wolfSSL SSL/TLS library, support up to TLS1.3
src/tls.c@11:cee25a834751, 2017-05-30 (annotated)
- Committer:
- wolfSSL
- Date:
- Tue May 30 01:44:10 2017 +0000
- Revision:
- 11:cee25a834751
wolfSSL 3.11.0
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 11:cee25a834751 | 1 | /* tls.c |
wolfSSL | 11:cee25a834751 | 2 | * |
wolfSSL | 11:cee25a834751 | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
wolfSSL | 11:cee25a834751 | 4 | * |
wolfSSL | 11:cee25a834751 | 5 | * This file is part of wolfSSL. |
wolfSSL | 11:cee25a834751 | 6 | * |
wolfSSL | 11:cee25a834751 | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 11:cee25a834751 | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 11:cee25a834751 | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 11:cee25a834751 | 10 | * (at your option) any later version. |
wolfSSL | 11:cee25a834751 | 11 | * |
wolfSSL | 11:cee25a834751 | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 11:cee25a834751 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 11:cee25a834751 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 11:cee25a834751 | 15 | * GNU General Public License for more details. |
wolfSSL | 11:cee25a834751 | 16 | * |
wolfSSL | 11:cee25a834751 | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 11:cee25a834751 | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 11:cee25a834751 | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 11:cee25a834751 | 20 | */ |
wolfSSL | 11:cee25a834751 | 21 | |
wolfSSL | 11:cee25a834751 | 22 | |
wolfSSL | 11:cee25a834751 | 23 | |
wolfSSL | 11:cee25a834751 | 24 | #ifdef HAVE_CONFIG_H |
wolfSSL | 11:cee25a834751 | 25 | #include <config.h> |
wolfSSL | 11:cee25a834751 | 26 | #endif |
wolfSSL | 11:cee25a834751 | 27 | |
wolfSSL | 11:cee25a834751 | 28 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 11:cee25a834751 | 29 | |
wolfSSL | 11:cee25a834751 | 30 | #ifndef WOLFCRYPT_ONLY |
wolfSSL | 11:cee25a834751 | 31 | |
wolfSSL | 11:cee25a834751 | 32 | #include <wolfssl/ssl.h> |
wolfSSL | 11:cee25a834751 | 33 | #include <wolfssl/internal.h> |
wolfSSL | 11:cee25a834751 | 34 | #include <wolfssl/error-ssl.h> |
wolfSSL | 11:cee25a834751 | 35 | #include <wolfssl/wolfcrypt/hmac.h> |
wolfSSL | 11:cee25a834751 | 36 | #ifdef NO_INLINE |
wolfSSL | 11:cee25a834751 | 37 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 11:cee25a834751 | 38 | #else |
wolfSSL | 11:cee25a834751 | 39 | #define WOLFSSL_MISC_INCLUDED |
wolfSSL | 11:cee25a834751 | 40 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 11:cee25a834751 | 41 | #endif |
wolfSSL | 11:cee25a834751 | 42 | |
wolfSSL | 11:cee25a834751 | 43 | #ifdef HAVE_NTRU |
wolfSSL | 11:cee25a834751 | 44 | #include "libntruencrypt/ntru_crypto.h" |
wolfSSL | 11:cee25a834751 | 45 | #include <wolfssl/wolfcrypt/random.h> |
wolfSSL | 11:cee25a834751 | 46 | #endif |
wolfSSL | 11:cee25a834751 | 47 | #ifdef HAVE_QSH |
wolfSSL | 11:cee25a834751 | 48 | static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key); |
wolfSSL | 11:cee25a834751 | 49 | static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name); |
wolfSSL | 11:cee25a834751 | 50 | #endif |
wolfSSL | 11:cee25a834751 | 51 | #if defined(HAVE_NTRU) || defined(HAVE_QSH) |
wolfSSL | 11:cee25a834751 | 52 | static int TLSX_CreateNtruKey(WOLFSSL* ssl, int type); |
wolfSSL | 11:cee25a834751 | 53 | #endif |
wolfSSL | 11:cee25a834751 | 54 | |
wolfSSL | 11:cee25a834751 | 55 | |
wolfSSL | 11:cee25a834751 | 56 | #ifndef NO_TLS |
wolfSSL | 11:cee25a834751 | 57 | |
wolfSSL | 11:cee25a834751 | 58 | /* Digest enable checks */ |
wolfSSL | 11:cee25a834751 | 59 | #ifdef NO_OLD_TLS /* TLS 1.2 only */ |
wolfSSL | 11:cee25a834751 | 60 | #if defined(NO_SHA256) && !defined(WOLFSSL_SHA384) && \ |
wolfSSL | 11:cee25a834751 | 61 | !defined(WOLFSSL_SHA512) |
wolfSSL | 11:cee25a834751 | 62 | #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2 |
wolfSSL | 11:cee25a834751 | 63 | #endif |
wolfSSL | 11:cee25a834751 | 64 | #else /* TLS 1.1 or older */ |
wolfSSL | 11:cee25a834751 | 65 | #if defined(NO_MD5) && defined(NO_SHA) |
wolfSSL | 11:cee25a834751 | 66 | #error Must have SHA1 and MD5 enabled for old TLS |
wolfSSL | 11:cee25a834751 | 67 | #endif |
wolfSSL | 11:cee25a834751 | 68 | #endif |
wolfSSL | 11:cee25a834751 | 69 | |
wolfSSL | 11:cee25a834751 | 70 | |
wolfSSL | 11:cee25a834751 | 71 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 11:cee25a834751 | 72 | #define P_HASH_MAX_SIZE SHA384_DIGEST_SIZE |
wolfSSL | 11:cee25a834751 | 73 | #else |
wolfSSL | 11:cee25a834751 | 74 | #define P_HASH_MAX_SIZE SHA256_DIGEST_SIZE |
wolfSSL | 11:cee25a834751 | 75 | #endif |
wolfSSL | 11:cee25a834751 | 76 | |
wolfSSL | 11:cee25a834751 | 77 | |
wolfSSL | 11:cee25a834751 | 78 | /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */ |
wolfSSL | 11:cee25a834751 | 79 | static int p_hash(byte* result, word32 resLen, const byte* secret, |
wolfSSL | 11:cee25a834751 | 80 | word32 secLen, const byte* seed, word32 seedLen, int hash) |
wolfSSL | 11:cee25a834751 | 81 | { |
wolfSSL | 11:cee25a834751 | 82 | word32 len = P_HASH_MAX_SIZE; |
wolfSSL | 11:cee25a834751 | 83 | word32 times; |
wolfSSL | 11:cee25a834751 | 84 | word32 lastLen; |
wolfSSL | 11:cee25a834751 | 85 | word32 lastTime; |
wolfSSL | 11:cee25a834751 | 86 | word32 i; |
wolfSSL | 11:cee25a834751 | 87 | word32 idx = 0; |
wolfSSL | 11:cee25a834751 | 88 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 89 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 90 | byte* previous; |
wolfSSL | 11:cee25a834751 | 91 | byte* current; |
wolfSSL | 11:cee25a834751 | 92 | Hmac* hmac; |
wolfSSL | 11:cee25a834751 | 93 | #else |
wolfSSL | 11:cee25a834751 | 94 | byte previous[P_HASH_MAX_SIZE]; /* max size */ |
wolfSSL | 11:cee25a834751 | 95 | byte current[P_HASH_MAX_SIZE]; /* max size */ |
wolfSSL | 11:cee25a834751 | 96 | Hmac hmac[1]; |
wolfSSL | 11:cee25a834751 | 97 | #endif |
wolfSSL | 11:cee25a834751 | 98 | |
wolfSSL | 11:cee25a834751 | 99 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 100 | previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 101 | current = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 102 | hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 103 | |
wolfSSL | 11:cee25a834751 | 104 | if (previous == NULL || current == NULL || hmac == NULL) { |
wolfSSL | 11:cee25a834751 | 105 | if (previous) XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 106 | if (current) XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 107 | if (hmac) XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 108 | |
wolfSSL | 11:cee25a834751 | 109 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 110 | } |
wolfSSL | 11:cee25a834751 | 111 | #endif |
wolfSSL | 11:cee25a834751 | 112 | |
wolfSSL | 11:cee25a834751 | 113 | switch (hash) { |
wolfSSL | 11:cee25a834751 | 114 | #ifndef NO_MD5 |
wolfSSL | 11:cee25a834751 | 115 | case md5_mac: |
wolfSSL | 11:cee25a834751 | 116 | hash = MD5; |
wolfSSL | 11:cee25a834751 | 117 | len = MD5_DIGEST_SIZE; |
wolfSSL | 11:cee25a834751 | 118 | break; |
wolfSSL | 11:cee25a834751 | 119 | #endif |
wolfSSL | 11:cee25a834751 | 120 | |
wolfSSL | 11:cee25a834751 | 121 | #ifndef NO_SHA256 |
wolfSSL | 11:cee25a834751 | 122 | case sha256_mac: |
wolfSSL | 11:cee25a834751 | 123 | hash = SHA256; |
wolfSSL | 11:cee25a834751 | 124 | len = SHA256_DIGEST_SIZE; |
wolfSSL | 11:cee25a834751 | 125 | break; |
wolfSSL | 11:cee25a834751 | 126 | #endif |
wolfSSL | 11:cee25a834751 | 127 | |
wolfSSL | 11:cee25a834751 | 128 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 11:cee25a834751 | 129 | case sha384_mac: |
wolfSSL | 11:cee25a834751 | 130 | hash = SHA384; |
wolfSSL | 11:cee25a834751 | 131 | len = SHA384_DIGEST_SIZE; |
wolfSSL | 11:cee25a834751 | 132 | break; |
wolfSSL | 11:cee25a834751 | 133 | #endif |
wolfSSL | 11:cee25a834751 | 134 | |
wolfSSL | 11:cee25a834751 | 135 | #ifndef NO_SHA |
wolfSSL | 11:cee25a834751 | 136 | case sha_mac: |
wolfSSL | 11:cee25a834751 | 137 | default: |
wolfSSL | 11:cee25a834751 | 138 | hash = SHA; |
wolfSSL | 11:cee25a834751 | 139 | len = SHA_DIGEST_SIZE; |
wolfSSL | 11:cee25a834751 | 140 | break; |
wolfSSL | 11:cee25a834751 | 141 | #endif |
wolfSSL | 11:cee25a834751 | 142 | } |
wolfSSL | 11:cee25a834751 | 143 | |
wolfSSL | 11:cee25a834751 | 144 | times = resLen / len; |
wolfSSL | 11:cee25a834751 | 145 | lastLen = resLen % len; |
wolfSSL | 11:cee25a834751 | 146 | |
wolfSSL | 11:cee25a834751 | 147 | if (lastLen) |
wolfSSL | 11:cee25a834751 | 148 | times += 1; |
wolfSSL | 11:cee25a834751 | 149 | |
wolfSSL | 11:cee25a834751 | 150 | lastTime = times - 1; |
wolfSSL | 11:cee25a834751 | 151 | |
wolfSSL | 11:cee25a834751 | 152 | ret = wc_HmacInit(hmac, NULL, INVALID_DEVID); |
wolfSSL | 11:cee25a834751 | 153 | if (ret == 0) { |
wolfSSL | 11:cee25a834751 | 154 | ret = wc_HmacSetKey(hmac, hash, secret, secLen); |
wolfSSL | 11:cee25a834751 | 155 | if (ret == 0) |
wolfSSL | 11:cee25a834751 | 156 | ret = wc_HmacUpdate(hmac, seed, seedLen); /* A0 = seed */ |
wolfSSL | 11:cee25a834751 | 157 | if (ret == 0) |
wolfSSL | 11:cee25a834751 | 158 | ret = wc_HmacFinal(hmac, previous); /* A1 */ |
wolfSSL | 11:cee25a834751 | 159 | if (ret == 0) { |
wolfSSL | 11:cee25a834751 | 160 | for (i = 0; i < times; i++) { |
wolfSSL | 11:cee25a834751 | 161 | ret = wc_HmacUpdate(hmac, previous, len); |
wolfSSL | 11:cee25a834751 | 162 | if (ret != 0) |
wolfSSL | 11:cee25a834751 | 163 | break; |
wolfSSL | 11:cee25a834751 | 164 | ret = wc_HmacUpdate(hmac, seed, seedLen); |
wolfSSL | 11:cee25a834751 | 165 | if (ret != 0) |
wolfSSL | 11:cee25a834751 | 166 | break; |
wolfSSL | 11:cee25a834751 | 167 | ret = wc_HmacFinal(hmac, current); |
wolfSSL | 11:cee25a834751 | 168 | if (ret != 0) |
wolfSSL | 11:cee25a834751 | 169 | break; |
wolfSSL | 11:cee25a834751 | 170 | |
wolfSSL | 11:cee25a834751 | 171 | if ((i == lastTime) && lastLen) |
wolfSSL | 11:cee25a834751 | 172 | XMEMCPY(&result[idx], current, |
wolfSSL | 11:cee25a834751 | 173 | min(lastLen, P_HASH_MAX_SIZE)); |
wolfSSL | 11:cee25a834751 | 174 | else { |
wolfSSL | 11:cee25a834751 | 175 | XMEMCPY(&result[idx], current, len); |
wolfSSL | 11:cee25a834751 | 176 | idx += len; |
wolfSSL | 11:cee25a834751 | 177 | ret = wc_HmacUpdate(hmac, previous, len); |
wolfSSL | 11:cee25a834751 | 178 | if (ret != 0) |
wolfSSL | 11:cee25a834751 | 179 | break; |
wolfSSL | 11:cee25a834751 | 180 | ret = wc_HmacFinal(hmac, previous); |
wolfSSL | 11:cee25a834751 | 181 | if (ret != 0) |
wolfSSL | 11:cee25a834751 | 182 | break; |
wolfSSL | 11:cee25a834751 | 183 | } |
wolfSSL | 11:cee25a834751 | 184 | } |
wolfSSL | 11:cee25a834751 | 185 | } |
wolfSSL | 11:cee25a834751 | 186 | wc_HmacFree(hmac); |
wolfSSL | 11:cee25a834751 | 187 | } |
wolfSSL | 11:cee25a834751 | 188 | |
wolfSSL | 11:cee25a834751 | 189 | ForceZero(previous, P_HASH_MAX_SIZE); |
wolfSSL | 11:cee25a834751 | 190 | ForceZero(current, P_HASH_MAX_SIZE); |
wolfSSL | 11:cee25a834751 | 191 | ForceZero(hmac, sizeof(Hmac)); |
wolfSSL | 11:cee25a834751 | 192 | |
wolfSSL | 11:cee25a834751 | 193 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 194 | XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 195 | XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 196 | XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 197 | #endif |
wolfSSL | 11:cee25a834751 | 198 | |
wolfSSL | 11:cee25a834751 | 199 | return ret; |
wolfSSL | 11:cee25a834751 | 200 | } |
wolfSSL | 11:cee25a834751 | 201 | |
wolfSSL | 11:cee25a834751 | 202 | #undef P_HASH_MAX_SIZE |
wolfSSL | 11:cee25a834751 | 203 | |
wolfSSL | 11:cee25a834751 | 204 | |
wolfSSL | 11:cee25a834751 | 205 | #ifndef NO_OLD_TLS |
wolfSSL | 11:cee25a834751 | 206 | |
wolfSSL | 11:cee25a834751 | 207 | /* calculate XOR for TLSv1 PRF */ |
wolfSSL | 11:cee25a834751 | 208 | static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha) |
wolfSSL | 11:cee25a834751 | 209 | { |
wolfSSL | 11:cee25a834751 | 210 | word32 i; |
wolfSSL | 11:cee25a834751 | 211 | |
wolfSSL | 11:cee25a834751 | 212 | for (i = 0; i < digLen; i++) |
wolfSSL | 11:cee25a834751 | 213 | digest[i] = md5[i] ^ sha[i]; |
wolfSSL | 11:cee25a834751 | 214 | } |
wolfSSL | 11:cee25a834751 | 215 | |
wolfSSL | 11:cee25a834751 | 216 | |
wolfSSL | 11:cee25a834751 | 217 | /* compute TLSv1 PRF (pseudo random function using HMAC) */ |
wolfSSL | 11:cee25a834751 | 218 | static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, |
wolfSSL | 11:cee25a834751 | 219 | const byte* label, word32 labLen, const byte* seed, |
wolfSSL | 11:cee25a834751 | 220 | word32 seedLen) |
wolfSSL | 11:cee25a834751 | 221 | { |
wolfSSL | 11:cee25a834751 | 222 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 223 | word32 half = (secLen + 1) / 2; |
wolfSSL | 11:cee25a834751 | 224 | |
wolfSSL | 11:cee25a834751 | 225 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 226 | byte* md5_half; |
wolfSSL | 11:cee25a834751 | 227 | byte* sha_half; |
wolfSSL | 11:cee25a834751 | 228 | byte* labelSeed; |
wolfSSL | 11:cee25a834751 | 229 | byte* md5_result; |
wolfSSL | 11:cee25a834751 | 230 | byte* sha_result; |
wolfSSL | 11:cee25a834751 | 231 | #else |
wolfSSL | 11:cee25a834751 | 232 | byte md5_half[MAX_PRF_HALF]; /* half is real size */ |
wolfSSL | 11:cee25a834751 | 233 | byte sha_half[MAX_PRF_HALF]; /* half is real size */ |
wolfSSL | 11:cee25a834751 | 234 | byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */ |
wolfSSL | 11:cee25a834751 | 235 | byte md5_result[MAX_PRF_DIG]; /* digLen is real size */ |
wolfSSL | 11:cee25a834751 | 236 | byte sha_result[MAX_PRF_DIG]; /* digLen is real size */ |
wolfSSL | 11:cee25a834751 | 237 | #endif |
wolfSSL | 11:cee25a834751 | 238 | |
wolfSSL | 11:cee25a834751 | 239 | if (half > MAX_PRF_HALF) |
wolfSSL | 11:cee25a834751 | 240 | return BUFFER_E; |
wolfSSL | 11:cee25a834751 | 241 | if (labLen + seedLen > MAX_PRF_LABSEED) |
wolfSSL | 11:cee25a834751 | 242 | return BUFFER_E; |
wolfSSL | 11:cee25a834751 | 243 | if (digLen > MAX_PRF_DIG) |
wolfSSL | 11:cee25a834751 | 244 | return BUFFER_E; |
wolfSSL | 11:cee25a834751 | 245 | |
wolfSSL | 11:cee25a834751 | 246 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 247 | md5_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 248 | sha_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 249 | labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 250 | md5_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 251 | sha_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 252 | |
wolfSSL | 11:cee25a834751 | 253 | if (md5_half == NULL || sha_half == NULL || labelSeed == NULL || |
wolfSSL | 11:cee25a834751 | 254 | md5_result == NULL || sha_result == NULL) { |
wolfSSL | 11:cee25a834751 | 255 | if (md5_half) XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 256 | if (sha_half) XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 257 | if (labelSeed) XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 258 | if (md5_result) XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 259 | if (sha_result) XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 260 | |
wolfSSL | 11:cee25a834751 | 261 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 262 | } |
wolfSSL | 11:cee25a834751 | 263 | #endif |
wolfSSL | 11:cee25a834751 | 264 | |
wolfSSL | 11:cee25a834751 | 265 | XMEMSET(md5_result, 0, digLen); |
wolfSSL | 11:cee25a834751 | 266 | XMEMSET(sha_result, 0, digLen); |
wolfSSL | 11:cee25a834751 | 267 | |
wolfSSL | 11:cee25a834751 | 268 | XMEMCPY(md5_half, secret, half); |
wolfSSL | 11:cee25a834751 | 269 | XMEMCPY(sha_half, secret + half - secLen % 2, half); |
wolfSSL | 11:cee25a834751 | 270 | |
wolfSSL | 11:cee25a834751 | 271 | XMEMCPY(labelSeed, label, labLen); |
wolfSSL | 11:cee25a834751 | 272 | XMEMCPY(labelSeed + labLen, seed, seedLen); |
wolfSSL | 11:cee25a834751 | 273 | |
wolfSSL | 11:cee25a834751 | 274 | if ((ret = p_hash(md5_result, digLen, md5_half, half, labelSeed, |
wolfSSL | 11:cee25a834751 | 275 | labLen + seedLen, md5_mac)) == 0) { |
wolfSSL | 11:cee25a834751 | 276 | if ((ret = p_hash(sha_result, digLen, sha_half, half, labelSeed, |
wolfSSL | 11:cee25a834751 | 277 | labLen + seedLen, sha_mac)) == 0) { |
wolfSSL | 11:cee25a834751 | 278 | get_xor(digest, digLen, md5_result, sha_result); |
wolfSSL | 11:cee25a834751 | 279 | } |
wolfSSL | 11:cee25a834751 | 280 | } |
wolfSSL | 11:cee25a834751 | 281 | |
wolfSSL | 11:cee25a834751 | 282 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 283 | XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 284 | XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 285 | XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 286 | XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 287 | XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 288 | #endif |
wolfSSL | 11:cee25a834751 | 289 | |
wolfSSL | 11:cee25a834751 | 290 | return ret; |
wolfSSL | 11:cee25a834751 | 291 | } |
wolfSSL | 11:cee25a834751 | 292 | |
wolfSSL | 11:cee25a834751 | 293 | #endif |
wolfSSL | 11:cee25a834751 | 294 | |
wolfSSL | 11:cee25a834751 | 295 | |
wolfSSL | 11:cee25a834751 | 296 | /* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack |
wolfSSL | 11:cee25a834751 | 297 | use */ |
wolfSSL | 11:cee25a834751 | 298 | static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, |
wolfSSL | 11:cee25a834751 | 299 | const byte* label, word32 labLen, const byte* seed, word32 seedLen, |
wolfSSL | 11:cee25a834751 | 300 | int useAtLeastSha256, int hash_type) |
wolfSSL | 11:cee25a834751 | 301 | { |
wolfSSL | 11:cee25a834751 | 302 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 303 | |
wolfSSL | 11:cee25a834751 | 304 | if (useAtLeastSha256) { |
wolfSSL | 11:cee25a834751 | 305 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 306 | byte* labelSeed; |
wolfSSL | 11:cee25a834751 | 307 | #else |
wolfSSL | 11:cee25a834751 | 308 | byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */ |
wolfSSL | 11:cee25a834751 | 309 | #endif |
wolfSSL | 11:cee25a834751 | 310 | |
wolfSSL | 11:cee25a834751 | 311 | if (labLen + seedLen > MAX_PRF_LABSEED) |
wolfSSL | 11:cee25a834751 | 312 | return BUFFER_E; |
wolfSSL | 11:cee25a834751 | 313 | |
wolfSSL | 11:cee25a834751 | 314 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 315 | labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, |
wolfSSL | 11:cee25a834751 | 316 | DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 317 | if (labelSeed == NULL) |
wolfSSL | 11:cee25a834751 | 318 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 319 | #endif |
wolfSSL | 11:cee25a834751 | 320 | |
wolfSSL | 11:cee25a834751 | 321 | XMEMCPY(labelSeed, label, labLen); |
wolfSSL | 11:cee25a834751 | 322 | XMEMCPY(labelSeed + labLen, seed, seedLen); |
wolfSSL | 11:cee25a834751 | 323 | |
wolfSSL | 11:cee25a834751 | 324 | /* If a cipher suite wants an algorithm better than sha256, it |
wolfSSL | 11:cee25a834751 | 325 | * should use better. */ |
wolfSSL | 11:cee25a834751 | 326 | if (hash_type < sha256_mac || hash_type == blake2b_mac) |
wolfSSL | 11:cee25a834751 | 327 | hash_type = sha256_mac; |
wolfSSL | 11:cee25a834751 | 328 | ret = p_hash(digest, digLen, secret, secLen, labelSeed, |
wolfSSL | 11:cee25a834751 | 329 | labLen + seedLen, hash_type); |
wolfSSL | 11:cee25a834751 | 330 | |
wolfSSL | 11:cee25a834751 | 331 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 332 | XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 333 | #endif |
wolfSSL | 11:cee25a834751 | 334 | } |
wolfSSL | 11:cee25a834751 | 335 | #ifndef NO_OLD_TLS |
wolfSSL | 11:cee25a834751 | 336 | else { |
wolfSSL | 11:cee25a834751 | 337 | ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed, |
wolfSSL | 11:cee25a834751 | 338 | seedLen); |
wolfSSL | 11:cee25a834751 | 339 | } |
wolfSSL | 11:cee25a834751 | 340 | #endif |
wolfSSL | 11:cee25a834751 | 341 | |
wolfSSL | 11:cee25a834751 | 342 | return ret; |
wolfSSL | 11:cee25a834751 | 343 | } |
wolfSSL | 11:cee25a834751 | 344 | |
wolfSSL | 11:cee25a834751 | 345 | |
wolfSSL | 11:cee25a834751 | 346 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 11:cee25a834751 | 347 | #define HSHASH_SZ SHA384_DIGEST_SIZE |
wolfSSL | 11:cee25a834751 | 348 | #else |
wolfSSL | 11:cee25a834751 | 349 | #define HSHASH_SZ FINISHED_SZ |
wolfSSL | 11:cee25a834751 | 350 | #endif |
wolfSSL | 11:cee25a834751 | 351 | |
wolfSSL | 11:cee25a834751 | 352 | |
wolfSSL | 11:cee25a834751 | 353 | int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen) |
wolfSSL | 11:cee25a834751 | 354 | { |
wolfSSL | 11:cee25a834751 | 355 | word32 hashSz = FINISHED_SZ; |
wolfSSL | 11:cee25a834751 | 356 | |
wolfSSL | 11:cee25a834751 | 357 | if (ssl == NULL || hash == NULL || hashLen == NULL || *hashLen < HSHASH_SZ) |
wolfSSL | 11:cee25a834751 | 358 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 359 | |
wolfSSL | 11:cee25a834751 | 360 | #ifndef NO_OLD_TLS |
wolfSSL | 11:cee25a834751 | 361 | wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash); |
wolfSSL | 11:cee25a834751 | 362 | wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[MD5_DIGEST_SIZE]); |
wolfSSL | 11:cee25a834751 | 363 | #endif |
wolfSSL | 11:cee25a834751 | 364 | |
wolfSSL | 11:cee25a834751 | 365 | if (IsAtLeastTLSv1_2(ssl)) { |
wolfSSL | 11:cee25a834751 | 366 | #ifndef NO_SHA256 |
wolfSSL | 11:cee25a834751 | 367 | if (ssl->specs.mac_algorithm <= sha256_mac || |
wolfSSL | 11:cee25a834751 | 368 | ssl->specs.mac_algorithm == blake2b_mac) { |
wolfSSL | 11:cee25a834751 | 369 | int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash); |
wolfSSL | 11:cee25a834751 | 370 | |
wolfSSL | 11:cee25a834751 | 371 | if (ret != 0) |
wolfSSL | 11:cee25a834751 | 372 | return ret; |
wolfSSL | 11:cee25a834751 | 373 | |
wolfSSL | 11:cee25a834751 | 374 | hashSz = SHA256_DIGEST_SIZE; |
wolfSSL | 11:cee25a834751 | 375 | } |
wolfSSL | 11:cee25a834751 | 376 | #endif |
wolfSSL | 11:cee25a834751 | 377 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 11:cee25a834751 | 378 | if (ssl->specs.mac_algorithm == sha384_mac) { |
wolfSSL | 11:cee25a834751 | 379 | int ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash); |
wolfSSL | 11:cee25a834751 | 380 | |
wolfSSL | 11:cee25a834751 | 381 | if (ret != 0) |
wolfSSL | 11:cee25a834751 | 382 | return ret; |
wolfSSL | 11:cee25a834751 | 383 | |
wolfSSL | 11:cee25a834751 | 384 | hashSz = SHA384_DIGEST_SIZE; |
wolfSSL | 11:cee25a834751 | 385 | } |
wolfSSL | 11:cee25a834751 | 386 | #endif |
wolfSSL | 11:cee25a834751 | 387 | } |
wolfSSL | 11:cee25a834751 | 388 | |
wolfSSL | 11:cee25a834751 | 389 | *hashLen = hashSz; |
wolfSSL | 11:cee25a834751 | 390 | |
wolfSSL | 11:cee25a834751 | 391 | return 0; |
wolfSSL | 11:cee25a834751 | 392 | } |
wolfSSL | 11:cee25a834751 | 393 | |
wolfSSL | 11:cee25a834751 | 394 | |
wolfSSL | 11:cee25a834751 | 395 | int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) |
wolfSSL | 11:cee25a834751 | 396 | { |
wolfSSL | 11:cee25a834751 | 397 | int ret; |
wolfSSL | 11:cee25a834751 | 398 | const byte* side; |
wolfSSL | 11:cee25a834751 | 399 | byte* handshake_hash; |
wolfSSL | 11:cee25a834751 | 400 | word32 hashSz = HSHASH_SZ; |
wolfSSL | 11:cee25a834751 | 401 | |
wolfSSL | 11:cee25a834751 | 402 | /* using allocate here to allow async hardware to use buffer directly */ |
wolfSSL | 11:cee25a834751 | 403 | handshake_hash = (byte*)XMALLOC(hashSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 404 | if (handshake_hash == NULL) |
wolfSSL | 11:cee25a834751 | 405 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 406 | |
wolfSSL | 11:cee25a834751 | 407 | ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz); |
wolfSSL | 11:cee25a834751 | 408 | if (ret == 0) { |
wolfSSL | 11:cee25a834751 | 409 | if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0) |
wolfSSL | 11:cee25a834751 | 410 | side = tls_client; |
wolfSSL | 11:cee25a834751 | 411 | else |
wolfSSL | 11:cee25a834751 | 412 | side = tls_server; |
wolfSSL | 11:cee25a834751 | 413 | |
wolfSSL | 11:cee25a834751 | 414 | ret = PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, |
wolfSSL | 11:cee25a834751 | 415 | SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, |
wolfSSL | 11:cee25a834751 | 416 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 11:cee25a834751 | 417 | } |
wolfSSL | 11:cee25a834751 | 418 | |
wolfSSL | 11:cee25a834751 | 419 | XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 420 | |
wolfSSL | 11:cee25a834751 | 421 | return ret; |
wolfSSL | 11:cee25a834751 | 422 | } |
wolfSSL | 11:cee25a834751 | 423 | |
wolfSSL | 11:cee25a834751 | 424 | |
wolfSSL | 11:cee25a834751 | 425 | #ifndef NO_OLD_TLS |
wolfSSL | 11:cee25a834751 | 426 | |
wolfSSL | 11:cee25a834751 | 427 | ProtocolVersion MakeTLSv1(void) |
wolfSSL | 11:cee25a834751 | 428 | { |
wolfSSL | 11:cee25a834751 | 429 | ProtocolVersion pv; |
wolfSSL | 11:cee25a834751 | 430 | pv.major = SSLv3_MAJOR; |
wolfSSL | 11:cee25a834751 | 431 | pv.minor = TLSv1_MINOR; |
wolfSSL | 11:cee25a834751 | 432 | |
wolfSSL | 11:cee25a834751 | 433 | return pv; |
wolfSSL | 11:cee25a834751 | 434 | } |
wolfSSL | 11:cee25a834751 | 435 | |
wolfSSL | 11:cee25a834751 | 436 | |
wolfSSL | 11:cee25a834751 | 437 | ProtocolVersion MakeTLSv1_1(void) |
wolfSSL | 11:cee25a834751 | 438 | { |
wolfSSL | 11:cee25a834751 | 439 | ProtocolVersion pv; |
wolfSSL | 11:cee25a834751 | 440 | pv.major = SSLv3_MAJOR; |
wolfSSL | 11:cee25a834751 | 441 | pv.minor = TLSv1_1_MINOR; |
wolfSSL | 11:cee25a834751 | 442 | |
wolfSSL | 11:cee25a834751 | 443 | return pv; |
wolfSSL | 11:cee25a834751 | 444 | } |
wolfSSL | 11:cee25a834751 | 445 | |
wolfSSL | 11:cee25a834751 | 446 | #endif |
wolfSSL | 11:cee25a834751 | 447 | |
wolfSSL | 11:cee25a834751 | 448 | |
wolfSSL | 11:cee25a834751 | 449 | ProtocolVersion MakeTLSv1_2(void) |
wolfSSL | 11:cee25a834751 | 450 | { |
wolfSSL | 11:cee25a834751 | 451 | ProtocolVersion pv; |
wolfSSL | 11:cee25a834751 | 452 | pv.major = SSLv3_MAJOR; |
wolfSSL | 11:cee25a834751 | 453 | pv.minor = TLSv1_2_MINOR; |
wolfSSL | 11:cee25a834751 | 454 | |
wolfSSL | 11:cee25a834751 | 455 | return pv; |
wolfSSL | 11:cee25a834751 | 456 | } |
wolfSSL | 11:cee25a834751 | 457 | |
wolfSSL | 11:cee25a834751 | 458 | |
wolfSSL | 11:cee25a834751 | 459 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 11:cee25a834751 | 460 | static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] = |
wolfSSL | 11:cee25a834751 | 461 | "extended master secret"; |
wolfSSL | 11:cee25a834751 | 462 | #endif |
wolfSSL | 11:cee25a834751 | 463 | static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret"; |
wolfSSL | 11:cee25a834751 | 464 | static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion"; |
wolfSSL | 11:cee25a834751 | 465 | |
wolfSSL | 11:cee25a834751 | 466 | |
wolfSSL | 11:cee25a834751 | 467 | /* External facing wrapper so user can call as well, 0 on success */ |
wolfSSL | 11:cee25a834751 | 468 | int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen, |
wolfSSL | 11:cee25a834751 | 469 | const byte* ms, word32 msLen, |
wolfSSL | 11:cee25a834751 | 470 | const byte* sr, const byte* cr, |
wolfSSL | 11:cee25a834751 | 471 | int tls1_2, int hash_type) |
wolfSSL | 11:cee25a834751 | 472 | { |
wolfSSL | 11:cee25a834751 | 473 | byte seed[SEED_LEN]; |
wolfSSL | 11:cee25a834751 | 474 | |
wolfSSL | 11:cee25a834751 | 475 | XMEMCPY(seed, sr, RAN_LEN); |
wolfSSL | 11:cee25a834751 | 476 | XMEMCPY(seed + RAN_LEN, cr, RAN_LEN); |
wolfSSL | 11:cee25a834751 | 477 | |
wolfSSL | 11:cee25a834751 | 478 | return PRF(key_data, keyLen, ms, msLen, key_label, KEY_LABEL_SZ, |
wolfSSL | 11:cee25a834751 | 479 | seed, SEED_LEN, tls1_2, hash_type); |
wolfSSL | 11:cee25a834751 | 480 | } |
wolfSSL | 11:cee25a834751 | 481 | |
wolfSSL | 11:cee25a834751 | 482 | |
wolfSSL | 11:cee25a834751 | 483 | int DeriveTlsKeys(WOLFSSL* ssl) |
wolfSSL | 11:cee25a834751 | 484 | { |
wolfSSL | 11:cee25a834751 | 485 | int ret; |
wolfSSL | 11:cee25a834751 | 486 | int length = 2 * ssl->specs.hash_size + |
wolfSSL | 11:cee25a834751 | 487 | 2 * ssl->specs.key_size + |
wolfSSL | 11:cee25a834751 | 488 | 2 * ssl->specs.iv_size; |
wolfSSL | 11:cee25a834751 | 489 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 490 | byte* key_data; |
wolfSSL | 11:cee25a834751 | 491 | #else |
wolfSSL | 11:cee25a834751 | 492 | byte key_data[MAX_PRF_DIG]; |
wolfSSL | 11:cee25a834751 | 493 | #endif |
wolfSSL | 11:cee25a834751 | 494 | |
wolfSSL | 11:cee25a834751 | 495 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 496 | key_data = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 497 | if (key_data == NULL) { |
wolfSSL | 11:cee25a834751 | 498 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 499 | } |
wolfSSL | 11:cee25a834751 | 500 | #endif |
wolfSSL | 11:cee25a834751 | 501 | |
wolfSSL | 11:cee25a834751 | 502 | ret = wolfSSL_DeriveTlsKeys(key_data, length, |
wolfSSL | 11:cee25a834751 | 503 | ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 11:cee25a834751 | 504 | ssl->arrays->serverRandom, ssl->arrays->clientRandom, |
wolfSSL | 11:cee25a834751 | 505 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 11:cee25a834751 | 506 | if (ret == 0) |
wolfSSL | 11:cee25a834751 | 507 | ret = StoreKeys(ssl, key_data); |
wolfSSL | 11:cee25a834751 | 508 | |
wolfSSL | 11:cee25a834751 | 509 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 510 | XFREE(key_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 511 | #endif |
wolfSSL | 11:cee25a834751 | 512 | |
wolfSSL | 11:cee25a834751 | 513 | return ret; |
wolfSSL | 11:cee25a834751 | 514 | } |
wolfSSL | 11:cee25a834751 | 515 | |
wolfSSL | 11:cee25a834751 | 516 | |
wolfSSL | 11:cee25a834751 | 517 | /* External facing wrapper so user can call as well, 0 on success */ |
wolfSSL | 11:cee25a834751 | 518 | int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen, |
wolfSSL | 11:cee25a834751 | 519 | const byte* pms, word32 pmsLen, |
wolfSSL | 11:cee25a834751 | 520 | const byte* cr, const byte* sr, |
wolfSSL | 11:cee25a834751 | 521 | int tls1_2, int hash_type) |
wolfSSL | 11:cee25a834751 | 522 | { |
wolfSSL | 11:cee25a834751 | 523 | byte seed[SEED_LEN]; |
wolfSSL | 11:cee25a834751 | 524 | |
wolfSSL | 11:cee25a834751 | 525 | XMEMCPY(seed, cr, RAN_LEN); |
wolfSSL | 11:cee25a834751 | 526 | XMEMCPY(seed + RAN_LEN, sr, RAN_LEN); |
wolfSSL | 11:cee25a834751 | 527 | |
wolfSSL | 11:cee25a834751 | 528 | return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ, |
wolfSSL | 11:cee25a834751 | 529 | seed, SEED_LEN, tls1_2, hash_type); |
wolfSSL | 11:cee25a834751 | 530 | } |
wolfSSL | 11:cee25a834751 | 531 | |
wolfSSL | 11:cee25a834751 | 532 | |
wolfSSL | 11:cee25a834751 | 533 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 11:cee25a834751 | 534 | |
wolfSSL | 11:cee25a834751 | 535 | /* External facing wrapper so user can call as well, 0 on success */ |
wolfSSL | 11:cee25a834751 | 536 | int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen, |
wolfSSL | 11:cee25a834751 | 537 | const byte* pms, word32 pmsLen, |
wolfSSL | 11:cee25a834751 | 538 | const byte* sHash, word32 sHashLen, |
wolfSSL | 11:cee25a834751 | 539 | int tls1_2, int hash_type) |
wolfSSL | 11:cee25a834751 | 540 | { |
wolfSSL | 11:cee25a834751 | 541 | return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ, |
wolfSSL | 11:cee25a834751 | 542 | sHash, sHashLen, tls1_2, hash_type); |
wolfSSL | 11:cee25a834751 | 543 | } |
wolfSSL | 11:cee25a834751 | 544 | |
wolfSSL | 11:cee25a834751 | 545 | #endif /* HAVE_EXTENDED_MASTER */ |
wolfSSL | 11:cee25a834751 | 546 | |
wolfSSL | 11:cee25a834751 | 547 | |
wolfSSL | 11:cee25a834751 | 548 | int MakeTlsMasterSecret(WOLFSSL* ssl) |
wolfSSL | 11:cee25a834751 | 549 | { |
wolfSSL | 11:cee25a834751 | 550 | int ret; |
wolfSSL | 11:cee25a834751 | 551 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 11:cee25a834751 | 552 | if (ssl->options.haveEMS) { |
wolfSSL | 11:cee25a834751 | 553 | byte* handshake_hash; |
wolfSSL | 11:cee25a834751 | 554 | word32 hashSz = HSHASH_SZ; |
wolfSSL | 11:cee25a834751 | 555 | |
wolfSSL | 11:cee25a834751 | 556 | handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 557 | if (handshake_hash == NULL) |
wolfSSL | 11:cee25a834751 | 558 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 559 | |
wolfSSL | 11:cee25a834751 | 560 | ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz); |
wolfSSL | 11:cee25a834751 | 561 | if (ret < 0) { |
wolfSSL | 11:cee25a834751 | 562 | XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 563 | return ret; |
wolfSSL | 11:cee25a834751 | 564 | } |
wolfSSL | 11:cee25a834751 | 565 | |
wolfSSL | 11:cee25a834751 | 566 | ret = wolfSSL_MakeTlsExtendedMasterSecret( |
wolfSSL | 11:cee25a834751 | 567 | ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 11:cee25a834751 | 568 | ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, |
wolfSSL | 11:cee25a834751 | 569 | handshake_hash, hashSz, |
wolfSSL | 11:cee25a834751 | 570 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 11:cee25a834751 | 571 | |
wolfSSL | 11:cee25a834751 | 572 | XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 573 | } else |
wolfSSL | 11:cee25a834751 | 574 | #endif |
wolfSSL | 11:cee25a834751 | 575 | ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 11:cee25a834751 | 576 | ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, |
wolfSSL | 11:cee25a834751 | 577 | ssl->arrays->clientRandom, ssl->arrays->serverRandom, |
wolfSSL | 11:cee25a834751 | 578 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 11:cee25a834751 | 579 | |
wolfSSL | 11:cee25a834751 | 580 | if (ret == 0) { |
wolfSSL | 11:cee25a834751 | 581 | #ifdef SHOW_SECRETS |
wolfSSL | 11:cee25a834751 | 582 | int i; |
wolfSSL | 11:cee25a834751 | 583 | |
wolfSSL | 11:cee25a834751 | 584 | printf("master secret: "); |
wolfSSL | 11:cee25a834751 | 585 | for (i = 0; i < SECRET_LEN; i++) |
wolfSSL | 11:cee25a834751 | 586 | printf("%02x", ssl->arrays->masterSecret[i]); |
wolfSSL | 11:cee25a834751 | 587 | printf("\n"); |
wolfSSL | 11:cee25a834751 | 588 | #endif |
wolfSSL | 11:cee25a834751 | 589 | |
wolfSSL | 11:cee25a834751 | 590 | ret = DeriveTlsKeys(ssl); |
wolfSSL | 11:cee25a834751 | 591 | } |
wolfSSL | 11:cee25a834751 | 592 | |
wolfSSL | 11:cee25a834751 | 593 | return ret; |
wolfSSL | 11:cee25a834751 | 594 | } |
wolfSSL | 11:cee25a834751 | 595 | |
wolfSSL | 11:cee25a834751 | 596 | |
wolfSSL | 11:cee25a834751 | 597 | /* Used by EAP-TLS and EAP-TTLS to derive keying material from |
wolfSSL | 11:cee25a834751 | 598 | * the master_secret. */ |
wolfSSL | 11:cee25a834751 | 599 | int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len, |
wolfSSL | 11:cee25a834751 | 600 | const char* label) |
wolfSSL | 11:cee25a834751 | 601 | { |
wolfSSL | 11:cee25a834751 | 602 | int ret; |
wolfSSL | 11:cee25a834751 | 603 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 604 | byte* seed; |
wolfSSL | 11:cee25a834751 | 605 | #else |
wolfSSL | 11:cee25a834751 | 606 | byte seed[SEED_LEN]; |
wolfSSL | 11:cee25a834751 | 607 | #endif |
wolfSSL | 11:cee25a834751 | 608 | |
wolfSSL | 11:cee25a834751 | 609 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 610 | seed = (byte*)XMALLOC(SEED_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 611 | if (seed == NULL) |
wolfSSL | 11:cee25a834751 | 612 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 613 | #endif |
wolfSSL | 11:cee25a834751 | 614 | |
wolfSSL | 11:cee25a834751 | 615 | /* |
wolfSSL | 11:cee25a834751 | 616 | * As per RFC-5281, the order of the client and server randoms is reversed |
wolfSSL | 11:cee25a834751 | 617 | * from that used by the TLS protocol to derive keys. |
wolfSSL | 11:cee25a834751 | 618 | */ |
wolfSSL | 11:cee25a834751 | 619 | XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); |
wolfSSL | 11:cee25a834751 | 620 | XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN); |
wolfSSL | 11:cee25a834751 | 621 | |
wolfSSL | 11:cee25a834751 | 622 | ret = PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 11:cee25a834751 | 623 | (const byte *)label, (word32)XSTRLEN(label), seed, SEED_LEN, |
wolfSSL | 11:cee25a834751 | 624 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 11:cee25a834751 | 625 | |
wolfSSL | 11:cee25a834751 | 626 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 627 | XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 628 | #endif |
wolfSSL | 11:cee25a834751 | 629 | |
wolfSSL | 11:cee25a834751 | 630 | return ret; |
wolfSSL | 11:cee25a834751 | 631 | } |
wolfSSL | 11:cee25a834751 | 632 | |
wolfSSL | 11:cee25a834751 | 633 | |
wolfSSL | 11:cee25a834751 | 634 | /*** next for static INLINE s copied internal.c ***/ |
wolfSSL | 11:cee25a834751 | 635 | |
wolfSSL | 11:cee25a834751 | 636 | /* convert 16 bit integer to opaque */ |
wolfSSL | 11:cee25a834751 | 637 | static INLINE void c16toa(word16 u16, byte* c) |
wolfSSL | 11:cee25a834751 | 638 | { |
wolfSSL | 11:cee25a834751 | 639 | c[0] = (u16 >> 8) & 0xff; |
wolfSSL | 11:cee25a834751 | 640 | c[1] = u16 & 0xff; |
wolfSSL | 11:cee25a834751 | 641 | } |
wolfSSL | 11:cee25a834751 | 642 | |
wolfSSL | 11:cee25a834751 | 643 | #ifdef HAVE_TLS_EXTENSIONS |
wolfSSL | 11:cee25a834751 | 644 | /* convert opaque to 16 bit integer */ |
wolfSSL | 11:cee25a834751 | 645 | static INLINE void ato16(const byte* c, word16* u16) |
wolfSSL | 11:cee25a834751 | 646 | { |
wolfSSL | 11:cee25a834751 | 647 | *u16 = (c[0] << 8) | (c[1]); |
wolfSSL | 11:cee25a834751 | 648 | } |
wolfSSL | 11:cee25a834751 | 649 | |
wolfSSL | 11:cee25a834751 | 650 | #if defined(HAVE_SNI) && !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 11:cee25a834751 | 651 | /* convert a 24 bit integer into a 32 bit one */ |
wolfSSL | 11:cee25a834751 | 652 | static INLINE void c24to32(const word24 u24, word32* u32) |
wolfSSL | 11:cee25a834751 | 653 | { |
wolfSSL | 11:cee25a834751 | 654 | *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2]; |
wolfSSL | 11:cee25a834751 | 655 | } |
wolfSSL | 11:cee25a834751 | 656 | #endif |
wolfSSL | 11:cee25a834751 | 657 | #endif |
wolfSSL | 11:cee25a834751 | 658 | |
wolfSSL | 11:cee25a834751 | 659 | /* convert 32 bit integer to opaque */ |
wolfSSL | 11:cee25a834751 | 660 | static INLINE void c32toa(word32 u32, byte* c) |
wolfSSL | 11:cee25a834751 | 661 | { |
wolfSSL | 11:cee25a834751 | 662 | c[0] = (u32 >> 24) & 0xff; |
wolfSSL | 11:cee25a834751 | 663 | c[1] = (u32 >> 16) & 0xff; |
wolfSSL | 11:cee25a834751 | 664 | c[2] = (u32 >> 8) & 0xff; |
wolfSSL | 11:cee25a834751 | 665 | c[3] = u32 & 0xff; |
wolfSSL | 11:cee25a834751 | 666 | } |
wolfSSL | 11:cee25a834751 | 667 | |
wolfSSL | 11:cee25a834751 | 668 | |
wolfSSL | 11:cee25a834751 | 669 | static INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2]) |
wolfSSL | 11:cee25a834751 | 670 | { |
wolfSSL | 11:cee25a834751 | 671 | if (verify) { |
wolfSSL | 11:cee25a834751 | 672 | seq[0] = ssl->keys.peer_sequence_number_hi; |
wolfSSL | 11:cee25a834751 | 673 | seq[1] = ssl->keys.peer_sequence_number_lo++; |
wolfSSL | 11:cee25a834751 | 674 | if (seq[1] > ssl->keys.peer_sequence_number_lo) { |
wolfSSL | 11:cee25a834751 | 675 | /* handle rollover */ |
