kris
/
boringssl
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
5157 Revīzijas
12 Atzari
38 MiB
 
 
 
 
 
 
Koks: 6ae7ddb755
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '6ae7ddb755'
${ noResults }
boringssl/ssl/handoff.cc

318 rindas
11 KiB
Neapstrādāts Vainot Vēsture 

  1. /* Copyright (c) 2018, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include <openssl/ssl.h>

  16. 

  17. #include <openssl/bytestring.h>

  18. 

  19. #include "internal.h"

  20. 

  21. 

  22. namespace bssl {

  23. 

  24. constexpr int kHandoffVersion = 0;

  25. constexpr int kHandbackVersion = 0;

  26. 

  27. bool SSL_serialize_handoff(const SSL *ssl, CBB *out) {

  28.   const SSL3_STATE *const s3 = ssl->s3;

  29.   if (!ssl->server ||

  30.       s3->hs == nullptr ||

  31.       s3->rwstate != SSL_HANDOFF) {

  32.     return false;

  33.   }

  34. 

  35.   CBB seq;

  36.   Span<const uint8_t> transcript = s3->hs->transcript.buffer();

  37.   if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) ||

  38.       !CBB_add_asn1_uint64(&seq, kHandoffVersion) ||

  39.       !CBB_add_asn1_octet_string(&seq, transcript.data(), transcript.size()) ||

  40.       !CBB_add_asn1_octet_string(&seq,

  41.                                  reinterpret_cast<uint8_t *>(s3->hs_buf->data),

  42.                                  s3->hs_buf->length) ||

  43.       !CBB_flush(out)) {

  44.     return false;

  45.   }

  46. 

  47.   return true;

  48. }

  49. 

  50. bool SSL_decline_handoff(SSL *ssl) {

  51.   const SSL3_STATE *const s3 = ssl->s3;

  52.   if (!ssl->server ||

  53.       s3->hs == nullptr ||

  54.       s3->rwstate != SSL_HANDOFF) {

  55.     return false;

  56.   }

  57. 

  58.   ssl->handoff = false;

  59.   return true;

  60. }

  61. 

  62. bool SSL_apply_handoff(SSL *ssl, Span<const uint8_t> handoff) {

  63.   if (ssl->method->is_dtls) {

  64.     return false;

  65.   }

  66. 

  67.   CBS seq, handoff_cbs(handoff);

  68.   uint64_t handoff_version;

  69.   if (!CBS_get_asn1(&handoff_cbs, &seq, CBS_ASN1_SEQUENCE) ||

  70.       !CBS_get_asn1_uint64(&seq, &handoff_version) ||

  71.       handoff_version != kHandoffVersion) {

  72.     return false;

  73.   }

  74. 

  75.   CBS transcript, hs_buf;

  76.   if (!CBS_get_asn1(&seq, &transcript, CBS_ASN1_OCTETSTRING) ||

  77.       !CBS_get_asn1(&seq, &hs_buf, CBS_ASN1_OCTETSTRING)) {

  78.     return false;

  79.   }

  80. 

  81.   SSL_set_accept_state(ssl);

  82. 

  83.   SSL3_STATE *const s3 = ssl->s3;

  84.   s3->v2_hello_done = true;

  85.   s3->has_message = true;

  86. 

  87.   s3->hs_buf.reset(BUF_MEM_new());

  88.   if (!s3->hs_buf ||

  89.       !BUF_MEM_append(s3->hs_buf.get(), CBS_data(&hs_buf), CBS_len(&hs_buf))) {

  90.     return false;

  91.   }

  92. 

  93.   if (CBS_len(&transcript) != 0) {

  94.     s3->hs->transcript.Update(transcript);

  95.     s3->is_v2_hello = true;

  96.   }

  97.   ssl->handback = true;

  98. 

  99.   return true;

  100. }

  101. 

  102. bool SSL_serialize_handback(const SSL *ssl, CBB *out) {

  103.   if (!ssl->server ||

  104.       (ssl->s3->hs->state != state12_finish_server_handshake &&

  105.        ssl->s3->hs->state != state12_read_client_certificate) ||

  106.       ssl->method->is_dtls || ssl->version < TLS1_VERSION) {

  107.     return false;

  108.   }

  109. 

