1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15 #include "hitls_build.h"
16 #include "securec.h"
17 #include "tls_binlog_id.h"
18 #include "bsl_log_internal.h"
19 #include "bsl_log.h"
20 #include "bsl_err_internal.h"
21 #include "hitls_error.h"
22 #include "tls.h"
23 #include "hs_ctx.h"
24 #include "hs_verify.h"
25 #include "transcript_hash.h"
26 #include "hs_common.h"
27 #include "pack.h"
28 #include "send_process.h"
29 #include "hs_kx.h"
30 #include "hs_dtls_timer.h"
31
32 #ifdef HITLS_TLS_HOST_CLIENT
33 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
PrepareClientFinishedMsg(TLS_Ctx * ctx)34 int32_t PrepareClientFinishedMsg(TLS_Ctx *ctx)
35 {
36 int32_t ret = HITLS_SUCCESS;
37 HS_Ctx *hsCtx = ctx->hsCtx;
38 ret = VERIFY_CalcVerifyData(ctx, true, ctx->hsCtx->masterKey, MASTER_SECRET_LEN);
39 if (ret != HITLS_SUCCESS) {
40 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15357, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
41 "client Calculate client finished data error.", 0, 0, 0, 0);
42 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
43 (void)memset_s(ctx->hsCtx->masterKey, sizeof(ctx->hsCtx->masterKey), 0, sizeof(ctx->hsCtx->masterKey));
44 return ret;
45 }
46
47 ret = HS_PackMsg(ctx, FINISHED, hsCtx->msgBuf, hsCtx->bufferLen, &hsCtx->msgLen);
48 if (ret != HITLS_SUCCESS) {
49 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15358, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
50 "client pack finished msg error.", 0, 0, 0, 0);
51 }
52 return ret;
53 }
54 #endif /* HITLS_TLS_PROTO_TLS_BASIC || HITLS_TLS_PROTO_DTLS12 */
55
56 #ifdef HITLS_TLS_PROTO_TLS_BASIC
57
Tls12ClientSendFinishedProcess(TLS_Ctx * ctx)58 int32_t Tls12ClientSendFinishedProcess(TLS_Ctx *ctx)
59 {
60 int32_t ret = HITLS_SUCCESS;
61 HS_Ctx *hsCtx = ctx->hsCtx;
62
63 /* Determine whether the message needs to be packed. */
64 if (hsCtx->msgLen == 0) {
65 ret = PrepareClientFinishedMsg(ctx);
66 if (ret != HITLS_SUCCESS) {
67 return ret;
68 }
69 }
70
71 ret = HS_SendMsg(ctx);
72 if (ret != HITLS_SUCCESS) {
73 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15359, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
74 "client send finished msg error.", 0, 0, 0, 0);
75 return ret;
76 }
77
78 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15360, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
79 "client send finished msg success.", 0, 0, 0, 0);
80 #ifdef HITLS_TLS_FEATURE_SESSION
81 if (ctx->negotiatedInfo.isResume == true) {
82 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_EXIT_READY);
83 return HS_ChangeState(ctx, TLS_CONNECTED);
84 }
85 #endif /* HITLS_TLS_FEATURE_SESSION */
86 #ifdef HITLS_TLS_FEATURE_SESSION_TICKET
87 if (ctx->negotiatedInfo.isTicket == true) {
88 return HS_ChangeState(ctx, TRY_RECV_NEW_SESSION_TICKET);
89 }
90 #endif /* HITLS_TLS_FEATURE_SESSION_TICKET */
91 ret = VERIFY_CalcVerifyData(ctx, false, ctx->hsCtx->masterKey, MASTER_SECRET_LEN);
92 if (ret != HITLS_SUCCESS) {
93 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15361, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
94 "client Calculate server finished data error.", 0, 0, 0, 0);
95 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
96 return ret;
97 }
98
99 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_READY);
100 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_ACTIVE_CIPHER_SPEC);
101 return HS_ChangeState(ctx, TRY_RECV_FINISH);
102 }
103 #endif /* HITLS_TLS_PROTO_TLS_BASIC */
104
105 #ifdef HITLS_TLS_PROTO_DTLS12
DtlsClientChangeStateAfterSendFinished(TLS_Ctx * ctx)106 static int32_t DtlsClientChangeStateAfterSendFinished(TLS_Ctx *ctx)
107 {
108 int32_t ret = HITLS_SUCCESS;
109 #ifdef HITLS_TLS_FEATURE_SESSION
110 if (ctx->negotiatedInfo.isResume == true) {
111 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_EXIT_READY);
112 #ifdef HITLS_BSL_UIO_UDP
113 ret = HS_Start2MslTimer(ctx);
114 if (ret != HITLS_SUCCESS) {
115 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17133, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
