1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15 #include "hitls_build.h"
16 #include "tls_binlog_id.h"
17 #include "bsl_log_internal.h"
18 #include "bsl_log.h"
19 #include "bsl_err_internal.h"
20 #include "hitls_error.h"
21 #include "tls.h"
22 #include "hs_ctx.h"
23 #include "hs.h"
24 #include "hs_common.h"
25 #include "send_process.h"
26 #include "hs_kx.h"
27 #include "pack.h"
28 #include "bsl_uio.h"
29 #include "bsl_sal.h"
30
31 #ifdef HITLS_TLS_FEATURE_KEY_UPDATE
Tls13SendKeyUpdateProcess(TLS_Ctx * ctx)32 static int32_t Tls13SendKeyUpdateProcess(TLS_Ctx *ctx)
33 {
34 int32_t ret = HITLS_SUCCESS;
35 HS_Ctx *hsCtx = ctx->hsCtx;
36
37 if (hsCtx->msgLen == 0) {
38 ret = HS_PackMsg(ctx, KEY_UPDATE, hsCtx->msgBuf, hsCtx->bufferLen, &hsCtx->msgLen);
39 if (ret != HITLS_SUCCESS) {
40 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15791, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
41 "pack tls1.3 key update msg fail.", 0, 0, 0, 0);
42 return ret;
43 }
44 }
45
46 ret = HS_SendMsg(ctx);
47 if (ret != HITLS_SUCCESS) {
48 return ret;
49 }
50 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15792, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
51 "send tls1.3 key update msg success.", 0, 0, 0, 0);
52 /* After the key update message is sent, the local application traffic key is updated and activated. */
53 ret = HS_TLS13UpdateTrafficSecret(ctx, true);
54 if (ret != HITLS_SUCCESS) {
55 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15793, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
56 "tls1.3 out key update fail", 0, 0, 0, 0);
57 return ret;
58 }
59 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15794, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
60 "tls1.3 send key update success.", 0, 0, 0, 0);
61
62 ctx->isKeyUpdateRequest = false;
63 ctx->keyUpdateType = HITLS_KEY_UPDATE_REQ_END;
64 return HS_ChangeState(ctx, TLS_CONNECTED);
65 }
66 #endif /* HITLS_TLS_FEATURE_KEY_UPDATE */
67 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
SendFinishedProcess(TLS_Ctx * ctx)68 static int32_t SendFinishedProcess(TLS_Ctx *ctx)
69 {
70 #ifdef HITLS_TLS_HOST_CLIENT
71 if (ctx->isClient) {
72 #ifdef HITLS_TLS_PROTO_DTLS12
73 if (IS_SUPPORT_DATAGRAM(ctx->config.tlsConfig.originVersionMask)) {
74 return DtlsClientSendFinishedProcess(ctx);
75 }
76 #endif
77 #ifdef HITLS_TLS_PROTO_TLS_BASIC
78 return Tls12ClientSendFinishedProcess(ctx);
79 #endif /* HITLS_TLS_PROTO_TLS_BASIC */
80 }
81 #endif /* HITLS_TLS_HOST_CLIENT */
82 #ifdef HITLS_TLS_HOST_SERVER
83 #ifdef HITLS_TLS_PROTO_DTLS12
84 if (IS_SUPPORT_DATAGRAM(ctx->config.tlsConfig.originVersionMask)) {
85 return DtlsServerSendFinishedProcess(ctx);
86 }
87 #endif
88 #ifdef HITLS_TLS_PROTO_TLS_BASIC
