1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include <stdint.h>
17 #include <string.h>
18 #include "hitls_build.h"
19 #include "bsl_sal.h"
20 #include "tls_binlog_id.h"
21 #include "bsl_log_internal.h"
22 #include "bsl_log.h"
23 #include "bsl_err_internal.h"
24 #include "hitls_error.h"
25 #include "tls.h"
26 #include "hs_ctx.h"
27 #include "hs_common.h"
28 #include "hs_verify.h"
29 #include "hs_msg.h"
30 #include "hs_extensions.h"
31 #include "alert.h"
32
33 static const int32_t X509_ERR_ALERT_MAP[] = {
34 [(HITLS_X509_V_ERR_UNSPECIFIED - 1) & 0XFF] = ALERT_INTERNAL_ERROR,
35 [(HITLS_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT - 1) & 0XFF] = ALERT_UNKNOWN_CA,
36 [(HITLS_X509_V_ERR_UNABLE_TO_GET_CRL - 1) & 0XFF] = ALERT_UNKNOWN_CA,
37 [(HITLS_X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
38 [(HITLS_X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
39 [(HITLS_X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
40 [(HITLS_X509_V_ERR_CERT_SIGNATURE_FAILURE - 1) & 0XFF] = ALERT_DECRYPT_ERROR,
41 [(HITLS_X509_V_ERR_CRL_SIGNATURE_FAILURE - 1) & 0XFF] = ALERT_DECRYPT_ERROR,
42 [(HITLS_X509_V_ERR_CERT_NOT_YET_VALID - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
43 [(HITLS_X509_V_ERR_CERT_HAS_EXPIRED - 1) & 0XFF] = ALERT_CERTIFICATE_EXPIRED,
44 [(HITLS_X509_V_ERR_CRL_NOT_YET_VALID - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
45 [(HITLS_X509_V_ERR_CRL_HAS_EXPIRED - 1) & 0XFF] = ALERT_CERTIFICATE_EXPIRED,
46 [(HITLS_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
47 [(HITLS_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
48 [(HITLS_X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
49 [(HITLS_X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
50 [(HITLS_X509_V_ERR_OUT_OF_MEM - 1) & 0XFF] = ALERT_INTERNAL_ERROR,
51 [(HITLS_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT - 1) & 0XFF] = ALERT_UNKNOWN_CA,
52 [(HITLS_X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN - 1) & 0XFF] = ALERT_UNKNOWN_CA,
53 [(HITLS_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY - 1) & 0XFF] = ALERT_UNKNOWN_CA,
54 [(HITLS_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE - 1) & 0XFF] = ALERT_UNKNOWN_CA,
55 [(HITLS_X509_V_ERR_CERT_CHAIN_TOO_LONG - 1) & 0XFF] = ALERT_UNKNOWN_CA,
56 [(HITLS_X509_V_ERR_CERT_REVOKED - 1) & 0XFF] = ALERT_CERTIFICATE_REVOKED,
57 [(HITLS_X509_V_ERR_INVALID_CA - 1) & 0XFF] = ALERT_UNKNOWN_CA,
58 [(HITLS_X509_V_ERR_PATH_LENGTH_EXCEEDED - 1) & 0XFF] = ALERT_UNKNOWN_CA,
59 [(HITLS_X509_V_ERR_INVALID_PURPOSE - 1) & 0XFF] = ALERT_UNSUPPORTED_CERTIFICATE,
60 [(HITLS_X509_V_ERR_CERT_UNTRUSTED - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
61 [(HITLS_X509_V_ERR_CERT_REJECTED - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
62 [(HITLS_X509_V_ERR_SUBJECT_ISSUER_MISMATCH - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
63 [(HITLS_X509_V_ERR_AKID_SKID_MISMATCH - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
64 [(HITLS_X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
65 [(HITLS_X509_V_ERR_KEYUSAGE_NO_CERTSIGN - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
66 [(HITLS_X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER - 1) & 0XFF] = ALERT_UNKNOWN_CA,
67 [(HITLS_X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
68 [(HITLS_X509_V_ERR_KEYUSAGE_NO_CRL_SIGN - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
69 [(HITLS_X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
70 [(HITLS_X509_V_ERR_INVALID_NON_CA - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
71 [(HITLS_X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
72 [(HITLS_X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
73 [(HITLS_X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
