1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15 #include "securec.h"
16 #include "hitls_build.h"
17 #include "bsl_log_internal.h"
18 #include "bsl_log.h"
19 #include "tls_binlog_id.h"
20 #include "bsl_err_internal.h"
21 #include "hitls.h"
22 #include "hitls_error.h"
23 #include "hitls_config.h"
24 #include "tls.h"
25 #include "rec.h"
26 #include "hs.h"
27 #include "hs_msg.h"
28 #include "hs_ctx.h"
29 #include "hs_common.h"
30 #include "hs_verify.h"
31 #include "transcript_hash.h"
32 #include "hs_reass.h"
33 #include "parse.h"
34 #include "recv_process.h"
35 #include "bsl_uio.h"
36 #include "hs_kx.h"
37 #include "hs_dtls_timer.h"
38 #ifdef HITLS_TLS_FEATURE_INDICATOR
39 #include "indicator.h"
40 #endif /* HITLS_TLS_FEATURE_INDICATOR */
41
42
43 #ifdef HITLS_TLS_FEATURE_KEY_UPDATE
Tls13RecvKeyUpdateProcess(TLS_Ctx * ctx,const HS_Msg * hsMsg)44 static int32_t Tls13RecvKeyUpdateProcess(TLS_Ctx *ctx, const HS_Msg *hsMsg)
45 {
46 HITLS_KeyUpdateRequest requestUpdateType = hsMsg->body.keyUpdate.requestUpdate;
47 if ((requestUpdateType != HITLS_UPDATE_NOT_REQUESTED) &&
48 (requestUpdateType != HITLS_UPDATE_REQUESTED)) {
49 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_ILLEGAL_PARAMETER);
50 BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_ILLEGAL_KEY_UPDATE_TYPE);
51 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15354, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
52 "tls1.3 unexpected requestUpdateType(%u)", requestUpdateType, 0, 0, 0);
53 return HITLS_MSG_HANDLE_ILLEGAL_KEY_UPDATE_TYPE;
54 }
55
56 /* Update and activate the app traffic secret used by the local after receiving the key update message */
57 int32_t ret = HS_TLS13UpdateTrafficSecret(ctx, false);
58 if (ret != HITLS_SUCCESS) {
59 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15355, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
60 "tls1.3 in key update fail", 0, 0, 0, 0);
61 return ret;
62 }
63
64 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15980, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
65 "tls1.3 recv key update success", 0, 0, 0, 0);
66
67 if (hsMsg->body.keyUpdate.requestUpdate == HITLS_UPDATE_REQUESTED) {
68 ctx->isKeyUpdateRequest = true;
69 ctx->keyUpdateType = HITLS_UPDATE_NOT_REQUESTED;
70 return HS_ChangeState(ctx, TRY_SEND_KEY_UPDATE);
71 }
72 return HS_ChangeState(ctx, TLS_CONNECTED);
73 }
74 #endif /* HITLS_TLS_FEATURE_KEY_UPDATE */
75
76 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
IsUnexpectedHandshaking(const TLS_Ctx * ctx)77 static bool IsUnexpectedHandshaking(const TLS_Ctx *ctx)
78 {
79 return (ctx->state == CM_STATE_HANDSHAKING && ctx->preState == CM_STATE_TRANSPORTING);
80 }
ProcessHandshakeMsg(TLS_Ctx * ctx,HS_Msg * hsMsg)81 static int32_t ProcessHandshakeMsg(TLS_Ctx *ctx, HS_Msg *hsMsg)
82 {
83 uint32_t version = HS_GetVersion(ctx);
84 (void)version;
85 switch (ctx->hsCtx->state) {
