Xuyi Wang / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   OS

src/tls.c@11:cee25a834751, 2017-05-30 (annotated)

Committer:
wolfSSL
Date:
Tue May 30 01:44:10 2017 +0000
Revision:
11:cee25a834751
wolfSSL 3.11.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 11:cee25a834751 1 /* tls.c
wolfSSL 11:cee25a834751 2 *
wolfSSL 11:cee25a834751 3 * Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL 11:cee25a834751 4 *
wolfSSL 11:cee25a834751 5 * This file is part of wolfSSL.
wolfSSL 11:cee25a834751 6 *
wolfSSL 11:cee25a834751 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 11:cee25a834751 8 * it under the terms of the GNU General Public License as published by
wolfSSL 11:cee25a834751 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 11:cee25a834751 10 * (at your option) any later version.
wolfSSL 11:cee25a834751 11 *
wolfSSL 11:cee25a834751 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 11:cee25a834751 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 11:cee25a834751 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 11:cee25a834751 15 * GNU General Public License for more details.
wolfSSL 11:cee25a834751 16 *
wolfSSL 11:cee25a834751 17 * You should have received a copy of the GNU General Public License
wolfSSL 11:cee25a834751 18 * along with this program; if not, write to the Free Software
wolfSSL 11:cee25a834751 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 11:cee25a834751 20 */
wolfSSL 11:cee25a834751 21
wolfSSL 11:cee25a834751 22
wolfSSL 11:cee25a834751 23
wolfSSL 11:cee25a834751 24 #ifdef HAVE_CONFIG_H
wolfSSL 11:cee25a834751 25 #include <config.h>
wolfSSL 11:cee25a834751 26 #endif
wolfSSL 11:cee25a834751 27
wolfSSL 11:cee25a834751 28 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 11:cee25a834751 29
wolfSSL 11:cee25a834751 30 #ifndef WOLFCRYPT_ONLY
wolfSSL 11:cee25a834751 31
wolfSSL 11:cee25a834751 32 #include <wolfssl/ssl.h>
wolfSSL 11:cee25a834751 33 #include <wolfssl/internal.h>
wolfSSL 11:cee25a834751 34 #include <wolfssl/error-ssl.h>
wolfSSL 11:cee25a834751 35 #include <wolfssl/wolfcrypt/hmac.h>
wolfSSL 11:cee25a834751 36 #ifdef NO_INLINE
wolfSSL 11:cee25a834751 37 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 11:cee25a834751 38 #else
wolfSSL 11:cee25a834751 39 #define WOLFSSL_MISC_INCLUDED
wolfSSL 11:cee25a834751 40 #include <wolfcrypt/src/misc.c>
wolfSSL 11:cee25a834751 41 #endif
wolfSSL 11:cee25a834751 42
wolfSSL 11:cee25a834751 43 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 44 #include "libntruencrypt/ntru_crypto.h"
wolfSSL 11:cee25a834751 45 #include <wolfssl/wolfcrypt/random.h>
wolfSSL 11:cee25a834751 46 #endif
wolfSSL 11:cee25a834751 47 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 48 static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key);
wolfSSL 11:cee25a834751 49 static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name);
wolfSSL 11:cee25a834751 50 #endif
wolfSSL 11:cee25a834751 51 #if defined(HAVE_NTRU) || defined(HAVE_QSH)
wolfSSL 11:cee25a834751 52 static int TLSX_CreateNtruKey(WOLFSSL* ssl, int type);
wolfSSL 11:cee25a834751 53 #endif
wolfSSL 11:cee25a834751 54
wolfSSL 11:cee25a834751 55
wolfSSL 11:cee25a834751 56 #ifndef NO_TLS
wolfSSL 11:cee25a834751 57
wolfSSL 11:cee25a834751 58 /* Digest enable checks */
wolfSSL 11:cee25a834751 59 #ifdef NO_OLD_TLS /* TLS 1.2 only */
wolfSSL 11:cee25a834751 60 #if defined(NO_SHA256) && !defined(WOLFSSL_SHA384) && \
wolfSSL 11:cee25a834751 61 !defined(WOLFSSL_SHA512)
wolfSSL 11:cee25a834751 62 #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2
wolfSSL 11:cee25a834751 63 #endif
wolfSSL 11:cee25a834751 64 #else /* TLS 1.1 or older */
wolfSSL 11:cee25a834751 65 #if defined(NO_MD5) && defined(NO_SHA)
wolfSSL 11:cee25a834751 66 #error Must have SHA1 and MD5 enabled for old TLS
wolfSSL 11:cee25a834751 67 #endif
wolfSSL 11:cee25a834751 68 #endif
wolfSSL 11:cee25a834751 69
wolfSSL 11:cee25a834751 70
wolfSSL 11:cee25a834751 71 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 72 #define P_HASH_MAX_SIZE SHA384_DIGEST_SIZE
wolfSSL 11:cee25a834751 73 #else
wolfSSL 11:cee25a834751 74 #define P_HASH_MAX_SIZE SHA256_DIGEST_SIZE
wolfSSL 11:cee25a834751 75 #endif
wolfSSL 11:cee25a834751 76
wolfSSL 11:cee25a834751 77
wolfSSL 11:cee25a834751 78 /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
wolfSSL 11:cee25a834751 79 static int p_hash(byte* result, word32 resLen, const byte* secret,
wolfSSL 11:cee25a834751 80 word32 secLen, const byte* seed, word32 seedLen, int hash)
wolfSSL 11:cee25a834751 81 {
wolfSSL 11:cee25a834751 82 word32 len = P_HASH_MAX_SIZE;
wolfSSL 11:cee25a834751 83 word32 times;
wolfSSL 11:cee25a834751 84 word32 lastLen;
wolfSSL 11:cee25a834751 85 word32 lastTime;
wolfSSL 11:cee25a834751 86 word32 i;
wolfSSL 11:cee25a834751 87 word32 idx = 0;
wolfSSL 11:cee25a834751 88 int ret = 0;
wolfSSL 11:cee25a834751 89 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 90 byte* previous;
wolfSSL 11:cee25a834751 91 byte* current;
wolfSSL 11:cee25a834751 92 Hmac* hmac;
wolfSSL 11:cee25a834751 93 #else
wolfSSL 11:cee25a834751 94 byte previous[P_HASH_MAX_SIZE]; /* max size */
wolfSSL 11:cee25a834751 95 byte current[P_HASH_MAX_SIZE]; /* max size */
wolfSSL 11:cee25a834751 96 Hmac hmac[1];
wolfSSL 11:cee25a834751 97 #endif
wolfSSL 11:cee25a834751 98
wolfSSL 11:cee25a834751 99 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 100 previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 101 current = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 102 hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 103
wolfSSL 11:cee25a834751 104 if (previous == NULL || current == NULL || hmac == NULL) {
wolfSSL 11:cee25a834751 105 if (previous) XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 106 if (current) XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 107 if (hmac) XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 108
wolfSSL 11:cee25a834751 109 return MEMORY_E;
wolfSSL 11:cee25a834751 110 }
wolfSSL 11:cee25a834751 111 #endif
wolfSSL 11:cee25a834751 112
wolfSSL 11:cee25a834751 113 switch (hash) {
wolfSSL 11:cee25a834751 114 #ifndef NO_MD5
wolfSSL 11:cee25a834751 115 case md5_mac:
wolfSSL 11:cee25a834751 116 hash = MD5;
wolfSSL 11:cee25a834751 117 len = MD5_DIGEST_SIZE;
wolfSSL 11:cee25a834751 118 break;
wolfSSL 11:cee25a834751 119 #endif
wolfSSL 11:cee25a834751 120
wolfSSL 11:cee25a834751 121 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 122 case sha256_mac:
wolfSSL 11:cee25a834751 123 hash = SHA256;
wolfSSL 11:cee25a834751 124 len = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 125 break;
wolfSSL 11:cee25a834751 126 #endif
wolfSSL 11:cee25a834751 127
wolfSSL 11:cee25a834751 128 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 129 case sha384_mac:
wolfSSL 11:cee25a834751 130 hash = SHA384;
wolfSSL 11:cee25a834751 131 len = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 132 break;
wolfSSL 11:cee25a834751 133 #endif
wolfSSL 11:cee25a834751 134
wolfSSL 11:cee25a834751 135 #ifndef NO_SHA
wolfSSL 11:cee25a834751 136 case sha_mac:
wolfSSL 11:cee25a834751 137 default:
wolfSSL 11:cee25a834751 138 hash = SHA;
wolfSSL 11:cee25a834751 139 len = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 140 break;
wolfSSL 11:cee25a834751 141 #endif
wolfSSL 11:cee25a834751 142 }
wolfSSL 11:cee25a834751 143
wolfSSL 11:cee25a834751 144 times = resLen / len;
wolfSSL 11:cee25a834751 145 lastLen = resLen % len;
wolfSSL 11:cee25a834751 146
wolfSSL 11:cee25a834751 147 if (lastLen)
wolfSSL 11:cee25a834751 148 times += 1;
wolfSSL 11:cee25a834751 149
wolfSSL 11:cee25a834751 150 lastTime = times - 1;
wolfSSL 11:cee25a834751 151
wolfSSL 11:cee25a834751 152 ret = wc_HmacInit(hmac, NULL, INVALID_DEVID);
wolfSSL 11:cee25a834751 153 if (ret == 0) {
wolfSSL 11:cee25a834751 154 ret = wc_HmacSetKey(hmac, hash, secret, secLen);
wolfSSL 11:cee25a834751 155 if (ret == 0)
wolfSSL 11:cee25a834751 156 ret = wc_HmacUpdate(hmac, seed, seedLen); /* A0 = seed */
wolfSSL 11:cee25a834751 157 if (ret == 0)
wolfSSL 11:cee25a834751 158 ret = wc_HmacFinal(hmac, previous); /* A1 */
wolfSSL 11:cee25a834751 159 if (ret == 0) {
wolfSSL 11:cee25a834751 160 for (i = 0; i < times; i++) {
wolfSSL 11:cee25a834751 161 ret = wc_HmacUpdate(hmac, previous, len);
wolfSSL 11:cee25a834751 162 if (ret != 0)
wolfSSL 11:cee25a834751 163 break;
wolfSSL 11:cee25a834751 164 ret = wc_HmacUpdate(hmac, seed, seedLen);
wolfSSL 11:cee25a834751 165 if (ret != 0)
wolfSSL 11:cee25a834751 166 break;
wolfSSL 11:cee25a834751 167 ret = wc_HmacFinal(hmac, current);
wolfSSL 11:cee25a834751 168 if (ret != 0)
wolfSSL 11:cee25a834751 169 break;
wolfSSL 11:cee25a834751 170
wolfSSL 11:cee25a834751 171 if ((i == lastTime) && lastLen)
wolfSSL 11:cee25a834751 172 XMEMCPY(&result[idx], current,
wolfSSL 11:cee25a834751 173 min(lastLen, P_HASH_MAX_SIZE));
wolfSSL 11:cee25a834751 174 else {
wolfSSL 11:cee25a834751 175 XMEMCPY(&result[idx], current, len);
wolfSSL 11:cee25a834751 176 idx += len;
wolfSSL 11:cee25a834751 177 ret = wc_HmacUpdate(hmac, previous, len);
wolfSSL 11:cee25a834751 178 if (ret != 0)
wolfSSL 11:cee25a834751 179 break;
wolfSSL 11:cee25a834751 180 ret = wc_HmacFinal(hmac, previous);
wolfSSL 11:cee25a834751 181 if (ret != 0)
wolfSSL 11:cee25a834751 182 break;
wolfSSL 11:cee25a834751 183 }
wolfSSL 11:cee25a834751 184 }
wolfSSL 11:cee25a834751 185 }
wolfSSL 11:cee25a834751 186 wc_HmacFree(hmac);
wolfSSL 11:cee25a834751 187 }
wolfSSL 11:cee25a834751 188
wolfSSL 11:cee25a834751 189 ForceZero(previous, P_HASH_MAX_SIZE);
wolfSSL 11:cee25a834751 190 ForceZero(current, P_HASH_MAX_SIZE);
wolfSSL 11:cee25a834751 191 ForceZero(hmac, sizeof(Hmac));
wolfSSL 11:cee25a834751 192
wolfSSL 11:cee25a834751 193 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 194 XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 195 XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 196 XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 197 #endif
wolfSSL 11:cee25a834751 198
wolfSSL 11:cee25a834751 199 return ret;
wolfSSL 11:cee25a834751 200 }
wolfSSL 11:cee25a834751 201
wolfSSL 11:cee25a834751 202 #undef P_HASH_MAX_SIZE
wolfSSL 11:cee25a834751 203
wolfSSL 11:cee25a834751 204
wolfSSL 11:cee25a834751 205 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 206
wolfSSL 11:cee25a834751 207 /* calculate XOR for TLSv1 PRF */
wolfSSL 11:cee25a834751 208 static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
wolfSSL 11:cee25a834751 209 {
wolfSSL 11:cee25a834751 210 word32 i;
wolfSSL 11:cee25a834751 211
wolfSSL 11:cee25a834751 212 for (i = 0; i < digLen; i++)
wolfSSL 11:cee25a834751 213 digest[i] = md5[i] ^ sha[i];
wolfSSL 11:cee25a834751 214 }
wolfSSL 11:cee25a834751 215
wolfSSL 11:cee25a834751 216
wolfSSL 11:cee25a834751 217 /* compute TLSv1 PRF (pseudo random function using HMAC) */
wolfSSL 11:cee25a834751 218 static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
wolfSSL 11:cee25a834751 219 const byte* label, word32 labLen, const byte* seed,
wolfSSL 11:cee25a834751 220 word32 seedLen)
wolfSSL 11:cee25a834751 221 {
wolfSSL 11:cee25a834751 222 int ret = 0;
wolfSSL 11:cee25a834751 223 word32 half = (secLen + 1) / 2;
wolfSSL 11:cee25a834751 224
wolfSSL 11:cee25a834751 225 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 226 byte* md5_half;
wolfSSL 11:cee25a834751 227 byte* sha_half;
wolfSSL 11:cee25a834751 228 byte* labelSeed;
wolfSSL 11:cee25a834751 229 byte* md5_result;
wolfSSL 11:cee25a834751 230 byte* sha_result;
wolfSSL 11:cee25a834751 231 #else
wolfSSL 11:cee25a834751 232 byte md5_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL 11:cee25a834751 233 byte sha_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL 11:cee25a834751 234 byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
wolfSSL 11:cee25a834751 235 byte md5_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL 11:cee25a834751 236 byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL 11:cee25a834751 237 #endif
wolfSSL 11:cee25a834751 238
wolfSSL 11:cee25a834751 239 if (half > MAX_PRF_HALF)
wolfSSL 11:cee25a834751 240 return BUFFER_E;
wolfSSL 11:cee25a834751 241 if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL 11:cee25a834751 242 return BUFFER_E;
wolfSSL 11:cee25a834751 243 if (digLen > MAX_PRF_DIG)
wolfSSL 11:cee25a834751 244 return BUFFER_E;
wolfSSL 11:cee25a834751 245
wolfSSL 11:cee25a834751 246 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 247 md5_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 248 sha_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 249 labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 250 md5_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 251 sha_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 252
wolfSSL 11:cee25a834751 253 if (md5_half == NULL || sha_half == NULL || labelSeed == NULL ||
wolfSSL 11:cee25a834751 254 md5_result == NULL || sha_result == NULL) {
wolfSSL 11:cee25a834751 255 if (md5_half) XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 256 if (sha_half) XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 257 if (labelSeed) XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 258 if (md5_result) XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 259 if (sha_result) XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 260
wolfSSL 11:cee25a834751 261 return MEMORY_E;
wolfSSL 11:cee25a834751 262 }
wolfSSL 11:cee25a834751 263 #endif
wolfSSL 11:cee25a834751 264
wolfSSL 11:cee25a834751 265 XMEMSET(md5_result, 0, digLen);
wolfSSL 11:cee25a834751 266 XMEMSET(sha_result, 0, digLen);
wolfSSL 11:cee25a834751 267
wolfSSL 11:cee25a834751 268 XMEMCPY(md5_half, secret, half);
wolfSSL 11:cee25a834751 269 XMEMCPY(sha_half, secret + half - secLen % 2, half);
wolfSSL 11:cee25a834751 270
wolfSSL 11:cee25a834751 271 XMEMCPY(labelSeed, label, labLen);
wolfSSL 11:cee25a834751 272 XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL 11:cee25a834751 273
wolfSSL 11:cee25a834751 274 if ((ret = p_hash(md5_result, digLen, md5_half, half, labelSeed,
wolfSSL 11:cee25a834751 275 labLen + seedLen, md5_mac)) == 0) {
wolfSSL 11:cee25a834751 276 if ((ret = p_hash(sha_result, digLen, sha_half, half, labelSeed,
wolfSSL 11:cee25a834751 277 labLen + seedLen, sha_mac)) == 0) {
wolfSSL 11:cee25a834751 278 get_xor(digest, digLen, md5_result, sha_result);
wolfSSL 11:cee25a834751 279 }
wolfSSL 11:cee25a834751 280 }
wolfSSL 11:cee25a834751 281
wolfSSL 11:cee25a834751 282 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 283 XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 284 XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 285 XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 286 XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 287 XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 288 #endif
wolfSSL 11:cee25a834751 289
wolfSSL 11:cee25a834751 290 return ret;
wolfSSL 11:cee25a834751 291 }
wolfSSL 11:cee25a834751 292
wolfSSL 11:cee25a834751 293 #endif
wolfSSL 11:cee25a834751 294
wolfSSL 11:cee25a834751 295
wolfSSL 11:cee25a834751 296 /* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack
wolfSSL 11:cee25a834751 297 use */
wolfSSL 11:cee25a834751 298 static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
wolfSSL 11:cee25a834751 299 const byte* label, word32 labLen, const byte* seed, word32 seedLen,
wolfSSL 11:cee25a834751 300 int useAtLeastSha256, int hash_type)
wolfSSL 11:cee25a834751 301 {
wolfSSL 11:cee25a834751 302 int ret = 0;
wolfSSL 11:cee25a834751 303
wolfSSL 11:cee25a834751 304 if (useAtLeastSha256) {
wolfSSL 11:cee25a834751 305 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 306 byte* labelSeed;
wolfSSL 11:cee25a834751 307 #else
wolfSSL 11:cee25a834751 308 byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
wolfSSL 11:cee25a834751 309 #endif
wolfSSL 11:cee25a834751 310
wolfSSL 11:cee25a834751 311 if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL 11:cee25a834751 312 return BUFFER_E;
wolfSSL 11:cee25a834751 313
wolfSSL 11:cee25a834751 314 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 315 labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL,
wolfSSL 11:cee25a834751 316 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 317 if (labelSeed == NULL)
wolfSSL 11:cee25a834751 318 return MEMORY_E;
wolfSSL 11:cee25a834751 319 #endif
wolfSSL 11:cee25a834751 320
wolfSSL 11:cee25a834751 321 XMEMCPY(labelSeed, label, labLen);
wolfSSL 11:cee25a834751 322 XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL 11:cee25a834751 323
wolfSSL 11:cee25a834751 324 /* If a cipher suite wants an algorithm better than sha256, it
wolfSSL 11:cee25a834751 325 * should use better. */
wolfSSL 11:cee25a834751 326 if (hash_type < sha256_mac || hash_type == blake2b_mac)
wolfSSL 11:cee25a834751 327 hash_type = sha256_mac;
wolfSSL 11:cee25a834751 328 ret = p_hash(digest, digLen, secret, secLen, labelSeed,
wolfSSL 11:cee25a834751 329 labLen + seedLen, hash_type);
wolfSSL 11:cee25a834751 330
wolfSSL 11:cee25a834751 331 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 332 XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 333 #endif
wolfSSL 11:cee25a834751 334 }
wolfSSL 11:cee25a834751 335 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 336 else {
wolfSSL 11:cee25a834751 337 ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed,
wolfSSL 11:cee25a834751 338 seedLen);
wolfSSL 11:cee25a834751 339 }
wolfSSL 11:cee25a834751 340 #endif
wolfSSL 11:cee25a834751 341
wolfSSL 11:cee25a834751 342 return ret;
wolfSSL 11:cee25a834751 343 }
wolfSSL 11:cee25a834751 344
wolfSSL 11:cee25a834751 345
wolfSSL 11:cee25a834751 346 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 347 #define HSHASH_SZ SHA384_DIGEST_SIZE
wolfSSL 11:cee25a834751 348 #else
wolfSSL 11:cee25a834751 349 #define HSHASH_SZ FINISHED_SZ
wolfSSL 11:cee25a834751 350 #endif
wolfSSL 11:cee25a834751 351
wolfSSL 11:cee25a834751 352
wolfSSL 11:cee25a834751 353 int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen)
wolfSSL 11:cee25a834751 354 {
wolfSSL 11:cee25a834751 355 word32 hashSz = FINISHED_SZ;
wolfSSL 11:cee25a834751 356
wolfSSL 11:cee25a834751 357 if (ssl == NULL || hash == NULL || hashLen == NULL || *hashLen < HSHASH_SZ)
wolfSSL 11:cee25a834751 358 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 359
wolfSSL 11:cee25a834751 360 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 361 wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash);
wolfSSL 11:cee25a834751 362 wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[MD5_DIGEST_SIZE]);
wolfSSL 11:cee25a834751 363 #endif
wolfSSL 11:cee25a834751 364
wolfSSL 11:cee25a834751 365 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 366 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 367 if (ssl->specs.mac_algorithm <= sha256_mac ||
wolfSSL 11:cee25a834751 368 ssl->specs.mac_algorithm == blake2b_mac) {
wolfSSL 11:cee25a834751 369 int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash);
wolfSSL 11:cee25a834751 370
wolfSSL 11:cee25a834751 371 if (ret != 0)
wolfSSL 11:cee25a834751 372 return ret;
wolfSSL 11:cee25a834751 373
wolfSSL 11:cee25a834751 374 hashSz = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 375 }
wolfSSL 11:cee25a834751 376 #endif
wolfSSL 11:cee25a834751 377 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 378 if (ssl->specs.mac_algorithm == sha384_mac) {
wolfSSL 11:cee25a834751 379 int ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash);
wolfSSL 11:cee25a834751 380
wolfSSL 11:cee25a834751 381 if (ret != 0)
wolfSSL 11:cee25a834751 382 return ret;
wolfSSL 11:cee25a834751 383
wolfSSL 11:cee25a834751 384 hashSz = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 385 }
wolfSSL 11:cee25a834751 386 #endif
wolfSSL 11:cee25a834751 387 }
wolfSSL 11:cee25a834751 388
wolfSSL 11:cee25a834751 389 *hashLen = hashSz;
wolfSSL 11:cee25a834751 390
wolfSSL 11:cee25a834751 391 return 0;
wolfSSL 11:cee25a834751 392 }
wolfSSL 11:cee25a834751 393
wolfSSL 11:cee25a834751 394
wolfSSL 11:cee25a834751 395 int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 11:cee25a834751 396 {
wolfSSL 11:cee25a834751 397 int ret;
wolfSSL 11:cee25a834751 398 const byte* side;
wolfSSL 11:cee25a834751 399 byte* handshake_hash;
wolfSSL 11:cee25a834751 400 word32 hashSz = HSHASH_SZ;
wolfSSL 11:cee25a834751 401
wolfSSL 11:cee25a834751 402 /* using allocate here to allow async hardware to use buffer directly */
wolfSSL 11:cee25a834751 403 handshake_hash = (byte*)XMALLOC(hashSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 404 if (handshake_hash == NULL)
wolfSSL 11:cee25a834751 405 return MEMORY_E;
wolfSSL 11:cee25a834751 406
wolfSSL 11:cee25a834751 407 ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
wolfSSL 11:cee25a834751 408 if (ret == 0) {
wolfSSL 11:cee25a834751 409 if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
wolfSSL 11:cee25a834751 410 side = tls_client;
wolfSSL 11:cee25a834751 411 else
wolfSSL 11:cee25a834751 412 side = tls_server;
wolfSSL 11:cee25a834751 413
wolfSSL 11:cee25a834751 414 ret = PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret,
wolfSSL 11:cee25a834751 415 SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz,
wolfSSL 11:cee25a834751 416 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL 11:cee25a834751 417 }
wolfSSL 11:cee25a834751 418
wolfSSL 11:cee25a834751 419 XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 420
wolfSSL 11:cee25a834751 421 return ret;
wolfSSL 11:cee25a834751 422 }
wolfSSL 11:cee25a834751 423
wolfSSL 11:cee25a834751 424
wolfSSL 11:cee25a834751 425 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 426
wolfSSL 11:cee25a834751 427 ProtocolVersion MakeTLSv1(void)
wolfSSL 11:cee25a834751 428 {
wolfSSL 11:cee25a834751 429 ProtocolVersion pv;
wolfSSL 11:cee25a834751 430 pv.major = SSLv3_MAJOR;
wolfSSL 11:cee25a834751 431 pv.minor = TLSv1_MINOR;
wolfSSL 11:cee25a834751 432
wolfSSL 11:cee25a834751 433 return pv;
wolfSSL 11:cee25a834751 434 }
wolfSSL 11:cee25a834751 435
wolfSSL 11:cee25a834751 436
wolfSSL 11:cee25a834751 437 ProtocolVersion MakeTLSv1_1(void)
wolfSSL 11:cee25a834751 438 {
wolfSSL 11:cee25a834751 439 ProtocolVersion pv;
wolfSSL 11:cee25a834751 440 pv.major = SSLv3_MAJOR;
wolfSSL 11:cee25a834751 441 pv.minor = TLSv1_1_MINOR;
wolfSSL 11:cee25a834751 442
wolfSSL 11:cee25a834751 443 return pv;
wolfSSL 11:cee25a834751 444 }
wolfSSL 11:cee25a834751 445
wolfSSL 11:cee25a834751 446 #endif
wolfSSL 11:cee25a834751 447
wolfSSL 11:cee25a834751 448
wolfSSL 11:cee25a834751 449 ProtocolVersion MakeTLSv1_2(void)
wolfSSL 11:cee25a834751 450 {
wolfSSL 11:cee25a834751 451 ProtocolVersion pv;
wolfSSL 11:cee25a834751 452 pv.major = SSLv3_MAJOR;
wolfSSL 11:cee25a834751 453 pv.minor = TLSv1_2_MINOR;
wolfSSL 11:cee25a834751 454
wolfSSL 11:cee25a834751 455 return pv;
wolfSSL 11:cee25a834751 456 }
wolfSSL 11:cee25a834751 457
wolfSSL 11:cee25a834751 458
wolfSSL 11:cee25a834751 459 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 460 static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] =
wolfSSL 11:cee25a834751 461 "extended master secret";
wolfSSL 11:cee25a834751 462 #endif
wolfSSL 11:cee25a834751 463 static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
wolfSSL 11:cee25a834751 464 static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
wolfSSL 11:cee25a834751 465
wolfSSL 11:cee25a834751 466
wolfSSL 11:cee25a834751 467 /* External facing wrapper so user can call as well, 0 on success */
wolfSSL 11:cee25a834751 468 int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen,
wolfSSL 11:cee25a834751 469 const byte* ms, word32 msLen,
wolfSSL 11:cee25a834751 470 const byte* sr, const byte* cr,
wolfSSL 11:cee25a834751 471 int tls1_2, int hash_type)
wolfSSL 11:cee25a834751 472 {
wolfSSL 11:cee25a834751 473 byte seed[SEED_LEN];
wolfSSL 11:cee25a834751 474
wolfSSL 11:cee25a834751 475 XMEMCPY(seed, sr, RAN_LEN);
wolfSSL 11:cee25a834751 476 XMEMCPY(seed + RAN_LEN, cr, RAN_LEN);
wolfSSL 11:cee25a834751 477
wolfSSL 11:cee25a834751 478 return PRF(key_data, keyLen, ms, msLen, key_label, KEY_LABEL_SZ,
wolfSSL 11:cee25a834751 479 seed, SEED_LEN, tls1_2, hash_type);
wolfSSL 11:cee25a834751 480 }
wolfSSL 11:cee25a834751 481
wolfSSL 11:cee25a834751 482
wolfSSL 11:cee25a834751 483 int DeriveTlsKeys(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 484 {
wolfSSL 11:cee25a834751 485 int ret;
wolfSSL 11:cee25a834751 486 int length = 2 * ssl->specs.hash_size +
wolfSSL 11:cee25a834751 487 2 * ssl->specs.key_size +
wolfSSL 11:cee25a834751 488 2 * ssl->specs.iv_size;
wolfSSL 11:cee25a834751 489 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 490 byte* key_data;
wolfSSL 11:cee25a834751 491 #else
wolfSSL 11:cee25a834751 492 byte key_data[MAX_PRF_DIG];
wolfSSL 11:cee25a834751 493 #endif
wolfSSL 11:cee25a834751 494
wolfSSL 11:cee25a834751 495 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 496 key_data = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 497 if (key_data == NULL) {
wolfSSL 11:cee25a834751 498 return MEMORY_E;
wolfSSL 11:cee25a834751 499 }
wolfSSL 11:cee25a834751 500 #endif
wolfSSL 11:cee25a834751 501
wolfSSL 11:cee25a834751 502 ret = wolfSSL_DeriveTlsKeys(key_data, length,
wolfSSL 11:cee25a834751 503 ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 11:cee25a834751 504 ssl->arrays->serverRandom, ssl->arrays->clientRandom,
wolfSSL 11:cee25a834751 505 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL 11:cee25a834751 506 if (ret == 0)
wolfSSL 11:cee25a834751 507 ret = StoreKeys(ssl, key_data);
wolfSSL 11:cee25a834751 508
wolfSSL 11:cee25a834751 509 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 510 XFREE(key_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 511 #endif
wolfSSL 11:cee25a834751 512
wolfSSL 11:cee25a834751 513 return ret;
wolfSSL 11:cee25a834751 514 }
wolfSSL 11:cee25a834751 515
wolfSSL 11:cee25a834751 516
wolfSSL 11:cee25a834751 517 /* External facing wrapper so user can call as well, 0 on success */
wolfSSL 11:cee25a834751 518 int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
wolfSSL 11:cee25a834751 519 const byte* pms, word32 pmsLen,
wolfSSL 11:cee25a834751 520 const byte* cr, const byte* sr,
wolfSSL 11:cee25a834751 521 int tls1_2, int hash_type)
wolfSSL 11:cee25a834751 522 {
wolfSSL 11:cee25a834751 523 byte seed[SEED_LEN];
wolfSSL 11:cee25a834751 524
wolfSSL 11:cee25a834751 525 XMEMCPY(seed, cr, RAN_LEN);
wolfSSL 11:cee25a834751 526 XMEMCPY(seed + RAN_LEN, sr, RAN_LEN);
wolfSSL 11:cee25a834751 527
wolfSSL 11:cee25a834751 528 return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ,
wolfSSL 11:cee25a834751 529 seed, SEED_LEN, tls1_2, hash_type);
wolfSSL 11:cee25a834751 530 }
wolfSSL 11:cee25a834751 531
wolfSSL 11:cee25a834751 532
wolfSSL 11:cee25a834751 533 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 534
wolfSSL 11:cee25a834751 535 /* External facing wrapper so user can call as well, 0 on success */
wolfSSL 11:cee25a834751 536 int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen,
wolfSSL 11:cee25a834751 537 const byte* pms, word32 pmsLen,
wolfSSL 11:cee25a834751 538 const byte* sHash, word32 sHashLen,
wolfSSL 11:cee25a834751 539 int tls1_2, int hash_type)
wolfSSL 11:cee25a834751 540 {
wolfSSL 11:cee25a834751 541 return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ,
wolfSSL 11:cee25a834751 542 sHash, sHashLen, tls1_2, hash_type);
wolfSSL 11:cee25a834751 543 }
wolfSSL 11:cee25a834751 544
wolfSSL 11:cee25a834751 545 #endif /* HAVE_EXTENDED_MASTER */
wolfSSL 11:cee25a834751 546
wolfSSL 11:cee25a834751 547
wolfSSL 11:cee25a834751 548 int MakeTlsMasterSecret(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 549 {
wolfSSL 11:cee25a834751 550 int ret;
wolfSSL 11:cee25a834751 551 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 552 if (ssl->options.haveEMS) {
wolfSSL 11:cee25a834751 553 byte* handshake_hash;
wolfSSL 11:cee25a834751 554 word32 hashSz = HSHASH_SZ;
wolfSSL 11:cee25a834751 555
wolfSSL 11:cee25a834751 556 handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 557 if (handshake_hash == NULL)
wolfSSL 11:cee25a834751 558 return MEMORY_E;
wolfSSL 11:cee25a834751 559
wolfSSL 11:cee25a834751 560 ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
wolfSSL 11:cee25a834751 561 if (ret < 0) {
wolfSSL 11:cee25a834751 562 XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 563 return ret;
wolfSSL 11:cee25a834751 564 }
wolfSSL 11:cee25a834751 565
wolfSSL 11:cee25a834751 566 ret = wolfSSL_MakeTlsExtendedMasterSecret(
wolfSSL 11:cee25a834751 567 ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 11:cee25a834751 568 ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
wolfSSL 11:cee25a834751 569 handshake_hash, hashSz,
wolfSSL 11:cee25a834751 570 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL 11:cee25a834751 571
wolfSSL 11:cee25a834751 572 XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 573 } else
wolfSSL 11:cee25a834751 574 #endif
wolfSSL 11:cee25a834751 575 ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 11:cee25a834751 576 ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
wolfSSL 11:cee25a834751 577 ssl->arrays->clientRandom, ssl->arrays->serverRandom,
wolfSSL 11:cee25a834751 578 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL 11:cee25a834751 579
wolfSSL 11:cee25a834751 580 if (ret == 0) {
wolfSSL 11:cee25a834751 581 #ifdef SHOW_SECRETS
wolfSSL 11:cee25a834751 582 int i;
wolfSSL 11:cee25a834751 583
wolfSSL 11:cee25a834751 584 printf("master secret: ");
wolfSSL 11:cee25a834751 585 for (i = 0; i < SECRET_LEN; i++)
wolfSSL 11:cee25a834751 586 printf("%02x", ssl->arrays->masterSecret[i]);
wolfSSL 11:cee25a834751 587 printf("\n");
wolfSSL 11:cee25a834751 588 #endif
wolfSSL 11:cee25a834751 589
wolfSSL 11:cee25a834751 590 ret = DeriveTlsKeys(ssl);
wolfSSL 11:cee25a834751 591 }
wolfSSL 11:cee25a834751 592
wolfSSL 11:cee25a834751 593 return ret;
wolfSSL 11:cee25a834751 594 }
wolfSSL 11:cee25a834751 595
wolfSSL 11:cee25a834751 596
wolfSSL 11:cee25a834751 597 /* Used by EAP-TLS and EAP-TTLS to derive keying material from
wolfSSL 11:cee25a834751 598 * the master_secret. */
wolfSSL 11:cee25a834751 599 int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
wolfSSL 11:cee25a834751 600 const char* label)
wolfSSL 11:cee25a834751 601 {
wolfSSL 11:cee25a834751 602 int ret;
wolfSSL 11:cee25a834751 603 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 604 byte* seed;
wolfSSL 11:cee25a834751 605 #else
wolfSSL 11:cee25a834751 606 byte seed[SEED_LEN];
wolfSSL 11:cee25a834751 607 #endif
wolfSSL 11:cee25a834751 608
wolfSSL 11:cee25a834751 609 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 610 seed = (byte*)XMALLOC(SEED_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 611 if (seed == NULL)
wolfSSL 11:cee25a834751 612 return MEMORY_E;
wolfSSL 11:cee25a834751 613 #endif
wolfSSL 11:cee25a834751 614
wolfSSL 11:cee25a834751 615 /*
wolfSSL 11:cee25a834751 616 * As per RFC-5281, the order of the client and server randoms is reversed
wolfSSL 11:cee25a834751 617 * from that used by the TLS protocol to derive keys.