74 [(HITLS_X509_V_ERR_INVALID_EXTENSION - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
75 [(HITLS_X509_V_ERR_INVALID_POLICY_EXTENSION - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
76 [(HITLS_X509_V_ERR_NO_EXPLICIT_POLICY - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
77 [(HITLS_X509_V_ERR_DIFFERENT_CRL_SCOPE - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
78 [(HITLS_X509_V_ERR_ERROR_IN_CMP_CERT_NOT_AFTER_FIELD - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
79 [(HITLS_X509_V_ERR_ERROR_IN_CMP_CRL_THIS_UPDATE_FIELD - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
80 [(HITLS_X509_V_ERR_ERROR_IN_CMP_CRL_NEXT_UPDATE_FIELD - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
81 [(HITLS_X509_V_ERR_ERROR_IN_CMP_CERT_NOT_BEFORE_FIELD - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
82 [(HITLS_X509_V_ERR_CRL_PATH_VALIDATION_ERROR - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
83 };
84
GetAlertfromX509Err(HITLS_ERROR x509err)85 ALERT_Description GetAlertfromX509Err(HITLS_ERROR x509err)
86 {
87 uint32_t size = sizeof(X509_ERR_ALERT_MAP) / sizeof(X509_ERR_ALERT_MAP[0]);
88 uint32_t index = ((uint32_t)x509err - 1) & 0XFF;
89 if (index < size) {
90 return X509_ERR_ALERT_MAP[index];
91 }
92
93 return ALERT_BAD_CERTIFICATE;
94 }
95
ClientCheckPeerCert(TLS_Ctx * ctx,HITLS_CERT_X509 * cert)96 int32_t ClientCheckPeerCert(TLS_Ctx *ctx, HITLS_CERT_X509 *cert)
97 {
98 CERT_ExpectInfo expectCertInfo = {0};
99 expectCertInfo.certType = CFG_GetCertTypeByCipherSuite(ctx->negotiatedInfo.cipherSuiteInfo.cipherSuite);
100 expectCertInfo.signSchemeList = ctx->config.tlsConfig.signAlgorithms;
101 expectCertInfo.signSchemeNum = ctx->config.tlsConfig.signAlgorithmsSize;
102 if (ctx->negotiatedInfo.version != HITLS_VERSION_TLS13) {
103 expectCertInfo.ellipticCurveList = ctx->config.tlsConfig.groups;
104 expectCertInfo.ellipticCurveNum = ctx->config.tlsConfig.groupsSize;
105 }
106 expectCertInfo.ecPointFormatList = ctx->config.tlsConfig.pointFormats;
107 expectCertInfo.ecPointFormatNum = ctx->config.tlsConfig.pointFormatsSize;
108
109 return SAL_CERT_CheckCertInfo(ctx, &expectCertInfo, cert, false, true);
110 }
111
ServerCheckPeerCert(TLS_Ctx * ctx,HITLS_CERT_X509 * cert)112 int32_t ServerCheckPeerCert(TLS_Ctx *ctx, HITLS_CERT_X509 *cert)
113 {
114 CERT_ExpectInfo expectCertInfo = {0};
115 expectCertInfo.certType = CERT_TYPE_UNKNOWN;
116 expectCertInfo.signSchemeList = ctx->config.tlsConfig.signAlgorithms;
117 expectCertInfo.signSchemeNum = ctx->config.tlsConfig.signAlgorithmsSize;
118
119 return SAL_CERT_CheckCertInfo(ctx, &expectCertInfo, cert, false, true);
120 }
121
ClientCheckCert(TLS_Ctx * ctx,CERT_Pair * peerCert)122 static int32_t ClientCheckCert(TLS_Ctx *ctx, CERT_Pair *peerCert)
123 {
124 int32_t ret;
125 ret = ClientCheckPeerCert(ctx, SAL_CERT_PairGetX509(peerCert));
126 if (ret != HITLS_SUCCESS) {
127 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16224, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
128 "client check peer cert failed", 0, 0, 0, 0);
129 return ret;
130 }
131 #ifdef HITLS_TLS_PROTO_TLCP11
132 /* The encryption certificate is required for TLS of TLCP. Both ECDHE and ECC of the client depend on the encryption
133 * certificate. */
134 if (ctx->negotiatedInfo.version == HITLS_VERSION_TLCP_DTLCP11) {
135 HITLS_CERT_Key *cert = SAL_CERT_GetTlcpEncCert(peerCert);
136 if (cert == NULL) {
137 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16225, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
138 "client check peer enc cert failed.", 0, 0, 0, 0);
139 return HITLS_CERT_ERR_EXP_CERT;
140 }
141 /* The encryption certificate only needs to ensure that the certificate type matches the TLCP.
