1 /*
2  * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
3  *
4  * SPDX-License-Identifier: Apache-2.0
5  */
6 #include <sys/param.h>
7 #include "esp_mbedtls_dynamic_impl.h"
8 
9 int __real_mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl);
10 
11 int __wrap_mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl);
12 
13 static const char *TAG = "SSL Server";
14 
manage_resource(mbedtls_ssl_context * ssl,bool add)15 static int manage_resource(mbedtls_ssl_context *ssl, bool add)
16 {
17     int state = add ? ssl->state : ssl->state - 1;
18 
19     if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) {
20         return 0;
21     }
22 
23     if (!add) {
24         if (!ssl->out_left) {
25             CHECK_OK(esp_mbedtls_free_tx_buffer(ssl));
26         }
27     }
28 
29     switch (state) {
30         case MBEDTLS_SSL_HELLO_REQUEST:
31             ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
32             break;
33         case MBEDTLS_SSL_CLIENT_HELLO:
34             if (add) {
35                 CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
36             } else {
37                 CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
38             }
39             break;
40 
41 
42         case MBEDTLS_SSL_SERVER_HELLO:
43             if (add) {
44                 size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
45 
46                 CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
47             }
48             break;
49         case MBEDTLS_SSL_SERVER_CERTIFICATE:
50             if (add) {
51                 size_t buffer_len = 3;
52                 mbedtls_ssl_key_cert *key_cert = ssl->conf->key_cert;
53 
54                 while (key_cert && key_cert->cert) {
55                     size_t num;
56 
57                     buffer_len += esp_mbedtls_get_crt_size(key_cert->cert, &num);
58                     buffer_len += num * 3;
59 
60                     key_cert = key_cert->next;
61                 }
62 
63                 buffer_len = MAX(buffer_len, MBEDTLS_SSL_OUT_BUFFER_LEN);
64 
65                 CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
66             } else {
67 #ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
68                 esp_mbedtls_free_keycert_cert(ssl);
69 #endif
70             }
71             break;
72         case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
73             if (add) {
74                 size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
75 
76                 CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
77             } else {
78 #ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
79                 esp_mbedtls_free_dhm(ssl);
80                 esp_mbedtls_free_keycert_key(ssl);
81                 esp_mbedtls_free_keycert(ssl);
82 #endif
83             }
84             break;
85         case MBEDTLS_SSL_CERTIFICATE_REQUEST:
86             if (add) {
87                 size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
88 
89                 CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
90             }
91             break;
92         case MBEDTLS_SSL_SERVER_HELLO_DONE:
93             if (add) {
94                 size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
95 
96                 CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
97             }
98             break;
99 
100 
101         case MBEDTLS_SSL_CLIENT_CERTIFICATE:
102             if (add) {
103                 CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
104             } else {
105                 CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
106 
107 #ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CA_CERT
108                 esp_mbedtls_free_cacert(ssl);
109 #endif
110             }
111             break;
112         case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
113             if (add) {
114                 CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
115             } else {
116                 CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
117             }
118             break;
119         case MBEDTLS_SSL_CERTIFICATE_VERIFY:
120             if (add) {
121                 CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
122             } else {
123                 CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
124             }
125             break;
126         case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
127             if (add) {
128                 CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
129             } else {
130                 CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
131             }
132             break;
133         case MBEDTLS_SSL_CLIENT_FINISHED:
134             if (add) {
135                 CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
136             } else {
137                 CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
138             }
139             break;
140 
141 
142         case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
143             if (add) {
144                 size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
145 
146                 CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
147             }
148             break;
149         case MBEDTLS_SSL_SERVER_FINISHED:
150             if (add) {
151                 size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
152 
153                 CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
154             }
155             break;
156         case MBEDTLS_SSL_FLUSH_BUFFERS:
157             break;
158         case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
159             break;
160         default:
161             break;
162     }
163 
164     return 0;
165 }
166 
__wrap_mbedtls_ssl_handshake_server_step(mbedtls_ssl_context * ssl)167 int __wrap_mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
168 {
169     CHECK_OK(manage_resource(ssl, true));
170 
171     CHECK_OK(__real_mbedtls_ssl_handshake_server_step(ssl));
172 
173     CHECK_OK(manage_resource(ssl, false));
174 
175     return 0;
176 }
177