wolfSSL | 11:cee25a834751 | 676 | ssl->keys.peer_sequence_number_hi++; |
wolfSSL | 11:cee25a834751 | 677 | } |
wolfSSL | 11:cee25a834751 | 678 | } |
wolfSSL | 11:cee25a834751 | 679 | else { |
wolfSSL | 11:cee25a834751 | 680 | seq[0] = ssl->keys.sequence_number_hi; |
wolfSSL | 11:cee25a834751 | 681 | seq[1] = ssl->keys.sequence_number_lo++; |
wolfSSL | 11:cee25a834751 | 682 | if (seq[1] > ssl->keys.sequence_number_lo) { |
wolfSSL | 11:cee25a834751 | 683 | /* handle rollover */ |
wolfSSL | 11:cee25a834751 | 684 | ssl->keys.sequence_number_hi++; |
wolfSSL | 11:cee25a834751 | 685 | } |
wolfSSL | 11:cee25a834751 | 686 | } |
wolfSSL | 11:cee25a834751 | 687 | } |
wolfSSL | 11:cee25a834751 | 688 | |
wolfSSL | 11:cee25a834751 | 689 | |
wolfSSL | 11:cee25a834751 | 690 | #ifdef WOLFSSL_DTLS |
wolfSSL | 11:cee25a834751 | 691 | static INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2]) |
wolfSSL | 11:cee25a834751 | 692 | { |
wolfSSL | 11:cee25a834751 | 693 | if (order == PREV_ORDER) { |
wolfSSL | 11:cee25a834751 | 694 | /* Previous epoch case */ |
wolfSSL | 11:cee25a834751 | 695 | seq[0] = ((ssl->keys.dtls_epoch - 1) << 16) | |
wolfSSL | 11:cee25a834751 | 696 | (ssl->keys.dtls_prev_sequence_number_hi & 0xFFFF); |
wolfSSL | 11:cee25a834751 | 697 | seq[1] = ssl->keys.dtls_prev_sequence_number_lo; |
wolfSSL | 11:cee25a834751 | 698 | } |
wolfSSL | 11:cee25a834751 | 699 | else if (order == PEER_ORDER) { |
wolfSSL | 11:cee25a834751 | 700 | seq[0] = (ssl->keys.curEpoch << 16) | |
wolfSSL | 11:cee25a834751 | 701 | (ssl->keys.curSeq_hi & 0xFFFF); |
wolfSSL | 11:cee25a834751 | 702 | seq[1] = ssl->keys.curSeq_lo; /* explicit from peer */ |
wolfSSL | 11:cee25a834751 | 703 | } |
wolfSSL | 11:cee25a834751 | 704 | else { |
wolfSSL | 11:cee25a834751 | 705 | seq[0] = (ssl->keys.dtls_epoch << 16) | |
wolfSSL | 11:cee25a834751 | 706 | (ssl->keys.dtls_sequence_number_hi & 0xFFFF); |
wolfSSL | 11:cee25a834751 | 707 | seq[1] = ssl->keys.dtls_sequence_number_lo; |
wolfSSL | 11:cee25a834751 | 708 | } |
wolfSSL | 11:cee25a834751 | 709 | } |
wolfSSL | 11:cee25a834751 | 710 | #endif /* WOLFSSL_DTLS */ |
wolfSSL | 11:cee25a834751 | 711 | |
wolfSSL | 11:cee25a834751 | 712 | |
wolfSSL | 11:cee25a834751 | 713 | static INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out) |
wolfSSL | 11:cee25a834751 | 714 | { |
wolfSSL | 11:cee25a834751 | 715 | word32 seq[2] = {0, 0}; |
wolfSSL | 11:cee25a834751 | 716 | |
wolfSSL | 11:cee25a834751 | 717 | if (!ssl->options.dtls) { |
wolfSSL | 11:cee25a834751 | 718 | GetSEQIncrement(ssl, verifyOrder, seq); |
wolfSSL | 11:cee25a834751 | 719 | } |
wolfSSL | 11:cee25a834751 | 720 | else { |
wolfSSL | 11:cee25a834751 | 721 | #ifdef WOLFSSL_DTLS |
wolfSSL | 11:cee25a834751 | 722 | DtlsGetSEQ(ssl, verifyOrder, seq); |
wolfSSL | 11:cee25a834751 | 723 | #endif |
wolfSSL | 11:cee25a834751 | 724 | } |
wolfSSL | 11:cee25a834751 | 725 | |
wolfSSL | 11:cee25a834751 | 726 | c32toa(seq[0], out); |
wolfSSL | 11:cee25a834751 | 727 | c32toa(seq[1], out + OPAQUE32_LEN); |
wolfSSL | 11:cee25a834751 | 728 | } |
wolfSSL | 11:cee25a834751 | 729 | |
wolfSSL | 11:cee25a834751 | 730 | |
wolfSSL | 11:cee25a834751 | 731 | /*** end copy ***/ |
wolfSSL | 11:cee25a834751 | 732 | |
wolfSSL | 11:cee25a834751 | 733 | |
wolfSSL | 11:cee25a834751 | 734 | /* return HMAC digest type in wolfSSL format */ |
wolfSSL | 11:cee25a834751 | 735 | int wolfSSL_GetHmacType(WOLFSSL* ssl) |
wolfSSL | 11:cee25a834751 | 736 | { |
wolfSSL | 11:cee25a834751 | 737 | if (ssl == NULL) |
wolfSSL | 11:cee25a834751 | 738 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 739 | |
wolfSSL | 11:cee25a834751 | 740 | switch (ssl->specs.mac_algorithm) { |
wolfSSL | 11:cee25a834751 | 741 | #ifndef NO_MD5 |
wolfSSL | 11:cee25a834751 | 742 | case md5_mac: |
wolfSSL | 11:cee25a834751 | 743 | { |
wolfSSL | 11:cee25a834751 | 744 | return MD5; |
wolfSSL | 11:cee25a834751 | 745 | } |
wolfSSL | 11:cee25a834751 | 746 | #endif |
wolfSSL | 11:cee25a834751 | 747 | #ifndef NO_SHA256 |
wolfSSL | 11:cee25a834751 | 748 | case sha256_mac: |
wolfSSL | 11:cee25a834751 | 749 | { |
wolfSSL | 11:cee25a834751 | 750 | return SHA256; |
wolfSSL | 11:cee25a834751 | 751 | } |
wolfSSL | 11:cee25a834751 | 752 | #endif |
wolfSSL | 11:cee25a834751 | 753 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 11:cee25a834751 | 754 | case sha384_mac: |
wolfSSL | 11:cee25a834751 | 755 | { |
wolfSSL | 11:cee25a834751 | 756 | return SHA384; |
wolfSSL | 11:cee25a834751 | 757 | } |
wolfSSL | 11:cee25a834751 | 758 | |
wolfSSL | 11:cee25a834751 | 759 | #endif |
wolfSSL | 11:cee25a834751 | 760 | #ifndef NO_SHA |
wolfSSL | 11:cee25a834751 | 761 | case sha_mac: |
wolfSSL | 11:cee25a834751 | 762 | { |
wolfSSL | 11:cee25a834751 | 763 | return SHA; |
wolfSSL | 11:cee25a834751 | 764 | } |
wolfSSL | 11:cee25a834751 | 765 | #endif |
wolfSSL | 11:cee25a834751 | 766 | #ifdef HAVE_BLAKE2 |
wolfSSL | 11:cee25a834751 | 767 | case blake2b_mac: |
wolfSSL | 11:cee25a834751 | 768 | { |
wolfSSL | 11:cee25a834751 | 769 | return BLAKE2B_ID; |
wolfSSL | 11:cee25a834751 | 770 | } |
wolfSSL | 11:cee25a834751 | 771 | #endif |
wolfSSL | 11:cee25a834751 | 772 | default: |
wolfSSL | 11:cee25a834751 | 773 | { |
wolfSSL | 11:cee25a834751 | 774 | return SSL_FATAL_ERROR; |
wolfSSL | 11:cee25a834751 | 775 | } |
wolfSSL | 11:cee25a834751 | 776 | } |
wolfSSL | 11:cee25a834751 | 777 | } |
wolfSSL | 11:cee25a834751 | 778 | |
wolfSSL | 11:cee25a834751 | 779 | |
wolfSSL | 11:cee25a834751 | 780 | int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, |
wolfSSL | 11:cee25a834751 | 781 | int verify) |
wolfSSL | 11:cee25a834751 | 782 | { |
wolfSSL | 11:cee25a834751 | 783 | if (ssl == NULL || inner == NULL) |
wolfSSL | 11:cee25a834751 | 784 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 785 | |
wolfSSL | 11:cee25a834751 | 786 | XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ); |
wolfSSL | 11:cee25a834751 | 787 | |
wolfSSL | 11:cee25a834751 | 788 | WriteSEQ(ssl, verify, inner); |
wolfSSL | 11:cee25a834751 | 789 | inner[SEQ_SZ] = (byte)content; |
wolfSSL | 11:cee25a834751 | 790 | inner[SEQ_SZ + ENUM_LEN] = ssl->version.major; |
wolfSSL | 11:cee25a834751 | 791 | inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor; |
wolfSSL | 11:cee25a834751 | 792 | c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ); |
wolfSSL | 11:cee25a834751 | 793 | |
wolfSSL | 11:cee25a834751 | 794 | return 0; |
wolfSSL | 11:cee25a834751 | 795 | } |
wolfSSL | 11:cee25a834751 | 796 | |
wolfSSL | 11:cee25a834751 | 797 | |
wolfSSL | 11:cee25a834751 | 798 | /* TLS type HMAC */ |
wolfSSL | 11:cee25a834751 | 799 | int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, |
wolfSSL | 11:cee25a834751 | 800 | int content, int verify) |
wolfSSL | 11:cee25a834751 | 801 | { |
wolfSSL | 11:cee25a834751 | 802 | Hmac hmac; |
wolfSSL | 11:cee25a834751 | 803 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 804 | byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; |
wolfSSL | 11:cee25a834751 | 805 | |
wolfSSL | 11:cee25a834751 | 806 | if (ssl == NULL) |
wolfSSL | 11:cee25a834751 | 807 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 808 | |
wolfSSL | 11:cee25a834751 | 809 | #ifdef HAVE_FUZZER |
wolfSSL | 11:cee25a834751 | 810 | if (ssl->fuzzerCb) |
wolfSSL | 11:cee25a834751 | 811 | ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); |
wolfSSL | 11:cee25a834751 | 812 | #endif |
wolfSSL | 11:cee25a834751 | 813 | |
wolfSSL | 11:cee25a834751 | 814 | wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); |
wolfSSL | 11:cee25a834751 | 815 | |
wolfSSL | 11:cee25a834751 | 816 | ret = wc_HmacInit(&hmac, NULL, ssl->devId); |
wolfSSL | 11:cee25a834751 | 817 | if (ret != 0) |
wolfSSL | 11:cee25a834751 | 818 | return ret; |
wolfSSL | 11:cee25a834751 | 819 | |
wolfSSL | 11:cee25a834751 | 820 | ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), |
wolfSSL | 11:cee25a834751 | 821 | wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); |
wolfSSL | 11:cee25a834751 | 822 | if (ret == 0) { |
wolfSSL | 11:cee25a834751 | 823 | ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); |
wolfSSL | 11:cee25a834751 | 824 | if (ret == 0) |
wolfSSL | 11:cee25a834751 | 825 | ret = wc_HmacUpdate(&hmac, in, sz); /* content */ |
wolfSSL | 11:cee25a834751 | 826 | if (ret == 0) |
wolfSSL | 11:cee25a834751 | 827 | ret = wc_HmacFinal(&hmac, digest); |
wolfSSL | 11:cee25a834751 | 828 | } |
wolfSSL | 11:cee25a834751 | 829 | wc_HmacFree(&hmac); |
wolfSSL | 11:cee25a834751 | 830 | |
wolfSSL | 11:cee25a834751 | 831 | return ret; |
wolfSSL | 11:cee25a834751 | 832 | } |
wolfSSL | 11:cee25a834751 | 833 | |
wolfSSL | 11:cee25a834751 | 834 | #ifdef HAVE_TLS_EXTENSIONS |
wolfSSL | 11:cee25a834751 | 835 | |
wolfSSL | 11:cee25a834751 | 836 | /** |
wolfSSL | 11:cee25a834751 | 837 | * The TLSX semaphore is used to calculate the size of the extensions to be sent |
wolfSSL | 11:cee25a834751 | 838 | * from one peer to another. |
wolfSSL | 11:cee25a834751 | 839 | */ |
wolfSSL | 11:cee25a834751 | 840 | |
wolfSSL | 11:cee25a834751 | 841 | /** Supports up to 64 flags. Increase as needed. */ |
wolfSSL | 11:cee25a834751 | 842 | #define SEMAPHORE_SIZE 8 |
wolfSSL | 11:cee25a834751 | 843 | |
wolfSSL | 11:cee25a834751 | 844 | /** |
wolfSSL | 11:cee25a834751 | 845 | * Converts the extension type (id) to an index in the semaphore. |
wolfSSL | 11:cee25a834751 | 846 | * |
wolfSSL | 11:cee25a834751 | 847 | * Oficial reference for TLS extension types: |
wolfSSL | 11:cee25a834751 | 848 | * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml |
wolfSSL | 11:cee25a834751 | 849 | * |
wolfSSL | 11:cee25a834751 | 850 | * Motivation: |
wolfSSL | 11:cee25a834751 | 851 | * Previously, we used the extension type itself as the index of that |
wolfSSL | 11:cee25a834751 | 852 | * extension in the semaphore as the extension types were declared |
wolfSSL | 11:cee25a834751 | 853 | * sequentially, but maintain a semaphore as big as the number of available |
wolfSSL | 11:cee25a834751 | 854 | * extensions is no longer an option since the release of renegotiation_info. |
wolfSSL | 11:cee25a834751 | 855 | * |
wolfSSL | 11:cee25a834751 | 856 | * How to update: |
wolfSSL | 11:cee25a834751 | 857 | * Assign extension types that extrapolate the number of available semaphores |
wolfSSL | 11:cee25a834751 | 858 | * to the first available index going backwards in the semaphore array. |
wolfSSL | 11:cee25a834751 | 859 | * When adding a new extension type that don't extrapolate the number of |
wolfSSL | 11:cee25a834751 | 860 | * available semaphores, check for a possible collision with with a |
wolfSSL | 11:cee25a834751 | 861 | * 'remapped' extension type. |
wolfSSL | 11:cee25a834751 | 862 | */ |
wolfSSL | 11:cee25a834751 | 863 | static INLINE word16 TLSX_ToSemaphore(word16 type) |
wolfSSL | 11:cee25a834751 | 864 | { |
wolfSSL | 11:cee25a834751 | 865 | switch (type) { |
wolfSSL | 11:cee25a834751 | 866 | |
wolfSSL | 11:cee25a834751 | 867 | case TLSX_RENEGOTIATION_INFO: /* 0xFF01 */ |
wolfSSL | 11:cee25a834751 | 868 | return 63; |
wolfSSL | 11:cee25a834751 | 869 | |
wolfSSL | 11:cee25a834751 | 870 | default: |
wolfSSL | 11:cee25a834751 | 871 | if (type > 62) { |
wolfSSL | 11:cee25a834751 | 872 | /* This message SHOULD only happens during the adding of |
wolfSSL | 11:cee25a834751 | 873 | new TLS extensions in which its IANA number overflows |
wolfSSL | 11:cee25a834751 | 874 | the current semaphore's range, or if its number already |
wolfSSL | 11:cee25a834751 | 875 | is assigned to be used by another extension. |
wolfSSL | 11:cee25a834751 | 876 | Use this check value for the new extension and decrement |
wolfSSL | 11:cee25a834751 | 877 | the check value by one. */ |
wolfSSL | 11:cee25a834751 | 878 | WOLFSSL_MSG("### TLSX semaphore colision or overflow detected!"); |
wolfSSL | 11:cee25a834751 | 879 | } |
wolfSSL | 11:cee25a834751 | 880 | } |
wolfSSL | 11:cee25a834751 | 881 | |
wolfSSL | 11:cee25a834751 | 882 | return type; |
wolfSSL | 11:cee25a834751 | 883 | } |
wolfSSL | 11:cee25a834751 | 884 | |
wolfSSL | 11:cee25a834751 | 885 | /** Checks if a specific light (tls extension) is not set in the semaphore. */ |
wolfSSL | 11:cee25a834751 | 886 | #define IS_OFF(semaphore, light) \ |
wolfSSL | 11:cee25a834751 | 887 | ((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8))) |
wolfSSL | 11:cee25a834751 | 888 | |
wolfSSL | 11:cee25a834751 | 889 | /** Turn on a specific light (tls extension) in the semaphore. */ |
wolfSSL | 11:cee25a834751 | 890 | #define TURN_ON(semaphore, light) \ |
wolfSSL | 11:cee25a834751 | 891 | ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8))) |
wolfSSL | 11:cee25a834751 | 892 | |
wolfSSL | 11:cee25a834751 | 893 | /** Creates a new extension. */ |
wolfSSL | 11:cee25a834751 | 894 | static TLSX* TLSX_New(TLSX_Type type, void* data, void* heap) |
wolfSSL | 11:cee25a834751 | 895 | { |
wolfSSL | 11:cee25a834751 | 896 | TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 897 | |
wolfSSL | 11:cee25a834751 | 898 | if (extension) { |
wolfSSL | 11:cee25a834751 | 899 | extension->type = type; |
wolfSSL | 11:cee25a834751 | 900 | extension->data = data; |
wolfSSL | 11:cee25a834751 | 901 | extension->resp = 0; |
wolfSSL | 11:cee25a834751 | 902 | extension->next = NULL; |
wolfSSL | 11:cee25a834751 | 903 | } |
wolfSSL | 11:cee25a834751 | 904 | |
wolfSSL | 11:cee25a834751 | 905 | return extension; |
wolfSSL | 11:cee25a834751 | 906 | } |
wolfSSL | 11:cee25a834751 | 907 | |
wolfSSL | 11:cee25a834751 | 908 | /** |
wolfSSL | 11:cee25a834751 | 909 | * Creates a new extension and pushes it to the provided list. |
wolfSSL | 11:cee25a834751 | 910 | * Checks for duplicate extensions, keeps the newest. |
wolfSSL | 11:cee25a834751 | 911 | */ |
wolfSSL | 11:cee25a834751 | 912 | static int TLSX_Push(TLSX** list, TLSX_Type type, void* data, void* heap) |
wolfSSL | 11:cee25a834751 | 913 | { |
wolfSSL | 11:cee25a834751 | 914 | TLSX* extension = TLSX_New(type, data, heap); |
wolfSSL | 11:cee25a834751 | 915 | |
wolfSSL | 11:cee25a834751 | 916 | if (extension == NULL) |
wolfSSL | 11:cee25a834751 | 917 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 918 | |
wolfSSL | 11:cee25a834751 | 919 | /* pushes the new extension on the list. */ |
wolfSSL | 11:cee25a834751 | 920 | extension->next = *list; |
wolfSSL | 11:cee25a834751 | 921 | *list = extension; |
wolfSSL | 11:cee25a834751 | 922 | |
wolfSSL | 11:cee25a834751 | 923 | /* remove duplicate extensions, there should be only one of each type. */ |
wolfSSL | 11:cee25a834751 | 924 | do { |
wolfSSL | 11:cee25a834751 | 925 | if (extension->next && extension->next->type == type) { |
wolfSSL | 11:cee25a834751 | 926 | TLSX *next = extension->next; |
wolfSSL | 11:cee25a834751 | 927 | |
wolfSSL | 11:cee25a834751 | 928 | extension->next = next->next; |
wolfSSL | 11:cee25a834751 | 929 | next->next = NULL; |
wolfSSL | 11:cee25a834751 | 930 | |
wolfSSL | 11:cee25a834751 | 931 | TLSX_FreeAll(next, heap); |
wolfSSL | 11:cee25a834751 | 932 | |
wolfSSL | 11:cee25a834751 | 933 | /* there is no way to occur more than */ |
wolfSSL | 11:cee25a834751 | 934 | /* two extensions of the same type. */ |
wolfSSL | 11:cee25a834751 | 935 | break; |
wolfSSL | 11:cee25a834751 | 936 | } |
wolfSSL | 11:cee25a834751 | 937 | } while ((extension = extension->next)); |
wolfSSL | 11:cee25a834751 | 938 | |
wolfSSL | 11:cee25a834751 | 939 | return 0; |
wolfSSL | 11:cee25a834751 | 940 | } |
wolfSSL | 11:cee25a834751 | 941 | |
wolfSSL | 11:cee25a834751 | 942 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 943 | |
wolfSSL | 11:cee25a834751 | 944 | /** Mark an extension to be sent back to the client. */ |
wolfSSL | 11:cee25a834751 | 945 | void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type); |
wolfSSL | 11:cee25a834751 | 946 | |
wolfSSL | 11:cee25a834751 | 947 | void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type) |
wolfSSL | 11:cee25a834751 | 948 | { |
wolfSSL | 11:cee25a834751 | 949 | TLSX *ext = TLSX_Find(ssl->extensions, type); |
wolfSSL | 11:cee25a834751 | 950 | |
wolfSSL | 11:cee25a834751 | 951 | if (ext) |
wolfSSL | 11:cee25a834751 | 952 | ext->resp = 1; |
wolfSSL | 11:cee25a834751 | 953 | } |
wolfSSL | 11:cee25a834751 | 954 | |
wolfSSL | 11:cee25a834751 | 955 | #endif |
wolfSSL | 11:cee25a834751 | 956 | |
wolfSSL | 11:cee25a834751 | 957 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 958 | /* Application-Layer Protocol Negotiation */ |
wolfSSL | 11:cee25a834751 | 959 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 960 | |
wolfSSL | 11:cee25a834751 | 961 | #ifdef HAVE_ALPN |
wolfSSL | 11:cee25a834751 | 962 | /** Creates a new ALPN object, providing protocol name to use. */ |
wolfSSL | 11:cee25a834751 | 963 | static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz, |
wolfSSL | 11:cee25a834751 | 964 | void* heap) |
wolfSSL | 11:cee25a834751 | 965 | { |
wolfSSL | 11:cee25a834751 | 966 | ALPN *alpn; |
wolfSSL | 11:cee25a834751 | 967 | |
wolfSSL | 11:cee25a834751 | 968 | WOLFSSL_ENTER("TLSX_ALPN_New"); |
wolfSSL | 11:cee25a834751 | 969 | |
wolfSSL | 11:cee25a834751 | 970 | if (protocol_name == NULL || |
wolfSSL | 11:cee25a834751 | 971 | protocol_nameSz > WOLFSSL_MAX_ALPN_PROTO_NAME_LEN) { |
wolfSSL | 11:cee25a834751 | 972 | WOLFSSL_MSG("Invalid arguments"); |
wolfSSL | 11:cee25a834751 | 973 | return NULL; |
wolfSSL | 11:cee25a834751 | 974 | } |
wolfSSL | 11:cee25a834751 | 975 | |
wolfSSL | 11:cee25a834751 | 976 | alpn = (ALPN*)XMALLOC(sizeof(ALPN), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 977 | if (alpn == NULL) { |
wolfSSL | 11:cee25a834751 | 978 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 11:cee25a834751 | 979 | return NULL; |
wolfSSL | 11:cee25a834751 | 980 | } |
wolfSSL | 11:cee25a834751 | 981 | |
wolfSSL | 11:cee25a834751 | 982 | alpn->next = NULL; |
wolfSSL | 11:cee25a834751 | 983 | alpn->negotiated = 0; |
wolfSSL | 11:cee25a834751 | 984 | alpn->options = 0; |
wolfSSL | 11:cee25a834751 | 985 | |
wolfSSL | 11:cee25a834751 | 986 | alpn->protocol_name = (char*)XMALLOC(protocol_nameSz + 1, |
wolfSSL | 11:cee25a834751 | 987 | heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 988 | if (alpn->protocol_name == NULL) { |
wolfSSL | 11:cee25a834751 | 989 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 11:cee25a834751 | 990 | XFREE(alpn, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 991 | return NULL; |
wolfSSL | 11:cee25a834751 | 992 | } |
wolfSSL | 11:cee25a834751 | 993 | |
wolfSSL | 11:cee25a834751 | 994 | XMEMCPY(alpn->protocol_name, protocol_name, protocol_nameSz); |
wolfSSL | 11:cee25a834751 | 995 | alpn->protocol_name[protocol_nameSz] = 0; |
wolfSSL | 11:cee25a834751 | 996 | |
wolfSSL | 11:cee25a834751 | 997 | return alpn; |
wolfSSL | 11:cee25a834751 | 998 | } |
wolfSSL | 11:cee25a834751 | 999 | |
wolfSSL | 11:cee25a834751 | 1000 | /** Releases an ALPN object. */ |
wolfSSL | 11:cee25a834751 | 1001 | static void TLSX_ALPN_Free(ALPN *alpn, void* heap) |
wolfSSL | 11:cee25a834751 | 1002 | { |
wolfSSL | 11:cee25a834751 | 1003 | (void)heap; |
wolfSSL | 11:cee25a834751 | 1004 | |
wolfSSL | 11:cee25a834751 | 1005 | if (alpn == NULL) |
wolfSSL | 11:cee25a834751 | 1006 | return; |
wolfSSL | 11:cee25a834751 | 1007 | |
wolfSSL | 11:cee25a834751 | 1008 | XFREE(alpn->protocol_name, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 1009 | XFREE(alpn, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 1010 | } |
wolfSSL | 11:cee25a834751 | 1011 | |
wolfSSL | 11:cee25a834751 | 1012 | /** Releases all ALPN objects in the provided list. */ |
wolfSSL | 11:cee25a834751 | 1013 | static void TLSX_ALPN_FreeAll(ALPN *list, void* heap) |
wolfSSL | 11:cee25a834751 | 1014 | { |
wolfSSL | 11:cee25a834751 | 1015 | ALPN* alpn; |
wolfSSL | 11:cee25a834751 | 1016 | |
wolfSSL | 11:cee25a834751 | 1017 | while ((alpn = list)) { |
wolfSSL | 11:cee25a834751 | 1018 | list = alpn->next; |
wolfSSL | 11:cee25a834751 | 1019 | TLSX_ALPN_Free(alpn, heap); |
wolfSSL | 11:cee25a834751 | 1020 | } |
wolfSSL | 11:cee25a834751 | 1021 | } |
wolfSSL | 11:cee25a834751 | 1022 | |
wolfSSL | 11:cee25a834751 | 1023 | /** Tells the buffered size of the ALPN objects in a list. */ |
wolfSSL | 11:cee25a834751 | 1024 | static word16 TLSX_ALPN_GetSize(ALPN *list) |
wolfSSL | 11:cee25a834751 | 1025 | { |
wolfSSL | 11:cee25a834751 | 1026 | ALPN* alpn; |
wolfSSL | 11:cee25a834751 | 1027 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 11:cee25a834751 | 1028 | |
wolfSSL | 11:cee25a834751 | 1029 | while ((alpn = list)) { |
wolfSSL | 11:cee25a834751 | 1030 | list = alpn->next; |
wolfSSL | 11:cee25a834751 | 1031 | |
wolfSSL | 11:cee25a834751 | 1032 | length++; /* protocol name length is on one byte */ |
wolfSSL | 11:cee25a834751 | 1033 | length += (word16)XSTRLEN(alpn->protocol_name); |
wolfSSL | 11:cee25a834751 | 1034 | } |
wolfSSL | 11:cee25a834751 | 1035 | |
wolfSSL | 11:cee25a834751 | 1036 | return length; |
wolfSSL | 11:cee25a834751 | 1037 | } |
wolfSSL | 11:cee25a834751 | 1038 | |
wolfSSL | 11:cee25a834751 | 1039 | /** Writes the ALPN objects of a list in a buffer. */ |
wolfSSL | 11:cee25a834751 | 1040 | static word16 TLSX_ALPN_Write(ALPN *list, byte *output) |
wolfSSL | 11:cee25a834751 | 1041 | { |
wolfSSL | 11:cee25a834751 | 1042 | ALPN* alpn; |
wolfSSL | 11:cee25a834751 | 1043 | word16 length = 0; |
wolfSSL | 11:cee25a834751 | 1044 | word16 offset = OPAQUE16_LEN; /* list length offset */ |
wolfSSL | 11:cee25a834751 | 1045 | |
wolfSSL | 11:cee25a834751 | 1046 | while ((alpn = list)) { |
wolfSSL | 11:cee25a834751 | 1047 | list = alpn->next; |
wolfSSL | 11:cee25a834751 | 1048 | |
wolfSSL | 11:cee25a834751 | 1049 | length = (word16)XSTRLEN(alpn->protocol_name); |
wolfSSL | 11:cee25a834751 | 1050 | |
wolfSSL | 11:cee25a834751 | 1051 | /* protocol name length */ |
wolfSSL | 11:cee25a834751 | 1052 | output[offset++] = (byte)length; |
wolfSSL | 11:cee25a834751 | 1053 | |
wolfSSL | 11:cee25a834751 | 1054 | /* protocol name value */ |
wolfSSL | 11:cee25a834751 | 1055 | XMEMCPY(output + offset, alpn->protocol_name, length); |
wolfSSL | 11:cee25a834751 | 1056 | |
wolfSSL | 11:cee25a834751 | 1057 | offset += length; |
wolfSSL | 11:cee25a834751 | 1058 | } |
wolfSSL | 11:cee25a834751 | 1059 | |
wolfSSL | 11:cee25a834751 | 1060 | /* writing list length */ |
wolfSSL | 11:cee25a834751 | 1061 | c16toa(offset - OPAQUE16_LEN, output); |
wolfSSL | 11:cee25a834751 | 1062 | |
wolfSSL | 11:cee25a834751 | 1063 | return offset; |
wolfSSL | 11:cee25a834751 | 1064 | } |
wolfSSL | 11:cee25a834751 | 1065 | |
wolfSSL | 11:cee25a834751 | 1066 | /** Finds a protocol name in the provided ALPN list */ |
wolfSSL | 11:cee25a834751 | 1067 | static ALPN* TLSX_ALPN_Find(ALPN *list, char *protocol_name, word16 size) |
wolfSSL | 11:cee25a834751 | 1068 | { |
wolfSSL | 11:cee25a834751 | 1069 | ALPN *alpn; |
wolfSSL | 11:cee25a834751 | 1070 | |
wolfSSL | 11:cee25a834751 | 1071 | if (list == NULL || protocol_name == NULL) |
wolfSSL | 11:cee25a834751 | 1072 | return NULL; |
wolfSSL | 11:cee25a834751 | 1073 | |
wolfSSL | 11:cee25a834751 | 1074 | alpn = list; |
wolfSSL | 11:cee25a834751 | 1075 | while (alpn != NULL && ( |
wolfSSL | 11:cee25a834751 | 1076 | (word16)XSTRLEN(alpn->protocol_name) != size || |
wolfSSL | 11:cee25a834751 | 1077 | XSTRNCMP(alpn->protocol_name, protocol_name, size))) |
wolfSSL | 11:cee25a834751 | 1078 | alpn = alpn->next; |
wolfSSL | 11:cee25a834751 | 1079 | |
wolfSSL | 11:cee25a834751 | 1080 | return alpn; |
wolfSSL | 11:cee25a834751 | 1081 | } |
wolfSSL | 11:cee25a834751 | 1082 | |
wolfSSL | 11:cee25a834751 | 1083 | /** Set the ALPN matching client and server requirements */ |
wolfSSL | 11:cee25a834751 | 1084 | static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size, |
wolfSSL | 11:cee25a834751 | 1085 | void* heap) |
wolfSSL | 11:cee25a834751 | 1086 | { |
wolfSSL | 11:cee25a834751 | 1087 | ALPN *alpn; |
wolfSSL | 11:cee25a834751 | 1088 | int ret; |
wolfSSL | 11:cee25a834751 | 1089 | |
wolfSSL | 11:cee25a834751 | 1090 | if (extensions == NULL || data == NULL) |
wolfSSL | 11:cee25a834751 | 1091 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1092 | |
wolfSSL | 11:cee25a834751 | 1093 | alpn = TLSX_ALPN_New((char *)data, size, heap); |
wolfSSL | 11:cee25a834751 | 1094 | if (alpn == NULL) { |
wolfSSL | 11:cee25a834751 | 1095 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 11:cee25a834751 | 1096 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 1097 | } |
wolfSSL | 11:cee25a834751 | 1098 | |
wolfSSL | 11:cee25a834751 | 1099 | alpn->negotiated = 1; |
wolfSSL | 11:cee25a834751 | 1100 | |
wolfSSL | 11:cee25a834751 | 1101 | ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn, |
wolfSSL | 11:cee25a834751 | 1102 | heap); |
wolfSSL | 11:cee25a834751 | 1103 | if (ret != 0) { |
wolfSSL | 11:cee25a834751 | 1104 | TLSX_ALPN_Free(alpn, heap); |
wolfSSL | 11:cee25a834751 | 1105 | return ret; |
wolfSSL | 11:cee25a834751 | 1106 | } |
wolfSSL | 11:cee25a834751 | 1107 | |
wolfSSL | 11:cee25a834751 | 1108 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 1109 | } |
wolfSSL | 11:cee25a834751 | 1110 | |
wolfSSL | 11:cee25a834751 | 1111 | /** Parses a buffer of ALPN extensions and set the first one matching |
wolfSSL | 11:cee25a834751 | 1112 | * client and server requirements */ |
wolfSSL | 11:cee25a834751 | 1113 | static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length, |
wolfSSL | 11:cee25a834751 | 1114 | byte isRequest) |
wolfSSL | 11:cee25a834751 | 1115 | { |
wolfSSL | 11:cee25a834751 | 1116 | word16 size = 0, offset = 0, idx = 0; |
wolfSSL | 11:cee25a834751 | 1117 | int r = BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1118 | byte match = 0; |
wolfSSL | 11:cee25a834751 | 1119 | TLSX *extension; |
wolfSSL | 11:cee25a834751 | 1120 | ALPN *alpn = NULL, *list; |
wolfSSL | 11:cee25a834751 | 1121 | |
wolfSSL | 11:cee25a834751 | 1122 | if (OPAQUE16_LEN > length) |
wolfSSL | 11:cee25a834751 | 1123 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1124 | |
wolfSSL | 11:cee25a834751 | 1125 | ato16(input, &size); |
wolfSSL | 11:cee25a834751 | 1126 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 1127 | |
wolfSSL | 11:cee25a834751 | 1128 | extension = TLSX_Find(ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 11:cee25a834751 | 1129 | if (extension == NULL) |
wolfSSL | 11:cee25a834751 | 1130 | extension = TLSX_Find(ssl->ctx->extensions, |
wolfSSL | 11:cee25a834751 | 1131 | TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 11:cee25a834751 | 1132 | |
wolfSSL | 11:cee25a834751 | 1133 | #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 11:cee25a834751 | 1134 | if (ssl->alpnSelect != NULL) { |
wolfSSL | 11:cee25a834751 | 1135 | const byte* out; |
wolfSSL | 11:cee25a834751 | 1136 | unsigned char outLen; |
wolfSSL | 11:cee25a834751 | 1137 | |
wolfSSL | 11:cee25a834751 | 1138 | if (ssl->alpnSelect(ssl, &out, &outLen, input + offset, size, |
wolfSSL | 11:cee25a834751 | 1139 | ssl->alpnSelectArg) == 0) { |
wolfSSL | 11:cee25a834751 | 1140 | WOLFSSL_MSG("ALPN protocol match"); |
wolfSSL | 11:cee25a834751 | 1141 | if (TLSX_UseALPN(&ssl->extensions, (char*)out, outLen, 0, ssl->heap) |
wolfSSL | 11:cee25a834751 | 1142 | == SSL_SUCCESS) { |
wolfSSL | 11:cee25a834751 | 1143 | if (extension == NULL) { |
wolfSSL | 11:cee25a834751 | 1144 | extension = TLSX_Find(ssl->extensions, |
wolfSSL | 11:cee25a834751 | 1145 | TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 11:cee25a834751 | 1146 | } |
wolfSSL | 11:cee25a834751 | 1147 | } |
wolfSSL | 11:cee25a834751 | 1148 | } |
wolfSSL | 11:cee25a834751 | 1149 | } |
wolfSSL | 11:cee25a834751 | 1150 | #endif |
wolfSSL | 11:cee25a834751 | 1151 | |
wolfSSL | 11:cee25a834751 | 1152 | if (extension == NULL || extension->data == NULL) { |
wolfSSL | 11:cee25a834751 | 1153 | WOLFSSL_MSG("No ALPN extensions not used or bad"); |
wolfSSL | 11:cee25a834751 | 1154 | return isRequest ? 0 /* not using ALPN */ |
wolfSSL | 11:cee25a834751 | 1155 | : BUFFER_ERROR; /* unexpected ALPN response */ |
wolfSSL | 11:cee25a834751 | 1156 | } |
wolfSSL | 11:cee25a834751 | 1157 | |
wolfSSL | 11:cee25a834751 | 1158 | /* validating alpn list length */ |
wolfSSL | 11:cee25a834751 | 1159 | if (length != OPAQUE16_LEN + size) |
wolfSSL | 11:cee25a834751 | 1160 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1161 | |
wolfSSL | 11:cee25a834751 | 1162 | list = (ALPN*)extension->data; |
wolfSSL | 11:cee25a834751 | 1163 | |
wolfSSL | 11:cee25a834751 | 1164 | /* keep the list sent by client */ |
wolfSSL | 11:cee25a834751 | 1165 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 1166 | if (ssl->alpn_client_list != NULL) |
wolfSSL | 11:cee25a834751 | 1167 | XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 1168 | |
wolfSSL | 11:cee25a834751 | 1169 | ssl->alpn_client_list = (char *)XMALLOC(size, ssl->heap, |
wolfSSL | 11:cee25a834751 | 1170 | DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 1171 | if (ssl->alpn_client_list == NULL) |
wolfSSL | 11:cee25a834751 | 1172 | return MEMORY_ERROR; |
wolfSSL | 11:cee25a834751 | 1173 | } |
wolfSSL | 11:cee25a834751 | 1174 | |
wolfSSL | 11:cee25a834751 | 1175 | for (size = 0; offset < length; offset += size) { |
wolfSSL | 11:cee25a834751 | 1176 | |
wolfSSL | 11:cee25a834751 | 1177 | size = input[offset++]; |
wolfSSL | 11:cee25a834751 | 1178 | if (offset + size > length) |
wolfSSL | 11:cee25a834751 | 1179 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1180 | |
wolfSSL | 11:cee25a834751 | 1181 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 1182 | XMEMCPY(ssl->alpn_client_list+idx, (char*)input + offset, size); |
wolfSSL | 11:cee25a834751 | 1183 | idx += size; |
wolfSSL | 11:cee25a834751 | 1184 | ssl->alpn_client_list[idx++] = ','; |
wolfSSL | 11:cee25a834751 | 1185 | } |
wolfSSL | 11:cee25a834751 | 1186 | |
wolfSSL | 11:cee25a834751 | 1187 | if (!match) { |
wolfSSL | 11:cee25a834751 | 1188 | alpn = TLSX_ALPN_Find(list, (char*)input + offset, size); |
wolfSSL | 11:cee25a834751 | 1189 | if (alpn != NULL) { |
wolfSSL | 11:cee25a834751 | 1190 | WOLFSSL_MSG("ALPN protocol match"); |
wolfSSL | 11:cee25a834751 | 1191 | match = 1; |
wolfSSL | 11:cee25a834751 | 1192 | |
wolfSSL | 11:cee25a834751 | 1193 | /* skip reading other values if not required */ |
wolfSSL | 11:cee25a834751 | 1194 | if (!isRequest) |
wolfSSL | 11:cee25a834751 | 1195 | break; |
wolfSSL | 11:cee25a834751 | 1196 | } |
wolfSSL | 11:cee25a834751 | 1197 | } |
wolfSSL | 11:cee25a834751 | 1198 | } |
wolfSSL | 11:cee25a834751 | 1199 | |
wolfSSL | 11:cee25a834751 | 1200 | if (isRequest) |
wolfSSL | 11:cee25a834751 | 1201 | ssl->alpn_client_list[idx-1] = 0; |
wolfSSL | 11:cee25a834751 | 1202 | |
wolfSSL | 11:cee25a834751 | 1203 | if (!match) { |
wolfSSL | 11:cee25a834751 | 1204 | WOLFSSL_MSG("No ALPN protocol match"); |
wolfSSL | 11:cee25a834751 | 1205 | |
wolfSSL | 11:cee25a834751 | 1206 | /* do nothing if no protocol match between client and server and option |
wolfSSL | 11:cee25a834751 | 1207 | is set to continue (like OpenSSL) */ |
wolfSSL | 11:cee25a834751 | 1208 | if (list->options & WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) { |
wolfSSL | 11:cee25a834751 | 1209 | WOLFSSL_MSG("Continue on mismatch"); |
wolfSSL | 11:cee25a834751 | 1210 | return 0; |
wolfSSL | 11:cee25a834751 | 1211 | } |
wolfSSL | 11:cee25a834751 | 1212 | |
wolfSSL | 11:cee25a834751 | 1213 | SendAlert(ssl, alert_fatal, no_application_protocol); |
wolfSSL | 11:cee25a834751 | 1214 | return UNKNOWN_ALPN_PROTOCOL_NAME_E; |
wolfSSL | 11:cee25a834751 | 1215 | } |
wolfSSL | 11:cee25a834751 | 1216 | |
wolfSSL | 11:cee25a834751 | 1217 | /* set the matching negotiated protocol */ |
wolfSSL | 11:cee25a834751 | 1218 | r = TLSX_SetALPN(&ssl->extensions, |
wolfSSL | 11:cee25a834751 | 1219 | alpn->protocol_name, |
wolfSSL | 11:cee25a834751 | 1220 | (word16)XSTRLEN(alpn->protocol_name), |
wolfSSL | 11:cee25a834751 | 1221 | ssl->heap); |
wolfSSL | 11:cee25a834751 | 1222 | if (r != SSL_SUCCESS) { |
wolfSSL | 11:cee25a834751 | 1223 | WOLFSSL_MSG("TLSX_UseALPN failed"); |
wolfSSL | 11:cee25a834751 | 1224 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1225 | } |
wolfSSL | 11:cee25a834751 | 1226 | |
wolfSSL | 11:cee25a834751 | 1227 | /* reply to ALPN extension sent from client */ |
wolfSSL | 11:cee25a834751 | 1228 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 1229 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 1230 | TLSX_SetResponse(ssl, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 11:cee25a834751 | 1231 | #endif |
wolfSSL | 11:cee25a834751 | 1232 | } |
wolfSSL | 11:cee25a834751 | 1233 | |
wolfSSL | 11:cee25a834751 | 1234 | return 0; |
wolfSSL | 11:cee25a834751 | 1235 | } |
wolfSSL | 11:cee25a834751 | 1236 | |
wolfSSL | 11:cee25a834751 | 1237 | /** Add a protocol name to the list of accepted usable ones */ |
wolfSSL | 11:cee25a834751 | 1238 | int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options, |
wolfSSL | 11:cee25a834751 | 1239 | void* heap) |
wolfSSL | 11:cee25a834751 | 1240 | { |
wolfSSL | 11:cee25a834751 | 1241 | ALPN *alpn; |
wolfSSL | 11:cee25a834751 | 1242 | TLSX *extension; |
wolfSSL | 11:cee25a834751 | 1243 | int ret; |
wolfSSL | 11:cee25a834751 | 1244 | |
wolfSSL | 11:cee25a834751 | 1245 | if (extensions == NULL || data == NULL) |
wolfSSL | 11:cee25a834751 | 1246 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1247 | |
wolfSSL | 11:cee25a834751 | 1248 | alpn = TLSX_ALPN_New((char *)data, size, heap); |
wolfSSL | 11:cee25a834751 | 1249 | if (alpn == NULL) { |
wolfSSL | 11:cee25a834751 | 1250 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 11:cee25a834751 | 1251 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 1252 | } |
wolfSSL | 11:cee25a834751 | 1253 | |
wolfSSL | 11:cee25a834751 | 1254 | /* Set Options of ALPN */ |
wolfSSL | 11:cee25a834751 | 1255 | alpn->options = options; |
wolfSSL | 11:cee25a834751 | 1256 | |
wolfSSL | 11:cee25a834751 | 1257 | extension = TLSX_Find(*extensions, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 11:cee25a834751 | 1258 | if (extension == NULL) { |
wolfSSL | 11:cee25a834751 | 1259 | ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, |
wolfSSL | 11:cee25a834751 | 1260 | (void*)alpn, heap); |
wolfSSL | 11:cee25a834751 | 1261 | if (ret != 0) { |
wolfSSL | 11:cee25a834751 | 1262 | TLSX_ALPN_Free(alpn, heap); |
wolfSSL | 11:cee25a834751 | 1263 | return ret; |
wolfSSL | 11:cee25a834751 | 1264 | } |
wolfSSL | 11:cee25a834751 | 1265 | } |
wolfSSL | 11:cee25a834751 | 1266 | else { |
wolfSSL | 11:cee25a834751 | 1267 | /* push new ALPN object to extension data. */ |
wolfSSL | 11:cee25a834751 | 1268 | alpn->next = (ALPN*)extension->data; |
wolfSSL | 11:cee25a834751 | 1269 | extension->data = (void*)alpn; |
wolfSSL | 11:cee25a834751 | 1270 | } |
wolfSSL | 11:cee25a834751 | 1271 | |
wolfSSL | 11:cee25a834751 | 1272 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 1273 | } |
wolfSSL | 11:cee25a834751 | 1274 | |
wolfSSL | 11:cee25a834751 | 1275 | /** Get the protocol name set by the server */ |
wolfSSL | 11:cee25a834751 | 1276 | int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz) |
wolfSSL | 11:cee25a834751 | 1277 | { |
wolfSSL | 11:cee25a834751 | 1278 | TLSX *extension; |
wolfSSL | 11:cee25a834751 | 1279 | ALPN *alpn; |
wolfSSL | 11:cee25a834751 | 1280 | |
wolfSSL | 11:cee25a834751 | 1281 | if (extensions == NULL || data == NULL || dataSz == NULL) |
wolfSSL | 11:cee25a834751 | 1282 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1283 | |
wolfSSL | 11:cee25a834751 | 1284 | extension = TLSX_Find(extensions, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 11:cee25a834751 | 1285 | if (extension == NULL) { |
wolfSSL | 11:cee25a834751 | 1286 | WOLFSSL_MSG("TLS extension not found"); |
wolfSSL | 11:cee25a834751 | 1287 | return SSL_ALPN_NOT_FOUND; |
wolfSSL | 11:cee25a834751 | 1288 | } |
wolfSSL | 11:cee25a834751 | 1289 | |
wolfSSL | 11:cee25a834751 | 1290 | alpn = (ALPN *)extension->data; |
wolfSSL | 11:cee25a834751 | 1291 | if (alpn == NULL) { |
wolfSSL | 11:cee25a834751 | 1292 | WOLFSSL_MSG("ALPN extension not found"); |
wolfSSL | 11:cee25a834751 | 1293 | *data = NULL; |
wolfSSL | 11:cee25a834751 | 1294 | *dataSz = 0; |
wolfSSL | 11:cee25a834751 | 1295 | return SSL_FATAL_ERROR; |
wolfSSL | 11:cee25a834751 | 1296 | } |
wolfSSL | 11:cee25a834751 | 1297 | |
wolfSSL | 11:cee25a834751 | 1298 | if (alpn->negotiated != 1) { |
wolfSSL | 11:cee25a834751 | 1299 | |
wolfSSL | 11:cee25a834751 | 1300 | /* consider as an error */ |
wolfSSL | 11:cee25a834751 | 1301 | if (alpn->options & WOLFSSL_ALPN_FAILED_ON_MISMATCH) { |
wolfSSL | 11:cee25a834751 | 1302 | WOLFSSL_MSG("No protocol match with peer -> Failed"); |
wolfSSL | 11:cee25a834751 | 1303 | return SSL_FATAL_ERROR; |
wolfSSL | 11:cee25a834751 | 1304 | } |
wolfSSL | 11:cee25a834751 | 1305 | |
wolfSSL | 11:cee25a834751 | 1306 | /* continue without negotiated protocol */ |
wolfSSL | 11:cee25a834751 | 1307 | WOLFSSL_MSG("No protocol match with peer -> Continue"); |
wolfSSL | 11:cee25a834751 | 1308 | return SSL_ALPN_NOT_FOUND; |
wolfSSL | 11:cee25a834751 | 1309 | } |
wolfSSL | 11:cee25a834751 | 1310 | |
wolfSSL | 11:cee25a834751 | 1311 | if (alpn->next != NULL) { |
wolfSSL | 11:cee25a834751 | 1312 | WOLFSSL_MSG("Only one protocol name must be accepted"); |
wolfSSL | 11:cee25a834751 | 1313 | return SSL_FATAL_ERROR; |
wolfSSL | 11:cee25a834751 | 1314 | } |
wolfSSL | 11:cee25a834751 | 1315 | |
wolfSSL | 11:cee25a834751 | 1316 | *data = alpn->protocol_name; |
wolfSSL | 11:cee25a834751 | 1317 | *dataSz = (word16)XSTRLEN((char*)*data); |
wolfSSL | 11:cee25a834751 | 1318 | |
wolfSSL | 11:cee25a834751 | 1319 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 1320 | } |
wolfSSL | 11:cee25a834751 | 1321 | |
wolfSSL | 11:cee25a834751 | 1322 | #define ALPN_FREE_ALL TLSX_ALPN_FreeAll |
wolfSSL | 11:cee25a834751 | 1323 | #define ALPN_GET_SIZE TLSX_ALPN_GetSize |
wolfSSL | 11:cee25a834751 | 1324 | #define ALPN_WRITE TLSX_ALPN_Write |
wolfSSL | 11:cee25a834751 | 1325 | #define ALPN_PARSE TLSX_ALPN_ParseAndSet |
wolfSSL | 11:cee25a834751 | 1326 | |
wolfSSL | 11:cee25a834751 | 1327 | #else /* HAVE_ALPN */ |
wolfSSL | 11:cee25a834751 | 1328 | |
wolfSSL | 11:cee25a834751 | 1329 | #define ALPN_FREE_ALL(list, heap) |
wolfSSL | 11:cee25a834751 | 1330 | #define ALPN_GET_SIZE(list) 0 |
wolfSSL | 11:cee25a834751 | 1331 | #define ALPN_WRITE(a, b) 0 |
wolfSSL | 11:cee25a834751 | 1332 | #define ALPN_PARSE(a, b, c, d) 0 |
wolfSSL | 11:cee25a834751 | 1333 | |
wolfSSL | 11:cee25a834751 | 1334 | #endif /* HAVE_ALPN */ |
wolfSSL | 11:cee25a834751 | 1335 | |
wolfSSL | 11:cee25a834751 | 1336 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 1337 | /* Server Name Indication */ |
wolfSSL | 11:cee25a834751 | 1338 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 1339 | |
wolfSSL | 11:cee25a834751 | 1340 | #ifdef HAVE_SNI |
wolfSSL | 11:cee25a834751 | 1341 | |
wolfSSL | 11:cee25a834751 | 1342 | /** Creates a new SNI object. */ |
