diff options
Diffstat (limited to 'thirdparty/mbedtls/library/ssl_ticket.c')
| -rw-r--r-- | thirdparty/mbedtls/library/ssl_ticket.c | 310 |
1 files changed, 160 insertions, 150 deletions
diff --git a/thirdparty/mbedtls/library/ssl_ticket.c b/thirdparty/mbedtls/library/ssl_ticket.c index 8a57789f10..0789245bac 100644 --- a/thirdparty/mbedtls/library/ssl_ticket.c +++ b/thirdparty/mbedtls/library/ssl_ticket.c @@ -33,12 +33,12 @@ /* * Initialize context */ -void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) +void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_ssl_ticket_context ) ); + memset(ctx, 0, sizeof(mbedtls_ssl_ticket_context)); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif } @@ -49,81 +49,80 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) #define TICKET_CRYPT_LEN_BYTES 2 #define TICKET_AUTH_TAG_BYTES 16 -#define TICKET_MIN_LEN ( TICKET_KEY_NAME_BYTES + \ - TICKET_IV_BYTES + \ - TICKET_CRYPT_LEN_BYTES + \ - TICKET_AUTH_TAG_BYTES ) -#define TICKET_ADD_DATA_LEN ( TICKET_KEY_NAME_BYTES + \ - TICKET_IV_BYTES + \ - TICKET_CRYPT_LEN_BYTES ) +#define TICKET_MIN_LEN (TICKET_KEY_NAME_BYTES + \ + TICKET_IV_BYTES + \ + TICKET_CRYPT_LEN_BYTES + \ + TICKET_AUTH_TAG_BYTES) +#define TICKET_ADD_DATA_LEN (TICKET_KEY_NAME_BYTES + \ + TICKET_IV_BYTES + \ + TICKET_CRYPT_LEN_BYTES) /* * Generate/update a key */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx, - unsigned char index ) +static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, + unsigned char index) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[MAX_KEY_BYTES]; mbedtls_ssl_ticket_key *key = ctx->keys + index; #if defined(MBEDTLS_HAVE_TIME) - key->generation_time = (uint32_t) mbedtls_time( NULL ); + key->generation_time = (uint32_t) mbedtls_time(NULL); #endif - if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 ) - return( ret ); + if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) { + return ret; + } - if( ( ret = ctx->f_rng( ctx->p_rng, buf, sizeof( buf ) ) ) != 0 ) - return( ret ); + if ((ret = ctx->f_rng(ctx->p_rng, buf, sizeof(buf))) != 0) { + return ret; + } /* With GCM and CCM, same context can encrypt & decrypt */ - ret = mbedtls_cipher_setkey( &key->ctx, buf, - mbedtls_cipher_get_key_bitlen( &key->ctx ), - MBEDTLS_ENCRYPT ); + ret = mbedtls_cipher_setkey(&key->ctx, buf, + mbedtls_cipher_get_key_bitlen(&key->ctx), + MBEDTLS_ENCRYPT); - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); - return( ret ); + return ret; } /* * Rotate/generate keys if necessary */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx ) +static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx) { #if !defined(MBEDTLS_HAVE_TIME) ((void) ctx); #else - if( ctx->ticket_lifetime != 0 ) - { - uint32_t current_time = (uint32_t) mbedtls_time( NULL ); + if (ctx->ticket_lifetime != 0) { + uint32_t current_time = (uint32_t) mbedtls_time(NULL); uint32_t key_time = ctx->keys[ctx->active].generation_time; - if( current_time >= key_time && - current_time - key_time < ctx->ticket_lifetime ) - { - return( 0 ); + if (current_time >= key_time && + current_time - key_time < ctx->ticket_lifetime) { + return 0; } ctx->active = 1 - ctx->active; - return( ssl_ticket_gen_key( ctx, ctx->active ) ); - } - else + return ssl_ticket_gen_key(ctx, ctx->active); + } else #endif /* MBEDTLS_HAVE_TIME */ - return( 0 ); + return 0; } /* * Setup context for actual use */ -int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_cipher_type_t cipher, - uint32_t lifetime ) +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_cipher_type_t cipher, + uint32_t lifetime) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; @@ -133,26 +132,26 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, ctx->ticket_lifetime = lifetime; - cipher_info = mbedtls_cipher_info_from_type( cipher); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + cipher_info = mbedtls_cipher_info_from_type(cipher); + if (cipher_info == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - if( cipher_info->mode != MBEDTLS_MODE_GCM && - cipher_info->mode != MBEDTLS_MODE_CCM ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (cipher_info->mode != MBEDTLS_MODE_GCM && + cipher_info->mode != MBEDTLS_MODE_CCM) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (cipher_info->key_bitlen > 8 * MAX_KEY_BYTES) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } int do_mbedtls_cipher_setup = 1; #if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx, - cipher_info, TICKET_AUTH_TAG_BYTES ); + ret = mbedtls_cipher_setup_psa(&ctx->keys[0].ctx, + cipher_info, TICKET_AUTH_TAG_BYTES); - switch( ret ) - { + switch (ret) { case 0: do_mbedtls_cipher_setup = 0; break; @@ -162,37 +161,42 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, do_mbedtls_cipher_setup = 1; break; default: - return( ret ); + return ret; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( do_mbedtls_cipher_setup ) - if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) - != 0 ) - return( ret ); + if (do_mbedtls_cipher_setup) { + if ((ret = mbedtls_cipher_setup(&ctx->keys[0].ctx, cipher_info)) + != 0) { + return ret; + } + } do_mbedtls_cipher_setup = 1; #if defined(MBEDTLS_USE_PSA_CRYPTO) do_mbedtls_cipher_setup = 0; - ret = mbedtls_cipher_setup_psa( &ctx->keys[1].ctx, - cipher_info, TICKET_AUTH_TAG_BYTES ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - return( ret ); - if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) + ret = mbedtls_cipher_setup_psa(&ctx->keys[1].ctx, + cipher_info, TICKET_AUTH_TAG_BYTES); + if (ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) { + return ret; + } + if (ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) { do_mbedtls_cipher_setup = 1; + } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( do_mbedtls_cipher_setup ) - if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) - != 0 ) - return( ret ); + if (do_mbedtls_cipher_setup) { + if ((ret = mbedtls_cipher_setup(&ctx->keys[1].ctx, cipher_info)) + != 0) { + return ret; + } + } - if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 || - ( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 ) - { - return( ret ); + if ((ret = ssl_ticket_gen_key(ctx, 0)) != 0 || + (ret = ssl_ticket_gen_key(ctx, 1)) != 0) { + return ret; } - return( 0 ); + return 0; } /* @@ -209,12 +213,12 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, * authenticated data. */ -int mbedtls_ssl_ticket_write( void *p_ticket, - const mbedtls_ssl_session *session, - unsigned char *start, - const unsigned char *end, - size_t *tlen, - uint32_t *ticket_lifetime ) +int mbedtls_ssl_ticket_write(void *p_ticket, + const mbedtls_ssl_session *session, + unsigned char *start, + const unsigned char *end, + size_t *tlen, + uint32_t *ticket_lifetime) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_ticket_context *ctx = p_ticket; @@ -227,53 +231,54 @@ int mbedtls_ssl_ticket_write( void *p_ticket, *tlen = 0; - if( ctx == NULL || ctx->f_rng == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->f_rng == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag, * in addition to session itself, that will be checked when writing it. */ - MBEDTLS_SSL_CHK_BUF_PTR( start, end, TICKET_MIN_LEN ); + MBEDTLS_SSL_CHK_BUF_PTR(start, end, TICKET_MIN_LEN); #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return ret; + } #endif - if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 ) + if ((ret = ssl_ticket_update_keys(ctx)) != 0) { goto cleanup; + } key = &ctx->keys[ctx->active]; *ticket_lifetime = ctx->ticket_lifetime; - memcpy( key_name, key->name, TICKET_KEY_NAME_BYTES ); + memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES); - if( ( ret = ctx->f_rng( ctx->p_rng, iv, TICKET_IV_BYTES ) ) != 0 ) + if ((ret = ctx->f_rng(ctx->p_rng, iv, TICKET_IV_BYTES)) != 0) { goto cleanup; + } /* Dump session state */ - if( ( ret = mbedtls_ssl_session_save( session, - state, end - state, - &clear_len ) ) != 0 || - (unsigned long) clear_len > 65535 ) - { - goto cleanup; + if ((ret = mbedtls_ssl_session_save(session, + state, end - state, + &clear_len)) != 0 || + (unsigned long) clear_len > 65535) { + goto cleanup; } - MBEDTLS_PUT_UINT16_BE( clear_len, state_len_bytes, 0 ); + MBEDTLS_PUT_UINT16_BE(clear_len, state_len_bytes, 0); /* Encrypt and authenticate */ - if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx, - iv, TICKET_IV_BYTES, - /* Additional data: key name, IV and length */ - key_name, TICKET_ADD_DATA_LEN, - state, clear_len, - state, end - state, &ciph_len, - TICKET_AUTH_TAG_BYTES ) ) != 0 ) - { + if ((ret = mbedtls_cipher_auth_encrypt_ext(&key->ctx, + iv, TICKET_IV_BYTES, + /* Additional data: key name, IV and length */ + key_name, TICKET_ADD_DATA_LEN, + state, clear_len, + state, end - state, &ciph_len, + TICKET_AUTH_TAG_BYTES)) != 0) { goto cleanup; } - if( ciph_len != clear_len + TICKET_AUTH_TAG_BYTES ) - { + if (ciph_len != clear_len + TICKET_AUTH_TAG_BYTES) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto cleanup; } @@ -282,36 +287,39 @@ int mbedtls_ssl_ticket_write( void *p_ticket, cleanup: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } #endif - return( ret ); + return ret; } /* * Select key based on name */ static mbedtls_ssl_ticket_key *ssl_ticket_select_key( - mbedtls_ssl_ticket_context *ctx, - const unsigned char name[4] ) + mbedtls_ssl_ticket_context *ctx, + const unsigned char name[4]) { unsigned char i; - for( i = 0; i < sizeof( ctx->keys ) / sizeof( *ctx->keys ); i++ ) - if( memcmp( name, ctx->keys[i].name, 4 ) == 0 ) - return( &ctx->keys[i] ); + for (i = 0; i < sizeof(ctx->keys) / sizeof(*ctx->keys); i++) { + if (memcmp(name, ctx->keys[i].name, 4) == 0) { + return &ctx->keys[i]; + } + } - return( NULL ); + return NULL; } /* * Load session ticket (see mbedtls_ssl_ticket_write for structure) */ -int mbedtls_ssl_ticket_parse( void *p_ticket, - mbedtls_ssl_session *session, - unsigned char *buf, - size_t len ) +int mbedtls_ssl_ticket_parse(void *p_ticket, + mbedtls_ssl_session *session, + unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_ticket_context *ctx = p_ticket; @@ -322,31 +330,33 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES; size_t enc_len, clear_len; - if( ctx == NULL || ctx->f_rng == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->f_rng == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - if( len < TICKET_MIN_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (len < TICKET_MIN_LEN) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return ret; + } #endif - if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 ) + if ((ret = ssl_ticket_update_keys(ctx)) != 0) { goto cleanup; + } - enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1]; + enc_len = (enc_len_p[0] << 8) | enc_len_p[1]; - if( len != TICKET_MIN_LEN + enc_len ) - { + if (len != TICKET_MIN_LEN + enc_len) { ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; goto cleanup; } /* Select key */ - if( ( key = ssl_ticket_select_key( ctx, key_name ) ) == NULL ) - { + if ((key = ssl_ticket_select_key(ctx, key_name)) == NULL) { /* We can't know for sure but this is a likely option unless we're * under attack - this is only informative anyway */ ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; @@ -354,37 +364,36 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, } /* Decrypt and authenticate */ - if( ( ret = mbedtls_cipher_auth_decrypt_ext( &key->ctx, - iv, TICKET_IV_BYTES, - /* Additional data: key name, IV and length */ - key_name, TICKET_ADD_DATA_LEN, - ticket, enc_len + TICKET_AUTH_TAG_BYTES, - ticket, enc_len, &clear_len, - TICKET_AUTH_TAG_BYTES ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ) + if ((ret = mbedtls_cipher_auth_decrypt_ext(&key->ctx, + iv, TICKET_IV_BYTES, + /* Additional data: key name, IV and length */ + key_name, TICKET_ADD_DATA_LEN, + ticket, enc_len + TICKET_AUTH_TAG_BYTES, + ticket, enc_len, &clear_len, + TICKET_AUTH_TAG_BYTES)) != 0) { + if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) { ret = MBEDTLS_ERR_SSL_INVALID_MAC; + } goto cleanup; } - if( clear_len != enc_len ) - { + if (clear_len != enc_len) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto cleanup; } /* Actually load session */ - if( ( ret = mbedtls_ssl_session_load( session, ticket, clear_len ) ) != 0 ) + if ((ret = mbedtls_ssl_session_load(session, ticket, clear_len)) != 0) { goto cleanup; + } #if defined(MBEDTLS_HAVE_TIME) { /* Check for expiration */ - mbedtls_time_t current_time = mbedtls_time( NULL ); + mbedtls_time_t current_time = mbedtls_time(NULL); - if( current_time < session->start || - (uint32_t)( current_time - session->start ) > ctx->ticket_lifetime ) - { + if (current_time < session->start || + (uint32_t) (current_time - session->start) > ctx->ticket_lifetime) { ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; goto cleanup; } @@ -393,26 +402,27 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, cleanup: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } #endif - return( ret ); + return ret; } /* * Free context */ -void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx ) +void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx) { - mbedtls_cipher_free( &ctx->keys[0].ctx ); - mbedtls_cipher_free( &ctx->keys[1].ctx ); + mbedtls_cipher_free(&ctx->keys[0].ctx); + mbedtls_cipher_free(&ctx->keys[1].ctx); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free( &ctx->mutex ); + mbedtls_mutex_free(&ctx->mutex); #endif - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_ticket_context)); } #endif /* MBEDTLS_SSL_TICKET_C */ |