wolfSSL 11:cee25a834751 618 */
wolfSSL 11:cee25a834751 619 XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 11:cee25a834751 620 XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 11:cee25a834751 621
wolfSSL 11:cee25a834751 622 ret = PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 11:cee25a834751 623 (const byte *)label, (word32)XSTRLEN(label), seed, SEED_LEN,
wolfSSL 11:cee25a834751 624 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL 11:cee25a834751 625
wolfSSL 11:cee25a834751 626 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 627 XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 628 #endif
wolfSSL 11:cee25a834751 629
wolfSSL 11:cee25a834751 630 return ret;
wolfSSL 11:cee25a834751 631 }
wolfSSL 11:cee25a834751 632
wolfSSL 11:cee25a834751 633
wolfSSL 11:cee25a834751 634 /*** next for static INLINE s copied internal.c ***/
wolfSSL 11:cee25a834751 635
wolfSSL 11:cee25a834751 636 /* convert 16 bit integer to opaque */
wolfSSL 11:cee25a834751 637 static INLINE void c16toa(word16 u16, byte* c)
wolfSSL 11:cee25a834751 638 {
wolfSSL 11:cee25a834751 639 c[0] = (u16 >> 8) & 0xff;
wolfSSL 11:cee25a834751 640 c[1] = u16 & 0xff;
wolfSSL 11:cee25a834751 641 }
wolfSSL 11:cee25a834751 642
wolfSSL 11:cee25a834751 643 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 11:cee25a834751 644 /* convert opaque to 16 bit integer */
wolfSSL 11:cee25a834751 645 static INLINE void ato16(const byte* c, word16* u16)
wolfSSL 11:cee25a834751 646 {
wolfSSL 11:cee25a834751 647 *u16 = (c[0] << 8) | (c[1]);
wolfSSL 11:cee25a834751 648 }
wolfSSL 11:cee25a834751 649
wolfSSL 11:cee25a834751 650 #if defined(HAVE_SNI) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 11:cee25a834751 651 /* convert a 24 bit integer into a 32 bit one */
wolfSSL 11:cee25a834751 652 static INLINE void c24to32(const word24 u24, word32* u32)
wolfSSL 11:cee25a834751 653 {
wolfSSL 11:cee25a834751 654 *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2];
wolfSSL 11:cee25a834751 655 }
wolfSSL 11:cee25a834751 656 #endif
wolfSSL 11:cee25a834751 657 #endif
wolfSSL 11:cee25a834751 658
wolfSSL 11:cee25a834751 659 /* convert 32 bit integer to opaque */
wolfSSL 11:cee25a834751 660 static INLINE void c32toa(word32 u32, byte* c)
wolfSSL 11:cee25a834751 661 {
wolfSSL 11:cee25a834751 662 c[0] = (u32 >> 24) & 0xff;
wolfSSL 11:cee25a834751 663 c[1] = (u32 >> 16) & 0xff;
wolfSSL 11:cee25a834751 664 c[2] = (u32 >> 8) & 0xff;
wolfSSL 11:cee25a834751 665 c[3] = u32 & 0xff;
wolfSSL 11:cee25a834751 666 }
wolfSSL 11:cee25a834751 667
wolfSSL 11:cee25a834751 668
wolfSSL 11:cee25a834751 669 static INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2])
wolfSSL 11:cee25a834751 670 {
wolfSSL 11:cee25a834751 671 if (verify) {
wolfSSL 11:cee25a834751 672 seq[0] = ssl->keys.peer_sequence_number_hi;
wolfSSL 11:cee25a834751 673 seq[1] = ssl->keys.peer_sequence_number_lo++;
wolfSSL 11:cee25a834751 674 if (seq[1] > ssl->keys.peer_sequence_number_lo) {
wolfSSL 11:cee25a834751 675 /* handle rollover */
wolfSSL 11:cee25a834751 676 ssl->keys.peer_sequence_number_hi++;
wolfSSL 11:cee25a834751 677 }
wolfSSL 11:cee25a834751 678 }
wolfSSL 11:cee25a834751 679 else {
wolfSSL 11:cee25a834751 680 seq[0] = ssl->keys.sequence_number_hi;
wolfSSL 11:cee25a834751 681 seq[1] = ssl->keys.sequence_number_lo++;
wolfSSL 11:cee25a834751 682 if (seq[1] > ssl->keys.sequence_number_lo) {
wolfSSL 11:cee25a834751 683 /* handle rollover */
wolfSSL 11:cee25a834751 684 ssl->keys.sequence_number_hi++;
wolfSSL 11:cee25a834751 685 }
wolfSSL 11:cee25a834751 686 }
wolfSSL 11:cee25a834751 687 }
wolfSSL 11:cee25a834751 688
wolfSSL 11:cee25a834751 689
wolfSSL 11:cee25a834751 690 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 691 static INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2])
wolfSSL 11:cee25a834751 692 {
wolfSSL 11:cee25a834751 693 if (order == PREV_ORDER) {
wolfSSL 11:cee25a834751 694 /* Previous epoch case */
wolfSSL 11:cee25a834751 695 seq[0] = ((ssl->keys.dtls_epoch - 1) << 16) |
wolfSSL 11:cee25a834751 696 (ssl->keys.dtls_prev_sequence_number_hi & 0xFFFF);
wolfSSL 11:cee25a834751 697 seq[1] = ssl->keys.dtls_prev_sequence_number_lo;
wolfSSL 11:cee25a834751 698 }
wolfSSL 11:cee25a834751 699 else if (order == PEER_ORDER) {
wolfSSL 11:cee25a834751 700 seq[0] = (ssl->keys.curEpoch << 16) |
wolfSSL 11:cee25a834751 701 (ssl->keys.curSeq_hi & 0xFFFF);
wolfSSL 11:cee25a834751 702 seq[1] = ssl->keys.curSeq_lo; /* explicit from peer */
wolfSSL 11:cee25a834751 703 }
wolfSSL 11:cee25a834751 704 else {
wolfSSL 11:cee25a834751 705 seq[0] = (ssl->keys.dtls_epoch << 16) |
wolfSSL 11:cee25a834751 706 (ssl->keys.dtls_sequence_number_hi & 0xFFFF);
wolfSSL 11:cee25a834751 707 seq[1] = ssl->keys.dtls_sequence_number_lo;
wolfSSL 11:cee25a834751 708 }
wolfSSL 11:cee25a834751 709 }
wolfSSL 11:cee25a834751 710 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 711
wolfSSL 11:cee25a834751 712
wolfSSL 11:cee25a834751 713 static INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out)
wolfSSL 11:cee25a834751 714 {
wolfSSL 11:cee25a834751 715 word32 seq[2] = {0, 0};
wolfSSL 11:cee25a834751 716
wolfSSL 11:cee25a834751 717 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 718 GetSEQIncrement(ssl, verifyOrder, seq);
wolfSSL 11:cee25a834751 719 }
wolfSSL 11:cee25a834751 720 else {
wolfSSL 11:cee25a834751 721 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 722 DtlsGetSEQ(ssl, verifyOrder, seq);
wolfSSL 11:cee25a834751 723 #endif
wolfSSL 11:cee25a834751 724 }
wolfSSL 11:cee25a834751 725
wolfSSL 11:cee25a834751 726 c32toa(seq[0], out);
wolfSSL 11:cee25a834751 727 c32toa(seq[1], out + OPAQUE32_LEN);
wolfSSL 11:cee25a834751 728 }
wolfSSL 11:cee25a834751 729
wolfSSL 11:cee25a834751 730
wolfSSL 11:cee25a834751 731 /*** end copy ***/
wolfSSL 11:cee25a834751 732
wolfSSL 11:cee25a834751 733
wolfSSL 11:cee25a834751 734 /* return HMAC digest type in wolfSSL format */
wolfSSL 11:cee25a834751 735 int wolfSSL_GetHmacType(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 736 {
wolfSSL 11:cee25a834751 737 if (ssl == NULL)
wolfSSL 11:cee25a834751 738 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 739
wolfSSL 11:cee25a834751 740 switch (ssl->specs.mac_algorithm) {
wolfSSL 11:cee25a834751 741 #ifndef NO_MD5
wolfSSL 11:cee25a834751 742 case md5_mac:
wolfSSL 11:cee25a834751 743 {
wolfSSL 11:cee25a834751 744 return MD5;
wolfSSL 11:cee25a834751 745 }
wolfSSL 11:cee25a834751 746 #endif
wolfSSL 11:cee25a834751 747 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 748 case sha256_mac:
wolfSSL 11:cee25a834751 749 {
wolfSSL 11:cee25a834751 750 return SHA256;
wolfSSL 11:cee25a834751 751 }
wolfSSL 11:cee25a834751 752 #endif
wolfSSL 11:cee25a834751 753 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 754 case sha384_mac:
wolfSSL 11:cee25a834751 755 {
wolfSSL 11:cee25a834751 756 return SHA384;
wolfSSL 11:cee25a834751 757 }
wolfSSL 11:cee25a834751 758
wolfSSL 11:cee25a834751 759 #endif
wolfSSL 11:cee25a834751 760 #ifndef NO_SHA
wolfSSL 11:cee25a834751 761 case sha_mac:
wolfSSL 11:cee25a834751 762 {
wolfSSL 11:cee25a834751 763 return SHA;
wolfSSL 11:cee25a834751 764 }
wolfSSL 11:cee25a834751 765 #endif
wolfSSL 11:cee25a834751 766 #ifdef HAVE_BLAKE2
wolfSSL 11:cee25a834751 767 case blake2b_mac:
wolfSSL 11:cee25a834751 768 {
wolfSSL 11:cee25a834751 769 return BLAKE2B_ID;
wolfSSL 11:cee25a834751 770 }
wolfSSL 11:cee25a834751 771 #endif
wolfSSL 11:cee25a834751 772 default:
wolfSSL 11:cee25a834751 773 {
wolfSSL 11:cee25a834751 774 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 775 }
wolfSSL 11:cee25a834751 776 }
wolfSSL 11:cee25a834751 777 }
wolfSSL 11:cee25a834751 778
wolfSSL 11:cee25a834751 779
wolfSSL 11:cee25a834751 780 int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
wolfSSL 11:cee25a834751 781 int verify)
wolfSSL 11:cee25a834751 782 {
wolfSSL 11:cee25a834751 783 if (ssl == NULL || inner == NULL)
wolfSSL 11:cee25a834751 784 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 785
wolfSSL 11:cee25a834751 786 XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ);
wolfSSL 11:cee25a834751 787
wolfSSL 11:cee25a834751 788 WriteSEQ(ssl, verify, inner);
wolfSSL 11:cee25a834751 789 inner[SEQ_SZ] = (byte)content;
wolfSSL 11:cee25a834751 790 inner[SEQ_SZ + ENUM_LEN] = ssl->version.major;
wolfSSL 11:cee25a834751 791 inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
wolfSSL 11:cee25a834751 792 c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
wolfSSL 11:cee25a834751 793
wolfSSL 11:cee25a834751 794 return 0;
wolfSSL 11:cee25a834751 795 }
wolfSSL 11:cee25a834751 796
wolfSSL 11:cee25a834751 797
wolfSSL 11:cee25a834751 798 /* TLS type HMAC */
wolfSSL 11:cee25a834751 799 int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL 11:cee25a834751 800 int content, int verify)
wolfSSL 11:cee25a834751 801 {
wolfSSL 11:cee25a834751 802 Hmac hmac;
wolfSSL 11:cee25a834751 803 int ret = 0;
wolfSSL 11:cee25a834751 804 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
wolfSSL 11:cee25a834751 805
wolfSSL 11:cee25a834751 806 if (ssl == NULL)
wolfSSL 11:cee25a834751 807 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 808
wolfSSL 11:cee25a834751 809 #ifdef HAVE_FUZZER
wolfSSL 11:cee25a834751 810 if (ssl->fuzzerCb)
wolfSSL 11:cee25a834751 811 ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
wolfSSL 11:cee25a834751 812 #endif
wolfSSL 11:cee25a834751 813
wolfSSL 11:cee25a834751 814 wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
wolfSSL 11:cee25a834751 815
wolfSSL 11:cee25a834751 816 ret = wc_HmacInit(&hmac, NULL, ssl->devId);
wolfSSL 11:cee25a834751 817 if (ret != 0)
wolfSSL 11:cee25a834751 818 return ret;
wolfSSL 11:cee25a834751 819
wolfSSL 11:cee25a834751 820 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
wolfSSL 11:cee25a834751 821 wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
wolfSSL 11:cee25a834751 822 if (ret == 0) {
wolfSSL 11:cee25a834751 823 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
wolfSSL 11:cee25a834751 824 if (ret == 0)
wolfSSL 11:cee25a834751 825 ret = wc_HmacUpdate(&hmac, in, sz); /* content */
wolfSSL 11:cee25a834751 826 if (ret == 0)
wolfSSL 11:cee25a834751 827 ret = wc_HmacFinal(&hmac, digest);
wolfSSL 11:cee25a834751 828 }
wolfSSL 11:cee25a834751 829 wc_HmacFree(&hmac);
wolfSSL 11:cee25a834751 830
wolfSSL 11:cee25a834751 831 return ret;
wolfSSL 11:cee25a834751 832 }
wolfSSL 11:cee25a834751 833
wolfSSL 11:cee25a834751 834 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 11:cee25a834751 835
wolfSSL 11:cee25a834751 836 /**
wolfSSL 11:cee25a834751 837 * The TLSX semaphore is used to calculate the size of the extensions to be sent
wolfSSL 11:cee25a834751 838 * from one peer to another.
wolfSSL 11:cee25a834751 839 */
wolfSSL 11:cee25a834751 840
wolfSSL 11:cee25a834751 841 /** Supports up to 64 flags. Increase as needed. */
wolfSSL 11:cee25a834751 842 #define SEMAPHORE_SIZE 8
wolfSSL 11:cee25a834751 843
wolfSSL 11:cee25a834751 844 /**
wolfSSL 11:cee25a834751 845 * Converts the extension type (id) to an index in the semaphore.
wolfSSL 11:cee25a834751 846 *
wolfSSL 11:cee25a834751 847 * Oficial reference for TLS extension types:
wolfSSL 11:cee25a834751 848 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
wolfSSL 11:cee25a834751 849 *
wolfSSL 11:cee25a834751 850 * Motivation:
wolfSSL 11:cee25a834751 851 * Previously, we used the extension type itself as the index of that
wolfSSL 11:cee25a834751 852 * extension in the semaphore as the extension types were declared
wolfSSL 11:cee25a834751 853 * sequentially, but maintain a semaphore as big as the number of available
wolfSSL 11:cee25a834751 854 * extensions is no longer an option since the release of renegotiation_info.
wolfSSL 11:cee25a834751 855 *
wolfSSL 11:cee25a834751 856 * How to update:
wolfSSL 11:cee25a834751 857 * Assign extension types that extrapolate the number of available semaphores
wolfSSL 11:cee25a834751 858 * to the first available index going backwards in the semaphore array.
wolfSSL 11:cee25a834751 859 * When adding a new extension type that don't extrapolate the number of
wolfSSL 11:cee25a834751 860 * available semaphores, check for a possible collision with with a
wolfSSL 11:cee25a834751 861 * 'remapped' extension type.
wolfSSL 11:cee25a834751 862 */
wolfSSL 11:cee25a834751 863 static INLINE word16 TLSX_ToSemaphore(word16 type)
wolfSSL 11:cee25a834751 864 {
wolfSSL 11:cee25a834751 865 switch (type) {
wolfSSL 11:cee25a834751 866
wolfSSL 11:cee25a834751 867 case TLSX_RENEGOTIATION_INFO: /* 0xFF01 */
wolfSSL 11:cee25a834751 868 return 63;
wolfSSL 11:cee25a834751 869
wolfSSL 11:cee25a834751 870 default:
wolfSSL 11:cee25a834751 871 if (type > 62) {
wolfSSL 11:cee25a834751 872 /* This message SHOULD only happens during the adding of
wolfSSL 11:cee25a834751 873 new TLS extensions in which its IANA number overflows
wolfSSL 11:cee25a834751 874 the current semaphore's range, or if its number already
wolfSSL 11:cee25a834751 875 is assigned to be used by another extension.
wolfSSL 11:cee25a834751 876 Use this check value for the new extension and decrement
wolfSSL 11:cee25a834751 877 the check value by one. */
wolfSSL 11:cee25a834751 878 WOLFSSL_MSG("### TLSX semaphore colision or overflow detected!");
wolfSSL 11:cee25a834751 879 }
wolfSSL 11:cee25a834751 880 }
wolfSSL 11:cee25a834751 881
wolfSSL 11:cee25a834751 882 return type;
wolfSSL 11:cee25a834751 883 }
wolfSSL 11:cee25a834751 884
wolfSSL 11:cee25a834751 885 /** Checks if a specific light (tls extension) is not set in the semaphore. */
wolfSSL 11:cee25a834751 886 #define IS_OFF(semaphore, light) \
wolfSSL 11:cee25a834751 887 ((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
wolfSSL 11:cee25a834751 888
wolfSSL 11:cee25a834751 889 /** Turn on a specific light (tls extension) in the semaphore. */
wolfSSL 11:cee25a834751 890 #define TURN_ON(semaphore, light) \
wolfSSL 11:cee25a834751 891 ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
wolfSSL 11:cee25a834751 892
wolfSSL 11:cee25a834751 893 /** Creates a new extension. */
wolfSSL 11:cee25a834751 894 static TLSX* TLSX_New(TLSX_Type type, void* data, void* heap)
wolfSSL 11:cee25a834751 895 {
wolfSSL 11:cee25a834751 896 TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 897
wolfSSL 11:cee25a834751 898 if (extension) {
wolfSSL 11:cee25a834751 899 extension->type = type;
wolfSSL 11:cee25a834751 900 extension->data = data;
wolfSSL 11:cee25a834751 901 extension->resp = 0;
wolfSSL 11:cee25a834751 902 extension->next = NULL;
wolfSSL 11:cee25a834751 903 }
wolfSSL 11:cee25a834751 904
wolfSSL 11:cee25a834751 905 return extension;
wolfSSL 11:cee25a834751 906 }
wolfSSL 11:cee25a834751 907
wolfSSL 11:cee25a834751 908 /**
wolfSSL 11:cee25a834751 909 * Creates a new extension and pushes it to the provided list.
wolfSSL 11:cee25a834751 910 * Checks for duplicate extensions, keeps the newest.
wolfSSL 11:cee25a834751 911 */
wolfSSL 11:cee25a834751 912 static int TLSX_Push(TLSX** list, TLSX_Type type, void* data, void* heap)
wolfSSL 11:cee25a834751 913 {
wolfSSL 11:cee25a834751 914 TLSX* extension = TLSX_New(type, data, heap);
wolfSSL 11:cee25a834751 915
wolfSSL 11:cee25a834751 916 if (extension == NULL)
wolfSSL 11:cee25a834751 917 return MEMORY_E;
wolfSSL 11:cee25a834751 918
wolfSSL 11:cee25a834751 919 /* pushes the new extension on the list. */
wolfSSL 11:cee25a834751 920 extension->next = *list;
wolfSSL 11:cee25a834751 921 *list = extension;
wolfSSL 11:cee25a834751 922
wolfSSL 11:cee25a834751 923 /* remove duplicate extensions, there should be only one of each type. */
wolfSSL 11:cee25a834751 924 do {
wolfSSL 11:cee25a834751 925 if (extension->next && extension->next->type == type) {
wolfSSL 11:cee25a834751 926 TLSX *next = extension->next;
wolfSSL 11:cee25a834751 927
wolfSSL 11:cee25a834751 928 extension->next = next->next;
wolfSSL 11:cee25a834751 929 next->next = NULL;
wolfSSL 11:cee25a834751 930
wolfSSL 11:cee25a834751 931 TLSX_FreeAll(next, heap);
wolfSSL 11:cee25a834751 932
wolfSSL 11:cee25a834751 933 /* there is no way to occur more than */
wolfSSL 11:cee25a834751 934 /* two extensions of the same type. */
wolfSSL 11:cee25a834751 935 break;
wolfSSL 11:cee25a834751 936 }
wolfSSL 11:cee25a834751 937 } while ((extension = extension->next));
wolfSSL 11:cee25a834751 938
wolfSSL 11:cee25a834751 939 return 0;
wolfSSL 11:cee25a834751 940 }
wolfSSL 11:cee25a834751 941
wolfSSL 11:cee25a834751 942 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 943
wolfSSL 11:cee25a834751 944 /** Mark an extension to be sent back to the client. */
wolfSSL 11:cee25a834751 945 void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type);
wolfSSL 11:cee25a834751 946
wolfSSL 11:cee25a834751 947 void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
wolfSSL 11:cee25a834751 948 {
wolfSSL 11:cee25a834751 949 TLSX *ext = TLSX_Find(ssl->extensions, type);
wolfSSL 11:cee25a834751 950
wolfSSL 11:cee25a834751 951 if (ext)
wolfSSL 11:cee25a834751 952 ext->resp = 1;
wolfSSL 11:cee25a834751 953 }
wolfSSL 11:cee25a834751 954
wolfSSL 11:cee25a834751 955 #endif
wolfSSL 11:cee25a834751 956
wolfSSL 11:cee25a834751 957 /******************************************************************************/
wolfSSL 11:cee25a834751 958 /* Application-Layer Protocol Negotiation */
wolfSSL 11:cee25a834751 959 /******************************************************************************/
wolfSSL 11:cee25a834751 960
wolfSSL 11:cee25a834751 961 #ifdef HAVE_ALPN
wolfSSL 11:cee25a834751 962 /** Creates a new ALPN object, providing protocol name to use. */
wolfSSL 11:cee25a834751 963 static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz,
wolfSSL 11:cee25a834751 964 void* heap)
wolfSSL 11:cee25a834751 965 {
wolfSSL 11:cee25a834751 966 ALPN *alpn;
wolfSSL 11:cee25a834751 967
wolfSSL 11:cee25a834751 968 WOLFSSL_ENTER("TLSX_ALPN_New");
wolfSSL 11:cee25a834751 969
wolfSSL 11:cee25a834751 970 if (protocol_name == NULL ||
wolfSSL 11:cee25a834751 971 protocol_nameSz > WOLFSSL_MAX_ALPN_PROTO_NAME_LEN) {
wolfSSL 11:cee25a834751 972 WOLFSSL_MSG("Invalid arguments");
wolfSSL 11:cee25a834751 973 return NULL;
wolfSSL 11:cee25a834751 974 }
wolfSSL 11:cee25a834751 975
wolfSSL 11:cee25a834751 976 alpn = (ALPN*)XMALLOC(sizeof(ALPN), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 977 if (alpn == NULL) {
wolfSSL 11:cee25a834751 978 WOLFSSL_MSG("Memory failure");
wolfSSL 11:cee25a834751 979 return NULL;
wolfSSL 11:cee25a834751 980 }
wolfSSL 11:cee25a834751 981
wolfSSL 11:cee25a834751 982 alpn->next = NULL;
wolfSSL 11:cee25a834751 983 alpn->negotiated = 0;
wolfSSL 11:cee25a834751 984 alpn->options = 0;
wolfSSL 11:cee25a834751 985
wolfSSL 11:cee25a834751 986 alpn->protocol_name = (char*)XMALLOC(protocol_nameSz + 1,
wolfSSL 11:cee25a834751 987 heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 988 if (alpn->protocol_name == NULL) {
wolfSSL 11:cee25a834751 989 WOLFSSL_MSG("Memory failure");
wolfSSL 11:cee25a834751 990 XFREE(alpn, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 991 return NULL;
wolfSSL 11:cee25a834751 992 }
wolfSSL 11:cee25a834751 993
wolfSSL 11:cee25a834751 994 XMEMCPY(alpn->protocol_name, protocol_name, protocol_nameSz);
wolfSSL 11:cee25a834751 995 alpn->protocol_name[protocol_nameSz] = 0;
wolfSSL 11:cee25a834751 996
wolfSSL 11:cee25a834751 997 return alpn;
wolfSSL 11:cee25a834751 998 }
wolfSSL 11:cee25a834751 999
wolfSSL 11:cee25a834751 1000 /** Releases an ALPN object. */
wolfSSL 11:cee25a834751 1001 static void TLSX_ALPN_Free(ALPN *alpn, void* heap)
wolfSSL 11:cee25a834751 1002 {
wolfSSL 11:cee25a834751 1003 (void)heap;
wolfSSL 11:cee25a834751 1004
wolfSSL 11:cee25a834751 1005 if (alpn == NULL)
wolfSSL 11:cee25a834751 1006 return;
wolfSSL 11:cee25a834751 1007
wolfSSL 11:cee25a834751 1008 XFREE(alpn->protocol_name, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 1009 XFREE(alpn, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 1010 }
wolfSSL 11:cee25a834751 1011
wolfSSL 11:cee25a834751 1012 /** Releases all ALPN objects in the provided list. */
wolfSSL 11:cee25a834751 1013 static void TLSX_ALPN_FreeAll(ALPN *list, void* heap)
wolfSSL 11:cee25a834751 1014 {
wolfSSL 11:cee25a834751 1015 ALPN* alpn;
wolfSSL 11:cee25a834751 1016
wolfSSL 11:cee25a834751 1017 while ((alpn = list)) {
wolfSSL 11:cee25a834751 1018 list = alpn->next;
wolfSSL 11:cee25a834751 1019 TLSX_ALPN_Free(alpn, heap);
wolfSSL 11:cee25a834751 1020 }
wolfSSL 11:cee25a834751 1021 }
wolfSSL 11:cee25a834751 1022
wolfSSL 11:cee25a834751 1023 /** Tells the buffered size of the ALPN objects in a list. */
wolfSSL 11:cee25a834751 1024 static word16 TLSX_ALPN_GetSize(ALPN *list)
wolfSSL 11:cee25a834751 1025 {
wolfSSL 11:cee25a834751 1026 ALPN* alpn;
wolfSSL 11:cee25a834751 1027 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 11:cee25a834751 1028
wolfSSL 11:cee25a834751 1029 while ((alpn = list)) {
wolfSSL 11:cee25a834751 1030 list = alpn->next;
wolfSSL 11:cee25a834751 1031
wolfSSL 11:cee25a834751 1032 length++; /* protocol name length is on one byte */
wolfSSL 11:cee25a834751 1033 length += (word16)XSTRLEN(alpn->protocol_name);
wolfSSL 11:cee25a834751 1034 }
wolfSSL 11:cee25a834751 1035
wolfSSL 11:cee25a834751 1036 return length;
wolfSSL 11:cee25a834751 1037 }
wolfSSL 11:cee25a834751 1038
wolfSSL 11:cee25a834751 1039 /** Writes the ALPN objects of a list in a buffer. */
wolfSSL 11:cee25a834751 1040 static word16 TLSX_ALPN_Write(ALPN *list, byte *output)
wolfSSL 11:cee25a834751 1041 {
wolfSSL 11:cee25a834751 1042 ALPN* alpn;
wolfSSL 11:cee25a834751 1043 word16 length = 0;
wolfSSL 11:cee25a834751 1044 word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL 11:cee25a834751 1045
wolfSSL 11:cee25a834751 1046 while ((alpn = list)) {
wolfSSL 11:cee25a834751 1047 list = alpn->next;
wolfSSL 11:cee25a834751 1048
wolfSSL 11:cee25a834751 1049 length = (word16)XSTRLEN(alpn->protocol_name);
wolfSSL 11:cee25a834751 1050
wolfSSL 11:cee25a834751 1051 /* protocol name length */
wolfSSL 11:cee25a834751 1052 output[offset++] = (byte)length;
wolfSSL 11:cee25a834751 1053
wolfSSL 11:cee25a834751 1054 /* protocol name value */
wolfSSL 11:cee25a834751 1055 XMEMCPY(output + offset, alpn->protocol_name, length);
wolfSSL 11:cee25a834751 1056
wolfSSL 11:cee25a834751 1057 offset += length;
wolfSSL 11:cee25a834751 1058 }
wolfSSL 11:cee25a834751 1059
wolfSSL 11:cee25a834751 1060 /* writing list length */
wolfSSL 11:cee25a834751 1061 c16toa(offset - OPAQUE16_LEN, output);
wolfSSL 11:cee25a834751 1062
wolfSSL 11:cee25a834751 1063 return offset;
wolfSSL 11:cee25a834751 1064 }
wolfSSL 11:cee25a834751 1065
wolfSSL 11:cee25a834751 1066 /** Finds a protocol name in the provided ALPN list */
wolfSSL 11:cee25a834751 1067 static ALPN* TLSX_ALPN_Find(ALPN *list, char *protocol_name, word16 size)
wolfSSL 11:cee25a834751 1068 {
wolfSSL 11:cee25a834751 1069 ALPN *alpn;
wolfSSL 11:cee25a834751 1070
wolfSSL 11:cee25a834751 1071 if (list == NULL || protocol_name == NULL)
wolfSSL 11:cee25a834751 1072 return NULL;
wolfSSL 11:cee25a834751 1073
wolfSSL 11:cee25a834751 1074 alpn = list;
wolfSSL 11:cee25a834751 1075 while (alpn != NULL && (
wolfSSL 11:cee25a834751 1076 (word16)XSTRLEN(alpn->protocol_name) != size ||
wolfSSL 11:cee25a834751 1077 XSTRNCMP(alpn->protocol_name, protocol_name, size)))
wolfSSL 11:cee25a834751 1078 alpn = alpn->next;
wolfSSL 11:cee25a834751 1079
wolfSSL 11:cee25a834751 1080 return alpn;
wolfSSL 11:cee25a834751 1081 }
wolfSSL 11:cee25a834751 1082
wolfSSL 11:cee25a834751 1083 /** Set the ALPN matching client and server requirements */
wolfSSL 11:cee25a834751 1084 static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size,
wolfSSL 11:cee25a834751 1085 void* heap)
wolfSSL 11:cee25a834751 1086 {
wolfSSL 11:cee25a834751 1087 ALPN *alpn;
wolfSSL 11:cee25a834751 1088 int ret;
wolfSSL 11:cee25a834751 1089
wolfSSL 11:cee25a834751 1090 if (extensions == NULL || data == NULL)
wolfSSL 11:cee25a834751 1091 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1092
wolfSSL 11:cee25a834751 1093 alpn = TLSX_ALPN_New((char *)data, size, heap);
wolfSSL 11:cee25a834751 1094 if (alpn == NULL) {
wolfSSL 11:cee25a834751 1095 WOLFSSL_MSG("Memory failure");
wolfSSL 11:cee25a834751 1096 return MEMORY_E;
wolfSSL 11:cee25a834751 1097 }
wolfSSL 11:cee25a834751 1098
wolfSSL 11:cee25a834751 1099 alpn->negotiated = 1;
wolfSSL 11:cee25a834751 1100
wolfSSL 11:cee25a834751 1101 ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn,
wolfSSL 11:cee25a834751 1102 heap);
wolfSSL 11:cee25a834751 1103 if (ret != 0) {
wolfSSL 11:cee25a834751 1104 TLSX_ALPN_Free(alpn, heap);
wolfSSL 11:cee25a834751 1105 return ret;
wolfSSL 11:cee25a834751 1106 }
wolfSSL 11:cee25a834751 1107
wolfSSL 11:cee25a834751 1108 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1109 }
wolfSSL 11:cee25a834751 1110
wolfSSL 11:cee25a834751 1111 /** Parses a buffer of ALPN extensions and set the first one matching
wolfSSL 11:cee25a834751 1112 * client and server requirements */
wolfSSL 11:cee25a834751 1113 static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
wolfSSL 11:cee25a834751 1114 byte isRequest)
wolfSSL 11:cee25a834751 1115 {
wolfSSL 11:cee25a834751 1116 word16 size = 0, offset = 0, idx = 0;
wolfSSL 11:cee25a834751 1117 int r = BUFFER_ERROR;
wolfSSL 11:cee25a834751 1118 byte match = 0;
wolfSSL 11:cee25a834751 1119 TLSX *extension;
wolfSSL 11:cee25a834751 1120 ALPN *alpn = NULL, *list;
wolfSSL 11:cee25a834751 1121
wolfSSL 11:cee25a834751 1122 if (OPAQUE16_LEN > length)
wolfSSL 11:cee25a834751 1123 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1124
wolfSSL 11:cee25a834751 1125 ato16(input, &size);
wolfSSL 11:cee25a834751 1126 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 1127
wolfSSL 11:cee25a834751 1128 extension = TLSX_Find(ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 11:cee25a834751 1129 if (extension == NULL)
wolfSSL 11:cee25a834751 1130 extension = TLSX_Find(ssl->ctx->extensions,
wolfSSL 11:cee25a834751 1131 TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 11:cee25a834751 1132
wolfSSL 11:cee25a834751 1133 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 1134 if (ssl->alpnSelect != NULL) {
wolfSSL 11:cee25a834751 1135 const byte* out;
wolfSSL 11:cee25a834751 1136 unsigned char outLen;
wolfSSL 11:cee25a834751 1137
wolfSSL 11:cee25a834751 1138 if (ssl->alpnSelect(ssl, &out, &outLen, input + offset, size,
wolfSSL 11:cee25a834751 1139 ssl->alpnSelectArg) == 0) {
wolfSSL 11:cee25a834751 1140 WOLFSSL_MSG("ALPN protocol match");
wolfSSL 11:cee25a834751 1141 if (TLSX_UseALPN(&ssl->extensions, (char*)out, outLen, 0, ssl->heap)
wolfSSL 11:cee25a834751 1142 == SSL_SUCCESS) {
wolfSSL 11:cee25a834751 1143 if (extension == NULL) {
wolfSSL 11:cee25a834751 1144 extension = TLSX_Find(ssl->extensions,
wolfSSL 11:cee25a834751 1145 TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 11:cee25a834751 1146 }
wolfSSL 11:cee25a834751 1147 }
wolfSSL 11:cee25a834751 1148 }
wolfSSL 11:cee25a834751 1149 }
wolfSSL 11:cee25a834751 1150 #endif
wolfSSL 11:cee25a834751 1151
wolfSSL 11:cee25a834751 1152 if (extension == NULL || extension->data == NULL) {
wolfSSL 11:cee25a834751 1153 WOLFSSL_MSG("No ALPN extensions not used or bad");
wolfSSL 11:cee25a834751 1154 return isRequest ? 0 /* not using ALPN */
wolfSSL 11:cee25a834751 1155 : BUFFER_ERROR; /* unexpected ALPN response */
wolfSSL 11:cee25a834751 1156 }
wolfSSL 11:cee25a834751 1157
wolfSSL 11:cee25a834751 1158 /* validating alpn list length */
wolfSSL 11:cee25a834751 1159 if (length != OPAQUE16_LEN + size)
wolfSSL 11:cee25a834751 1160 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1161
wolfSSL 11:cee25a834751 1162 list = (ALPN*)extension->data;
wolfSSL 11:cee25a834751 1163
wolfSSL 11:cee25a834751 1164 /* keep the list sent by client */
wolfSSL 11:cee25a834751 1165 if (isRequest) {
wolfSSL 11:cee25a834751 1166 if (ssl->alpn_client_list != NULL)
wolfSSL 11:cee25a834751 1167 XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 1168
wolfSSL 11:cee25a834751 1169 ssl->alpn_client_list = (char *)XMALLOC(size, ssl->heap,
wolfSSL 11:cee25a834751 1170 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 1171 if (ssl->alpn_client_list == NULL)
wolfSSL 11:cee25a834751 1172 return MEMORY_ERROR;
wolfSSL 11:cee25a834751 1173 }
wolfSSL 11:cee25a834751 1174
wolfSSL 11:cee25a834751 1175 for (size = 0; offset < length; offset += size) {
wolfSSL 11:cee25a834751 1176
wolfSSL 11:cee25a834751 1177 size = input[offset++];
wolfSSL 11:cee25a834751 1178 if (offset + size > length)
wolfSSL 11:cee25a834751 1179 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1180
wolfSSL 11:cee25a834751 1181 if (isRequest) {
wolfSSL 11:cee25a834751 1182 XMEMCPY(ssl->alpn_client_list+idx, (char*)input + offset, size);
wolfSSL 11:cee25a834751 1183 idx += size;
wolfSSL 11:cee25a834751 1184 ssl->alpn_client_list[idx++] = ',';
wolfSSL 11:cee25a834751 1185 }
wolfSSL 11:cee25a834751 1186
wolfSSL 11:cee25a834751 1187 if (!match) {
wolfSSL 11:cee25a834751 1188 alpn = TLSX_ALPN_Find(list, (char*)input + offset, size);
wolfSSL 11:cee25a834751 1189 if (alpn != NULL) {
wolfSSL 11:cee25a834751 1190 WOLFSSL_MSG("ALPN protocol match");
wolfSSL 11:cee25a834751 1191 match = 1;
wolfSSL 11:cee25a834751 1192
wolfSSL 11:cee25a834751 1193 /* skip reading other values if not required */
wolfSSL 11:cee25a834751 1194 if (!isRequest)
wolfSSL 11:cee25a834751 1195 break;
wolfSSL 11:cee25a834751 1196 }
wolfSSL 11:cee25a834751 1197 }
wolfSSL 11:cee25a834751 1198 }
wolfSSL 11:cee25a834751 1199
wolfSSL 11:cee25a834751 1200 if (isRequest)
wolfSSL 11:cee25a834751 1201 ssl->alpn_client_list[idx-1] = 0;
wolfSSL 11:cee25a834751 1202
wolfSSL 11:cee25a834751 1203 if (!match) {
wolfSSL 11:cee25a834751 1204 WOLFSSL_MSG("No ALPN protocol match");
wolfSSL 11:cee25a834751 1205
wolfSSL 11:cee25a834751 1206 /* do nothing if no protocol match between client and server and option
wolfSSL 11:cee25a834751 1207 is set to continue (like OpenSSL) */
wolfSSL 11:cee25a834751 1208 if (list->options & WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) {
wolfSSL 11:cee25a834751 1209 WOLFSSL_MSG("Continue on mismatch");
wolfSSL 11:cee25a834751 1210 return 0;
wolfSSL 11:cee25a834751 1211 }
wolfSSL 11:cee25a834751 1212
wolfSSL 11:cee25a834751 1213 SendAlert(ssl, alert_fatal, no_application_protocol);
wolfSSL 11:cee25a834751 1214 return UNKNOWN_ALPN_PROTOCOL_NAME_E;
wolfSSL 11:cee25a834751 1215 }
wolfSSL 11:cee25a834751 1216
wolfSSL 11:cee25a834751 1217 /* set the matching negotiated protocol */
wolfSSL 11:cee25a834751 1218 r = TLSX_SetALPN(&ssl->extensions,
wolfSSL 11:cee25a834751 1219 alpn->protocol_name,
wolfSSL 11:cee25a834751 1220 (word16)XSTRLEN(alpn->protocol_name),
wolfSSL 11:cee25a834751 1221 ssl->heap);
wolfSSL 11:cee25a834751 1222 if (r != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 1223 WOLFSSL_MSG("TLSX_UseALPN failed");
wolfSSL 11:cee25a834751 1224 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1225 }
wolfSSL 11:cee25a834751 1226
wolfSSL 11:cee25a834751 1227 /* reply to ALPN extension sent from client */
wolfSSL 11:cee25a834751 1228 if (isRequest) {
wolfSSL 11:cee25a834751 1229 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 1230 TLSX_SetResponse(ssl, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 11:cee25a834751 1231 #endif
wolfSSL 11:cee25a834751 1232 }
wolfSSL 11:cee25a834751 1233
wolfSSL 11:cee25a834751 1234 return 0;
wolfSSL 11:cee25a834751 1235 }
wolfSSL 11:cee25a834751 1236
wolfSSL 11:cee25a834751 1237 /** Add a protocol name to the list of accepted usable ones */
wolfSSL 11:cee25a834751 1238 int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options,
wolfSSL 11:cee25a834751 1239 void* heap)
wolfSSL 11:cee25a834751 1240 {
wolfSSL 11:cee25a834751 1241 ALPN *alpn;
wolfSSL 11:cee25a834751 1242 TLSX *extension;
wolfSSL 11:cee25a834751 1243 int ret;
wolfSSL 11:cee25a834751 1244
wolfSSL 11:cee25a834751 1245 if (extensions == NULL || data == NULL)
wolfSSL 11:cee25a834751 1246 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1247
wolfSSL 11:cee25a834751 1248 alpn = TLSX_ALPN_New((char *)data, size, heap);
wolfSSL 11:cee25a834751 1249 if (alpn == NULL) {
wolfSSL 11:cee25a834751 1250 WOLFSSL_MSG("Memory failure");
wolfSSL 11:cee25a834751 1251 return MEMORY_E;
wolfSSL 11:cee25a834751 1252 }
wolfSSL 11:cee25a834751 1253
wolfSSL 11:cee25a834751 1254 /* Set Options of ALPN */
wolfSSL 11:cee25a834751 1255 alpn->options = options;
wolfSSL 11:cee25a834751 1256
wolfSSL 11:cee25a834751 1257 extension = TLSX_Find(*extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 11:cee25a834751 1258 if (extension == NULL) {
wolfSSL 11:cee25a834751 1259 ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL,
wolfSSL 11:cee25a834751 1260 (void*)alpn, heap);
wolfSSL 11:cee25a834751 1261 if (ret != 0) {
wolfSSL 11:cee25a834751 1262 TLSX_ALPN_Free(alpn, heap);
wolfSSL 11:cee25a834751 1263 return ret;
wolfSSL 11:cee25a834751 1264 }
wolfSSL 11:cee25a834751 1265 }
wolfSSL 11:cee25a834751 1266 else {
wolfSSL 11:cee25a834751 1267 /* push new ALPN object to extension data. */
wolfSSL 11:cee25a834751 1268 alpn->next = (ALPN*)extension->data;
wolfSSL 11:cee25a834751 1269 extension->data = (void*)alpn;
wolfSSL 11:cee25a834751 1270 }
wolfSSL 11:cee25a834751 1271
wolfSSL 11:cee25a834751 1272 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1273 }
wolfSSL 11:cee25a834751 1274
wolfSSL 11:cee25a834751 1275 /** Get the protocol name set by the server */
wolfSSL 11:cee25a834751 1276 int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz)
wolfSSL 11:cee25a834751 1277 {
wolfSSL 11:cee25a834751 1278 TLSX *extension;
wolfSSL 11:cee25a834751 1279 ALPN *alpn;
wolfSSL 11:cee25a834751 1280
wolfSSL 11:cee25a834751 1281 if (extensions == NULL || data == NULL || dataSz == NULL)
wolfSSL 11:cee25a834751 1282 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1283
wolfSSL 11:cee25a834751 1284 extension = TLSX_Find(extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 11:cee25a834751 1285 if (extension == NULL) {
wolfSSL 11:cee25a834751 1286 WOLFSSL_MSG("TLS extension not found");
wolfSSL 11:cee25a834751 1287 return SSL_ALPN_NOT_FOUND;
wolfSSL 11:cee25a834751 1288 }
wolfSSL 11:cee25a834751 1289
wolfSSL 11:cee25a834751 1290 alpn = (ALPN *)extension->data;
wolfSSL 11:cee25a834751 1291 if (alpn == NULL) {
wolfSSL 11:cee25a834751 1292 WOLFSSL_MSG("ALPN extension not found");
wolfSSL 11:cee25a834751 1293 *data = NULL;
wolfSSL 11:cee25a834751 1294 *dataSz = 0;
wolfSSL 11:cee25a834751 1295 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 1296 }
wolfSSL 11:cee25a834751 1297
wolfSSL 11:cee25a834751 1298 if (alpn->negotiated != 1) {
wolfSSL 11:cee25a834751 1299
wolfSSL 11:cee25a834751 1300 /* consider as an error */
wolfSSL 11:cee25a834751 1301 if (alpn->options & WOLFSSL_ALPN_FAILED_ON_MISMATCH) {
wolfSSL 11:cee25a834751 1302 WOLFSSL_MSG("No protocol match with peer -> Failed");
wolfSSL 11:cee25a834751 1303 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 1304 }
wolfSSL 11:cee25a834751 1305
wolfSSL 11:cee25a834751 1306 /* continue without negotiated protocol */
wolfSSL 11:cee25a834751 1307 WOLFSSL_MSG("No protocol match with peer -> Continue");
wolfSSL 11:cee25a834751 1308 return SSL_ALPN_NOT_FOUND;
wolfSSL 11:cee25a834751 1309 }
wolfSSL 11:cee25a834751 1310
wolfSSL 11:cee25a834751 1311 if (alpn->next != NULL) {
wolfSSL 11:cee25a834751 1312 WOLFSSL_MSG("Only one protocol name must be accepted");
wolfSSL 11:cee25a834751 1313 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 1314 }
wolfSSL 11:cee25a834751 1315
wolfSSL 11:cee25a834751 1316 *data = alpn->protocol_name;
wolfSSL 11:cee25a834751 1317 *dataSz = (word16)XSTRLEN((char*)*data);
wolfSSL 11:cee25a834751 1318
wolfSSL 11:cee25a834751 1319 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1320 }
wolfSSL 11:cee25a834751 1321
wolfSSL 11:cee25a834751 1322 #define ALPN_FREE_ALL TLSX_ALPN_FreeAll
wolfSSL 11:cee25a834751 1323 #define ALPN_GET_SIZE TLSX_ALPN_GetSize
wolfSSL 11:cee25a834751 1324 #define ALPN_WRITE TLSX_ALPN_Write
wolfSSL 11:cee25a834751 1325 #define ALPN_PARSE TLSX_ALPN_ParseAndSet
wolfSSL 11:cee25a834751 1326
wolfSSL 11:cee25a834751 1327 #else /* HAVE_ALPN */
wolfSSL 11:cee25a834751 1328
wolfSSL 11:cee25a834751 1329 #define ALPN_FREE_ALL(list, heap)
wolfSSL 11:cee25a834751 1330 #define ALPN_GET_SIZE(list) 0
wolfSSL 11:cee25a834751 1331 #define ALPN_WRITE(a, b) 0
wolfSSL 11:cee25a834751 1332 #define ALPN_PARSE(a, b, c, d) 0
wolfSSL 11:cee25a834751 1333
wolfSSL 11:cee25a834751 1334 #endif /* HAVE_ALPN */
wolfSSL 11:cee25a834751 1335
wolfSSL 11:cee25a834751 1336 /******************************************************************************/
wolfSSL 11:cee25a834751 1337 /* Server Name Indication */
wolfSSL 11:cee25a834751 1338 /******************************************************************************/
wolfSSL 11:cee25a834751 1339
wolfSSL 11:cee25a834751 1340 #ifdef HAVE_SNI
wolfSSL 11:cee25a834751 1341
wolfSSL 11:cee25a834751 1342 /** Creates a new SNI object. */
wolfSSL 11:cee25a834751 1343 static SNI* TLSX_SNI_New(byte type, const void* data, word16 size, void* heap)
wolfSSL 11:cee25a834751 1344 {
wolfSSL 11:cee25a834751 1345 SNI* sni = (SNI*)XMALLOC(sizeof(SNI), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 1346
wolfSSL 11:cee25a834751 1347 if (sni) {
wolfSSL 11:cee25a834751 1348 sni->type = type;
wolfSSL 11:cee25a834751 1349 sni->next = NULL;
wolfSSL 11:cee25a834751 1350
wolfSSL 11:cee25a834751 1351 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 1352 sni->options = 0;
wolfSSL 11:cee25a834751 1353 sni->status = WOLFSSL_SNI_NO_MATCH;
wolfSSL 11:cee25a834751 1354 #endif
wolfSSL 11:cee25a834751 1355
wolfSSL 11:cee25a834751 1356 switch (sni->type) {
wolfSSL 11:cee25a834751 1357 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 11:cee25a834751 1358 sni->data.host_name = (char*)XMALLOC(size + 1, heap,
wolfSSL 11:cee25a834751 1359 DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 1360 if (sni->data.host_name) {
wolfSSL 11:cee25a834751 1361 XSTRNCPY(sni->data.host_name, (const char*)data, size);
wolfSSL 11:cee25a834751 1362 sni->data.host_name[size] = 0;
wolfSSL 11:cee25a834751 1363 } else {
wolfSSL 11:cee25a834751 1364 XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 1365 sni = NULL;
wolfSSL 11:cee25a834751 1366 }
wolfSSL 11:cee25a834751 1367 break;
wolfSSL 11:cee25a834751 1368
wolfSSL 11:cee25a834751 1369 default: /* invalid type */
wolfSSL 11:cee25a834751 1370 XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 1371 sni = NULL;
wolfSSL 11:cee25a834751 1372 }
wolfSSL 11:cee25a834751 1373 }
wolfSSL 11:cee25a834751 1374
wolfSSL 11:cee25a834751 1375 return sni;
wolfSSL 11:cee25a834751 1376 }
wolfSSL 11:cee25a834751 1377
wolfSSL 11:cee25a834751 1378 /** Releases a SNI object. */
wolfSSL 11:cee25a834751 1379 static void TLSX_SNI_Free(SNI* sni, void* heap)
wolfSSL 11:cee25a834751 1380 {
wolfSSL 11:cee25a834751 1381 if (sni) {
wolfSSL 11:cee25a834751 1382 switch (sni->type) {
wolfSSL 11:cee25a834751 1383 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 11:cee25a834751 1384 XFREE(sni->data.host_name, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 1385 break;
wolfSSL 11:cee25a834751 1386 }
wolfSSL 11:cee25a834751 1387
wolfSSL 11:cee25a834751 1388 XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 1389 }
wolfSSL 11:cee25a834751 1390 (void)heap;
wolfSSL 11:cee25a834751 1391 }
wolfSSL 11:cee25a834751 1392
wolfSSL 11:cee25a834751 1393 /** Releases all SNI objects in the provided list. */
wolfSSL 11:cee25a834751 1394 static void TLSX_SNI_FreeAll(SNI* list, void* heap)
wolfSSL 11:cee25a834751 1395 {
wolfSSL 11:cee25a834751 1396 SNI* sni;
wolfSSL 11:cee25a834751 1397
wolfSSL 11:cee25a834751 1398 while ((sni = list)) {
wolfSSL 11:cee25a834751 1399 list = sni->next;
wolfSSL 11:cee25a834751 1400 TLSX_SNI_Free(sni, heap);
wolfSSL 11:cee25a834751 1401 }
wolfSSL 11:cee25a834751 1402 }
wolfSSL 11:cee25a834751 1403
wolfSSL 11:cee25a834751 1404 /** Tells the buffered size of the SNI objects in a list. */
wolfSSL 11:cee25a834751 1405 static word16 TLSX_SNI_GetSize(SNI* list)
wolfSSL 11:cee25a834751 1406 {
wolfSSL 11:cee25a834751 1407 SNI* sni;
wolfSSL 11:cee25a834751 1408 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 11:cee25a834751 1409
wolfSSL 11:cee25a834751 1410 while ((sni = list)) {
wolfSSL 11:cee25a834751 1411 list = sni->next;
wolfSSL 11:cee25a834751 1412
wolfSSL 11:cee25a834751 1413 length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */
wolfSSL 11:cee25a834751 1414
wolfSSL 11:cee25a834751 1415 switch (sni->type) {
wolfSSL 11:cee25a834751 1416 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 11:cee25a834751 1417 length += (word16)XSTRLEN((char*)sni->data.host_name);
wolfSSL 11:cee25a834751 1418 break;
wolfSSL 11:cee25a834751 1419 }
wolfSSL 11:cee25a834751 1420 }
wolfSSL 11:cee25a834751 1421
wolfSSL 11:cee25a834751 1422 return length;
wolfSSL 11:cee25a834751 1423 }
wolfSSL 11:cee25a834751 1424
wolfSSL 11:cee25a834751 1425 /** Writes the SNI objects of a list in a buffer. */
wolfSSL 11:cee25a834751 1426 static word16 TLSX_SNI_Write(SNI* list, byte* output)
wolfSSL 11:cee25a834751 1427 {
wolfSSL 11:cee25a834751 1428 SNI* sni;
wolfSSL 11:cee25a834751 1429 word16 length = 0;
wolfSSL 11:cee25a834751 1430 word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL 11:cee25a834751 1431
wolfSSL 11:cee25a834751 1432 while ((sni = list)) {
wolfSSL 11:cee25a834751 1433 list = sni->next;
wolfSSL 11:cee25a834751 1434
wolfSSL 11:cee25a834751 1435 output[offset++] = sni->type; /* sni type */
wolfSSL 11:cee25a834751 1436
wolfSSL 11:cee25a834751 1437 switch (sni->type) {
wolfSSL 11:cee25a834751 1438 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 11:cee25a834751 1439 length = (word16)XSTRLEN((char*)sni->data.host_name);
wolfSSL 11:cee25a834751 1440
wolfSSL 11:cee25a834751 1441 c16toa(length, output + offset); /* sni length */
wolfSSL 11:cee25a834751 1442 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 1443
wolfSSL 11:cee25a834751 1444 XMEMCPY(output + offset, sni->data.host_name, length);
wolfSSL 11:cee25a834751 1445
wolfSSL 11:cee25a834751 1446 offset += length;
wolfSSL 11:cee25a834751 1447 break;
wolfSSL 11:cee25a834751 1448 }
wolfSSL 11:cee25a834751 1449 }
wolfSSL 11:cee25a834751 1450
wolfSSL 11:cee25a834751 1451 c16toa(offset - OPAQUE16_LEN, output); /* writing list length */
wolfSSL 11:cee25a834751 1452
wolfSSL 11:cee25a834751 1453 return offset;
wolfSSL 11:cee25a834751 1454 }
wolfSSL 11:cee25a834751 1455
wolfSSL 11:cee25a834751 1456 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 1457
wolfSSL 11:cee25a834751 1458 /** Finds a SNI object in the provided list. */
wolfSSL 11:cee25a834751 1459 static SNI* TLSX_SNI_Find(SNI *list, byte type)
wolfSSL 11:cee25a834751 1460 {
wolfSSL 11:cee25a834751 1461 SNI *sni = list;
wolfSSL 11:cee25a834751 1462
wolfSSL 11:cee25a834751 1463 while (sni && sni->type != type)
wolfSSL 11:cee25a834751 1464 sni = sni->next;
wolfSSL 11:cee25a834751 1465
wolfSSL 11:cee25a834751 1466 return sni;
wolfSSL 11:cee25a834751 1467 }
wolfSSL 11:cee25a834751 1468
wolfSSL 11:cee25a834751 1469
wolfSSL 11:cee25a834751 1470 /** Sets the status of a SNI object. */
wolfSSL 11:cee25a834751 1471 static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
wolfSSL 11:cee25a834751 1472 {
wolfSSL 11:cee25a834751 1473 TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL 11:cee25a834751 1474 SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL 11:cee25a834751 1475
wolfSSL 11:cee25a834751 1476 if (sni)
wolfSSL 11:cee25a834751 1477 sni->status = status;
wolfSSL 11:cee25a834751 1478 }
wolfSSL 11:cee25a834751 1479
wolfSSL 11:cee25a834751 1480 /** Gets the status of a SNI object. */
wolfSSL 11:cee25a834751 1481 byte TLSX_SNI_Status(TLSX* extensions, byte type)
wolfSSL 11:cee25a834751 1482 {
wolfSSL 11:cee25a834751 1483 TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL 11:cee25a834751 1484 SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL 11:cee25a834751 1485
wolfSSL 11:cee25a834751 1486 if (sni)
wolfSSL 11:cee25a834751 1487 return sni->status;
wolfSSL 11:cee25a834751 1488
wolfSSL 11:cee25a834751 1489 return 0;
wolfSSL 11:cee25a834751 1490 }
wolfSSL 11:cee25a834751 1491
wolfSSL 11:cee25a834751 1492 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 1493
wolfSSL 11:cee25a834751 1494 /** Parses a buffer of SNI extensions. */
wolfSSL 11:cee25a834751 1495 static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 11:cee25a834751 1496 byte isRequest)
wolfSSL 11:cee25a834751 1497 {
wolfSSL 11:cee25a834751 1498 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 1499 word16 size = 0;
wolfSSL 11:cee25a834751 1500 word16 offset = 0;
wolfSSL 11:cee25a834751 1501 int cacheOnly = 0;
wolfSSL 11:cee25a834751 1502 #endif
wolfSSL 11:cee25a834751 1503
wolfSSL 11:cee25a834751 1504 TLSX *extension = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
wolfSSL 11:cee25a834751 1505
wolfSSL 11:cee25a834751 1506 if (!extension)
wolfSSL 11:cee25a834751 1507 extension = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
wolfSSL 11:cee25a834751 1508
wolfSSL 11:cee25a834751 1509 (void)isRequest;
wolfSSL 11:cee25a834751 1510 (void)input;
wolfSSL 11:cee25a834751 1511
wolfSSL 11:cee25a834751 1512 if (!extension || !extension->data) {
wolfSSL 11:cee25a834751 1513 #if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 11:cee25a834751 1514 /* This will keep SNI even though TLSX_UseSNI has not been called.