86 #ifdef HITLS_TLS_HOST_SERVER
87 case TRY_RECV_CLIENT_HELLO:
88 #ifdef HITLS_TLS_PROTO_DTLS12
89 if (IS_SUPPORT_DATAGRAM(ctx->config.tlsConfig.originVersionMask)) {
90 return DtlsServerRecvClientHelloProcess(ctx, hsMsg);
91 }
92 #endif /* HITLS_TLS_PROTO_DTLS12 */
93 #ifdef HITLS_TLS_PROTO_TLS_BASIC
94 return Tls12ServerRecvClientHelloProcess(ctx, hsMsg);
95 #else
96 break;
97 #endif /* HITLS_TLS_PROTO_TLS_BASIC only for tls13 */
98 case TRY_RECV_CERTIFICATE_REQUEST:
99 return ClientRecvCertRequestProcess(ctx, hsMsg);
100 case TRY_RECV_CLIENT_KEY_EXCHANGE:
101 return ServerRecvClientKxProcess(ctx, hsMsg);
102 case TRY_RECV_CERTIFICATE_VERIFY:
103 return ServerRecvClientCertVerifyProcess(ctx);
104 #endif /* HITLS_TLS_HOST_SERVER */
105 #ifdef HITLS_TLS_HOST_CLIENT
106 #ifdef HITLS_TLS_PROTO_DTLS12
107 case TRY_RECV_HELLO_VERIFY_REQUEST:
108 return DtlsClientRecvHelloVerifyRequestProcess(ctx, hsMsg);
109 #endif
110 case TRY_RECV_SERVER_HELLO:
111 return ClientRecvServerHelloProcess(ctx, hsMsg);
112 case TRY_RECV_SERVER_KEY_EXCHANGE:
113 return ClientRecvServerKxProcess(ctx, hsMsg);
114 case TRY_RECV_SERVER_HELLO_DONE:
115 return ClientRecvServerHelloDoneProcess(ctx);
116 #ifdef HITLS_TLS_FEATURE_SESSION_TICKET
117 case TRY_RECV_NEW_SESSION_TICKET:
118 return Tls12ClientRecvNewSeesionTicketProcess(ctx, hsMsg);
119 #endif /* HITLS_TLS_FEATURE_SESSION_TICKET */
120 #endif /* HITLS_TLS_HOST_CLIENT */
121 case TRY_RECV_CERTIFICATE:
122 return RecvCertificateProcess(ctx, hsMsg);
123 case TRY_RECV_FINISH:
124 #ifdef HITLS_TLS_HOST_CLIENT
125 if (ctx->isClient) {
126 #ifdef HITLS_TLS_PROTO_DTLS12
127 if (IS_SUPPORT_DATAGRAM(ctx->config.tlsConfig.originVersionMask)) {
128 return DtlsClientRecvFinishedProcess(ctx, hsMsg);
129 }
130 #endif /* HITLS_TLS_PROTO_DTLS12 */
131 #ifdef HITLS_TLS_PROTO_TLS_BASIC
132 return Tls12ClientRecvFinishedProcess(ctx, hsMsg);
133 #endif /* HITLS_TLS_PROTO_TLS_BASIC */
134 }
135 #endif /* HITLS_TLS_HOST_CLIENT */
136 #ifdef HITLS_TLS_HOST_SERVER
137 #ifdef HITLS_TLS_PROTO_DTLS12
138 if (IS_SUPPORT_DATAGRAM(ctx->config.tlsConfig.originVersionMask)) {
139 return DtlsServerRecvFinishedProcess(ctx, hsMsg);
140 }
141 #endif /* HITLS_TLS_PROTO_DTLS12 */
142 #ifdef HITLS_TLS_PROTO_TLS_BASIC
143 return Tls12ServerRecvFinishedProcess(ctx, hsMsg);
144 #else
145 break;
146 #endif /* HITLS_TLS_PROTO_TLS_BASIC */
147 #endif /* HITLS_TLS_HOST_SERVER */
148 default:
149 break;
150 }
151 BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_STATE_ILLEGAL);
152 BSL_LOG_BINLOG_VARLEN(BINLOG_ID15350, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
153 "Handshake state error: should recv msg, but current state is %s.", HS_GetStateStr(ctx->hsCtx->state));
154 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
155 return HITLS_MSG_HANDLE_STATE_ILLEGAL;
156 }
