Subversion Repositories Kolibri OS

Rev

Blame | Last modification | View Log | Download | RSS feed

  1. /*
  2.  *  DTLS cookie callbacks implementation
  3.  *
  4.  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
  5.  *  SPDX-License-Identifier: GPL-2.0
  6.  *
  7.  *  This program is free software; you can redistribute it and/or modify
  8.  *  it under the terms of the GNU General Public License as published by
  9.  *  the Free Software Foundation; either version 2 of the License, or
  10.  *  (at your option) any later version.
  11.  *
  12.  *  This program is distributed in the hope that it will be useful,
  13.  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14.  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15.  *  GNU General Public License for more details.
  16.  *
  17.  *  You should have received a copy of the GNU General Public License along
  18.  *  with this program; if not, write to the Free Software Foundation, Inc.,
  19.  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  20.  *
  21.  *  This file is part of mbed TLS (https://tls.mbed.org)
  22.  */
  23. /*
  24.  * These session callbacks use a simple chained list
  25.  * to store and retrieve the session information.
  26.  */
  27.  
  28. #if !defined(MBEDTLS_CONFIG_FILE)
  29. #include "mbedtls/config.h"
  30. #else
  31. #include MBEDTLS_CONFIG_FILE
  32. #endif
  33.  
  34. #if defined(MBEDTLS_SSL_COOKIE_C)
  35.  
  36. #if defined(MBEDTLS_PLATFORM_C)
  37. #include "mbedtls/platform.h"
  38. #else
  39. #define mbedtls_calloc    calloc
  40. #define mbedtls_free      free
  41. #endif
  42.  
  43. #include "mbedtls/ssl_cookie.h"
  44. #include "mbedtls/ssl_internal.h"
  45. #include "mbedtls/platform_util.h"
  46.  
  47. #include <string.h>
  48.  
  49. /*
  50.  * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
  51.  * available. Try SHA-256 first, 512 wastes resources since we need to stay
  52.  * with max 32 bytes of cookie for DTLS 1.0
  53.  */
  54. #if defined(MBEDTLS_SHA256_C)
  55. #define COOKIE_MD           MBEDTLS_MD_SHA224
  56. #define COOKIE_MD_OUTLEN    32
  57. #define COOKIE_HMAC_LEN     28
  58. #elif defined(MBEDTLS_SHA512_C)
  59. #define COOKIE_MD           MBEDTLS_MD_SHA384
  60. #define COOKIE_MD_OUTLEN    48
  61. #define COOKIE_HMAC_LEN     28
  62. #elif defined(MBEDTLS_SHA1_C)
  63. #define COOKIE_MD           MBEDTLS_MD_SHA1
  64. #define COOKIE_MD_OUTLEN    20
  65. #define COOKIE_HMAC_LEN     20
  66. #else
  67. #error "DTLS hello verify needs SHA-1 or SHA-2"
  68. #endif
  69.  
  70. /*
  71.  * Cookies are formed of a 4-bytes timestamp (or serial number) and
  72.  * an HMAC of timestemp and client ID.
  73.  */
  74. #define COOKIE_LEN      ( 4 + COOKIE_HMAC_LEN )
  75.  
  76. void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
  77. {
  78.     mbedtls_md_init( &ctx->hmac_ctx );
  79. #if !defined(MBEDTLS_HAVE_TIME)
  80.     ctx->serial = 0;
  81. #endif
  82.     ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;
  83.  
  84. #if defined(MBEDTLS_THREADING_C)
  85.     mbedtls_mutex_init( &ctx->mutex );
  86. #endif
  87. }
  88.  
  89. void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay )
  90. {
  91.     ctx->timeout = delay;
  92. }
  93.  
  94. void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
  95. {
  96.     mbedtls_md_free( &ctx->hmac_ctx );
  97.  
  98. #if defined(MBEDTLS_THREADING_C)
  99.     mbedtls_mutex_free( &ctx->mutex );
  100. #endif
  101.  
  102.     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
  103. }
  104.  
  105. int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
  106.                       int (*f_rng)(void *, unsigned char *, size_t),
  107.                       void *p_rng )
  108. {
  109.     int ret;
  110.     unsigned char key[COOKIE_MD_OUTLEN];
  111.  
  112.     if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
  113.         return( ret );
  114.  
  115.     ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
  116.     if( ret != 0 )
  117.         return( ret );
  118.  
  119.     ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
  120.     if( ret != 0 )
  121.         return( ret );
  122.  
  123.     mbedtls_platform_zeroize( key, sizeof( key ) );
  124.  
  125.     return( 0 );
  126. }
  127.  
  128. /*
  129.  * Generate the HMAC part of a cookie
  130.  */
  131. static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
  132.                             const unsigned char time[4],
  133.                             unsigned char **p, unsigned char *end,
