SecureTransport/hdskfini.c

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         File:           hdskfini.c
  21
  22         Contains:       Finished and server hello done messages.
  23
  24         Written by:     Doug Mitchell, based on Netscape SSLRef 3.0
  25
  26         Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
  27
  28 */
  29 /*  *********************************************************************
  30     File: hdskfini.c
  31
  32     SSLRef 3.0 Final -- 11/19/96
  33
  34     Copyright (c)1996 by Netscape Communications Corp.
  35
  36     By retrieving this software you are bound by the licensing terms
  37     disclosed in the file "LICENSE.txt". Please read it, and if you don't
  38     accept the terms, delete this software.
  39
  40     SSLRef 3.0 was developed by Netscape Communications Corp. of Mountain
  41     View, California <http://home.netscape.com/> and Consensus Development
  42     Corporation of Berkeley, California <http://www.consensus.com/>.
  43
  44     *********************************************************************
  45
  46     File: hdskfini.c   Finished and server hello done messages
  47
  48     Support for encoding and decoding finished and server hello done
  49     messgages. Also includes the necessary calculations for the Finished
  50     message; note that the same function is used to calculate certificate
  51     verify message hashes (without the 'SRVR' or 'CLNT' protocol side
  52     identifier).
  53
  54     ****************************************************************** */
  55
  56 #ifndef _SSLCTX_H_
  57 #include "sslctx.h"
  58 #endif
  59
  60 #ifndef _SSLHDSHK_H_
  61 #include "sslhdshk.h"
  62 #endif
  63
  64 #ifndef _SSLALLOC_H_
  65 #include "sslalloc.h"
  66 #endif
  67
  68 #ifndef _SSL_DEBUG_H_
  69 #include "sslDebug.h"
  70 #endif
  71
  72 #ifndef _SSLUTIL_H_
  73 #include "sslutil.h"
  74 #endif
  75
  76 #ifndef _DIGESTS_H_
  77 #include "digests.h"
  78 #endif
  79
  80 #include <string.h>
  81 #include <assert.h>
  82
  83 SSLErr
  84 SSLEncodeFinishedMessage(SSLRecord *finished, SSLContext *ctx)
  85 {   SSLErr          err;
  86     SSLBuffer       finishedMsg, shaMsgState, md5MsgState;
  87     Boolean         isServerMsg;
  88     unsigned            finishedSize;
  89
  90     shaMsgState.data = 0;
  91     md5MsgState.data = 0;
  92
  93         /* size and version depend on negotiatedProtocol */
  94         switch(ctx->negProtocolVersion) {
  95                 case SSL_Version_3_0:
  96                         finished->protocolVersion = SSL_Version_3_0;
  97                         finishedSize = 36;
  98                         break;
  99                 case TLS_Version_1_0:
 100                         finished->protocolVersion = TLS_Version_1_0;
 101                         finishedSize = 12;
 102                         break;
 103                 default:
 104                         assert(0);
 105                         return SSLInternalError;
 106         }
 107     finished->contentType = SSL_handshake;
 108         /* msg = type + 3 bytes len + finishedSize */
 109     if ((err = SSLAllocBuffer(&finished->contents, finishedSize + 4,
 110                         &ctx->sysCtx)) != 0)
 111         return err;
 112
 113     finished->contents.data[0] = SSL_finished;
 114     SSLEncodeInt(finished->contents.data + 1, finishedSize, 3);
 115
 116     finishedMsg.data = finished->contents.data + 4;
 117     finishedMsg.length = finishedSize;
 118
 119     if ((err = CloneHashState(&SSLHashSHA1, ctx->shaState, &shaMsgState, ctx)) != 0)
 120         goto fail;
 121     if ((err = CloneHashState(&SSLHashMD5, ctx->md5State, &md5MsgState, ctx)) != 0)
 122         goto fail;
 123     isServerMsg = (ctx->protocolSide == SSL_ServerSide) ? true : false;
 124     if ((err = ctx->sslTslCalls->computeFinishedMac(ctx, finishedMsg,
 125                         shaMsgState, md5MsgState, isServerMsg)) != 0)
 126         goto fail;
 127
 128 fail:
 129     SSLFreeBuffer(&shaMsgState, &ctx->sysCtx);
 130     SSLFreeBuffer(&md5MsgState, &ctx->sysCtx);
 131     return err;
 132 }
 133
 134 SSLErr
 135 SSLProcessFinished(SSLBuffer message, SSLContext *ctx)
 136 {   SSLErr          err;
 137     SSLBuffer       expectedFinished, shaMsgState, md5MsgState;
 138     Boolean         isServerMsg;
 139     unsigned            finishedSize;
 140
 141         switch(ctx->negProtocolVersion) {
 142                 case SSL_Version_3_0:
 143                         finishedSize = 36;
 144                         break;
 145                 case TLS_Version_1_0:
 146                         finishedSize = 12;
 147                         break;
 148                 default:
 149                         assert(0);
 150                         return SSLInternalError;
 151         }
 152     if (message.length != finishedSize) {
 153                 errorLog0("SSLProcessFinished: msg len error 1\n");
 154         return SSLProtocolErr;
 155     }
 156     expectedFinished.data = 0;
 157     if ((err = SSLAllocBuffer(&expectedFinished, finishedSize, &ctx->sysCtx)) != 0)
 158         return err;
 159     shaMsgState.data = 0;
 160     if ((err = CloneHashState(&SSLHashSHA1, ctx->shaState, &shaMsgState, ctx)) != 0)
 161         goto fail;
 162     md5MsgState.data = 0;
 163     if ((err = CloneHashState(&SSLHashMD5, ctx->md5State, &md5MsgState, ctx)) != 0)
 164         goto fail;
 165     isServerMsg = (ctx->protocolSide == SSL_ServerSide) ? false : true;
 166     if ((err = ctx->sslTslCalls->computeFinishedMac(ctx, expectedFinished,
 167                         shaMsgState, md5MsgState, isServerMsg)) != 0)
 168         goto fail;
 169
 170     if (memcmp(expectedFinished.data, message.data, finishedSize) != 0)
 171     {
 172                 errorLog0("SSLProcessFinished: memcmp failure\n");
 173                 err = SSLProtocolErr;
 174         goto fail;
 175     }
 176
 177 fail:
 178     SSLFreeBuffer(&expectedFinished, &ctx->sysCtx);
 179     SSLFreeBuffer(&shaMsgState, &ctx->sysCtx);
 180     SSLFreeBuffer(&md5MsgState, &ctx->sysCtx);
 181     return err;
 182 }
 183
 184 SSLErr
 185 SSLEncodeServerHelloDone(SSLRecord *helloDone, SSLContext *ctx)
 186 {   SSLErr          err;
 187
 188     helloDone->contentType = SSL_handshake;
 189         assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
 190                    (ctx->negProtocolVersion == TLS_Version_1_0));
 191     helloDone->protocolVersion = ctx->negProtocolVersion;
 192     if ((err = SSLAllocBuffer(&helloDone->contents, 4, &ctx->sysCtx)) != 0)
 193         return err;
 194     helloDone->contents.data[0] = SSL_server_hello_done;
 195     SSLEncodeInt(helloDone->contents.data+1, 0, 3);     /* Message has 0 length */
 196     return SSLNoErr;
 197 }
 198
 199 SSLErr
 200 SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx)
 201 {   CASSERT(ctx->protocolSide == SSL_ClientSide);
 202     if (message.length != 0) {
 203         errorLog0("SSLProcessServerHelloDone: nonzero msg len\n");
 204         return SSLProtocolErr;
 205     }
 206     return SSLNoErr;
 207 }