[apple/security.git] / SecureTransport / sslHandshakeFinish.cpp

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


/*
	File:		sslHandshakeFinish.c

	Contains:	Finished and server hello done messages. 

	Written by:	Doug Mitchell

	Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.

*/

#include "sslContext.h"
#include "sslHandshake.h"
#include "sslMemory.h"
#include "sslDebug.h"
#include "sslUtils.h"
#include "sslDigests.h"

#include <string.h>
#include <assert.h>

OSStatus
SSLEncodeFinishedMessage(SSLRecord &finished, SSLContext *ctx)
{   OSStatus        err;
    SSLBuffer       finishedMsg, shaMsgState, md5MsgState;
    Boolean         isServerMsg;
    unsigned		finishedSize;
	
    shaMsgState.data = 0;
    md5MsgState.data = 0;
    
	/* size and version depend on negotiatedProtocol */
	switch(ctx->negProtocolVersion) {
		case SSL_Version_3_0:
			finished.protocolVersion = SSL_Version_3_0;
			finishedSize = 36;
			break;
		case TLS_Version_1_0:
			finished.protocolVersion = TLS_Version_1_0;
			finishedSize = 12;
			break;
		default:
			assert(0);
			return errSSLInternal;
	}
    finished.contentType = SSL_RecordTypeHandshake;
	/* msg = type + 3 bytes len + finishedSize */
    if ((err = SSLAllocBuffer(finished.contents, finishedSize + 4, 
			ctx)) != 0)
        return err;
    
    finished.contents.data[0] = SSL_HdskFinished;
    SSLEncodeInt(finished.contents.data + 1, finishedSize, 3);
    
    finishedMsg.data = finished.contents.data + 4;
    finishedMsg.length = finishedSize;
    
    if ((err = CloneHashState(SSLHashSHA1, ctx->shaState, shaMsgState, ctx)) != 0)
        goto fail;
    if ((err = CloneHashState(SSLHashMD5, ctx->md5State, md5MsgState, ctx)) != 0)
        goto fail;
    isServerMsg = (ctx->protocolSide == SSL_ServerSide) ? true : false;
    if ((err = ctx->sslTslCalls->computeFinishedMac(ctx, finishedMsg, 
			shaMsgState, md5MsgState, isServerMsg)) != 0)
        goto fail;  
    
fail:
    SSLFreeBuffer(shaMsgState, ctx);
    SSLFreeBuffer(md5MsgState, ctx);
    return err;
}

OSStatus
SSLProcessFinished(SSLBuffer message, SSLContext *ctx)
{   OSStatus        err;
    SSLBuffer       expectedFinished, shaMsgState, md5MsgState;
    Boolean         isServerMsg;
    unsigned		finishedSize;
    
	switch(ctx->negProtocolVersion) {
		case SSL_Version_3_0:
			finishedSize = 36;
			break;
		case TLS_Version_1_0:
			finishedSize = 12;
			break;
		default:
			assert(0);
			return errSSLInternal;
	}
    if (message.length != finishedSize) {
		sslErrorLog("SSLProcessFinished: msg len error 1\n");
        return errSSLProtocol;
    }
    expectedFinished.data = 0;
    if ((err = SSLAllocBuffer(expectedFinished, finishedSize, ctx)) != 0)
        return err;
    shaMsgState.data = 0;
    if ((err = CloneHashState(SSLHashSHA1, ctx->shaState, shaMsgState, ctx)) != 0)
        goto fail;
    md5MsgState.data = 0;
    if ((err = CloneHashState(SSLHashMD5, ctx->md5State, md5MsgState, ctx)) != 0)
        goto fail;
    isServerMsg = (ctx->protocolSide == SSL_ServerSide) ? false : true;
    if ((err = ctx->sslTslCalls->computeFinishedMac(ctx, expectedFinished, 
			shaMsgState, md5MsgState, isServerMsg)) != 0)
        goto fail;

    if (memcmp(expectedFinished.data, message.data, finishedSize) != 0)
    {  
   		sslErrorLog("SSLProcessFinished: memcmp failure\n");
   	 	err = errSSLProtocol;
        goto fail;
    }
    
fail:
    SSLFreeBuffer(expectedFinished, ctx);
    SSLFreeBuffer(shaMsgState, ctx);
    SSLFreeBuffer(md5MsgState, ctx);
    return err;
}

OSStatus
SSLEncodeServerHelloDone(SSLRecord &helloDone, SSLContext *ctx)
{   OSStatus          err;
    
    helloDone.contentType = SSL_RecordTypeHandshake;
	assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
		   (ctx->negProtocolVersion == TLS_Version_1_0));
    helloDone.protocolVersion = ctx->negProtocolVersion;
    if ((err = SSLAllocBuffer(helloDone.contents, 4, ctx)) != 0)
        return err;
    helloDone.contents.data[0] = SSL_HdskServerHelloDone;
    SSLEncodeInt(helloDone.contents.data+1, 0, 3);     /* Message has 0 length */
    return noErr;
}

