1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15 #include "hitls_build.h"
16 #ifdef HITLS_TLS_HOST_CLIENT
17 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
18 #include "securec.h"
19 #include "tls_binlog_id.h"
20 #include "bsl_log_internal.h"
21 #include "bsl_log.h"
22 #include "bsl_err_internal.h"
23 #include "bsl_bytes.h"
24 #include "hitls_error.h"
25 #include "hs.h"
26 #include "hs_kx.h"
27 #include "hs_common.h"
28 #include "pack.h"
29 #include "send_process.h"
30 #ifdef HITLS_TLS_SUITE_KX_RSA
GenerateRsaPremasterSecret(TLS_Ctx * ctx)31 int32_t GenerateRsaPremasterSecret(TLS_Ctx *ctx)
32 {
33 uint32_t offset = 0;
34 HS_Ctx *hsCtx = ctx->hsCtx;
35 KeyExchCtx *kxCtx = hsCtx->kxCtx;
36 uint8_t *preMasterSecret = kxCtx->keyExchParam.rsa.preMasterSecret;
37
38 /* The First two bytes are the highest version supported by client */
39 BSL_Uint16ToByte(ctx->negotiatedInfo.clientVersion, preMasterSecret);
40 offset = sizeof(uint16_t);
41 /* 46-byte secure random value */
42 return SAL_CRYPT_Rand(LIBCTX_FROM_CTX(ctx), &preMasterSecret[offset], MASTER_SECRET_LEN - offset);
43 }
44 #endif /* HITLS_TLS_SUITE_KX_RSA */
45 #ifdef HITLS_TLS_PROTO_TLCP11
GenerateEccPremasterSecret(TLS_Ctx * ctx)46 int32_t GenerateEccPremasterSecret(TLS_Ctx *ctx)
47 {
48 uint32_t offset = 0;
49 HS_Ctx *hsCtx = ctx->hsCtx;
50 KeyExchCtx *kxCtx = hsCtx->kxCtx;
51 uint8_t *premasterSecret = kxCtx->keyExchParam.ecc.preMasterSecret;
52
53 /* The First two bytes are the highest version supported by client */
54 BSL_Uint16ToByte(ctx->config.tlsConfig.maxVersion, premasterSecret);
55 offset = sizeof(uint16_t);
56 /* 46-byte secure random value */
57 return SAL_CRYPT_Rand(LIBCTX_FROM_CTX(ctx), &premasterSecret[offset], MASTER_SECRET_LEN - offset);
58 }
59 #endif
60
61 /* Operations required before packaging CKE */
PackMsgPrepare(TLS_Ctx * ctx)62 static int32_t PackMsgPrepare(TLS_Ctx *ctx)
63 {
64 int32_t ret = 0;
65 HS_Ctx *hsCtx = ctx->hsCtx;
66 #ifdef HITLS_TLS_SUITE_KX_RSA
67 if (hsCtx->kxCtx->keyExchAlgo == HITLS_KEY_EXCH_RSA || hsCtx->kxCtx->keyExchAlgo == HITLS_KEY_EXCH_RSA_PSK) {
68 ret = GenerateRsaPremasterSecret(ctx);
69 if (ret != HITLS_SUCCESS) {
70 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17120, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
71 "GenerateRsaPremasterSecret fail", 0, 0, 0, 0);
72 (void)memset_s(hsCtx->kxCtx->keyExchParam.rsa.preMasterSecret, MASTER_SECRET_LEN, 0, MASTER_SECRET_LEN);
73 return ret;
74 }
75 }
76 #endif /* HITLS_TLS_SUITE_KX_RSA */
77 #ifdef HITLS_TLS_FEATURE_PSK
78 /* If the PSK and RSA_PSK cipher suites are used, the server may not send the ServerKeyExchange message. Before
79 * packing the ClientKeyExchange message, check whether the PSK has been obtained */
80 if (hsCtx->kxCtx->keyExchAlgo == HITLS_KEY_EXCH_PSK || hsCtx->kxCtx->keyExchAlgo == HITLS_KEY_EXCH_RSA_PSK) {
81 ret = CheckClientPsk(ctx);
82 if (ret != HITLS_SUCCESS) {
83 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17121, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
84 "CheckClientPsk fail", 0, 0, 0, 0);
85 (void)memset_s(hsCtx->kxCtx->keyExchParam.rsa.preMasterSecret, MASTER_SECRET_LEN, 0, MASTER_SECRET_LEN);
86 return ret;
87 }
88 }
89 #endif /* HITLS_TLS_FEATURE_PSK */
90 #ifdef HITLS_TLS_PROTO_TLCP11
91 if (hsCtx->kxCtx->keyExchAlgo == HITLS_KEY_EXCH_ECC) {
