• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is part of the openHiTLS project.
3  *
4  * openHiTLS is licensed under the Mulan PSL v2.
5  * You can use this software according to the terms and conditions of the Mulan PSL v2.
6  * You may obtain a copy of Mulan PSL v2 at:
7  *
8  *     http://license.coscl.org.cn/MulanPSL2
9  *
10  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11  * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12  * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13  * See the Mulan PSL v2 for more details.
14  */
15 #include "hitls_build.h"
16 #ifdef HITLS_TLS_HOST_SERVER
17 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
18 #include "tls_binlog_id.h"
19 #include "bsl_log_internal.h"
20 #include "bsl_log.h"
21 #include "bsl_err_internal.h"
22 #include "hitls_error.h"
23 #include "tls.h"
24 #include "hs.h"
25 #include "hs_ctx.h"
26 #include "hs_kx.h"
27 #include "hs_msg.h"
28 #include "hs_verify.h"
29 #include "hs_common.h"
30 #include "securec.h"
31 #include "bsl_sal.h"
32 #ifdef HITLS_TLS_FEATURE_PSK
RetriveServerPsk(TLS_Ctx * ctx,const ClientKeyExchangeMsg * clientKxMsg)33 static int32_t RetriveServerPsk(TLS_Ctx *ctx, const ClientKeyExchangeMsg *clientKxMsg)
34 {
35     uint8_t psk[HS_PSK_MAX_LEN] = {0};
36 
37     if ((!IsPskNegotiation(ctx)) == true) {
38         return HITLS_SUCCESS;
39     }
40 
41     if (ctx->config.tlsConfig.pskServerCb == NULL) {
42         BSL_ERR_PUSH_ERROR(HITLS_UNREGISTERED_CALLBACK);
43         return RETURN_ERROR_NUMBER_PROCESS(HITLS_UNREGISTERED_CALLBACK, BINLOG_ID17068, "unregistered pskServerCb");
44     }
45 
46     uint32_t pskUsedLen = ctx->config.tlsConfig.pskServerCb(ctx, clientKxMsg->pskIdentity, psk, HS_PSK_MAX_LEN);
47     if (pskUsedLen == 0 || pskUsedLen > HS_PSK_MAX_LEN) {
48         BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_ILLEGAL_PSK_LEN);
49         return RETURN_ERROR_NUMBER_PROCESS(HITLS_MSG_HANDLE_ILLEGAL_PSK_LEN, BINLOG_ID17069, "pskUsedLen incorrect");
50     }
51 
52     if (ctx->hsCtx->kxCtx->pskInfo == NULL) {
53         ctx->hsCtx->kxCtx->pskInfo = (PskInfo *)BSL_SAL_Calloc(1u, sizeof(PskInfo));
54         if (ctx->hsCtx->kxCtx->pskInfo == NULL) {
55             (void)memset_s(psk, HS_PSK_MAX_LEN, 0, HS_PSK_MAX_LEN);
56             BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
57             return RETURN_ERROR_NUMBER_PROCESS(HITLS_MEMALLOC_FAIL, BINLOG_ID17070, "Calloc fail");
58         }
59     }
60 
61     uint8_t *tmpIdentity = NULL;
62     if (clientKxMsg->pskIdentity != NULL) {
63         tmpIdentity = (uint8_t *)BSL_SAL_Calloc(1u, (clientKxMsg->pskIdentitySize + 1) * sizeof(uint8_t));
64         if (tmpIdentity == NULL) {
65             (void)memset_s(psk, HS_PSK_MAX_LEN, 0, HS_PSK_MAX_LEN);
66             BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
67             return RETURN_ERROR_NUMBER_PROCESS(HITLS_MEMALLOC_FAIL, BINLOG_ID17071, "Calloc fail");
68         }
69         (void)memcpy_s(tmpIdentity, clientKxMsg->pskIdentitySize + 1, clientKxMsg->pskIdentity,
70             clientKxMsg->pskIdentitySize);
71         BSL_SAL_FREE(ctx->hsCtx->kxCtx->pskInfo->identity);
72         ctx->hsCtx->kxCtx->pskInfo->identity = tmpIdentity;
73         ctx->hsCtx->kxCtx->pskInfo->identityLen = clientKxMsg->pskIdentitySize;
74     }
75 
