d 0773d / CyaSSL

Fork of CyaSSL for my specific settings

Dependents:   CyaSSL_Example

Fork of CyaSSL by wolf SSL

src/tls.c@0:1239e9b70ca2, 2014-07-12 (annotated)

Committer:
wolfSSL
Date:
Sat Jul 12 07:18:23 2014 +0000
Revision:
0:1239e9b70ca2
CyaSSL 3.0.0;

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:1239e9b70ca2 1 /* tls.c
wolfSSL 0:1239e9b70ca2 2 *
wolfSSL 0:1239e9b70ca2 3 * Copyright (C) 2006-2014 wolfSSL Inc.
wolfSSL 0:1239e9b70ca2 4 *
wolfSSL 0:1239e9b70ca2 5 * This file is part of CyaSSL.
wolfSSL 0:1239e9b70ca2 6 *
wolfSSL 0:1239e9b70ca2 7 * CyaSSL is free software; you can redistribute it and/or modify
wolfSSL 0:1239e9b70ca2 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:1239e9b70ca2 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:1239e9b70ca2 10 * (at your option) any later version.
wolfSSL 0:1239e9b70ca2 11 *
wolfSSL 0:1239e9b70ca2 12 * CyaSSL is distributed in the hope that it will be useful,
wolfSSL 0:1239e9b70ca2 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:1239e9b70ca2 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:1239e9b70ca2 15 * GNU General Public License for more details.
wolfSSL 0:1239e9b70ca2 16 *
wolfSSL 0:1239e9b70ca2 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:1239e9b70ca2 18 * along with this program; if not, write to the Free Software
wolfSSL 0:1239e9b70ca2 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:1239e9b70ca2 20 */
wolfSSL 0:1239e9b70ca2 21
wolfSSL 0:1239e9b70ca2 22 #ifdef HAVE_CONFIG_H
wolfSSL 0:1239e9b70ca2 23 #include <config.h>
wolfSSL 0:1239e9b70ca2 24 #endif
wolfSSL 0:1239e9b70ca2 25
wolfSSL 0:1239e9b70ca2 26 #include <cyassl/ctaocrypt/settings.h>
wolfSSL 0:1239e9b70ca2 27
wolfSSL 0:1239e9b70ca2 28 #include <cyassl/ssl.h>
wolfSSL 0:1239e9b70ca2 29 #include <cyassl/internal.h>
wolfSSL 0:1239e9b70ca2 30 #include <cyassl/error-ssl.h>
wolfSSL 0:1239e9b70ca2 31 #include <cyassl/ctaocrypt/hmac.h>
wolfSSL 0:1239e9b70ca2 32
wolfSSL 0:1239e9b70ca2 33
wolfSSL 0:1239e9b70ca2 34
wolfSSL 0:1239e9b70ca2 35 #ifndef NO_TLS
wolfSSL 0:1239e9b70ca2 36
wolfSSL 0:1239e9b70ca2 37
wolfSSL 0:1239e9b70ca2 38 #ifndef min
wolfSSL 0:1239e9b70ca2 39
wolfSSL 0:1239e9b70ca2 40 static INLINE word32 min(word32 a, word32 b)
wolfSSL 0:1239e9b70ca2 41 {
wolfSSL 0:1239e9b70ca2 42 return a > b ? b : a;
wolfSSL 0:1239e9b70ca2 43 }
wolfSSL 0:1239e9b70ca2 44
wolfSSL 0:1239e9b70ca2 45 #endif /* min */
wolfSSL 0:1239e9b70ca2 46
wolfSSL 0:1239e9b70ca2 47
wolfSSL 0:1239e9b70ca2 48 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 49 #define PHASH_MAX_DIGEST_SIZE SHA384_DIGEST_SIZE
wolfSSL 0:1239e9b70ca2 50 #else
wolfSSL 0:1239e9b70ca2 51 #define PHASH_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
wolfSSL 0:1239e9b70ca2 52 #endif
wolfSSL 0:1239e9b70ca2 53
wolfSSL 0:1239e9b70ca2 54 /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
wolfSSL 0:1239e9b70ca2 55 static int p_hash(byte* result, word32 resLen, const byte* secret,
wolfSSL 0:1239e9b70ca2 56 word32 secLen, const byte* seed, word32 seedLen, int hash)
wolfSSL 0:1239e9b70ca2 57 {
wolfSSL 0:1239e9b70ca2 58 word32 len = PHASH_MAX_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 59 word32 times;
wolfSSL 0:1239e9b70ca2 60 word32 lastLen;
wolfSSL 0:1239e9b70ca2 61 word32 lastTime;
wolfSSL 0:1239e9b70ca2 62 word32 i;
wolfSSL 0:1239e9b70ca2 63 word32 idx = 0;
wolfSSL 0:1239e9b70ca2 64 int ret;
wolfSSL 0:1239e9b70ca2 65 byte previous[PHASH_MAX_DIGEST_SIZE]; /* max size */
wolfSSL 0:1239e9b70ca2 66 byte current[PHASH_MAX_DIGEST_SIZE]; /* max size */
wolfSSL 0:1239e9b70ca2 67
wolfSSL 0:1239e9b70ca2 68 Hmac hmac;
wolfSSL 0:1239e9b70ca2 69
wolfSSL 0:1239e9b70ca2 70 switch (hash) {
wolfSSL 0:1239e9b70ca2 71 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 72 case md5_mac:
wolfSSL 0:1239e9b70ca2 73 {
wolfSSL 0:1239e9b70ca2 74 len = MD5_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 75 hash = MD5;
wolfSSL 0:1239e9b70ca2 76 }
wolfSSL 0:1239e9b70ca2 77 break;
wolfSSL 0:1239e9b70ca2 78 #endif
wolfSSL 0:1239e9b70ca2 79 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 80 case sha256_mac:
wolfSSL 0:1239e9b70ca2 81 {
wolfSSL 0:1239e9b70ca2 82 len = SHA256_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 83 hash = SHA256;
wolfSSL 0:1239e9b70ca2 84 }
wolfSSL 0:1239e9b70ca2 85 break;
wolfSSL 0:1239e9b70ca2 86 #endif
wolfSSL 0:1239e9b70ca2 87 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 88 case sha384_mac:
wolfSSL 0:1239e9b70ca2 89 {
wolfSSL 0:1239e9b70ca2 90 len = SHA384_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 91 hash = SHA384;
wolfSSL 0:1239e9b70ca2 92 }
wolfSSL 0:1239e9b70ca2 93 break;
wolfSSL 0:1239e9b70ca2 94 #endif
wolfSSL 0:1239e9b70ca2 95 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 96 case sha_mac:
wolfSSL 0:1239e9b70ca2 97 default:
wolfSSL 0:1239e9b70ca2 98 {
wolfSSL 0:1239e9b70ca2 99 len = SHA_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 100 hash = SHA;
wolfSSL 0:1239e9b70ca2 101 }
wolfSSL 0:1239e9b70ca2 102 break;
wolfSSL 0:1239e9b70ca2 103 #endif
wolfSSL 0:1239e9b70ca2 104 }
wolfSSL 0:1239e9b70ca2 105
wolfSSL 0:1239e9b70ca2 106 times = resLen / len;
wolfSSL 0:1239e9b70ca2 107 lastLen = resLen % len;
wolfSSL 0:1239e9b70ca2 108 if (lastLen) times += 1;
wolfSSL 0:1239e9b70ca2 109 lastTime = times - 1;
wolfSSL 0:1239e9b70ca2 110
wolfSSL 0:1239e9b70ca2 111 ret = HmacSetKey(&hmac, hash, secret, secLen);
wolfSSL 0:1239e9b70ca2 112 if (ret != 0)
wolfSSL 0:1239e9b70ca2 113 return ret;
wolfSSL 0:1239e9b70ca2 114 ret = HmacUpdate(&hmac, seed, seedLen); /* A0 = seed */
wolfSSL 0:1239e9b70ca2 115 if (ret != 0)
wolfSSL 0:1239e9b70ca2 116 return ret;
wolfSSL 0:1239e9b70ca2 117 ret = HmacFinal(&hmac, previous); /* A1 */
wolfSSL 0:1239e9b70ca2 118 if (ret != 0)
wolfSSL 0:1239e9b70ca2 119 return ret;
wolfSSL 0:1239e9b70ca2 120
wolfSSL 0:1239e9b70ca2 121 for (i = 0; i < times; i++) {
wolfSSL 0:1239e9b70ca2 122 ret = HmacUpdate(&hmac, previous, len);
wolfSSL 0:1239e9b70ca2 123 if (ret != 0)
wolfSSL 0:1239e9b70ca2 124 return ret;
wolfSSL 0:1239e9b70ca2 125 ret = HmacUpdate(&hmac, seed, seedLen);
wolfSSL 0:1239e9b70ca2 126 if (ret != 0)
wolfSSL 0:1239e9b70ca2 127 return ret;
wolfSSL 0:1239e9b70ca2 128 ret = HmacFinal(&hmac, current);
wolfSSL 0:1239e9b70ca2 129 if (ret != 0)
wolfSSL 0:1239e9b70ca2 130 return ret;
wolfSSL 0:1239e9b70ca2 131
wolfSSL 0:1239e9b70ca2 132 if ( (i == lastTime) && lastLen)
wolfSSL 0:1239e9b70ca2 133 XMEMCPY(&result[idx], current, min(lastLen, sizeof(current)));
wolfSSL 0:1239e9b70ca2 134 else {
wolfSSL 0:1239e9b70ca2 135 XMEMCPY(&result[idx], current, len);
wolfSSL 0:1239e9b70ca2 136 idx += len;
wolfSSL 0:1239e9b70ca2 137 ret = HmacUpdate(&hmac, previous, len);
wolfSSL 0:1239e9b70ca2 138 if (ret != 0)
wolfSSL 0:1239e9b70ca2 139 return ret;
wolfSSL 0:1239e9b70ca2 140 ret = HmacFinal(&hmac, previous);
wolfSSL 0:1239e9b70ca2 141 if (ret != 0)
wolfSSL 0:1239e9b70ca2 142 return ret;
wolfSSL 0:1239e9b70ca2 143 }
wolfSSL 0:1239e9b70ca2 144 }
wolfSSL 0:1239e9b70ca2 145 XMEMSET(previous, 0, sizeof previous);
wolfSSL 0:1239e9b70ca2 146 XMEMSET(current, 0, sizeof current);
wolfSSL 0:1239e9b70ca2 147 XMEMSET(&hmac, 0, sizeof hmac);
wolfSSL 0:1239e9b70ca2 148
wolfSSL 0:1239e9b70ca2 149 return 0;
wolfSSL 0:1239e9b70ca2 150 }
wolfSSL 0:1239e9b70ca2 151
wolfSSL 0:1239e9b70ca2 152
wolfSSL 0:1239e9b70ca2 153
wolfSSL 0:1239e9b70ca2 154 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 155
wolfSSL 0:1239e9b70ca2 156 /* calculate XOR for TLSv1 PRF */
wolfSSL 0:1239e9b70ca2 157 static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
wolfSSL 0:1239e9b70ca2 158 {
wolfSSL 0:1239e9b70ca2 159 word32 i;
wolfSSL 0:1239e9b70ca2 160
wolfSSL 0:1239e9b70ca2 161 for (i = 0; i < digLen; i++)
wolfSSL 0:1239e9b70ca2 162 digest[i] = md5[i] ^ sha[i];
wolfSSL 0:1239e9b70ca2 163 }
wolfSSL 0:1239e9b70ca2 164
wolfSSL 0:1239e9b70ca2 165
wolfSSL 0:1239e9b70ca2 166 /* compute TLSv1 PRF (pseudo random function using HMAC) */
wolfSSL 0:1239e9b70ca2 167 static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
wolfSSL 0:1239e9b70ca2 168 const byte* label, word32 labLen, const byte* seed,
wolfSSL 0:1239e9b70ca2 169 word32 seedLen)
wolfSSL 0:1239e9b70ca2 170 {
wolfSSL 0:1239e9b70ca2 171 int ret;
wolfSSL 0:1239e9b70ca2 172 word32 half = (secLen + 1) / 2;
wolfSSL 0:1239e9b70ca2 173
wolfSSL 0:1239e9b70ca2 174 byte md5_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL 0:1239e9b70ca2 175 byte sha_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL 0:1239e9b70ca2 176 byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
wolfSSL 0:1239e9b70ca2 177 byte md5_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL 0:1239e9b70ca2 178 byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL 0:1239e9b70ca2 179
wolfSSL 0:1239e9b70ca2 180 if (half > MAX_PRF_HALF)
wolfSSL 0:1239e9b70ca2 181 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 182 if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL 0:1239e9b70ca2 183 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 184 if (digLen > MAX_PRF_DIG)
wolfSSL 0:1239e9b70ca2 185 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 186
wolfSSL 0:1239e9b70ca2 187 XMEMSET(md5_result, 0, digLen);
wolfSSL 0:1239e9b70ca2 188 XMEMSET(sha_result, 0, digLen);
wolfSSL 0:1239e9b70ca2 189
wolfSSL 0:1239e9b70ca2 190 XMEMCPY(md5_half, secret, half);
wolfSSL 0:1239e9b70ca2 191 XMEMCPY(sha_half, secret + half - secLen % 2, half);
wolfSSL 0:1239e9b70ca2 192
wolfSSL 0:1239e9b70ca2 193 XMEMCPY(labelSeed, label, labLen);
wolfSSL 0:1239e9b70ca2 194 XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL 0:1239e9b70ca2 195
wolfSSL 0:1239e9b70ca2 196 ret = p_hash(md5_result, digLen, md5_half, half, labelSeed,
wolfSSL 0:1239e9b70ca2 197 labLen + seedLen, md5_mac);
wolfSSL 0:1239e9b70ca2 198 if (ret != 0)
wolfSSL 0:1239e9b70ca2 199 return ret;
wolfSSL 0:1239e9b70ca2 200 ret = p_hash(sha_result, digLen, sha_half, half, labelSeed,
wolfSSL 0:1239e9b70ca2 201 labLen + seedLen, sha_mac);
wolfSSL 0:1239e9b70ca2 202 if (ret != 0)
wolfSSL 0:1239e9b70ca2 203 return ret;
wolfSSL 0:1239e9b70ca2 204 get_xor(digest, digLen, md5_result, sha_result);
wolfSSL 0:1239e9b70ca2 205
wolfSSL 0:1239e9b70ca2 206 return 0;
wolfSSL 0:1239e9b70ca2 207 }
wolfSSL 0:1239e9b70ca2 208
wolfSSL 0:1239e9b70ca2 209 #endif
wolfSSL 0:1239e9b70ca2 210
wolfSSL 0:1239e9b70ca2 211
wolfSSL 0:1239e9b70ca2 212 /* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack
wolfSSL 0:1239e9b70ca2 213 use */
wolfSSL 0:1239e9b70ca2 214 static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
wolfSSL 0:1239e9b70ca2 215 const byte* label, word32 labLen, const byte* seed, word32 seedLen,
wolfSSL 0:1239e9b70ca2 216 int useAtLeastSha256, int hash_type)
wolfSSL 0:1239e9b70ca2 217 {
wolfSSL 0:1239e9b70ca2 218 int ret = 0;
wolfSSL 0:1239e9b70ca2 219
wolfSSL 0:1239e9b70ca2 220 if (useAtLeastSha256) {
wolfSSL 0:1239e9b70ca2 221 byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
wolfSSL 0:1239e9b70ca2 222
wolfSSL 0:1239e9b70ca2 223 if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL 0:1239e9b70ca2 224 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 225
wolfSSL 0:1239e9b70ca2 226 XMEMCPY(labelSeed, label, labLen);
wolfSSL 0:1239e9b70ca2 227 XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL 0:1239e9b70ca2 228
wolfSSL 0:1239e9b70ca2 229 /* If a cipher suite wants an algorithm better than sha256, it
wolfSSL 0:1239e9b70ca2 230 * should use better. */
wolfSSL 0:1239e9b70ca2 231 if (hash_type < sha256_mac)
wolfSSL 0:1239e9b70ca2 232 hash_type = sha256_mac;
wolfSSL 0:1239e9b70ca2 233 ret = p_hash(digest, digLen, secret, secLen, labelSeed,
wolfSSL 0:1239e9b70ca2 234 labLen + seedLen, hash_type);
wolfSSL 0:1239e9b70ca2 235 }
wolfSSL 0:1239e9b70ca2 236 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 237 else {
wolfSSL 0:1239e9b70ca2 238 ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed,
wolfSSL 0:1239e9b70ca2 239 seedLen);
wolfSSL 0:1239e9b70ca2 240 }
wolfSSL 0:1239e9b70ca2 241 #endif
wolfSSL 0:1239e9b70ca2 242
wolfSSL 0:1239e9b70ca2 243 return ret;
wolfSSL 0:1239e9b70ca2 244 }
wolfSSL 0:1239e9b70ca2 245
wolfSSL 0:1239e9b70ca2 246
wolfSSL 0:1239e9b70ca2 247 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 248 #define HSHASH_SZ SHA384_DIGEST_SIZE
wolfSSL 0:1239e9b70ca2 249 #else
wolfSSL 0:1239e9b70ca2 250 #define HSHASH_SZ FINISHED_SZ
wolfSSL 0:1239e9b70ca2 251 #endif
wolfSSL 0:1239e9b70ca2 252
wolfSSL 0:1239e9b70ca2 253
wolfSSL 0:1239e9b70ca2 254 int BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 0:1239e9b70ca2 255 {
