1*8e5190a0Stb /* $OpenBSD: tls13_handshake_msg.c,v 1.7 2024/02/04 20:50:23 tb Exp $ */
29673436aSjsing /*
39673436aSjsing * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
49673436aSjsing *
59673436aSjsing * Permission to use, copy, modify, and distribute this software for any
69673436aSjsing * purpose with or without fee is hereby granted, provided that the above
79673436aSjsing * copyright notice and this permission notice appear in all copies.
89673436aSjsing *
99673436aSjsing * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
109673436aSjsing * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
119673436aSjsing * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
129673436aSjsing * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
139673436aSjsing * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
149673436aSjsing * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
159673436aSjsing * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
169673436aSjsing */
179673436aSjsing
189673436aSjsing #include "bytestring.h"
199673436aSjsing #include "tls13_internal.h"
209673436aSjsing
219673436aSjsing #define TLS13_HANDSHAKE_MSG_HEADER_LEN 4
229673436aSjsing #define TLS13_HANDSHAKE_MSG_INITIAL_LEN 256
239673436aSjsing #define TLS13_HANDSHAKE_MSG_MAX_LEN (256 * 1024)
249673436aSjsing
259673436aSjsing struct tls13_handshake_msg {
269673436aSjsing uint8_t msg_type;
279673436aSjsing uint32_t msg_len;
289673436aSjsing uint8_t *data;
299673436aSjsing size_t data_len;
309673436aSjsing
31f6184395Sjsing struct tls_buffer *buf;
329673436aSjsing CBS cbs;
339673436aSjsing CBB cbb;
349673436aSjsing };
359673436aSjsing
369673436aSjsing struct tls13_handshake_msg *
tls13_handshake_msg_new(void)37*8e5190a0Stb tls13_handshake_msg_new(void)
389673436aSjsing {
399673436aSjsing struct tls13_handshake_msg *msg = NULL;
409673436aSjsing
419673436aSjsing if ((msg = calloc(1, sizeof(struct tls13_handshake_msg))) == NULL)
429673436aSjsing goto err;
43f6184395Sjsing if ((msg->buf = tls_buffer_new(0)) == NULL)
449673436aSjsing goto err;
459673436aSjsing
469673436aSjsing return msg;
479673436aSjsing
489673436aSjsing err:
499673436aSjsing tls13_handshake_msg_free(msg);
509673436aSjsing
519673436aSjsing return NULL;
529673436aSjsing }
539673436aSjsing
549673436aSjsing void
tls13_handshake_msg_free(struct tls13_handshake_msg * msg)559673436aSjsing tls13_handshake_msg_free(struct tls13_handshake_msg *msg)
569673436aSjsing {
579673436aSjsing if (msg == NULL)
589673436aSjsing return;
599673436aSjsing
60f6184395Sjsing tls_buffer_free(msg->buf);
619673436aSjsing
629673436aSjsing CBB_cleanup(&msg->cbb);
639673436aSjsing
649673436aSjsing freezero(msg->data, msg->data_len);
659673436aSjsing freezero(msg, sizeof(struct tls13_handshake_msg));
669673436aSjsing }
679673436aSjsing
689673436aSjsing void
tls13_handshake_msg_data(struct tls13_handshake_msg * msg,CBS * cbs)699673436aSjsing tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs)
709673436aSjsing {
719673436aSjsing CBS_init(cbs, msg->data, msg->data_len);
729673436aSjsing }
739673436aSjsing
749673436aSjsing uint8_t
tls13_handshake_msg_type(struct tls13_handshake_msg * msg)759673436aSjsing tls13_handshake_msg_type(struct tls13_handshake_msg *msg)
769673436aSjsing {
779673436aSjsing return msg->msg_type;
789673436aSjsing }
799673436aSjsing
809673436aSjsing int
tls13_handshake_msg_content(struct tls13_handshake_msg * msg,CBS * cbs)819673436aSjsing tls13_handshake_msg_content(struct tls13_handshake_msg *msg, CBS *cbs)
829673436aSjsing {
839673436aSjsing tls13_handshake_msg_data(msg, cbs);
849673436aSjsing
859673436aSjsing return CBS_skip(cbs, TLS13_HANDSHAKE_MSG_HEADER_LEN);
869673436aSjsing }
879673436aSjsing
889673436aSjsing int
tls13_handshake_msg_start(struct tls13_handshake_msg * msg,CBB * body,uint8_t msg_type)899673436aSjsing tls13_handshake_msg_start(struct tls13_handshake_msg *msg, CBB *body,
909673436aSjsing uint8_t msg_type)
919673436aSjsing {