wolfSSL 11:cee25a834751 1515 * Enable it so that the received sni is available to functions
wolfSSL 11:cee25a834751 1516 * that use a custom callback when SNI is received */
wolfSSL 11:cee25a834751 1517 cacheOnly = 1;
wolfSSL 11:cee25a834751 1518 WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
wolfSSL 11:cee25a834751 1519 #else
wolfSSL 11:cee25a834751 1520 return isRequest ? 0 /* not using SNI. */
wolfSSL 11:cee25a834751 1521 : BUFFER_ERROR; /* unexpected SNI response. */
wolfSSL 11:cee25a834751 1522 #endif
wolfSSL 11:cee25a834751 1523 }
wolfSSL 11:cee25a834751 1524
wolfSSL 11:cee25a834751 1525 if (!isRequest)
wolfSSL 11:cee25a834751 1526 return length ? BUFFER_ERROR /* SNI response MUST be empty. */
wolfSSL 11:cee25a834751 1527 : 0; /* nothing else to do. */
wolfSSL 11:cee25a834751 1528
wolfSSL 11:cee25a834751 1529 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 1530
wolfSSL 11:cee25a834751 1531 if (OPAQUE16_LEN > length)
wolfSSL 11:cee25a834751 1532 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1533
wolfSSL 11:cee25a834751 1534 ato16(input, &size);
wolfSSL 11:cee25a834751 1535 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 1536
wolfSSL 11:cee25a834751 1537 /* validating sni list length */
wolfSSL 11:cee25a834751 1538 if (length != OPAQUE16_LEN + size)
wolfSSL 11:cee25a834751 1539 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1540
wolfSSL 11:cee25a834751 1541 for (size = 0; offset < length; offset += size) {
wolfSSL 11:cee25a834751 1542 SNI *sni = NULL;
wolfSSL 11:cee25a834751 1543 byte type = input[offset++];
wolfSSL 11:cee25a834751 1544
wolfSSL 11:cee25a834751 1545 if (offset + OPAQUE16_LEN > length)
wolfSSL 11:cee25a834751 1546 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1547
wolfSSL 11:cee25a834751 1548 ato16(input + offset, &size);
wolfSSL 11:cee25a834751 1549 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 1550
wolfSSL 11:cee25a834751 1551 if (offset + size > length)
wolfSSL 11:cee25a834751 1552 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1553
wolfSSL 11:cee25a834751 1554 if (!cacheOnly && !(sni = TLSX_SNI_Find((SNI*)extension->data, type)))
wolfSSL 11:cee25a834751 1555 continue; /* not using this type of SNI. */
wolfSSL 11:cee25a834751 1556
wolfSSL 11:cee25a834751 1557 switch(type) {
wolfSSL 11:cee25a834751 1558 case WOLFSSL_SNI_HOST_NAME: {
wolfSSL 11:cee25a834751 1559 int matchStat;
wolfSSL 11:cee25a834751 1560 byte matched = cacheOnly ||
wolfSSL 11:cee25a834751 1561 ((XSTRLEN(sni->data.host_name) == size)
wolfSSL 11:cee25a834751 1562 && (XSTRNCMP(sni->data.host_name,
wolfSSL 11:cee25a834751 1563 (const char*)input + offset, size) == 0));
wolfSSL 11:cee25a834751 1564
wolfSSL 11:cee25a834751 1565 if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) {
wolfSSL 11:cee25a834751 1566 int r = TLSX_UseSNI(&ssl->extensions,
wolfSSL 11:cee25a834751 1567 type, input + offset, size, ssl->heap);
wolfSSL 11:cee25a834751 1568
wolfSSL 11:cee25a834751 1569 if (r != SSL_SUCCESS)
wolfSSL 11:cee25a834751 1570 return r; /* throws error. */
wolfSSL 11:cee25a834751 1571
wolfSSL 11:cee25a834751 1572 if(cacheOnly) {
wolfSSL 11:cee25a834751 1573 WOLFSSL_MSG("Forcing storage of SNI, Fake match");
wolfSSL 11:cee25a834751 1574 matchStat = WOLFSSL_SNI_FORCE_KEEP;
wolfSSL 11:cee25a834751 1575 } else if(matched) {
wolfSSL 11:cee25a834751 1576 WOLFSSL_MSG("SNI did match!");
wolfSSL 11:cee25a834751 1577 matchStat = WOLFSSL_SNI_REAL_MATCH;
wolfSSL 11:cee25a834751 1578 } else {
wolfSSL 11:cee25a834751 1579 WOLFSSL_MSG("fake SNI match from ANSWER_ON_MISMATCH");
wolfSSL 11:cee25a834751 1580 matchStat = WOLFSSL_SNI_FAKE_MATCH;
wolfSSL 11:cee25a834751 1581 }
wolfSSL 11:cee25a834751 1582
wolfSSL 11:cee25a834751 1583 TLSX_SNI_SetStatus(ssl->extensions, type, matchStat);
wolfSSL 11:cee25a834751 1584
wolfSSL 11:cee25a834751 1585 if(!cacheOnly)
wolfSSL 11:cee25a834751 1586 TLSX_SetResponse(ssl, TLSX_SERVER_NAME);
wolfSSL 11:cee25a834751 1587
wolfSSL 11:cee25a834751 1588 } else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
wolfSSL 11:cee25a834751 1589 SendAlert(ssl, alert_fatal, unrecognized_name);
wolfSSL 11:cee25a834751 1590
wolfSSL 11:cee25a834751 1591 return UNKNOWN_SNI_HOST_NAME_E;
wolfSSL 11:cee25a834751 1592 }
wolfSSL 11:cee25a834751 1593 break;
wolfSSL 11:cee25a834751 1594 }
wolfSSL 11:cee25a834751 1595 }
wolfSSL 11:cee25a834751 1596 }
wolfSSL 11:cee25a834751 1597
wolfSSL 11:cee25a834751 1598 #endif
wolfSSL 11:cee25a834751 1599
wolfSSL 11:cee25a834751 1600 return 0;
wolfSSL 11:cee25a834751 1601 }
wolfSSL 11:cee25a834751 1602
wolfSSL 11:cee25a834751 1603 static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
wolfSSL 11:cee25a834751 1604 {
wolfSSL 11:cee25a834751 1605 (void)ssl;
wolfSSL 11:cee25a834751 1606
wolfSSL 11:cee25a834751 1607 if (isRequest) {
wolfSSL 11:cee25a834751 1608 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 1609 TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
wolfSSL 11:cee25a834751 1610 TLSX* ssl_ext = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
wolfSSL 11:cee25a834751 1611 SNI* ctx_sni = ctx_ext ? (SNI*)ctx_ext->data : NULL;
wolfSSL 11:cee25a834751 1612 SNI* ssl_sni = ssl_ext ? (SNI*)ssl_ext->data : NULL;
wolfSSL 11:cee25a834751 1613 SNI* sni = NULL;
wolfSSL 11:cee25a834751 1614
wolfSSL 11:cee25a834751 1615 for (; ctx_sni; ctx_sni = ctx_sni->next) {
wolfSSL 11:cee25a834751 1616 if (ctx_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
wolfSSL 11:cee25a834751 1617 sni = TLSX_SNI_Find(ssl_sni, ctx_sni->type);
wolfSSL 11:cee25a834751 1618
wolfSSL 11:cee25a834751 1619 if (sni) {
wolfSSL 11:cee25a834751 1620 if (sni->status != WOLFSSL_SNI_NO_MATCH)
wolfSSL 11:cee25a834751 1621 continue;
wolfSSL 11:cee25a834751 1622
wolfSSL 11:cee25a834751 1623 /* if ssl level overrides ctx level, it is ok. */
wolfSSL 11:cee25a834751 1624 if ((sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) == 0)
wolfSSL 11:cee25a834751 1625 continue;
wolfSSL 11:cee25a834751 1626 }
wolfSSL 11:cee25a834751 1627
wolfSSL 11:cee25a834751 1628 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 11:cee25a834751 1629 return SNI_ABSENT_ERROR;
wolfSSL 11:cee25a834751 1630 }
wolfSSL 11:cee25a834751 1631 }
wolfSSL 11:cee25a834751 1632
wolfSSL 11:cee25a834751 1633 for (; ssl_sni; ssl_sni = ssl_sni->next) {
wolfSSL 11:cee25a834751 1634 if (ssl_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
wolfSSL 11:cee25a834751 1635 if (ssl_sni->status != WOLFSSL_SNI_NO_MATCH)
wolfSSL 11:cee25a834751 1636 continue;
wolfSSL 11:cee25a834751 1637
wolfSSL 11:cee25a834751 1638 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 11:cee25a834751 1639 return SNI_ABSENT_ERROR;
wolfSSL 11:cee25a834751 1640 }
wolfSSL 11:cee25a834751 1641 }
wolfSSL 11:cee25a834751 1642 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 1643 }
wolfSSL 11:cee25a834751 1644
wolfSSL 11:cee25a834751 1645 return 0;
wolfSSL 11:cee25a834751 1646 }
wolfSSL 11:cee25a834751 1647
wolfSSL 11:cee25a834751 1648 int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
wolfSSL 11:cee25a834751 1649 void* heap)
wolfSSL 11:cee25a834751 1650 {
wolfSSL 11:cee25a834751 1651 TLSX* extension;
wolfSSL 11:cee25a834751 1652 SNI* sni = NULL;
wolfSSL 11:cee25a834751 1653
wolfSSL 11:cee25a834751 1654 if (extensions == NULL || data == NULL)
wolfSSL 11:cee25a834751 1655 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1656
wolfSSL 11:cee25a834751 1657 if ((sni = TLSX_SNI_New(type, data, size, heap)) == NULL)
wolfSSL 11:cee25a834751 1658 return MEMORY_E;
wolfSSL 11:cee25a834751 1659
wolfSSL 11:cee25a834751 1660 extension = TLSX_Find(*extensions, TLSX_SERVER_NAME);
wolfSSL 11:cee25a834751 1661 if (!extension) {
wolfSSL 11:cee25a834751 1662 int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap);
wolfSSL 11:cee25a834751 1663 if (ret != 0) {
wolfSSL 11:cee25a834751 1664 TLSX_SNI_Free(sni, heap);
wolfSSL 11:cee25a834751 1665 return ret;
wolfSSL 11:cee25a834751 1666 }
wolfSSL 11:cee25a834751 1667 }
wolfSSL 11:cee25a834751 1668 else {
wolfSSL 11:cee25a834751 1669 /* push new SNI object to extension data. */
wolfSSL 11:cee25a834751 1670 sni->next = (SNI*)extension->data;
wolfSSL 11:cee25a834751 1671 extension->data = (void*)sni;
wolfSSL 11:cee25a834751 1672
wolfSSL 11:cee25a834751 1673 /* remove duplicate SNI, there should be only one of each type. */
wolfSSL 11:cee25a834751 1674 do {
wolfSSL 11:cee25a834751 1675 if (sni->next && sni->next->type == type) {
wolfSSL 11:cee25a834751 1676 SNI *next = sni->next;
wolfSSL 11:cee25a834751 1677
wolfSSL 11:cee25a834751 1678 sni->next = next->next;
wolfSSL 11:cee25a834751 1679 TLSX_SNI_Free(next, heap);
wolfSSL 11:cee25a834751 1680
wolfSSL 11:cee25a834751 1681 /* there is no way to occur more than */
wolfSSL 11:cee25a834751 1682 /* two SNIs of the same type. */
wolfSSL 11:cee25a834751 1683 break;
wolfSSL 11:cee25a834751 1684 }
wolfSSL 11:cee25a834751 1685 } while ((sni = sni->next));
wolfSSL 11:cee25a834751 1686 }
wolfSSL 11:cee25a834751 1687
wolfSSL 11:cee25a834751 1688 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1689 }
wolfSSL 11:cee25a834751 1690
wolfSSL 11:cee25a834751 1691 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 1692
wolfSSL 11:cee25a834751 1693 /** Tells the SNI requested by the client. */
wolfSSL 11:cee25a834751 1694 word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
wolfSSL 11:cee25a834751 1695 {
wolfSSL 11:cee25a834751 1696 TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL 11:cee25a834751 1697 SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL 11:cee25a834751 1698
wolfSSL 11:cee25a834751 1699 if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) {
wolfSSL 11:cee25a834751 1700 switch (sni->type) {
wolfSSL 11:cee25a834751 1701 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 11:cee25a834751 1702 if (data) {
wolfSSL 11:cee25a834751 1703 *data = sni->data.host_name;
wolfSSL 11:cee25a834751 1704 return (word16)XSTRLEN((char*)*data);
wolfSSL 11:cee25a834751 1705 }
wolfSSL 11:cee25a834751 1706 }
wolfSSL 11:cee25a834751 1707 }
wolfSSL 11:cee25a834751 1708
wolfSSL 11:cee25a834751 1709 return 0;
wolfSSL 11:cee25a834751 1710 }
wolfSSL 11:cee25a834751 1711
wolfSSL 11:cee25a834751 1712 /** Sets the options for a SNI object. */
wolfSSL 11:cee25a834751 1713 void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
wolfSSL 11:cee25a834751 1714 {
wolfSSL 11:cee25a834751 1715 TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL 11:cee25a834751 1716 SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL 11:cee25a834751 1717
wolfSSL 11:cee25a834751 1718 if (sni)
wolfSSL 11:cee25a834751 1719 sni->options = options;
wolfSSL 11:cee25a834751 1720 }
wolfSSL 11:cee25a834751 1721
wolfSSL 11:cee25a834751 1722 /** Retrieves a SNI request from a client hello buffer. */
wolfSSL 11:cee25a834751 1723 int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
wolfSSL 11:cee25a834751 1724 byte type, byte* sni, word32* inOutSz)
wolfSSL 11:cee25a834751 1725 {
wolfSSL 11:cee25a834751 1726 word32 offset = 0;
wolfSSL 11:cee25a834751 1727 word32 len32 = 0;
wolfSSL 11:cee25a834751 1728 word16 len16 = 0;
wolfSSL 11:cee25a834751 1729
wolfSSL 11:cee25a834751 1730 if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST)
wolfSSL 11:cee25a834751 1731 return INCOMPLETE_DATA;
wolfSSL 11:cee25a834751 1732
wolfSSL 11:cee25a834751 1733 /* TLS record header */
wolfSSL 11:cee25a834751 1734 if ((enum ContentType) clientHello[offset++] != handshake) {
wolfSSL 11:cee25a834751 1735
wolfSSL 11:cee25a834751 1736 /* checking for SSLv2.0 client hello according to: */
wolfSSL 11:cee25a834751 1737 /* http://tools.ietf.org/html/rfc4346#appendix-E.1 */
wolfSSL 11:cee25a834751 1738 if ((enum HandShakeType) clientHello[++offset] == client_hello) {
wolfSSL 11:cee25a834751 1739 offset += ENUM_LEN + VERSION_SZ; /* skip version */
wolfSSL 11:cee25a834751 1740
wolfSSL 11:cee25a834751 1741 ato16(clientHello + offset, &len16);
wolfSSL 11:cee25a834751 1742 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 1743
wolfSSL 11:cee25a834751 1744 if (len16 % 3) /* cipher_spec_length must be multiple of 3 */
wolfSSL 11:cee25a834751 1745 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1746
wolfSSL 11:cee25a834751 1747 ato16(clientHello + offset, &len16);
wolfSSL 11:cee25a834751 1748 /* Returning SNI_UNSUPPORTED do not increment offset here */
wolfSSL 11:cee25a834751 1749
wolfSSL 11:cee25a834751 1750 if (len16 != 0) /* session_id_length must be 0 */
wolfSSL 11:cee25a834751 1751 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1752
wolfSSL 11:cee25a834751 1753 return SNI_UNSUPPORTED;
wolfSSL 11:cee25a834751 1754 }
wolfSSL 11:cee25a834751 1755
wolfSSL 11:cee25a834751 1756 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1757 }
wolfSSL 11:cee25a834751 1758
wolfSSL 11:cee25a834751 1759 if (clientHello[offset++] != SSLv3_MAJOR)
wolfSSL 11:cee25a834751 1760 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1761
wolfSSL 11:cee25a834751 1762 if (clientHello[offset++] < TLSv1_MINOR)
wolfSSL 11:cee25a834751 1763 return SNI_UNSUPPORTED;
wolfSSL 11:cee25a834751 1764
wolfSSL 11:cee25a834751 1765 ato16(clientHello + offset, &len16);
wolfSSL 11:cee25a834751 1766 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 1767
wolfSSL 11:cee25a834751 1768 if (offset + len16 > helloSz)
wolfSSL 11:cee25a834751 1769 return INCOMPLETE_DATA;
wolfSSL 11:cee25a834751 1770
wolfSSL 11:cee25a834751 1771 /* Handshake header */
wolfSSL 11:cee25a834751 1772 if ((enum HandShakeType) clientHello[offset] != client_hello)
wolfSSL 11:cee25a834751 1773 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1774
wolfSSL 11:cee25a834751 1775 c24to32(clientHello + offset + 1, &len32);
wolfSSL 11:cee25a834751 1776 offset += HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 1777
wolfSSL 11:cee25a834751 1778 if (offset + len32 > helloSz)
wolfSSL 11:cee25a834751 1779 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1780
wolfSSL 11:cee25a834751 1781 /* client hello */
wolfSSL 11:cee25a834751 1782 offset += VERSION_SZ + RAN_LEN; /* version, random */
wolfSSL 11:cee25a834751 1783
wolfSSL 11:cee25a834751 1784 if (helloSz < offset + clientHello[offset])
wolfSSL 11:cee25a834751 1785 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1786
wolfSSL 11:cee25a834751 1787 offset += ENUM_LEN + clientHello[offset]; /* skip session id */
wolfSSL 11:cee25a834751 1788
wolfSSL 11:cee25a834751 1789 /* cypher suites */
wolfSSL 11:cee25a834751 1790 if (helloSz < offset + OPAQUE16_LEN)
wolfSSL 11:cee25a834751 1791 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1792
wolfSSL 11:cee25a834751 1793 ato16(clientHello + offset, &len16);
wolfSSL 11:cee25a834751 1794 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 1795
wolfSSL 11:cee25a834751 1796 if (helloSz < offset + len16)
wolfSSL 11:cee25a834751 1797 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1798
wolfSSL 11:cee25a834751 1799 offset += len16; /* skip cypher suites */
wolfSSL 11:cee25a834751 1800
wolfSSL 11:cee25a834751 1801 /* compression methods */
wolfSSL 11:cee25a834751 1802 if (helloSz < offset + 1)
wolfSSL 11:cee25a834751 1803 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1804
wolfSSL 11:cee25a834751 1805 if (helloSz < offset + clientHello[offset])
wolfSSL 11:cee25a834751 1806 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1807
wolfSSL 11:cee25a834751 1808 offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
wolfSSL 11:cee25a834751 1809
wolfSSL 11:cee25a834751 1810 /* extensions */
wolfSSL 11:cee25a834751 1811 if (helloSz < offset + OPAQUE16_LEN)
wolfSSL 11:cee25a834751 1812 return 0; /* no extensions in client hello. */
wolfSSL 11:cee25a834751 1813
wolfSSL 11:cee25a834751 1814 ato16(clientHello + offset, &len16);
wolfSSL 11:cee25a834751 1815 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 1816
wolfSSL 11:cee25a834751 1817 if (helloSz < offset + len16)
wolfSSL 11:cee25a834751 1818 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1819
wolfSSL 11:cee25a834751 1820 while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) {
wolfSSL 11:cee25a834751 1821 word16 extType;
wolfSSL 11:cee25a834751 1822 word16 extLen;
wolfSSL 11:cee25a834751 1823
wolfSSL 11:cee25a834751 1824 ato16(clientHello + offset, &extType);
wolfSSL 11:cee25a834751 1825 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 1826
wolfSSL 11:cee25a834751 1827 ato16(clientHello + offset, &extLen);
wolfSSL 11:cee25a834751 1828 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 1829
wolfSSL 11:cee25a834751 1830 if (helloSz < offset + extLen)
wolfSSL 11:cee25a834751 1831 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1832
wolfSSL 11:cee25a834751 1833 if (extType != TLSX_SERVER_NAME) {
wolfSSL 11:cee25a834751 1834 offset += extLen; /* skip extension */
wolfSSL 11:cee25a834751 1835 } else {
wolfSSL 11:cee25a834751 1836 word16 listLen;
wolfSSL 11:cee25a834751 1837
wolfSSL 11:cee25a834751 1838 ato16(clientHello + offset, &listLen);
wolfSSL 11:cee25a834751 1839 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 1840
wolfSSL 11:cee25a834751 1841 if (helloSz < offset + listLen)
wolfSSL 11:cee25a834751 1842 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1843
wolfSSL 11:cee25a834751 1844 while (listLen > ENUM_LEN + OPAQUE16_LEN) {
wolfSSL 11:cee25a834751 1845 byte sniType = clientHello[offset++];
wolfSSL 11:cee25a834751 1846 word16 sniLen;
wolfSSL 11:cee25a834751 1847
wolfSSL 11:cee25a834751 1848 ato16(clientHello + offset, &sniLen);
wolfSSL 11:cee25a834751 1849 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 1850
wolfSSL 11:cee25a834751 1851 if (helloSz < offset + sniLen)
wolfSSL 11:cee25a834751 1852 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1853
wolfSSL 11:cee25a834751 1854 if (sniType != type) {
wolfSSL 11:cee25a834751 1855 offset += sniLen;
wolfSSL 11:cee25a834751 1856 listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen);
wolfSSL 11:cee25a834751 1857 continue;
wolfSSL 11:cee25a834751 1858 }
wolfSSL 11:cee25a834751 1859
wolfSSL 11:cee25a834751 1860 *inOutSz = min(sniLen, *inOutSz);
wolfSSL 11:cee25a834751 1861 XMEMCPY(sni, clientHello + offset, *inOutSz);
wolfSSL 11:cee25a834751 1862
wolfSSL 11:cee25a834751 1863 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1864 }
wolfSSL 11:cee25a834751 1865 }
wolfSSL 11:cee25a834751 1866
wolfSSL 11:cee25a834751 1867 len16 -= min(2 * OPAQUE16_LEN + extLen, len16);
wolfSSL 11:cee25a834751 1868 }
wolfSSL 11:cee25a834751 1869
wolfSSL 11:cee25a834751 1870 return len16 ? BUFFER_ERROR : 0;
wolfSSL 11:cee25a834751 1871 }
wolfSSL 11:cee25a834751 1872
wolfSSL 11:cee25a834751 1873 #endif
wolfSSL 11:cee25a834751 1874
wolfSSL 11:cee25a834751 1875 #define SNI_FREE_ALL TLSX_SNI_FreeAll
wolfSSL 11:cee25a834751 1876 #define SNI_GET_SIZE TLSX_SNI_GetSize
wolfSSL 11:cee25a834751 1877 #define SNI_WRITE TLSX_SNI_Write
wolfSSL 11:cee25a834751 1878 #define SNI_PARSE TLSX_SNI_Parse
wolfSSL 11:cee25a834751 1879 #define SNI_VERIFY_PARSE TLSX_SNI_VerifyParse
wolfSSL 11:cee25a834751 1880
wolfSSL 11:cee25a834751 1881 #else
wolfSSL 11:cee25a834751 1882
wolfSSL 11:cee25a834751 1883 #define SNI_FREE_ALL(list, heap)
wolfSSL 11:cee25a834751 1884 #define SNI_GET_SIZE(list) 0
wolfSSL 11:cee25a834751 1885 #define SNI_WRITE(a, b) 0
wolfSSL 11:cee25a834751 1886 #define SNI_PARSE(a, b, c, d) 0
wolfSSL 11:cee25a834751 1887 #define SNI_VERIFY_PARSE(a, b) 0
wolfSSL 11:cee25a834751 1888
wolfSSL 11:cee25a834751 1889 #endif /* HAVE_SNI */
wolfSSL 11:cee25a834751 1890
wolfSSL 11:cee25a834751 1891 /******************************************************************************/
wolfSSL 11:cee25a834751 1892 /* Max Fragment Length Negotiation */
wolfSSL 11:cee25a834751 1893 /******************************************************************************/
wolfSSL 11:cee25a834751 1894
wolfSSL 11:cee25a834751 1895 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 11:cee25a834751 1896
wolfSSL 11:cee25a834751 1897 static word16 TLSX_MFL_Write(byte* data, byte* output)
wolfSSL 11:cee25a834751 1898 {
wolfSSL 11:cee25a834751 1899 output[0] = data[0];
wolfSSL 11:cee25a834751 1900
wolfSSL 11:cee25a834751 1901 return ENUM_LEN;
wolfSSL 11:cee25a834751 1902 }
wolfSSL 11:cee25a834751 1903
wolfSSL 11:cee25a834751 1904 static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 11:cee25a834751 1905 byte isRequest)
wolfSSL 11:cee25a834751 1906 {
wolfSSL 11:cee25a834751 1907 (void)isRequest;
wolfSSL 11:cee25a834751 1908
wolfSSL 11:cee25a834751 1909 if (length != ENUM_LEN)
wolfSSL 11:cee25a834751 1910 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1911
wolfSSL 11:cee25a834751 1912 switch (*input) {
wolfSSL 11:cee25a834751 1913 case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break;
wolfSSL 11:cee25a834751 1914 case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break;
wolfSSL 11:cee25a834751 1915 case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break;
wolfSSL 11:cee25a834751 1916 case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break;
wolfSSL 11:cee25a834751 1917 case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break;
wolfSSL 11:cee25a834751 1918
wolfSSL 11:cee25a834751 1919 default:
wolfSSL 11:cee25a834751 1920 SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL 11:cee25a834751 1921
wolfSSL 11:cee25a834751 1922 return UNKNOWN_MAX_FRAG_LEN_E;
wolfSSL 11:cee25a834751 1923 }
wolfSSL 11:cee25a834751 1924
wolfSSL 11:cee25a834751 1925 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 1926 if (isRequest) {
wolfSSL 11:cee25a834751 1927 int r = TLSX_UseMaxFragment(&ssl->extensions, *input, ssl->heap);
wolfSSL 11:cee25a834751 1928
wolfSSL 11:cee25a834751 1929 if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL 11:cee25a834751 1930
wolfSSL 11:cee25a834751 1931 TLSX_SetResponse(ssl, TLSX_MAX_FRAGMENT_LENGTH);
wolfSSL 11:cee25a834751 1932 }
wolfSSL 11:cee25a834751 1933 #endif
wolfSSL 11:cee25a834751 1934
wolfSSL 11:cee25a834751 1935 return 0;
wolfSSL 11:cee25a834751 1936 }
wolfSSL 11:cee25a834751 1937
wolfSSL 11:cee25a834751 1938 int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap)
wolfSSL 11:cee25a834751 1939 {
wolfSSL 11:cee25a834751 1940 byte* data = NULL;
wolfSSL 11:cee25a834751 1941 int ret = 0;
wolfSSL 11:cee25a834751 1942
wolfSSL 11:cee25a834751 1943 if (extensions == NULL)
wolfSSL 11:cee25a834751 1944 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1945
wolfSSL 11:cee25a834751 1946 if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl)
wolfSSL 11:cee25a834751 1947 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1948
wolfSSL 11:cee25a834751 1949 if ((data = (byte*)XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 11:cee25a834751 1950 return MEMORY_E;
wolfSSL 11:cee25a834751 1951
wolfSSL 11:cee25a834751 1952 data[0] = mfl;
wolfSSL 11:cee25a834751 1953
wolfSSL 11:cee25a834751 1954 /* push new MFL extension. */
wolfSSL 11:cee25a834751 1955 if ((ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data, heap))
wolfSSL 11:cee25a834751 1956 != 0) {
wolfSSL 11:cee25a834751 1957 XFREE(data, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 1958 return ret;
wolfSSL 11:cee25a834751 1959 }
wolfSSL 11:cee25a834751 1960
wolfSSL 11:cee25a834751 1961 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1962 }
wolfSSL 11:cee25a834751 1963
wolfSSL 11:cee25a834751 1964
wolfSSL 11:cee25a834751 1965 #define MFL_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX)
wolfSSL 11:cee25a834751 1966 #define MFL_GET_SIZE(data) ENUM_LEN
wolfSSL 11:cee25a834751 1967 #define MFL_WRITE TLSX_MFL_Write
wolfSSL 11:cee25a834751 1968 #define MFL_PARSE TLSX_MFL_Parse
wolfSSL 11:cee25a834751 1969
wolfSSL 11:cee25a834751 1970 #else
wolfSSL 11:cee25a834751 1971
wolfSSL 11:cee25a834751 1972 #define MFL_FREE_ALL(a, b)
wolfSSL 11:cee25a834751 1973 #define MFL_GET_SIZE(a) 0
wolfSSL 11:cee25a834751 1974 #define MFL_WRITE(a, b) 0
wolfSSL 11:cee25a834751 1975 #define MFL_PARSE(a, b, c, d) 0
wolfSSL 11:cee25a834751 1976
wolfSSL 11:cee25a834751 1977 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 11:cee25a834751 1978
wolfSSL 11:cee25a834751 1979 /******************************************************************************/
wolfSSL 11:cee25a834751 1980 /* Truncated HMAC */
wolfSSL 11:cee25a834751 1981 /******************************************************************************/
wolfSSL 11:cee25a834751 1982
wolfSSL 11:cee25a834751 1983 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 11:cee25a834751 1984
wolfSSL 11:cee25a834751 1985 static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 11:cee25a834751 1986 byte isRequest)
wolfSSL 11:cee25a834751 1987 {
wolfSSL 11:cee25a834751 1988 (void)isRequest;
wolfSSL 11:cee25a834751 1989
wolfSSL 11:cee25a834751 1990 if (length != 0 || input == NULL)
wolfSSL 11:cee25a834751 1991 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1992
wolfSSL 11:cee25a834751 1993 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 1994 if (isRequest) {
wolfSSL 11:cee25a834751 1995 int r = TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap);
wolfSSL 11:cee25a834751 1996
wolfSSL 11:cee25a834751 1997 if (r != SSL_SUCCESS)
wolfSSL 11:cee25a834751 1998 return r; /* throw error */
wolfSSL 11:cee25a834751 1999
wolfSSL 11:cee25a834751 2000 TLSX_SetResponse(ssl, TLSX_TRUNCATED_HMAC);
wolfSSL 11:cee25a834751 2001 }
wolfSSL 11:cee25a834751 2002 #endif
wolfSSL 11:cee25a834751 2003
wolfSSL 11:cee25a834751 2004 ssl->truncated_hmac = 1;
wolfSSL 11:cee25a834751 2005
wolfSSL 11:cee25a834751 2006 return 0;
wolfSSL 11:cee25a834751 2007 }
wolfSSL 11:cee25a834751 2008
wolfSSL 11:cee25a834751 2009 int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap)
wolfSSL 11:cee25a834751 2010 {
wolfSSL 11:cee25a834751 2011 int ret = 0;
wolfSSL 11:cee25a834751 2012
wolfSSL 11:cee25a834751 2013 if (extensions == NULL)
wolfSSL 11:cee25a834751 2014 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2015
wolfSSL 11:cee25a834751 2016 if ((ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL, heap)) != 0)
wolfSSL 11:cee25a834751 2017 return ret;
wolfSSL 11:cee25a834751 2018
wolfSSL 11:cee25a834751 2019 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 2020 }
wolfSSL 11:cee25a834751 2021
wolfSSL 11:cee25a834751 2022 #define THM_PARSE TLSX_THM_Parse
wolfSSL 11:cee25a834751 2023
wolfSSL 11:cee25a834751 2024 #else
wolfSSL 11:cee25a834751 2025
wolfSSL 11:cee25a834751 2026 #define THM_PARSE(a, b, c, d) 0
wolfSSL 11:cee25a834751 2027
wolfSSL 11:cee25a834751 2028 #endif /* HAVE_TRUNCATED_HMAC */
wolfSSL 11:cee25a834751 2029
wolfSSL 11:cee25a834751 2030 /******************************************************************************/
wolfSSL 11:cee25a834751 2031 /* Certificate Status Request */
wolfSSL 11:cee25a834751 2032 /******************************************************************************/
wolfSSL 11:cee25a834751 2033
wolfSSL 11:cee25a834751 2034 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 11:cee25a834751 2035
wolfSSL 11:cee25a834751 2036 static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap)
wolfSSL 11:cee25a834751 2037 {
wolfSSL 11:cee25a834751 2038 switch (csr->status_type) {
wolfSSL 11:cee25a834751 2039 case WOLFSSL_CSR_OCSP:
wolfSSL 11:cee25a834751 2040 FreeOcspRequest(&csr->request.ocsp);
wolfSSL 11:cee25a834751 2041 break;
wolfSSL 11:cee25a834751 2042 }
wolfSSL 11:cee25a834751 2043
wolfSSL 11:cee25a834751 2044 XFREE(csr, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 2045 (void)heap;
wolfSSL 11:cee25a834751 2046 }
wolfSSL 11:cee25a834751 2047
wolfSSL 11:cee25a834751 2048 static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
wolfSSL 11:cee25a834751 2049 {
wolfSSL 11:cee25a834751 2050 word16 size = 0;
wolfSSL 11:cee25a834751 2051
wolfSSL 11:cee25a834751 2052 /* shut up compiler warnings */
wolfSSL 11:cee25a834751 2053 (void) csr; (void) isRequest;
wolfSSL 11:cee25a834751 2054
wolfSSL 11:cee25a834751 2055 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 2056 if (isRequest) {
wolfSSL 11:cee25a834751 2057 switch (csr->status_type) {
wolfSSL 11:cee25a834751 2058 case WOLFSSL_CSR_OCSP:
wolfSSL 11:cee25a834751 2059 size += ENUM_LEN + 2 * OPAQUE16_LEN;
wolfSSL 11:cee25a834751 2060
wolfSSL 11:cee25a834751 2061 if (csr->request.ocsp.nonceSz)
wolfSSL 11:cee25a834751 2062 size += OCSP_NONCE_EXT_SZ;
wolfSSL 11:cee25a834751 2063 break;
wolfSSL 11:cee25a834751 2064 }
wolfSSL 11:cee25a834751 2065 }
wolfSSL 11:cee25a834751 2066 #endif
wolfSSL 11:cee25a834751 2067
wolfSSL 11:cee25a834751 2068 return size;
wolfSSL 11:cee25a834751 2069 }
wolfSSL 11:cee25a834751 2070
wolfSSL 11:cee25a834751 2071 static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
wolfSSL 11:cee25a834751 2072 byte isRequest)
wolfSSL 11:cee25a834751 2073 {
wolfSSL 11:cee25a834751 2074 /* shut up compiler warnings */
wolfSSL 11:cee25a834751 2075 (void) csr; (void) output; (void) isRequest;
wolfSSL 11:cee25a834751 2076
wolfSSL 11:cee25a834751 2077 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 2078 if (isRequest) {
wolfSSL 11:cee25a834751 2079 word16 offset = 0;
wolfSSL 11:cee25a834751 2080 word16 length = 0;
wolfSSL 11:cee25a834751 2081
wolfSSL 11:cee25a834751 2082 /* type */
wolfSSL 11:cee25a834751 2083 output[offset++] = csr->status_type;
wolfSSL 11:cee25a834751 2084
wolfSSL 11:cee25a834751 2085 switch (csr->status_type) {
wolfSSL 11:cee25a834751 2086 case WOLFSSL_CSR_OCSP:
wolfSSL 11:cee25a834751 2087 /* responder id list */
wolfSSL 11:cee25a834751 2088 c16toa(0, output + offset);
wolfSSL 11:cee25a834751 2089 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 2090
wolfSSL 11:cee25a834751 2091 /* request extensions */
wolfSSL 11:cee25a834751 2092 if (csr->request.ocsp.nonceSz)
wolfSSL 11:cee25a834751 2093 length = (word16)EncodeOcspRequestExtensions(
wolfSSL 11:cee25a834751 2094 &csr->request.ocsp,
wolfSSL 11:cee25a834751 2095 output + offset + OPAQUE16_LEN,
wolfSSL 11:cee25a834751 2096 OCSP_NONCE_EXT_SZ);
wolfSSL 11:cee25a834751 2097
wolfSSL 11:cee25a834751 2098 c16toa(length, output + offset);
wolfSSL 11:cee25a834751 2099 offset += OPAQUE16_LEN + length;
wolfSSL 11:cee25a834751 2100
wolfSSL 11:cee25a834751 2101 break;
wolfSSL 11:cee25a834751 2102 }
wolfSSL 11:cee25a834751 2103
wolfSSL 11:cee25a834751 2104 return offset;
wolfSSL 11:cee25a834751 2105 }
wolfSSL 11:cee25a834751 2106 #endif
wolfSSL 11:cee25a834751 2107
wolfSSL 11:cee25a834751 2108 return 0;
wolfSSL 11:cee25a834751 2109 }
wolfSSL 11:cee25a834751 2110
wolfSSL 11:cee25a834751 2111 static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 11:cee25a834751 2112 byte isRequest)
wolfSSL 11:cee25a834751 2113 {
wolfSSL 11:cee25a834751 2114 int ret;
wolfSSL 11:cee25a834751 2115
wolfSSL 11:cee25a834751 2116 /* shut up compiler warnings */
wolfSSL 11:cee25a834751 2117 (void) ssl; (void) input;
wolfSSL 11:cee25a834751 2118
wolfSSL 11:cee25a834751 2119 if (!isRequest) {
wolfSSL 11:cee25a834751 2120 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 2121 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
wolfSSL 11:cee25a834751 2122 CertificateStatusRequest* csr = extension ?
