search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
corrected copyright notices
[gnutls.git] / lib / ext / safe_renegotiation.c
blob98629ef62a11309eb4b61bd215f63dc45fcaaffb
1 /*
2 * Copyright (C) 2009-2012 Free Software Foundation, Inc.
3 *
4 * Author: Steve Dispensa (<dispensa@phonefactor.com>)
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #include <gnutls_int.h>
24 #include <ext/safe_renegotiation.h>
25 #include <gnutls_errors.h>
26
27
28 static int _gnutls_sr_recv_params (gnutls_session_t state,
29 const uint8_t * data, size_t data_size);
30 static int _gnutls_sr_send_params (gnutls_session_t state, gnutls_buffer_st*);
31 static void _gnutls_sr_deinit_data (extension_priv_data_t priv);
32
33 extension_entry_st ext_mod_sr = {
34 .name = "SAFE RENEGOTIATION",
35 .type = GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
36 .parse_type = GNUTLS_EXT_MANDATORY,
37
38 .recv_func = _gnutls_sr_recv_params,
39 .send_func = _gnutls_sr_send_params,
40 .pack_func = NULL,
41 .unpack_func = NULL,
42 .deinit_func = _gnutls_sr_deinit_data,
43 };
44
45 int
46 _gnutls_ext_sr_finished (gnutls_session_t session, void *vdata,
47 size_t vdata_size, int dir)
48 {
49 int ret;
50 sr_ext_st *priv;
51 extension_priv_data_t epriv;
52
53 if (session->internals.priorities.sr == SR_DISABLED)
54 {
55 return 0;
56 }
57
58 ret = _gnutls_ext_get_session_data (session,
59 GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
60 &epriv);
61 if (ret < 0)
62 {
63 gnutls_assert ();
64 return ret;
65 }
66 priv = epriv.ptr;
67
68 /* Save data for safe renegotiation.
69 */
70 if (vdata_size > MAX_VERIFY_DATA_SIZE)
71 {
72 gnutls_assert ();
73 return GNUTLS_E_INTERNAL_ERROR;
74 }
75
76 if ((session->security_parameters.entity == GNUTLS_CLIENT && dir == 0) ||
77 (session->security_parameters.entity == GNUTLS_SERVER && dir == 1))
78 {
79 priv->client_verify_data_len = vdata_size;
80 memcpy (priv->client_verify_data, vdata, vdata_size);
81 }
82 else
83 {
84 priv->server_verify_data_len = vdata_size;
85 memcpy (priv->server_verify_data, vdata, vdata_size);
86 }
87
88 return 0;
89 }
90
91 int
92 _gnutls_ext_sr_verify (gnutls_session_t session)
93 {
94 int ret;
95 sr_ext_st *priv = NULL;
96 extension_priv_data_t epriv;
97
98 if (session->internals.priorities.sr == SR_DISABLED)
99 {
100 gnutls_assert ();
101 return 0;
102 }
103
104 ret = _gnutls_ext_get_session_data (session,
105 GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
106 &epriv);
107 if (ret >= 0)
108 priv = epriv.ptr;
109
110 /* Safe renegotiation */
111
112 if (priv && priv->safe_renegotiation_received)
113 {
114 if ((priv->ri_extension_data_len < priv->client_verify_data_len) ||
115 (memcmp (priv->ri_extension_data,
116 priv->client_verify_data, priv->client_verify_data_len)))
117 {
118 gnutls_assert ();
119 _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n",
120 session);
121 return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
122 }
123
124 if (session->security_parameters.entity == GNUTLS_CLIENT)
125 {
126 if ((priv->ri_extension_data_len !=
127 priv->client_verify_data_len + priv->server_verify_data_len) ||
128 memcmp (priv->ri_extension_data + priv->client_verify_data_len,
129 priv->server_verify_data,
130 priv->server_verify_data_len) != 0)
131 {
132 gnutls_assert ();
133 _gnutls_handshake_log
134 ("HSK[%p]: Safe renegotiation failed [2]\n", session);
135 return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
136 }
137 }
138 else /* Make sure there are 0 extra bytes */
139 {
140 if (priv->ri_extension_data_len != priv->client_verify_data_len)
141 {
142 gnutls_assert ();
143 _gnutls_handshake_log
144 ("HSK[%p]: Safe renegotiation failed [3]\n", session);
145 return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
146 }
147 }
148
149 _gnutls_handshake_log ("HSK[%p]: Safe renegotiation succeeded\n",
150 session);
151 }
152 else /* safe renegotiation not received... */
