diff options
Diffstat (limited to 'lib/tls13/hello_retry.c')
| -rw-r--r-- | lib/tls13/hello_retry.c | 195 |
1 files changed, 195 insertions, 0 deletions
diff --git a/lib/tls13/hello_retry.c b/lib/tls13/hello_retry.c new file mode 100644 index 0000000..dd4cba5 --- /dev/null +++ b/lib/tls13/hello_retry.c @@ -0,0 +1,195 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/> + * + */ + +#include "gnutls_int.h" +#include "errors.h" +#include "hello_ext.h" +#include "handshake.h" +#include "tls13/hello_retry.h" +#include "auth/cert.h" +#include "mbuffers.h" +#include "state.h" + +int _gnutls13_send_hello_retry_request(gnutls_session_t session, unsigned again) +{ + int ret; + mbuffer_st *bufel = NULL; + gnutls_buffer_st buf; + const version_entry_st *ver; + const uint8_t vbuf[2] = {0x03, 0x03}; + + if (again == 0) { + ver = get_version(session); + if (unlikely(ver == NULL || session->security_parameters.cs == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = _gnutls_buffer_append_data(&buf, vbuf, 2); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = _gnutls_buffer_append_data(&buf, + HRR_RANDOM, + GNUTLS_RANDOM_SIZE); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_buffer_append_data_prefix(&buf, 8, + session->security_parameters.session_id, + session->security_parameters.session_id_size); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_buffer_append_data(&buf, session->security_parameters.cs->id, 2); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + /* compression */ + ret = _gnutls_buffer_append_prefix(&buf, 8, 0); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_gen_hello_extensions(session, &buf, + GNUTLS_EXT_FLAG_HRR, + GNUTLS_EXT_ANY); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + /* reset extensions sent by this session to allow re-sending them */ + session->internals.used_exts = 0; + + reset_binders(session); + + bufel = _gnutls_buffer_to_mbuffer(&buf); + } + + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST); + + cleanup: + _gnutls_buffer_clear(&buf); + return ret; +} + +int +_gnutls13_recv_hello_retry_request(gnutls_session_t session, + gnutls_buffer_st *buf) +{ + int ret; + uint8_t tmp[2]; + const gnutls_cipher_suite_entry_st *cs; + const mac_entry_st *prf; + gnutls_datum_t session_id; + uint8_t random[GNUTLS_RANDOM_SIZE]; + + /* only under TLS 1.3 */ + if (IS_DTLS(session)) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); + + if (session->internals.hsk_flags & HSK_HRR_RECEIVED) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); + + session->internals.hsk_flags |= HSK_HRR_RECEIVED; + + /* version */ + ret = _gnutls_buffer_pop_data(buf, tmp, 2); + if (ret < 0) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + + if (unlikely(tmp[0] != 0x03 || tmp[1] != 0x03)) + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + + ret = _gnutls_buffer_pop_data(buf, random, GNUTLS_RANDOM_SIZE); + if (ret < 0) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + + if (memcmp(random, HRR_RANDOM, GNUTLS_RANDOM_SIZE) != 0) { + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + } + + ret = _gnutls_buffer_pop_datum_prefix8(buf, &session_id); + if (ret < 0) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + + /* read ciphersuites */ + ret = _gnutls_buffer_pop_data(buf, tmp, 2); + if (ret < 0) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + + cs = ciphersuite_to_entry(tmp); + if (unlikely(cs == NULL)) + return gnutls_assert_val(GNUTLS_E_UNKNOWN_CIPHER_SUITE); + + _gnutls_handshake_log("EXT[%p]: Hello Retry Request with %s\n", session, cs->name); + memcpy(session->internals.hrr_cs, cs->id, 2); + + prf = mac_to_entry(cs->prf); + if (unlikely(prf == NULL)) + return gnutls_assert_val(GNUTLS_E_UNKNOWN_CIPHER_SUITE); + + /* compression */ + ret = _gnutls_buffer_pop_data(buf, tmp, 1); + if (ret < 0) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + + if (unlikely(tmp[0] != 0)) + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + + ret = _gnutls13_handshake_hash_buffers_synth(session, prf, 1); + if (ret < 0) + return gnutls_assert_val(ret); + + if (buf->length <= 2) { + /* no extensions present */ + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH); + } + + /* figure version first */ + ret = + _gnutls_parse_hello_extensions(session, GNUTLS_EXT_FLAG_HRR, + GNUTLS_EXT_VERSION_NEG, + buf->data, buf->length); + if (ret < 0) + return gnutls_assert_val(ret); + + /* parse the rest of extensions */ + ret = _gnutls_parse_hello_extensions(session, GNUTLS_EXT_FLAG_HRR, GNUTLS_EXT_ANY, + buf->data, buf->length); + if (ret < 0) + return gnutls_assert_val(ret); + + session->internals.used_exts = 0; + + return 0; +} |