1 /*
2 * DTLS implementation written by Nagendra Modadugu
3 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
4 */
5 /* ====================================================================
6 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com). */
56
57 #include <openssl/ssl.h>
58
59 #include <assert.h>
60 #include <string.h>
61
62 #include <openssl/buf.h>
63 #include <openssl/err.h>
64
65 #include "../crypto/internal.h"
66 #include "internal.h"
67
68
dtls1_version_from_wire(uint16_t * out_version,uint16_t wire_version)69 static int dtls1_version_from_wire(uint16_t *out_version,
70 uint16_t wire_version) {
71 switch (wire_version) {
72 case DTLS1_VERSION:
73 /* DTLS 1.0 maps to TLS 1.1, not TLS 1.0. */
74 *out_version = TLS1_1_VERSION;
75 return 1;
76 case DTLS1_2_VERSION:
77 *out_version = TLS1_2_VERSION;
78 return 1;
79 }
80
81 return 0;
82 }
83
dtls1_version_to_wire(uint16_t version)84 static uint16_t dtls1_version_to_wire(uint16_t version) {
85 switch (version) {
86 case TLS1_1_VERSION:
87 /* DTLS 1.0 maps to TLS 1.1, not TLS 1.0. */
88 return DTLS1_VERSION;
89 case TLS1_2_VERSION:
90 return DTLS1_2_VERSION;
91 }
92
93 /* It is an error to use this function with an invalid version. */
94 assert(0);
95 return 0;
96 }
97
dtls1_supports_cipher(const SSL_CIPHER * cipher)98 static int dtls1_supports_cipher(const SSL_CIPHER *cipher) {
99 return cipher->algorithm_enc != SSL_eNULL;
100 }
101
dtls1_expect_flight(SSL * ssl)102 static void dtls1_expect_flight(SSL *ssl) { dtls1_start_timer(ssl); }
103
dtls1_received_flight(SSL * ssl)104 static void dtls1_received_flight(SSL *ssl) { dtls1_stop_timer(ssl); }
105
dtls1_set_read_state(SSL * ssl,SSL_AEAD_CTX * aead_ctx)106 static int dtls1_set_read_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) {
107 /* Cipher changes are illegal when there are buffered incoming messages. */
108 if (dtls_has_incoming_messages(ssl)) {
109 OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE);
110 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
111 SSL_AEAD_CTX_free(aead_ctx);
112 return 0;
113 }
114
115 ssl->d1->r_epoch++;
116 OPENSSL_memset(&ssl->d1->bitmap, 0, sizeof(ssl->d1->bitmap));
117 OPENSSL_memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence));
118
119 SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx);
120 ssl->s3->aead_read_ctx = aead_ctx;
121 return 1;
122 }
123
dtls1_set_write_state(SSL * ssl,SSL_AEAD_CTX * aead_ctx)124 static int dtls1_set_write_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) {
125 ssl->d1->w_epoch++;
126 OPENSSL_memcpy(ssl->d1->last_write_sequence, ssl->s3->write_sequence,
127 sizeof(ssl->s3->write_sequence));
128 OPENSSL_memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence));
129
130 SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx);
131 ssl->s3->aead_write_ctx = aead_ctx;
132 return 1;
133 }
134
135 static const SSL_PROTOCOL_METHOD kDTLSProtocolMethod = {
136 1 /* is_dtls */,
137 TLS1_1_VERSION,
138 TLS1_2_VERSION,
139 dtls1_version_from_wire,
140 dtls1_version_to_wire,
141 dtls1_new,
142 dtls1_free,
143 dtls1_get_message,
144 dtls1_get_current_message,
145 dtls1_release_current_message,
146 dtls1_read_app_data,
147 dtls1_read_change_cipher_spec,
148 dtls1_read_close_notify,
149 dtls1_write_app_data,
150 dtls1_dispatch_alert,
151 dtls1_supports_cipher,
152 dtls1_init_message,
153 dtls1_finish_message,
154 dtls1_add_message,
155 dtls1_add_change_cipher_spec,
156 dtls1_add_alert,
157 dtls1_flush_flight,
158 dtls1_expect_flight,
159 dtls1_received_flight,
160 dtls1_set_read_state,
161 dtls1_set_write_state,
162 };
163
DTLS_method(void)164 const SSL_METHOD *DTLS_method(void) {
165 static const SSL_METHOD kMethod = {
166 0,
167 &kDTLSProtocolMethod,
168 &ssl_crypto_x509_method,
169 };
170 return &kMethod;
171 }
172
173 /* Legacy version-locked methods. */
174
DTLSv1_2_method(void)175 const SSL_METHOD *DTLSv1_2_method(void) {
176 static const SSL_METHOD kMethod = {
177 DTLS1_2_VERSION,
178 &kDTLSProtocolMethod,
179 &ssl_crypto_x509_method,
180 };
181 return &kMethod;
182 }
183
DTLSv1_method(void)184 const SSL_METHOD *DTLSv1_method(void) {
185 static const SSL_METHOD kMethod = {
186 DTLS1_VERSION,
187 &kDTLSProtocolMethod,
188 &ssl_crypto_x509_method,
189 };
190 return &kMethod;
191 }
192
193 /* Legacy side-specific methods. */
194
DTLSv1_2_server_method(void)195 const SSL_METHOD *DTLSv1_2_server_method(void) {
196 return DTLSv1_2_method();
197 }
198
DTLSv1_server_method(void)199 const SSL_METHOD *DTLSv1_server_method(void) {
200 return DTLSv1_method();
201 }
202
DTLSv1_2_client_method(void)203 const SSL_METHOD *DTLSv1_2_client_method(void) {
204 return DTLSv1_2_method();
205 }
206
DTLSv1_client_method(void)207 const SSL_METHOD *DTLSv1_client_method(void) {
208 return DTLSv1_method();
209 }
210
DTLS_server_method(void)211 const SSL_METHOD *DTLS_server_method(void) {
212 return DTLS_method();
213 }
214
DTLS_client_method(void)215 const SSL_METHOD *DTLS_client_method(void) {
216 return DTLS_method();
217 }
218