1 /***************************************************************************
2  * Copyright (c) 2024 Microsoft Corporation
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the MIT License which is available at
6  * https://opensource.org/licenses/MIT.
7  *
8  * SPDX-License-Identifier: MIT
9  **************************************************************************/
10 
11 
12 /**************************************************************************/
13 /**************************************************************************/
14 /**                                                                       */
15 /** NetX Secure Component                                                 */
16 /**                                                                       */
17 /**    Transport Layer Security (TLS)                                     */
18 /**                                                                       */
19 /**************************************************************************/
20 /**************************************************************************/
21 
22 #define NX_SECURE_SOURCE_CODE
23 
24 
25 #include "nx_secure_tls.h"
26 
27 /**************************************************************************/
28 /*                                                                        */
29 /*  FUNCTION                                               RELEASE        */
30 /*                                                                        */
31 /*    _nx_secure_tls_process_header                       PORTABLE C      */
32 /*                                                           6.1          */
33 /*  AUTHOR                                                                */
34 /*                                                                        */
35 /*    Timothy Stapko, Microsoft Corporation                               */
36 /*                                                                        */
37 /*  DESCRIPTION                                                           */
38 /*                                                                        */
39 /*    This function processes an NX_PACKET data structure, extracting     */
40 /*    and parsing a TLS header received from a remote host.               */
41 /*                                                                        */
42 /*  INPUT                                                                 */
43 /*                                                                        */
44 /*    tls_session                           Pointer to TLS control block  */
45 /*    packet_ptr                            Pointer to incoming packet    */
46 /*    record_offset                         Offset of current record      */
47 /*    message_type                          Return message type value     */
48 /*    length                                Return message length value   */
49 /*    header_data                           Pointer to header to parse    */
50 /*    header_length                         Length of header data (bytes) */
51 /*                                                                        */
52 /*  OUTPUT                                                                */
53 /*                                                                        */
54 /*    status                                Completion status             */
55 /*                                                                        */
56 /*  CALLS                                                                 */
57 /*                                                                        */
58 /*    nx_packet_data_extract_offset         Extract data from NX_PACKET   */
59 /*    _nx_secure_tls_check_protocol_version Check incoming TLS version    */
60 /*                                                                        */
61 /*  CALLED BY                                                             */
62 /*                                                                        */
63 /*    _nx_secure_tls_process_record         Process TLS record            */
64 /*                                                                        */
65 /*  RELEASE HISTORY                                                       */
66 /*                                                                        */
67 /*    DATE              NAME                      DESCRIPTION             */
68 /*                                                                        */
69 /*  05-19-2020     Timothy Stapko           Initial Version 6.0           */
70 /*  09-30-2020     Timothy Stapko           Modified comment(s),          */
71 /*                                            supported chained packet,   */
72 /*                                            resulting in version 6.1    */
73 /*                                                                        */
74 /**************************************************************************/
_nx_secure_tls_process_header(NX_SECURE_TLS_SESSION * tls_session,NX_PACKET * packet_ptr,ULONG record_offset,USHORT * message_type,UINT * length,UCHAR * header_data,USHORT * header_length)75 UINT _nx_secure_tls_process_header(NX_SECURE_TLS_SESSION *tls_session, NX_PACKET *packet_ptr,
76                                    ULONG record_offset, USHORT *message_type, UINT *length,
77                                    UCHAR *header_data, USHORT *header_length)
78 {
79 ULONG  bytes_copied;
80 UINT   status;
81 USHORT protocol_version;
82 
83 
84     /* Check the packet. */
85     if (packet_ptr == NX_NULL)
86     {
87 
88         /* There was an error in extracting the header from the supplied packet. */
89         return(NX_SECURE_TLS_INVALID_PACKET);
90     }
91 
92     /* Process the TLS record header, which will set the state. */
93     status = nx_packet_data_extract_offset(packet_ptr, record_offset, header_data,
94                                            NX_SECURE_TLS_RECORD_HEADER_SIZE, &bytes_copied);
95 
96     /* Make sure we actually got a header. */
97     if (status != NX_SUCCESS)
98     {
99 
100         /* There was an error in extracting the header from the supplied packet. */
101         return(NX_SECURE_TLS_INVALID_PACKET);
102     }
103 
104     if (bytes_copied != NX_SECURE_TLS_RECORD_HEADER_SIZE)
105     {
106 
107         /* Wait more TCP packets for this one record. */
108         return(NX_CONTINUE);
109     }
110 
111     /* Extract message type from packet/record. */
112     *message_type = header_data[0];
113 
114     /* Extract the protocol version. */
115     protocol_version = (USHORT)(((USHORT)header_data[1] << 8) | header_data[2]);
116 
117     /* Get the length of the TLS data. */
118     *length = (UINT)(((UINT)header_data[3] << 8) + header_data[4]);
119 
120     /* Set header length. */
121     *header_length = NX_SECURE_TLS_RECORD_HEADER_SIZE;
122 
123     /* Check the protocol version, except when we haven't established a version yet */
124     if (tls_session -> nx_secure_tls_protocol_version != 0)
125     {
126         /* Check the record's protocol version against the current session. */
127         status = _nx_secure_tls_check_protocol_version(tls_session, protocol_version, NX_SECURE_TLS);
128         return(status);
129     }
130 
131     return(NX_SUCCESS);
132 }
133 
134