Blame - library/ssl_cookie.c - mirror/mbed-tls

blob: abf9e15fc5851681f2cc6d012b5d8b695a3ad21e [file] [log] [blame]

Manuel Pégourié-Gonnard	232edd4	2014-07-23 16:56:27 +0200	[diff] [blame]	1	/*
				2	* DTLS cookie callbacks implementation
				3	*
				4	* Copyright (C) 2014, Brainspark B.V.
				5	*
				6	* This file is part of PolarSSL (http://www.polarssl.org)
				7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
				8	*
				9	* All rights reserved.
				10	*
				11	* This program is free software; you can redistribute it and/or modify
				12	* it under the terms of the GNU General Public License as published by
				13	* the Free Software Foundation; either version 2 of the License, or
				14	* (at your option) any later version.
				15	*
				16	* This program is distributed in the hope that it will be useful,
				17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				19	* GNU General Public License for more details.
				20	*
				21	* You should have received a copy of the GNU General Public License along
				22	* with this program; if not, write to the Free Software Foundation, Inc.,
				23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				24	*/
				25	/*
				26	* These session callbacks use a simple chained list
				27	* to store and retrieve the session information.
				28	*/
				29
				30	#if !defined(POLARSSL_CONFIG_FILE)
				31	#include "polarssl/config.h"
				32	#else
				33	#include POLARSSL_CONFIG_FILE
				34	#endif
				35
				36	#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
				37
				38	#include "polarssl/ssl_cookie.h"
				39
				40	#if defined(POLARSSL_PLATFORM_C)
				41	#include "polarssl/platform.h"
				42	#else
				43	#define polarssl_malloc malloc
				44	#define polarssl_free free
				45	#endif
				46
				47	/* Implementation that should never be optimized out by the compiler */
				48	static void polarssl_zeroize( void *v, size_t n ) {
				49	volatile unsigned char p = v; while( n-- ) p++ = 0;
				50	}
				51
				52	/*
				53	* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
				54	* available. Try SHA-256 first, 512 wastes resources since we need to stay
				55	* with max 32 bytes of cookie for DTLS 1.0
				56	*/
				57	#if defined(POLARSSL_SHA256_C)
				58	#define HVR_MD POLARSSL_MD_SHA256
				59	#define HVR_MD_LEN 32
				60	#define HVR_MD_USE 32
				61	#elif defined(POLARSSL_SHA512_C)
				62	#define HVR_MD POLARSSL_MD_SHA384
				63	#define HVR_MD_LEN 48
				64	#define HVR_MD_USE 32
				65	#elif defined(POLARSSL_SHA1_C)
				66	#define HVR_MD POLARSSL_MD_SHA1
				67	#define HVR_MD_LEN 20
				68	#define HVR_MD_USE 20
				69	#else
				70	#error "DTLS hello verify needs SHA-1 or SHA-2"
				71	#endif
				72
				73	void ssl_cookie_init( ssl_cookie_ctx *ctx )
				74	{
				75	md_init( &ctx->hmac_ctx );
				76	}
				77
				78	void ssl_cookie_free( ssl_cookie_ctx *ctx )
				79	{
				80	md_free( &ctx->hmac_ctx );
				81	}
				82
				83	int ssl_cookie_setup( ssl_cookie_ctx *ctx,
				84	int (f_rng)(void , unsigned char *, size_t),
				85	void *p_rng )
				86	{
				87	int ret;
				88	unsigned char key[HVR_MD_LEN];
				89
				90	if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
				91	return( ret );
				92
				93	ret = md_init_ctx( &ctx->hmac_ctx, md_info_from_type( HVR_MD ) );
				94	if( ret != 0 )
				95	return( ret );
				96
				97	ret = md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
				98	if( ret != 0 )
				99	return( ret );
				100
				101	polarssl_zeroize( key, sizeof( key ) );
				102
				103	return( 0 );
				104	}
				105
				106	/*
				107	* Generate cookie for DTLS ClientHello verification
				108	*/
Manuel Pégourié-Gonnard	e4de061	2014-07-23 17:26:48 +0200	[diff] [blame^]	109	int ssl_cookie_write( void *p_ctx,
Manuel Pégourié-Gonnard	232edd4	2014-07-23 16:56:27 +0200	[diff] [blame]	110	unsigned char *p, unsigned char end,
				111	const unsigned char *cli_id, size_t cli_id_len )
				112	{
				113	int ret;
				114	unsigned char hmac_out[HVR_MD_LEN];
Manuel Pégourié-Gonnard	e4de061	2014-07-23 17:26:48 +0200	[diff] [blame^]	115	ssl_cookie_ctx ctx = (ssl_cookie_ctx ) p_ctx;
				116
				117	if( ctx == NULL )
				118	return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard	232edd4	2014-07-23 16:56:27 +0200	[diff] [blame]	119
				120	if( (size_t)( end - *p ) < HVR_MD_USE )
				121	return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
				122
Manuel Pégourié-Gonnard	e4de061	2014-07-23 17:26:48 +0200	[diff] [blame^]	123	if( ( ret = md_hmac_reset( &ctx->hmac_ctx ) ) != 0 \|\|
				124	( ret = md_hmac_update( &ctx->hmac_ctx, cli_id, cli_id_len ) ) != 0 \|\|
				125	( ret = md_hmac_finish( &ctx->hmac_ctx, hmac_out ) ) != 0 )
Manuel Pégourié-Gonnard	232edd4	2014-07-23 16:56:27 +0200	[diff] [blame]	126	{
				127	return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
				128	}
				129
				130	memcpy( *p, hmac_out, HVR_MD_USE );
				131	*p += HVR_MD_USE;
				132
				133	return( 0 );
				134	}
				135
				136	/*
				137	* Check a cookie
				138	*/
Manuel Pégourié-Gonnard	e4de061	2014-07-23 17:26:48 +0200	[diff] [blame^]	139	int ssl_cookie_check( void *p_ctx,
Manuel Pégourié-Gonnard	232edd4	2014-07-23 16:56:27 +0200	[diff] [blame]	140	const unsigned char *cookie, size_t cookie_len,
				141	const unsigned char *cli_id, size_t cli_id_len )
				142	{
				143	unsigned char ref_cookie[HVR_MD_USE];
				144	unsigned char *p = ref_cookie;
Manuel Pégourié-Gonnard	232edd4	2014-07-23 16:56:27 +0200	[diff] [blame]	145
				146	if( cookie_len != HVR_MD_USE )
				147	return( -1 );
				148
Manuel Pégourié-Gonnard	e4de061	2014-07-23 17:26:48 +0200	[diff] [blame^]	149	if( ssl_cookie_write( p_ctx,
Manuel Pégourié-Gonnard	232edd4	2014-07-23 16:56:27 +0200	[diff] [blame]	150	&p, p + sizeof( ref_cookie ),
				151	cli_id, cli_id_len ) != 0 )
				152	return( -1 );
				153
				154	if( safer_memcmp( cookie, ref_cookie, sizeof( ref_cookie ) ) != 0 )
				155	return( -1 );
				156
				157	return( 0 );
				158	}
				159	#endif /* POLARSSL_SSL_COOKIE_C */