Xuyi Wang / wolfSSL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   OS

src/tls.c@15:117db924cf7c, 2018-08-18 (annotated)

Committer:
wolfSSL
Date:
Sat Aug 18 22:20:43 2018 +0000
Revision:
15:117db924cf7c
Child:
16:048e5e270a58
wolfSSL 3.15.3

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 15:117db924cf7c 1 /* tls.c
wolfSSL 15:117db924cf7c 2 *
wolfSSL 15:117db924cf7c 3 * Copyright (C) 2006-2017 wolfSSL Inc.
wolfSSL 15:117db924cf7c 4 *
wolfSSL 15:117db924cf7c 5 * This file is part of wolfSSL.
wolfSSL 15:117db924cf7c 6 *
wolfSSL 15:117db924cf7c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 15:117db924cf7c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 15:117db924cf7c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 15:117db924cf7c 10 * (at your option) any later version.
wolfSSL 15:117db924cf7c 11 *
wolfSSL 15:117db924cf7c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 15:117db924cf7c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 15:117db924cf7c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 15:117db924cf7c 15 * GNU General Public License for more details.
wolfSSL 15:117db924cf7c 16 *
wolfSSL 15:117db924cf7c 17 * You should have received a copy of the GNU General Public License
wolfSSL 15:117db924cf7c 18 * along with this program; if not, write to the Free Software
wolfSSL 15:117db924cf7c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 15:117db924cf7c 20 */
wolfSSL 15:117db924cf7c 21
wolfSSL 15:117db924cf7c 22
wolfSSL 15:117db924cf7c 23
wolfSSL 15:117db924cf7c 24 #ifdef HAVE_CONFIG_H
wolfSSL 15:117db924cf7c 25 #include <config.h>
wolfSSL 15:117db924cf7c 26 #endif
wolfSSL 15:117db924cf7c 27
wolfSSL 15:117db924cf7c 28 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 15:117db924cf7c 29
wolfSSL 15:117db924cf7c 30 #ifndef WOLFCRYPT_ONLY
wolfSSL 15:117db924cf7c 31
wolfSSL 15:117db924cf7c 32 #include <wolfssl/ssl.h>
wolfSSL 15:117db924cf7c 33 #include <wolfssl/internal.h>
wolfSSL 15:117db924cf7c 34 #include <wolfssl/error-ssl.h>
wolfSSL 15:117db924cf7c 35 #include <wolfssl/wolfcrypt/hmac.h>
wolfSSL 15:117db924cf7c 36 #ifdef NO_INLINE
wolfSSL 15:117db924cf7c 37 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 15:117db924cf7c 38 #else
wolfSSL 15:117db924cf7c 39 #define WOLFSSL_MISC_INCLUDED
wolfSSL 15:117db924cf7c 40 #include <wolfcrypt/src/misc.c>
wolfSSL 15:117db924cf7c 41 #endif
wolfSSL 15:117db924cf7c 42
wolfSSL 15:117db924cf7c 43 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 44 #include <wolfssl/wolfcrypt/curve25519.h>
wolfSSL 15:117db924cf7c 45 #endif
wolfSSL 15:117db924cf7c 46
wolfSSL 15:117db924cf7c 47 #ifdef HAVE_NTRU
wolfSSL 15:117db924cf7c 48 #include "libntruencrypt/ntru_crypto.h"
wolfSSL 15:117db924cf7c 49 #include <wolfssl/wolfcrypt/random.h>
wolfSSL 15:117db924cf7c 50 #endif
wolfSSL 15:117db924cf7c 51
wolfSSL 15:117db924cf7c 52 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 53 static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key);
wolfSSL 15:117db924cf7c 54 static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name);
wolfSSL 15:117db924cf7c 55 #if defined(HAVE_NTRU)
wolfSSL 15:117db924cf7c 56 static int TLSX_CreateNtruKey(WOLFSSL* ssl, int type);
wolfSSL 15:117db924cf7c 57 #endif
wolfSSL 15:117db924cf7c 58 #endif /* HAVE_QSH */
wolfSSL 15:117db924cf7c 59
wolfSSL 15:117db924cf7c 60 #if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 61 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \
wolfSSL 15:117db924cf7c 62 (defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES))
wolfSSL 15:117db924cf7c 63 static int TLSX_KeyShare_IsSupported(int namedGroup);
wolfSSL 15:117db924cf7c 64 #endif
wolfSSL 15:117db924cf7c 65
wolfSSL 15:117db924cf7c 66 #if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 67 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \
wolfSSL 15:117db924cf7c 68 (defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && \
wolfSSL 15:117db924cf7c 69 !defined(HAVE_CURVE25519) && defined(HAVE_SUPPORTED_CURVES)) || \
wolfSSL 15:117db924cf7c 70 ((defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \
wolfSSL 15:117db924cf7c 71 defined(HAVE_SUPPORTED_CURVES))
wolfSSL 15:117db924cf7c 72 static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions);
wolfSSL 15:117db924cf7c 73 #endif
wolfSSL 15:117db924cf7c 74
wolfSSL 15:117db924cf7c 75
wolfSSL 15:117db924cf7c 76 #ifndef NO_TLS
wolfSSL 15:117db924cf7c 77
wolfSSL 15:117db924cf7c 78 /* Digest enable checks */
wolfSSL 15:117db924cf7c 79 #ifdef NO_OLD_TLS /* TLS 1.2 only */
wolfSSL 15:117db924cf7c 80 #if defined(NO_SHA256) && !defined(WOLFSSL_SHA384) && \
wolfSSL 15:117db924cf7c 81 !defined(WOLFSSL_SHA512)
wolfSSL 15:117db924cf7c 82 #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2
wolfSSL 15:117db924cf7c 83 #endif
wolfSSL 15:117db924cf7c 84 #else /* TLS 1.1 or older */
wolfSSL 15:117db924cf7c 85 #if defined(NO_MD5) && defined(NO_SHA)
wolfSSL 15:117db924cf7c 86 #error Must have SHA1 and MD5 enabled for old TLS
wolfSSL 15:117db924cf7c 87 #endif
wolfSSL 15:117db924cf7c 88 #endif
wolfSSL 15:117db924cf7c 89
wolfSSL 15:117db924cf7c 90 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 91 #if !defined(NO_DH) && \
wolfSSL 15:117db924cf7c 92 !defined(HAVE_FFDHE_2048) && !defined(HAVE_FFDHE_3072) && \
wolfSSL 15:117db924cf7c 93 !defined(HAVE_FFDHE_4096) && !defined(HAVE_FFDHE_6144) && \
wolfSSL 15:117db924cf7c 94 !defined(HAVE_FFDHE_8192)
wolfSSL 15:117db924cf7c 95 #error Please configure your TLS 1.3 DH key size using either: HAVE_FFDHE_2048, HAVE_FFDHE_3072, HAVE_FFDHE_4096, HAVE_FFDHE_6144 or HAVE_FFDHE_8192
wolfSSL 15:117db924cf7c 96 #endif
wolfSSL 15:117db924cf7c 97 #if !defined(NO_RSA) && !defined(WC_RSA_PSS)
wolfSSL 15:117db924cf7c 98 #error The build option WC_RSA_PSS is required for TLS 1.3 with RSA
wolfSSL 15:117db924cf7c 99 #endif
wolfSSL 15:117db924cf7c 100 #endif
wolfSSL 15:117db924cf7c 101
wolfSSL 15:117db924cf7c 102
wolfSSL 15:117db924cf7c 103 #ifndef WOLFSSL_NO_TLS12
wolfSSL 15:117db924cf7c 104
wolfSSL 15:117db924cf7c 105 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 106 #define P_HASH_MAX_SIZE WC_SHA384_DIGEST_SIZE
wolfSSL 15:117db924cf7c 107 #else
wolfSSL 15:117db924cf7c 108 #define P_HASH_MAX_SIZE WC_SHA256_DIGEST_SIZE
wolfSSL 15:117db924cf7c 109 #endif
wolfSSL 15:117db924cf7c 110
wolfSSL 15:117db924cf7c 111 /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
wolfSSL 15:117db924cf7c 112 static int p_hash(byte* result, word32 resLen, const byte* secret,
wolfSSL 15:117db924cf7c 113 word32 secLen, const byte* seed, word32 seedLen, int hash,
wolfSSL 15:117db924cf7c 114 void* heap, int devId)
wolfSSL 15:117db924cf7c 115 {
wolfSSL 15:117db924cf7c 116 word32 len = P_HASH_MAX_SIZE;
wolfSSL 15:117db924cf7c 117 word32 times;
wolfSSL 15:117db924cf7c 118 word32 lastLen;
wolfSSL 15:117db924cf7c 119 word32 lastTime;
wolfSSL 15:117db924cf7c 120 word32 i;
wolfSSL 15:117db924cf7c 121 word32 idx = 0;
wolfSSL 15:117db924cf7c 122 int ret = 0;
wolfSSL 15:117db924cf7c 123 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 124 byte* previous;
wolfSSL 15:117db924cf7c 125 byte* current;
wolfSSL 15:117db924cf7c 126 Hmac* hmac;
wolfSSL 15:117db924cf7c 127 #else
wolfSSL 15:117db924cf7c 128 byte previous[P_HASH_MAX_SIZE]; /* max size */
wolfSSL 15:117db924cf7c 129 byte current[P_HASH_MAX_SIZE]; /* max size */
wolfSSL 15:117db924cf7c 130 Hmac hmac[1];
wolfSSL 15:117db924cf7c 131 #endif
wolfSSL 15:117db924cf7c 132
wolfSSL 15:117db924cf7c 133 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 134 previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 135 current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 136 hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC);
wolfSSL 15:117db924cf7c 137
wolfSSL 15:117db924cf7c 138 if (previous == NULL || current == NULL || hmac == NULL) {
wolfSSL 15:117db924cf7c 139 if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 140 if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 141 if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
wolfSSL 15:117db924cf7c 142
wolfSSL 15:117db924cf7c 143 return MEMORY_E;
wolfSSL 15:117db924cf7c 144 }
wolfSSL 15:117db924cf7c 145 #endif
wolfSSL 15:117db924cf7c 146
wolfSSL 15:117db924cf7c 147 switch (hash) {
wolfSSL 15:117db924cf7c 148 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 149 case md5_mac:
wolfSSL 15:117db924cf7c 150 hash = WC_MD5;
wolfSSL 15:117db924cf7c 151 len = WC_MD5_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 152 break;
