1 /*************************************************************************** 2 * Copyright (c) 2024 Microsoft Corporation 3 * 4 * This program and the accompanying materials are made available under the 5 * terms of the MIT License which is available at 6 * https://opensource.org/licenses/MIT. 7 * 8 * SPDX-License-Identifier: MIT 9 **************************************************************************/ 10 11 12 /**************************************************************************/ 13 /**************************************************************************/ 14 /** */ 15 /** NetX Secure Component */ 16 /** */ 17 /** Datagram Transport Layer Security (DTLS) */ 18 /** */ 19 /**************************************************************************/ 20 /**************************************************************************/ 21 22 #define NX_SECURE_SOURCE_CODE 23 24 #include "nx_secure_dtls.h" 25 26 #ifdef NX_SECURE_ENABLE_DTLS 27 /**************************************************************************/ 28 /* */ 29 /* FUNCTION RELEASE */ 30 /* */ 31 /* _nx_secure_dtls_send_helloverifyrequest PORTABLE C */ 32 /* 6.1 */ 33 /* AUTHOR */ 34 /* */ 35 /* Timothy Stapko, Microsoft Corporation */ 36 /* */ 37 /* DESCRIPTION */ 38 /* */ 39 /* This function populates an NX_PACKET with a HelloVerifyRequest */ 40 /* message. */ 41 /* */ 42 /* INPUT */ 43 /* */ 44 /* dtls_session DTLS control block */ 45 /* send_packet Packet used to send message */ 46 /* */ 47 /* OUTPUT */ 48 /* */ 49 /* status Completion status */ 50 /* */ 51 /* CALLS */ 52 /* */ 53 /* None */ 54 /* */ 55 /* CALLED BY */ 56 /* */ 57 /* _nx_secure_dtls_server_handshake DTLS server state machine */ 58 /* */ 59 /* RELEASE HISTORY */ 60 /* */ 61 /* DATE NAME DESCRIPTION */ 62 /* */ 63 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ 64 /* 09-30-2020 Timothy Stapko Modified comment(s), */ 65 /* verified memcpy use cases, */ 66 /* resulting in version 6.1 */ 67 /* */ 68 /**************************************************************************/ _nx_secure_dtls_send_helloverifyrequest(NX_SECURE_DTLS_SESSION * dtls_session,NX_PACKET * send_packet)69UINT _nx_secure_dtls_send_helloverifyrequest(NX_SECURE_DTLS_SESSION *dtls_session, 70 NX_PACKET *send_packet) 71 { 72 UINT length; 73 UINT i; 74 UINT random_value; 75 UCHAR *packet_buffer; 76 USHORT protocol_version; 77 78 /* Parse the HelloVerifyRequest message. 79 * Structure: 80 * | 2 | 1 | <Cookie Length> | 81 * | DTLS version | Cookie length | Server Cookie data | 82 */ 83 84 if (((ULONG)(send_packet -> nx_packet_data_end) - (ULONG)(send_packet -> nx_packet_append_ptr)) < 85 (3u + dtls_session -> nx_secure_dtls_cookie_length)) 86 { 87 88 /* Packet buffer is too small to hold random and ID. */ 89 return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); 90 } 91 92 /* Use our length as an index into the buffer. */ 93 length = 0; 94 95 packet_buffer = send_packet -> nx_packet_append_ptr; 96 97 /* First two bytes of the HelloVerifyRequest following the header are the (D)TLS major and minor version numbers. 98 The version should be DTLS version 1.0 regardless of the version of TLS that is expected to be negotiated.*/ 99 protocol_version = NX_SECURE_DTLS_VERSION_1_0; 100 101 packet_buffer[length] = (UCHAR)((protocol_version & 0xFF00) >> 8); 102 packet_buffer[length + 1] = (UCHAR)(protocol_version & 0x00FF); 103 length += 2; 104 105 /* Set the cookie length. */ 106 dtls_session -> nx_secure_dtls_cookie_length = 20; 107 packet_buffer[length] = (UCHAR)(dtls_session -> nx_secure_dtls_cookie_length); 108 length += 1; 109 110 /* Generate the cookie. */ 111 for (i = 0; i < dtls_session -> nx_secure_dtls_cookie_length; i += (UINT)sizeof(random_value)) 112 { 113 random_value = (UINT)NX_RAND(); 114 NX_CHANGE_ULONG_ENDIAN(random_value); 115 NX_SECURE_MEMCPY(&dtls_session -> nx_secure_dtls_cookie[i], 116 (UCHAR *)&random_value, sizeof(random_value)); /* Use case of memcpy is verified. */ 117 } 118 119 if (dtls_session -> nx_secure_dtls_cookie_length > sizeof(dtls_session -> nx_secure_dtls_cookie)) 120 { 121 122 /* Packet buffer is too small to hold cookie. */ 123 return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); 124 } 125 126 /* Copy the cookie into the packet. */ 127 NX_SECURE_MEMCPY(&packet_buffer[length], dtls_session -> nx_secure_dtls_cookie, dtls_session -> nx_secure_dtls_cookie_length); /* Use case of memcpy is verified. */ 128 length += dtls_session -> nx_secure_dtls_cookie_length; 129 130 /* Save off and return the number of bytes we wrote and need to send. */ 131 send_packet -> nx_packet_append_ptr = send_packet -> nx_packet_append_ptr + length; 132 send_packet -> nx_packet_length = send_packet -> nx_packet_length + length; 133 134 return(NX_SECURE_TLS_SUCCESS); 135 } 136 #endif /* NX_SECURE_ENABLE_DTLS */ 137 138