ProcessReceivedHandshakeMsg(TLS_Ctx * ctx,HS_Msg * hsMsg)157 static int32_t ProcessReceivedHandshakeMsg(TLS_Ctx *ctx, HS_Msg *hsMsg)
158 {
159 if (hsMsg->type == HELLO_REQUEST) {
160 if (ctx->hsCtx->state == TRY_RECV_HELLO_REQUEST) {
161 ctx->negotiatedInfo.isRenegotiation = true; /* Start renegotiation */
162 ctx->negotiatedInfo.renegotiationNum++;
163 return HS_ChangeState(ctx, TRY_SEND_CLIENT_HELLO);
164 }
165 /* The HelloRequest message should be ignored during the handshake. */
166 return HITLS_SUCCESS;
167 }
168 if (hsMsg->type == CLIENT_HELLO && IsUnexpectedHandshaking(ctx)) {
169 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17028, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
170 "refuse Renegotiation request from client", 0, 0, 0, 0);
171 ctx->method.sendAlert(ctx, ALERT_LEVEL_WARNING, ALERT_NO_RENEGOTIATION);
172 (void)HS_ChangeState(ctx, TLS_CONNECTED);
173 return HITLS_REC_NORMAL_RECV_UNEXPECT_MSG;
174 }
175 return ProcessHandshakeMsg(ctx, hsMsg);
176 }
177 #endif /* HITLS_TLS_PROTO_TLS_BASIC || HITLS_TLS_PROTO_DTLS12 */
178 #ifdef HITLS_TLS_PROTO_TLS13
Tls13ProcessReceivedHandshakeMsg(TLS_Ctx * ctx,HS_Msg * hsMsg)179 static int32_t Tls13ProcessReceivedHandshakeMsg(TLS_Ctx *ctx, HS_Msg *hsMsg)
180 {
181 if ((hsMsg->type == HELLO_REQUEST) && (ctx->isClient)) {
182 /* The HelloRequest message should be ignored during the handshake. */
183 return HITLS_SUCCESS;
184 }
185
186 switch (ctx->hsCtx->state) {
187 #ifdef HITLS_TLS_HOST_SERVER
188 case TRY_RECV_CLIENT_HELLO:
189 return Tls13ServerRecvClientHelloProcess(ctx, hsMsg);
190 #endif /* HITLS_TLS_HOST_SERVER */
191 #ifdef HITLS_TLS_HOST_CLIENT
192 case TRY_RECV_CERTIFICATE_REQUEST:
193 return Tls13ClientRecvCertRequestProcess(ctx, hsMsg);
194 case TRY_RECV_SERVER_HELLO:
195 return Tls13ClientRecvServerHelloProcess(ctx, hsMsg);
196 case TRY_RECV_ENCRYPTED_EXTENSIONS:
197 return Tls13ClientRecvEncryptedExtensionsProcess(ctx, hsMsg);
198 #endif /* HITLS_TLS_HOST_CLIENT */
199 case TRY_RECV_CERTIFICATE:
200 return Tls13RecvCertificateProcess(ctx, hsMsg);
201 case TRY_RECV_CERTIFICATE_VERIFY:
202 return Tls13RecvCertVerifyProcess(ctx);
203 case TRY_RECV_FINISH:
204 #ifdef HITLS_TLS_HOST_CLIENT
205 if (ctx->isClient) {
206 return Tls13ClientRecvFinishedProcess(ctx, hsMsg);
207 }
208 #endif /* HITLS_TLS_HOST_CLIENT */
209 #ifdef HITLS_TLS_HOST_SERVER
210 return Tls13ServerRecvFinishedProcess(ctx, hsMsg);
211 #endif /* HITLS_TLS_HOST_SERVER */
212 #ifdef HITLS_TLS_FEATURE_KEY_UPDATE
213 case TRY_RECV_KEY_UPDATE:
214 return Tls13RecvKeyUpdateProcess(ctx, hsMsg);
215 #endif
216 case TRY_RECV_NEW_SESSION_TICKET:
217 return Tls13ClientRecvNewSessionTicketProcess(ctx, hsMsg);
218 default:
219 break;
220 }
221 BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_STATE_ILLEGAL);
222 BSL_LOG_BINLOG_VARLEN(BINLOG_ID15343, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