wolfSSL 15:117db924cf7c 153 #endif
wolfSSL 15:117db924cf7c 154
wolfSSL 15:117db924cf7c 155 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 156 case sha256_mac:
wolfSSL 15:117db924cf7c 157 hash = WC_SHA256;
wolfSSL 15:117db924cf7c 158 len = WC_SHA256_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 159 break;
wolfSSL 15:117db924cf7c 160 #endif
wolfSSL 15:117db924cf7c 161
wolfSSL 15:117db924cf7c 162 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 163 case sha384_mac:
wolfSSL 15:117db924cf7c 164 hash = WC_SHA384;
wolfSSL 15:117db924cf7c 165 len = WC_SHA384_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 166 break;
wolfSSL 15:117db924cf7c 167 #endif
wolfSSL 15:117db924cf7c 168
wolfSSL 15:117db924cf7c 169 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 170 case sha_mac:
wolfSSL 15:117db924cf7c 171 default:
wolfSSL 15:117db924cf7c 172 hash = WC_SHA;
wolfSSL 15:117db924cf7c 173 len = WC_SHA_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 174 break;
wolfSSL 15:117db924cf7c 175 #endif
wolfSSL 15:117db924cf7c 176 }
wolfSSL 15:117db924cf7c 177
wolfSSL 15:117db924cf7c 178 times = resLen / len;
wolfSSL 15:117db924cf7c 179 lastLen = resLen % len;
wolfSSL 15:117db924cf7c 180
wolfSSL 15:117db924cf7c 181 if (lastLen)
wolfSSL 15:117db924cf7c 182 times += 1;
wolfSSL 15:117db924cf7c 183
wolfSSL 15:117db924cf7c 184 lastTime = times - 1;
wolfSSL 15:117db924cf7c 185
wolfSSL 15:117db924cf7c 186 ret = wc_HmacInit(hmac, heap, devId);
wolfSSL 15:117db924cf7c 187 if (ret == 0) {
wolfSSL 15:117db924cf7c 188 ret = wc_HmacSetKey(hmac, hash, secret, secLen);
wolfSSL 15:117db924cf7c 189 if (ret == 0)
wolfSSL 15:117db924cf7c 190 ret = wc_HmacUpdate(hmac, seed, seedLen); /* A0 = seed */
wolfSSL 15:117db924cf7c 191 if (ret == 0)
wolfSSL 15:117db924cf7c 192 ret = wc_HmacFinal(hmac, previous); /* A1 */
wolfSSL 15:117db924cf7c 193 if (ret == 0) {
wolfSSL 15:117db924cf7c 194 for (i = 0; i < times; i++) {
wolfSSL 15:117db924cf7c 195 ret = wc_HmacUpdate(hmac, previous, len);
wolfSSL 15:117db924cf7c 196 if (ret != 0)
wolfSSL 15:117db924cf7c 197 break;
wolfSSL 15:117db924cf7c 198 ret = wc_HmacUpdate(hmac, seed, seedLen);
wolfSSL 15:117db924cf7c 199 if (ret != 0)
wolfSSL 15:117db924cf7c 200 break;
wolfSSL 15:117db924cf7c 201 ret = wc_HmacFinal(hmac, current);
wolfSSL 15:117db924cf7c 202 if (ret != 0)
wolfSSL 15:117db924cf7c 203 break;
wolfSSL 15:117db924cf7c 204
wolfSSL 15:117db924cf7c 205 if ((i == lastTime) && lastLen)
wolfSSL 15:117db924cf7c 206 XMEMCPY(&result[idx], current,
wolfSSL 15:117db924cf7c 207 min(lastLen, P_HASH_MAX_SIZE));
wolfSSL 15:117db924cf7c 208 else {
wolfSSL 15:117db924cf7c 209 XMEMCPY(&result[idx], current, len);
wolfSSL 15:117db924cf7c 210 idx += len;
wolfSSL 15:117db924cf7c 211 ret = wc_HmacUpdate(hmac, previous, len);
wolfSSL 15:117db924cf7c 212 if (ret != 0)
wolfSSL 15:117db924cf7c 213 break;
wolfSSL 15:117db924cf7c 214 ret = wc_HmacFinal(hmac, previous);
wolfSSL 15:117db924cf7c 215 if (ret != 0)
wolfSSL 15:117db924cf7c 216 break;
wolfSSL 15:117db924cf7c 217 }
wolfSSL 15:117db924cf7c 218 }
wolfSSL 15:117db924cf7c 219 }
wolfSSL 15:117db924cf7c 220 wc_HmacFree(hmac);
wolfSSL 15:117db924cf7c 221 }
wolfSSL 15:117db924cf7c 222
wolfSSL 15:117db924cf7c 223 ForceZero(previous, P_HASH_MAX_SIZE);
wolfSSL 15:117db924cf7c 224 ForceZero(current, P_HASH_MAX_SIZE);
wolfSSL 15:117db924cf7c 225 ForceZero(hmac, sizeof(Hmac));
wolfSSL 15:117db924cf7c 226
wolfSSL 15:117db924cf7c 227 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 228 XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 229 XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 230 XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
wolfSSL 15:117db924cf7c 231 #endif
wolfSSL 15:117db924cf7c 232
wolfSSL 15:117db924cf7c 233 return ret;
wolfSSL 15:117db924cf7c 234 }
wolfSSL 15:117db924cf7c 235
wolfSSL 15:117db924cf7c 236 #undef P_HASH_MAX_SIZE
wolfSSL 15:117db924cf7c 237
wolfSSL 15:117db924cf7c 238 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 15:117db924cf7c 239
wolfSSL 15:117db924cf7c 240
wolfSSL 15:117db924cf7c 241 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 242
wolfSSL 15:117db924cf7c 243 /* calculate XOR for TLSv1 PRF */
wolfSSL 15:117db924cf7c 244 static WC_INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
wolfSSL 15:117db924cf7c 245 {
wolfSSL 15:117db924cf7c 246 word32 i;
wolfSSL 15:117db924cf7c 247
wolfSSL 15:117db924cf7c 248 for (i = 0; i < digLen; i++)
wolfSSL 15:117db924cf7c 249 digest[i] = md5[i] ^ sha[i];
wolfSSL 15:117db924cf7c 250 }
wolfSSL 15:117db924cf7c 251
wolfSSL 15:117db924cf7c 252
wolfSSL 15:117db924cf7c 253 /* compute TLSv1 PRF (pseudo random function using HMAC) */
wolfSSL 15:117db924cf7c 254 static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
wolfSSL 15:117db924cf7c 255 const byte* label, word32 labLen, const byte* seed,
wolfSSL 15:117db924cf7c 256 word32 seedLen, void* heap, int devId)
wolfSSL 15:117db924cf7c 257 {
wolfSSL 15:117db924cf7c 258 int ret = 0;
wolfSSL 15:117db924cf7c 259 word32 half = (secLen + 1) / 2;
wolfSSL 15:117db924cf7c 260
wolfSSL 15:117db924cf7c 261 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 262 byte* md5_half;
wolfSSL 15:117db924cf7c 263 byte* sha_half;
wolfSSL 15:117db924cf7c 264 byte* md5_result;
wolfSSL 15:117db924cf7c 265 byte* sha_result;
wolfSSL 15:117db924cf7c 266 #else
wolfSSL 15:117db924cf7c 267 byte md5_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL 15:117db924cf7c 268 byte sha_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL 15:117db924cf7c 269 byte md5_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL 15:117db924cf7c 270 byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL 15:117db924cf7c 271 #endif
wolfSSL 15:117db924cf7c 272 DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap);
wolfSSL 15:117db924cf7c 273
wolfSSL 15:117db924cf7c 274 if (half > MAX_PRF_HALF)
wolfSSL 15:117db924cf7c 275 return BUFFER_E;
wolfSSL 15:117db924cf7c 276 if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL 15:117db924cf7c 277 return BUFFER_E;
wolfSSL 15:117db924cf7c 278 if (digLen > MAX_PRF_DIG)
wolfSSL 15:117db924cf7c 279 return BUFFER_E;
wolfSSL 15:117db924cf7c 280
wolfSSL 15:117db924cf7c 281 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 282 md5_half = (byte*)XMALLOC(MAX_PRF_HALF, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 283 sha_half = (byte*)XMALLOC(MAX_PRF_HALF, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 284 md5_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 285 sha_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 286
wolfSSL 15:117db924cf7c 287 if (md5_half == NULL || sha_half == NULL || md5_result == NULL ||
wolfSSL 15:117db924cf7c 288 sha_result == NULL) {
wolfSSL 15:117db924cf7c 289 if (md5_half) XFREE(md5_half, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 290 if (sha_half) XFREE(sha_half, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 291 if (md5_result) XFREE(md5_result, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 292 if (sha_result) XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 293 FREE_VAR(labelSeed, heap);
wolfSSL 15:117db924cf7c 294
wolfSSL 15:117db924cf7c 295 return MEMORY_E;
wolfSSL 15:117db924cf7c 296 }
wolfSSL 15:117db924cf7c 297 #endif
wolfSSL 15:117db924cf7c 298
wolfSSL 15:117db924cf7c 299 XMEMSET(md5_result, 0, digLen);
wolfSSL 15:117db924cf7c 300 XMEMSET(sha_result, 0, digLen);
wolfSSL 15:117db924cf7c 301
wolfSSL 15:117db924cf7c 302 XMEMCPY(md5_half, secret, half);
wolfSSL 15:117db924cf7c 303 XMEMCPY(sha_half, secret + half - secLen % 2, half);
wolfSSL 15:117db924cf7c 304
wolfSSL 15:117db924cf7c 305 XMEMCPY(labelSeed, label, labLen);
wolfSSL 15:117db924cf7c 306 XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL 15:117db924cf7c 307
wolfSSL 15:117db924cf7c 308 if ((ret = p_hash(md5_result, digLen, md5_half, half, labelSeed,
wolfSSL 15:117db924cf7c 309 labLen + seedLen, md5_mac, heap, devId)) == 0) {
wolfSSL 15:117db924cf7c 310 if ((ret = p_hash(sha_result, digLen, sha_half, half, labelSeed,
wolfSSL 15:117db924cf7c 311 labLen + seedLen, sha_mac, heap, devId)) == 0) {
wolfSSL 15:117db924cf7c 312 get_xor(digest, digLen, md5_result, sha_result);
wolfSSL 15:117db924cf7c 313 }
wolfSSL 15:117db924cf7c 314 }
wolfSSL 15:117db924cf7c 315
wolfSSL 15:117db924cf7c 316 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 317 XFREE(md5_half, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 318 XFREE(sha_half, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 319 XFREE(md5_result, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 320 XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 321 #endif