wolfSSL 0:1239e9b70ca2 256 const byte* side;
wolfSSL 0:1239e9b70ca2 257 byte handshake_hash[HSHASH_SZ];
wolfSSL 0:1239e9b70ca2 258 word32 hashSz = FINISHED_SZ;
wolfSSL 0:1239e9b70ca2 259
wolfSSL 0:1239e9b70ca2 260 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 261 Md5Final(&ssl->hashMd5, handshake_hash);
wolfSSL 0:1239e9b70ca2 262 ShaFinal(&ssl->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
wolfSSL 0:1239e9b70ca2 263 #endif
wolfSSL 0:1239e9b70ca2 264
wolfSSL 0:1239e9b70ca2 265 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 0:1239e9b70ca2 266 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 267 if (ssl->specs.mac_algorithm <= sha256_mac) {
wolfSSL 0:1239e9b70ca2 268 int ret = Sha256Final(&ssl->hashSha256, handshake_hash);
wolfSSL 0:1239e9b70ca2 269
wolfSSL 0:1239e9b70ca2 270 if (ret != 0)
wolfSSL 0:1239e9b70ca2 271 return ret;
wolfSSL 0:1239e9b70ca2 272
wolfSSL 0:1239e9b70ca2 273 hashSz = SHA256_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 274 }
wolfSSL 0:1239e9b70ca2 275 #endif
wolfSSL 0:1239e9b70ca2 276 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 277 if (ssl->specs.mac_algorithm == sha384_mac) {
wolfSSL 0:1239e9b70ca2 278 int ret = Sha384Final(&ssl->hashSha384, handshake_hash);
wolfSSL 0:1239e9b70ca2 279
wolfSSL 0:1239e9b70ca2 280 if (ret != 0)
wolfSSL 0:1239e9b70ca2 281 return ret;
wolfSSL 0:1239e9b70ca2 282
wolfSSL 0:1239e9b70ca2 283 hashSz = SHA384_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 284 }
wolfSSL 0:1239e9b70ca2 285 #endif
wolfSSL 0:1239e9b70ca2 286 }
wolfSSL 0:1239e9b70ca2 287
wolfSSL 0:1239e9b70ca2 288 if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
wolfSSL 0:1239e9b70ca2 289 side = tls_client;
wolfSSL 0:1239e9b70ca2 290 else
wolfSSL 0:1239e9b70ca2 291 side = tls_server;
wolfSSL 0:1239e9b70ca2 292
wolfSSL 0:1239e9b70ca2 293 return PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret,
wolfSSL 0:1239e9b70ca2 294 SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz,
wolfSSL 0:1239e9b70ca2 295 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL 0:1239e9b70ca2 296 }
wolfSSL 0:1239e9b70ca2 297
wolfSSL 0:1239e9b70ca2 298
wolfSSL 0:1239e9b70ca2 299 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 300
wolfSSL 0:1239e9b70ca2 301 ProtocolVersion MakeTLSv1(void)
wolfSSL 0:1239e9b70ca2 302 {
wolfSSL 0:1239e9b70ca2 303 ProtocolVersion pv;
wolfSSL 0:1239e9b70ca2 304 pv.major = SSLv3_MAJOR;
wolfSSL 0:1239e9b70ca2 305 pv.minor = TLSv1_MINOR;
wolfSSL 0:1239e9b70ca2 306
wolfSSL 0:1239e9b70ca2 307 return pv;
wolfSSL 0:1239e9b70ca2 308 }
wolfSSL 0:1239e9b70ca2 309
wolfSSL 0:1239e9b70ca2 310
wolfSSL 0:1239e9b70ca2 311 ProtocolVersion MakeTLSv1_1(void)
wolfSSL 0:1239e9b70ca2 312 {
wolfSSL 0:1239e9b70ca2 313 ProtocolVersion pv;
wolfSSL 0:1239e9b70ca2 314 pv.major = SSLv3_MAJOR;
wolfSSL 0:1239e9b70ca2 315 pv.minor = TLSv1_1_MINOR;
wolfSSL 0:1239e9b70ca2 316
wolfSSL 0:1239e9b70ca2 317 return pv;
wolfSSL 0:1239e9b70ca2 318 }
wolfSSL 0:1239e9b70ca2 319
wolfSSL 0:1239e9b70ca2 320 #endif
wolfSSL 0:1239e9b70ca2 321
wolfSSL 0:1239e9b70ca2 322
wolfSSL 0:1239e9b70ca2 323 ProtocolVersion MakeTLSv1_2(void)
wolfSSL 0:1239e9b70ca2 324 {
wolfSSL 0:1239e9b70ca2 325 ProtocolVersion pv;
wolfSSL 0:1239e9b70ca2 326 pv.major = SSLv3_MAJOR;
wolfSSL 0:1239e9b70ca2 327 pv.minor = TLSv1_2_MINOR;
wolfSSL 0:1239e9b70ca2 328
wolfSSL 0:1239e9b70ca2 329 return pv;
wolfSSL 0:1239e9b70ca2 330 }
wolfSSL 0:1239e9b70ca2 331
wolfSSL 0:1239e9b70ca2 332
wolfSSL 0:1239e9b70ca2 333 static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
wolfSSL 0:1239e9b70ca2 334 static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
wolfSSL 0:1239e9b70ca2 335
wolfSSL 0:1239e9b70ca2 336
wolfSSL 0:1239e9b70ca2 337 int DeriveTlsKeys(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 338 {
wolfSSL 0:1239e9b70ca2 339 int ret;
wolfSSL 0:1239e9b70ca2 340 int length = 2 * ssl->specs.hash_size +
wolfSSL 0:1239e9b70ca2 341 2 * ssl->specs.key_size +
wolfSSL 0:1239e9b70ca2 342 2 * ssl->specs.iv_size;
wolfSSL 0:1239e9b70ca2 343 byte seed[SEED_LEN];
wolfSSL 0:1239e9b70ca2 344 byte key_data[MAX_PRF_DIG];
wolfSSL 0:1239e9b70ca2 345
wolfSSL 0:1239e9b70ca2 346 XMEMCPY(seed, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 0:1239e9b70ca2 347 XMEMCPY(&seed[RAN_LEN], ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 0:1239e9b70ca2 348
wolfSSL 0:1239e9b70ca2 349 ret = PRF(key_data, length, ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 0:1239e9b70ca2 350 key_label, KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl),
wolfSSL 0:1239e9b70ca2 351 ssl->specs.mac_algorithm);
wolfSSL 0:1239e9b70ca2 352 if (ret != 0)
wolfSSL 0:1239e9b70ca2 353 return ret;
wolfSSL 0:1239e9b70ca2 354
wolfSSL 0:1239e9b70ca2 355 return StoreKeys(ssl, key_data);
wolfSSL 0:1239e9b70ca2 356 }
wolfSSL 0:1239e9b70ca2 357
wolfSSL 0:1239e9b70ca2 358
wolfSSL 0:1239e9b70ca2 359 int MakeTlsMasterSecret(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 360 {
wolfSSL 0:1239e9b70ca2 361 int ret;
wolfSSL 0:1239e9b70ca2 362 byte seed[SEED_LEN];
wolfSSL 0:1239e9b70ca2 363
wolfSSL 0:1239e9b70ca2 364 XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 0:1239e9b70ca2 365 XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 0:1239e9b70ca2 366
wolfSSL 0:1239e9b70ca2 367 ret = PRF(ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 0:1239e9b70ca2 368 ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
wolfSSL 0:1239e9b70ca2 369 master_label, MASTER_LABEL_SZ,
wolfSSL 0:1239e9b70ca2 370 seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL 0:1239e9b70ca2 371 if (ret != 0)
wolfSSL 0:1239e9b70ca2 372 return ret;
wolfSSL 0:1239e9b70ca2 373
wolfSSL 0:1239e9b70ca2 374 #ifdef SHOW_SECRETS
wolfSSL 0:1239e9b70ca2 375 {
wolfSSL 0:1239e9b70ca2 376 int i;
wolfSSL 0:1239e9b70ca2 377 printf("master secret: ");
wolfSSL 0:1239e9b70ca2 378 for (i = 0; i < SECRET_LEN; i++)
wolfSSL 0:1239e9b70ca2 379 printf("%02x", ssl->arrays->masterSecret[i]);
wolfSSL 0:1239e9b70ca2 380 printf("\n");
wolfSSL 0:1239e9b70ca2 381 }
wolfSSL 0:1239e9b70ca2 382 #endif
wolfSSL 0:1239e9b70ca2 383
wolfSSL 0:1239e9b70ca2 384 return DeriveTlsKeys(ssl);
wolfSSL 0:1239e9b70ca2 385 }
wolfSSL 0:1239e9b70ca2 386
wolfSSL 0:1239e9b70ca2 387
wolfSSL 0:1239e9b70ca2 388 /* Used by EAP-TLS and EAP-TTLS to derive keying material from
wolfSSL 0:1239e9b70ca2 389 * the master_secret. */
wolfSSL 0:1239e9b70ca2 390 int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len,
wolfSSL 0:1239e9b70ca2 391 const char* label)
wolfSSL 0:1239e9b70ca2 392 {
wolfSSL 0:1239e9b70ca2 393 byte seed[SEED_LEN];
wolfSSL 0:1239e9b70ca2 394
wolfSSL 0:1239e9b70ca2 395 /*
wolfSSL 0:1239e9b70ca2 396 * As per RFC-5281, the order of the client and server randoms is reversed
wolfSSL 0:1239e9b70ca2 397 * from that used by the TLS protocol to derive keys.
wolfSSL 0:1239e9b70ca2 398 */
wolfSSL 0:1239e9b70ca2 399 XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 0:1239e9b70ca2 400 XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 0:1239e9b70ca2 401
wolfSSL 0:1239e9b70ca2 402 return PRF((byte*)msk, len,
wolfSSL 0:1239e9b70ca2 403 ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 0:1239e9b70ca2 404 (const byte *)label, (word32)strlen(label),
wolfSSL 0:1239e9b70ca2 405 seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL 0:1239e9b70ca2 406
wolfSSL 0:1239e9b70ca2 407 }
wolfSSL 0:1239e9b70ca2 408
wolfSSL 0:1239e9b70ca2 409
wolfSSL 0:1239e9b70ca2 410 /*** next for static INLINE s copied internal.c ***/
wolfSSL 0:1239e9b70ca2 411
wolfSSL 0:1239e9b70ca2 412 /* convert 16 bit integer to opaque */
wolfSSL 0:1239e9b70ca2 413 static INLINE void c16toa(word16 u16, byte* c)
wolfSSL 0:1239e9b70ca2 414 {
wolfSSL 0:1239e9b70ca2 415 c[0] = (u16 >> 8) & 0xff;
wolfSSL 0:1239e9b70ca2 416 c[1] = u16 & 0xff;
wolfSSL 0:1239e9b70ca2 417 }
wolfSSL 0:1239e9b70ca2 418
wolfSSL 0:1239e9b70ca2 419 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 0:1239e9b70ca2 420 /* convert opaque to 16 bit integer */
wolfSSL 0:1239e9b70ca2 421 static INLINE void ato16(const byte* c, word16* u16)
wolfSSL 0:1239e9b70ca2 422 {
wolfSSL 0:1239e9b70ca2 423 *u16 = (c[0] << 8) | (c[1]);
wolfSSL 0:1239e9b70ca2 424 }
wolfSSL 0:1239e9b70ca2 425
wolfSSL 0:1239e9b70ca2 426 #ifdef HAVE_SNI
wolfSSL 0:1239e9b70ca2 427 /* convert a 24 bit integer into a 32 bit one */
wolfSSL 0:1239e9b70ca2 428 static INLINE void c24to32(const word24 u24, word32* u32)
wolfSSL 0:1239e9b70ca2 429 {
wolfSSL 0:1239e9b70ca2 430 *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2];
wolfSSL 0:1239e9b70ca2 431 }
wolfSSL 0:1239e9b70ca2 432 #endif
wolfSSL 0:1239e9b70ca2 433 #endif
wolfSSL 0:1239e9b70ca2 434
wolfSSL 0:1239e9b70ca2 435 /* convert 32 bit integer to opaque */
wolfSSL 0:1239e9b70ca2 436 static INLINE void c32toa(word32 u32, byte* c)
wolfSSL 0:1239e9b70ca2 437 {
wolfSSL 0:1239e9b70ca2 438 c[0] = (u32 >> 24) & 0xff;
wolfSSL 0:1239e9b70ca2 439 c[1] = (u32 >> 16) & 0xff;
wolfSSL 0:1239e9b70ca2 440 c[2] = (u32 >> 8) & 0xff;
wolfSSL 0:1239e9b70ca2 441 c[3] = u32 & 0xff;
wolfSSL 0:1239e9b70ca2 442 }
wolfSSL 0:1239e9b70ca2 443
wolfSSL 0:1239e9b70ca2 444
wolfSSL 0:1239e9b70ca2 445 static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify)
wolfSSL 0:1239e9b70ca2 446 {
wolfSSL 0:1239e9b70ca2 447 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 448 if (ssl->options.dtls) {
wolfSSL 0:1239e9b70ca2 449 if (verify)
wolfSSL 0:1239e9b70ca2 450 return ssl->keys.dtls_state.curSeq; /* explicit from peer */
wolfSSL 0:1239e9b70ca2 451 else
wolfSSL 0:1239e9b70ca2 452 return ssl->keys.dtls_sequence_number - 1; /* already incremented */
wolfSSL 0:1239e9b70ca2 453 }
wolfSSL 0:1239e9b70ca2 454 #endif
wolfSSL 0:1239e9b70ca2 455 if (verify)
wolfSSL 0:1239e9b70ca2 456 return ssl->keys.peer_sequence_number++;
wolfSSL 0:1239e9b70ca2 457 else
wolfSSL 0:1239e9b70ca2 458 return ssl->keys.sequence_number++;
wolfSSL 0:1239e9b70ca2 459 }
wolfSSL 0:1239e9b70ca2 460
wolfSSL 0:1239e9b70ca2 461
wolfSSL 0:1239e9b70ca2 462 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 463
wolfSSL 0:1239e9b70ca2 464 static INLINE word32 GetEpoch(CYASSL* ssl, int verify)
wolfSSL 0:1239e9b70ca2 465 {
wolfSSL 0:1239e9b70ca2 466 if (verify)
wolfSSL 0:1239e9b70ca2 467 return ssl->keys.dtls_state.curEpoch;
wolfSSL 0:1239e9b70ca2 468 else
wolfSSL 0:1239e9b70ca2 469 return ssl->keys.dtls_epoch;
wolfSSL 0:1239e9b70ca2 470 }
wolfSSL 0:1239e9b70ca2 471
wolfSSL 0:1239e9b70ca2 472 #endif /* CYASSL_DTLS */
wolfSSL 0:1239e9b70ca2 473
wolfSSL 0:1239e9b70ca2 474
wolfSSL 0:1239e9b70ca2 475 /*** end copy ***/
wolfSSL 0:1239e9b70ca2 476
wolfSSL 0:1239e9b70ca2 477
wolfSSL 0:1239e9b70ca2 478 /* return HMAC digest type in CyaSSL format */
wolfSSL 0:1239e9b70ca2 479 int CyaSSL_GetHmacType(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 480 {
wolfSSL 0:1239e9b70ca2 481 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 482 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 483
wolfSSL 0:1239e9b70ca2 484 switch (ssl->specs.mac_algorithm) {
wolfSSL 0:1239e9b70ca2 485 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 486 case md5_mac:
wolfSSL 0:1239e9b70ca2 487 {
wolfSSL 0:1239e9b70ca2 488 return MD5;
wolfSSL 0:1239e9b70ca2 489 }
wolfSSL 0:1239e9b70ca2 490 #endif
wolfSSL 0:1239e9b70ca2 491 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 492 case sha256_mac:
wolfSSL 0:1239e9b70ca2 493 {
wolfSSL 0:1239e9b70ca2 494 return SHA256;
wolfSSL 0:1239e9b70ca2 495 }
wolfSSL 0:1239e9b70ca2 496 #endif
wolfSSL 0:1239e9b70ca2 497 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 498 case sha384_mac:
wolfSSL 0:1239e9b70ca2 499 {
wolfSSL 0:1239e9b70ca2 500 return SHA384;
wolfSSL 0:1239e9b70ca2 501 }
wolfSSL 0:1239e9b70ca2 502
wolfSSL 0:1239e9b70ca2 503 #endif
wolfSSL 0:1239e9b70ca2 504 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 505 case sha_mac:
wolfSSL 0:1239e9b70ca2 506 {
wolfSSL 0:1239e9b70ca2 507 return SHA;
wolfSSL 0:1239e9b70ca2 508 }
wolfSSL 0:1239e9b70ca2 509 #endif
wolfSSL 0:1239e9b70ca2 510 #ifdef HAVE_BLAKE2
wolfSSL 0:1239e9b70ca2 511 case blake2b_mac:
wolfSSL 0:1239e9b70ca2 512 {
wolfSSL 0:1239e9b70ca2 513 return BLAKE2B_ID;
wolfSSL 0:1239e9b70ca2 514 }
wolfSSL 0:1239e9b70ca2 515 #endif
wolfSSL 0:1239e9b70ca2 516 default:
wolfSSL 0:1239e9b70ca2 517 {
wolfSSL 0:1239e9b70ca2 518 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 519 }
wolfSSL 0:1239e9b70ca2 520 }
wolfSSL 0:1239e9b70ca2 521 }
wolfSSL 0:1239e9b70ca2 522
wolfSSL 0:1239e9b70ca2 523
