1
10
13
14
20
21
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
87
88
89
90
91
92
93
95
96
97
98
99
100
101
107
113
114
115
116
117
118
122
123
124
125
129
130
132
136
137
139
143
147
148
150
151
152
156
157
158
161
162
163
164
165
166
167
171
172
173
174
179
180
181
182
183
187
188
189
190
...
...
...
#define NX_SECURE_SOURCE_CODE
#include "nx_secure_tls.h"
static UCHAR generated_hash[NX_SECURE_TLS_MAX_HASH_SIZE];
...
...
UINT _nx_secure_tls_process_finished(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer,
UINT message_length)
{
UCHAR *finished_label;
UINT compare_result, status;
#if (NX_SECURE_TLS_TLS_1_3_ENABLED)
UINT hash_size = 0;
UINT is_server;/* ... */
#endif
#if (NX_SECURE_TLS_TLS_1_3_ENABLED)
if(tls_session -> nx_secure_tls_1_3)
{
/* ... */
is_server = (tls_session -> nx_secure_tls_socket_type == NX_SECURE_TLS_SESSION_TYPE_CLIENT);
status = _nx_secure_tls_1_3_finished_hash_generate(tls_session, is_server, &hash_size, generated_hash, sizeof(generated_hash));
if ((hash_size > message_length) || (hash_size > sizeof(generated_hash)))
{
compare_result = 1;
}if ((hash_size > message_length) || (hash_size > sizeof(generated_hash))) { ... }
else
{
compare_result = (UINT)NX_SECURE_MEMCMP(generated_hash, packet_buffer, hash_size);
}else { ... }
}if (tls_session -> nx_secure_tls_1_3) { ... }
else
#endif
{
if (message_length != NX_SECURE_TLS_FINISHED_HASH_SIZE)
{
return(NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH);
}if (message_length != NX_SECURE_TLS_FINISHED_HASH_SIZE) { ... }
if (!tls_session -> nx_secure_tls_remote_session_active)
{
return(NX_SECURE_TLS_UNEXPECTED_MESSAGE);
}if (!tls_session -> nx_secure_tls_remote_session_active) { ... }
/* ... */
if (!tls_session -> nx_secure_tls_received_remote_credentials)
{
return(NX_SECURE_TLS_HANDSHAKE_FAILURE);
}if (!tls_session -> nx_secure_tls_received_remote_credentials) { ... }
/* ... */
if (tls_session -> nx_secure_tls_socket_type == NX_SECURE_TLS_SESSION_TYPE_SERVER)
{
finished_label = (UCHAR *)"client finished";
}if (tls_session -> nx_secure_tls_socket_type == NX_SECURE_TLS_SESSION_TYPE_SERVER) { ... }
else
{
finished_label = (UCHAR *)"server finished";
}else { ... }
/* ... */
status = _nx_secure_tls_finished_hash_generate(tls_session, finished_label, generated_hash);
if(status != NX_SUCCESS)
{
return(status);
}if (status != NX_SUCCESS) { ... }
#ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION
/* ... */
NX_SECURE_MEMCPY(tls_session -> nx_secure_tls_remote_verify_data, generated_hash, NX_SECURE_TLS_FINISHED_HASH_SIZE); /* ... */
#endif
compare_result = (UINT)NX_SECURE_MEMCMP(generated_hash, packet_buffer, NX_SECURE_TLS_FINISHED_HASH_SIZE);
}else { ... }
if (compare_result != 0)
{
return(NX_SECURE_TLS_FINISHED_HASH_FAILURE);
}if (compare_result != 0) { ... }
#ifndef NX_SECURE_TLS_CLIENT_DISABLED
if (tls_session -> nx_secure_tls_socket_type == NX_SECURE_TLS_SESSION_TYPE_CLIENT)
{
tls_session -> nx_secure_tls_client_state = NX_SECURE_TLS_CLIENT_STATE_HANDSHAKE_FINISHED;
}if (tls_session -> nx_secure_tls_socket_type == NX_SECURE_TLS_SESSION_TYPE_CLIENT) { ... }
/* ... */#endif
status = _nx_secure_tls_remote_certificate_free_all(tls_session);
if (status != NX_SUCCESS)
{
return(status);
}if (status != NX_SUCCESS) { ... }
return(NX_SECURE_TLS_SUCCESS);
}{ ... }