Renesas
/
SecureDweet
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
internal.h
00001 /* internal.h 00002 * 00003 * Copyright (C) 2006-2016 wolfSSL Inc. 00004 * 00005 * This file is part of wolfSSL. 00006 * 00007 * wolfSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * wolfSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 00020 */ 00021 00022 00023 00024 #ifndef WOLFSSL_INT_H 00025 #define WOLFSSL_INT_H 00026 00027 00028 #include <wolfssl/wolfcrypt/types.h> 00029 #include <wolfssl/ssl.h> 00030 #ifdef HAVE_CRL 00031 #include <wolfssl/crl.h> 00032 #endif 00033 #include <wolfssl/wolfcrypt/random.h> 00034 #ifndef NO_DES3 00035 #include <wolfssl/wolfcrypt/des3.h> 00036 #endif 00037 #ifndef NO_HC128 00038 #include <wolfssl/wolfcrypt/hc128.h> 00039 #endif 00040 #ifndef NO_RABBIT 00041 #include <wolfssl/wolfcrypt/rabbit.h> 00042 #endif 00043 #ifdef HAVE_CHACHA 00044 #include <wolfssl/wolfcrypt/chacha.h> 00045 #endif 00046 #ifndef NO_ASN 00047 #include <wolfssl/wolfcrypt/asn.h> 00048 #endif 00049 #ifndef NO_MD5 00050 #include <wolfssl/wolfcrypt/md5.h> 00051 #endif 00052 #ifndef NO_SHA 00053 #include <wolfssl/wolfcrypt/sha.h> 00054 #endif 00055 #ifndef NO_AES 00056 #include <wolfssl/wolfcrypt/aes.h> 00057 #endif 00058 #ifdef HAVE_POLY1305 00059 #include <wolfssl/wolfcrypt/poly1305.h> 00060 #endif 00061 #ifdef HAVE_CAMELLIA 00062 #include <wolfssl/wolfcrypt/camellia.h> 00063 #endif 00064 #include <wolfssl/wolfcrypt/logging.h> 00065 #ifndef NO_HMAC 00066 #include <wolfssl/wolfcrypt/hmac.h> 00067 #endif 00068 #ifndef NO_RC4 00069 #include <wolfssl/wolfcrypt/arc4.h> 00070 #endif 00071 #ifdef HAVE_ECC 00072 #include <wolfssl/wolfcrypt/ecc.h> 00073 #endif 00074 #ifndef NO_SHA256 00075 #include <wolfssl/wolfcrypt/sha256.h> 00076 #endif 00077 #ifdef HAVE_OCSP 00078 #include <wolfssl/ocsp.h> 00079 #endif 00080 #ifdef WOLFSSL_SHA512 00081 #include <wolfssl/wolfcrypt/sha512.h> 00082 #endif 00083 00084 #ifdef HAVE_AESGCM 00085 #include <wolfssl/wolfcrypt/sha512.h> 00086 #endif 00087 00088 #ifdef WOLFSSL_RIPEMD 00089 #include <wolfssl/wolfcrypt/ripemd.h> 00090 #endif 00091 00092 #ifdef HAVE_IDEA 00093 #include <wolfssl/wolfcrypt/idea.h> 00094 #endif 00095 00096 #include <wolfssl/wolfcrypt/hash.h> 00097 00098 #ifdef WOLFSSL_CALLBACKS 00099 #include <wolfssl/callbacks.h> 00100 #include <signal.h> 00101 #endif 00102 00103 #ifdef USE_WINDOWS_API 00104 #ifdef WOLFSSL_GAME_BUILD 00105 #include "system/xtl.h" 00106 #else 00107 #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) 00108 /* On WinCE winsock2.h must be included before windows.h */ 00109 #include <winsock2.h> 00110 #endif 00111 #include <windows.h> 00112 #endif 00113 #elif defined(THREADX) 00114 #ifndef SINGLE_THREADED 00115 #include "tx_api.h" 00116 #endif 00117 #elif defined(MICRIUM) 00118 /* do nothing, just don't pick Unix */ 00119 #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS) 00120 /* do nothing */ 00121 #elif defined(EBSNET) 00122 /* do nothing */ 00123 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) 00124 /* do nothing */ 00125 #elif defined(FREESCALE_FREE_RTOS) 00126 #include "fsl_os_abstraction.h" 00127 #elif defined(WOLFSSL_uITRON4) 00128 /* do nothing */ 00129 #elif defined(WOLFSSL_uTKERNEL2) 00130 /* do nothing */ 00131 #elif defined(WOLFSSL_MDK_ARM) 00132 #if defined(WOLFSSL_MDK5) 00133 #include "cmsis_os.h" 00134 #else 00135 #include <rtl.h> 00136 #endif 00137 #elif defined(WOLFSSL_CMSIS_RTOS) 00138 #include "cmsis_os.h" 00139 #elif defined(MBED) 00140 #elif defined(WOLFSSL_TIRTOS) 00141 /* do nothing */ 00142 #else 00143 #ifndef SINGLE_THREADED 00144 #define WOLFSSL_PTHREADS 00145 #include <pthread.h> 00146 #endif 00147 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) 00148 #include <unistd.h> /* for close of BIO */ 00149 #endif 00150 #endif 00151 00152 00153 #ifdef HAVE_LIBZ 00154 #include "zlib.h" 00155 #endif 00156 00157 #ifdef _MSC_VER 00158 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ 00159 #pragma warning(disable: 4996) 00160 #endif 00161 00162 #ifdef NO_AES 00163 #if !defined (ALIGN16) 00164 #define ALIGN16 00165 #endif 00166 #endif 00167 00168 #ifdef NO_SHA 00169 #define SHA_DIGEST_SIZE 20 00170 #endif 00171 00172 #ifdef NO_SHA256 00173 #define SHA256_DIGEST_SIZE 32 00174 #endif 00175 00176 #ifdef NO_MD5 00177 #define MD5_DIGEST_SIZE 16 00178 #endif 00179 00180 00181 #ifdef __cplusplus 00182 extern "C" { 00183 #endif 00184 00185 00186 #ifdef USE_WINDOWS_API 00187 typedef unsigned int SOCKET_T; 00188 #else 00189 typedef int SOCKET_T; 00190 #endif 00191 00192 00193 typedef byte word24[3]; 00194 00195 /* Define or comment out the cipher suites you'd like to be compiled in 00196 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined 00197 00198 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx 00199 00200 Now that there is a maximum strength crypto build, the following BUILD_XXX 00201 flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH. 00202 Those that do not use Perfect Forward Security and do not use AEAD ciphers 00203 need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or 00204 CHACHA-POLY. 00205 */ 00206 00207 /* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are 00208 * not turned off. */ 00209 #if defined(WOLFSSL_MAX_STRENGTH) && \ 00210 ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \ 00211 (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \ 00212 (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \ 00213 (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \ 00214 !defined(NO_OLD_TLS)) 00215 00216 #error "You are trying to build max strength with requirements disabled." 00217 #endif 00218 00219 /* Have QSH : Quantum-safe Handshake */ 00220 #if defined(HAVE_QSH) 00221 #define BUILD_TLS_QSH 00222 #endif 00223 00224 #ifndef WOLFSSL_MAX_STRENGTH 00225 00226 #if !defined(NO_RSA) && !defined(NO_RC4) 00227 #if defined(WOLFSSL_STATIC_RSA) 00228 #if !defined(NO_SHA) 00229 #define BUILD_SSL_RSA_WITH_RC4_128_SHA 00230 #endif 00231 #if !defined(NO_MD5) 00232 #define BUILD_SSL_RSA_WITH_RC4_128_MD5 00233 #endif 00234 #endif 00235 #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \ 00236 && defined(WOLFSSL_STATIC_RSA) 00237 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA 00238 #endif 00239 #endif 00240 00241 #if !defined(NO_RSA) && !defined(NO_DES3) 00242 #if !defined(NO_SHA) 00243 #if defined(WOLFSSL_STATIC_RSA) 00244 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA 00245 #endif 00246 #if !defined(NO_TLS) && defined(HAVE_NTRU) \ 00247 && defined(WOLFSSL_STATIC_RSA) 00248 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA 00249 #endif 00250 #endif 00251 #endif 00252 00253 #if !defined(NO_RSA) && defined(HAVE_IDEA) 00254 #if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA) 00255 #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA 00256 #endif 00257 #endif 00258 00259 #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) 00260 #if !defined(NO_SHA) 00261 #if defined(WOLFSSL_STATIC_RSA) 00262 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA 00263 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA 00264 #endif 00265 #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA) 00266 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA 00267 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA 00268 #endif 00269 #endif 00270 #if defined(WOLFSSL_STATIC_RSA) 00271 #if !defined (NO_SHA256) 00272 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 00273 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 00274 #endif 00275 #if defined (HAVE_AESGCM) 00276 #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 00277 #if defined (WOLFSSL_SHA384) 00278 #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 00279 #endif 00280 #endif 00281 #if defined (HAVE_AESCCM) 00282 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 00283 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 00284 #endif 00285 #if defined(HAVE_BLAKE2) 00286 #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 00287 #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 00288 #endif 00289 #endif 00290 #endif 00291 00292 #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) 00293 #ifndef NO_RSA 00294 #if defined(WOLFSSL_STATIC_RSA) 00295 #if !defined(NO_SHA) 00296 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00297 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00298 #endif 00299 #ifndef NO_SHA256 00300 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00301 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00302 #endif 00303 #endif 00304 #if !defined(NO_DH) 00305 #if !defined(NO_SHA) 00306 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00307 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00308 #endif 00309 #ifndef NO_SHA256 00310 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00311 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00312 #endif 00313 #endif 00314 #endif 00315 #endif 00316 00317 #if defined(WOLFSSL_STATIC_PSK) 00318 #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) 00319 #if !defined(NO_SHA) 00320 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA 00321 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA 00322 #endif 00323 #ifndef NO_SHA256 00324 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 00325 #ifdef HAVE_AESGCM 00326 #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 00327 #endif 00328 #ifdef HAVE_AESCCM 00329 #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 00330 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 00331 #define BUILD_TLS_PSK_WITH_AES_128_CCM 00332 #define BUILD_TLS_PSK_WITH_AES_256_CCM 00333 #endif 00334 #endif 00335 #ifdef WOLFSSL_SHA384 00336 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 00337 #ifdef HAVE_AESGCM 00338 #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 00339 #endif 00340 #endif 00341 #endif 00342 #endif 00343 00344 #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) 00345 #if !defined(NO_RSA) 00346 #if defined(WOLFSSL_STATIC_RSA) 00347 #if !defined(NO_SHA) 00348 #define BUILD_TLS_RSA_WITH_NULL_SHA 00349 #endif 00350 #ifndef NO_SHA256 00351 #define BUILD_TLS_RSA_WITH_NULL_SHA256 00352 #endif 00353 #endif 00354 #endif 00355 #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK) 00356 #if !defined(NO_SHA) 00357 #define BUILD_TLS_PSK_WITH_NULL_SHA 00358 #endif 00359 #ifndef NO_SHA256 00360 #define BUILD_TLS_PSK_WITH_NULL_SHA256 00361 #endif 00362 #ifdef WOLFSSL_SHA384 00363 #define BUILD_TLS_PSK_WITH_NULL_SHA384 00364 #endif 00365 #endif 00366 #endif 00367 00368 #if defined(WOLFSSL_STATIC_RSA) 00369 #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) 00370 #ifndef NO_MD5 00371 #define BUILD_TLS_RSA_WITH_HC_128_MD5 00372 #endif 00373 #if !defined(NO_SHA) 00374 #define BUILD_TLS_RSA_WITH_HC_128_SHA 00375 #endif 00376 #if defined(HAVE_BLAKE2) 00377 #define BUILD_TLS_RSA_WITH_HC_128_B2B256 00378 #endif 00379 #endif 00380 00381 #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) 00382 #if !defined(NO_SHA) 00383 #define BUILD_TLS_RSA_WITH_RABBIT_SHA 00384 #endif 00385 #endif 00386 #endif 00387 00388 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ 00389 !defined(NO_RSA) 00390 00391 #if !defined(NO_SHA) 00392 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00393 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00394 #endif 00395 #if !defined(NO_SHA256) 00396 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00397 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00398 #endif 00399 #endif 00400 00401 #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \ 00402 !defined(NO_AES) && !defined(NO_SHA) 00403 #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA 00404 #endif 00405 00406 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) 00407 #ifndef NO_SHA256 00408 #ifndef NO_AES 00409 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00410 #endif 00411 #ifdef HAVE_NULL_CIPHER 00412 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 00413 #endif 00414 #endif 00415 #ifdef WOLFSSL_SHA384 00416 #ifndef NO_AES 00417 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00418 #endif 00419 #ifdef HAVE_NULL_CIPHER 00420 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 00421 #endif 00422 #endif 00423 #endif 00424 00425 #if defined(HAVE_ECC) && !defined(NO_TLS) 00426 #if !defined(NO_AES) 00427 #if !defined(NO_SHA) 00428 #if !defined(NO_RSA) 