223 "tls1.3 handshake state error: should recv msg, but current state is %s.", HS_GetStateStr(ctx->hsCtx->state));
224 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
225 return HITLS_MSG_HANDLE_STATE_ILLEGAL;
226 }
227 #endif /* HITLS_TLS_PROTO_TLS13 */
228
ReadHsMessage(TLS_Ctx * ctx,uint32_t length)229 int32_t ReadHsMessage(TLS_Ctx *ctx, uint32_t length)
230 {
231 HS_Ctx *hsCtx = ctx->hsCtx;
232 if (hsCtx == NULL || hsCtx->msgBuf == NULL) {
233 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17029, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "input null", 0, 0, 0, 0);
234 return HITLS_NULL_INPUT;
235 }
236 if (hsCtx->msgLen >= length) {
237 return HITLS_SUCCESS;
238 }
239 int32_t ret = HS_GrowMsgBuf(ctx, length, true);
240 if (ret != HITLS_SUCCESS) {
241 return ret;
242 }
243 uint32_t readLen = 0;
244 ret = REC_Read(ctx, REC_TYPE_HANDSHAKE, &hsCtx->msgBuf[hsCtx->msgLen], &readLen, length - hsCtx->msgLen);
245 hsCtx->msgLen += readLen;
246 if (ret == HITLS_SUCCESS && hsCtx->msgLen < length) {
247 return HITLS_REC_NORMAL_RECV_BUF_EMPTY;
248 }
249 return ret;
250 }
251
252 #ifdef HITLS_TLS_PROTO_TLS
253
ReadThenParseTlsHsMsg(TLS_Ctx * ctx,HS_Msg * hsMsg)254 static int32_t ReadThenParseTlsHsMsg(TLS_Ctx *ctx, HS_Msg *hsMsg)
255 {
256 HS_Ctx *hsCtx = ctx->hsCtx;
257 int32_t ret = ReadHsMessage(ctx, HS_MSG_HEADER_SIZE);
258 if (ret != HITLS_SUCCESS) {
259 return ret;
260 }
261 HS_MsgInfo hsMsgInfo = {0};
262 ret = HS_ParseMsgHeader(ctx, hsCtx->msgBuf, HS_MSG_HEADER_SIZE, &hsMsgInfo);
263 if (ret != HITLS_SUCCESS) {
264 return ret;
265 }
266 ret = ReadHsMessage(ctx, hsMsgInfo.headerAndBodyLen); // hsCtx->msgBuf always has enough buf
267 if (ret != HITLS_SUCCESS) {
268 return ret;
269 }
270 ret = HS_ParseMsg(ctx, &hsMsgInfo, hsMsg);
271 if (ret != HITLS_SUCCESS) {
272 return ret;
273 }
274
275 /* The HelloRequest message is not included. */
276 if (hsMsgInfo.type != HELLO_REQUEST && hsMsgInfo.type != KEY_UPDATE &&
277 !(HS_GetVersion(ctx) == HITLS_VERSION_TLS13 && hsMsgInfo.type == NEW_SESSION_TICKET)) {
278 /* Session hash is needed to compute ems, the VERIFY_Append must be dealt with beforehand */
279 ret = VERIFY_Append(hsCtx->verifyCtx, hsCtx->msgBuf, hsMsgInfo.headerAndBodyLen);
280 if (ret != HITLS_SUCCESS) {
281 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17031, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
282 "VERIFY_Append fail", 0, 0, 0, 0);
283 HS_CleanMsg(hsMsg);
284 return ret;
285 }
286 }
287 #ifdef HITLS_TLS_FEATURE_INDICATOR
288 INDICATOR_MessageIndicate(0, HS_GetVersion(ctx), REC_TYPE_HANDSHAKE, hsMsgInfo.rawMsg, hsMsgInfo.length, ctx,
289 ctx->config.tlsConfig.msgArg);
290
291 #endif /* HITLS_TLS_FEATURE_INDICATOR */
292 hsCtx->msgLen = 0;
293 return HITLS_SUCCESS;
294 }
295 #ifdef HITLS_TLS_PROTO_TLS_BASIC
Tls12TryRecvHandShakeMsg(TLS_Ctx * ctx)296 static int32_t Tls12TryRecvHandShakeMsg(TLS_Ctx *ctx)
297 {