142 * That is, the encryption public key type matches the negotiation cipher suite. */
143 CERT_ExpectInfo expectCertInfo = {0};
144 expectCertInfo.certType = CFG_GetCertTypeByCipherSuite(ctx->negotiatedInfo.cipherSuiteInfo.cipherSuite);
145 ret = SAL_CERT_CheckCertInfo(ctx, &expectCertInfo, cert, false, false);
146 if (ret != HITLS_SUCCESS) {
147 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17041, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
148 "CheckCertInfo fail, ret = %d.", ret, 0, 0, 0);
149 }
150 }
151 #endif
152 return ret;
153 }
154
ServerCheckCert(TLS_Ctx * ctx,CERT_Pair * peerCert)155 static int32_t ServerCheckCert(TLS_Ctx *ctx, CERT_Pair *peerCert)
156 {
157 int32_t ret;
158 ret = ServerCheckPeerCert(ctx, SAL_CERT_PairGetX509(peerCert));
159 if (ret != HITLS_SUCCESS) {
160 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16226, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
161 "server check peer cert failed.", 0, 0, 0, 0);
162 return ret;
163 }
164 #ifdef HITLS_TLS_PROTO_TLCP11
165 /* Service processing logic. The ECDHE exchange algorithm logic requires the encryption certificate */
166 if (ctx->negotiatedInfo.version == HITLS_VERSION_TLCP_DTLCP11 &&
167 ctx->negotiatedInfo.cipherSuiteInfo.kxAlg == HITLS_KEY_EXCH_ECDHE) {
168 HITLS_CERT_Key *cert = SAL_CERT_GetTlcpEncCert(peerCert);
169 if (cert == NULL) {
170 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16227, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
171 "service check peer enc cert failed", 0, 0, 0, 0);
172 return HITLS_CERT_ERR_EXP_CERT;
173 }
174 /* The encryption certificate only needs to ensure that the certificate type matches the TLCP.
175 * That is, the encryption public key type matches the negotiation cipher suite. */
176 CERT_ExpectInfo expectCertInfo = {0};
177 expectCertInfo.certType = CFG_GetCertTypeByCipherSuite(ctx->negotiatedInfo.cipherSuiteInfo.cipherSuite);
178 ret = SAL_CERT_CheckCertInfo(ctx, &expectCertInfo, cert, false, false);
179 if (ret != HITLS_SUCCESS) {
180 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17042, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
181 "CheckCertInfo fail, ret = %d.", ret, 0, 0, 0);
182 }
183 }
184 #endif
185 return ret;
186 }
187 #ifdef HITLS_TLS_CONFIG_KEY_USAGE
CheckCertKeyUsage(TLS_Ctx * ctx,CERT_Pair * peerCert)188 static bool CheckCertKeyUsage(TLS_Ctx *ctx, CERT_Pair *peerCert)
189 {
190 bool checkUsageRec = false;
191 HITLS_CERT_X509 *cert = SAL_CERT_PairGetX509(peerCert);
192 if (ctx->negotiatedInfo.version == HITLS_VERSION_TLS13) {
193 return SAL_CERT_CheckCertKeyUsage(ctx, cert, CERT_KEY_CTRL_IS_DIGITAL_SIGN_USAGE);
194 }
195
196 HITLS_KeyExchAlgo kxAlg = ctx->negotiatedInfo.cipherSuiteInfo.kxAlg;
197 if (ctx->isClient) {
198 switch (kxAlg) {
199 case HITLS_KEY_EXCH_DHE:
200 case HITLS_KEY_EXCH_ECDHE:
201 case HITLS_KEY_EXCH_ECDHE_PSK:
202 case HITLS_KEY_EXCH_DHE_PSK:
203 checkUsageRec = SAL_CERT_CheckCertKeyUsage(ctx, cert, CERT_KEY_CTRL_IS_DIGITAL_SIGN_USAGE);
204 break;
205 case HITLS_KEY_EXCH_RSA:
206 case HITLS_KEY_EXCH_ECC:
207 case HITLS_KEY_EXCH_RSA_PSK:
208 checkUsageRec = SAL_CERT_CheckCertKeyUsage(ctx, cert, CERT_KEY_CTRL_IS_KEYENC_USAGE);
209 break;
210 case HITLS_KEY_EXCH_ECDH:
211 case HITLS_KEY_EXCH_DH:
212 checkUsageRec = SAL_CERT_CheckCertKeyUsage(ctx, cert, CERT_KEY_CTRL_IS_KEY_AGREEMENT_USAGE);
213 break;
214 default:
215 break;
216 }
217 } else {
218 switch (kxAlg) {
219 case HITLS_KEY_EXCH_ECDH:
220 case HITLS_KEY_EXCH_DH:
221 checkUsageRec = SAL_CERT_CheckCertKeyUsage(ctx, cert, CERT_KEY_CTRL_IS_KEY_AGREEMENT_USAGE);
222 break;
223 default:
224 checkUsageRec = SAL_CERT_CheckCertKeyUsage(ctx, cert, CERT_KEY_CTRL_IS_DIGITAL_SIGN_USAGE);
225 break;
226 }
227 }
228 return checkUsageRec;
229 }
230 #endif /* HITLS_TLS_CONFIG_KEY_USAGE */
231 /**
232 * @brief Process the peer certificate, check, and save it.
233 *
234 * @param ctx [IN/OUT] TLS context
235 * @param certs [IN] Certificate message
236 *
237 * @retval HITLS_SUCCESS succeeded.
238 * @retval For other error codes, see hitls_error.h.
239 */
ProcessPeerCertificate(TLS_Ctx * ctx,const CertificateMsg * certs)240 static int32_t ProcessPeerCertificate(TLS_Ctx *ctx, const CertificateMsg *certs)
241 {
242 int32_t ret;
243 CERT_Pair *peerCert = NULL;
244
245 ret = SAL_CERT_ParseCertChain(ctx, certs->cert, &peerCert);
246 if (ret != HITLS_SUCCESS) {
247 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15723, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
248 "parse certificate list fail when process peer certificate.", 0, 0, 0, 0);
249 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_BAD_CERTIFICATE);
250 return ret;
251 }
252 #ifdef HITLS_TLS_CONFIG_KEY_USAGE
253 if (ctx->negotiatedInfo.version != HITLS_VERSION_TLCP_DTLCP11 && ctx->config.tlsConfig.needCheckKeyUsage == true &&
254 !CheckCertKeyUsage(ctx, peerCert)) {
255 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17043, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
256 "CheckCertKeyUsage fail", 0, 0, 0, 0);
257 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_UNSUPPORTED_CERTIFICATE);
258 SAL_CERT_PairFree(ctx->config.tlsConfig.certMgrCtx, peerCert);
259 return HITLS_CERT_ERR_KEYUSAGE;
260 }
261 #endif /* HITLS_TLS_CONFIG_KEY_USAGE */
262 if (ctx->isClient) {
263 ret = ClientCheckCert(ctx, peerCert);
264 } else {
265 ret = ServerCheckCert(ctx, peerCert);
266 }
267 if (ret != HITLS_SUCCESS) {
268 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_BAD_CERTIFICATE);
269 SAL_CERT_PairFree(ctx->config.tlsConfig.certMgrCtx, peerCert);
270 return ret;
271 }
272
273 ctx->hsCtx->peerCert = peerCert;
274 return HITLS_SUCCESS;
275 }
276 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
VerifyCertChain(TLS_Ctx * ctx)277 static int32_t VerifyCertChain(TLS_Ctx *ctx)
278 {
279 int32_t ret = SAL_CERT_VerifyCertChain(ctx, ctx->hsCtx->peerCert, false);
280 if (ret != HITLS_SUCCESS) {
281 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16228, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
282 "process peer certificate fail, ret = 0x%x.", (uint32_t)ret, 0, 0, 0);
283 return ret;
284 }
285 #ifdef HITLS_TLS_PROTO_TLCP11
286 if (ctx->negotiatedInfo.version != HITLS_VERSION_TLCP_DTLCP11) {
287 return ret;
288 }
289 if (ctx->isClient) {
290 ret = SAL_CERT_VerifyCertChain(ctx, ctx->hsCtx->peerCert, true);
291 if (ret != HITLS_SUCCESS) {
292 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16229, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
293 "process client enc certificate fail, ret = 0x%x.", (uint32_t)ret, 0, 0, 0);
294 }
295 return ret;
296 }
297 /* Processing logic on the service side of TLCP, which is verified only when used. */
298 if (ctx->negotiatedInfo.cipherSuiteInfo.kxAlg == HITLS_KEY_EXCH_ECDHE) {
299 ret = SAL_CERT_VerifyCertChain(ctx, ctx->hsCtx->peerCert, true);
300 if (ret != HITLS_SUCCESS) {
301 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16230, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
302 "process server enc certificate fail, ret = 0x%x.", (uint32_t)ret, 0, 0, 0);
303 }
304 return ret;
305 }
306 #endif
307 return ret;
308 }
309
310 /**
311 * @brief Process the certificate.