wolfSSL | 11:cee25a834751 | 1343 | static SNI* TLSX_SNI_New(byte type, const void* data, word16 size, void* heap) |
wolfSSL | 11:cee25a834751 | 1344 | { |
wolfSSL | 11:cee25a834751 | 1345 | SNI* sni = (SNI*)XMALLOC(sizeof(SNI), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 1346 | |
wolfSSL | 11:cee25a834751 | 1347 | if (sni) { |
wolfSSL | 11:cee25a834751 | 1348 | sni->type = type; |
wolfSSL | 11:cee25a834751 | 1349 | sni->next = NULL; |
wolfSSL | 11:cee25a834751 | 1350 | |
wolfSSL | 11:cee25a834751 | 1351 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 1352 | sni->options = 0; |
wolfSSL | 11:cee25a834751 | 1353 | sni->status = WOLFSSL_SNI_NO_MATCH; |
wolfSSL | 11:cee25a834751 | 1354 | #endif |
wolfSSL | 11:cee25a834751 | 1355 | |
wolfSSL | 11:cee25a834751 | 1356 | switch (sni->type) { |
wolfSSL | 11:cee25a834751 | 1357 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 11:cee25a834751 | 1358 | sni->data.host_name = (char*)XMALLOC(size + 1, heap, |
wolfSSL | 11:cee25a834751 | 1359 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 1360 | if (sni->data.host_name) { |
wolfSSL | 11:cee25a834751 | 1361 | XSTRNCPY(sni->data.host_name, (const char*)data, size); |
wolfSSL | 11:cee25a834751 | 1362 | sni->data.host_name[size] = 0; |
wolfSSL | 11:cee25a834751 | 1363 | } else { |
wolfSSL | 11:cee25a834751 | 1364 | XFREE(sni, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 1365 | sni = NULL; |
wolfSSL | 11:cee25a834751 | 1366 | } |
wolfSSL | 11:cee25a834751 | 1367 | break; |
wolfSSL | 11:cee25a834751 | 1368 | |
wolfSSL | 11:cee25a834751 | 1369 | default: /* invalid type */ |
wolfSSL | 11:cee25a834751 | 1370 | XFREE(sni, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 1371 | sni = NULL; |
wolfSSL | 11:cee25a834751 | 1372 | } |
wolfSSL | 11:cee25a834751 | 1373 | } |
wolfSSL | 11:cee25a834751 | 1374 | |
wolfSSL | 11:cee25a834751 | 1375 | return sni; |
wolfSSL | 11:cee25a834751 | 1376 | } |
wolfSSL | 11:cee25a834751 | 1377 | |
wolfSSL | 11:cee25a834751 | 1378 | /** Releases a SNI object. */ |
wolfSSL | 11:cee25a834751 | 1379 | static void TLSX_SNI_Free(SNI* sni, void* heap) |
wolfSSL | 11:cee25a834751 | 1380 | { |
wolfSSL | 11:cee25a834751 | 1381 | if (sni) { |
wolfSSL | 11:cee25a834751 | 1382 | switch (sni->type) { |
wolfSSL | 11:cee25a834751 | 1383 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 11:cee25a834751 | 1384 | XFREE(sni->data.host_name, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 1385 | break; |
wolfSSL | 11:cee25a834751 | 1386 | } |
wolfSSL | 11:cee25a834751 | 1387 | |
wolfSSL | 11:cee25a834751 | 1388 | XFREE(sni, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 1389 | } |
wolfSSL | 11:cee25a834751 | 1390 | (void)heap; |
wolfSSL | 11:cee25a834751 | 1391 | } |
wolfSSL | 11:cee25a834751 | 1392 | |
wolfSSL | 11:cee25a834751 | 1393 | /** Releases all SNI objects in the provided list. */ |
wolfSSL | 11:cee25a834751 | 1394 | static void TLSX_SNI_FreeAll(SNI* list, void* heap) |
wolfSSL | 11:cee25a834751 | 1395 | { |
wolfSSL | 11:cee25a834751 | 1396 | SNI* sni; |
wolfSSL | 11:cee25a834751 | 1397 | |
wolfSSL | 11:cee25a834751 | 1398 | while ((sni = list)) { |
wolfSSL | 11:cee25a834751 | 1399 | list = sni->next; |
wolfSSL | 11:cee25a834751 | 1400 | TLSX_SNI_Free(sni, heap); |
wolfSSL | 11:cee25a834751 | 1401 | } |
wolfSSL | 11:cee25a834751 | 1402 | } |
wolfSSL | 11:cee25a834751 | 1403 | |
wolfSSL | 11:cee25a834751 | 1404 | /** Tells the buffered size of the SNI objects in a list. */ |
wolfSSL | 11:cee25a834751 | 1405 | static word16 TLSX_SNI_GetSize(SNI* list) |
wolfSSL | 11:cee25a834751 | 1406 | { |
wolfSSL | 11:cee25a834751 | 1407 | SNI* sni; |
wolfSSL | 11:cee25a834751 | 1408 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 11:cee25a834751 | 1409 | |
wolfSSL | 11:cee25a834751 | 1410 | while ((sni = list)) { |
wolfSSL | 11:cee25a834751 | 1411 | list = sni->next; |
wolfSSL | 11:cee25a834751 | 1412 | |
wolfSSL | 11:cee25a834751 | 1413 | length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */ |
wolfSSL | 11:cee25a834751 | 1414 | |
wolfSSL | 11:cee25a834751 | 1415 | switch (sni->type) { |
wolfSSL | 11:cee25a834751 | 1416 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 11:cee25a834751 | 1417 | length += (word16)XSTRLEN((char*)sni->data.host_name); |
wolfSSL | 11:cee25a834751 | 1418 | break; |
wolfSSL | 11:cee25a834751 | 1419 | } |
wolfSSL | 11:cee25a834751 | 1420 | } |
wolfSSL | 11:cee25a834751 | 1421 | |
wolfSSL | 11:cee25a834751 | 1422 | return length; |
wolfSSL | 11:cee25a834751 | 1423 | } |
wolfSSL | 11:cee25a834751 | 1424 | |
wolfSSL | 11:cee25a834751 | 1425 | /** Writes the SNI objects of a list in a buffer. */ |
wolfSSL | 11:cee25a834751 | 1426 | static word16 TLSX_SNI_Write(SNI* list, byte* output) |
wolfSSL | 11:cee25a834751 | 1427 | { |
wolfSSL | 11:cee25a834751 | 1428 | SNI* sni; |
wolfSSL | 11:cee25a834751 | 1429 | word16 length = 0; |
wolfSSL | 11:cee25a834751 | 1430 | word16 offset = OPAQUE16_LEN; /* list length offset */ |
wolfSSL | 11:cee25a834751 | 1431 | |
wolfSSL | 11:cee25a834751 | 1432 | while ((sni = list)) { |
wolfSSL | 11:cee25a834751 | 1433 | list = sni->next; |
wolfSSL | 11:cee25a834751 | 1434 | |
wolfSSL | 11:cee25a834751 | 1435 | output[offset++] = sni->type; /* sni type */ |
wolfSSL | 11:cee25a834751 | 1436 | |
wolfSSL | 11:cee25a834751 | 1437 | switch (sni->type) { |
wolfSSL | 11:cee25a834751 | 1438 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 11:cee25a834751 | 1439 | length = (word16)XSTRLEN((char*)sni->data.host_name); |
wolfSSL | 11:cee25a834751 | 1440 | |
wolfSSL | 11:cee25a834751 | 1441 | c16toa(length, output + offset); /* sni length */ |
wolfSSL | 11:cee25a834751 | 1442 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 1443 | |
wolfSSL | 11:cee25a834751 | 1444 | XMEMCPY(output + offset, sni->data.host_name, length); |
wolfSSL | 11:cee25a834751 | 1445 | |
wolfSSL | 11:cee25a834751 | 1446 | offset += length; |
wolfSSL | 11:cee25a834751 | 1447 | break; |
wolfSSL | 11:cee25a834751 | 1448 | } |
wolfSSL | 11:cee25a834751 | 1449 | } |
wolfSSL | 11:cee25a834751 | 1450 | |
wolfSSL | 11:cee25a834751 | 1451 | c16toa(offset - OPAQUE16_LEN, output); /* writing list length */ |
wolfSSL | 11:cee25a834751 | 1452 | |
wolfSSL | 11:cee25a834751 | 1453 | return offset; |
wolfSSL | 11:cee25a834751 | 1454 | } |
wolfSSL | 11:cee25a834751 | 1455 | |
wolfSSL | 11:cee25a834751 | 1456 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 1457 | |
wolfSSL | 11:cee25a834751 | 1458 | /** Finds a SNI object in the provided list. */ |
wolfSSL | 11:cee25a834751 | 1459 | static SNI* TLSX_SNI_Find(SNI *list, byte type) |
wolfSSL | 11:cee25a834751 | 1460 | { |
wolfSSL | 11:cee25a834751 | 1461 | SNI *sni = list; |
wolfSSL | 11:cee25a834751 | 1462 | |
wolfSSL | 11:cee25a834751 | 1463 | while (sni && sni->type != type) |
wolfSSL | 11:cee25a834751 | 1464 | sni = sni->next; |
wolfSSL | 11:cee25a834751 | 1465 | |
wolfSSL | 11:cee25a834751 | 1466 | return sni; |
wolfSSL | 11:cee25a834751 | 1467 | } |
wolfSSL | 11:cee25a834751 | 1468 | |
wolfSSL | 11:cee25a834751 | 1469 | |
wolfSSL | 11:cee25a834751 | 1470 | /** Sets the status of a SNI object. */ |
wolfSSL | 11:cee25a834751 | 1471 | static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status) |
wolfSSL | 11:cee25a834751 | 1472 | { |
wolfSSL | 11:cee25a834751 | 1473 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 11:cee25a834751 | 1474 | SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); |
wolfSSL | 11:cee25a834751 | 1475 | |
wolfSSL | 11:cee25a834751 | 1476 | if (sni) |
wolfSSL | 11:cee25a834751 | 1477 | sni->status = status; |
wolfSSL | 11:cee25a834751 | 1478 | } |
wolfSSL | 11:cee25a834751 | 1479 | |
wolfSSL | 11:cee25a834751 | 1480 | /** Gets the status of a SNI object. */ |
wolfSSL | 11:cee25a834751 | 1481 | byte TLSX_SNI_Status(TLSX* extensions, byte type) |
wolfSSL | 11:cee25a834751 | 1482 | { |
wolfSSL | 11:cee25a834751 | 1483 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 11:cee25a834751 | 1484 | SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); |
wolfSSL | 11:cee25a834751 | 1485 | |
wolfSSL | 11:cee25a834751 | 1486 | if (sni) |
wolfSSL | 11:cee25a834751 | 1487 | return sni->status; |
wolfSSL | 11:cee25a834751 | 1488 | |
wolfSSL | 11:cee25a834751 | 1489 | return 0; |
wolfSSL | 11:cee25a834751 | 1490 | } |
wolfSSL | 11:cee25a834751 | 1491 | |
wolfSSL | 11:cee25a834751 | 1492 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 11:cee25a834751 | 1493 | |
wolfSSL | 11:cee25a834751 | 1494 | /** Parses a buffer of SNI extensions. */ |
wolfSSL | 11:cee25a834751 | 1495 | static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 11:cee25a834751 | 1496 | byte isRequest) |
wolfSSL | 11:cee25a834751 | 1497 | { |
wolfSSL | 11:cee25a834751 | 1498 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 1499 | word16 size = 0; |
wolfSSL | 11:cee25a834751 | 1500 | word16 offset = 0; |
wolfSSL | 11:cee25a834751 | 1501 | int cacheOnly = 0; |
wolfSSL | 11:cee25a834751 | 1502 | #endif |
wolfSSL | 11:cee25a834751 | 1503 | |
wolfSSL | 11:cee25a834751 | 1504 | TLSX *extension = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME); |
wolfSSL | 11:cee25a834751 | 1505 | |
wolfSSL | 11:cee25a834751 | 1506 | if (!extension) |
wolfSSL | 11:cee25a834751 | 1507 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME); |
wolfSSL | 11:cee25a834751 | 1508 | |
wolfSSL | 11:cee25a834751 | 1509 | (void)isRequest; |
wolfSSL | 11:cee25a834751 | 1510 | (void)input; |
wolfSSL | 11:cee25a834751 | 1511 | |
wolfSSL | 11:cee25a834751 | 1512 | if (!extension || !extension->data) { |
wolfSSL | 11:cee25a834751 | 1513 | #if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 11:cee25a834751 | 1514 | /* This will keep SNI even though TLSX_UseSNI has not been called. |
wolfSSL | 11:cee25a834751 | 1515 | * Enable it so that the received sni is available to functions |
wolfSSL | 11:cee25a834751 | 1516 | * that use a custom callback when SNI is received */ |
wolfSSL | 11:cee25a834751 | 1517 | cacheOnly = 1; |
wolfSSL | 11:cee25a834751 | 1518 | WOLFSSL_MSG("Forcing SSL object to store SNI parameter"); |
wolfSSL | 11:cee25a834751 | 1519 | #else |
wolfSSL | 11:cee25a834751 | 1520 | return isRequest ? 0 /* not using SNI. */ |
wolfSSL | 11:cee25a834751 | 1521 | : BUFFER_ERROR; /* unexpected SNI response. */ |
wolfSSL | 11:cee25a834751 | 1522 | #endif |
wolfSSL | 11:cee25a834751 | 1523 | } |
wolfSSL | 11:cee25a834751 | 1524 | |
wolfSSL | 11:cee25a834751 | 1525 | if (!isRequest) |
wolfSSL | 11:cee25a834751 | 1526 | return length ? BUFFER_ERROR /* SNI response MUST be empty. */ |
wolfSSL | 11:cee25a834751 | 1527 | : 0; /* nothing else to do. */ |
wolfSSL | 11:cee25a834751 | 1528 | |
wolfSSL | 11:cee25a834751 | 1529 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 1530 | |
wolfSSL | 11:cee25a834751 | 1531 | if (OPAQUE16_LEN > length) |
wolfSSL | 11:cee25a834751 | 1532 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1533 | |
wolfSSL | 11:cee25a834751 | 1534 | ato16(input, &size); |
wolfSSL | 11:cee25a834751 | 1535 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 1536 | |
wolfSSL | 11:cee25a834751 | 1537 | /* validating sni list length */ |
wolfSSL | 11:cee25a834751 | 1538 | if (length != OPAQUE16_LEN + size) |
wolfSSL | 11:cee25a834751 | 1539 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1540 | |
wolfSSL | 11:cee25a834751 | 1541 | for (size = 0; offset < length; offset += size) { |
wolfSSL | 11:cee25a834751 | 1542 | SNI *sni = NULL; |
wolfSSL | 11:cee25a834751 | 1543 | byte type = input[offset++]; |
wolfSSL | 11:cee25a834751 | 1544 | |
wolfSSL | 11:cee25a834751 | 1545 | if (offset + OPAQUE16_LEN > length) |
wolfSSL | 11:cee25a834751 | 1546 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1547 | |
wolfSSL | 11:cee25a834751 | 1548 | ato16(input + offset, &size); |
wolfSSL | 11:cee25a834751 | 1549 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 1550 | |
wolfSSL | 11:cee25a834751 | 1551 | if (offset + size > length) |
wolfSSL | 11:cee25a834751 | 1552 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1553 | |
wolfSSL | 11:cee25a834751 | 1554 | if (!cacheOnly && !(sni = TLSX_SNI_Find((SNI*)extension->data, type))) |
wolfSSL | 11:cee25a834751 | 1555 | continue; /* not using this type of SNI. */ |
wolfSSL | 11:cee25a834751 | 1556 | |
wolfSSL | 11:cee25a834751 | 1557 | switch(type) { |
wolfSSL | 11:cee25a834751 | 1558 | case WOLFSSL_SNI_HOST_NAME: { |
wolfSSL | 11:cee25a834751 | 1559 | int matchStat; |
wolfSSL | 11:cee25a834751 | 1560 | byte matched = cacheOnly || |
wolfSSL | 11:cee25a834751 | 1561 | ((XSTRLEN(sni->data.host_name) == size) |
wolfSSL | 11:cee25a834751 | 1562 | && (XSTRNCMP(sni->data.host_name, |
wolfSSL | 11:cee25a834751 | 1563 | (const char*)input + offset, size) == 0)); |
wolfSSL | 11:cee25a834751 | 1564 | |
wolfSSL | 11:cee25a834751 | 1565 | if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) { |
wolfSSL | 11:cee25a834751 | 1566 | int r = TLSX_UseSNI(&ssl->extensions, |
wolfSSL | 11:cee25a834751 | 1567 | type, input + offset, size, ssl->heap); |
wolfSSL | 11:cee25a834751 | 1568 | |
wolfSSL | 11:cee25a834751 | 1569 | if (r != SSL_SUCCESS) |
wolfSSL | 11:cee25a834751 | 1570 | return r; /* throws error. */ |
wolfSSL | 11:cee25a834751 | 1571 | |
wolfSSL | 11:cee25a834751 | 1572 | if(cacheOnly) { |
wolfSSL | 11:cee25a834751 | 1573 | WOLFSSL_MSG("Forcing storage of SNI, Fake match"); |
wolfSSL | 11:cee25a834751 | 1574 | matchStat = WOLFSSL_SNI_FORCE_KEEP; |
wolfSSL | 11:cee25a834751 | 1575 | } else if(matched) { |
wolfSSL | 11:cee25a834751 | 1576 | WOLFSSL_MSG("SNI did match!"); |
wolfSSL | 11:cee25a834751 | 1577 | matchStat = WOLFSSL_SNI_REAL_MATCH; |
wolfSSL | 11:cee25a834751 | 1578 | } else { |
wolfSSL | 11:cee25a834751 | 1579 | WOLFSSL_MSG("fake SNI match from ANSWER_ON_MISMATCH"); |
wolfSSL | 11:cee25a834751 | 1580 | matchStat = WOLFSSL_SNI_FAKE_MATCH; |
wolfSSL | 11:cee25a834751 | 1581 | } |
wolfSSL | 11:cee25a834751 | 1582 | |
wolfSSL | 11:cee25a834751 | 1583 | TLSX_SNI_SetStatus(ssl->extensions, type, matchStat); |
wolfSSL | 11:cee25a834751 | 1584 | |
wolfSSL | 11:cee25a834751 | 1585 | if(!cacheOnly) |
wolfSSL | 11:cee25a834751 | 1586 | TLSX_SetResponse(ssl, TLSX_SERVER_NAME); |
wolfSSL | 11:cee25a834751 | 1587 | |
wolfSSL | 11:cee25a834751 | 1588 | } else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) { |
wolfSSL | 11:cee25a834751 | 1589 | SendAlert(ssl, alert_fatal, unrecognized_name); |
wolfSSL | 11:cee25a834751 | 1590 | |
wolfSSL | 11:cee25a834751 | 1591 | return UNKNOWN_SNI_HOST_NAME_E; |
wolfSSL | 11:cee25a834751 | 1592 | } |
wolfSSL | 11:cee25a834751 | 1593 | break; |
wolfSSL | 11:cee25a834751 | 1594 | } |
wolfSSL | 11:cee25a834751 | 1595 | } |
wolfSSL | 11:cee25a834751 | 1596 | } |
wolfSSL | 11:cee25a834751 | 1597 | |
wolfSSL | 11:cee25a834751 | 1598 | #endif |
wolfSSL | 11:cee25a834751 | 1599 | |
wolfSSL | 11:cee25a834751 | 1600 | return 0; |
wolfSSL | 11:cee25a834751 | 1601 | } |
wolfSSL | 11:cee25a834751 | 1602 | |
wolfSSL | 11:cee25a834751 | 1603 | static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest) |
wolfSSL | 11:cee25a834751 | 1604 | { |
wolfSSL | 11:cee25a834751 | 1605 | (void)ssl; |
wolfSSL | 11:cee25a834751 | 1606 | |
wolfSSL | 11:cee25a834751 | 1607 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 1608 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 1609 | TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME); |
wolfSSL | 11:cee25a834751 | 1610 | TLSX* ssl_ext = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME); |
wolfSSL | 11:cee25a834751 | 1611 | SNI* ctx_sni = ctx_ext ? (SNI*)ctx_ext->data : NULL; |
wolfSSL | 11:cee25a834751 | 1612 | SNI* ssl_sni = ssl_ext ? (SNI*)ssl_ext->data : NULL; |
wolfSSL | 11:cee25a834751 | 1613 | SNI* sni = NULL; |
wolfSSL | 11:cee25a834751 | 1614 | |
wolfSSL | 11:cee25a834751 | 1615 | for (; ctx_sni; ctx_sni = ctx_sni->next) { |
wolfSSL | 11:cee25a834751 | 1616 | if (ctx_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) { |
wolfSSL | 11:cee25a834751 | 1617 | sni = TLSX_SNI_Find(ssl_sni, ctx_sni->type); |
wolfSSL | 11:cee25a834751 | 1618 | |
wolfSSL | 11:cee25a834751 | 1619 | if (sni) { |
wolfSSL | 11:cee25a834751 | 1620 | if (sni->status != WOLFSSL_SNI_NO_MATCH) |
wolfSSL | 11:cee25a834751 | 1621 | continue; |
wolfSSL | 11:cee25a834751 | 1622 | |
wolfSSL | 11:cee25a834751 | 1623 | /* if ssl level overrides ctx level, it is ok. */ |
wolfSSL | 11:cee25a834751 | 1624 | if ((sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) == 0) |
wolfSSL | 11:cee25a834751 | 1625 | continue; |
wolfSSL | 11:cee25a834751 | 1626 | } |
wolfSSL | 11:cee25a834751 | 1627 | |
wolfSSL | 11:cee25a834751 | 1628 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 11:cee25a834751 | 1629 | return SNI_ABSENT_ERROR; |
wolfSSL | 11:cee25a834751 | 1630 | } |
wolfSSL | 11:cee25a834751 | 1631 | } |
wolfSSL | 11:cee25a834751 | 1632 | |
wolfSSL | 11:cee25a834751 | 1633 | for (; ssl_sni; ssl_sni = ssl_sni->next) { |
wolfSSL | 11:cee25a834751 | 1634 | if (ssl_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) { |
wolfSSL | 11:cee25a834751 | 1635 | if (ssl_sni->status != WOLFSSL_SNI_NO_MATCH) |
wolfSSL | 11:cee25a834751 | 1636 | continue; |
wolfSSL | 11:cee25a834751 | 1637 | |
wolfSSL | 11:cee25a834751 | 1638 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 11:cee25a834751 | 1639 | return SNI_ABSENT_ERROR; |
wolfSSL | 11:cee25a834751 | 1640 | } |
wolfSSL | 11:cee25a834751 | 1641 | } |
wolfSSL | 11:cee25a834751 | 1642 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 11:cee25a834751 | 1643 | } |
wolfSSL | 11:cee25a834751 | 1644 | |
wolfSSL | 11:cee25a834751 | 1645 | return 0; |
wolfSSL | 11:cee25a834751 | 1646 | } |
wolfSSL | 11:cee25a834751 | 1647 | |
wolfSSL | 11:cee25a834751 | 1648 | int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size, |
wolfSSL | 11:cee25a834751 | 1649 | void* heap) |
wolfSSL | 11:cee25a834751 | 1650 | { |
wolfSSL | 11:cee25a834751 | 1651 | TLSX* extension; |
wolfSSL | 11:cee25a834751 | 1652 | SNI* sni = NULL; |
wolfSSL | 11:cee25a834751 | 1653 | |
wolfSSL | 11:cee25a834751 | 1654 | if (extensions == NULL || data == NULL) |
wolfSSL | 11:cee25a834751 | 1655 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1656 | |
wolfSSL | 11:cee25a834751 | 1657 | if ((sni = TLSX_SNI_New(type, data, size, heap)) == NULL) |
wolfSSL | 11:cee25a834751 | 1658 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 1659 | |
wolfSSL | 11:cee25a834751 | 1660 | extension = TLSX_Find(*extensions, TLSX_SERVER_NAME); |
wolfSSL | 11:cee25a834751 | 1661 | if (!extension) { |
wolfSSL | 11:cee25a834751 | 1662 | int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap); |
wolfSSL | 11:cee25a834751 | 1663 | if (ret != 0) { |
wolfSSL | 11:cee25a834751 | 1664 | TLSX_SNI_Free(sni, heap); |
wolfSSL | 11:cee25a834751 | 1665 | return ret; |
wolfSSL | 11:cee25a834751 | 1666 | } |
wolfSSL | 11:cee25a834751 | 1667 | } |
wolfSSL | 11:cee25a834751 | 1668 | else { |
wolfSSL | 11:cee25a834751 | 1669 | /* push new SNI object to extension data. */ |
wolfSSL | 11:cee25a834751 | 1670 | sni->next = (SNI*)extension->data; |
wolfSSL | 11:cee25a834751 | 1671 | extension->data = (void*)sni; |
wolfSSL | 11:cee25a834751 | 1672 | |
wolfSSL | 11:cee25a834751 | 1673 | /* remove duplicate SNI, there should be only one of each type. */ |
wolfSSL | 11:cee25a834751 | 1674 | do { |
wolfSSL | 11:cee25a834751 | 1675 | if (sni->next && sni->next->type == type) { |
wolfSSL | 11:cee25a834751 | 1676 | SNI *next = sni->next; |
wolfSSL | 11:cee25a834751 | 1677 | |
wolfSSL | 11:cee25a834751 | 1678 | sni->next = next->next; |
wolfSSL | 11:cee25a834751 | 1679 | TLSX_SNI_Free(next, heap); |
wolfSSL | 11:cee25a834751 | 1680 | |
wolfSSL | 11:cee25a834751 | 1681 | /* there is no way to occur more than */ |
wolfSSL | 11:cee25a834751 | 1682 | /* two SNIs of the same type. */ |
wolfSSL | 11:cee25a834751 | 1683 | break; |
wolfSSL | 11:cee25a834751 | 1684 | } |
wolfSSL | 11:cee25a834751 | 1685 | } while ((sni = sni->next)); |
wolfSSL | 11:cee25a834751 | 1686 | } |
wolfSSL | 11:cee25a834751 | 1687 | |
wolfSSL | 11:cee25a834751 | 1688 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 1689 | } |
wolfSSL | 11:cee25a834751 | 1690 | |
wolfSSL | 11:cee25a834751 | 1691 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 1692 | |
wolfSSL | 11:cee25a834751 | 1693 | /** Tells the SNI requested by the client. */ |
wolfSSL | 11:cee25a834751 | 1694 | word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data) |
wolfSSL | 11:cee25a834751 | 1695 | { |
wolfSSL | 11:cee25a834751 | 1696 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 11:cee25a834751 | 1697 | SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); |
wolfSSL | 11:cee25a834751 | 1698 | |
wolfSSL | 11:cee25a834751 | 1699 | if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) { |
wolfSSL | 11:cee25a834751 | 1700 | switch (sni->type) { |
wolfSSL | 11:cee25a834751 | 1701 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 11:cee25a834751 | 1702 | if (data) { |
wolfSSL | 11:cee25a834751 | 1703 | *data = sni->data.host_name; |
wolfSSL | 11:cee25a834751 | 1704 | return (word16)XSTRLEN((char*)*data); |
wolfSSL | 11:cee25a834751 | 1705 | } |
wolfSSL | 11:cee25a834751 | 1706 | } |
wolfSSL | 11:cee25a834751 | 1707 | } |
wolfSSL | 11:cee25a834751 | 1708 | |
wolfSSL | 11:cee25a834751 | 1709 | return 0; |
wolfSSL | 11:cee25a834751 | 1710 | } |
wolfSSL | 11:cee25a834751 | 1711 | |
wolfSSL | 11:cee25a834751 | 1712 | /** Sets the options for a SNI object. */ |
wolfSSL | 11:cee25a834751 | 1713 | void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options) |
wolfSSL | 11:cee25a834751 | 1714 | { |
wolfSSL | 11:cee25a834751 | 1715 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 11:cee25a834751 | 1716 | SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); |
wolfSSL | 11:cee25a834751 | 1717 | |
wolfSSL | 11:cee25a834751 | 1718 | if (sni) |
wolfSSL | 11:cee25a834751 | 1719 | sni->options = options; |
wolfSSL | 11:cee25a834751 | 1720 | } |
wolfSSL | 11:cee25a834751 | 1721 | |
wolfSSL | 11:cee25a834751 | 1722 | /** Retrieves a SNI request from a client hello buffer. */ |
wolfSSL | 11:cee25a834751 | 1723 | int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, |
wolfSSL | 11:cee25a834751 | 1724 | byte type, byte* sni, word32* inOutSz) |
wolfSSL | 11:cee25a834751 | 1725 | { |
wolfSSL | 11:cee25a834751 | 1726 | word32 offset = 0; |
wolfSSL | 11:cee25a834751 | 1727 | word32 len32 = 0; |
wolfSSL | 11:cee25a834751 | 1728 | word16 len16 = 0; |
wolfSSL | 11:cee25a834751 | 1729 | |
wolfSSL | 11:cee25a834751 | 1730 | if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST) |
wolfSSL | 11:cee25a834751 | 1731 | return INCOMPLETE_DATA; |
wolfSSL | 11:cee25a834751 | 1732 | |
wolfSSL | 11:cee25a834751 | 1733 | /* TLS record header */ |
wolfSSL | 11:cee25a834751 | 1734 | if ((enum ContentType) clientHello[offset++] != handshake) { |
wolfSSL | 11:cee25a834751 | 1735 | |
wolfSSL | 11:cee25a834751 | 1736 | /* checking for SSLv2.0 client hello according to: */ |
wolfSSL | 11:cee25a834751 | 1737 | /* http://tools.ietf.org/html/rfc4346#appendix-E.1 */ |
wolfSSL | 11:cee25a834751 | 1738 | if ((enum HandShakeType) clientHello[++offset] == client_hello) { |
wolfSSL | 11:cee25a834751 | 1739 | offset += ENUM_LEN + VERSION_SZ; /* skip version */ |
wolfSSL | 11:cee25a834751 | 1740 | |
wolfSSL | 11:cee25a834751 | 1741 | ato16(clientHello + offset, &len16); |
wolfSSL | 11:cee25a834751 | 1742 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 1743 | |
wolfSSL | 11:cee25a834751 | 1744 | if (len16 % 3) /* cipher_spec_length must be multiple of 3 */ |
wolfSSL | 11:cee25a834751 | 1745 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1746 | |
wolfSSL | 11:cee25a834751 | 1747 | ato16(clientHello + offset, &len16); |
wolfSSL | 11:cee25a834751 | 1748 | /* Returning SNI_UNSUPPORTED do not increment offset here */ |
wolfSSL | 11:cee25a834751 | 1749 | |
wolfSSL | 11:cee25a834751 | 1750 | if (len16 != 0) /* session_id_length must be 0 */ |
wolfSSL | 11:cee25a834751 | 1751 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1752 | |
wolfSSL | 11:cee25a834751 | 1753 | return SNI_UNSUPPORTED; |
wolfSSL | 11:cee25a834751 | 1754 | } |
wolfSSL | 11:cee25a834751 | 1755 | |
wolfSSL | 11:cee25a834751 | 1756 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1757 | } |
wolfSSL | 11:cee25a834751 | 1758 | |
wolfSSL | 11:cee25a834751 | 1759 | if (clientHello[offset++] != SSLv3_MAJOR) |
wolfSSL | 11:cee25a834751 | 1760 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1761 | |
wolfSSL | 11:cee25a834751 | 1762 | if (clientHello[offset++] < TLSv1_MINOR) |
wolfSSL | 11:cee25a834751 | 1763 | return SNI_UNSUPPORTED; |
wolfSSL | 11:cee25a834751 | 1764 | |
wolfSSL | 11:cee25a834751 | 1765 | ato16(clientHello + offset, &len16); |
wolfSSL | 11:cee25a834751 | 1766 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 1767 | |
wolfSSL | 11:cee25a834751 | 1768 | if (offset + len16 > helloSz) |
wolfSSL | 11:cee25a834751 | 1769 | return INCOMPLETE_DATA; |
wolfSSL | 11:cee25a834751 | 1770 | |
wolfSSL | 11:cee25a834751 | 1771 | /* Handshake header */ |
wolfSSL | 11:cee25a834751 | 1772 | if ((enum HandShakeType) clientHello[offset] != client_hello) |
wolfSSL | 11:cee25a834751 | 1773 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1774 | |
wolfSSL | 11:cee25a834751 | 1775 | c24to32(clientHello + offset + 1, &len32); |
wolfSSL | 11:cee25a834751 | 1776 | offset += HANDSHAKE_HEADER_SZ; |
wolfSSL | 11:cee25a834751 | 1777 | |
wolfSSL | 11:cee25a834751 | 1778 | if (offset + len32 > helloSz) |
wolfSSL | 11:cee25a834751 | 1779 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1780 | |
wolfSSL | 11:cee25a834751 | 1781 | /* client hello */ |
wolfSSL | 11:cee25a834751 | 1782 | offset += VERSION_SZ + RAN_LEN; /* version, random */ |
wolfSSL | 11:cee25a834751 | 1783 | |
wolfSSL | 11:cee25a834751 | 1784 | if (helloSz < offset + clientHello[offset]) |
wolfSSL | 11:cee25a834751 | 1785 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1786 | |
wolfSSL | 11:cee25a834751 | 1787 | offset += ENUM_LEN + clientHello[offset]; /* skip session id */ |
wolfSSL | 11:cee25a834751 | 1788 | |
wolfSSL | 11:cee25a834751 | 1789 | /* cypher suites */ |
wolfSSL | 11:cee25a834751 | 1790 | if (helloSz < offset + OPAQUE16_LEN) |
wolfSSL | 11:cee25a834751 | 1791 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1792 | |
wolfSSL | 11:cee25a834751 | 1793 | ato16(clientHello + offset, &len16); |
wolfSSL | 11:cee25a834751 | 1794 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 1795 | |
wolfSSL | 11:cee25a834751 | 1796 | if (helloSz < offset + len16) |
wolfSSL | 11:cee25a834751 | 1797 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1798 | |
wolfSSL | 11:cee25a834751 | 1799 | offset += len16; /* skip cypher suites */ |
wolfSSL | 11:cee25a834751 | 1800 | |
wolfSSL | 11:cee25a834751 | 1801 | /* compression methods */ |
wolfSSL | 11:cee25a834751 | 1802 | if (helloSz < offset + 1) |
wolfSSL | 11:cee25a834751 | 1803 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1804 | |
wolfSSL | 11:cee25a834751 | 1805 | if (helloSz < offset + clientHello[offset]) |
wolfSSL | 11:cee25a834751 | 1806 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1807 | |
wolfSSL | 11:cee25a834751 | 1808 | offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */ |
wolfSSL | 11:cee25a834751 | 1809 | |
wolfSSL | 11:cee25a834751 | 1810 | /* extensions */ |
wolfSSL | 11:cee25a834751 | 1811 | if (helloSz < offset + OPAQUE16_LEN) |
wolfSSL | 11:cee25a834751 | 1812 | return 0; /* no extensions in client hello. */ |
wolfSSL | 11:cee25a834751 | 1813 | |
wolfSSL | 11:cee25a834751 | 1814 | ato16(clientHello + offset, &len16); |
wolfSSL | 11:cee25a834751 | 1815 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 1816 | |
wolfSSL | 11:cee25a834751 | 1817 | if (helloSz < offset + len16) |
wolfSSL | 11:cee25a834751 | 1818 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1819 | |
wolfSSL | 11:cee25a834751 | 1820 | while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) { |
wolfSSL | 11:cee25a834751 | 1821 | word16 extType; |
wolfSSL | 11:cee25a834751 | 1822 | word16 extLen; |
wolfSSL | 11:cee25a834751 | 1823 | |
wolfSSL | 11:cee25a834751 | 1824 | ato16(clientHello + offset, &extType); |
wolfSSL | 11:cee25a834751 | 1825 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 1826 | |
wolfSSL | 11:cee25a834751 | 1827 | ato16(clientHello + offset, &extLen); |
wolfSSL | 11:cee25a834751 | 1828 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 1829 | |
wolfSSL | 11:cee25a834751 | 1830 | if (helloSz < offset + extLen) |
wolfSSL | 11:cee25a834751 | 1831 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1832 | |
wolfSSL | 11:cee25a834751 | 1833 | if (extType != TLSX_SERVER_NAME) { |
wolfSSL | 11:cee25a834751 | 1834 | offset += extLen; /* skip extension */ |
wolfSSL | 11:cee25a834751 | 1835 | } else { |
wolfSSL | 11:cee25a834751 | 1836 | word16 listLen; |
wolfSSL | 11:cee25a834751 | 1837 | |
wolfSSL | 11:cee25a834751 | 1838 | ato16(clientHello + offset, &listLen); |
wolfSSL | 11:cee25a834751 | 1839 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 1840 | |
wolfSSL | 11:cee25a834751 | 1841 | if (helloSz < offset + listLen) |
wolfSSL | 11:cee25a834751 | 1842 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1843 | |
wolfSSL | 11:cee25a834751 | 1844 | while (listLen > ENUM_LEN + OPAQUE16_LEN) { |
wolfSSL | 11:cee25a834751 | 1845 | byte sniType = clientHello[offset++]; |
wolfSSL | 11:cee25a834751 | 1846 | word16 sniLen; |
wolfSSL | 11:cee25a834751 | 1847 | |
wolfSSL | 11:cee25a834751 | 1848 | ato16(clientHello + offset, &sniLen); |
wolfSSL | 11:cee25a834751 | 1849 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 1850 | |
wolfSSL | 11:cee25a834751 | 1851 | if (helloSz < offset + sniLen) |
wolfSSL | 11:cee25a834751 | 1852 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1853 | |
wolfSSL | 11:cee25a834751 | 1854 | if (sniType != type) { |
wolfSSL | 11:cee25a834751 | 1855 | offset += sniLen; |
wolfSSL | 11:cee25a834751 | 1856 | listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen); |
wolfSSL | 11:cee25a834751 | 1857 | continue; |
wolfSSL | 11:cee25a834751 | 1858 | } |
wolfSSL | 11:cee25a834751 | 1859 | |
wolfSSL | 11:cee25a834751 | 1860 | *inOutSz = min(sniLen, *inOutSz); |
wolfSSL | 11:cee25a834751 | 1861 | XMEMCPY(sni, clientHello + offset, *inOutSz); |
wolfSSL | 11:cee25a834751 | 1862 | |
wolfSSL | 11:cee25a834751 | 1863 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 1864 | } |
wolfSSL | 11:cee25a834751 | 1865 | } |
wolfSSL | 11:cee25a834751 | 1866 | |
wolfSSL | 11:cee25a834751 | 1867 | len16 -= min(2 * OPAQUE16_LEN + extLen, len16); |
wolfSSL | 11:cee25a834751 | 1868 | } |
wolfSSL | 11:cee25a834751 | 1869 | |
wolfSSL | 11:cee25a834751 | 1870 | return len16 ? BUFFER_ERROR : 0; |
wolfSSL | 11:cee25a834751 | 1871 | } |
wolfSSL | 11:cee25a834751 | 1872 | |
wolfSSL | 11:cee25a834751 | 1873 | #endif |
wolfSSL | 11:cee25a834751 | 1874 | |
wolfSSL | 11:cee25a834751 | 1875 | #define SNI_FREE_ALL TLSX_SNI_FreeAll |
wolfSSL | 11:cee25a834751 | 1876 | #define SNI_GET_SIZE TLSX_SNI_GetSize |
wolfSSL | 11:cee25a834751 | 1877 | #define SNI_WRITE TLSX_SNI_Write |
wolfSSL | 11:cee25a834751 | 1878 | #define SNI_PARSE TLSX_SNI_Parse |
wolfSSL | 11:cee25a834751 | 1879 | #define SNI_VERIFY_PARSE TLSX_SNI_VerifyParse |
wolfSSL | 11:cee25a834751 | 1880 | |
wolfSSL | 11:cee25a834751 | 1881 | #else |
wolfSSL | 11:cee25a834751 | 1882 | |
wolfSSL | 11:cee25a834751 | 1883 | #define SNI_FREE_ALL(list, heap) |
wolfSSL | 11:cee25a834751 | 1884 | #define SNI_GET_SIZE(list) 0 |
wolfSSL | 11:cee25a834751 | 1885 | #define SNI_WRITE(a, b) 0 |
wolfSSL | 11:cee25a834751 | 1886 | #define SNI_PARSE(a, b, c, d) 0 |
wolfSSL | 11:cee25a834751 | 1887 | #define SNI_VERIFY_PARSE(a, b) 0 |
wolfSSL | 11:cee25a834751 | 1888 | |
wolfSSL | 11:cee25a834751 | 1889 | #endif /* HAVE_SNI */ |
wolfSSL | 11:cee25a834751 | 1890 | |
wolfSSL | 11:cee25a834751 | 1891 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 1892 | /* Max Fragment Length Negotiation */ |
wolfSSL | 11:cee25a834751 | 1893 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 1894 | |
wolfSSL | 11:cee25a834751 | 1895 | #ifdef HAVE_MAX_FRAGMENT |
wolfSSL | 11:cee25a834751 | 1896 | |
wolfSSL | 11:cee25a834751 | 1897 | static word16 TLSX_MFL_Write(byte* data, byte* output) |
wolfSSL | 11:cee25a834751 | 1898 | { |
wolfSSL | 11:cee25a834751 | 1899 | output[0] = data[0]; |
wolfSSL | 11:cee25a834751 | 1900 | |
wolfSSL | 11:cee25a834751 | 1901 | return ENUM_LEN; |
wolfSSL | 11:cee25a834751 | 1902 | } |
wolfSSL | 11:cee25a834751 | 1903 | |
wolfSSL | 11:cee25a834751 | 1904 | static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 11:cee25a834751 | 1905 | byte isRequest) |
wolfSSL | 11:cee25a834751 | 1906 | { |
wolfSSL | 11:cee25a834751 | 1907 | (void)isRequest; |
wolfSSL | 11:cee25a834751 | 1908 | |
wolfSSL | 11:cee25a834751 | 1909 | if (length != ENUM_LEN) |
wolfSSL | 11:cee25a834751 | 1910 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1911 | |
wolfSSL | 11:cee25a834751 | 1912 | switch (*input) { |
wolfSSL | 11:cee25a834751 | 1913 | case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break; |
wolfSSL | 11:cee25a834751 | 1914 | case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break; |
wolfSSL | 11:cee25a834751 | 1915 | case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break; |
wolfSSL | 11:cee25a834751 | 1916 | case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break; |
wolfSSL | 11:cee25a834751 | 1917 | case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break; |
wolfSSL | 11:cee25a834751 | 1918 | |
wolfSSL | 11:cee25a834751 | 1919 | default: |
wolfSSL | 11:cee25a834751 | 1920 | SendAlert(ssl, alert_fatal, illegal_parameter); |
wolfSSL | 11:cee25a834751 | 1921 | |
wolfSSL | 11:cee25a834751 | 1922 | return UNKNOWN_MAX_FRAG_LEN_E; |
wolfSSL | 11:cee25a834751 | 1923 | } |
wolfSSL | 11:cee25a834751 | 1924 | |
wolfSSL | 11:cee25a834751 | 1925 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 1926 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 1927 | int r = TLSX_UseMaxFragment(&ssl->extensions, *input, ssl->heap); |
wolfSSL | 11:cee25a834751 | 1928 | |
wolfSSL | 11:cee25a834751 | 1929 | if (r != SSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 11:cee25a834751 | 1930 | |
wolfSSL | 11:cee25a834751 | 1931 | TLSX_SetResponse(ssl, TLSX_MAX_FRAGMENT_LENGTH); |
wolfSSL | 11:cee25a834751 | 1932 | } |
wolfSSL | 11:cee25a834751 | 1933 | #endif |
wolfSSL | 11:cee25a834751 | 1934 | |
wolfSSL | 11:cee25a834751 | 1935 | return 0; |
wolfSSL | 11:cee25a834751 | 1936 | } |
wolfSSL | 11:cee25a834751 | 1937 | |
wolfSSL | 11:cee25a834751 | 1938 | int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap) |
wolfSSL | 11:cee25a834751 | 1939 | { |
wolfSSL | 11:cee25a834751 | 1940 | byte* data = NULL; |
wolfSSL | 11:cee25a834751 | 1941 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 1942 | |
wolfSSL | 11:cee25a834751 | 1943 | if (extensions == NULL) |
wolfSSL | 11:cee25a834751 | 1944 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1945 | |
wolfSSL | 11:cee25a834751 | 1946 | if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl) |
wolfSSL | 11:cee25a834751 | 1947 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1948 | |
wolfSSL | 11:cee25a834751 | 1949 | if ((data = (byte*)XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 11:cee25a834751 | 1950 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 1951 | |
wolfSSL | 11:cee25a834751 | 1952 | data[0] = mfl; |
wolfSSL | 11:cee25a834751 | 1953 | |
wolfSSL | 11:cee25a834751 | 1954 | /* push new MFL extension. */ |
wolfSSL | 11:cee25a834751 | 1955 | if ((ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data, heap)) |
wolfSSL | 11:cee25a834751 | 1956 | != 0) { |
wolfSSL | 11:cee25a834751 | 1957 | XFREE(data, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 1958 | return ret; |
wolfSSL | 11:cee25a834751 | 1959 | } |
wolfSSL | 11:cee25a834751 | 1960 | |
wolfSSL | 11:cee25a834751 | 1961 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 1962 | } |
wolfSSL | 11:cee25a834751 | 1963 | |
wolfSSL | 11:cee25a834751 | 1964 | |
wolfSSL | 11:cee25a834751 | 1965 | #define MFL_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX) |
wolfSSL | 11:cee25a834751 | 1966 | #define MFL_GET_SIZE(data) ENUM_LEN |
wolfSSL | 11:cee25a834751 | 1967 | #define MFL_WRITE TLSX_MFL_Write |
wolfSSL | 11:cee25a834751 | 1968 | #define MFL_PARSE TLSX_MFL_Parse |
wolfSSL | 11:cee25a834751 | 1969 | |
wolfSSL | 11:cee25a834751 | 1970 | #else |
wolfSSL | 11:cee25a834751 | 1971 | |
wolfSSL | 11:cee25a834751 | 1972 | #define MFL_FREE_ALL(a, b) |
wolfSSL | 11:cee25a834751 | 1973 | #define MFL_GET_SIZE(a) 0 |
wolfSSL | 11:cee25a834751 | 1974 | #define MFL_WRITE(a, b) 0 |
wolfSSL | 11:cee25a834751 | 1975 | #define MFL_PARSE(a, b, c, d) 0 |
wolfSSL | 11:cee25a834751 | 1976 | |
wolfSSL | 11:cee25a834751 | 1977 | #endif /* HAVE_MAX_FRAGMENT */ |
wolfSSL | 11:cee25a834751 | 1978 | |
wolfSSL | 11:cee25a834751 | 1979 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 1980 | /* Truncated HMAC */ |
wolfSSL | 11:cee25a834751 | 1981 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 1982 | |
wolfSSL | 11:cee25a834751 | 1983 | #ifdef HAVE_TRUNCATED_HMAC |
wolfSSL | 11:cee25a834751 | 1984 | |
wolfSSL | 11:cee25a834751 | 1985 | static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 11:cee25a834751 | 1986 | byte isRequest) |
wolfSSL | 11:cee25a834751 | 1987 | { |
wolfSSL | 11:cee25a834751 | 1988 | (void)isRequest; |
wolfSSL | 11:cee25a834751 | 1989 | |
wolfSSL | 11:cee25a834751 | 1990 | if (length != 0 || input == NULL) |
wolfSSL | 11:cee25a834751 | 1991 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 1992 | |
wolfSSL | 11:cee25a834751 | 1993 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 1994 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 1995 | int r = TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap); |
wolfSSL | 11:cee25a834751 | 1996 | |
wolfSSL | 11:cee25a834751 | 1997 | if (r != SSL_SUCCESS) |
wolfSSL | 11:cee25a834751 | 1998 | return r; /* throw error */ |
wolfSSL | 11:cee25a834751 | 1999 | |
wolfSSL | 11:cee25a834751 | 2000 | TLSX_SetResponse(ssl, TLSX_TRUNCATED_HMAC); |
wolfSSL | 11:cee25a834751 | 2001 | } |
wolfSSL | 11:cee25a834751 | 2002 | #endif |
wolfSSL | 11:cee25a834751 | 2003 | |
wolfSSL | 11:cee25a834751 | 2004 | ssl->truncated_hmac = 1; |
wolfSSL | 11:cee25a834751 | 2005 | |
wolfSSL | 11:cee25a834751 | 2006 | return 0; |
wolfSSL | 11:cee25a834751 | 2007 | } |
wolfSSL | 11:cee25a834751 | 2008 | |
wolfSSL | 11:cee25a834751 | 2009 | int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap) |
wolfSSL | 11:cee25a834751 | 2010 | { |
wolfSSL | 11:cee25a834751 | 2011 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 2012 | |