wolfSSL 0:1239e9b70ca2 524 int CyaSSL_SetTlsHmacInner(CYASSL* ssl, byte* inner, word32 sz, int content,
wolfSSL 0:1239e9b70ca2 525 int verify)
wolfSSL 0:1239e9b70ca2 526 {
wolfSSL 0:1239e9b70ca2 527 if (ssl == NULL || inner == NULL)
wolfSSL 0:1239e9b70ca2 528 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 529
wolfSSL 0:1239e9b70ca2 530 XMEMSET(inner, 0, CYASSL_TLS_HMAC_INNER_SZ);
wolfSSL 0:1239e9b70ca2 531
wolfSSL 0:1239e9b70ca2 532 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 533 if (ssl->options.dtls)
wolfSSL 0:1239e9b70ca2 534 c16toa((word16)GetEpoch(ssl, verify), inner);
wolfSSL 0:1239e9b70ca2 535 #endif
wolfSSL 0:1239e9b70ca2 536 c32toa(GetSEQIncrement(ssl, verify), &inner[sizeof(word32)]);
wolfSSL 0:1239e9b70ca2 537 inner[SEQ_SZ] = (byte)content;
wolfSSL 0:1239e9b70ca2 538 inner[SEQ_SZ + ENUM_LEN] = ssl->version.major;
wolfSSL 0:1239e9b70ca2 539 inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
wolfSSL 0:1239e9b70ca2 540 c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
wolfSSL 0:1239e9b70ca2 541
wolfSSL 0:1239e9b70ca2 542 return 0;
wolfSSL 0:1239e9b70ca2 543 }
wolfSSL 0:1239e9b70ca2 544
wolfSSL 0:1239e9b70ca2 545
wolfSSL 0:1239e9b70ca2 546 /* TLS type HMAC */
wolfSSL 0:1239e9b70ca2 547 int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL 0:1239e9b70ca2 548 int content, int verify)
wolfSSL 0:1239e9b70ca2 549 {
wolfSSL 0:1239e9b70ca2 550 Hmac hmac;
wolfSSL 0:1239e9b70ca2 551 int ret;
wolfSSL 0:1239e9b70ca2 552 byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
wolfSSL 0:1239e9b70ca2 553
wolfSSL 0:1239e9b70ca2 554 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 555 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 556
wolfSSL 0:1239e9b70ca2 557 CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
wolfSSL 0:1239e9b70ca2 558
wolfSSL 0:1239e9b70ca2 559 ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
wolfSSL 0:1239e9b70ca2 560 CyaSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
wolfSSL 0:1239e9b70ca2 561 if (ret != 0)
wolfSSL 0:1239e9b70ca2 562 return ret;
wolfSSL 0:1239e9b70ca2 563 ret = HmacUpdate(&hmac, myInner, sizeof(myInner));
wolfSSL 0:1239e9b70ca2 564 if (ret != 0)
wolfSSL 0:1239e9b70ca2 565 return ret;
wolfSSL 0:1239e9b70ca2 566 ret = HmacUpdate(&hmac, in, sz); /* content */
wolfSSL 0:1239e9b70ca2 567 if (ret != 0)
wolfSSL 0:1239e9b70ca2 568 return ret;
wolfSSL 0:1239e9b70ca2 569 ret = HmacFinal(&hmac, digest);
wolfSSL 0:1239e9b70ca2 570 if (ret != 0)
wolfSSL 0:1239e9b70ca2 571 return ret;
wolfSSL 0:1239e9b70ca2 572
wolfSSL 0:1239e9b70ca2 573 return 0;
wolfSSL 0:1239e9b70ca2 574 }
wolfSSL 0:1239e9b70ca2 575
wolfSSL 0:1239e9b70ca2 576 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 0:1239e9b70ca2 577
wolfSSL 0:1239e9b70ca2 578 #define IS_OFF(semaphore, light) \
wolfSSL 0:1239e9b70ca2 579 ((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
wolfSSL 0:1239e9b70ca2 580
wolfSSL 0:1239e9b70ca2 581 #define TURN_ON(semaphore, light) \
wolfSSL 0:1239e9b70ca2 582 ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
wolfSSL 0:1239e9b70ca2 583
wolfSSL 0:1239e9b70ca2 584 static int TLSX_Append(TLSX** list, TLSX_Type type)
wolfSSL 0:1239e9b70ca2 585 {
wolfSSL 0:1239e9b70ca2 586 TLSX* extension;
wolfSSL 0:1239e9b70ca2 587
wolfSSL 0:1239e9b70ca2 588 if (list == NULL) /* won't check type since this function is static */
wolfSSL 0:1239e9b70ca2 589 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 590
wolfSSL 0:1239e9b70ca2 591 if ((extension = XMALLOC(sizeof(TLSX), 0, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 0:1239e9b70ca2 592 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 593
wolfSSL 0:1239e9b70ca2 594 extension->type = type;
wolfSSL 0:1239e9b70ca2 595 extension->data = NULL;
wolfSSL 0:1239e9b70ca2 596 extension->resp = 0;
wolfSSL 0:1239e9b70ca2 597 extension->next = *list;
wolfSSL 0:1239e9b70ca2 598 *list = extension;
wolfSSL 0:1239e9b70ca2 599
wolfSSL 0:1239e9b70ca2 600 return 0;
wolfSSL 0:1239e9b70ca2 601 }
wolfSSL 0:1239e9b70ca2 602
wolfSSL 0:1239e9b70ca2 603 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 604
wolfSSL 0:1239e9b70ca2 605 void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type);
wolfSSL 0:1239e9b70ca2 606
wolfSSL 0:1239e9b70ca2 607 void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type)
wolfSSL 0:1239e9b70ca2 608 {
wolfSSL 0:1239e9b70ca2 609 TLSX *ext = TLSX_Find(ssl->extensions, type);
wolfSSL 0:1239e9b70ca2 610
wolfSSL 0:1239e9b70ca2 611 if (ext)
wolfSSL 0:1239e9b70ca2 612 ext->resp = 1;
wolfSSL 0:1239e9b70ca2 613 }
wolfSSL 0:1239e9b70ca2 614
wolfSSL 0:1239e9b70ca2 615 #endif
wolfSSL 0:1239e9b70ca2 616
wolfSSL 0:1239e9b70ca2 617 /* SNI - Server Name Indication */
wolfSSL 0:1239e9b70ca2 618
wolfSSL 0:1239e9b70ca2 619 #ifdef HAVE_SNI
wolfSSL 0:1239e9b70ca2 620
wolfSSL 0:1239e9b70ca2 621 static void TLSX_SNI_Free(SNI* sni)
wolfSSL 0:1239e9b70ca2 622 {
wolfSSL 0:1239e9b70ca2 623 if (sni) {
wolfSSL 0:1239e9b70ca2 624 switch (sni->type) {
wolfSSL 0:1239e9b70ca2 625 case CYASSL_SNI_HOST_NAME:
wolfSSL 0:1239e9b70ca2 626 XFREE(sni->data.host_name, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:1239e9b70ca2 627 break;
wolfSSL 0:1239e9b70ca2 628 }
wolfSSL 0:1239e9b70ca2 629
wolfSSL 0:1239e9b70ca2 630 XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:1239e9b70ca2 631 }
wolfSSL 0:1239e9b70ca2 632 }
wolfSSL 0:1239e9b70ca2 633
wolfSSL 0:1239e9b70ca2 634 static void TLSX_SNI_FreeAll(SNI* list)
wolfSSL 0:1239e9b70ca2 635 {
wolfSSL 0:1239e9b70ca2 636 SNI* sni;
wolfSSL 0:1239e9b70ca2 637
wolfSSL 0:1239e9b70ca2 638 while ((sni = list)) {
wolfSSL 0:1239e9b70ca2 639 list = sni->next;
wolfSSL 0:1239e9b70ca2 640 TLSX_SNI_Free(sni);
wolfSSL 0:1239e9b70ca2 641 }
wolfSSL 0:1239e9b70ca2 642 }
wolfSSL 0:1239e9b70ca2 643
wolfSSL 0:1239e9b70ca2 644 static int TLSX_SNI_Append(SNI** list, byte type, const void* data, word16 size)
wolfSSL 0:1239e9b70ca2 645 {
wolfSSL 0:1239e9b70ca2 646 SNI* sni;
wolfSSL 0:1239e9b70ca2 647
wolfSSL 0:1239e9b70ca2 648 if (list == NULL)
wolfSSL 0:1239e9b70ca2 649 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 650
wolfSSL 0:1239e9b70ca2 651 if ((sni = XMALLOC(sizeof(SNI), 0, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 0:1239e9b70ca2 652 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 653
wolfSSL 0:1239e9b70ca2 654 switch (type) {
wolfSSL 0:1239e9b70ca2 655 case CYASSL_SNI_HOST_NAME: {
wolfSSL 0:1239e9b70ca2 656 sni->data.host_name = XMALLOC(size + 1, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:1239e9b70ca2 657
wolfSSL 0:1239e9b70ca2 658 if (sni->data.host_name) {
wolfSSL 0:1239e9b70ca2 659 XSTRNCPY(sni->data.host_name, (const char*) data, size);
wolfSSL 0:1239e9b70ca2 660 sni->data.host_name[size] = 0;
wolfSSL 0:1239e9b70ca2 661 } else {
wolfSSL 0:1239e9b70ca2 662 XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:1239e9b70ca2 663 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 664 }
wolfSSL 0:1239e9b70ca2 665 }
wolfSSL 0:1239e9b70ca2 666 break;
wolfSSL 0:1239e9b70ca2 667
wolfSSL 0:1239e9b70ca2 668 default: /* invalid type */
wolfSSL 0:1239e9b70ca2 669 XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:1239e9b70ca2 670 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 671 }
wolfSSL 0:1239e9b70ca2 672
wolfSSL 0:1239e9b70ca2 673 sni->type = type;
wolfSSL 0:1239e9b70ca2 674 sni->next = *list;
wolfSSL 0:1239e9b70ca2 675
wolfSSL 0:1239e9b70ca2 676 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 677 sni->options = 0;
wolfSSL 0:1239e9b70ca2 678 sni->status = CYASSL_SNI_NO_MATCH;
wolfSSL 0:1239e9b70ca2 679 #endif
wolfSSL 0:1239e9b70ca2 680
wolfSSL 0:1239e9b70ca2 681 *list = sni;
wolfSSL 0:1239e9b70ca2 682
wolfSSL 0:1239e9b70ca2 683 return 0;
wolfSSL 0:1239e9b70ca2 684 }
wolfSSL 0:1239e9b70ca2 685
wolfSSL 0:1239e9b70ca2 686 static word16 TLSX_SNI_GetSize(SNI* list)
wolfSSL 0:1239e9b70ca2 687 {
wolfSSL 0:1239e9b70ca2 688 SNI* sni;
wolfSSL 0:1239e9b70ca2 689 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 0:1239e9b70ca2 690
wolfSSL 0:1239e9b70ca2 691 while ((sni = list)) {
wolfSSL 0:1239e9b70ca2 692 list = sni->next;
wolfSSL 0:1239e9b70ca2 693
wolfSSL 0:1239e9b70ca2 694 length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */
wolfSSL 0:1239e9b70ca2 695
wolfSSL 0:1239e9b70ca2 696 switch (sni->type) {
wolfSSL 0:1239e9b70ca2 697 case CYASSL_SNI_HOST_NAME:
wolfSSL 0:1239e9b70ca2 698 length += XSTRLEN((char*) sni->data.host_name);
wolfSSL 0:1239e9b70ca2 699 break;
wolfSSL 0:1239e9b70ca2 700 }
wolfSSL 0:1239e9b70ca2 701 }
wolfSSL 0:1239e9b70ca2 702
wolfSSL 0:1239e9b70ca2 703 return length;
wolfSSL 0:1239e9b70ca2 704 }
wolfSSL 0:1239e9b70ca2 705
wolfSSL 0:1239e9b70ca2 706 static word16 TLSX_SNI_Write(SNI* list, byte* output)
wolfSSL 0:1239e9b70ca2 707 {
wolfSSL 0:1239e9b70ca2 708 SNI* sni;
wolfSSL 0:1239e9b70ca2 709 word16 length = 0;
wolfSSL 0:1239e9b70ca2 710 word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL 0:1239e9b70ca2 711
wolfSSL 0:1239e9b70ca2 712 while ((sni = list)) {
wolfSSL 0:1239e9b70ca2 713 list = sni->next;
wolfSSL 0:1239e9b70ca2 714
wolfSSL 0:1239e9b70ca2 715 output[offset++] = sni->type; /* sni type */
wolfSSL 0:1239e9b70ca2 716
wolfSSL 0:1239e9b70ca2 717 switch (sni->type) {
wolfSSL 0:1239e9b70ca2 718 case CYASSL_SNI_HOST_NAME:
wolfSSL 0:1239e9b70ca2 719 length = XSTRLEN((char*) sni->data.host_name);
wolfSSL 0:1239e9b70ca2 720
wolfSSL 0:1239e9b70ca2 721 c16toa(length, output + offset); /* sni length */
wolfSSL 0:1239e9b70ca2 722 offset += OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 723
wolfSSL 0:1239e9b70ca2 724 XMEMCPY(output + offset, sni->data.host_name, length);
wolfSSL 0:1239e9b70ca2 725
wolfSSL 0:1239e9b70ca2 726 offset += length;
wolfSSL 0:1239e9b70ca2 727 break;
wolfSSL 0:1239e9b70ca2 728 }
wolfSSL 0:1239e9b70ca2 729 }
wolfSSL 0:1239e9b70ca2 730
wolfSSL 0:1239e9b70ca2 731 c16toa(offset - OPAQUE16_LEN, output); /* writing list length */
wolfSSL 0:1239e9b70ca2 732
wolfSSL 0:1239e9b70ca2 733 return offset;
wolfSSL 0:1239e9b70ca2 734 }
wolfSSL 0:1239e9b70ca2 735
wolfSSL 0:1239e9b70ca2 736 static SNI* TLSX_SNI_Find(SNI *list, byte type)
wolfSSL 0:1239e9b70ca2 737 {
wolfSSL 0:1239e9b70ca2 738 SNI *sni = list;
wolfSSL 0:1239e9b70ca2 739
wolfSSL 0:1239e9b70ca2 740 while (sni && sni->type != type)
wolfSSL 0:1239e9b70ca2 741 sni = sni->next;
wolfSSL 0:1239e9b70ca2 742
wolfSSL 0:1239e9b70ca2 743 return sni;
wolfSSL 0:1239e9b70ca2 744 }
wolfSSL 0:1239e9b70ca2 745
wolfSSL 0:1239e9b70ca2 746 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 747 static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
wolfSSL 0:1239e9b70ca2 748 {
wolfSSL 0:1239e9b70ca2 749 TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
wolfSSL 0:1239e9b70ca2 750 SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL 0:1239e9b70ca2 751
wolfSSL 0:1239e9b70ca2 752 if (sni) {
wolfSSL 0:1239e9b70ca2 753 sni->status = status;
wolfSSL 0:1239e9b70ca2 754 CYASSL_MSG("SNI did match!");
wolfSSL 0:1239e9b70ca2 755 }
wolfSSL 0:1239e9b70ca2 756 }
wolfSSL 0:1239e9b70ca2 757
wolfSSL 0:1239e9b70ca2 758 byte TLSX_SNI_Status(TLSX* extensions, byte type)
wolfSSL 0:1239e9b70ca2 759 {
wolfSSL 0:1239e9b70ca2 760 TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
wolfSSL 0:1239e9b70ca2 761 SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL 0:1239e9b70ca2 762
wolfSSL 0:1239e9b70ca2 763 if (sni)
wolfSSL 0:1239e9b70ca2 764 return sni->status;
wolfSSL 0:1239e9b70ca2 765
wolfSSL 0:1239e9b70ca2 766 return 0;
wolfSSL 0:1239e9b70ca2 767 }
wolfSSL 0:1239e9b70ca2 768 #endif
wolfSSL 0:1239e9b70ca2 769
wolfSSL 0:1239e9b70ca2 770 static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
wolfSSL 0:1239e9b70ca2 771 byte isRequest)
wolfSSL 0:1239e9b70ca2 772 {
wolfSSL 0:1239e9b70ca2 773 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 774 word16 size = 0;
wolfSSL 0:1239e9b70ca2 775 word16 offset = 0;
wolfSSL 0:1239e9b70ca2 776 #endif
wolfSSL 0:1239e9b70ca2 777
wolfSSL 0:1239e9b70ca2 778 TLSX *extension = TLSX_Find(ssl->extensions, SERVER_NAME_INDICATION);
wolfSSL 0:1239e9b70ca2 779
wolfSSL 0:1239e9b70ca2 780 if (!extension)
wolfSSL 0:1239e9b70ca2 781 extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION);
wolfSSL 0:1239e9b70ca2 782
wolfSSL 0:1239e9b70ca2 783 if (!extension || !extension->data)
wolfSSL 0:1239e9b70ca2 784 return isRequest ? 0 : BUFFER_ERROR; /* not using SNI OR unexpected
wolfSSL 0:1239e9b70ca2 785 SNI response from server. */
wolfSSL 0:1239e9b70ca2 786
wolfSSL 0:1239e9b70ca2 787 if (!isRequest)
wolfSSL 0:1239e9b70ca2 788 return length ? BUFFER_ERROR : 0; /* SNI response must be empty!