298 HS_Msg hsMsg = {0};
299 (void)memset_s(&hsMsg, sizeof(HS_Msg), 0, sizeof(HS_Msg));
300
301 int32_t ret = ReadThenParseTlsHsMsg(ctx, &hsMsg);
302 if (ret != HITLS_SUCCESS) {
303 HS_CleanMsg(&hsMsg);
304 return ret;
305 }
306
307 ret = ProcessReceivedHandshakeMsg(ctx, &hsMsg);
308 HS_CleanMsg(&hsMsg);
309
310 return ret;
311 }
312 #endif /* HITLS_TLS_PROTO_TLS_BASIC */
313 #ifdef HITLS_TLS_PROTO_TLS13
Tls13TryRecvHandShakeMsg(TLS_Ctx * ctx)314 static int32_t Tls13TryRecvHandShakeMsg(TLS_Ctx *ctx)
315 {
316 HS_Msg hsMsg = {0};
317 (void)memset_s(&hsMsg, sizeof(HS_Msg), 0, sizeof(HS_Msg));
318
319 int32_t ret = ReadThenParseTlsHsMsg(ctx, &hsMsg);
320 if (ret != HITLS_SUCCESS) {
321 HS_CleanMsg(&hsMsg);
322 return ret;
323 }
324
325 ret = Tls13ProcessReceivedHandshakeMsg(ctx, &hsMsg);
326 HS_CleanMsg(&hsMsg);
327
328 return ret;
329 }
330 #endif /* HITLS_TLS_PROTO_TLS13 */
331 #endif /* HITLS_TLS_PROTO_TLS */
332 #ifdef HITLS_TLS_PROTO_DTLS12
DtlsCheckTimeoutAndProcess(TLS_Ctx * ctx,int32_t retValue)333 static int32_t DtlsCheckTimeoutAndProcess(TLS_Ctx *ctx, int32_t retValue)
334 {
335 (void)ctx;
336 #ifdef HITLS_BSL_UIO_UDP
337 bool isTimeout = false;
338 int32_t ret = HS_IsTimeout(ctx, &isTimeout);
339 if (ret != HITLS_SUCCESS) {
340 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17032, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
341 "HS_IsTimeout fail", 0, 0, 0, 0);
342 return ret;
343 }
344
345 if (isTimeout) {
346 /* Receive the message of the last flight when the receiving times out */
347 REC_RetransmitListFlush(ctx);
348
349 ret = HS_TimeoutProcess(ctx);
350 if (ret != HITLS_SUCCESS) {
351 return ret;
352 }
353 }
354 #endif /* HITLS_BSL_UIO_UDP */
355 /* HITLS_REC_NORMAL_RECV_BUF_EMPTY is returned here, and the choice is given to the user instead of the next read,
356 * Prevents users from waiting for a long time due to long timeout. */
357 return retValue;
358 }
359
DtlsDisorderMsgProcess(TLS_Ctx * ctx,HS_MsgInfo * hsMsgInfo)360 int32_t DtlsDisorderMsgProcess(TLS_Ctx *ctx, HS_MsgInfo *hsMsgInfo)
361 {
362 HS_Ctx *hsCtx = ctx->hsCtx;
363
364 /* The SCTP scenario must be sequenced. */
365 if (BSL_UIO_GetUioChainTransportType(ctx->uio, BSL_UIO_SCTP)) {
366 BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_UNMATCHED_SEQUENCE);
367 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15351, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
368 "msg with unmatched sequence, recv %u, expect %u.", hsMsgInfo->sequence, hsCtx->expectRecvSeq, 0, 0);
369 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_UNEXPECTED_MESSAGE);
370 return HITLS_MSG_HANDLE_UNMATCHED_SEQUENCE;
371 }
372 #ifdef HITLS_BSL_UIO_UDP
373 /* In the renegotiation state, the FINISHED message of the previous handshake should be discarded. */
374 if (ctx->hsCtx->expectRecvSeq == 0 && hsMsgInfo->type == FINISHED) {
375 return HITLS_SUCCESS;
376 }