OSStatus
SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx)
{   assert(ctx->protocolSide == SSL_ClientSide);
    if (message.length != 0) {
    	sslErrorLog("SSLProcessServerHelloDone: nonzero msg len\n");
        return errSSLProtocol;
    }
    return noErr;
}
Commit	Line	Data
5a719ac8 A	1	/*
	2	* Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	/*
	20	File: sslHandshakeFinish.c
	21
	22	Contains: Finished and server hello done messages.
	23
	24	Written by: Doug Mitchell
	25
	26	Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
	27
	28	*/
	29
	30	#include "sslContext.h"
	31	#include "sslHandshake.h"
	32	#include "sslMemory.h"
	33	#include "sslDebug.h"
	34	#include "sslUtils.h"
	35	#include "sslDigests.h"
	36
	37	#include <string.h>
	38	#include <assert.h>
	39
	40	OSStatus
	41	SSLEncodeFinishedMessage(SSLRecord &finished, SSLContext *ctx)
	42	{ OSStatus err;
	43	SSLBuffer finishedMsg, shaMsgState, md5MsgState;
	44	Boolean isServerMsg;
	45	unsigned finishedSize;
	46
	47	shaMsgState.data = 0;
	48	md5MsgState.data = 0;
	49
	50	/* size and version depend on negotiatedProtocol */
	51	switch(ctx->negProtocolVersion) {
	52	case SSL_Version_3_0:
	53	finished.protocolVersion = SSL_Version_3_0;
	54	finishedSize = 36;
	55	break;
	56	case TLS_Version_1_0:
	57	finished.protocolVersion = TLS_Version_1_0;
	58	finishedSize = 12;
	59	break;
	60	default:
	61	assert(0);
	62	return errSSLInternal;
	63	}
	64	finished.contentType = SSL_RecordTypeHandshake;
65	/* msg = type + 3 bytes len + finishedSize */
66	if ((err = SSLAllocBuffer(finished.contents, finishedSize + 4,
67	ctx)) != 0)
68	return err;
69
70	finished.contents.data[0] = SSL_HdskFinished;
71	SSLEncodeInt(finished.contents.data + 1, finishedSize, 3);
72
73	finishedMsg.data = finished.contents.data + 4;
74	finishedMsg.length = finishedSize;
75
76	if ((err = CloneHashState(SSLHashSHA1, ctx->shaState, shaMsgState, ctx)) != 0)
77	goto fail;
78	if ((err = CloneHashState(SSLHashMD5, ctx->md5State, md5MsgState, ctx)) != 0)
79	goto fail;
80	isServerMsg = (ctx->protocolSide == SSL_ServerSide) ? true : false;
81	if ((err = ctx->sslTslCalls->computeFinishedMac(ctx, finishedMsg,
82	shaMsgState, md5MsgState, isServerMsg)) != 0)
83	goto fail;
84
85	fail:
86	SSLFreeBuffer(shaMsgState, ctx);
87	SSLFreeBuffer(md5MsgState, ctx);
88	return err;
89	}
90
91	OSStatus
92	SSLProcessFinished(SSLBuffer message, SSLContext *ctx)
93	{ OSStatus err;
94	SSLBuffer expectedFinished, shaMsgState, md5MsgState;
95	Boolean isServerMsg;
96	unsigned finishedSize;
97
98	switch(ctx->negProtocolVersion) {
99	case SSL_Version_3_0:
100	finishedSize = 36;
101	break;
102	case TLS_Version_1_0:
103	finishedSize = 12;
104	break;
105	default:
106	assert(0);
107	return errSSLInternal;
108	}
109	if (message.length != finishedSize) {
110	sslErrorLog("SSLProcessFinished: msg len error 1\n");
111	return errSSLProtocol;
112	}
113	expectedFinished.data = 0;
114	if ((err = SSLAllocBuffer(expectedFinished, finishedSize, ctx)) != 0)
115	return err;
116	shaMsgState.data = 0;
117	if ((err = CloneHashState(SSLHashSHA1, ctx->shaState, shaMsgState, ctx)) != 0)
118	goto fail;
119	md5MsgState.data = 0;
120	if ((err = CloneHashState(SSLHashMD5, ctx->md5State, md5MsgState, ctx)) != 0)
121	goto fail;
122	isServerMsg = (ctx->protocolSide == SSL_ServerSide) ? false : true;
123	if ((err = ctx->sslTslCalls->computeFinishedMac(ctx, expectedFinished,
124	shaMsgState, md5MsgState, isServerMsg)) != 0)
125	goto fail;
126
127	if (memcmp(expectedFinished.data, message.data, finishedSize) != 0)
128	{
129	sslErrorLog("SSLProcessFinished: memcmp failure\n");
130	err = errSSLProtocol;
131	goto fail;
132	}
133
134	fail:
135	SSLFreeBuffer(expectedFinished, ctx);
136	SSLFreeBuffer(shaMsgState, ctx);
137	SSLFreeBuffer(md5MsgState, ctx);
138	return err;
139	}
140
141	OSStatus
142	SSLEncodeServerHelloDone(SSLRecord &helloDone, SSLContext *ctx)
143	{ OSStatus err;
144
145	helloDone.contentType = SSL_RecordTypeHandshake;
146	assert((ctx->negProtocolVersion == SSL_Version_3_0) \|\|
147	(ctx->negProtocolVersion == TLS_Version_1_0));
148	helloDone.protocolVersion = ctx->negProtocolVersion;
149	if ((err = SSLAllocBuffer(helloDone.contents, 4, ctx)) != 0)
150	return err;
151	helloDone.contents.data[0] = SSL_HdskServerHelloDone;
152	SSLEncodeInt(helloDone.contents.data+1, 0, 3); /* Message has 0 length */
153	return noErr;
154	}
155
156	OSStatus
157	SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx)
158	{ assert(ctx->protocolSide == SSL_ClientSide);
159	if (message.length != 0) {
160	sslErrorLog("SSLProcessServerHelloDone: nonzero msg len\n");
161	return errSSLProtocol;
162	}
163	return noErr;
164	}