1 /*
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 * Copyright (C) 2017 Red Hat, Inc.
4 *
5 * Author: Nikos Mavrogiannopoulos
6 *
7 * This file is part of GnuTLS.
8 *
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this program. If not, see <https://www.gnu.org/licenses/>
21 *
22 */
23
24 #ifndef GNUTLS_LIB_HANDSHAKE_H
25 #define GNUTLS_LIB_HANDSHAKE_H
26
27 #include "errors.h"
28 #include "record.h"
29 #include <assert.h>
30
31 /* The following two macros are used in the handshake state machines; the first
32 * (IMED_RET) accounts for non-fatal errors and re-entry to current state, while
33 * the latter invalidates the handshake on any error (to be used by functions
34 * that are not expected to return non-fatal errors).
35 */
36 #define IMED_RET( str, ret, allow_alert) do { \
37 if (ret < 0) { \
38 /* EAGAIN and INTERRUPTED are always non-fatal */ \
39 if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \
40 return ret; \
41 if (ret == GNUTLS_E_GOT_APPLICATION_DATA && session->internals.initial_negotiation_completed != 0) \
42 return ret; \
43 if (session->internals.handshake_suspicious_loops < 16) { \
44 if (ret == GNUTLS_E_LARGE_PACKET) { \
45 session->internals.handshake_suspicious_loops++; \
46 return ret; \
47 } \
48 /* a warning alert might interrupt handshake */ \
49 if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) { \
50 session->internals.handshake_suspicious_loops++; \
51 return ret; \
52 } \
53 } \
54 gnutls_assert(); \
55 /* do not allow non-fatal errors at this point */ \
56 if (gnutls_error_is_fatal(ret) == 0) ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); \
57 session_invalidate(session); \
58 _gnutls_handshake_hash_buffers_clear(session); \
59 return ret; \
60 } } while (0)
61
62 #define IMED_RET_FATAL( str, ret, allow_alert) do { \
63 if (ret < 0) { \
64 gnutls_assert(); \
65 if (gnutls_error_is_fatal(ret) == 0) \
66 ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); \
67 session_invalidate(session); \
68 _gnutls_handshake_hash_buffers_clear(session); \
69 return ret; \
70 } } while (0)
71
72 int _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel,
73 gnutls_handshake_description_t type);
74 int _gnutls_recv_handshake(gnutls_session_t session,
75 gnutls_handshake_description_t type,
76 unsigned int optional, gnutls_buffer_st * buf);
77
78 int
79 _gnutls_send_handshake2(gnutls_session_t session, mbuffer_st * bufel,
80 gnutls_handshake_description_t type, unsigned queue_only);
81
82 int _gnutls_generate_session_id(uint8_t * session_id, uint8_t * len);
83 int _gnutls_gen_server_random(gnutls_session_t session, int version);
84 void _gnutls_set_client_random(gnutls_session_t session, uint8_t * rnd);
85
86 ssize_t _gnutls_send_change_cipher_spec(gnutls_session_t session, int again);
87
88 int _gnutls_send_server_hello(gnutls_session_t session, int again);
89
90 int _gnutls_find_pk_algos_in_ciphersuites(uint8_t * data, int datalen);
91 int _gnutls_server_select_suite(gnutls_session_t session, uint8_t * data,
92 unsigned int datalen, unsigned int scsv_only);
93
94 int _gnutls_negotiate_version(gnutls_session_t session,
95 uint8_t major, uint8_t minor,
96 unsigned allow_tls13);
97 int _gnutls_user_hello_func(gnutls_session_t session,
98 uint8_t major, uint8_t minor);
99
100 void _gnutls_handshake_hash_buffers_clear(gnutls_session_t session);
101
102 int _gnutls13_handshake_hash_buffers_synth(gnutls_session_t session,
103 const mac_entry_st *prf,
104 unsigned client);
105
106 #define STATE session->internals.handshake_state
107 #define FINAL_STATE session->internals.handshake_final_state
108 /* This returns true if we have got there
109 * before (and not finished due to an interrupt).
110 */
111 #define AGAIN(target) (STATE==target?1:0)
112 #define FAGAIN(target) (FINAL_STATE==target?1:0)
113 #define AGAIN2(state, target) (state==target?1:0)
114
115 /* return the remaining time in ms */
handshake_remaining_time(gnutls_session_t session)116 inline static int handshake_remaining_time(gnutls_session_t session)
117 {
118 struct timespec *end = &session->internals.handshake_abs_timeout;
119
120 if (end->tv_sec || end->tv_nsec) {
121 struct timespec now;
122 gnutls_gettime(&now);
123
124 if (now.tv_sec < end->tv_sec ||
125 (now.tv_sec == end->tv_sec && now.tv_nsec < end->tv_nsec))
126 {
127 long long now_ms = now.tv_sec * 1000LL + now.tv_nsec / 1000000;
128 long long end_ms = end->tv_sec * 1000LL + end->tv_nsec / 1000000;
129
130 return end_ms - now_ms;
131 } else
132 return gnutls_assert_val(GNUTLS_E_TIMEDOUT);
133 }
134 return 0;
135 }
136
137 /* Returns non-zero if the present credentials are sufficient for TLS1.3 negotiation.
138 * This is to be used in client side only. On server side, it is allowed to start
139 * without credentials.
140 */
have_creds_for_tls13(gnutls_session_t session)141 inline static unsigned have_creds_for_tls13(gnutls_session_t session)
142 {
143 assert(session->security_parameters.entity == GNUTLS_CLIENT);
144 if (_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) != NULL ||
145 _gnutls_get_cred(session, GNUTLS_CRD_PSK) != NULL)
146 return 1;
147
148 return 0;
149 }
150
151 int _gnutls_handshake_get_session_hash(gnutls_session_t session, gnutls_datum_t *shash);
152
153 int _gnutls_check_id_for_change(gnutls_session_t session);
154 int _gnutls_check_if_cert_hash_is_same(gnutls_session_t session, gnutls_certificate_credentials_t cred);
155
156 #include "handshake-defs.h"
157
158 int _gnutls_call_hook_func(gnutls_session_t session,
159 gnutls_handshake_description_t type,
160 int post, unsigned incoming,
161 const uint8_t *data, unsigned data_size);
162
163 int _gnutls_run_verify_callback(gnutls_session_t session, unsigned int side);
164 int _gnutls_recv_finished(gnutls_session_t session);
165 int _gnutls_send_finished(gnutls_session_t session, int again);
166
167 int _gnutls13_handshake_client(gnutls_session_t session);
168 int _gnutls13_handshake_server(gnutls_session_t session);
169
170 int
171 _gnutls13_recv_hello_retry_request(gnutls_session_t session,
172 gnutls_buffer_st *buf);
173
174 int
175 _gnutls13_recv_async_handshake(gnutls_session_t session);
176
177 #endif /* GNUTLS_LIB_HANDSHAKE_H */
178