116 "Start2MslTimer fail", 0, 0, 0, 0);
117 return ret;
118 }
119 #endif /* HITLS_BSL_UIO_UDP */
120 return HS_ChangeState(ctx, TLS_CONNECTED);
121 }
122 #endif /* HITLS_TLS_FEATURE_SESSION */
123
124 ret = VERIFY_CalcVerifyData(ctx, false, ctx->hsCtx->masterKey, MASTER_SECRET_LEN);
125 if (ret != HITLS_SUCCESS) {
126 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15367, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
127 "client Calculate server finished data error.", 0, 0, 0, 0);
128 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
129 return ret;
130 }
131 #ifdef HITLS_BSL_UIO_UDP
132 ret = HS_StartTimer(ctx);
133 if (ret != HITLS_SUCCESS) {
134 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17134, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
135 "StartTimer fail", 0, 0, 0, 0);
136 return ret;
137 }
138 #endif /* HITLS_BSL_UIO_UDP */
139 #ifdef HITLS_TLS_FEATURE_SESSION_TICKET
140 if (ctx->negotiatedInfo.isTicket == true) {
141 return HS_ChangeState(ctx, TRY_RECV_NEW_SESSION_TICKET);
142 }
143 #endif /* HITLS_TLS_FEATURE_SESSION_TICKET */
144 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_READY);
145 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_ACTIVE_CIPHER_SPEC);
146
147 return HS_ChangeState(ctx, TRY_RECV_FINISH);
148 }
149
DtlsClientSendFinishedProcess(TLS_Ctx * ctx)150 int32_t DtlsClientSendFinishedProcess(TLS_Ctx *ctx)
151 {
152 int32_t ret = HITLS_SUCCESS;
153 HS_Ctx *hsCtx = ctx->hsCtx;
154
155 /* Determine whether the message needs to be packed */
156 if (hsCtx->msgLen == 0) {
157 ret = PrepareClientFinishedMsg(ctx);
158 if (ret != HITLS_SUCCESS) {
159 return ret;
160 }
161 }
162 ret = HS_SendMsg(ctx);
163 if (ret != HITLS_SUCCESS) {
164 return ret;
165 }
166
167 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15370, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
168 "client send finished msg success.", 0, 0, 0, 0);
169 return DtlsClientChangeStateAfterSendFinished(ctx);
170 }
171 #endif /* HITLS_TLS_PROTO_DTLS12 */
172
173 #ifdef HITLS_TLS_PROTO_TLS13
Tls13ClientSendFinishPostProcess(TLS_Ctx * ctx)174 static int32_t Tls13ClientSendFinishPostProcess(TLS_Ctx *ctx)
175 {
176 int32_t ret = HITLS_SUCCESS;
177 #ifdef HITLS_TLS_FEATURE_PHA
178 if (ctx->phaState == PHA_REQUESTED) {
179 ctx->phaState = PHA_EXTENSION;
180 } else
181 #endif /* HITLS_TLS_FEATURE_PHA */
182 {
183 /* switch Application Traffic Secret */
184 uint32_t hashLen = SAL_CRYPT_DigestSize(ctx->negotiatedInfo.cipherSuiteInfo.hashAlg);
185 if (hashLen == 0) {
186 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17136, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
187 "DigestSize fail", 0, 0, 0, 0);
188 return HITLS_CRYPT_ERR_DIGEST;
189 }
190 ret = HS_SwitchTrafficKey(ctx, ctx->clientAppTrafficSecret, hashLen, true);
191 if (ret != HITLS_SUCCESS) {
192 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17137, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
193 "SwitchTrafficKey fail", 0, 0, 0, 0);
194 return ret;
195 }
196
197 ret = HS_TLS13DeriveResumptionMasterSecret(ctx);
198 if (ret != HITLS_SUCCESS) {
199 return ret;
200 }
201 #ifdef HITLS_TLS_FEATURE_PHA
202 if (ctx->phaState == PHA_EXTENSION && ctx->config.tlsConfig.isSupportPostHandshakeAuth) {
203 SAL_CRYPT_DigestFree(ctx->phaHash);
204 ctx->phaHash = SAL_CRYPT_DigestCopy(ctx->hsCtx->verifyCtx->hashCtx);
205 if (ctx->phaHash == NULL) {
206 BSL_ERR_PUSH_ERROR(HITLS_CRYPT_ERR_DIGEST);
207 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16177, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
208 "pha hash copy error: digest copy fail.", 0, 0, 0, 0);
209 return HITLS_CRYPT_ERR_DIGEST;
210 }
211 }
212 #endif /* HITLS_TLS_FEATURE_PHA */
213 }
214 return HS_ChangeState(ctx, TLS_CONNECTED);
215 }
216
Tls13ClientSendFinishedProcess(TLS_Ctx * ctx)217 int32_t Tls13ClientSendFinishedProcess(TLS_Ctx *ctx)
218 {
219 int32_t ret = HITLS_SUCCESS;
220 /* Obtain the server information */
221 HS_Ctx *hsCtx = (HS_Ctx *)ctx->hsCtx;
222
223 /* Determine whether the message needs to be packed */
224 if (hsCtx->msgLen == 0) {
225 if ((!ctx->hsCtx->haveHrr) && (!ctx->hsCtx->isNeedClientCert)) {
226 /* In the middlebox scenario, if the client does not send the hrr message and the certificate does not need
227 * to be sent, a CCS message needs to be sent before the finished message */
228 ret = ctx->method.sendCCS(ctx);
229 if (ret != HITLS_SUCCESS) {
230 return ret;
231 }
232 }
233
234 /* If the certificate of the client is sent, the key has been activated when the certificate is sent. You do not
235 * need to activate the key again */
236 if (!ctx->hsCtx->isNeedClientCert
237 #ifdef HITLS_TLS_FEATURE_PHA
238 && ctx->phaState != PHA_REQUESTED
239 #endif /* HITLS_TLS_FEATURE_PHA */
240 ) {
241 /* The CCS message cannot be encrypted. Therefore, the sending key of the client must be activated
242 * after the CCS message is sent */
243 uint32_t hashLen = SAL_CRYPT_DigestSize(ctx->negotiatedInfo.cipherSuiteInfo.hashAlg);
244 if (hashLen == 0) {
245 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17138, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
246 "DigestSize fail", 0, 0, 0, 0);
247 return HITLS_CRYPT_ERR_DIGEST;
248 }
249 ret = HS_SwitchTrafficKey(ctx, ctx->hsCtx->clientHsTrafficSecret, hashLen, true);
250 if (ret != HITLS_SUCCESS) {
251 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17139, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
252 "SwitchTrafficKey fail", 0, 0, 0, 0);
253 return ret;
254 }
255 }
256
257 ret = VERIFY_Tls13CalcVerifyData(ctx, true);
258 if (ret != HITLS_SUCCESS) {
259 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15375, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
260 "client calculate client finished data fail.", 0, 0, 0, 0);
261 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
262 return ret;
263 }
264
265 ret = HS_PackMsg(ctx, FINISHED, hsCtx->msgBuf, hsCtx->bufferLen, &hsCtx->msgLen);
266 if (ret != HITLS_SUCCESS) {
267 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15376, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
268 "client pack tls1.3 finished msg fail.", 0, 0, 0, 0);
269 return ret;
270 }
271 }
272
273 ret = HS_SendMsg(ctx);
274 if (ret != HITLS_SUCCESS) {
275 return ret;
276 }
277
278 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15377, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
279 "client send tls1.3 finished msg success.", 0, 0, 0, 0);
280
281 return Tls13ClientSendFinishPostProcess(ctx);
282 }
283 #endif /* HITLS_TLS_PROTO_TLS13 */
284
285 #endif /* HITLS_TLS_HOST_CLIENT */
286 #ifdef HITLS_TLS_HOST_SERVER
287 #ifdef HITLS_TLS_PROTO_TLS_BASIC
CalcVerifyData(TLS_Ctx * ctx)288 static int32_t CalcVerifyData(TLS_Ctx *ctx)
289 {
290 int32_t ret = VERIFY_CalcVerifyData(ctx, false, ctx->hsCtx->masterKey, MASTER_SECRET_LEN);
291 if (ret != HITLS_SUCCESS) {
292 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15362, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
293 "server Calculate server finished data error.", 0, 0, 0, 0);
294 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
295 }
296 return ret;
297 }
298
Tls12ServerSendFinishedProcess(TLS_Ctx * ctx)299 int32_t Tls12ServerSendFinishedProcess(TLS_Ctx *ctx)
300 {
301 int32_t ret = HITLS_SUCCESS;
302 /* Obtain the server information */
303 HS_Ctx *hsCtx = (HS_Ctx *)ctx->hsCtx;
304
305 /* Determine whether the message needs to be packed */
306 if (hsCtx->msgLen == 0) {
307 ret = CalcVerifyData(ctx);
308 if (ret != HITLS_SUCCESS) {
309 return ret;
310 }
311
312 ret = HS_PackMsg(ctx, FINISHED, hsCtx->msgBuf, hsCtx->bufferLen, &hsCtx->msgLen);
313 if (ret != HITLS_SUCCESS) {
314 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15363, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
315 "server pack finished msg fail.", 0, 0, 0, 0);
316 return ret;
317 }
318 }
319
320 ret = HS_SendMsg(ctx);
321 if (ret != HITLS_SUCCESS) {