153 {
154 if (priv && priv->connection_using_safe_renegotiation)
155 {
156 gnutls_assert ();
157 _gnutls_handshake_log
158 ("HSK[%p]: Peer previously asked for safe renegotiation\n",
159 session);
160 return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
161 }
162
163 /* Clients can't tell if it's an initial negotiation */
164 if (session->internals.initial_negotiation_completed)
165 {
166 if (session->internals.priorities.sr < SR_PARTIAL)
167 {
168 _gnutls_handshake_log
169 ("HSK[%p]: Allowing unsafe (re)negotiation\n", session);
170 }
171 else
172 {
173 gnutls_assert ();
174 _gnutls_handshake_log
175 ("HSK[%p]: Denying unsafe (re)negotiation\n", session);
176 return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED;
177 }
178 }
179 else
180 {
181 if (session->internals.priorities.sr < SR_SAFE)
182 {
183 _gnutls_handshake_log
184 ("HSK[%p]: Allowing unsafe initial negotiation\n", session);
185 }
186 else
187 {
188 gnutls_assert ();
189 _gnutls_handshake_log
190 ("HSK[%p]: Denying unsafe initial negotiation\n", session);
191 return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
192 }
193 }
194 }
195
196 return 0;
197 }
198
199 /* if a server received the special ciphersuite.
200 */
201 int
202 _gnutls_ext_sr_recv_cs (gnutls_session_t session)
203 {
204 int ret, set = 0;
205 sr_ext_st *priv;
206 extension_priv_data_t epriv;
207
208 ret = _gnutls_ext_get_session_data (session,
209 GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
210 &epriv);
211 if (ret < 0)
212 {
213 set = 1;
214 }
215 else if (ret < 0)
216 {
217 gnutls_assert ();
218 return ret;
219 }
220
221 if (set != 0)
222 {
223 priv = gnutls_calloc (1, sizeof (*priv));
224 if (priv == NULL)
225 {
226 gnutls_assert ();
227 return GNUTLS_E_MEMORY_ERROR;
228 }
229 epriv.ptr = priv;
230 }
231 else
232 priv = epriv.ptr;
233
234 priv->safe_renegotiation_received = 1;
235 priv->connection_using_safe_renegotiation = 1;
236
237 if (set != 0)
238 _gnutls_ext_set_session_data (session,
239 GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
240
241 return 0;
242 }
243
244 int
245 _gnutls_ext_sr_send_cs (gnutls_session_t session)
246 {
247 int ret, set = 0;
248 sr_ext_st *priv;
249 extension_priv_data_t epriv;
250
251 ret = _gnutls_ext_get_session_data (session,
252 GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
253 &epriv);
254 if (ret < 0)
255 {
256 set = 1;
257 }
258 else if (ret < 0)
259 {
260 gnutls_assert ();
261 return ret;
262 }
263
264 if (set != 0)
265 {
266 priv = gnutls_calloc (1, sizeof (*priv));
267 if (priv == NULL)
268 {
269 gnutls_assert ();
270 return GNUTLS_E_MEMORY_ERROR;
271 }
272 epriv.ptr = priv;
273 }
274
275 if (set != 0)
276 _gnutls_ext_set_session_data (session,
277 GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
278
279 return 0;
280 }
281
282 static int
283 _gnutls_sr_recv_params (gnutls_session_t session,
284 const uint8_t * data, size_t _data_size)
285 {
286 unsigned int len = data[0];
287 ssize_t data_size = _data_size;
288 sr_ext_st *priv;
289 extension_priv_data_t epriv;
290 int set = 0, ret;
291
292 DECR_LEN (data_size, len + 1 /* count the first byte and payload */ );
293
294 if (session->internals.priorities.sr == SR_DISABLED)
295 {
296 gnutls_assert ();
297 return 0;
298 }
299
300 ret = _gnutls_ext_get_session_data (session,
301 GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
302 &epriv);
303 if (ret < 0 && session->security_parameters.entity == GNUTLS_SERVER)
304 {
305 set = 1;
306 }
307 else if (ret < 0)
308 {
309 gnutls_assert ();
310 return ret;
311 }
312
313 if (set != 0)
314 {
315 priv = gnutls_calloc (1, sizeof (*priv));
316 if (priv == NULL)
317 {
318 gnutls_assert ();
319 return GNUTLS_E_MEMORY_ERROR;
320 }
321 epriv.ptr = priv;
322 }
323 else
324 priv = epriv.ptr;
325
326 /* It is not legal to receive this extension on a renegotiation and
327 * not receive it on the initial negotiation.