wolfSSL | 11:cee25a834751 | 2013 | if (extensions == NULL) |
wolfSSL | 11:cee25a834751 | 2014 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 2015 | |
wolfSSL | 11:cee25a834751 | 2016 | if ((ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL, heap)) != 0) |
wolfSSL | 11:cee25a834751 | 2017 | return ret; |
wolfSSL | 11:cee25a834751 | 2018 | |
wolfSSL | 11:cee25a834751 | 2019 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 2020 | } |
wolfSSL | 11:cee25a834751 | 2021 | |
wolfSSL | 11:cee25a834751 | 2022 | #define THM_PARSE TLSX_THM_Parse |
wolfSSL | 11:cee25a834751 | 2023 | |
wolfSSL | 11:cee25a834751 | 2024 | #else |
wolfSSL | 11:cee25a834751 | 2025 | |
wolfSSL | 11:cee25a834751 | 2026 | #define THM_PARSE(a, b, c, d) 0 |
wolfSSL | 11:cee25a834751 | 2027 | |
wolfSSL | 11:cee25a834751 | 2028 | #endif /* HAVE_TRUNCATED_HMAC */ |
wolfSSL | 11:cee25a834751 | 2029 | |
wolfSSL | 11:cee25a834751 | 2030 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 2031 | /* Certificate Status Request */ |
wolfSSL | 11:cee25a834751 | 2032 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 2033 | |
wolfSSL | 11:cee25a834751 | 2034 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
wolfSSL | 11:cee25a834751 | 2035 | |
wolfSSL | 11:cee25a834751 | 2036 | static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap) |
wolfSSL | 11:cee25a834751 | 2037 | { |
wolfSSL | 11:cee25a834751 | 2038 | switch (csr->status_type) { |
wolfSSL | 11:cee25a834751 | 2039 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 11:cee25a834751 | 2040 | FreeOcspRequest(&csr->request.ocsp); |
wolfSSL | 11:cee25a834751 | 2041 | break; |
wolfSSL | 11:cee25a834751 | 2042 | } |
wolfSSL | 11:cee25a834751 | 2043 | |
wolfSSL | 11:cee25a834751 | 2044 | XFREE(csr, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 2045 | (void)heap; |
wolfSSL | 11:cee25a834751 | 2046 | } |
wolfSSL | 11:cee25a834751 | 2047 | |
wolfSSL | 11:cee25a834751 | 2048 | static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) |
wolfSSL | 11:cee25a834751 | 2049 | { |
wolfSSL | 11:cee25a834751 | 2050 | word16 size = 0; |
wolfSSL | 11:cee25a834751 | 2051 | |
wolfSSL | 11:cee25a834751 | 2052 | /* shut up compiler warnings */ |
wolfSSL | 11:cee25a834751 | 2053 | (void) csr; (void) isRequest; |
wolfSSL | 11:cee25a834751 | 2054 | |
wolfSSL | 11:cee25a834751 | 2055 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 2056 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 2057 | switch (csr->status_type) { |
wolfSSL | 11:cee25a834751 | 2058 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 11:cee25a834751 | 2059 | size += ENUM_LEN + 2 * OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 2060 | |
wolfSSL | 11:cee25a834751 | 2061 | if (csr->request.ocsp.nonceSz) |
wolfSSL | 11:cee25a834751 | 2062 | size += OCSP_NONCE_EXT_SZ; |
wolfSSL | 11:cee25a834751 | 2063 | break; |
wolfSSL | 11:cee25a834751 | 2064 | } |
wolfSSL | 11:cee25a834751 | 2065 | } |
wolfSSL | 11:cee25a834751 | 2066 | #endif |
wolfSSL | 11:cee25a834751 | 2067 | |
wolfSSL | 11:cee25a834751 | 2068 | return size; |
wolfSSL | 11:cee25a834751 | 2069 | } |
wolfSSL | 11:cee25a834751 | 2070 | |
wolfSSL | 11:cee25a834751 | 2071 | static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, |
wolfSSL | 11:cee25a834751 | 2072 | byte isRequest) |
wolfSSL | 11:cee25a834751 | 2073 | { |
wolfSSL | 11:cee25a834751 | 2074 | /* shut up compiler warnings */ |
wolfSSL | 11:cee25a834751 | 2075 | (void) csr; (void) output; (void) isRequest; |
wolfSSL | 11:cee25a834751 | 2076 | |
wolfSSL | 11:cee25a834751 | 2077 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 2078 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 2079 | word16 offset = 0; |
wolfSSL | 11:cee25a834751 | 2080 | word16 length = 0; |
wolfSSL | 11:cee25a834751 | 2081 | |
wolfSSL | 11:cee25a834751 | 2082 | /* type */ |
wolfSSL | 11:cee25a834751 | 2083 | output[offset++] = csr->status_type; |
wolfSSL | 11:cee25a834751 | 2084 | |
wolfSSL | 11:cee25a834751 | 2085 | switch (csr->status_type) { |
wolfSSL | 11:cee25a834751 | 2086 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 11:cee25a834751 | 2087 | /* responder id list */ |
wolfSSL | 11:cee25a834751 | 2088 | c16toa(0, output + offset); |
wolfSSL | 11:cee25a834751 | 2089 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 2090 | |
wolfSSL | 11:cee25a834751 | 2091 | /* request extensions */ |
wolfSSL | 11:cee25a834751 | 2092 | if (csr->request.ocsp.nonceSz) |
wolfSSL | 11:cee25a834751 | 2093 | length = (word16)EncodeOcspRequestExtensions( |
wolfSSL | 11:cee25a834751 | 2094 | &csr->request.ocsp, |
wolfSSL | 11:cee25a834751 | 2095 | output + offset + OPAQUE16_LEN, |
wolfSSL | 11:cee25a834751 | 2096 | OCSP_NONCE_EXT_SZ); |
wolfSSL | 11:cee25a834751 | 2097 | |
wolfSSL | 11:cee25a834751 | 2098 | c16toa(length, output + offset); |
wolfSSL | 11:cee25a834751 | 2099 | offset += OPAQUE16_LEN + length; |
wolfSSL | 11:cee25a834751 | 2100 | |
wolfSSL | 11:cee25a834751 | 2101 | break; |
wolfSSL | 11:cee25a834751 | 2102 | } |
wolfSSL | 11:cee25a834751 | 2103 | |
wolfSSL | 11:cee25a834751 | 2104 | return offset; |
wolfSSL | 11:cee25a834751 | 2105 | } |
wolfSSL | 11:cee25a834751 | 2106 | #endif |
wolfSSL | 11:cee25a834751 | 2107 | |
wolfSSL | 11:cee25a834751 | 2108 | return 0; |
wolfSSL | 11:cee25a834751 | 2109 | } |
wolfSSL | 11:cee25a834751 | 2110 | |
wolfSSL | 11:cee25a834751 | 2111 | static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 11:cee25a834751 | 2112 | byte isRequest) |
wolfSSL | 11:cee25a834751 | 2113 | { |
wolfSSL | 11:cee25a834751 | 2114 | int ret; |
wolfSSL | 11:cee25a834751 | 2115 | |
wolfSSL | 11:cee25a834751 | 2116 | /* shut up compiler warnings */ |
wolfSSL | 11:cee25a834751 | 2117 | (void) ssl; (void) input; |
wolfSSL | 11:cee25a834751 | 2118 | |
wolfSSL | 11:cee25a834751 | 2119 | if (!isRequest) { |
wolfSSL | 11:cee25a834751 | 2120 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 2121 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 11:cee25a834751 | 2122 | CertificateStatusRequest* csr = extension ? |
wolfSSL | 11:cee25a834751 | 2123 | (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 11:cee25a834751 | 2124 | |
wolfSSL | 11:cee25a834751 | 2125 | if (!csr) { |
wolfSSL | 11:cee25a834751 | 2126 | /* look at context level */ |
wolfSSL | 11:cee25a834751 | 2127 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 11:cee25a834751 | 2128 | csr = extension ? (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 11:cee25a834751 | 2129 | |
wolfSSL | 11:cee25a834751 | 2130 | if (!csr) |
wolfSSL | 11:cee25a834751 | 2131 | return BUFFER_ERROR; /* unexpected extension */ |
wolfSSL | 11:cee25a834751 | 2132 | |
wolfSSL | 11:cee25a834751 | 2133 | /* enable extension at ssl level */ |
wolfSSL | 11:cee25a834751 | 2134 | ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, |
wolfSSL | 11:cee25a834751 | 2135 | csr->status_type, csr->options, ssl->heap, |
wolfSSL | 11:cee25a834751 | 2136 | ssl->devId); |
wolfSSL | 11:cee25a834751 | 2137 | if (ret != SSL_SUCCESS) |
wolfSSL | 11:cee25a834751 | 2138 | return ret; |
wolfSSL | 11:cee25a834751 | 2139 | |
wolfSSL | 11:cee25a834751 | 2140 | switch (csr->status_type) { |
wolfSSL | 11:cee25a834751 | 2141 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 11:cee25a834751 | 2142 | /* propagate nonce */ |
wolfSSL | 11:cee25a834751 | 2143 | if (csr->request.ocsp.nonceSz) { |
wolfSSL | 11:cee25a834751 | 2144 | OcspRequest* request = |
wolfSSL | 11:cee25a834751 | 2145 | (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions); |
wolfSSL | 11:cee25a834751 | 2146 | |
wolfSSL | 11:cee25a834751 | 2147 | if (request) { |
wolfSSL | 11:cee25a834751 | 2148 | XMEMCPY(request->nonce, csr->request.ocsp.nonce, |
wolfSSL | 11:cee25a834751 | 2149 | csr->request.ocsp.nonceSz); |
wolfSSL | 11:cee25a834751 | 2150 | request->nonceSz = csr->request.ocsp.nonceSz; |
wolfSSL | 11:cee25a834751 | 2151 | } |
wolfSSL | 11:cee25a834751 | 2152 | } |
wolfSSL | 11:cee25a834751 | 2153 | break; |
wolfSSL | 11:cee25a834751 | 2154 | } |
wolfSSL | 11:cee25a834751 | 2155 | } |
wolfSSL | 11:cee25a834751 | 2156 | |
wolfSSL | 11:cee25a834751 | 2157 | ssl->status_request = 1; |
wolfSSL | 11:cee25a834751 | 2158 | |
wolfSSL | 11:cee25a834751 | 2159 | return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */ |
wolfSSL | 11:cee25a834751 | 2160 | #endif |
wolfSSL | 11:cee25a834751 | 2161 | } |
wolfSSL | 11:cee25a834751 | 2162 | else { |
wolfSSL | 11:cee25a834751 | 2163 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 2164 | byte status_type; |
wolfSSL | 11:cee25a834751 | 2165 | word16 offset = 0; |
wolfSSL | 11:cee25a834751 | 2166 | word16 size = 0; |
wolfSSL | 11:cee25a834751 | 2167 | |
wolfSSL | 11:cee25a834751 | 2168 | if (length < ENUM_LEN) |
wolfSSL | 11:cee25a834751 | 2169 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 2170 | |
wolfSSL | 11:cee25a834751 | 2171 | status_type = input[offset++]; |
wolfSSL | 11:cee25a834751 | 2172 | |
wolfSSL | 11:cee25a834751 | 2173 | switch (status_type) { |
wolfSSL | 11:cee25a834751 | 2174 | case WOLFSSL_CSR_OCSP: { |
wolfSSL | 11:cee25a834751 | 2175 | |
wolfSSL | 11:cee25a834751 | 2176 | /* skip responder_id_list */ |
wolfSSL | 11:cee25a834751 | 2177 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 11:cee25a834751 | 2178 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 2179 | |
wolfSSL | 11:cee25a834751 | 2180 | ato16(input + offset, &size); |
wolfSSL | 11:cee25a834751 | 2181 | offset += OPAQUE16_LEN + size; |
wolfSSL | 11:cee25a834751 | 2182 | |
wolfSSL | 11:cee25a834751 | 2183 | /* skip request_extensions */ |
wolfSSL | 11:cee25a834751 | 2184 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 11:cee25a834751 | 2185 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 2186 | |
wolfSSL | 11:cee25a834751 | 2187 | ato16(input + offset, &size); |
wolfSSL | 11:cee25a834751 | 2188 | offset += OPAQUE16_LEN + size; |
wolfSSL | 11:cee25a834751 | 2189 | |
wolfSSL | 11:cee25a834751 | 2190 | if (offset > length) |
wolfSSL | 11:cee25a834751 | 2191 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 2192 | |
wolfSSL | 11:cee25a834751 | 2193 | /* is able to send OCSP response? */ |
wolfSSL | 11:cee25a834751 | 2194 | if (ssl->ctx->cm == NULL || !ssl->ctx->cm->ocspStaplingEnabled) |
wolfSSL | 11:cee25a834751 | 2195 | return 0; |
wolfSSL | 11:cee25a834751 | 2196 | } |
wolfSSL | 11:cee25a834751 | 2197 | break; |
wolfSSL | 11:cee25a834751 | 2198 | |
wolfSSL | 11:cee25a834751 | 2199 | /* unknown status type */ |
wolfSSL | 11:cee25a834751 | 2200 | default: |
wolfSSL | 11:cee25a834751 | 2201 | return 0; |
wolfSSL | 11:cee25a834751 | 2202 | } |
wolfSSL | 11:cee25a834751 | 2203 | |
wolfSSL | 11:cee25a834751 | 2204 | /* if using status_request and already sending it, skip this one */ |
wolfSSL | 11:cee25a834751 | 2205 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 |
wolfSSL | 11:cee25a834751 | 2206 | if (ssl->status_request_v2) |
wolfSSL | 11:cee25a834751 | 2207 | return 0; |
wolfSSL | 11:cee25a834751 | 2208 | #endif |
wolfSSL | 11:cee25a834751 | 2209 | |
wolfSSL | 11:cee25a834751 | 2210 | /* accept the first good status_type and return */ |
wolfSSL | 11:cee25a834751 | 2211 | ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type, |
wolfSSL | 11:cee25a834751 | 2212 | 0, ssl->heap, ssl->devId); |
wolfSSL | 11:cee25a834751 | 2213 | if (ret != SSL_SUCCESS) |
wolfSSL | 11:cee25a834751 | 2214 | return ret; /* throw error */ |
wolfSSL | 11:cee25a834751 | 2215 | |
wolfSSL | 11:cee25a834751 | 2216 | TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST); |
wolfSSL | 11:cee25a834751 | 2217 | ssl->status_request = status_type; |
wolfSSL | 11:cee25a834751 | 2218 | |
wolfSSL | 11:cee25a834751 | 2219 | #endif |
wolfSSL | 11:cee25a834751 | 2220 | } |
wolfSSL | 11:cee25a834751 | 2221 | |
wolfSSL | 11:cee25a834751 | 2222 | return 0; |
wolfSSL | 11:cee25a834751 | 2223 | } |
wolfSSL | 11:cee25a834751 | 2224 | |
wolfSSL | 11:cee25a834751 | 2225 | int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) |
wolfSSL | 11:cee25a834751 | 2226 | { |
wolfSSL | 11:cee25a834751 | 2227 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 11:cee25a834751 | 2228 | CertificateStatusRequest* csr = extension ? |
wolfSSL | 11:cee25a834751 | 2229 | (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 11:cee25a834751 | 2230 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 2231 | |
wolfSSL | 11:cee25a834751 | 2232 | if (csr) { |
wolfSSL | 11:cee25a834751 | 2233 | switch (csr->status_type) { |
wolfSSL | 11:cee25a834751 | 2234 | case WOLFSSL_CSR_OCSP: { |
wolfSSL | 11:cee25a834751 | 2235 | byte nonce[MAX_OCSP_NONCE_SZ]; |
wolfSSL | 11:cee25a834751 | 2236 | int nonceSz = csr->request.ocsp.nonceSz; |
wolfSSL | 11:cee25a834751 | 2237 | |
wolfSSL | 11:cee25a834751 | 2238 | /* preserve nonce */ |
wolfSSL | 11:cee25a834751 | 2239 | XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz); |
wolfSSL | 11:cee25a834751 | 2240 | |
wolfSSL | 11:cee25a834751 | 2241 | if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap)) |
wolfSSL | 11:cee25a834751 | 2242 | != 0) |
wolfSSL | 11:cee25a834751 | 2243 | return ret; |
wolfSSL | 11:cee25a834751 | 2244 | |
wolfSSL | 11:cee25a834751 | 2245 | /* restore nonce */ |
wolfSSL | 11:cee25a834751 | 2246 | XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz); |
wolfSSL | 11:cee25a834751 | 2247 | csr->request.ocsp.nonceSz = nonceSz; |
wolfSSL | 11:cee25a834751 | 2248 | } |
wolfSSL | 11:cee25a834751 | 2249 | break; |
wolfSSL | 11:cee25a834751 | 2250 | } |
wolfSSL | 11:cee25a834751 | 2251 | } |
wolfSSL | 11:cee25a834751 | 2252 | |
wolfSSL | 11:cee25a834751 | 2253 | return ret; |
wolfSSL | 11:cee25a834751 | 2254 | } |
wolfSSL | 11:cee25a834751 | 2255 | |
wolfSSL | 11:cee25a834751 | 2256 | void* TLSX_CSR_GetRequest(TLSX* extensions) |
wolfSSL | 11:cee25a834751 | 2257 | { |
wolfSSL | 11:cee25a834751 | 2258 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 11:cee25a834751 | 2259 | CertificateStatusRequest* csr = extension ? |
wolfSSL | 11:cee25a834751 | 2260 | (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 11:cee25a834751 | 2261 | |
wolfSSL | 11:cee25a834751 | 2262 | if (csr) { |
wolfSSL | 11:cee25a834751 | 2263 | switch (csr->status_type) { |
wolfSSL | 11:cee25a834751 | 2264 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 11:cee25a834751 | 2265 | return &csr->request.ocsp; |
wolfSSL | 11:cee25a834751 | 2266 | break; |
wolfSSL | 11:cee25a834751 | 2267 | } |
wolfSSL | 11:cee25a834751 | 2268 | } |
wolfSSL | 11:cee25a834751 | 2269 | |
wolfSSL | 11:cee25a834751 | 2270 | return NULL; |
wolfSSL | 11:cee25a834751 | 2271 | } |
wolfSSL | 11:cee25a834751 | 2272 | |
wolfSSL | 11:cee25a834751 | 2273 | int TLSX_CSR_ForceRequest(WOLFSSL* ssl) |
wolfSSL | 11:cee25a834751 | 2274 | { |
wolfSSL | 11:cee25a834751 | 2275 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 11:cee25a834751 | 2276 | CertificateStatusRequest* csr = extension ? |
wolfSSL | 11:cee25a834751 | 2277 | (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 11:cee25a834751 | 2278 | |
wolfSSL | 11:cee25a834751 | 2279 | if (csr) { |
wolfSSL | 11:cee25a834751 | 2280 | switch (csr->status_type) { |
wolfSSL | 11:cee25a834751 | 2281 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 11:cee25a834751 | 2282 | if (ssl->ctx->cm->ocspEnabled) { |
wolfSSL | 11:cee25a834751 | 2283 | #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 11:cee25a834751 | 2284 | csr->request.ocsp.ssl = ssl; |
wolfSSL | 11:cee25a834751 | 2285 | #endif |
wolfSSL | 11:cee25a834751 | 2286 | return CheckOcspRequest(ssl->ctx->cm->ocsp, |
wolfSSL | 11:cee25a834751 | 2287 | &csr->request.ocsp, NULL); |
wolfSSL | 11:cee25a834751 | 2288 | } |
wolfSSL | 11:cee25a834751 | 2289 | else |
wolfSSL | 11:cee25a834751 | 2290 | return OCSP_LOOKUP_FAIL; |
wolfSSL | 11:cee25a834751 | 2291 | } |
wolfSSL | 11:cee25a834751 | 2292 | } |
wolfSSL | 11:cee25a834751 | 2293 | |
wolfSSL | 11:cee25a834751 | 2294 | return 0; |
wolfSSL | 11:cee25a834751 | 2295 | } |
wolfSSL | 11:cee25a834751 | 2296 | |
wolfSSL | 11:cee25a834751 | 2297 | int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, |
wolfSSL | 11:cee25a834751 | 2298 | byte options, void* heap, int devId) |
wolfSSL | 11:cee25a834751 | 2299 | { |
wolfSSL | 11:cee25a834751 | 2300 | CertificateStatusRequest* csr = NULL; |
wolfSSL | 11:cee25a834751 | 2301 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 2302 | |
wolfSSL | 11:cee25a834751 | 2303 | if (!extensions || status_type != WOLFSSL_CSR_OCSP) |
wolfSSL | 11:cee25a834751 | 2304 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 2305 | |
wolfSSL | 11:cee25a834751 | 2306 | csr = (CertificateStatusRequest*) |
wolfSSL | 11:cee25a834751 | 2307 | XMALLOC(sizeof(CertificateStatusRequest), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 2308 | if (!csr) |
wolfSSL | 11:cee25a834751 | 2309 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 2310 | |
wolfSSL | 11:cee25a834751 | 2311 | ForceZero(csr, sizeof(CertificateStatusRequest)); |
wolfSSL | 11:cee25a834751 | 2312 | |
wolfSSL | 11:cee25a834751 | 2313 | csr->status_type = status_type; |
wolfSSL | 11:cee25a834751 | 2314 | csr->options = options; |
wolfSSL | 11:cee25a834751 | 2315 | |
wolfSSL | 11:cee25a834751 | 2316 | switch (csr->status_type) { |
wolfSSL | 11:cee25a834751 | 2317 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 11:cee25a834751 | 2318 | if (options & WOLFSSL_CSR_OCSP_USE_NONCE) { |
wolfSSL | 11:cee25a834751 | 2319 | WC_RNG rng; |
wolfSSL | 11:cee25a834751 | 2320 | |
wolfSSL | 11:cee25a834751 | 2321 | #ifndef HAVE_FIPS |
wolfSSL | 11:cee25a834751 | 2322 | ret = wc_InitRng_ex(&rng, heap, devId); |
wolfSSL | 11:cee25a834751 | 2323 | #else |
wolfSSL | 11:cee25a834751 | 2324 | ret = wc_InitRng(&rng); |
wolfSSL | 11:cee25a834751 | 2325 | (void)devId; |
wolfSSL | 11:cee25a834751 | 2326 | #endif |
wolfSSL | 11:cee25a834751 | 2327 | if (ret == 0) { |
wolfSSL | 11:cee25a834751 | 2328 | if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce, |
wolfSSL | 11:cee25a834751 | 2329 | MAX_OCSP_NONCE_SZ) == 0) |
wolfSSL | 11:cee25a834751 | 2330 | csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ; |
wolfSSL | 11:cee25a834751 | 2331 | |
wolfSSL | 11:cee25a834751 | 2332 | wc_FreeRng(&rng); |
wolfSSL | 11:cee25a834751 | 2333 | } |
wolfSSL | 11:cee25a834751 | 2334 | } |
wolfSSL | 11:cee25a834751 | 2335 | break; |
wolfSSL | 11:cee25a834751 | 2336 | } |
wolfSSL | 11:cee25a834751 | 2337 | |
wolfSSL | 11:cee25a834751 | 2338 | if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST, csr, heap)) != 0) { |
wolfSSL | 11:cee25a834751 | 2339 | XFREE(csr, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 2340 | return ret; |
wolfSSL | 11:cee25a834751 | 2341 | } |
wolfSSL | 11:cee25a834751 | 2342 | |
wolfSSL | 11:cee25a834751 | 2343 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 2344 | } |
wolfSSL | 11:cee25a834751 | 2345 | |
wolfSSL | 11:cee25a834751 | 2346 | #define CSR_FREE_ALL TLSX_CSR_Free |
wolfSSL | 11:cee25a834751 | 2347 | #define CSR_GET_SIZE TLSX_CSR_GetSize |
wolfSSL | 11:cee25a834751 | 2348 | #define CSR_WRITE TLSX_CSR_Write |
wolfSSL | 11:cee25a834751 | 2349 | #define CSR_PARSE TLSX_CSR_Parse |
wolfSSL | 11:cee25a834751 | 2350 | |
wolfSSL | 11:cee25a834751 | 2351 | #else |
wolfSSL | 11:cee25a834751 | 2352 | |
wolfSSL | 11:cee25a834751 | 2353 | #define CSR_FREE_ALL(data, heap) |
wolfSSL | 11:cee25a834751 | 2354 | #define CSR_GET_SIZE(a, b) 0 |
wolfSSL | 11:cee25a834751 | 2355 | #define CSR_WRITE(a, b, c) 0 |
wolfSSL | 11:cee25a834751 | 2356 | #define CSR_PARSE(a, b, c, d) 0 |
wolfSSL | 11:cee25a834751 | 2357 | |
wolfSSL | 11:cee25a834751 | 2358 | #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ |
wolfSSL | 11:cee25a834751 | 2359 | |
wolfSSL | 11:cee25a834751 | 2360 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 2361 | /* Certificate Status Request v2 */ |
wolfSSL | 11:cee25a834751 | 2362 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 2363 | |
wolfSSL | 11:cee25a834751 | 2364 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 |
wolfSSL | 11:cee25a834751 | 2365 | |
wolfSSL | 11:cee25a834751 | 2366 | static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2, void* heap) |
wolfSSL | 11:cee25a834751 | 2367 | { |
wolfSSL | 11:cee25a834751 | 2368 | CertificateStatusRequestItemV2* next; |
wolfSSL | 11:cee25a834751 | 2369 | |
wolfSSL | 11:cee25a834751 | 2370 | for (; csr2; csr2 = next) { |
wolfSSL | 11:cee25a834751 | 2371 | next = csr2->next; |
wolfSSL | 11:cee25a834751 | 2372 | |
wolfSSL | 11:cee25a834751 | 2373 | switch (csr2->status_type) { |
wolfSSL | 11:cee25a834751 | 2374 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 11:cee25a834751 | 2375 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 11:cee25a834751 | 2376 | while(csr2->requests--) |
wolfSSL | 11:cee25a834751 | 2377 | FreeOcspRequest(&csr2->request.ocsp[csr2->requests]); |
wolfSSL | 11:cee25a834751 | 2378 | break; |
wolfSSL | 11:cee25a834751 | 2379 | } |
wolfSSL | 11:cee25a834751 | 2380 | |
wolfSSL | 11:cee25a834751 | 2381 | XFREE(csr2, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 2382 | } |
wolfSSL | 11:cee25a834751 | 2383 | (void)heap; |
wolfSSL | 11:cee25a834751 | 2384 | } |
wolfSSL | 11:cee25a834751 | 2385 | |
wolfSSL | 11:cee25a834751 | 2386 | static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2, |
wolfSSL | 11:cee25a834751 | 2387 | byte isRequest) |
wolfSSL | 11:cee25a834751 | 2388 | { |
wolfSSL | 11:cee25a834751 | 2389 | word16 size = 0; |
wolfSSL | 11:cee25a834751 | 2390 | |
wolfSSL | 11:cee25a834751 | 2391 | /* shut up compiler warnings */ |
wolfSSL | 11:cee25a834751 | 2392 | (void) csr2; (void) isRequest; |
wolfSSL | 11:cee25a834751 | 2393 | |
wolfSSL | 11:cee25a834751 | 2394 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 2395 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 2396 | CertificateStatusRequestItemV2* next; |
wolfSSL | 11:cee25a834751 | 2397 | |
wolfSSL | 11:cee25a834751 | 2398 | for (size = OPAQUE16_LEN; csr2; csr2 = next) { |
wolfSSL | 11:cee25a834751 | 2399 | next = csr2->next; |
wolfSSL | 11:cee25a834751 | 2400 | |
wolfSSL | 11:cee25a834751 | 2401 | switch (csr2->status_type) { |
wolfSSL | 11:cee25a834751 | 2402 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 11:cee25a834751 | 2403 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 11:cee25a834751 | 2404 | size += ENUM_LEN + 3 * OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 2405 | |
wolfSSL | 11:cee25a834751 | 2406 | if (csr2->request.ocsp[0].nonceSz) |
wolfSSL | 11:cee25a834751 | 2407 | size += OCSP_NONCE_EXT_SZ; |
wolfSSL | 11:cee25a834751 | 2408 | break; |
wolfSSL | 11:cee25a834751 | 2409 | } |
wolfSSL | 11:cee25a834751 | 2410 | } |
wolfSSL | 11:cee25a834751 | 2411 | } |
wolfSSL | 11:cee25a834751 | 2412 | #endif |
wolfSSL | 11:cee25a834751 | 2413 | |
wolfSSL | 11:cee25a834751 | 2414 | return size; |
wolfSSL | 11:cee25a834751 | 2415 | } |
wolfSSL | 11:cee25a834751 | 2416 | |
wolfSSL | 11:cee25a834751 | 2417 | static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2, |
wolfSSL | 11:cee25a834751 | 2418 | byte* output, byte isRequest) |
wolfSSL | 11:cee25a834751 | 2419 | { |
wolfSSL | 11:cee25a834751 | 2420 | /* shut up compiler warnings */ |
wolfSSL | 11:cee25a834751 | 2421 | (void) csr2; (void) output; (void) isRequest; |
wolfSSL | 11:cee25a834751 | 2422 | |
wolfSSL | 11:cee25a834751 | 2423 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 2424 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 2425 | word16 offset; |
wolfSSL | 11:cee25a834751 | 2426 | word16 length; |
wolfSSL | 11:cee25a834751 | 2427 | |
wolfSSL | 11:cee25a834751 | 2428 | for (offset = OPAQUE16_LEN; csr2 != NULL; csr2 = csr2->next) { |
wolfSSL | 11:cee25a834751 | 2429 | /* status_type */ |
wolfSSL | 11:cee25a834751 | 2430 | output[offset++] = csr2->status_type; |
wolfSSL | 11:cee25a834751 | 2431 | |
wolfSSL | 11:cee25a834751 | 2432 | /* request */ |
wolfSSL | 11:cee25a834751 | 2433 | switch (csr2->status_type) { |
wolfSSL | 11:cee25a834751 | 2434 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 11:cee25a834751 | 2435 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 11:cee25a834751 | 2436 | /* request_length */ |
wolfSSL | 11:cee25a834751 | 2437 | length = 2 * OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 2438 | |
wolfSSL | 11:cee25a834751 | 2439 | if (csr2->request.ocsp[0].nonceSz) |
wolfSSL | 11:cee25a834751 | 2440 | length += OCSP_NONCE_EXT_SZ; |
wolfSSL | 11:cee25a834751 | 2441 | |
wolfSSL | 11:cee25a834751 | 2442 | c16toa(length, output + offset); |
wolfSSL | 11:cee25a834751 | 2443 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 2444 | |
wolfSSL | 11:cee25a834751 | 2445 | /* responder id list */ |
wolfSSL | 11:cee25a834751 | 2446 | c16toa(0, output + offset); |
wolfSSL | 11:cee25a834751 | 2447 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 2448 | |
wolfSSL | 11:cee25a834751 | 2449 | /* request extensions */ |
wolfSSL | 11:cee25a834751 | 2450 | length = 0; |
wolfSSL | 11:cee25a834751 | 2451 | |
wolfSSL | 11:cee25a834751 | 2452 | if (csr2->request.ocsp[0].nonceSz) |
wolfSSL | 11:cee25a834751 | 2453 | length = (word16)EncodeOcspRequestExtensions( |
wolfSSL | 11:cee25a834751 | 2454 | &csr2->request.ocsp[0], |
wolfSSL | 11:cee25a834751 | 2455 | output + offset + OPAQUE16_LEN, |
wolfSSL | 11:cee25a834751 | 2456 | OCSP_NONCE_EXT_SZ); |
wolfSSL | 11:cee25a834751 | 2457 | |
wolfSSL | 11:cee25a834751 | 2458 | c16toa(length, output + offset); |
wolfSSL | 11:cee25a834751 | 2459 | offset += OPAQUE16_LEN + length; |
wolfSSL | 11:cee25a834751 | 2460 | break; |
wolfSSL | 11:cee25a834751 | 2461 | } |
wolfSSL | 11:cee25a834751 | 2462 | } |
wolfSSL | 11:cee25a834751 | 2463 | |
wolfSSL | 11:cee25a834751 | 2464 | /* list size */ |
wolfSSL | 11:cee25a834751 | 2465 | c16toa(offset - OPAQUE16_LEN, output); |
wolfSSL | 11:cee25a834751 | 2466 | |
wolfSSL | 11:cee25a834751 | 2467 | return offset; |
wolfSSL | 11:cee25a834751 | 2468 | } |
wolfSSL | 11:cee25a834751 | 2469 | #endif |
wolfSSL | 11:cee25a834751 | 2470 | |
wolfSSL | 11:cee25a834751 | 2471 | return 0; |
wolfSSL | 11:cee25a834751 | 2472 | } |
wolfSSL | 11:cee25a834751 | 2473 | |
wolfSSL | 11:cee25a834751 | 2474 | static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 11:cee25a834751 | 2475 | byte isRequest) |
wolfSSL | 11:cee25a834751 | 2476 | { |
wolfSSL | 11:cee25a834751 | 2477 | int ret; |
wolfSSL | 11:cee25a834751 | 2478 | |
wolfSSL | 11:cee25a834751 | 2479 | /* shut up compiler warnings */ |
wolfSSL | 11:cee25a834751 | 2480 | (void) ssl; (void) input; |
wolfSSL | 11:cee25a834751 | 2481 | |
wolfSSL | 11:cee25a834751 | 2482 | if (!isRequest) { |
wolfSSL | 11:cee25a834751 | 2483 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 2484 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 11:cee25a834751 | 2485 | CertificateStatusRequestItemV2* csr2 = extension ? |
wolfSSL | 11:cee25a834751 | 2486 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 11:cee25a834751 | 2487 | |
wolfSSL | 11:cee25a834751 | 2488 | if (!csr2) { |
wolfSSL | 11:cee25a834751 | 2489 | /* look at context level */ |
wolfSSL | 11:cee25a834751 | 2490 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 11:cee25a834751 | 2491 | csr2 = extension ? |
wolfSSL | 11:cee25a834751 | 2492 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 11:cee25a834751 | 2493 | |
wolfSSL | 11:cee25a834751 | 2494 | if (!csr2) |
wolfSSL | 11:cee25a834751 | 2495 | return BUFFER_ERROR; /* unexpected extension */ |
wolfSSL | 11:cee25a834751 | 2496 | |
wolfSSL | 11:cee25a834751 | 2497 | /* enable extension at ssl level */ |
wolfSSL | 11:cee25a834751 | 2498 | for (; csr2; csr2 = csr2->next) { |
wolfSSL | 11:cee25a834751 | 2499 | ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, |
wolfSSL | 11:cee25a834751 | 2500 | csr2->status_type, csr2->options, ssl->heap, ssl->devId); |
wolfSSL | 11:cee25a834751 | 2501 | if (ret != SSL_SUCCESS) |
wolfSSL | 11:cee25a834751 | 2502 | return ret; |
wolfSSL | 11:cee25a834751 | 2503 | |
wolfSSL | 11:cee25a834751 | 2504 | switch (csr2->status_type) { |
wolfSSL | 11:cee25a834751 | 2505 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 11:cee25a834751 | 2506 | /* followed by */ |
wolfSSL | 11:cee25a834751 | 2507 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 11:cee25a834751 | 2508 | /* propagate nonce */ |
wolfSSL | 11:cee25a834751 | 2509 | if (csr2->request.ocsp[0].nonceSz) { |
wolfSSL | 11:cee25a834751 | 2510 | OcspRequest* request = |
wolfSSL | 11:cee25a834751 | 2511 | (OcspRequest*)TLSX_CSR2_GetRequest(ssl->extensions, |
wolfSSL | 11:cee25a834751 | 2512 | csr2->status_type, 0); |
wolfSSL | 11:cee25a834751 | 2513 | |
wolfSSL | 11:cee25a834751 | 2514 | if (request) { |
wolfSSL | 11:cee25a834751 | 2515 | XMEMCPY(request->nonce, |
wolfSSL | 11:cee25a834751 | 2516 | csr2->request.ocsp[0].nonce, |
wolfSSL | 11:cee25a834751 | 2517 | csr2->request.ocsp[0].nonceSz); |
wolfSSL | 11:cee25a834751 | 2518 | |
wolfSSL | 11:cee25a834751 | 2519 | request->nonceSz = |
wolfSSL | 11:cee25a834751 | 2520 | csr2->request.ocsp[0].nonceSz; |
wolfSSL | 11:cee25a834751 | 2521 | } |
wolfSSL | 11:cee25a834751 | 2522 | } |
wolfSSL | 11:cee25a834751 | 2523 | break; |
wolfSSL | 11:cee25a834751 | 2524 | } |
wolfSSL | 11:cee25a834751 | 2525 | } |
wolfSSL | 11:cee25a834751 | 2526 | } |
wolfSSL | 11:cee25a834751 | 2527 | |
wolfSSL | 11:cee25a834751 | 2528 | ssl->status_request_v2 = 1; |
wolfSSL | 11:cee25a834751 | 2529 | |
wolfSSL | 11:cee25a834751 | 2530 | return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */ |
wolfSSL | 11:cee25a834751 | 2531 | #endif |
wolfSSL | 11:cee25a834751 | 2532 | } |
wolfSSL | 11:cee25a834751 | 2533 | else { |
wolfSSL | 11:cee25a834751 | 2534 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 2535 | byte status_type; |
wolfSSL | 11:cee25a834751 | 2536 | word16 request_length; |
wolfSSL | 11:cee25a834751 | 2537 | word16 offset = 0; |
wolfSSL | 11:cee25a834751 | 2538 | word16 size = 0; |
wolfSSL | 11:cee25a834751 | 2539 | |
wolfSSL | 11:cee25a834751 | 2540 | /* list size */ |
wolfSSL | 11:cee25a834751 | 2541 | ato16(input + offset, &request_length); |
wolfSSL | 11:cee25a834751 | 2542 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 2543 | |
wolfSSL | 11:cee25a834751 | 2544 | if (length - OPAQUE16_LEN != request_length) |
wolfSSL | 11:cee25a834751 | 2545 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 2546 | |
wolfSSL | 11:cee25a834751 | 2547 | while (length > offset) { |
wolfSSL | 11:cee25a834751 | 2548 | if (length - offset < ENUM_LEN + OPAQUE16_LEN) |
wolfSSL | 11:cee25a834751 | 2549 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 2550 | |
wolfSSL | 11:cee25a834751 | 2551 | status_type = input[offset++]; |
wolfSSL | 11:cee25a834751 | 2552 | |
wolfSSL | 11:cee25a834751 | 2553 | ato16(input + offset, &request_length); |
wolfSSL | 11:cee25a834751 | 2554 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 2555 | |
wolfSSL | 11:cee25a834751 | 2556 | if (length - offset < request_length) |
wolfSSL | 11:cee25a834751 | 2557 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 2558 | |
wolfSSL | 11:cee25a834751 | 2559 | switch (status_type) { |
wolfSSL | 11:cee25a834751 | 2560 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 11:cee25a834751 | 2561 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 11:cee25a834751 | 2562 | /* skip responder_id_list */ |
wolfSSL | 11:cee25a834751 | 2563 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 11:cee25a834751 | 2564 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 2565 | |
wolfSSL | 11:cee25a834751 | 2566 | ato16(input + offset, &size); |
wolfSSL | 11:cee25a834751 | 2567 | offset += OPAQUE16_LEN + size; |
wolfSSL | 11:cee25a834751 | 2568 | |
wolfSSL | 11:cee25a834751 | 2569 | /* skip request_extensions */ |
wolfSSL | 11:cee25a834751 | 2570 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 11:cee25a834751 | 2571 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 2572 | |
wolfSSL | 11:cee25a834751 | 2573 | ato16(input + offset, &size); |
wolfSSL | 11:cee25a834751 | 2574 | offset += OPAQUE16_LEN + size; |
wolfSSL | 11:cee25a834751 | 2575 | |
wolfSSL | 11:cee25a834751 | 2576 | if (offset > length) |
wolfSSL | 11:cee25a834751 | 2577 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 2578 | |
wolfSSL | 11:cee25a834751 | 2579 | /* is able to send OCSP response? */ |
wolfSSL | 11:cee25a834751 | 2580 | if (ssl->ctx->cm == NULL |
wolfSSL | 11:cee25a834751 | 2581 | || !ssl->ctx->cm->ocspStaplingEnabled) |
wolfSSL | 11:cee25a834751 | 2582 | continue; |
wolfSSL | 11:cee25a834751 | 2583 | break; |
wolfSSL | 11:cee25a834751 | 2584 | |
wolfSSL | 11:cee25a834751 | 2585 | default: |
wolfSSL | 11:cee25a834751 | 2586 | /* unknown status type, skipping! */ |
wolfSSL | 11:cee25a834751 | 2587 | offset += request_length; |
wolfSSL | 11:cee25a834751 | 2588 | continue; |
wolfSSL | 11:cee25a834751 | 2589 | } |
wolfSSL | 11:cee25a834751 | 2590 | |
wolfSSL | 11:cee25a834751 | 2591 | /* if using status_request and already sending it, skip this one */ |
wolfSSL | 11:cee25a834751 | 2592 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
wolfSSL | 11:cee25a834751 | 2593 | if (ssl->status_request) |
wolfSSL | 11:cee25a834751 | 2594 | return 0; |
wolfSSL | 11:cee25a834751 | 2595 | #endif |
wolfSSL | 11:cee25a834751 | 2596 | |
wolfSSL | 11:cee25a834751 | 2597 | /* accept the first good status_type and return */ |
wolfSSL | 11:cee25a834751 | 2598 | ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, |
wolfSSL | 11:cee25a834751 | 2599 | status_type, 0, ssl->heap, ssl->devId); |
wolfSSL | 11:cee25a834751 | 2600 | if (ret != SSL_SUCCESS) |
wolfSSL | 11:cee25a834751 | 2601 | return ret; /* throw error */ |
wolfSSL | 11:cee25a834751 | 2602 | |
wolfSSL | 11:cee25a834751 | 2603 | TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 11:cee25a834751 | 2604 | ssl->status_request_v2 = status_type; |
wolfSSL | 11:cee25a834751 | 2605 | |
wolfSSL | 11:cee25a834751 | 2606 | return 0; |
wolfSSL | 11:cee25a834751 | 2607 | } |
wolfSSL | 11:cee25a834751 | 2608 | #endif |
wolfSSL | 11:cee25a834751 | 2609 | } |
wolfSSL | 11:cee25a834751 | 2610 | |
wolfSSL | 11:cee25a834751 | 2611 | return 0; |
wolfSSL | 11:cee25a834751 | 2612 | } |
wolfSSL | 11:cee25a834751 | 2613 | |
wolfSSL | 11:cee25a834751 | 2614 | int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, |
wolfSSL | 11:cee25a834751 | 2615 | void* heap) |
wolfSSL | 11:cee25a834751 | 2616 | { |
wolfSSL | 11:cee25a834751 | 2617 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 11:cee25a834751 | 2618 | CertificateStatusRequestItemV2* csr2 = extension ? |
wolfSSL | 11:cee25a834751 | 2619 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 11:cee25a834751 | 2620 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 2621 | |
wolfSSL | 11:cee25a834751 | 2622 | for (; csr2; csr2 = csr2->next) { |
wolfSSL | 11:cee25a834751 | 2623 | switch (csr2->status_type) { |
wolfSSL | 11:cee25a834751 | 2624 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 11:cee25a834751 | 2625 | if (!isPeer || csr2->requests != 0) |
wolfSSL | 11:cee25a834751 | 2626 | break; |
wolfSSL | 11:cee25a834751 | 2627 | |
wolfSSL | 11:cee25a834751 | 2628 | /* followed by */ |
wolfSSL | 11:cee25a834751 | 2629 | |
wolfSSL | 11:cee25a834751 | 2630 | case WOLFSSL_CSR2_OCSP_MULTI: { |
wolfSSL | 11:cee25a834751 | 2631 | if (csr2->requests < 1 + MAX_CHAIN_DEPTH) { |
wolfSSL | 11:cee25a834751 | 2632 | byte nonce[MAX_OCSP_NONCE_SZ]; |
wolfSSL | 11:cee25a834751 | 2633 | int nonceSz = csr2->request.ocsp[0].nonceSz; |
wolfSSL | 11:cee25a834751 | 2634 | |
wolfSSL | 11:cee25a834751 | 2635 | /* preserve nonce, replicating nonce of ocsp[0] */ |
wolfSSL | 11:cee25a834751 | 2636 | XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz); |
wolfSSL | 11:cee25a834751 | 2637 | |
wolfSSL | 11:cee25a834751 | 2638 | if ((ret = InitOcspRequest( |
wolfSSL | 11:cee25a834751 | 2639 | &csr2->request.ocsp[csr2->requests], cert, |
wolfSSL | 11:cee25a834751 | 2640 | 0, heap)) != 0) |
wolfSSL | 11:cee25a834751 | 2641 | return ret; |
wolfSSL | 11:cee25a834751 | 2642 | |
wolfSSL | 11:cee25a834751 | 2643 | /* restore nonce */ |
wolfSSL | 11:cee25a834751 | 2644 | XMEMCPY(csr2->request.ocsp[csr2->requests].nonce, |
wolfSSL | 11:cee25a834751 | 2645 | nonce, nonceSz); |
wolfSSL | 11:cee25a834751 | 2646 | csr2->request.ocsp[csr2->requests].nonceSz = nonceSz; |
wolfSSL | 11:cee25a834751 | 2647 | csr2->requests++; |
wolfSSL | 11:cee25a834751 | 2648 | } |
wolfSSL | 11:cee25a834751 | 2649 | } |
wolfSSL | 11:cee25a834751 | 2650 | break; |
wolfSSL | 11:cee25a834751 | 2651 | } |
wolfSSL | 11:cee25a834751 | 2652 | } |
wolfSSL | 11:cee25a834751 | 2653 | |
wolfSSL | 11:cee25a834751 | 2654 | (void)cert; |
wolfSSL | 11:cee25a834751 | 2655 | return ret; |
wolfSSL | 11:cee25a834751 | 2656 | } |
wolfSSL | 11:cee25a834751 | 2657 | |
wolfSSL | 11:cee25a834751 | 2658 | void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte idx) |
wolfSSL | 11:cee25a834751 | 2659 | { |
wolfSSL | 11:cee25a834751 | 2660 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 11:cee25a834751 | 2661 | CertificateStatusRequestItemV2* csr2 = extension ? |
wolfSSL | 11:cee25a834751 | 2662 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 11:cee25a834751 | 2663 | |
wolfSSL | 11:cee25a834751 | 2664 | for (; csr2; csr2 = csr2->next) { |
wolfSSL | 11:cee25a834751 | 2665 | if (csr2->status_type == status_type) { |
wolfSSL | 11:cee25a834751 | 2666 | switch (csr2->status_type) { |
wolfSSL | 11:cee25a834751 | 2667 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 11:cee25a834751 | 2668 | /* followed by */ |
wolfSSL | 11:cee25a834751 | 2669 | |
wolfSSL | 11:cee25a834751 | 2670 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 11:cee25a834751 | 2671 | /* requests are initialized in the reverse order */ |
wolfSSL | 11:cee25a834751 | 2672 | return idx < csr2->requests |
wolfSSL | 11:cee25a834751 | 2673 | ? &csr2->request.ocsp[csr2->requests - idx - 1] |
wolfSSL | 11:cee25a834751 | 2674 | : NULL; |
wolfSSL | 11:cee25a834751 | 2675 | break; |
wolfSSL | 11:cee25a834751 | 2676 | } |
wolfSSL | 11:cee25a834751 | 2677 | } |
wolfSSL | 11:cee25a834751 | 2678 | } |
wolfSSL | 11:cee25a834751 | 2679 | |
wolfSSL | 11:cee25a834751 | 2680 | return NULL; |
wolfSSL | 11:cee25a834751 | 2681 | } |
wolfSSL | 11:cee25a834751 | 2682 | |
wolfSSL | 11:cee25a834751 | 2683 | int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) |
wolfSSL | 11:cee25a834751 | 2684 | { |
wolfSSL | 11:cee25a834751 | 2685 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 11:cee25a834751 | 2686 | CertificateStatusRequestItemV2* csr2 = extension ? |
wolfSSL | 11:cee25a834751 | 2687 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 11:cee25a834751 | 2688 | |
wolfSSL | 11:cee25a834751 | 2689 | /* forces only the first one */ |