322 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15364, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
323 "server send finished msg fail.", 0, 0, 0, 0);
324 return ret;
325 }
326
327 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15365, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
328 "server send finished msg success.", 0, 0, 0, 0);
329 #ifdef HITLS_TLS_FEATURE_SESSION
330 if (ctx->negotiatedInfo.isResume == true) {
331 ret = VERIFY_CalcVerifyData(ctx, true, ctx->hsCtx->masterKey, MASTER_SECRET_LEN);
332 if (ret != HITLS_SUCCESS) {
333 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15366, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
334 "server Calculate client finished data error.", 0, 0, 0, 0);
335 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
336 (void)memset_s(ctx->hsCtx->masterKey, sizeof(ctx->hsCtx->masterKey), 0, sizeof(ctx->hsCtx->masterKey));
337 return ret;
338 }
339 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_ACTIVE_CIPHER_SPEC);
340 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_READY);
341 return HS_ChangeState(ctx, TRY_RECV_FINISH);
342 }
343 #endif /* HITLS_TLS_FEATURE_SESSION */
344 /* No CCS messages can be received */
345 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_EXIT_READY);
346
347 return HS_ChangeState(ctx, TLS_CONNECTED);
348 }
349
350 #endif /* HITLS_TLS_PROTO_TLS_BASIC */
351
352
353 #ifdef HITLS_TLS_PROTO_DTLS12
DtlsServerChangeStateAfterSendFinished(TLS_Ctx * ctx)354 static int32_t DtlsServerChangeStateAfterSendFinished(TLS_Ctx *ctx)
355 {
356 int32_t ret = HITLS_SUCCESS;
357 (void)ret;
358 #ifdef HITLS_TLS_FEATURE_SESSION
359 if (ctx->negotiatedInfo.isResume == true) {
360 /* Calculate the client verify data: used to verify the finished message of the client */
361 ret = VERIFY_CalcVerifyData(ctx, true, ctx->hsCtx->masterKey, MASTER_SECRET_LEN);
362 if (ret != HITLS_SUCCESS) {
363 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15371, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
364 "server Calculate client finished data error.", 0, 0, 0, 0);
365 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
366 (void)memset_s(ctx->hsCtx->masterKey, sizeof(ctx->hsCtx->masterKey), 0, sizeof(ctx->hsCtx->masterKey));
367 return ret;
368 }
369 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_READY);
370 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_ACTIVE_CIPHER_SPEC);
371 #ifdef HITLS_BSL_UIO_UDP
372 ret = HS_StartTimer(ctx);
373 if (ret != HITLS_SUCCESS) {
374 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17141, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
375 "StartTimer fail", 0, 0, 0, 0);
376 return ret;
377 }
378 #endif /* HITLS_BSL_UIO_UDP */
379 return HS_ChangeState(ctx, TRY_RECV_FINISH);
380 }
381 #endif /* HITLS_TLS_FEATURE_SESSION */
382 /* No CCS messages can be received */
383 ctx->method.ctrlCCS(ctx, CCS_CMD_RECV_EXIT_READY);
384 #ifdef HITLS_BSL_UIO_UDP
385 ret = HS_Start2MslTimer(ctx);
386 if (ret != HITLS_SUCCESS) {
387 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17142, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
388 "Start2MslTimer fail", 0, 0, 0, 0);
389 return ret;
390 }
391 #endif /* HITLS_BSL_UIO_UDP */
392 return HS_ChangeState(ctx, TLS_CONNECTED);
393 }
394
DtlsServerSendFinishedProcess(TLS_Ctx * ctx)395 int32_t DtlsServerSendFinishedProcess(TLS_Ctx *ctx)
396 {
397 int32_t ret = HITLS_SUCCESS;
398 /* Obtain the server information */
399 HS_Ctx *hsCtx = (HS_Ctx *)ctx->hsCtx;
400
401 /* Determine whether the message needs to be packed */
402 if (hsCtx->msgLen == 0) {
403 ret = VERIFY_CalcVerifyData(ctx, false, ctx->hsCtx->masterKey, MASTER_SECRET_LEN);
404 if (ret != HITLS_SUCCESS) {
405 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15372, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
406 "server Calculate server finished data error.", 0, 0, 0, 0);
407 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
408 return ret;