wolfSSL 0:1239e9b70ca2 789 Nothing else to do. */
wolfSSL 0:1239e9b70ca2 790
wolfSSL 0:1239e9b70ca2 791 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 792
wolfSSL 0:1239e9b70ca2 793 if (OPAQUE16_LEN > length)
wolfSSL 0:1239e9b70ca2 794 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 795
wolfSSL 0:1239e9b70ca2 796 ato16(input, &size);
wolfSSL 0:1239e9b70ca2 797 offset += OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 798
wolfSSL 0:1239e9b70ca2 799 /* validating sni list length */
wolfSSL 0:1239e9b70ca2 800 if (length != OPAQUE16_LEN + size)
wolfSSL 0:1239e9b70ca2 801 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 802
wolfSSL 0:1239e9b70ca2 803 for (size = 0; offset < length; offset += size) {
wolfSSL 0:1239e9b70ca2 804 SNI *sni;
wolfSSL 0:1239e9b70ca2 805 byte type = input[offset++];
wolfSSL 0:1239e9b70ca2 806
wolfSSL 0:1239e9b70ca2 807 if (offset + OPAQUE16_LEN > length)
wolfSSL 0:1239e9b70ca2 808 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 809
wolfSSL 0:1239e9b70ca2 810 ato16(input + offset, &size);
wolfSSL 0:1239e9b70ca2 811 offset += OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 812
wolfSSL 0:1239e9b70ca2 813 if (offset + size > length)
wolfSSL 0:1239e9b70ca2 814 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 815
wolfSSL 0:1239e9b70ca2 816 if (!(sni = TLSX_SNI_Find((SNI *) extension->data, type))) {
wolfSSL 0:1239e9b70ca2 817 continue; /* not using this SNI type */
wolfSSL 0:1239e9b70ca2 818 }
wolfSSL 0:1239e9b70ca2 819
wolfSSL 0:1239e9b70ca2 820 switch(type) {
wolfSSL 0:1239e9b70ca2 821 case CYASSL_SNI_HOST_NAME: {
wolfSSL 0:1239e9b70ca2 822 byte matched = (XSTRLEN(sni->data.host_name) == size)
wolfSSL 0:1239e9b70ca2 823 && (XSTRNCMP(sni->data.host_name,
wolfSSL 0:1239e9b70ca2 824 (const char *) input + offset, size) == 0);
wolfSSL 0:1239e9b70ca2 825
wolfSSL 0:1239e9b70ca2 826 if (matched || sni->options & CYASSL_SNI_ANSWER_ON_MISMATCH) {
wolfSSL 0:1239e9b70ca2 827 int r = TLSX_UseSNI(&ssl->extensions,
wolfSSL 0:1239e9b70ca2 828 type, input + offset, size);
wolfSSL 0:1239e9b70ca2 829
wolfSSL 0:1239e9b70ca2 830 if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL 0:1239e9b70ca2 831
wolfSSL 0:1239e9b70ca2 832 TLSX_SNI_SetStatus(ssl->extensions, type,
wolfSSL 0:1239e9b70ca2 833 matched ? CYASSL_SNI_REAL_MATCH : CYASSL_SNI_FAKE_MATCH);
wolfSSL 0:1239e9b70ca2 834
wolfSSL 0:1239e9b70ca2 835 } else if (!(sni->options & CYASSL_SNI_CONTINUE_ON_MISMATCH)) {
wolfSSL 0:1239e9b70ca2 836 SendAlert(ssl, alert_fatal, unrecognized_name);
wolfSSL 0:1239e9b70ca2 837
wolfSSL 0:1239e9b70ca2 838 return UNKNOWN_SNI_HOST_NAME_E;
wolfSSL 0:1239e9b70ca2 839 }
wolfSSL 0:1239e9b70ca2 840 break;
wolfSSL 0:1239e9b70ca2 841 }
wolfSSL 0:1239e9b70ca2 842 }
wolfSSL 0:1239e9b70ca2 843
wolfSSL 0:1239e9b70ca2 844 TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
wolfSSL 0:1239e9b70ca2 845 }
wolfSSL 0:1239e9b70ca2 846
wolfSSL 0:1239e9b70ca2 847 #endif
wolfSSL 0:1239e9b70ca2 848
wolfSSL 0:1239e9b70ca2 849 return 0;
wolfSSL 0:1239e9b70ca2 850 }
wolfSSL 0:1239e9b70ca2 851
wolfSSL 0:1239e9b70ca2 852 int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
wolfSSL 0:1239e9b70ca2 853 {
wolfSSL 0:1239e9b70ca2 854 TLSX* extension = NULL;
wolfSSL 0:1239e9b70ca2 855 SNI* sni = NULL;
wolfSSL 0:1239e9b70ca2 856 int ret = 0;
wolfSSL 0:1239e9b70ca2 857
wolfSSL 0:1239e9b70ca2 858 if (extensions == NULL || data == NULL)
wolfSSL 0:1239e9b70ca2 859 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 860
wolfSSL 0:1239e9b70ca2 861 if ((ret = TLSX_SNI_Append(&sni, type, data, size)) != 0)
wolfSSL 0:1239e9b70ca2 862 return ret;
wolfSSL 0:1239e9b70ca2 863
wolfSSL 0:1239e9b70ca2 864 extension = *extensions;
wolfSSL 0:1239e9b70ca2 865
wolfSSL 0:1239e9b70ca2 866 /* find SNI extension if it already exists. */
wolfSSL 0:1239e9b70ca2 867 while (extension && extension->type != SERVER_NAME_INDICATION)
wolfSSL 0:1239e9b70ca2 868 extension = extension->next;
wolfSSL 0:1239e9b70ca2 869
wolfSSL 0:1239e9b70ca2 870 /* push new SNI extension if it doesn't exists. */
wolfSSL 0:1239e9b70ca2 871 if (!extension) {
wolfSSL 0:1239e9b70ca2 872 if ((ret = TLSX_Append(extensions, SERVER_NAME_INDICATION)) != 0) {
wolfSSL 0:1239e9b70ca2 873 TLSX_SNI_Free(sni);
wolfSSL 0:1239e9b70ca2 874 return ret;
wolfSSL 0:1239e9b70ca2 875 }
wolfSSL 0:1239e9b70ca2 876
wolfSSL 0:1239e9b70ca2 877 extension = *extensions;
wolfSSL 0:1239e9b70ca2 878 }
wolfSSL 0:1239e9b70ca2 879
wolfSSL 0:1239e9b70ca2 880 /* push new SNI object to extension data. */
wolfSSL 0:1239e9b70ca2 881 sni->next = (SNI*) extension->data;
wolfSSL 0:1239e9b70ca2 882 extension->data = (void*) sni;
wolfSSL 0:1239e9b70ca2 883
wolfSSL 0:1239e9b70ca2 884 /* look for another server name of the same type to remove (replacement) */
wolfSSL 0:1239e9b70ca2 885 do {
wolfSSL 0:1239e9b70ca2 886 if (sni->next && sni->next->type == type) {
wolfSSL 0:1239e9b70ca2 887 SNI *next = sni->next;
wolfSSL 0:1239e9b70ca2 888
wolfSSL 0:1239e9b70ca2 889 sni->next = next->next;
wolfSSL 0:1239e9b70ca2 890 TLSX_SNI_Free(next);
wolfSSL 0:1239e9b70ca2 891
wolfSSL 0:1239e9b70ca2 892 break;
wolfSSL 0:1239e9b70ca2 893 }
wolfSSL 0:1239e9b70ca2 894 } while ((sni = sni->next));
wolfSSL 0:1239e9b70ca2 895
wolfSSL 0:1239e9b70ca2 896 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 897 }
wolfSSL 0:1239e9b70ca2 898
wolfSSL 0:1239e9b70ca2 899 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 900 word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
wolfSSL 0:1239e9b70ca2 901 {
wolfSSL 0:1239e9b70ca2 902 TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
wolfSSL 0:1239e9b70ca2 903 SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL 0:1239e9b70ca2 904
wolfSSL 0:1239e9b70ca2 905 if (sni && sni->status != CYASSL_SNI_NO_MATCH) {
wolfSSL 0:1239e9b70ca2 906 switch (sni->type) {
wolfSSL 0:1239e9b70ca2 907 case CYASSL_SNI_HOST_NAME:
wolfSSL 0:1239e9b70ca2 908 *data = sni->data.host_name;
wolfSSL 0:1239e9b70ca2 909 return XSTRLEN(*data);
wolfSSL 0:1239e9b70ca2 910 }
wolfSSL 0:1239e9b70ca2 911 }
wolfSSL 0:1239e9b70ca2 912
wolfSSL 0:1239e9b70ca2 913 return 0;
wolfSSL 0:1239e9b70ca2 914 }
wolfSSL 0:1239e9b70ca2 915
wolfSSL 0:1239e9b70ca2 916 void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
wolfSSL 0:1239e9b70ca2 917 {
wolfSSL 0:1239e9b70ca2 918 TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
wolfSSL 0:1239e9b70ca2 919 SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL 0:1239e9b70ca2 920
wolfSSL 0:1239e9b70ca2 921 if (sni)
wolfSSL 0:1239e9b70ca2 922 sni->options = options;
wolfSSL 0:1239e9b70ca2 923 }
wolfSSL 0:1239e9b70ca2 924
wolfSSL 0:1239e9b70ca2 925 int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
wolfSSL 0:1239e9b70ca2 926 byte type, byte* sni, word32* inOutSz)
wolfSSL 0:1239e9b70ca2 927 {
wolfSSL 0:1239e9b70ca2 928 word32 offset = 0;
wolfSSL 0:1239e9b70ca2 929 word32 len32 = 0;
wolfSSL 0:1239e9b70ca2 930 word16 len16 = 0;
wolfSSL 0:1239e9b70ca2 931
wolfSSL 0:1239e9b70ca2 932 if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST)
wolfSSL 0:1239e9b70ca2 933 return INCOMPLETE_DATA;
wolfSSL 0:1239e9b70ca2 934
wolfSSL 0:1239e9b70ca2 935 /* TLS record header */
wolfSSL 0:1239e9b70ca2 936 if ((enum ContentType) clientHello[offset++] != handshake)
wolfSSL 0:1239e9b70ca2 937 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 938
wolfSSL 0:1239e9b70ca2 939 if (clientHello[offset++] != SSLv3_MAJOR)
wolfSSL 0:1239e9b70ca2 940 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 941
wolfSSL 0:1239e9b70ca2 942 if (clientHello[offset++] < TLSv1_MINOR)
wolfSSL 0:1239e9b70ca2 943 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 944
wolfSSL 0:1239e9b70ca2 945 ato16(clientHello + offset, &len16);
wolfSSL 0:1239e9b70ca2 946 offset += OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 947
wolfSSL 0:1239e9b70ca2 948 if (offset + len16 > helloSz)
wolfSSL 0:1239e9b70ca2 949 return INCOMPLETE_DATA;
wolfSSL 0:1239e9b70ca2 950
wolfSSL 0:1239e9b70ca2 951 /* Handshake header */
wolfSSL 0:1239e9b70ca2 952 if ((enum HandShakeType) clientHello[offset] != client_hello)
wolfSSL 0:1239e9b70ca2 953 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 954
wolfSSL 0:1239e9b70ca2 955 c24to32(clientHello + offset + 1, &len32);
wolfSSL 0:1239e9b70ca2 956 offset += HANDSHAKE_HEADER_SZ;
wolfSSL 0:1239e9b70ca2 957
wolfSSL 0:1239e9b70ca2 958 if (offset + len32 > helloSz)
wolfSSL 0:1239e9b70ca2 959 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 960
wolfSSL 0:1239e9b70ca2 961 /* client hello */
wolfSSL 0:1239e9b70ca2 962 offset += VERSION_SZ + RAN_LEN; /* version, random */
wolfSSL 0:1239e9b70ca2 963
wolfSSL 0:1239e9b70ca2 964 if (helloSz < offset + clientHello[offset])
wolfSSL 0:1239e9b70ca2 965 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 966
wolfSSL 0:1239e9b70ca2 967 offset += ENUM_LEN + clientHello[offset]; /* skip session id */
wolfSSL 0:1239e9b70ca2 968
wolfSSL 0:1239e9b70ca2 969 /* cypher suites */
wolfSSL 0:1239e9b70ca2 970 if (helloSz < offset + OPAQUE16_LEN)
wolfSSL 0:1239e9b70ca2 971 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 972
wolfSSL 0:1239e9b70ca2 973 ato16(clientHello + offset, &len16);
wolfSSL 0:1239e9b70ca2 974 offset += OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 975
wolfSSL 0:1239e9b70ca2 976 if (helloSz < offset + len16)
wolfSSL 0:1239e9b70ca2 977 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 978
wolfSSL 0:1239e9b70ca2 979 offset += len16; /* skip cypher suites */
wolfSSL 0:1239e9b70ca2 980
wolfSSL 0:1239e9b70ca2 981 /* compression methods */
wolfSSL 0:1239e9b70ca2 982 if (helloSz < offset + 1)
wolfSSL 0:1239e9b70ca2 983 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 984
wolfSSL 0:1239e9b70ca2 985 if (helloSz < offset + clientHello[offset])
wolfSSL 0:1239e9b70ca2 986 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 987
wolfSSL 0:1239e9b70ca2 988 offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
wolfSSL 0:1239e9b70ca2 989
wolfSSL 0:1239e9b70ca2 990 /* extensions */
wolfSSL 0:1239e9b70ca2 991 if (helloSz < offset + OPAQUE16_LEN)
wolfSSL 0:1239e9b70ca2 992 return 0; /* no extensions in client hello. */
wolfSSL 0:1239e9b70ca2 993
wolfSSL 0:1239e9b70ca2 994 ato16(clientHello + offset, &len16);
wolfSSL 0:1239e9b70ca2 995 offset += OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 996
wolfSSL 0:1239e9b70ca2 997 if (helloSz < offset + len16)
wolfSSL 0:1239e9b70ca2 998 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 999
wolfSSL 0:1239e9b70ca2 1000 while (len16 > OPAQUE16_LEN + OPAQUE16_LEN) {
wolfSSL 0:1239e9b70ca2 1001 word16 extType;
