, a handshake message error is
115 * returned. */
116 if (((signAlgBufLen & 1) != 0) || (signAlgBufLen != (pkt->bufLen - *pkt->bufOffset)) ||
117 (signatureAlgorithmsSize == 0)) {
118 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15130, BINGLOG_STR("signatureAlgorithms"));
119 }
120
121 /* Parse signatureAlgorithms */
122 uint16_t *signatureAlgorithms = (uint16_t *)BSL_SAL_Calloc(signatureAlgorithmsSize, sizeof(uint16_t));
123 if (signatureAlgorithms == NULL) {
124 return ParseErrorProcess(pkt->ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15131,
125 BINGLOG_STR("signatureAlgorithms malloc fail."), ALERT_UNKNOWN);
126 }
127 for (uint32_t i = 0; i < signatureAlgorithmsSize; i++) {
128 signatureAlgorithms[i] = BSL_ByteToUint16(&pkt->buf[*pkt->bufOffset]);
129 *pkt->bufOffset += sizeof(uint16_t);
130 }
131
132 msg->extension.content.signatureAlgorithmsSize = signatureAlgorithmsSize;
133 msg->extension.content.signatureAlgorithms = signatureAlgorithms;
134 msg->extension.flag.haveSignatureAlgorithms = true;
135
136 return HITLS_SUCCESS;
137 }
138
139 // Parse the client message in point format.
ParseClientPointFormats(ParsePacket * pkt,ClientHelloMsg * msg)140 static int32_t ParseClientPointFormats(ParsePacket *pkt, ClientHelloMsg *msg)
141 {
142 /* Parsed extensions of the same type */
143 if (msg->extension.flag.havePointFormats == true) {
144 return ParseDupExtProcess(pkt->ctx, BINLOG_ID15137, BINGLOG_STR("ClientPointFormats"));
145 }
146
147 uint8_t pointFormatsSize = 0;
148 int32_t ret = ParseOneByteLengthField(pkt, &pointFormatsSize, &msg->extension.content.pointFormats);
149 if (ret == HITLS_PARSE_INVALID_MSG_LEN) {
150 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15138, BINGLOG_STR("point formats"));
151 } else if (ret == HITLS_MEMALLOC_FAIL) {
152 return ParseErrorProcess(pkt->ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15140,
153 BINGLOG_STR("pointFormats malloc fail."), ALERT_UNKNOWN);
154 }
155
156 if ((pkt->bufLen != *pkt->bufOffset) || (pointFormatsSize == 0u)) {
157 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15139, BINGLOG_STR("point formats"));
158 }
159
160 msg->extension.flag.havePointFormats = true;
161 msg->extension.content.pointFormatsSize = pointFormatsSize;
162 pkt->ctx->haveClientPointFormats = true;
163
164 return HITLS_SUCCESS;
165 }
166
ParseClientExtMasterSecret(ParsePacket * pkt,ClientHelloMsg * msg)167 static int32_t ParseClientExtMasterSecret(ParsePacket *pkt, ClientHelloMsg *msg)
168 {
169 return ParseEmptyExtension(pkt->ctx, HS_EX_TYPE_EXTENDED_MASTER_SECRET, pkt->bufLen,
170 &msg->extension.flag.haveExtendedMasterSecret);
171 }
172 #ifdef HITLS_TLS_FEATURE_SNI
SetRevMsgExtServernameInfo(ClientHelloMsg * msg,uint8_t serverNameType,uint8_t * serverName,uint16_t serverNameLen)173 static void SetRevMsgExtServernameInfo(ClientHelloMsg *msg, uint8_t serverNameType, uint8_t *serverName,
174 uint16_t serverNameLen)
175 {
176 serverName[serverNameLen - 1] = '\0';
177 msg->extension.content.serverName = serverName;
178 msg->extension.content.serverNameSize = serverNameLen;
179 msg->extension.content.serverNameType = serverNameType;
180 msg->extension.flag.haveServerName = true;
181 }
182
ParseClientServerNameIndication(TLS_Ctx * ctx,const uint8_t * buf,uint32_t bufLen,ClientHelloMsg * msg)183 static int32_t ParseClientServerNameIndication(TLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, ClientHelloMsg *msg)
184 {
185 const uint32_t baseSize = sizeof(uint8_t) + sizeof(uint16_t); // serverNameType and serverName Length
186 uint32_t bufOffset = 0;
187 bool haveParseHostName = false;
188 while (bufOffset + baseSize < bufLen) {
189 /* Parse serverNameType */
190 uint8_t serverNameType = buf[bufOffset];
191 bufOffset += sizeof(uint8_t);
192 /* Parse serverName Length */
193 uint16_t serverNameLen = BSL_ByteToUint16(&buf[bufOffset]);
194 bufOffset += sizeof(uint16_t);
195 if (bufLen < bufOffset + serverNameLen) {
196 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16986, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
197 "bufLen err", 0, 0, 0, 0);
198 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_DECODE_ERROR);
199 return HITLS_PARSE_SERVER_NAME_ERR;
200 }
201 if (serverNameType != 0) {
202 bufOffset += serverNameLen;
203 continue;
204 }
205 if (haveParseHostName || serverNameLen == 0 || serverNameLen > 0xff ||
206 strnlen((const char *)&buf[bufOffset], serverNameLen) != serverNameLen) {
207 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16987, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
208 "serverNameLen err", 0, 0, 0, 0);
209 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_ILLEGAL_PARAMETER);
210 return HITLS_PARSE_SERVER_NAME_ERR;
211 }
212 haveParseHostName = true;
213 uint8_t *serverName = (uint8_t *)BSL_SAL_Calloc((serverNameLen + 1), sizeof(uint8_t));
214 if (serverName == NULL) {
215 return ParseErrorProcess(ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15127,
216 BINGLOG_STR("server_name malloc fail."), ALERT_INTERNAL_ERROR);
217 }
218 (void)memcpy_s(serverName, serverNameLen + 1, &buf[bufOffset], serverNameLen);
219 SetRevMsgExtServernameInfo(msg, serverNameType, serverName, serverNameLen + 1);
220 bufOffset += serverNameLen;
221 }
222 if (bufOffset != bufLen) {
223 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16988, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
224 "bufOffset err", 0, 0, 0, 0);
225 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_DECODE_ERROR);
226 return HITLS_PARSE_SERVER_NAME_ERR;
227 }
228 if (!msg->extension.flag.haveServerName) {
229 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16989, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
230 "it is not have server name", 0, 0, 0, 0);
231 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_ILLEGAL_PARAMETER);
232 return HITLS_PARSE_SERVER_NAME_ERR;
233 }
234 return HITLS_SUCCESS;
235 }
236
237 // Parse the ServerName extension item of client hello.
