• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is part of the openHiTLS project.
3  *
4  * openHiTLS is licensed under the Mulan PSL v2.
5  * You can use this software according to the terms and conditions of the Mulan PSL v2.
6  * You may obtain a copy of Mulan PSL v2 at:
7  *
8  *     http://license.coscl.org.cn/MulanPSL2
9  *
10  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11  * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12  * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13  * See the Mulan PSL v2 for more details.
14  */
15 #include "hitls_build.h"
16 #if defined(HITLS_TLS_PROTO_TLS13) && defined(HITLS_TLS_HOST_SERVER)
17 #include <stdint.h>
18 #include "tls_binlog_id.h"
19 #include "bsl_log_internal.h"
20 #include "bsl_log.h"
21 #include "bsl_err_internal.h"
22 #include "crypt.h"
23 #include "hitls_error.h"
24 #include "tls.h"
25 #include "hs_ctx.h"
26 #include "hs_kx.h"
27 #include "hs_common.h"
28 #include "hs_msg.h"
29 #include "pack.h"
30 #include "send_process.h"
31 
32 
Tls13ServerSendEncryptedExtensionsProcess(TLS_Ctx * ctx)33 int32_t Tls13ServerSendEncryptedExtensionsProcess(TLS_Ctx *ctx)
34 {
35     int32_t ret;
36     /* Obtain the client information */
37     HS_Ctx *hsCtx = (HS_Ctx *)ctx->hsCtx;
38 
39     /* Determine whether the message needs to be packed */
40     if (hsCtx->msgLen == 0) {
41         /* The CCS message cannot be encrypted. Therefore, the sending key of the server must be activated after the CCS
42          * message is sent */
43         uint32_t hashLen = SAL_CRYPT_DigestSize(ctx->negotiatedInfo.cipherSuiteInfo.hashAlg);
44         if (hashLen == 0) {
45             BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17130, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
46                 "DigestSize fail", 0, 0, 0, 0);
47             return HITLS_CRYPT_ERR_DIGEST;
48         }
49         ret = HS_SwitchTrafficKey(ctx, ctx->hsCtx->serverHsTrafficSecret, hashLen, true);
50         if (ret != HITLS_SUCCESS) {
51             BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17131, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
52                 "SwitchTrafficKey fail", 0, 0, 0, 0);
53             return ret;
54         }
55 
56         ret = HS_PackMsg(ctx, ENCRYPTED_EXTENSIONS, hsCtx->msgBuf, hsCtx->bufferLen, &hsCtx->msgLen);
57         if (ret != HITLS_SUCCESS) {
58             BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15875, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
59                 "pack tls1.3 encrypted extensions fail.", 0, 0, 0, 0);
60             return ret;
61         }
62     }
63 
64     ret = HS_SendMsg(ctx);
65     if (ret != HITLS_SUCCESS) {
66         return ret;
67     }
68 
69     BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15876, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
70         "send tls1.3 encrypted extensions success.", 0, 0, 0, 0);
71 
72     if (ctx->hsCtx->kxCtx->pskInfo13.psk != NULL) {
73         return HS_ChangeState(ctx, TRY_SEND_FINISH);
74     }
75     /* The server sends a CertificateRequest message only when the VerifyPeer mode is enabled */
76     if (ctx->config.tlsConfig.isSupportClientVerify
77 #ifdef HITLS_TLS_FEATURE_PHA
78         && ctx->phaState != PHA_EXTENSION
79 #endif /* HITLS_TLS_FEATURE_PHA */
80         ) {
81         return HS_ChangeState(ctx, TRY_SEND_CERTIFICATE_REQUEST);
82     }
83     return HS_ChangeState(ctx, TRY_SEND_CERTIFICATE);
84 }
85 #endif /* HITLS_TLS_PROTO_TLS13 && HITLS_TLS_HOST_SERVER */