  110.   const SSL3_STATE *const s3 = ssl->s3;

  111.   size_t hostname_len = 0;

  112.   if (s3->hostname) {

  113.     hostname_len = strlen(s3->hostname.get());

  114.   }

  115. 

  116.   size_t iv_len = 0;

  117.   const uint8_t *read_iv = nullptr, *write_iv = nullptr;

  118.   Span<const uint8_t> transcript;

  119.   if (ssl->s3->hs->state == state12_finish_server_handshake) {

  120.     if (ssl->version == TLS1_VERSION &&

  121.         SSL_CIPHER_is_block_cipher(s3->aead_read_ctx->cipher()) &&

  122.         (!s3->aead_read_ctx->GetIV(&read_iv, &iv_len) ||

  123.          !s3->aead_write_ctx->GetIV(&write_iv, &iv_len))) {

  124.       return false;

  125.     }

  126.   } else {

  127.     transcript = s3->hs->transcript.buffer();

  128.   }

  129. 

  130.   // TODO(mab): make sure everything is serialized.

  131.   CBB seq, key_share;

  132.   SSL_SESSION *session =

  133.       s3->session_reused ? ssl->session : s3->hs->new_session.get();

  134.   if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) ||

  135.       !CBB_add_asn1_uint64(&seq, kHandbackVersion) ||

  136.       !CBB_add_asn1_octet_string(&seq, s3->read_sequence,

  137.                                  sizeof(s3->read_sequence)) ||

  138.       !CBB_add_asn1_octet_string(&seq, s3->write_sequence,

  139.                                  sizeof(s3->write_sequence)) ||

  140.       !CBB_add_asn1_octet_string(&seq, s3->server_random,

  141.                                  sizeof(s3->server_random)) ||

  142.       !CBB_add_asn1_octet_string(&seq, s3->client_random,

  143.                                  sizeof(s3->client_random)) ||

  144.       !CBB_add_asn1_octet_string(&seq, read_iv, iv_len) ||

  145.       !CBB_add_asn1_octet_string(&seq, write_iv, iv_len) ||

  146.       !CBB_add_asn1_bool(&seq, s3->session_reused) ||

  147.       !CBB_add_asn1_bool(&seq, s3->tlsext_channel_id_valid) ||

  148.       !ssl_session_serialize(session, &seq) ||

  149.       !CBB_add_asn1_octet_string(&seq, s3->next_proto_negotiated.data(),

  150.                                  s3->next_proto_negotiated.size()) ||

  151.       !CBB_add_asn1_octet_string(&seq, s3->alpn_selected.data(),

  152.                                  s3->alpn_selected.size()) ||

  153.       !CBB_add_asn1_octet_string(

  154.           &seq, reinterpret_cast<uint8_t *>(s3->hostname.get()),

  155.           hostname_len) ||

  156.       !CBB_add_asn1_octet_string(&seq, s3->tlsext_channel_id,

  157.                                  sizeof(s3->tlsext_channel_id)) ||

  158.       !CBB_add_asn1_bool(&seq, ssl->s3->token_binding_negotiated) ||

  159.       !CBB_add_asn1_uint64(&seq, ssl->s3->negotiated_token_binding_param) ||

  160.       !CBB_add_asn1_bool(&seq, s3->hs->next_proto_neg_seen) ||

  161.       !CBB_add_asn1_bool(&seq, s3->hs->cert_request) ||

  162.       !CBB_add_asn1_bool(&seq, s3->hs->extended_master_secret) ||

  163.       !CBB_add_asn1_bool(&seq, s3->hs->ticket_expected) ||

  164.       !CBB_add_asn1_uint64(&seq, SSL_CIPHER_get_id(s3->hs->new_cipher)) ||

  165.       !CBB_add_asn1_octet_string(&seq, transcript.data(), transcript.size()) ||

  166.       !CBB_add_asn1(&seq, &key_share, CBS_ASN1_SEQUENCE)) {

  167.     return false;

  168.   }

  169.   if (ssl->s3->hs->state == state12_read_client_certificate &&

  170.       !s3->hs->key_share->Serialize(&key_share)) {

  171.     return false;

  172.   }

  173.   return CBB_flush(out);

  174. }

  175. 