89 return Tls12ServerSendFinishedProcess(ctx);
90 #endif /* HITLS_TLS_PROTO_TLS_BASIC */
91 #endif /* HITLS_TLS_HOST_SERVER */
92
93 return HITLS_INTERNAL_EXCEPTION;
94 }
ProcessSendHandshakeMsg(TLS_Ctx * ctx)95 static int32_t ProcessSendHandshakeMsg(TLS_Ctx *ctx)
96 {
97 switch (ctx->hsCtx->state) {
98 #ifdef HITLS_TLS_HOST_SERVER
99 #ifdef HITLS_TLS_FEATURE_RENEGOTIATION
100 case TRY_SEND_HELLO_REQUEST:
101 return ServerSendHelloRequestProcess(ctx);
102 #endif /* HITLS_TLS_FEATURE_RENEGOTIATION */
103 #if defined(HITLS_TLS_PROTO_DTLS12) && defined(HITLS_BSL_UIO_UDP)
104 case TRY_SEND_HELLO_VERIFY_REQUEST:
105 return DtlsServerSendHelloVerifyRequestProcess(ctx);
106 #endif /* HITLS_TLS_PROTO_DTLS12 && HITLS_BSL_UIO_UDP */
107 case TRY_SEND_SERVER_HELLO:
108 return ServerSendServerHelloProcess(ctx);
109 case TRY_SEND_SERVER_KEY_EXCHANGE:
110 return ServerSendServerKeyExchangeProcess(ctx);
111 case TRY_SEND_CERTIFICATE_REQUEST:
112 return ServerSendCertRequestProcess(ctx);
113 case TRY_SEND_SERVER_HELLO_DONE:
114 return ServerSendServerHelloDoneProcess(ctx);
115 #ifdef HITLS_TLS_FEATURE_SESSION_TICKET
116 case TRY_SEND_NEW_SESSION_TICKET:
117 return SendNewSessionTicketProcess(ctx);
118 #endif /* HITLS_TLS_FEATURE_SESSION_TICKET */
119 #endif /* HITLS_TLS_HOST_SERVER */
120 #ifdef HITLS_TLS_HOST_CLIENT
121 case TRY_SEND_CLIENT_HELLO:
122 return ClientSendClientHelloProcess(ctx);
123 case TRY_SEND_CLIENT_KEY_EXCHANGE:
124 return ClientSendClientKeyExchangeProcess(ctx);
125 case TRY_SEND_CERTIFICATE_VERIFY:
126 return ClientSendCertVerifyProcess(ctx);
127 #endif /* HITLS_TLS_HOST_CLIENT */
128 case TRY_SEND_CERTIFICATE:
129 return SendCertificateProcess(ctx);
130 case TRY_SEND_CHANGE_CIPHER_SPEC:
131 return SendChangeCipherSpecProcess(ctx);
132 case TRY_SEND_FINISH:
133 return SendFinishedProcess(ctx);
134 default:
135 break;
136 }
137 BSL_LOG_BINLOG_VARLEN(BINLOG_ID17100, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
138 "Handshake state err: should send msg, but current state is %s.", HS_GetStateStr(ctx->hsCtx->state));
139 return HITLS_MSG_HANDLE_STATE_ILLEGAL;
140 }
141 #endif /* HITLS_TLS_PROTO_TLS_BASIC || HITLS_TLS_PROTO_DTLS12 */
142 #ifdef HITLS_TLS_PROTO_TLS13
Tls13SendChangeCipherSpecProcess(TLS_Ctx * ctx)143 int32_t Tls13SendChangeCipherSpecProcess(TLS_Ctx *ctx)
144 {
145 int32_t ret;
146
147 /* Sending message with changed cipher suites */
148 ret = ctx->method.sendCCS(ctx);
149 if (ret != HITLS_SUCCESS) {
150 return ret;
151 }
152 return HS_ChangeState(ctx, ctx->hsCtx->ccsNextState);
153 }
154
Tls13ProcessSendHandshakeMsg(TLS_Ctx * ctx)155 static int32_t Tls13ProcessSendHandshakeMsg(TLS_Ctx *ctx)
156 {
157 switch (ctx->hsCtx->state) {
158 #ifdef HITLS_TLS_HOST_CLIENT