wolfSSL 15:117db924cf7c 322
wolfSSL 15:117db924cf7c 323 FREE_VAR(labelSeed, heap);
wolfSSL 15:117db924cf7c 324
wolfSSL 15:117db924cf7c 325 return ret;
wolfSSL 15:117db924cf7c 326 }
wolfSSL 15:117db924cf7c 327
wolfSSL 15:117db924cf7c 328 #endif
wolfSSL 15:117db924cf7c 329
wolfSSL 15:117db924cf7c 330
wolfSSL 15:117db924cf7c 331 #ifndef WOLFSSL_NO_TLS12
wolfSSL 15:117db924cf7c 332
wolfSSL 15:117db924cf7c 333 /* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack
wolfSSL 15:117db924cf7c 334 use */
wolfSSL 15:117db924cf7c 335 static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
wolfSSL 15:117db924cf7c 336 const byte* label, word32 labLen, const byte* seed, word32 seedLen,
wolfSSL 15:117db924cf7c 337 int useAtLeastSha256, int hash_type, void* heap, int devId)
wolfSSL 15:117db924cf7c 338 {
wolfSSL 15:117db924cf7c 339 int ret = 0;
wolfSSL 15:117db924cf7c 340
wolfSSL 15:117db924cf7c 341 if (useAtLeastSha256) {
wolfSSL 15:117db924cf7c 342 DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap);
wolfSSL 15:117db924cf7c 343
wolfSSL 15:117db924cf7c 344 if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL 15:117db924cf7c 345 return BUFFER_E;
wolfSSL 15:117db924cf7c 346
wolfSSL 15:117db924cf7c 347 XMEMCPY(labelSeed, label, labLen);
wolfSSL 15:117db924cf7c 348 XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL 15:117db924cf7c 349
wolfSSL 15:117db924cf7c 350 /* If a cipher suite wants an algorithm better than sha256, it
wolfSSL 15:117db924cf7c 351 * should use better. */
wolfSSL 15:117db924cf7c 352 if (hash_type < sha256_mac || hash_type == blake2b_mac)
wolfSSL 15:117db924cf7c 353 hash_type = sha256_mac;
wolfSSL 15:117db924cf7c 354 ret = p_hash(digest, digLen, secret, secLen, labelSeed,
wolfSSL 15:117db924cf7c 355 labLen + seedLen, hash_type, heap, devId);
wolfSSL 15:117db924cf7c 356
wolfSSL 15:117db924cf7c 357 FREE_VAR(labelSeed, heap);
wolfSSL 15:117db924cf7c 358 }
wolfSSL 15:117db924cf7c 359 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 360 else {
wolfSSL 15:117db924cf7c 361 ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed,
wolfSSL 15:117db924cf7c 362 seedLen, heap, devId);
wolfSSL 15:117db924cf7c 363 }
wolfSSL 15:117db924cf7c 364 #endif
wolfSSL 15:117db924cf7c 365
wolfSSL 15:117db924cf7c 366 return ret;
wolfSSL 15:117db924cf7c 367 }
wolfSSL 15:117db924cf7c 368
wolfSSL 15:117db924cf7c 369 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 370 #define HSHASH_SZ WC_SHA384_DIGEST_SIZE
wolfSSL 15:117db924cf7c 371 #else
wolfSSL 15:117db924cf7c 372 #define HSHASH_SZ FINISHED_SZ
wolfSSL 15:117db924cf7c 373 #endif
wolfSSL 15:117db924cf7c 374
wolfSSL 15:117db924cf7c 375
wolfSSL 15:117db924cf7c 376 int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen)
wolfSSL 15:117db924cf7c 377 {
wolfSSL 15:117db924cf7c 378 word32 hashSz = FINISHED_SZ;
wolfSSL 15:117db924cf7c 379
wolfSSL 15:117db924cf7c 380 if (ssl == NULL || hash == NULL || hashLen == NULL || *hashLen < HSHASH_SZ)
wolfSSL 15:117db924cf7c 381 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 382
wolfSSL 15:117db924cf7c 383 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 384 wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash);
wolfSSL 15:117db924cf7c 385 wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[WC_MD5_DIGEST_SIZE]);
wolfSSL 15:117db924cf7c 386 #endif
wolfSSL 15:117db924cf7c 387
wolfSSL 15:117db924cf7c 388 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 15:117db924cf7c 389 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 390 if (ssl->specs.mac_algorithm <= sha256_mac ||
wolfSSL 15:117db924cf7c 391 ssl->specs.mac_algorithm == blake2b_mac) {
wolfSSL 15:117db924cf7c 392 int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash);
wolfSSL 15:117db924cf7c 393
wolfSSL 15:117db924cf7c 394 if (ret != 0)
wolfSSL 15:117db924cf7c 395 return ret;
wolfSSL 15:117db924cf7c 396
wolfSSL 15:117db924cf7c 397 hashSz = WC_SHA256_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 398 }
wolfSSL 15:117db924cf7c 399 #endif
wolfSSL 15:117db924cf7c 400 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 401 if (ssl->specs.mac_algorithm == sha384_mac) {
wolfSSL 15:117db924cf7c 402 int ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash);
wolfSSL 15:117db924cf7c 403
wolfSSL 15:117db924cf7c 404 if (ret != 0)
wolfSSL 15:117db924cf7c 405 return ret;
wolfSSL 15:117db924cf7c 406
wolfSSL 15:117db924cf7c 407 hashSz = WC_SHA384_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 408 }
wolfSSL 15:117db924cf7c 409 #endif
wolfSSL 15:117db924cf7c 410 }
wolfSSL 15:117db924cf7c 411
wolfSSL 15:117db924cf7c 412 *hashLen = hashSz;
wolfSSL 15:117db924cf7c 413
wolfSSL 15:117db924cf7c 414 return 0;
wolfSSL 15:117db924cf7c 415 }
wolfSSL 15:117db924cf7c 416
wolfSSL 15:117db924cf7c 417
wolfSSL 15:117db924cf7c 418 int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 15:117db924cf7c 419 {
wolfSSL 15:117db924cf7c 420 int ret;
wolfSSL 15:117db924cf7c 421 const byte* side;
wolfSSL 15:117db924cf7c 422 byte* handshake_hash;
wolfSSL 15:117db924cf7c 423 word32 hashSz = HSHASH_SZ;
wolfSSL 15:117db924cf7c 424
wolfSSL 15:117db924cf7c 425 /* using allocate here to allow async hardware to use buffer directly */
wolfSSL 15:117db924cf7c 426 handshake_hash = (byte*)XMALLOC(hashSz, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 427 if (handshake_hash == NULL)
wolfSSL 15:117db924cf7c 428 return MEMORY_E;
wolfSSL 15:117db924cf7c 429
wolfSSL 15:117db924cf7c 430 ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
wolfSSL 15:117db924cf7c 431 if (ret == 0) {
wolfSSL 15:117db924cf7c 432 if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
wolfSSL 15:117db924cf7c 433 side = tls_client;
wolfSSL 15:117db924cf7c 434 else
wolfSSL 15:117db924cf7c 435 side = tls_server;
wolfSSL 15:117db924cf7c 436
wolfSSL 15:117db924cf7c 437 ret = PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret,
wolfSSL 15:117db924cf7c 438 SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz,
wolfSSL 15:117db924cf7c 439 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 440 ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 441 }
wolfSSL 15:117db924cf7c 442
wolfSSL 15:117db924cf7c 443 XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 444
wolfSSL 15:117db924cf7c 445 return ret;
wolfSSL 15:117db924cf7c 446 }
wolfSSL 15:117db924cf7c 447
wolfSSL 15:117db924cf7c 448 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 15:117db924cf7c 449
wolfSSL 15:117db924cf7c 450 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 451
wolfSSL 15:117db924cf7c 452 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 15:117db924cf7c 453 ProtocolVersion MakeTLSv1(void)
wolfSSL 15:117db924cf7c 454 {
wolfSSL 15:117db924cf7c 455 ProtocolVersion pv;
wolfSSL 15:117db924cf7c 456 pv.major = SSLv3_MAJOR;
wolfSSL 15:117db924cf7c 457 pv.minor = TLSv1_MINOR;
wolfSSL 15:117db924cf7c 458
wolfSSL 15:117db924cf7c 459 return pv;
wolfSSL 15:117db924cf7c 460 }
wolfSSL 15:117db924cf7c 461 #endif /* WOLFSSL_ALLOW_TLSV10 */
wolfSSL 15:117db924cf7c 462
wolfSSL 15:117db924cf7c 463
wolfSSL 15:117db924cf7c 464 ProtocolVersion MakeTLSv1_1(void)
wolfSSL 15:117db924cf7c 465 {
wolfSSL 15:117db924cf7c 466 ProtocolVersion pv;
wolfSSL 15:117db924cf7c 467 pv.major = SSLv3_MAJOR;
wolfSSL 15:117db924cf7c 468 pv.minor = TLSv1_1_MINOR;
wolfSSL 15:117db924cf7c 469
wolfSSL 15:117db924cf7c 470 return pv;
wolfSSL 15:117db924cf7c 471 }
wolfSSL 15:117db924cf7c 472
wolfSSL 15:117db924cf7c 473 #endif /* !NO_OLD_TLS */
wolfSSL 15:117db924cf7c 474
wolfSSL 15:117db924cf7c 475
wolfSSL 15:117db924cf7c 476 #ifndef WOLFSSL_NO_TLS12
wolfSSL 15:117db924cf7c 477
wolfSSL 15:117db924cf7c 478 ProtocolVersion MakeTLSv1_2(void)
wolfSSL 15:117db924cf7c 479 {
wolfSSL 15:117db924cf7c 480 ProtocolVersion pv;
wolfSSL 15:117db924cf7c 481 pv.major = SSLv3_MAJOR;
wolfSSL 15:117db924cf7c 482 pv.minor = TLSv1_2_MINOR;
wolfSSL 15:117db924cf7c 483
wolfSSL 15:117db924cf7c 484 return pv;
wolfSSL 15:117db924cf7c 485 }
wolfSSL 15:117db924cf7c 486
wolfSSL 15:117db924cf7c 487 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 15:117db924cf7c 488
wolfSSL 15:117db924cf7c 489 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 490 /* The TLS v1.3 protocol version.
wolfSSL 15:117db924cf7c 491 *
wolfSSL 15:117db924cf7c 492 * returns the protocol version data for TLS v1.3.
