TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 50518f419589d2c4746f4b6d6be0a2569a3386a8 / . / library / ssl_cookie.c
blob: de0d108a3841676516910f74a7dfacf708a28eb4 [file] [log] [blame]
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]1/*
2 * DTLS cookie callbacks implementation
3 *
Manuel Pégourié-Gonnard53ebe132015-05-15 11:56:13 +0200[diff] [blame]4 * Copyright (C) 2014-2015, ARM Limited, All Rights Reserved
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]5 *
Manuel Pégourié-Gonnarde4d48902015-03-06 13:40:52 +0000[diff] [blame]6 * This file is part of mbed TLS (https://tls.mbed.org)
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22/*
23 * These session callbacks use a simple chained list
24 * to store and retrieve the session information.
25 */
26
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]27#if !defined(MBEDTLS_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]28#include "mbedtls/config.h"
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]29#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]30#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]31#endif
32
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]33#if defined(MBEDTLS_SSL_COOKIE_C)
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]34
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]35#include "mbedtls/ssl_cookie.h"
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]36
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]37#if defined(MBEDTLS_PLATFORM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]38#include "mbedtls/platform.h"
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]39#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]40#define mbedtls_malloc malloc
41#define mbedtls_free free
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]42#endif
43
Manuel Pégourié-Gonnardd901d172015-02-16 18:37:53 +0000[diff] [blame]44#include <string.h>
45
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]46/* Implementation that should never be optimized out by the compiler */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]47static void mbedtls_zeroize( void *v, size_t n ) {
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]48 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
49}
50
51/*
52 * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
53 * available. Try SHA-256 first, 512 wastes resources since we need to stay
54 * with max 32 bytes of cookie for DTLS 1.0
55 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]56#if defined(MBEDTLS_SHA256_C)
57#define COOKIE_MD MBEDTLS_MD_SHA224
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]58#define COOKIE_MD_OUTLEN 32
59#define COOKIE_HMAC_LEN 28
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]60#elif defined(MBEDTLS_SHA512_C)
61#define COOKIE_MD MBEDTLS_MD_SHA384
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]62#define COOKIE_MD_OUTLEN 48
63#define COOKIE_HMAC_LEN 28
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]64#elif defined(MBEDTLS_SHA1_C)
65#define COOKIE_MD MBEDTLS_MD_SHA1
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]66#define COOKIE_MD_OUTLEN 20
67#define COOKIE_HMAC_LEN 20
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]68#else
69#error "DTLS hello verify needs SHA-1 or SHA-2"
70#endif
71
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]72/*
73 * Cookies are formed of a 4-bytes timestamp (or serial number) and
74 * an HMAC of timestemp and client ID.
75 */
76#define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN )
77
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]78void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]79{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]80 mbedtls_md_init( &ctx->hmac_ctx );
81#if !defined(MBEDTLS_HAVE_TIME)
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]82 ctx->serial = 0;
83#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]84 ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;
Manuel Pégourié-Gonnardbef8f092014-07-23 23:40:29 +0200[diff] [blame]85}
86
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]87void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay )
Manuel Pégourié-Gonnardbef8f092014-07-23 23:40:29 +0200[diff] [blame]88{
89 ctx->timeout = delay;
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]90}
91
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]92void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]93{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]94 mbedtls_md_free( &ctx->hmac_ctx );
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]95}
96
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]97int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]98 int (*f_rng)(void *, unsigned char *, size_t),
99 void *p_rng )
100{
101 int ret;
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]102 unsigned char key[COOKIE_MD_OUTLEN];
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]103
104 if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
105 return( ret );
106
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]107 ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]108 if( ret != 0 )
109 return( ret );
110
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]111 ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]112 if( ret != 0 )
113 return( ret );
114
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]115 mbedtls_zeroize( key, sizeof( key ) );
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]116
117 return( 0 );
118}
119
120/*
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]121 * Generate the HMAC part of a cookie
122 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]123static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]124 const unsigned char time[4],
125 unsigned char **p, unsigned char *end,
126 const unsigned char *cli_id, size_t cli_id_len )
127{
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]128 unsigned char hmac_out[COOKIE_MD_OUTLEN];
129
130 if( (size_t)( end - *p ) < COOKIE_HMAC_LEN )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]131 return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]132
Manuel Pégourié-Gonnard6ab9b002015-05-14 11:25:04 +0200[diff] [blame]133 if( mbedtls_md_hmac_reset( hmac_ctx ) != 0 ||
134 mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 ||
135 mbedtls_md_hmac_update( hmac_ctx, cli_id, cli_id_len ) != 0 ||
136 mbedtls_md_hmac_finish( hmac_ctx, hmac_out ) != 0 )
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]137 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]138 return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]139 }
140
141 memcpy( *p, hmac_out, COOKIE_HMAC_LEN );
142 *p += COOKIE_HMAC_LEN;
143
144 return( 0 );
145}
146
147/*
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]148 * Generate cookie for DTLS ClientHello verification
149 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]150int mbedtls_ssl_cookie_write( void *p_ctx,
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]151 unsigned char **p, unsigned char *end,
152 const unsigned char *cli_id, size_t cli_id_len )
153{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]154 mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]155 unsigned long t;
Manuel Pégourié-Gonnarde4de0612014-07-23 17:26:48 +0200[diff] [blame]156
Manuel Pégourié-Gonnard29ad7e82014-07-23 19:12:15 +0200[diff] [blame]157 if( ctx == NULL || cli_id == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]158 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]159
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]160 if( (size_t)( end - *p ) < COOKIE_LEN )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]161 return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]162
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]163#if defined(MBEDTLS_HAVE_TIME)
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]164 t = (unsigned long) time( NULL );
165#else
166 t = ctx->serial++;
167#endif
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]168
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]169 (*p)[0] = (unsigned char)( t >> 24 );
170 (*p)[1] = (unsigned char)( t >> 16 );
171 (*p)[2] = (unsigned char)( t >> 8 );
172 (*p)[3] = (unsigned char)( t );
173 *p += 4;
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]174
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]175 return( ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
176 p, end, cli_id, cli_id_len ) );
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]177}
178
179/*
180 * Check a cookie
181 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]182int mbedtls_ssl_cookie_check( void *p_ctx,
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]183 const unsigned char *cookie, size_t cookie_len,
184 const unsigned char *cli_id, size_t cli_id_len )
185{
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]186 unsigned char ref_hmac[COOKIE_HMAC_LEN];
187 unsigned char *p = ref_hmac;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]188 mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]189 unsigned long cur_time, cookie_time;
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]190
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]191 if( ctx == NULL || cli_id == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]192 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]193
194 if( cookie_len != COOKIE_LEN )
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]195 return( -1 );
196
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]197 if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
198 &p, p + sizeof( ref_hmac ),
199 cli_id, cli_id_len ) != 0 )
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]200 return( -1 );
201
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]202 if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]203 return( -1 );
204
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]205#if defined(MBEDTLS_HAVE_TIME)
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]206 cur_time = (unsigned long) time( NULL );
207#else
208 cur_time = ctx->serial;
209#endif
210
211 cookie_time = ( (unsigned long) cookie[0] << 24 ) |
212 ( (unsigned long) cookie[1] << 16 ) |
213 ( (unsigned long) cookie[2] << 8 ) |
214 ( (unsigned long) cookie[3] );
215
Manuel Pégourié-Gonnardbef8f092014-07-23 23:40:29 +0200[diff] [blame]216 if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout )
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]217 return( -1 );
218
219 return( 0 );
220}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]221#endif /* MBEDTLS_SSL_COOKIE_C */