159 case TRY_SEND_CLIENT_HELLO:
160 return Tls13ClientSendClientHelloProcess(ctx);
161 #endif /* HITLS_TLS_HOST_CLIENT */
162 #ifdef HITLS_TLS_HOST_SERVER
163 case TRY_SEND_HELLO_RETRY_REQUEST:
164 return Tls13ServerSendHelloRetryRequestProcess(ctx);
165 case TRY_SEND_SERVER_HELLO:
166 return Tls13ServerSendServerHelloProcess(ctx);
167 case TRY_SEND_ENCRYPTED_EXTENSIONS:
168 return Tls13ServerSendEncryptedExtensionsProcess(ctx);
169 case TRY_SEND_CERTIFICATE_REQUEST:
170 return Tls13ServerSendCertRequestProcess(ctx);
171 case TRY_SEND_NEW_SESSION_TICKET:
172 return Tls13SendNewSessionTicketProcess(ctx);
173 #endif /* HITLS_TLS_HOST_SERVER */
174 case TRY_SEND_CERTIFICATE:
175 #ifdef HITLS_TLS_HOST_CLIENT
176 if (ctx->isClient) {
177 return Tls13ClientSendCertificateProcess(ctx);
178 }
179 #endif /* HITLS_TLS_HOST_CLIENT */
180 #ifdef HITLS_TLS_HOST_SERVER
181 return Tls13ServerSendCertificateProcess(ctx);
182 #endif /* HITLS_TLS_HOST_SERVER */
183 case TRY_SEND_CERTIFICATE_VERIFY:
184 return Tls13SendCertVerifyProcess(ctx);
185 case TRY_SEND_FINISH:
186 #ifdef HITLS_TLS_HOST_CLIENT
187 if (ctx->isClient) {
188 return Tls13ClientSendFinishedProcess(ctx);
189 }
190 #endif /* HITLS_TLS_HOST_CLIENT */
191 #ifdef HITLS_TLS_HOST_SERVER
192 return Tls13ServerSendFinishedProcess(ctx);
193 #endif /* HITLS_TLS_HOST_SERVER */
194 case TRY_SEND_CHANGE_CIPHER_SPEC:
195 return Tls13SendChangeCipherSpecProcess(ctx);
196 #ifdef HITLS_TLS_FEATURE_KEY_UPDATE
197 case TRY_SEND_KEY_UPDATE:
198 return Tls13SendKeyUpdateProcess(ctx);
199 #endif
200 default:
201 break;
202 }
203 return RETURN_ERROR_NUMBER_PROCESS(HITLS_MSG_HANDLE_STATE_ILLEGAL, BINLOG_ID17101, "Handshake state error");
204 }
205 #endif /* HITLS_TLS_PROTO_TLS13 */
HS_SendMsgProcess(TLS_Ctx * ctx)206 int32_t HS_SendMsgProcess(TLS_Ctx *ctx)
207 {
208 uint32_t version = HS_GetVersion(ctx);
209
210 switch (version) {
211 #ifdef HITLS_TLS_PROTO_TLS_BASIC
212 case HITLS_VERSION_TLS12:
213 #ifdef HITLS_TLS_PROTO_TLCP11
214 case HITLS_VERSION_TLCP_DTLCP11:
215 #endif
216 return ProcessSendHandshakeMsg(ctx);
217 #endif /* HITLS_TLS_PROTO_TLS_BASIC */
218 #ifdef HITLS_TLS_PROTO_TLS13
219 case HITLS_VERSION_TLS13:
220 return Tls13ProcessSendHandshakeMsg(ctx);
221 #endif /* HITLS_TLS_PROTO_TLS13 */
222 #ifdef HITLS_TLS_PROTO_DTLS12
223 case HITLS_VERSION_DTLS12:
224 return ProcessSendHandshakeMsg(ctx);
225 #endif
226 default:
227 break;
228 }
229 BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_UNSUPPORT_VERSION);
230 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15790, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
231 "Handshake state send error: unsupport TLS version.", 0, 0, 0, 0);
232 return HITLS_MSG_HANDLE_UNSUPPORT_VERSION;
233 }
234