ParseClientServerName(ParsePacket * pkt,ClientHelloMsg * msg)238 static int32_t ParseClientServerName(ParsePacket *pkt, ClientHelloMsg *msg)
239 {
240 /* Parsed extensions of the same type */
241 if (msg->extension.flag.haveServerName == true) {
242 return ParseDupExtProcess(pkt->ctx, BINLOG_ID15122, BINGLOG_STR("Client ServerName"));
243 }
244
245 uint16_t serverNameListSize = 0;
246 int32_t ret = ParseBytesToUint16(pkt, &serverNameListSize);
247 if (ret != HITLS_SUCCESS) {
248 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15123, BINGLOG_STR("ServerName"));
249 }
250
251 if ((serverNameListSize != pkt->bufLen - *pkt->bufOffset) ||
252 (serverNameListSize < sizeof(uint8_t) + sizeof(uint16_t))) {
253 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15124, BINGLOG_STR("ServerName"));
254 }
255
256 return ParseClientServerNameIndication(pkt->ctx, &pkt->buf[*pkt->bufOffset], (uint32_t)serverNameListSize, msg);
257 }
258 #endif /* HITLS_TLS_FEATURE_SNI */
259 #ifdef HITLS_TLS_FEATURE_ALPN
ParseClientAlpnProposeList(ParsePacket * pkt,ClientHelloMsg * msg)260 static int32_t ParseClientAlpnProposeList(ParsePacket *pkt, ClientHelloMsg *msg)
261 {
262 /* Parsed extensions of the same type */
263 if (msg->extension.flag.haveAlpn == true) {
264 return ParseDupExtProcess(pkt->ctx, BINLOG_ID15141, BINGLOG_STR("alpn list"));
265 }
266 uint16_t alpnLen = 0;
267 int32_t ret = ParseBytesToUint16(pkt, &alpnLen);
268 if (ret != HITLS_SUCCESS) {
269 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15142, BINGLOG_STR("alpn"));
270 }
271
272 /* If the message length does not match the extended length, or the message length is less than 2 bytes, a handshake
273 * message error is returned */
274 if (((alpnLen * sizeof(uint8_t)) != (pkt->bufLen - sizeof(uint16_t))) || (alpnLen < 2)) {
275 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15143, BINGLOG_STR("alpn"));
276 }
277
278 uint32_t alpnListOffset = *pkt->bufOffset;
279 do {
280 uint8_t alpnStringLen = pkt->buf[alpnListOffset];
281 alpnListOffset += alpnStringLen + 1;
282 if (alpnListOffset > pkt->bufLen || alpnStringLen == 0) {
283 /* can't exceed alpn extension buffer; can't be empty */
284 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15144, BINGLOG_STR("alpn"));
285 }
286 } while (pkt->bufLen - alpnListOffset != 0); /* remaining len of alpn extension buffer */
287
288 BSL_SAL_FREE(msg->extension.content.alpnList);
289 msg->extension.content.alpnList = (uint8_t *)BSL_SAL_Dump(&pkt->buf[*pkt->bufOffset], alpnLen);
290 if (msg->extension.content.alpnList == NULL) {
291 return ParseErrorProcess(pkt->ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15145,
292 BINGLOG_STR("alpn list malloc fail."), ALERT_UNKNOWN);
293 }
294
295 msg->extension.content.alpnListSize = alpnLen;
296 msg->extension.flag.haveAlpn = true;
297
298 return HITLS_SUCCESS;
299 }
300 #endif /* HITLS_TLS_FEATURE_ALPN */
301 #ifdef HITLS_TLS_PROTO_TLS13
ParseIdentities(TLS_Ctx * ctx,PreSharedKey * preSharedKey,const uint8_t * buf,uint32_t bufLen)302 int32_t ParseIdentities(TLS_Ctx *ctx, PreSharedKey *preSharedKey, const uint8_t *buf, uint32_t bufLen)
303 {
304 uint32_t bufOffset = 0u;
305 PreSharedKey *tmp = preSharedKey;
306
307 while (bufOffset + sizeof(uint16_t) < bufLen) {
308 /* Create a linked list node */
309 PreSharedKey *node = (PreSharedKey *)BSL_SAL_Calloc(1, sizeof(PreSharedKey));
310 if (node == NULL) {
311 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16990, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
312 "Calloc fail", 0, 0, 0, 0);
313 BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
314 return HITLS_MEMALLOC_FAIL;
315 }
316 LIST_ADD_AFTER(&tmp->pskNode, &node->pskNode);
317 tmp = node;
318
319 /* Parse the identityLen length */
320 uint16_t identitySize = BSL_ByteToUint16(&buf[bufOffset]);
321 node->identitySize = identitySize;
322 bufOffset += sizeof(uint16_t);
323
324 if ((bufOffset + identitySize + sizeof(uint32_t)) > bufLen) {
325 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15146, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
326 "ParseIdentities error. bufLen = %d, identitySize = %d.", bufLen, identitySize, 0, 0);
327 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_ILLEGAL_PARAMETER);
328 BSL_ERR_PUSH_ERROR(HITLS_PARSE_INVALID_MSG_LEN);
329 return HITLS_PARSE_INVALID_MSG_LEN;
330 }
331 /* Parse identity */
332 node->identity = (uint8_t *)BSL_SAL_Calloc(1u, (node->identitySize + 1) * sizeof(uint8_t));
333 if (node->identity == NULL) {
334 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16991, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
335 "Calloc fail", 0, 0, 0, 0);
336 BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
337 return HITLS_MEMALLOC_FAIL;
338 }
339
