TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2a0718d9476dadfccaecd44e34201c379c5ec915 / . / library / ssl_cookie.c
blob: dd86f581fcd749a05d4073a66ae3b6d8a6563bf9 [file] [log] [blame]
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]1/*
2 * DTLS cookie callbacks implementation
3 *
4 * Copyright (C) 2014, Brainspark B.V.
5 *
Manuel Pégourié-Gonnarddba564b2015-01-23 11:33:38 +0000[diff] [blame]6 * This file is part of mbed TLS (https://www.polarssl.org)
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22/*
23 * These session callbacks use a simple chained list
24 * to store and retrieve the session information.
25 */
26
27#if !defined(POLARSSL_CONFIG_FILE)
28#include "polarssl/config.h"
29#else
30#include POLARSSL_CONFIG_FILE
31#endif
32
Manuel Pégourié-Gonnarda64acd42014-07-23 18:30:45 +0200[diff] [blame]33#if defined(POLARSSL_SSL_COOKIE_C)
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]34
35#include "polarssl/ssl_cookie.h"
36
37#if defined(POLARSSL_PLATFORM_C)
38#include "polarssl/platform.h"
39#else
40#define polarssl_malloc malloc
41#define polarssl_free free
42#endif
43
44/* Implementation that should never be optimized out by the compiler */
45static void polarssl_zeroize( void *v, size_t n ) {
46 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
47}
48
49/*
50 * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
51 * available. Try SHA-256 first, 512 wastes resources since we need to stay
52 * with max 32 bytes of cookie for DTLS 1.0
53 */
54#if defined(POLARSSL_SHA256_C)
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]55#define COOKIE_MD POLARSSL_MD_SHA224
56#define COOKIE_MD_OUTLEN 32
57#define COOKIE_HMAC_LEN 28
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]58#elif defined(POLARSSL_SHA512_C)
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]59#define COOKIE_MD POLARSSL_MD_SHA384
60#define COOKIE_MD_OUTLEN 48
61#define COOKIE_HMAC_LEN 28
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]62#elif defined(POLARSSL_SHA1_C)
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]63#define COOKIE_MD POLARSSL_MD_SHA1
64#define COOKIE_MD_OUTLEN 20
65#define COOKIE_HMAC_LEN 20
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]66#else
67#error "DTLS hello verify needs SHA-1 or SHA-2"
68#endif
69
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]70/*
71 * Cookies are formed of a 4-bytes timestamp (or serial number) and
72 * an HMAC of timestemp and client ID.
73 */
74#define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN )
75
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]76void ssl_cookie_init( ssl_cookie_ctx *ctx )
77{
78 md_init( &ctx->hmac_ctx );
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]79#if !defined(POLARSSL_HAVE_TIME)
80 ctx->serial = 0;
81#endif
Manuel Pégourié-Gonnardbef8f092014-07-23 23:40:29 +0200[diff] [blame]82 ctx->timeout = POLARSSL_SSL_COOKIE_TIMEOUT;
83}
84
85void ssl_cookie_set_timeout( ssl_cookie_ctx *ctx, unsigned long delay )
86{
87 ctx->timeout = delay;
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]88}
89
90void ssl_cookie_free( ssl_cookie_ctx *ctx )
91{
92 md_free( &ctx->hmac_ctx );
93}
94
95int ssl_cookie_setup( ssl_cookie_ctx *ctx,
96 int (*f_rng)(void *, unsigned char *, size_t),
97 void *p_rng )
98{
99 int ret;
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]100 unsigned char key[COOKIE_MD_OUTLEN];
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]101
102 if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
103 return( ret );
104
Manuel Pégourié-Gonnard445a1ec2014-07-23 20:48:05 +0200[diff] [blame]105 ret = md_init_ctx( &ctx->hmac_ctx, md_info_from_type( COOKIE_MD ) );
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]106 if( ret != 0 )
107 return( ret );
108
109 ret = md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
110 if( ret != 0 )
111 return( ret );
112
113 polarssl_zeroize( key, sizeof( key ) );
114
115 return( 0 );
116}
117
118/*
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]119 * Generate the HMAC part of a cookie
120 */
121static int ssl_cookie_hmac( md_context_t *hmac_ctx,
122 const unsigned char time[4],
123 unsigned char **p, unsigned char *end,
124 const unsigned char *cli_id, size_t cli_id_len )
125{
126 int ret;
127 unsigned char hmac_out[COOKIE_MD_OUTLEN];
128
129 if( (size_t)( end - *p ) < COOKIE_HMAC_LEN )