377 /* If the sequence number of the received message is greater than expected, the message is cached in the reassembly
378 * queue. */
379 if (hsMsgInfo->sequence > ctx->hsCtx->expectRecvSeq) {
380 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17033, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
381 "the message is need to cache in the reassembly queue", 0, 0, 0, 0);
382 return HS_ReassAppend(ctx, hsMsgInfo);
383 }
384
385 return HITLS_SUCCESS;
386 #else
387 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17034, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
388 "internal exception occurs", 0, 0, 0, 0);
389 return HITLS_INTERNAL_EXCEPTION;
390 #endif /* HITLS_BSL_UIO_UDP */
391 }
DtlsCheckAndParseMsg(TLS_Ctx * ctx,HS_MsgInfo * hsMsgInfo,HS_Msg * hsMsg)392 static int32_t DtlsCheckAndParseMsg(TLS_Ctx *ctx, HS_MsgInfo *hsMsgInfo, HS_Msg *hsMsg)
393 {
394 HS_Ctx *hsCtx = ctx->hsCtx;
395 int32_t ret = CheckHsMsgType(ctx, hsMsgInfo->type);
396 if (ret != HITLS_SUCCESS) {
397 return ret;
398 }
399
400 ret = HS_ParseMsg(ctx, hsMsgInfo, hsMsg);
401 if (ret != HITLS_SUCCESS) {
402 HS_CleanMsg(hsMsg);
403 return ret;
404 }
405
406 hsCtx->expectRecvSeq++; /* Auto-increment of the received message sequence number */
407 return ret;
408 }
409
ReadDtlsHsMessage(TLS_Ctx * ctx,HS_MsgInfo * hsMsgInfo)410 static int32_t ReadDtlsHsMessage(TLS_Ctx *ctx, HS_MsgInfo *hsMsgInfo)
411 {
412 int32_t ret = HITLS_SUCCESS;
413 HS_Ctx *hsCtx = ctx->hsCtx;
414 if (hsCtx == NULL || hsCtx->msgBuf == NULL) {
415 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17035, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "input null", 0, 0, 0, 0);
416 return HITLS_NULL_INPUT;
417 }
418 uint8_t *buf = &hsCtx->msgBuf[hsCtx->msgLen];
419 uint32_t readLen = 0;
420 if (hsCtx->msgLen < DTLS_HS_MSG_HEADER_SIZE) {
421 ret = REC_Read(ctx, REC_TYPE_HANDSHAKE, buf, &readLen, (uint32_t)(DTLS_HS_MSG_HEADER_SIZE - hsCtx->msgLen));
422 if (ret != HITLS_SUCCESS) {
423 if (ret != HITLS_REC_NORMAL_RECV_BUF_EMPTY) {
424 return ret;
425 }
426 if (hsCtx->msgLen == 0) {
427 return DtlsCheckTimeoutAndProcess(ctx, ret);
428 }
429 }
430 hsCtx->msgLen += readLen;
431 }
432 ret = HS_ParseMsgHeader(ctx, hsCtx->msgBuf, hsCtx->msgLen, hsMsgInfo);
433 if (ret != HITLS_SUCCESS) {
434 return ret;
435 }
436 ret = ReadHsMessage(ctx, hsMsgInfo->fragmentLength + DTLS_HS_MSG_HEADER_SIZE);
437 if ((hsMsgInfo->fragmentLength + DTLS_HS_MSG_HEADER_SIZE) != hsCtx->msgLen || ret != HITLS_SUCCESS) {
438 hsCtx->msgLen = 0;
439 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15600, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
440 "DTLS handshake msg length error, need to alert.", 0, 0, 0, 0);
441 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_DECODE_ERROR);
442 return HITLS_PARSE_INVALID_MSG_LEN;
443 }
444 return ret;
445 }
446