wolfSSL 11:cee25a834751 2123 (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 11:cee25a834751 2124
wolfSSL 11:cee25a834751 2125 if (!csr) {
wolfSSL 11:cee25a834751 2126 /* look at context level */
wolfSSL 11:cee25a834751 2127 extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST);
wolfSSL 11:cee25a834751 2128 csr = extension ? (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 11:cee25a834751 2129
wolfSSL 11:cee25a834751 2130 if (!csr)
wolfSSL 11:cee25a834751 2131 return BUFFER_ERROR; /* unexpected extension */
wolfSSL 11:cee25a834751 2132
wolfSSL 11:cee25a834751 2133 /* enable extension at ssl level */
wolfSSL 11:cee25a834751 2134 ret = TLSX_UseCertificateStatusRequest(&ssl->extensions,
wolfSSL 11:cee25a834751 2135 csr->status_type, csr->options, ssl->heap,
wolfSSL 11:cee25a834751 2136 ssl->devId);
wolfSSL 11:cee25a834751 2137 if (ret != SSL_SUCCESS)
wolfSSL 11:cee25a834751 2138 return ret;
wolfSSL 11:cee25a834751 2139
wolfSSL 11:cee25a834751 2140 switch (csr->status_type) {
wolfSSL 11:cee25a834751 2141 case WOLFSSL_CSR_OCSP:
wolfSSL 11:cee25a834751 2142 /* propagate nonce */
wolfSSL 11:cee25a834751 2143 if (csr->request.ocsp.nonceSz) {
wolfSSL 11:cee25a834751 2144 OcspRequest* request =
wolfSSL 11:cee25a834751 2145 (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions);
wolfSSL 11:cee25a834751 2146
wolfSSL 11:cee25a834751 2147 if (request) {
wolfSSL 11:cee25a834751 2148 XMEMCPY(request->nonce, csr->request.ocsp.nonce,
wolfSSL 11:cee25a834751 2149 csr->request.ocsp.nonceSz);
wolfSSL 11:cee25a834751 2150 request->nonceSz = csr->request.ocsp.nonceSz;
wolfSSL 11:cee25a834751 2151 }
wolfSSL 11:cee25a834751 2152 }
wolfSSL 11:cee25a834751 2153 break;
wolfSSL 11:cee25a834751 2154 }
wolfSSL 11:cee25a834751 2155 }
wolfSSL 11:cee25a834751 2156
wolfSSL 11:cee25a834751 2157 ssl->status_request = 1;
wolfSSL 11:cee25a834751 2158
wolfSSL 11:cee25a834751 2159 return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */
wolfSSL 11:cee25a834751 2160 #endif
wolfSSL 11:cee25a834751 2161 }
wolfSSL 11:cee25a834751 2162 else {
wolfSSL 11:cee25a834751 2163 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 2164 byte status_type;
wolfSSL 11:cee25a834751 2165 word16 offset = 0;
wolfSSL 11:cee25a834751 2166 word16 size = 0;
wolfSSL 11:cee25a834751 2167
wolfSSL 11:cee25a834751 2168 if (length < ENUM_LEN)
wolfSSL 11:cee25a834751 2169 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 2170
wolfSSL 11:cee25a834751 2171 status_type = input[offset++];
wolfSSL 11:cee25a834751 2172
wolfSSL 11:cee25a834751 2173 switch (status_type) {
wolfSSL 11:cee25a834751 2174 case WOLFSSL_CSR_OCSP: {
wolfSSL 11:cee25a834751 2175
wolfSSL 11:cee25a834751 2176 /* skip responder_id_list */
wolfSSL 11:cee25a834751 2177 if (length - offset < OPAQUE16_LEN)
wolfSSL 11:cee25a834751 2178 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 2179
wolfSSL 11:cee25a834751 2180 ato16(input + offset, &size);
wolfSSL 11:cee25a834751 2181 offset += OPAQUE16_LEN + size;
wolfSSL 11:cee25a834751 2182
wolfSSL 11:cee25a834751 2183 /* skip request_extensions */
wolfSSL 11:cee25a834751 2184 if (length - offset < OPAQUE16_LEN)
wolfSSL 11:cee25a834751 2185 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 2186
wolfSSL 11:cee25a834751 2187 ato16(input + offset, &size);
wolfSSL 11:cee25a834751 2188 offset += OPAQUE16_LEN + size;
wolfSSL 11:cee25a834751 2189
wolfSSL 11:cee25a834751 2190 if (offset > length)
wolfSSL 11:cee25a834751 2191 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 2192
wolfSSL 11:cee25a834751 2193 /* is able to send OCSP response? */
wolfSSL 11:cee25a834751 2194 if (ssl->ctx->cm == NULL || !ssl->ctx->cm->ocspStaplingEnabled)
wolfSSL 11:cee25a834751 2195 return 0;
wolfSSL 11:cee25a834751 2196 }
wolfSSL 11:cee25a834751 2197 break;
wolfSSL 11:cee25a834751 2198
wolfSSL 11:cee25a834751 2199 /* unknown status type */
wolfSSL 11:cee25a834751 2200 default:
wolfSSL 11:cee25a834751 2201 return 0;
wolfSSL 11:cee25a834751 2202 }
wolfSSL 11:cee25a834751 2203
wolfSSL 11:cee25a834751 2204 /* if using status_request and already sending it, skip this one */
wolfSSL 11:cee25a834751 2205 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 11:cee25a834751 2206 if (ssl->status_request_v2)
wolfSSL 11:cee25a834751 2207 return 0;
wolfSSL 11:cee25a834751 2208 #endif
wolfSSL 11:cee25a834751 2209
wolfSSL 11:cee25a834751 2210 /* accept the first good status_type and return */
wolfSSL 11:cee25a834751 2211 ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type,
wolfSSL 11:cee25a834751 2212 0, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 2213 if (ret != SSL_SUCCESS)
wolfSSL 11:cee25a834751 2214 return ret; /* throw error */
wolfSSL 11:cee25a834751 2215
wolfSSL 11:cee25a834751 2216 TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST);
wolfSSL 11:cee25a834751 2217 ssl->status_request = status_type;
wolfSSL 11:cee25a834751 2218
wolfSSL 11:cee25a834751 2219 #endif
wolfSSL 11:cee25a834751 2220 }
wolfSSL 11:cee25a834751 2221
wolfSSL 11:cee25a834751 2222 return 0;
wolfSSL 11:cee25a834751 2223 }
wolfSSL 11:cee25a834751 2224
wolfSSL 11:cee25a834751 2225 int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
wolfSSL 11:cee25a834751 2226 {
wolfSSL 11:cee25a834751 2227 TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
wolfSSL 11:cee25a834751 2228 CertificateStatusRequest* csr = extension ?
wolfSSL 11:cee25a834751 2229 (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 11:cee25a834751 2230 int ret = 0;
wolfSSL 11:cee25a834751 2231
wolfSSL 11:cee25a834751 2232 if (csr) {
wolfSSL 11:cee25a834751 2233 switch (csr->status_type) {
wolfSSL 11:cee25a834751 2234 case WOLFSSL_CSR_OCSP: {
wolfSSL 11:cee25a834751 2235 byte nonce[MAX_OCSP_NONCE_SZ];
wolfSSL 11:cee25a834751 2236 int nonceSz = csr->request.ocsp.nonceSz;
wolfSSL 11:cee25a834751 2237
wolfSSL 11:cee25a834751 2238 /* preserve nonce */
wolfSSL 11:cee25a834751 2239 XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz);
wolfSSL 11:cee25a834751 2240
wolfSSL 11:cee25a834751 2241 if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap))
wolfSSL 11:cee25a834751 2242 != 0)
wolfSSL 11:cee25a834751 2243 return ret;
wolfSSL 11:cee25a834751 2244
wolfSSL 11:cee25a834751 2245 /* restore nonce */
wolfSSL 11:cee25a834751 2246 XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz);
wolfSSL 11:cee25a834751 2247 csr->request.ocsp.nonceSz = nonceSz;
wolfSSL 11:cee25a834751 2248 }
wolfSSL 11:cee25a834751 2249 break;
wolfSSL 11:cee25a834751 2250 }
wolfSSL 11:cee25a834751 2251 }
wolfSSL 11:cee25a834751 2252
wolfSSL 11:cee25a834751 2253 return ret;
wolfSSL 11:cee25a834751 2254 }
wolfSSL 11:cee25a834751 2255
wolfSSL 11:cee25a834751 2256 void* TLSX_CSR_GetRequest(TLSX* extensions)
wolfSSL 11:cee25a834751 2257 {
wolfSSL 11:cee25a834751 2258 TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
wolfSSL 11:cee25a834751 2259 CertificateStatusRequest* csr = extension ?
wolfSSL 11:cee25a834751 2260 (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 11:cee25a834751 2261
wolfSSL 11:cee25a834751 2262 if (csr) {
wolfSSL 11:cee25a834751 2263 switch (csr->status_type) {
wolfSSL 11:cee25a834751 2264 case WOLFSSL_CSR_OCSP:
wolfSSL 11:cee25a834751 2265 return &csr->request.ocsp;
wolfSSL 11:cee25a834751 2266 break;
wolfSSL 11:cee25a834751 2267 }
wolfSSL 11:cee25a834751 2268 }
wolfSSL 11:cee25a834751 2269
wolfSSL 11:cee25a834751 2270 return NULL;
wolfSSL 11:cee25a834751 2271 }
wolfSSL 11:cee25a834751 2272
wolfSSL 11:cee25a834751 2273 int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2274 {
wolfSSL 11:cee25a834751 2275 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
wolfSSL 11:cee25a834751 2276 CertificateStatusRequest* csr = extension ?
wolfSSL 11:cee25a834751 2277 (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 11:cee25a834751 2278
wolfSSL 11:cee25a834751 2279 if (csr) {
wolfSSL 11:cee25a834751 2280 switch (csr->status_type) {
wolfSSL 11:cee25a834751 2281 case WOLFSSL_CSR_OCSP:
wolfSSL 11:cee25a834751 2282 if (ssl->ctx->cm->ocspEnabled) {
wolfSSL 11:cee25a834751 2283 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 2284 csr->request.ocsp.ssl = ssl;
wolfSSL 11:cee25a834751 2285 #endif
wolfSSL 11:cee25a834751 2286 return CheckOcspRequest(ssl->ctx->cm->ocsp,
wolfSSL 11:cee25a834751 2287 &csr->request.ocsp, NULL);
wolfSSL 11:cee25a834751 2288 }
wolfSSL 11:cee25a834751 2289 else
wolfSSL 11:cee25a834751 2290 return OCSP_LOOKUP_FAIL;
wolfSSL 11:cee25a834751 2291 }
wolfSSL 11:cee25a834751 2292 }
wolfSSL 11:cee25a834751 2293
wolfSSL 11:cee25a834751 2294 return 0;
wolfSSL 11:cee25a834751 2295 }
wolfSSL 11:cee25a834751 2296
wolfSSL 11:cee25a834751 2297 int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
wolfSSL 11:cee25a834751 2298 byte options, void* heap, int devId)
wolfSSL 11:cee25a834751 2299 {
wolfSSL 11:cee25a834751 2300 CertificateStatusRequest* csr = NULL;
wolfSSL 11:cee25a834751 2301 int ret = 0;
wolfSSL 11:cee25a834751 2302
wolfSSL 11:cee25a834751 2303 if (!extensions || status_type != WOLFSSL_CSR_OCSP)
wolfSSL 11:cee25a834751 2304 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2305
wolfSSL 11:cee25a834751 2306 csr = (CertificateStatusRequest*)
wolfSSL 11:cee25a834751 2307 XMALLOC(sizeof(CertificateStatusRequest), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 2308 if (!csr)
wolfSSL 11:cee25a834751 2309 return MEMORY_E;
wolfSSL 11:cee25a834751 2310
wolfSSL 11:cee25a834751 2311 ForceZero(csr, sizeof(CertificateStatusRequest));
wolfSSL 11:cee25a834751 2312
wolfSSL 11:cee25a834751 2313 csr->status_type = status_type;
wolfSSL 11:cee25a834751 2314 csr->options = options;
wolfSSL 11:cee25a834751 2315
wolfSSL 11:cee25a834751 2316 switch (csr->status_type) {
wolfSSL 11:cee25a834751 2317 case WOLFSSL_CSR_OCSP:
wolfSSL 11:cee25a834751 2318 if (options & WOLFSSL_CSR_OCSP_USE_NONCE) {
wolfSSL 11:cee25a834751 2319 WC_RNG rng;
wolfSSL 11:cee25a834751 2320
wolfSSL 11:cee25a834751 2321 #ifndef HAVE_FIPS
wolfSSL 11:cee25a834751 2322 ret = wc_InitRng_ex(&rng, heap, devId);
wolfSSL 11:cee25a834751 2323 #else
wolfSSL 11:cee25a834751 2324 ret = wc_InitRng(&rng);
wolfSSL 11:cee25a834751 2325 (void)devId;
wolfSSL 11:cee25a834751 2326 #endif
wolfSSL 11:cee25a834751 2327 if (ret == 0) {
wolfSSL 11:cee25a834751 2328 if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce,
wolfSSL 11:cee25a834751 2329 MAX_OCSP_NONCE_SZ) == 0)
wolfSSL 11:cee25a834751 2330 csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ;
wolfSSL 11:cee25a834751 2331
wolfSSL 11:cee25a834751 2332 wc_FreeRng(&rng);
wolfSSL 11:cee25a834751 2333 }
wolfSSL 11:cee25a834751 2334 }
wolfSSL 11:cee25a834751 2335 break;
wolfSSL 11:cee25a834751 2336 }
wolfSSL 11:cee25a834751 2337
wolfSSL 11:cee25a834751 2338 if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST, csr, heap)) != 0) {
wolfSSL 11:cee25a834751 2339 XFREE(csr, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 2340 return ret;
wolfSSL 11:cee25a834751 2341 }
wolfSSL 11:cee25a834751 2342
wolfSSL 11:cee25a834751 2343 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 2344 }
wolfSSL 11:cee25a834751 2345
wolfSSL 11:cee25a834751 2346 #define CSR_FREE_ALL TLSX_CSR_Free
wolfSSL 11:cee25a834751 2347 #define CSR_GET_SIZE TLSX_CSR_GetSize
wolfSSL 11:cee25a834751 2348 #define CSR_WRITE TLSX_CSR_Write
wolfSSL 11:cee25a834751 2349 #define CSR_PARSE TLSX_CSR_Parse
wolfSSL 11:cee25a834751 2350
wolfSSL 11:cee25a834751 2351 #else
wolfSSL 11:cee25a834751 2352
wolfSSL 11:cee25a834751 2353 #define CSR_FREE_ALL(data, heap)
wolfSSL 11:cee25a834751 2354 #define CSR_GET_SIZE(a, b) 0
wolfSSL 11:cee25a834751 2355 #define CSR_WRITE(a, b, c) 0
wolfSSL 11:cee25a834751 2356 #define CSR_PARSE(a, b, c, d) 0
wolfSSL 11:cee25a834751 2357
wolfSSL 11:cee25a834751 2358 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL 11:cee25a834751 2359
wolfSSL 11:cee25a834751 2360 /******************************************************************************/
wolfSSL 11:cee25a834751 2361 /* Certificate Status Request v2 */
wolfSSL 11:cee25a834751 2362 /******************************************************************************/
wolfSSL 11:cee25a834751 2363
wolfSSL 11:cee25a834751 2364 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 11:cee25a834751 2365
wolfSSL 11:cee25a834751 2366 static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2, void* heap)
wolfSSL 11:cee25a834751 2367 {
wolfSSL 11:cee25a834751 2368 CertificateStatusRequestItemV2* next;
wolfSSL 11:cee25a834751 2369
wolfSSL 11:cee25a834751 2370 for (; csr2; csr2 = next) {
wolfSSL 11:cee25a834751 2371 next = csr2->next;
wolfSSL 11:cee25a834751 2372
wolfSSL 11:cee25a834751 2373 switch (csr2->status_type) {
wolfSSL 11:cee25a834751 2374 case WOLFSSL_CSR2_OCSP:
wolfSSL 11:cee25a834751 2375 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 11:cee25a834751 2376 while(csr2->requests--)
wolfSSL 11:cee25a834751 2377 FreeOcspRequest(&csr2->request.ocsp[csr2->requests]);
wolfSSL 11:cee25a834751 2378 break;
wolfSSL 11:cee25a834751 2379 }
wolfSSL 11:cee25a834751 2380
wolfSSL 11:cee25a834751 2381 XFREE(csr2, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 2382 }
wolfSSL 11:cee25a834751 2383 (void)heap;
wolfSSL 11:cee25a834751 2384 }
wolfSSL 11:cee25a834751 2385
wolfSSL 11:cee25a834751 2386 static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2,
wolfSSL 11:cee25a834751 2387 byte isRequest)
wolfSSL 11:cee25a834751 2388 {
wolfSSL 11:cee25a834751 2389 word16 size = 0;
wolfSSL 11:cee25a834751 2390
wolfSSL 11:cee25a834751 2391 /* shut up compiler warnings */
wolfSSL 11:cee25a834751 2392 (void) csr2; (void) isRequest;
wolfSSL 11:cee25a834751 2393
wolfSSL 11:cee25a834751 2394 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 2395 if (isRequest) {
wolfSSL 11:cee25a834751 2396 CertificateStatusRequestItemV2* next;
wolfSSL 11:cee25a834751 2397
wolfSSL 11:cee25a834751 2398 for (size = OPAQUE16_LEN; csr2; csr2 = next) {
wolfSSL 11:cee25a834751 2399 next = csr2->next;
wolfSSL 11:cee25a834751 2400
wolfSSL 11:cee25a834751 2401 switch (csr2->status_type) {
wolfSSL 11:cee25a834751 2402 case WOLFSSL_CSR2_OCSP:
wolfSSL 11:cee25a834751 2403 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 11:cee25a834751 2404 size += ENUM_LEN + 3 * OPAQUE16_LEN;
wolfSSL 11:cee25a834751 2405
wolfSSL 11:cee25a834751 2406 if (csr2->request.ocsp[0].nonceSz)
wolfSSL 11:cee25a834751 2407 size += OCSP_NONCE_EXT_SZ;
wolfSSL 11:cee25a834751 2408 break;
wolfSSL 11:cee25a834751 2409 }
wolfSSL 11:cee25a834751 2410 }
wolfSSL 11:cee25a834751 2411 }
wolfSSL 11:cee25a834751 2412 #endif
wolfSSL 11:cee25a834751 2413
wolfSSL 11:cee25a834751 2414 return size;
wolfSSL 11:cee25a834751 2415 }
wolfSSL 11:cee25a834751 2416
wolfSSL 11:cee25a834751 2417 static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
wolfSSL 11:cee25a834751 2418 byte* output, byte isRequest)
wolfSSL 11:cee25a834751 2419 {
wolfSSL 11:cee25a834751 2420 /* shut up compiler warnings */
wolfSSL 11:cee25a834751 2421 (void) csr2; (void) output; (void) isRequest;
wolfSSL 11:cee25a834751 2422
wolfSSL 11:cee25a834751 2423 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 2424 if (isRequest) {
wolfSSL 11:cee25a834751 2425 word16 offset;
wolfSSL 11:cee25a834751 2426 word16 length;
wolfSSL 11:cee25a834751 2427
wolfSSL 11:cee25a834751 2428 for (offset = OPAQUE16_LEN; csr2 != NULL; csr2 = csr2->next) {
wolfSSL 11:cee25a834751 2429 /* status_type */
wolfSSL 11:cee25a834751 2430 output[offset++] = csr2->status_type;
wolfSSL 11:cee25a834751 2431
wolfSSL 11:cee25a834751 2432 /* request */
wolfSSL 11:cee25a834751 2433 switch (csr2->status_type) {
wolfSSL 11:cee25a834751 2434 case WOLFSSL_CSR2_OCSP:
wolfSSL 11:cee25a834751 2435 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 11:cee25a834751 2436 /* request_length */
wolfSSL 11:cee25a834751 2437 length = 2 * OPAQUE16_LEN;
wolfSSL 11:cee25a834751 2438
wolfSSL 11:cee25a834751 2439 if (csr2->request.ocsp[0].nonceSz)
wolfSSL 11:cee25a834751 2440 length += OCSP_NONCE_EXT_SZ;
wolfSSL 11:cee25a834751 2441
wolfSSL 11:cee25a834751 2442 c16toa(length, output + offset);
wolfSSL 11:cee25a834751 2443 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 2444
wolfSSL 11:cee25a834751 2445 /* responder id list */
wolfSSL 11:cee25a834751 2446 c16toa(0, output + offset);
wolfSSL 11:cee25a834751 2447 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 2448
wolfSSL 11:cee25a834751 2449 /* request extensions */
wolfSSL 11:cee25a834751 2450 length = 0;
wolfSSL 11:cee25a834751 2451
wolfSSL 11:cee25a834751 2452 if (csr2->request.ocsp[0].nonceSz)
wolfSSL 11:cee25a834751 2453 length = (word16)EncodeOcspRequestExtensions(
wolfSSL 11:cee25a834751 2454 &csr2->request.ocsp[0],
wolfSSL 11:cee25a834751 2455 output + offset + OPAQUE16_LEN,
wolfSSL 11:cee25a834751 2456 OCSP_NONCE_EXT_SZ);
wolfSSL 11:cee25a834751 2457
wolfSSL 11:cee25a834751 2458 c16toa(length, output + offset);
wolfSSL 11:cee25a834751 2459 offset += OPAQUE16_LEN + length;
wolfSSL 11:cee25a834751 2460 break;
wolfSSL 11:cee25a834751 2461 }
wolfSSL 11:cee25a834751 2462 }
wolfSSL 11:cee25a834751 2463
wolfSSL 11:cee25a834751 2464 /* list size */
wolfSSL 11:cee25a834751 2465 c16toa(offset - OPAQUE16_LEN, output);
wolfSSL 11:cee25a834751 2466
wolfSSL 11:cee25a834751 2467 return offset;
wolfSSL 11:cee25a834751 2468 }
wolfSSL 11:cee25a834751 2469 #endif
wolfSSL 11:cee25a834751 2470
wolfSSL 11:cee25a834751 2471 return 0;
wolfSSL 11:cee25a834751 2472 }
wolfSSL 11:cee25a834751 2473
wolfSSL 11:cee25a834751 2474 static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 11:cee25a834751 2475 byte isRequest)
wolfSSL 11:cee25a834751 2476 {
wolfSSL 11:cee25a834751 2477 int ret;
wolfSSL 11:cee25a834751 2478
wolfSSL 11:cee25a834751 2479 /* shut up compiler warnings */
wolfSSL 11:cee25a834751 2480 (void) ssl; (void) input;
wolfSSL 11:cee25a834751 2481
wolfSSL 11:cee25a834751 2482 if (!isRequest) {
wolfSSL 11:cee25a834751 2483 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 2484 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 11:cee25a834751 2485 CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL 11:cee25a834751 2486 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 11:cee25a834751 2487
wolfSSL 11:cee25a834751 2488 if (!csr2) {
wolfSSL 11:cee25a834751 2489 /* look at context level */
wolfSSL 11:cee25a834751 2490 extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 11:cee25a834751 2491 csr2 = extension ?
wolfSSL 11:cee25a834751 2492 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 11:cee25a834751 2493
wolfSSL 11:cee25a834751 2494 if (!csr2)
wolfSSL 11:cee25a834751 2495 return BUFFER_ERROR; /* unexpected extension */
wolfSSL 11:cee25a834751 2496
wolfSSL 11:cee25a834751 2497 /* enable extension at ssl level */
wolfSSL 11:cee25a834751 2498 for (; csr2; csr2 = csr2->next) {
wolfSSL 11:cee25a834751 2499 ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions,
wolfSSL 11:cee25a834751 2500 csr2->status_type, csr2->options, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 2501 if (ret != SSL_SUCCESS)
wolfSSL 11:cee25a834751 2502 return ret;
wolfSSL 11:cee25a834751 2503
wolfSSL 11:cee25a834751 2504 switch (csr2->status_type) {
wolfSSL 11:cee25a834751 2505 case WOLFSSL_CSR2_OCSP:
wolfSSL 11:cee25a834751 2506 /* followed by */
wolfSSL 11:cee25a834751 2507 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 11:cee25a834751 2508 /* propagate nonce */
wolfSSL 11:cee25a834751 2509 if (csr2->request.ocsp[0].nonceSz) {
wolfSSL 11:cee25a834751 2510 OcspRequest* request =
wolfSSL 11:cee25a834751 2511 (OcspRequest*)TLSX_CSR2_GetRequest(ssl->extensions,
wolfSSL 11:cee25a834751 2512 csr2->status_type, 0);
wolfSSL 11:cee25a834751 2513
wolfSSL 11:cee25a834751 2514 if (request) {
wolfSSL 11:cee25a834751 2515 XMEMCPY(request->nonce,
wolfSSL 11:cee25a834751 2516 csr2->request.ocsp[0].nonce,
wolfSSL 11:cee25a834751 2517 csr2->request.ocsp[0].nonceSz);
wolfSSL 11:cee25a834751 2518
wolfSSL 11:cee25a834751 2519 request->nonceSz =
wolfSSL 11:cee25a834751 2520 csr2->request.ocsp[0].nonceSz;
wolfSSL 11:cee25a834751 2521 }
wolfSSL 11:cee25a834751 2522 }
wolfSSL 11:cee25a834751 2523 break;
wolfSSL 11:cee25a834751 2524 }
wolfSSL 11:cee25a834751 2525 }
wolfSSL 11:cee25a834751 2526 }
wolfSSL 11:cee25a834751 2527
wolfSSL 11:cee25a834751 2528 ssl->status_request_v2 = 1;
wolfSSL 11:cee25a834751 2529
wolfSSL 11:cee25a834751 2530 return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */
wolfSSL 11:cee25a834751 2531 #endif
wolfSSL 11:cee25a834751 2532 }
wolfSSL 11:cee25a834751 2533 else {
wolfSSL 11:cee25a834751 2534 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 2535 byte status_type;
wolfSSL 11:cee25a834751 2536 word16 request_length;
wolfSSL 11:cee25a834751 2537 word16 offset = 0;
wolfSSL 11:cee25a834751 2538 word16 size = 0;
wolfSSL 11:cee25a834751 2539
wolfSSL 11:cee25a834751 2540 /* list size */
wolfSSL 11:cee25a834751 2541 ato16(input + offset, &request_length);
wolfSSL 11:cee25a834751 2542 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 2543
wolfSSL 11:cee25a834751 2544 if (length - OPAQUE16_LEN != request_length)
wolfSSL 11:cee25a834751 2545 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 2546
wolfSSL 11:cee25a834751 2547 while (length > offset) {
wolfSSL 11:cee25a834751 2548 if (length - offset < ENUM_LEN + OPAQUE16_LEN)
wolfSSL 11:cee25a834751 2549 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 2550
wolfSSL 11:cee25a834751 2551 status_type = input[offset++];
wolfSSL 11:cee25a834751 2552
wolfSSL 11:cee25a834751 2553 ato16(input + offset, &request_length);
wolfSSL 11:cee25a834751 2554 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 2555
wolfSSL 11:cee25a834751 2556 if (length - offset < request_length)
wolfSSL 11:cee25a834751 2557 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 2558
wolfSSL 11:cee25a834751 2559 switch (status_type) {
wolfSSL 11:cee25a834751 2560 case WOLFSSL_CSR2_OCSP:
wolfSSL 11:cee25a834751 2561 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 11:cee25a834751 2562 /* skip responder_id_list */
wolfSSL 11:cee25a834751 2563 if (length - offset < OPAQUE16_LEN)
wolfSSL 11:cee25a834751 2564 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 2565
wolfSSL 11:cee25a834751 2566 ato16(input + offset, &size);
wolfSSL 11:cee25a834751 2567 offset += OPAQUE16_LEN + size;
wolfSSL 11:cee25a834751 2568
wolfSSL 11:cee25a834751 2569 /* skip request_extensions */
wolfSSL 11:cee25a834751 2570 if (length - offset < OPAQUE16_LEN)
wolfSSL 11:cee25a834751 2571 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 2572
wolfSSL 11:cee25a834751 2573 ato16(input + offset, &size);
wolfSSL 11:cee25a834751 2574 offset += OPAQUE16_LEN + size;
wolfSSL 11:cee25a834751 2575
wolfSSL 11:cee25a834751 2576 if (offset > length)
wolfSSL 11:cee25a834751 2577 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 2578
wolfSSL 11:cee25a834751 2579 /* is able to send OCSP response? */
wolfSSL 11:cee25a834751 2580 if (ssl->ctx->cm == NULL
wolfSSL 11:cee25a834751 2581 || !ssl->ctx->cm->ocspStaplingEnabled)
wolfSSL 11:cee25a834751 2582 continue;
wolfSSL 11:cee25a834751 2583 break;
wolfSSL 11:cee25a834751 2584
wolfSSL 11:cee25a834751 2585 default:
wolfSSL 11:cee25a834751 2586 /* unknown status type, skipping! */
wolfSSL 11:cee25a834751 2587 offset += request_length;
wolfSSL 11:cee25a834751 2588 continue;
wolfSSL 11:cee25a834751 2589 }
wolfSSL 11:cee25a834751 2590
wolfSSL 11:cee25a834751 2591 /* if using status_request and already sending it, skip this one */
wolfSSL 11:cee25a834751 2592 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 11:cee25a834751 2593 if (ssl->status_request)
wolfSSL 11:cee25a834751 2594 return 0;
wolfSSL 11:cee25a834751 2595 #endif
wolfSSL 11:cee25a834751 2596
wolfSSL 11:cee25a834751 2597 /* accept the first good status_type and return */
wolfSSL 11:cee25a834751 2598 ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions,
wolfSSL 11:cee25a834751 2599 status_type, 0, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 2600 if (ret != SSL_SUCCESS)
wolfSSL 11:cee25a834751 2601 return ret; /* throw error */
wolfSSL 11:cee25a834751 2602
wolfSSL 11:cee25a834751 2603 TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST_V2);
wolfSSL 11:cee25a834751 2604 ssl->status_request_v2 = status_type;
wolfSSL 11:cee25a834751 2605
wolfSSL 11:cee25a834751 2606 return 0;
wolfSSL 11:cee25a834751 2607 }
wolfSSL 11:cee25a834751 2608 #endif
wolfSSL 11:cee25a834751 2609 }
wolfSSL 11:cee25a834751 2610
wolfSSL 11:cee25a834751 2611 return 0;
wolfSSL 11:cee25a834751 2612 }
wolfSSL 11:cee25a834751 2613
wolfSSL 11:cee25a834751 2614 int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer,
wolfSSL 11:cee25a834751 2615 void* heap)
wolfSSL 11:cee25a834751 2616 {
wolfSSL 11:cee25a834751 2617 TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 11:cee25a834751 2618 CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL 11:cee25a834751 2619 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 11:cee25a834751 2620 int ret = 0;
wolfSSL 11:cee25a834751 2621
wolfSSL 11:cee25a834751 2622 for (; csr2; csr2 = csr2->next) {
wolfSSL 11:cee25a834751 2623 switch (csr2->status_type) {
wolfSSL 11:cee25a834751 2624 case WOLFSSL_CSR2_OCSP:
wolfSSL 11:cee25a834751 2625 if (!isPeer || csr2->requests != 0)
wolfSSL 11:cee25a834751 2626 break;
wolfSSL 11:cee25a834751 2627
wolfSSL 11:cee25a834751 2628 /* followed by */
wolfSSL 11:cee25a834751 2629
wolfSSL 11:cee25a834751 2630 case WOLFSSL_CSR2_OCSP_MULTI: {
wolfSSL 11:cee25a834751 2631 if (csr2->requests < 1 + MAX_CHAIN_DEPTH) {
wolfSSL 11:cee25a834751 2632 byte nonce[MAX_OCSP_NONCE_SZ];
wolfSSL 11:cee25a834751 2633 int nonceSz = csr2->request.ocsp[0].nonceSz;
wolfSSL 11:cee25a834751 2634
wolfSSL 11:cee25a834751 2635 /* preserve nonce, replicating nonce of ocsp[0] */
wolfSSL 11:cee25a834751 2636 XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz);
wolfSSL 11:cee25a834751 2637
wolfSSL 11:cee25a834751 2638 if ((ret = InitOcspRequest(
wolfSSL 11:cee25a834751 2639 &csr2->request.ocsp[csr2->requests], cert,
wolfSSL 11:cee25a834751 2640 0, heap)) != 0)
wolfSSL 11:cee25a834751 2641 return ret;
wolfSSL 11:cee25a834751 2642
wolfSSL 11:cee25a834751 2643 /* restore nonce */
wolfSSL 11:cee25a834751 2644 XMEMCPY(csr2->request.ocsp[csr2->requests].nonce,
wolfSSL 11:cee25a834751 2645 nonce, nonceSz);
wolfSSL 11:cee25a834751 2646 csr2->request.ocsp[csr2->requests].nonceSz = nonceSz;
wolfSSL 11:cee25a834751 2647 csr2->requests++;
wolfSSL 11:cee25a834751 2648 }
wolfSSL 11:cee25a834751 2649 }
wolfSSL 11:cee25a834751 2650 break;
wolfSSL 11:cee25a834751 2651 }
wolfSSL 11:cee25a834751 2652 }
wolfSSL 11:cee25a834751 2653
wolfSSL 11:cee25a834751 2654 (void)cert;
wolfSSL 11:cee25a834751 2655 return ret;
wolfSSL 11:cee25a834751 2656 }
wolfSSL 11:cee25a834751 2657
wolfSSL 11:cee25a834751 2658 void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte idx)
wolfSSL 11:cee25a834751 2659 {
wolfSSL 11:cee25a834751 2660 TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 11:cee25a834751 2661 CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL 11:cee25a834751 2662 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 11:cee25a834751 2663
wolfSSL 11:cee25a834751 2664 for (; csr2; csr2 = csr2->next) {
wolfSSL 11:cee25a834751 2665 if (csr2->status_type == status_type) {
wolfSSL 11:cee25a834751 2666 switch (csr2->status_type) {
wolfSSL 11:cee25a834751 2667 case WOLFSSL_CSR2_OCSP:
wolfSSL 11:cee25a834751 2668 /* followed by */
wolfSSL 11:cee25a834751 2669
wolfSSL 11:cee25a834751 2670 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 11:cee25a834751 2671 /* requests are initialized in the reverse order */
wolfSSL 11:cee25a834751 2672 return idx < csr2->requests
wolfSSL 11:cee25a834751 2673 ? &csr2->request.ocsp[csr2->requests - idx - 1]
wolfSSL 11:cee25a834751 2674 : NULL;
wolfSSL 11:cee25a834751 2675 break;
wolfSSL 11:cee25a834751 2676 }
wolfSSL 11:cee25a834751 2677 }
wolfSSL 11:cee25a834751 2678 }
wolfSSL 11:cee25a834751 2679
wolfSSL 11:cee25a834751 2680 return NULL;
wolfSSL 11:cee25a834751 2681 }
wolfSSL 11:cee25a834751 2682
wolfSSL 11:cee25a834751 2683 int TLSX_CSR2_ForceRequest(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2684 {
wolfSSL 11:cee25a834751 2685 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 11:cee25a834751 2686 CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL 11:cee25a834751 2687 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 11:cee25a834751 2688
wolfSSL 11:cee25a834751 2689 /* forces only the first one */
wolfSSL 11:cee25a834751 2690 if (csr2) {
wolfSSL 11:cee25a834751 2691 switch (csr2->status_type) {
wolfSSL 11:cee25a834751 2692 case WOLFSSL_CSR2_OCSP:
wolfSSL 11:cee25a834751 2693 /* followed by */
wolfSSL 11:cee25a834751 2694
wolfSSL 11:cee25a834751 2695 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 11:cee25a834751 2696 if (ssl->ctx->cm->ocspEnabled) {
wolfSSL 11:cee25a834751 2697 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 2698 csr2->request.ocsp[0].ssl = ssl;
wolfSSL 11:cee25a834751 2699 #endif
wolfSSL 11:cee25a834751 2700 return CheckOcspRequest(ssl->ctx->cm->ocsp,
wolfSSL 11:cee25a834751 2701 &csr2->request.ocsp[0], NULL);
wolfSSL 11:cee25a834751 2702 }
wolfSSL 11:cee25a834751 2703 else
wolfSSL 11:cee25a834751 2704 return OCSP_LOOKUP_FAIL;
wolfSSL 11:cee25a834751 2705 }
wolfSSL 11:cee25a834751 2706 }
wolfSSL 11:cee25a834751 2707
wolfSSL 11:cee25a834751 2708 return 0;
wolfSSL 11:cee25a834751 2709 }
wolfSSL 11:cee25a834751 2710
wolfSSL 11:cee25a834751 2711 int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
wolfSSL 11:cee25a834751 2712 byte options, void* heap, int devId)
wolfSSL 11:cee25a834751 2713 {
wolfSSL 11:cee25a834751 2714 TLSX* extension = NULL;
wolfSSL 11:cee25a834751 2715 CertificateStatusRequestItemV2* csr2 = NULL;
wolfSSL 11:cee25a834751 2716 int ret = 0;
wolfSSL 11:cee25a834751 2717
wolfSSL 11:cee25a834751 2718 if (!extensions)
wolfSSL 11:cee25a834751 2719 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2720
wolfSSL 11:cee25a834751 2721 if (status_type != WOLFSSL_CSR2_OCSP
wolfSSL 11:cee25a834751 2722 && status_type != WOLFSSL_CSR2_OCSP_MULTI)
wolfSSL 11:cee25a834751 2723 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2724
wolfSSL 11:cee25a834751 2725 csr2 = (CertificateStatusRequestItemV2*)
wolfSSL 11:cee25a834751 2726 XMALLOC(sizeof(CertificateStatusRequestItemV2), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 2727 if (!csr2)
wolfSSL 11:cee25a834751 2728 return MEMORY_E;
wolfSSL 11:cee25a834751 2729
wolfSSL 11:cee25a834751 2730 ForceZero(csr2, sizeof(CertificateStatusRequestItemV2));
wolfSSL 11:cee25a834751 2731
wolfSSL 11:cee25a834751 2732 csr2->status_type = status_type;
wolfSSL 11:cee25a834751 2733 csr2->options = options;
wolfSSL 11:cee25a834751 2734 csr2->next = NULL;
wolfSSL 11:cee25a834751 2735
wolfSSL 11:cee25a834751 2736 switch (csr2->status_type) {
wolfSSL 11:cee25a834751 2737 case WOLFSSL_CSR2_OCSP:
wolfSSL 11:cee25a834751 2738 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 11:cee25a834751 2739 if (options & WOLFSSL_CSR2_OCSP_USE_NONCE) {
wolfSSL 11:cee25a834751 2740 WC_RNG rng;
wolfSSL 11:cee25a834751 2741
wolfSSL 11:cee25a834751 2742 #ifndef HAVE_FIPS
wolfSSL 11:cee25a834751 2743 ret = wc_InitRng_ex(&rng, heap, devId);
wolfSSL 11:cee25a834751 2744 #else
wolfSSL 11:cee25a834751 2745 ret = wc_InitRng(&rng);
wolfSSL 11:cee25a834751 2746 (void)devId;
wolfSSL 11:cee25a834751 2747 #endif
wolfSSL 11:cee25a834751 2748 if (ret == 0) {
wolfSSL 11:cee25a834751 2749 if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp[0].nonce,
wolfSSL 11:cee25a834751 2750 MAX_OCSP_NONCE_SZ) == 0)
wolfSSL 11:cee25a834751 2751 csr2->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ;
wolfSSL 11:cee25a834751 2752
wolfSSL 11:cee25a834751 2753 wc_FreeRng(&rng);
wolfSSL 11:cee25a834751 2754 }
wolfSSL 11:cee25a834751 2755 }
wolfSSL 11:cee25a834751 2756 break;
wolfSSL 11:cee25a834751 2757 }
wolfSSL 11:cee25a834751 2758
wolfSSL 11:cee25a834751 2759 /* append new item */
wolfSSL 11:cee25a834751 2760 if ((extension = TLSX_Find(*extensions, TLSX_STATUS_REQUEST_V2))) {
wolfSSL 11:cee25a834751 2761 CertificateStatusRequestItemV2* last =
wolfSSL 11:cee25a834751 2762 (CertificateStatusRequestItemV2*)extension->data;
wolfSSL 11:cee25a834751 2763
wolfSSL 11:cee25a834751 2764 for (; last->next; last = last->next);
wolfSSL 11:cee25a834751 2765
wolfSSL 11:cee25a834751 2766 last->next = csr2;
wolfSSL 11:cee25a834751 2767 }
wolfSSL 11:cee25a834751 2768 else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2,heap))) {
wolfSSL 11:cee25a834751 2769 XFREE(csr2, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 2770 return ret;
wolfSSL 11:cee25a834751 2771 }
wolfSSL 11:cee25a834751 2772
wolfSSL 11:cee25a834751 2773 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 2774 }
wolfSSL 11:cee25a834751 2775
wolfSSL 11:cee25a834751 2776 #define CSR2_FREE_ALL TLSX_CSR2_FreeAll
wolfSSL 11:cee25a834751 2777 #define CSR2_GET_SIZE TLSX_CSR2_GetSize
wolfSSL 11:cee25a834751 2778 #define CSR2_WRITE TLSX_CSR2_Write
wolfSSL 11:cee25a834751 2779 #define CSR2_PARSE TLSX_CSR2_Parse
wolfSSL 11:cee25a834751 2780
wolfSSL 11:cee25a834751 2781 #else
wolfSSL 11:cee25a834751 2782
wolfSSL 11:cee25a834751 2783 #define CSR2_FREE_ALL(data, heap)
wolfSSL 11:cee25a834751 2784 #define CSR2_GET_SIZE(a, b) 0
wolfSSL 11:cee25a834751 2785 #define CSR2_WRITE(a, b, c) 0
wolfSSL 11:cee25a834751 2786 #define CSR2_PARSE(a, b, c, d) 0
wolfSSL 11:cee25a834751 2787
wolfSSL 11:cee25a834751 2788 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 11:cee25a834751 2789
wolfSSL 11:cee25a834751 2790 /******************************************************************************/
wolfSSL 11:cee25a834751 2791 /* Supported Elliptic Curves */
wolfSSL 11:cee25a834751 2792 /******************************************************************************/
wolfSSL 11:cee25a834751 2793
wolfSSL 11:cee25a834751 2794 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 11:cee25a834751 2795
wolfSSL 11:cee25a834751 2796 #ifndef HAVE_ECC
wolfSSL 11:cee25a834751 2797 #error Elliptic Curves Extension requires Elliptic Curve Cryptography. \
wolfSSL 11:cee25a834751 2798 Use --enable-ecc in the configure script or define HAVE_ECC.
