1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Datagram Transport Layer Security (DTLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_dtls.h"
25
26 #if !defined(NX_SECURE_TLS_CLIENT_DISABLED) && defined(NX_SECURE_ENABLE_DTLS)
27 /**************************************************************************/
28 /* */
29 /* FUNCTION RELEASE */
30 /* */
31 /* _nx_secure_dtls_process_helloverifyrequest PORTABLE C */
32 /* 6.1.10 */
33 /* AUTHOR */
34 /* */
35 /* Timothy Stapko, Microsoft Corporation */
36 /* */
37 /* DESCRIPTION */
38 /* */
39 /* This function processes an incoming HelloVerifyRequest message. */
40 /* */
41 /* INPUT */
42 /* */
43 /* dtls_session DTLS control block */
44 /* packet_buffer Pointer to message data */
45 /* message_length Length of message data (bytes)*/
46 /* */
47 /* OUTPUT */
48 /* */
49 /* status Completion status */
50 /* */
51 /* CALLS */
52 /* */
53 /* None */
54 /* */
55 /* CALLED BY */
56 /* */
57 /* _nx_secure_dtls_client_handshake DTLS client state machine */
58 /* */
59 /* RELEASE HISTORY */
60 /* */
61 /* DATE NAME DESCRIPTION */
62 /* */
63 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
64 /* 09-30-2020 Timothy Stapko Modified comment(s), improved */
65 /* buffer length verification, */
66 /* verified memcpy use cases, */
67 /* resulting in version 6.1 */
68 /* 01-31-2022 Timothy Stapko Modified comment(s), */
69 /* updated cookie handling, */
70 /* resulting in version 6.1.10 */
71 /* */
72 /**************************************************************************/
_nx_secure_dtls_process_helloverifyrequest(NX_SECURE_DTLS_SESSION * dtls_session,UCHAR * packet_buffer,UINT message_length)73 UINT _nx_secure_dtls_process_helloverifyrequest(NX_SECURE_DTLS_SESSION *dtls_session,
74 UCHAR *packet_buffer, UINT message_length)
75 {
76 UINT length;
77
78
79 /* Parse the HelloVerifyRequest message.
80 * Structure:
81 * | 2 | 1 | <Cookie Length> |
82 * | DTLS version | Cookie length | Server Cookie data |
83 */
84
85 /* Use our length as an index into the buffer. */
86 length = 0;
87
88 /* First two bytes of the server hello following the header are the TLS major and minor version numbers. */
89 length += 2;
90
91 /* Get the cookie length. */
92 dtls_session -> nx_secure_dtls_cookie_length = packet_buffer[length];
93 length += 1;
94
95 if (dtls_session -> nx_secure_dtls_cookie_length > NX_SECURE_DTLS_MAX_COOKIE_LENGTH)
96 {
97 dtls_session -> nx_secure_dtls_cookie_length = 0;
98 return(NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH);
99 }
100
101 if ((3u + dtls_session -> nx_secure_dtls_cookie_length) > message_length)
102 {
103 dtls_session -> nx_secure_dtls_cookie_length = 0;
104 return(NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH);
105 }
106
107 /* Save off the cookie pointer. */
108 dtls_session -> nx_secure_dtls_client_cookie_ptr = &packet_buffer[length];
109
110 /* Set our state to indicate we sucessfully parsed the HelloVerifyRequest. */
111 dtls_session -> nx_secure_dtls_tls_session.nx_secure_tls_client_state = NX_SECURE_TLS_CLIENT_STATE_HELLO_VERIFY;
112
113 return(NX_SECURE_TLS_SUCCESS);
114 }
115 #endif /* !defined(NX_SECURE_TLS_CLIENT_DISABLED) && defined(NX_SECURE_ENABLE_DTLS) */
116
117