DtlsTryRecvHandShakeMsg(TLS_Ctx * ctx)447 static int32_t DtlsTryRecvHandShakeMsg(TLS_Ctx *ctx)
448 {
449 uint32_t dataLen = 0;
450 HS_Msg hsMsg = {0};
451 (void)memset_s(&hsMsg, sizeof(HS_Msg), 0, sizeof(HS_Msg));
452 HS_MsgInfo hsMsgInfo = {0};
453
454 /* Read the message with the expected sequence number from the reassembly queue. If no message exists, read the
455 * message from the record layer */
456 int32_t ret = HS_GetReassMsg(ctx, &hsMsgInfo, &dataLen);
457 if (ret != HITLS_SUCCESS) {
458 return ret;
459 }
460
461 uint8_t *buf = ctx->hsCtx->msgBuf;
462 if (dataLen == 0) {
463 ret = ReadDtlsHsMessage(ctx, &hsMsgInfo);
464 if (ret != HITLS_SUCCESS) {
465 return ret;
466 }
467 buf = ctx->hsCtx->msgBuf;
468 dataLen = ctx->hsCtx->msgLen;
469 ctx->hsCtx->msgLen = 0;
470 /* when the hello verify request is lost and a clienthello with 0 message sequence is received again,
471 the expect sequence is reset and dealt with same as receiving it for the first time. */
472 if (hsMsgInfo.sequence == 0 && ctx->hsCtx->expectRecvSeq == 1 && ctx->hsCtx->state == TRY_RECV_CLIENT_HELLO &&
473 hsMsgInfo.type == CLIENT_HELLO && !IsUnexpectedHandshaking(ctx) && ctx->state == CM_STATE_HANDSHAKING &&
474 !BSL_UIO_GetUioChainTransportType(ctx->uio, BSL_UIO_SCTP)) {
475 ctx->hsCtx->expectRecvSeq = 0;
476 ctx->hsCtx->nextSendSeq = 0;
477 }
478
479 /* SCTP messages are not out of order. Therefore, an alert message must be sent for the out-of-order messages */
480 if (hsMsgInfo.sequence != ctx->hsCtx->expectRecvSeq && !IsUnexpectedHandshaking(ctx)) {
481 return DtlsDisorderMsgProcess(ctx, &hsMsgInfo);
482 }
483
484 /* If the message is fragmented, the message needs to be reassembled. */
485 if (hsMsgInfo.fragmentLength != hsMsgInfo.length) {
486 return HS_ReassAppend(ctx, &hsMsgInfo);
487 }
488 }
489
490 ret = DtlsCheckAndParseMsg(ctx, &hsMsgInfo, &hsMsg);
491 if (ret != HITLS_SUCCESS) {
492 return ret;
493 }
494
495 /* The HelloRequest message is not included. */
496 if (hsMsgInfo.type != HELLO_REQUEST) {
497 /* Session hash is needed to compute ems, the VERIFY_Append must be dealt with beforehand */
498 ret = VERIFY_Append(ctx->hsCtx->verifyCtx, buf, dataLen);
499 if (ret != HITLS_SUCCESS) {
500 HS_CleanMsg(&hsMsg);
501 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID17036, "VERIFY_Append fail");
502 }
503 }
504 #ifdef HITLS_TLS_FEATURE_INDICATOR
505 INDICATOR_MessageIndicate(0, HS_GetVersion(ctx), REC_TYPE_HANDSHAKE, hsMsgInfo.rawMsg,
506 hsMsgInfo.length, ctx, ctx->config.tlsConfig.msgArg);
507 #endif /* HITLS_TLS_FEATURE_INDICATOR */
508 ret = ProcessReceivedHandshakeMsg(ctx, &hsMsg);
509 HS_CleanMsg(&hsMsg);
510 return ret;
511 }
512 #endif
513 #ifdef HITLS_TLS_FEATURE_FLIGHT
FlightTransmit(TLS_Ctx * ctx)514 static int32_t FlightTransmit(TLS_Ctx *ctx)
515 {
516 int32_t ret = BSL_UIO_Ctrl(ctx->uio, BSL_UIO_FLUSH, 0, NULL);
517 if (ret == BSL_UIO_IO_BUSY) {