312 *
313 * @param ctx [IN/OUT] TLS context
314 * @param msg [IN] Packet structure
315 *
316 * @retval HITLS_SUCCESS succeeded.
317 * @retval For other error codes, see hitls_error.h.
318 */
RecvCertificateProcess(TLS_Ctx * ctx,const HS_Msg * msg)319 int32_t RecvCertificateProcess(TLS_Ctx *ctx, const HS_Msg *msg)
320 {
321 int32_t ret;
322 const CertificateMsg *certs = &msg->body.certificate;
323
324 /**
325 * RFC 5426 7.4.6:If no suitable certificate is available,
326 * the client MUST send a certificate message containing no certificates.
327 */
328 if (certs->certCount == 0) {
329 /** Only the server allows the peer certificate to be empty */
330 if ((ctx->isClient == false) &&
331 (ctx->config.tlsConfig.isSupportClientVerify && ctx->config.tlsConfig.isSupportNoClientCert)) {
332 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17105, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
333 "server recv empty cert", 0, 0, 0, 0);
334 return HS_ChangeState(ctx, TRY_RECV_CLIENT_KEY_EXCHANGE);
335 }
336
337 BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_NO_PEER_CERTIFIACATE);
338 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15724, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
339 "peer certificate is needed!", 0, 0, 0, 0);
340 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ctx->isClient ? ALERT_DECODE_ERROR : ALERT_HANDSHAKE_FAILURE);
341 return HITLS_MSG_HANDLE_NO_PEER_CERTIFIACATE;
342 }
343
344 /** Process the obtained peer certificate */
345 ret = ProcessPeerCertificate(ctx, certs);
346 if (ret != HITLS_SUCCESS) {
347 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15725, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
348 "process peer certificate fail, ret = 0x%x.", ret, 0, 0, 0);
349 return ret;
350 }
351
352 /** Verify the peer certificate */
353 ret = VerifyCertChain(ctx);
354 /* After the VerifyNone function is enabled, the client can continue the handshake process if the server certificate
355 * fails to be verified */
356 if (ret != HITLS_SUCCESS) {
357 if (!ctx->config.tlsConfig.isSupportVerifyNone) {
358 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, GetAlertfromX509Err(ctx->peerInfo.verifyResult));
359 return ret;
360 }
361 }
362
363 /** Update the state machine */
364 if (ctx->isClient) {
365 if (IsNeedServerKeyExchange(ctx) == true) {
366 return HS_ChangeState(ctx, TRY_RECV_SERVER_KEY_EXCHANGE);
367 }
368 return HS_ChangeState(ctx, TRY_RECV_CERTIFICATE_REQUEST);
369 }
370 return HS_ChangeState(ctx, TRY_RECV_CLIENT_KEY_EXCHANGE);
371 }
372 #endif /* HITLS_TLS_PROTO_TLS_BASIC || HITLS_TLS_PROTO_DTLS12 */
373 #ifdef HITLS_TLS_PROTO_TLS13
CertificateReqCtxCheck(TLS_Ctx * ctx,const CertificateMsg * certs)374 static int32_t CertificateReqCtxCheck(TLS_Ctx *ctx, const CertificateMsg *certs)
375 {
376 #ifdef HITLS_TLS_FEATURE_PHA
377 /* In the handshake phase, certificate_request_context must be empty. */
378 if (ctx->phaState != PHA_REQUESTED && certs->certificateReqCtxSize != 0) {
379 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15726, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
380 "server receive a non-zero certificateReqCtx.", 0, 0, 0, 0);
381 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_ILLEGAL_PARAMETER);
382 return HITLS_MSG_HANDLE_INVALID_CERT_REQ_CTX;
383 }
384 /* pha phase, which must be non-empty and equal */
385 if (ctx->certificateReqCtxSize != 0 && (ctx->certificateReqCtxSize != certs->certificateReqCtxSize ||