340 (void)memcpy_s(node->identity, node->identitySize + 1, &buf[bufOffset], identitySize);
341 bufOffset += node->identitySize;
342
343 node->obfuscatedTicketAge = BSL_ByteToUint32(&buf[bufOffset]);
344 bufOffset += sizeof(uint32_t);
345 }
346
347 if (bufOffset != bufLen) {
348 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15147, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
349 "IdentityEntry error. bufLen = %d ", bufLen, 0, 0, 0);
350 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_ILLEGAL_PARAMETER);
351 BSL_ERR_PUSH_ERROR(HITLS_PARSE_INVALID_MSG_LEN);
352 return HITLS_PARSE_INVALID_MSG_LEN;
353 }
354 return HITLS_SUCCESS;
355 }
356
CleanKeyShare(KeyShare * keyShare)357 void CleanKeyShare(KeyShare *keyShare)
358 {
359 ListHead *node = NULL;
360 ListHead *tmpNode = NULL;
361 KeyShare *cur = NULL;
362 KeyShare *cache = keyShare;
363 if (cache != NULL) {
364 LIST_FOR_EACH_ITEM_SAFE(node, tmpNode, &(cache->head))
365 {
366 cur = LIST_ENTRY(node, KeyShare, head);
367 LIST_REMOVE(node);
368 BSL_SAL_FREE(cur->keyExchange);
369 BSL_SAL_FREE(cur);
370 }
371 BSL_SAL_FREE(keyShare);
372 }
373 }
374
375 /* rfc8446 4.2.8 Clients MUST NOT offer multiple KeyShareEntry values
376 for the same group. Clients MUST NOT offer any KeyShareEntry values
377 for groups not listed in the client's "supported_groups" extension.
378 Servers MAY check for violations of these rules and abort the
379 handshake with an "illegal_parameter" alert if one is violated. */
KeyShareGroupAdd(uint16_t * groupSet,uint32_t groupSetCapacity,uint32_t * groupSetSize,uint16_t group)380 static bool KeyShareGroupAdd(uint16_t *groupSet, uint32_t groupSetCapacity, uint32_t *groupSetSize, uint16_t group)
381 {
382 for (uint32_t i = 0; (i < *groupSetSize) && (i + 1 < groupSetCapacity); i++) {
383 if (groupSet[i] == group) {
384 return false;
385 }
386 }
387 groupSet[*groupSetSize] = group;
388 *groupSetSize = *groupSetSize + 1;
389 return true;
390 }
391
392 /**
393 * @brief Parse KeyShareEntry and create a linked list node,
394 * @attention The caller needs to pay attention to the function. If the function fails to be returned, the caller
395 * releases the call.
396 *
397 * @param keyShare [OUT] Linked list header
398 * @param buf [IN] message buffer
399 * @param bufLen [IN] message length
400 *
401 * @return HITLS_SUCCESS parsed successfully.
402 */
ParseKeyShare(KeyShare * keyshare,const uint8_t * buf,uint32_t bufLen,ALERT_Description * alert)403 int32_t ParseKeyShare(KeyShare *keyshare, const uint8_t *buf, uint32_t bufLen, ALERT_Description *alert)
404 {
405 uint32_t bufOffset = 0u;
406 KeyShare *node = keyshare;
407 uint16_t *groupSet = (uint16_t *)BSL_SAL_Calloc(bufLen, sizeof(uint8_t));
408 if (groupSet == NULL) {
409 *alert = ALERT_INTERNAL_ERROR;
410 return RETURN_ERROR_NUMBER_PROCESS(HITLS_MEMALLOC_FAIL, BINLOG_ID16992, "Calloc fail");
411 }
412 uint32_t groupSetSize = 0;
413 int32_t ret = HITLS_SUCCESS;
414 while (bufOffset + sizeof(uint16_t) + sizeof(uint16_t) < bufLen) {
415 KeyShare *tmpNode = (KeyShare *)BSL_SAL_Calloc(1u, sizeof(KeyShare));
416 if (tmpNode == NULL) {
417 *alert = ALERT_INTERNAL_ERROR;
418 BSL_SAL_FREE(groupSet);
419 return RETURN_ERROR_NUMBER_PROCESS(HITLS_MEMALLOC_FAIL, BINLOG_ID16993, "Calloc fail");
420 }
421 LIST_INIT(&tmpNode->head);
422 LIST_ADD_AFTER(&node->head, &tmpNode->head);
423 node = tmpNode;
424 node->group = BSL_ByteToUint16(&buf[bufOffset]);
425 bufOffset += sizeof(uint16_t);
426 if (!KeyShareGroupAdd(groupSet, bufLen / sizeof(uint16_t), &groupSetSize, node->group)) {
427 *alert = ALERT_ILLEGAL_PARAMETER;
428 BSL_SAL_FREE(groupSet);
429 return RETURN_ERROR_NUMBER_PROCESS(HITLS_PARSE_DUPLICATED_KEY_SHARE, BINLOG_ID16994, "key share repeated");
430 }
431 node->keyExchangeSize = BSL_ByteToUint16(&buf[bufOffset]);
432 bufOffset += sizeof(uint16_t);
433 /* parse keyExchange */
434 if (node->keyExchangeSize == 0 || bufOffset + node->keyExchangeSize > bufLen) {
435 *alert = ALERT_DECODE_ERROR;
436 BSL_SAL_FREE(groupSet);
437 return RETURN_ERROR_NUMBER_PROCESS(HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID16995, "keyExchangeSize error");
438 }
439 BSL_SAL_FREE(node->keyExchange);
440 node->keyExchange = (uint8_t *)BSL_SAL_Dump(&buf[bufOffset], node->keyExchangeSize);
441 if (node->keyExchange == NULL) {
442 *alert = ALERT_INTERNAL_ERROR;
443 BSL_SAL_FREE(groupSet);
444 return RETURN_ERROR_NUMBER_PROCESS(HITLS_MEMALLOC_FAIL, BINLOG_ID16996, "Dump fail");
445 }
446 bufOffset += node->keyExchangeSize;
447 }
448 BSL_SAL_FREE(groupSet);
449 if (ret == HITLS_SUCCESS && bufOffset != bufLen) {
450 *alert = ALERT_DECODE_ERROR;
451 return RETURN_ERROR_NUMBER_PROCESS(HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID16997, "bufLen error");
452 }
453 return ret;
454 }
455
456 // Parse the KeyShare message.