00429 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00430 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00431 #if defined(WOLFSSL_STATIC_DH) 00432 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00433 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00434 #endif 00435 #endif 00436 00437 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00438 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00439 00440 #if defined(WOLFSSL_STATIC_DH) 00441 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00442 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00443 #endif 00444 #endif /* NO_SHA */ 00445 #ifndef NO_SHA256 00446 #if !defined(NO_RSA) 00447 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00448 #if defined(WOLFSSL_STATIC_DH) 00449 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00450 #endif 00451 #endif 00452 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00453 #if defined(WOLFSSL_STATIC_DH) 00454 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00455 #endif 00456 #endif 00457 00458 #ifdef WOLFSSL_SHA384 00459 #if !defined(NO_RSA) 00460 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00461 #if defined(WOLFSSL_STATIC_DH) 00462 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00463 #endif 00464 #endif 00465 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00466 #if defined(WOLFSSL_STATIC_DH) 00467 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00468 #endif 00469 #endif 00470 00471 #if defined (HAVE_AESGCM) 00472 #if !defined(NO_RSA) 00473 #if defined(WOLFSSL_STATIC_DH) 00474 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00475 #endif 00476 #if defined(WOLFSSL_SHA384) 00477 #if defined(WOLFSSL_STATIC_DH) 00478 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00479 #endif 00480 #endif 00481 #endif 00482 00483 #if defined(WOLFSSL_STATIC_DH) 00484 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00485 #endif 00486 00487 #if defined(WOLFSSL_SHA384) 00488 #if defined(WOLFSSL_STATIC_DH) 00489 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00490 #endif 00491 #endif 00492 #endif 00493 #endif /* NO_AES */ 00494 #if !defined(NO_RC4) 00495 #if !defined(NO_SHA) 00496 #if !defined(NO_RSA) 00497 #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00498 #if defined(WOLFSSL_STATIC_DH) 00499 #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA 00500 #endif 00501 #endif 00502 00503 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00504 #if defined(WOLFSSL_STATIC_DH) 00505 #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00506 #endif 00507 #endif 00508 #endif 00509 #if !defined(NO_DES3) 00510 #ifndef NO_SHA 00511 #if !defined(NO_RSA) 00512 #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00513 #if defined(WOLFSSL_STATIC_DH) 00514 #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00515 #endif 00516 #endif 00517 00518 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00519 #if defined(WOLFSSL_STATIC_DH) 00520 #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00521 #endif 00522 #endif /* NO_SHA */ 00523 #endif 00524 #if defined(HAVE_NULL_CIPHER) 00525 #if !defined(NO_SHA) 00526 #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00527 #endif 00528 #if !defined(NO_PSK) && !defined(NO_SHA256) 00529 #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 00530 #endif 00531 #endif 00532 #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) 00533 #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00534 #endif 00535 #endif 00536 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) 00537 #if !defined(NO_OLD_POLY1305) 00538 #ifdef HAVE_ECC 00539 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00540 #ifndef NO_RSA 00541 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00542 #endif 00543 #endif 00544 #if !defined(NO_DH) && !defined(NO_RSA) 00545 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00546 #endif 00547 #endif /* NO_OLD_POLY1305 */ 00548 #if !defined(NO_PSK) 00549 #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 00550 #ifdef HAVE_ECC 00551 #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 00552 #endif 00553 #ifndef NO_DH 00554 #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 00555 #endif 00556 #endif /* !NO_PSK */ 00557 #endif 00558 00559 #endif /* !WOLFSSL_MAX_STRENGTH */ 00560 00561 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ 00562 !defined(NO_RSA) && defined(HAVE_AESGCM) 00563 00564 #ifndef NO_SHA256 00565 #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00566 #endif 00567 00568 #ifdef WOLFSSL_SHA384 00569 #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00570 #endif 00571 #endif 00572 00573 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) 00574 #ifndef NO_SHA256 00575 #ifdef HAVE_AESGCM 00576 #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00577 #endif 00578 #ifdef HAVE_AESCCM 00579 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM 00580 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM 00581 #endif 00582 #endif 00583 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) 00584 #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00585 #endif 00586 #endif 00587 00588 #if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES) 00589 #ifdef HAVE_AESGCM 00590 #ifndef NO_SHA256 00591 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00592 #ifndef NO_RSA 00593 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00594 #endif 00595 #endif 00596 #ifdef WOLFSSL_SHA384 00597 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00598 #ifndef NO_RSA 00599 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00600 #endif 00601 #endif 00602 #endif 00603 #if defined(HAVE_AESCCM) && !defined(NO_SHA256) 00604 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 00605 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 00606 #endif 00607 #endif 00608 00609 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) 00610 #ifdef HAVE_ECC 00611 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 00612 #ifndef NO_RSA 00613 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 00614 #endif 00615 #endif 00616 #if !defined(NO_DH) && !defined(NO_RSA) 00617 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 00618 #endif 00619 #endif 00620 00621 00622 #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \ 00623 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5) 00624 #define BUILD_ARC4 00625 #endif 00626 00627 #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA) 00628 #define BUILD_DES3 00629 #endif 00630 00631 #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ 00632 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \ 00633 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \ 00634 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256) 00635 #undef BUILD_AES 00636 #define BUILD_AES 00637 #endif 00638 00639 #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ 00640 defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ 00641 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ 00642 defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \ 00643 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) 00644 #define BUILD_AESGCM 00645 #endif 00646 00647 #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ 00648 defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \ 00649 defined(BUILD_TLS_RSA_WITH_HC_128_B2B256) 00650 #define BUILD_HC128 00651 #endif 00652 00653 #if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA) 00654 #define BUILD_RABBIT 00655 #endif 00656 00657 #ifdef NO_DES3 00658 #define DES_BLOCK_SIZE 8 00659 #else 00660 #undef BUILD_DES3 00661 #define BUILD_DES3 00662 #endif 00663 00664 #ifdef NO_AES 00665 #define AES_BLOCK_SIZE 16 00666 #else 00667 #undef BUILD_AES 00668 #define BUILD_AES 00669 #endif 00670 00671 #ifndef NO_RC4 00672 #undef BUILD_ARC4 00673 #define BUILD_ARC4 00674 #endif 00675 00676 #ifdef HAVE_CHACHA 00677 #define CHACHA20_BLOCK_SIZE 16 00678 #endif 00679 00680 #if defined(WOLFSSL_MAX_STRENGTH) || \ 00681 defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ 00682 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) 00683 00684 #define HAVE_AEAD 00685 #endif 00686 00687 #if defined(WOLFSSL_MAX_STRENGTH) || \ 00688 defined(HAVE_ECC) || !defined(NO_DH) 00689 00690 #define HAVE_PFS 00691 #endif 00692 00693 #if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA) 00694 #define BUILD_IDEA 00695 #endif 00696 00697 /* actual cipher values, 2nd byte */ 00698 enum { 00699 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, 00700 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, 00701 TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34, 00702 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, 00703 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, 00704 TLS_RSA_WITH_NULL_SHA = 0x02, 00705 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, 00706 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, 00707 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf, 00708 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, 00709 TLS_PSK_WITH_NULL_SHA256 = 0xb0, 00710 TLS_PSK_WITH_NULL_SHA384 = 0xb1, 00711 TLS_PSK_WITH_NULL_SHA = 0x2c, 00712 SSL_RSA_WITH_RC4_128_SHA = 0x05, 00713 SSL_RSA_WITH_RC4_128_MD5 = 0x04, 00714 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A, 00715 SSL_RSA_WITH_IDEA_CBC_SHA = 0x07, 00716 00717 /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ 00718 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14, 00719 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13, 00720 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A, 00721 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09, 00722 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11, 00723 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07, 00724 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12, 00725 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08, 00726 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27, 00727 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, 00728 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28, 00729 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24, 00730 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06, 00731 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a, 00732 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37, 00733 00734 /* static ECDH, first byte is 0xC0 (ECC_BYTE) */ 00735 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F, 00736 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E, 00737 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05, 00738 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04, 00739 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C, 00740 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02, 00741 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D, 00742 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03, 00743 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29, 00744 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25, 00745 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, 00746 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, 00747 00748 /* wolfSSL extension - eSTREAM */ 00749 TLS_RSA_WITH_HC_128_MD5 = 0xFB, 00750 TLS_RSA_WITH_HC_128_SHA = 0xFC, 00751 TLS_RSA_WITH_RABBIT_SHA = 0xFD, 00752 00753 /* wolfSSL extension - Blake2b 256 */ 00754 TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8, 00755 TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9, 00756 TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */ 00757 00758 /* wolfSSL extension - NTRU */ 00759 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, 00760 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, 00761 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */ 00762 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, 00763 00764 /* wolfSSL extension - NTRU , Quantum-safe Handshake 00765 first byte is 0xD0 (QSH_BYTE) */ 00766 TLS_QSH = 0x01, 00767 00768 /* SHA256 */ 00769 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b, 00770 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67, 00771 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, 00772 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, 00773 TLS_RSA_WITH_NULL_SHA256 = 0x3b, 00774 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2, 00775 TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4, 