386 memcmp(ctx->certificateReqCtx, certs->certificateReqCtx, certs->certificateReqCtxSize) != 0)) {
387 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17044, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
388 "certificateReqCtx is not equal", 0, 0, 0, 0);
389 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_ILLEGAL_PARAMETER);
390 return HITLS_MSG_HANDLE_INVALID_CERT_REQ_CTX;
391 }
392 #else
393 if (certs->certificateReqCtxSize != 0) {
394 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15732, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
395 "server receive a non-zero certificateReqCtx.", 0, 0, 0, 0);
396 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_ILLEGAL_PARAMETER);
397 return HITLS_MSG_HANDLE_INVALID_CERT_REQ_CTX;
398 }
399 #endif /* HITLS_TLS_FEATURE_PHA */
400 return HITLS_SUCCESS;
401 }
402
Tls13RecvCertificateProcess(TLS_Ctx * ctx,const HS_Msg * msg)403 int32_t Tls13RecvCertificateProcess(TLS_Ctx *ctx, const HS_Msg *msg)
404 {
405 const CertificateMsg *certs = &msg->body.certificate;
406
407 if (ctx->isClient == false) {
408 ctx->plainAlertForbid = true;
409 }
410 int32_t ret = HS_CheckReceivedExtension(
411 ctx, CERTIFICATE, certs->extensionTypeMask, HS_EX_TYPE_TLS1_3_ALLOWED_OF_CERTIFICATE);
412 if (ret != HITLS_SUCCESS) {
413 return ret;
414 }
415 ret = CertificateReqCtxCheck(ctx, certs);
416 if (ret != HITLS_SUCCESS) {
417 return ret;
418 }
419
420 /**
421 * RFC 5426 7.4.6:If no suitable certificate is available,
422 * the client MUST send a certificate message containing no certificates.
423 */
424 if (certs->certCount == 0) {
425 if (ctx->isClient) {
426 BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_NO_PEER_CERTIFIACATE);
427 return RETURN_ALERT_PROCESS(ctx, HITLS_MSG_HANDLE_NO_PEER_CERTIFIACATE, BINLOG_ID16126,
428 "peer certificate is needed!", ALERT_DECODE_ERROR);
429 }
430 /** Only the server allows the peer certificate to be empty */
431 if ((ctx->config.tlsConfig.isSupportClientVerify && ctx->config.tlsConfig.isSupportNoClientCert)) {
432 ret = VERIFY_Tls13CalcVerifyData(ctx, true);
433 if (ret != HITLS_SUCCESS) {
434 return RETURN_ALERT_PROCESS(ctx, ret, BINLOG_ID15729,
435 "server calculate client finished data error.", ALERT_INTERNAL_ERROR);
436 }
437 return HS_ChangeState(ctx, TRY_RECV_FINISH);
438 }
439
440 BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_NO_PEER_CERTIFIACATE);
441 return RETURN_ALERT_PROCESS(ctx, HITLS_MSG_HANDLE_NO_PEER_CERTIFIACATE, BINLOG_ID15727,
442 "peer certificate is needed!", ALERT_CERTIFICATE_REQUIRED);
443 }
444
445 /** Process the obtained peer certificate */
446 ret = ProcessPeerCertificate(ctx, certs);
447 if (ret != HITLS_SUCCESS) {
448 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15728, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
449 "process peer certificate fail, ret = 0x%x.", ret, 0, 0, 0);
450 return ret;
451 }
452
453 /** Verify the peer certificate */
454 ret = SAL_CERT_VerifyCertChain(ctx, ctx->hsCtx->peerCert, false);
455 if (ret != HITLS_SUCCESS) {
456 if (!ctx->config.tlsConfig.isSupportVerifyNone) {
457 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17045, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
458 "VerifyCertChain fail, ret = 0x%x.", (uint32_t)ret, 0, 0, 0);
459 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, GetAlertfromX509Err(ctx->peerInfo.verifyResult));
460 return ret;
461 }
462 }
463
464 return HS_ChangeState(ctx, TRY_RECV_CERTIFICATE_VERIFY);
465 }
466 #endif /* HITLS_TLS_PROTO_TLS13 */