ParseClientKeyShare(ParsePacket * pkt,ClientHelloMsg * msg)457 int32_t ParseClientKeyShare(ParsePacket *pkt, ClientHelloMsg *msg)
458 {
459 uint32_t bufOffset = 0u;
460 int32_t ret = HITLS_SUCCESS;
461 ALERT_Description alert = ALERT_UNKNOWN;
462 do {
463 /* Parsed extensions of the same type */
464 if (msg->extension.flag.haveKeyShare == true) {
465 return RETURN_ALERT_PROCESS(pkt->ctx, HITLS_PARSE_DUPLICATE_EXTENDED_MSG, BINLOG_ID16998,
466 "KeyShare repeated", ALERT_ILLEGAL_PARAMETER);
467 }
468 if (pkt->bufLen < sizeof(uint16_t)) {
469 return RETURN_ALERT_PROCESS(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID16999,
470 "bufLen error", ALERT_DECODE_ERROR);
471 }
472 uint16_t keyShareLen = BSL_ByteToUint16(&pkt->buf[bufOffset]);
473 bufOffset += sizeof(uint16_t);
474 if (keyShareLen + bufOffset != pkt->bufLen) {
475 return RETURN_ALERT_PROCESS(pkt->ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID17000,
476 "bufLen error", ALERT_DECODE_ERROR);
477 }
478 /* If the client requests hrr, keyshare can be empty */
479 if (keyShareLen == 0) {
480 break;
481 }
482 /** Create the header of the linked list of keyShareEntry */
483 msg->extension.content.keyShare = (KeyShare *)BSL_SAL_Calloc(1u, sizeof(KeyShare));
484 if (msg->extension.content.keyShare == NULL) {
485 return RETURN_ALERT_PROCESS(pkt->ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15150,
486 "calloc fail", ALERT_INTERNAL_ERROR);
487 }
488 LIST_INIT(&msg->extension.content.keyShare->head);
489 ret = ParseKeyShare(msg->extension.content.keyShare, &pkt->buf[bufOffset], keyShareLen, &alert);
490 if (ret != HITLS_SUCCESS) {
491 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15151, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
492 "parse client key share fail.", 0, 0, 0, 0);
493 break;
494 }
495 } while (false);
496 msg->extension.flag.haveKeyShare = true;
497 if (ret != HITLS_SUCCESS) {
498 BSL_ERR_PUSH_ERROR(ret);
499 pkt->ctx->method.sendAlert(pkt->ctx, ALERT_LEVEL_FATAL, alert);
500 }
501 return ret;
502 }
503
504 // Parse the SupportedVersions message.
ParseClientSupportedVersions(ParsePacket * pkt,ClientHelloMsg * msg)505 int32_t ParseClientSupportedVersions(ParsePacket *pkt, ClientHelloMsg *msg)
506 {
507 /* parsed extensions of the same type */
508 if (msg->extension.flag.haveSupportedVers == true) {
509 return ParseDupExtProcess(pkt->ctx, BINLOG_ID15152, BINGLOG_STR("ClientSupportedVersions"));
510 }
511
512 uint8_t len = 0;
513 int32_t ret = ParseBytesToUint8(pkt, &len);
514 if (ret != HITLS_SUCCESS) {
515 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15153, BINGLOG_STR("SupportVersion"));
516 }
517
518 if ((len == 0) || ((len % sizeof(uint16_t)) != 0) || (len + *pkt->bufOffset != pkt->bufLen)) {
519 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15154, BINGLOG_STR("SupportVersion"));
520 }
521
522 msg->extension.content.supportedVersions = (uint16_t *)BSL_SAL_Calloc(1u, len);
523 if (msg->extension.content.supportedVersions == NULL) {
524 return ParseErrorProcess(pkt->ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15155,
525 BINGLOG_STR("SupportVersion malloc fail."), ALERT_INTERNAL_ERROR);
526 }
527
528 for (uint32_t i = 0; i < len / sizeof(uint16_t); i++) {
529 msg->extension.content.supportedVersions[i] = BSL_ByteToUint16(&pkt->buf[*pkt->bufOffset]);
530 *pkt->bufOffset += sizeof(uint16_t);
531 }
532
533 msg->extension.content.supportedVersionsCount = len / sizeof(uint16_t);
534 msg->extension.flag.haveSupportedVers = true;
535
536 return HITLS_SUCCESS;
537 }
538
ParseBinders(TLS_Ctx * ctx,PreSharedKey * preSharedKey,const uint8_t * buf,uint32_t bufLen)539 static int32_t ParseBinders(TLS_Ctx *ctx, PreSharedKey *preSharedKey, const uint8_t *buf, uint32_t bufLen)
540 {
541 uint32_t bufOffset = 0u;
542 ListHead *node = NULL;
543 ListHead *tmpNode = NULL;
544 PreSharedKey *cur = NULL;
545 PreSharedKey *cache = preSharedKey;
546
547 LIST_FOR_EACH_ITEM_SAFE(node, tmpNode, &(cache->pskNode))
548 {
549 cur = LIST_ENTRY(node, PreSharedKey, pskNode);
550 if (bufLen < bufOffset + sizeof(uint8_t)) {
551 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17001, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
552 "bufLen error", 0, 0, 0, 0);
553 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_DECODE_ERROR);
554 return HITLS_PARSE_INVALID_MSG_LEN;
555 }
556 uint8_t binderLen = buf[bufOffset];
557 bufOffset += sizeof(uint8_t);
558