00776 00777 /* SHA384 */ 00778 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3, 00779 TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5, 00780 00781 /* AES-GCM */ 00782 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, 00783 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, 00784 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, 00785 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, 00786 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, 00787 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, 00788 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa, 00789 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab, 00790 00791 /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ 00792 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, 00793 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c, 00794 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d, 00795 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e, 00796 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, 00797 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30, 00798 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31, 00799 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32, 00800 00801 /* AES-CCM, first byte is 0xC0 but isn't ECC, 00802 * also, in some of the other AES-CCM suites 00803 * there will be second byte number conflicts 00804 * with non-ECC AES-GCM */ 00805 TLS_RSA_WITH_AES_128_CCM_8 = 0xa0, 00806 TLS_RSA_WITH_AES_256_CCM_8 = 0xa1, 00807 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae, 00808 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf, 00809 TLS_PSK_WITH_AES_128_CCM = 0xa4, 00810 TLS_PSK_WITH_AES_256_CCM = 0xa5, 00811 TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, 00812 TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, 00813 TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6, 00814 TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7, 00815 00816 /* Camellia */ 00817 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, 00818 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, 00819 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, 00820 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0, 00821 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45, 00822 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88, 00823 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, 00824 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, 00825 00826 /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */ 00827 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8, 00828 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9, 00829 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa, 00830 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac, 00831 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab, 00832 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad, 00833 00834 /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */ 00835 TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13, 00836 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14, 00837 TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15, 00838 00839 /* Renegotiation Indication Extension Special Suite */ 00840 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff 00841 }; 00842 00843 00844 #ifndef WOLFSSL_SESSION_TIMEOUT 00845 #define WOLFSSL_SESSION_TIMEOUT 500 00846 /* default session resumption cache timeout in seconds */ 00847 #endif 00848 00849 00850 enum Misc { 00851 ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ 00852 QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */ 00853 CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ 00854 00855 SEND_CERT = 1, 00856 SEND_BLANK_CERT = 2, 00857 00858 DTLS_MAJOR = 0xfe, /* DTLS major version number */ 00859 DTLS_MINOR = 0xff, /* DTLS minor version number */ 00860 DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */ 00861 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ 00862 SSLv3_MINOR = 0, /* TLSv1 minor version number */ 00863 TLSv1_MINOR = 1, /* TLSv1 minor version number */ 00864 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ 00865 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ 00866 OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ 00867 INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ 00868 NO_COMPRESSION = 0, 00869 ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */ 00870 HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */ 00871 SECRET_LEN = 48, /* pre RSA and all master */ 00872 ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ 00873 SIZEOF_SENDER = 4, /* clnt or srvr */ 00874 FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */ 00875 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ 00876 MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE, 00877 /* max added to msg, mac + pad from */ 00878 /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max 00879 digest sz + BLOC_SZ (iv) + pad byte (1) */ 00880 MAX_COMP_EXTRA = 1024, /* max compression extra */ 00881 MAX_MTU = 1500, /* max expected MTU */ 00882 MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */ 00883 MAX_DH_SZ = 1036, /* 4096 p, pub, g + 2 byte size for each */ 00884 MAX_STR_VERSION = 8, /* string rep of protocol version */ 00885 00886 PAD_MD5 = 48, /* pad length for finished */ 00887 PAD_SHA = 40, /* pad length for finished */ 00888 MAX_PAD_SIZE = 256, /* maximum length of padding */ 00889 COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */ 00890 COMPRESS_CONSTANT = 13, /* compression calc constant */ 00891 COMPRESS_UPPER = 55, /* compression calc numerator */ 00892 COMPRESS_LOWER = 64, /* compression calc denominator */ 00893 00894 PEM_LINE_LEN = 80, /* PEM line max + fudge */ 00895 LENGTH_SZ = 2, /* length field for HMAC, data only */ 00896 VERSION_SZ = 2, /* length of proctocol version */ 00897 SEQ_SZ = 8, /* 64 bit sequence number */ 00898 BYTE3_LEN = 3, /* up to 24 bit byte lengths */ 00899 ALERT_SIZE = 2, /* level + description */ 00900 VERIFY_HEADER = 2, /* always use 2 bytes */ 00901 EXT_ID_SZ = 2, /* always use 2 bytes */ 00902 MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */ 00903 SESSION_HINT_SZ = 4, /* session timeout hint */ 00904 00905 RAN_LEN = 32, /* random length */ 00906 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ 00907 ID_LEN = 32, /* session id length */ 00908 COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */ 00909 MAX_COOKIE_LEN = 32, /* max dtls cookie size */ 00910 COOKIE_SZ = 20, /* use a 20 byte cookie */ 00911 SUITE_LEN = 2, /* cipher suite sz length */ 00912 ENUM_LEN = 1, /* always a byte */ 00913 OPAQUE8_LEN = 1, /* 1 byte */ 00914 OPAQUE16_LEN = 2, /* 2 bytes */ 00915 OPAQUE24_LEN = 3, /* 3 bytes */ 00916 OPAQUE32_LEN = 4, /* 4 bytes */ 00917 COMP_LEN = 1, /* compression length */ 00918 CURVE_LEN = 2, /* ecc named curve length */ 00919 SERVER_ID_LEN = 20, /* server session id length */ 00920 00921 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ 00922 RECORD_HEADER_SZ = 5, /* type + version + len(2) */ 00923 CERT_HEADER_SZ = 3, /* always 3 bytes */ 00924 REQ_HEADER_SZ = 2, /* cert request header sz */ 00925 HINT_LEN_SZ = 2, /* length of hint size field */ 00926 TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */ 00927 HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */ 00928 HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */ 00929 HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */ 00930 HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */ 00931 HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */ 00932 00933 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ 00934 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ 00935 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */ 00936 DTLS_RECORD_EXTRA = 8, /* diff from normal */ 00937 DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */ 00938 DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ 00939 DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */ 00940 00941 FINISHED_LABEL_SZ = 15, /* TLS finished label size */ 00942 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ 00943 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ 00944 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ 00945 MAX_PRF_HALF = 256, /* Maximum half secret len */ 00946 MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ 00947 MAX_PRF_DIG = 224, /* Maximum digest len */ 00948 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ 00949 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ 00950 00951 RC4_KEY_SIZE = 16, /* always 128bit */ 00952 DES_KEY_SIZE = 8, /* des */ 00953 DES3_KEY_SIZE = 24, /* 3 des ede */ 00954 DES_IV_SIZE = DES_BLOCK_SIZE, 00955 AES_256_KEY_SIZE = 32, /* for 256 bit */ 00956 AES_192_KEY_SIZE = 24, /* for 192 bit */ 00957 AES_IV_SIZE = 16, /* always block size */ 00958 AES_128_KEY_SIZE = 16, /* for 128 bit */ 00959 00960 AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ 00961 AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ 00962 AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */ 00963 AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */ 00964 AEAD_LEN_OFFSET = 11, /* Auth Data: Length */ 00965 AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */ 00966 AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */ 00967 AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */ 00968 AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ, 00969 00970 CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */ 00971 CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */ 00972 CHACHA20_OLD_OFFSET = 8, /* Offset for seq # in old poly1305 */ 00973 00974 /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */ 00975 00976 AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */ 00977 AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */ 00978 AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */ 00979 00980 CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */ 00981 CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */ 00982 CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ 00983 CAMELLIA_IV_SIZE = 16, /* always block size */ 00984 00985 CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */ 00986 CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */ 00987 CHACHA20_IV_SIZE = 12, /* 96 bits for iv */ 00988 00989 POLY1305_AUTH_SZ = 16, /* 128 bits */ 00990 00991 HC_128_KEY_SIZE = 16, /* 128 bits */ 00992 HC_128_IV_SIZE = 16, /* also 128 bits */ 00993 00994 RABBIT_KEY_SIZE = 16, /* 128 bits */ 00995 RABBIT_IV_SIZE = 8, /* 64 bits for iv */ 00996 00997 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ 00998 00999 ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */ 01000 MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */ 01001 01002 #ifdef HAVE_QSH 01003 /* qsh handshake sends 600+ size keys over hello extensions */ 01004 MAX_HELLO_SZ = 2048, /* max client or server hello */ 01005 #else 01006 MAX_HELLO_SZ = 128, /* max client or server hello */ 01007 #endif 01008 MAX_CERT_VERIFY_SZ = 1024, /* max */ 01009 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ 01010 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ 01011 01012 DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */ 01013 DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ 01014 DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ 01015 01016 MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */ 01017 MAX_PSK_KEY_LEN = 64, /* max psk key supported */ 01018 01019 MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */ 01020 01021 #if defined(FORTRESS) || defined (HAVE_STUNNEL) 01022 MAX_EX_DATA = 3, /* allow for three items of ex_data */ 01023 #endif 01024 01025 MAX_X509_SIZE = 2048, /* max static x509 buffer size */ 01026 CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ 01027 MAX_FILENAME_SZ = 256, /* max file name length */ 01028 FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input, 01029 will use dynamic buffer if not big enough */ 01030 01031 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */ 01032 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */ 01033 MAX_NTRU_BITS = 256, /* max symmetric bit strength */ 01034 NO_SNIFF = 0, /* not sniffing */ 01035 SNIFF = 1, /* currently sniffing */ 01036 01037 HASH_SIG_SIZE = 2, /* default