1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15 #include "hitls_build.h"
16 #if defined(HITLS_TLS_HOST_SERVER) || defined(HITLS_TLS_PROTO_TLS13)
17 #include <stdint.h>
18 #include "securec.h"
19 #include "tls_binlog_id.h"
20 #include "bsl_log_internal.h"
21 #include "bsl_log.h"
22 #include "bsl_sal.h"
23 #include "bsl_err_internal.h"
24 #include "hitls_error.h"
25 #include "tls.h"
26 #include "hs_ctx.h"
27 #include "hs_verify.h"
28 #include "hs_common.h"
29 #include "hs_msg.h"
30 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
ServerRecvClientCertVerifyProcess(TLS_Ctx * ctx)31 int32_t ServerRecvClientCertVerifyProcess(TLS_Ctx *ctx)
32 {
33 int32_t ret;
34 ret = VERIFY_CalcVerifyData(ctx, true, ctx->hsCtx->masterKey, MASTER_SECRET_LEN);
35 if (ret != HITLS_SUCCESS) {
36 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15871, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
37 "server Calculate client finished data error.", 0, 0, 0, 0);
38 (void)memset_s(ctx->hsCtx->masterKey, sizeof(ctx->hsCtx->masterKey), 0, sizeof(ctx->hsCtx->masterKey));
39 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
40 return ret;
41 }
42
43 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_READY);
44 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_ACTIVE_CIPHER_SPEC);
45 return HS_ChangeState(ctx, TRY_RECV_FINISH);
46 }
47 #endif /* HITLS_TLS_PROTO_TLS_BASIC || HITLS_TLS_PROTO_DTLS12 */
48 #ifdef HITLS_TLS_PROTO_TLS13
Tls13RecvCertVerifyProcess(TLS_Ctx * ctx)49 int32_t Tls13RecvCertVerifyProcess(TLS_Ctx *ctx)
50 {
51 int32_t ret;
52
53 /* The signature verification has been completed in the parser part.
54 Only the finish data of the peer needs to be calculated. */
55 ret = VERIFY_Tls13CalcVerifyData(ctx, !ctx->isClient);
56 if (ret != HITLS_SUCCESS) {
57 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15872, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
58 "calculate finished data fail.", 0, 0, 0, 0);
59 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
60 return ret;
61 }
62
63 return HS_ChangeState(ctx, TRY_RECV_FINISH);
64 }
65 #endif /* HITLS_TLS_PROTO_TLS13 */
66 #endif /* HITLS_TLS_HOST_SERVER || HITLS_TLS_PROTO_TLS13 */