wolfSSL | 11:cee25a834751 | 2690 | if (csr2) { |
wolfSSL | 11:cee25a834751 | 2691 | switch (csr2->status_type) { |
wolfSSL | 11:cee25a834751 | 2692 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 11:cee25a834751 | 2693 | /* followed by */ |
wolfSSL | 11:cee25a834751 | 2694 | |
wolfSSL | 11:cee25a834751 | 2695 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 11:cee25a834751 | 2696 | if (ssl->ctx->cm->ocspEnabled) { |
wolfSSL | 11:cee25a834751 | 2697 | #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 11:cee25a834751 | 2698 | csr2->request.ocsp[0].ssl = ssl; |
wolfSSL | 11:cee25a834751 | 2699 | #endif |
wolfSSL | 11:cee25a834751 | 2700 | return CheckOcspRequest(ssl->ctx->cm->ocsp, |
wolfSSL | 11:cee25a834751 | 2701 | &csr2->request.ocsp[0], NULL); |
wolfSSL | 11:cee25a834751 | 2702 | } |
wolfSSL | 11:cee25a834751 | 2703 | else |
wolfSSL | 11:cee25a834751 | 2704 | return OCSP_LOOKUP_FAIL; |
wolfSSL | 11:cee25a834751 | 2705 | } |
wolfSSL | 11:cee25a834751 | 2706 | } |
wolfSSL | 11:cee25a834751 | 2707 | |
wolfSSL | 11:cee25a834751 | 2708 | return 0; |
wolfSSL | 11:cee25a834751 | 2709 | } |
wolfSSL | 11:cee25a834751 | 2710 | |
wolfSSL | 11:cee25a834751 | 2711 | int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, |
wolfSSL | 11:cee25a834751 | 2712 | byte options, void* heap, int devId) |
wolfSSL | 11:cee25a834751 | 2713 | { |
wolfSSL | 11:cee25a834751 | 2714 | TLSX* extension = NULL; |
wolfSSL | 11:cee25a834751 | 2715 | CertificateStatusRequestItemV2* csr2 = NULL; |
wolfSSL | 11:cee25a834751 | 2716 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 2717 | |
wolfSSL | 11:cee25a834751 | 2718 | if (!extensions) |
wolfSSL | 11:cee25a834751 | 2719 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 2720 | |
wolfSSL | 11:cee25a834751 | 2721 | if (status_type != WOLFSSL_CSR2_OCSP |
wolfSSL | 11:cee25a834751 | 2722 | && status_type != WOLFSSL_CSR2_OCSP_MULTI) |
wolfSSL | 11:cee25a834751 | 2723 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 2724 | |
wolfSSL | 11:cee25a834751 | 2725 | csr2 = (CertificateStatusRequestItemV2*) |
wolfSSL | 11:cee25a834751 | 2726 | XMALLOC(sizeof(CertificateStatusRequestItemV2), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 2727 | if (!csr2) |
wolfSSL | 11:cee25a834751 | 2728 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 2729 | |
wolfSSL | 11:cee25a834751 | 2730 | ForceZero(csr2, sizeof(CertificateStatusRequestItemV2)); |
wolfSSL | 11:cee25a834751 | 2731 | |
wolfSSL | 11:cee25a834751 | 2732 | csr2->status_type = status_type; |
wolfSSL | 11:cee25a834751 | 2733 | csr2->options = options; |
wolfSSL | 11:cee25a834751 | 2734 | csr2->next = NULL; |
wolfSSL | 11:cee25a834751 | 2735 | |
wolfSSL | 11:cee25a834751 | 2736 | switch (csr2->status_type) { |
wolfSSL | 11:cee25a834751 | 2737 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 11:cee25a834751 | 2738 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 11:cee25a834751 | 2739 | if (options & WOLFSSL_CSR2_OCSP_USE_NONCE) { |
wolfSSL | 11:cee25a834751 | 2740 | WC_RNG rng; |
wolfSSL | 11:cee25a834751 | 2741 | |
wolfSSL | 11:cee25a834751 | 2742 | #ifndef HAVE_FIPS |
wolfSSL | 11:cee25a834751 | 2743 | ret = wc_InitRng_ex(&rng, heap, devId); |
wolfSSL | 11:cee25a834751 | 2744 | #else |
wolfSSL | 11:cee25a834751 | 2745 | ret = wc_InitRng(&rng); |
wolfSSL | 11:cee25a834751 | 2746 | (void)devId; |
wolfSSL | 11:cee25a834751 | 2747 | #endif |
wolfSSL | 11:cee25a834751 | 2748 | if (ret == 0) { |
wolfSSL | 11:cee25a834751 | 2749 | if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp[0].nonce, |
wolfSSL | 11:cee25a834751 | 2750 | MAX_OCSP_NONCE_SZ) == 0) |
wolfSSL | 11:cee25a834751 | 2751 | csr2->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ; |
wolfSSL | 11:cee25a834751 | 2752 | |
wolfSSL | 11:cee25a834751 | 2753 | wc_FreeRng(&rng); |
wolfSSL | 11:cee25a834751 | 2754 | } |
wolfSSL | 11:cee25a834751 | 2755 | } |
wolfSSL | 11:cee25a834751 | 2756 | break; |
wolfSSL | 11:cee25a834751 | 2757 | } |
wolfSSL | 11:cee25a834751 | 2758 | |
wolfSSL | 11:cee25a834751 | 2759 | /* append new item */ |
wolfSSL | 11:cee25a834751 | 2760 | if ((extension = TLSX_Find(*extensions, TLSX_STATUS_REQUEST_V2))) { |
wolfSSL | 11:cee25a834751 | 2761 | CertificateStatusRequestItemV2* last = |
wolfSSL | 11:cee25a834751 | 2762 | (CertificateStatusRequestItemV2*)extension->data; |
wolfSSL | 11:cee25a834751 | 2763 | |
wolfSSL | 11:cee25a834751 | 2764 | for (; last->next; last = last->next); |
wolfSSL | 11:cee25a834751 | 2765 | |
wolfSSL | 11:cee25a834751 | 2766 | last->next = csr2; |
wolfSSL | 11:cee25a834751 | 2767 | } |
wolfSSL | 11:cee25a834751 | 2768 | else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2,heap))) { |
wolfSSL | 11:cee25a834751 | 2769 | XFREE(csr2, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 2770 | return ret; |
wolfSSL | 11:cee25a834751 | 2771 | } |
wolfSSL | 11:cee25a834751 | 2772 | |
wolfSSL | 11:cee25a834751 | 2773 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 2774 | } |
wolfSSL | 11:cee25a834751 | 2775 | |
wolfSSL | 11:cee25a834751 | 2776 | #define CSR2_FREE_ALL TLSX_CSR2_FreeAll |
wolfSSL | 11:cee25a834751 | 2777 | #define CSR2_GET_SIZE TLSX_CSR2_GetSize |
wolfSSL | 11:cee25a834751 | 2778 | #define CSR2_WRITE TLSX_CSR2_Write |
wolfSSL | 11:cee25a834751 | 2779 | #define CSR2_PARSE TLSX_CSR2_Parse |
wolfSSL | 11:cee25a834751 | 2780 | |
wolfSSL | 11:cee25a834751 | 2781 | #else |
wolfSSL | 11:cee25a834751 | 2782 | |
wolfSSL | 11:cee25a834751 | 2783 | #define CSR2_FREE_ALL(data, heap) |
wolfSSL | 11:cee25a834751 | 2784 | #define CSR2_GET_SIZE(a, b) 0 |
wolfSSL | 11:cee25a834751 | 2785 | #define CSR2_WRITE(a, b, c) 0 |
wolfSSL | 11:cee25a834751 | 2786 | #define CSR2_PARSE(a, b, c, d) 0 |
wolfSSL | 11:cee25a834751 | 2787 | |
wolfSSL | 11:cee25a834751 | 2788 | #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ |
wolfSSL | 11:cee25a834751 | 2789 | |
wolfSSL | 11:cee25a834751 | 2790 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 2791 | /* Supported Elliptic Curves */ |
wolfSSL | 11:cee25a834751 | 2792 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 2793 | |
wolfSSL | 11:cee25a834751 | 2794 | #ifdef HAVE_SUPPORTED_CURVES |
wolfSSL | 11:cee25a834751 | 2795 | |
wolfSSL | 11:cee25a834751 | 2796 | #ifndef HAVE_ECC |
wolfSSL | 11:cee25a834751 | 2797 | #error Elliptic Curves Extension requires Elliptic Curve Cryptography. \ |
wolfSSL | 11:cee25a834751 | 2798 | Use --enable-ecc in the configure script or define HAVE_ECC. |
wolfSSL | 11:cee25a834751 | 2799 | #endif |
wolfSSL | 11:cee25a834751 | 2800 | |
wolfSSL | 11:cee25a834751 | 2801 | static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list, void* heap) |
wolfSSL | 11:cee25a834751 | 2802 | { |
wolfSSL | 11:cee25a834751 | 2803 | EllipticCurve* curve; |
wolfSSL | 11:cee25a834751 | 2804 | |
wolfSSL | 11:cee25a834751 | 2805 | while ((curve = list)) { |
wolfSSL | 11:cee25a834751 | 2806 | list = curve->next; |
wolfSSL | 11:cee25a834751 | 2807 | XFREE(curve, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 2808 | } |
wolfSSL | 11:cee25a834751 | 2809 | (void)heap; |
wolfSSL | 11:cee25a834751 | 2810 | } |
wolfSSL | 11:cee25a834751 | 2811 | |
wolfSSL | 11:cee25a834751 | 2812 | static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name, |
wolfSSL | 11:cee25a834751 | 2813 | void* heap) |
wolfSSL | 11:cee25a834751 | 2814 | { |
wolfSSL | 11:cee25a834751 | 2815 | EllipticCurve* curve = NULL; |
wolfSSL | 11:cee25a834751 | 2816 | |
wolfSSL | 11:cee25a834751 | 2817 | if (list == NULL) |
wolfSSL | 11:cee25a834751 | 2818 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 2819 | |
wolfSSL | 11:cee25a834751 | 2820 | curve = (EllipticCurve*)XMALLOC(sizeof(EllipticCurve), heap, |
wolfSSL | 11:cee25a834751 | 2821 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 2822 | if (curve == NULL) |
wolfSSL | 11:cee25a834751 | 2823 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 2824 | |
wolfSSL | 11:cee25a834751 | 2825 | curve->name = name; |
wolfSSL | 11:cee25a834751 | 2826 | curve->next = *list; |
wolfSSL | 11:cee25a834751 | 2827 | |
wolfSSL | 11:cee25a834751 | 2828 | *list = curve; |
wolfSSL | 11:cee25a834751 | 2829 | |
wolfSSL | 11:cee25a834751 | 2830 | return 0; |
wolfSSL | 11:cee25a834751 | 2831 | } |
wolfSSL | 11:cee25a834751 | 2832 | |
wolfSSL | 11:cee25a834751 | 2833 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 2834 | |
wolfSSL | 11:cee25a834751 | 2835 | static void TLSX_EllipticCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore) |
wolfSSL | 11:cee25a834751 | 2836 | { |
wolfSSL | 11:cee25a834751 | 2837 | int i; |
wolfSSL | 11:cee25a834751 | 2838 | |
wolfSSL | 11:cee25a834751 | 2839 | for (i = 0; i < ssl->suites->suiteSz; i+= 2) |
wolfSSL | 11:cee25a834751 | 2840 | if (ssl->suites->suites[i] == ECC_BYTE || |
wolfSSL | 11:cee25a834751 | 2841 | ssl->suites->suites[i] == CHACHA_BYTE) |
wolfSSL | 11:cee25a834751 | 2842 | return; |
wolfSSL | 11:cee25a834751 | 2843 | |
wolfSSL | 11:cee25a834751 | 2844 | /* turns semaphore on to avoid sending this extension. */ |
wolfSSL | 11:cee25a834751 | 2845 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS)); |
wolfSSL | 11:cee25a834751 | 2846 | } |
wolfSSL | 11:cee25a834751 | 2847 | |
wolfSSL | 11:cee25a834751 | 2848 | static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list) |
wolfSSL | 11:cee25a834751 | 2849 | { |
wolfSSL | 11:cee25a834751 | 2850 | EllipticCurve* curve; |
wolfSSL | 11:cee25a834751 | 2851 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 11:cee25a834751 | 2852 | |
wolfSSL | 11:cee25a834751 | 2853 | while ((curve = list)) { |
wolfSSL | 11:cee25a834751 | 2854 | list = curve->next; |
wolfSSL | 11:cee25a834751 | 2855 | length += OPAQUE16_LEN; /* curve length */ |
wolfSSL | 11:cee25a834751 | 2856 | } |
wolfSSL | 11:cee25a834751 | 2857 | |
wolfSSL | 11:cee25a834751 | 2858 | return length; |
wolfSSL | 11:cee25a834751 | 2859 | } |
wolfSSL | 11:cee25a834751 | 2860 | |
wolfSSL | 11:cee25a834751 | 2861 | static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output); |
wolfSSL | 11:cee25a834751 | 2862 | static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output) |
wolfSSL | 11:cee25a834751 | 2863 | { |
wolfSSL | 11:cee25a834751 | 2864 | word16 offset = 0; |
wolfSSL | 11:cee25a834751 | 2865 | |
wolfSSL | 11:cee25a834751 | 2866 | if (!curve) |
wolfSSL | 11:cee25a834751 | 2867 | return offset; |
wolfSSL | 11:cee25a834751 | 2868 | |
wolfSSL | 11:cee25a834751 | 2869 | offset = TLSX_EllipticCurve_WriteR(curve->next, output); |
wolfSSL | 11:cee25a834751 | 2870 | c16toa(curve->name, output + offset); |
wolfSSL | 11:cee25a834751 | 2871 | |
wolfSSL | 11:cee25a834751 | 2872 | return OPAQUE16_LEN + offset; |
wolfSSL | 11:cee25a834751 | 2873 | } |
wolfSSL | 11:cee25a834751 | 2874 | |
wolfSSL | 11:cee25a834751 | 2875 | static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output) |
wolfSSL | 11:cee25a834751 | 2876 | { |
wolfSSL | 11:cee25a834751 | 2877 | word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN); |
wolfSSL | 11:cee25a834751 | 2878 | |
wolfSSL | 11:cee25a834751 | 2879 | c16toa(length, output); /* writing list length */ |
wolfSSL | 11:cee25a834751 | 2880 | |
wolfSSL | 11:cee25a834751 | 2881 | return OPAQUE16_LEN + length; |
wolfSSL | 11:cee25a834751 | 2882 | } |
wolfSSL | 11:cee25a834751 | 2883 | |
wolfSSL | 11:cee25a834751 | 2884 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 11:cee25a834751 | 2885 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 2886 | |
wolfSSL | 11:cee25a834751 | 2887 | static int TLSX_EllipticCurve_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 11:cee25a834751 | 2888 | byte isRequest) |
wolfSSL | 11:cee25a834751 | 2889 | { |
wolfSSL | 11:cee25a834751 | 2890 | word16 offset; |
wolfSSL | 11:cee25a834751 | 2891 | word16 name; |
wolfSSL | 11:cee25a834751 | 2892 | int r; |
wolfSSL | 11:cee25a834751 | 2893 | |
wolfSSL | 11:cee25a834751 | 2894 | (void) isRequest; /* shut up compiler! */ |
wolfSSL | 11:cee25a834751 | 2895 | |
wolfSSL | 11:cee25a834751 | 2896 | if (OPAQUE16_LEN > length || length % OPAQUE16_LEN) |
wolfSSL | 11:cee25a834751 | 2897 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 2898 | |
wolfSSL | 11:cee25a834751 | 2899 | ato16(input, &offset); |
wolfSSL | 11:cee25a834751 | 2900 | |
wolfSSL | 11:cee25a834751 | 2901 | /* validating curve list length */ |
wolfSSL | 11:cee25a834751 | 2902 | if (length != OPAQUE16_LEN + offset) |
wolfSSL | 11:cee25a834751 | 2903 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 2904 | |
wolfSSL | 11:cee25a834751 | 2905 | while (offset) { |
wolfSSL | 11:cee25a834751 | 2906 | ato16(input + offset, &name); |
wolfSSL | 11:cee25a834751 | 2907 | offset -= OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 2908 | |
wolfSSL | 11:cee25a834751 | 2909 | r = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap); |
wolfSSL | 11:cee25a834751 | 2910 | |
wolfSSL | 11:cee25a834751 | 2911 | if (r != SSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 11:cee25a834751 | 2912 | } |
wolfSSL | 11:cee25a834751 | 2913 | |
wolfSSL | 11:cee25a834751 | 2914 | return 0; |
wolfSSL | 11:cee25a834751 | 2915 | } |
wolfSSL | 11:cee25a834751 | 2916 | |
wolfSSL | 11:cee25a834751 | 2917 | int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) { |
wolfSSL | 11:cee25a834751 | 2918 | TLSX* extension = (first == ECC_BYTE || first == CHACHA_BYTE) |
wolfSSL | 11:cee25a834751 | 2919 | ? TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS) |
wolfSSL | 11:cee25a834751 | 2920 | : NULL; |
wolfSSL | 11:cee25a834751 | 2921 | EllipticCurve* curve = NULL; |
wolfSSL | 11:cee25a834751 | 2922 | word32 oid = 0; |
wolfSSL | 11:cee25a834751 | 2923 | word32 defOid = 0; |
wolfSSL | 11:cee25a834751 | 2924 | word32 defSz = 80; /* Maximum known curve size is 66. */ |
wolfSSL | 11:cee25a834751 | 2925 | word32 nextOid = 0; |
wolfSSL | 11:cee25a834751 | 2926 | word32 nextSz = 80; /* Maximum known curve size is 66. */ |
wolfSSL | 11:cee25a834751 | 2927 | word32 currOid = ssl->ecdhCurveOID; |
wolfSSL | 11:cee25a834751 | 2928 | int ephmSuite = 0; |
wolfSSL | 11:cee25a834751 | 2929 | word16 octets = 0; /* according to 'ecc_set_type ecc_sets[];' */ |
wolfSSL | 11:cee25a834751 | 2930 | int sig = 0; /* validate signature */ |
wolfSSL | 11:cee25a834751 | 2931 | int key = 0; /* validate key */ |
wolfSSL | 11:cee25a834751 | 2932 | |
wolfSSL | 11:cee25a834751 | 2933 | (void)oid; |
wolfSSL | 11:cee25a834751 | 2934 | |
wolfSSL | 11:cee25a834751 | 2935 | if (!extension) |
wolfSSL | 11:cee25a834751 | 2936 | return 1; /* no suite restriction */ |
wolfSSL | 11:cee25a834751 | 2937 | |
wolfSSL | 11:cee25a834751 | 2938 | for (curve = (EllipticCurve*)extension->data; |
wolfSSL | 11:cee25a834751 | 2939 | curve && !(sig && key); |
wolfSSL | 11:cee25a834751 | 2940 | curve = curve->next) { |
wolfSSL | 11:cee25a834751 | 2941 | |
wolfSSL | 11:cee25a834751 | 2942 | /* find supported curve */ |
wolfSSL | 11:cee25a834751 | 2943 | switch (curve->name) { |
wolfSSL | 11:cee25a834751 | 2944 | #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 2945 | #ifndef NO_ECC_SECP |
wolfSSL | 11:cee25a834751 | 2946 | case WOLFSSL_ECC_SECP160R1: |
wolfSSL | 11:cee25a834751 | 2947 | oid = ECC_SECP160R1_OID; |
wolfSSL | 11:cee25a834751 | 2948 | octets = 20; |
wolfSSL | 11:cee25a834751 | 2949 | break; |
wolfSSL | 11:cee25a834751 | 2950 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 11:cee25a834751 | 2951 | #ifdef HAVE_ECC_SECPR2 |
wolfSSL | 11:cee25a834751 | 2952 | case WOLFSSL_ECC_SECP160R2: |
wolfSSL | 11:cee25a834751 | 2953 | oid = ECC_SECP160R2_OID; |
wolfSSL | 11:cee25a834751 | 2954 | octets = 20; |
wolfSSL | 11:cee25a834751 | 2955 | break; |
wolfSSL | 11:cee25a834751 | 2956 | #endif /* HAVE_ECC_SECPR2 */ |
wolfSSL | 11:cee25a834751 | 2957 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 11:cee25a834751 | 2958 | case WOLFSSL_ECC_SECP160K1: |
wolfSSL | 11:cee25a834751 | 2959 | oid = ECC_SECP160K1_OID; |
wolfSSL | 11:cee25a834751 | 2960 | octets = 20; |
wolfSSL | 11:cee25a834751 | 2961 | break; |
wolfSSL | 11:cee25a834751 | 2962 | #endif /* HAVE_ECC_KOBLITZ */ |
wolfSSL | 11:cee25a834751 | 2963 | #endif |
wolfSSL | 11:cee25a834751 | 2964 | #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 2965 | #ifndef NO_ECC_SECP |
wolfSSL | 11:cee25a834751 | 2966 | case WOLFSSL_ECC_SECP192R1: |
wolfSSL | 11:cee25a834751 | 2967 | oid = ECC_SECP192R1_OID; |
wolfSSL | 11:cee25a834751 | 2968 | octets = 24; |
wolfSSL | 11:cee25a834751 | 2969 | break; |
wolfSSL | 11:cee25a834751 | 2970 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 11:cee25a834751 | 2971 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 11:cee25a834751 | 2972 | case WOLFSSL_ECC_SECP192K1: |
wolfSSL | 11:cee25a834751 | 2973 | oid = ECC_SECP192K1_OID; |
wolfSSL | 11:cee25a834751 | 2974 | octets = 24; |
wolfSSL | 11:cee25a834751 | 2975 | break; |
wolfSSL | 11:cee25a834751 | 2976 | #endif /* HAVE_ECC_KOBLITZ */ |
wolfSSL | 11:cee25a834751 | 2977 | #endif |
wolfSSL | 11:cee25a834751 | 2978 | #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 2979 | #ifndef NO_ECC_SECP |
wolfSSL | 11:cee25a834751 | 2980 | case WOLFSSL_ECC_SECP224R1: |
wolfSSL | 11:cee25a834751 | 2981 | oid = ECC_SECP224R1_OID; |
wolfSSL | 11:cee25a834751 | 2982 | octets = 28; |
wolfSSL | 11:cee25a834751 | 2983 | break; |
wolfSSL | 11:cee25a834751 | 2984 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 11:cee25a834751 | 2985 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 11:cee25a834751 | 2986 | case WOLFSSL_ECC_SECP224K1: |
wolfSSL | 11:cee25a834751 | 2987 | oid = ECC_SECP224K1_OID; |
wolfSSL | 11:cee25a834751 | 2988 | octets = 28; |
wolfSSL | 11:cee25a834751 | 2989 | break; |
wolfSSL | 11:cee25a834751 | 2990 | #endif /* HAVE_ECC_KOBLITZ */ |
wolfSSL | 11:cee25a834751 | 2991 | #endif |
wolfSSL | 11:cee25a834751 | 2992 | #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 2993 | #ifndef NO_ECC_SECP |
wolfSSL | 11:cee25a834751 | 2994 | case WOLFSSL_ECC_SECP256R1: |
wolfSSL | 11:cee25a834751 | 2995 | oid = ECC_SECP256R1_OID; |
wolfSSL | 11:cee25a834751 | 2996 | octets = 32; |
wolfSSL | 11:cee25a834751 | 2997 | break; |
wolfSSL | 11:cee25a834751 | 2998 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 11:cee25a834751 | 2999 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 11:cee25a834751 | 3000 | case WOLFSSL_ECC_SECP256K1: |
wolfSSL | 11:cee25a834751 | 3001 | oid = ECC_SECP256K1_OID; |
wolfSSL | 11:cee25a834751 | 3002 | octets = 32; |
wolfSSL | 11:cee25a834751 | 3003 | break; |
wolfSSL | 11:cee25a834751 | 3004 | #endif /* HAVE_ECC_KOBLITZ */ |
wolfSSL | 11:cee25a834751 | 3005 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 11:cee25a834751 | 3006 | case WOLFSSL_ECC_BRAINPOOLP256R1: |
wolfSSL | 11:cee25a834751 | 3007 | oid = ECC_BRAINPOOLP256R1_OID; |
wolfSSL | 11:cee25a834751 | 3008 | octets = 32; |
wolfSSL | 11:cee25a834751 | 3009 | break; |
wolfSSL | 11:cee25a834751 | 3010 | #endif /* HAVE_ECC_BRAINPOOL */ |
wolfSSL | 11:cee25a834751 | 3011 | #endif |
wolfSSL | 11:cee25a834751 | 3012 | #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 3013 | #ifndef NO_ECC_SECP |
wolfSSL | 11:cee25a834751 | 3014 | case WOLFSSL_ECC_SECP384R1: |
wolfSSL | 11:cee25a834751 | 3015 | oid = ECC_SECP384R1_OID; |
wolfSSL | 11:cee25a834751 | 3016 | octets = 48; |
wolfSSL | 11:cee25a834751 | 3017 | break; |
wolfSSL | 11:cee25a834751 | 3018 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 11:cee25a834751 | 3019 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 11:cee25a834751 | 3020 | case WOLFSSL_ECC_BRAINPOOLP384R1: |
wolfSSL | 11:cee25a834751 | 3021 | oid = ECC_BRAINPOOLP384R1_OID; |
wolfSSL | 11:cee25a834751 | 3022 | octets = 48; |
wolfSSL | 11:cee25a834751 | 3023 | break; |
wolfSSL | 11:cee25a834751 | 3024 | #endif /* HAVE_ECC_BRAINPOOL */ |
wolfSSL | 11:cee25a834751 | 3025 | #endif |
wolfSSL | 11:cee25a834751 | 3026 | #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 3027 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 11:cee25a834751 | 3028 | case WOLFSSL_ECC_BRAINPOOLP512R1: |
wolfSSL | 11:cee25a834751 | 3029 | oid = ECC_BRAINPOOLP512R1_OID; |
wolfSSL | 11:cee25a834751 | 3030 | octets = 64; |
wolfSSL | 11:cee25a834751 | 3031 | break; |
wolfSSL | 11:cee25a834751 | 3032 | #endif /* HAVE_ECC_BRAINPOOL */ |
wolfSSL | 11:cee25a834751 | 3033 | #endif |
wolfSSL | 11:cee25a834751 | 3034 | #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 3035 | #ifndef NO_ECC_SECP |
wolfSSL | 11:cee25a834751 | 3036 | case WOLFSSL_ECC_SECP521R1: |
wolfSSL | 11:cee25a834751 | 3037 | oid = ECC_SECP521R1_OID; |
wolfSSL | 11:cee25a834751 | 3038 | octets = 66; |
wolfSSL | 11:cee25a834751 | 3039 | break; |
wolfSSL | 11:cee25a834751 | 3040 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 11:cee25a834751 | 3041 | #endif |
wolfSSL | 11:cee25a834751 | 3042 | default: continue; /* unsupported curve */ |
wolfSSL | 11:cee25a834751 | 3043 | } |
wolfSSL | 11:cee25a834751 | 3044 | |
wolfSSL | 11:cee25a834751 | 3045 | /* Set default Oid */ |
wolfSSL | 11:cee25a834751 | 3046 | if (defOid == 0 && ssl->eccTempKeySz <= octets && defSz > octets) { |
wolfSSL | 11:cee25a834751 | 3047 | defOid = oid; |
wolfSSL | 11:cee25a834751 | 3048 | defSz = octets; |
wolfSSL | 11:cee25a834751 | 3049 | } |
wolfSSL | 11:cee25a834751 | 3050 | |
wolfSSL | 11:cee25a834751 | 3051 | if (currOid == 0 && ssl->eccTempKeySz == octets) |
wolfSSL | 11:cee25a834751 | 3052 | currOid = oid; |
wolfSSL | 11:cee25a834751 | 3053 | if ((nextOid == 0 || nextSz > octets) && ssl->eccTempKeySz <= octets) { |
wolfSSL | 11:cee25a834751 | 3054 | nextOid = oid; |
wolfSSL | 11:cee25a834751 | 3055 | nextSz = octets; |
wolfSSL | 11:cee25a834751 | 3056 | } |
wolfSSL | 11:cee25a834751 | 3057 | |
wolfSSL | 11:cee25a834751 | 3058 | if (first == ECC_BYTE) { |
wolfSSL | 11:cee25a834751 | 3059 | switch (second) { |
wolfSSL | 11:cee25a834751 | 3060 | /* ECDHE_ECDSA */ |
wolfSSL | 11:cee25a834751 | 3061 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 11:cee25a834751 | 3062 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 11:cee25a834751 | 3063 | case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: |
wolfSSL | 11:cee25a834751 | 3064 | case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 11:cee25a834751 | 3065 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 11:cee25a834751 | 3066 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 11:cee25a834751 | 3067 | case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 11:cee25a834751 | 3068 | case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 11:cee25a834751 | 3069 | case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: |
wolfSSL | 11:cee25a834751 | 3070 | case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8: |
wolfSSL | 11:cee25a834751 | 3071 | sig |= ssl->pkCurveOID == oid; |
wolfSSL | 11:cee25a834751 | 3072 | key |= ssl->ecdhCurveOID == oid; |
wolfSSL | 11:cee25a834751 | 3073 | ephmSuite = 1; |
wolfSSL | 11:cee25a834751 | 3074 | break; |
wolfSSL | 11:cee25a834751 | 3075 | |
wolfSSL | 11:cee25a834751 | 3076 | #ifdef WOLFSSL_STATIC_DH |
wolfSSL | 11:cee25a834751 | 3077 | /* ECDH_ECDSA */ |
wolfSSL | 11:cee25a834751 | 3078 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 11:cee25a834751 | 3079 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 11:cee25a834751 | 3080 | case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: |
wolfSSL | 11:cee25a834751 | 3081 | case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 11:cee25a834751 | 3082 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 11:cee25a834751 | 3083 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 11:cee25a834751 | 3084 | case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 11:cee25a834751 | 3085 | case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 11:cee25a834751 | 3086 | sig |= ssl->pkCurveOID == oid; |
wolfSSL | 11:cee25a834751 | 3087 | key |= ssl->pkCurveOID == oid; |
wolfSSL | 11:cee25a834751 | 3088 | break; |
wolfSSL | 11:cee25a834751 | 3089 | #endif /* WOLFSSL_STATIC_DH */ |
wolfSSL | 11:cee25a834751 | 3090 | #ifndef NO_RSA |
wolfSSL | 11:cee25a834751 | 3091 | /* ECDHE_RSA */ |
wolfSSL | 11:cee25a834751 | 3092 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 11:cee25a834751 | 3093 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 11:cee25a834751 | 3094 | case TLS_ECDHE_RSA_WITH_RC4_128_SHA: |
wolfSSL | 11:cee25a834751 | 3095 | case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 11:cee25a834751 | 3096 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 11:cee25a834751 | 3097 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 11:cee25a834751 | 3098 | case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 11:cee25a834751 | 3099 | case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 11:cee25a834751 | 3100 | sig = 1; |
wolfSSL | 11:cee25a834751 | 3101 | key |= ssl->ecdhCurveOID == oid; |
wolfSSL | 11:cee25a834751 | 3102 | ephmSuite = 1; |
wolfSSL | 11:cee25a834751 | 3103 | break; |
wolfSSL | 11:cee25a834751 | 3104 | |
wolfSSL | 11:cee25a834751 | 3105 | #ifdef WOLFSSL_STATIC_DH |
wolfSSL | 11:cee25a834751 | 3106 | /* ECDH_RSA */ |
wolfSSL | 11:cee25a834751 | 3107 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 11:cee25a834751 | 3108 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 11:cee25a834751 | 3109 | case TLS_ECDH_RSA_WITH_RC4_128_SHA: |
wolfSSL | 11:cee25a834751 | 3110 | case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 11:cee25a834751 | 3111 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 11:cee25a834751 | 3112 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 11:cee25a834751 | 3113 | case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 11:cee25a834751 | 3114 | case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 11:cee25a834751 | 3115 | sig = 1; |
wolfSSL | 11:cee25a834751 | 3116 | key |= ssl->pkCurveOID == oid; |
wolfSSL | 11:cee25a834751 | 3117 | break; |
wolfSSL | 11:cee25a834751 | 3118 | #endif /* WOLFSSL_STATIC_DH */ |
wolfSSL | 11:cee25a834751 | 3119 | #endif |
wolfSSL | 11:cee25a834751 | 3120 | default: |
wolfSSL | 11:cee25a834751 | 3121 | sig = 1; |
wolfSSL | 11:cee25a834751 | 3122 | key = 1; |
wolfSSL | 11:cee25a834751 | 3123 | break; |
wolfSSL | 11:cee25a834751 | 3124 | } |
wolfSSL | 11:cee25a834751 | 3125 | } |
wolfSSL | 11:cee25a834751 | 3126 | |
wolfSSL | 11:cee25a834751 | 3127 | /* ChaCha20-Poly1305 ECC cipher suites */ |
wolfSSL | 11:cee25a834751 | 3128 | if (first == CHACHA_BYTE) { |
wolfSSL | 11:cee25a834751 | 3129 | switch (second) { |
wolfSSL | 11:cee25a834751 | 3130 | /* ECDHE_ECDSA */ |
wolfSSL | 11:cee25a834751 | 3131 | case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : |
wolfSSL | 11:cee25a834751 | 3132 | case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : |
wolfSSL | 11:cee25a834751 | 3133 | sig |= ssl->pkCurveOID == oid; |
wolfSSL | 11:cee25a834751 | 3134 | key |= ssl->ecdhCurveOID == oid; |
wolfSSL | 11:cee25a834751 | 3135 | ephmSuite = 1; |
wolfSSL | 11:cee25a834751 | 3136 | break; |
wolfSSL | 11:cee25a834751 | 3137 | #ifndef NO_RSA |
wolfSSL | 11:cee25a834751 | 3138 | /* ECDHE_RSA */ |
wolfSSL | 11:cee25a834751 | 3139 | case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : |
wolfSSL | 11:cee25a834751 | 3140 | case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : |
wolfSSL | 11:cee25a834751 | 3141 | sig = 1; |
wolfSSL | 11:cee25a834751 | 3142 | key |= ssl->ecdhCurveOID == oid; |
wolfSSL | 11:cee25a834751 | 3143 | ephmSuite = 1; |
wolfSSL | 11:cee25a834751 | 3144 | break; |
wolfSSL | 11:cee25a834751 | 3145 | #endif |
wolfSSL | 11:cee25a834751 | 3146 | default: |
wolfSSL | 11:cee25a834751 | 3147 | sig = 1; |
wolfSSL | 11:cee25a834751 | 3148 | key = 1; |
wolfSSL | 11:cee25a834751 | 3149 | break; |
wolfSSL | 11:cee25a834751 | 3150 | } |
wolfSSL | 11:cee25a834751 | 3151 | } |
wolfSSL | 11:cee25a834751 | 3152 | } |
wolfSSL | 11:cee25a834751 | 3153 | |
wolfSSL | 11:cee25a834751 | 3154 | /* Choose the default if it is at the required strength. */ |
wolfSSL | 11:cee25a834751 | 3155 | if (ssl->ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz) { |
wolfSSL | 11:cee25a834751 | 3156 | key = 1; |
wolfSSL | 11:cee25a834751 | 3157 | ssl->ecdhCurveOID = defOid; |
wolfSSL | 11:cee25a834751 | 3158 | } |
wolfSSL | 11:cee25a834751 | 3159 | /* Choose any curve at the required strength. */ |
wolfSSL | 11:cee25a834751 | 3160 | if (ssl->ecdhCurveOID == 0) { |
wolfSSL | 11:cee25a834751 | 3161 | key = 1; |
wolfSSL | 11:cee25a834751 | 3162 | ssl->ecdhCurveOID = currOid; |
wolfSSL | 11:cee25a834751 | 3163 | } |
wolfSSL | 11:cee25a834751 | 3164 | /* Choose the default if it is at the next highest strength. */ |
wolfSSL | 11:cee25a834751 | 3165 | if (ssl->ecdhCurveOID == 0 && defSz == nextSz) |
wolfSSL | 11:cee25a834751 | 3166 | ssl->ecdhCurveOID = defOid; |
wolfSSL | 11:cee25a834751 | 3167 | /* Choose any curve at the next highest strength. */ |
wolfSSL | 11:cee25a834751 | 3168 | if (ssl->ecdhCurveOID == 0) |
wolfSSL | 11:cee25a834751 | 3169 | ssl->ecdhCurveOID = nextOid; |
wolfSSL | 11:cee25a834751 | 3170 | /* No curve and ephemeral ECC suite requires a matching curve. */ |
wolfSSL | 11:cee25a834751 | 3171 | if (ssl->ecdhCurveOID == 0 && ephmSuite) |
wolfSSL | 11:cee25a834751 | 3172 | key = 0; |
wolfSSL | 11:cee25a834751 | 3173 | |
wolfSSL | 11:cee25a834751 | 3174 | return sig && key; |
wolfSSL | 11:cee25a834751 | 3175 | } |
wolfSSL | 11:cee25a834751 | 3176 | |
wolfSSL | 11:cee25a834751 | 3177 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 11:cee25a834751 | 3178 | |
wolfSSL | 11:cee25a834751 | 3179 | int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) |
wolfSSL | 11:cee25a834751 | 3180 | { |
wolfSSL | 11:cee25a834751 | 3181 | TLSX* extension; |
wolfSSL | 11:cee25a834751 | 3182 | EllipticCurve* curve = NULL; |
wolfSSL | 11:cee25a834751 | 3183 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 3184 | |
wolfSSL | 11:cee25a834751 | 3185 | if (extensions == NULL) |
wolfSSL | 11:cee25a834751 | 3186 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 3187 | |
wolfSSL | 11:cee25a834751 | 3188 | if ((ret = TLSX_EllipticCurve_Append(&curve, name, heap)) != 0) |
wolfSSL | 11:cee25a834751 | 3189 | return ret; |
wolfSSL | 11:cee25a834751 | 3190 | |
wolfSSL | 11:cee25a834751 | 3191 | extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); |
wolfSSL | 11:cee25a834751 | 3192 | if (!extension) { |
wolfSSL | 11:cee25a834751 | 3193 | if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve, heap)) |
wolfSSL | 11:cee25a834751 | 3194 | != 0) { |
wolfSSL | 11:cee25a834751 | 3195 | XFREE(curve, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 3196 | return ret; |
wolfSSL | 11:cee25a834751 | 3197 | } |
wolfSSL | 11:cee25a834751 | 3198 | } |
wolfSSL | 11:cee25a834751 | 3199 | else { |
wolfSSL | 11:cee25a834751 | 3200 | /* push new EllipticCurve object to extension data. */ |
wolfSSL | 11:cee25a834751 | 3201 | curve->next = (EllipticCurve*)extension->data; |
wolfSSL | 11:cee25a834751 | 3202 | extension->data = (void*)curve; |
wolfSSL | 11:cee25a834751 | 3203 | |
wolfSSL | 11:cee25a834751 | 3204 | /* look for another curve of the same name to remove (replacement) */ |
wolfSSL | 11:cee25a834751 | 3205 | do { |
wolfSSL | 11:cee25a834751 | 3206 | if (curve->next && curve->next->name == name) { |
wolfSSL | 11:cee25a834751 | 3207 | EllipticCurve *next = curve->next; |
wolfSSL | 11:cee25a834751 | 3208 | |
wolfSSL | 11:cee25a834751 | 3209 | curve->next = next->next; |
wolfSSL | 11:cee25a834751 | 3210 | XFREE(next, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 3211 | |
wolfSSL | 11:cee25a834751 | 3212 | break; |
wolfSSL | 11:cee25a834751 | 3213 | } |
wolfSSL | 11:cee25a834751 | 3214 | } while ((curve = curve->next)); |
wolfSSL | 11:cee25a834751 | 3215 | } |
wolfSSL | 11:cee25a834751 | 3216 | |
wolfSSL | 11:cee25a834751 | 3217 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 3218 | } |
wolfSSL | 11:cee25a834751 | 3219 | |
wolfSSL | 11:cee25a834751 | 3220 | #define EC_FREE_ALL TLSX_EllipticCurve_FreeAll |
wolfSSL | 11:cee25a834751 | 3221 | #define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest |
wolfSSL | 11:cee25a834751 | 3222 | |
wolfSSL | 11:cee25a834751 | 3223 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 3224 | #define EC_GET_SIZE TLSX_EllipticCurve_GetSize |
wolfSSL | 11:cee25a834751 | 3225 | #define EC_WRITE TLSX_EllipticCurve_Write |
wolfSSL | 11:cee25a834751 | 3226 | #else |
wolfSSL | 11:cee25a834751 | 3227 | #define EC_GET_SIZE(list) 0 |
wolfSSL | 11:cee25a834751 | 3228 | #define EC_WRITE(a, b) 0 |
wolfSSL | 11:cee25a834751 | 3229 | #endif |
wolfSSL | 11:cee25a834751 | 3230 | |
wolfSSL | 11:cee25a834751 | 3231 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 3232 | #define EC_PARSE TLSX_EllipticCurve_Parse |
wolfSSL | 11:cee25a834751 | 3233 | #else |
wolfSSL | 11:cee25a834751 | 3234 | #define EC_PARSE(a, b, c, d) 0 |
wolfSSL | 11:cee25a834751 | 3235 | #endif |
wolfSSL | 11:cee25a834751 | 3236 | |
wolfSSL | 11:cee25a834751 | 3237 | #else |
wolfSSL | 11:cee25a834751 | 3238 | |
wolfSSL | 11:cee25a834751 | 3239 | #define EC_FREE_ALL(list, heap) |
wolfSSL | 11:cee25a834751 | 3240 | #define EC_GET_SIZE(list) 0 |
wolfSSL | 11:cee25a834751 | 3241 | #define EC_WRITE(a, b) 0 |
wolfSSL | 11:cee25a834751 | 3242 | #define EC_PARSE(a, b, c, d) 0 |
wolfSSL | 11:cee25a834751 | 3243 | #define EC_VALIDATE_REQUEST(a, b) |
wolfSSL | 11:cee25a834751 | 3244 | |
wolfSSL | 11:cee25a834751 | 3245 | #endif /* HAVE_SUPPORTED_CURVES */ |
wolfSSL | 11:cee25a834751 | 3246 | |
wolfSSL | 11:cee25a834751 | 3247 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 3248 | /* Renegotiation Indication */ |
wolfSSL | 11:cee25a834751 | 3249 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 3250 | |
wolfSSL | 11:cee25a834751 | 3251 | #if defined(HAVE_SECURE_RENEGOTIATION) \ |
wolfSSL | 11:cee25a834751 | 3252 | || defined(HAVE_SERVER_RENEGOTIATION_INFO) |
wolfSSL | 11:cee25a834751 | 3253 | |
wolfSSL | 11:cee25a834751 | 3254 | static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data, |
wolfSSL | 11:cee25a834751 | 3255 | int isRequest) |
wolfSSL | 11:cee25a834751 | 3256 | { |
wolfSSL | 11:cee25a834751 | 3257 | byte length = OPAQUE8_LEN; /* empty info length */ |
wolfSSL | 11:cee25a834751 | 3258 | |
wolfSSL | 11:cee25a834751 | 3259 | /* data will be NULL for HAVE_SERVER_RENEGOTIATION_INFO only */ |
wolfSSL | 11:cee25a834751 | 3260 | if (data && data->enabled) { |
wolfSSL | 11:cee25a834751 | 3261 | /* client sends client_verify_data only */ |
wolfSSL | 11:cee25a834751 | 3262 | length += TLS_FINISHED_SZ; |
wolfSSL | 11:cee25a834751 | 3263 | |
wolfSSL | 11:cee25a834751 | 3264 | /* server also sends server_verify_data */ |
wolfSSL | 11:cee25a834751 | 3265 | if (!isRequest) |
wolfSSL | 11:cee25a834751 | 3266 | length += TLS_FINISHED_SZ; |
wolfSSL | 11:cee25a834751 | 3267 | } |
wolfSSL | 11:cee25a834751 | 3268 | |
wolfSSL | 11:cee25a834751 | 3269 | return length; |
wolfSSL | 11:cee25a834751 | 3270 | } |
wolfSSL | 11:cee25a834751 | 3271 | |
wolfSSL | 11:cee25a834751 | 3272 | static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data, |
wolfSSL | 11:cee25a834751 | 3273 | byte* output, int isRequest) |
wolfSSL | 11:cee25a834751 | 3274 | { |
wolfSSL | 11:cee25a834751 | 3275 | word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */ |
wolfSSL | 11:cee25a834751 | 3276 | |
wolfSSL | 11:cee25a834751 | 3277 | if (data && data->enabled) { |
wolfSSL | 11:cee25a834751 | 3278 | /* client sends client_verify_data only */ |
wolfSSL | 11:cee25a834751 | 3279 | XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ); |
wolfSSL | 11:cee25a834751 | 3280 | offset += TLS_FINISHED_SZ; |
wolfSSL | 11:cee25a834751 | 3281 | |
wolfSSL | 11:cee25a834751 | 3282 | /* server also sends server_verify_data */ |
wolfSSL | 11:cee25a834751 | 3283 | if (!isRequest) { |
wolfSSL | 11:cee25a834751 | 3284 | XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ); |
wolfSSL | 11:cee25a834751 | 3285 | offset += TLS_FINISHED_SZ; |
wolfSSL | 11:cee25a834751 | 3286 | } |
wolfSSL | 11:cee25a834751 | 3287 | } |
wolfSSL | 11:cee25a834751 | 3288 | |
wolfSSL | 11:cee25a834751 | 3289 | output[0] = (byte)(offset - 1); /* info length - self */ |
wolfSSL | 11:cee25a834751 | 3290 | |
wolfSSL | 11:cee25a834751 | 3291 | return offset; |
wolfSSL | 11:cee25a834751 | 3292 | } |
wolfSSL | 11:cee25a834751 | 3293 | |
wolfSSL | 11:cee25a834751 | 3294 | static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input, |
wolfSSL | 11:cee25a834751 | 3295 | word16 length, byte isRequest) |
wolfSSL | 11:cee25a834751 | 3296 | { |
wolfSSL | 11:cee25a834751 | 3297 | int ret = SECURE_RENEGOTIATION_E; |
wolfSSL | 11:cee25a834751 | 3298 | |
wolfSSL | 11:cee25a834751 | 3299 | if (length >= OPAQUE8_LEN) { |
wolfSSL | 11:cee25a834751 | 3300 | if (ssl->secure_renegotiation == NULL) { |
wolfSSL | 11:cee25a834751 | 3301 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 3302 | if (isRequest && *input == 0) { |
wolfSSL | 11:cee25a834751 | 3303 | #ifdef HAVE_SERVER_RENEGOTIATION_INFO |
wolfSSL | 11:cee25a834751 | 3304 | if (length == OPAQUE8_LEN) { |
wolfSSL | 11:cee25a834751 | 3305 | if (TLSX_Find(ssl->extensions, |
wolfSSL | 11:cee25a834751 | 3306 | TLSX_RENEGOTIATION_INFO) == NULL) { |
wolfSSL | 11:cee25a834751 | 3307 | ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, |
wolfSSL | 11:cee25a834751 | 3308 | ssl->heap); |
wolfSSL | 11:cee25a834751 | 3309 | if (ret == SSL_SUCCESS) |
wolfSSL | 11:cee25a834751 | 3310 | ret = 0; |
wolfSSL | 11:cee25a834751 | 3311 | |
wolfSSL | 11:cee25a834751 | 3312 | } else { |
wolfSSL | 11:cee25a834751 | 3313 | ret = 0; |
wolfSSL | 11:cee25a834751 | 3314 | } |
wolfSSL | 11:cee25a834751 | 3315 | } |
wolfSSL | 11:cee25a834751 | 3316 | #else |
wolfSSL | 11:cee25a834751 | 3317 | ret = 0; /* don't reply, user didn't enable */ |
wolfSSL | 11:cee25a834751 | 3318 | #endif /* HAVE_SERVER_RENEGOTIATION_INFO */ |
wolfSSL | 11:cee25a834751 | 3319 | } |
wolfSSL | 11:cee25a834751 | 3320 | #ifdef HAVE_SERVER_RENEGOTIATION_INFO |
wolfSSL | 11:cee25a834751 | 3321 | else if (!isRequest) { |
wolfSSL | 11:cee25a834751 | 3322 | /* don't do anything on client side */ |
wolfSSL | 11:cee25a834751 | 3323 | ret = 0; |
wolfSSL | 11:cee25a834751 | 3324 | } |
wolfSSL | 11:cee25a834751 | 3325 | #endif |
wolfSSL | 11:cee25a834751 | 3326 | #endif |
wolfSSL | 11:cee25a834751 | 3327 | } |
wolfSSL | 11:cee25a834751 | 3328 | else if (isRequest) { |
wolfSSL | 11:cee25a834751 | 3329 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 3330 | if (*input == TLS_FINISHED_SZ) { |
wolfSSL | 11:cee25a834751 | 3331 | /* TODO compare client_verify_data */ |
wolfSSL | 11:cee25a834751 | 3332 | ret = 0; |
wolfSSL | 11:cee25a834751 | 3333 | } |
wolfSSL | 11:cee25a834751 | 3334 | #endif |
wolfSSL | 11:cee25a834751 | 3335 | } |
wolfSSL | 11:cee25a834751 | 3336 | else { |