409 }
410
411 ret = HS_PackMsg(ctx, FINISHED, hsCtx->msgBuf, hsCtx->bufferLen, &hsCtx->msgLen);
412 if (ret != HITLS_SUCCESS) {
413 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15373, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
414 "server pack finished msg fail.", 0, 0, 0, 0);
415 return ret;
416 }
417 }
418
419 ret = HS_SendMsg(ctx);
420 if (ret != HITLS_SUCCESS) {
421 return ret;
422 }
423
424 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15374, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
425 "server send finished msg success.", 0, 0, 0, 0);
426
427 return DtlsServerChangeStateAfterSendFinished(ctx);
428 }
429 #endif /* HITLS_TLS_PROTO_DTLS12 */
430
431 #ifdef HITLS_TLS_PROTO_TLS13
PrepareServerSendFinishedMsg(TLS_Ctx * ctx)432 static int32_t PrepareServerSendFinishedMsg(TLS_Ctx *ctx)
433 {
434 HS_Ctx *hsCtx = (HS_Ctx *)ctx->hsCtx;
435 int32_t ret = VERIFY_Tls13CalcVerifyData(ctx, false);
436 if (ret != HITLS_SUCCESS) {
437 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15378, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
438 "server calculate server finished data fail.", 0, 0, 0, 0);
439 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
440 return ret;
441 }
442
443 ret = HS_PackMsg(ctx, FINISHED, hsCtx->msgBuf, hsCtx->bufferLen, &hsCtx->msgLen);
444 if (ret != HITLS_SUCCESS) {
445 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15379, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
446 "server pack tls1.3 finished msg fail.", 0, 0, 0, 0);
447 }
448 return ret;
449 }
450
Tls13ServerSendFinishedProcess(TLS_Ctx * ctx)451 int32_t Tls13ServerSendFinishedProcess(TLS_Ctx *ctx)
452 {
453 int32_t ret = HITLS_SUCCESS;
454 /* Obtain the server information */
455 HS_Ctx *hsCtx = (HS_Ctx *)ctx->hsCtx;
456
457 /* Determine whether the message needs to be packed */
458 if (hsCtx->msgLen == 0) {
459 ret = PrepareServerSendFinishedMsg(ctx);
460 if (ret != HITLS_SUCCESS) {
461 return ret;
462 }
463 }
464
465 ret = HS_SendMsg(ctx);
466 if (ret != HITLS_SUCCESS) {
467 return ret;
468 }
469
470 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15380, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
471 "server send tls1.3 finished msg success.", 0, 0, 0, 0);
472
473 ret = HS_TLS13CalcServerFinishProcessSecret(ctx);
474 if (ret != HITLS_SUCCESS) {
475 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID17145, "CalcServerFinishProcessSecret fail");
476 }
477
478 /* After the server sends the ServerFinish message, the clientTrafficSecret needs to be activated for decryption of
479 * the received packet from the peer */
480 uint32_t hashLen = SAL_CRYPT_DigestSize(ctx->negotiatedInfo.cipherSuiteInfo.hashAlg);
481 if (hashLen == 0) {
482 return RETURN_ERROR_NUMBER_PROCESS(HITLS_CRYPT_ERR_DIGEST, BINLOG_ID17146, "DigestSize fail");
483 }
484 ret = HS_SwitchTrafficKey(ctx, ctx->hsCtx->clientHsTrafficSecret, hashLen, false);
485 if (ret != HITLS_SUCCESS) {
486 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID17147, "SwitchTrafficKey fail");
487 }
488
489 /* Activating the local serverAppTrafficSecret-encrypted App Data */
490 ret = HS_SwitchTrafficKey(ctx, ctx->serverAppTrafficSecret, hashLen, true);
491 if (ret != HITLS_SUCCESS) {
492 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID17148, "SwitchTrafficKey fail");
493 }
494
495 if (ctx->hsCtx->isNeedClientCert) {
496 return HS_ChangeState(ctx, TRY_RECV_CERTIFICATE);
497 }
498
499 /* Calculate the client verify data */
500 ret = VERIFY_Tls13CalcVerifyData(ctx, true);
501 if (ret != HITLS_SUCCESS) {
502 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15381, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
503 "server calculate client finished data fail.", 0, 0, 0, 0);
504 ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_INTERNAL_ERROR);
505 return ret;
506 }
507
508 return HS_ChangeState(ctx, TRY_RECV_FINISH);
509 }
510 #endif /* HITLS_TLS_PROTO_TLS13 */
511 #endif /* HITLS_TLS_HOST_SERVER */