76     uint8_t *tmpPsk = (uint8_t *)BSL_SAL_Dump(psk, pskUsedLen);
77     if (tmpPsk == NULL) {
78         (void)memset_s(psk, HS_PSK_MAX_LEN, 0, HS_PSK_MAX_LEN);
79         BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
80         return RETURN_ERROR_NUMBER_PROCESS(HITLS_MEMALLOC_FAIL, BINLOG_ID17072, "Dump fail");
81     }
82 
83     BSL_SAL_FREE(ctx->hsCtx->kxCtx->pskInfo->psk);
84     ctx->hsCtx->kxCtx->pskInfo->psk = tmpPsk;
85     ctx->hsCtx->kxCtx->pskInfo->pskLen = pskUsedLen;
86 
87     /* sensitive info cleanup */
88     (void)memset_s(psk, HS_PSK_MAX_LEN, 0, HS_PSK_MAX_LEN);
89 
90     return HITLS_SUCCESS;
91 }
92 #endif /* HITLS_TLS_FEATURE_PSK */
ProcessClientKxMsg(TLS_Ctx * ctx,const ClientKeyExchangeMsg * clientKxMsg)93 static int32_t ProcessClientKxMsg(TLS_Ctx *ctx, const ClientKeyExchangeMsg *clientKxMsg)
94 {
95     HS_Ctx *hsCtx = (HS_Ctx *)ctx->hsCtx;
96     int32_t ret = HITLS_SUCCESS;
97 #ifdef HITLS_TLS_FEATURE_PSK
98     ret = RetriveServerPsk(ctx, clientKxMsg);
99     if (ret != HITLS_SUCCESS) {
100         // log here
101         return ret;
102     }
103 #endif /* HITLS_TLS_FEATURE_PSK */
104     /** Process the key exchange packet from the client */
105     switch (hsCtx->kxCtx->keyExchAlgo) {
106 #ifdef HITLS_TLS_SUITE_KX_ECDHE
107         case HITLS_KEY_EXCH_ECDHE: /* ECDHE of TLCP is also in this branch */
108         case HITLS_KEY_EXCH_ECDHE_PSK:
109             ret = HS_ProcessClientKxMsgEcdhe(ctx, clientKxMsg);
110             break;
111 #endif /* HITLS_TLS_SUITE_KX_ECDHE */
112 #ifdef HITLS_TLS_SUITE_KX_DHE
113         case HITLS_KEY_EXCH_DHE:
114         case HITLS_KEY_EXCH_DHE_PSK:
115             ret = HS_ProcessClientKxMsgDhe(ctx, clientKxMsg);
116             break;
117 #endif /* HITLS_TLS_SUITE_KX_DHE */
118 #ifdef HITLS_TLS_SUITE_KX_RSA
119         case HITLS_KEY_EXCH_RSA:
120         case HITLS_KEY_EXCH_RSA_PSK:
121             ret = HS_ProcessClientKxMsgRsa(ctx, clientKxMsg);
122             break;
123 #endif /* HITLS_TLS_SUITE_KX_RSA */
124         case HITLS_KEY_EXCH_PSK:
125             ret = HITLS_SUCCESS;
126             break;
127 #ifdef HITLS_TLS_PROTO_TLCP11
128         case HITLS_KEY_EXCH_ECC:
129             ret = HS_ProcessClientKxMsgSm2(ctx, clientKxMsg);
130             break;
131 #endif
132         default:
133             BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17073, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
134                 "unknow keyExchAlgo", 0, 0, 0, 0);
135             BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_UNSUPPORT_KX_ALG);
136             ret = HITLS_MSG_HANDLE_UNSUPPORT_KX_ALG;
137             ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
138             break;
139     }
140 
141     return ret;
142 }
143 
GenerateKeyMaterial(TLS_Ctx * ctx,const HS_Msg * msg)144 static int32_t GenerateKeyMaterial(TLS_Ctx *ctx, const HS_Msg *msg)
145 {
146     int32_t ret = HITLS_SUCCESS;
147     /** Obtain the server information */
148     const ClientKeyExchangeMsg *clientKxMsg = &msg->body.clientKeyExchange;
149 
150     ret = ProcessClientKxMsg(ctx, clientKxMsg);
151     if (ret != HITLS_SUCCESS) {
152         BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15820, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
153             "server process client key exchange msg fail.", 0, 0, 0, 0);