wolfSSL | 11:cee25a834751 | 3337 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 3338 | if (!ssl->secure_renegotiation->enabled) { |
wolfSSL | 11:cee25a834751 | 3339 | if (*input == 0) { |
wolfSSL | 11:cee25a834751 | 3340 | ssl->secure_renegotiation->enabled = 1; |
wolfSSL | 11:cee25a834751 | 3341 | ret = 0; |
wolfSSL | 11:cee25a834751 | 3342 | } |
wolfSSL | 11:cee25a834751 | 3343 | } |
wolfSSL | 11:cee25a834751 | 3344 | else if (*input == 2 * TLS_FINISHED_SZ && |
wolfSSL | 11:cee25a834751 | 3345 | length == 2 * TLS_FINISHED_SZ + OPAQUE8_LEN) { |
wolfSSL | 11:cee25a834751 | 3346 | input++; /* get past size */ |
wolfSSL | 11:cee25a834751 | 3347 | |
wolfSSL | 11:cee25a834751 | 3348 | /* validate client and server verify data */ |
wolfSSL | 11:cee25a834751 | 3349 | if (XMEMCMP(input, |
wolfSSL | 11:cee25a834751 | 3350 | ssl->secure_renegotiation->client_verify_data, |
wolfSSL | 11:cee25a834751 | 3351 | TLS_FINISHED_SZ) == 0 && |
wolfSSL | 11:cee25a834751 | 3352 | XMEMCMP(input + TLS_FINISHED_SZ, |
wolfSSL | 11:cee25a834751 | 3353 | ssl->secure_renegotiation->server_verify_data, |
wolfSSL | 11:cee25a834751 | 3354 | TLS_FINISHED_SZ) == 0) { |
wolfSSL | 11:cee25a834751 | 3355 | WOLFSSL_MSG("SCR client and server verify data match"); |
wolfSSL | 11:cee25a834751 | 3356 | ret = 0; /* verified */ |
wolfSSL | 11:cee25a834751 | 3357 | } else { |
wolfSSL | 11:cee25a834751 | 3358 | /* already in error state */ |
wolfSSL | 11:cee25a834751 | 3359 | WOLFSSL_MSG("SCR client and server verify data Failure"); |
wolfSSL | 11:cee25a834751 | 3360 | } |
wolfSSL | 11:cee25a834751 | 3361 | } |
wolfSSL | 11:cee25a834751 | 3362 | #endif |
wolfSSL | 11:cee25a834751 | 3363 | } |
wolfSSL | 11:cee25a834751 | 3364 | } |
wolfSSL | 11:cee25a834751 | 3365 | |
wolfSSL | 11:cee25a834751 | 3366 | if (ret != 0) { |
wolfSSL | 11:cee25a834751 | 3367 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 11:cee25a834751 | 3368 | } |
wolfSSL | 11:cee25a834751 | 3369 | |
wolfSSL | 11:cee25a834751 | 3370 | return ret; |
wolfSSL | 11:cee25a834751 | 3371 | } |
wolfSSL | 11:cee25a834751 | 3372 | |
wolfSSL | 11:cee25a834751 | 3373 | int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap) |
wolfSSL | 11:cee25a834751 | 3374 | { |
wolfSSL | 11:cee25a834751 | 3375 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 3376 | SecureRenegotiation* data = NULL; |
wolfSSL | 11:cee25a834751 | 3377 | |
wolfSSL | 11:cee25a834751 | 3378 | data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), heap, |
wolfSSL | 11:cee25a834751 | 3379 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 3380 | if (data == NULL) |
wolfSSL | 11:cee25a834751 | 3381 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 3382 | |
wolfSSL | 11:cee25a834751 | 3383 | XMEMSET(data, 0, sizeof(SecureRenegotiation)); |
wolfSSL | 11:cee25a834751 | 3384 | |
wolfSSL | 11:cee25a834751 | 3385 | ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data, heap); |
wolfSSL | 11:cee25a834751 | 3386 | if (ret != 0) { |
wolfSSL | 11:cee25a834751 | 3387 | XFREE(data, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 3388 | return ret; |
wolfSSL | 11:cee25a834751 | 3389 | } |
wolfSSL | 11:cee25a834751 | 3390 | |
wolfSSL | 11:cee25a834751 | 3391 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 3392 | } |
wolfSSL | 11:cee25a834751 | 3393 | |
wolfSSL | 11:cee25a834751 | 3394 | #ifdef HAVE_SERVER_RENEGOTIATION_INFO |
wolfSSL | 11:cee25a834751 | 3395 | |
wolfSSL | 11:cee25a834751 | 3396 | int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap) |
wolfSSL | 11:cee25a834751 | 3397 | { |
wolfSSL | 11:cee25a834751 | 3398 | int ret; |
wolfSSL | 11:cee25a834751 | 3399 | |
wolfSSL | 11:cee25a834751 | 3400 | ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, NULL, heap); |
wolfSSL | 11:cee25a834751 | 3401 | if (ret != 0) |
wolfSSL | 11:cee25a834751 | 3402 | return ret; |
wolfSSL | 11:cee25a834751 | 3403 | |
wolfSSL | 11:cee25a834751 | 3404 | /* send empty renegotiation_info extension */ |
wolfSSL | 11:cee25a834751 | 3405 | TLSX* ext = TLSX_Find(*extensions, TLSX_RENEGOTIATION_INFO); |
wolfSSL | 11:cee25a834751 | 3406 | if (ext) |
wolfSSL | 11:cee25a834751 | 3407 | ext->resp = 1; |
wolfSSL | 11:cee25a834751 | 3408 | |
wolfSSL | 11:cee25a834751 | 3409 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 3410 | } |
wolfSSL | 11:cee25a834751 | 3411 | |
wolfSSL | 11:cee25a834751 | 3412 | #endif /* HAVE_SERVER_RENEGOTIATION_INFO */ |
wolfSSL | 11:cee25a834751 | 3413 | |
wolfSSL | 11:cee25a834751 | 3414 | |
wolfSSL | 11:cee25a834751 | 3415 | #define SCR_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX) |
wolfSSL | 11:cee25a834751 | 3416 | #define SCR_GET_SIZE TLSX_SecureRenegotiation_GetSize |
wolfSSL | 11:cee25a834751 | 3417 | #define SCR_WRITE TLSX_SecureRenegotiation_Write |
wolfSSL | 11:cee25a834751 | 3418 | #define SCR_PARSE TLSX_SecureRenegotiation_Parse |
wolfSSL | 11:cee25a834751 | 3419 | |
wolfSSL | 11:cee25a834751 | 3420 | #else |
wolfSSL | 11:cee25a834751 | 3421 | |
wolfSSL | 11:cee25a834751 | 3422 | #define SCR_FREE_ALL(a, heap) |
wolfSSL | 11:cee25a834751 | 3423 | #define SCR_GET_SIZE(a, b) 0 |
wolfSSL | 11:cee25a834751 | 3424 | #define SCR_WRITE(a, b, c) 0 |
wolfSSL | 11:cee25a834751 | 3425 | #define SCR_PARSE(a, b, c, d) 0 |
wolfSSL | 11:cee25a834751 | 3426 | |
wolfSSL | 11:cee25a834751 | 3427 | #endif /* HAVE_SECURE_RENEGOTIATION */ |
wolfSSL | 11:cee25a834751 | 3428 | |
wolfSSL | 11:cee25a834751 | 3429 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 3430 | /* Session Tickets */ |
wolfSSL | 11:cee25a834751 | 3431 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 3432 | |
wolfSSL | 11:cee25a834751 | 3433 | #ifdef HAVE_SESSION_TICKET |
wolfSSL | 11:cee25a834751 | 3434 | |
wolfSSL | 11:cee25a834751 | 3435 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 3436 | static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) |
wolfSSL | 11:cee25a834751 | 3437 | { |
wolfSSL | 11:cee25a834751 | 3438 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET); |
wolfSSL | 11:cee25a834751 | 3439 | SessionTicket* ticket = extension ? |
wolfSSL | 11:cee25a834751 | 3440 | (SessionTicket*)extension->data : NULL; |
wolfSSL | 11:cee25a834751 | 3441 | |
wolfSSL | 11:cee25a834751 | 3442 | if (ticket) { |
wolfSSL | 11:cee25a834751 | 3443 | /* TODO validate ticket timeout here! */ |
wolfSSL | 11:cee25a834751 | 3444 | if (ticket->lifetime == 0xfffffff) { |
wolfSSL | 11:cee25a834751 | 3445 | /* send empty ticket on timeout */ |
wolfSSL | 11:cee25a834751 | 3446 | TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); |
wolfSSL | 11:cee25a834751 | 3447 | } |
wolfSSL | 11:cee25a834751 | 3448 | } |
wolfSSL | 11:cee25a834751 | 3449 | } |
wolfSSL | 11:cee25a834751 | 3450 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 11:cee25a834751 | 3451 | |
wolfSSL | 11:cee25a834751 | 3452 | |
wolfSSL | 11:cee25a834751 | 3453 | static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest) |
wolfSSL | 11:cee25a834751 | 3454 | { |
wolfSSL | 11:cee25a834751 | 3455 | (void)isRequest; |
wolfSSL | 11:cee25a834751 | 3456 | return ticket ? ticket->size : 0; |
wolfSSL | 11:cee25a834751 | 3457 | } |
wolfSSL | 11:cee25a834751 | 3458 | |
wolfSSL | 11:cee25a834751 | 3459 | static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output, |
wolfSSL | 11:cee25a834751 | 3460 | int isRequest) |
wolfSSL | 11:cee25a834751 | 3461 | { |
wolfSSL | 11:cee25a834751 | 3462 | word16 offset = 0; /* empty ticket */ |
wolfSSL | 11:cee25a834751 | 3463 | |
wolfSSL | 11:cee25a834751 | 3464 | if (isRequest && ticket) { |
wolfSSL | 11:cee25a834751 | 3465 | XMEMCPY(output + offset, ticket->data, ticket->size); |
wolfSSL | 11:cee25a834751 | 3466 | offset += ticket->size; |
wolfSSL | 11:cee25a834751 | 3467 | } |
wolfSSL | 11:cee25a834751 | 3468 | |
wolfSSL | 11:cee25a834751 | 3469 | return offset; |
wolfSSL | 11:cee25a834751 | 3470 | } |
wolfSSL | 11:cee25a834751 | 3471 | |
wolfSSL | 11:cee25a834751 | 3472 | |
wolfSSL | 11:cee25a834751 | 3473 | static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 11:cee25a834751 | 3474 | byte isRequest) |
wolfSSL | 11:cee25a834751 | 3475 | { |
wolfSSL | 11:cee25a834751 | 3476 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 3477 | |
wolfSSL | 11:cee25a834751 | 3478 | (void) input; /* avoid unused parameter if NO_WOLFSSL_SERVER defined */ |
wolfSSL | 11:cee25a834751 | 3479 | |
wolfSSL | 11:cee25a834751 | 3480 | if (!isRequest) { |
wolfSSL | 11:cee25a834751 | 3481 | /* client side */ |
wolfSSL | 11:cee25a834751 | 3482 | if (length != 0) |
wolfSSL | 11:cee25a834751 | 3483 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 3484 | |
wolfSSL | 11:cee25a834751 | 3485 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 3486 | ssl->expect_session_ticket = 1; |
wolfSSL | 11:cee25a834751 | 3487 | #endif |
wolfSSL | 11:cee25a834751 | 3488 | } |
wolfSSL | 11:cee25a834751 | 3489 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 3490 | else { |
wolfSSL | 11:cee25a834751 | 3491 | /* server side */ |
wolfSSL | 11:cee25a834751 | 3492 | if (ssl->ctx->ticketEncCb == NULL) { |
wolfSSL | 11:cee25a834751 | 3493 | WOLFSSL_MSG("Client sent session ticket, server has no callback"); |
wolfSSL | 11:cee25a834751 | 3494 | return 0; |
wolfSSL | 11:cee25a834751 | 3495 | } |
wolfSSL | 11:cee25a834751 | 3496 | |
wolfSSL | 11:cee25a834751 | 3497 | if (length == 0) { |
wolfSSL | 11:cee25a834751 | 3498 | /* blank ticket */ |
wolfSSL | 11:cee25a834751 | 3499 | ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); |
wolfSSL | 11:cee25a834751 | 3500 | if (ret == SSL_SUCCESS) { |
wolfSSL | 11:cee25a834751 | 3501 | ret = 0; |
wolfSSL | 11:cee25a834751 | 3502 | TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); /* send blank ticket */ |
wolfSSL | 11:cee25a834751 | 3503 | ssl->options.createTicket = 1; /* will send ticket msg */ |
wolfSSL | 11:cee25a834751 | 3504 | ssl->options.useTicket = 1; |
wolfSSL | 11:cee25a834751 | 3505 | ssl->options.resuming = 0; /* no standard resumption */ |
wolfSSL | 11:cee25a834751 | 3506 | ssl->arrays->sessionIDSz = 0; /* no echo on blank ticket */ |
wolfSSL | 11:cee25a834751 | 3507 | } |
wolfSSL | 11:cee25a834751 | 3508 | } else { |
wolfSSL | 11:cee25a834751 | 3509 | /* got actual ticket from client */ |
wolfSSL | 11:cee25a834751 | 3510 | ret = DoClientTicket(ssl, input, length); |
wolfSSL | 11:cee25a834751 | 3511 | if (ret == WOLFSSL_TICKET_RET_OK) { /* use ticket to resume */ |
wolfSSL | 11:cee25a834751 | 3512 | WOLFSSL_MSG("Using exisitng client ticket"); |
wolfSSL | 11:cee25a834751 | 3513 | ssl->options.useTicket = 1; |
wolfSSL | 11:cee25a834751 | 3514 | ssl->options.resuming = 1; |
wolfSSL | 11:cee25a834751 | 3515 | } else if (ret == WOLFSSL_TICKET_RET_CREATE) { |
wolfSSL | 11:cee25a834751 | 3516 | WOLFSSL_MSG("Using existing client ticket, creating new one"); |
wolfSSL | 11:cee25a834751 | 3517 | ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); |
wolfSSL | 11:cee25a834751 | 3518 | if (ret == SSL_SUCCESS) { |
wolfSSL | 11:cee25a834751 | 3519 | ret = 0; |
wolfSSL | 11:cee25a834751 | 3520 | TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); |
wolfSSL | 11:cee25a834751 | 3521 | /* send blank ticket */ |
wolfSSL | 11:cee25a834751 | 3522 | ssl->options.createTicket = 1; /* will send ticket msg */ |
wolfSSL | 11:cee25a834751 | 3523 | ssl->options.useTicket = 1; |
wolfSSL | 11:cee25a834751 | 3524 | ssl->options.resuming = 1; |
wolfSSL | 11:cee25a834751 | 3525 | } |
wolfSSL | 11:cee25a834751 | 3526 | } else if (ret == WOLFSSL_TICKET_RET_REJECT) { |
wolfSSL | 11:cee25a834751 | 3527 | WOLFSSL_MSG("Process client ticket rejected, not using"); |
wolfSSL | 11:cee25a834751 | 3528 | ssl->options.rejectTicket = 1; |
wolfSSL | 11:cee25a834751 | 3529 | ret = 0; /* not fatal */ |
wolfSSL | 11:cee25a834751 | 3530 | } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) { |
wolfSSL | 11:cee25a834751 | 3531 | WOLFSSL_MSG("Process client ticket fatal error, not using"); |
wolfSSL | 11:cee25a834751 | 3532 | } |
wolfSSL | 11:cee25a834751 | 3533 | } |
wolfSSL | 11:cee25a834751 | 3534 | } |
wolfSSL | 11:cee25a834751 | 3535 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 11:cee25a834751 | 3536 | |
wolfSSL | 11:cee25a834751 | 3537 | return ret; |
wolfSSL | 11:cee25a834751 | 3538 | } |
wolfSSL | 11:cee25a834751 | 3539 | |
wolfSSL | 11:cee25a834751 | 3540 | WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, |
wolfSSL | 11:cee25a834751 | 3541 | byte* data, word16 size, void* heap) |
wolfSSL | 11:cee25a834751 | 3542 | { |
wolfSSL | 11:cee25a834751 | 3543 | SessionTicket* ticket = (SessionTicket*)XMALLOC(sizeof(SessionTicket), |
wolfSSL | 11:cee25a834751 | 3544 | heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 3545 | if (ticket) { |
wolfSSL | 11:cee25a834751 | 3546 | ticket->data = (byte*)XMALLOC(size, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 3547 | if (ticket->data == NULL) { |
wolfSSL | 11:cee25a834751 | 3548 | XFREE(ticket, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 3549 | return NULL; |
wolfSSL | 11:cee25a834751 | 3550 | } |
wolfSSL | 11:cee25a834751 | 3551 | |
wolfSSL | 11:cee25a834751 | 3552 | XMEMCPY(ticket->data, data, size); |
wolfSSL | 11:cee25a834751 | 3553 | ticket->size = size; |
wolfSSL | 11:cee25a834751 | 3554 | ticket->lifetime = lifetime; |
wolfSSL | 11:cee25a834751 | 3555 | } |
wolfSSL | 11:cee25a834751 | 3556 | |
wolfSSL | 11:cee25a834751 | 3557 | return ticket; |
wolfSSL | 11:cee25a834751 | 3558 | } |
wolfSSL | 11:cee25a834751 | 3559 | WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap) |
wolfSSL | 11:cee25a834751 | 3560 | { |
wolfSSL | 11:cee25a834751 | 3561 | if (ticket) { |
wolfSSL | 11:cee25a834751 | 3562 | XFREE(ticket->data, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 3563 | XFREE(ticket, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 3564 | } |
wolfSSL | 11:cee25a834751 | 3565 | |
wolfSSL | 11:cee25a834751 | 3566 | (void)heap; |
wolfSSL | 11:cee25a834751 | 3567 | } |
wolfSSL | 11:cee25a834751 | 3568 | |
wolfSSL | 11:cee25a834751 | 3569 | int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket, void* heap) |
wolfSSL | 11:cee25a834751 | 3570 | { |
wolfSSL | 11:cee25a834751 | 3571 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 3572 | |
wolfSSL | 11:cee25a834751 | 3573 | if (extensions == NULL) |
wolfSSL | 11:cee25a834751 | 3574 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 3575 | |
wolfSSL | 11:cee25a834751 | 3576 | /* If the ticket is NULL, the client will request a new ticket from the |
wolfSSL | 11:cee25a834751 | 3577 | server. Otherwise, the client will use it in the next client hello. */ |
wolfSSL | 11:cee25a834751 | 3578 | if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket, heap)) |
wolfSSL | 11:cee25a834751 | 3579 | != 0) |
wolfSSL | 11:cee25a834751 | 3580 | return ret; |
wolfSSL | 11:cee25a834751 | 3581 | |
wolfSSL | 11:cee25a834751 | 3582 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 3583 | } |
wolfSSL | 11:cee25a834751 | 3584 | |
wolfSSL | 11:cee25a834751 | 3585 | #define WOLF_STK_VALIDATE_REQUEST TLSX_SessionTicket_ValidateRequest |
wolfSSL | 11:cee25a834751 | 3586 | #define WOLF_STK_GET_SIZE TLSX_SessionTicket_GetSize |
wolfSSL | 11:cee25a834751 | 3587 | #define WOLF_STK_WRITE TLSX_SessionTicket_Write |
wolfSSL | 11:cee25a834751 | 3588 | #define WOLF_STK_PARSE TLSX_SessionTicket_Parse |
wolfSSL | 11:cee25a834751 | 3589 | #define WOLF_STK_FREE(stk, heap) TLSX_SessionTicket_Free((SessionTicket*)stk,(heap)) |
wolfSSL | 11:cee25a834751 | 3590 | |
wolfSSL | 11:cee25a834751 | 3591 | #else |
wolfSSL | 11:cee25a834751 | 3592 | |
wolfSSL | 11:cee25a834751 | 3593 | #define WOLF_STK_FREE(a, b) |
wolfSSL | 11:cee25a834751 | 3594 | #define WOLF_STK_VALIDATE_REQUEST(a) |
wolfSSL | 11:cee25a834751 | 3595 | #define WOLF_STK_GET_SIZE(a, b) 0 |
wolfSSL | 11:cee25a834751 | 3596 | #define WOLF_STK_WRITE(a, b, c) 0 |
wolfSSL | 11:cee25a834751 | 3597 | #define WOLF_STK_PARSE(a, b, c, d) 0 |
wolfSSL | 11:cee25a834751 | 3598 | |
wolfSSL | 11:cee25a834751 | 3599 | #endif /* HAVE_SESSION_TICKET */ |
wolfSSL | 11:cee25a834751 | 3600 | |
wolfSSL | 11:cee25a834751 | 3601 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 3602 | /* Quantum-Safe-Hybrid */ |
wolfSSL | 11:cee25a834751 | 3603 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 3604 | |
wolfSSL | 11:cee25a834751 | 3605 | #if defined(HAVE_NTRU) && defined(HAVE_QSH) |
wolfSSL | 11:cee25a834751 | 3606 | static WC_RNG* rng; |
wolfSSL | 11:cee25a834751 | 3607 | static wolfSSL_Mutex* rngMutex; |
wolfSSL | 11:cee25a834751 | 3608 | #endif |
wolfSSL | 11:cee25a834751 | 3609 | |
wolfSSL | 11:cee25a834751 | 3610 | #ifdef HAVE_QSH |
wolfSSL | 11:cee25a834751 | 3611 | static void TLSX_QSH_FreeAll(QSHScheme* list, void* heap) |
wolfSSL | 11:cee25a834751 | 3612 | { |
wolfSSL | 11:cee25a834751 | 3613 | QSHScheme* current; |
wolfSSL | 11:cee25a834751 | 3614 | |
wolfSSL | 11:cee25a834751 | 3615 | while ((current = list)) { |
wolfSSL | 11:cee25a834751 | 3616 | list = current->next; |
wolfSSL | 11:cee25a834751 | 3617 | XFREE(current, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 3618 | } |
wolfSSL | 11:cee25a834751 | 3619 | |
wolfSSL | 11:cee25a834751 | 3620 | (void)heap; |
wolfSSL | 11:cee25a834751 | 3621 | } |
wolfSSL | 11:cee25a834751 | 3622 | |
wolfSSL | 11:cee25a834751 | 3623 | static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub, |
wolfSSL | 11:cee25a834751 | 3624 | word16 pubLen) |
wolfSSL | 11:cee25a834751 | 3625 | { |
wolfSSL | 11:cee25a834751 | 3626 | QSHScheme* temp; |
wolfSSL | 11:cee25a834751 | 3627 | |
wolfSSL | 11:cee25a834751 | 3628 | if (list == NULL) |
wolfSSL | 11:cee25a834751 | 3629 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 3630 | |
wolfSSL | 11:cee25a834751 | 3631 | if ((temp = (QSHScheme*)XMALLOC(sizeof(QSHScheme), NULL, |
wolfSSL | 11:cee25a834751 | 3632 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 11:cee25a834751 | 3633 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 3634 | |
wolfSSL | 11:cee25a834751 | 3635 | temp->name = name; |
wolfSSL | 11:cee25a834751 | 3636 | temp->PK = pub; |
wolfSSL | 11:cee25a834751 | 3637 | temp->PKLen = pubLen; |
wolfSSL | 11:cee25a834751 | 3638 | temp->next = *list; |
wolfSSL | 11:cee25a834751 | 3639 | |
wolfSSL | 11:cee25a834751 | 3640 | *list = temp; |
wolfSSL | 11:cee25a834751 | 3641 | |
wolfSSL | 11:cee25a834751 | 3642 | return 0; |
wolfSSL | 11:cee25a834751 | 3643 | } |
wolfSSL | 11:cee25a834751 | 3644 | |
wolfSSL | 11:cee25a834751 | 3645 | |
wolfSSL | 11:cee25a834751 | 3646 | /* request for server's public key : 02 indicates 0-2 requested */ |
wolfSSL | 11:cee25a834751 | 3647 | static byte TLSX_QSH_SerPKReq(byte* output, byte isRequest) |
wolfSSL | 11:cee25a834751 | 3648 | { |
wolfSSL | 11:cee25a834751 | 3649 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 3650 | /* only request one public key from the server */ |
wolfSSL | 11:cee25a834751 | 3651 | output[0] = 0x01; |
wolfSSL | 11:cee25a834751 | 3652 | |
wolfSSL | 11:cee25a834751 | 3653 | return OPAQUE8_LEN; |
wolfSSL | 11:cee25a834751 | 3654 | } |
wolfSSL | 11:cee25a834751 | 3655 | else { |
wolfSSL | 11:cee25a834751 | 3656 | return 0; |
wolfSSL | 11:cee25a834751 | 3657 | } |
wolfSSL | 11:cee25a834751 | 3658 | } |
wolfSSL | 11:cee25a834751 | 3659 | |
wolfSSL | 11:cee25a834751 | 3660 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 3661 | |
wolfSSL | 11:cee25a834751 | 3662 | /* check for TLS_QSH suite */ |
wolfSSL | 11:cee25a834751 | 3663 | static void TLSX_QSH_ValidateRequest(WOLFSSL* ssl, byte* semaphore) |
wolfSSL | 11:cee25a834751 | 3664 | { |
wolfSSL | 11:cee25a834751 | 3665 | int i; |
wolfSSL | 11:cee25a834751 | 3666 | |
wolfSSL | 11:cee25a834751 | 3667 | for (i = 0; i < ssl->suites->suiteSz; i+= 2) |
wolfSSL | 11:cee25a834751 | 3668 | if (ssl->suites->suites[i] == QSH_BYTE) |
wolfSSL | 11:cee25a834751 | 3669 | return; |
wolfSSL | 11:cee25a834751 | 3670 | |
wolfSSL | 11:cee25a834751 | 3671 | /* No QSH suite found */ |
wolfSSL | 11:cee25a834751 | 3672 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_QUANTUM_SAFE_HYBRID)); |
wolfSSL | 11:cee25a834751 | 3673 | } |
wolfSSL | 11:cee25a834751 | 3674 | |
wolfSSL | 11:cee25a834751 | 3675 | |
wolfSSL | 11:cee25a834751 | 3676 | /* return the size of the QSH hello extension |
wolfSSL | 11:cee25a834751 | 3677 | list the list of QSHScheme structs containing id and key |
wolfSSL | 11:cee25a834751 | 3678 | isRequest if 1 then is being sent to the server |
wolfSSL | 11:cee25a834751 | 3679 | */ |
wolfSSL | 11:cee25a834751 | 3680 | word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest) |
wolfSSL | 11:cee25a834751 | 3681 | { |
wolfSSL | 11:cee25a834751 | 3682 | QSHScheme* temp = list; |
wolfSSL | 11:cee25a834751 | 3683 | word16 length = 0; |
wolfSSL | 11:cee25a834751 | 3684 | |
wolfSSL | 11:cee25a834751 | 3685 | /* account for size of scheme list and public key list */ |
wolfSSL | 11:cee25a834751 | 3686 | if (isRequest) |
wolfSSL | 11:cee25a834751 | 3687 | length = OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 3688 | length += OPAQUE24_LEN; |
wolfSSL | 11:cee25a834751 | 3689 | |
wolfSSL | 11:cee25a834751 | 3690 | /* for each non null element in list add size */ |
wolfSSL | 11:cee25a834751 | 3691 | while ((temp)) { |
wolfSSL | 11:cee25a834751 | 3692 | /* add public key info Scheme | Key Length | Key */ |
wolfSSL | 11:cee25a834751 | 3693 | length += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 3694 | length += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 3695 | length += temp->PKLen; |
wolfSSL | 11:cee25a834751 | 3696 | |
wolfSSL | 11:cee25a834751 | 3697 | /* if client add name size for scheme list |
wolfSSL | 11:cee25a834751 | 3698 | advance to next QSHScheme struct in list */ |
wolfSSL | 11:cee25a834751 | 3699 | if (isRequest) |
wolfSSL | 11:cee25a834751 | 3700 | length += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 3701 | temp = temp->next; |
wolfSSL | 11:cee25a834751 | 3702 | } |
wolfSSL | 11:cee25a834751 | 3703 | |
wolfSSL | 11:cee25a834751 | 3704 | /* add length for request server public keys */ |
wolfSSL | 11:cee25a834751 | 3705 | if (isRequest) |
wolfSSL | 11:cee25a834751 | 3706 | length += OPAQUE8_LEN; |
wolfSSL | 11:cee25a834751 | 3707 | |
wolfSSL | 11:cee25a834751 | 3708 | return length; |
wolfSSL | 11:cee25a834751 | 3709 | } |
wolfSSL | 11:cee25a834751 | 3710 | |
wolfSSL | 11:cee25a834751 | 3711 | |
wolfSSL | 11:cee25a834751 | 3712 | /* write out a list of QSHScheme IDs */ |
wolfSSL | 11:cee25a834751 | 3713 | static word16 TLSX_QSH_Write(QSHScheme* list, byte* output) |
wolfSSL | 11:cee25a834751 | 3714 | { |
wolfSSL | 11:cee25a834751 | 3715 | QSHScheme* current = list; |
wolfSSL | 11:cee25a834751 | 3716 | word16 length = 0; |
wolfSSL | 11:cee25a834751 | 3717 | |
wolfSSL | 11:cee25a834751 | 3718 | length += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 3719 | |
wolfSSL | 11:cee25a834751 | 3720 | while (current) { |
wolfSSL | 11:cee25a834751 | 3721 | c16toa(current->name, output + length); |
wolfSSL | 11:cee25a834751 | 3722 | length += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 3723 | current = (QSHScheme*)current->next; |
wolfSSL | 11:cee25a834751 | 3724 | } |
wolfSSL | 11:cee25a834751 | 3725 | |
wolfSSL | 11:cee25a834751 | 3726 | c16toa(length - OPAQUE16_LEN, output); /* writing list length */ |
wolfSSL | 11:cee25a834751 | 3727 | |
wolfSSL | 11:cee25a834751 | 3728 | return length; |
wolfSSL | 11:cee25a834751 | 3729 | } |
wolfSSL | 11:cee25a834751 | 3730 | |
wolfSSL | 11:cee25a834751 | 3731 | |
wolfSSL | 11:cee25a834751 | 3732 | /* write public key list in extension */ |
wolfSSL | 11:cee25a834751 | 3733 | static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output); |
wolfSSL | 11:cee25a834751 | 3734 | static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output) |
wolfSSL | 11:cee25a834751 | 3735 | { |
wolfSSL | 11:cee25a834751 | 3736 | word32 offset = 0; |
wolfSSL | 11:cee25a834751 | 3737 | word16 public_len = 0; |
wolfSSL | 11:cee25a834751 | 3738 | |
wolfSSL | 11:cee25a834751 | 3739 | if (!format) |
wolfSSL | 11:cee25a834751 | 3740 | return offset; |
wolfSSL | 11:cee25a834751 | 3741 | |
wolfSSL | 11:cee25a834751 | 3742 | /* write scheme ID */ |
wolfSSL | 11:cee25a834751 | 3743 | c16toa(format->name, output + offset); |
wolfSSL | 11:cee25a834751 | 3744 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 3745 | |
wolfSSL | 11:cee25a834751 | 3746 | /* write public key matching scheme */ |
wolfSSL | 11:cee25a834751 | 3747 | public_len = format->PKLen; |
wolfSSL | 11:cee25a834751 | 3748 | c16toa(public_len, output + offset); |
wolfSSL | 11:cee25a834751 | 3749 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 3750 | if (format->PK) { |
wolfSSL | 11:cee25a834751 | 3751 | XMEMCPY(output+offset, format->PK, public_len); |
wolfSSL | 11:cee25a834751 | 3752 | } |
wolfSSL | 11:cee25a834751 | 3753 | |
wolfSSL | 11:cee25a834751 | 3754 | return public_len + offset; |
wolfSSL | 11:cee25a834751 | 3755 | } |
wolfSSL | 11:cee25a834751 | 3756 | |
wolfSSL | 11:cee25a834751 | 3757 | word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output) |
wolfSSL | 11:cee25a834751 | 3758 | { |
wolfSSL | 11:cee25a834751 | 3759 | QSHScheme* current = list; |
wolfSSL | 11:cee25a834751 | 3760 | word32 length = 0; |
wolfSSL | 11:cee25a834751 | 3761 | word24 toWire; |
wolfSSL | 11:cee25a834751 | 3762 | |
wolfSSL | 11:cee25a834751 | 3763 | length += OPAQUE24_LEN; |
wolfSSL | 11:cee25a834751 | 3764 | |
wolfSSL | 11:cee25a834751 | 3765 | while (current) { |
wolfSSL | 11:cee25a834751 | 3766 | length += TLSX_QSHPK_WriteR(current, output + length); |
wolfSSL | 11:cee25a834751 | 3767 | current = (QSHScheme*)current->next; |
wolfSSL | 11:cee25a834751 | 3768 | } |
wolfSSL | 11:cee25a834751 | 3769 | /* length of public keys sent */ |
wolfSSL | 11:cee25a834751 | 3770 | c32to24(length - OPAQUE24_LEN, toWire); |
wolfSSL | 11:cee25a834751 | 3771 | output[0] = toWire[0]; |
wolfSSL | 11:cee25a834751 | 3772 | output[1] = toWire[1]; |
wolfSSL | 11:cee25a834751 | 3773 | output[2] = toWire[2]; |
wolfSSL | 11:cee25a834751 | 3774 | |
wolfSSL | 11:cee25a834751 | 3775 | return length; |
wolfSSL | 11:cee25a834751 | 3776 | } |
wolfSSL | 11:cee25a834751 | 3777 | |
wolfSSL | 11:cee25a834751 | 3778 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 11:cee25a834751 | 3779 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 3780 | |
wolfSSL | 11:cee25a834751 | 3781 | static void TLSX_QSHAgreement(TLSX** extensions, void* heap) |
wolfSSL | 11:cee25a834751 | 3782 | { |
wolfSSL | 11:cee25a834751 | 3783 | TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 11:cee25a834751 | 3784 | QSHScheme* format = NULL; |
wolfSSL | 11:cee25a834751 | 3785 | QSHScheme* del = NULL; |
wolfSSL | 11:cee25a834751 | 3786 | QSHScheme* prev = NULL; |
wolfSSL | 11:cee25a834751 | 3787 | |
wolfSSL | 11:cee25a834751 | 3788 | if (extension == NULL) |
wolfSSL | 11:cee25a834751 | 3789 | return; |
wolfSSL | 11:cee25a834751 | 3790 | |
wolfSSL | 11:cee25a834751 | 3791 | format = (QSHScheme*)extension->data; |
wolfSSL | 11:cee25a834751 | 3792 | while (format) { |
wolfSSL | 11:cee25a834751 | 3793 | if (format->PKLen == 0) { |
wolfSSL | 11:cee25a834751 | 3794 | /* case of head */ |
wolfSSL | 11:cee25a834751 | 3795 | if (format == extension->data) { |
wolfSSL | 11:cee25a834751 | 3796 | extension->data = format->next; |
wolfSSL | 11:cee25a834751 | 3797 | } |
wolfSSL | 11:cee25a834751 | 3798 | if (prev) |
wolfSSL | 11:cee25a834751 | 3799 | prev->next = format->next; |
wolfSSL | 11:cee25a834751 | 3800 | del = format; |
wolfSSL | 11:cee25a834751 | 3801 | format = format->next; |
wolfSSL | 11:cee25a834751 | 3802 | XFREE(del, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 3803 | del = NULL; |
wolfSSL | 11:cee25a834751 | 3804 | } else { |
wolfSSL | 11:cee25a834751 | 3805 | prev = format; |
wolfSSL | 11:cee25a834751 | 3806 | format = format->next; |
wolfSSL | 11:cee25a834751 | 3807 | } |
wolfSSL | 11:cee25a834751 | 3808 | } |
wolfSSL | 11:cee25a834751 | 3809 | |
wolfSSL | 11:cee25a834751 | 3810 | (void)heap; |
wolfSSL | 11:cee25a834751 | 3811 | } |
wolfSSL | 11:cee25a834751 | 3812 | |
wolfSSL | 11:cee25a834751 | 3813 | |
wolfSSL | 11:cee25a834751 | 3814 | /* Parse in hello extension |
wolfSSL | 11:cee25a834751 | 3815 | input the byte stream to process |
wolfSSL | 11:cee25a834751 | 3816 | length length of total extension found |
wolfSSL | 11:cee25a834751 | 3817 | isRequest set to 1 if being sent to the server |
wolfSSL | 11:cee25a834751 | 3818 | */ |
wolfSSL | 11:cee25a834751 | 3819 | static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 11:cee25a834751 | 3820 | byte isRequest) |
wolfSSL | 11:cee25a834751 | 3821 | { |
wolfSSL | 11:cee25a834751 | 3822 | byte numKeys = 0; |
wolfSSL | 11:cee25a834751 | 3823 | word16 offset = 0; |
wolfSSL | 11:cee25a834751 | 3824 | word16 schemSz = 0; |
wolfSSL | 11:cee25a834751 | 3825 | word16 offset_len = 0; |
wolfSSL | 11:cee25a834751 | 3826 | word32 offset_pk = 0; |
wolfSSL | 11:cee25a834751 | 3827 | word16 name = 0; |
wolfSSL | 11:cee25a834751 | 3828 | word16 PKLen = 0; |
wolfSSL | 11:cee25a834751 | 3829 | byte* PK = NULL; |
wolfSSL | 11:cee25a834751 | 3830 | int r; |
wolfSSL | 11:cee25a834751 | 3831 | |
wolfSSL | 11:cee25a834751 | 3832 | |
wolfSSL | 11:cee25a834751 | 3833 | if (OPAQUE16_LEN > length) |
wolfSSL | 11:cee25a834751 | 3834 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 3835 | |
wolfSSL | 11:cee25a834751 | 3836 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 3837 | ato16(input, &schemSz); |
wolfSSL | 11:cee25a834751 | 3838 | |
wolfSSL | 11:cee25a834751 | 3839 | /* list of public keys available for QSH schemes */ |
wolfSSL | 11:cee25a834751 | 3840 | offset_len = schemSz + OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 3841 | } |
wolfSSL | 11:cee25a834751 | 3842 | |
wolfSSL | 11:cee25a834751 | 3843 | offset_pk = ((input[offset_len] << 16) & 0xFF00000) | |
wolfSSL | 11:cee25a834751 | 3844 | (((input[offset_len + 1]) << 8) & 0xFF00) | |
wolfSSL | 11:cee25a834751 | 3845 | (input[offset_len + 2] & 0xFF); |
wolfSSL | 11:cee25a834751 | 3846 | offset_len += OPAQUE24_LEN; |
wolfSSL | 11:cee25a834751 | 3847 | |
wolfSSL | 11:cee25a834751 | 3848 | /* check buffer size */ |
wolfSSL | 11:cee25a834751 | 3849 | if (offset_pk > length) |
wolfSSL | 11:cee25a834751 | 3850 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 3851 | |
wolfSSL | 11:cee25a834751 | 3852 | /* set maximum number of keys the client will accept */ |
wolfSSL | 11:cee25a834751 | 3853 | if (!isRequest) |
wolfSSL | 11:cee25a834751 | 3854 | numKeys = (ssl->maxRequest < 1)? 1 : ssl->maxRequest; |
wolfSSL | 11:cee25a834751 | 3855 | |
wolfSSL | 11:cee25a834751 | 3856 | /* hello extension read list of scheme ids */ |
wolfSSL | 11:cee25a834751 | 3857 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 3858 | |
wolfSSL | 11:cee25a834751 | 3859 | /* read in request for public keys */ |
wolfSSL | 11:cee25a834751 | 3860 | ssl->minRequest = (input[length -1] >> 4) & 0xFF; |
wolfSSL | 11:cee25a834751 | 3861 | ssl->maxRequest = input[length -1] & 0x0F; |
wolfSSL | 11:cee25a834751 | 3862 | |
wolfSSL | 11:cee25a834751 | 3863 | /* choose the min between min requested by client and 1 */ |
wolfSSL | 11:cee25a834751 | 3864 | numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1; |
wolfSSL | 11:cee25a834751 | 3865 | |
wolfSSL | 11:cee25a834751 | 3866 | if (ssl->minRequest > ssl->maxRequest) |
wolfSSL | 11:cee25a834751 | 3867 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 3868 | |
wolfSSL | 11:cee25a834751 | 3869 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 3870 | schemSz += offset; |
wolfSSL | 11:cee25a834751 | 3871 | |
wolfSSL | 11:cee25a834751 | 3872 | /* check buffer size */ |
wolfSSL | 11:cee25a834751 | 3873 | if (schemSz > length) |
wolfSSL | 11:cee25a834751 | 3874 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 3875 | |
wolfSSL | 11:cee25a834751 | 3876 | while ((offset < schemSz) && numKeys) { |
wolfSSL | 11:cee25a834751 | 3877 | /* Scheme ID list */ |
wolfSSL | 11:cee25a834751 | 3878 | ato16(input + offset, &name); |
wolfSSL | 11:cee25a834751 | 3879 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 3880 | |
wolfSSL | 11:cee25a834751 | 3881 | /* validate we have scheme id */ |
wolfSSL | 11:cee25a834751 | 3882 | if (ssl->user_set_QSHSchemes && |
wolfSSL | 11:cee25a834751 | 3883 | !TLSX_ValidateQSHScheme(&ssl->extensions, name)) { |
wolfSSL | 11:cee25a834751 | 3884 | continue; |
wolfSSL | 11:cee25a834751 | 3885 | } |
wolfSSL | 11:cee25a834751 | 3886 | |
wolfSSL | 11:cee25a834751 | 3887 | /* server create keys on demand */ |
wolfSSL | 11:cee25a834751 | 3888 | if ((r = TLSX_CreateNtruKey(ssl, name)) != 0) { |
wolfSSL | 11:cee25a834751 | 3889 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 11:cee25a834751 | 3890 | return r; |
wolfSSL | 11:cee25a834751 | 3891 | } |
wolfSSL | 11:cee25a834751 | 3892 | |
wolfSSL | 11:cee25a834751 | 3893 | /* peer sent an agreed upon scheme */ |
wolfSSL | 11:cee25a834751 | 3894 | r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap); |
wolfSSL | 11:cee25a834751 | 3895 | |
wolfSSL | 11:cee25a834751 | 3896 | if (r != SSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 11:cee25a834751 | 3897 | |
wolfSSL | 11:cee25a834751 | 3898 | numKeys--; |
wolfSSL | 11:cee25a834751 | 3899 | } |
wolfSSL | 11:cee25a834751 | 3900 | |
wolfSSL | 11:cee25a834751 | 3901 | /* choose the min between min requested by client and 1 */ |
wolfSSL | 11:cee25a834751 | 3902 | numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1; |
wolfSSL | 11:cee25a834751 | 3903 | } |
wolfSSL | 11:cee25a834751 | 3904 | |
wolfSSL | 11:cee25a834751 | 3905 | /* QSHPK struct */ |
wolfSSL | 11:cee25a834751 | 3906 | offset_pk += offset_len; |
wolfSSL | 11:cee25a834751 | 3907 | while ((offset_len < offset_pk) && numKeys) { |
wolfSSL | 11:cee25a834751 | 3908 | QSHKey * temp; |
wolfSSL | 11:cee25a834751 | 3909 | |
wolfSSL | 11:cee25a834751 | 3910 | if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap, |
wolfSSL | 11:cee25a834751 | 3911 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 11:cee25a834751 | 3912 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 3913 | |
wolfSSL | 11:cee25a834751 | 3914 | /* initialize */ |
wolfSSL | 11:cee25a834751 | 3915 | temp->next = NULL; |
wolfSSL | 11:cee25a834751 | 3916 | temp->pub.buffer = NULL; |
wolfSSL | 11:cee25a834751 | 3917 | temp->pub.length = 0; |
wolfSSL | 11:cee25a834751 | 3918 | temp->pri.buffer = NULL; |
wolfSSL | 11:cee25a834751 | 3919 | temp->pri.length = 0; |
wolfSSL | 11:cee25a834751 | 3920 | |
wolfSSL | 11:cee25a834751 | 3921 | /* scheme id */ |
wolfSSL | 11:cee25a834751 | 3922 | ato16(input + offset_len, &(temp->name)); |
wolfSSL | 11:cee25a834751 | 3923 | offset_len += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 3924 | |
wolfSSL | 11:cee25a834751 | 3925 | /* public key length */ |
wolfSSL | 11:cee25a834751 | 3926 | ato16(input + offset_len, &PKLen); |
wolfSSL | 11:cee25a834751 | 3927 | temp->pub.length = PKLen; |
wolfSSL | 11:cee25a834751 | 3928 | offset_len += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 3929 | |
wolfSSL | 11:cee25a834751 | 3930 | |
wolfSSL | 11:cee25a834751 | 3931 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 3932 | /* validate we have scheme id */ |
wolfSSL | 11:cee25a834751 | 3933 | if (ssl->user_set_QSHSchemes && |
wolfSSL | 11:cee25a834751 | 3934 | (!TLSX_ValidateQSHScheme(&ssl->extensions, temp->name))) { |
wolfSSL | 11:cee25a834751 | 3935 | offset_len += PKLen; |
wolfSSL | 11:cee25a834751 | 3936 | XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 3937 | continue; |
wolfSSL | 11:cee25a834751 | 3938 | } |
wolfSSL | 11:cee25a834751 | 3939 | } |
wolfSSL | 11:cee25a834751 | 3940 | |
wolfSSL | 11:cee25a834751 | 3941 | /* read in public key */ |
wolfSSL | 11:cee25a834751 | 3942 | if (PKLen > 0) { |
wolfSSL | 11:cee25a834751 | 3943 | temp->pub.buffer = (byte*)XMALLOC(temp->pub.length, |
wolfSSL | 11:cee25a834751 | 3944 | ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 11:cee25a834751 | 3945 | XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length); |
wolfSSL | 11:cee25a834751 | 3946 | offset_len += PKLen; |
wolfSSL | 11:cee25a834751 | 3947 | } |
wolfSSL | 11:cee25a834751 | 3948 | else { |
wolfSSL | 11:cee25a834751 | 3949 | PK = NULL; |
wolfSSL | 11:cee25a834751 | 3950 | } |
wolfSSL | 11:cee25a834751 | 3951 | |
wolfSSL | 11:cee25a834751 | 3952 | /* use own key when adding to extensions list for sending reply */ |
wolfSSL | 11:cee25a834751 | 3953 | PKLen = 0; |
wolfSSL | 11:cee25a834751 | 3954 | PK = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &PKLen, temp->name); |
wolfSSL | 11:cee25a834751 | 3955 | r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen, |
wolfSSL | 11:cee25a834751 | 3956 | ssl->heap); |
wolfSSL | 11:cee25a834751 | 3957 | |
wolfSSL | 11:cee25a834751 | 3958 | /* store peers key */ |
wolfSSL | 11:cee25a834751 | 3959 | ssl->peerQSHKeyPresent = 1; |
wolfSSL | 11:cee25a834751 | 3960 | if (TLSX_AddQSHKey(&ssl->peerQSHKey, temp) != 0) |
wolfSSL | 11:cee25a834751 | 3961 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 3962 | |
wolfSSL | 11:cee25a834751 | 3963 | if (temp->pub.length == 0) { |
wolfSSL | 11:cee25a834751 | 3964 | XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 3965 | } |
wolfSSL | 11:cee25a834751 | 3966 | |
wolfSSL | 11:cee25a834751 | 3967 | if (r != SSL_SUCCESS) {return r;} /* throw error */ |
wolfSSL | 11:cee25a834751 | 3968 | |
wolfSSL | 11:cee25a834751 | 3969 | numKeys--; |
wolfSSL | 11:cee25a834751 | 3970 | } |
wolfSSL | 11:cee25a834751 | 3971 | |
wolfSSL | 11:cee25a834751 | 3972 | /* reply to a QSH extension sent from client */ |
wolfSSL | 11:cee25a834751 | 3973 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 3974 | TLSX_SetResponse(ssl, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 11:cee25a834751 | 3975 | /* only use schemes we have key generated for -- free the rest */ |
wolfSSL | 11:cee25a834751 | 3976 | TLSX_QSHAgreement(&ssl->extensions, ssl->heap); |
wolfSSL | 11:cee25a834751 | 3977 | } |
wolfSSL | 11:cee25a834751 | 3978 | |
wolfSSL | 11:cee25a834751 | 3979 | return 0; |
wolfSSL | 11:cee25a834751 | 3980 | } |
wolfSSL | 11:cee25a834751 | 3981 | |
wolfSSL | 11:cee25a834751 | 3982 | |
wolfSSL | 11:cee25a834751 | 3983 | /* Used for parsing in QSHCipher structs on Key Exchange */ |
wolfSSL | 11:cee25a834751 | 3984 | int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length, |
wolfSSL | 11:cee25a834751 | 3985 | byte isServer) |
wolfSSL | 11:cee25a834751 | 3986 | { |
wolfSSL | 11:cee25a834751 | 3987 | QSHKey* key; |
wolfSSL | 11:cee25a834751 | 3988 | word16 Max_Secret_Len = 48; |
wolfSSL | 11:cee25a834751 | 3989 | word16 offset = 0; |
wolfSSL | 11:cee25a834751 | 3990 | word16 offset_len = 0; |
wolfSSL | 11:cee25a834751 | 3991 | word32 offset_pk = 0; |