92 ret = GenerateEccPremasterSecret(ctx);
93 if (ret != HITLS_SUCCESS) {
94 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17122, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
95 "GenerateEccPremasterSecret fail", 0, 0, 0, 0);
96 (void)memset_s(hsCtx->kxCtx->keyExchParam.ecc.preMasterSecret, MASTER_SECRET_LEN, 0, MASTER_SECRET_LEN);
97 return ret;
98 }
99 }
100 #endif
101 (void)hsCtx;
102 return ret;
103 }
104
ClientSendClientKeyExchangeProcess(TLS_Ctx * ctx)105 int32_t ClientSendClientKeyExchangeProcess(TLS_Ctx *ctx)
106 {
107 int32_t ret = 0;
108 HS_Ctx *hsCtx = ctx->hsCtx;
109 CERT_MgrCtx *mgrCtx = ctx->config.tlsConfig.certMgrCtx;
110
111 /* Check whether the message needs to be packed */
112 if (hsCtx->msgLen == 0) {
113 ret = PackMsgPrepare(ctx);
114 if (ret != HITLS_SUCCESS) {
115 return ret;
116 }
117
118 ret = HS_PackMsg(ctx, CLIENT_KEY_EXCHANGE, hsCtx->msgBuf, hsCtx->bufferLen, &hsCtx->msgLen);
119 if (ret != HITLS_SUCCESS) {
120 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15816, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
121 "client pack client key exchange msg error.", 0, 0, 0, 0);
122 return ret;
123 }
124 }
125
126 ret = HS_SendMsg(ctx);
127 if (ret != HITLS_SUCCESS) {
128 return ret;
129 }
130
131 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15817, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
132 "client send client key exchange msg success.", 0, 0, 0, 0);
133
134 ret = HS_GenerateMasterSecret(ctx);
135 if (ret != HITLS_SUCCESS) {
136 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15818, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
137 "client generate master secret fail.", 0, 0, 0, 0);
138 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
139 return ret;
140 }
141
142 /* Client derives key */
143 ret = HS_KeyEstablish(ctx, ctx->isClient);
144 if (ret != HITLS_SUCCESS) {
145 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15819, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
146 "client key establish fail.", 0, 0, 0, 0);
147 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
148 return ret;
149 }
150
151 #if defined(HITLS_TLS_PROTO_DTLS12) && defined(HITLS_BSL_UIO_SCTP)
152 ret = HS_SetSctpAuthKey(ctx);
153 if (ret != HITLS_SUCCESS) {
154 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17124, BSL_LOG_LEVEL_FATAL, BSL_LOG_BINLOG_TYPE_RUN,
155 "SetSctpAuthKey fail", 0, 0, 0, 0);
156 return ret;
157 }
158 #endif
159 /**
160 * If no certificate request is received and no certificate is available,
161 * the system proceeds to the next state.
162 * RFC 5246 7.4.8: This message (here is client certificate verify) is only sent following
163 * a client certificate that has signing capability.
164 * Therefore, the client certificate verify message will not be sent if client certificate is empty.
165 * For TLCP, SAL_CERT_GetCurrentCert MAY return NULL when dealing with cerificate request message,
166 * Whether the client needing to be verified depends on the server configuration.
167 */
168 if (hsCtx->isNeedClientCert && (SAL_CERT_GetCurrentCert(mgrCtx) != NULL)) {
169 return HS_ChangeState(ctx, TRY_SEND_CERTIFICATE_VERIFY);
170 }
171 return HS_ChangeState(ctx, TRY_SEND_CHANGE_CIPHER_SPEC);
172 }
173 #endif /* HITLS_TLS_PROTO_TLS_BASIC || HITLS_TLS_PROTO_DTLS12 */
174 #endif /* HITLS_TLS_HOST_CLIENT */