559 if (binderLen > (bufLen - bufOffset)) {
560 return ParseErrorExtLengthProcess(ctx, BINLOG_ID15165, BINGLOG_STR("binder in pre share key"));
561 }
562
563 cur->binderSize = binderLen;
564 cur->binder = (uint8_t *)BSL_SAL_Calloc(cur->binderSize, sizeof(uint8_t));
565 if (cur->binder == NULL) {
566 return ParseErrorProcess(ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15166,
567 BINGLOG_STR("pre_share_key malloc fail."), ALERT_UNKNOWN);
568 }
569
570 (void)memcpy_s(cur->binder, cur->binderSize, &buf[bufOffset], binderLen);
571 bufOffset += binderLen;
572 }
573
574 if (bufLen != bufOffset) {
575 return ParseErrorExtLengthProcess(ctx, BINLOG_ID15167, BINGLOG_STR("binder in pre share key"));
576 }
577
578 return HITLS_SUCCESS;
579 }
580
ParseClientPreSharedKey(ParsePacket * pkt,ClientHelloMsg * msg)581 static int32_t ParseClientPreSharedKey(ParsePacket *pkt, ClientHelloMsg *msg)
582 {
583 if (msg->extension.flag.havePreShareKey == true) {
584 return ParseDupExtProcess(pkt->ctx, BINLOG_ID15168, BINGLOG_STR("pre share key"));
585 }
586
587 uint16_t identitiesLen = 0;
588 int32_t ret = ParseBytesToUint16(pkt, &identitiesLen);
589 if (ret != HITLS_SUCCESS) {
590 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15169, BINGLOG_STR("pre share key"));
591 }
592
593 if (pkt->bufLen <= identitiesLen + *pkt->bufOffset || identitiesLen == 0) {
594 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15170, BINGLOG_STR("pre share key"));
595 }
596
597 /* Create the header of the PskIdentity linked list */
598 PreSharedKey *offeredPsks = (PreSharedKey *)BSL_SAL_Calloc(1, sizeof(PreSharedKey));
599 if (offeredPsks == NULL) {
600 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17002, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "Calloc fail", 0, 0, 0, 0);
601 BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
602 return HITLS_MEMALLOC_FAIL;
603 }
604 msg->extension.content.preSharedKey = offeredPsks;
605 LIST_INIT(&offeredPsks->pskNode);
606 ret = ParseIdentities(pkt->ctx, offeredPsks, &pkt->buf[*pkt->bufOffset], identitiesLen);
607 if (ret != HITLS_SUCCESS) {
608 return ret;
609 }
610 *pkt->bufOffset += identitiesLen;
611 msg->truncateHelloLen = &pkt->buf[*pkt->bufOffset] - pkt->ctx->hsCtx->msgBuf;
612 if (pkt->bufLen < sizeof(uint16_t) + *pkt->bufOffset) {
613 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17003, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "bufLen error", 0, 0, 0, 0);
614 pkt->ctx->method.sendAlert(pkt->ctx, ALERT_LEVEL_FATAL, ALERT_DECODE_ERROR);
615 return HITLS_PARSE_INVALID_MSG_LEN;
616 }
617 /* Obtain the length of the binder list len */
618 uint16_t bindersLen = BSL_ByteToUint16(&pkt->buf[*pkt->bufOffset]);
619 *pkt->bufOffset += sizeof(uint16_t);
620 if (pkt->bufLen != *pkt->bufOffset + bindersLen) {
621 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17004, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "bufLen error", 0, 0, 0, 0);
622 pkt->ctx->method.sendAlert(pkt->ctx, ALERT_LEVEL_FATAL, ALERT_DECODE_ERROR);
623 return HITLS_PARSE_INVALID_MSG_LEN;
624 }
625 ret = ParseBinders(pkt->ctx, offeredPsks, &pkt->buf[*pkt->bufOffset], bindersLen);
626 if (ret != HITLS_SUCCESS) {
627 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15171, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
628 "parse binders extensions msg.", 0, 0, 0, 0);
629 return ret;
630 }
631 msg->extension.flag.havePreShareKey = true;
632 return HITLS_SUCCESS;
633 }
634
ParseClientTrustedCaList(ParsePacket * pkt,ClientHelloMsg * msg)635 static int32_t ParseClientTrustedCaList(ParsePacket *pkt, ClientHelloMsg *msg)
636 {
637 /* Refer to the CAList parsing method of the CertificateRequest Msg. */
638 /* Parsed extensions of the same type */
639 if (msg->extension.flag.haveCA == true) {
640 return ParseDupExtProcess(pkt->ctx, BINLOG_ID15172, BINGLOG_STR("certificate_authorities"));
641 }
642
643 uint16_t distinguishedNamesLen = 0;
644 int32_t ret = ParseBytesToUint16(pkt, &distinguishedNamesLen);
645 if (ret != HITLS_SUCCESS) {
646 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15173, BINGLOG_STR("CaList"));
647 }
648 /* https://www.rfc-editor.org/rfc/rfc8446#section-4.2.4
649 opaque DistinguishedName<1..2^16-1>
650 struct {
651 DistinguishedName authorities<3..2^16-1>
652 } CertificateAuthoritiesExtension
653 */
654 if (distinguishedNamesLen != (pkt->bufLen - *pkt->bufOffset) || (distinguishedNamesLen < 3)) {