wolfSSL | 11:cee25a834751 | 3992 | word16 name = 0; |
wolfSSL | 11:cee25a834751 | 3993 | word16 secretLen = 0; |
wolfSSL | 11:cee25a834751 | 3994 | byte* secret = NULL; |
wolfSSL | 11:cee25a834751 | 3995 | word16 buffLen = 0; |
wolfSSL | 11:cee25a834751 | 3996 | byte buff[145]; /* size enough for 3 secrets */ |
wolfSSL | 11:cee25a834751 | 3997 | buffer* buf; |
wolfSSL | 11:cee25a834751 | 3998 | |
wolfSSL | 11:cee25a834751 | 3999 | /* pointer to location where secret should be stored */ |
wolfSSL | 11:cee25a834751 | 4000 | if (isServer) { |
wolfSSL | 11:cee25a834751 | 4001 | buf = ssl->QSH_secret->CliSi; |
wolfSSL | 11:cee25a834751 | 4002 | } |
wolfSSL | 11:cee25a834751 | 4003 | else { |
wolfSSL | 11:cee25a834751 | 4004 | buf = ssl->QSH_secret->SerSi; |
wolfSSL | 11:cee25a834751 | 4005 | } |
wolfSSL | 11:cee25a834751 | 4006 | |
wolfSSL | 11:cee25a834751 | 4007 | offset_pk = ((input[offset_len] << 16) & 0xFF0000) | |
wolfSSL | 11:cee25a834751 | 4008 | (((input[offset_len + 1]) << 8) & 0xFF00) | |
wolfSSL | 11:cee25a834751 | 4009 | (input[offset_len + 2] & 0xFF); |
wolfSSL | 11:cee25a834751 | 4010 | offset_len += OPAQUE24_LEN; |
wolfSSL | 11:cee25a834751 | 4011 | |
wolfSSL | 11:cee25a834751 | 4012 | /* validating extension list length -- check if trying to read over edge |
wolfSSL | 11:cee25a834751 | 4013 | of buffer */ |
wolfSSL | 11:cee25a834751 | 4014 | if (length < (offset_pk + OPAQUE24_LEN)) { |
wolfSSL | 11:cee25a834751 | 4015 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 4016 | } |
wolfSSL | 11:cee25a834751 | 4017 | |
wolfSSL | 11:cee25a834751 | 4018 | /* QSHCipherList struct */ |
wolfSSL | 11:cee25a834751 | 4019 | offset_pk += offset_len; |
wolfSSL | 11:cee25a834751 | 4020 | while (offset_len < offset_pk) { |
wolfSSL | 11:cee25a834751 | 4021 | |
wolfSSL | 11:cee25a834751 | 4022 | /* scheme id */ |
wolfSSL | 11:cee25a834751 | 4023 | ato16(input + offset_len, &name); |
wolfSSL | 11:cee25a834751 | 4024 | offset_len += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 4025 | |
wolfSSL | 11:cee25a834751 | 4026 | /* public key length */ |
wolfSSL | 11:cee25a834751 | 4027 | ato16(input + offset_len, &secretLen); |
wolfSSL | 11:cee25a834751 | 4028 | offset_len += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 4029 | |
wolfSSL | 11:cee25a834751 | 4030 | /* read in public key */ |
wolfSSL | 11:cee25a834751 | 4031 | if (secretLen > 0) { |
wolfSSL | 11:cee25a834751 | 4032 | secret = (byte*)(input + offset_len); |
wolfSSL | 11:cee25a834751 | 4033 | offset_len += secretLen; |
wolfSSL | 11:cee25a834751 | 4034 | } |
wolfSSL | 11:cee25a834751 | 4035 | else { |
wolfSSL | 11:cee25a834751 | 4036 | secret = NULL; |
wolfSSL | 11:cee25a834751 | 4037 | } |
wolfSSL | 11:cee25a834751 | 4038 | |
wolfSSL | 11:cee25a834751 | 4039 | /* no secret sent */ |
wolfSSL | 11:cee25a834751 | 4040 | if (secret == NULL) |
wolfSSL | 11:cee25a834751 | 4041 | continue; |
wolfSSL | 11:cee25a834751 | 4042 | |
wolfSSL | 11:cee25a834751 | 4043 | /* find corresponding key */ |
wolfSSL | 11:cee25a834751 | 4044 | key = ssl->QSH_Key; |
wolfSSL | 11:cee25a834751 | 4045 | while (key) { |
wolfSSL | 11:cee25a834751 | 4046 | if (key->name == name) |
wolfSSL | 11:cee25a834751 | 4047 | break; |
wolfSSL | 11:cee25a834751 | 4048 | else |
wolfSSL | 11:cee25a834751 | 4049 | key = (QSHKey*)key->next; |
wolfSSL | 11:cee25a834751 | 4050 | } |
wolfSSL | 11:cee25a834751 | 4051 | |
wolfSSL | 11:cee25a834751 | 4052 | /* if we do not have the key than there was a big issue negotiation */ |
wolfSSL | 11:cee25a834751 | 4053 | if (key == NULL) { |
wolfSSL | 11:cee25a834751 | 4054 | WOLFSSL_MSG("key was null for decryption!!!\n"); |
wolfSSL | 11:cee25a834751 | 4055 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 4056 | } |
wolfSSL | 11:cee25a834751 | 4057 | |
wolfSSL | 11:cee25a834751 | 4058 | /* Decrypt sent secret */ |
wolfSSL | 11:cee25a834751 | 4059 | buffLen = Max_Secret_Len; |
wolfSSL | 11:cee25a834751 | 4060 | QSH_Decrypt(key, secret, secretLen, buff + offset, &buffLen); |
wolfSSL | 11:cee25a834751 | 4061 | offset += buffLen; |
wolfSSL | 11:cee25a834751 | 4062 | } |
wolfSSL | 11:cee25a834751 | 4063 | |
wolfSSL | 11:cee25a834751 | 4064 | /* allocate memory for buffer */ |
wolfSSL | 11:cee25a834751 | 4065 | buf->length = offset; |
wolfSSL | 11:cee25a834751 | 4066 | buf->buffer = (byte*)XMALLOC(offset, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 4067 | if (buf->buffer == NULL) |
wolfSSL | 11:cee25a834751 | 4068 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 4069 | |
wolfSSL | 11:cee25a834751 | 4070 | /* store secrets */ |
wolfSSL | 11:cee25a834751 | 4071 | XMEMCPY(buf->buffer, buff, offset); |
wolfSSL | 11:cee25a834751 | 4072 | ForceZero(buff, offset); |
wolfSSL | 11:cee25a834751 | 4073 | |
wolfSSL | 11:cee25a834751 | 4074 | return offset_len; |
wolfSSL | 11:cee25a834751 | 4075 | } |
wolfSSL | 11:cee25a834751 | 4076 | |
wolfSSL | 11:cee25a834751 | 4077 | |
wolfSSL | 11:cee25a834751 | 4078 | /* return 1 on success */ |
wolfSSL | 11:cee25a834751 | 4079 | int TLSX_ValidateQSHScheme(TLSX** extensions, word16 theirs) { |
wolfSSL | 11:cee25a834751 | 4080 | TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 11:cee25a834751 | 4081 | QSHScheme* format = NULL; |
wolfSSL | 11:cee25a834751 | 4082 | |
wolfSSL | 11:cee25a834751 | 4083 | /* if no extension is sent then do not use QSH */ |
wolfSSL | 11:cee25a834751 | 4084 | if (!extension) { |
wolfSSL | 11:cee25a834751 | 4085 | WOLFSSL_MSG("No QSH Extension"); |
wolfSSL | 11:cee25a834751 | 4086 | return 0; |
wolfSSL | 11:cee25a834751 | 4087 | } |
wolfSSL | 11:cee25a834751 | 4088 | |
wolfSSL | 11:cee25a834751 | 4089 | for (format = (QSHScheme*)extension->data; format; format = format->next) { |
wolfSSL | 11:cee25a834751 | 4090 | if (format->name == theirs) { |
wolfSSL | 11:cee25a834751 | 4091 | WOLFSSL_MSG("Found Matching QSH Scheme"); |
wolfSSL | 11:cee25a834751 | 4092 | return 1; /* have QSH */ |
wolfSSL | 11:cee25a834751 | 4093 | } |
wolfSSL | 11:cee25a834751 | 4094 | } |
wolfSSL | 11:cee25a834751 | 4095 | |
wolfSSL | 11:cee25a834751 | 4096 | return 0; |
wolfSSL | 11:cee25a834751 | 4097 | } |
wolfSSL | 11:cee25a834751 | 4098 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 11:cee25a834751 | 4099 | |
wolfSSL | 11:cee25a834751 | 4100 | /* test if the QSH Scheme is implemented |
wolfSSL | 11:cee25a834751 | 4101 | return 1 if yes 0 if no */ |
wolfSSL | 11:cee25a834751 | 4102 | static int TLSX_HaveQSHScheme(word16 name) |
wolfSSL | 11:cee25a834751 | 4103 | { |
wolfSSL | 11:cee25a834751 | 4104 | switch(name) { |
wolfSSL | 11:cee25a834751 | 4105 | #ifdef HAVE_NTRU |
wolfSSL | 11:cee25a834751 | 4106 | case WOLFSSL_NTRU_EESS439: |
wolfSSL | 11:cee25a834751 | 4107 | case WOLFSSL_NTRU_EESS593: |
wolfSSL | 11:cee25a834751 | 4108 | case WOLFSSL_NTRU_EESS743: |
wolfSSL | 11:cee25a834751 | 4109 | return 1; |
wolfSSL | 11:cee25a834751 | 4110 | #endif |
wolfSSL | 11:cee25a834751 | 4111 | case WOLFSSL_LWE_XXX: |
wolfSSL | 11:cee25a834751 | 4112 | case WOLFSSL_HFE_XXX: |
wolfSSL | 11:cee25a834751 | 4113 | return 0; /* not supported yet */ |
wolfSSL | 11:cee25a834751 | 4114 | |
wolfSSL | 11:cee25a834751 | 4115 | default: |
wolfSSL | 11:cee25a834751 | 4116 | return 0; |
wolfSSL | 11:cee25a834751 | 4117 | } |
wolfSSL | 11:cee25a834751 | 4118 | } |
wolfSSL | 11:cee25a834751 | 4119 | |
wolfSSL | 11:cee25a834751 | 4120 | |
wolfSSL | 11:cee25a834751 | 4121 | /* Add a QSHScheme struct to list of usable ones */ |
wolfSSL | 11:cee25a834751 | 4122 | int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz, |
wolfSSL | 11:cee25a834751 | 4123 | void* heap) |
wolfSSL | 11:cee25a834751 | 4124 | { |
wolfSSL | 11:cee25a834751 | 4125 | TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 11:cee25a834751 | 4126 | QSHScheme* format = NULL; |
wolfSSL | 11:cee25a834751 | 4127 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 4128 | |
wolfSSL | 11:cee25a834751 | 4129 | /* sanity check */ |
wolfSSL | 11:cee25a834751 | 4130 | if (extensions == NULL || (pKey == NULL && pkeySz != 0)) |
wolfSSL | 11:cee25a834751 | 4131 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 4132 | |
wolfSSL | 11:cee25a834751 | 4133 | /* if scheme is implemented than add */ |
wolfSSL | 11:cee25a834751 | 4134 | if (TLSX_HaveQSHScheme(name)) { |
wolfSSL | 11:cee25a834751 | 4135 | if ((ret = TLSX_QSH_Append(&format, name, pKey, pkeySz)) != 0) |
wolfSSL | 11:cee25a834751 | 4136 | return ret; |
wolfSSL | 11:cee25a834751 | 4137 | |
wolfSSL | 11:cee25a834751 | 4138 | if (!extension) { |
wolfSSL | 11:cee25a834751 | 4139 | if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format, |
wolfSSL | 11:cee25a834751 | 4140 | heap)) != 0) { |
wolfSSL | 11:cee25a834751 | 4141 | XFREE(format, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 4142 | return ret; |
wolfSSL | 11:cee25a834751 | 4143 | } |
wolfSSL | 11:cee25a834751 | 4144 | } |
wolfSSL | 11:cee25a834751 | 4145 | else { |
wolfSSL | 11:cee25a834751 | 4146 | /* push new QSH object to extension data. */ |
wolfSSL | 11:cee25a834751 | 4147 | format->next = (QSHScheme*)extension->data; |
wolfSSL | 11:cee25a834751 | 4148 | extension->data = (void*)format; |
wolfSSL | 11:cee25a834751 | 4149 | |
wolfSSL | 11:cee25a834751 | 4150 | /* look for another format of the same name to remove (replacement) */ |
wolfSSL | 11:cee25a834751 | 4151 | do { |
wolfSSL | 11:cee25a834751 | 4152 | if (format->next && (format->next->name == name)) { |
wolfSSL | 11:cee25a834751 | 4153 | QSHScheme* next = format->next; |
wolfSSL | 11:cee25a834751 | 4154 | |
wolfSSL | 11:cee25a834751 | 4155 | format->next = next->next; |
wolfSSL | 11:cee25a834751 | 4156 | XFREE(next, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 4157 | |
wolfSSL | 11:cee25a834751 | 4158 | break; |
wolfSSL | 11:cee25a834751 | 4159 | } |
wolfSSL | 11:cee25a834751 | 4160 | } while ((format = format->next)); |
wolfSSL | 11:cee25a834751 | 4161 | } |
wolfSSL | 11:cee25a834751 | 4162 | } |
wolfSSL | 11:cee25a834751 | 4163 | return SSL_SUCCESS; |
wolfSSL | 11:cee25a834751 | 4164 | } |
wolfSSL | 11:cee25a834751 | 4165 | |
wolfSSL | 11:cee25a834751 | 4166 | #define QSH_FREE_ALL TLSX_QSH_FreeAll |
wolfSSL | 11:cee25a834751 | 4167 | #define QSH_VALIDATE_REQUEST TLSX_QSH_ValidateRequest |
wolfSSL | 11:cee25a834751 | 4168 | |
wolfSSL | 11:cee25a834751 | 4169 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 4170 | #define QSH_GET_SIZE TLSX_QSH_GetSize |
wolfSSL | 11:cee25a834751 | 4171 | #define QSH_WRITE TLSX_QSH_Write |
wolfSSL | 11:cee25a834751 | 4172 | #else |
wolfSSL | 11:cee25a834751 | 4173 | #define QSH_GET_SIZE(list) 0 |
wolfSSL | 11:cee25a834751 | 4174 | #define QSH_WRITE(a, b) 0 |
wolfSSL | 11:cee25a834751 | 4175 | #endif |
wolfSSL | 11:cee25a834751 | 4176 | |
wolfSSL | 11:cee25a834751 | 4177 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 4178 | #define QSH_PARSE TLSX_QSH_Parse |
wolfSSL | 11:cee25a834751 | 4179 | #else |
wolfSSL | 11:cee25a834751 | 4180 | #define QSH_PARSE(a, b, c, d) 0 |
wolfSSL | 11:cee25a834751 | 4181 | #endif |
wolfSSL | 11:cee25a834751 | 4182 | |
wolfSSL | 11:cee25a834751 | 4183 | #define QSHPK_WRITE TLSX_QSHPK_Write |
wolfSSL | 11:cee25a834751 | 4184 | #define QSH_SERREQ TLSX_QSH_SerPKReq |
wolfSSL | 11:cee25a834751 | 4185 | #else |
wolfSSL | 11:cee25a834751 | 4186 | |
wolfSSL | 11:cee25a834751 | 4187 | #define QSH_FREE_ALL(list, heap) |
wolfSSL | 11:cee25a834751 | 4188 | #define QSH_GET_SIZE(list, a) 0 |
wolfSSL | 11:cee25a834751 | 4189 | #define QSH_WRITE(a, b) 0 |
wolfSSL | 11:cee25a834751 | 4190 | #define QSH_PARSE(a, b, c, d) 0 |
wolfSSL | 11:cee25a834751 | 4191 | #define QSHPK_WRITE(a, b) 0 |
wolfSSL | 11:cee25a834751 | 4192 | #define QSH_SERREQ(a, b) 0 |
wolfSSL | 11:cee25a834751 | 4193 | #define QSH_VALIDATE_REQUEST(a, b) |
wolfSSL | 11:cee25a834751 | 4194 | |
wolfSSL | 11:cee25a834751 | 4195 | #endif /* HAVE_QSH */ |
wolfSSL | 11:cee25a834751 | 4196 | |
wolfSSL | 11:cee25a834751 | 4197 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 4198 | /* TLS Extensions Framework */ |
wolfSSL | 11:cee25a834751 | 4199 | /******************************************************************************/ |
wolfSSL | 11:cee25a834751 | 4200 | |
wolfSSL | 11:cee25a834751 | 4201 | /** Finds an extension in the provided list. */ |
wolfSSL | 11:cee25a834751 | 4202 | TLSX* TLSX_Find(TLSX* list, TLSX_Type type) |
wolfSSL | 11:cee25a834751 | 4203 | { |
wolfSSL | 11:cee25a834751 | 4204 | TLSX* extension = list; |
wolfSSL | 11:cee25a834751 | 4205 | |
wolfSSL | 11:cee25a834751 | 4206 | while (extension && extension->type != type) |
wolfSSL | 11:cee25a834751 | 4207 | extension = extension->next; |
wolfSSL | 11:cee25a834751 | 4208 | |
wolfSSL | 11:cee25a834751 | 4209 | return extension; |
wolfSSL | 11:cee25a834751 | 4210 | } |
wolfSSL | 11:cee25a834751 | 4211 | |
wolfSSL | 11:cee25a834751 | 4212 | /** Releases all extensions in the provided list. */ |
wolfSSL | 11:cee25a834751 | 4213 | void TLSX_FreeAll(TLSX* list, void* heap) |
wolfSSL | 11:cee25a834751 | 4214 | { |
wolfSSL | 11:cee25a834751 | 4215 | TLSX* extension; |
wolfSSL | 11:cee25a834751 | 4216 | |
wolfSSL | 11:cee25a834751 | 4217 | while ((extension = list)) { |
wolfSSL | 11:cee25a834751 | 4218 | list = extension->next; |
wolfSSL | 11:cee25a834751 | 4219 | |
wolfSSL | 11:cee25a834751 | 4220 | switch (extension->type) { |
wolfSSL | 11:cee25a834751 | 4221 | |
wolfSSL | 11:cee25a834751 | 4222 | case TLSX_SERVER_NAME: |
wolfSSL | 11:cee25a834751 | 4223 | SNI_FREE_ALL((SNI*)extension->data, heap); |
wolfSSL | 11:cee25a834751 | 4224 | break; |
wolfSSL | 11:cee25a834751 | 4225 | |
wolfSSL | 11:cee25a834751 | 4226 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 11:cee25a834751 | 4227 | MFL_FREE_ALL(extension->data, heap); |
wolfSSL | 11:cee25a834751 | 4228 | break; |
wolfSSL | 11:cee25a834751 | 4229 | |
wolfSSL | 11:cee25a834751 | 4230 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 11:cee25a834751 | 4231 | /* Nothing to do. */ |
wolfSSL | 11:cee25a834751 | 4232 | break; |
wolfSSL | 11:cee25a834751 | 4233 | |
wolfSSL | 11:cee25a834751 | 4234 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 11:cee25a834751 | 4235 | EC_FREE_ALL((EllipticCurve*)extension->data, heap); |
wolfSSL | 11:cee25a834751 | 4236 | break; |
wolfSSL | 11:cee25a834751 | 4237 | |
wolfSSL | 11:cee25a834751 | 4238 | case TLSX_STATUS_REQUEST: |
wolfSSL | 11:cee25a834751 | 4239 | CSR_FREE_ALL((CertificateStatusRequest*)extension->data, heap); |
wolfSSL | 11:cee25a834751 | 4240 | break; |
wolfSSL | 11:cee25a834751 | 4241 | |
wolfSSL | 11:cee25a834751 | 4242 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 11:cee25a834751 | 4243 | CSR2_FREE_ALL((CertificateStatusRequestItemV2*)extension->data, |
wolfSSL | 11:cee25a834751 | 4244 | heap); |
wolfSSL | 11:cee25a834751 | 4245 | break; |
wolfSSL | 11:cee25a834751 | 4246 | |
wolfSSL | 11:cee25a834751 | 4247 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 11:cee25a834751 | 4248 | SCR_FREE_ALL(extension->data, heap); |
wolfSSL | 11:cee25a834751 | 4249 | break; |
wolfSSL | 11:cee25a834751 | 4250 | |
wolfSSL | 11:cee25a834751 | 4251 | case TLSX_SESSION_TICKET: |
wolfSSL | 11:cee25a834751 | 4252 | WOLF_STK_FREE(extension->data, heap); |
wolfSSL | 11:cee25a834751 | 4253 | break; |
wolfSSL | 11:cee25a834751 | 4254 | |
wolfSSL | 11:cee25a834751 | 4255 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 11:cee25a834751 | 4256 | QSH_FREE_ALL((QSHScheme*)extension->data, heap); |
wolfSSL | 11:cee25a834751 | 4257 | break; |
wolfSSL | 11:cee25a834751 | 4258 | |
wolfSSL | 11:cee25a834751 | 4259 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 11:cee25a834751 | 4260 | ALPN_FREE_ALL((ALPN*)extension->data, heap); |
wolfSSL | 11:cee25a834751 | 4261 | break; |
wolfSSL | 11:cee25a834751 | 4262 | } |
wolfSSL | 11:cee25a834751 | 4263 | |
wolfSSL | 11:cee25a834751 | 4264 | XFREE(extension, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 11:cee25a834751 | 4265 | } |
wolfSSL | 11:cee25a834751 | 4266 | |
wolfSSL | 11:cee25a834751 | 4267 | (void)heap; |
wolfSSL | 11:cee25a834751 | 4268 | } |
wolfSSL | 11:cee25a834751 | 4269 | |
wolfSSL | 11:cee25a834751 | 4270 | /** Checks if the tls extensions are supported based on the protocol version. */ |
wolfSSL | 11:cee25a834751 | 4271 | int TLSX_SupportExtensions(WOLFSSL* ssl) { |
wolfSSL | 11:cee25a834751 | 4272 | return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR); |
wolfSSL | 11:cee25a834751 | 4273 | } |
wolfSSL | 11:cee25a834751 | 4274 | |
wolfSSL | 11:cee25a834751 | 4275 | /** Tells the buffered size of the extensions in a list. */ |
wolfSSL | 11:cee25a834751 | 4276 | static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) |
wolfSSL | 11:cee25a834751 | 4277 | { |
wolfSSL | 11:cee25a834751 | 4278 | TLSX* extension; |
wolfSSL | 11:cee25a834751 | 4279 | word16 length = 0; |
wolfSSL | 11:cee25a834751 | 4280 | |
wolfSSL | 11:cee25a834751 | 4281 | while ((extension = list)) { |
wolfSSL | 11:cee25a834751 | 4282 | list = extension->next; |
wolfSSL | 11:cee25a834751 | 4283 | |
wolfSSL | 11:cee25a834751 | 4284 | /* only extensions marked as response are sent back to the client. */ |
wolfSSL | 11:cee25a834751 | 4285 | if (!isRequest && !extension->resp) |
wolfSSL | 11:cee25a834751 | 4286 | continue; /* skip! */ |
wolfSSL | 11:cee25a834751 | 4287 | |
wolfSSL | 11:cee25a834751 | 4288 | /* ssl level extensions are expected to override ctx level ones. */ |
wolfSSL | 11:cee25a834751 | 4289 | if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) |
wolfSSL | 11:cee25a834751 | 4290 | continue; /* skip! */ |
wolfSSL | 11:cee25a834751 | 4291 | |
wolfSSL | 11:cee25a834751 | 4292 | /* extension type + extension data length. */ |
wolfSSL | 11:cee25a834751 | 4293 | length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 4294 | |
wolfSSL | 11:cee25a834751 | 4295 | |
wolfSSL | 11:cee25a834751 | 4296 | switch (extension->type) { |
wolfSSL | 11:cee25a834751 | 4297 | |
wolfSSL | 11:cee25a834751 | 4298 | case TLSX_SERVER_NAME: |
wolfSSL | 11:cee25a834751 | 4299 | /* SNI only sends the name on the request. */ |
wolfSSL | 11:cee25a834751 | 4300 | if (isRequest) |
wolfSSL | 11:cee25a834751 | 4301 | length += SNI_GET_SIZE((SNI*)extension->data); |
wolfSSL | 11:cee25a834751 | 4302 | break; |
wolfSSL | 11:cee25a834751 | 4303 | |
wolfSSL | 11:cee25a834751 | 4304 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 11:cee25a834751 | 4305 | length += MFL_GET_SIZE(extension->data); |
wolfSSL | 11:cee25a834751 | 4306 | break; |
wolfSSL | 11:cee25a834751 | 4307 | |
wolfSSL | 11:cee25a834751 | 4308 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 11:cee25a834751 | 4309 | /* always empty. */ |
wolfSSL | 11:cee25a834751 | 4310 | break; |
wolfSSL | 11:cee25a834751 | 4311 | |
wolfSSL | 11:cee25a834751 | 4312 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 11:cee25a834751 | 4313 | length += EC_GET_SIZE((EllipticCurve*)extension->data); |
wolfSSL | 11:cee25a834751 | 4314 | break; |
wolfSSL | 11:cee25a834751 | 4315 | |
wolfSSL | 11:cee25a834751 | 4316 | case TLSX_STATUS_REQUEST: |
wolfSSL | 11:cee25a834751 | 4317 | length += CSR_GET_SIZE( |
wolfSSL | 11:cee25a834751 | 4318 | (CertificateStatusRequest*)extension->data, isRequest); |
wolfSSL | 11:cee25a834751 | 4319 | break; |
wolfSSL | 11:cee25a834751 | 4320 | |
wolfSSL | 11:cee25a834751 | 4321 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 11:cee25a834751 | 4322 | length += CSR2_GET_SIZE( |
wolfSSL | 11:cee25a834751 | 4323 | (CertificateStatusRequestItemV2*)extension->data, |
wolfSSL | 11:cee25a834751 | 4324 | isRequest); |
wolfSSL | 11:cee25a834751 | 4325 | break; |
wolfSSL | 11:cee25a834751 | 4326 | |
wolfSSL | 11:cee25a834751 | 4327 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 11:cee25a834751 | 4328 | length += SCR_GET_SIZE((SecureRenegotiation*)extension->data, |
wolfSSL | 11:cee25a834751 | 4329 | isRequest); |
wolfSSL | 11:cee25a834751 | 4330 | break; |
wolfSSL | 11:cee25a834751 | 4331 | |
wolfSSL | 11:cee25a834751 | 4332 | case TLSX_SESSION_TICKET: |
wolfSSL | 11:cee25a834751 | 4333 | length += WOLF_STK_GET_SIZE((SessionTicket*)extension->data, |
wolfSSL | 11:cee25a834751 | 4334 | isRequest); |
wolfSSL | 11:cee25a834751 | 4335 | break; |
wolfSSL | 11:cee25a834751 | 4336 | |
wolfSSL | 11:cee25a834751 | 4337 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 11:cee25a834751 | 4338 | length += QSH_GET_SIZE((QSHScheme*)extension->data, isRequest); |
wolfSSL | 11:cee25a834751 | 4339 | break; |
wolfSSL | 11:cee25a834751 | 4340 | |
wolfSSL | 11:cee25a834751 | 4341 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 11:cee25a834751 | 4342 | length += ALPN_GET_SIZE((ALPN*)extension->data); |
wolfSSL | 11:cee25a834751 | 4343 | break; |
wolfSSL | 11:cee25a834751 | 4344 | |
wolfSSL | 11:cee25a834751 | 4345 | } |
wolfSSL | 11:cee25a834751 | 4346 | |
wolfSSL | 11:cee25a834751 | 4347 | /* marks the extension as processed so ctx level */ |
wolfSSL | 11:cee25a834751 | 4348 | /* extensions don't overlap with ssl level ones. */ |
wolfSSL | 11:cee25a834751 | 4349 | TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); |
wolfSSL | 11:cee25a834751 | 4350 | } |
wolfSSL | 11:cee25a834751 | 4351 | |
wolfSSL | 11:cee25a834751 | 4352 | return length; |
wolfSSL | 11:cee25a834751 | 4353 | } |
wolfSSL | 11:cee25a834751 | 4354 | |
wolfSSL | 11:cee25a834751 | 4355 | /** Writes the extensions of a list in a buffer. */ |
wolfSSL | 11:cee25a834751 | 4356 | static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, |
wolfSSL | 11:cee25a834751 | 4357 | byte isRequest) |
wolfSSL | 11:cee25a834751 | 4358 | { |
wolfSSL | 11:cee25a834751 | 4359 | TLSX* extension; |
wolfSSL | 11:cee25a834751 | 4360 | word16 offset = 0; |
wolfSSL | 11:cee25a834751 | 4361 | word16 length_offset = 0; |
wolfSSL | 11:cee25a834751 | 4362 | |
wolfSSL | 11:cee25a834751 | 4363 | while ((extension = list)) { |
wolfSSL | 11:cee25a834751 | 4364 | list = extension->next; |
wolfSSL | 11:cee25a834751 | 4365 | |
wolfSSL | 11:cee25a834751 | 4366 | /* only extensions marked as response are written in a response. */ |
wolfSSL | 11:cee25a834751 | 4367 | if (!isRequest && !extension->resp) |
wolfSSL | 11:cee25a834751 | 4368 | continue; /* skip! */ |
wolfSSL | 11:cee25a834751 | 4369 | |
wolfSSL | 11:cee25a834751 | 4370 | /* ssl level extensions are expected to override ctx level ones. */ |
wolfSSL | 11:cee25a834751 | 4371 | if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) |
wolfSSL | 11:cee25a834751 | 4372 | continue; /* skip! */ |
wolfSSL | 11:cee25a834751 | 4373 | |
wolfSSL | 11:cee25a834751 | 4374 | /* writes extension type. */ |
wolfSSL | 11:cee25a834751 | 4375 | c16toa(extension->type, output + offset); |
wolfSSL | 11:cee25a834751 | 4376 | offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 4377 | length_offset = offset; |
wolfSSL | 11:cee25a834751 | 4378 | |
wolfSSL | 11:cee25a834751 | 4379 | /* extension data should be written internally. */ |
wolfSSL | 11:cee25a834751 | 4380 | switch (extension->type) { |
wolfSSL | 11:cee25a834751 | 4381 | case TLSX_SERVER_NAME: |
wolfSSL | 11:cee25a834751 | 4382 | if (isRequest) |
wolfSSL | 11:cee25a834751 | 4383 | offset += SNI_WRITE((SNI*)extension->data, output + offset); |
wolfSSL | 11:cee25a834751 | 4384 | break; |
wolfSSL | 11:cee25a834751 | 4385 | |
wolfSSL | 11:cee25a834751 | 4386 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 11:cee25a834751 | 4387 | offset += MFL_WRITE((byte*)extension->data, output + offset); |
wolfSSL | 11:cee25a834751 | 4388 | break; |
wolfSSL | 11:cee25a834751 | 4389 | |
wolfSSL | 11:cee25a834751 | 4390 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 11:cee25a834751 | 4391 | /* always empty. */ |
wolfSSL | 11:cee25a834751 | 4392 | break; |
wolfSSL | 11:cee25a834751 | 4393 | |
wolfSSL | 11:cee25a834751 | 4394 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 11:cee25a834751 | 4395 | offset += EC_WRITE((EllipticCurve*)extension->data, |
wolfSSL | 11:cee25a834751 | 4396 | output + offset); |
wolfSSL | 11:cee25a834751 | 4397 | break; |
wolfSSL | 11:cee25a834751 | 4398 | |
wolfSSL | 11:cee25a834751 | 4399 | case TLSX_STATUS_REQUEST: |
wolfSSL | 11:cee25a834751 | 4400 | offset += CSR_WRITE((CertificateStatusRequest*)extension->data, |
wolfSSL | 11:cee25a834751 | 4401 | output + offset, isRequest); |
wolfSSL | 11:cee25a834751 | 4402 | break; |
wolfSSL | 11:cee25a834751 | 4403 | |
wolfSSL | 11:cee25a834751 | 4404 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 11:cee25a834751 | 4405 | offset += CSR2_WRITE( |
wolfSSL | 11:cee25a834751 | 4406 | (CertificateStatusRequestItemV2*)extension->data, |
wolfSSL | 11:cee25a834751 | 4407 | output + offset, isRequest); |
wolfSSL | 11:cee25a834751 | 4408 | break; |
wolfSSL | 11:cee25a834751 | 4409 | |
wolfSSL | 11:cee25a834751 | 4410 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 11:cee25a834751 | 4411 | offset += SCR_WRITE((SecureRenegotiation*)extension->data, |
wolfSSL | 11:cee25a834751 | 4412 | output + offset, isRequest); |
wolfSSL | 11:cee25a834751 | 4413 | break; |
wolfSSL | 11:cee25a834751 | 4414 | |
wolfSSL | 11:cee25a834751 | 4415 | case TLSX_SESSION_TICKET: |
wolfSSL | 11:cee25a834751 | 4416 | offset += WOLF_STK_WRITE((SessionTicket*)extension->data, |
wolfSSL | 11:cee25a834751 | 4417 | output + offset, isRequest); |
wolfSSL | 11:cee25a834751 | 4418 | break; |
wolfSSL | 11:cee25a834751 | 4419 | |
wolfSSL | 11:cee25a834751 | 4420 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 11:cee25a834751 | 4421 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 4422 | offset += QSH_WRITE((QSHScheme*)extension->data, output + offset); |
wolfSSL | 11:cee25a834751 | 4423 | } |
wolfSSL | 11:cee25a834751 | 4424 | offset += QSHPK_WRITE((QSHScheme*)extension->data, output + offset); |
wolfSSL | 11:cee25a834751 | 4425 | offset += QSH_SERREQ(output + offset, isRequest); |
wolfSSL | 11:cee25a834751 | 4426 | break; |
wolfSSL | 11:cee25a834751 | 4427 | |
wolfSSL | 11:cee25a834751 | 4428 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 11:cee25a834751 | 4429 | offset += ALPN_WRITE((ALPN*)extension->data, output + offset); |
wolfSSL | 11:cee25a834751 | 4430 | break; |
wolfSSL | 11:cee25a834751 | 4431 | } |
wolfSSL | 11:cee25a834751 | 4432 | |
wolfSSL | 11:cee25a834751 | 4433 | /* writes extension data length. */ |
wolfSSL | 11:cee25a834751 | 4434 | c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN); |
wolfSSL | 11:cee25a834751 | 4435 | |
wolfSSL | 11:cee25a834751 | 4436 | /* marks the extension as processed so ctx level */ |
wolfSSL | 11:cee25a834751 | 4437 | /* extensions don't overlap with ssl level ones. */ |
wolfSSL | 11:cee25a834751 | 4438 | TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); |
wolfSSL | 11:cee25a834751 | 4439 | } |
wolfSSL | 11:cee25a834751 | 4440 | |
wolfSSL | 11:cee25a834751 | 4441 | return offset; |
wolfSSL | 11:cee25a834751 | 4442 | } |
wolfSSL | 11:cee25a834751 | 4443 | |
wolfSSL | 11:cee25a834751 | 4444 | |
wolfSSL | 11:cee25a834751 | 4445 | #ifdef HAVE_NTRU |
wolfSSL | 11:cee25a834751 | 4446 | |
wolfSSL | 11:cee25a834751 | 4447 | static word32 GetEntropy(unsigned char* out, word32 num_bytes) |
wolfSSL | 11:cee25a834751 | 4448 | { |
wolfSSL | 11:cee25a834751 | 4449 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 4450 | |
wolfSSL | 11:cee25a834751 | 4451 | if (rng == NULL) { |
wolfSSL | 11:cee25a834751 | 4452 | if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, |
wolfSSL | 11:cee25a834751 | 4453 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 11:cee25a834751 | 4454 | return DRBG_OUT_OF_MEMORY; |
wolfSSL | 11:cee25a834751 | 4455 | wc_InitRng(rng); |
wolfSSL | 11:cee25a834751 | 4456 | } |
wolfSSL | 11:cee25a834751 | 4457 | |
wolfSSL | 11:cee25a834751 | 4458 | if (rngMutex == NULL) { |
wolfSSL | 11:cee25a834751 | 4459 | if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL, |
wolfSSL | 11:cee25a834751 | 4460 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 11:cee25a834751 | 4461 | return DRBG_OUT_OF_MEMORY; |
wolfSSL | 11:cee25a834751 | 4462 | wc_InitMutex(rngMutex); |
wolfSSL | 11:cee25a834751 | 4463 | } |
wolfSSL | 11:cee25a834751 | 4464 | |
wolfSSL | 11:cee25a834751 | 4465 | ret |= wc_LockMutex(rngMutex); |
wolfSSL | 11:cee25a834751 | 4466 | ret |= wc_RNG_GenerateBlock(rng, out, num_bytes); |
wolfSSL | 11:cee25a834751 | 4467 | ret |= wc_UnLockMutex(rngMutex); |
wolfSSL | 11:cee25a834751 | 4468 | |
wolfSSL | 11:cee25a834751 | 4469 | if (ret != 0) |
wolfSSL | 11:cee25a834751 | 4470 | return DRBG_ENTROPY_FAIL; |
wolfSSL | 11:cee25a834751 | 4471 | |
wolfSSL | 11:cee25a834751 | 4472 | return DRBG_OK; |
wolfSSL | 11:cee25a834751 | 4473 | } |
wolfSSL | 11:cee25a834751 | 4474 | #endif |
wolfSSL | 11:cee25a834751 | 4475 | |
wolfSSL | 11:cee25a834751 | 4476 | |
wolfSSL | 11:cee25a834751 | 4477 | #ifdef HAVE_QSH |
wolfSSL | 11:cee25a834751 | 4478 | static int TLSX_CreateQSHKey(WOLFSSL* ssl, int type) |
wolfSSL | 11:cee25a834751 | 4479 | { |
wolfSSL | 11:cee25a834751 | 4480 | int ret; |
wolfSSL | 11:cee25a834751 | 4481 | |
wolfSSL | 11:cee25a834751 | 4482 | (void)ssl; |
wolfSSL | 11:cee25a834751 | 4483 | |
wolfSSL | 11:cee25a834751 | 4484 | switch (type) { |
wolfSSL | 11:cee25a834751 | 4485 | #ifdef HAVE_NTRU |
wolfSSL | 11:cee25a834751 | 4486 | case WOLFSSL_NTRU_EESS439: |
wolfSSL | 11:cee25a834751 | 4487 | case WOLFSSL_NTRU_EESS593: |
wolfSSL | 11:cee25a834751 | 4488 | case WOLFSSL_NTRU_EESS743: |
wolfSSL | 11:cee25a834751 | 4489 | ret = TLSX_CreateNtruKey(ssl, type); |
wolfSSL | 11:cee25a834751 | 4490 | break; |
wolfSSL | 11:cee25a834751 | 4491 | #endif |
wolfSSL | 11:cee25a834751 | 4492 | default: |
wolfSSL | 11:cee25a834751 | 4493 | WOLFSSL_MSG("Unknown type for creating NTRU key"); |
wolfSSL | 11:cee25a834751 | 4494 | return -1; |
wolfSSL | 11:cee25a834751 | 4495 | } |
wolfSSL | 11:cee25a834751 | 4496 | |
wolfSSL | 11:cee25a834751 | 4497 | return ret; |
wolfSSL | 11:cee25a834751 | 4498 | } |
wolfSSL | 11:cee25a834751 | 4499 | |
wolfSSL | 11:cee25a834751 | 4500 | |
wolfSSL | 11:cee25a834751 | 4501 | static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key) |
wolfSSL | 11:cee25a834751 | 4502 | { |
wolfSSL | 11:cee25a834751 | 4503 | QSHKey* current; |
wolfSSL | 11:cee25a834751 | 4504 | |
wolfSSL | 11:cee25a834751 | 4505 | if (key == NULL) |
wolfSSL | 11:cee25a834751 | 4506 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 4507 | |
wolfSSL | 11:cee25a834751 | 4508 | /* if no public key stored in key then do not add */ |
wolfSSL | 11:cee25a834751 | 4509 | if (key->pub.length == 0 || key->pub.buffer == NULL) |
wolfSSL | 11:cee25a834751 | 4510 | return 0; |
wolfSSL | 11:cee25a834751 | 4511 | |
wolfSSL | 11:cee25a834751 | 4512 | /* first element to be added to the list */ |
wolfSSL | 11:cee25a834751 | 4513 | current = *list; |
wolfSSL | 11:cee25a834751 | 4514 | if (current == NULL) { |
wolfSSL | 11:cee25a834751 | 4515 | *list = key; |
wolfSSL | 11:cee25a834751 | 4516 | return 0; |
wolfSSL | 11:cee25a834751 | 4517 | } |
wolfSSL | 11:cee25a834751 | 4518 | |
wolfSSL | 11:cee25a834751 | 4519 | while (current->next) { |
wolfSSL | 11:cee25a834751 | 4520 | /* can only have one of the key in the list */ |
wolfSSL | 11:cee25a834751 | 4521 | if (current->name == key->name) |
wolfSSL | 11:cee25a834751 | 4522 | return -1; |
wolfSSL | 11:cee25a834751 | 4523 | current = (QSHKey*)current->next; |
wolfSSL | 11:cee25a834751 | 4524 | } |
wolfSSL | 11:cee25a834751 | 4525 | |
wolfSSL | 11:cee25a834751 | 4526 | current->next = (struct QSHKey*)key; |
wolfSSL | 11:cee25a834751 | 4527 | |
wolfSSL | 11:cee25a834751 | 4528 | return 0; |
wolfSSL | 11:cee25a834751 | 4529 | } |
wolfSSL | 11:cee25a834751 | 4530 | |
wolfSSL | 11:cee25a834751 | 4531 | |
wolfSSL | 11:cee25a834751 | 4532 | #if defined(HAVE_NTRU) || defined(HAVE_QSH) |
wolfSSL | 11:cee25a834751 | 4533 | int TLSX_CreateNtruKey(WOLFSSL* ssl, int type) |
wolfSSL | 11:cee25a834751 | 4534 | { |
wolfSSL | 11:cee25a834751 | 4535 | int ret = -1; |
wolfSSL | 11:cee25a834751 | 4536 | #ifdef HAVE_NTRU |
wolfSSL | 11:cee25a834751 | 4537 | int ntruType; |
wolfSSL | 11:cee25a834751 | 4538 | |
wolfSSL | 11:cee25a834751 | 4539 | /* variable declarations for NTRU*/ |
wolfSSL | 11:cee25a834751 | 4540 | QSHKey* temp = NULL; |
wolfSSL | 11:cee25a834751 | 4541 | byte public_key[1027]; |
wolfSSL | 11:cee25a834751 | 4542 | word16 public_key_len = sizeof(public_key); |
wolfSSL | 11:cee25a834751 | 4543 | byte private_key[1120]; |
wolfSSL | 11:cee25a834751 | 4544 | word16 private_key_len = sizeof(private_key); |
wolfSSL | 11:cee25a834751 | 4545 | DRBG_HANDLE drbg; |
wolfSSL | 11:cee25a834751 | 4546 | |
wolfSSL | 11:cee25a834751 | 4547 | if (ssl == NULL) |
wolfSSL | 11:cee25a834751 | 4548 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 4549 | |
wolfSSL | 11:cee25a834751 | 4550 | switch (type) { |
wolfSSL | 11:cee25a834751 | 4551 | case WOLFSSL_NTRU_EESS439: |
wolfSSL | 11:cee25a834751 | 4552 | ntruType = NTRU_EES439EP1; |
wolfSSL | 11:cee25a834751 | 4553 | break; |
wolfSSL | 11:cee25a834751 | 4554 | case WOLFSSL_NTRU_EESS593: |
wolfSSL | 11:cee25a834751 | 4555 | ntruType = NTRU_EES593EP1; |
wolfSSL | 11:cee25a834751 | 4556 | break; |
wolfSSL | 11:cee25a834751 | 4557 | case WOLFSSL_NTRU_EESS743: |
wolfSSL | 11:cee25a834751 | 4558 | ntruType = NTRU_EES743EP1; |
wolfSSL | 11:cee25a834751 | 4559 | break; |
wolfSSL | 11:cee25a834751 | 4560 | default: |
wolfSSL | 11:cee25a834751 | 4561 | WOLFSSL_MSG("Unknown type for creating NTRU key"); |
wolfSSL | 11:cee25a834751 | 4562 | return -1; |
wolfSSL | 11:cee25a834751 | 4563 | } |
wolfSSL | 11:cee25a834751 | 4564 | ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg); |
wolfSSL | 11:cee25a834751 | 4565 | if (ret != DRBG_OK) { |
wolfSSL | 11:cee25a834751 | 4566 | WOLFSSL_MSG("NTRU drbg instantiate failed\n"); |
wolfSSL | 11:cee25a834751 | 4567 | return ret; |
wolfSSL | 11:cee25a834751 | 4568 | } |
wolfSSL | 11:cee25a834751 | 4569 | |
wolfSSL | 11:cee25a834751 | 4570 | if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType, |
wolfSSL | 11:cee25a834751 | 4571 | &public_key_len, NULL, &private_key_len, NULL)) != NTRU_OK) |
wolfSSL | 11:cee25a834751 | 4572 | return ret; |
wolfSSL | 11:cee25a834751 | 4573 | |
wolfSSL | 11:cee25a834751 | 4574 | if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType, |
wolfSSL | 11:cee25a834751 | 4575 | &public_key_len, public_key, &private_key_len, private_key)) != NTRU_OK) |
wolfSSL | 11:cee25a834751 | 4576 | return ret; |
wolfSSL | 11:cee25a834751 | 4577 | |
wolfSSL | 11:cee25a834751 | 4578 | ret = ntru_crypto_drbg_uninstantiate(drbg); |
wolfSSL | 11:cee25a834751 | 4579 | if (ret != NTRU_OK) { |
wolfSSL | 11:cee25a834751 | 4580 | WOLFSSL_MSG("NTRU drbg uninstantiate failed\n"); |
wolfSSL | 11:cee25a834751 | 4581 | return ret; |
wolfSSL | 11:cee25a834751 | 4582 | } |
wolfSSL | 11:cee25a834751 | 4583 | |
wolfSSL | 11:cee25a834751 | 4584 | if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap, |
wolfSSL | 11:cee25a834751 | 4585 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 11:cee25a834751 | 4586 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 4587 | temp->name = type; |
wolfSSL | 11:cee25a834751 | 4588 | temp->pub.length = public_key_len; |
wolfSSL | 11:cee25a834751 | 4589 | temp->pub.buffer = (byte*)XMALLOC(public_key_len, ssl->heap, |
wolfSSL | 11:cee25a834751 | 4590 | DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 11:cee25a834751 | 4591 | XMEMCPY(temp->pub.buffer, public_key, public_key_len); |
wolfSSL | 11:cee25a834751 | 4592 | temp->pri.length = private_key_len; |
wolfSSL | 11:cee25a834751 | 4593 | temp->pri.buffer = (byte*)XMALLOC(private_key_len, ssl->heap, |
wolfSSL | 11:cee25a834751 | 4594 | DYNAMIC_TYPE_ARRAYS); |
wolfSSL | 11:cee25a834751 | 4595 | XMEMCPY(temp->pri.buffer, private_key, private_key_len); |
wolfSSL | 11:cee25a834751 | 4596 | temp->next = NULL; |
wolfSSL | 11:cee25a834751 | 4597 | |
wolfSSL | 11:cee25a834751 | 4598 | TLSX_AddQSHKey(&ssl->QSH_Key, temp); |
wolfSSL | 11:cee25a834751 | 4599 | #endif |
wolfSSL | 11:cee25a834751 | 4600 | |
wolfSSL | 11:cee25a834751 | 4601 | (void)ssl; |
wolfSSL | 11:cee25a834751 | 4602 | (void)type; |
wolfSSL | 11:cee25a834751 | 4603 | |
wolfSSL | 11:cee25a834751 | 4604 | return ret; |
wolfSSL | 11:cee25a834751 | 4605 | } |
wolfSSL | 11:cee25a834751 | 4606 | #endif |
wolfSSL | 11:cee25a834751 | 4607 | |
wolfSSL | 11:cee25a834751 | 4608 | |
wolfSSL | 11:cee25a834751 | 4609 | /* |
wolfSSL | 11:cee25a834751 | 4610 | Used to find a public key from the list of keys |
wolfSSL | 11:cee25a834751 | 4611 | pubLen length of array |
wolfSSL | 11:cee25a834751 | 4612 | name input the name of the scheme looking for ie WOLFSSL_NTRU_ESSXXX |
wolfSSL | 11:cee25a834751 | 4613 | |
wolfSSL | 11:cee25a834751 | 4614 | returns a pointer to public key byte* or NULL if not found |
wolfSSL | 11:cee25a834751 | 4615 | */ |
wolfSSL | 11:cee25a834751 | 4616 | static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name) |
wolfSSL | 11:cee25a834751 | 4617 | { |
wolfSSL | 11:cee25a834751 | 4618 | QSHKey* current = qsh; |
wolfSSL | 11:cee25a834751 | 4619 | |
wolfSSL | 11:cee25a834751 | 4620 | if (qsh == NULL || pubLen == NULL) |
wolfSSL | 11:cee25a834751 | 4621 | return NULL; |
wolfSSL | 11:cee25a834751 | 4622 | |
wolfSSL | 11:cee25a834751 | 4623 | *pubLen = 0; |
wolfSSL | 11:cee25a834751 | 4624 | |
wolfSSL | 11:cee25a834751 | 4625 | while(current) { |
wolfSSL | 11:cee25a834751 | 4626 | if (current->name == name) { |
wolfSSL | 11:cee25a834751 | 4627 | *pubLen = current->pub.length; |
wolfSSL | 11:cee25a834751 | 4628 | return current->pub.buffer; |
wolfSSL | 11:cee25a834751 | 4629 | } |
wolfSSL | 11:cee25a834751 | 4630 | current = (QSHKey*)current->next; |
wolfSSL | 11:cee25a834751 | 4631 | } |
wolfSSL | 11:cee25a834751 | 4632 | |
wolfSSL | 11:cee25a834751 | 4633 | return NULL; |
wolfSSL | 11:cee25a834751 | 4634 | } |
wolfSSL | 11:cee25a834751 | 4635 | #endif /* HAVE_QSH */ |
wolfSSL | 11:cee25a834751 | 4636 | |
wolfSSL | 11:cee25a834751 | 4637 | |
wolfSSL | 11:cee25a834751 | 4638 | int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) |
wolfSSL | 11:cee25a834751 | 4639 | { |
wolfSSL | 11:cee25a834751 | 4640 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 4641 | byte* public_key = NULL; |
wolfSSL | 11:cee25a834751 | 4642 | word16 public_key_len = 0; |
wolfSSL | 11:cee25a834751 | 4643 | #ifdef HAVE_QSH |
wolfSSL | 11:cee25a834751 | 4644 | TLSX* extension; |
wolfSSL | 11:cee25a834751 | 4645 | QSHScheme* qsh; |
wolfSSL | 11:cee25a834751 | 4646 | QSHScheme* next; |
wolfSSL | 11:cee25a834751 | 4647 | |
wolfSSL | 11:cee25a834751 | 4648 | /* add supported QSHSchemes */ |
wolfSSL | 11:cee25a834751 | 4649 | WOLFSSL_MSG("Adding supported QSH Schemes"); |
wolfSSL | 11:cee25a834751 | 4650 | #endif |
wolfSSL | 11:cee25a834751 | 4651 | |