154         return ret;
155     }
156 
157     ret = HS_GenerateMasterSecret(ctx);
158     if (ret != HITLS_SUCCESS) {
159         BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15821, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
160             "server generate master secret fail.", 0, 0, 0, 0);
161         ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
162         return ret;
163     }
164 
165     /** Server secret derivation */
166     ret = HS_KeyEstablish(ctx, ctx->isClient);
167     if (ret != HITLS_SUCCESS) {
168         BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15822, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
169             "server key establish fail.", 0, 0, 0, 0);
170         ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
171         return ret;
172     }
173 #if defined(HITLS_TLS_PROTO_DTLS12) && defined(HITLS_BSL_UIO_SCTP)
174     ret = HS_SetSctpAuthKey(ctx);
175     if (ret != HITLS_SUCCESS) {
176         BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17074, BSL_LOG_LEVEL_FATAL, BSL_LOG_BINLOG_TYPE_RUN,
177             "SetSctpAuthKey fail", 0, 0, 0, 0);
178     }
179 #endif /* HITLS_TLS_PROTO_DTLS12 */
180     return ret;
181 }
182 
ServerRecvClientKxProcess(TLS_Ctx * ctx,const HS_Msg * msg)183 int32_t ServerRecvClientKxProcess(TLS_Ctx *ctx, const HS_Msg *msg)
184 {
185     int32_t ret = HITLS_SUCCESS;
186     /** Obtain the server information */
187     HS_Ctx *hsCtx = (HS_Ctx *)ctx->hsCtx;
188 
189     ret = GenerateKeyMaterial(ctx, msg);
190     if (ret != HITLS_SUCCESS) {
191         return ret;
192     }
193 
194     /**
195      * According to RFC 5246 7.4.8: This message (referred to here as client cert verify) is only sent following
196      * a client certificate that has signing capability.
197      * In the case of dual-ended parity
198      * 1) If the peer certificate is not empty, the system calculates the signature and switches to the cert verify
199      * state. 2) If the peer certificate is empty, the client sends an empty certificate message after the server sends
200      * a cert request message, In this case, the client does not send the cert verify message. Therefore, the client
201      * needs to switch to the state of receiving the Finish message.
202      */
203     if (hsCtx->isNeedClientCert && hsCtx->peerCert != NULL) {
204         return HS_ChangeState(ctx, TRY_RECV_CERTIFICATE_VERIFY);
205     }
206     ret = VERIFY_CalcVerifyData(ctx, true, ctx->hsCtx->masterKey, MASTER_SECRET_LEN);
207     if (ret != HITLS_SUCCESS) {
208         BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15823, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
209             "server Calculate client finished data error.", 0, 0, 0, 0);
210         ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
211         (void)memset_s(ctx->hsCtx->masterKey, sizeof(ctx->hsCtx->masterKey), 0, sizeof(ctx->hsCtx->masterKey));
212         return ret;
213     }
214 
215     ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_READY);
216     ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_ACTIVE_CIPHER_SPEC);
217     return HS_ChangeState(ctx, TRY_RECV_FINISH);
218 }
219 #endif /* HITLS_TLS_PROTO_TLS_BASIC || HITLS_TLS_PROTO_DTLS12 */
220 #endif /* HITLS_TLS_HOST_SERVER */