1 /**************************************************************************/
2 /* */
3 /* Copyright (c) Microsoft Corporation. All rights reserved. */
4 /* */
5 /* This software is licensed under the Microsoft Software License */
6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */
7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */
8 /* and in the root directory of this software. */
9 /* */
10 /**************************************************************************/
11
12
13 /**************************************************************************/
14 /**************************************************************************/
15 /** */
16 /** NetX Secure Component */
17 /** */
18 /** Datagram Transport Layer Security (DTLS) */
19 /** */
20 /**************************************************************************/
21 /**************************************************************************/
22
23 #define NX_SECURE_SOURCE_CODE
24
25 #include "nx_secure_dtls.h"
26
27 #if !defined(NX_SECURE_TLS_CLIENT_DISABLED) && defined(NX_SECURE_ENABLE_DTLS)
28 /**************************************************************************/
29 /* */
30 /* FUNCTION RELEASE */
31 /* */
32 /* _nx_secure_dtls_process_helloverifyrequest PORTABLE C */
33 /* 6.1.10 */
34 /* AUTHOR */
35 /* */
36 /* Timothy Stapko, Microsoft Corporation */
37 /* */
38 /* DESCRIPTION */
39 /* */
40 /* This function processes an incoming HelloVerifyRequest message. */
41 /* */
42 /* INPUT */
43 /* */
44 /* dtls_session DTLS control block */
45 /* packet_buffer Pointer to message data */
46 /* message_length Length of message data (bytes)*/
47 /* */
48 /* OUTPUT */
49 /* */
50 /* status Completion status */
51 /* */
52 /* CALLS */
53 /* */
54 /* None */
55 /* */
56 /* CALLED BY */
57 /* */
58 /* _nx_secure_dtls_client_handshake DTLS client state machine */
59 /* */
60 /* RELEASE HISTORY */
61 /* */
62 /* DATE NAME DESCRIPTION */
63 /* */
64 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
65 /* 09-30-2020 Timothy Stapko Modified comment(s), improved */
66 /* buffer length verification, */
67 /* verified memcpy use cases, */
68 /* resulting in version 6.1 */
69 /* 01-31-2022 Timothy Stapko Modified comment(s), */
70 /* updated cookie handling, */
71 /* resulting in version 6.1.10 */
72 /* */
73 /**************************************************************************/
_nx_secure_dtls_process_helloverifyrequest(NX_SECURE_DTLS_SESSION * dtls_session,UCHAR * packet_buffer,UINT message_length)74 UINT _nx_secure_dtls_process_helloverifyrequest(NX_SECURE_DTLS_SESSION *dtls_session,
75 UCHAR *packet_buffer, UINT message_length)
76 {
77 UINT length;
78
79
80 /* Parse the HelloVerifyRequest message.
81 * Structure:
82 * | 2 | 1 | <Cookie Length> |
83 * | DTLS version | Cookie length | Server Cookie data |
84 */
85
86 /* Use our length as an index into the buffer. */
87 length = 0;
88
89 /* First two bytes of the server hello following the header are the TLS major and minor version numbers. */
90 length += 2;
91
92 /* Get the cookie length. */
93 dtls_session -> nx_secure_dtls_cookie_length = packet_buffer[length];
94 length += 1;
95
96 if (dtls_session -> nx_secure_dtls_cookie_length > NX_SECURE_DTLS_MAX_COOKIE_LENGTH)
97 {
98 dtls_session -> nx_secure_dtls_cookie_length = 0;
99 return(NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH);
100 }
101
102 if ((3u + dtls_session -> nx_secure_dtls_cookie_length) > message_length)
103 {
104 dtls_session -> nx_secure_dtls_cookie_length = 0;
105 return(NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH);
106 }
107
108 /* Save off the cookie pointer. */
109 dtls_session -> nx_secure_dtls_client_cookie_ptr = &packet_buffer[length];
110
111 /* Set our state to indicate we sucessfully parsed the HelloVerifyRequest. */
112 dtls_session -> nx_secure_dtls_tls_session.nx_secure_tls_client_state = NX_SECURE_TLS_CLIENT_STATE_HELLO_VERIFY;
113
114 return(NX_SECURE_TLS_SUCCESS);
115 }
116 #endif /* !defined(NX_SECURE_TLS_CLIENT_DISABLED) && defined(NX_SECURE_ENABLE_DTLS) */
117
118