655 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15174, BINGLOG_STR("CaList"));
656 }
657
658 FreeDNList(msg->extension.content.caList);
659 msg->extension.content.caList = ParseDNList(&pkt->buf[*pkt->bufOffset], distinguishedNamesLen);
660 if (msg->extension.content.caList == NULL) {
661 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17005, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
662 "ParseDNList fail", 0, 0, 0, 0);
663 pkt->ctx->method.sendAlert(pkt->ctx, ALERT_LEVEL_FATAL, ALERT_DECODE_ERROR);
664 BSL_ERR_PUSH_ERROR(HITLS_PARSE_CA_LIST_ERR);
665 return HITLS_PARSE_CA_LIST_ERR;
666 }
667 HITLS_TrustedCAList *tmp = pkt->ctx->peerInfo.caList;
668 pkt->ctx->peerInfo.caList = msg->extension.content.caList;
669 msg->extension.content.caList = tmp;
670 msg->extension.flag.haveCA = true;
671
672 return HITLS_SUCCESS;
673 }
ParseClientPskKeyExModes(ParsePacket * pkt,ClientHelloMsg * msg)674 static int32_t ParseClientPskKeyExModes(ParsePacket *pkt, ClientHelloMsg *msg)
675 {
676 /* Parsed extensions of the same type */
677 if (msg->extension.flag.havePskExMode == true) {
678 return ParseDupExtProcess(pkt->ctx, BINLOG_ID15175, BINGLOG_STR("pskKeyExchangeMode"));
679 }
680
681 uint8_t len = 0;
682 int32_t ret = ParseOneByteLengthField(pkt, &len, &msg->extension.content.keModes);
683 if (ret == HITLS_PARSE_INVALID_MSG_LEN) {
684 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15176, BINGLOG_STR("pskKeyExchangeMode"));
685 } else if (ret == HITLS_MEMALLOC_FAIL) {
686 return ParseErrorProcess(pkt->ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15177,
687 BINGLOG_STR("pskKeyExchangeMode malloc fail."), ALERT_UNKNOWN);
688 }
689
690 if ((pkt->bufLen != *pkt->bufOffset) || (len == 0u)) {
691 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17006, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "bufLen error", 0, 0, 0, 0);
692 pkt->ctx->method.sendAlert(pkt->ctx, ALERT_LEVEL_FATAL, ALERT_DECODE_ERROR);
693 return HITLS_PARSE_INVALID_MSG_LEN;
694 }
695
696 msg->extension.content.keModesSize = len;
697 msg->extension.flag.havePskExMode = true;
698
699 return HITLS_SUCCESS;
700 }
701
ParseClientCookie(ParsePacket * pkt,ClientHelloMsg * msg)702 static int32_t ParseClientCookie(ParsePacket *pkt, ClientHelloMsg *msg)
703 {
704 /* Parsed extensions of the same type */
705 if (msg->extension.flag.haveCookie == true) {
706 return ParseDupExtProcess(pkt->ctx, BINLOG_ID15178, BINGLOG_STR("cookie"));
707 }
708
709 int32_t ret = ParseExCookie(pkt->buf, pkt->bufLen, &msg->extension.content.cookie,
710 &msg->extension.content.cookieLen);
711 if (ret != HITLS_SUCCESS) {
712 return ret;
713 }
714 msg->extension.flag.haveCookie = true;
715 return HITLS_SUCCESS;
716 }
717
ParseClientPostHsAuth(ParsePacket * pkt,ClientHelloMsg * msg)718 static int32_t ParseClientPostHsAuth(ParsePacket *pkt, ClientHelloMsg *msg)
719 {
720 /* Parsed extensions of the same type */
721 if (msg->extension.flag.havePostHsAuth == true) {
722 return ParseDupExtProcess(pkt->ctx, BINLOG_ID15182, BINGLOG_STR("post_handshake_auth"));
723 }
724
725 /* The length of the extended data field of the rfc 8446 "post_handshake_auth" extension is 0. */
726 if (pkt->bufLen != 0) {
727 return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15183, BINGLOG_STR("post_handshake_auth"));
728 }
729
730 msg->extension.flag.havePostHsAuth = true;
731
732 return HITLS_SUCCESS;
733 }
734 #endif /* HITLS_TLS_PROTO_TLS13 */
735 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
ParseClientSecRenegoInfo(ParsePacket * pkt,ClientHelloMsg * msg)736 static int32_t ParseClientSecRenegoInfo(ParsePacket *pkt, ClientHelloMsg *msg)
737 {
738 /* Parsed extensions of the same type */
739 if (msg->extension.flag.haveSecRenego == true) {
740 return ParseDupExtProcess(pkt->ctx, BINLOG_ID15187, BINGLOG_STR("renegotiation info"));
741 }
742
743 uint8_t secRenegoInfoSize = 0;
744 uint8_t *secRenegoInfo = NULL;
745 int32_t ret = ParseSecRenegoInfo(pkt->ctx, pkt->buf, pkt->bufLen, &secRenegoInfo, &secRenegoInfoSize);
746 if (ret != HITLS_SUCCESS) {
747 return ret;
748 }
749
750 msg->extension.content.secRenegoInfo = secRenegoInfo;
751 msg->extension.content.secRenegoInfoSize = secRenegoInfoSize;
752 msg->extension.flag.haveSecRenego = true;
753 return HITLS_SUCCESS;
754 }
755 #endif /* defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12) */
756 #ifdef HITLS_TLS_FEATURE_ETM