wolfSSL 15:117db924cf7c 493 */
wolfSSL 15:117db924cf7c 494 ProtocolVersion MakeTLSv1_3(void)
wolfSSL 15:117db924cf7c 495 {
wolfSSL 15:117db924cf7c 496 ProtocolVersion pv;
wolfSSL 15:117db924cf7c 497 pv.major = SSLv3_MAJOR;
wolfSSL 15:117db924cf7c 498 pv.minor = TLSv1_3_MINOR;
wolfSSL 15:117db924cf7c 499
wolfSSL 15:117db924cf7c 500 return pv;
wolfSSL 15:117db924cf7c 501 }
wolfSSL 15:117db924cf7c 502 #endif
wolfSSL 15:117db924cf7c 503
wolfSSL 15:117db924cf7c 504 #ifndef WOLFSSL_NO_TLS12
wolfSSL 15:117db924cf7c 505
wolfSSL 15:117db924cf7c 506 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 507 static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] =
wolfSSL 15:117db924cf7c 508 "extended master secret";
wolfSSL 15:117db924cf7c 509 #endif
wolfSSL 15:117db924cf7c 510 static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
wolfSSL 15:117db924cf7c 511 static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
wolfSSL 15:117db924cf7c 512
wolfSSL 15:117db924cf7c 513 static int _DeriveTlsKeys(byte* key_dig, word32 key_dig_len,
wolfSSL 15:117db924cf7c 514 const byte* ms, word32 msLen,
wolfSSL 15:117db924cf7c 515 const byte* sr, const byte* cr,
wolfSSL 15:117db924cf7c 516 int tls1_2, int hash_type,
wolfSSL 15:117db924cf7c 517 void* heap, int devId)
wolfSSL 15:117db924cf7c 518 {
wolfSSL 15:117db924cf7c 519 int ret;
wolfSSL 15:117db924cf7c 520 DECLARE_VAR(seed, byte, SEED_LEN, heap);
wolfSSL 15:117db924cf7c 521
wolfSSL 15:117db924cf7c 522 XMEMCPY(seed, sr, RAN_LEN);
wolfSSL 15:117db924cf7c 523 XMEMCPY(seed + RAN_LEN, cr, RAN_LEN);
wolfSSL 15:117db924cf7c 524
wolfSSL 15:117db924cf7c 525 ret = PRF(key_dig, key_dig_len, ms, msLen, key_label, KEY_LABEL_SZ,
wolfSSL 15:117db924cf7c 526 seed, SEED_LEN, tls1_2, hash_type, heap, devId);
wolfSSL 15:117db924cf7c 527
wolfSSL 15:117db924cf7c 528 FREE_VAR(seed, heap);
wolfSSL 15:117db924cf7c 529
wolfSSL 15:117db924cf7c 530 return ret;
wolfSSL 15:117db924cf7c 531 }
wolfSSL 15:117db924cf7c 532
wolfSSL 15:117db924cf7c 533 /* External facing wrapper so user can call as well, 0 on success */
wolfSSL 15:117db924cf7c 534 int wolfSSL_DeriveTlsKeys(byte* key_dig, word32 key_dig_len,
wolfSSL 15:117db924cf7c 535 const byte* ms, word32 msLen,
wolfSSL 15:117db924cf7c 536 const byte* sr, const byte* cr,
wolfSSL 15:117db924cf7c 537 int tls1_2, int hash_type)
wolfSSL 15:117db924cf7c 538 {
wolfSSL 15:117db924cf7c 539 return _DeriveTlsKeys(key_dig, key_dig_len, ms, msLen, sr, cr, tls1_2,
wolfSSL 15:117db924cf7c 540 hash_type, NULL, INVALID_DEVID);
wolfSSL 15:117db924cf7c 541 }
wolfSSL 15:117db924cf7c 542
wolfSSL 15:117db924cf7c 543
wolfSSL 15:117db924cf7c 544 int DeriveTlsKeys(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 545 {
wolfSSL 15:117db924cf7c 546 int ret;
wolfSSL 15:117db924cf7c 547 int key_dig_len = 2 * ssl->specs.hash_size +
wolfSSL 15:117db924cf7c 548 2 * ssl->specs.key_size +
wolfSSL 15:117db924cf7c 549 2 * ssl->specs.iv_size;
wolfSSL 15:117db924cf7c 550 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 551 byte* key_dig;
wolfSSL 15:117db924cf7c 552 #else
wolfSSL 15:117db924cf7c 553 byte key_dig[MAX_PRF_DIG];
wolfSSL 15:117db924cf7c 554 #endif
wolfSSL 15:117db924cf7c 555
wolfSSL 15:117db924cf7c 556 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 557 key_dig = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 558 if (key_dig == NULL) {
wolfSSL 15:117db924cf7c 559 return MEMORY_E;
wolfSSL 15:117db924cf7c 560 }
wolfSSL 15:117db924cf7c 561 #endif
wolfSSL 15:117db924cf7c 562
wolfSSL 15:117db924cf7c 563 ret = _DeriveTlsKeys(key_dig, key_dig_len,
wolfSSL 15:117db924cf7c 564 ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 15:117db924cf7c 565 ssl->arrays->serverRandom, ssl->arrays->clientRandom,
wolfSSL 15:117db924cf7c 566 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 567 ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 568 if (ret == 0)
wolfSSL 15:117db924cf7c 569 ret = StoreKeys(ssl, key_dig, PROVISION_CLIENT_SERVER);
wolfSSL 15:117db924cf7c 570
wolfSSL 15:117db924cf7c 571 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 572 XFREE(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 573 #endif
wolfSSL 15:117db924cf7c 574
wolfSSL 15:117db924cf7c 575 return ret;
wolfSSL 15:117db924cf7c 576 }
wolfSSL 15:117db924cf7c 577
wolfSSL 15:117db924cf7c 578 static int _MakeTlsMasterSecret(byte* ms, word32 msLen,
wolfSSL 15:117db924cf7c 579 const byte* pms, word32 pmsLen,
wolfSSL 15:117db924cf7c 580 const byte* cr, const byte* sr,
wolfSSL 15:117db924cf7c 581 int tls1_2, int hash_type,
wolfSSL 15:117db924cf7c 582 void* heap, int devId)
wolfSSL 15:117db924cf7c 583 {
wolfSSL 15:117db924cf7c 584 byte seed[SEED_LEN];
wolfSSL 15:117db924cf7c 585
wolfSSL 15:117db924cf7c 586 XMEMCPY(seed, cr, RAN_LEN);
wolfSSL 15:117db924cf7c 587 XMEMCPY(seed + RAN_LEN, sr, RAN_LEN);
wolfSSL 15:117db924cf7c 588
wolfSSL 15:117db924cf7c 589 return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ,
wolfSSL 15:117db924cf7c 590 seed, SEED_LEN, tls1_2, hash_type, heap, devId);
wolfSSL 15:117db924cf7c 591 }
wolfSSL 15:117db924cf7c 592
wolfSSL 15:117db924cf7c 593 /* External facing wrapper so user can call as well, 0 on success */
wolfSSL 15:117db924cf7c 594 int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
wolfSSL 15:117db924cf7c 595 const byte* pms, word32 pmsLen,
wolfSSL 15:117db924cf7c 596 const byte* cr, const byte* sr,
wolfSSL 15:117db924cf7c 597 int tls1_2, int hash_type)
wolfSSL 15:117db924cf7c 598 {
wolfSSL 15:117db924cf7c 599 return _MakeTlsMasterSecret(ms, msLen, pms, pmsLen, cr, sr, tls1_2,
wolfSSL 15:117db924cf7c 600 hash_type, NULL, INVALID_DEVID);
wolfSSL 15:117db924cf7c 601 }
wolfSSL 15:117db924cf7c 602
wolfSSL 15:117db924cf7c 603
wolfSSL 15:117db924cf7c 604 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 605
wolfSSL 15:117db924cf7c 606 static int _MakeTlsExtendedMasterSecret(byte* ms, word32 msLen,
wolfSSL 15:117db924cf7c 607 const byte* pms, word32 pmsLen,
wolfSSL 15:117db924cf7c 608 const byte* sHash, word32 sHashLen,
wolfSSL 15:117db924cf7c 609 int tls1_2, int hash_type,
wolfSSL 15:117db924cf7c 610 void* heap, int devId)
wolfSSL 15:117db924cf7c 611 {
wolfSSL 15:117db924cf7c 612 return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ,
wolfSSL 15:117db924cf7c 613 sHash, sHashLen, tls1_2, hash_type, heap, devId);
wolfSSL 15:117db924cf7c 614 }
wolfSSL 15:117db924cf7c 615
wolfSSL 15:117db924cf7c 616 /* External facing wrapper so user can call as well, 0 on success */
wolfSSL 15:117db924cf7c 617 int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen,
wolfSSL 15:117db924cf7c 618 const byte* pms, word32 pmsLen,
wolfSSL 15:117db924cf7c 619 const byte* sHash, word32 sHashLen,
wolfSSL 15:117db924cf7c 620 int tls1_2, int hash_type)
wolfSSL 15:117db924cf7c 621 {
wolfSSL 15:117db924cf7c 622 return _MakeTlsExtendedMasterSecret(ms, msLen, pms, pmsLen, sHash, sHashLen,
wolfSSL 15:117db924cf7c 623 tls1_2, hash_type, NULL, INVALID_DEVID);
wolfSSL 15:117db924cf7c 624 }
wolfSSL 15:117db924cf7c 625
wolfSSL 15:117db924cf7c 626 #endif /* HAVE_EXTENDED_MASTER */
wolfSSL 15:117db924cf7c 627
wolfSSL 15:117db924cf7c 628
wolfSSL 15:117db924cf7c 629 int MakeTlsMasterSecret(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 630 {
wolfSSL 15:117db924cf7c 631 int ret;
wolfSSL 15:117db924cf7c 632 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 633 if (ssl->options.haveEMS) {
wolfSSL 15:117db924cf7c 634 byte* handshake_hash;
wolfSSL 15:117db924cf7c 635 word32 hashSz = HSHASH_SZ;
wolfSSL 15:117db924cf7c 636
wolfSSL 15:117db924cf7c 637 handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap,
wolfSSL 15:117db924cf7c 638 DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 639 if (handshake_hash == NULL)
wolfSSL 15:117db924cf7c 640 return MEMORY_E;
wolfSSL 15:117db924cf7c 641
wolfSSL 15:117db924cf7c 642 ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
wolfSSL 15:117db924cf7c 643 if (ret < 0) {
wolfSSL 15:117db924cf7c 644 XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 645 return ret;
wolfSSL 15:117db924cf7c 646 }
wolfSSL 15:117db924cf7c 647
wolfSSL 15:117db924cf7c 648 ret = _MakeTlsExtendedMasterSecret(
wolfSSL 15:117db924cf7c 649 ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 15:117db924cf7c 650 ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
wolfSSL 15:117db924cf7c 651 handshake_hash, hashSz,
wolfSSL 15:117db924cf7c 652 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 653 ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 654
wolfSSL 15:117db924cf7c 655 XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 656 } else
wolfSSL 15:117db924cf7c 657 #endif
wolfSSL 15:117db924cf7c 658 ret = _MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 15:117db924cf7c 659 ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
wolfSSL 15:117db924cf7c 660 ssl->arrays->clientRandom, ssl->arrays->serverRandom,
wolfSSL 15:117db924cf7c 661 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 662 ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 663
wolfSSL 15:117db924cf7c 664 if (ret == 0) {
wolfSSL 15:117db924cf7c 665 #ifdef SHOW_SECRETS
wolfSSL 15:117db924cf7c 666 int i;
wolfSSL 15:117db924cf7c 667
wolfSSL 15:117db924cf7c 668 printf("master secret: ");
wolfSSL 15:117db924cf7c 669 for (i = 0; i < SECRET_LEN; i++)
wolfSSL 15:117db924cf7c 670 printf("%02x", ssl->arrays->masterSecret[i]);
wolfSSL 15:117db924cf7c 671 printf("\n");
wolfSSL 15:117db924cf7c 672 #endif
wolfSSL 15:117db924cf7c 673
wolfSSL 15:117db924cf7c 674 ret = DeriveTlsKeys(ssl);
wolfSSL 15:117db924cf7c 675 }
wolfSSL 15:117db924cf7c 676
wolfSSL 15:117db924cf7c 677 return ret;
wolfSSL 15:117db924cf7c 678 }
wolfSSL 15:117db924cf7c 679
wolfSSL 15:117db924cf7c 680
wolfSSL 15:117db924cf7c 681 /* Used by EAP-TLS and EAP-TTLS to derive keying material from
wolfSSL 15:117db924cf7c 682 * the master_secret. */
wolfSSL 15:117db924cf7c 683 int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
wolfSSL 15:117db924cf7c 684 const char* label)
wolfSSL 15:117db924cf7c 685 {
wolfSSL 15:117db924cf7c 686 int ret;
wolfSSL 15:117db924cf7c 687 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 688 byte* seed;
wolfSSL 15:117db924cf7c 689 #else
wolfSSL 15:117db924cf7c 690 byte seed[SEED_LEN];
wolfSSL 15:117db924cf7c 691 #endif
wolfSSL 15:117db924cf7c 692
wolfSSL 15:117db924cf7c 693 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 694 seed = (byte*)XMALLOC(SEED_LEN, ssl->heap, DYNAMIC_TYPE_SEED);
wolfSSL 15:117db924cf7c 695 if (seed == NULL)
wolfSSL 15:117db924cf7c 696 return MEMORY_E;
wolfSSL 15:117db924cf7c 697 #endif
wolfSSL 15:117db924cf7c 698
wolfSSL 15:117db924cf7c 699 /*
wolfSSL 15:117db924cf7c 700 * As per RFC-5281, the order of the client and server randoms is reversed
wolfSSL 15:117db924cf7c 701 * from that used by the TLS protocol to derive keys.