wolfSSL 11:cee25a834751 2799 #endif
wolfSSL 11:cee25a834751 2800
wolfSSL 11:cee25a834751 2801 static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list, void* heap)
wolfSSL 11:cee25a834751 2802 {
wolfSSL 11:cee25a834751 2803 EllipticCurve* curve;
wolfSSL 11:cee25a834751 2804
wolfSSL 11:cee25a834751 2805 while ((curve = list)) {
wolfSSL 11:cee25a834751 2806 list = curve->next;
wolfSSL 11:cee25a834751 2807 XFREE(curve, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 2808 }
wolfSSL 11:cee25a834751 2809 (void)heap;
wolfSSL 11:cee25a834751 2810 }
wolfSSL 11:cee25a834751 2811
wolfSSL 11:cee25a834751 2812 static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name,
wolfSSL 11:cee25a834751 2813 void* heap)
wolfSSL 11:cee25a834751 2814 {
wolfSSL 11:cee25a834751 2815 EllipticCurve* curve = NULL;
wolfSSL 11:cee25a834751 2816
wolfSSL 11:cee25a834751 2817 if (list == NULL)
wolfSSL 11:cee25a834751 2818 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2819
wolfSSL 11:cee25a834751 2820 curve = (EllipticCurve*)XMALLOC(sizeof(EllipticCurve), heap,
wolfSSL 11:cee25a834751 2821 DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 2822 if (curve == NULL)
wolfSSL 11:cee25a834751 2823 return MEMORY_E;
wolfSSL 11:cee25a834751 2824
wolfSSL 11:cee25a834751 2825 curve->name = name;
wolfSSL 11:cee25a834751 2826 curve->next = *list;
wolfSSL 11:cee25a834751 2827
wolfSSL 11:cee25a834751 2828 *list = curve;
wolfSSL 11:cee25a834751 2829
wolfSSL 11:cee25a834751 2830 return 0;
wolfSSL 11:cee25a834751 2831 }
wolfSSL 11:cee25a834751 2832
wolfSSL 11:cee25a834751 2833 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 2834
wolfSSL 11:cee25a834751 2835 static void TLSX_EllipticCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
wolfSSL 11:cee25a834751 2836 {
wolfSSL 11:cee25a834751 2837 int i;
wolfSSL 11:cee25a834751 2838
wolfSSL 11:cee25a834751 2839 for (i = 0; i < ssl->suites->suiteSz; i+= 2)
wolfSSL 11:cee25a834751 2840 if (ssl->suites->suites[i] == ECC_BYTE ||
wolfSSL 11:cee25a834751 2841 ssl->suites->suites[i] == CHACHA_BYTE)
wolfSSL 11:cee25a834751 2842 return;
wolfSSL 11:cee25a834751 2843
wolfSSL 11:cee25a834751 2844 /* turns semaphore on to avoid sending this extension. */
wolfSSL 11:cee25a834751 2845 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS));
wolfSSL 11:cee25a834751 2846 }
wolfSSL 11:cee25a834751 2847
wolfSSL 11:cee25a834751 2848 static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list)
wolfSSL 11:cee25a834751 2849 {
wolfSSL 11:cee25a834751 2850 EllipticCurve* curve;
wolfSSL 11:cee25a834751 2851 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 11:cee25a834751 2852
wolfSSL 11:cee25a834751 2853 while ((curve = list)) {
wolfSSL 11:cee25a834751 2854 list = curve->next;
wolfSSL 11:cee25a834751 2855 length += OPAQUE16_LEN; /* curve length */
wolfSSL 11:cee25a834751 2856 }
wolfSSL 11:cee25a834751 2857
wolfSSL 11:cee25a834751 2858 return length;
wolfSSL 11:cee25a834751 2859 }
wolfSSL 11:cee25a834751 2860
wolfSSL 11:cee25a834751 2861 static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output);
wolfSSL 11:cee25a834751 2862 static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output)
wolfSSL 11:cee25a834751 2863 {
wolfSSL 11:cee25a834751 2864 word16 offset = 0;
wolfSSL 11:cee25a834751 2865
wolfSSL 11:cee25a834751 2866 if (!curve)
wolfSSL 11:cee25a834751 2867 return offset;
wolfSSL 11:cee25a834751 2868
wolfSSL 11:cee25a834751 2869 offset = TLSX_EllipticCurve_WriteR(curve->next, output);
wolfSSL 11:cee25a834751 2870 c16toa(curve->name, output + offset);
wolfSSL 11:cee25a834751 2871
wolfSSL 11:cee25a834751 2872 return OPAQUE16_LEN + offset;
wolfSSL 11:cee25a834751 2873 }
wolfSSL 11:cee25a834751 2874
wolfSSL 11:cee25a834751 2875 static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output)
wolfSSL 11:cee25a834751 2876 {
wolfSSL 11:cee25a834751 2877 word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN);
wolfSSL 11:cee25a834751 2878
wolfSSL 11:cee25a834751 2879 c16toa(length, output); /* writing list length */
wolfSSL 11:cee25a834751 2880
wolfSSL 11:cee25a834751 2881 return OPAQUE16_LEN + length;
wolfSSL 11:cee25a834751 2882 }
wolfSSL 11:cee25a834751 2883
wolfSSL 11:cee25a834751 2884 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 11:cee25a834751 2885 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 2886
wolfSSL 11:cee25a834751 2887 static int TLSX_EllipticCurve_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 11:cee25a834751 2888 byte isRequest)
wolfSSL 11:cee25a834751 2889 {
wolfSSL 11:cee25a834751 2890 word16 offset;
wolfSSL 11:cee25a834751 2891 word16 name;
wolfSSL 11:cee25a834751 2892 int r;
wolfSSL 11:cee25a834751 2893
wolfSSL 11:cee25a834751 2894 (void) isRequest; /* shut up compiler! */
wolfSSL 11:cee25a834751 2895
wolfSSL 11:cee25a834751 2896 if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
wolfSSL 11:cee25a834751 2897 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 2898
wolfSSL 11:cee25a834751 2899 ato16(input, &offset);
wolfSSL 11:cee25a834751 2900
wolfSSL 11:cee25a834751 2901 /* validating curve list length */
wolfSSL 11:cee25a834751 2902 if (length != OPAQUE16_LEN + offset)
wolfSSL 11:cee25a834751 2903 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 2904
wolfSSL 11:cee25a834751 2905 while (offset) {
wolfSSL 11:cee25a834751 2906 ato16(input + offset, &name);
wolfSSL 11:cee25a834751 2907 offset -= OPAQUE16_LEN;
wolfSSL 11:cee25a834751 2908
wolfSSL 11:cee25a834751 2909 r = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap);
wolfSSL 11:cee25a834751 2910
wolfSSL 11:cee25a834751 2911 if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL 11:cee25a834751 2912 }
wolfSSL 11:cee25a834751 2913
wolfSSL 11:cee25a834751 2914 return 0;
wolfSSL 11:cee25a834751 2915 }
wolfSSL 11:cee25a834751 2916
wolfSSL 11:cee25a834751 2917 int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
wolfSSL 11:cee25a834751 2918 TLSX* extension = (first == ECC_BYTE || first == CHACHA_BYTE)
wolfSSL 11:cee25a834751 2919 ? TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS)
wolfSSL 11:cee25a834751 2920 : NULL;
wolfSSL 11:cee25a834751 2921 EllipticCurve* curve = NULL;
wolfSSL 11:cee25a834751 2922 word32 oid = 0;
wolfSSL 11:cee25a834751 2923 word32 defOid = 0;
wolfSSL 11:cee25a834751 2924 word32 defSz = 80; /* Maximum known curve size is 66. */
wolfSSL 11:cee25a834751 2925 word32 nextOid = 0;
wolfSSL 11:cee25a834751 2926 word32 nextSz = 80; /* Maximum known curve size is 66. */
wolfSSL 11:cee25a834751 2927 word32 currOid = ssl->ecdhCurveOID;
wolfSSL 11:cee25a834751 2928 int ephmSuite = 0;
wolfSSL 11:cee25a834751 2929 word16 octets = 0; /* according to 'ecc_set_type ecc_sets[];' */
wolfSSL 11:cee25a834751 2930 int sig = 0; /* validate signature */
wolfSSL 11:cee25a834751 2931 int key = 0; /* validate key */
wolfSSL 11:cee25a834751 2932
wolfSSL 11:cee25a834751 2933 (void)oid;
wolfSSL 11:cee25a834751 2934
wolfSSL 11:cee25a834751 2935 if (!extension)
wolfSSL 11:cee25a834751 2936 return 1; /* no suite restriction */
wolfSSL 11:cee25a834751 2937
wolfSSL 11:cee25a834751 2938 for (curve = (EllipticCurve*)extension->data;
wolfSSL 11:cee25a834751 2939 curve && !(sig && key);
wolfSSL 11:cee25a834751 2940 curve = curve->next) {
wolfSSL 11:cee25a834751 2941
wolfSSL 11:cee25a834751 2942 /* find supported curve */
wolfSSL 11:cee25a834751 2943 switch (curve->name) {
wolfSSL 11:cee25a834751 2944 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 2945 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 2946 case WOLFSSL_ECC_SECP160R1:
wolfSSL 11:cee25a834751 2947 oid = ECC_SECP160R1_OID;
wolfSSL 11:cee25a834751 2948 octets = 20;
wolfSSL 11:cee25a834751 2949 break;
wolfSSL 11:cee25a834751 2950 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 2951 #ifdef HAVE_ECC_SECPR2
wolfSSL 11:cee25a834751 2952 case WOLFSSL_ECC_SECP160R2:
wolfSSL 11:cee25a834751 2953 oid = ECC_SECP160R2_OID;
wolfSSL 11:cee25a834751 2954 octets = 20;
wolfSSL 11:cee25a834751 2955 break;
wolfSSL 11:cee25a834751 2956 #endif /* HAVE_ECC_SECPR2 */
wolfSSL 11:cee25a834751 2957 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 2958 case WOLFSSL_ECC_SECP160K1:
wolfSSL 11:cee25a834751 2959 oid = ECC_SECP160K1_OID;
wolfSSL 11:cee25a834751 2960 octets = 20;
wolfSSL 11:cee25a834751 2961 break;
wolfSSL 11:cee25a834751 2962 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 11:cee25a834751 2963 #endif
wolfSSL 11:cee25a834751 2964 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 2965 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 2966 case WOLFSSL_ECC_SECP192R1:
wolfSSL 11:cee25a834751 2967 oid = ECC_SECP192R1_OID;
wolfSSL 11:cee25a834751 2968 octets = 24;
wolfSSL 11:cee25a834751 2969 break;
wolfSSL 11:cee25a834751 2970 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 2971 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 2972 case WOLFSSL_ECC_SECP192K1:
wolfSSL 11:cee25a834751 2973 oid = ECC_SECP192K1_OID;
wolfSSL 11:cee25a834751 2974 octets = 24;
wolfSSL 11:cee25a834751 2975 break;
wolfSSL 11:cee25a834751 2976 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 11:cee25a834751 2977 #endif
wolfSSL 11:cee25a834751 2978 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 2979 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 2980 case WOLFSSL_ECC_SECP224R1:
wolfSSL 11:cee25a834751 2981 oid = ECC_SECP224R1_OID;
wolfSSL 11:cee25a834751 2982 octets = 28;
wolfSSL 11:cee25a834751 2983 break;
wolfSSL 11:cee25a834751 2984 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 2985 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 2986 case WOLFSSL_ECC_SECP224K1:
wolfSSL 11:cee25a834751 2987 oid = ECC_SECP224K1_OID;
wolfSSL 11:cee25a834751 2988 octets = 28;
wolfSSL 11:cee25a834751 2989 break;
wolfSSL 11:cee25a834751 2990 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 11:cee25a834751 2991 #endif
wolfSSL 11:cee25a834751 2992 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 2993 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 2994 case WOLFSSL_ECC_SECP256R1:
wolfSSL 11:cee25a834751 2995 oid = ECC_SECP256R1_OID;
wolfSSL 11:cee25a834751 2996 octets = 32;
wolfSSL 11:cee25a834751 2997 break;
wolfSSL 11:cee25a834751 2998 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 2999 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 3000 case WOLFSSL_ECC_SECP256K1:
wolfSSL 11:cee25a834751 3001 oid = ECC_SECP256K1_OID;
wolfSSL 11:cee25a834751 3002 octets = 32;
wolfSSL 11:cee25a834751 3003 break;
wolfSSL 11:cee25a834751 3004 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 11:cee25a834751 3005 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 11:cee25a834751 3006 case WOLFSSL_ECC_BRAINPOOLP256R1:
wolfSSL 11:cee25a834751 3007 oid = ECC_BRAINPOOLP256R1_OID;
wolfSSL 11:cee25a834751 3008 octets = 32;
wolfSSL 11:cee25a834751 3009 break;
wolfSSL 11:cee25a834751 3010 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 11:cee25a834751 3011 #endif
wolfSSL 11:cee25a834751 3012 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 3013 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 3014 case WOLFSSL_ECC_SECP384R1:
wolfSSL 11:cee25a834751 3015 oid = ECC_SECP384R1_OID;
wolfSSL 11:cee25a834751 3016 octets = 48;
wolfSSL 11:cee25a834751 3017 break;
wolfSSL 11:cee25a834751 3018 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 3019 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 11:cee25a834751 3020 case WOLFSSL_ECC_BRAINPOOLP384R1:
wolfSSL 11:cee25a834751 3021 oid = ECC_BRAINPOOLP384R1_OID;
wolfSSL 11:cee25a834751 3022 octets = 48;
wolfSSL 11:cee25a834751 3023 break;
wolfSSL 11:cee25a834751 3024 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 11:cee25a834751 3025 #endif
wolfSSL 11:cee25a834751 3026 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 3027 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 11:cee25a834751 3028 case WOLFSSL_ECC_BRAINPOOLP512R1:
wolfSSL 11:cee25a834751 3029 oid = ECC_BRAINPOOLP512R1_OID;
wolfSSL 11:cee25a834751 3030 octets = 64;
wolfSSL 11:cee25a834751 3031 break;
wolfSSL 11:cee25a834751 3032 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 11:cee25a834751 3033 #endif
wolfSSL 11:cee25a834751 3034 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 3035 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 3036 case WOLFSSL_ECC_SECP521R1:
wolfSSL 11:cee25a834751 3037 oid = ECC_SECP521R1_OID;
wolfSSL 11:cee25a834751 3038 octets = 66;
wolfSSL 11:cee25a834751 3039 break;
wolfSSL 11:cee25a834751 3040 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 3041 #endif
wolfSSL 11:cee25a834751 3042 default: continue; /* unsupported curve */
wolfSSL 11:cee25a834751 3043 }
wolfSSL 11:cee25a834751 3044
wolfSSL 11:cee25a834751 3045 /* Set default Oid */
wolfSSL 11:cee25a834751 3046 if (defOid == 0 && ssl->eccTempKeySz <= octets && defSz > octets) {
wolfSSL 11:cee25a834751 3047 defOid = oid;
wolfSSL 11:cee25a834751 3048 defSz = octets;
wolfSSL 11:cee25a834751 3049 }
wolfSSL 11:cee25a834751 3050
wolfSSL 11:cee25a834751 3051 if (currOid == 0 && ssl->eccTempKeySz == octets)
wolfSSL 11:cee25a834751 3052 currOid = oid;
wolfSSL 11:cee25a834751 3053 if ((nextOid == 0 || nextSz > octets) && ssl->eccTempKeySz <= octets) {
wolfSSL 11:cee25a834751 3054 nextOid = oid;
wolfSSL 11:cee25a834751 3055 nextSz = octets;
wolfSSL 11:cee25a834751 3056 }
wolfSSL 11:cee25a834751 3057
wolfSSL 11:cee25a834751 3058 if (first == ECC_BYTE) {
wolfSSL 11:cee25a834751 3059 switch (second) {
wolfSSL 11:cee25a834751 3060 /* ECDHE_ECDSA */
wolfSSL 11:cee25a834751 3061 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL 11:cee25a834751 3062 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL 11:cee25a834751 3063 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
wolfSSL 11:cee25a834751 3064 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 11:cee25a834751 3065 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL 11:cee25a834751 3066 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL 11:cee25a834751 3067 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL 11:cee25a834751 3068 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL 11:cee25a834751 3069 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL 11:cee25a834751 3070 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
wolfSSL 11:cee25a834751 3071 sig |= ssl->pkCurveOID == oid;
wolfSSL 11:cee25a834751 3072 key |= ssl->ecdhCurveOID == oid;
wolfSSL 11:cee25a834751 3073 ephmSuite = 1;
wolfSSL 11:cee25a834751 3074 break;
wolfSSL 11:cee25a834751 3075
wolfSSL 11:cee25a834751 3076 #ifdef WOLFSSL_STATIC_DH
wolfSSL 11:cee25a834751 3077 /* ECDH_ECDSA */
wolfSSL 11:cee25a834751 3078 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL 11:cee25a834751 3079 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL 11:cee25a834751 3080 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
wolfSSL 11:cee25a834751 3081 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 11:cee25a834751 3082 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL 11:cee25a834751 3083 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL 11:cee25a834751 3084 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL 11:cee25a834751 3085 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL 11:cee25a834751 3086 sig |= ssl->pkCurveOID == oid;
wolfSSL 11:cee25a834751 3087 key |= ssl->pkCurveOID == oid;
wolfSSL 11:cee25a834751 3088 break;
wolfSSL 11:cee25a834751 3089 #endif /* WOLFSSL_STATIC_DH */
wolfSSL 11:cee25a834751 3090 #ifndef NO_RSA
wolfSSL 11:cee25a834751 3091 /* ECDHE_RSA */
wolfSSL 11:cee25a834751 3092 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
wolfSSL 11:cee25a834751 3093 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
wolfSSL 11:cee25a834751 3094 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
wolfSSL 11:cee25a834751 3095 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 11:cee25a834751 3096 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL 11:cee25a834751 3097 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL 11:cee25a834751 3098 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL 11:cee25a834751 3099 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL 11:cee25a834751 3100 sig = 1;
wolfSSL 11:cee25a834751 3101 key |= ssl->ecdhCurveOID == oid;
wolfSSL 11:cee25a834751 3102 ephmSuite = 1;
wolfSSL 11:cee25a834751 3103 break;
wolfSSL 11:cee25a834751 3104
wolfSSL 11:cee25a834751 3105 #ifdef WOLFSSL_STATIC_DH
wolfSSL 11:cee25a834751 3106 /* ECDH_RSA */
wolfSSL 11:cee25a834751 3107 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
wolfSSL 11:cee25a834751 3108 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
wolfSSL 11:cee25a834751 3109 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
wolfSSL 11:cee25a834751 3110 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 11:cee25a834751 3111 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL 11:cee25a834751 3112 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL 11:cee25a834751 3113 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL 11:cee25a834751 3114 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL 11:cee25a834751 3115 sig = 1;
wolfSSL 11:cee25a834751 3116 key |= ssl->pkCurveOID == oid;
wolfSSL 11:cee25a834751 3117 break;
wolfSSL 11:cee25a834751 3118 #endif /* WOLFSSL_STATIC_DH */
wolfSSL 11:cee25a834751 3119 #endif
wolfSSL 11:cee25a834751 3120 default:
wolfSSL 11:cee25a834751 3121 sig = 1;
wolfSSL 11:cee25a834751 3122 key = 1;
wolfSSL 11:cee25a834751 3123 break;
wolfSSL 11:cee25a834751 3124 }
wolfSSL 11:cee25a834751 3125 }
wolfSSL 11:cee25a834751 3126
wolfSSL 11:cee25a834751 3127 /* ChaCha20-Poly1305 ECC cipher suites */
wolfSSL 11:cee25a834751 3128 if (first == CHACHA_BYTE) {
wolfSSL 11:cee25a834751 3129 switch (second) {
wolfSSL 11:cee25a834751 3130 /* ECDHE_ECDSA */
wolfSSL 11:cee25a834751 3131 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 3132 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 3133 sig |= ssl->pkCurveOID == oid;
wolfSSL 11:cee25a834751 3134 key |= ssl->ecdhCurveOID == oid;
wolfSSL 11:cee25a834751 3135 ephmSuite = 1;
wolfSSL 11:cee25a834751 3136 break;
wolfSSL 11:cee25a834751 3137 #ifndef NO_RSA
wolfSSL 11:cee25a834751 3138 /* ECDHE_RSA */
wolfSSL 11:cee25a834751 3139 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 3140 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 3141 sig = 1;
wolfSSL 11:cee25a834751 3142 key |= ssl->ecdhCurveOID == oid;
wolfSSL 11:cee25a834751 3143 ephmSuite = 1;
wolfSSL 11:cee25a834751 3144 break;
wolfSSL 11:cee25a834751 3145 #endif
wolfSSL 11:cee25a834751 3146 default:
wolfSSL 11:cee25a834751 3147 sig = 1;
wolfSSL 11:cee25a834751 3148 key = 1;
wolfSSL 11:cee25a834751 3149 break;
wolfSSL 11:cee25a834751 3150 }
wolfSSL 11:cee25a834751 3151 }
wolfSSL 11:cee25a834751 3152 }
wolfSSL 11:cee25a834751 3153
wolfSSL 11:cee25a834751 3154 /* Choose the default if it is at the required strength. */
wolfSSL 11:cee25a834751 3155 if (ssl->ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz) {
wolfSSL 11:cee25a834751 3156 key = 1;
wolfSSL 11:cee25a834751 3157 ssl->ecdhCurveOID = defOid;
wolfSSL 11:cee25a834751 3158 }
wolfSSL 11:cee25a834751 3159 /* Choose any curve at the required strength. */
wolfSSL 11:cee25a834751 3160 if (ssl->ecdhCurveOID == 0) {
wolfSSL 11:cee25a834751 3161 key = 1;
wolfSSL 11:cee25a834751 3162 ssl->ecdhCurveOID = currOid;
wolfSSL 11:cee25a834751 3163 }
wolfSSL 11:cee25a834751 3164 /* Choose the default if it is at the next highest strength. */
wolfSSL 11:cee25a834751 3165 if (ssl->ecdhCurveOID == 0 && defSz == nextSz)
wolfSSL 11:cee25a834751 3166 ssl->ecdhCurveOID = defOid;
wolfSSL 11:cee25a834751 3167 /* Choose any curve at the next highest strength. */
wolfSSL 11:cee25a834751 3168 if (ssl->ecdhCurveOID == 0)
wolfSSL 11:cee25a834751 3169 ssl->ecdhCurveOID = nextOid;
wolfSSL 11:cee25a834751 3170 /* No curve and ephemeral ECC suite requires a matching curve. */
wolfSSL 11:cee25a834751 3171 if (ssl->ecdhCurveOID == 0 && ephmSuite)
wolfSSL 11:cee25a834751 3172 key = 0;
wolfSSL 11:cee25a834751 3173
wolfSSL 11:cee25a834751 3174 return sig && key;
wolfSSL 11:cee25a834751 3175 }
wolfSSL 11:cee25a834751 3176
wolfSSL 11:cee25a834751 3177 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 3178
wolfSSL 11:cee25a834751 3179 int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap)
wolfSSL 11:cee25a834751 3180 {
wolfSSL 11:cee25a834751 3181 TLSX* extension;
wolfSSL 11:cee25a834751 3182 EllipticCurve* curve = NULL;
wolfSSL 11:cee25a834751 3183 int ret = 0;
wolfSSL 11:cee25a834751 3184
wolfSSL 11:cee25a834751 3185 if (extensions == NULL)
wolfSSL 11:cee25a834751 3186 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3187
wolfSSL 11:cee25a834751 3188 if ((ret = TLSX_EllipticCurve_Append(&curve, name, heap)) != 0)
wolfSSL 11:cee25a834751 3189 return ret;
wolfSSL 11:cee25a834751 3190
wolfSSL 11:cee25a834751 3191 extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL 11:cee25a834751 3192 if (!extension) {
wolfSSL 11:cee25a834751 3193 if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve, heap))
wolfSSL 11:cee25a834751 3194 != 0) {
wolfSSL 11:cee25a834751 3195 XFREE(curve, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 3196 return ret;
wolfSSL 11:cee25a834751 3197 }
wolfSSL 11:cee25a834751 3198 }
wolfSSL 11:cee25a834751 3199 else {
wolfSSL 11:cee25a834751 3200 /* push new EllipticCurve object to extension data. */
wolfSSL 11:cee25a834751 3201 curve->next = (EllipticCurve*)extension->data;
wolfSSL 11:cee25a834751 3202 extension->data = (void*)curve;
wolfSSL 11:cee25a834751 3203
wolfSSL 11:cee25a834751 3204 /* look for another curve of the same name to remove (replacement) */
wolfSSL 11:cee25a834751 3205 do {
wolfSSL 11:cee25a834751 3206 if (curve->next && curve->next->name == name) {
wolfSSL 11:cee25a834751 3207 EllipticCurve *next = curve->next;
wolfSSL 11:cee25a834751 3208
wolfSSL 11:cee25a834751 3209 curve->next = next->next;
wolfSSL 11:cee25a834751 3210 XFREE(next, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 3211
wolfSSL 11:cee25a834751 3212 break;
wolfSSL 11:cee25a834751 3213 }
wolfSSL 11:cee25a834751 3214 } while ((curve = curve->next));
wolfSSL 11:cee25a834751 3215 }
wolfSSL 11:cee25a834751 3216
wolfSSL 11:cee25a834751 3217 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3218 }
wolfSSL 11:cee25a834751 3219
wolfSSL 11:cee25a834751 3220 #define EC_FREE_ALL TLSX_EllipticCurve_FreeAll
wolfSSL 11:cee25a834751 3221 #define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest
wolfSSL 11:cee25a834751 3222
wolfSSL 11:cee25a834751 3223 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 3224 #define EC_GET_SIZE TLSX_EllipticCurve_GetSize
wolfSSL 11:cee25a834751 3225 #define EC_WRITE TLSX_EllipticCurve_Write
wolfSSL 11:cee25a834751 3226 #else
wolfSSL 11:cee25a834751 3227 #define EC_GET_SIZE(list) 0
wolfSSL 11:cee25a834751 3228 #define EC_WRITE(a, b) 0
wolfSSL 11:cee25a834751 3229 #endif
wolfSSL 11:cee25a834751 3230
wolfSSL 11:cee25a834751 3231 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 3232 #define EC_PARSE TLSX_EllipticCurve_Parse
wolfSSL 11:cee25a834751 3233 #else
wolfSSL 11:cee25a834751 3234 #define EC_PARSE(a, b, c, d) 0
wolfSSL 11:cee25a834751 3235 #endif
wolfSSL 11:cee25a834751 3236
wolfSSL 11:cee25a834751 3237 #else
wolfSSL 11:cee25a834751 3238
wolfSSL 11:cee25a834751 3239 #define EC_FREE_ALL(list, heap)
wolfSSL 11:cee25a834751 3240 #define EC_GET_SIZE(list) 0
wolfSSL 11:cee25a834751 3241 #define EC_WRITE(a, b) 0
wolfSSL 11:cee25a834751 3242 #define EC_PARSE(a, b, c, d) 0
wolfSSL 11:cee25a834751 3243 #define EC_VALIDATE_REQUEST(a, b)
wolfSSL 11:cee25a834751 3244
wolfSSL 11:cee25a834751 3245 #endif /* HAVE_SUPPORTED_CURVES */
wolfSSL 11:cee25a834751 3246
wolfSSL 11:cee25a834751 3247 /******************************************************************************/
wolfSSL 11:cee25a834751 3248 /* Renegotiation Indication */
wolfSSL 11:cee25a834751 3249 /******************************************************************************/
wolfSSL 11:cee25a834751 3250
wolfSSL 11:cee25a834751 3251 #if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL 11:cee25a834751 3252 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL 11:cee25a834751 3253
wolfSSL 11:cee25a834751 3254 static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data,
wolfSSL 11:cee25a834751 3255 int isRequest)
wolfSSL 11:cee25a834751 3256 {
wolfSSL 11:cee25a834751 3257 byte length = OPAQUE8_LEN; /* empty info length */
wolfSSL 11:cee25a834751 3258
wolfSSL 11:cee25a834751 3259 /* data will be NULL for HAVE_SERVER_RENEGOTIATION_INFO only */
wolfSSL 11:cee25a834751 3260 if (data && data->enabled) {
wolfSSL 11:cee25a834751 3261 /* client sends client_verify_data only */
wolfSSL 11:cee25a834751 3262 length += TLS_FINISHED_SZ;
wolfSSL 11:cee25a834751 3263
wolfSSL 11:cee25a834751 3264 /* server also sends server_verify_data */
wolfSSL 11:cee25a834751 3265 if (!isRequest)
wolfSSL 11:cee25a834751 3266 length += TLS_FINISHED_SZ;
wolfSSL 11:cee25a834751 3267 }
wolfSSL 11:cee25a834751 3268
wolfSSL 11:cee25a834751 3269 return length;
wolfSSL 11:cee25a834751 3270 }
wolfSSL 11:cee25a834751 3271
wolfSSL 11:cee25a834751 3272 static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data,
wolfSSL 11:cee25a834751 3273 byte* output, int isRequest)
wolfSSL 11:cee25a834751 3274 {
wolfSSL 11:cee25a834751 3275 word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */
wolfSSL 11:cee25a834751 3276
wolfSSL 11:cee25a834751 3277 if (data && data->enabled) {
wolfSSL 11:cee25a834751 3278 /* client sends client_verify_data only */
wolfSSL 11:cee25a834751 3279 XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ);
wolfSSL 11:cee25a834751 3280 offset += TLS_FINISHED_SZ;
wolfSSL 11:cee25a834751 3281
wolfSSL 11:cee25a834751 3282 /* server also sends server_verify_data */
wolfSSL 11:cee25a834751 3283 if (!isRequest) {
wolfSSL 11:cee25a834751 3284 XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ);
wolfSSL 11:cee25a834751 3285 offset += TLS_FINISHED_SZ;
wolfSSL 11:cee25a834751 3286 }
wolfSSL 11:cee25a834751 3287 }
wolfSSL 11:cee25a834751 3288
wolfSSL 11:cee25a834751 3289 output[0] = (byte)(offset - 1); /* info length - self */
wolfSSL 11:cee25a834751 3290
wolfSSL 11:cee25a834751 3291 return offset;
wolfSSL 11:cee25a834751 3292 }
wolfSSL 11:cee25a834751 3293
wolfSSL 11:cee25a834751 3294 static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
wolfSSL 11:cee25a834751 3295 word16 length, byte isRequest)
wolfSSL 11:cee25a834751 3296 {
wolfSSL 11:cee25a834751 3297 int ret = SECURE_RENEGOTIATION_E;
wolfSSL 11:cee25a834751 3298
wolfSSL 11:cee25a834751 3299 if (length >= OPAQUE8_LEN) {
wolfSSL 11:cee25a834751 3300 if (ssl->secure_renegotiation == NULL) {
wolfSSL 11:cee25a834751 3301 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 3302 if (isRequest && *input == 0) {
wolfSSL 11:cee25a834751 3303 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 11:cee25a834751 3304 if (length == OPAQUE8_LEN) {
wolfSSL 11:cee25a834751 3305 if (TLSX_Find(ssl->extensions,
wolfSSL 11:cee25a834751 3306 TLSX_RENEGOTIATION_INFO) == NULL) {
wolfSSL 11:cee25a834751 3307 ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions,
wolfSSL 11:cee25a834751 3308 ssl->heap);
wolfSSL 11:cee25a834751 3309 if (ret == SSL_SUCCESS)
wolfSSL 11:cee25a834751 3310 ret = 0;
wolfSSL 11:cee25a834751 3311
wolfSSL 11:cee25a834751 3312 } else {
wolfSSL 11:cee25a834751 3313 ret = 0;
wolfSSL 11:cee25a834751 3314 }
wolfSSL 11:cee25a834751 3315 }
wolfSSL 11:cee25a834751 3316 #else
wolfSSL 11:cee25a834751 3317 ret = 0; /* don't reply, user didn't enable */
wolfSSL 11:cee25a834751 3318 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL 11:cee25a834751 3319 }
wolfSSL 11:cee25a834751 3320 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 11:cee25a834751 3321 else if (!isRequest) {
wolfSSL 11:cee25a834751 3322 /* don't do anything on client side */
wolfSSL 11:cee25a834751 3323 ret = 0;
wolfSSL 11:cee25a834751 3324 }
wolfSSL 11:cee25a834751 3325 #endif
wolfSSL 11:cee25a834751 3326 #endif
wolfSSL 11:cee25a834751 3327 }
wolfSSL 11:cee25a834751 3328 else if (isRequest) {
wolfSSL 11:cee25a834751 3329 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 3330 if (*input == TLS_FINISHED_SZ) {
wolfSSL 11:cee25a834751 3331 /* TODO compare client_verify_data */
wolfSSL 11:cee25a834751 3332 ret = 0;
wolfSSL 11:cee25a834751 3333 }
wolfSSL 11:cee25a834751 3334 #endif
wolfSSL 11:cee25a834751 3335 }
wolfSSL 11:cee25a834751 3336 else {
wolfSSL 11:cee25a834751 3337 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 3338 if (!ssl->secure_renegotiation->enabled) {
wolfSSL 11:cee25a834751 3339 if (*input == 0) {
wolfSSL 11:cee25a834751 3340 ssl->secure_renegotiation->enabled = 1;
wolfSSL 11:cee25a834751 3341 ret = 0;
wolfSSL 11:cee25a834751 3342 }
wolfSSL 11:cee25a834751 3343 }
wolfSSL 11:cee25a834751 3344 else if (*input == 2 * TLS_FINISHED_SZ &&
wolfSSL 11:cee25a834751 3345 length == 2 * TLS_FINISHED_SZ + OPAQUE8_LEN) {
wolfSSL 11:cee25a834751 3346 input++; /* get past size */
wolfSSL 11:cee25a834751 3347
wolfSSL 11:cee25a834751 3348 /* validate client and server verify data */
wolfSSL 11:cee25a834751 3349 if (XMEMCMP(input,
wolfSSL 11:cee25a834751 3350 ssl->secure_renegotiation->client_verify_data,
wolfSSL 11:cee25a834751 3351 TLS_FINISHED_SZ) == 0 &&
wolfSSL 11:cee25a834751 3352 XMEMCMP(input + TLS_FINISHED_SZ,
wolfSSL 11:cee25a834751 3353 ssl->secure_renegotiation->server_verify_data,
wolfSSL 11:cee25a834751 3354 TLS_FINISHED_SZ) == 0) {
wolfSSL 11:cee25a834751 3355 WOLFSSL_MSG("SCR client and server verify data match");
wolfSSL 11:cee25a834751 3356 ret = 0; /* verified */
wolfSSL 11:cee25a834751 3357 } else {
wolfSSL 11:cee25a834751 3358 /* already in error state */
wolfSSL 11:cee25a834751 3359 WOLFSSL_MSG("SCR client and server verify data Failure");
wolfSSL 11:cee25a834751 3360 }
wolfSSL 11:cee25a834751 3361 }
wolfSSL 11:cee25a834751 3362 #endif
wolfSSL 11:cee25a834751 3363 }
wolfSSL 11:cee25a834751 3364 }
wolfSSL 11:cee25a834751 3365
wolfSSL 11:cee25a834751 3366 if (ret != 0) {
wolfSSL 11:cee25a834751 3367 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 11:cee25a834751 3368 }
wolfSSL 11:cee25a834751 3369
wolfSSL 11:cee25a834751 3370 return ret;
wolfSSL 11:cee25a834751 3371 }
wolfSSL 11:cee25a834751 3372
wolfSSL 11:cee25a834751 3373 int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap)
wolfSSL 11:cee25a834751 3374 {
wolfSSL 11:cee25a834751 3375 int ret = 0;
wolfSSL 11:cee25a834751 3376 SecureRenegotiation* data = NULL;
wolfSSL 11:cee25a834751 3377
wolfSSL 11:cee25a834751 3378 data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), heap,
wolfSSL 11:cee25a834751 3379 DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 3380 if (data == NULL)
wolfSSL 11:cee25a834751 3381 return MEMORY_E;
wolfSSL 11:cee25a834751 3382
wolfSSL 11:cee25a834751 3383 XMEMSET(data, 0, sizeof(SecureRenegotiation));
wolfSSL 11:cee25a834751 3384
wolfSSL 11:cee25a834751 3385 ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data, heap);
wolfSSL 11:cee25a834751 3386 if (ret != 0) {
wolfSSL 11:cee25a834751 3387 XFREE(data, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 3388 return ret;
wolfSSL 11:cee25a834751 3389 }
wolfSSL 11:cee25a834751 3390
wolfSSL 11:cee25a834751 3391 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3392 }
wolfSSL 11:cee25a834751 3393
wolfSSL 11:cee25a834751 3394 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 11:cee25a834751 3395
wolfSSL 11:cee25a834751 3396 int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap)
wolfSSL 11:cee25a834751 3397 {
wolfSSL 11:cee25a834751 3398 int ret;
wolfSSL 11:cee25a834751 3399
wolfSSL 11:cee25a834751 3400 ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, NULL, heap);
wolfSSL 11:cee25a834751 3401 if (ret != 0)
wolfSSL 11:cee25a834751 3402 return ret;
wolfSSL 11:cee25a834751 3403
wolfSSL 11:cee25a834751 3404 /* send empty renegotiation_info extension */
wolfSSL 11:cee25a834751 3405 TLSX* ext = TLSX_Find(*extensions, TLSX_RENEGOTIATION_INFO);
wolfSSL 11:cee25a834751 3406 if (ext)
wolfSSL 11:cee25a834751 3407 ext->resp = 1;
wolfSSL 11:cee25a834751 3408
wolfSSL 11:cee25a834751 3409 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3410 }
wolfSSL 11:cee25a834751 3411
wolfSSL 11:cee25a834751 3412 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL 11:cee25a834751 3413
wolfSSL 11:cee25a834751 3414
wolfSSL 11:cee25a834751 3415 #define SCR_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX)
wolfSSL 11:cee25a834751 3416 #define SCR_GET_SIZE TLSX_SecureRenegotiation_GetSize
wolfSSL 11:cee25a834751 3417 #define SCR_WRITE TLSX_SecureRenegotiation_Write
wolfSSL 11:cee25a834751 3418 #define SCR_PARSE TLSX_SecureRenegotiation_Parse
wolfSSL 11:cee25a834751 3419
wolfSSL 11:cee25a834751 3420 #else
wolfSSL 11:cee25a834751 3421
wolfSSL 11:cee25a834751 3422 #define SCR_FREE_ALL(a, heap)
wolfSSL 11:cee25a834751 3423 #define SCR_GET_SIZE(a, b) 0
wolfSSL 11:cee25a834751 3424 #define SCR_WRITE(a, b, c) 0
wolfSSL 11:cee25a834751 3425 #define SCR_PARSE(a, b, c, d) 0
wolfSSL 11:cee25a834751 3426
wolfSSL 11:cee25a834751 3427 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 11:cee25a834751 3428
wolfSSL 11:cee25a834751 3429 /******************************************************************************/
wolfSSL 11:cee25a834751 3430 /* Session Tickets */
wolfSSL 11:cee25a834751 3431 /******************************************************************************/
wolfSSL 11:cee25a834751 3432
wolfSSL 11:cee25a834751 3433 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 3434
wolfSSL 11:cee25a834751 3435 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 3436 static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 3437 {
wolfSSL 11:cee25a834751 3438 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET);
wolfSSL 11:cee25a834751 3439 SessionTicket* ticket = extension ?