wolfSSL 0:1239e9b70ca2 1002 word16 extLen;
wolfSSL 0:1239e9b70ca2 1003
wolfSSL 0:1239e9b70ca2 1004 ato16(clientHello + offset, &extType);
wolfSSL 0:1239e9b70ca2 1005 offset += OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 1006
wolfSSL 0:1239e9b70ca2 1007 ato16(clientHello + offset, &extLen);
wolfSSL 0:1239e9b70ca2 1008 offset += OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 1009
wolfSSL 0:1239e9b70ca2 1010 if (helloSz < offset + extLen)
wolfSSL 0:1239e9b70ca2 1011 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 1012
wolfSSL 0:1239e9b70ca2 1013 if (extType != SERVER_NAME_INDICATION) {
wolfSSL 0:1239e9b70ca2 1014 offset += extLen; /* skip extension */
wolfSSL 0:1239e9b70ca2 1015 } else {
wolfSSL 0:1239e9b70ca2 1016 word16 listLen;
wolfSSL 0:1239e9b70ca2 1017
wolfSSL 0:1239e9b70ca2 1018 ato16(clientHello + offset, &listLen);
wolfSSL 0:1239e9b70ca2 1019 offset += OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 1020
wolfSSL 0:1239e9b70ca2 1021 if (helloSz < offset + listLen)
wolfSSL 0:1239e9b70ca2 1022 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 1023
wolfSSL 0:1239e9b70ca2 1024 while (listLen > ENUM_LEN + OPAQUE16_LEN) {
wolfSSL 0:1239e9b70ca2 1025 byte sniType = clientHello[offset++];
wolfSSL 0:1239e9b70ca2 1026 word16 sniLen;
wolfSSL 0:1239e9b70ca2 1027
wolfSSL 0:1239e9b70ca2 1028 ato16(clientHello + offset, &sniLen);
wolfSSL 0:1239e9b70ca2 1029 offset += OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 1030
wolfSSL 0:1239e9b70ca2 1031 if (helloSz < offset + sniLen)
wolfSSL 0:1239e9b70ca2 1032 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 1033
wolfSSL 0:1239e9b70ca2 1034 if (sniType != type) {
wolfSSL 0:1239e9b70ca2 1035 offset += sniLen;
wolfSSL 0:1239e9b70ca2 1036 listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen);
wolfSSL 0:1239e9b70ca2 1037 continue;
wolfSSL 0:1239e9b70ca2 1038 }
wolfSSL 0:1239e9b70ca2 1039
wolfSSL 0:1239e9b70ca2 1040 *inOutSz = min(sniLen, *inOutSz);
wolfSSL 0:1239e9b70ca2 1041 XMEMCPY(sni, clientHello + offset, *inOutSz);
wolfSSL 0:1239e9b70ca2 1042
wolfSSL 0:1239e9b70ca2 1043 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1044 }
wolfSSL 0:1239e9b70ca2 1045 }
wolfSSL 0:1239e9b70ca2 1046
wolfSSL 0:1239e9b70ca2 1047 len16 -= min(2 * OPAQUE16_LEN + extLen, len16);
wolfSSL 0:1239e9b70ca2 1048 }
wolfSSL 0:1239e9b70ca2 1049
wolfSSL 0:1239e9b70ca2 1050 return len16 ? BUFFER_ERROR : SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1051 }
wolfSSL 0:1239e9b70ca2 1052
wolfSSL 0:1239e9b70ca2 1053 #endif
wolfSSL 0:1239e9b70ca2 1054
wolfSSL 0:1239e9b70ca2 1055 #define SNI_FREE_ALL TLSX_SNI_FreeAll
wolfSSL 0:1239e9b70ca2 1056 #define SNI_GET_SIZE TLSX_SNI_GetSize
wolfSSL 0:1239e9b70ca2 1057 #define SNI_WRITE TLSX_SNI_Write
wolfSSL 0:1239e9b70ca2 1058 #define SNI_PARSE TLSX_SNI_Parse
wolfSSL 0:1239e9b70ca2 1059
wolfSSL 0:1239e9b70ca2 1060 #else
wolfSSL 0:1239e9b70ca2 1061
wolfSSL 0:1239e9b70ca2 1062 #define SNI_FREE_ALL(list)
wolfSSL 0:1239e9b70ca2 1063 #define SNI_GET_SIZE(list) 0
wolfSSL 0:1239e9b70ca2 1064 #define SNI_WRITE(a, b) 0
wolfSSL 0:1239e9b70ca2 1065 #define SNI_PARSE(a, b, c, d) 0
wolfSSL 0:1239e9b70ca2 1066
wolfSSL 0:1239e9b70ca2 1067 #endif /* HAVE_SNI */
wolfSSL 0:1239e9b70ca2 1068
wolfSSL 0:1239e9b70ca2 1069 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 0:1239e9b70ca2 1070
wolfSSL 0:1239e9b70ca2 1071 static word16 TLSX_MFL_Write(byte* data, byte* output)
wolfSSL 0:1239e9b70ca2 1072 {
wolfSSL 0:1239e9b70ca2 1073 output[0] = data[0];
wolfSSL 0:1239e9b70ca2 1074
wolfSSL 0:1239e9b70ca2 1075 return ENUM_LEN;
wolfSSL 0:1239e9b70ca2 1076 }
wolfSSL 0:1239e9b70ca2 1077
wolfSSL 0:1239e9b70ca2 1078 static int TLSX_MFL_Parse(CYASSL* ssl, byte* input, word16 length,
wolfSSL 0:1239e9b70ca2 1079 byte isRequest)
wolfSSL 0:1239e9b70ca2 1080 {
wolfSSL 0:1239e9b70ca2 1081 if (length != ENUM_LEN)
wolfSSL 0:1239e9b70ca2 1082 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 1083
wolfSSL 0:1239e9b70ca2 1084 switch (*input) {
wolfSSL 0:1239e9b70ca2 1085 case CYASSL_MFL_2_9 : ssl->max_fragment = 512; break;
wolfSSL 0:1239e9b70ca2 1086 case CYASSL_MFL_2_10: ssl->max_fragment = 1024; break;
wolfSSL 0:1239e9b70ca2 1087 case CYASSL_MFL_2_11: ssl->max_fragment = 2048; break;
wolfSSL 0:1239e9b70ca2 1088 case CYASSL_MFL_2_12: ssl->max_fragment = 4096; break;
wolfSSL 0:1239e9b70ca2 1089 case CYASSL_MFL_2_13: ssl->max_fragment = 8192; break;
wolfSSL 0:1239e9b70ca2 1090
wolfSSL 0:1239e9b70ca2 1091 default:
wolfSSL 0:1239e9b70ca2 1092 SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL 0:1239e9b70ca2 1093
wolfSSL 0:1239e9b70ca2 1094 return UNKNOWN_MAX_FRAG_LEN_E;
wolfSSL 0:1239e9b70ca2 1095 }
wolfSSL 0:1239e9b70ca2 1096
wolfSSL 0:1239e9b70ca2 1097 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 1098 if (isRequest) {
wolfSSL 0:1239e9b70ca2 1099 int r = TLSX_UseMaxFragment(&ssl->extensions, *input);
wolfSSL 0:1239e9b70ca2 1100
wolfSSL 0:1239e9b70ca2 1101 if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL 0:1239e9b70ca2 1102
wolfSSL 0:1239e9b70ca2 1103 TLSX_SetResponse(ssl, MAX_FRAGMENT_LENGTH);
wolfSSL 0:1239e9b70ca2 1104 }
wolfSSL 0:1239e9b70ca2 1105 #endif
wolfSSL 0:1239e9b70ca2 1106
wolfSSL 0:1239e9b70ca2 1107 return 0;
wolfSSL 0:1239e9b70ca2 1108 }
wolfSSL 0:1239e9b70ca2 1109
wolfSSL 0:1239e9b70ca2 1110 int TLSX_UseMaxFragment(TLSX** extensions, byte mfl)
wolfSSL 0:1239e9b70ca2 1111 {
wolfSSL 0:1239e9b70ca2 1112 TLSX* extension = NULL;
wolfSSL 0:1239e9b70ca2 1113 byte* data = NULL;
wolfSSL 0:1239e9b70ca2 1114 int ret = 0;
wolfSSL 0:1239e9b70ca2 1115
wolfSSL 0:1239e9b70ca2 1116 if (extensions == NULL)
wolfSSL 0:1239e9b70ca2 1117 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1118
wolfSSL 0:1239e9b70ca2 1119 if (mfl < CYASSL_MFL_2_9 || CYASSL_MFL_2_13 < mfl)
wolfSSL 0:1239e9b70ca2 1120 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1121
wolfSSL 0:1239e9b70ca2 1122 if ((data = XMALLOC(ENUM_LEN, 0, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 0:1239e9b70ca2 1123 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 1124
wolfSSL 0:1239e9b70ca2 1125 data[0] = mfl;
wolfSSL 0:1239e9b70ca2 1126
wolfSSL 0:1239e9b70ca2 1127 /* push new MFL extension. */
wolfSSL 0:1239e9b70ca2 1128 if ((ret = TLSX_Append(extensions, MAX_FRAGMENT_LENGTH)) != 0) {
wolfSSL 0:1239e9b70ca2 1129 XFREE(data, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:1239e9b70ca2 1130 return ret;
wolfSSL 0:1239e9b70ca2 1131 }
wolfSSL 0:1239e9b70ca2 1132
wolfSSL 0:1239e9b70ca2 1133 /* place new mfl to extension data. */
wolfSSL 0:1239e9b70ca2 1134 extension = *extensions;
wolfSSL 0:1239e9b70ca2 1135 extension->data = (void*) data;
wolfSSL 0:1239e9b70ca2 1136
wolfSSL 0:1239e9b70ca2 1137 /* remove duplicated extensions */
wolfSSL 0:1239e9b70ca2 1138 do {
wolfSSL 0:1239e9b70ca2 1139 if (extension->next && extension->next->type == MAX_FRAGMENT_LENGTH) {
wolfSSL 0:1239e9b70ca2 1140 TLSX *next = extension->next;
wolfSSL 0:1239e9b70ca2 1141
wolfSSL 0:1239e9b70ca2 1142 extension->next = next->next;
wolfSSL 0:1239e9b70ca2 1143 next->next = NULL;
wolfSSL 0:1239e9b70ca2 1144
wolfSSL 0:1239e9b70ca2 1145 TLSX_FreeAll(next);
wolfSSL 0:1239e9b70ca2 1146
wolfSSL 0:1239e9b70ca2 1147 break;
wolfSSL 0:1239e9b70ca2 1148 }
wolfSSL 0:1239e9b70ca2 1149 } while ((extension = extension->next));
wolfSSL 0:1239e9b70ca2 1150
wolfSSL 0:1239e9b70ca2 1151 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1152 }
wolfSSL 0:1239e9b70ca2 1153
wolfSSL 0:1239e9b70ca2 1154
wolfSSL 0:1239e9b70ca2 1155 #define MFL_FREE_ALL(data) XFREE(data, 0, DYNAMIC_TYPE_TLSX)
wolfSSL 0:1239e9b70ca2 1156 #define MFL_GET_SIZE(data) ENUM_LEN
wolfSSL 0:1239e9b70ca2 1157 #define MFL_WRITE TLSX_MFL_Write
wolfSSL 0:1239e9b70ca2 1158 #define MFL_PARSE TLSX_MFL_Parse
wolfSSL 0:1239e9b70ca2 1159
wolfSSL 0:1239e9b70ca2 1160 #else
wolfSSL 0:1239e9b70ca2 1161
wolfSSL 0:1239e9b70ca2 1162 #define MFL_FREE_ALL(a)
wolfSSL 0:1239e9b70ca2 1163 #define MFL_GET_SIZE(a) 0
wolfSSL 0:1239e9b70ca2 1164 #define MFL_WRITE(a, b) 0
wolfSSL 0:1239e9b70ca2 1165 #define MFL_PARSE(a, b, c, d) 0
wolfSSL 0:1239e9b70ca2 1166
wolfSSL 0:1239e9b70ca2 1167 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 0:1239e9b70ca2 1168
wolfSSL 0:1239e9b70ca2 1169 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 0:1239e9b70ca2 1170
wolfSSL 0:1239e9b70ca2 1171 int TLSX_UseTruncatedHMAC(TLSX** extensions)
wolfSSL 0:1239e9b70ca2 1172 {
wolfSSL 0:1239e9b70ca2 1173 int ret = 0;
wolfSSL 0:1239e9b70ca2 1174
wolfSSL 0:1239e9b70ca2 1175 if (extensions == NULL)
wolfSSL 0:1239e9b70ca2 1176 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1177
wolfSSL 0:1239e9b70ca2 1178 if (!TLSX_Find(*extensions, TRUNCATED_HMAC))
wolfSSL 0:1239e9b70ca2 1179 if ((ret = TLSX_Append(extensions, TRUNCATED_HMAC)) != 0)
wolfSSL 0:1239e9b70ca2 1180 return ret;
wolfSSL 0:1239e9b70ca2 1181
wolfSSL 0:1239e9b70ca2 1182 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1183 }
wolfSSL 0:1239e9b70ca2 1184
wolfSSL 0:1239e9b70ca2 1185 static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
wolfSSL 0:1239e9b70ca2 1186 byte isRequest)
wolfSSL 0:1239e9b70ca2 1187 {
wolfSSL 0:1239e9b70ca2 1188 if (length != 0 || input == NULL)
wolfSSL 0:1239e9b70ca2 1189 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 1190
wolfSSL 0:1239e9b70ca2 1191 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 1192 if (isRequest) {
wolfSSL 0:1239e9b70ca2 1193 int r = TLSX_UseTruncatedHMAC(&ssl->extensions);
wolfSSL 0:1239e9b70ca2 1194
wolfSSL 0:1239e9b70ca2 1195 if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL 0:1239e9b70ca2 1196
wolfSSL 0:1239e9b70ca2 1197 TLSX_SetResponse(ssl, TRUNCATED_HMAC);
wolfSSL 0:1239e9b70ca2 1198 }
wolfSSL 0:1239e9b70ca2 1199 #endif
wolfSSL 0:1239e9b70ca2 1200
wolfSSL 0:1239e9b70ca2 1201 ssl->truncated_hmac = 1;
wolfSSL 0:1239e9b70ca2 1202
wolfSSL 0:1239e9b70ca2 1203 return 0;
wolfSSL 0:1239e9b70ca2 1204 }
wolfSSL 0:1239e9b70ca2 1205
wolfSSL 0:1239e9b70ca2 1206 #define THM_PARSE TLSX_THM_Parse
wolfSSL 0:1239e9b70ca2 1207
wolfSSL 0:1239e9b70ca2 1208 #else
wolfSSL 0:1239e9b70ca2 1209
wolfSSL 0:1239e9b70ca2 1210 #define THM_PARSE(a, b, c, d) 0
wolfSSL 0:1239e9b70ca2 1211
wolfSSL 0:1239e9b70ca2 1212 #endif /* HAVE_TRUNCATED_HMAC */
wolfSSL 0:1239e9b70ca2 1213
wolfSSL 0:1239e9b70ca2 1214 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 0:1239e9b70ca2 1215
wolfSSL 0:1239e9b70ca2 1216 #ifndef HAVE_ECC
wolfSSL 0:1239e9b70ca2 1217 #error "Elliptic Curves Extension requires Elliptic Curve Cryptography. \
wolfSSL 0:1239e9b70ca2 1218 Use --enable-ecc in the configure script or define HAVE_ECC."