  176. bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {

  177.   if (ssl->do_handshake != nullptr ||

  178.       ssl->method->is_dtls) {

  179.     return false;

  180.   }

  181. 

  182.   SSL3_STATE *const s3 = ssl->s3;

  183.   uint64_t handback_version, negotiated_token_binding_param, cipher;

  184. 

  185.   CBS seq, read_seq, write_seq, server_rand, client_rand, read_iv, write_iv,

  186.       next_proto, alpn, hostname, channel_id, transcript, key_share;

  187.   int session_reused, channel_id_valid, cert_request, extended_master_secret,

  188.       ticket_expected, token_binding_negotiated, next_proto_neg_seen;

  189.   SSL_SESSION *session = nullptr;

  190. 

  191.   CBS handback_cbs(handback);

  192.   if (!CBS_get_asn1(&handback_cbs, &seq, CBS_ASN1_SEQUENCE) ||

  193.       !CBS_get_asn1_uint64(&seq, &handback_version) ||

  194.       handback_version != kHandbackVersion) {

  195.     return false;

  196.   }

  197. 

  198.   if (!CBS_get_asn1(&seq, &read_seq, CBS_ASN1_OCTETSTRING) ||

  199.       CBS_len(&read_seq) != sizeof(s3->read_sequence) ||

  200.       !CBS_get_asn1(&seq, &write_seq, CBS_ASN1_OCTETSTRING) ||

  201.       CBS_len(&write_seq) != sizeof(s3->write_sequence) ||

  202.       !CBS_get_asn1(&seq, &server_rand, CBS_ASN1_OCTETSTRING) ||

  203.       CBS_len(&server_rand) != sizeof(s3->server_random) ||

  204.       !CBS_copy_bytes(&server_rand, s3->server_random,

  205.                       sizeof(s3->server_random)) ||

  206.       !CBS_get_asn1(&seq, &client_rand, CBS_ASN1_OCTETSTRING) ||

  207.       CBS_len(&client_rand) != sizeof(s3->client_random) ||

  208.       !CBS_copy_bytes(&client_rand, s3->client_random,

  209.                       sizeof(s3->client_random)) ||

  210.       !CBS_get_asn1(&seq, &read_iv, CBS_ASN1_OCTETSTRING) ||

  211.       !CBS_get_asn1(&seq, &write_iv, CBS_ASN1_OCTETSTRING) ||

  212.       !CBS_get_asn1_bool(&seq, &session_reused) ||

  213.       !CBS_get_asn1_bool(&seq, &channel_id_valid)) {

  214.     return false;

  215.   }

  216. 

  217.   s3->hs = ssl_handshake_new(ssl);

  218.   if (session_reused) {

  219.     ssl->session =

  220.         SSL_SESSION_parse(&seq, ssl->ctx->x509_method, ssl->ctx->pool)

  221.             .release();

  222.     session = ssl->session;

  223.   } else {

  224.     s3->hs->new_session =

  225.         SSL_SESSION_parse(&seq, ssl->ctx->x509_method, ssl->ctx->pool);

  226.     session = s3->hs->new_session.get();

  227.   }

  228. 

