Add space for new DTLS fields in handshake

2024-11-22 11:35:44 +01:00 · 2014-02-18 17:40:52 +01:00 · 2014-02-18 17:40:52 +01:00 · ce441b3442
commit ce441b3442
parent a59543af30
2 changed files with 62 additions and 18 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -354,7 +354,7 @@ static int ssl_parse_ticket( ssl_context *ssl,
 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
 /*
 * Wrapper around f_sni, allowing use of ssl_set_own_cert() but
- * making it act on ssl->hanshake->sni_key_cert instead.
+ * making it act on ssl->handshake->sni_key_cert instead.
 */
 static int ssl_sni_wrapper( ssl_context *ssl,
                            const unsigned char* name, size_t len )
@ -1205,6 +1205,19 @@ static int ssl_parse_client_hello( ssl_context *ssl )

    ssl->handshake->update_checksum( ssl, buf, n );

+    /*
+     * For DTLS, we move data so that is looks like TLS handshake format
+     */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
+    {
+        // TODO: DTLS: actually use the additional fields before removing them!
+
+        memmove( buf + 4, buf + 12, n - 12 );
+        n -= 8;
+    }
+#endif /* POLARSSL_SSL_PROTO_DTLS */
+
    /*
     * SSL layer:
     *     0  .   0   handshake type
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1924,6 +1924,25 @@ int ssl_write_record( ssl_context *ssl )
        ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >>  8 );
        ssl->out_msg[3] = (unsigned char)( ( len - 4 )       );

+        /*
+         * DTLS has additional fields in the Handshake layer,
+         * between the length field and the actual payload:
+         *      uint16 message_seq;
+         *      uint24 fragment_offset;
+         *      uint24 fragment_length;
+         */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+        if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
+        {
+            memmove( ssl->out_msg + 12, ssl->out_msg + 4, ssl->out_msglen - 4 );
+            ssl->out_msglen += 8;
+            len += 8;
+
+            // TODO: DTLS: fill additional fields correctly
+            memset( ssl->out_msg + 4, 0x00, 8 );
+        }
+#endif /* POLARSSL_SSL_PROTO_DTLS */
+
        if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST )
            ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
    }
@ -2004,34 +2023,38 @@ int ssl_write_record( ssl_context *ssl )

 static int ssl_prepare_handshake_record( ssl_context *ssl )
 {
-    ssl->in_hslen  = 4;
+    ssl->in_hslen  = ssl->transport == SSL_TRANSPORT_DATAGRAM ? 12 : 4;
    ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];

    SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
                        " %d, type = %d, hslen = %d",
-                   ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
+                        ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );

-    /*
-     * Additional checks to validate the handshake header
-     */
-    if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
+    /* We don't handle handshake messages larger than one record (for now) */
+    if( ssl->in_msg[1] != 0 ||
+        ssl->in_msglen < ssl->in_hslen )
    {
        SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
        return( POLARSSL_ERR_SSL_INVALID_RECORD );
    }

-    if( ssl->in_msglen < ssl->in_hslen )
-    {
-        SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
-        return( POLARSSL_ERR_SSL_INVALID_RECORD );
-    }
-
-    /*
-     * Update handshake checksum
-     */
    if( ssl->state != SSL_HANDSHAKE_OVER )
        ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );

+    /*
+     * For DTLS, we move data so that is looks like
+     * TLS handshake format to other functions.
+     */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
+    {
+        // TODO: DTLS: actually use the additional fields before removing them!
+
+        memmove( ssl->in_msg + 4, ssl->in_msg + 12, ssl->in_hslen - 12 );
+        ssl->in_hslen -= 8;
+    }
+#endif /* POLARSSL_SSL_PROTO_DTLS */
+
    return( 0 );
 }

@ -2042,8 +2065,16 @@ int ssl_read_record( ssl_context *ssl )

    SSL_DEBUG_MSG( 2, ( "=> read record" ) );

-    if( ssl->in_hslen != 0 &&
-        ssl->in_hslen < ssl->in_msglen )
+    /*
+     * With DTLS, we cheated on in_hslen to make the handshake message look
+     * like TLS format, restore the truth now
+     */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( ssl->in_hslen != 0 && ssl->transport == SSL_TRANSPORT_DATAGRAM )
+        ssl->in_hslen += 8;
+#endif
+
+    if( ssl->in_hslen != 0 && ssl->in_hslen < ssl->in_msglen )
    {
        /*
         * Get next Handshake message in the current record