Manuel Pégourié-Gonnard562eb782014-07-23 23:41:53 +0200[diff] [blame]130 return( POLARSSL_ERR_SSL_BUFFER_TOO_SMALL );
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]131
132 if( ( ret = md_hmac_reset( hmac_ctx ) ) != 0 ||
133 ( ret = md_hmac_update( hmac_ctx, time, 4 ) ) != 0 ||
134 ( ret = md_hmac_update( hmac_ctx, cli_id, cli_id_len ) ) != 0 ||
135 ( ret = md_hmac_finish( hmac_ctx, hmac_out ) ) != 0 )
136 {
137 return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
138 }
139
140 memcpy( *p, hmac_out, COOKIE_HMAC_LEN );
141 *p += COOKIE_HMAC_LEN;
142
143 return( 0 );
144}
145
146/*
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]147 * Generate cookie for DTLS ClientHello verification
148 */
Manuel Pégourié-Gonnarde4de0612014-07-23 17:26:48 +0200[diff] [blame]149int ssl_cookie_write( void *p_ctx,
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]150 unsigned char **p, unsigned char *end,
151 const unsigned char *cli_id, size_t cli_id_len )
152{
Manuel Pégourié-Gonnarde4de0612014-07-23 17:26:48 +0200[diff] [blame]153 ssl_cookie_ctx *ctx = (ssl_cookie_ctx *) p_ctx;
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]154 unsigned long t;
Manuel Pégourié-Gonnarde4de0612014-07-23 17:26:48 +0200[diff] [blame]155
Manuel Pégourié-Gonnard29ad7e82014-07-23 19:12:15 +0200[diff] [blame]156 if( ctx == NULL || cli_id == NULL )
Manuel Pégourié-Gonnarde4de0612014-07-23 17:26:48 +0200[diff] [blame]157 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]158
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]159 if( (size_t)( end - *p ) < COOKIE_LEN )
Manuel Pégourié-Gonnard562eb782014-07-23 23:41:53 +0200[diff] [blame]160 return( POLARSSL_ERR_SSL_BUFFER_TOO_SMALL );
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]161
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]162#if defined(POLARSSL_HAVE_TIME)
163 t = (unsigned long) time( NULL );
164#else
165 t = ctx->serial++;
166#endif
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]167
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]168 (*p)[0] = (unsigned char)( t >> 24 );
169 (*p)[1] = (unsigned char)( t >> 16 );
170 (*p)[2] = (unsigned char)( t >> 8 );
171 (*p)[3] = (unsigned char)( t );
172 *p += 4;
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]173
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]174 return( ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
175 p, end, cli_id, cli_id_len ) );
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]176}
177
178/*
179 * Check a cookie
180 */
Manuel Pégourié-Gonnarde4de0612014-07-23 17:26:48 +0200[diff] [blame]181int ssl_cookie_check( void *p_ctx,
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]182 const unsigned char *cookie, size_t cookie_len,
183 const unsigned char *cli_id, size_t cli_id_len )
184{
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]185 unsigned char ref_hmac[COOKIE_HMAC_LEN];
186 unsigned char *p = ref_hmac;
187 ssl_cookie_ctx *ctx = (ssl_cookie_ctx *) p_ctx;
188 unsigned long cur_time, cookie_time;
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]189
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]190 if( ctx == NULL || cli_id == NULL )
191 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
192
193 if( cookie_len != COOKIE_LEN )
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]194 return( -1 );
195
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]196 if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
197 &p, p + sizeof( ref_hmac ),
198 cli_id, cli_id_len ) != 0 )
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]199 return( -1 );
200
Manuel Pégourié-Gonnarde9030812014-07-23 21:29:11 +0200[diff] [blame]201 if( safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
202 return( -1 );
203
204#if defined(POLARSSL_HAVE_TIME)
205 cur_time = (unsigned long) time( NULL );
206#else
207 cur_time = ctx->serial;
208#endif
209
210 cookie_time = ( (unsigned long) cookie[0] << 24 ) |
211 ( (unsigned long) cookie[1] << 16 ) |
212 ( (unsigned long) cookie[2] << 8 ) |
213 ( (unsigned long) cookie[3] );
214
Manuel Pégourié-Gonnardbef8f092014-07-23 23:40:29 +0200[diff] [blame]215 if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout )
Manuel Pégourié-Gonnard232edd42014-07-23 16:56:27 +0200[diff] [blame]216 return( -1 );
217
218 return( 0 );
219}
220#endif /* POLARSSL_SSL_COOKIE_C */