SHA1 RSA */ 01038 01039 NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */ 01040 01041 NO_COPY = 0, /* should we copy static buffer for write */ 01042 COPY = 1 /* should we copy static buffer for write */ 01043 }; 01044 01045 01046 /* Set max implicit IV size for AEAD cipher suites */ 01047 #ifdef HAVE_CHACHA 01048 #define AEAD_MAX_IMP_SZ 12 01049 #else 01050 #define AEAD_MAX_IMP_SZ 4 01051 #endif 01052 01053 /* Set max explicit IV size for AEAD cipher suites */ 01054 #define AEAD_MAX_EXP_SZ 8 01055 01056 01057 #ifndef WOLFSSL_MAX_SUITE_SZ 01058 #define WOLFSSL_MAX_SUITE_SZ 300 01059 /* 150 suites for now! */ 01060 #endif 01061 01062 01063 #ifndef WOLFSSL_MIN_DHKEY_BITS 01064 #ifdef WOLFSSL_MAX_STRENGTH 01065 #define WOLFSSL_MIN_DHKEY_BITS 2048 01066 #else 01067 #define WOLFSSL_MIN_DHKEY_BITS 1024 01068 #endif 01069 #endif 01070 #if (WOLFSSL_MIN_DHKEY_BITS % 8) 01071 #error DH minimum bit size must be multiple of 8 01072 #endif 01073 #if (WOLFSSL_MIN_DHKEY_BITS > 16000) 01074 #error DH minimum bit size must not be greater than 16000 01075 #endif 01076 #define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8) 01077 01078 01079 #ifdef SESSION_INDEX 01080 /* Shift values for making a session index */ 01081 #define SESSIDX_ROW_SHIFT 4 01082 #define SESSIDX_IDX_MASK 0x0F 01083 #endif 01084 01085 01086 /* max cert chain peer depth */ 01087 #ifndef MAX_CHAIN_DEPTH 01088 #define MAX_CHAIN_DEPTH 9 01089 #endif 01090 01091 /* max size of a certificate message payload */ 01092 /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */ 01093 #ifndef MAX_CERTIFICATE_SZ 01094 #define MAX_CERTIFICATE_SZ \ 01095 CERT_HEADER_SZ + \ 01096 (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH 01097 #endif 01098 01099 /* max size of a handshake message, currently set to the certificate */ 01100 #ifndef MAX_HANDSHAKE_SZ 01101 #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ 01102 #endif 01103 01104 #ifndef SESSION_TICKET_LEN 01105 #define SESSION_TICKET_LEN 256 01106 #endif 01107 01108 #ifndef SESSION_TICKET_HINT_DEFAULT 01109 #define SESSION_TICKET_HINT_DEFAULT 300 01110 #endif 01111 01112 01113 /* don't use extra 3/4k stack space unless need to */ 01114 #ifdef HAVE_NTRU 01115 #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ 01116 #else 01117 #define MAX_ENCRYPT_SZ ENCRYPT_LEN 01118 #endif 01119 01120 01121 /* states */ 01122 enum states { 01123 NULL_STATE = 0, 01124 01125 SERVER_HELLOVERIFYREQUEST_COMPLETE, 01126 SERVER_HELLO_COMPLETE, 01127 SERVER_CERT_COMPLETE, 01128 SERVER_KEYEXCHANGE_COMPLETE, 01129 SERVER_HELLODONE_COMPLETE, 01130 SERVER_FINISHED_COMPLETE, 01131 01132 CLIENT_HELLO_COMPLETE, 01133 CLIENT_KEYEXCHANGE_COMPLETE, 01134 CLIENT_FINISHED_COMPLETE, 01135 01136 HANDSHAKE_DONE 01137 }; 01138 01139 01140 #if defined(__GNUC__) 01141 #define WOLFSSL_PACK __attribute__ ((packed)) 01142 #else 01143 #define WOLFSSL_PACK 01144 #endif 01145 01146 /* SSL Version */ 01147 typedef struct ProtocolVersion { 01148 byte major; 01149 byte minor; 01150 } WOLFSSL_PACK ProtocolVersion; 01151 01152 01153 WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void); 01154 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void); 01155 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void); 01156 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void); 01157 01158 #ifdef WOLFSSL_DTLS 01159 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void); 01160 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); 01161 #endif 01162 01163 01164 enum BIO_TYPE { 01165 BIO_BUFFER = 1, 01166 BIO_SOCKET = 2, 01167 BIO_SSL = 3, 01168 BIO_MEMORY = 4 01169 }; 01170 01171 01172 /* wolfSSL BIO_METHOD type */ 01173 struct WOLFSSL_BIO_METHOD { 01174 byte type; /* method type */ 01175 }; 01176 01177 01178 /* wolfSSL BIO type */ 01179 struct WOLFSSL_BIO { 01180 byte type; /* method type */ 01181 byte close; /* close flag */ 01182 byte eof; /* eof flag */ 01183 WOLFSSL* ssl; /* possible associated ssl */ 01184 byte* mem; /* memory buffer */ 01185 int memLen; /* memory buffer length */ 01186 int fd; /* possible file descriptor */ 01187 WOLFSSL_BIO* prev; /* previous in chain */ 01188 WOLFSSL_BIO* next; /* next in chain */ 01189 }; 01190 01191 01192 /* wolfSSL method type */ 01193 struct WOLFSSL_METHOD { 01194 ProtocolVersion version; 01195 byte side; /* connection side, server or client */ 01196 byte downgrade; /* whether to downgrade version, default no */ 01197 }; 01198 01199 01200 /* defaults to client */ 01201 WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion); 01202 01203 /* for sniffer */ 01204 WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 01205 word32 size, word32 totalSz, int sniff); 01206 WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx); 01207 01208 01209 /* wolfSSL buffer type */ 01210 typedef struct buffer { 01211 byte* buffer; 01212 word32 length; 01213 } buffer; 01214 01215 #ifndef NO_CERTS 01216 /* wolfSSL DER buffer */ 01217 typedef struct DerBuffer { 01218 byte* buffer; 01219 void* heap; 01220 word32 length; 01221 int type; /* enum CertType */ 01222 int dynType; /* DYNAMIC_TYPE_* */ 01223 } DerBuffer; 01224 #endif /* !NO_CERTS */ 01225 01226 01227 enum { 01228 FORCED_FREE = 1, 01229 NO_FORCED_FREE = 0 01230 }; 01231 01232 01233 /* only use compression extra if using compression */ 01234 #ifdef HAVE_LIBZ 01235 #define COMP_EXTRA MAX_COMP_EXTRA 01236 #else 01237 #define COMP_EXTRA 0 01238 #endif 01239 01240 /* only the sniffer needs space in the buffer for extra MTU record(s) */ 01241 #ifdef WOLFSSL_SNIFFER 01242 #define MTU_EXTRA MAX_MTU * 3 01243 #else 01244 #define MTU_EXTRA 0 01245 #endif 01246 01247 01248 /* embedded callbacks require large static buffers, make sure on */ 01249 #ifdef WOLFSSL_CALLBACKS 01250 #undef LARGE_STATIC_BUFFERS 01251 #define LARGE_STATIC_BUFFERS 01252 #endif 01253 01254 01255 /* give user option to use 16K static buffers */ 01256 #if defined(LARGE_STATIC_BUFFERS) 01257 #define RECORD_SIZE MAX_RECORD_SIZE 01258 #else 01259 #ifdef WOLFSSL_DTLS 01260 #define RECORD_SIZE MAX_MTU 01261 #else 01262 #define RECORD_SIZE 128 01263 #endif 01264 #endif 01265 01266 01267 /* user option to turn off 16K output option */ 01268 /* if using small static buffers (default) and SSL_write tries to write data 01269 larger than the record we have, dynamically get it, unless user says only 01270 write in static buffer chunks */ 01271 #ifndef STATIC_CHUNKS_ONLY 01272 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE 01273 #else 01274 #define OUTPUT_RECORD_SIZE RECORD_SIZE 01275 #endif 01276 01277 /* wolfSSL input buffer 01278 01279 RFC 2246: 01280 01281 length 01282 The length (in bytes) of the following TLSPlaintext.fragment. 01283 The length should not exceed 2^14. 01284 */ 01285 #if defined(LARGE_STATIC_BUFFERS) 01286 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ 01287 MTU_EXTRA + MAX_MSG_EXTRA 01288 #else 01289 /* don't fragment memory from the record header */ 01290 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ 01291 #endif 01292 01293 typedef struct { 01294 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; 01295 byte* buffer; /* place holder for static or dynamic buffer */ 01296 word32 length; /* total buffer length used */ 01297 word32 idx; /* idx to part of length already consumed */ 01298 word32 bufferSize; /* current buffer size */ 01299 byte dynamicFlag; /* dynamic memory currently in use */ 01300 byte offset; /* alignment offset attempt */ 01301 } bufferStatic; 01302 01303 /* Cipher Suites holder */ 01304 typedef struct Suites { 01305 word16 suiteSz; /* suite length in bytes */ 01306 word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ 01307 byte suites[WOLFSSL_MAX_SUITE_SZ]; 01308 byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */ 01309 byte setSuites; /* user set suites from default */ 01310 byte hashAlgo; /* selected hash algorithm */ 01311 byte sigAlgo; /* selected sig algorithm */ 01312 } Suites; 01313 01314 01315 WOLFSSL_LOCAL 01316 void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16, 01317 word16, word16, word16, int); 01318 WOLFSSL_LOCAL 01319 int SetCipherList(Suites*, const char* list); 01320 01321 #ifndef PSK_TYPES_DEFINED 01322 typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*, 01323 unsigned int, unsigned char*, unsigned int); 01324 typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*, 01325 unsigned char*, unsigned int); 01326 #endif /* PSK_TYPES_DEFINED */ 01327 01328 01329 #ifdef HAVE_NETX 01330 WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx); 01331 WOLFSSL_LOCAL int NetX_Send(WOLFSSL *ssl, char *buf, int sz, void *ctx); 01332 #endif /* HAVE_NETX */ 01333 01334 01335 /* wolfSSL Cipher type just points back to SSL */ 01336 struct WOLFSSL_CIPHER { 01337 WOLFSSL* ssl; 01338 }; 01339 01340 01341 typedef struct OcspEntry OcspEntry; 01342 01343 #ifdef NO_SHA 01344 #define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE 01345 #else 01346 #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE 01347 #endif 01348 01349 #ifdef NO_ASN 01350 /* no_asn won't have */ 01351 typedef struct CertStatus CertStatus; 01352 #endif 01353 01354 struct OcspEntry { 01355 OcspEntry* next; /* next entry */ 01356 byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */ 01357 byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */ 01358 CertStatus* status; /* OCSP response list */ 01359 int totalStatus; /* number on list */ 01360 }; 01361 01362 01363 #ifndef HAVE_OCSP 01364 typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; 01365 #endif 01366 01367 /* wolfSSL OCSP controller */ 01368 struct WOLFSSL_OCSP { 01369 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ 01370 OcspEntry* ocspList; /* OCSP response list */ 01371 wolfSSL_Mutex ocspLock; /* OCSP list lock */ 01372 }; 01373 01374 #ifndef MAX_DATE_SIZE 01375 #define MAX_DATE_SIZE 32 01376 #endif 01377 01378 typedef struct CRL_Entry CRL_Entry; 01379 01380 #ifdef NO_SHA 01381 #define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE 01382 #else 01383 #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE 01384 #endif 01385 01386 #ifdef NO_ASN 01387 typedef struct RevokedCert RevokedCert; 01388 #endif 01389 01390 /* Complete CRL */ 01391 struct CRL_Entry { 01392 CRL_Entry* next; /* next entry */ 01393 byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ 01394 /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ 01395 /* restore the hash here if needed for optimized comparisons */ 01396 byte lastDate[MAX_DATE_SIZE]; /* last date updated */ 01397 byte nextDate[MAX_DATE_SIZE]; /* next update date */ 01398 byte lastDateFormat; /* last date format */ 01399 byte nextDateFormat; /* next date format */ 01400 RevokedCert* certs; /* revoked cert list */ 01401 int totalCerts; /* number on list */ 01402 }; 01403 01404 01405 typedef struct CRL_Monitor CRL_Monitor; 01406 01407 /* CRL directory monitor */ 01408 struct CRL_Monitor { 01409 char* path; /* full dir path, if valid pointer we're using */ 01410 int type; /* PEM or ASN1 type */ 01411 }; 01412 01413 01414 #ifndef HAVE_CRL 01415 typedef struct WOLFSSL_CRL WOLFSSL_CRL; 01416 #endif 01417 01418 #if defined(HAVE_CRL) && defined(NO_FILESYSTEM) 01419 #undef HAVE_CRL_MONITOR 01420 #endif 01421 01422 /* wolfSSL CRL controller */ 01423 struct WOLFSSL_CRL { 01424 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ 01425 CRL_Entry* crlList; /* our CRL list */ 01426 wolfSSL_Mutex crlLock; /* CRL list lock */ 01427 CRL_Monitor monitors[2]; /* PEM and DER possible */ 01428 #ifdef HAVE_CRL_MONITOR 01429 pthread_cond_t cond; /* condition to signal setup */ 01430 pthread_t tid; /* monitoring thread */ 01431 int mfd; /* monitor fd, -1 if no init yet */ 01432 int setup; /* thread is setup predicate */ 01433 #endif 01434 }; 01435 01436 01437 #ifdef NO_ASN 01438 typedef struct Signer Signer; 01439 #ifdef WOLFSSL_TRUST_PEER_CERT 01440 typedef struct TrustedPeerCert TrustedPeerCert; 01441 #endif 01442 #endif 01443 01444 01445 #ifndef CA_TABLE_SIZE 01446 #define CA_TABLE_SIZE 11 01447 #endif 01448 #ifdef WOLFSSL_TRUST_PEER_CERT 01449 #define TP_TABLE_SIZE 11 01450 #endif 01451 01452 /* wolfSSL Certificate Manager */ 01453 struct WOLFSSL_CERT_MANAGER { 01454 Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */ 01455 void* heap; /* heap helper */ 01456 #ifdef WOLFSSL_TRUST_PEER_CERT 01457 TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */ 01458 wolfSSL_Mutex tpLock; /* trusted peer list lock */ 01459 #endif 01460 WOLFSSL_CRL* crl; /* CRL checker */ 01461 WOLFSSL_OCSP* ocsp; /* OCSP checker */ 01462 #if !defined(NO_WOLFSSL_SEVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 01463 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) 01464 WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */ 01465 #endif 01466 char* ocspOverrideURL; /* use this responder */ 01467 void* ocspIOCtx; /* I/O callback CTX */ 01468 CallbackCACache caCacheCallback; /* CA cache addition callback */ 01469 CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ 01470 CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ 01471 CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ 01472 wolfSSL_Mutex caLock; /* CA list lock */ 01473 byte crlEnabled; /* is CRL on ? */ 01474 byte crlCheckAll; /* always leaf, but all ? */ 01475 byte ocspEnabled; /* is OCSP on ? */ 01476 byte ocspCheckAll; /* always leaf, but all ? */ 01477 byte ocspSendNonce; /* send the OCSP nonce ? */ 01478 byte ocspUseOverrideURL; /* ignore cert's responder, override */ 01479 byte ocspStaplingEnabled; /* is OCSP Stapling on ? */ 01480 }; 01481 01482 WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); 01483 WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*); 01484 WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*); 01485 WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int); 01486 WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*); 01487 01488 /* wolfSSL Sock Addr */ 01489 struct WOLFSSL_SOCKADDR { 01490 unsigned int sz; /* sockaddr size */ 01491 void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */ 01492 }; 01493 01494 typedef struct WOLFSSL_DTLS_CTX { 01495 WOLFSSL_SOCKADDR peer; 01496 int fd; 01497 } WOLFSSL_DTLS_CTX; 01498 01499 01500 #ifdef WOLFSSL_DTLS 01501 01502 #ifdef WORD64_AVAILABLE 01503 typedef word64 DtlsSeq; 01504 #else 01505 typedef word32 DtlsSeq; 01506 #endif 01507 #define DTLS_SEQ_BITS (sizeof(DtlsSeq) * CHAR_BIT) 01508 01509 typedef struct DtlsState { 01510 DtlsSeq window; /* Sliding window for current epoch */ 01511 word16 nextEpoch; /* Expected epoch in next record */ 01512 word32 nextSeq; /* Expected sequence in next record */ 01513 01514 word16 curEpoch; /* Received epoch in current record */ 01515 word32 curSeq; /* Received sequence in current record */ 01516 01517 DtlsSeq prevWindow; /* Sliding window for old epoch */ 01518 word32 prevSeq; /* Next sequence in allowed old epoch */ 01519 } DtlsState; 01520 01521 #endif /* WOLFSSL_DTLS */ 01522 01523 01524 #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */ 01525 01526 /* keys and secrets */ 01527 typedef struct Keys { 01528 byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */ 01529 byte server_write_MAC_secret[MAX_DIGEST_SIZE]; 01530 byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */ 01531 byte server_write_key[AES_256_KEY_SIZE]; 01532 byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */ 01533 byte server_write_IV[MAX_WRITE_IV_SZ]; 01534 #ifdef HAVE_AEAD 01535 byte aead_exp_IV[AEAD_MAX_EXP_SZ]; 01536 byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ]; 01537 byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ]; 01538 #endif 01539 01540 word32 peer_sequence_number; 01541 word32 sequence_number; 01542 01543 #ifdef WOLFSSL_DTLS 01544 DtlsState dtls_state; /* Peer's state */ 01545 word16 dtls_peer_handshake_number; 01546 word16 dtls_expected_peer_handshake_number; 01547 01548 word32 dtls_sequence_number; /* Current tx sequence */ 01549 word32 dtls_prev_sequence_number; /* Previous epoch's seq number*/ 01550 word16 dtls_epoch; /* Current tx epoch */ 01551 word16 dtls_handshake_number; /* Current tx handshake seq */ 01552 #endif 01553 01554 word32 encryptSz; /* last size of encrypted data */ 01555 word32 padSz; /* how much to advance after decrypt part */ 01556 byte encryptionOn; /* true after change cipher spec */ 01557 byte decryptedCur; /* only decrypt current record once */ 01558 } Keys; 01559 01560 01561 01562 /** TLS Extensions - RFC 6066 */ 01563 #ifdef HAVE_TLS_EXTENSIONS 01564 01565 typedef enum { 01566 TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */ 01567 TLSX_MAX_FRAGMENT_LENGTH = 0x0001, 01568 TLSX_TRUNCATED_HMAC = 0x0004, 01569 TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */ 01570 TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ 01571 TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ 01572 TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */ 01573 TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */ 01574 TLSX_SESSION_TICKET = 0x0023, 01575 TLSX_RENEGOTIATION_INFO = 0xff01 01576 } TLSX_Type; 01577 01578 typedef struct TLSX { 01579 TLSX_Type type; /* Extension Type */ 01580 void* data; /* Extension Data */ 01581 byte resp; /* IsResponse Flag */ 01582 struct TLSX* next; /* List Behavior */ 01583 } TLSX; 01584 01585 WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); 01586 WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list); 01587 WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl); 01588 WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest); 01589 01590 #ifndef NO_WOLFSSL_CLIENT 01591 WOLFSSL_LOCAL word16 TLSX_GetRequestSize(WOLFSSL* ssl); 01592 WOLFSSL_LOCAL word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output); 01593 #endif 01594 01595 #ifndef NO_WOLFSSL_SERVER 01596 WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl); 01597 WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output); 01598 #endif 01599 01600 WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, 01601 byte isRequest, Suites *suites); 01602 01603 #elif defined(HAVE_SNI) \ 01604 || defined(HAVE_MAX_FRAGMENT) \ 01605 || defined(HAVE_TRUNCATED_HMAC) \ 01606 || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 01607 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ 01608 || defined(HAVE_SUPPORTED_CURVES) \ 01609 || defined(HAVE_ALPN) \ 01610 || defined(HAVE_QSH) \ 01611 || defined(HAVE_SESSION_TICKET) \ 01612 || defined(HAVE_SECURE_RENEGOTIATION) 01613 01614 #error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined. 01615 01616 #endif /* HAVE_TLS_EXTENSIONS */ 01617 01618 /** Server Name Indication - RFC 6066 (session 3) */ 01619 #ifdef HAVE_SNI 01620 01621 typedef struct SNI { 01622 byte type; /* SNI Type */ 01623 union { char* host_name; } data; /* SNI Data */ 01624 struct SNI* next; /* List Behavior */ 01625 #ifndef NO_WOLFSSL_SERVER 01626 byte options; /* Behavior options */ 01627 byte status; /* Matching result */ 01628 #endif 01629 } SNI; 01630 01631 WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, 01632 word16 size); 01633 01634 #ifndef NO_WOLFSSL_SERVER 01635 WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, 01636 byte options); 01637 WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); 01638 WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, 01639 void** data); 01640 WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz, 01641 byte type, byte* sni, word32* inOutSz); 01642 #endif 01643 01644 #endif /* HAVE_SNI */ 01645 01646 /* Application-Layer Protocol Negotiation - RFC 7301 */ 01647 #ifdef HAVE_ALPN 01648 typedef struct ALPN { 01649 char* protocol_name; /* ALPN protocol name */ 01650 struct ALPN* next; /* List Behavior */ 01651 byte options; /* Behavior options */ 01652 byte negotiated; /* ALPN protocol negotiated or not */ 01653 } ALPN; 01654 01655 WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions, 01656 void** data, word16 *dataSz); 01657 01658 WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data, 01659 word16 size, byte options); 01660 01661 WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option); 01662 01663 #endif /* HAVE_ALPN */ 01664 01665 /** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */ 01666 #ifdef HAVE_MAX_FRAGMENT 01667 01668 WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl); 01669 01670 #endif /* HAVE_MAX_FRAGMENT */ 01671 01672 /** Truncated HMAC - RFC 6066 (session 7) */ 01673 #ifdef HAVE_TRUNCATED_HMAC 01674 01675 WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions); 01676 01677 #endif /* HAVE_TRUNCATED_HMAC */ 01678 01679 /** Certificate Status Request - RFC 6066 (session 8) */ 01680 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 01681 01682 typedef struct { 01683 byte status_type; 01684 byte options; 01685 union { 01686 OcspRequest ocsp; 01687 } request; 01688 } CertificateStatusRequest; 01689 01690 WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, 01691 byte status_type, byte options); 01692 WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert); 01693 WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); 01694 WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); 01695 01696 #endif 01697 01698 /** Certificate Status Request v2 - RFC 6961 */ 01699 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 01700 01701 typedef struct CSRIv2 { 01702 byte status_type; 01703 byte options; 01704 word16 requests; 01705 union { 01706 OcspRequest ocsp[1 + MAX_CHAIN_DEPTH]; 01707 } request; 01708 struct CSRIv2* next; 01709 } CertificateStatusRequestItemV2; 01710 01711 WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, 01712 byte status_type, byte options); 01713 WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer); 01714 WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, 01715 byte index); 01716 WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); 01717 01718 #endif 01719 01720 /** Supported Elliptic Curves - RFC 4492 (session 4) */ 01721 #ifdef HAVE_SUPPORTED_CURVES 01722 01723 typedef struct EllipticCurve { 01724 word16 name; /* CurveNames */ 01725 struct EllipticCurve* next; /* List Behavior */ 01726 } EllipticCurve; 01727 01728 WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name); 01729 01730 #ifndef NO_WOLFSSL_SERVER 01731 WOLFSSL_LOCAL int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, 01732 byte second); 01733 #endif 01734 01735 #endif /* HAVE_SUPPORTED_CURVES */ 01736 01737 /** Renegotiation Indication - RFC 5746 */ 01738 #ifdef HAVE_SECURE_RENEGOTIATION 01739 01740 enum key_cache_state { 01741 SCR_CACHE_NULL = 0, /* empty / begin state */ 01742 SCR_CACHE_NEEDED, /* need to cache keys */ 01743 SCR_CACHE_COPY, /* we have a cached copy */ 01744 SCR_CACHE_PARTIAL, /* partial restore to real keys */ 01745 SCR_CACHE_COMPLETE /* complete restore to real keys */ 01746 }; 01747 01748 /* Additional Connection State according to rfc5746 section 3.1 */ 01749 typedef struct SecureRenegotiation { 01750 byte enabled; /* secure_renegotiation flag in rfc */ 01751 byte startScr; /* server requested client to start scr */ 01752 enum key_cache_state cache_status; /* track key cache state */ 01753 byte client_verify_data[TLS_FINISHED_SZ]; /* cached */ 01754 byte server_verify_data[TLS_FINISHED_SZ]; /* cached */ 01755 byte subject_hash[SHA_DIGEST_SIZE]; /* peer cert hash */ 01756 Keys tmp_keys; /* can't overwrite real keys yet */ 01757 } SecureRenegotiation; 01758 01759 WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions); 01760 01761 #endif /* HAVE_SECURE_RENEGOTIATION */ 01762 01763 /** Session Ticket - RFC 5077 (session 3.2) */ 01764 #ifdef HAVE_SESSION_TICKET 01765 01766 typedef struct SessionTicket { 01767 word32 lifetime; 01768 byte* data; 01769 word16 size; 01770 } SessionTicket; 01771 01772 WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions, 01773 SessionTicket* ticket); 01774 WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, 01775 byte* data, word16 size); 01776 WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket); 01777 01778 #endif /* HAVE_SESSION_TICKET */ 01779 01780 /** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */ 01781 #ifdef HAVE_QSH 01782 01783 typedef struct QSHScheme { 01784 struct QSHScheme* next; /* List Behavior */ 01785 byte* PK; 01786 word16 name; /* QSHScheme Names */ 01787 word16 PKLen; 01788 } QSHScheme; 01789 01790 typedef struct QSHkey { 01791 struct QSHKey* next; 01792 word16 name; 01793 buffer pub; 01794 buffer pri; 01795 } QSHKey; 01796 01797 typedef struct QSHSecret { 01798 QSHScheme* list; 01799 buffer* SerSi; 01800 buffer* CliSi; 01801 } QSHSecret; 01802 01803 /* used in key exchange during handshake */ 01804 WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, 01805 word16 length, byte isServer); 01806 WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output); 01807 WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest); 01808 01809 /* used by api for setting a specific QSH scheme */ 01810 WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name, 01811 byte* pKey, word16 pKeySz); 01812 01813 /* used when parsing in QSHCipher structs */ 01814 WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn, 01815 byte* out, word16* szOut); 01816 #ifndef NO_WOLFSSL_SERVER 01817 WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name); 01818 #endif 01819 01820 #endif /* HAVE_QSH */ 01821 01822 /* wolfSSL context type */ 01823 struct WOLFSSL_CTX { 01824 WOLFSSL_METHOD* method; 01825 wolfSSL_Mutex countMutex; /* reference count mutex */ 01826 int refCount; /* reference count */ 01827 #ifndef NO_DH 01828 buffer serverDH_P; 01829 buffer serverDH_G; 01830 #endif 01831 #ifndef NO_CERTS 01832 DerBuffer* certificate; 01833 DerBuffer* certChain; 01834 /* chain after self, in DER, with leading size for each cert */ 01835 DerBuffer* privateKey; 01836 WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ 01837 #endif 01838 Suites* suites; /* make dynamic, user may not need/set */ 01839 void* heap; /* for user memory overrides */ 01840 byte verifyPeer; 01841 byte verifyNone; 01842 byte failNoCert; 01843 byte failNoCertxPSK; /* fail if no cert with the exception of PSK*/ 01844 byte sessionCacheOff; 01845 byte sessionCacheFlushOff; 01846 byte sendVerify; /* for client side */ 01847 byte haveRSA; /* RSA available */ 01848 byte haveECC; /* ECC available */ 01849 byte haveDH; /* server DH parms set by user */ 01850 byte haveNTRU; /* server private NTRU key loaded */ 01851 byte haveECDSAsig; /* server cert signed w/ ECDSA */ 01852 byte haveStaticECC; /* static server ECC private key */ 01853 byte partialWrite; /* only one msg per write call */ 01854 byte quietShutdown; /* don't send close notify */ 01855 byte groupMessages; /* group handshake messages before sending */ 01856 byte minDowngrade; /* minimum downgrade version */ 01857 #ifndef NO_DH 01858 word16 minDhKeySz; /* minimum DH key size */ 01859 #endif 01860 CallbackIORecv CBIORecv; 01861 CallbackIOSend CBIOSend; 01862 #ifdef WOLFSSL_DTLS 01863 CallbackGenCookie CBIOCookie; /* gen cookie callback */ 01864 #endif 01865 VerifyCallback verifyCallback; /* cert verification callback */ 01866 word32 timeout; /* session timeout */ 01867 #ifdef HAVE_ECC 01868 word16 eccTempKeySz; /* in octets 20 - 66 */ 01869 word32 pkCurveOID; /* curve Ecc_Sum */ 01870 #endif 01871 #ifndef NO_PSK 01872 byte havePSK; /* psk key set by user */ 01873 wc_psk_client_callback client_psk_cb; /* client callback */ 01874 wc_psk_server_callback server_psk_cb; /* server callback */ 01875 char server_hint[MAX_PSK_ID_LEN]; 01876 #endif /* NO_PSK */ 01877 #ifdef HAVE_ANON 01878 byte haveAnon; /* User wants to allow Anon suites */ 01879 #endif /* HAVE_ANON */ 01880 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 01881 pem_password_cb passwd_cb; 01882 void* userdata; 01883 #endif /* OPENSSL_EXTRA */ 01884 #ifdef HAVE_STUNNEL 01885 void* ex_data[MAX_EX_DATA]; 01886 CallbackSniRecv sniRecvCb; 01887 void* sniRecvCbArg; 01888 #endif 01889 #ifdef HAVE_OCSP 01890 WOLFSSL_OCSP ocsp; 01891 #endif 01892 #ifdef HAVE_CAVIUM 01893 int devId; /* cavium device id to use */ 01894 #endif 01895 #ifdef HAVE_TLS_EXTENSIONS 01896 TLSX* extensions; /* RFC 6066 TLS Extensions data */ 01897 #ifndef NO_WOLFSSL_SERVER 01898 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 01899 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 01900 OcspRequest* certOcspRequest; 01901 #endif 01902 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 01903 OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH]; 01904 #endif 01905 #endif 01906 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SEVER) 01907 SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */ 01908 void* ticketEncCtx; /* session encrypt context */ 01909 int ticketHint; /* ticket hint in seconds */ 01910 #endif 01911 #endif 01912 #ifdef ATOMIC_USER 01913 CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */ 01914 CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */ 01915 #endif 01916 #ifdef HAVE_PK_CALLBACKS 01917 #ifdef HAVE_ECC 01918 CallbackEccSign EccSignCb; /* User EccSign Callback handler */ 01919 CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */ 01920 #endif /* HAVE_ECC */ 01921 #ifndef NO_RSA 01922 CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */ 01923 CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */ 01924 CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */ 01925 CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */ 01926 #endif /* NO_RSA */ 01927 #endif /* HAVE_PK_CALLBACKS */ 01928 }; 01929 01930 01931 WOLFSSL_LOCAL 01932 int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*); 01933 WOLFSSL_LOCAL 01934 void FreeSSL_Ctx(WOLFSSL_CTX*); 01935 WOLFSSL_LOCAL 01936 void SSL_CtxResourceFree(WOLFSSL_CTX*); 01937 01938 WOLFSSL_LOCAL 01939 int DeriveTlsKeys(WOLFSSL* ssl); 01940 WOLFSSL_LOCAL 01941 int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 01942 word32 inSz, word16 sz); 01943 #ifndef NO_CERTS 01944 WOLFSSL_LOCAL 01945 int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify); 01946 WOLFSSL_LOCAL 01947 int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash); 01948 #ifdef WOLFSSL_TRUST_PEER_CERT 01949 WOLFSSL_LOCAL 01950 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify); 01951 WOLFSSL_LOCAL 01952 int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash); 01953 #endif 01954 #endif 01955 01956 /* All cipher suite related info */ 01957 typedef struct CipherSpecs { 01958 word16 key_size; 01959 word16 iv_size; 01960 word16 block_size; 01961 word16 aead_mac_size; 01962 byte bulk_cipher_algorithm; 01963 byte cipher_type; /* block, stream, or aead */ 01964 byte mac_algorithm; 01965 byte kea; /* key exchange algo */ 01966 byte sig_algo; 01967 byte hash_size; 01968 byte pad_size; 01969 byte static_ecdh; 01970 } CipherSpecs; 01971 01972 01973 void InitCipherSpecs(CipherSpecs* cs); 01974 01975 01976 /* Supported Message Authentication Codes from page 43 */ 01977 enum MACAlgorithm { 01978 no_mac, 01979 md5_mac, 01980 sha_mac, 01981 sha224_mac, 01982 sha256_mac, /* needs to match external KDF_MacAlgorithm */ 01983 sha384_mac, 01984 sha512_mac, 01985 rmd_mac, 01986 blake2b_mac 01987 }; 01988 01989 01990 /* Supported Key Exchange Protocols */ 01991 enum KeyExchangeAlgorithm { 01992 no_kea, 01993 rsa_kea, 01994 diffie_hellman_kea, 01995 fortezza_kea, 01996 psk_kea, 01997 dhe_psk_kea, 01998 ecdhe_psk_kea, 01999 ntru_kea, 02000 ecc_diffie_hellman_kea, 02001 ecc_static_diffie_hellman_kea /* for verify suite only */ 02002 }; 02003 02004 02005 /* Supported Authentication Schemes */ 02006 enum SignatureAlgorithm { 02007 anonymous_sa_algo, 02008 rsa_sa_algo, 02009 dsa_sa_algo, 02010 ecc_dsa_sa_algo 02011 }; 02012 02013 02014 /* Supprted ECC Curve Types */ 02015 enum EccCurves { 02016 named_curve = 3 02017 }; 02018 02019 02020 /* Valid client certificate request types from page 27 */ 02021 enum ClientCertificateType { 02022 rsa_sign = 1, 02023 dss_sign = 2, 02024 rsa_fixed_dh = 3, 02025 dss_fixed_dh = 4, 02026 rsa_ephemeral_dh = 5, 02027 dss_ephemeral_dh = 6, 02028 fortezza_kea_cert = 20, 02029 ecdsa_sign = 64, 02030 rsa_fixed_ecdh = 65, 02031 ecdsa_fixed_ecdh = 66 02032 }; 02033 02034 02035 enum CipherType { stream, block, aead }; 02036 02037 02038 02039 02040 02041 02042 /* cipher for now */ 02043 typedef struct Ciphers { 02044 #ifdef BUILD_ARC4 02045 Arc4* arc4; 02046 #endif 02047 #ifdef BUILD_DES3 02048 Des3* des3; 02049 #endif 02050 #if defined(BUILD_AES) || defined(BUILD_AESGCM) 02051 Aes* aes; 02052 #endif 02053 #ifdef HAVE_CAMELLIA 02054 Camellia* cam; 02055 #endif 02056 #ifdef HAVE_CHACHA 02057 ChaCha* chacha; 02058 #endif 02059 #ifdef HAVE_HC128 02060 HC128* hc128; 02061 #endif 02062 #ifdef BUILD_RABBIT 02063 Rabbit* rabbit; 02064 #endif 02065 #ifdef HAVE_IDEA 02066 Idea* idea; 02067 #endif 02068 byte setup; /* have we set it up flag for detection */ 02069 } Ciphers; 02070 02071 02072 #ifdef HAVE_ONE_TIME_AUTH 02073 /* Ciphers for one time authentication such as poly1305 */ 02074 typedef struct OneTimeAuth { 02075 #ifdef HAVE_POLY1305 02076 Poly1305* poly1305; 02077 #endif 02078 byte setup; /* flag for if a cipher has been set */ 02079 02080 } OneTimeAuth; 02081 #endif 02082 02083 02084 WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl); 02085 WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl); 02086 02087 02088 /* hashes type */ 02089 typedef struct Hashes { 02090 #ifndef NO_OLD_TLS 02091 byte md5[MD5_DIGEST_SIZE]; 02092 #endif 02093 byte sha[SHA_DIGEST_SIZE]; 02094 #ifndef NO_SHA256 02095 byte sha256[SHA256_DIGEST_SIZE]; 02096 #endif 02097 #ifdef WOLFSSL_SHA384 02098 byte sha384[SHA384_DIGEST_SIZE]; 02099 #endif 02100 #ifdef WOLFSSL_SHA512 02101 byte sha512[SHA512_DIGEST_SIZE]; 02102 #endif 02103 } Hashes; 02104 02105 02106 /* Static x509 buffer */ 02107 typedef struct x509_buffer { 02108 int length; /* actual size */ 02109 byte buffer[MAX_X509_SIZE]; /* max static cert size */ 02110 } x509_buffer; 02111 02112 02113 /* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */ 02114 struct WOLFSSL_X509_CHAIN { 02115 int count; /* total number in chain */ 02116 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */ 02117 }; 02118 02119 02120 /* wolfSSL session type */ 02121 struct WOLFSSL_SESSION { 02122 word32 bornOn; /* create time in seconds */ 02123 word32 timeout; /* timeout in seconds */ 02124 byte sessionID[ID_LEN]; /* id for protocol */ 02125 byte sessionIDSz; 02126 byte masterSecret[SECRET_LEN]; /* stored secret */ 02127 #ifdef SESSION_CERTS 02128 WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ 02129 ProtocolVersion version; /* which version was used */ 02130 byte cipherSuite0; /* first byte, normally 0 */ 02131 byte cipherSuite; /* 2nd byte, actual suite */ 02132 #endif 02133 #ifndef NO_CLIENT_CACHE 02134 word16 idLen; /* serverID length */ 02135 byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ 02136 #endif 02137 #ifdef HAVE_SESSION_TICKET 02138 word16 ticketLen; 02139 byte ticket[SESSION_TICKET_LEN]; 02140 #endif 02141 #ifdef HAVE_STUNNEL 02142 void* ex_data[MAX_EX_DATA]; 02143 #endif 02144 }; 02145 02146 02147 WOLFSSL_LOCAL 02148 WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*); 02149 WOLFSSL_LOCAL 02150 int SetSession(WOLFSSL*, WOLFSSL_SESSION*); 02151 02152 typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int); 02153 02154 #ifndef NO_CLIENT_CACHE 02155 WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); 02156 #endif 02157 02158 /* client connect state for nonblocking restart */ 02159 enum ConnectState { 02160 CONNECT_BEGIN = 0, 02161 CLIENT_HELLO_SENT, 02162 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */ 02163 HELLO_AGAIN_REPLY, 02164 FIRST_REPLY_DONE, 02165 FIRST_REPLY_FIRST, 02166 FIRST_REPLY_SECOND, 02167 FIRST_REPLY_THIRD, 02168 FIRST_REPLY_FOURTH, 02169 FINISHED_DONE, 02170 SECOND_REPLY_DONE 02171 }; 02172 02173 02174 /* server accept state for nonblocking restart */ 02175 enum AcceptState { 02176 ACCEPT_BEGIN = 0, 02177 ACCEPT_CLIENT_HELLO_DONE, 02178 ACCEPT_FIRST_REPLY_DONE, 02179 SERVER_HELLO_SENT, 02180 CERT_SENT, 02181 CERT_STATUS_SENT, 02182 KEY_EXCHANGE_SENT, 02183 CERT_REQ_SENT, 02184 SERVER_HELLO_DONE, 02185 ACCEPT_SECOND_REPLY_DONE, 02186 TICKET_SENT, 02187 CHANGE_CIPHER_SENT, 02188 ACCEPT_FINISHED_DONE, 02189 ACCEPT_THIRD_REPLY_DONE 02190 }; 02191 02192 02193 typedef struct Buffers { 02194 bufferStatic inputBuffer; 02195 bufferStatic outputBuffer; 02196 buffer domainName; /* for client check */ 02197 buffer clearOutputBuffer; 02198 int prevSent; /* previous plain text bytes sent 02199 when got WANT_WRITE */ 02200 int plainSz; /* plain text bytes in buffer to send 02201 when got WANT_WRITE */ 02202 byte weOwnCert; /* SSL own cert flag */ 02203 byte weOwnCertChain; /* SSL own cert chain flag */ 02204 byte weOwnKey; /* SSL own key flag */ 02205 byte weOwnDH; /* SSL own dh (p,g) flag */ 02206 #ifndef NO_DH 02207 buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */ 02208 buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */ 02209 buffer serverDH_Pub; 02210 buffer serverDH_Priv; 02211 #endif 02212 #ifndef NO_CERTS 02213 DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */ 02214 DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */ 02215 DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */ 02216 /* chain after self, in DER, with leading size for each cert */ 02217 #endif 02218 #ifdef WOLFSSL_DTLS 02219 WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */ 02220 #ifndef NO_WOLFSSL_SERVER 02221 buffer dtlsCookieSecret; /* DTLS cookie secret */ 02222 #endif /* NO_WOLFSSL_SERVER */ 02223 #endif 02224 #ifdef HAVE_PK_CALLBACKS 02225 #ifdef HAVE_ECC 02226 buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */ 02227 #endif /* HAVE_ECC */ 02228 #ifndef NO_RSA 02229 buffer peerRsaKey; /* we own for Rsa Verify Callbacks */ 02230 #endif /* NO_RSA */ 02231 #endif /* HAVE_PK_CALLBACKS */ 02232 } Buffers; 02233 02234 typedef struct Options { 02235 #ifndef NO_PSK 02236 wc_psk_client_callback client_psk_cb; 02237 wc_psk_server_callback server_psk_cb; 02238 word16 havePSK:1; /* psk key set by user */ 02239 #endif /* NO_PSK */ 02240 02241 /* on/off or small bit flags, optimize layout */ 02242 word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */ 02243 word16 sessionCacheOff:1; 02244 word16 sessionCacheFlushOff:1; 02245 word16 side:1; /* client or server end */ 02246 word16 verifyPeer:1; 02247 word16 verifyNone:1; 02248 word16 failNoCert:1; 02249 word16 failNoCertxPSK:1; /* fail for no cert except with PSK */ 02250 word16 downgrade:1; /* allow downgrade of versions */ 02251 word16 resuming:1; 02252 word16 haveSessionId:1; /* server may not send */ 02253 word16 tls:1; /* using TLS ? */ 02254 word16 tls1_1:1; /* using TLSv1.1+ ? */ 02255 word16 dtls:1; /* using datagrams ? */ 02256 word16 connReset:1; /* has the peer reset */ 02257 word16 isClosed:1; /* if we consider conn closed */ 02258 word16 closeNotify:1; /* we've received a close notify */ 02259 word16 sentNotify:1; /* we've sent a close notify */ 02260 word16 usingCompression:1; /* are we using compression */ 02261 word16 haveRSA:1; /* RSA available */ 02262 word16 haveECC:1; /* ECC available */ 02263 word16 haveDH:1; /* server DH parms set by user */ 02264 word16 haveNTRU:1; /* server NTRU private key loaded */ 02265 word16 haveQSH:1; /* have QSH ability */ 02266 word16 haveECDSAsig:1; /* server ECDSA signed cert */ 02267 word16 haveStaticECC:1; /* static server ECC private key */ 02268 word16 havePeerCert:1; /* do we have peer's cert */ 02269 word16 havePeerVerify:1; /* and peer's cert verify */ 02270 word16 usingPSK_cipher:1; /* are using psk as cipher */ 02271 word16 usingAnon_cipher:1; /* are we using an anon cipher */ 02272 word16 sendAlertState:1; /* nonblocking resume */ 02273 word16 partialWrite:1; /* only one msg per write call */ 02274 word16 quietShutdown:1; /* don't send close notify */ 02275 word16 certOnly:1; /* stop once we get cert */ 02276 word16 groupMessages:1; /* group handshake messages */ 02277 word16 usingNonblock:1; /* are we using nonblocking socket */ 02278 word16 saveArrays:1; /* save array Memory for user get keys 02279 or psk */ 02280 #ifdef HAVE_POLY1305 02281 word16 oldPoly:1; /* set when to use old rfc way of poly*/ 02282 #endif 02283 #ifdef HAVE_ANON 02284 word16 haveAnon:1; /* User wants to allow Anon suites */ 02285 #endif 02286 #ifdef HAVE_SESSION_TICKET 02287 word16 createTicket:1; /* Server to create new Ticket */ 02288 word16 useTicket:1; /* Use Ticket not session cache */ 02289 #endif 02290 #ifdef WOLFSSL_DTLS 02291 word16 dtlsHsRetain:1; /* DTLS retaining HS data */ 02292 #endif 02293 02294 /* need full byte values for this section */ 02295 byte processReply; /* nonblocking resume */ 02296 byte cipherSuite0; /* first byte, normally 0 */ 02297 byte cipherSuite; /* second byte, actual suite */ 02298 byte serverState; 02299 byte clientState; 02300 byte handShakeState; 02301 byte handShakeDone; /* at least one handshake complete */ 02302 byte minDowngrade; /* minimum downgrade version */ 02303 byte connectState; /* nonblocking resume */ 02304 byte acceptState; /* nonblocking resume */ 02305 #ifndef NO_DH 02306 word16 minDhKeySz; /* minimum DH key size */ 02307 word16 dhKeySz; /* actual DH key size */ 02308 #endif 02309 02310 } Options; 02311 02312 typedef struct Arrays { 02313 byte* pendingMsg; /* defrag buffer */ 02314 word32 preMasterSz; /* differs for DH, actual size */ 02315 word32 pendingMsgSz; /* defrag buffer size */ 02316 word32 pendingMsgOffset; /* current offset into defrag buffer */ 02317 #ifndef NO_PSK 02318 word32 psk_keySz; /* actual size */ 02319 char client_identity[MAX_PSK_ID_LEN]; 02320 char server_hint[MAX_PSK_ID_LEN]; 02321 byte psk_key[MAX_PSK_KEY_LEN]; 02322 #endif 02323 byte clientRandom[RAN_LEN]; 02324 byte serverRandom[RAN_LEN]; 02325 byte sessionID[ID_LEN]; 02326 byte sessionIDSz; 02327 byte preMasterSecret[ENCRYPT_LEN]; 02328 byte masterSecret[SECRET_LEN]; 02329 #ifdef WOLFSSL_DTLS 02330 byte cookie[MAX_COOKIE_LEN]; 02331 byte cookieSz; 02332 #endif 02333 byte pendingMsgType; /* defrag buffer message type */ 02334 } Arrays; 02335 02336 #ifndef ASN_NAME_MAX 02337 #define ASN_NAME_MAX 256 02338 #endif 02339 02340 #ifndef MAX_DATE_SZ 02341 #define MAX_DATE_SZ 32 02342 #endif 02343 02344 struct WOLFSSL_X509_NAME { 02345 char *name; 02346 char staticName[ASN_NAME_MAX]; 02347 int dynamicName; 02348 int sz; 02349 #ifdef OPENSSL_EXTRA 02350 DecodedName fullName; 02351 #endif /* OPENSSL_EXTRA */ 02352 }; 02353 02354 #ifndef EXTERNAL_SERIAL_SIZE 02355 #define EXTERNAL_SERIAL_SIZE 32 02356 #endif 02357 02358 #ifdef NO_ASN 02359 typedef struct DNS_entry DNS_entry; 02360 #endif 02361 02362 struct WOLFSSL_X509 { 02363 int version; 02364 WOLFSSL_X509_NAME issuer; 02365 WOLFSSL_X509_NAME subject; 02366 int serialSz; 02367 byte serial[EXTERNAL_SERIAL_SIZE]; 02368 char subjectCN[ASN_NAME_MAX]; /* common name short cut */ 02369 #ifdef WOLFSSL_SEP 02370 int deviceTypeSz; 02371 byte deviceType[EXTERNAL_SERIAL_SIZE]; 02372 int hwTypeSz; 02373 byte hwType[EXTERNAL_SERIAL_SIZE]; 02374 int hwSerialNumSz; 02375 byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; 02376 #ifdef OPENSSL_EXTRA 02377 byte certPolicySet; 02378 byte certPolicyCrit; 02379 #endif /* OPENSSL_EXTRA */ 02380 #endif 02381 int notBeforeSz; 02382 byte notBefore[MAX_DATE_SZ]; 02383 int notAfterSz; 02384 byte notAfter[MAX_DATE_SZ]; 02385 int sigOID; 02386 buffer sig; 02387 int pubKeyOID; 02388 buffer pubKey; 02389 #ifdef HAVE_ECC 02390 word32 pkCurveOID; 02391 #endif /* HAVE_ECC */ 02392 #ifndef NO_CERTS 02393 DerBuffer* derCert; /* may need */ 02394 #endif 02395 DNS_entry* altNames; /* alt names list */ 02396 DNS_entry* altNamesNext; /* hint for retrieval */ 02397 byte dynamicMemory; /* dynamic memory flag */ 02398 byte isCa; 02399 #ifdef OPENSSL_EXTRA 02400 word32 pathLength; 02401 word16 keyUsage; 02402 byte basicConstSet; 02403 byte basicConstCrit; 02404 byte basicConstPlSet; 02405 byte subjAltNameSet; 02406 byte subjAltNameCrit; 02407 byte authKeyIdSet; 02408 byte authKeyIdCrit; 02409 byte* authKeyId; 02410 word32 authKeyIdSz; 02411 byte subjKeyIdSet; 02412 byte subjKeyIdCrit; 02413 byte* subjKeyId; 02414 word32 subjKeyIdSz; 02415 byte keyUsageSet; 02416 byte keyUsageCrit; 02417 #endif /* OPENSSL_EXTRA */ 02418 }; 02419 02420 02421 /* record layer header for PlainText, Compressed, and CipherText */ 02422 typedef struct RecordLayerHeader { 02423 byte type; 02424 byte pvMajor; 02425 byte pvMinor; 02426 byte length[2]; 02427 } RecordLayerHeader; 02428 02429 02430 /* record layer header for DTLS PlainText, Compressed, and CipherText */ 02431 typedef struct DtlsRecordLayerHeader { 02432 byte type; 02433 byte pvMajor; 02434 byte pvMinor; 02435 byte epoch[2]; /* increment on cipher state change */ 02436 byte sequence_number[6]; /* per record */ 02437 byte length[2]; 02438 } DtlsRecordLayerHeader; 02439 02440 02441 typedef struct DtlsPool { 02442 buffer buf[DTLS_POOL_SZ]; 02443 word16 epoch[DTLS_POOL_SZ]; 02444 int used; 02445 } DtlsPool; 02446 02447 02448 typedef struct DtlsFrag { 02449 word32 begin; 02450 word32 end; 02451 struct DtlsFrag* next; 02452 } DtlsFrag; 02453 02454 02455 typedef struct DtlsMsg { 02456 struct DtlsMsg* next; 02457 byte* buf; 02458 byte* msg; 02459 DtlsFrag* fragList; 02460 word32 fragSz; /* Length of fragments received */ 02461 word32 seq; /* Handshake sequence number */ 02462 word32 sz; /* Length of whole mesage */ 02463 byte type; 02464 } DtlsMsg; 02465 02466 02467 #ifdef HAVE_NETX 02468 02469 /* NETX I/O Callback default */ 02470 typedef struct NetX_Ctx { 02471 NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */ 02472 NX_PACKET* nxPacket; /* incoming packet handle for short reads */ 02473 ULONG nxOffset; /* offset already read from nxPacket */ 02474 ULONG nxWait; /* wait option flag */ 02475 } NetX_Ctx; 02476 02477 #endif 02478 02479 02480 /* Handshake messages received from peer (plus change cipher */ 02481 typedef struct MsgsReceived { 02482 word16 got_hello_request:1; 02483 word16 got_client_hello:1; 02484 word16 got_server_hello:1; 02485 word16 got_hello_verify_request:1; 02486 word16 got_session_ticket:1; 02487 word16 got_certificate:1; 02488 word16 got_certificate_status:1; 02489 word16 got_server_key_exchange:1; 02490 word16 got_certificate_request:1; 02491 word16 got_server_hello_done:1; 02492 word16 got_certificate_verify:1; 02493 word16 got_client_key_exchange:1; 02494 word16 got_finished:1; 02495 word16 got_change_cipher:1; 02496 } MsgsReceived; 02497 02498 02499 /* Handshake hashes */ 02500 typedef struct HS_Hashes { 02501 Hashes verifyHashes; 02502 Hashes certHashes; /* for cert verify */ 02503 #ifndef NO_OLD_TLS 02504 #ifndef NO_SHA 02505 Sha hashSha; /* sha hash of handshake msgs */ 02506 #endif 02507 #ifndef NO_MD5 02508 Md5 hashMd5; /* md5 hash of handshake msgs */ 02509 #endif 02510 #endif /* NO_OLD_TLS */ 02511 #ifndef NO_SHA256 02512 Sha256 hashSha256; /* sha256 hash of handshake msgs */ 02513 #endif 02514 #ifdef WOLFSSL_SHA384 02515 Sha384 hashSha384; /* sha384 hash of handshake msgs */ 02516 #endif 02517 #ifdef WOLFSSL_SHA512 02518 Sha512 hashSha512; /* sha512 hash of handshake msgs */ 02519 #endif 02520 } HS_Hashes; 02521 02522 02523 /* wolfSSL ssl type */ 02524 struct WOLFSSL { 02525 WOLFSSL_CTX* ctx; 02526 Suites* suites; /* only need during handshake */ 02527 Arrays* arrays; 02528 HS_Hashes* hsHashes; 02529 void* IOCB_ReadCtx; 02530 void* IOCB_WriteCtx; 02531 WC_RNG* rng; 02532 void* verifyCbCtx; /* cert verify callback user ctx*/ 02533 VerifyCallback verifyCallback; /* cert verification callback */ 02534 void* heap; /* for user overrides */ 02535 #ifndef NO_HANDSHAKE_DONE_CB 02536 HandShakeDoneCb hsDoneCb; /* notify user handshake done */ 02537 void* hsDoneCtx; /* user handshake cb context */ 02538 #endif 02539 WOLFSSL_CIPHER cipher; 02540 hmacfp hmac; 02541 Ciphers encrypt; 02542 Ciphers decrypt; 02543 Buffers buffers; 02544 WOLFSSL_SESSION session; 02545 WOLFSSL_ALERT_HISTORY alert_history; 02546 int error; 02547 int rfd; /* read file descriptor */ 02548 int wfd; /* write file descriptor */ 02549 int rflags; /* user read flags */ 02550 int wflags; /* user write flags */ 02551 word32 timeout; /* session timeout */ 02552 word32 fragOffset; /* fragment offset */ 02553 word16 curSize; 02554 RecordLayerHeader curRL; 02555 MsgsReceived msgsReceived; /* peer messages received */ 02556 ProtocolVersion version; /* negotiated version */ 02557 ProtocolVersion chVersion; /* client hello version */ 02558 CipherSpecs specs; 02559 Keys keys; 02560 Options options; 02561 #ifdef OPENSSL_EXTRA 02562 WOLFSSL_BIO* biord; /* socket bio read to free/close */ 02563 WOLFSSL_BIO* biowr; /* socket bio write to free/close */ 02564 #endif 02565 #ifndef NO_RSA 02566 RsaKey* peerRsaKey; 02567 byte peerRsaKeyPresent; 02568 #endif 02569 #ifdef HAVE_QSH 02570 QSHKey* QSH_Key; 02571 QSHKey* peerQSHKey; 02572 QSHSecret* QSH_secret; 02573 byte isQSH; /* is the handshake a QSH? */ 02574 byte sendQSHKeys; /* flag for if the client should sen 02575 public keys */ 02576 byte peerQSHKeyPresent; 02577 byte minRequest; 02578 byte maxRequest; 02579 byte user_set_QSHSchemes; 02580 #endif 02581 #ifdef HAVE_NTRU 02582 word16 peerNtruKeyLen; 02583 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; 02584 byte peerNtruKeyPresent; 02585 #endif 02586 #ifdef HAVE_ECC 02587 ecc_key* peerEccKey; /* peer's ECDHE key */ 02588 ecc_key* peerEccDsaKey; /* peer's ECDSA key */ 02589 ecc_key* eccTempKey; /* private ECDHE key */ 02590 word32 