  229.   if (!session || !CBS_get_asn1(&seq, &next_proto, CBS_ASN1_OCTETSTRING) ||

  230.       !CBS_get_asn1(&seq, &alpn, CBS_ASN1_OCTETSTRING) ||

  231.       !CBS_get_asn1(&seq, &hostname, CBS_ASN1_OCTETSTRING) ||

  232.       !CBS_get_asn1(&seq, &channel_id, CBS_ASN1_OCTETSTRING) ||

  233.       CBS_len(&channel_id) != sizeof(s3->tlsext_channel_id) ||

  234.       !CBS_copy_bytes(&channel_id, s3->tlsext_channel_id,

  235.                       sizeof(s3->tlsext_channel_id)) ||

  236.       !CBS_get_asn1_bool(&seq, &token_binding_negotiated) ||

  237.       !CBS_get_asn1_uint64(&seq, &negotiated_token_binding_param) ||

  238.       !CBS_get_asn1_bool(&seq, &next_proto_neg_seen) ||

  239.       !CBS_get_asn1_bool(&seq, &cert_request) ||

  240.       !CBS_get_asn1_bool(&seq, &extended_master_secret) ||

  241.       !CBS_get_asn1_bool(&seq, &ticket_expected) ||

  242.       !CBS_get_asn1_uint64(&seq, &cipher)) {

  243.     return false;

  244.   }

  245.   if ((s3->hs->new_cipher =

  246.            SSL_get_cipher_by_value(static_cast<uint16_t>(cipher))) == nullptr) {

  247.     return false;

  248.   }

  249.   if (!CBS_get_asn1(&seq, &transcript, CBS_ASN1_OCTETSTRING) ||

  250.       !CBS_get_asn1(&seq, &key_share, CBS_ASN1_SEQUENCE)) {

  251.     return false;

  252.   }

  253. 

  254.   ssl->version = session->ssl_version;

  255.   ssl->do_handshake = ssl_server_handshake;

  256.   ssl->server = true;

  257. 

  258.   s3->have_version = true;

  259.   s3->hs->state = CBS_len(&transcript) == 0 ? state12_finish_server_handshake

  260.                                             : state12_read_client_certificate;

  261.   s3->session_reused = session_reused;

  262.   s3->tlsext_channel_id_valid = channel_id_valid;

  263.   s3->next_proto_negotiated.CopyFrom(next_proto);

  264.   s3->alpn_selected.CopyFrom(alpn);

  265. 

  266.   const size_t hostname_len = CBS_len(&hostname);

  267.   if (hostname_len == 0) {

  268.     s3->hostname.reset();

  269.   } else {

  270.     char *hostname_str = nullptr;

  271.     if (!CBS_strdup(&hostname, &hostname_str)) {

  272.       return false;

  273.     }

  274.     s3->hostname.reset(hostname_str);

  275.   }

  276. 

  277.   s3->token_binding_negotiated = token_binding_negotiated;

  278.   s3->negotiated_token_binding_param =

  279.       static_cast<uint8_t>(negotiated_token_binding_param);

  280.   s3->hs->next_proto_neg_seen = next_proto_neg_seen;

  281.   s3->hs->wait = ssl_hs_flush;

  282.   s3->hs->extended_master_secret = extended_master_secret;

  283.   s3->hs->ticket_expected = ticket_expected;

  284.   s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);

  285.   s3->hs->cert_request = cert_request;

  286. 

  287.   if (s3->hs->state == state12_finish_server_handshake) {

  288.     Array<uint8_t> key_block;

  289.     if (!tls1_configure_aead(ssl, evp_aead_open, &key_block, session->cipher,

  290.                              read_iv) ||

  291.         !tls1_configure_aead(ssl, evp_aead_seal, &key_block, session->cipher,

  292.                              write_iv)) {

  293.       return false;

  294.     }

  295. 

  296.     if (!CBS_copy_bytes(&read_seq, s3->read_sequence,

  297.                         sizeof(s3->read_sequence)) ||

  298.         !CBS_copy_bytes(&write_seq, s3->write_sequence,

  299.                         sizeof(s3->write_sequence))) {

  300.       return false;

  301.     }

  302.   } else {

  303.     if (!s3->hs->transcript.Init() ||

  304.         !s3->hs->transcript.InitHash(ssl_protocol_version(ssl),

  305.                                      s3->hs->new_cipher) ||

  306.         !s3->hs->transcript.Update(transcript)) {

  307.       return false;

  308.     }

  309.     if ((s3->hs->key_share = SSLKeyShare::Create(&key_share)) == nullptr) {

  310.       return false;

  311.     }

  312.   }

  313. 

  314.   return CBS_len(&seq) == 0;

  315. }

  316. 

  317. }  // namespace bssl