wolfSSL 0:1239e9b70ca2 1219 #endif
wolfSSL 0:1239e9b70ca2 1220
wolfSSL 0:1239e9b70ca2 1221 static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list)
wolfSSL 0:1239e9b70ca2 1222 {
wolfSSL 0:1239e9b70ca2 1223 EllipticCurve* curve;
wolfSSL 0:1239e9b70ca2 1224
wolfSSL 0:1239e9b70ca2 1225 while ((curve = list)) {
wolfSSL 0:1239e9b70ca2 1226 list = curve->next;
wolfSSL 0:1239e9b70ca2 1227 XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:1239e9b70ca2 1228 }
wolfSSL 0:1239e9b70ca2 1229 }
wolfSSL 0:1239e9b70ca2 1230
wolfSSL 0:1239e9b70ca2 1231 static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name)
wolfSSL 0:1239e9b70ca2 1232 {
wolfSSL 0:1239e9b70ca2 1233 EllipticCurve* curve;
wolfSSL 0:1239e9b70ca2 1234
wolfSSL 0:1239e9b70ca2 1235 if (list == NULL)
wolfSSL 0:1239e9b70ca2 1236 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1237
wolfSSL 0:1239e9b70ca2 1238 if ((curve = XMALLOC(sizeof(EllipticCurve), 0, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 0:1239e9b70ca2 1239 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 1240
wolfSSL 0:1239e9b70ca2 1241 curve->name = name;
wolfSSL 0:1239e9b70ca2 1242 curve->next = *list;
wolfSSL 0:1239e9b70ca2 1243
wolfSSL 0:1239e9b70ca2 1244 *list = curve;
wolfSSL 0:1239e9b70ca2 1245
wolfSSL 0:1239e9b70ca2 1246 return 0;
wolfSSL 0:1239e9b70ca2 1247 }
wolfSSL 0:1239e9b70ca2 1248
wolfSSL 0:1239e9b70ca2 1249 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 1250
wolfSSL 0:1239e9b70ca2 1251 static void TLSX_EllipticCurve_ValidateRequest(CYASSL* ssl, byte* semaphore)
wolfSSL 0:1239e9b70ca2 1252 {
wolfSSL 0:1239e9b70ca2 1253 int i;
wolfSSL 0:1239e9b70ca2 1254
wolfSSL 0:1239e9b70ca2 1255 for (i = 0; i < ssl->suites->suiteSz; i+= 2)
wolfSSL 0:1239e9b70ca2 1256 if (ssl->suites->suites[i] == ECC_BYTE)
wolfSSL 0:1239e9b70ca2 1257 return;
wolfSSL 0:1239e9b70ca2 1258
wolfSSL 0:1239e9b70ca2 1259 /* No elliptic curve suite found */
wolfSSL 0:1239e9b70ca2 1260 TURN_ON(semaphore, ELLIPTIC_CURVES);
wolfSSL 0:1239e9b70ca2 1261 }
wolfSSL 0:1239e9b70ca2 1262
wolfSSL 0:1239e9b70ca2 1263 static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list)
wolfSSL 0:1239e9b70ca2 1264 {
wolfSSL 0:1239e9b70ca2 1265 EllipticCurve* curve;
wolfSSL 0:1239e9b70ca2 1266 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 0:1239e9b70ca2 1267
wolfSSL 0:1239e9b70ca2 1268 while ((curve = list)) {
wolfSSL 0:1239e9b70ca2 1269 list = curve->next;
wolfSSL 0:1239e9b70ca2 1270 length += OPAQUE16_LEN; /* curve length */
wolfSSL 0:1239e9b70ca2 1271 }
wolfSSL 0:1239e9b70ca2 1272
wolfSSL 0:1239e9b70ca2 1273 return length;
wolfSSL 0:1239e9b70ca2 1274 }
wolfSSL 0:1239e9b70ca2 1275
wolfSSL 0:1239e9b70ca2 1276 static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output);
wolfSSL 0:1239e9b70ca2 1277 static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output)
wolfSSL 0:1239e9b70ca2 1278 {
wolfSSL 0:1239e9b70ca2 1279 word16 offset = 0;
wolfSSL 0:1239e9b70ca2 1280
wolfSSL 0:1239e9b70ca2 1281 if (!curve)
wolfSSL 0:1239e9b70ca2 1282 return offset;
wolfSSL 0:1239e9b70ca2 1283
wolfSSL 0:1239e9b70ca2 1284 offset = TLSX_EllipticCurve_WriteR(curve->next, output);
wolfSSL 0:1239e9b70ca2 1285 c16toa(curve->name, output + offset);
wolfSSL 0:1239e9b70ca2 1286
wolfSSL 0:1239e9b70ca2 1287 return OPAQUE16_LEN + offset;
wolfSSL 0:1239e9b70ca2 1288 }
wolfSSL 0:1239e9b70ca2 1289
wolfSSL 0:1239e9b70ca2 1290 static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output)
wolfSSL 0:1239e9b70ca2 1291 {
wolfSSL 0:1239e9b70ca2 1292 word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN);
wolfSSL 0:1239e9b70ca2 1293
wolfSSL 0:1239e9b70ca2 1294 c16toa(length, output); /* writing list length */
wolfSSL 0:1239e9b70ca2 1295
wolfSSL 0:1239e9b70ca2 1296 return OPAQUE16_LEN + length;
wolfSSL 0:1239e9b70ca2 1297 }
wolfSSL 0:1239e9b70ca2 1298
wolfSSL 0:1239e9b70ca2 1299 #endif /* NO_CYASSL_CLIENT */
wolfSSL 0:1239e9b70ca2 1300 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 1301
wolfSSL 0:1239e9b70ca2 1302 static int TLSX_EllipticCurve_Parse(CYASSL* ssl, byte* input, word16 length,
wolfSSL 0:1239e9b70ca2 1303 byte isRequest)
wolfSSL 0:1239e9b70ca2 1304 {
wolfSSL 0:1239e9b70ca2 1305 word16 offset;
wolfSSL 0:1239e9b70ca2 1306 word16 name;
wolfSSL 0:1239e9b70ca2 1307 int r;
wolfSSL 0:1239e9b70ca2 1308
wolfSSL 0:1239e9b70ca2 1309 (void) isRequest; /* shut up compiler! */
wolfSSL 0:1239e9b70ca2 1310
wolfSSL 0:1239e9b70ca2 1311 if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
wolfSSL 0:1239e9b70ca2 1312 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 1313
wolfSSL 0:1239e9b70ca2 1314 ato16(input, &offset);
wolfSSL 0:1239e9b70ca2 1315
wolfSSL 0:1239e9b70ca2 1316 /* validating curve list length */
wolfSSL 0:1239e9b70ca2 1317 if (length != OPAQUE16_LEN + offset)
wolfSSL 0:1239e9b70ca2 1318 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 1319
wolfSSL 0:1239e9b70ca2 1320 while (offset) {
wolfSSL 0:1239e9b70ca2 1321 ato16(input + offset, &name);
wolfSSL 0:1239e9b70ca2 1322 offset -= OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 1323
wolfSSL 0:1239e9b70ca2 1324 r = TLSX_UseSupportedCurve(&ssl->extensions, name);
wolfSSL 0:1239e9b70ca2 1325
wolfSSL 0:1239e9b70ca2 1326 if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL 0:1239e9b70ca2 1327 }
wolfSSL 0:1239e9b70ca2 1328
wolfSSL 0:1239e9b70ca2 1329 return 0;
wolfSSL 0:1239e9b70ca2 1330 }
wolfSSL 0:1239e9b70ca2 1331
wolfSSL 0:1239e9b70ca2 1332 int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, byte second) {
wolfSSL 0:1239e9b70ca2 1333 TLSX* extension = (first == ECC_BYTE)
wolfSSL 0:1239e9b70ca2 1334 ? TLSX_Find(ssl->extensions, ELLIPTIC_CURVES)
wolfSSL 0:1239e9b70ca2 1335 : NULL;
wolfSSL 0:1239e9b70ca2 1336 EllipticCurve* curve = NULL;
wolfSSL 0:1239e9b70ca2 1337 word32 oid = 0;
wolfSSL 0:1239e9b70ca2 1338 word16 octets = 0; /* acording to 'ecc_set_type ecc_sets[];' */
wolfSSL 0:1239e9b70ca2 1339 int sig = 0; /* valitade signature */
wolfSSL 0:1239e9b70ca2 1340 int key = 0; /* validate key */
wolfSSL 0:1239e9b70ca2 1341
wolfSSL 0:1239e9b70ca2 1342 if (!extension)
wolfSSL 0:1239e9b70ca2 1343 return 1; /* no suite restriction */
wolfSSL 0:1239e9b70ca2 1344
wolfSSL 0:1239e9b70ca2 1345 for (curve = extension->data; curve && !(sig && key); curve = curve->next) {
wolfSSL 0:1239e9b70ca2 1346
wolfSSL 0:1239e9b70ca2 1347 switch (curve->name) {
wolfSSL 0:1239e9b70ca2 1348 case CYASSL_ECC_SECP160R1: oid = ECC_160R1; octets = 20; break;
wolfSSL 0:1239e9b70ca2 1349 case CYASSL_ECC_SECP192R1: oid = ECC_192R1; octets = 24; break;
wolfSSL 0:1239e9b70ca2 1350 case CYASSL_ECC_SECP224R1: oid = ECC_224R1; octets = 28; break;
wolfSSL 0:1239e9b70ca2 1351 case CYASSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break;
wolfSSL 0:1239e9b70ca2 1352 case CYASSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break;
wolfSSL 0:1239e9b70ca2 1353 case CYASSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break;
wolfSSL 0:1239e9b70ca2 1354 default: continue; /* unsupported curve */
wolfSSL 0:1239e9b70ca2 1355 }
wolfSSL 0:1239e9b70ca2 1356
wolfSSL 0:1239e9b70ca2 1357 switch (second) {
wolfSSL 0:1239e9b70ca2 1358 #ifndef NO_DSA
wolfSSL 0:1239e9b70ca2 1359 /* ECDHE_ECDSA */
wolfSSL 0:1239e9b70ca2 1360 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL 0:1239e9b70ca2 1361 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL 0:1239e9b70ca2 1362 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
wolfSSL 0:1239e9b70ca2 1363 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 0:1239e9b70ca2 1364 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL 0:1239e9b70ca2 1365 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL 0:1239e9b70ca2 1366 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL 0:1239e9b70ca2 1367 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL 0:1239e9b70ca2 1368 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL 0:1239e9b70ca2 1369 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
wolfSSL 0:1239e9b70ca2 1370 sig |= ssl->pkCurveOID == oid;
wolfSSL 0:1239e9b70ca2 1371 key |= ssl->eccTempKeySz == octets;
wolfSSL 0:1239e9b70ca2 1372 break;
wolfSSL 0:1239e9b70ca2 1373
wolfSSL 0:1239e9b70ca2 1374 /* ECDH_ECDSA */
wolfSSL 0:1239e9b70ca2 1375 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL 0:1239e9b70ca2 1376 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL 0:1239e9b70ca2 1377 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
wolfSSL 0:1239e9b70ca2 1378 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 0:1239e9b70ca2 1379 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL 0:1239e9b70ca2 1380 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL 0:1239e9b70ca2 1381 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL 0:1239e9b70ca2 1382 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL 0:1239e9b70ca2 1383 sig |= ssl->pkCurveOID == oid;
wolfSSL 0:1239e9b70ca2 1384 key |= ssl->pkCurveOID == oid;
wolfSSL 0:1239e9b70ca2 1385 break;
wolfSSL 0:1239e9b70ca2 1386 #endif
wolfSSL 0:1239e9b70ca2 1387 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 1388 /* ECDHE_RSA */
wolfSSL 0:1239e9b70ca2 1389 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
wolfSSL 0:1239e9b70ca2 1390 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
wolfSSL 0:1239e9b70ca2 1391 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
wolfSSL 0:1239e9b70ca2 1392 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 0:1239e9b70ca2 1393 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL 0:1239e9b70ca2 1394 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL 0:1239e9b70ca2 1395 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL 0:1239e9b70ca2 1396 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL 0:1239e9b70ca2 1397 sig = 1;
wolfSSL 0:1239e9b70ca2 1398 key |= ssl->eccTempKeySz == octets;
wolfSSL 0:1239e9b70ca2 1399 break;
wolfSSL 0:1239e9b70ca2 1400
wolfSSL 0:1239e9b70ca2 1401 /* ECDH_RSA */
wolfSSL 0:1239e9b70ca2 1402 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
wolfSSL 0:1239e9b70ca2 1403 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
wolfSSL 0:1239e9b70ca2 1404 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
wolfSSL 0:1239e9b70ca2 1405 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 0:1239e9b70ca2 1406 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL 0:1239e9b70ca2 1407 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL 0:1239e9b70ca2 1408 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL 0:1239e9b70ca2 1409 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL 0:1239e9b70ca2 1410 sig = 1;
wolfSSL 0:1239e9b70ca2 1411 key |= ssl->pkCurveOID == oid;
wolfSSL 0:1239e9b70ca2 1412 break;
wolfSSL 0:1239e9b70ca2 1413 #endif
wolfSSL 0:1239e9b70ca2 1414 default:
wolfSSL 0:1239e9b70ca2 1415 sig = 1;
wolfSSL 0:1239e9b70ca2 1416 key = 1;
wolfSSL 0:1239e9b70ca2 1417 break;
wolfSSL 0:1239e9b70ca2 1418 }
wolfSSL 0:1239e9b70ca2 1419 }
wolfSSL 0:1239e9b70ca2 1420
wolfSSL 0:1239e9b70ca2 1421 return sig && key;
wolfSSL 0:1239e9b70ca2 1422 }
wolfSSL 0:1239e9b70ca2 1423
wolfSSL 0:1239e9b70ca2 1424 #endif /* NO_CYASSL_SERVER */
wolfSSL 0:1239e9b70ca2 1425
wolfSSL 0:1239e9b70ca2 1426 int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
wolfSSL 0:1239e9b70ca2 1427 {
wolfSSL 0:1239e9b70ca2 1428 TLSX* extension = NULL;
wolfSSL 0:1239e9b70ca2 1429 EllipticCurve* curve = NULL;
wolfSSL 0:1239e9b70ca2 1430 int ret = 0;
wolfSSL 0:1239e9b70ca2 1431
wolfSSL 0:1239e9b70ca2 1432 if (extensions == NULL)
wolfSSL 0:1239e9b70ca2 1433 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1434
wolfSSL 0:1239e9b70ca2 1435 if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0)
wolfSSL 0:1239e9b70ca2 1436 return ret;
wolfSSL 0:1239e9b70ca2 1437
wolfSSL 0:1239e9b70ca2 1438 extension = *extensions;
wolfSSL 0:1239e9b70ca2 1439
wolfSSL 0:1239e9b70ca2 1440 /* find EllipticCurve extension if it already exists. */
wolfSSL 0:1239e9b70ca2 1441 while (extension && extension->type != ELLIPTIC_CURVES)
wolfSSL 0:1239e9b70ca2 1442 extension = extension->next;
wolfSSL 0:1239e9b70ca2 1443
wolfSSL 0:1239e9b70ca2 1444 /* push new EllipticCurve extension if it doesn't exists. */
wolfSSL 0:1239e9b70ca2 1445 if (!extension) {
wolfSSL 0:1239e9b70ca2 1446 if ((ret = TLSX_Append(extensions, ELLIPTIC_CURVES)) != 0) {
wolfSSL 0:1239e9b70ca2 1447 XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:1239e9b70ca2 1448 return ret;
wolfSSL 0:1239e9b70ca2 1449 }
wolfSSL 0:1239e9b70ca2 1450
wolfSSL 0:1239e9b70ca2 1451 extension = *extensions;
wolfSSL 0:1239e9b70ca2 1452 }