wolfSSL 15:117db924cf7c 702 */
wolfSSL 15:117db924cf7c 703 XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 15:117db924cf7c 704 XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 15:117db924cf7c 705
wolfSSL 15:117db924cf7c 706 ret = PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 15:117db924cf7c 707 (const byte *)label, (word32)XSTRLEN(label), seed, SEED_LEN,
wolfSSL 15:117db924cf7c 708 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 709 ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 710
wolfSSL 15:117db924cf7c 711 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 712 XFREE(seed, ssl->heap, DYNAMIC_TYPE_SEED);
wolfSSL 15:117db924cf7c 713 #endif
wolfSSL 15:117db924cf7c 714
wolfSSL 15:117db924cf7c 715 return ret;
wolfSSL 15:117db924cf7c 716 }
wolfSSL 15:117db924cf7c 717
wolfSSL 15:117db924cf7c 718
wolfSSL 15:117db924cf7c 719 static WC_INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2])
wolfSSL 15:117db924cf7c 720 {
wolfSSL 15:117db924cf7c 721 if (verify) {
wolfSSL 15:117db924cf7c 722 seq[0] = ssl->keys.peer_sequence_number_hi;
wolfSSL 15:117db924cf7c 723 seq[1] = ssl->keys.peer_sequence_number_lo++;
wolfSSL 15:117db924cf7c 724 if (seq[1] > ssl->keys.peer_sequence_number_lo) {
wolfSSL 15:117db924cf7c 725 /* handle rollover */
wolfSSL 15:117db924cf7c 726 ssl->keys.peer_sequence_number_hi++;
wolfSSL 15:117db924cf7c 727 }
wolfSSL 15:117db924cf7c 728 }
wolfSSL 15:117db924cf7c 729 else {
wolfSSL 15:117db924cf7c 730 seq[0] = ssl->keys.sequence_number_hi;
wolfSSL 15:117db924cf7c 731 seq[1] = ssl->keys.sequence_number_lo++;
wolfSSL 15:117db924cf7c 732 if (seq[1] > ssl->keys.sequence_number_lo) {
wolfSSL 15:117db924cf7c 733 /* handle rollover */
wolfSSL 15:117db924cf7c 734 ssl->keys.sequence_number_hi++;
wolfSSL 15:117db924cf7c 735 }
wolfSSL 15:117db924cf7c 736 }
wolfSSL 15:117db924cf7c 737 }
wolfSSL 15:117db924cf7c 738
wolfSSL 15:117db924cf7c 739
wolfSSL 15:117db924cf7c 740 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 741 static WC_INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2])
wolfSSL 15:117db924cf7c 742 {
wolfSSL 15:117db924cf7c 743 if (order == PREV_ORDER) {
wolfSSL 15:117db924cf7c 744 /* Previous epoch case */
wolfSSL 15:117db924cf7c 745 seq[0] = ((ssl->keys.dtls_epoch - 1) << 16) |
wolfSSL 15:117db924cf7c 746 (ssl->keys.dtls_prev_sequence_number_hi & 0xFFFF);
wolfSSL 15:117db924cf7c 747 seq[1] = ssl->keys.dtls_prev_sequence_number_lo;
wolfSSL 15:117db924cf7c 748 }
wolfSSL 15:117db924cf7c 749 else if (order == PEER_ORDER) {
wolfSSL 15:117db924cf7c 750 seq[0] = (ssl->keys.curEpoch << 16) |
wolfSSL 15:117db924cf7c 751 (ssl->keys.curSeq_hi & 0xFFFF);
wolfSSL 15:117db924cf7c 752 seq[1] = ssl->keys.curSeq_lo; /* explicit from peer */
wolfSSL 15:117db924cf7c 753 }
wolfSSL 15:117db924cf7c 754 else {
wolfSSL 15:117db924cf7c 755 seq[0] = (ssl->keys.dtls_epoch << 16) |
wolfSSL 15:117db924cf7c 756 (ssl->keys.dtls_sequence_number_hi & 0xFFFF);
wolfSSL 15:117db924cf7c 757 seq[1] = ssl->keys.dtls_sequence_number_lo;
wolfSSL 15:117db924cf7c 758 }
wolfSSL 15:117db924cf7c 759 }
wolfSSL 15:117db924cf7c 760 #endif /* WOLFSSL_DTLS */
wolfSSL 15:117db924cf7c 761
wolfSSL 15:117db924cf7c 762
wolfSSL 15:117db924cf7c 763 static WC_INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out)
wolfSSL 15:117db924cf7c 764 {
wolfSSL 15:117db924cf7c 765 word32 seq[2] = {0, 0};
wolfSSL 15:117db924cf7c 766
wolfSSL 15:117db924cf7c 767 if (!ssl->options.dtls) {
wolfSSL 15:117db924cf7c 768 GetSEQIncrement(ssl, verifyOrder, seq);
wolfSSL 15:117db924cf7c 769 }
wolfSSL 15:117db924cf7c 770 else {
wolfSSL 15:117db924cf7c 771 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 772 DtlsGetSEQ(ssl, verifyOrder, seq);
wolfSSL 15:117db924cf7c 773 #endif
wolfSSL 15:117db924cf7c 774 }
wolfSSL 15:117db924cf7c 775
wolfSSL 15:117db924cf7c 776 c32toa(seq[0], out);
wolfSSL 15:117db924cf7c 777 c32toa(seq[1], out + OPAQUE32_LEN);
wolfSSL 15:117db924cf7c 778 }
wolfSSL 15:117db924cf7c 779
wolfSSL 15:117db924cf7c 780
wolfSSL 15:117db924cf7c 781 /*** end copy ***/
wolfSSL 15:117db924cf7c 782
wolfSSL 15:117db924cf7c 783
wolfSSL 15:117db924cf7c 784 /* return HMAC digest type in wolfSSL format */
wolfSSL 15:117db924cf7c 785 int wolfSSL_GetHmacType(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 786 {
wolfSSL 15:117db924cf7c 787 if (ssl == NULL)
wolfSSL 15:117db924cf7c 788 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 789
wolfSSL 15:117db924cf7c 790 switch (ssl->specs.mac_algorithm) {
wolfSSL 15:117db924cf7c 791 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 792 case md5_mac:
wolfSSL 15:117db924cf7c 793 {
wolfSSL 15:117db924cf7c 794 return WC_MD5;
wolfSSL 15:117db924cf7c 795 }
wolfSSL 15:117db924cf7c 796 #endif
wolfSSL 15:117db924cf7c 797 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 798 case sha256_mac:
wolfSSL 15:117db924cf7c 799 {
wolfSSL 15:117db924cf7c 800 return WC_SHA256;
wolfSSL 15:117db924cf7c 801 }
wolfSSL 15:117db924cf7c 802 #endif
wolfSSL 15:117db924cf7c 803 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 804 case sha384_mac:
wolfSSL 15:117db924cf7c 805 {
wolfSSL 15:117db924cf7c 806 return WC_SHA384;
wolfSSL 15:117db924cf7c 807 }
wolfSSL 15:117db924cf7c 808
wolfSSL 15:117db924cf7c 809 #endif
wolfSSL 15:117db924cf7c 810 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 811 case sha_mac:
wolfSSL 15:117db924cf7c 812 {
wolfSSL 15:117db924cf7c 813 return WC_SHA;
wolfSSL 15:117db924cf7c 814 }
wolfSSL 15:117db924cf7c 815 #endif
wolfSSL 15:117db924cf7c 816 #ifdef HAVE_BLAKE2
wolfSSL 15:117db924cf7c 817 case blake2b_mac:
wolfSSL 15:117db924cf7c 818 {
wolfSSL 15:117db924cf7c 819 return BLAKE2B_ID;
wolfSSL 15:117db924cf7c 820 }
wolfSSL 15:117db924cf7c 821 #endif
wolfSSL 15:117db924cf7c 822 default:
wolfSSL 15:117db924cf7c 823 {
wolfSSL 15:117db924cf7c 824 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 825 }
wolfSSL 15:117db924cf7c 826 }
wolfSSL 15:117db924cf7c 827 }
wolfSSL 15:117db924cf7c 828
wolfSSL 15:117db924cf7c 829
wolfSSL 15:117db924cf7c 830 int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
wolfSSL 15:117db924cf7c 831 int verify)
wolfSSL 15:117db924cf7c 832 {
wolfSSL 15:117db924cf7c 833 if (ssl == NULL || inner == NULL)
wolfSSL 15:117db924cf7c 834 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 835
wolfSSL 15:117db924cf7c 836 XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ);
wolfSSL 15:117db924cf7c 837
wolfSSL 15:117db924cf7c 838 WriteSEQ(ssl, verify, inner);
wolfSSL 15:117db924cf7c 839 inner[SEQ_SZ] = (byte)content;
wolfSSL 15:117db924cf7c 840 inner[SEQ_SZ + ENUM_LEN] = ssl->version.major;
wolfSSL 15:117db924cf7c 841 inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
wolfSSL 15:117db924cf7c 842 c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
wolfSSL 15:117db924cf7c 843
wolfSSL 15:117db924cf7c 844 return 0;
wolfSSL 15:117db924cf7c 845 }
wolfSSL 15:117db924cf7c 846
wolfSSL 15:117db924cf7c 847
wolfSSL 15:117db924cf7c 848 #if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \
wolfSSL 15:117db924cf7c 849 !defined(HAVE_SELFTEST)
wolfSSL 15:117db924cf7c 850
wolfSSL 15:117db924cf7c 851 /* Update the hash in the HMAC.
wolfSSL 15:117db924cf7c 852 *
wolfSSL 15:117db924cf7c 853 * hmac HMAC object.
wolfSSL 15:117db924cf7c 854 * data Data to be hashed.
wolfSSL 15:117db924cf7c 855 * sz Size of data to hash.
wolfSSL 15:117db924cf7c 856 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 857 */
wolfSSL 15:117db924cf7c 858 static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz)
wolfSSL 15:117db924cf7c 859 {
wolfSSL 15:117db924cf7c 860 int ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 861
wolfSSL 15:117db924cf7c 862 switch (hmac->macType) {
wolfSSL 15:117db924cf7c 863 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 864 case WC_SHA:
wolfSSL 15:117db924cf7c 865 ret = wc_ShaUpdate(&hmac->hash.sha, data, sz);
wolfSSL 15:117db924cf7c 866 break;
wolfSSL 15:117db924cf7c 867 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 868
wolfSSL 15:117db924cf7c 869 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 870 case WC_SHA256:
wolfSSL 15:117db924cf7c 871 ret = wc_Sha256Update(&hmac->hash.sha256, data, sz);
wolfSSL 15:117db924cf7c 872 break;
wolfSSL 15:117db924cf7c 873 #endif /* !NO_SHA256 */
wolfSSL 15:117db924cf7c 874
wolfSSL 15:117db924cf7c 875 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 876 case WC_SHA384:
wolfSSL 15:117db924cf7c 877 ret = wc_Sha384Update(&hmac->hash.sha384, data, sz);
wolfSSL 15:117db924cf7c 878 break;
wolfSSL 15:117db924cf7c 879 #endif /* WOLFSSL_SHA384 */
wolfSSL 15:117db924cf7c 880
wolfSSL 15:117db924cf7c 881 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 882 case WC_SHA512:
wolfSSL 15:117db924cf7c 883 ret = wc_Sha512Update(&hmac->hash.sha512, data, sz);
wolfSSL 15:117db924cf7c 884 break;
wolfSSL 15:117db924cf7c 885 #endif /* WOLFSSL_SHA512 */
wolfSSL 15:117db924cf7c 886 }
wolfSSL 15:117db924cf7c 887
wolfSSL 15:117db924cf7c 888 return ret;
wolfSSL 15:117db924cf7c 889 }
wolfSSL 15:117db924cf7c 890
wolfSSL 15:117db924cf7c 891 /* Finalize the hash but don't put the EOC, padding or length in.