328 */
329 if (session->internals.initial_negotiation_completed != 0 &&
330 priv->connection_using_safe_renegotiation == 0)
331 {
332 gnutls_assert ();
333 return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
334 }
335
336 if (len > sizeof (priv->ri_extension_data))
337 {
338 gnutls_assert ();
339 return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
340 }
341
342 if (len > 0)
343 memcpy (priv->ri_extension_data, &data[1], len);
344 priv->ri_extension_data_len = len;
345
346 /* "safe renegotiation received" means on *this* handshake; "connection using
347 * safe renegotiation" means that the initial hello received on the connection
348 * indicated safe renegotiation.
349 */
350 priv->safe_renegotiation_received = 1;
351 priv->connection_using_safe_renegotiation = 1;
352
353 if (set != 0)
354 _gnutls_ext_set_session_data (session,
355 GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
356 return 0;
357 }
358
359 static int
360 _gnutls_sr_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
361 {
362 /* The format of this extension is a one-byte length of verify data followed
363 * by the verify data itself. Note that the length byte does not include
364 * itself; IOW, empty verify data is represented as a length of 0. That means
365 * the minimum extension is one byte: 0x00.
366 */
367 sr_ext_st *priv;
368 int ret, set = 0, len;
369 extension_priv_data_t epriv;
370 size_t init_length = extdata->length;
371
372 if (session->internals.priorities.sr == SR_DISABLED)
373 {
374 gnutls_assert ();
375 return 0;
376 }
377
378 ret = _gnutls_ext_get_session_data (session,
379 GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
380 &epriv);
381 if (ret < 0)
382 {
383 set = 1;
384 }
385
386 if (set != 0)
387 {
388 priv = gnutls_calloc (1, sizeof (*priv));
389 if (priv == NULL)
390 {
391 gnutls_assert ();
392 return GNUTLS_E_MEMORY_ERROR;
393 }
394 epriv.ptr = priv;
395
396 _gnutls_ext_set_session_data (session,
397 GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
398 epriv);
399 }
400 else
401 priv = epriv.ptr;
402
403 /* Always offer the extension if we're a client */
404 if (priv->connection_using_safe_renegotiation ||
405 session->security_parameters.entity == GNUTLS_CLIENT)
406 {
407 len = priv->client_verify_data_len;
408 if (session->security_parameters.entity == GNUTLS_SERVER)
409 len += priv->server_verify_data_len;
410
411 ret = _gnutls_buffer_append_prefix(extdata, 8, len);
412 if (ret < 0)
413 return gnutls_assert_val(ret);
414
415 ret = _gnutls_buffer_append_data(extdata, priv->client_verify_data,
416 priv->client_verify_data_len);
417 if (ret < 0)
418 return gnutls_assert_val(ret);
419
420 if (session->security_parameters.entity == GNUTLS_SERVER)
421 {
422 ret = _gnutls_buffer_append_data(extdata, priv->server_verify_data,
423 priv->server_verify_data_len);
424 if (ret < 0)
425 return gnutls_assert_val(ret);
426 }
427 }
428 else
429 return 0;
430
431 return extdata->length - init_length;
432 }
433
434 static void
435 _gnutls_sr_deinit_data (extension_priv_data_t priv)
436 {
437 gnutls_free (priv.ptr);
438 }
439
440 /**
441 * gnutls_safe_renegotiation_status:
442 * @session: is a #gnutls_session_t structure.
443 *
444 * Can be used to check whether safe renegotiation is being used
445 * in the current session.
446 *
447 * Returns: 0 when safe renegotiation is not used and non (0) when
448 * safe renegotiation is used.
449 *
450 * Since: 2.10.0
451 **/
452 int
453 gnutls_safe_renegotiation_status (gnutls_session_t session)
454 {
455 int ret;
456 sr_ext_st *priv;
457 extension_priv_data_t epriv;
458
459 ret = _gnutls_ext_get_session_data (session,
460 GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
461 &epriv);
462 if (ret < 0)
463 {
464 gnutls_assert ();
465 return 0;
466 }
467 priv = epriv.ptr;
468
469 return priv->connection_using_safe_renegotiation;
470 }
Implementation of the SSL/TLS protocol