wolfSSL 11:cee25a834751 3440 (SessionTicket*)extension->data : NULL;
wolfSSL 11:cee25a834751 3441
wolfSSL 11:cee25a834751 3442 if (ticket) {
wolfSSL 11:cee25a834751 3443 /* TODO validate ticket timeout here! */
wolfSSL 11:cee25a834751 3444 if (ticket->lifetime == 0xfffffff) {
wolfSSL 11:cee25a834751 3445 /* send empty ticket on timeout */
wolfSSL 11:cee25a834751 3446 TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL 11:cee25a834751 3447 }
wolfSSL 11:cee25a834751 3448 }
wolfSSL 11:cee25a834751 3449 }
wolfSSL 11:cee25a834751 3450 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 11:cee25a834751 3451
wolfSSL 11:cee25a834751 3452
wolfSSL 11:cee25a834751 3453 static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
wolfSSL 11:cee25a834751 3454 {
wolfSSL 11:cee25a834751 3455 (void)isRequest;
wolfSSL 11:cee25a834751 3456 return ticket ? ticket->size : 0;
wolfSSL 11:cee25a834751 3457 }
wolfSSL 11:cee25a834751 3458
wolfSSL 11:cee25a834751 3459 static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
wolfSSL 11:cee25a834751 3460 int isRequest)
wolfSSL 11:cee25a834751 3461 {
wolfSSL 11:cee25a834751 3462 word16 offset = 0; /* empty ticket */
wolfSSL 11:cee25a834751 3463
wolfSSL 11:cee25a834751 3464 if (isRequest && ticket) {
wolfSSL 11:cee25a834751 3465 XMEMCPY(output + offset, ticket->data, ticket->size);
wolfSSL 11:cee25a834751 3466 offset += ticket->size;
wolfSSL 11:cee25a834751 3467 }
wolfSSL 11:cee25a834751 3468
wolfSSL 11:cee25a834751 3469 return offset;
wolfSSL 11:cee25a834751 3470 }
wolfSSL 11:cee25a834751 3471
wolfSSL 11:cee25a834751 3472
wolfSSL 11:cee25a834751 3473 static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 11:cee25a834751 3474 byte isRequest)
wolfSSL 11:cee25a834751 3475 {
wolfSSL 11:cee25a834751 3476 int ret = 0;
wolfSSL 11:cee25a834751 3477
wolfSSL 11:cee25a834751 3478 (void) input; /* avoid unused parameter if NO_WOLFSSL_SERVER defined */
wolfSSL 11:cee25a834751 3479
wolfSSL 11:cee25a834751 3480 if (!isRequest) {
wolfSSL 11:cee25a834751 3481 /* client side */
wolfSSL 11:cee25a834751 3482 if (length != 0)
wolfSSL 11:cee25a834751 3483 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 3484
wolfSSL 11:cee25a834751 3485 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 3486 ssl->expect_session_ticket = 1;
wolfSSL 11:cee25a834751 3487 #endif
wolfSSL 11:cee25a834751 3488 }
wolfSSL 11:cee25a834751 3489 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 3490 else {
wolfSSL 11:cee25a834751 3491 /* server side */
wolfSSL 11:cee25a834751 3492 if (ssl->ctx->ticketEncCb == NULL) {
wolfSSL 11:cee25a834751 3493 WOLFSSL_MSG("Client sent session ticket, server has no callback");
wolfSSL 11:cee25a834751 3494 return 0;
wolfSSL 11:cee25a834751 3495 }
wolfSSL 11:cee25a834751 3496
wolfSSL 11:cee25a834751 3497 if (length == 0) {
wolfSSL 11:cee25a834751 3498 /* blank ticket */
wolfSSL 11:cee25a834751 3499 ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL 11:cee25a834751 3500 if (ret == SSL_SUCCESS) {
wolfSSL 11:cee25a834751 3501 ret = 0;
wolfSSL 11:cee25a834751 3502 TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); /* send blank ticket */
wolfSSL 11:cee25a834751 3503 ssl->options.createTicket = 1; /* will send ticket msg */
wolfSSL 11:cee25a834751 3504 ssl->options.useTicket = 1;
wolfSSL 11:cee25a834751 3505 ssl->options.resuming = 0; /* no standard resumption */
wolfSSL 11:cee25a834751 3506 ssl->arrays->sessionIDSz = 0; /* no echo on blank ticket */
wolfSSL 11:cee25a834751 3507 }
wolfSSL 11:cee25a834751 3508 } else {
wolfSSL 11:cee25a834751 3509 /* got actual ticket from client */
wolfSSL 11:cee25a834751 3510 ret = DoClientTicket(ssl, input, length);
wolfSSL 11:cee25a834751 3511 if (ret == WOLFSSL_TICKET_RET_OK) { /* use ticket to resume */
wolfSSL 11:cee25a834751 3512 WOLFSSL_MSG("Using exisitng client ticket");
wolfSSL 11:cee25a834751 3513 ssl->options.useTicket = 1;
wolfSSL 11:cee25a834751 3514 ssl->options.resuming = 1;
wolfSSL 11:cee25a834751 3515 } else if (ret == WOLFSSL_TICKET_RET_CREATE) {
wolfSSL 11:cee25a834751 3516 WOLFSSL_MSG("Using existing client ticket, creating new one");
wolfSSL 11:cee25a834751 3517 ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL 11:cee25a834751 3518 if (ret == SSL_SUCCESS) {
wolfSSL 11:cee25a834751 3519 ret = 0;
wolfSSL 11:cee25a834751 3520 TLSX_SetResponse(ssl, TLSX_SESSION_TICKET);
wolfSSL 11:cee25a834751 3521 /* send blank ticket */
wolfSSL 11:cee25a834751 3522 ssl->options.createTicket = 1; /* will send ticket msg */
wolfSSL 11:cee25a834751 3523 ssl->options.useTicket = 1;
wolfSSL 11:cee25a834751 3524 ssl->options.resuming = 1;
wolfSSL 11:cee25a834751 3525 }
wolfSSL 11:cee25a834751 3526 } else if (ret == WOLFSSL_TICKET_RET_REJECT) {
wolfSSL 11:cee25a834751 3527 WOLFSSL_MSG("Process client ticket rejected, not using");
wolfSSL 11:cee25a834751 3528 ssl->options.rejectTicket = 1;
wolfSSL 11:cee25a834751 3529 ret = 0; /* not fatal */
wolfSSL 11:cee25a834751 3530 } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) {
wolfSSL 11:cee25a834751 3531 WOLFSSL_MSG("Process client ticket fatal error, not using");
wolfSSL 11:cee25a834751 3532 }
wolfSSL 11:cee25a834751 3533 }
wolfSSL 11:cee25a834751 3534 }
wolfSSL 11:cee25a834751 3535 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 3536
wolfSSL 11:cee25a834751 3537 return ret;
wolfSSL 11:cee25a834751 3538 }
wolfSSL 11:cee25a834751 3539
wolfSSL 11:cee25a834751 3540 WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
wolfSSL 11:cee25a834751 3541 byte* data, word16 size, void* heap)
wolfSSL 11:cee25a834751 3542 {
wolfSSL 11:cee25a834751 3543 SessionTicket* ticket = (SessionTicket*)XMALLOC(sizeof(SessionTicket),
wolfSSL 11:cee25a834751 3544 heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 3545 if (ticket) {
wolfSSL 11:cee25a834751 3546 ticket->data = (byte*)XMALLOC(size, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 3547 if (ticket->data == NULL) {
wolfSSL 11:cee25a834751 3548 XFREE(ticket, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 3549 return NULL;
wolfSSL 11:cee25a834751 3550 }
wolfSSL 11:cee25a834751 3551
wolfSSL 11:cee25a834751 3552 XMEMCPY(ticket->data, data, size);
wolfSSL 11:cee25a834751 3553 ticket->size = size;
wolfSSL 11:cee25a834751 3554 ticket->lifetime = lifetime;
wolfSSL 11:cee25a834751 3555 }
wolfSSL 11:cee25a834751 3556
wolfSSL 11:cee25a834751 3557 return ticket;
wolfSSL 11:cee25a834751 3558 }
wolfSSL 11:cee25a834751 3559 WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap)
wolfSSL 11:cee25a834751 3560 {
wolfSSL 11:cee25a834751 3561 if (ticket) {
wolfSSL 11:cee25a834751 3562 XFREE(ticket->data, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 3563 XFREE(ticket, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 3564 }
wolfSSL 11:cee25a834751 3565
wolfSSL 11:cee25a834751 3566 (void)heap;
wolfSSL 11:cee25a834751 3567 }
wolfSSL 11:cee25a834751 3568
wolfSSL 11:cee25a834751 3569 int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket, void* heap)
wolfSSL 11:cee25a834751 3570 {
wolfSSL 11:cee25a834751 3571 int ret = 0;
wolfSSL 11:cee25a834751 3572
wolfSSL 11:cee25a834751 3573 if (extensions == NULL)
wolfSSL 11:cee25a834751 3574 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3575
wolfSSL 11:cee25a834751 3576 /* If the ticket is NULL, the client will request a new ticket from the
wolfSSL 11:cee25a834751 3577 server. Otherwise, the client will use it in the next client hello. */
wolfSSL 11:cee25a834751 3578 if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket, heap))
wolfSSL 11:cee25a834751 3579 != 0)
wolfSSL 11:cee25a834751 3580 return ret;
wolfSSL 11:cee25a834751 3581
wolfSSL 11:cee25a834751 3582 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3583 }
wolfSSL 11:cee25a834751 3584
wolfSSL 11:cee25a834751 3585 #define WOLF_STK_VALIDATE_REQUEST TLSX_SessionTicket_ValidateRequest
wolfSSL 11:cee25a834751 3586 #define WOLF_STK_GET_SIZE TLSX_SessionTicket_GetSize
wolfSSL 11:cee25a834751 3587 #define WOLF_STK_WRITE TLSX_SessionTicket_Write
wolfSSL 11:cee25a834751 3588 #define WOLF_STK_PARSE TLSX_SessionTicket_Parse
wolfSSL 11:cee25a834751 3589 #define WOLF_STK_FREE(stk, heap) TLSX_SessionTicket_Free((SessionTicket*)stk,(heap))
wolfSSL 11:cee25a834751 3590
wolfSSL 11:cee25a834751 3591 #else
wolfSSL 11:cee25a834751 3592
wolfSSL 11:cee25a834751 3593 #define WOLF_STK_FREE(a, b)
wolfSSL 11:cee25a834751 3594 #define WOLF_STK_VALIDATE_REQUEST(a)
wolfSSL 11:cee25a834751 3595 #define WOLF_STK_GET_SIZE(a, b) 0
wolfSSL 11:cee25a834751 3596 #define WOLF_STK_WRITE(a, b, c) 0
wolfSSL 11:cee25a834751 3597 #define WOLF_STK_PARSE(a, b, c, d) 0
wolfSSL 11:cee25a834751 3598
wolfSSL 11:cee25a834751 3599 #endif /* HAVE_SESSION_TICKET */
wolfSSL 11:cee25a834751 3600
wolfSSL 11:cee25a834751 3601 /******************************************************************************/
wolfSSL 11:cee25a834751 3602 /* Quantum-Safe-Hybrid */
wolfSSL 11:cee25a834751 3603 /******************************************************************************/
wolfSSL 11:cee25a834751 3604
wolfSSL 11:cee25a834751 3605 #if defined(HAVE_NTRU) && defined(HAVE_QSH)
wolfSSL 11:cee25a834751 3606 static WC_RNG* rng;
wolfSSL 11:cee25a834751 3607 static wolfSSL_Mutex* rngMutex;
wolfSSL 11:cee25a834751 3608 #endif
wolfSSL 11:cee25a834751 3609
wolfSSL 11:cee25a834751 3610 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 3611 static void TLSX_QSH_FreeAll(QSHScheme* list, void* heap)
wolfSSL 11:cee25a834751 3612 {
wolfSSL 11:cee25a834751 3613 QSHScheme* current;
wolfSSL 11:cee25a834751 3614
wolfSSL 11:cee25a834751 3615 while ((current = list)) {
wolfSSL 11:cee25a834751 3616 list = current->next;
wolfSSL 11:cee25a834751 3617 XFREE(current, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 3618 }
wolfSSL 11:cee25a834751 3619
wolfSSL 11:cee25a834751 3620 (void)heap;
wolfSSL 11:cee25a834751 3621 }
wolfSSL 11:cee25a834751 3622
wolfSSL 11:cee25a834751 3623 static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub,
wolfSSL 11:cee25a834751 3624 word16 pubLen)
wolfSSL 11:cee25a834751 3625 {
wolfSSL 11:cee25a834751 3626 QSHScheme* temp;
wolfSSL 11:cee25a834751 3627
wolfSSL 11:cee25a834751 3628 if (list == NULL)
wolfSSL 11:cee25a834751 3629 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3630
wolfSSL 11:cee25a834751 3631 if ((temp = (QSHScheme*)XMALLOC(sizeof(QSHScheme), NULL,
wolfSSL 11:cee25a834751 3632 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 11:cee25a834751 3633 return MEMORY_E;
wolfSSL 11:cee25a834751 3634
wolfSSL 11:cee25a834751 3635 temp->name = name;
wolfSSL 11:cee25a834751 3636 temp->PK = pub;
wolfSSL 11:cee25a834751 3637 temp->PKLen = pubLen;
wolfSSL 11:cee25a834751 3638 temp->next = *list;
wolfSSL 11:cee25a834751 3639
wolfSSL 11:cee25a834751 3640 *list = temp;
wolfSSL 11:cee25a834751 3641
wolfSSL 11:cee25a834751 3642 return 0;
wolfSSL 11:cee25a834751 3643 }
wolfSSL 11:cee25a834751 3644
wolfSSL 11:cee25a834751 3645
wolfSSL 11:cee25a834751 3646 /* request for server's public key : 02 indicates 0-2 requested */
wolfSSL 11:cee25a834751 3647 static byte TLSX_QSH_SerPKReq(byte* output, byte isRequest)
wolfSSL 11:cee25a834751 3648 {
wolfSSL 11:cee25a834751 3649 if (isRequest) {
wolfSSL 11:cee25a834751 3650 /* only request one public key from the server */
wolfSSL 11:cee25a834751 3651 output[0] = 0x01;
wolfSSL 11:cee25a834751 3652
wolfSSL 11:cee25a834751 3653 return OPAQUE8_LEN;
wolfSSL 11:cee25a834751 3654 }
wolfSSL 11:cee25a834751 3655 else {
wolfSSL 11:cee25a834751 3656 return 0;
wolfSSL 11:cee25a834751 3657 }
wolfSSL 11:cee25a834751 3658 }
wolfSSL 11:cee25a834751 3659
wolfSSL 11:cee25a834751 3660 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 3661
wolfSSL 11:cee25a834751 3662 /* check for TLS_QSH suite */
wolfSSL 11:cee25a834751 3663 static void TLSX_QSH_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
wolfSSL 11:cee25a834751 3664 {
wolfSSL 11:cee25a834751 3665 int i;
wolfSSL 11:cee25a834751 3666
wolfSSL 11:cee25a834751 3667 for (i = 0; i < ssl->suites->suiteSz; i+= 2)
wolfSSL 11:cee25a834751 3668 if (ssl->suites->suites[i] == QSH_BYTE)
wolfSSL 11:cee25a834751 3669 return;
wolfSSL 11:cee25a834751 3670
wolfSSL 11:cee25a834751 3671 /* No QSH suite found */
wolfSSL 11:cee25a834751 3672 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_QUANTUM_SAFE_HYBRID));
wolfSSL 11:cee25a834751 3673 }
wolfSSL 11:cee25a834751 3674
wolfSSL 11:cee25a834751 3675
wolfSSL 11:cee25a834751 3676 /* return the size of the QSH hello extension
wolfSSL 11:cee25a834751 3677 list the list of QSHScheme structs containing id and key
wolfSSL 11:cee25a834751 3678 isRequest if 1 then is being sent to the server
wolfSSL 11:cee25a834751 3679 */
wolfSSL 11:cee25a834751 3680 word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest)
wolfSSL 11:cee25a834751 3681 {
wolfSSL 11:cee25a834751 3682 QSHScheme* temp = list;
wolfSSL 11:cee25a834751 3683 word16 length = 0;
wolfSSL 11:cee25a834751 3684
wolfSSL 11:cee25a834751 3685 /* account for size of scheme list and public key list */
wolfSSL 11:cee25a834751 3686 if (isRequest)
wolfSSL 11:cee25a834751 3687 length = OPAQUE16_LEN;
wolfSSL 11:cee25a834751 3688 length += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 3689
wolfSSL 11:cee25a834751 3690 /* for each non null element in list add size */
wolfSSL 11:cee25a834751 3691 while ((temp)) {
wolfSSL 11:cee25a834751 3692 /* add public key info Scheme | Key Length | Key */
wolfSSL 11:cee25a834751 3693 length += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 3694 length += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 3695 length += temp->PKLen;
wolfSSL 11:cee25a834751 3696
wolfSSL 11:cee25a834751 3697 /* if client add name size for scheme list
wolfSSL 11:cee25a834751 3698 advance to next QSHScheme struct in list */
wolfSSL 11:cee25a834751 3699 if (isRequest)
wolfSSL 11:cee25a834751 3700 length += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 3701 temp = temp->next;
wolfSSL 11:cee25a834751 3702 }
wolfSSL 11:cee25a834751 3703
wolfSSL 11:cee25a834751 3704 /* add length for request server public keys */
wolfSSL 11:cee25a834751 3705 if (isRequest)
wolfSSL 11:cee25a834751 3706 length += OPAQUE8_LEN;
wolfSSL 11:cee25a834751 3707
wolfSSL 11:cee25a834751 3708 return length;
wolfSSL 11:cee25a834751 3709 }
wolfSSL 11:cee25a834751 3710
wolfSSL 11:cee25a834751 3711
wolfSSL 11:cee25a834751 3712 /* write out a list of QSHScheme IDs */
wolfSSL 11:cee25a834751 3713 static word16 TLSX_QSH_Write(QSHScheme* list, byte* output)
wolfSSL 11:cee25a834751 3714 {
wolfSSL 11:cee25a834751 3715 QSHScheme* current = list;
wolfSSL 11:cee25a834751 3716 word16 length = 0;
wolfSSL 11:cee25a834751 3717
wolfSSL 11:cee25a834751 3718 length += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 3719
wolfSSL 11:cee25a834751 3720 while (current) {
wolfSSL 11:cee25a834751 3721 c16toa(current->name, output + length);
wolfSSL 11:cee25a834751 3722 length += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 3723 current = (QSHScheme*)current->next;
wolfSSL 11:cee25a834751 3724 }
wolfSSL 11:cee25a834751 3725
wolfSSL 11:cee25a834751 3726 c16toa(length - OPAQUE16_LEN, output); /* writing list length */
wolfSSL 11:cee25a834751 3727
wolfSSL 11:cee25a834751 3728 return length;
wolfSSL 11:cee25a834751 3729 }
wolfSSL 11:cee25a834751 3730
wolfSSL 11:cee25a834751 3731
wolfSSL 11:cee25a834751 3732 /* write public key list in extension */
wolfSSL 11:cee25a834751 3733 static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output);
wolfSSL 11:cee25a834751 3734 static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output)
wolfSSL 11:cee25a834751 3735 {
wolfSSL 11:cee25a834751 3736 word32 offset = 0;
wolfSSL 11:cee25a834751 3737 word16 public_len = 0;
wolfSSL 11:cee25a834751 3738
wolfSSL 11:cee25a834751 3739 if (!format)
wolfSSL 11:cee25a834751 3740 return offset;
wolfSSL 11:cee25a834751 3741
wolfSSL 11:cee25a834751 3742 /* write scheme ID */
wolfSSL 11:cee25a834751 3743 c16toa(format->name, output + offset);
wolfSSL 11:cee25a834751 3744 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 3745
wolfSSL 11:cee25a834751 3746 /* write public key matching scheme */
wolfSSL 11:cee25a834751 3747 public_len = format->PKLen;
wolfSSL 11:cee25a834751 3748 c16toa(public_len, output + offset);
wolfSSL 11:cee25a834751 3749 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 3750 if (format->PK) {
wolfSSL 11:cee25a834751 3751 XMEMCPY(output+offset, format->PK, public_len);
wolfSSL 11:cee25a834751 3752 }
wolfSSL 11:cee25a834751 3753
wolfSSL 11:cee25a834751 3754 return public_len + offset;
wolfSSL 11:cee25a834751 3755 }
wolfSSL 11:cee25a834751 3756
wolfSSL 11:cee25a834751 3757 word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output)
wolfSSL 11:cee25a834751 3758 {
wolfSSL 11:cee25a834751 3759 QSHScheme* current = list;
wolfSSL 11:cee25a834751 3760 word32 length = 0;
wolfSSL 11:cee25a834751 3761 word24 toWire;
wolfSSL 11:cee25a834751 3762
wolfSSL 11:cee25a834751 3763 length += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 3764
wolfSSL 11:cee25a834751 3765 while (current) {
wolfSSL 11:cee25a834751 3766 length += TLSX_QSHPK_WriteR(current, output + length);
wolfSSL 11:cee25a834751 3767 current = (QSHScheme*)current->next;
wolfSSL 11:cee25a834751 3768 }
wolfSSL 11:cee25a834751 3769 /* length of public keys sent */
wolfSSL 11:cee25a834751 3770 c32to24(length - OPAQUE24_LEN, toWire);
wolfSSL 11:cee25a834751 3771 output[0] = toWire[0];
wolfSSL 11:cee25a834751 3772 output[1] = toWire[1];
wolfSSL 11:cee25a834751 3773 output[2] = toWire[2];
wolfSSL 11:cee25a834751 3774
wolfSSL 11:cee25a834751 3775 return length;
wolfSSL 11:cee25a834751 3776 }
wolfSSL 11:cee25a834751 3777
wolfSSL 11:cee25a834751 3778 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 11:cee25a834751 3779 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 3780
wolfSSL 11:cee25a834751 3781 static void TLSX_QSHAgreement(TLSX** extensions, void* heap)
wolfSSL 11:cee25a834751 3782 {
wolfSSL 11:cee25a834751 3783 TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 11:cee25a834751 3784 QSHScheme* format = NULL;
wolfSSL 11:cee25a834751 3785 QSHScheme* del = NULL;
wolfSSL 11:cee25a834751 3786 QSHScheme* prev = NULL;
wolfSSL 11:cee25a834751 3787
wolfSSL 11:cee25a834751 3788 if (extension == NULL)
wolfSSL 11:cee25a834751 3789 return;
wolfSSL 11:cee25a834751 3790
wolfSSL 11:cee25a834751 3791 format = (QSHScheme*)extension->data;
wolfSSL 11:cee25a834751 3792 while (format) {
wolfSSL 11:cee25a834751 3793 if (format->PKLen == 0) {
wolfSSL 11:cee25a834751 3794 /* case of head */
wolfSSL 11:cee25a834751 3795 if (format == extension->data) {
wolfSSL 11:cee25a834751 3796 extension->data = format->next;
wolfSSL 11:cee25a834751 3797 }
wolfSSL 11:cee25a834751 3798 if (prev)
wolfSSL 11:cee25a834751 3799 prev->next = format->next;
wolfSSL 11:cee25a834751 3800 del = format;
wolfSSL 11:cee25a834751 3801 format = format->next;
wolfSSL 11:cee25a834751 3802 XFREE(del, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3803 del = NULL;
wolfSSL 11:cee25a834751 3804 } else {
wolfSSL 11:cee25a834751 3805 prev = format;
wolfSSL 11:cee25a834751 3806 format = format->next;
wolfSSL 11:cee25a834751 3807 }
wolfSSL 11:cee25a834751 3808 }
wolfSSL 11:cee25a834751 3809
wolfSSL 11:cee25a834751 3810 (void)heap;
wolfSSL 11:cee25a834751 3811 }
wolfSSL 11:cee25a834751 3812
wolfSSL 11:cee25a834751 3813
wolfSSL 11:cee25a834751 3814 /* Parse in hello extension
wolfSSL 11:cee25a834751 3815 input the byte stream to process
wolfSSL 11:cee25a834751 3816 length length of total extension found
wolfSSL 11:cee25a834751 3817 isRequest set to 1 if being sent to the server
wolfSSL 11:cee25a834751 3818 */
wolfSSL 11:cee25a834751 3819 static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 11:cee25a834751 3820 byte isRequest)
wolfSSL 11:cee25a834751 3821 {
wolfSSL 11:cee25a834751 3822 byte numKeys = 0;
wolfSSL 11:cee25a834751 3823 word16 offset = 0;
wolfSSL 11:cee25a834751 3824 word16 schemSz = 0;
wolfSSL 11:cee25a834751 3825 word16 offset_len = 0;
wolfSSL 11:cee25a834751 3826 word32 offset_pk = 0;
wolfSSL 11:cee25a834751 3827 word16 name = 0;
wolfSSL 11:cee25a834751 3828 word16 PKLen = 0;
wolfSSL 11:cee25a834751 3829 byte* PK = NULL;
wolfSSL 11:cee25a834751 3830 int r;
wolfSSL 11:cee25a834751 3831
wolfSSL 11:cee25a834751 3832
wolfSSL 11:cee25a834751 3833 if (OPAQUE16_LEN > length)
wolfSSL 11:cee25a834751 3834 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 3835
wolfSSL 11:cee25a834751 3836 if (isRequest) {
wolfSSL 11:cee25a834751 3837 ato16(input, &schemSz);
wolfSSL 11:cee25a834751 3838
wolfSSL 11:cee25a834751 3839 /* list of public keys available for QSH schemes */
wolfSSL 11:cee25a834751 3840 offset_len = schemSz + OPAQUE16_LEN;
wolfSSL 11:cee25a834751 3841 }
wolfSSL 11:cee25a834751 3842
wolfSSL 11:cee25a834751 3843 offset_pk = ((input[offset_len] << 16) & 0xFF00000) |
wolfSSL 11:cee25a834751 3844 (((input[offset_len + 1]) << 8) & 0xFF00) |
wolfSSL 11:cee25a834751 3845 (input[offset_len + 2] & 0xFF);
wolfSSL 11:cee25a834751 3846 offset_len += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 3847
wolfSSL 11:cee25a834751 3848 /* check buffer size */
wolfSSL 11:cee25a834751 3849 if (offset_pk > length)
wolfSSL 11:cee25a834751 3850 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 3851
wolfSSL 11:cee25a834751 3852 /* set maximum number of keys the client will accept */
wolfSSL 11:cee25a834751 3853 if (!isRequest)
wolfSSL 11:cee25a834751 3854 numKeys = (ssl->maxRequest < 1)? 1 : ssl->maxRequest;
wolfSSL 11:cee25a834751 3855
wolfSSL 11:cee25a834751 3856 /* hello extension read list of scheme ids */
wolfSSL 11:cee25a834751 3857 if (isRequest) {
wolfSSL 11:cee25a834751 3858
wolfSSL 11:cee25a834751 3859 /* read in request for public keys */
wolfSSL 11:cee25a834751 3860 ssl->minRequest = (input[length -1] >> 4) & 0xFF;
wolfSSL 11:cee25a834751 3861 ssl->maxRequest = input[length -1] & 0x0F;
wolfSSL 11:cee25a834751 3862
wolfSSL 11:cee25a834751 3863 /* choose the min between min requested by client and 1 */
wolfSSL 11:cee25a834751 3864 numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
wolfSSL 11:cee25a834751 3865
wolfSSL 11:cee25a834751 3866 if (ssl->minRequest > ssl->maxRequest)
wolfSSL 11:cee25a834751 3867 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3868
wolfSSL 11:cee25a834751 3869 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 3870 schemSz += offset;
wolfSSL 11:cee25a834751 3871
wolfSSL 11:cee25a834751 3872 /* check buffer size */
wolfSSL 11:cee25a834751 3873 if (schemSz > length)
wolfSSL 11:cee25a834751 3874 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 3875
wolfSSL 11:cee25a834751 3876 while ((offset < schemSz) && numKeys) {
wolfSSL 11:cee25a834751 3877 /* Scheme ID list */
wolfSSL 11:cee25a834751 3878 ato16(input + offset, &name);
wolfSSL 11:cee25a834751 3879 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 3880
wolfSSL 11:cee25a834751 3881 /* validate we have scheme id */
wolfSSL 11:cee25a834751 3882 if (ssl->user_set_QSHSchemes &&
wolfSSL 11:cee25a834751 3883 !TLSX_ValidateQSHScheme(&ssl->extensions, name)) {
wolfSSL 11:cee25a834751 3884 continue;
wolfSSL 11:cee25a834751 3885 }
wolfSSL 11:cee25a834751 3886
wolfSSL 11:cee25a834751 3887 /* server create keys on demand */
wolfSSL 11:cee25a834751 3888 if ((r = TLSX_CreateNtruKey(ssl, name)) != 0) {
wolfSSL 11:cee25a834751 3889 WOLFSSL_MSG("Error creating ntru keys");
wolfSSL 11:cee25a834751 3890 return r;
wolfSSL 11:cee25a834751 3891 }
wolfSSL 11:cee25a834751 3892
wolfSSL 11:cee25a834751 3893 /* peer sent an agreed upon scheme */
wolfSSL 11:cee25a834751 3894 r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap);
wolfSSL 11:cee25a834751 3895
wolfSSL 11:cee25a834751 3896 if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL 11:cee25a834751 3897
wolfSSL 11:cee25a834751 3898 numKeys--;
wolfSSL 11:cee25a834751 3899 }
wolfSSL 11:cee25a834751 3900
wolfSSL 11:cee25a834751 3901 /* choose the min between min requested by client and 1 */
wolfSSL 11:cee25a834751 3902 numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
wolfSSL 11:cee25a834751 3903 }
wolfSSL 11:cee25a834751 3904
wolfSSL 11:cee25a834751 3905 /* QSHPK struct */
wolfSSL 11:cee25a834751 3906 offset_pk += offset_len;
wolfSSL 11:cee25a834751 3907 while ((offset_len < offset_pk) && numKeys) {
wolfSSL 11:cee25a834751 3908 QSHKey * temp;
wolfSSL 11:cee25a834751 3909
wolfSSL 11:cee25a834751 3910 if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap,
wolfSSL 11:cee25a834751 3911 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 11:cee25a834751 3912 return MEMORY_E;
wolfSSL 11:cee25a834751 3913
wolfSSL 11:cee25a834751 3914 /* initialize */
wolfSSL 11:cee25a834751 3915 temp->next = NULL;
wolfSSL 11:cee25a834751 3916 temp->pub.buffer = NULL;
wolfSSL 11:cee25a834751 3917 temp->pub.length = 0;
wolfSSL 11:cee25a834751 3918 temp->pri.buffer = NULL;
wolfSSL 11:cee25a834751 3919 temp->pri.length = 0;
wolfSSL 11:cee25a834751 3920
wolfSSL 11:cee25a834751 3921 /* scheme id */
wolfSSL 11:cee25a834751 3922 ato16(input + offset_len, &(temp->name));
wolfSSL 11:cee25a834751 3923 offset_len += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 3924
wolfSSL 11:cee25a834751 3925 /* public key length */
wolfSSL 11:cee25a834751 3926 ato16(input + offset_len, &PKLen);
wolfSSL 11:cee25a834751 3927 temp->pub.length = PKLen;
wolfSSL 11:cee25a834751 3928 offset_len += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 3929
wolfSSL 11:cee25a834751 3930
wolfSSL 11:cee25a834751 3931 if (isRequest) {
wolfSSL 11:cee25a834751 3932 /* validate we have scheme id */
wolfSSL 11:cee25a834751 3933 if (ssl->user_set_QSHSchemes &&
wolfSSL 11:cee25a834751 3934 (!TLSX_ValidateQSHScheme(&ssl->extensions, temp->name))) {
wolfSSL 11:cee25a834751 3935 offset_len += PKLen;
wolfSSL 11:cee25a834751 3936 XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 3937 continue;
wolfSSL 11:cee25a834751 3938 }
wolfSSL 11:cee25a834751 3939 }
wolfSSL 11:cee25a834751 3940
wolfSSL 11:cee25a834751 3941 /* read in public key */
wolfSSL 11:cee25a834751 3942 if (PKLen > 0) {
wolfSSL 11:cee25a834751 3943 temp->pub.buffer = (byte*)XMALLOC(temp->pub.length,
wolfSSL 11:cee25a834751 3944 ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 11:cee25a834751 3945 XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length);
wolfSSL 11:cee25a834751 3946 offset_len += PKLen;
wolfSSL 11:cee25a834751 3947 }
wolfSSL 11:cee25a834751 3948 else {
wolfSSL 11:cee25a834751 3949 PK = NULL;
wolfSSL 11:cee25a834751 3950 }
wolfSSL 11:cee25a834751 3951
wolfSSL 11:cee25a834751 3952 /* use own key when adding to extensions list for sending reply */
wolfSSL 11:cee25a834751 3953 PKLen = 0;
wolfSSL 11:cee25a834751 3954 PK = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &PKLen, temp->name);
wolfSSL 11:cee25a834751 3955 r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen,
wolfSSL 11:cee25a834751 3956 ssl->heap);
wolfSSL 11:cee25a834751 3957
wolfSSL 11:cee25a834751 3958 /* store peers key */
wolfSSL 11:cee25a834751 3959 ssl->peerQSHKeyPresent = 1;
wolfSSL 11:cee25a834751 3960 if (TLSX_AddQSHKey(&ssl->peerQSHKey, temp) != 0)
wolfSSL 11:cee25a834751 3961 return MEMORY_E;
wolfSSL 11:cee25a834751 3962
wolfSSL 11:cee25a834751 3963 if (temp->pub.length == 0) {
wolfSSL 11:cee25a834751 3964 XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 3965 }
wolfSSL 11:cee25a834751 3966
wolfSSL 11:cee25a834751 3967 if (r != SSL_SUCCESS) {return r;} /* throw error */
wolfSSL 11:cee25a834751 3968
wolfSSL 11:cee25a834751 3969 numKeys--;
wolfSSL 11:cee25a834751 3970 }
wolfSSL 11:cee25a834751 3971
wolfSSL 11:cee25a834751 3972 /* reply to a QSH extension sent from client */
wolfSSL 11:cee25a834751 3973 if (isRequest) {
wolfSSL 11:cee25a834751 3974 TLSX_SetResponse(ssl, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 11:cee25a834751 3975 /* only use schemes we have key generated for -- free the rest */
wolfSSL 11:cee25a834751 3976 TLSX_QSHAgreement(&ssl->extensions, ssl->heap);
wolfSSL 11:cee25a834751 3977 }
wolfSSL 11:cee25a834751 3978
wolfSSL 11:cee25a834751 3979 return 0;
wolfSSL 11:cee25a834751 3980 }
wolfSSL 11:cee25a834751 3981
wolfSSL 11:cee25a834751 3982
wolfSSL 11:cee25a834751 3983 /* Used for parsing in QSHCipher structs on Key Exchange */
wolfSSL 11:cee25a834751 3984 int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length,
wolfSSL 11:cee25a834751 3985 byte isServer)
wolfSSL 11:cee25a834751 3986 {
wolfSSL 11:cee25a834751 3987 QSHKey* key;
wolfSSL 11:cee25a834751 3988 word16 Max_Secret_Len = 48;
wolfSSL 11:cee25a834751 3989 word16 offset = 0;
wolfSSL 11:cee25a834751 3990 word16 offset_len = 0;
wolfSSL 11:cee25a834751 3991 word32 offset_pk = 0;
wolfSSL 11:cee25a834751 3992 word16 name = 0;
wolfSSL 11:cee25a834751 3993 word16 secretLen = 0;
wolfSSL 11:cee25a834751 3994 byte* secret = NULL;
wolfSSL 11:cee25a834751 3995 word16 buffLen = 0;
wolfSSL 11:cee25a834751 3996 byte buff[145]; /* size enough for 3 secrets */
wolfSSL 11:cee25a834751 3997 buffer* buf;
wolfSSL 11:cee25a834751 3998
wolfSSL 11:cee25a834751 3999 /* pointer to location where secret should be stored */
wolfSSL 11:cee25a834751 4000 if (isServer) {
wolfSSL 11:cee25a834751 4001 buf = ssl->QSH_secret->CliSi;
wolfSSL 11:cee25a834751 4002 }
wolfSSL 11:cee25a834751 4003 else {
wolfSSL 11:cee25a834751 4004 buf = ssl->QSH_secret->SerSi;
wolfSSL 11:cee25a834751 4005 }
wolfSSL 11:cee25a834751 4006
wolfSSL 11:cee25a834751 4007 offset_pk = ((input[offset_len] << 16) & 0xFF0000) |
wolfSSL 11:cee25a834751 4008 (((input[offset_len + 1]) << 8) & 0xFF00) |
wolfSSL 11:cee25a834751 4009 (input[offset_len + 2] & 0xFF);
wolfSSL 11:cee25a834751 4010 offset_len += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 4011
wolfSSL 11:cee25a834751 4012 /* validating extension list length -- check if trying to read over edge
wolfSSL 11:cee25a834751 4013 of buffer */
wolfSSL 11:cee25a834751 4014 if (length < (offset_pk + OPAQUE24_LEN)) {
wolfSSL 11:cee25a834751 4015 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 4016 }
wolfSSL 11:cee25a834751 4017
wolfSSL 11:cee25a834751 4018 /* QSHCipherList struct */
wolfSSL 11:cee25a834751 4019 offset_pk += offset_len;
wolfSSL 11:cee25a834751 4020 while (offset_len < offset_pk) {
wolfSSL 11:cee25a834751 4021
wolfSSL 11:cee25a834751 4022 /* scheme id */
wolfSSL 11:cee25a834751 4023 ato16(input + offset_len, &name);
wolfSSL 11:cee25a834751 4024 offset_len += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 4025
wolfSSL 11:cee25a834751 4026 /* public key length */
wolfSSL 11:cee25a834751 4027 ato16(input + offset_len, &secretLen);
wolfSSL 11:cee25a834751 4028 offset_len += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 4029
wolfSSL 11:cee25a834751 4030 /* read in public key */
wolfSSL 11:cee25a834751 4031 if (secretLen > 0) {
wolfSSL 11:cee25a834751 4032 secret = (byte*)(input + offset_len);
wolfSSL 11:cee25a834751 4033 offset_len += secretLen;
wolfSSL 11:cee25a834751 4034 }
wolfSSL 11:cee25a834751 4035 else {
wolfSSL 11:cee25a834751 4036 secret = NULL;
wolfSSL 11:cee25a834751 4037 }
wolfSSL 11:cee25a834751 4038
wolfSSL 11:cee25a834751 4039 /* no secret sent */
wolfSSL 11:cee25a834751 4040 if (secret == NULL)
wolfSSL 11:cee25a834751 4041 continue;
wolfSSL 11:cee25a834751 4042
wolfSSL 11:cee25a834751 4043 /* find corresponding key */
wolfSSL 11:cee25a834751 4044 key = ssl->QSH_Key;
wolfSSL 11:cee25a834751 4045 while (key) {
wolfSSL 11:cee25a834751 4046 if (key->name == name)
wolfSSL 11:cee25a834751 4047 break;
wolfSSL 11:cee25a834751 4048 else
wolfSSL 11:cee25a834751 4049 key = (QSHKey*)key->next;
wolfSSL 11:cee25a834751 4050 }
wolfSSL 11:cee25a834751 4051
wolfSSL 11:cee25a834751 4052 /* if we do not have the key than there was a big issue negotiation */
wolfSSL 11:cee25a834751 4053 if (key == NULL) {
wolfSSL 11:cee25a834751 4054 WOLFSSL_MSG("key was null for decryption!!!\n");
wolfSSL 11:cee25a834751 4055 return MEMORY_E;
wolfSSL 11:cee25a834751 4056 }
wolfSSL 11:cee25a834751 4057
wolfSSL 11:cee25a834751 4058 /* Decrypt sent secret */
wolfSSL 11:cee25a834751 4059 buffLen = Max_Secret_Len;
wolfSSL 11:cee25a834751 4060 QSH_Decrypt(key, secret, secretLen, buff + offset, &buffLen);