wolfSSL 15:117db924cf7c 892 *
wolfSSL 15:117db924cf7c 893 * hmac HMAC object.
wolfSSL 15:117db924cf7c 894 * hash Hash result.
wolfSSL 15:117db924cf7c 895 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 896 */
wolfSSL 15:117db924cf7c 897 static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash)
wolfSSL 15:117db924cf7c 898 {
wolfSSL 15:117db924cf7c 899 int ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 900
wolfSSL 15:117db924cf7c 901 switch (hmac->macType) {
wolfSSL 15:117db924cf7c 902 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 903 case WC_SHA:
wolfSSL 15:117db924cf7c 904 ret = wc_ShaFinalRaw(&hmac->hash.sha, hash);
wolfSSL 15:117db924cf7c 905 break;
wolfSSL 15:117db924cf7c 906 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 907
wolfSSL 15:117db924cf7c 908 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 909 case WC_SHA256:
wolfSSL 15:117db924cf7c 910 ret = wc_Sha256FinalRaw(&hmac->hash.sha256, hash);
wolfSSL 15:117db924cf7c 911 break;
wolfSSL 15:117db924cf7c 912 #endif /* !NO_SHA256 */
wolfSSL 15:117db924cf7c 913
wolfSSL 15:117db924cf7c 914 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 915 case WC_SHA384:
wolfSSL 15:117db924cf7c 916 ret = wc_Sha384FinalRaw(&hmac->hash.sha384, hash);
wolfSSL 15:117db924cf7c 917 break;
wolfSSL 15:117db924cf7c 918 #endif /* WOLFSSL_SHA384 */
wolfSSL 15:117db924cf7c 919
wolfSSL 15:117db924cf7c 920 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 921 case WC_SHA512:
wolfSSL 15:117db924cf7c 922 ret = wc_Sha512FinalRaw(&hmac->hash.sha512, hash);
wolfSSL 15:117db924cf7c 923 break;
wolfSSL 15:117db924cf7c 924 #endif /* WOLFSSL_SHA512 */
wolfSSL 15:117db924cf7c 925 }
wolfSSL 15:117db924cf7c 926
wolfSSL 15:117db924cf7c 927 return ret;
wolfSSL 15:117db924cf7c 928 }
wolfSSL 15:117db924cf7c 929
wolfSSL 15:117db924cf7c 930 /* Finalize the HMAC by performing outer hash.
wolfSSL 15:117db924cf7c 931 *
wolfSSL 15:117db924cf7c 932 * hmac HMAC object.
wolfSSL 15:117db924cf7c 933 * mac MAC result.
wolfSSL 15:117db924cf7c 934 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 935 */
wolfSSL 15:117db924cf7c 936 static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
wolfSSL 15:117db924cf7c 937 {
wolfSSL 15:117db924cf7c 938 int ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 939
wolfSSL 15:117db924cf7c 940 switch (hmac->macType) {
wolfSSL 15:117db924cf7c 941 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 942 case WC_SHA:
wolfSSL 15:117db924cf7c 943 ret = wc_InitSha(&hmac->hash.sha);
wolfSSL 15:117db924cf7c 944 if (ret == 0)
wolfSSL 15:117db924cf7c 945 ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad,
wolfSSL 15:117db924cf7c 946 WC_SHA_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 947 if (ret == 0)
wolfSSL 15:117db924cf7c 948 ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash,
wolfSSL 15:117db924cf7c 949 WC_SHA_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 950 if (ret == 0)
wolfSSL 15:117db924cf7c 951 ret = wc_ShaFinal(&hmac->hash.sha, mac);
wolfSSL 15:117db924cf7c 952 break;
wolfSSL 15:117db924cf7c 953 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 954
wolfSSL 15:117db924cf7c 955 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 956 case WC_SHA256:
wolfSSL 15:117db924cf7c 957 ret = wc_InitSha256(&hmac->hash.sha256);
wolfSSL 15:117db924cf7c 958 if (ret == 0)
wolfSSL 15:117db924cf7c 959 ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad,
wolfSSL 15:117db924cf7c 960 WC_SHA256_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 961 if (ret == 0)
wolfSSL 15:117db924cf7c 962 ret = wc_Sha256Update(&hmac->hash.sha256,
wolfSSL 15:117db924cf7c 963 (byte*)hmac->innerHash,
wolfSSL 15:117db924cf7c 964 WC_SHA256_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 965 if (ret == 0)
wolfSSL 15:117db924cf7c 966 ret = wc_Sha256Final(&hmac->hash.sha256, mac);
wolfSSL 15:117db924cf7c 967 break;
wolfSSL 15:117db924cf7c 968 #endif /* !NO_SHA256 */
wolfSSL 15:117db924cf7c 969
wolfSSL 15:117db924cf7c 970 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 971 case WC_SHA384:
wolfSSL 15:117db924cf7c 972 ret = wc_InitSha384(&hmac->hash.sha384);
wolfSSL 15:117db924cf7c 973 if (ret == 0)
wolfSSL 15:117db924cf7c 974 ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad,
wolfSSL 15:117db924cf7c 975 WC_SHA384_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 976 if (ret == 0)
wolfSSL 15:117db924cf7c 977 ret = wc_Sha384Update(&hmac->hash.sha384,
wolfSSL 15:117db924cf7c 978 (byte*)hmac->innerHash,
wolfSSL 15:117db924cf7c 979 WC_SHA384_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 980 if (ret == 0)
wolfSSL 15:117db924cf7c 981 ret = wc_Sha384Final(&hmac->hash.sha384, mac);
wolfSSL 15:117db924cf7c 982 break;
wolfSSL 15:117db924cf7c 983 #endif /* WOLFSSL_SHA384 */
wolfSSL 15:117db924cf7c 984
wolfSSL 15:117db924cf7c 985 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 986 case WC_SHA512:
wolfSSL 15:117db924cf7c 987 ret = wc_InitSha512(&hmac->hash.sha512);
wolfSSL 15:117db924cf7c 988 if (ret == 0)
wolfSSL 15:117db924cf7c 989 ret = wc_Sha512Update(&hmac->hash.sha512,(byte*)hmac->opad,
wolfSSL 15:117db924cf7c 990 WC_SHA512_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 991 if (ret == 0)
wolfSSL 15:117db924cf7c 992 ret = wc_Sha512Update(&hmac->hash.sha512,
wolfSSL 15:117db924cf7c 993 (byte*)hmac->innerHash,
wolfSSL 15:117db924cf7c 994 WC_SHA512_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 995 if (ret == 0)
wolfSSL 15:117db924cf7c 996 ret = wc_Sha512Final(&hmac->hash.sha512, mac);
wolfSSL 15:117db924cf7c 997 break;
wolfSSL 15:117db924cf7c 998 #endif /* WOLFSSL_SHA512 */
wolfSSL 15:117db924cf7c 999 }
wolfSSL 15:117db924cf7c 1000
wolfSSL 15:117db924cf7c 1001 return ret;
wolfSSL 15:117db924cf7c 1002 }
wolfSSL 15:117db924cf7c 1003
wolfSSL 15:117db924cf7c 1004 /* Calculate the HMAC of the header + message data.
wolfSSL 15:117db924cf7c 1005 * Constant time implementation using wc_Sha*FinalRaw().
wolfSSL 15:117db924cf7c 1006 *
wolfSSL 15:117db924cf7c 1007 * hmac HMAC object.
wolfSSL 15:117db924cf7c 1008 * digest MAC result.
wolfSSL 15:117db924cf7c 1009 * in Message data.
wolfSSL 15:117db924cf7c 1010 * sz Size of the message data.
wolfSSL 15:117db924cf7c 1011 * header Constructed record header with length of handshake data.