ParseClientEncryptThenMac(ParsePacket * pkt,ClientHelloMsg * msg)757 static int32_t ParseClientEncryptThenMac(ParsePacket *pkt, ClientHelloMsg *msg)
758 {
759 return ParseEmptyExtension(pkt->ctx, HS_EX_TYPE_ENCRYPT_THEN_MAC, pkt->bufLen,
760 &msg->extension.flag.haveEncryptThenMac);
761 }
762 #endif /* HITLS_TLS_FEATURE_ETM */
763
764 #ifdef HITLS_TLS_FEATURE_SESSION_TICKET
ParseClientTicket(ParsePacket * pkt,ClientHelloMsg * msg)765 static int32_t ParseClientTicket(ParsePacket *pkt, ClientHelloMsg *msg)
766 {
767 uint8_t *ticket = NULL; /* ticket */
768
769 /* Parsed extensions of the same type */
770 if (msg->extension.flag.haveTicket == true) {
771 return ParseDupExtProcess(pkt->ctx, BINLOG_ID15975, BINGLOG_STR("tiket"));
772 }
773
774 if (pkt->bufLen != 0) {
775 ticket = (uint8_t *)BSL_SAL_Dump(&pkt->buf[0], pkt->bufLen);
776 if (ticket == NULL) {
777 return ParseErrorProcess(pkt->ctx, HITLS_MEMALLOC_FAIL, BINLOG_ID15976,
778 BINGLOG_STR("ticket malloc fail."), ALERT_INTERNAL_ERROR);
779 }
780 }
781
782 msg->extension.content.ticket = ticket;
783 msg->extension.content.ticketSize = pkt->bufLen;
784 msg->extension.flag.haveTicket = true;
785 return HITLS_SUCCESS;
786 }
787 #endif /* HITLS_TLS_FEATURE_SESSION_TICKET */
788
789 // parses the extension message from client
ParseClientExBody(TLS_Ctx * ctx,uint16_t extMsgType,const uint8_t * buf,uint32_t extMsgLen,ClientHelloMsg * msg)790 static int32_t ParseClientExBody(TLS_Ctx *ctx, uint16_t extMsgType, const uint8_t *buf, uint32_t extMsgLen,
791 ClientHelloMsg *msg)
792 {
793 uint32_t bufOffset = 0u;
794 ParsePacket pkt = {.ctx = ctx, .buf = buf, .bufLen = extMsgLen, .bufOffset = &bufOffset};
795 static struct {
796 uint16_t exMsgType; /**< Extension type of message*/
797 int32_t (*parseFunc)(ParsePacket *, ClientHelloMsg *); /**< Hook for packing extensions*/
798 } extMsgList [] = {
799 { .exMsgType = HS_EX_TYPE_POINT_FORMATS, .parseFunc = ParseClientPointFormats },
800 { .exMsgType = HS_EX_TYPE_SUPPORTED_GROUPS, .parseFunc = ParseClientSupportGroups },
801 { .exMsgType = HS_EX_TYPE_SIGNATURE_ALGORITHMS, .parseFunc = ParseClientSignatureAlgorithms},
802 #ifdef HITLS_TLS_FEATURE_SNI
803 { .exMsgType = HS_EX_TYPE_SERVER_NAME, .parseFunc = ParseClientServerName},
804 #endif /* HITLS_TLS_FEATURE_SNI */
805
806 { .exMsgType = HS_EX_TYPE_EXTENDED_MASTER_SECRET, .parseFunc = ParseClientExtMasterSecret},
807 #ifdef HITLS_TLS_FEATURE_ALPN
808 { .exMsgType = HS_EX_TYPE_APP_LAYER_PROTOCOLS, .parseFunc = ParseClientAlpnProposeList},
809 #endif
810 #ifdef HITLS_TLS_PROTO_TLS13
811 { .exMsgType = HS_EX_TYPE_SUPPORTED_VERSIONS, .parseFunc = ParseClientSupportedVersions},
812 { .exMsgType = HS_EX_TYPE_PRE_SHARED_KEY, .parseFunc = ParseClientPreSharedKey},
813 { .exMsgType = HS_EX_TYPE_PSK_KEY_EXCHANGE_MODES, .parseFunc = ParseClientPskKeyExModes},
814 { .exMsgType = HS_EX_TYPE_COOKIE, .parseFunc = ParseClientCookie},
815 { .exMsgType = HS_EX_TYPE_CERTIFICATE_AUTHORITIES, .parseFunc = ParseClientTrustedCaList},
816 { .exMsgType = HS_EX_TYPE_POST_HS_AUTH, .parseFunc = ParseClientPostHsAuth},
817 { .exMsgType = HS_EX_TYPE_KEY_SHARE, .parseFunc = ParseClientKeyShare},
818 #endif /* HITLS_TLS_PROTO_TLS13 */
819 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
820 { .exMsgType = HS_EX_TYPE_RENEGOTIATION_INFO, .parseFunc = ParseClientSecRenegoInfo},
821 #endif /* defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12) */
822 #ifdef HITLS_TLS_FEATURE_SESSION_TICKET
823 { .exMsgType = HS_EX_TYPE_SESSION_TICKET, .parseFunc = ParseClientTicket},
824 #endif /* HITLS_TLS_FEATURE_SESSION_TICKET */
825 #ifdef HITLS_TLS_FEATURE_ETM
826 { .exMsgType = HS_EX_TYPE_ENCRYPT_THEN_MAC, .parseFunc = ParseClientEncryptThenMac},
827 #endif /* HITLS_TLS_FEATURE_ETM */
828 };
829 for (uint32_t index = 0; index < sizeof(extMsgList) / sizeof(extMsgList[0]); index++) {
830 if (extMsgList[index].exMsgType == extMsgType) {
831 return extMsgList[index].parseFunc(&pkt, msg);
832 }
833 }
834 #ifdef HITLS_TLS_FEATURE_CUSTOM_EXTENSION
835 if (IsParseNeedCustomExtensions(CUSTOM_EXT_FROM_CTX(ctx), extMsgType, HITLS_EX_TYPE_CLIENT_HELLO)) {
836 return ParseCustomExtensions(pkt.ctx, pkt.buf + *pkt.bufOffset, extMsgType, extMsgLen,
837 HITLS_EX_TYPE_CLIENT_HELLO, NULL, 0);
838 }
839 #endif /* HITLS_TLS_FEATURE_CUSTOM_EXTENSION */
840 // Ignore unknown extensions
841 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15188, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