wolfSSL 11:cee25a834751 4061 offset += buffLen;
wolfSSL 11:cee25a834751 4062 }
wolfSSL 11:cee25a834751 4063
wolfSSL 11:cee25a834751 4064 /* allocate memory for buffer */
wolfSSL 11:cee25a834751 4065 buf->length = offset;
wolfSSL 11:cee25a834751 4066 buf->buffer = (byte*)XMALLOC(offset, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4067 if (buf->buffer == NULL)
wolfSSL 11:cee25a834751 4068 return MEMORY_E;
wolfSSL 11:cee25a834751 4069
wolfSSL 11:cee25a834751 4070 /* store secrets */
wolfSSL 11:cee25a834751 4071 XMEMCPY(buf->buffer, buff, offset);
wolfSSL 11:cee25a834751 4072 ForceZero(buff, offset);
wolfSSL 11:cee25a834751 4073
wolfSSL 11:cee25a834751 4074 return offset_len;
wolfSSL 11:cee25a834751 4075 }
wolfSSL 11:cee25a834751 4076
wolfSSL 11:cee25a834751 4077
wolfSSL 11:cee25a834751 4078 /* return 1 on success */
wolfSSL 11:cee25a834751 4079 int TLSX_ValidateQSHScheme(TLSX** extensions, word16 theirs) {
wolfSSL 11:cee25a834751 4080 TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 11:cee25a834751 4081 QSHScheme* format = NULL;
wolfSSL 11:cee25a834751 4082
wolfSSL 11:cee25a834751 4083 /* if no extension is sent then do not use QSH */
wolfSSL 11:cee25a834751 4084 if (!extension) {
wolfSSL 11:cee25a834751 4085 WOLFSSL_MSG("No QSH Extension");
wolfSSL 11:cee25a834751 4086 return 0;
wolfSSL 11:cee25a834751 4087 }
wolfSSL 11:cee25a834751 4088
wolfSSL 11:cee25a834751 4089 for (format = (QSHScheme*)extension->data; format; format = format->next) {
wolfSSL 11:cee25a834751 4090 if (format->name == theirs) {
wolfSSL 11:cee25a834751 4091 WOLFSSL_MSG("Found Matching QSH Scheme");
wolfSSL 11:cee25a834751 4092 return 1; /* have QSH */
wolfSSL 11:cee25a834751 4093 }
wolfSSL 11:cee25a834751 4094 }
wolfSSL 11:cee25a834751 4095
wolfSSL 11:cee25a834751 4096 return 0;
wolfSSL 11:cee25a834751 4097 }
wolfSSL 11:cee25a834751 4098 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 4099
wolfSSL 11:cee25a834751 4100 /* test if the QSH Scheme is implemented
wolfSSL 11:cee25a834751 4101 return 1 if yes 0 if no */
wolfSSL 11:cee25a834751 4102 static int TLSX_HaveQSHScheme(word16 name)
wolfSSL 11:cee25a834751 4103 {
wolfSSL 11:cee25a834751 4104 switch(name) {
wolfSSL 11:cee25a834751 4105 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 4106 case WOLFSSL_NTRU_EESS439:
wolfSSL 11:cee25a834751 4107 case WOLFSSL_NTRU_EESS593:
wolfSSL 11:cee25a834751 4108 case WOLFSSL_NTRU_EESS743:
wolfSSL 11:cee25a834751 4109 return 1;
wolfSSL 11:cee25a834751 4110 #endif
wolfSSL 11:cee25a834751 4111 case WOLFSSL_LWE_XXX:
wolfSSL 11:cee25a834751 4112 case WOLFSSL_HFE_XXX:
wolfSSL 11:cee25a834751 4113 return 0; /* not supported yet */
wolfSSL 11:cee25a834751 4114
wolfSSL 11:cee25a834751 4115 default:
wolfSSL 11:cee25a834751 4116 return 0;
wolfSSL 11:cee25a834751 4117 }
wolfSSL 11:cee25a834751 4118 }
wolfSSL 11:cee25a834751 4119
wolfSSL 11:cee25a834751 4120
wolfSSL 11:cee25a834751 4121 /* Add a QSHScheme struct to list of usable ones */
wolfSSL 11:cee25a834751 4122 int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz,
wolfSSL 11:cee25a834751 4123 void* heap)
wolfSSL 11:cee25a834751 4124 {
wolfSSL 11:cee25a834751 4125 TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 11:cee25a834751 4126 QSHScheme* format = NULL;
wolfSSL 11:cee25a834751 4127 int ret = 0;
wolfSSL 11:cee25a834751 4128
wolfSSL 11:cee25a834751 4129 /* sanity check */
wolfSSL 11:cee25a834751 4130 if (extensions == NULL || (pKey == NULL && pkeySz != 0))
wolfSSL 11:cee25a834751 4131 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 4132
wolfSSL 11:cee25a834751 4133 /* if scheme is implemented than add */
wolfSSL 11:cee25a834751 4134 if (TLSX_HaveQSHScheme(name)) {
wolfSSL 11:cee25a834751 4135 if ((ret = TLSX_QSH_Append(&format, name, pKey, pkeySz)) != 0)
wolfSSL 11:cee25a834751 4136 return ret;
wolfSSL 11:cee25a834751 4137
wolfSSL 11:cee25a834751 4138 if (!extension) {
wolfSSL 11:cee25a834751 4139 if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format,
wolfSSL 11:cee25a834751 4140 heap)) != 0) {
wolfSSL 11:cee25a834751 4141 XFREE(format, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 4142 return ret;
wolfSSL 11:cee25a834751 4143 }
wolfSSL 11:cee25a834751 4144 }
wolfSSL 11:cee25a834751 4145 else {
wolfSSL 11:cee25a834751 4146 /* push new QSH object to extension data. */
wolfSSL 11:cee25a834751 4147 format->next = (QSHScheme*)extension->data;
wolfSSL 11:cee25a834751 4148 extension->data = (void*)format;
wolfSSL 11:cee25a834751 4149
wolfSSL 11:cee25a834751 4150 /* look for another format of the same name to remove (replacement) */
wolfSSL 11:cee25a834751 4151 do {
wolfSSL 11:cee25a834751 4152 if (format->next && (format->next->name == name)) {
wolfSSL 11:cee25a834751 4153 QSHScheme* next = format->next;
wolfSSL 11:cee25a834751 4154
wolfSSL 11:cee25a834751 4155 format->next = next->next;
wolfSSL 11:cee25a834751 4156 XFREE(next, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 4157
wolfSSL 11:cee25a834751 4158 break;
wolfSSL 11:cee25a834751 4159 }
wolfSSL 11:cee25a834751 4160 } while ((format = format->next));
wolfSSL 11:cee25a834751 4161 }
wolfSSL 11:cee25a834751 4162 }
wolfSSL 11:cee25a834751 4163 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 4164 }
wolfSSL 11:cee25a834751 4165
wolfSSL 11:cee25a834751 4166 #define QSH_FREE_ALL TLSX_QSH_FreeAll
wolfSSL 11:cee25a834751 4167 #define QSH_VALIDATE_REQUEST TLSX_QSH_ValidateRequest
wolfSSL 11:cee25a834751 4168
wolfSSL 11:cee25a834751 4169 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 4170 #define QSH_GET_SIZE TLSX_QSH_GetSize
wolfSSL 11:cee25a834751 4171 #define QSH_WRITE TLSX_QSH_Write
wolfSSL 11:cee25a834751 4172 #else
wolfSSL 11:cee25a834751 4173 #define QSH_GET_SIZE(list) 0
wolfSSL 11:cee25a834751 4174 #define QSH_WRITE(a, b) 0
wolfSSL 11:cee25a834751 4175 #endif
wolfSSL 11:cee25a834751 4176
wolfSSL 11:cee25a834751 4177 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 4178 #define QSH_PARSE TLSX_QSH_Parse
wolfSSL 11:cee25a834751 4179 #else
wolfSSL 11:cee25a834751 4180 #define QSH_PARSE(a, b, c, d) 0
wolfSSL 11:cee25a834751 4181 #endif
wolfSSL 11:cee25a834751 4182
wolfSSL 11:cee25a834751 4183 #define QSHPK_WRITE TLSX_QSHPK_Write
wolfSSL 11:cee25a834751 4184 #define QSH_SERREQ TLSX_QSH_SerPKReq
wolfSSL 11:cee25a834751 4185 #else
wolfSSL 11:cee25a834751 4186
wolfSSL 11:cee25a834751 4187 #define QSH_FREE_ALL(list, heap)
wolfSSL 11:cee25a834751 4188 #define QSH_GET_SIZE(list, a) 0
wolfSSL 11:cee25a834751 4189 #define QSH_WRITE(a, b) 0
wolfSSL 11:cee25a834751 4190 #define QSH_PARSE(a, b, c, d) 0
wolfSSL 11:cee25a834751 4191 #define QSHPK_WRITE(a, b) 0
wolfSSL 11:cee25a834751 4192 #define QSH_SERREQ(a, b) 0
wolfSSL 11:cee25a834751 4193 #define QSH_VALIDATE_REQUEST(a, b)
wolfSSL 11:cee25a834751 4194
wolfSSL 11:cee25a834751 4195 #endif /* HAVE_QSH */
wolfSSL 11:cee25a834751 4196
wolfSSL 11:cee25a834751 4197 /******************************************************************************/
wolfSSL 11:cee25a834751 4198 /* TLS Extensions Framework */
wolfSSL 11:cee25a834751 4199 /******************************************************************************/
wolfSSL 11:cee25a834751 4200
wolfSSL 11:cee25a834751 4201 /** Finds an extension in the provided list. */
wolfSSL 11:cee25a834751 4202 TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
wolfSSL 11:cee25a834751 4203 {
wolfSSL 11:cee25a834751 4204 TLSX* extension = list;
wolfSSL 11:cee25a834751 4205
wolfSSL 11:cee25a834751 4206 while (extension && extension->type != type)
wolfSSL 11:cee25a834751 4207 extension = extension->next;
wolfSSL 11:cee25a834751 4208
wolfSSL 11:cee25a834751 4209 return extension;
wolfSSL 11:cee25a834751 4210 }
wolfSSL 11:cee25a834751 4211
wolfSSL 11:cee25a834751 4212 /** Releases all extensions in the provided list. */
wolfSSL 11:cee25a834751 4213 void TLSX_FreeAll(TLSX* list, void* heap)
wolfSSL 11:cee25a834751 4214 {
wolfSSL 11:cee25a834751 4215 TLSX* extension;
wolfSSL 11:cee25a834751 4216
wolfSSL 11:cee25a834751 4217 while ((extension = list)) {
wolfSSL 11:cee25a834751 4218 list = extension->next;
wolfSSL 11:cee25a834751 4219
wolfSSL 11:cee25a834751 4220 switch (extension->type) {
wolfSSL 11:cee25a834751 4221
wolfSSL 11:cee25a834751 4222 case TLSX_SERVER_NAME:
wolfSSL 11:cee25a834751 4223 SNI_FREE_ALL((SNI*)extension->data, heap);
wolfSSL 11:cee25a834751 4224 break;
wolfSSL 11:cee25a834751 4225
wolfSSL 11:cee25a834751 4226 case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL 11:cee25a834751 4227 MFL_FREE_ALL(extension->data, heap);
wolfSSL 11:cee25a834751 4228 break;
wolfSSL 11:cee25a834751 4229
wolfSSL 11:cee25a834751 4230 case TLSX_TRUNCATED_HMAC:
wolfSSL 11:cee25a834751 4231 /* Nothing to do. */
wolfSSL 11:cee25a834751 4232 break;
wolfSSL 11:cee25a834751 4233
wolfSSL 11:cee25a834751 4234 case TLSX_SUPPORTED_GROUPS:
wolfSSL 11:cee25a834751 4235 EC_FREE_ALL((EllipticCurve*)extension->data, heap);
wolfSSL 11:cee25a834751 4236 break;
wolfSSL 11:cee25a834751 4237
wolfSSL 11:cee25a834751 4238 case TLSX_STATUS_REQUEST:
wolfSSL 11:cee25a834751 4239 CSR_FREE_ALL((CertificateStatusRequest*)extension->data, heap);
wolfSSL 11:cee25a834751 4240 break;
wolfSSL 11:cee25a834751 4241
wolfSSL 11:cee25a834751 4242 case TLSX_STATUS_REQUEST_V2:
wolfSSL 11:cee25a834751 4243 CSR2_FREE_ALL((CertificateStatusRequestItemV2*)extension->data,
wolfSSL 11:cee25a834751 4244 heap);
wolfSSL 11:cee25a834751 4245 break;
wolfSSL 11:cee25a834751 4246
wolfSSL 11:cee25a834751 4247 case TLSX_RENEGOTIATION_INFO:
wolfSSL 11:cee25a834751 4248 SCR_FREE_ALL(extension->data, heap);
wolfSSL 11:cee25a834751 4249 break;
wolfSSL 11:cee25a834751 4250
wolfSSL 11:cee25a834751 4251 case TLSX_SESSION_TICKET:
wolfSSL 11:cee25a834751 4252 WOLF_STK_FREE(extension->data, heap);
wolfSSL 11:cee25a834751 4253 break;
wolfSSL 11:cee25a834751 4254
wolfSSL 11:cee25a834751 4255 case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL 11:cee25a834751 4256 QSH_FREE_ALL((QSHScheme*)extension->data, heap);
wolfSSL 11:cee25a834751 4257 break;
wolfSSL 11:cee25a834751 4258
wolfSSL 11:cee25a834751 4259 case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL 11:cee25a834751 4260 ALPN_FREE_ALL((ALPN*)extension->data, heap);
wolfSSL 11:cee25a834751 4261 break;
wolfSSL 11:cee25a834751 4262 }
wolfSSL 11:cee25a834751 4263
wolfSSL 11:cee25a834751 4264 XFREE(extension, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 4265 }
wolfSSL 11:cee25a834751 4266
wolfSSL 11:cee25a834751 4267 (void)heap;
wolfSSL 11:cee25a834751 4268 }
wolfSSL 11:cee25a834751 4269
wolfSSL 11:cee25a834751 4270 /** Checks if the tls extensions are supported based on the protocol version. */
wolfSSL 11:cee25a834751 4271 int TLSX_SupportExtensions(WOLFSSL* ssl) {
wolfSSL 11:cee25a834751 4272 return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR);
wolfSSL 11:cee25a834751 4273 }
wolfSSL 11:cee25a834751 4274
wolfSSL 11:cee25a834751 4275 /** Tells the buffered size of the extensions in a list. */
wolfSSL 11:cee25a834751 4276 static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
wolfSSL 11:cee25a834751 4277 {
wolfSSL 11:cee25a834751 4278 TLSX* extension;
wolfSSL 11:cee25a834751 4279 word16 length = 0;
wolfSSL 11:cee25a834751 4280
wolfSSL 11:cee25a834751 4281 while ((extension = list)) {
wolfSSL 11:cee25a834751 4282 list = extension->next;
wolfSSL 11:cee25a834751 4283
wolfSSL 11:cee25a834751 4284 /* only extensions marked as response are sent back to the client. */
wolfSSL 11:cee25a834751 4285 if (!isRequest && !extension->resp)
wolfSSL 11:cee25a834751 4286 continue; /* skip! */
wolfSSL 11:cee25a834751 4287
wolfSSL 11:cee25a834751 4288 /* ssl level extensions are expected to override ctx level ones. */
wolfSSL 11:cee25a834751 4289 if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
wolfSSL 11:cee25a834751 4290 continue; /* skip! */
wolfSSL 11:cee25a834751 4291
wolfSSL 11:cee25a834751 4292 /* extension type + extension data length. */
wolfSSL 11:cee25a834751 4293 length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL 11:cee25a834751 4294
wolfSSL 11:cee25a834751 4295
wolfSSL 11:cee25a834751 4296 switch (extension->type) {
wolfSSL 11:cee25a834751 4297
wolfSSL 11:cee25a834751 4298 case TLSX_SERVER_NAME:
wolfSSL 11:cee25a834751 4299 /* SNI only sends the name on the request. */
wolfSSL 11:cee25a834751 4300 if (isRequest)
wolfSSL 11:cee25a834751 4301 length += SNI_GET_SIZE((SNI*)extension->data);
wolfSSL 11:cee25a834751 4302 break;
wolfSSL 11:cee25a834751 4303
wolfSSL 11:cee25a834751 4304 case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL 11:cee25a834751 4305 length += MFL_GET_SIZE(extension->data);
wolfSSL 11:cee25a834751 4306 break;
wolfSSL 11:cee25a834751 4307
wolfSSL 11:cee25a834751 4308 case TLSX_TRUNCATED_HMAC:
wolfSSL 11:cee25a834751 4309 /* always empty. */
wolfSSL 11:cee25a834751 4310 break;
wolfSSL 11:cee25a834751 4311
wolfSSL 11:cee25a834751 4312 case TLSX_SUPPORTED_GROUPS:
wolfSSL 11:cee25a834751 4313 length += EC_GET_SIZE((EllipticCurve*)extension->data);
wolfSSL 11:cee25a834751 4314 break;
wolfSSL 11:cee25a834751 4315
wolfSSL 11:cee25a834751 4316 case TLSX_STATUS_REQUEST:
wolfSSL 11:cee25a834751 4317 length += CSR_GET_SIZE(
wolfSSL 11:cee25a834751 4318 (CertificateStatusRequest*)extension->data, isRequest);
wolfSSL 11:cee25a834751 4319 break;
wolfSSL 11:cee25a834751 4320
wolfSSL 11:cee25a834751 4321 case TLSX_STATUS_REQUEST_V2:
wolfSSL 11:cee25a834751 4322 length += CSR2_GET_SIZE(
wolfSSL 11:cee25a834751 4323 (CertificateStatusRequestItemV2*)extension->data,
wolfSSL 11:cee25a834751 4324 isRequest);
wolfSSL 11:cee25a834751 4325 break;
wolfSSL 11:cee25a834751 4326
wolfSSL 11:cee25a834751 4327 case TLSX_RENEGOTIATION_INFO:
wolfSSL 11:cee25a834751 4328 length += SCR_GET_SIZE((SecureRenegotiation*)extension->data,
wolfSSL 11:cee25a834751 4329 isRequest);
wolfSSL 11:cee25a834751 4330 break;
wolfSSL 11:cee25a834751 4331
wolfSSL 11:cee25a834751 4332 case TLSX_SESSION_TICKET:
wolfSSL 11:cee25a834751 4333 length += WOLF_STK_GET_SIZE((SessionTicket*)extension->data,
wolfSSL 11:cee25a834751 4334 isRequest);
wolfSSL 11:cee25a834751 4335 break;
wolfSSL 11:cee25a834751 4336
wolfSSL 11:cee25a834751 4337 case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL 11:cee25a834751 4338 length += QSH_GET_SIZE((QSHScheme*)extension->data, isRequest);
wolfSSL 11:cee25a834751 4339 break;
wolfSSL 11:cee25a834751 4340
wolfSSL 11:cee25a834751 4341 case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL 11:cee25a834751 4342 length += ALPN_GET_SIZE((ALPN*)extension->data);
wolfSSL 11:cee25a834751 4343 break;
wolfSSL 11:cee25a834751 4344
wolfSSL 11:cee25a834751 4345 }
wolfSSL 11:cee25a834751 4346
wolfSSL 11:cee25a834751 4347 /* marks the extension as processed so ctx level */
wolfSSL 11:cee25a834751 4348 /* extensions don't overlap with ssl level ones. */
wolfSSL 11:cee25a834751 4349 TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
wolfSSL 11:cee25a834751 4350 }
wolfSSL 11:cee25a834751 4351
wolfSSL 11:cee25a834751 4352 return length;
wolfSSL 11:cee25a834751 4353 }
wolfSSL 11:cee25a834751 4354
wolfSSL 11:cee25a834751 4355 /** Writes the extensions of a list in a buffer. */
wolfSSL 11:cee25a834751 4356 static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
wolfSSL 11:cee25a834751 4357 byte isRequest)
wolfSSL 11:cee25a834751 4358 {
wolfSSL 11:cee25a834751 4359 TLSX* extension;
wolfSSL 11:cee25a834751 4360 word16 offset = 0;
wolfSSL 11:cee25a834751 4361 word16 length_offset = 0;
wolfSSL 11:cee25a834751 4362
wolfSSL 11:cee25a834751 4363 while ((extension = list)) {
wolfSSL 11:cee25a834751 4364 list = extension->next;
wolfSSL 11:cee25a834751 4365
wolfSSL 11:cee25a834751 4366 /* only extensions marked as response are written in a response. */
wolfSSL 11:cee25a834751 4367 if (!isRequest && !extension->resp)
wolfSSL 11:cee25a834751 4368 continue; /* skip! */
wolfSSL 11:cee25a834751 4369
wolfSSL 11:cee25a834751 4370 /* ssl level extensions are expected to override ctx level ones. */
wolfSSL 11:cee25a834751 4371 if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
wolfSSL 11:cee25a834751 4372 continue; /* skip! */
wolfSSL 11:cee25a834751 4373
wolfSSL 11:cee25a834751 4374 /* writes extension type. */
wolfSSL 11:cee25a834751 4375 c16toa(extension->type, output + offset);
wolfSSL 11:cee25a834751 4376 offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL 11:cee25a834751 4377 length_offset = offset;
wolfSSL 11:cee25a834751 4378
wolfSSL 11:cee25a834751 4379 /* extension data should be written internally. */
wolfSSL 11:cee25a834751 4380 switch (extension->type) {
wolfSSL 11:cee25a834751 4381 case TLSX_SERVER_NAME:
wolfSSL 11:cee25a834751 4382 if (isRequest)
wolfSSL 11:cee25a834751 4383 offset += SNI_WRITE((SNI*)extension->data, output + offset);
wolfSSL 11:cee25a834751 4384 break;
wolfSSL 11:cee25a834751 4385
wolfSSL 11:cee25a834751 4386 case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL 11:cee25a834751 4387 offset += MFL_WRITE((byte*)extension->data, output + offset);
wolfSSL 11:cee25a834751 4388 break;
wolfSSL 11:cee25a834751 4389
wolfSSL 11:cee25a834751 4390 case TLSX_TRUNCATED_HMAC:
wolfSSL 11:cee25a834751 4391 /* always empty. */
wolfSSL 11:cee25a834751 4392 break;
wolfSSL 11:cee25a834751 4393
wolfSSL 11:cee25a834751 4394 case TLSX_SUPPORTED_GROUPS:
wolfSSL 11:cee25a834751 4395 offset += EC_WRITE((EllipticCurve*)extension->data,
wolfSSL 11:cee25a834751 4396 output + offset);
wolfSSL 11:cee25a834751 4397 break;
wolfSSL 11:cee25a834751 4398
wolfSSL 11:cee25a834751 4399 case TLSX_STATUS_REQUEST:
wolfSSL 11:cee25a834751 4400 offset += CSR_WRITE((CertificateStatusRequest*)extension->data,
wolfSSL 11:cee25a834751 4401 output + offset, isRequest);
wolfSSL 11:cee25a834751 4402 break;
wolfSSL 11:cee25a834751 4403
wolfSSL 11:cee25a834751 4404 case TLSX_STATUS_REQUEST_V2:
wolfSSL 11:cee25a834751 4405 offset += CSR2_WRITE(
wolfSSL 11:cee25a834751 4406 (CertificateStatusRequestItemV2*)extension->data,
wolfSSL 11:cee25a834751 4407 output + offset, isRequest);
wolfSSL 11:cee25a834751 4408 break;
wolfSSL 11:cee25a834751 4409
wolfSSL 11:cee25a834751 4410 case TLSX_RENEGOTIATION_INFO:
wolfSSL 11:cee25a834751 4411 offset += SCR_WRITE((SecureRenegotiation*)extension->data,
wolfSSL 11:cee25a834751 4412 output + offset, isRequest);
wolfSSL 11:cee25a834751 4413 break;
wolfSSL 11:cee25a834751 4414
wolfSSL 11:cee25a834751 4415 case TLSX_SESSION_TICKET:
wolfSSL 11:cee25a834751 4416 offset += WOLF_STK_WRITE((SessionTicket*)extension->data,
wolfSSL 11:cee25a834751 4417 output + offset, isRequest);
wolfSSL 11:cee25a834751 4418 break;
wolfSSL 11:cee25a834751 4419
wolfSSL 11:cee25a834751 4420 case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL 11:cee25a834751 4421 if (isRequest) {
wolfSSL 11:cee25a834751 4422 offset += QSH_WRITE((QSHScheme*)extension->data, output + offset);
wolfSSL 11:cee25a834751 4423 }
wolfSSL 11:cee25a834751 4424 offset += QSHPK_WRITE((QSHScheme*)extension->data, output + offset);
wolfSSL 11:cee25a834751 4425 offset += QSH_SERREQ(output + offset, isRequest);
wolfSSL 11:cee25a834751 4426 break;
wolfSSL 11:cee25a834751 4427
wolfSSL 11:cee25a834751 4428 case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL 11:cee25a834751 4429 offset += ALPN_WRITE((ALPN*)extension->data, output + offset);
wolfSSL 11:cee25a834751 4430 break;
wolfSSL 11:cee25a834751 4431 }
wolfSSL 11:cee25a834751 4432
wolfSSL 11:cee25a834751 4433 /* writes extension data length. */
wolfSSL 11:cee25a834751 4434 c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN);
wolfSSL 11:cee25a834751 4435
wolfSSL 11:cee25a834751 4436 /* marks the extension as processed so ctx level */
wolfSSL 11:cee25a834751 4437 /* extensions don't overlap with ssl level ones. */
wolfSSL 11:cee25a834751 4438 TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
wolfSSL 11:cee25a834751 4439 }
wolfSSL 11:cee25a834751 4440
wolfSSL 11:cee25a834751 4441 return offset;
wolfSSL 11:cee25a834751 4442 }
wolfSSL 11:cee25a834751 4443
wolfSSL 11:cee25a834751 4444
wolfSSL 11:cee25a834751 4445 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 4446
wolfSSL 11:cee25a834751 4447 static word32 GetEntropy(unsigned char* out, word32 num_bytes)
wolfSSL 11:cee25a834751 4448 {
wolfSSL 11:cee25a834751 4449 int ret = 0;
wolfSSL 11:cee25a834751 4450
wolfSSL 11:cee25a834751 4451 if (rng == NULL) {
wolfSSL 11:cee25a834751 4452 if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL,
wolfSSL 11:cee25a834751 4453 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 11:cee25a834751 4454 return DRBG_OUT_OF_MEMORY;
wolfSSL 11:cee25a834751 4455 wc_InitRng(rng);
wolfSSL 11:cee25a834751 4456 }
wolfSSL 11:cee25a834751 4457
wolfSSL 11:cee25a834751 4458 if (rngMutex == NULL) {
wolfSSL 11:cee25a834751 4459 if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL,
wolfSSL 11:cee25a834751 4460 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 11:cee25a834751 4461 return DRBG_OUT_OF_MEMORY;
wolfSSL 11:cee25a834751 4462 wc_InitMutex(rngMutex);
wolfSSL 11:cee25a834751 4463 }
wolfSSL 11:cee25a834751 4464
wolfSSL 11:cee25a834751 4465 ret |= wc_LockMutex(rngMutex);
wolfSSL 11:cee25a834751 4466 ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
wolfSSL 11:cee25a834751 4467 ret |= wc_UnLockMutex(rngMutex);
wolfSSL 11:cee25a834751 4468
wolfSSL 11:cee25a834751 4469 if (ret != 0)
wolfSSL 11:cee25a834751 4470 return DRBG_ENTROPY_FAIL;
wolfSSL 11:cee25a834751 4471
wolfSSL 11:cee25a834751 4472 return DRBG_OK;
wolfSSL 11:cee25a834751 4473 }
wolfSSL 11:cee25a834751 4474 #endif
wolfSSL 11:cee25a834751 4475
wolfSSL 11:cee25a834751 4476
wolfSSL 11:cee25a834751 4477 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 4478 static int TLSX_CreateQSHKey(WOLFSSL* ssl, int type)
wolfSSL 11:cee25a834751 4479 {
wolfSSL 11:cee25a834751 4480 int ret;
wolfSSL 11:cee25a834751 4481
wolfSSL 11:cee25a834751 4482 (void)ssl;
wolfSSL 11:cee25a834751 4483
wolfSSL 11:cee25a834751 4484 switch (type) {
wolfSSL 11:cee25a834751 4485 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 4486 case WOLFSSL_NTRU_EESS439:
wolfSSL 11:cee25a834751 4487 case WOLFSSL_NTRU_EESS593:
wolfSSL 11:cee25a834751 4488 case WOLFSSL_NTRU_EESS743:
wolfSSL 11:cee25a834751 4489 ret = TLSX_CreateNtruKey(ssl, type);
wolfSSL 11:cee25a834751 4490 break;
wolfSSL 11:cee25a834751 4491 #endif
wolfSSL 11:cee25a834751 4492 default:
wolfSSL 11:cee25a834751 4493 WOLFSSL_MSG("Unknown type for creating NTRU key");
wolfSSL 11:cee25a834751 4494 return -1;
wolfSSL 11:cee25a834751 4495 }
wolfSSL 11:cee25a834751 4496
wolfSSL 11:cee25a834751 4497 return ret;
wolfSSL 11:cee25a834751 4498 }
wolfSSL 11:cee25a834751 4499
wolfSSL 11:cee25a834751 4500
wolfSSL 11:cee25a834751 4501 static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key)
wolfSSL 11:cee25a834751 4502 {
wolfSSL 11:cee25a834751 4503 QSHKey* current;
wolfSSL 11:cee25a834751 4504
wolfSSL 11:cee25a834751 4505 if (key == NULL)
wolfSSL 11:cee25a834751 4506 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 4507
wolfSSL 11:cee25a834751 4508 /* if no public key stored in key then do not add */
wolfSSL 11:cee25a834751 4509 if (key->pub.length == 0 || key->pub.buffer == NULL)
wolfSSL 11:cee25a834751 4510 return 0;
wolfSSL 11:cee25a834751 4511
wolfSSL 11:cee25a834751 4512 /* first element to be added to the list */
wolfSSL 11:cee25a834751 4513 current = *list;
wolfSSL 11:cee25a834751 4514 if (current == NULL) {
wolfSSL 11:cee25a834751 4515 *list = key;
wolfSSL 11:cee25a834751 4516 return 0;
wolfSSL 11:cee25a834751 4517 }
wolfSSL 11:cee25a834751 4518
wolfSSL 11:cee25a834751 4519 while (current->next) {
wolfSSL 11:cee25a834751 4520 /* can only have one of the key in the list */
wolfSSL 11:cee25a834751 4521 if (current->name == key->name)
wolfSSL 11:cee25a834751 4522 return -1;
wolfSSL 11:cee25a834751 4523 current = (QSHKey*)current->next;
wolfSSL 11:cee25a834751 4524 }
wolfSSL 11:cee25a834751 4525
wolfSSL 11:cee25a834751 4526 current->next = (struct QSHKey*)key;
wolfSSL 11:cee25a834751 4527
wolfSSL 11:cee25a834751 4528 return 0;
wolfSSL 11:cee25a834751 4529 }
wolfSSL 11:cee25a834751 4530
wolfSSL 11:cee25a834751 4531
wolfSSL 11:cee25a834751 4532 #if defined(HAVE_NTRU) || defined(HAVE_QSH)
wolfSSL 11:cee25a834751 4533 int TLSX_CreateNtruKey(WOLFSSL* ssl, int type)
wolfSSL 11:cee25a834751 4534 {
wolfSSL 11:cee25a834751 4535 int ret = -1;
wolfSSL 11:cee25a834751 4536 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 4537 int ntruType;
wolfSSL 11:cee25a834751 4538
wolfSSL 11:cee25a834751 4539 /* variable declarations for NTRU*/
wolfSSL 11:cee25a834751 4540 QSHKey* temp = NULL;
wolfSSL 11:cee25a834751 4541 byte public_key[1027];
wolfSSL 11:cee25a834751 4542 word16 public_key_len = sizeof(public_key);
wolfSSL 11:cee25a834751 4543 byte private_key[1120];
wolfSSL 11:cee25a834751 4544 word16 private_key_len = sizeof(private_key);
wolfSSL 11:cee25a834751 4545 DRBG_HANDLE drbg;
wolfSSL 11:cee25a834751 4546
wolfSSL 11:cee25a834751 4547 if (ssl == NULL)
wolfSSL 11:cee25a834751 4548 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 4549
wolfSSL 11:cee25a834751 4550 switch (type) {
wolfSSL 11:cee25a834751 4551 case WOLFSSL_NTRU_EESS439:
wolfSSL 11:cee25a834751 4552 ntruType = NTRU_EES439EP1;
wolfSSL 11:cee25a834751 4553 break;
wolfSSL 11:cee25a834751 4554 case WOLFSSL_NTRU_EESS593:
wolfSSL 11:cee25a834751 4555 ntruType = NTRU_EES593EP1;
wolfSSL 11:cee25a834751 4556 break;
wolfSSL 11:cee25a834751 4557 case WOLFSSL_NTRU_EESS743:
wolfSSL 11:cee25a834751 4558 ntruType = NTRU_EES743EP1;
wolfSSL 11:cee25a834751 4559 break;
wolfSSL 11:cee25a834751 4560 default:
wolfSSL 11:cee25a834751 4561 WOLFSSL_MSG("Unknown type for creating NTRU key");
wolfSSL 11:cee25a834751 4562 return -1;
wolfSSL 11:cee25a834751 4563 }
wolfSSL 11:cee25a834751 4564 ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 11:cee25a834751 4565 if (ret != DRBG_OK) {
wolfSSL 11:cee25a834751 4566 WOLFSSL_MSG("NTRU drbg instantiate failed\n");
wolfSSL 11:cee25a834751 4567 return ret;
wolfSSL 11:cee25a834751 4568 }
wolfSSL 11:cee25a834751 4569
wolfSSL 11:cee25a834751 4570 if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
wolfSSL 11:cee25a834751 4571 &public_key_len, NULL, &private_key_len, NULL)) != NTRU_OK)
wolfSSL 11:cee25a834751 4572 return ret;
wolfSSL 11:cee25a834751 4573
wolfSSL 11:cee25a834751 4574 if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
wolfSSL 11:cee25a834751 4575 &public_key_len, public_key, &private_key_len, private_key)) != NTRU_OK)
wolfSSL 11:cee25a834751 4576 return ret;
wolfSSL 11:cee25a834751 4577
wolfSSL 11:cee25a834751 4578 ret = ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 11:cee25a834751 4579 if (ret != NTRU_OK) {
wolfSSL 11:cee25a834751 4580 WOLFSSL_MSG("NTRU drbg uninstantiate failed\n");
wolfSSL 11:cee25a834751 4581 return ret;
wolfSSL 11:cee25a834751 4582 }
wolfSSL 11:cee25a834751 4583
wolfSSL 11:cee25a834751 4584 if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap,
wolfSSL 11:cee25a834751 4585 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 11:cee25a834751 4586 return MEMORY_E;
wolfSSL 11:cee25a834751 4587 temp->name = type;
wolfSSL 11:cee25a834751 4588 temp->pub.length = public_key_len;
wolfSSL 11:cee25a834751 4589 temp->pub.buffer = (byte*)XMALLOC(public_key_len, ssl->heap,
wolfSSL 11:cee25a834751 4590 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 11:cee25a834751 4591 XMEMCPY(temp->pub.buffer, public_key, public_key_len);
wolfSSL 11:cee25a834751 4592 temp->pri.length = private_key_len;
wolfSSL 11:cee25a834751 4593 temp->pri.buffer = (byte*)XMALLOC(private_key_len, ssl->heap,
wolfSSL 11:cee25a834751 4594 DYNAMIC_TYPE_ARRAYS);
wolfSSL 11:cee25a834751 4595 XMEMCPY(temp->pri.buffer, private_key, private_key_len);
wolfSSL 11:cee25a834751 4596 temp->next = NULL;
wolfSSL 11:cee25a834751 4597
wolfSSL 11:cee25a834751 4598 TLSX_AddQSHKey(&ssl->QSH_Key, temp);
wolfSSL 11:cee25a834751 4599 #endif
wolfSSL 11:cee25a834751 4600
wolfSSL 11:cee25a834751 4601 (void)ssl;
wolfSSL 11:cee25a834751 4602 (void)type;
wolfSSL 11:cee25a834751 4603
wolfSSL 11:cee25a834751 4604 return ret;
wolfSSL 11:cee25a834751 4605 }
wolfSSL 11:cee25a834751 4606 #endif
wolfSSL 11:cee25a834751 4607
wolfSSL 11:cee25a834751 4608
wolfSSL 11:cee25a834751 4609 /*
wolfSSL 11:cee25a834751 4610 Used to find a public key from the list of keys
wolfSSL 11:cee25a834751 4611 pubLen length of array
wolfSSL 11:cee25a834751 4612 name input the name of the scheme looking for ie WOLFSSL_NTRU_ESSXXX
wolfSSL 11:cee25a834751 4613
wolfSSL 11:cee25a834751 4614 returns a pointer to public key byte* or NULL if not found
wolfSSL 11:cee25a834751 4615 */
wolfSSL 11:cee25a834751 4616 static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name)
wolfSSL 11:cee25a834751 4617 {
wolfSSL 11:cee25a834751 4618 QSHKey* current = qsh;
wolfSSL 11:cee25a834751 4619
wolfSSL 11:cee25a834751 4620 if (qsh == NULL || pubLen == NULL)
wolfSSL 11:cee25a834751 4621 return NULL;
wolfSSL 11:cee25a834751 4622
wolfSSL 11:cee25a834751 4623 *pubLen = 0;
wolfSSL 11:cee25a834751 4624
wolfSSL 11:cee25a834751 4625 while(current) {
wolfSSL 11:cee25a834751 4626 if (current->name == name) {
wolfSSL 11:cee25a834751 4627 *pubLen = current->pub.length;
wolfSSL 11:cee25a834751 4628 return current->pub.buffer;
wolfSSL 11:cee25a834751 4629 }
wolfSSL 11:cee25a834751 4630 current = (QSHKey*)current->next;
wolfSSL 11:cee25a834751 4631 }
wolfSSL 11:cee25a834751 4632
wolfSSL 11:cee25a834751 4633 return NULL;
wolfSSL 11:cee25a834751 4634 }
wolfSSL 11:cee25a834751 4635 #endif /* HAVE_QSH */
wolfSSL 11:cee25a834751 4636
wolfSSL 11:cee25a834751 4637
wolfSSL 11:cee25a834751 4638 int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
wolfSSL 11:cee25a834751 4639 {
wolfSSL 11:cee25a834751 4640 int ret = 0;
wolfSSL 11:cee25a834751 4641 byte* public_key = NULL;
wolfSSL 11:cee25a834751 4642 word16 public_key_len = 0;
wolfSSL 11:cee25a834751 4643 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 4644 TLSX* extension;
wolfSSL 11:cee25a834751 4645 QSHScheme* qsh;
wolfSSL 11:cee25a834751 4646 QSHScheme* next;
wolfSSL 11:cee25a834751 4647
wolfSSL 11:cee25a834751 4648 /* add supported QSHSchemes */
wolfSSL 11:cee25a834751 4649 WOLFSSL_MSG("Adding supported QSH Schemes");
wolfSSL 11:cee25a834751 4650 #endif
wolfSSL 11:cee25a834751 4651
wolfSSL 11:cee25a834751 4652 /* server will add extension depending on whats parsed from client */
wolfSSL 11:cee25a834751 4653 if (!isServer) {
wolfSSL 11:cee25a834751 4654 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 4655 /* test if user has set a specific scheme already */
wolfSSL 11:cee25a834751 4656 if (!ssl->user_set_QSHSchemes) {
wolfSSL 11:cee25a834751 4657 if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
wolfSSL 11:cee25a834751 4658 if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS743)) != 0) {
wolfSSL 11:cee25a834751 4659 WOLFSSL_MSG("Error creating ntru keys");
wolfSSL 11:cee25a834751 4660 return ret;
wolfSSL 11:cee25a834751 4661 }
wolfSSL 11:cee25a834751 4662 if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS593)) != 0) {
wolfSSL 11:cee25a834751 4663 WOLFSSL_MSG("Error creating ntru keys");
wolfSSL 11:cee25a834751 4664 return ret;
wolfSSL 11:cee25a834751 4665 }
wolfSSL 11:cee25a834751 4666 if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS439)) != 0) {
wolfSSL 11:cee25a834751 4667 WOLFSSL_MSG("Error creating ntru keys");
wolfSSL 11:cee25a834751 4668 return ret;
wolfSSL 11:cee25a834751 4669 }
wolfSSL 11:cee25a834751 4670
wolfSSL 11:cee25a834751 4671 /* add NTRU 256 */
wolfSSL 11:cee25a834751 4672 public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL 11:cee25a834751 4673 &public_key_len, WOLFSSL_NTRU_EESS743);
wolfSSL 11:cee25a834751 4674 }
wolfSSL 11:cee25a834751 4675 if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS743,
wolfSSL 11:cee25a834751 4676 public_key, public_key_len, ssl->heap)
wolfSSL 11:cee25a834751 4677 != SSL_SUCCESS)
wolfSSL 11:cee25a834751 4678 ret = -1;
wolfSSL 11:cee25a834751 4679
wolfSSL 11:cee25a834751 4680 /* add NTRU 196 */
wolfSSL 11:cee25a834751 4681 if (ssl->sendQSHKeys) {