  134.                             const unsigned char *cli_id, size_t cli_id_len )
  135. {
  136.     unsigned char hmac_out[COOKIE_MD_OUTLEN];
  137.  
  138.     if( (size_t)( end - *p ) < COOKIE_HMAC_LEN )
  139.         return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
  140.  
  141.     if( mbedtls_md_hmac_reset(  hmac_ctx ) != 0 ||
  142.         mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 ||
  143.         mbedtls_md_hmac_update( hmac_ctx, cli_id, cli_id_len ) != 0 ||
  144.         mbedtls_md_hmac_finish( hmac_ctx, hmac_out ) != 0 )
  145.     {
  146.         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
  147.     }
  148.  
  149.     memcpy( *p, hmac_out, COOKIE_HMAC_LEN );
  150.     *p += COOKIE_HMAC_LEN;
  151.  
  152.     return( 0 );
  153. }
  154.  
  155. /*
  156.  * Generate cookie for DTLS ClientHello verification
  157.  */
  158. int mbedtls_ssl_cookie_write( void *p_ctx,
  159.                       unsigned char **p, unsigned char *end,
  160.                       const unsigned char *cli_id, size_t cli_id_len )
  161. {
  162.     int ret;
  163.     mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
  164.     unsigned long t;
  165.  
  166.     if( ctx == NULL || cli_id == NULL )
  167.         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
  168.  
  169.     if( (size_t)( end - *p ) < COOKIE_LEN )
  170.         return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
  171.  
  172. #if defined(MBEDTLS_HAVE_TIME)
  173.     t = (unsigned long) mbedtls_time( NULL );
  174. #else
  175.     t = ctx->serial++;
  176. #endif
  177.  
  178.     (*p)[0] = (unsigned char)( t >> 24 );
  179.     (*p)[1] = (unsigned char)( t >> 16 );
  180.     (*p)[2] = (unsigned char)( t >>  8 );
  181.     (*p)[3] = (unsigned char)( t       );
  182.     *p += 4;
  183.  
  184. #if defined(MBEDTLS_THREADING_C)
  185.     if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
  186.         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret );
  187. #endif
  188.  
  189.     ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
  190.                            p, end, cli_id, cli_id_len );
  191.  
  192. #if defined(MBEDTLS_THREADING_C)
  193.     if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
  194.         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
  195.                 MBEDTLS_ERR_THREADING_MUTEX_ERROR );
  196. #endif
  197.  
  198.     return( ret );
  199. }
  200.  
  201. /*
  202.  * Check a cookie
  203.  */
  204. int mbedtls_ssl_cookie_check( void *p_ctx,
  205.                       const unsigned char *cookie, size_t cookie_len,
  206.                       const unsigned char *cli_id, size_t cli_id_len )
  207. {
  208.     unsigned char ref_hmac[COOKIE_HMAC_LEN];
  209.     int ret = 0;
  210.     unsigned char *p = ref_hmac;
  211.     mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
  212.     unsigned long cur_time, cookie_time;
  213.  
  214.     if( ctx == NULL || cli_id == NULL )
  215.         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
  216.  
  217.     if( cookie_len != COOKIE_LEN )
  218.         return( -1 );
  219.  
  220. #if defined(MBEDTLS_THREADING_C)
  221.     if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
  222.         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret );
  223. #endif
  224.  
  225.     if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
  226.                          &p, p + sizeof( ref_hmac ),
  227.                          cli_id, cli_id_len ) != 0 )
  228.         ret = -1;
  229.  
  230. #if defined(MBEDTLS_THREADING_C)
  231.     if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
  232.         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
  233.                 MBEDTLS_ERR_THREADING_MUTEX_ERROR );
  234. #endif
  235.  
  236.     if( ret != 0 )
  237.         return( ret );
  238.  
  239.     if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
  240.         return( -1 );
  241.  
  242. #if defined(MBEDTLS_HAVE_TIME)
  243.     cur_time = (unsigned long) mbedtls_time( NULL );
  244. #else
  245.     cur_time = ctx->serial;
  246. #endif
  247.  
  248.     cookie_time = ( (unsigned long) cookie[0] << 24 ) |
  249.                   ( (unsigned long) cookie[1] << 16 ) |
  250.                   ( (unsigned long) cookie[2] <<  8 ) |
  251.                   ( (unsigned long) cookie[3]       );
  252.  
  253.     if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout )
  254.         return( -1 );
  255.  
  256.     return( 0 );
  257. }
  258. #endif /* MBEDTLS_SSL_COOKIE_C */
  259.