wolfSSL 0:1239e9b70ca2 1453
wolfSSL 0:1239e9b70ca2 1454 /* push new EllipticCurve object to extension data. */
wolfSSL 0:1239e9b70ca2 1455 curve->next = (EllipticCurve*) extension->data;
wolfSSL 0:1239e9b70ca2 1456 extension->data = (void*) curve;
wolfSSL 0:1239e9b70ca2 1457
wolfSSL 0:1239e9b70ca2 1458 /* look for another curve of the same name to remove (replacement) */
wolfSSL 0:1239e9b70ca2 1459 do {
wolfSSL 0:1239e9b70ca2 1460 if (curve->next && curve->next->name == name) {
wolfSSL 0:1239e9b70ca2 1461 EllipticCurve *next = curve->next;
wolfSSL 0:1239e9b70ca2 1462
wolfSSL 0:1239e9b70ca2 1463 curve->next = next->next;
wolfSSL 0:1239e9b70ca2 1464 XFREE(next, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:1239e9b70ca2 1465
wolfSSL 0:1239e9b70ca2 1466 break;
wolfSSL 0:1239e9b70ca2 1467 }
wolfSSL 0:1239e9b70ca2 1468 } while ((curve = curve->next));
wolfSSL 0:1239e9b70ca2 1469
wolfSSL 0:1239e9b70ca2 1470 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1471 }
wolfSSL 0:1239e9b70ca2 1472
wolfSSL 0:1239e9b70ca2 1473 #define EC_FREE_ALL TLSX_EllipticCurve_FreeAll
wolfSSL 0:1239e9b70ca2 1474 #define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest
wolfSSL 0:1239e9b70ca2 1475
wolfSSL 0:1239e9b70ca2 1476 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 1477 #define EC_GET_SIZE TLSX_EllipticCurve_GetSize
wolfSSL 0:1239e9b70ca2 1478 #define EC_WRITE TLSX_EllipticCurve_Write
wolfSSL 0:1239e9b70ca2 1479 #else
wolfSSL 0:1239e9b70ca2 1480 #define EC_GET_SIZE(list) 0
wolfSSL 0:1239e9b70ca2 1481 #define EC_WRITE(a, b) 0
wolfSSL 0:1239e9b70ca2 1482 #endif
wolfSSL 0:1239e9b70ca2 1483
wolfSSL 0:1239e9b70ca2 1484 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 1485 #define EC_PARSE TLSX_EllipticCurve_Parse
wolfSSL 0:1239e9b70ca2 1486 #else
wolfSSL 0:1239e9b70ca2 1487 #define EC_PARSE(a, b, c, d) 0
wolfSSL 0:1239e9b70ca2 1488 #endif
wolfSSL 0:1239e9b70ca2 1489
wolfSSL 0:1239e9b70ca2 1490 #else
wolfSSL 0:1239e9b70ca2 1491
wolfSSL 0:1239e9b70ca2 1492 #define EC_FREE_ALL(list)
wolfSSL 0:1239e9b70ca2 1493 #define EC_GET_SIZE(list) 0
wolfSSL 0:1239e9b70ca2 1494 #define EC_WRITE(a, b) 0
wolfSSL 0:1239e9b70ca2 1495 #define EC_PARSE(a, b, c, d) 0
wolfSSL 0:1239e9b70ca2 1496 #define EC_VALIDATE_REQUEST(a, b)
wolfSSL 0:1239e9b70ca2 1497
wolfSSL 0:1239e9b70ca2 1498 #endif /* HAVE_SUPPORTED_CURVES */
wolfSSL 0:1239e9b70ca2 1499
wolfSSL 0:1239e9b70ca2 1500 TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
wolfSSL 0:1239e9b70ca2 1501 {
wolfSSL 0:1239e9b70ca2 1502 TLSX* extension = list;
wolfSSL 0:1239e9b70ca2 1503
wolfSSL 0:1239e9b70ca2 1504 while (extension && extension->type != type)
wolfSSL 0:1239e9b70ca2 1505 extension = extension->next;
wolfSSL 0:1239e9b70ca2 1506
wolfSSL 0:1239e9b70ca2 1507 return extension;
wolfSSL 0:1239e9b70ca2 1508 }
wolfSSL 0:1239e9b70ca2 1509
wolfSSL 0:1239e9b70ca2 1510 void TLSX_FreeAll(TLSX* list)
wolfSSL 0:1239e9b70ca2 1511 {
wolfSSL 0:1239e9b70ca2 1512 TLSX* extension;
wolfSSL 0:1239e9b70ca2 1513
wolfSSL 0:1239e9b70ca2 1514 while ((extension = list)) {
wolfSSL 0:1239e9b70ca2 1515 list = extension->next;
wolfSSL 0:1239e9b70ca2 1516
wolfSSL 0:1239e9b70ca2 1517 switch (extension->type) {
wolfSSL 0:1239e9b70ca2 1518 case SERVER_NAME_INDICATION:
wolfSSL 0:1239e9b70ca2 1519 SNI_FREE_ALL((SNI *) extension->data);
wolfSSL 0:1239e9b70ca2 1520 break;
wolfSSL 0:1239e9b70ca2 1521
wolfSSL 0:1239e9b70ca2 1522 case MAX_FRAGMENT_LENGTH:
wolfSSL 0:1239e9b70ca2 1523 MFL_FREE_ALL(extension->data);
wolfSSL 0:1239e9b70ca2 1524 break;
wolfSSL 0:1239e9b70ca2 1525
wolfSSL 0:1239e9b70ca2 1526 case TRUNCATED_HMAC:
wolfSSL 0:1239e9b70ca2 1527 /* Nothing to do. */
wolfSSL 0:1239e9b70ca2 1528 break;
wolfSSL 0:1239e9b70ca2 1529
wolfSSL 0:1239e9b70ca2 1530 case ELLIPTIC_CURVES:
wolfSSL 0:1239e9b70ca2 1531 EC_FREE_ALL(extension->data);
wolfSSL 0:1239e9b70ca2 1532 break;
wolfSSL 0:1239e9b70ca2 1533 }
wolfSSL 0:1239e9b70ca2 1534
wolfSSL 0:1239e9b70ca2 1535 XFREE(extension, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:1239e9b70ca2 1536 }
wolfSSL 0:1239e9b70ca2 1537 }
wolfSSL 0:1239e9b70ca2 1538
wolfSSL 0:1239e9b70ca2 1539 static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
wolfSSL 0:1239e9b70ca2 1540 {
wolfSSL 0:1239e9b70ca2 1541 TLSX* extension;
wolfSSL 0:1239e9b70ca2 1542 word16 length = 0;
wolfSSL 0:1239e9b70ca2 1543
wolfSSL 0:1239e9b70ca2 1544 while ((extension = list)) {
wolfSSL 0:1239e9b70ca2 1545 list = extension->next;
wolfSSL 0:1239e9b70ca2 1546
wolfSSL 0:1239e9b70ca2 1547 if (!isRequest && !extension->resp)
wolfSSL 0:1239e9b70ca2 1548 continue; /* skip! */
wolfSSL 0:1239e9b70ca2 1549
wolfSSL 0:1239e9b70ca2 1550 if (IS_OFF(semaphore, extension->type)) {
wolfSSL 0:1239e9b70ca2 1551 /* type + data length */
wolfSSL 0:1239e9b70ca2 1552 length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 1553
wolfSSL 0:1239e9b70ca2 1554 switch (extension->type) {
wolfSSL 0:1239e9b70ca2 1555 case SERVER_NAME_INDICATION:
wolfSSL 0:1239e9b70ca2 1556 if (isRequest)
wolfSSL 0:1239e9b70ca2 1557 length += SNI_GET_SIZE((SNI *) extension->data);
wolfSSL 0:1239e9b70ca2 1558 break;
wolfSSL 0:1239e9b70ca2 1559 case MAX_FRAGMENT_LENGTH:
wolfSSL 0:1239e9b70ca2 1560 length += MFL_GET_SIZE(extension->data);
wolfSSL 0:1239e9b70ca2 1561 break;
wolfSSL 0:1239e9b70ca2 1562
wolfSSL 0:1239e9b70ca2 1563 case TRUNCATED_HMAC:
wolfSSL 0:1239e9b70ca2 1564 /* empty extension. */
wolfSSL 0:1239e9b70ca2 1565 break;
wolfSSL 0:1239e9b70ca2 1566
wolfSSL 0:1239e9b70ca2 1567 case ELLIPTIC_CURVES:
wolfSSL 0:1239e9b70ca2 1568 length += EC_GET_SIZE((EllipticCurve *) extension->data);
wolfSSL 0:1239e9b70ca2 1569 break;
wolfSSL 0:1239e9b70ca2 1570 }
wolfSSL 0:1239e9b70ca2 1571
wolfSSL 0:1239e9b70ca2 1572 TURN_ON(semaphore, extension->type);
wolfSSL 0:1239e9b70ca2 1573 }
wolfSSL 0:1239e9b70ca2 1574 }
wolfSSL 0:1239e9b70ca2 1575
wolfSSL 0:1239e9b70ca2 1576 return length;
wolfSSL 0:1239e9b70ca2 1577 }
wolfSSL 0:1239e9b70ca2 1578
wolfSSL 0:1239e9b70ca2 1579 static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
wolfSSL 0:1239e9b70ca2 1580 byte isRequest)
wolfSSL 0:1239e9b70ca2 1581 {
wolfSSL 0:1239e9b70ca2 1582 TLSX* extension;
wolfSSL 0:1239e9b70ca2 1583 word16 offset = 0;
wolfSSL 0:1239e9b70ca2 1584 word16 length_offset = 0;
wolfSSL 0:1239e9b70ca2 1585
wolfSSL 0:1239e9b70ca2 1586 while ((extension = list)) {
wolfSSL 0:1239e9b70ca2 1587 list = extension->next;
wolfSSL 0:1239e9b70ca2 1588
wolfSSL 0:1239e9b70ca2 1589 if (!isRequest && !extension->resp)
wolfSSL 0:1239e9b70ca2 1590 continue; /* skip! */
wolfSSL 0:1239e9b70ca2 1591
wolfSSL 0:1239e9b70ca2 1592 if (IS_OFF(semaphore, extension->type)) {
wolfSSL 0:1239e9b70ca2 1593 /* extension type */
wolfSSL 0:1239e9b70ca2 1594 c16toa(extension->type, output + offset);
wolfSSL 0:1239e9b70ca2 1595 offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 1596 length_offset = offset;
wolfSSL 0:1239e9b70ca2 1597
wolfSSL 0:1239e9b70ca2 1598 /* extension data should be written internally */
wolfSSL 0:1239e9b70ca2 1599 switch (extension->type) {
wolfSSL 0:1239e9b70ca2 1600 case SERVER_NAME_INDICATION:
wolfSSL 0:1239e9b70ca2 1601 if (isRequest)
wolfSSL 0:1239e9b70ca2 1602 offset += SNI_WRITE((SNI *) extension->data,
wolfSSL 0:1239e9b70ca2 1603 output + offset);
wolfSSL 0:1239e9b70ca2 1604 break;
wolfSSL 0:1239e9b70ca2 1605
wolfSSL 0:1239e9b70ca2 1606 case MAX_FRAGMENT_LENGTH:
wolfSSL 0:1239e9b70ca2 1607 offset += MFL_WRITE((byte *) extension->data,
wolfSSL 0:1239e9b70ca2 1608 output + offset);
wolfSSL 0:1239e9b70ca2 1609 break;
wolfSSL 0:1239e9b70ca2 1610
wolfSSL 0:1239e9b70ca2 1611 case TRUNCATED_HMAC:
wolfSSL 0:1239e9b70ca2 1612 /* empty extension. */
wolfSSL 0:1239e9b70ca2 1613 break;
wolfSSL 0:1239e9b70ca2 1614
wolfSSL 0:1239e9b70ca2 1615 case ELLIPTIC_CURVES:
wolfSSL 0:1239e9b70ca2 1616 offset += EC_WRITE((EllipticCurve *) extension->data,
wolfSSL 0:1239e9b70ca2 1617 output + offset);
wolfSSL 0:1239e9b70ca2 1618 break;
wolfSSL 0:1239e9b70ca2 1619 }
wolfSSL 0:1239e9b70ca2 1620
wolfSSL 0:1239e9b70ca2 1621 /* writing extension data length */
wolfSSL 0:1239e9b70ca2 1622 c16toa(offset - length_offset,
wolfSSL 0:1239e9b70ca2 1623 output + length_offset - OPAQUE16_LEN);
wolfSSL 0:1239e9b70ca2 1624
wolfSSL 0:1239e9b70ca2 1625 TURN_ON(semaphore, extension->type);
wolfSSL 0:1239e9b70ca2 1626 }
wolfSSL 0:1239e9b70ca2 1627 }
wolfSSL 0:1239e9b70ca2 1628
wolfSSL 0:1239e9b70ca2 1629 return offset;
wolfSSL 0:1239e9b70ca2 1630 }
wolfSSL 0:1239e9b70ca2 1631
wolfSSL 0:1239e9b70ca2 1632 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 1633
wolfSSL 0:1239e9b70ca2 1634 word16 TLSX_GetRequestSize(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1635 {
wolfSSL 0:1239e9b70ca2 1636 word16 length = 0;
wolfSSL 0:1239e9b70ca2 1637
wolfSSL 0:1239e9b70ca2 1638 if (ssl && IsTLS(ssl)) {
wolfSSL 0:1239e9b70ca2 1639 byte semaphore[16] = {0};
wolfSSL 0:1239e9b70ca2 1640
wolfSSL 0:1239e9b70ca2 1641 EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 0:1239e9b70ca2 1642
wolfSSL 0:1239e9b70ca2 1643 if (ssl->extensions)
wolfSSL 0:1239e9b70ca2 1644 length += TLSX_GetSize(ssl->extensions, semaphore, 1);
wolfSSL 0:1239e9b70ca2 1645
wolfSSL 0:1239e9b70ca2 1646 if (ssl->ctx && ssl->ctx->extensions)
wolfSSL 0:1239e9b70ca2 1647 length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1);
wolfSSL 0:1239e9b70ca2 1648
wolfSSL 0:1239e9b70ca2 1649 if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL 0:1239e9b70ca2 1650 length += ssl->suites->hashSigAlgoSz + HELLO_EXT_LEN;
wolfSSL 0:1239e9b70ca2 1651 }
wolfSSL 0:1239e9b70ca2 1652
wolfSSL 0:1239e9b70ca2 1653 if (length)
wolfSSL 0:1239e9b70ca2 1654 length += OPAQUE16_LEN; /* for total length storage */
wolfSSL 0:1239e9b70ca2 1655
wolfSSL 0:1239e9b70ca2 1656 return length;
wolfSSL 0:1239e9b70ca2 1657 }
wolfSSL 0:1239e9b70ca2 1658
wolfSSL 0:1239e9b70ca2 1659 word16 TLSX_WriteRequest(CYASSL* ssl, byte* output)
wolfSSL 0:1239e9b70ca2 1660 {
wolfSSL 0:1239e9b70ca2 1661 word16 offset = 0;
wolfSSL 0:1239e9b70ca2 1662
wolfSSL 0:1239e9b70ca2 1663 if (ssl && IsTLS(ssl) && output) {
wolfSSL 0:1239e9b70ca2 1664 byte semaphore[16] = {0};
wolfSSL 0:1239e9b70ca2 1665
wolfSSL 0:1239e9b70ca2 1666 offset += OPAQUE16_LEN; /* extensions length */
wolfSSL 0:1239e9b70ca2 1667
wolfSSL 0:1239e9b70ca2 1668 EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 0:1239e9b70ca2 1669
wolfSSL 0:1239e9b70ca2 1670 if (ssl->extensions)
wolfSSL 0:1239e9b70ca2 1671 offset += TLSX_Write(ssl->extensions, output + offset,
wolfSSL 0:1239e9b70ca2 1672 semaphore, 1);
wolfSSL 0:1239e9b70ca2 1673
wolfSSL 0:1239e9b70ca2 1674 if (ssl->ctx && ssl->ctx->extensions)
wolfSSL 0:1239e9b70ca2 1675 offset += TLSX_Write(ssl->ctx->extensions, output + offset,
wolfSSL 0:1239e9b70ca2 1676 semaphore, 1);
wolfSSL 0:1239e9b70ca2 1677
wolfSSL 0:1239e9b70ca2 1678 if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL 0:1239e9b70ca2 1679 {
wolfSSL 0:1239e9b70ca2 1680 int i;
wolfSSL 0:1239e9b70ca2 1681 /* extension type */
wolfSSL 0:1239e9b70ca2 1682 c16toa(HELLO_EXT_SIG_ALGO, output + offset);
wolfSSL 0:1239e9b70ca2 1683 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 0:1239e9b70ca2 1684
wolfSSL 0:1239e9b70ca2 1685 /* extension data length */
wolfSSL 0:1239e9b70ca2 1686 c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz, output + offset);
wolfSSL 0:1239e9b70ca2 1687 offset += OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 1688
wolfSSL 0:1239e9b70ca2 1689 /* sig algos length */
wolfSSL 0:1239e9b70ca2 1690 c16toa(ssl->suites->hashSigAlgoSz, output + offset);
wolfSSL 0:1239e9b70ca2 1691 offset += OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 1692
wolfSSL 0:1239e9b70ca2 1693 /* sig algos */
wolfSSL 0:1239e9b70ca2 1694 for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, offset++)
wolfSSL 0:1239e9b70ca2 1695 output[offset] = ssl->suites->hashSigAlgo[i];
wolfSSL 0:1239e9b70ca2 1696 }
wolfSSL 0:1239e9b70ca2 1697
wolfSSL 0:1239e9b70ca2 1698 if (offset > OPAQUE16_LEN)
wolfSSL 0:1239e9b70ca2 1699 c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL 0:1239e9b70ca2 1700 }
wolfSSL 0:1239e9b70ca2 1701
wolfSSL 0:1239e9b70ca2 1702 return offset;
wolfSSL 0:1239e9b70ca2 1703 }
wolfSSL 0:1239e9b70ca2 1704
wolfSSL 0:1239e9b70ca2 1705 #endif /* NO_CYASSL_CLIENT */
wolfSSL 0:1239e9b70ca2 1706
wolfSSL 0:1239e9b70ca2 1707 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 1708
wolfSSL 0:1239e9b70ca2 1709 word16 TLSX_GetResponseSize(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1710 {
wolfSSL 0:1239e9b70ca2 1711 word16 length = 0;