wolfSSL 11:cee25a834751 4682 public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL 11:cee25a834751 4683 &public_key_len, WOLFSSL_NTRU_EESS593);
wolfSSL 11:cee25a834751 4684 }
wolfSSL 11:cee25a834751 4685 if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS593,
wolfSSL 11:cee25a834751 4686 public_key, public_key_len, ssl->heap)
wolfSSL 11:cee25a834751 4687 != SSL_SUCCESS)
wolfSSL 11:cee25a834751 4688 ret = -1;
wolfSSL 11:cee25a834751 4689
wolfSSL 11:cee25a834751 4690 /* add NTRU 128 */
wolfSSL 11:cee25a834751 4691 if (ssl->sendQSHKeys) {
wolfSSL 11:cee25a834751 4692 public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL 11:cee25a834751 4693 &public_key_len, WOLFSSL_NTRU_EESS439);
wolfSSL 11:cee25a834751 4694 }
wolfSSL 11:cee25a834751 4695 if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS439,
wolfSSL 11:cee25a834751 4696 public_key, public_key_len, ssl->heap)
wolfSSL 11:cee25a834751 4697 != SSL_SUCCESS)
wolfSSL 11:cee25a834751 4698 ret = -1;
wolfSSL 11:cee25a834751 4699 }
wolfSSL 11:cee25a834751 4700 else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
wolfSSL 11:cee25a834751 4701 /* for each scheme make a client key */
wolfSSL 11:cee25a834751 4702 extension = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 11:cee25a834751 4703 if (extension) {
wolfSSL 11:cee25a834751 4704 qsh = (QSHScheme*)extension->data;
wolfSSL 11:cee25a834751 4705
wolfSSL 11:cee25a834751 4706 while (qsh) {
wolfSSL 11:cee25a834751 4707 if ((ret = TLSX_CreateQSHKey(ssl, qsh->name)) != 0)
wolfSSL 11:cee25a834751 4708 return ret;
wolfSSL 11:cee25a834751 4709
wolfSSL 11:cee25a834751 4710 /* get next now because qsh could be freed */
wolfSSL 11:cee25a834751 4711 next = qsh->next;
wolfSSL 11:cee25a834751 4712
wolfSSL 11:cee25a834751 4713 /* find the public key created and add to extension*/
wolfSSL 11:cee25a834751 4714 public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL 11:cee25a834751 4715 &public_key_len, qsh->name);
wolfSSL 11:cee25a834751 4716 if (TLSX_UseQSHScheme(&ssl->extensions, qsh->name,
wolfSSL 11:cee25a834751 4717 public_key, public_key_len,
wolfSSL 11:cee25a834751 4718 ssl->heap) != SSL_SUCCESS)
wolfSSL 11:cee25a834751 4719 ret = -1;
wolfSSL 11:cee25a834751 4720 qsh = next;
wolfSSL 11:cee25a834751 4721 }
wolfSSL 11:cee25a834751 4722 }
wolfSSL 11:cee25a834751 4723 }
wolfSSL 11:cee25a834751 4724 #endif
wolfSSL 11:cee25a834751 4725
wolfSSL 11:cee25a834751 4726 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL 11:cee25a834751 4727 if (!ssl->options.userCurves && !ssl->ctx->userCurves) {
wolfSSL 11:cee25a834751 4728 #ifndef HAVE_FIPS
wolfSSL 11:cee25a834751 4729 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 4730 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 4731 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP160R1, ssl->heap);
wolfSSL 11:cee25a834751 4732 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4733 #endif
wolfSSL 11:cee25a834751 4734 #ifdef HAVE_ECC_SECPR2
wolfSSL 11:cee25a834751 4735 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP160R2, ssl->heap);
wolfSSL 11:cee25a834751 4736 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4737 #endif
wolfSSL 11:cee25a834751 4738 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 4739 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP160K1, ssl->heap);
wolfSSL 11:cee25a834751 4740 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4741 #endif
wolfSSL 11:cee25a834751 4742 #endif
wolfSSL 11:cee25a834751 4743 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 4744 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 4745 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP192R1, ssl->heap);
wolfSSL 11:cee25a834751 4746 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4747 #endif
wolfSSL 11:cee25a834751 4748 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 4749 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP192K1, ssl->heap);
wolfSSL 11:cee25a834751 4750 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4751 #endif
wolfSSL 11:cee25a834751 4752 #endif
wolfSSL 11:cee25a834751 4753 #endif
wolfSSL 11:cee25a834751 4754 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 4755 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 4756 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP224R1, ssl->heap);
wolfSSL 11:cee25a834751 4757 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4758 #endif
wolfSSL 11:cee25a834751 4759 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 4760 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP224K1, ssl->heap);
wolfSSL 11:cee25a834751 4761 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4762 #endif
wolfSSL 11:cee25a834751 4763 #endif
wolfSSL 11:cee25a834751 4764 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 4765 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 4766 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP256R1, ssl->heap);
wolfSSL 11:cee25a834751 4767 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4768 #endif
wolfSSL 11:cee25a834751 4769 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 4770 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP256K1, ssl->heap);
wolfSSL 11:cee25a834751 4771 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4772 #endif
wolfSSL 11:cee25a834751 4773 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 11:cee25a834751 4774 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap);
wolfSSL 11:cee25a834751 4775 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4776 #endif
wolfSSL 11:cee25a834751 4777 #endif
wolfSSL 11:cee25a834751 4778 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 4779 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 4780 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP384R1, ssl->heap);
wolfSSL 11:cee25a834751 4781 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4782 #endif
wolfSSL 11:cee25a834751 4783 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 11:cee25a834751 4784 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap);
wolfSSL 11:cee25a834751 4785 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4786 #endif
wolfSSL 11:cee25a834751 4787 #endif
wolfSSL 11:cee25a834751 4788 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 4789 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 11:cee25a834751 4790 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap);
wolfSSL 11:cee25a834751 4791 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4792 #endif
wolfSSL 11:cee25a834751 4793 #endif
wolfSSL 11:cee25a834751 4794 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 4795 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 4796 ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP521R1, ssl->heap);
wolfSSL 11:cee25a834751 4797 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 4798 #endif
wolfSSL 11:cee25a834751 4799 #endif
wolfSSL 11:cee25a834751 4800 }
wolfSSL 11:cee25a834751 4801 #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */
wolfSSL 11:cee25a834751 4802 } /* is not server */
wolfSSL 11:cee25a834751 4803
wolfSSL 11:cee25a834751 4804 (void)public_key;
wolfSSL 11:cee25a834751 4805 (void)public_key_len;
wolfSSL 11:cee25a834751 4806 (void)ssl;
wolfSSL 11:cee25a834751 4807
wolfSSL 11:cee25a834751 4808 if (ret == SSL_SUCCESS)
wolfSSL 11:cee25a834751 4809 ret = 0;
wolfSSL 11:cee25a834751 4810
wolfSSL 11:cee25a834751 4811 return ret;
wolfSSL 11:cee25a834751 4812 }
wolfSSL 11:cee25a834751 4813
wolfSSL 11:cee25a834751 4814
wolfSSL 11:cee25a834751 4815 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 4816
wolfSSL 11:cee25a834751 4817 /** Tells the buffered size of extensions to be sent into the client hello. */
wolfSSL 11:cee25a834751 4818 word16 TLSX_GetRequestSize(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 4819 {
wolfSSL 11:cee25a834751 4820 word16 length = 0;
wolfSSL 11:cee25a834751 4821
wolfSSL 11:cee25a834751 4822 if (TLSX_SupportExtensions(ssl)) {
wolfSSL 11:cee25a834751 4823 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 11:cee25a834751 4824
wolfSSL 11:cee25a834751 4825 EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 11:cee25a834751 4826 QSH_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 11:cee25a834751 4827 WOLF_STK_VALIDATE_REQUEST(ssl);
wolfSSL 11:cee25a834751 4828
wolfSSL 11:cee25a834751 4829 if (ssl->extensions)
wolfSSL 11:cee25a834751 4830 length += TLSX_GetSize(ssl->extensions, semaphore, 1);
wolfSSL 11:cee25a834751 4831
wolfSSL 11:cee25a834751 4832 if (ssl->ctx && ssl->ctx->extensions)
wolfSSL 11:cee25a834751 4833 length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1);
wolfSSL 11:cee25a834751 4834
wolfSSL 11:cee25a834751 4835 if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL 11:cee25a834751 4836 length += HELLO_EXT_SZ + HELLO_EXT_SIGALGO_SZ
wolfSSL 11:cee25a834751 4837 + ssl->suites->hashSigAlgoSz;
wolfSSL 11:cee25a834751 4838
wolfSSL 11:cee25a834751 4839 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 4840 if (ssl->options.haveEMS)
wolfSSL 11:cee25a834751 4841 length += HELLO_EXT_SZ;
wolfSSL 11:cee25a834751 4842 #endif
wolfSSL 11:cee25a834751 4843 }
wolfSSL 11:cee25a834751 4844
wolfSSL 11:cee25a834751 4845 if (length)
wolfSSL 11:cee25a834751 4846 length += OPAQUE16_LEN; /* for total length storage. */
wolfSSL 11:cee25a834751 4847
wolfSSL 11:cee25a834751 4848 return length;
wolfSSL 11:cee25a834751 4849 }
wolfSSL 11:cee25a834751 4850
wolfSSL 11:cee25a834751 4851 /** Writes the extensions to be sent into the client hello. */
wolfSSL 11:cee25a834751 4852 word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
wolfSSL 11:cee25a834751 4853 {
wolfSSL 11:cee25a834751 4854 word16 offset = 0;
wolfSSL 11:cee25a834751 4855
wolfSSL 11:cee25a834751 4856 if (TLSX_SupportExtensions(ssl) && output) {
wolfSSL 11:cee25a834751 4857 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 11:cee25a834751 4858
wolfSSL 11:cee25a834751 4859 offset += OPAQUE16_LEN; /* extensions length */
wolfSSL 11:cee25a834751 4860
wolfSSL 11:cee25a834751 4861 EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 11:cee25a834751 4862 WOLF_STK_VALIDATE_REQUEST(ssl);
wolfSSL 11:cee25a834751 4863 QSH_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 11:cee25a834751 4864
wolfSSL 11:cee25a834751 4865 if (ssl->extensions)
wolfSSL 11:cee25a834751 4866 offset += TLSX_Write(ssl->extensions, output + offset,
wolfSSL 11:cee25a834751 4867 semaphore, 1);
wolfSSL 11:cee25a834751 4868
wolfSSL 11:cee25a834751 4869 if (ssl->ctx && ssl->ctx->extensions)
wolfSSL 11:cee25a834751 4870 offset += TLSX_Write(ssl->ctx->extensions, output + offset,
wolfSSL 11:cee25a834751 4871 semaphore, 1);
wolfSSL 11:cee25a834751 4872
wolfSSL 11:cee25a834751 4873 if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) {
wolfSSL 11:cee25a834751 4874 int i;
wolfSSL 11:cee25a834751 4875 /* extension type */
wolfSSL 11:cee25a834751 4876 c16toa(HELLO_EXT_SIG_ALGO, output + offset);
wolfSSL 11:cee25a834751 4877 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 11:cee25a834751 4878
wolfSSL 11:cee25a834751 4879 /* extension data length */
wolfSSL 11:cee25a834751 4880 c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz,
wolfSSL 11:cee25a834751 4881 output + offset);
wolfSSL 11:cee25a834751 4882 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 4883
wolfSSL 11:cee25a834751 4884 /* sig algos length */
wolfSSL 11:cee25a834751 4885 c16toa(ssl->suites->hashSigAlgoSz, output + offset);
wolfSSL 11:cee25a834751 4886 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 4887
wolfSSL 11:cee25a834751 4888 /* sig algos */
wolfSSL 11:cee25a834751 4889 for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, offset++)
wolfSSL 11:cee25a834751 4890 output[offset] = ssl->suites->hashSigAlgo[i];
wolfSSL 11:cee25a834751 4891 }
wolfSSL 11:cee25a834751 4892
wolfSSL 11:cee25a834751 4893 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 4894 if (ssl->options.haveEMS) {
wolfSSL 11:cee25a834751 4895 c16toa(HELLO_EXT_EXTMS, output + offset);
wolfSSL 11:cee25a834751 4896 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 11:cee25a834751 4897 c16toa(0, output + offset);
wolfSSL 11:cee25a834751 4898 offset += HELLO_EXT_SZ_SZ;
wolfSSL 11:cee25a834751 4899 }
wolfSSL 11:cee25a834751 4900 #endif
wolfSSL 11:cee25a834751 4901
wolfSSL 11:cee25a834751 4902 if (offset > OPAQUE16_LEN)
wolfSSL 11:cee25a834751 4903 c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL 11:cee25a834751 4904 }
wolfSSL 11:cee25a834751 4905
wolfSSL 11:cee25a834751 4906 return offset;
wolfSSL 11:cee25a834751 4907 }
wolfSSL 11:cee25a834751 4908
wolfSSL 11:cee25a834751 4909 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 11:cee25a834751 4910
wolfSSL 11:cee25a834751 4911 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 4912
wolfSSL 11:cee25a834751 4913 /** Tells the buffered size of extensions to be sent into the server hello. */
wolfSSL 11:cee25a834751 4914 word16 TLSX_GetResponseSize(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 4915 {
wolfSSL 11:cee25a834751 4916 word16 length = 0;
wolfSSL 11:cee25a834751 4917 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 11:cee25a834751 4918
wolfSSL 11:cee25a834751 4919 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 4920 /* change response if not using TLS_QSH */
wolfSSL 11:cee25a834751 4921 if (!ssl->options.haveQSH) {
wolfSSL 11:cee25a834751 4922 TLSX* ext = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 11:cee25a834751 4923 if (ext)
wolfSSL 11:cee25a834751 4924 ext->resp = 0;
wolfSSL 11:cee25a834751 4925 }
wolfSSL 11:cee25a834751 4926 #endif
wolfSSL 11:cee25a834751 4927
wolfSSL 11:cee25a834751 4928 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 4929 if (ssl->options.haveEMS)
wolfSSL 11:cee25a834751 4930 length += HELLO_EXT_SZ;
wolfSSL 11:cee25a834751 4931 #endif
wolfSSL 11:cee25a834751 4932
wolfSSL 11:cee25a834751 4933 if (TLSX_SupportExtensions(ssl))
wolfSSL 11:cee25a834751 4934 length += TLSX_GetSize(ssl->extensions, semaphore, 0);
wolfSSL 11:cee25a834751 4935
wolfSSL 11:cee25a834751 4936 /* All the response data is set at the ssl object only, so no ctx here. */
wolfSSL 11:cee25a834751 4937
wolfSSL 11:cee25a834751 4938 if (length)
wolfSSL 11:cee25a834751 4939 length += OPAQUE16_LEN; /* for total length storage. */
wolfSSL 11:cee25a834751 4940
wolfSSL 11:cee25a834751 4941 return length;
wolfSSL 11:cee25a834751 4942 }
wolfSSL 11:cee25a834751 4943
wolfSSL 11:cee25a834751 4944 /** Writes the server hello extensions into a buffer. */
wolfSSL 11:cee25a834751 4945 word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output)
wolfSSL 11:cee25a834751 4946 {
wolfSSL 11:cee25a834751 4947 word16 offset = 0;
wolfSSL 11:cee25a834751 4948
wolfSSL 11:cee25a834751 4949 if (TLSX_SupportExtensions(ssl) && output) {
wolfSSL 11:cee25a834751 4950 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 11:cee25a834751 4951
wolfSSL 11:cee25a834751 4952 offset += OPAQUE16_LEN; /* extensions length */
wolfSSL 11:cee25a834751 4953
wolfSSL 11:cee25a834751 4954 offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0);
wolfSSL 11:cee25a834751 4955
wolfSSL 11:cee25a834751 4956 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 4957 if (ssl->options.haveEMS) {
wolfSSL 11:cee25a834751 4958 c16toa(HELLO_EXT_EXTMS, output + offset);
wolfSSL 11:cee25a834751 4959 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 11:cee25a834751 4960 c16toa(0, output + offset);
wolfSSL 11:cee25a834751 4961 offset += HELLO_EXT_SZ_SZ;
wolfSSL 11:cee25a834751 4962 }
wolfSSL 11:cee25a834751 4963 #endif
wolfSSL 11:cee25a834751 4964
wolfSSL 11:cee25a834751 4965 if (offset > OPAQUE16_LEN)
wolfSSL 11:cee25a834751 4966 c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL 11:cee25a834751 4967 }
wolfSSL 11:cee25a834751 4968
wolfSSL 11:cee25a834751 4969 return offset;
wolfSSL 11:cee25a834751 4970 }
wolfSSL 11:cee25a834751 4971
wolfSSL 11:cee25a834751 4972 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 4973
wolfSSL 11:cee25a834751 4974 /** Parses a buffer of TLS extensions. */
wolfSSL 11:cee25a834751 4975 int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
wolfSSL 11:cee25a834751 4976 Suites *suites)
wolfSSL 11:cee25a834751 4977 {
wolfSSL 11:cee25a834751 4978 int ret = 0;
wolfSSL 11:cee25a834751 4979 word16 offset = 0;
wolfSSL 11:cee25a834751 4980 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 4981 byte pendingEMS = 0;
wolfSSL 11:cee25a834751 4982 #endif
wolfSSL 11:cee25a834751 4983
wolfSSL 11:cee25a834751 4984 if (!ssl || !input || (isRequest && !suites))
wolfSSL 11:cee25a834751 4985 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 4986
wolfSSL 11:cee25a834751 4987 while (ret == 0 && offset < length) {
wolfSSL 11:cee25a834751 4988 word16 type;
wolfSSL 11:cee25a834751 4989 word16 size;
wolfSSL 11:cee25a834751 4990
wolfSSL 11:cee25a834751 4991 if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
wolfSSL 11:cee25a834751 4992 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 4993
wolfSSL 11:cee25a834751 4994 ato16(input + offset, &type);
wolfSSL 11:cee25a834751 4995 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 11:cee25a834751 4996
wolfSSL 11:cee25a834751 4997 ato16(input + offset, &size);
wolfSSL 11:cee25a834751 4998 offset += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 4999
wolfSSL 11:cee25a834751 5000 if (offset + size > length)
wolfSSL 11:cee25a834751 5001 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 5002
wolfSSL 11:cee25a834751 5003 switch (type) {
wolfSSL 11:cee25a834751 5004 case TLSX_SERVER_NAME:
wolfSSL 11:cee25a834751 5005 WOLFSSL_MSG("SNI extension received");
wolfSSL 11:cee25a834751 5006
wolfSSL 11:cee25a834751 5007 ret = SNI_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 11:cee25a834751 5008 break;
wolfSSL 11:cee25a834751 5009
wolfSSL 11:cee25a834751 5010 case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL 11:cee25a834751 5011 WOLFSSL_MSG("Max Fragment Length extension received");
wolfSSL 11:cee25a834751 5012
wolfSSL 11:cee25a834751 5013 ret = MFL_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 11:cee25a834751 5014 break;
wolfSSL 11:cee25a834751 5015
wolfSSL 11:cee25a834751 5016 case TLSX_TRUNCATED_HMAC:
wolfSSL 11:cee25a834751 5017 WOLFSSL_MSG("Truncated HMAC extension received");
wolfSSL 11:cee25a834751 5018
wolfSSL 11:cee25a834751 5019 ret = THM_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 11:cee25a834751 5020 break;
wolfSSL 11:cee25a834751 5021
wolfSSL 11:cee25a834751 5022 case TLSX_SUPPORTED_GROUPS:
wolfSSL 11:cee25a834751 5023 WOLFSSL_MSG("Elliptic Curves extension received");
wolfSSL 11:cee25a834751 5024
wolfSSL 11:cee25a834751 5025 ret = EC_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 11:cee25a834751 5026 break;
wolfSSL 11:cee25a834751 5027
wolfSSL 11:cee25a834751 5028 case TLSX_STATUS_REQUEST:
wolfSSL 11:cee25a834751 5029 WOLFSSL_MSG("Certificate Status Request extension received");
wolfSSL 11:cee25a834751 5030
wolfSSL 11:cee25a834751 5031 ret = CSR_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 11:cee25a834751 5032 break;
wolfSSL 11:cee25a834751 5033
wolfSSL 11:cee25a834751 5034 case TLSX_STATUS_REQUEST_V2:
wolfSSL 11:cee25a834751 5035 WOLFSSL_MSG("Certificate Status Request v2 extension received");
wolfSSL 11:cee25a834751 5036
wolfSSL 11:cee25a834751 5037 ret = CSR2_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 11:cee25a834751 5038 break;
wolfSSL 11:cee25a834751 5039
wolfSSL 11:cee25a834751 5040 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 5041 case HELLO_EXT_EXTMS:
wolfSSL 11:cee25a834751 5042 WOLFSSL_MSG("Extended Master Secret extension received");
wolfSSL 11:cee25a834751 5043
wolfSSL 11:cee25a834751 5044 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 5045 if (isRequest)
wolfSSL 11:cee25a834751 5046 ssl->options.haveEMS = 1;
wolfSSL 11:cee25a834751 5047 #endif
wolfSSL 11:cee25a834751 5048 pendingEMS = 1;
wolfSSL 11:cee25a834751 5049 break;
wolfSSL 11:cee25a834751 5050 #endif
wolfSSL 11:cee25a834751 5051
wolfSSL 11:cee25a834751 5052 case TLSX_RENEGOTIATION_INFO:
wolfSSL 11:cee25a834751 5053 WOLFSSL_MSG("Secure Renegotiation extension received");
wolfSSL 11:cee25a834751 5054
wolfSSL 11:cee25a834751 5055 ret = SCR_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 11:cee25a834751 5056 break;
wolfSSL 11:cee25a834751 5057
wolfSSL 11:cee25a834751 5058 case TLSX_SESSION_TICKET:
wolfSSL 11:cee25a834751 5059 WOLFSSL_MSG("Session Ticket extension received");
wolfSSL 11:cee25a834751 5060
wolfSSL 11:cee25a834751 5061 ret = WOLF_STK_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 11:cee25a834751 5062 break;
wolfSSL 11:cee25a834751 5063
wolfSSL 11:cee25a834751 5064 case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL 11:cee25a834751 5065 WOLFSSL_MSG("Quantum-Safe-Hybrid extension received");
wolfSSL 11:cee25a834751 5066
wolfSSL 11:cee25a834751 5067 ret = QSH_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 11:cee25a834751 5068 break;
wolfSSL 11:cee25a834751 5069
wolfSSL 11:cee25a834751 5070 case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL 11:cee25a834751 5071 WOLFSSL_MSG("ALPN extension received");
wolfSSL 11:cee25a834751 5072
wolfSSL 11:cee25a834751 5073 ret = ALPN_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 11:cee25a834751 5074 break;
wolfSSL 11:cee25a834751 5075
wolfSSL 11:cee25a834751 5076 case HELLO_EXT_SIG_ALGO:
wolfSSL 11:cee25a834751 5077 if (isRequest) {
wolfSSL 11:cee25a834751 5078 /* do not mess with offset inside the switch! */
wolfSSL 11:cee25a834751 5079 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 5080 ato16(input + offset, &suites->hashSigAlgoSz);
wolfSSL 11:cee25a834751 5081
wolfSSL 11:cee25a834751 5082 if (suites->hashSigAlgoSz > size - OPAQUE16_LEN)
wolfSSL 11:cee25a834751 5083 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 5084
wolfSSL 11:cee25a834751 5085 XMEMCPY(suites->hashSigAlgo,
wolfSSL 11:cee25a834751 5086 input + offset + OPAQUE16_LEN,
wolfSSL 11:cee25a834751 5087 min(suites->hashSigAlgoSz,
wolfSSL 11:cee25a834751 5088 HELLO_EXT_SIGALGO_MAX));
wolfSSL 11:cee25a834751 5089 }
wolfSSL 11:cee25a834751 5090 } else {
wolfSSL 11:cee25a834751 5091 WOLFSSL_MSG("Servers MUST NOT send SIG ALGO extension.");
wolfSSL 11:cee25a834751 5092 }
wolfSSL 11:cee25a834751 5093
wolfSSL 11:cee25a834751 5094 break;
wolfSSL 11:cee25a834751 5095 }
wolfSSL 11:cee25a834751 5096
wolfSSL 11:cee25a834751 5097 /* offset should be updated here! */
wolfSSL 11:cee25a834751 5098 offset += size;
wolfSSL 11:cee25a834751 5099 }
wolfSSL 11:cee25a834751 5100
wolfSSL 11:cee25a834751 5101 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 5102 if (!isRequest && ssl->options.haveEMS && !pendingEMS)
wolfSSL 11:cee25a834751 5103 ssl->options.haveEMS = 0;
wolfSSL 11:cee25a834751 5104 #endif
wolfSSL 11:cee25a834751 5105
wolfSSL 11:cee25a834751 5106 if (ret == 0)
wolfSSL 11:cee25a834751 5107 ret = SNI_VERIFY_PARSE(ssl, isRequest);
wolfSSL 11:cee25a834751 5108
wolfSSL 11:cee25a834751 5109 return ret;
wolfSSL 11:cee25a834751 5110 }
wolfSSL 11:cee25a834751 5111
wolfSSL 11:cee25a834751 5112 /* undefining semaphore macros */
wolfSSL 11:cee25a834751 5113 #undef IS_OFF
wolfSSL 11:cee25a834751 5114 #undef TURN_ON
wolfSSL 11:cee25a834751 5115 #undef SEMAPHORE_SIZE
wolfSSL 11:cee25a834751 5116
wolfSSL 11:cee25a834751 5117 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 11:cee25a834751 5118
wolfSSL 11:cee25a834751 5119 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 5120
wolfSSL 11:cee25a834751 5121 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 5122
wolfSSL 11:cee25a834751 5123 WOLFSSL_METHOD* wolfTLSv1_client_method(void)
wolfSSL 11:cee25a834751 5124 {
wolfSSL 11:cee25a834751 5125 return wolfTLSv1_client_method_ex(NULL);
wolfSSL 11:cee25a834751 5126 }
wolfSSL 11:cee25a834751 5127
wolfSSL 11:cee25a834751 5128
wolfSSL 11:cee25a834751 5129 WOLFSSL_METHOD* wolfTLSv1_1_client_method(void)
wolfSSL 11:cee25a834751 5130 {
wolfSSL 11:cee25a834751 5131 return wolfTLSv1_1_client_method_ex(NULL);
wolfSSL 11:cee25a834751 5132 }
wolfSSL 11:cee25a834751 5133
wolfSSL 11:cee25a834751 5134 WOLFSSL_METHOD* wolfTLSv1_client_method_ex(void* heap)
wolfSSL 11:cee25a834751 5135 {
wolfSSL 11:cee25a834751 5136 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 5137 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 5138 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 5139 if (method)
wolfSSL 11:cee25a834751 5140 InitSSL_Method(method, MakeTLSv1());
wolfSSL 11:cee25a834751 5141 return method;
wolfSSL 11:cee25a834751 5142 }
wolfSSL 11:cee25a834751 5143
wolfSSL 11:cee25a834751 5144
wolfSSL 11:cee25a834751 5145 WOLFSSL_METHOD* wolfTLSv1_1_client_method_ex(void* heap)
wolfSSL 11:cee25a834751 5146 {
wolfSSL 11:cee25a834751 5147 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 5148 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 5149 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 5150 if (method)
wolfSSL 11:cee25a834751 5151 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 11:cee25a834751 5152 return method;
wolfSSL 11:cee25a834751 5153 }
wolfSSL 11:cee25a834751 5154
wolfSSL 11:cee25a834751 5155 #endif /* !NO_OLD_TLS */
wolfSSL 11:cee25a834751 5156
wolfSSL 11:cee25a834751 5157
wolfSSL 11:cee25a834751 5158 WOLFSSL_METHOD* wolfTLSv1_2_client_method(void)
wolfSSL 11:cee25a834751 5159 {
wolfSSL 11:cee25a834751 5160 return wolfTLSv1_2_client_method_ex(NULL);
wolfSSL 11:cee25a834751 5161 }
wolfSSL 11:cee25a834751 5162
wolfSSL 11:cee25a834751 5163 WOLFSSL_METHOD* wolfTLSv1_2_client_method_ex(void* heap)
wolfSSL 11:cee25a834751 5164 {
wolfSSL 11:cee25a834751 5165 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 5166 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 5167 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 5168 (void)heap;
wolfSSL 11:cee25a834751 5169 if (method)
wolfSSL 11:cee25a834751 5170 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 11:cee25a834751 5171 return method;
wolfSSL 11:cee25a834751 5172 }
wolfSSL 11:cee25a834751 5173
wolfSSL 11:cee25a834751 5174
wolfSSL 11:cee25a834751 5175 WOLFSSL_METHOD* wolfSSLv23_client_method(void)
wolfSSL 11:cee25a834751 5176 {
wolfSSL 11:cee25a834751 5177 return wolfSSLv23_client_method_ex(NULL);
wolfSSL 11:cee25a834751 5178 }
wolfSSL 11:cee25a834751 5179
wolfSSL 11:cee25a834751 5180
wolfSSL 11:cee25a834751 5181 WOLFSSL_METHOD* wolfSSLv23_client_method_ex(void* heap)
wolfSSL 11:cee25a834751 5182 {
wolfSSL 11:cee25a834751 5183 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 5184 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 5185 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 5186 (void)heap;
wolfSSL 11:cee25a834751 5187 if (method) {
wolfSSL 11:cee25a834751 5188 #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
wolfSSL 11:cee25a834751 5189 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 11:cee25a834751 5190 #else
wolfSSL 11:cee25a834751 5191 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 5192 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 11:cee25a834751 5193 #endif
wolfSSL 11:cee25a834751 5194 #endif
wolfSSL 11:cee25a834751 5195 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 5196 method->downgrade = 1;
wolfSSL 11:cee25a834751 5197 #endif
wolfSSL 11:cee25a834751 5198 }
wolfSSL 11:cee25a834751 5199 return method;
wolfSSL 11:cee25a834751 5200 }
wolfSSL 11:cee25a834751 5201
wolfSSL 11:cee25a834751 5202 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 11:cee25a834751 5203
wolfSSL 11:cee25a834751 5204
wolfSSL 11:cee25a834751 5205
wolfSSL 11:cee25a834751 5206 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 5207
wolfSSL 11:cee25a834751 5208 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 5209
wolfSSL 11:cee25a834751 5210 WOLFSSL_METHOD* wolfTLSv1_server_method(void)
wolfSSL 11:cee25a834751 5211 {
wolfSSL 11:cee25a834751 5212 return wolfTLSv1_server_method_ex(NULL);
wolfSSL 11:cee25a834751 5213 }
wolfSSL 11:cee25a834751 5214
wolfSSL 11:cee25a834751 5215
wolfSSL 11:cee25a834751 5216 WOLFSSL_METHOD* wolfTLSv1_1_server_method(void)
wolfSSL 11:cee25a834751 5217 {
wolfSSL 11:cee25a834751 5218 return wolfTLSv1_1_server_method_ex(NULL);
wolfSSL 11:cee25a834751 5219 }
wolfSSL 11:cee25a834751 5220
wolfSSL 11:cee25a834751 5221 WOLFSSL_METHOD* wolfTLSv1_server_method_ex(void* heap)
wolfSSL 11:cee25a834751 5222 {
wolfSSL 11:cee25a834751 5223 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 5224 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 5225 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 5226 if (method) {
wolfSSL 11:cee25a834751 5227 InitSSL_Method(method, MakeTLSv1());
wolfSSL 11:cee25a834751 5228 method->side = WOLFSSL_SERVER_END;
wolfSSL 11:cee25a834751 5229 }
wolfSSL 11:cee25a834751 5230 return method;
wolfSSL 11:cee25a834751 5231 }
wolfSSL 11:cee25a834751 5232
wolfSSL 11:cee25a834751 5233
wolfSSL 11:cee25a834751 5234 WOLFSSL_METHOD* wolfTLSv1_1_server_method_ex(void* heap)
wolfSSL 11:cee25a834751 5235 {
wolfSSL 11:cee25a834751 5236 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 5237 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 5238 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 5239 if (method) {
wolfSSL 11:cee25a834751 5240 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 11:cee25a834751 5241 method->side = WOLFSSL_SERVER_END;
wolfSSL 11:cee25a834751 5242 }
wolfSSL 11:cee25a834751 5243 return method;
wolfSSL 11:cee25a834751 5244 }
wolfSSL 11:cee25a834751 5245 #endif /* !NO_OLD_TLS */
wolfSSL 11:cee25a834751 5246
wolfSSL 11:cee25a834751 5247
wolfSSL 11:cee25a834751 5248 WOLFSSL_METHOD* wolfTLSv1_2_server_method(void)
wolfSSL 11:cee25a834751 5249 {
wolfSSL 11:cee25a834751 5250 return wolfTLSv1_2_server_method_ex(NULL);
wolfSSL 11:cee25a834751 5251 }
wolfSSL 11:cee25a834751 5252
wolfSSL 11:cee25a834751 5253 WOLFSSL_METHOD* wolfTLSv1_2_server_method_ex(void* heap)
wolfSSL 11:cee25a834751 5254 {
wolfSSL 11:cee25a834751 5255 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 5256 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 5257 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 5258 (void)heap;
wolfSSL 11:cee25a834751 5259 if (method) {
wolfSSL 11:cee25a834751 5260 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 11:cee25a834751 5261 method->side = WOLFSSL_SERVER_END;
wolfSSL 11:cee25a834751 5262 }
wolfSSL 11:cee25a834751 5263 return method;
wolfSSL 11:cee25a834751 5264 }
wolfSSL 11:cee25a834751 5265
wolfSSL 11:cee25a834751 5266
wolfSSL 11:cee25a834751 5267 WOLFSSL_METHOD* wolfSSLv23_server_method(void)
wolfSSL 11:cee25a834751 5268 {
wolfSSL 11:cee25a834751 5269 return wolfSSLv23_server_method_ex(NULL);
wolfSSL 11:cee25a834751 5270 }
wolfSSL 11:cee25a834751 5271
wolfSSL 11:cee25a834751 5272 WOLFSSL_METHOD* wolfSSLv23_server_method_ex(void* heap)
wolfSSL 11:cee25a834751 5273 {
wolfSSL 11:cee25a834751 5274 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 5275 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 5276 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 5277 (void)heap;
wolfSSL 11:cee25a834751 5278 if (method) {
wolfSSL 11:cee25a834751 5279 #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
wolfSSL 11:cee25a834751 5280 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 11:cee25a834751 5281 #else
wolfSSL 11:cee25a834751 5282 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 5283 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 11:cee25a834751 5284 #else
wolfSSL 11:cee25a834751 5285 #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2
wolfSSL 11:cee25a834751 5286 #endif
wolfSSL 11:cee25a834751 5287 #endif
wolfSSL 11:cee25a834751 5288 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 5289 method->downgrade = 1;
wolfSSL 11:cee25a834751 5290 #endif
wolfSSL 11:cee25a834751 5291 method->side = WOLFSSL_SERVER_END;
wolfSSL 11:cee25a834751 5292 }
wolfSSL 11:cee25a834751 5293 return method;
wolfSSL 11:cee25a834751 5294 }
wolfSSL 11:cee25a834751 5295
wolfSSL 11:cee25a834751 5296
wolfSSL 11:cee25a834751 5297 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 5298 #endif /* NO_TLS */
wolfSSL 11:cee25a834751 5299 #endif /* WOLFCRYPT_ONLY */
wolfSSL 11:cee25a834751 5300