wolfSSL 15:117db924cf7c 1012 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 1013 */
wolfSSL 15:117db924cf7c 1014 static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
wolfSSL 15:117db924cf7c 1015 word32 sz, byte* header)
wolfSSL 15:117db924cf7c 1016 {
wolfSSL 15:117db924cf7c 1017 byte lenBytes[8];
wolfSSL 15:117db924cf7c 1018 int i, j, k;
wolfSSL 15:117db924cf7c 1019 int blockBits, blockMask;
wolfSSL 15:117db924cf7c 1020 int realLen, lastBlockLen, macLen, extraLen, eocIndex;
wolfSSL 15:117db924cf7c 1021 int blocks, safeBlocks, lenBlock, eocBlock;
wolfSSL 15:117db924cf7c 1022 int maxLen;
wolfSSL 15:117db924cf7c 1023 int blockSz, padSz;
wolfSSL 15:117db924cf7c 1024 int ret;
wolfSSL 15:117db924cf7c 1025 byte extraBlock;
wolfSSL 15:117db924cf7c 1026
wolfSSL 15:117db924cf7c 1027 switch (hmac->macType) {
wolfSSL 15:117db924cf7c 1028 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 1029 case WC_SHA:
wolfSSL 15:117db924cf7c 1030 blockSz = WC_SHA_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 1031 blockBits = 6;
wolfSSL 15:117db924cf7c 1032 macLen = WC_SHA_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 1033 padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 1034 break;
wolfSSL 15:117db924cf7c 1035 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 1036
wolfSSL 15:117db924cf7c 1037 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 1038 case WC_SHA256:
wolfSSL 15:117db924cf7c 1039 blockSz = WC_SHA256_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 1040 blockBits = 6;
wolfSSL 15:117db924cf7c 1041 macLen = WC_SHA256_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 1042 padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 1043 break;
wolfSSL 15:117db924cf7c 1044 #endif /* !NO_SHA256 */
wolfSSL 15:117db924cf7c 1045
wolfSSL 15:117db924cf7c 1046 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 1047 case WC_SHA384:
wolfSSL 15:117db924cf7c 1048 blockSz = WC_SHA384_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 1049 blockBits = 7;
wolfSSL 15:117db924cf7c 1050 macLen = WC_SHA384_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 1051 padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 1052 break;
wolfSSL 15:117db924cf7c 1053 #endif /* WOLFSSL_SHA384 */
wolfSSL 15:117db924cf7c 1054
wolfSSL 15:117db924cf7c 1055 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 1056 case WC_SHA512:
wolfSSL 15:117db924cf7c 1057 blockSz = WC_SHA512_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 1058 blockBits = 7;
wolfSSL 15:117db924cf7c 1059 macLen = WC_SHA512_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 1060 padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 1061 break;
wolfSSL 15:117db924cf7c 1062 #endif /* WOLFSSL_SHA512 */
wolfSSL 15:117db924cf7c 1063
wolfSSL 15:117db924cf7c 1064 default:
wolfSSL 15:117db924cf7c 1065 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1066 }
wolfSSL 15:117db924cf7c 1067 blockMask = blockSz - 1;
wolfSSL 15:117db924cf7c 1068
wolfSSL 15:117db924cf7c 1069 /* Size of data to HMAC if padding length byte is zero. */
wolfSSL 15:117db924cf7c 1070 maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen;
wolfSSL 15:117db924cf7c 1071 /* Complete data (including padding) has block for EOC and/or length. */
wolfSSL 15:117db924cf7c 1072 extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz);
wolfSSL 15:117db924cf7c 1073 /* Total number of blocks for data including padding. */
wolfSSL 15:117db924cf7c 1074 blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock;
wolfSSL 15:117db924cf7c 1075 /* Up to last 6 blocks can be hashed safely. */
wolfSSL 15:117db924cf7c 1076 safeBlocks = blocks - 6;
wolfSSL 15:117db924cf7c 1077
wolfSSL 15:117db924cf7c 1078 /* Length of message data. */
wolfSSL 15:117db924cf7c 1079 realLen = maxLen - in[sz - 1];
wolfSSL 15:117db924cf7c 1080 /* Number of message bytes in last block. */
wolfSSL 15:117db924cf7c 1081 lastBlockLen = realLen & blockMask;
wolfSSL 15:117db924cf7c 1082 /* Number of padding bytes in last block. */
wolfSSL 15:117db924cf7c 1083 extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1;
wolfSSL 15:117db924cf7c 1084 /* Number of blocks to create for hash. */
wolfSSL 15:117db924cf7c 1085 lenBlock = (realLen + extraLen) >> blockBits;
wolfSSL 15:117db924cf7c 1086 /* Block containing EOC byte. */
wolfSSL 15:117db924cf7c 1087 eocBlock = realLen >> blockBits;
wolfSSL 15:117db924cf7c 1088 /* Index of EOC byte in block. */
wolfSSL 15:117db924cf7c 1089 eocIndex = realLen & blockMask;
wolfSSL 15:117db924cf7c 1090
wolfSSL 15:117db924cf7c 1091 /* Add length of hmac's ipad to total length. */
wolfSSL 15:117db924cf7c 1092 realLen += blockSz;
wolfSSL 15:117db924cf7c 1093 /* Length as bits - 8 bytes bigendian. */
wolfSSL 15:117db924cf7c 1094 c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes);
wolfSSL 15:117db924cf7c 1095 c32toa(realLen << 3, lenBytes + sizeof(word32));
wolfSSL 15:117db924cf7c 1096
wolfSSL 15:117db924cf7c 1097 ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, blockSz);
wolfSSL 15:117db924cf7c 1098 if (ret != 0)
wolfSSL 15:117db924cf7c 1099 return ret;
wolfSSL 15:117db924cf7c 1100
wolfSSL 15:117db924cf7c 1101 XMEMSET(hmac->innerHash, 0, macLen);
wolfSSL 15:117db924cf7c 1102
wolfSSL 15:117db924cf7c 1103 if (safeBlocks > 0) {
wolfSSL 15:117db924cf7c 1104 ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
wolfSSL 15:117db924cf7c 1105 if (ret != 0)
wolfSSL 15:117db924cf7c 1106 return ret;
wolfSSL 15:117db924cf7c 1107 ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz -
wolfSSL 15:117db924cf7c 1108 WOLFSSL_TLS_HMAC_INNER_SZ);
wolfSSL 15:117db924cf7c 1109 if (ret != 0)
wolfSSL 15:117db924cf7c 1110 return ret;
wolfSSL 15:117db924cf7c 1111 }
wolfSSL 15:117db924cf7c 1112 else
wolfSSL 15:117db924cf7c 1113 safeBlocks = 0;
wolfSSL 15:117db924cf7c 1114
wolfSSL 15:117db924cf7c 1115 XMEMSET(digest, 0, macLen);
wolfSSL 15:117db924cf7c 1116 k = safeBlocks * blockSz;
wolfSSL 15:117db924cf7c 1117 for (i = safeBlocks; i < blocks; i++) {
wolfSSL 15:117db924cf7c 1118 unsigned char hashBlock[WC_MAX_BLOCK_SIZE];
wolfSSL 15:117db924cf7c 1119 unsigned char isEocBlock = ctMaskEq(i, eocBlock);
wolfSSL 15:117db924cf7c 1120 unsigned char isOutBlock = ctMaskEq(i, lenBlock);
wolfSSL 15:117db924cf7c 1121
wolfSSL 15:117db924cf7c 1122 for (j = 0; j < blockSz; j++, k++) {
wolfSSL 15:117db924cf7c 1123 unsigned char atEoc = ctMaskEq(j, eocIndex) & isEocBlock;
wolfSSL 15:117db924cf7c 1124 unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock;
wolfSSL 15:117db924cf7c 1125 unsigned char b = 0;
wolfSSL 15:117db924cf7c 1126
wolfSSL 15:117db924cf7c 1127 if (k < WOLFSSL_TLS_HMAC_INNER_SZ)
wolfSSL 15:117db924cf7c 1128 b = header[k];
wolfSSL 15:117db924cf7c 1129 else if (k < maxLen)
wolfSSL 15:117db924cf7c 1130 b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ];
wolfSSL 15:117db924cf7c 1131
wolfSSL 15:117db924cf7c 1132 b = ctMaskSel(atEoc, b, 0x80);
wolfSSL 15:117db924cf7c 1133 b &= (unsigned char)~(word32)pastEoc;
wolfSSL 15:117db924cf7c 1134 b &= ((unsigned char)~(word32)isOutBlock) | isEocBlock;
wolfSSL 15:117db924cf7c 1135
wolfSSL 15:117db924cf7c 1136 if (j >= blockSz - 8) {
wolfSSL 15:117db924cf7c 1137 b = ctMaskSel(isOutBlock, b, lenBytes[j - (blockSz - 8)]);
wolfSSL 15:117db924cf7c 1138 }
wolfSSL 15:117db924cf7c 1139
wolfSSL 15:117db924cf7c 1140 hashBlock[j] = b;
wolfSSL 15:117db924cf7c 1141 }
wolfSSL 15:117db924cf7c 1142
wolfSSL 15:117db924cf7c 1143 ret = Hmac_HashUpdate(hmac, hashBlock, blockSz);
wolfSSL 15:117db924cf7c 1144 if (ret != 0)
wolfSSL 15:117db924cf7c 1145 return ret;
wolfSSL 15:117db924cf7c 1146 ret = Hmac_HashFinalRaw(hmac, hashBlock);
wolfSSL 15:117db924cf7c 1147 if (ret != 0)
wolfSSL 15:117db924cf7c 1148 return ret;
wolfSSL 15:117db924cf7c 1149 for (j = 0; j < macLen; j++)
wolfSSL 15:117db924cf7c 1150 ((unsigned char*)hmac->innerHash)[j] |= hashBlock[j] & isOutBlock;
wolfSSL 15:117db924cf7c 1151 }
wolfSSL 15:117db924cf7c 1152
wolfSSL 15:117db924cf7c 1153 ret = Hmac_OuterHash(hmac, digest);
wolfSSL 15:117db924cf7c 1154
wolfSSL 15:117db924cf7c 1155 return ret;
wolfSSL 15:117db924cf7c 1156 }
wolfSSL 15:117db924cf7c 1157
wolfSSL 15:117db924cf7c 1158 #endif
wolfSSL 15:117db924cf7c 1159
wolfSSL 15:117db924cf7c 1160 #if defined(WOLFSSL_NO_HASH_RAW) || defined(HAVE_FIPS) || \
wolfSSL 15:117db924cf7c 1161 defined(HAVE_SELFTEST) || defined(HAVE_BLAKE2)
wolfSSL 15:117db924cf7c 1162
wolfSSL 15:117db924cf7c 1163 /* Calculate the HMAC of the header + message data.
wolfSSL 15:117db924cf7c 1164 * Constant time implementation using normal hashing operations.
wolfSSL 15:117db924cf7c 1165 * Update-Final need to be constant time.
wolfSSL 15:117db924cf7c 1166 *
wolfSSL 15:117db924cf7c 1167 * hmac HMAC object.
wolfSSL 15:117db924cf7c 1168 * digest MAC result.
wolfSSL 15:117db924cf7c 1169 * in Message data.
wolfSSL 15:117db924cf7c 1170 * sz Size of the message data.
wolfSSL 15:117db924cf7c 1171 * header Constructed record header with length of handshake data.