wolfSSL | 11:cee25a834751 | 4652 | /* server will add extension depending on whats parsed from client */ |
wolfSSL | 11:cee25a834751 | 4653 | if (!isServer) { |
wolfSSL | 11:cee25a834751 | 4654 | #ifdef HAVE_QSH |
wolfSSL | 11:cee25a834751 | 4655 | /* test if user has set a specific scheme already */ |
wolfSSL | 11:cee25a834751 | 4656 | if (!ssl->user_set_QSHSchemes) { |
wolfSSL | 11:cee25a834751 | 4657 | if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) { |
wolfSSL | 11:cee25a834751 | 4658 | if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS743)) != 0) { |
wolfSSL | 11:cee25a834751 | 4659 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 11:cee25a834751 | 4660 | return ret; |
wolfSSL | 11:cee25a834751 | 4661 | } |
wolfSSL | 11:cee25a834751 | 4662 | if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS593)) != 0) { |
wolfSSL | 11:cee25a834751 | 4663 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 11:cee25a834751 | 4664 | return ret; |
wolfSSL | 11:cee25a834751 | 4665 | } |
wolfSSL | 11:cee25a834751 | 4666 | if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS439)) != 0) { |
wolfSSL | 11:cee25a834751 | 4667 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 11:cee25a834751 | 4668 | return ret; |
wolfSSL | 11:cee25a834751 | 4669 | } |
wolfSSL | 11:cee25a834751 | 4670 | |
wolfSSL | 11:cee25a834751 | 4671 | /* add NTRU 256 */ |
wolfSSL | 11:cee25a834751 | 4672 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 11:cee25a834751 | 4673 | &public_key_len, WOLFSSL_NTRU_EESS743); |
wolfSSL | 11:cee25a834751 | 4674 | } |
wolfSSL | 11:cee25a834751 | 4675 | if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS743, |
wolfSSL | 11:cee25a834751 | 4676 | public_key, public_key_len, ssl->heap) |
wolfSSL | 11:cee25a834751 | 4677 | != SSL_SUCCESS) |
wolfSSL | 11:cee25a834751 | 4678 | ret = -1; |
wolfSSL | 11:cee25a834751 | 4679 | |
wolfSSL | 11:cee25a834751 | 4680 | /* add NTRU 196 */ |
wolfSSL | 11:cee25a834751 | 4681 | if (ssl->sendQSHKeys) { |
wolfSSL | 11:cee25a834751 | 4682 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 11:cee25a834751 | 4683 | &public_key_len, WOLFSSL_NTRU_EESS593); |
wolfSSL | 11:cee25a834751 | 4684 | } |
wolfSSL | 11:cee25a834751 | 4685 | if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS593, |
wolfSSL | 11:cee25a834751 | 4686 | public_key, public_key_len, ssl->heap) |
wolfSSL | 11:cee25a834751 | 4687 | != SSL_SUCCESS) |
wolfSSL | 11:cee25a834751 | 4688 | ret = -1; |
wolfSSL | 11:cee25a834751 | 4689 | |
wolfSSL | 11:cee25a834751 | 4690 | /* add NTRU 128 */ |
wolfSSL | 11:cee25a834751 | 4691 | if (ssl->sendQSHKeys) { |
wolfSSL | 11:cee25a834751 | 4692 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 11:cee25a834751 | 4693 | &public_key_len, WOLFSSL_NTRU_EESS439); |
wolfSSL | 11:cee25a834751 | 4694 | } |
wolfSSL | 11:cee25a834751 | 4695 | if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS439, |
wolfSSL | 11:cee25a834751 | 4696 | public_key, public_key_len, ssl->heap) |
wolfSSL | 11:cee25a834751 | 4697 | != SSL_SUCCESS) |
wolfSSL | 11:cee25a834751 | 4698 | ret = -1; |
wolfSSL | 11:cee25a834751 | 4699 | } |
wolfSSL | 11:cee25a834751 | 4700 | else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) { |
wolfSSL | 11:cee25a834751 | 4701 | /* for each scheme make a client key */ |
wolfSSL | 11:cee25a834751 | 4702 | extension = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 11:cee25a834751 | 4703 | if (extension) { |
wolfSSL | 11:cee25a834751 | 4704 | qsh = (QSHScheme*)extension->data; |
wolfSSL | 11:cee25a834751 | 4705 | |
wolfSSL | 11:cee25a834751 | 4706 | while (qsh) { |
wolfSSL | 11:cee25a834751 | 4707 | if ((ret = TLSX_CreateQSHKey(ssl, qsh->name)) != 0) |
wolfSSL | 11:cee25a834751 | 4708 | return ret; |
wolfSSL | 11:cee25a834751 | 4709 | |
wolfSSL | 11:cee25a834751 | 4710 | /* get next now because qsh could be freed */ |
wolfSSL | 11:cee25a834751 | 4711 | next = qsh->next; |
wolfSSL | 11:cee25a834751 | 4712 | |
wolfSSL | 11:cee25a834751 | 4713 | /* find the public key created and add to extension*/ |
wolfSSL | 11:cee25a834751 | 4714 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 11:cee25a834751 | 4715 | &public_key_len, qsh->name); |
wolfSSL | 11:cee25a834751 | 4716 | if (TLSX_UseQSHScheme(&ssl->extensions, qsh->name, |
wolfSSL | 11:cee25a834751 | 4717 | public_key, public_key_len, |
wolfSSL | 11:cee25a834751 | 4718 | ssl->heap) != SSL_SUCCESS) |
wolfSSL | 11:cee25a834751 | 4719 | ret = -1; |
wolfSSL | 11:cee25a834751 | 4720 | qsh = next; |
wolfSSL | 11:cee25a834751 | 4721 | } |
wolfSSL | 11:cee25a834751 | 4722 | } |
wolfSSL | 11:cee25a834751 | 4723 | } |
wolfSSL | 11:cee25a834751 | 4724 | #endif |
wolfSSL | 11:cee25a834751 | 4725 | |
wolfSSL | 11:cee25a834751 | 4726 | #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) |
wolfSSL | 11:cee25a834751 | 4727 | if (!ssl->options.userCurves && !ssl->ctx->userCurves) { |
wolfSSL | 11:cee25a834751 | 4728 | #ifndef HAVE_FIPS |
wolfSSL | 11:cee25a834751 | 4729 | #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 4730 | #ifndef NO_ECC_SECP |
wolfSSL | 11:cee25a834751 | 4731 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP160R1, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4732 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4733 | #endif |
wolfSSL | 11:cee25a834751 | 4734 | #ifdef HAVE_ECC_SECPR2 |
wolfSSL | 11:cee25a834751 | 4735 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP160R2, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4736 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4737 | #endif |
wolfSSL | 11:cee25a834751 | 4738 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 11:cee25a834751 | 4739 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP160K1, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4740 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4741 | #endif |
wolfSSL | 11:cee25a834751 | 4742 | #endif |
wolfSSL | 11:cee25a834751 | 4743 | #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 4744 | #ifndef NO_ECC_SECP |
wolfSSL | 11:cee25a834751 | 4745 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP192R1, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4746 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4747 | #endif |
wolfSSL | 11:cee25a834751 | 4748 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 11:cee25a834751 | 4749 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP192K1, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4750 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4751 | #endif |
wolfSSL | 11:cee25a834751 | 4752 | #endif |
wolfSSL | 11:cee25a834751 | 4753 | #endif |
wolfSSL | 11:cee25a834751 | 4754 | #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 4755 | #ifndef NO_ECC_SECP |
wolfSSL | 11:cee25a834751 | 4756 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP224R1, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4757 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4758 | #endif |
wolfSSL | 11:cee25a834751 | 4759 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 11:cee25a834751 | 4760 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP224K1, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4761 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4762 | #endif |
wolfSSL | 11:cee25a834751 | 4763 | #endif |
wolfSSL | 11:cee25a834751 | 4764 | #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 4765 | #ifndef NO_ECC_SECP |
wolfSSL | 11:cee25a834751 | 4766 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP256R1, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4767 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4768 | #endif |
wolfSSL | 11:cee25a834751 | 4769 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 11:cee25a834751 | 4770 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP256K1, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4771 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4772 | #endif |
wolfSSL | 11:cee25a834751 | 4773 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 11:cee25a834751 | 4774 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4775 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4776 | #endif |
wolfSSL | 11:cee25a834751 | 4777 | #endif |
wolfSSL | 11:cee25a834751 | 4778 | #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 4779 | #ifndef NO_ECC_SECP |
wolfSSL | 11:cee25a834751 | 4780 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP384R1, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4781 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4782 | #endif |
wolfSSL | 11:cee25a834751 | 4783 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 11:cee25a834751 | 4784 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4785 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4786 | #endif |
wolfSSL | 11:cee25a834751 | 4787 | #endif |
wolfSSL | 11:cee25a834751 | 4788 | #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 4789 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 11:cee25a834751 | 4790 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4791 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4792 | #endif |
wolfSSL | 11:cee25a834751 | 4793 | #endif |
wolfSSL | 11:cee25a834751 | 4794 | #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) |
wolfSSL | 11:cee25a834751 | 4795 | #ifndef NO_ECC_SECP |
wolfSSL | 11:cee25a834751 | 4796 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP521R1, ssl->heap); |
wolfSSL | 11:cee25a834751 | 4797 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 11:cee25a834751 | 4798 | #endif |
wolfSSL | 11:cee25a834751 | 4799 | #endif |
wolfSSL | 11:cee25a834751 | 4800 | } |
wolfSSL | 11:cee25a834751 | 4801 | #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */ |
wolfSSL | 11:cee25a834751 | 4802 | } /* is not server */ |
wolfSSL | 11:cee25a834751 | 4803 | |
wolfSSL | 11:cee25a834751 | 4804 | (void)public_key; |
wolfSSL | 11:cee25a834751 | 4805 | (void)public_key_len; |
wolfSSL | 11:cee25a834751 | 4806 | (void)ssl; |
wolfSSL | 11:cee25a834751 | 4807 | |
wolfSSL | 11:cee25a834751 | 4808 | if (ret == SSL_SUCCESS) |
wolfSSL | 11:cee25a834751 | 4809 | ret = 0; |
wolfSSL | 11:cee25a834751 | 4810 | |
wolfSSL | 11:cee25a834751 | 4811 | return ret; |
wolfSSL | 11:cee25a834751 | 4812 | } |
wolfSSL | 11:cee25a834751 | 4813 | |
wolfSSL | 11:cee25a834751 | 4814 | |
wolfSSL | 11:cee25a834751 | 4815 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 4816 | |
wolfSSL | 11:cee25a834751 | 4817 | /** Tells the buffered size of extensions to be sent into the client hello. */ |
wolfSSL | 11:cee25a834751 | 4818 | word16 TLSX_GetRequestSize(WOLFSSL* ssl) |
wolfSSL | 11:cee25a834751 | 4819 | { |
wolfSSL | 11:cee25a834751 | 4820 | word16 length = 0; |
wolfSSL | 11:cee25a834751 | 4821 | |
wolfSSL | 11:cee25a834751 | 4822 | if (TLSX_SupportExtensions(ssl)) { |
wolfSSL | 11:cee25a834751 | 4823 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 11:cee25a834751 | 4824 | |
wolfSSL | 11:cee25a834751 | 4825 | EC_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 11:cee25a834751 | 4826 | QSH_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 11:cee25a834751 | 4827 | WOLF_STK_VALIDATE_REQUEST(ssl); |
wolfSSL | 11:cee25a834751 | 4828 | |
wolfSSL | 11:cee25a834751 | 4829 | if (ssl->extensions) |
wolfSSL | 11:cee25a834751 | 4830 | length += TLSX_GetSize(ssl->extensions, semaphore, 1); |
wolfSSL | 11:cee25a834751 | 4831 | |
wolfSSL | 11:cee25a834751 | 4832 | if (ssl->ctx && ssl->ctx->extensions) |
wolfSSL | 11:cee25a834751 | 4833 | length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1); |
wolfSSL | 11:cee25a834751 | 4834 | |
wolfSSL | 11:cee25a834751 | 4835 | if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) |
wolfSSL | 11:cee25a834751 | 4836 | length += HELLO_EXT_SZ + HELLO_EXT_SIGALGO_SZ |
wolfSSL | 11:cee25a834751 | 4837 | + ssl->suites->hashSigAlgoSz; |
wolfSSL | 11:cee25a834751 | 4838 | |
wolfSSL | 11:cee25a834751 | 4839 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 11:cee25a834751 | 4840 | if (ssl->options.haveEMS) |
wolfSSL | 11:cee25a834751 | 4841 | length += HELLO_EXT_SZ; |
wolfSSL | 11:cee25a834751 | 4842 | #endif |
wolfSSL | 11:cee25a834751 | 4843 | } |
wolfSSL | 11:cee25a834751 | 4844 | |
wolfSSL | 11:cee25a834751 | 4845 | if (length) |
wolfSSL | 11:cee25a834751 | 4846 | length += OPAQUE16_LEN; /* for total length storage. */ |
wolfSSL | 11:cee25a834751 | 4847 | |
wolfSSL | 11:cee25a834751 | 4848 | return length; |
wolfSSL | 11:cee25a834751 | 4849 | } |
wolfSSL | 11:cee25a834751 | 4850 | |
wolfSSL | 11:cee25a834751 | 4851 | /** Writes the extensions to be sent into the client hello. */ |
wolfSSL | 11:cee25a834751 | 4852 | word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output) |
wolfSSL | 11:cee25a834751 | 4853 | { |
wolfSSL | 11:cee25a834751 | 4854 | word16 offset = 0; |
wolfSSL | 11:cee25a834751 | 4855 | |
wolfSSL | 11:cee25a834751 | 4856 | if (TLSX_SupportExtensions(ssl) && output) { |
wolfSSL | 11:cee25a834751 | 4857 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 11:cee25a834751 | 4858 | |
wolfSSL | 11:cee25a834751 | 4859 | offset += OPAQUE16_LEN; /* extensions length */ |
wolfSSL | 11:cee25a834751 | 4860 | |
wolfSSL | 11:cee25a834751 | 4861 | EC_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 11:cee25a834751 | 4862 | WOLF_STK_VALIDATE_REQUEST(ssl); |
wolfSSL | 11:cee25a834751 | 4863 | QSH_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 11:cee25a834751 | 4864 | |
wolfSSL | 11:cee25a834751 | 4865 | if (ssl->extensions) |
wolfSSL | 11:cee25a834751 | 4866 | offset += TLSX_Write(ssl->extensions, output + offset, |
wolfSSL | 11:cee25a834751 | 4867 | semaphore, 1); |
wolfSSL | 11:cee25a834751 | 4868 | |
wolfSSL | 11:cee25a834751 | 4869 | if (ssl->ctx && ssl->ctx->extensions) |
wolfSSL | 11:cee25a834751 | 4870 | offset += TLSX_Write(ssl->ctx->extensions, output + offset, |
wolfSSL | 11:cee25a834751 | 4871 | semaphore, 1); |
wolfSSL | 11:cee25a834751 | 4872 | |
wolfSSL | 11:cee25a834751 | 4873 | if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) { |
wolfSSL | 11:cee25a834751 | 4874 | int i; |
wolfSSL | 11:cee25a834751 | 4875 | /* extension type */ |
wolfSSL | 11:cee25a834751 | 4876 | c16toa(HELLO_EXT_SIG_ALGO, output + offset); |
wolfSSL | 11:cee25a834751 | 4877 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 11:cee25a834751 | 4878 | |
wolfSSL | 11:cee25a834751 | 4879 | /* extension data length */ |
wolfSSL | 11:cee25a834751 | 4880 | c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz, |
wolfSSL | 11:cee25a834751 | 4881 | output + offset); |
wolfSSL | 11:cee25a834751 | 4882 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 4883 | |
wolfSSL | 11:cee25a834751 | 4884 | /* sig algos length */ |
wolfSSL | 11:cee25a834751 | 4885 | c16toa(ssl->suites->hashSigAlgoSz, output + offset); |
wolfSSL | 11:cee25a834751 | 4886 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 4887 | |
wolfSSL | 11:cee25a834751 | 4888 | /* sig algos */ |
wolfSSL | 11:cee25a834751 | 4889 | for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, offset++) |
wolfSSL | 11:cee25a834751 | 4890 | output[offset] = ssl->suites->hashSigAlgo[i]; |
wolfSSL | 11:cee25a834751 | 4891 | } |
wolfSSL | 11:cee25a834751 | 4892 | |
wolfSSL | 11:cee25a834751 | 4893 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 11:cee25a834751 | 4894 | if (ssl->options.haveEMS) { |
wolfSSL | 11:cee25a834751 | 4895 | c16toa(HELLO_EXT_EXTMS, output + offset); |
wolfSSL | 11:cee25a834751 | 4896 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 11:cee25a834751 | 4897 | c16toa(0, output + offset); |
wolfSSL | 11:cee25a834751 | 4898 | offset += HELLO_EXT_SZ_SZ; |
wolfSSL | 11:cee25a834751 | 4899 | } |
wolfSSL | 11:cee25a834751 | 4900 | #endif |
wolfSSL | 11:cee25a834751 | 4901 | |
wolfSSL | 11:cee25a834751 | 4902 | if (offset > OPAQUE16_LEN) |
wolfSSL | 11:cee25a834751 | 4903 | c16toa(offset - OPAQUE16_LEN, output); /* extensions length */ |
wolfSSL | 11:cee25a834751 | 4904 | } |
wolfSSL | 11:cee25a834751 | 4905 | |
wolfSSL | 11:cee25a834751 | 4906 | return offset; |
wolfSSL | 11:cee25a834751 | 4907 | } |
wolfSSL | 11:cee25a834751 | 4908 | |
wolfSSL | 11:cee25a834751 | 4909 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 11:cee25a834751 | 4910 | |
wolfSSL | 11:cee25a834751 | 4911 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 4912 | |
wolfSSL | 11:cee25a834751 | 4913 | /** Tells the buffered size of extensions to be sent into the server hello. */ |
wolfSSL | 11:cee25a834751 | 4914 | word16 TLSX_GetResponseSize(WOLFSSL* ssl) |
wolfSSL | 11:cee25a834751 | 4915 | { |
wolfSSL | 11:cee25a834751 | 4916 | word16 length = 0; |
wolfSSL | 11:cee25a834751 | 4917 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 11:cee25a834751 | 4918 | |
wolfSSL | 11:cee25a834751 | 4919 | #ifdef HAVE_QSH |
wolfSSL | 11:cee25a834751 | 4920 | /* change response if not using TLS_QSH */ |
wolfSSL | 11:cee25a834751 | 4921 | if (!ssl->options.haveQSH) { |
wolfSSL | 11:cee25a834751 | 4922 | TLSX* ext = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 11:cee25a834751 | 4923 | if (ext) |
wolfSSL | 11:cee25a834751 | 4924 | ext->resp = 0; |
wolfSSL | 11:cee25a834751 | 4925 | } |
wolfSSL | 11:cee25a834751 | 4926 | #endif |
wolfSSL | 11:cee25a834751 | 4927 | |
wolfSSL | 11:cee25a834751 | 4928 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 11:cee25a834751 | 4929 | if (ssl->options.haveEMS) |
wolfSSL | 11:cee25a834751 | 4930 | length += HELLO_EXT_SZ; |
wolfSSL | 11:cee25a834751 | 4931 | #endif |
wolfSSL | 11:cee25a834751 | 4932 | |
wolfSSL | 11:cee25a834751 | 4933 | if (TLSX_SupportExtensions(ssl)) |
wolfSSL | 11:cee25a834751 | 4934 | length += TLSX_GetSize(ssl->extensions, semaphore, 0); |
wolfSSL | 11:cee25a834751 | 4935 | |
wolfSSL | 11:cee25a834751 | 4936 | /* All the response data is set at the ssl object only, so no ctx here. */ |
wolfSSL | 11:cee25a834751 | 4937 | |
wolfSSL | 11:cee25a834751 | 4938 | if (length) |
wolfSSL | 11:cee25a834751 | 4939 | length += OPAQUE16_LEN; /* for total length storage. */ |
wolfSSL | 11:cee25a834751 | 4940 | |
wolfSSL | 11:cee25a834751 | 4941 | return length; |
wolfSSL | 11:cee25a834751 | 4942 | } |
wolfSSL | 11:cee25a834751 | 4943 | |
wolfSSL | 11:cee25a834751 | 4944 | /** Writes the server hello extensions into a buffer. */ |
wolfSSL | 11:cee25a834751 | 4945 | word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output) |
wolfSSL | 11:cee25a834751 | 4946 | { |
wolfSSL | 11:cee25a834751 | 4947 | word16 offset = 0; |
wolfSSL | 11:cee25a834751 | 4948 | |
wolfSSL | 11:cee25a834751 | 4949 | if (TLSX_SupportExtensions(ssl) && output) { |
wolfSSL | 11:cee25a834751 | 4950 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 11:cee25a834751 | 4951 | |
wolfSSL | 11:cee25a834751 | 4952 | offset += OPAQUE16_LEN; /* extensions length */ |
wolfSSL | 11:cee25a834751 | 4953 | |
wolfSSL | 11:cee25a834751 | 4954 | offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0); |
wolfSSL | 11:cee25a834751 | 4955 | |
wolfSSL | 11:cee25a834751 | 4956 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 11:cee25a834751 | 4957 | if (ssl->options.haveEMS) { |
wolfSSL | 11:cee25a834751 | 4958 | c16toa(HELLO_EXT_EXTMS, output + offset); |
wolfSSL | 11:cee25a834751 | 4959 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 11:cee25a834751 | 4960 | c16toa(0, output + offset); |
wolfSSL | 11:cee25a834751 | 4961 | offset += HELLO_EXT_SZ_SZ; |
wolfSSL | 11:cee25a834751 | 4962 | } |
wolfSSL | 11:cee25a834751 | 4963 | #endif |
wolfSSL | 11:cee25a834751 | 4964 | |
wolfSSL | 11:cee25a834751 | 4965 | if (offset > OPAQUE16_LEN) |
wolfSSL | 11:cee25a834751 | 4966 | c16toa(offset - OPAQUE16_LEN, output); /* extensions length */ |
wolfSSL | 11:cee25a834751 | 4967 | } |
wolfSSL | 11:cee25a834751 | 4968 | |
wolfSSL | 11:cee25a834751 | 4969 | return offset; |
wolfSSL | 11:cee25a834751 | 4970 | } |
wolfSSL | 11:cee25a834751 | 4971 | |
wolfSSL | 11:cee25a834751 | 4972 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 11:cee25a834751 | 4973 | |
wolfSSL | 11:cee25a834751 | 4974 | /** Parses a buffer of TLS extensions. */ |
wolfSSL | 11:cee25a834751 | 4975 | int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest, |
wolfSSL | 11:cee25a834751 | 4976 | Suites *suites) |
wolfSSL | 11:cee25a834751 | 4977 | { |
wolfSSL | 11:cee25a834751 | 4978 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 4979 | word16 offset = 0; |
wolfSSL | 11:cee25a834751 | 4980 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 11:cee25a834751 | 4981 | byte pendingEMS = 0; |
wolfSSL | 11:cee25a834751 | 4982 | #endif |
wolfSSL | 11:cee25a834751 | 4983 | |
wolfSSL | 11:cee25a834751 | 4984 | if (!ssl || !input || (isRequest && !suites)) |
wolfSSL | 11:cee25a834751 | 4985 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 4986 | |
wolfSSL | 11:cee25a834751 | 4987 | while (ret == 0 && offset < length) { |
wolfSSL | 11:cee25a834751 | 4988 | word16 type; |
wolfSSL | 11:cee25a834751 | 4989 | word16 size; |
wolfSSL | 11:cee25a834751 | 4990 | |
wolfSSL | 11:cee25a834751 | 4991 | if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN) |
wolfSSL | 11:cee25a834751 | 4992 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 4993 | |
wolfSSL | 11:cee25a834751 | 4994 | ato16(input + offset, &type); |
wolfSSL | 11:cee25a834751 | 4995 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 11:cee25a834751 | 4996 | |
wolfSSL | 11:cee25a834751 | 4997 | ato16(input + offset, &size); |
wolfSSL | 11:cee25a834751 | 4998 | offset += OPAQUE16_LEN; |
wolfSSL | 11:cee25a834751 | 4999 | |
wolfSSL | 11:cee25a834751 | 5000 | if (offset + size > length) |
wolfSSL | 11:cee25a834751 | 5001 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 5002 | |
wolfSSL | 11:cee25a834751 | 5003 | switch (type) { |
wolfSSL | 11:cee25a834751 | 5004 | case TLSX_SERVER_NAME: |
wolfSSL | 11:cee25a834751 | 5005 | WOLFSSL_MSG("SNI extension received"); |
wolfSSL | 11:cee25a834751 | 5006 | |
wolfSSL | 11:cee25a834751 | 5007 | ret = SNI_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 11:cee25a834751 | 5008 | break; |
wolfSSL | 11:cee25a834751 | 5009 | |
wolfSSL | 11:cee25a834751 | 5010 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 11:cee25a834751 | 5011 | WOLFSSL_MSG("Max Fragment Length extension received"); |
wolfSSL | 11:cee25a834751 | 5012 | |
wolfSSL | 11:cee25a834751 | 5013 | ret = MFL_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 11:cee25a834751 | 5014 | break; |
wolfSSL | 11:cee25a834751 | 5015 | |
wolfSSL | 11:cee25a834751 | 5016 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 11:cee25a834751 | 5017 | WOLFSSL_MSG("Truncated HMAC extension received"); |
wolfSSL | 11:cee25a834751 | 5018 | |
wolfSSL | 11:cee25a834751 | 5019 | ret = THM_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 11:cee25a834751 | 5020 | break; |
wolfSSL | 11:cee25a834751 | 5021 | |
wolfSSL | 11:cee25a834751 | 5022 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 11:cee25a834751 | 5023 | WOLFSSL_MSG("Elliptic Curves extension received"); |
wolfSSL | 11:cee25a834751 | 5024 | |
wolfSSL | 11:cee25a834751 | 5025 | ret = EC_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 11:cee25a834751 | 5026 | break; |
wolfSSL | 11:cee25a834751 | 5027 | |
wolfSSL | 11:cee25a834751 | 5028 | case TLSX_STATUS_REQUEST: |
wolfSSL | 11:cee25a834751 | 5029 | WOLFSSL_MSG("Certificate Status Request extension received"); |
wolfSSL | 11:cee25a834751 | 5030 | |
wolfSSL | 11:cee25a834751 | 5031 | ret = CSR_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 11:cee25a834751 | 5032 | break; |
wolfSSL | 11:cee25a834751 | 5033 | |
wolfSSL | 11:cee25a834751 | 5034 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 11:cee25a834751 | 5035 | WOLFSSL_MSG("Certificate Status Request v2 extension received"); |
wolfSSL | 11:cee25a834751 | 5036 | |
wolfSSL | 11:cee25a834751 | 5037 | ret = CSR2_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 11:cee25a834751 | 5038 | break; |
wolfSSL | 11:cee25a834751 | 5039 | |
wolfSSL | 11:cee25a834751 | 5040 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 11:cee25a834751 | 5041 | case HELLO_EXT_EXTMS: |
wolfSSL | 11:cee25a834751 | 5042 | WOLFSSL_MSG("Extended Master Secret extension received"); |
wolfSSL | 11:cee25a834751 | 5043 | |
wolfSSL | 11:cee25a834751 | 5044 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 5045 | if (isRequest) |
wolfSSL | 11:cee25a834751 | 5046 | ssl->options.haveEMS = 1; |
wolfSSL | 11:cee25a834751 | 5047 | #endif |
wolfSSL | 11:cee25a834751 | 5048 | pendingEMS = 1; |
wolfSSL | 11:cee25a834751 | 5049 | break; |
wolfSSL | 11:cee25a834751 | 5050 | #endif |
wolfSSL | 11:cee25a834751 | 5051 | |
wolfSSL | 11:cee25a834751 | 5052 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 11:cee25a834751 | 5053 | WOLFSSL_MSG("Secure Renegotiation extension received"); |
wolfSSL | 11:cee25a834751 | 5054 | |
wolfSSL | 11:cee25a834751 | 5055 | ret = SCR_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 11:cee25a834751 | 5056 | break; |
wolfSSL | 11:cee25a834751 | 5057 | |
wolfSSL | 11:cee25a834751 | 5058 | case TLSX_SESSION_TICKET: |
wolfSSL | 11:cee25a834751 | 5059 | WOLFSSL_MSG("Session Ticket extension received"); |
wolfSSL | 11:cee25a834751 | 5060 | |
wolfSSL | 11:cee25a834751 | 5061 | ret = WOLF_STK_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 11:cee25a834751 | 5062 | break; |
wolfSSL | 11:cee25a834751 | 5063 | |
wolfSSL | 11:cee25a834751 | 5064 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 11:cee25a834751 | 5065 | WOLFSSL_MSG("Quantum-Safe-Hybrid extension received"); |
wolfSSL | 11:cee25a834751 | 5066 | |
wolfSSL | 11:cee25a834751 | 5067 | ret = QSH_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 11:cee25a834751 | 5068 | break; |
wolfSSL | 11:cee25a834751 | 5069 | |
wolfSSL | 11:cee25a834751 | 5070 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 11:cee25a834751 | 5071 | WOLFSSL_MSG("ALPN extension received"); |
wolfSSL | 11:cee25a834751 | 5072 | |
wolfSSL | 11:cee25a834751 | 5073 | ret = ALPN_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 11:cee25a834751 | 5074 | break; |
wolfSSL | 11:cee25a834751 | 5075 | |
wolfSSL | 11:cee25a834751 | 5076 | case HELLO_EXT_SIG_ALGO: |
wolfSSL | 11:cee25a834751 | 5077 | if (isRequest) { |
wolfSSL | 11:cee25a834751 | 5078 | /* do not mess with offset inside the switch! */ |
wolfSSL | 11:cee25a834751 | 5079 | if (IsAtLeastTLSv1_2(ssl)) { |
wolfSSL | 11:cee25a834751 | 5080 | ato16(input + offset, &suites->hashSigAlgoSz); |
wolfSSL | 11:cee25a834751 | 5081 | |
wolfSSL | 11:cee25a834751 | 5082 | if (suites->hashSigAlgoSz > size - OPAQUE16_LEN) |
wolfSSL | 11:cee25a834751 | 5083 | return BUFFER_ERROR; |
wolfSSL | 11:cee25a834751 | 5084 | |
wolfSSL | 11:cee25a834751 | 5085 | XMEMCPY(suites->hashSigAlgo, |
wolfSSL | 11:cee25a834751 | 5086 | input + offset + OPAQUE16_LEN, |
wolfSSL | 11:cee25a834751 | 5087 | min(suites->hashSigAlgoSz, |
wolfSSL | 11:cee25a834751 | 5088 | HELLO_EXT_SIGALGO_MAX)); |
wolfSSL | 11:cee25a834751 | 5089 | } |
wolfSSL | 11:cee25a834751 | 5090 | } else { |
wolfSSL | 11:cee25a834751 | 5091 | WOLFSSL_MSG("Servers MUST NOT send SIG ALGO extension."); |
wolfSSL | 11:cee25a834751 | 5092 | } |
wolfSSL | 11:cee25a834751 | 5093 | |
wolfSSL | 11:cee25a834751 | 5094 | break; |
wolfSSL | 11:cee25a834751 | 5095 | } |
wolfSSL | 11:cee25a834751 | 5096 | |
wolfSSL | 11:cee25a834751 | 5097 | /* offset should be updated here! */ |
wolfSSL | 11:cee25a834751 | 5098 | offset += size; |
wolfSSL | 11:cee25a834751 | 5099 | } |
wolfSSL | 11:cee25a834751 | 5100 | |
wolfSSL | 11:cee25a834751 | 5101 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 11:cee25a834751 | 5102 | if (!isRequest && ssl->options.haveEMS && !pendingEMS) |
wolfSSL | 11:cee25a834751 | 5103 | ssl->options.haveEMS = 0; |
wolfSSL | 11:cee25a834751 | 5104 | #endif |
wolfSSL | 11:cee25a834751 | 5105 | |
wolfSSL | 11:cee25a834751 | 5106 | if (ret == 0) |
wolfSSL | 11:cee25a834751 | 5107 | ret = SNI_VERIFY_PARSE(ssl, isRequest); |
wolfSSL | 11:cee25a834751 | 5108 | |
wolfSSL | 11:cee25a834751 | 5109 | return ret; |
wolfSSL | 11:cee25a834751 | 5110 | } |
wolfSSL | 11:cee25a834751 | 5111 | |
wolfSSL | 11:cee25a834751 | 5112 | /* undefining semaphore macros */ |
wolfSSL | 11:cee25a834751 | 5113 | #undef IS_OFF |
wolfSSL | 11:cee25a834751 | 5114 | #undef TURN_ON |
wolfSSL | 11:cee25a834751 | 5115 | #undef SEMAPHORE_SIZE |
wolfSSL | 11:cee25a834751 | 5116 | |
wolfSSL | 11:cee25a834751 | 5117 | #endif /* HAVE_TLS_EXTENSIONS */ |
wolfSSL | 11:cee25a834751 | 5118 | |
wolfSSL | 11:cee25a834751 | 5119 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 11:cee25a834751 | 5120 | |
wolfSSL | 11:cee25a834751 | 5121 | #ifndef NO_OLD_TLS |
wolfSSL | 11:cee25a834751 | 5122 | |
wolfSSL | 11:cee25a834751 | 5123 | WOLFSSL_METHOD* wolfTLSv1_client_method(void) |
wolfSSL | 11:cee25a834751 | 5124 | { |
wolfSSL | 11:cee25a834751 | 5125 | return wolfTLSv1_client_method_ex(NULL); |
wolfSSL | 11:cee25a834751 | 5126 | } |
wolfSSL | 11:cee25a834751 | 5127 | |
wolfSSL | 11:cee25a834751 | 5128 | |
wolfSSL | 11:cee25a834751 | 5129 | WOLFSSL_METHOD* wolfTLSv1_1_client_method(void) |
wolfSSL | 11:cee25a834751 | 5130 | { |
wolfSSL | 11:cee25a834751 | 5131 | return wolfTLSv1_1_client_method_ex(NULL); |
wolfSSL | 11:cee25a834751 | 5132 | } |
wolfSSL | 11:cee25a834751 | 5133 | |
wolfSSL | 11:cee25a834751 | 5134 | WOLFSSL_METHOD* wolfTLSv1_client_method_ex(void* heap) |
wolfSSL | 11:cee25a834751 | 5135 | { |
wolfSSL | 11:cee25a834751 | 5136 | WOLFSSL_METHOD* method = |
wolfSSL | 11:cee25a834751 | 5137 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 11:cee25a834751 | 5138 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 11:cee25a834751 | 5139 | if (method) |
wolfSSL | 11:cee25a834751 | 5140 | InitSSL_Method(method, MakeTLSv1()); |
wolfSSL | 11:cee25a834751 | 5141 | return method; |
wolfSSL | 11:cee25a834751 | 5142 | } |
wolfSSL | 11:cee25a834751 | 5143 | |
wolfSSL | 11:cee25a834751 | 5144 | |
wolfSSL | 11:cee25a834751 | 5145 | WOLFSSL_METHOD* wolfTLSv1_1_client_method_ex(void* heap) |
wolfSSL | 11:cee25a834751 | 5146 | { |
wolfSSL | 11:cee25a834751 | 5147 | WOLFSSL_METHOD* method = |
wolfSSL | 11:cee25a834751 | 5148 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 11:cee25a834751 | 5149 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 11:cee25a834751 | 5150 | if (method) |
wolfSSL | 11:cee25a834751 | 5151 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 11:cee25a834751 | 5152 | return method; |
wolfSSL | 11:cee25a834751 | 5153 | } |
wolfSSL | 11:cee25a834751 | 5154 | |
wolfSSL | 11:cee25a834751 | 5155 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 11:cee25a834751 | 5156 | |
wolfSSL | 11:cee25a834751 | 5157 | |
wolfSSL | 11:cee25a834751 | 5158 | WOLFSSL_METHOD* wolfTLSv1_2_client_method(void) |
wolfSSL | 11:cee25a834751 | 5159 | { |
wolfSSL | 11:cee25a834751 | 5160 | return wolfTLSv1_2_client_method_ex(NULL); |
wolfSSL | 11:cee25a834751 | 5161 | } |
wolfSSL | 11:cee25a834751 | 5162 | |
wolfSSL | 11:cee25a834751 | 5163 | WOLFSSL_METHOD* wolfTLSv1_2_client_method_ex(void* heap) |
wolfSSL | 11:cee25a834751 | 5164 | { |
wolfSSL | 11:cee25a834751 | 5165 | WOLFSSL_METHOD* method = |
wolfSSL | 11:cee25a834751 | 5166 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 11:cee25a834751 | 5167 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 11:cee25a834751 | 5168 | (void)heap; |
wolfSSL | 11:cee25a834751 | 5169 | if (method) |
wolfSSL | 11:cee25a834751 | 5170 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 11:cee25a834751 | 5171 | return method; |
wolfSSL | 11:cee25a834751 | 5172 | } |
wolfSSL | 11:cee25a834751 | 5173 | |
wolfSSL | 11:cee25a834751 | 5174 | |
wolfSSL | 11:cee25a834751 | 5175 | WOLFSSL_METHOD* wolfSSLv23_client_method(void) |
wolfSSL | 11:cee25a834751 | 5176 | { |
wolfSSL | 11:cee25a834751 | 5177 | return wolfSSLv23_client_method_ex(NULL); |
wolfSSL | 11:cee25a834751 | 5178 | } |
wolfSSL | 11:cee25a834751 | 5179 | |
wolfSSL | 11:cee25a834751 | 5180 | |
wolfSSL | 11:cee25a834751 | 5181 | WOLFSSL_METHOD* wolfSSLv23_client_method_ex(void* heap) |
wolfSSL | 11:cee25a834751 | 5182 | { |
wolfSSL | 11:cee25a834751 | 5183 | WOLFSSL_METHOD* method = |
wolfSSL | 11:cee25a834751 | 5184 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 11:cee25a834751 | 5185 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 11:cee25a834751 | 5186 | (void)heap; |
wolfSSL | 11:cee25a834751 | 5187 | if (method) { |
wolfSSL | 11:cee25a834751 | 5188 | #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) |
wolfSSL | 11:cee25a834751 | 5189 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 11:cee25a834751 | 5190 | #else |
wolfSSL | 11:cee25a834751 | 5191 | #ifndef NO_OLD_TLS |
wolfSSL | 11:cee25a834751 | 5192 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 11:cee25a834751 | 5193 | #endif |
wolfSSL | 11:cee25a834751 | 5194 | #endif |
wolfSSL | 11:cee25a834751 | 5195 | #ifndef NO_OLD_TLS |
wolfSSL | 11:cee25a834751 | 5196 | method->downgrade = 1; |
wolfSSL | 11:cee25a834751 | 5197 | #endif |
wolfSSL | 11:cee25a834751 | 5198 | } |
wolfSSL | 11:cee25a834751 | 5199 | return method; |
wolfSSL | 11:cee25a834751 | 5200 | } |
wolfSSL | 11:cee25a834751 | 5201 | |
wolfSSL | 11:cee25a834751 | 5202 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 11:cee25a834751 | 5203 | |
wolfSSL | 11:cee25a834751 | 5204 | |
wolfSSL | 11:cee25a834751 | 5205 | |
wolfSSL | 11:cee25a834751 | 5206 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 11:cee25a834751 | 5207 | |
wolfSSL | 11:cee25a834751 | 5208 | #ifndef NO_OLD_TLS |
wolfSSL | 11:cee25a834751 | 5209 | |
wolfSSL | 11:cee25a834751 | 5210 | WOLFSSL_METHOD* wolfTLSv1_server_method(void) |
wolfSSL | 11:cee25a834751 | 5211 | { |
wolfSSL | 11:cee25a834751 | 5212 | return wolfTLSv1_server_method_ex(NULL); |
wolfSSL | 11:cee25a834751 | 5213 | } |
wolfSSL | 11:cee25a834751 | 5214 | |
wolfSSL | 11:cee25a834751 | 5215 | |
wolfSSL | 11:cee25a834751 | 5216 | WOLFSSL_METHOD* wolfTLSv1_1_server_method(void) |
wolfSSL | 11:cee25a834751 | 5217 | { |
wolfSSL | 11:cee25a834751 | 5218 | return wolfTLSv1_1_server_method_ex(NULL); |
wolfSSL | 11:cee25a834751 | 5219 | } |
wolfSSL | 11:cee25a834751 | 5220 | |
wolfSSL | 11:cee25a834751 | 5221 | WOLFSSL_METHOD* wolfTLSv1_server_method_ex(void* heap) |
wolfSSL | 11:cee25a834751 | 5222 | { |
wolfSSL | 11:cee25a834751 | 5223 | WOLFSSL_METHOD* method = |
wolfSSL | 11:cee25a834751 | 5224 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 11:cee25a834751 | 5225 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 11:cee25a834751 | 5226 | if (method) { |
wolfSSL | 11:cee25a834751 | 5227 | InitSSL_Method(method, MakeTLSv1()); |
wolfSSL | 11:cee25a834751 | 5228 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 11:cee25a834751 | 5229 | } |
wolfSSL | 11:cee25a834751 | 5230 | return method; |
wolfSSL | 11:cee25a834751 | 5231 | } |
wolfSSL | 11:cee25a834751 | 5232 | |
wolfSSL | 11:cee25a834751 | 5233 | |
wolfSSL | 11:cee25a834751 | 5234 | WOLFSSL_METHOD* wolfTLSv1_1_server_method_ex(void* heap) |
wolfSSL | 11:cee25a834751 | 5235 | { |
wolfSSL | 11:cee25a834751 | 5236 | WOLFSSL_METHOD* method = |
wolfSSL | 11:cee25a834751 | 5237 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 11:cee25a834751 | 5238 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 11:cee25a834751 | 5239 | if (method) { |
wolfSSL | 11:cee25a834751 | 5240 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 11:cee25a834751 | 5241 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 11:cee25a834751 | 5242 | } |
wolfSSL | 11:cee25a834751 | 5243 | return method; |
wolfSSL | 11:cee25a834751 | 5244 | } |
wolfSSL | 11:cee25a834751 | 5245 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 11:cee25a834751 | 5246 | |
wolfSSL | 11:cee25a834751 | 5247 | |
wolfSSL | 11:cee25a834751 | 5248 | WOLFSSL_METHOD* wolfTLSv1_2_server_method(void) |
wolfSSL | 11:cee25a834751 | 5249 | { |
wolfSSL | 11:cee25a834751 | 5250 | return wolfTLSv1_2_server_method_ex(NULL); |
wolfSSL | 11:cee25a834751 | 5251 | } |
wolfSSL | 11:cee25a834751 | 5252 | |
wolfSSL | 11:cee25a834751 | 5253 | WOLFSSL_METHOD* wolfTLSv1_2_server_method_ex(void* heap) |
wolfSSL | 11:cee25a834751 | 5254 | { |
wolfSSL | 11:cee25a834751 | 5255 | WOLFSSL_METHOD* method = |
wolfSSL | 11:cee25a834751 | 5256 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 11:cee25a834751 | 5257 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 11:cee25a834751 | 5258 | (void)heap; |
wolfSSL | 11:cee25a834751 | 5259 | if (method) { |
wolfSSL | 11:cee25a834751 | 5260 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 11:cee25a834751 | 5261 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 11:cee25a834751 | 5262 | } |
wolfSSL | 11:cee25a834751 | 5263 | return method; |
wolfSSL | 11:cee25a834751 | 5264 | } |
wolfSSL | 11:cee25a834751 | 5265 | |
wolfSSL | 11:cee25a834751 | 5266 | |
wolfSSL | 11:cee25a834751 | 5267 | WOLFSSL_METHOD* wolfSSLv23_server_method(void) |
wolfSSL | 11:cee25a834751 | 5268 | { |
wolfSSL | 11:cee25a834751 | 5269 | return wolfSSLv23_server_method_ex(NULL); |
wolfSSL | 11:cee25a834751 | 5270 | } |
wolfSSL | 11:cee25a834751 | 5271 | |
wolfSSL | 11:cee25a834751 | 5272 | WOLFSSL_METHOD* wolfSSLv23_server_method_ex(void* heap) |
wolfSSL | 11:cee25a834751 | 5273 | { |
wolfSSL | 11:cee25a834751 | 5274 | WOLFSSL_METHOD* method = |
wolfSSL | 11:cee25a834751 | 5275 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 11:cee25a834751 | 5276 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 11:cee25a834751 | 5277 | (void)heap; |
wolfSSL | 11:cee25a834751 | 5278 | if (method) { |
wolfSSL | 11:cee25a834751 | 5279 | #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) |
wolfSSL | 11:cee25a834751 | 5280 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 11:cee25a834751 | 5281 | #else |
wolfSSL | 11:cee25a834751 | 5282 | #ifndef NO_OLD_TLS |
wolfSSL | 11:cee25a834751 | 5283 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 11:cee25a834751 | 5284 | #else |
wolfSSL | 11:cee25a834751 | 5285 | #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2 |
wolfSSL | 11:cee25a834751 | 5286 | #endif |
wolfSSL | 11:cee25a834751 | 5287 | #endif |
wolfSSL | 11:cee25a834751 | 5288 | #ifndef NO_OLD_TLS |
wolfSSL | 11:cee25a834751 | 5289 | method->downgrade = 1; |
wolfSSL | 11:cee25a834751 | 5290 | #endif |
wolfSSL | 11:cee25a834751 | 5291 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 11:cee25a834751 | 5292 | } |
wolfSSL | 11:cee25a834751 | 5293 | return method; |
wolfSSL | 11:cee25a834751 | 5294 | } |
wolfSSL | 11:cee25a834751 | 5295 | |
wolfSSL | 11:cee25a834751 | 5296 | |
wolfSSL | 11:cee25a834751 | 5297 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 11:cee25a834751 | 5298 | #endif /* NO_TLS */ |
wolfSSL | 11:cee25a834751 | 5299 | #endif /* WOLFCRYPT_ONLY */ |
wolfSSL | 11:cee25a834751 | 5300 |