wolfSSL 0:1239e9b70ca2 1712 byte semaphore[16] = {0};
wolfSSL 0:1239e9b70ca2 1713
wolfSSL 0:1239e9b70ca2 1714 if (ssl && IsTLS(ssl))
wolfSSL 0:1239e9b70ca2 1715 length += TLSX_GetSize(ssl->extensions, semaphore, 0);
wolfSSL 0:1239e9b70ca2 1716
wolfSSL 0:1239e9b70ca2 1717 /* All the response data is set at the ssl object only, so no ctx here. */
wolfSSL 0:1239e9b70ca2 1718
wolfSSL 0:1239e9b70ca2 1719 if (length)
wolfSSL 0:1239e9b70ca2 1720 length += OPAQUE16_LEN; /* for total length storage */
wolfSSL 0:1239e9b70ca2 1721
wolfSSL 0:1239e9b70ca2 1722 return length;
wolfSSL 0:1239e9b70ca2 1723 }
wolfSSL 0:1239e9b70ca2 1724
wolfSSL 0:1239e9b70ca2 1725 word16 TLSX_WriteResponse(CYASSL *ssl, byte* output)
wolfSSL 0:1239e9b70ca2 1726 {
wolfSSL 0:1239e9b70ca2 1727 word16 offset = 0;
wolfSSL 0:1239e9b70ca2 1728
wolfSSL 0:1239e9b70ca2 1729 if (ssl && IsTLS(ssl) && output) {
wolfSSL 0:1239e9b70ca2 1730 byte semaphore[16] = {0};
wolfSSL 0:1239e9b70ca2 1731
wolfSSL 0:1239e9b70ca2 1732 offset += OPAQUE16_LEN; /* extensions length */
wolfSSL 0:1239e9b70ca2 1733
wolfSSL 0:1239e9b70ca2 1734 offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0);
wolfSSL 0:1239e9b70ca2 1735
wolfSSL 0:1239e9b70ca2 1736 if (offset > OPAQUE16_LEN)
wolfSSL 0:1239e9b70ca2 1737 c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL 0:1239e9b70ca2 1738 }
wolfSSL 0:1239e9b70ca2 1739
wolfSSL 0:1239e9b70ca2 1740 return offset;
wolfSSL 0:1239e9b70ca2 1741 }
wolfSSL 0:1239e9b70ca2 1742
wolfSSL 0:1239e9b70ca2 1743 #endif /* NO_CYASSL_SERVER */
wolfSSL 0:1239e9b70ca2 1744
wolfSSL 0:1239e9b70ca2 1745 int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
wolfSSL 0:1239e9b70ca2 1746 Suites *suites)
wolfSSL 0:1239e9b70ca2 1747 {
wolfSSL 0:1239e9b70ca2 1748 int ret = 0;
wolfSSL 0:1239e9b70ca2 1749 word16 offset = 0;
wolfSSL 0:1239e9b70ca2 1750
wolfSSL 0:1239e9b70ca2 1751 if (!ssl || !input || !suites)
wolfSSL 0:1239e9b70ca2 1752 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1753
wolfSSL 0:1239e9b70ca2 1754 while (ret == 0 && offset < length) {
wolfSSL 0:1239e9b70ca2 1755 word16 type;
wolfSSL 0:1239e9b70ca2 1756 word16 size;
wolfSSL 0:1239e9b70ca2 1757
wolfSSL 0:1239e9b70ca2 1758 if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
wolfSSL 0:1239e9b70ca2 1759 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 1760
wolfSSL 0:1239e9b70ca2 1761 ato16(input + offset, &type);
wolfSSL 0:1239e9b70ca2 1762 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 0:1239e9b70ca2 1763
wolfSSL 0:1239e9b70ca2 1764 ato16(input + offset, &size);
wolfSSL 0:1239e9b70ca2 1765 offset += OPAQUE16_LEN;
wolfSSL 0:1239e9b70ca2 1766
wolfSSL 0:1239e9b70ca2 1767 if (offset + size > length)
wolfSSL 0:1239e9b70ca2 1768 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 1769
wolfSSL 0:1239e9b70ca2 1770 switch (type) {
wolfSSL 0:1239e9b70ca2 1771 case SERVER_NAME_INDICATION:
wolfSSL 0:1239e9b70ca2 1772 CYASSL_MSG("SNI extension received");
wolfSSL 0:1239e9b70ca2 1773
wolfSSL 0:1239e9b70ca2 1774 ret = SNI_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 0:1239e9b70ca2 1775 break;
wolfSSL 0:1239e9b70ca2 1776
wolfSSL 0:1239e9b70ca2 1777 case MAX_FRAGMENT_LENGTH:
wolfSSL 0:1239e9b70ca2 1778 CYASSL_MSG("Max Fragment Length extension received");
wolfSSL 0:1239e9b70ca2 1779
wolfSSL 0:1239e9b70ca2 1780 ret = MFL_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 0:1239e9b70ca2 1781 break;
wolfSSL 0:1239e9b70ca2 1782
wolfSSL 0:1239e9b70ca2 1783 case TRUNCATED_HMAC:
wolfSSL 0:1239e9b70ca2 1784 CYASSL_MSG("Truncated HMAC extension received");
wolfSSL 0:1239e9b70ca2 1785
wolfSSL 0:1239e9b70ca2 1786 ret = THM_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 0:1239e9b70ca2 1787 break;
wolfSSL 0:1239e9b70ca2 1788
wolfSSL 0:1239e9b70ca2 1789 case ELLIPTIC_CURVES:
wolfSSL 0:1239e9b70ca2 1790 CYASSL_MSG("Elliptic Curves extension received");
wolfSSL 0:1239e9b70ca2 1791
wolfSSL 0:1239e9b70ca2 1792 ret = EC_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 0:1239e9b70ca2 1793 break;
wolfSSL 0:1239e9b70ca2 1794
wolfSSL 0:1239e9b70ca2 1795 case HELLO_EXT_SIG_ALGO:
wolfSSL 0:1239e9b70ca2 1796 if (isRequest) {
wolfSSL 0:1239e9b70ca2 1797 /* do not mess with offset inside the switch! */
wolfSSL 0:1239e9b70ca2 1798 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 0:1239e9b70ca2 1799 ato16(input + offset, &suites->hashSigAlgoSz);
wolfSSL 0:1239e9b70ca2 1800
wolfSSL 0:1239e9b70ca2 1801 if (suites->hashSigAlgoSz > size - OPAQUE16_LEN)
wolfSSL 0:1239e9b70ca2 1802 return BUFFER_ERROR;
wolfSSL 0:1239e9b70ca2 1803
wolfSSL 0:1239e9b70ca2 1804 XMEMCPY(suites->hashSigAlgo,
wolfSSL 0:1239e9b70ca2 1805 input + offset + OPAQUE16_LEN,
wolfSSL 0:1239e9b70ca2 1806 min(suites->hashSigAlgoSz,
wolfSSL 0:1239e9b70ca2 1807 HELLO_EXT_SIGALGO_MAX));
wolfSSL 0:1239e9b70ca2 1808 }
wolfSSL 0:1239e9b70ca2 1809 } else {
wolfSSL 0:1239e9b70ca2 1810 CYASSL_MSG("Servers MUST NOT send SIG ALGO extension.");
wolfSSL 0:1239e9b70ca2 1811 }
wolfSSL 0:1239e9b70ca2 1812
wolfSSL 0:1239e9b70ca2 1813 break;
wolfSSL 0:1239e9b70ca2 1814 }
wolfSSL 0:1239e9b70ca2 1815
wolfSSL 0:1239e9b70ca2 1816 /* offset should be updated here! */
wolfSSL 0:1239e9b70ca2 1817 offset += size;
wolfSSL 0:1239e9b70ca2 1818 }
wolfSSL 0:1239e9b70ca2 1819
wolfSSL 0:1239e9b70ca2 1820 return ret;
wolfSSL 0:1239e9b70ca2 1821 }
wolfSSL 0:1239e9b70ca2 1822
wolfSSL 0:1239e9b70ca2 1823 /* undefining semaphore macros */
wolfSSL 0:1239e9b70ca2 1824 #undef IS_OFF
wolfSSL 0:1239e9b70ca2 1825 #undef TURN_ON
wolfSSL 0:1239e9b70ca2 1826
wolfSSL 0:1239e9b70ca2 1827 #elif defined(HAVE_SNI) \
wolfSSL 0:1239e9b70ca2 1828 || defined(HAVE_MAX_FRAGMENT) \
wolfSSL 0:1239e9b70ca2 1829 || defined(HAVE_TRUNCATED_HMAC) \
wolfSSL 0:1239e9b70ca2 1830 || defined(HAVE_SUPPORTED_CURVES)
wolfSSL 0:1239e9b70ca2 1831
wolfSSL 0:1239e9b70ca2 1832 #error "Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined."
wolfSSL 0:1239e9b70ca2 1833
wolfSSL 0:1239e9b70ca2 1834 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 0:1239e9b70ca2 1835
wolfSSL 0:1239e9b70ca2 1836
wolfSSL 0:1239e9b70ca2 1837 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 1838
wolfSSL 0:1239e9b70ca2 1839 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 1840
wolfSSL 0:1239e9b70ca2 1841 CYASSL_METHOD* CyaTLSv1_client_method(void)
wolfSSL 0:1239e9b70ca2 1842 {
wolfSSL 0:1239e9b70ca2 1843 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 1844 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 1845 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 1846 if (method)
wolfSSL 0:1239e9b70ca2 1847 InitSSL_Method(method, MakeTLSv1());
wolfSSL 0:1239e9b70ca2 1848 return method;
wolfSSL 0:1239e9b70ca2 1849 }
wolfSSL 0:1239e9b70ca2 1850
wolfSSL 0:1239e9b70ca2 1851
wolfSSL 0:1239e9b70ca2 1852 CYASSL_METHOD* CyaTLSv1_1_client_method(void)
wolfSSL 0:1239e9b70ca2 1853 {
wolfSSL 0:1239e9b70ca2 1854 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 1855 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 1856 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 1857 if (method)
wolfSSL 0:1239e9b70ca2 1858 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 0:1239e9b70ca2 1859 return method;
wolfSSL 0:1239e9b70ca2 1860 }
wolfSSL 0:1239e9b70ca2 1861
wolfSSL 0:1239e9b70ca2 1862 #endif /* !NO_OLD_TLS */
wolfSSL 0:1239e9b70ca2 1863
wolfSSL 0:1239e9b70ca2 1864 #ifndef NO_SHA256 /* can't use without SHA256 */
wolfSSL 0:1239e9b70ca2 1865
wolfSSL 0:1239e9b70ca2 1866 CYASSL_METHOD* CyaTLSv1_2_client_method(void)
wolfSSL 0:1239e9b70ca2 1867 {
wolfSSL 0:1239e9b70ca2 1868 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 1869 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 1870 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 1871 if (method)
wolfSSL 0:1239e9b70ca2 1872 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 0:1239e9b70ca2 1873 return method;
wolfSSL 0:1239e9b70ca2 1874 }
wolfSSL 0:1239e9b70ca2 1875
wolfSSL 0:1239e9b70ca2 1876 #endif
wolfSSL 0:1239e9b70ca2 1877
wolfSSL 0:1239e9b70ca2 1878
wolfSSL 0:1239e9b70ca2 1879 CYASSL_METHOD* CyaSSLv23_client_method(void)
wolfSSL 0:1239e9b70ca2 1880 {
wolfSSL 0:1239e9b70ca2 1881 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 1882 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 1883 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 1884 if (method) {
wolfSSL 0:1239e9b70ca2 1885 #ifndef NO_SHA256 /* 1.2 requires SHA256 */
wolfSSL 0:1239e9b70ca2 1886 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 0:1239e9b70ca2 1887 #else
wolfSSL 0:1239e9b70ca2 1888 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 0:1239e9b70ca2 1889 #endif
wolfSSL 0:1239e9b70ca2 1890 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 1891 method->downgrade = 1;
wolfSSL 0:1239e9b70ca2 1892 #endif
wolfSSL 0:1239e9b70ca2 1893 }
wolfSSL 0:1239e9b70ca2 1894 return method;
wolfSSL 0:1239e9b70ca2 1895 }
wolfSSL 0:1239e9b70ca2 1896
wolfSSL 0:1239e9b70ca2 1897
wolfSSL 0:1239e9b70ca2 1898 #endif /* NO_CYASSL_CLIENT */
wolfSSL 0:1239e9b70ca2 1899
wolfSSL 0:1239e9b70ca2 1900
wolfSSL 0:1239e9b70ca2 1901
wolfSSL 0:1239e9b70ca2 1902 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 1903
wolfSSL 0:1239e9b70ca2 1904 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 1905
wolfSSL 0:1239e9b70ca2 1906 CYASSL_METHOD* CyaTLSv1_server_method(void)
wolfSSL 0:1239e9b70ca2 1907 {
wolfSSL 0:1239e9b70ca2 1908 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 1909 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 1910 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 1911 if (method) {
wolfSSL 0:1239e9b70ca2 1912 InitSSL_Method(method, MakeTLSv1());
wolfSSL 0:1239e9b70ca2 1913 method->side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 1914 }
wolfSSL 0:1239e9b70ca2 1915 return method;
wolfSSL 0:1239e9b70ca2 1916 }
wolfSSL 0:1239e9b70ca2 1917
wolfSSL 0:1239e9b70ca2 1918
wolfSSL 0:1239e9b70ca2 1919 CYASSL_METHOD* CyaTLSv1_1_server_method(void)
wolfSSL 0:1239e9b70ca2 1920 {
wolfSSL 0:1239e9b70ca2 1921 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 1922 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 1923 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 1924 if (method) {
wolfSSL 0:1239e9b70ca2 1925 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 0:1239e9b70ca2 1926 method->side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 1927 }
wolfSSL 0:1239e9b70ca2 1928 return method;
wolfSSL 0:1239e9b70ca2 1929 }
wolfSSL 0:1239e9b70ca2 1930
wolfSSL 0:1239e9b70ca2 1931 #endif /* !NO_OLD_TLS */
wolfSSL 0:1239e9b70ca2 1932
wolfSSL 0:1239e9b70ca2 1933 #ifndef NO_SHA256 /* can't use without SHA256 */
wolfSSL 0:1239e9b70ca2 1934
wolfSSL 0:1239e9b70ca2 1935 CYASSL_METHOD* CyaTLSv1_2_server_method(void)
wolfSSL 0:1239e9b70ca2 1936 {
wolfSSL 0:1239e9b70ca2 1937 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 1938 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 1939 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 1940 if (method) {
wolfSSL 0:1239e9b70ca2 1941 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 0:1239e9b70ca2 1942 method->side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 1943 }
wolfSSL 0:1239e9b70ca2 1944 return method;
wolfSSL 0:1239e9b70ca2 1945 }
wolfSSL 0:1239e9b70ca2 1946
wolfSSL 0:1239e9b70ca2 1947 #endif
wolfSSL 0:1239e9b70ca2 1948
wolfSSL 0:1239e9b70ca2 1949
wolfSSL 0:1239e9b70ca2 1950 CYASSL_METHOD* CyaSSLv23_server_method(void)
wolfSSL 0:1239e9b70ca2 1951 {
wolfSSL 0:1239e9b70ca2 1952 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 1953 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 1954 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 1955 if (method) {
wolfSSL 0:1239e9b70ca2 1956 #ifndef NO_SHA256 /* 1.2 requires SHA256 */
wolfSSL 0:1239e9b70ca2 1957 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 0:1239e9b70ca2 1958 #else
wolfSSL 0:1239e9b70ca2 1959 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 0:1239e9b70ca2 1960 #endif
wolfSSL 0:1239e9b70ca2 1961 method->side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 1962 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 1963 method->downgrade = 1;
wolfSSL 0:1239e9b70ca2 1964 #endif /* !NO_OLD_TLS */
wolfSSL 0:1239e9b70ca2 1965 }
wolfSSL 0:1239e9b70ca2 1966 return method;
wolfSSL 0:1239e9b70ca2 1967 }
wolfSSL 0:1239e9b70ca2 1968
wolfSSL 0:1239e9b70ca2 1969
wolfSSL 0:1239e9b70ca2 1970
wolfSSL 0:1239e9b70ca2 1971 #endif /* NO_CYASSL_SERVER */
wolfSSL 0:1239e9b70ca2 1972 #endif /* NO_TLS */
wolfSSL 0:1239e9b70ca2 1973
wolfSSL 0:1239e9b70ca2 1974