pkCurveOID; /* curve Ecc_Sum */ 02591 word16 eccTempKeySz; /* in octets 20 - 66 */ 02592 byte peerEccKeyPresent; 02593 byte peerEccDsaKeyPresent; 02594 byte eccTempKeyPresent; 02595 #endif 02596 #ifdef HAVE_LIBZ 02597 z_stream c_stream; /* compression stream */ 02598 z_stream d_stream; /* decompression stream */ 02599 byte didStreamInit; /* for stream init and end */ 02600 #endif 02601 #ifdef WOLFSSL_DTLS 02602 int dtls_timeout_init; /* starting timeout value */ 02603 int dtls_timeout_max; /* maximum timeout value */ 02604 int dtls_timeout; /* current timeout value, changes */ 02605 DtlsPool* dtls_pool; 02606 DtlsMsg* dtls_msg_list; 02607 void* IOCB_CookieCtx; /* gen cookie ctx */ 02608 word32 dtls_expected_rx; 02609 #endif 02610 #ifdef WOLFSSL_CALLBACKS 02611 HandShakeInfo handShakeInfo; /* info saved during handshake */ 02612 TimeoutInfo timeoutInfo; /* info saved during handshake */ 02613 byte hsInfoOn; /* track handshake info */ 02614 byte toInfoOn; /* track timeout info */ 02615 #endif 02616 #ifdef HAVE_FUZZER 02617 CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */ 02618 void* fuzzerCtx; /* user defined pointer */ 02619 #endif 02620 #ifdef KEEP_PEER_CERT 02621 WOLFSSL_X509 peerCert; /* X509 peer cert */ 02622 #endif 02623 #if defined(FORTRESS) || defined(HAVE_STUNNEL) 02624 void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ 02625 #endif 02626 #ifdef HAVE_CAVIUM 02627 int devId; /* cavium device id to use */ 02628 #endif 02629 #ifdef HAVE_ONE_TIME_AUTH 02630 OneTimeAuth auth; 02631 #endif 02632 #ifdef HAVE_TLS_EXTENSIONS 02633 TLSX* extensions; /* RFC 6066 TLS Extensions data */ 02634 #ifdef HAVE_MAX_FRAGMENT 02635 word16 max_fragment; 02636 #endif 02637 #ifdef HAVE_TRUNCATED_HMAC 02638 byte truncated_hmac; 02639 #endif 02640 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 02641 byte status_request; 02642 #endif 02643 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 02644 byte status_request_v2; 02645 #endif 02646 #ifdef HAVE_SECURE_RENEGOTIATION 02647 SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */ 02648 #endif /* user turned on */ 02649 #ifdef HAVE_ALPN 02650 char* alpn_client_list; /* keep the client's list */ 02651 #endif /* of accepted protocols */ 02652 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) 02653 CallbackSessionTicket session_ticket_cb; 02654 void* session_ticket_ctx; 02655 byte expect_session_ticket; 02656 #endif 02657 #endif /* HAVE_TLS_EXTENSIONS */ 02658 #ifdef HAVE_NETX 02659 NetX_Ctx nxCtx; /* NetX IO Context */ 02660 #endif 02661 #ifdef SESSION_INDEX 02662 int sessionIndex; /* Session's location in the cache. */ 02663 #endif 02664 #ifdef ATOMIC_USER 02665 void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */ 02666 void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */ 02667 #endif 02668 #ifdef HAVE_PK_CALLBACKS 02669 #ifdef HAVE_ECC 02670 void* EccSignCtx; /* Ecc Sign Callback Context */ 02671 void* EccVerifyCtx; /* Ecc Verify Callback Context */ 02672 #endif /* HAVE_ECC */ 02673 #ifndef NO_RSA 02674 void* RsaSignCtx; /* Rsa Sign Callback Context */ 02675 void* RsaVerifyCtx; /* Rsa Verify Callback Context */ 02676 void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */ 02677 void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */ 02678 #endif /* NO_RSA */ 02679 #endif /* HAVE_PK_CALLBACKS */ 02680 #ifdef HAVE_SECRET_CALLBACK 02681 SessionSecretCb sessionSecretCb; 02682 void* sessionSecretCtx; 02683 #endif /* HAVE_SECRET_CALLBACK */ 02684 #ifdef WOLFSSL_JNI 02685 void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */ 02686 #endif /* WOLFSSL_JNI */ 02687 }; 02688 02689 02690 WOLFSSL_LOCAL 02691 int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*); 02692 WOLFSSL_LOCAL 02693 int InitSSL(WOLFSSL*, WOLFSSL_CTX*); 02694 WOLFSSL_LOCAL 02695 void FreeSSL(WOLFSSL*); 02696 WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ 02697 02698 02699 enum { 02700 IV_SZ = 32, /* max iv sz */ 02701 NAME_SZ = 80 /* max one line */ 02702 }; 02703 02704 02705 typedef struct EncryptedInfo { 02706 char name[NAME_SZ]; /* encryption name */ 02707 byte iv[IV_SZ]; /* encrypted IV */ 02708 word32 ivSz; /* encrypted IV size */ 02709 long consumed; /* tracks PEM bytes consumed */ 02710 byte set; /* if encryption set */ 02711 WOLFSSL_CTX* ctx; /* CTX owner */ 02712 } EncryptedInfo; 02713 02714 02715 #ifndef NO_CERTS 02716 02717 WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap); 02718 WOLFSSL_LOCAL void FreeDer(DerBuffer** der); 02719 02720 WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type, 02721 DerBuffer** pDer, void* heap, EncryptedInfo* info, 02722 int* eccKey); 02723 02724 WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, 02725 int type, WOLFSSL* ssl, int userChain, 02726 WOLFSSL_CRL* crl); 02727 #endif 02728 02729 02730 #ifdef WOLFSSL_CALLBACKS 02731 WOLFSSL_LOCAL 02732 void InitHandShakeInfo(HandShakeInfo*); 02733 WOLFSSL_LOCAL 02734 void FinishHandShakeInfo(HandShakeInfo*, const WOLFSSL*); 02735 WOLFSSL_LOCAL 02736 void AddPacketName(const char*, HandShakeInfo*); 02737 02738 WOLFSSL_LOCAL 02739 void InitTimeoutInfo(TimeoutInfo*); 02740 WOLFSSL_LOCAL 02741 void FreeTimeoutInfo(TimeoutInfo*, void*); 02742 WOLFSSL_LOCAL 02743 void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*); 02744 WOLFSSL_LOCAL 02745 void AddLateName(const char*, TimeoutInfo*); 02746 WOLFSSL_LOCAL 02747 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info); 02748 #endif 02749 02750 02751 /* Record Layer Header identifier from page 12 */ 02752 enum ContentType { 02753 no_type = 0, 02754 change_cipher_spec = 20, 02755 alert = 21, 02756 handshake = 22, 02757 application_data = 23 02758 }; 02759 02760 02761 /* handshake header, same for each message type, pgs 20/21 */ 02762 typedef struct HandShakeHeader { 02763 byte type; 02764 word24 length; 02765 } HandShakeHeader; 02766 02767 02768 /* DTLS handshake header, same for each message type */ 02769 typedef struct DtlsHandShakeHeader { 02770 byte type; 02771 word24 length; 02772 byte message_seq[2]; /* start at 0, retransmit gets same # */ 02773 word24 fragment_offset; /* bytes in previous fragments */ 02774 word24 fragment_length; /* length of this fragment */ 02775 } DtlsHandShakeHeader; 02776 02777 02778 enum HandShakeType { 02779 hello_request = 0, 02780 client_hello = 1, 02781 server_hello = 2, 02782 hello_verify_request = 3, /* DTLS addition */ 02783 session_ticket = 4, 02784 certificate = 11, 02785 server_key_exchange = 12, 02786 certificate_request = 13, 02787 server_hello_done = 14, 02788 certificate_verify = 15, 02789 client_key_exchange = 16, 02790 finished = 20, 02791 certificate_status = 22, 02792 change_cipher_hs = 55, /* simulate unique handshake type for sanity 02793 checks. record layer change_cipher 02794 conflicts with handshake finished */ 02795 no_shake = 255 /* used to initialize the DtlsMsg record */ 02796 }; 02797 02798 02799 static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 }; 02800 static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 }; 02801 02802 static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; 02803 static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; 02804 02805 02806 /* internal functions */ 02807 WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*); 02808 WOLFSSL_LOCAL int SendTicket(WOLFSSL*); 02809 WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); 02810 WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); 02811 WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); 02812 WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); 02813 WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*); 02814 WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*); 02815 WOLFSSL_LOCAL int SendBuffered(WOLFSSL*); 02816 WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int); 02817 WOLFSSL_LOCAL int SendFinished(WOLFSSL*); 02818 WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int); 02819 WOLFSSL_LOCAL int ProcessReply(WOLFSSL*); 02820 02821 WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*); 02822 WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*); 02823 02824 WOLFSSL_LOCAL int AddSession(WOLFSSL*); 02825 WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); 02826 WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData); 02827 02828 WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); 02829 WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); 02830 02831 WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); 02832 WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree); 02833 WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); 02834 02835 WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); 02836 #ifndef NO_CERTS 02837 #ifndef NO_RSA 02838 WOLFSSL_LOCAL int VerifyRsaSign(const byte* sig, word32 sigSz, 02839 const byte* plain, word32 plainSz, 02840 RsaKey* key); 02841 #endif 02842 #ifdef WOLFSSL_TRUST_PEER_CERT 02843 02844 /* options for searching hash table for a matching trusted peer cert */ 02845 #define WC_MATCH_SKID 0 02846 #define WC_MATCH_NAME 1 02847 02848 WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash, 02849 int type); 02850 WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp, 02851 DecodedCert* cert); 02852 #endif 02853 WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash); 02854 #ifndef NO_SKID 02855 WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash); 02856 #endif 02857 #endif 02858 WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, 02859 const byte* sender); 02860 WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep); 02861 WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size); 02862 WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); 02863 02864 #ifndef NO_TLS 02865 WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); 02866 WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, 02867 word32 sz, int content, int verify); 02868 #endif 02869 02870 #ifndef NO_WOLFSSL_CLIENT 02871 WOLFSSL_LOCAL int SendClientHello(WOLFSSL*); 02872 WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*); 02873 WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*); 02874 #endif /* NO_WOLFSSL_CLIENT */ 02875 02876 #ifndef NO_WOLFSSL_SERVER 02877 WOLFSSL_LOCAL int SendServerHello(WOLFSSL*); 02878 WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*); 02879 #endif /* NO_WOLFSSL_SERVER */ 02880 02881 #ifdef WOLFSSL_DTLS 02882 WOLFSSL_LOCAL int DtlsPoolInit(WOLFSSL*); 02883 WOLFSSL_LOCAL int DtlsPoolSave(WOLFSSL*, const byte*, int); 02884 WOLFSSL_LOCAL int DtlsPoolTimeout(WOLFSSL*); 02885 WOLFSSL_LOCAL int DtlsPoolSend(WOLFSSL*); 02886 WOLFSSL_LOCAL void DtlsPoolReset(WOLFSSL*); 02887 WOLFSSL_LOCAL void DtlsPoolDelete(WOLFSSL*); 02888 02889 WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); 02890 WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); 02891 WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); 02892 WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, 02893 word32, word32, void*); 02894 WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); 02895 WOLFSSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg*, word32, const byte*, word32, 02896 byte, word32, word32, void*); 02897 WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); 02898 #endif /* WOLFSSL_DTLS */ 02899 02900 #ifndef NO_TLS 02901 02902 02903 #endif /* NO_TLS */ 02904 02905 02906 WOLFSSL_LOCAL word32 LowResTimer(void); 02907 02908 WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int); 02909 WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name); 02910 WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int); 02911 WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); 02912 #ifndef NO_CERTS 02913 WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); 02914 #endif 02915 02916 /* used by ssl.c and wolfssl_int.c */ 02917 WOLFSSL_LOCAL void c32to24(word32 in, word24 out); 02918 02919 WOLFSSL_LOCAL const char* const* GetCipherNames(void); 02920 WOLFSSL_LOCAL int GetCipherNamesSize(void); 02921 02922 02923 enum encrypt_side { 02924 ENCRYPT_SIDE_ONLY = 1, 02925 DECRYPT_SIDE_ONLY, 02926 ENCRYPT_AND_DECRYPT_SIDE 02927 }; 02928 02929 WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); 02930 02931 02932 #ifdef __cplusplus 02933 } /* extern "C" */ 02934 #endif 02935 02936 #endif /* wolfSSL_INT_H */ 02937
Generated on Tue Jul 12 2022 15:55:20 by
1.7.2