X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/libsecurity_ssl/lib/tls1RecordCallouts.c?ds=inline diff --git a/libsecurity_ssl/lib/tls1RecordCallouts.c b/libsecurity_ssl/lib/tls1RecordCallouts.c deleted file mode 100644 index a3e2da9d..00000000 --- a/libsecurity_ssl/lib/tls1RecordCallouts.c +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright (c) 2002,2005-2007,2010-2011 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * tls1RecordCallouts.c - TLSv1-specific routines for SslTlsCallouts. - */ - -/* THIS FILE CONTAINS KERNEL CODE */ - -#include "tls_record.h" -#include "sslMemory.h" -#include "sslDebug.h" -#include "sslUtils.h" - -#include -#include - -/* not needed; encrypt/encode is the same for both protocols as long as - * we don't use the "variable length padding" feature. */ -#if 0 -static int tls1WriteRecord( - SSLRecord rec, - SSLContext *ctx) -{ - check(0); - return errSecUnimplemented; -} -#endif - -static int tls1DecryptRecord( - uint8_t type, - SSLBuffer *payload, - struct SSLRecordInternalContext *ctx) -{ - int err; - SSLBuffer content; - - if ((ctx->readCipher.symCipher->params->blockSize > 0) && - ((payload->length % ctx->readCipher.symCipher->params->blockSize) != 0)) { - return errSSLRecordRecordOverflow; - } - - /* Decrypt in place */ - if ((err = ctx->readCipher.symCipher->c.cipher.decrypt(payload->data, - payload->data, payload->length, - ctx->readCipher.cipherCtx)) != 0) - { - return errSSLRecordDecryptionFail; - } - - /* Locate content within decrypted payload */ - - /* TLS 1.1 and DTLS 1.0 block ciphers */ - if((ctx->negProtocolVersion>=TLS_Version_1_1) && (ctx->readCipher.symCipher->params->blockSize>0)) - { - content.data = payload->data + ctx->readCipher.symCipher->params->blockSize; - content.length = payload->length - (ctx->readCipher.macRef->hash->digestSize + ctx->readCipher.symCipher->params->blockSize); - } else { - content.data = payload->data; - content.length = payload->length - ctx->readCipher.macRef->hash->digestSize; - } - - /* Test for underflow - if the record size is smaller than required */ - if(content.length > payload->length) { - return errSSLRecordClosedAbort; - } - - err = 0; - - if (ctx->readCipher.symCipher->params->blockSize > 0) { - /* for TLSv1, padding can be anywhere from 0 to 255 bytes */ - uint8_t padSize = payload->data[payload->length - 1]; - - /* Padding check sequence: - 1. Check that the padding size (last byte in padding) is within bound - 2. Adjust content.length accordingly - 3. Check every padding byte (except last, already checked) - Do not return, just set the error value on failure, - to avoid creating a padding oracle with timing. - */ - if(padSize+1<=content.length) { - uint8_t *padChars; - content.length -= (1 + padSize); - padChars = payload->data + payload->length - (padSize+1); - while(padChars < (payload->data + payload->length - 1)) { - if(*padChars++ != padSize) { - err = errSSLRecordBadRecordMac; - } - } - } else { - err = errSSLRecordBadRecordMac; - } - } - - /* Verify MAC on payload */ - if (ctx->readCipher.macRef->hash->digestSize > 0) - /* Optimize away MAC for null case */ - if (SSLVerifyMac(type, &content, - content.data + content.length, ctx) != 0) - { - err = errSSLRecordBadRecordMac; - } - - *payload = content; /* Modify payload buffer to indicate content length */ - - return err; -} - -/* initialize a per-CipherContext HashHmacContext for use in MACing each record */ -static int tls1InitMac ( - CipherContext *cipherCtx) // macRef, macSecret valid on entry - // macCtx valid on return -{ - const HMACReference *hmac; - int serr; - - check(cipherCtx); - check(cipherCtx->macRef != NULL); - hmac = cipherCtx->macRef->hmac; - check(hmac != NULL); - - if(cipherCtx->macCtx.hmacCtx != NULL) { - hmac->free(cipherCtx->macCtx.hmacCtx); - cipherCtx->macCtx.hmacCtx = NULL; - } - serr = hmac->alloc(hmac, cipherCtx->macSecret, - cipherCtx->macRef->hmac->macSize, &cipherCtx->macCtx.hmacCtx); - - /* mac secret now stored in macCtx.hmacCtx, delete it from cipherCtx */ - memset(cipherCtx->macSecret, 0, sizeof(cipherCtx->macSecret)); - return serr; -} - -static int tls1FreeMac ( - CipherContext *cipherCtx) -{ - /* this can be called on a completely zeroed out CipherContext... */ - if(cipherCtx->macRef == NULL) { - return 0; - } - check(cipherCtx->macRef->hmac != NULL); - - if(cipherCtx->macCtx.hmacCtx != NULL) { - cipherCtx->macRef->hmac->free(cipherCtx->macCtx.hmacCtx); - cipherCtx->macCtx.hmacCtx = NULL; - } - return 0; -} - -/* - * mac = HMAC_hash(MAC_write_secret, seq_num + TLSCompressed.type + - * TLSCompressed.version + TLSCompressed.length + - * TLSCompressed.fragment)); - */ - -/* sequence, type, version, length */ -#define HDR_LENGTH (8 + 1 + 2 + 2) -static int tls1ComputeMac ( - uint8_t type, - SSLBuffer data, - SSLBuffer mac, // caller mallocs data - CipherContext *cipherCtx, // assumes macCtx, macRef - sslUint64 seqNo, - struct SSLRecordInternalContext *ctx) -{ - uint8_t hdr[HDR_LENGTH]; - uint8_t *p; - HMACContextRef hmacCtx; - int serr; - const HMACReference *hmac; - size_t macLength; - - check(cipherCtx != NULL); - check(cipherCtx->macRef != NULL); - hmac = cipherCtx->macRef->hmac; - check(hmac != NULL); - hmacCtx = cipherCtx->macCtx.hmacCtx; // may be NULL, for null cipher - - serr = hmac->init(hmacCtx); - if(serr) { - goto fail; - } - p = SSLEncodeUInt64(hdr, seqNo); - *p++ = type; - *p++ = ctx->negProtocolVersion >> 8; - *p++ = ctx->negProtocolVersion & 0xff; - *p++ = data.length >> 8; - *p = data.length & 0xff; - serr = hmac->update(hmacCtx, hdr, HDR_LENGTH); - if(serr) { - goto fail; - } - serr = hmac->update(hmacCtx, data.data, data.length); - if(serr) { - goto fail; - } - macLength = mac.length; - serr = hmac->final(hmacCtx, mac.data, &macLength); - if(serr) { - goto fail; - } - mac.length = macLength; -fail: - return serr; -} - -const SslRecordCallouts Tls1RecordCallouts = { - tls1DecryptRecord, - ssl3WriteRecord, - tls1InitMac, - tls1FreeMac, - tls1ComputeMac, -}; -