929673436aSjsing if (!CBB_init(&msg->cbb, TLS13_HANDSHAKE_MSG_INITIAL_LEN))
939673436aSjsing return 0;
949673436aSjsing if (!CBB_add_u8(&msg->cbb, msg_type))
959673436aSjsing return 0;
969673436aSjsing if (!CBB_add_u24_length_prefixed(&msg->cbb, body))
979673436aSjsing return 0;
989673436aSjsing
999673436aSjsing return 1;
1009673436aSjsing }
1019673436aSjsing
1029673436aSjsing int
tls13_handshake_msg_finish(struct tls13_handshake_msg * msg)1039673436aSjsing tls13_handshake_msg_finish(struct tls13_handshake_msg *msg)
1049673436aSjsing {
1059673436aSjsing if (!CBB_finish(&msg->cbb, &msg->data, &msg->data_len))
1069673436aSjsing return 0;
1079673436aSjsing
1089673436aSjsing CBS_init(&msg->cbs, msg->data, msg->data_len);
1099673436aSjsing
1109673436aSjsing return 1;
1119673436aSjsing }
1129673436aSjsing
1139673436aSjsing static ssize_t
tls13_handshake_msg_read_cb(void * buf,size_t n,void * cb_arg)1149673436aSjsing tls13_handshake_msg_read_cb(void *buf, size_t n, void *cb_arg)
1159673436aSjsing {
1169673436aSjsing struct tls13_record_layer *rl = cb_arg;
1179673436aSjsing
1189673436aSjsing return tls13_read_handshake_data(rl, buf, n);
1199673436aSjsing }
1209673436aSjsing
1219673436aSjsing int
tls13_handshake_msg_recv(struct tls13_handshake_msg * msg,struct tls13_record_layer * rl)1229673436aSjsing tls13_handshake_msg_recv(struct tls13_handshake_msg *msg,
1239673436aSjsing struct tls13_record_layer *rl)
1249673436aSjsing {
1259673436aSjsing uint8_t msg_type;
1269673436aSjsing uint32_t msg_len;
1279673436aSjsing CBS cbs;
1289673436aSjsing int ret;
1299673436aSjsing
1309673436aSjsing if (msg->data != NULL)
1319673436aSjsing return TLS13_IO_FAILURE;
1329673436aSjsing
1339673436aSjsing if (msg->msg_type == 0) {
134f6184395Sjsing if ((ret = tls_buffer_extend(msg->buf,
1359673436aSjsing TLS13_HANDSHAKE_MSG_HEADER_LEN,
1369673436aSjsing tls13_handshake_msg_read_cb, rl)) <= 0)
1379673436aSjsing return ret;
1389673436aSjsing
13924c399e9Sjsing if (!tls_buffer_data(msg->buf, &cbs))
14024c399e9Sjsing return TLS13_IO_FAILURE;
1419673436aSjsing
1429673436aSjsing if (!CBS_get_u8(&cbs, &msg_type))
1439673436aSjsing return TLS13_IO_FAILURE;
1449673436aSjsing if (!CBS_get_u24(&cbs, &msg_len))
1459673436aSjsing return TLS13_IO_FAILURE;
1469673436aSjsing
1479673436aSjsing /* XXX - do we want to make this variable on message type? */
1489673436aSjsing if (msg_len > TLS13_HANDSHAKE_MSG_MAX_LEN)
1499673436aSjsing return TLS13_IO_FAILURE;
1509673436aSjsing
1519673436aSjsing msg->msg_type = msg_type;
1529673436aSjsing msg->msg_len = msg_len;
1539673436aSjsing }
1549673436aSjsing
155f6184395Sjsing if ((ret = tls_buffer_extend(msg->buf,
1569673436aSjsing TLS13_HANDSHAKE_MSG_HEADER_LEN + msg->msg_len,
1579673436aSjsing tls13_handshake_msg_read_cb, rl)) <= 0)
1589673436aSjsing return ret;
1599673436aSjsing
160f6184395Sjsing if (!tls_buffer_finish(msg->buf, &msg->data, &msg->data_len))
1619673436aSjsing return TLS13_IO_FAILURE;
1629673436aSjsing
1639673436aSjsing return TLS13_IO_SUCCESS;
1649673436aSjsing }
1659673436aSjsing
1669673436aSjsing int
tls13_handshake_msg_send(struct tls13_handshake_msg * msg,struct tls13_record_layer * rl)1679673436aSjsing tls13_handshake_msg_send(struct tls13_handshake_msg *msg,
1689673436aSjsing struct tls13_record_layer *rl)
1699673436aSjsing {
1709673436aSjsing ssize_t ret;
1719673436aSjsing
1729673436aSjsing if (msg->data == NULL)
1739673436aSjsing return TLS13_IO_FAILURE;
1749673436aSjsing
1759673436aSjsing if (CBS_len(&msg->cbs) == 0)
1769673436aSjsing return TLS13_IO_FAILURE;
1779673436aSjsing
1789673436aSjsing while (CBS_len(&msg->cbs) > 0) {
1799673436aSjsing if ((ret = tls13_write_handshake_data(rl, CBS_data(&msg->cbs),
1809673436aSjsing CBS_len(&msg->cbs))) <= 0)
1819673436aSjsing return ret;
1829673436aSjsing
1839673436aSjsing if (!CBS_skip(&msg->cbs, ret))
1849673436aSjsing return TLS13_IO_FAILURE;
1859673436aSjsing }
1869673436aSjsing
1879673436aSjsing return TLS13_IO_SUCCESS;
1889673436aSjsing }
189