842 "unknown extension message type:%d len:%lu in client hello message.", extMsgType, extMsgLen, 0, 0);
843 return HITLS_SUCCESS;
844 }
845
ParseClientExtension(TLS_Ctx * ctx,const uint8_t * buf,uint32_t bufLen,ClientHelloMsg * msg)846 int32_t ParseClientExtension(TLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, ClientHelloMsg *msg)
847 {
848 uint32_t bufOffset = 0u;
849 int32_t ret = HITLS_SUCCESS;
850
851 /* Parse the extended message from client */
852 while (bufOffset < bufLen) {
853 uint16_t extMsgType = HS_EX_TYPE_END;
854 uint32_t extMsgLen = 0u;
855 ret = ParseExHeader(ctx, &buf[bufOffset], bufLen - bufOffset, &extMsgType, &extMsgLen);
856 if (ret != HITLS_SUCCESS) {
857 return ret;
858 }
859 bufOffset += HS_EX_HEADER_LEN;
860
861 uint32_t extensionId = HS_GetExtensionTypeId(extMsgType);
862 ret = CheckForDuplicateExtension(msg->extensionTypeMask, extensionId, ctx);
863 if (ret != HITLS_SUCCESS) {
864 return ret;
865 }
866 if (extensionId != HS_EX_TYPE_ID_UNRECOGNIZED
867 #ifdef HITLS_TLS_FEATURE_CUSTOM_EXTENSION
868 || !IsParseNeedCustomExtensions(CUSTOM_EXT_FROM_CTX(ctx), extMsgType, HITLS_EX_TYPE_CLIENT_HELLO)
869 #endif /* HITLS_TLS_FEATURE_CUSTOM_EXTENSION */
870 ) {
871 msg->extensionTypeMask |= 1ULL << extensionId;
872 }
873
874 ret = ParseClientExBody(ctx, extMsgType, &buf[bufOffset], extMsgLen, msg);
875 if (ret != HITLS_SUCCESS) {
876 return ret;
877 }
878 bufOffset += extMsgLen;
879 /* rfc8446 4.2.11. The "pre_shared_key" extension MUST be the last extension in the
880 ClientHello (this facilitates implementation as described below).
881 Servers MUST check that it is the last extension and otherwise fail
882 the handshake with an "illegal_parameter" alert. */
883 if (extMsgType == HS_EX_TYPE_PRE_SHARED_KEY && bufOffset != bufLen) {
884 return ParseErrorProcess(ctx, HITLS_PARSE_PRE_SHARED_KEY_FAILED, BINLOG_ID16136,
885 BINGLOG_STR("psk is not the last extension."), ALERT_ILLEGAL_PARAMETER);
886 }
887 }
888
889 /* The extended content is the last field of the clientHello packet and no other data is allowed. If the parsed
890 * length is inconsistent with the buffer length, an error code is returned */
891 if (bufOffset != bufLen) {
892 return ParseErrorExtLengthProcess(ctx, BINLOG_ID15192, BINGLOG_STR("client hello"));
893 }
894
895 return HITLS_SUCCESS;
896 }
897 #ifdef HITLS_TLS_PROTO_TLS13
CleanPreShareKey(PreSharedKey * preSharedKey)898 void CleanPreShareKey(PreSharedKey *preSharedKey)
899 {
900 ListHead *node = NULL;
901 ListHead *tmpNode = NULL;
902 PreSharedKey *cur = NULL;
903 PreSharedKey *cache = preSharedKey;
904 if (cache != NULL) {
905 LIST_FOR_EACH_ITEM_SAFE(node, tmpNode, &(cache->pskNode))
906 {
907 cur = LIST_ENTRY(node, PreSharedKey, pskNode);
908 LIST_REMOVE(node);
909 BSL_SAL_FREE(cur->identity);
910 BSL_SAL_FREE(cur->binder);
911 BSL_SAL_FREE(cur);
912 }
913 BSL_SAL_FREE(preSharedKey);
914 }
915 }
916 #endif /* HITLS_TLS_PROTO_TLS13 */
CleanClientHelloExtension(ClientHelloMsg * msg)917 void CleanClientHelloExtension(ClientHelloMsg *msg)
918 {
919 if (msg == NULL) {
920 return;
921 }
922
923 /* Release the Client Hello extension message structure */
924 BSL_SAL_FREE(msg->extension.content.supportedGroups);
925 BSL_SAL_FREE(msg->extension.content.pointFormats);
926 BSL_SAL_FREE(msg->extension.content.signatureAlgorithms);
927 #ifdef HITLS_TLS_FEATURE_ALPN
928 BSL_SAL_FREE(msg->extension.content.alpnList);
929 #endif /* HITLS_TLS_FEATURE_ALPN */
930 #ifdef HITLS_TLS_FEATURE_SNI
931 BSL_SAL_FREE(msg->extension.content.serverName);
932 #endif /* HITLS_TLS_FEATURE_SNI */
933 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
934 BSL_SAL_FREE(msg->extension.content.secRenegoInfo);
935 #endif
936 #ifdef HITLS_TLS_FEATURE_SESSION_TICKET
937 BSL_SAL_FREE(msg->extension.content.ticket);
938 #endif /* HITLS_TLS_FEATURE_SESSION_TICKET */
939 #ifdef HITLS_TLS_PROTO_TLS13
940 BSL_SAL_FREE(msg->extension.content.signatureAlgorithmsCert);
941 BSL_SAL_FREE(msg->extension.content.supportedVersions);
942 BSL_SAL_FREE(msg->extension.content.keModes);
943 BSL_SAL_FREE(msg->extension.content.cookie);
944 CleanKeyShare(msg->extension.content.keyShare);
945 msg->extension.content.keyShare = NULL;
946 CleanPreShareKey(msg->extension.content.preSharedKey);
947 msg->extension.content.preSharedKey = NULL;
948 FreeDNList(msg->extension.content.caList);
949 msg->extension.content.caList = NULL;
950 #endif /* HITLS_TLS_PROTO_TLS13 */
951 return;
952 }
953 #endif /* HITLS_TLS_HOST_SERVER */
954