• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is part of the openHiTLS project.
3  *
4  * openHiTLS is licensed under the Mulan PSL v2.
5  * You can use this software according to the terms and conditions of the Mulan PSL v2.
6  * You may obtain a copy of Mulan PSL v2 at:
7  *
8  *     http://license.coscl.org.cn/MulanPSL2
9  *
10  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11  * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12  * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13  * See the Mulan PSL v2 for more details.
14  */
15 #include "hitls_build.h"
16 #if defined(HITLS_TLS_HOST_CLIENT) || defined(HITLS_TLS_PROTO_TLS13)
17 #include "tls_binlog_id.h"
18 #include "bsl_log_internal.h"
19 #include "bsl_log.h"
20 #include "bsl_err_internal.h"
21 #include "hitls_error.h"
22 #include "tls.h"
23 #include "hs_ctx.h"
24 #include "hs_msg.h"
25 #include "hs_verify.h"
26 #include "hs_common.h"
27 #include "pack.h"
28 #include "send_process.h"
29 
PackAndSendCertVerify(TLS_Ctx * ctx)30 static int32_t PackAndSendCertVerify(TLS_Ctx *ctx)
31 {
32     int32_t ret;
33     HS_Ctx *hsCtx = ctx->hsCtx;
34     CERT_MgrCtx *mgrCtx = ctx->config.tlsConfig.certMgrCtx;
35 
36     /* determine whether to assemble a message */
37     if (hsCtx->msgLen == 0) {
38         HITLS_CERT_Key *privateKey = SAL_CERT_GetCurrentPrivateKey(mgrCtx, false);
39         ret = VERIFY_CalcSignData(ctx, privateKey, ctx->negotiatedInfo.signScheme);
40         if (ret != HITLS_SUCCESS) {
41             return ret;
42         }
43 
44         /* assemble message */
45         ret = HS_PackMsg(ctx, CERTIFICATE_VERIFY, hsCtx->msgBuf, hsCtx->bufferLen, &hsCtx->msgLen);
46         if (ret != HITLS_SUCCESS) {
47             BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15833, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
48                 "client pack certificate verify msg fail.", 0, 0, 0, 0);
49             return ret;
50         }
51         /* after the signature is used up, the length is set to 0, and the signature is used by the finish */
52         hsCtx->verifyCtx->verifyDataSize = 0;
53     }
54 
55     return HS_SendMsg(ctx);
56 }
57 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
ClientSendCertVerifyProcess(TLS_Ctx * ctx)58 int32_t ClientSendCertVerifyProcess(TLS_Ctx *ctx)
59 {
60     int32_t ret;
61     ret = PackAndSendCertVerify(ctx);
62     if (ret != HITLS_SUCCESS) {
63         return ret;
64     }
65 
66     BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15834, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
67         "client send certificate verify msg success.", 0, 0, 0, 0);
68 
69     /* update the state machine */
70     return HS_ChangeState(ctx, TRY_SEND_CHANGE_CIPHER_SPEC);
71 }
72 #endif /* HITLS_TLS_PROTO_TLS_BASIC || HITLS_TLS_PROTO_DTLS12 */
73 #ifdef HITLS_TLS_PROTO_TLS13
Tls13SendCertVerifyProcess(TLS_Ctx * ctx)74 int32_t Tls13SendCertVerifyProcess(TLS_Ctx *ctx)
75 {
76     int32_t ret;
77     ret = PackAndSendCertVerify(ctx);
78     if (ret != HITLS_SUCCESS) {
79         return ret;
80     }
81 
82     BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15835, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
83         "send tls1.3 certificate verify msg success.", 0, 0, 0, 0);
84 
85     return HS_ChangeState(ctx, TRY_SEND_FINISH);
86 }
87 #endif /* HITLS_TLS_PROTO_TLS13 */
88 #endif /* HITLS_TLS_HOST_CLIENT || HITLS_TLS_PROTO_TLS13 */