518 return HITLS_REC_NORMAL_IO_BUSY;
519 }
520 if (ret != BSL_SUCCESS) {
521 BSL_ERR_PUSH_ERROR(HITLS_REC_ERR_IO_EXCEPTION);
522 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16110, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
523 "fail to send handshake message in bUio.", 0, 0, 0, 0);
524 return HITLS_REC_ERR_IO_EXCEPTION;
525 }
526
527 return HITLS_SUCCESS;
528 }
529 #endif /* HITLS_TLS_FEATURE_FLIGHT */
HandleResult(TLS_Ctx * ctx,int32_t ret)530 int32_t HandleResult(TLS_Ctx *ctx, int32_t ret)
531 {
532 if (ret != HITLS_SUCCESS) {
533 if (ctx->method.getAlertFlag(ctx)) {
534 /* The alert has been processed. The handshake should be terminated. */
535 return ret;
536 }
537 if (ret == HITLS_REC_NORMAL_RECV_DISORDER_MSG) {
538 /* App messages and finished messages are out of order. The handshake proceeds. */
539 return HITLS_SUCCESS;
540 }
541 if ((ret == HITLS_REC_NORMAL_RECV_UNEXPECT_MSG) &&
542 REC_GetUnexpectedMsgType(ctx) == REC_TYPE_CHANGE_CIPHER_SPEC) {
543 /* The CCS message is received. The handshake proceeds. */
544 return HITLS_SUCCESS;
545 }
546 /* Other errors are returned */
547 }
548 return ret;
549 }
550
HS_RecvMsgProcess(TLS_Ctx * ctx)551 int32_t HS_RecvMsgProcess(TLS_Ctx *ctx)
552 {
553 int32_t ret = HITLS_SUCCESS;
554 #ifdef HITLS_TLS_FEATURE_FLIGHT
555 /* If isFlightTransmitEnable is enabled, the handshake information stored in the bUio needs to be sent when the
556 * receiving status is changed. */
557 if (ctx->config.tlsConfig.isFlightTransmitEnable) {
558 ret = FlightTransmit(ctx);
559 if (ret != HITLS_SUCCESS) {
560 return ret;
561 }
562 }
563 #endif /* HITLS_TLS_FEATURE_FLIGHT */
564 uint32_t version = HS_GetVersion(ctx);
565
566 switch (version) {
567 #ifdef HITLS_TLS_PROTO_TLS
568 case HITLS_VERSION_TLS12:
569 #ifdef HITLS_TLS_PROTO_TLCP11
570 case HITLS_VERSION_TLCP_DTLCP11:
571 #if defined(HITLS_TLS_PROTO_DTLS12)
572 if (IS_SUPPORT_DATAGRAM(ctx->config.tlsConfig.originVersionMask)) {
573 ret = DtlsTryRecvHandShakeMsg(ctx);
574 break;
575 }
576 #endif
577 #endif /* HITLS_TLS_PROTO_TLCP11 */
578 #ifdef HITLS_TLS_PROTO_TLS_BASIC
579 ret = Tls12TryRecvHandShakeMsg(ctx);
580 break;
581 #endif /* HITLS_TLS_PROTO_TLS_BASIC */
582 #ifdef HITLS_TLS_PROTO_TLS13
583 case HITLS_VERSION_TLS13:
584 ret = Tls13TryRecvHandShakeMsg(ctx);
585 break;
586 #endif /* HITLS_TLS_PROTO_TLS13 */
587 #endif /* HITLS_TLS_PROTO_TLS */
588 #ifdef HITLS_TLS_PROTO_DTLS12
589 case HITLS_VERSION_DTLS12:
590 ret = DtlsTryRecvHandShakeMsg(ctx);
591 break;
592 #endif
593 default:
594 BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_UNSUPPORT_VERSION);
595 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15352, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
596 "Handshake state recv error: unsupport TLS version.", 0, 0, 0, 0);
597 return HITLS_MSG_HANDLE_UNSUPPORT_VERSION;
598 }
599 return HandleResult(ctx, ret);
600 }
601