TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c8a392c47e1c71b67b90c47f509f47fc57cefdc9 / . / library / ssl_tls13_client.c
blob: b06147c0c9916616cc546cee4515a0d27cb36125 [file] [log] [blame]
Jerry Yu3cc4c2a2021-08-06 16:29:08 +0800[diff] [blame]1/*
2 * TLS 1.3 client-side functions
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS ( https://tls.mbed.org )
20 */
21
22#include "common.h"
23
24#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
25
26#if defined(MBEDTLS_SSL_CLI_C)
27
28#include "ssl_misc.h"
Jerry Yua13c7e72021-08-17 10:44:40 +0800[diff] [blame]29#include <mbedtls/debug.h>
30
Jerry Yu65dd2cc2021-08-18 16:38:40 +0800[diff] [blame]31/* Main entry point; orchestrates the other functions */
Jerry Yua13c7e72021-08-17 10:44:40 +0800[diff] [blame]32static int ssl_client_hello_process( mbedtls_ssl_context* ssl );
Jerry Yu3cc4c2a2021-08-06 16:29:08 +0800[diff] [blame]33
Jerry Yub9930e72021-08-06 17:11:51 +0800[diff] [blame]34int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
35{
Jerry Yua13c7e72021-08-17 10:44:40 +0800[diff] [blame]36 int ret = 0;
37
38 if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
39 {
40 MBEDTLS_SSL_DEBUG_MSG( 2, ( "Handshake completed but ssl->handshake is NULL.\n" ) );
41 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
42 }
43
44 MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
45
46 switch( ssl->state )
47 {
48 case MBEDTLS_SSL_HELLO_REQUEST:
49 mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
50 break;
51
52 case MBEDTLS_SSL_CLIENT_HELLO:
53 ret = ssl_client_hello_process( ssl );
54 break;
55
56 case MBEDTLS_SSL_SERVER_HELLO:
57 // Stop here : we haven't finished whole flow
58 ret=MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
59 mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
60 break;
61
62 default:
63 MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
64 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
65 }
66
67 return( ret );
68}
69
Jerry Yu65dd2cc2021-08-18 16:38:40 +0800[diff] [blame]70
71static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl );
72static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
73 unsigned char* buf, size_t buflen,
74 size_t* len_without_binders,
75 size_t* len_with_binders );
76static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl );
77
Jerry Yua13c7e72021-08-17 10:44:40 +0800[diff] [blame]78static int ssl_client_hello_process( mbedtls_ssl_context* ssl )
79{
80 int ret = 0;
Jerry Yu65dd2cc2021-08-18 16:38:40 +0800[diff] [blame]81 unsigned char *buf;
82 size_t buf_len, msg_len;
83 size_t len_without_binders = 0;
Jerry Yua13c7e72021-08-17 10:44:40 +0800[diff] [blame]84
85 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
86
Jerry Yu65dd2cc2021-08-18 16:38:40 +0800[diff] [blame]87 MBEDTLS_SSL_PROC_CHK( ssl_client_hello_prepare, ( ssl ) );
88
89 MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg, ( ssl,
90 MBEDTLS_SSL_HS_CLIENT_HELLO, &buf, &buf_len ) );
91
92 MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial, ( ssl, buf, buf_len,
93 &len_without_binders,
94 &msg_len ) );
95
96 mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
97 msg_len );
98 ssl->handshake->update_checksum( ssl, buf, len_without_binders );
99
100 MBEDTLS_SSL_PROC_CHK( ssl_client_hello_postprocess, ( ssl ) );
101 MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg, ( ssl, buf_len, msg_len ) );
Jerry Yua13c7e72021-08-17 10:44:40 +0800[diff] [blame]102
Jerry Yu65dd2cc2021-08-18 16:38:40 +0800[diff] [blame]103cleanup:
104
Jerry Yua13c7e72021-08-17 10:44:40 +0800[diff] [blame]105 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
106 /* client_hello_process haven't finished */
107 ret=MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
108 return ret;
Jerry Yub9930e72021-08-06 17:11:51 +0800[diff] [blame]109}
Jerry Yu3cc4c2a2021-08-06 16:29:08 +0800[diff] [blame]110
Jerry Yu65dd2cc2021-08-18 16:38:40 +0800[diff] [blame]111static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl )
112{
Jerry Yuc8a392c2021-08-18 16:46:28 +0800[diff] [blame^]113 int ret;
114 size_t rand_bytes_len;
115
116 if( ssl->conf->f_rng == NULL )
117 {
118 MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
119 return( MBEDTLS_ERR_SSL_NO_RNG );
120 }
121
122 rand_bytes_len = 32;
123
124 if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->handshake->randbytes, rand_bytes_len ) ) != 0 )
125 {
126 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
127 return( ret );
128 }
129
130 return( 0 );
131}
132
133static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl )
134{
135 mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
136
137 return( 0 );
Jerry Yu65dd2cc2021-08-18 16:38:40 +0800[diff] [blame]138}
139
140static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
141 unsigned char* buf, size_t buflen,
142 size_t* len_without_binders,
143 size_t* len_with_binders )
144{
145 ((void) ssl);
146 ((void) buf);
147 ((void) buflen);
148 ((void) len_without_binders);
149 ((void) len_with_binders);
150 return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
151}
152
Jerry Yuc8a392c2021-08-18 16:46:28 +0800[diff] [blame^]153
Jerry Yu65dd2cc2021-08-18 16:38:40 +0800[diff] [blame]154
Jerry Yu3cc4c2a2021-08-06 16:29:08 +0800[diff] [blame]155#endif /* MBEDTLS_SSL_CLI_C */
156
157#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */