SecureTransport/hdskchgc.c

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         File:           hdskchgc.c
  21
  22         Contains:       support for change cipher spec messages
  23
  24         Written by:     Doug Mitchell, based on Netscape SSLRef 3.0
  25
  26         Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
  27
  28 */
  29 /*  *********************************************************************
  30     File: hdskchgc.c
  31
  32     SSLRef 3.0 Final -- 11/19/96
  33
  34     Copyright (c)1996 by Netscape Communications Corp.
  35
  36     By retrieving this software you are bound by the licensing terms
  37     disclosed in the file "LICENSE.txt". Please read it, and if you don't
  38     accept the terms, delete this software.
  39
  40     SSLRef 3.0 was developed by Netscape Communications Corp. of Mountain
  41     View, California <http://home.netscape.com/> and Consensus Development
  42     Corporation of Berkeley, California <http://www.consensus.com/>.
  43
  44     *********************************************************************
  45
  46     File: hdskchgc.c   Contains support for change cipher spec messages
  47
  48     Simple support for encoding and decoding change cipher spec messages;
  49     the decode message also installs the pending read cipher (if it is
  50     ready).
  51
  52     ****************************************************************** */
  53
  54 #ifndef _SSLCTX_H_
  55 #include "sslctx.h"
  56 #endif
  57
  58 #ifndef _SSLHDSHK_H_
  59 #include "sslhdshk.h"
  60 #endif
  61
  62 #ifndef _SSLALLOC_H_
  63 #include "sslalloc.h"
  64 #endif
  65
  66 #ifndef _SSLALERT_H_
  67 #include "sslalert.h"
  68 #endif
  69
  70 #ifndef _SSL_DEBUG_H_
  71 #include "sslDebug.h"
  72 #endif
  73
  74 #include <assert.h>
  75 #include <string.h>
  76
  77 SSLErr
  78 SSLEncodeChangeCipherSpec(SSLRecord *rec, SSLContext *ctx)
  79 {   SSLErr          err;
  80
  81     CASSERT(ctx->writePending.ready);
  82
  83     #if LOG_NEGOTIATE
  84     dprintf0("===Sending changeCipherSpec msg\n");
  85     #endif
  86     rec->contentType = SSL_change_cipher_spec;
  87         assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
  88                    (ctx->negProtocolVersion == TLS_Version_1_0));
  89     rec->protocolVersion = ctx->negProtocolVersion;
  90     rec->contents.length = 1;
  91     if ((err = SSLAllocBuffer(&rec->contents, 1, &ctx->sysCtx)) != 0)
  92         return err;
  93     rec->contents.data[0] = 1;
  94
  95     return SSLNoErr;
  96 }
  97
  98 SSLErr
  99 SSLProcessChangeCipherSpec(SSLRecord rec, SSLContext *ctx)
 100 {   SSLErr          err;
 101
 102     if (rec.contents.length != 1 || rec.contents.data[0] != 1)
 103     {   SSLFatalSessionAlert(alert_unexpected_message, ctx);
 104         errorLog2("***bad changeCipherSpec msg: length %d data 0x%x\n",
 105                 (unsigned)rec.contents.length, (unsigned)rec.contents.data[0]);
 106         return SSLProtocolErr;
 107     }
 108
 109     if (!ctx->readPending.ready || ctx->state != HandshakeChangeCipherSpec)
 110     {   SSLFatalSessionAlert(alert_unexpected_message, ctx);
 111         errorLog2("***bad changeCipherSpec msg: readPending.ready %d state %d\n",
 112                 (unsigned)ctx->readPending.ready, (unsigned)ctx->state);
 113         return SSLProtocolErr;
 114     }
 115
 116     #if LOG_NEGOTIATE
 117     dprintf0("===Processing changeCipherSpec msg\n");
 118     #endif
 119
 120     /* Install new cipher spec on read side */
 121     if ((err = SSLDisposeCipherSuite(&ctx->readCipher, ctx)) != 0)
 122     {   SSLFatalSessionAlert(alert_close_notify, ctx);
 123         return err;
 124     }
 125     ctx->readCipher = ctx->readPending;
 126     ctx->readCipher.ready = 0;      /* Can't send data until Finished is sent */
 127     SSLChangeHdskState(ctx, HandshakeFinished);
 128     memset(&ctx->readPending, 0, sizeof(CipherContext));        /* Zero out old data */
 129     return SSLNoErr;
 130 }
 131
 132 SSLErr
 133 SSLDisposeCipherSuite(CipherContext *cipher, SSLContext *ctx)
 134 {   SSLErr      err;
 135
 136         /* symmetric key */
 137     if (cipher->symKey)
 138     {   if ((err = cipher->symCipher->finish(cipher, ctx)) != 0)
 139             return err;
 140         cipher->symKey = 0;
 141     }
 142
 143         /* per-record hash/hmac context */
 144         ctx->sslTslCalls->freeMac(cipher);
 145
 146     return SSLNoErr;
 147 }