wolfSSL 15:117db924cf7c 1172 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 1173 */
wolfSSL 15:117db924cf7c 1174 static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
wolfSSL 15:117db924cf7c 1175 word32 sz, byte* header)
wolfSSL 15:117db924cf7c 1176 {
wolfSSL 15:117db924cf7c 1177 byte dummy[WC_MAX_BLOCK_SIZE] = {0};
wolfSSL 15:117db924cf7c 1178 int ret;
wolfSSL 15:117db924cf7c 1179 word32 msgSz, blockSz, macSz, padSz, maxSz, realSz;
wolfSSL 15:117db924cf7c 1180 word32 currSz, offset;
wolfSSL 15:117db924cf7c 1181 int msgBlocks, blocks, blockBits;
wolfSSL 15:117db924cf7c 1182 int i;
wolfSSL 15:117db924cf7c 1183
wolfSSL 15:117db924cf7c 1184 switch (hmac->macType) {
wolfSSL 15:117db924cf7c 1185 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 1186 case WC_SHA:
wolfSSL 15:117db924cf7c 1187 blockSz = WC_SHA_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 1188 blockBits = 6;
wolfSSL 15:117db924cf7c 1189 macSz = WC_SHA_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 1190 padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 1191 break;
wolfSSL 15:117db924cf7c 1192 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 1193
wolfSSL 15:117db924cf7c 1194 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 1195 case WC_SHA256:
wolfSSL 15:117db924cf7c 1196 blockSz = WC_SHA256_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 1197 blockBits = 6;
wolfSSL 15:117db924cf7c 1198 macSz = WC_SHA256_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 1199 padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 1200 break;
wolfSSL 15:117db924cf7c 1201 #endif /* !NO_SHA256 */
wolfSSL 15:117db924cf7c 1202
wolfSSL 15:117db924cf7c 1203 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 1204 case WC_SHA384:
wolfSSL 15:117db924cf7c 1205 blockSz = WC_SHA384_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 1206 blockBits = 7;
wolfSSL 15:117db924cf7c 1207 macSz = WC_SHA384_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 1208 padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 1209 break;
wolfSSL 15:117db924cf7c 1210 #endif /* WOLFSSL_SHA384 */
wolfSSL 15:117db924cf7c 1211
wolfSSL 15:117db924cf7c 1212 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 1213 case WC_SHA512:
wolfSSL 15:117db924cf7c 1214 blockSz = WC_SHA512_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 1215 blockBits = 7;
wolfSSL 15:117db924cf7c 1216 macSz = WC_SHA512_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 1217 padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 1218 break;
wolfSSL 15:117db924cf7c 1219 #endif /* WOLFSSL_SHA512 */
wolfSSL 15:117db924cf7c 1220
wolfSSL 15:117db924cf7c 1221 #ifdef HAVE_BLAKE2
wolfSSL 15:117db924cf7c 1222 case WC_HASH_TYPE_BLAKE2B:
wolfSSL 15:117db924cf7c 1223 blockSz = BLAKE2B_BLOCKBYTES;
wolfSSL 15:117db924cf7c 1224 blockBits = 7;
wolfSSL 15:117db924cf7c 1225 macSz = BLAKE2B_256;
wolfSSL 15:117db924cf7c 1226 padSz = 0;
wolfSSL 15:117db924cf7c 1227 break;
wolfSSL 15:117db924cf7c 1228 #endif /* HAVE_BLAK2 */
wolfSSL 15:117db924cf7c 1229
wolfSSL 15:117db924cf7c 1230 default:
wolfSSL 15:117db924cf7c 1231 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1232 }
wolfSSL 15:117db924cf7c 1233
wolfSSL 15:117db924cf7c 1234 msgSz = sz - (1 + in[sz - 1] + macSz);
wolfSSL 15:117db924cf7c 1235 /* Make negative result 0 */
wolfSSL 15:117db924cf7c 1236 msgSz &= ~(0 - (msgSz >> 31));
wolfSSL 15:117db924cf7c 1237 realSz = WOLFSSL_TLS_HMAC_INNER_SZ + msgSz;
wolfSSL 15:117db924cf7c 1238 maxSz = WOLFSSL_TLS_HMAC_INNER_SZ + (sz - 1) - macSz;
wolfSSL 15:117db924cf7c 1239
wolfSSL 15:117db924cf7c 1240 /* Calculate #blocks processed in HMAC for max and real data. */
wolfSSL 15:117db924cf7c 1241 blocks = maxSz >> blockBits;
wolfSSL 15:117db924cf7c 1242 blocks += ((maxSz + padSz) % blockSz) < padSz;
wolfSSL 15:117db924cf7c 1243 msgBlocks = realSz >> blockBits;
wolfSSL 15:117db924cf7c 1244 /* #Extra blocks to process. */
wolfSSL 15:117db924cf7c 1245 blocks -= msgBlocks + (((realSz + padSz) % blockSz) < padSz);
wolfSSL 15:117db924cf7c 1246 /* Calculate whole blocks. */
wolfSSL 15:117db924cf7c 1247 msgBlocks--;
wolfSSL 15:117db924cf7c 1248
wolfSSL 15:117db924cf7c 1249 ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
wolfSSL 15:117db924cf7c 1250 if (ret == 0) {
wolfSSL 15:117db924cf7c 1251 /* Fill the rest of the block with any available data. */
wolfSSL 15:117db924cf7c 1252 currSz = ctMaskLT(msgSz, blockSz) & msgSz;
wolfSSL 15:117db924cf7c 1253 currSz |= ctMaskGTE(msgSz, blockSz) & blockSz;
wolfSSL 15:117db924cf7c 1254 currSz -= WOLFSSL_TLS_HMAC_INNER_SZ;
wolfSSL 15:117db924cf7c 1255 currSz &= ~(0 - (currSz >> 31));
wolfSSL 15:117db924cf7c 1256 ret = wc_HmacUpdate(hmac, in, currSz);
wolfSSL 15:117db924cf7c 1257 offset = currSz;
wolfSSL 15:117db924cf7c 1258 }
wolfSSL 15:117db924cf7c 1259 if (ret == 0) {
wolfSSL 15:117db924cf7c 1260 /* Do the hash operations on a block basis. */
wolfSSL 15:117db924cf7c 1261 for (i = 0; i < msgBlocks; i++, offset += blockSz) {
wolfSSL 15:117db924cf7c 1262 ret = wc_HmacUpdate(hmac, in + offset, blockSz);
wolfSSL 15:117db924cf7c 1263 if (ret != 0)
wolfSSL 15:117db924cf7c 1264 break;
wolfSSL 15:117db924cf7c 1265 }
wolfSSL 15:117db924cf7c 1266 }
wolfSSL 15:117db924cf7c 1267 if (ret == 0)
wolfSSL 15:117db924cf7c 1268 ret = wc_HmacUpdate(hmac, in + offset, msgSz - offset);
wolfSSL 15:117db924cf7c 1269 if (ret == 0)
wolfSSL 15:117db924cf7c 1270 ret = wc_HmacFinal(hmac, digest);
wolfSSL 15:117db924cf7c 1271 if (ret == 0) {
wolfSSL 15:117db924cf7c 1272 /* Do the dummy hash operations. Do at least one. */
wolfSSL 15:117db924cf7c 1273 for (i = 0; i < blocks + 1; i++) {
wolfSSL 15:117db924cf7c 1274 ret = wc_HmacUpdate(hmac, dummy, blockSz);
wolfSSL 15:117db924cf7c 1275 if (ret != 0)
wolfSSL 15:117db924cf7c 1276 break;
wolfSSL 15:117db924cf7c 1277 }
wolfSSL 15:117db924cf7c 1278 }
wolfSSL 15:117db924cf7c 1279
wolfSSL 15:117db924cf7c 1280 return ret;
wolfSSL 15:117db924cf7c 1281 }
wolfSSL 15:117db924cf7c 1282
wolfSSL 15:117db924cf7c 1283 #endif
wolfSSL 15:117db924cf7c 1284
wolfSSL 15:117db924cf7c 1285 int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
wolfSSL 15:117db924cf7c 1286 int content, int verify)
wolfSSL 15:117db924cf7c 1287 {
wolfSSL 15:117db924cf7c 1288 Hmac hmac;
wolfSSL 15:117db924cf7c 1289 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
wolfSSL 15:117db924cf7c 1290 int ret = 0;
wolfSSL 15:117db924cf7c 1291
wolfSSL 15:117db924cf7c 1292 if (ssl == NULL)
wolfSSL 15:117db924cf7c 1293 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1294
wolfSSL 15:117db924cf7c 1295 #ifdef HAVE_FUZZER
wolfSSL 15:117db924cf7c 1296 /* Fuzz "in" buffer with sz to be used in HMAC algorithm */
wolfSSL 15:117db924cf7c 1297 if (ssl->fuzzerCb) {
wolfSSL 15:117db924cf7c 1298 if (verify && padSz >= 0) {
wolfSSL 15:117db924cf7c 1299 ssl->fuzzerCb(ssl, in, sz + ssl->specs.hash_size + padSz + 1,
wolfSSL 15:117db924cf7c 1300 FUZZ_HMAC, ssl->fuzzerCtx);
wolfSSL 15:117db924cf7c 1301 }
wolfSSL 15:117db924cf7c 1302 else {
wolfSSL 15:117db924cf7c 1303 ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
wolfSSL 15:117db924cf7c 1304 }
wolfSSL 15:117db924cf7c 1305 }
wolfSSL 15:117db924cf7c 1306 #endif
wolfSSL 15:117db924cf7c 1307
wolfSSL 15:117db924cf7c 1308 wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
wolfSSL 15:117db924cf7c 1309
wolfSSL 15:117db924cf7c 1310 ret = wc_HmacInit(&hmac, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 1311 if (ret != 0)
wolfSSL 15:117db924cf7c 1312 return ret;
wolfSSL 15:117db924cf7c 1313
wolfSSL 15:117db924cf7c 1314 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
wolfSSL 15:117db924cf7c 1315 wolfSSL_GetMacSecret(ssl, verify),
wolfSSL 15:117db924cf7c 1316 ssl->specs.hash_size);
wolfSSL 15:117db924cf7c 1317 if (ret == 0) {
wolfSSL 15:117db924cf7c 1318 /* Constant time verification required. */
wolfSSL 15:117db924cf7c 1319 if (verify && padSz >= 0) {
wolfSSL 15:117db924cf7c 1320 #if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \
wolfSSL 15:117db924cf7c 1321 !defined(HAVE_SELFTEST)
wolfSSL 15:117db924cf7c 1322 #ifdef HAVE_BLAKE2
wolfSSL 15:117db924cf7c 1323 if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) {
wolfSSL 15:117db924cf7c 1324 ret = Hmac_UpdateFinal(&hmac, digest, in, sz +
wolfSSL 15:117db924cf7c 1325 ssl->specs.hash_size + padSz + 1,
wolfSSL 15:117db924cf7c 1326 myInner);
wolfSSL 15:117db924cf7c 1327 }
wolfSSL 15:117db924cf7c 1328 else
wolfSSL 15:117db924cf7c 1329 #endif
wolfSSL 15:117db924cf7c 1330 {
wolfSSL 15:117db924cf7c 1331 ret = Hmac_UpdateFinal_CT(&hmac, digest, in, sz +
wolfSSL 15:117db924cf7c 1332 ssl->specs.hash_size + padSz + 1,
wolfSSL 15:117db924cf7c 1333 myInner);
wolfSSL 15:117db924cf7c 1334 }
wolfSSL 15:117db924cf7c 1335 #else
wolfSSL 15:117db924cf7c 1336 ret = Hmac_UpdateFinal(&hmac, digest, in, sz +
wolfSSL 15:117db924cf7c 1337 ssl->specs.hash_size + padSz + 1,
wolfSSL 15:117db924cf7c 1338 myInner);
wolfSSL 15:117db924cf7c 1339 #endif
wolfSSL 15:117db924cf7c 1340 }
wolfSSL 15:117db924cf7c 1341 else {
wolfSSL 15:117db924cf7c 1342 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
wolfSSL 15:117db924cf7c 1343 if (ret == 0)
wolfSSL 15:117db924cf7c 1344 ret = wc_HmacUpdate(&hmac, in, sz); /* content */
wolfSSL 15:117db924cf7c 1345 if (ret == 0)
wolfSSL 15:117db924cf7c 1346 ret = wc_HmacFinal(&hmac, digest);
wolfSSL 15:117db924cf7c 1347 }
wolfSSL 15:117db924cf7c 1348 }
wolfSSL 15:117db924cf7c 1349
wolfSSL 15:117db924cf7c 1350 wc_HmacFree(&hmac);
wolfSSL 15:117db924cf7c 1351
wolfSSL 15:117db924cf7c 1352 return ret;
wolfSSL 15:117db924cf7c 1353 }
wolfSSL 15:117db924cf7c 1354
wolfSSL 15:117db924cf7c 1355 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 15:117db924cf7c 1356
wolfSSL 15:117db924cf7c 1357 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 15:117db924cf7c 1358
wolfSSL 15:117db924cf7c 1359 /**
wolfSSL 15:117db924cf7c 1360 * The TLSX semaphore is used to calculate the size of the extensions to be sent
wolfSSL 15:117db924cf7c 1361 * from one peer to another.
wolfSSL 15:117db924cf7c 1362 */
wolfSSL 15:117db924cf7c 1363
wolfSSL 15:117db924cf7c 1364 /** Supports up to 64 flags. Increase as needed. */
wolfSSL 15:117db924cf7c 1365 #define SEMAPHORE_SIZE 8
wolfSSL 15:117db924cf7c 1366
wolfSSL 15:117db924cf7c 1367 /**
wolfSSL 15:117db924cf7c 1368 * Converts the extension type (id) to an index in the semaphore.
wolfSSL 15:117db924cf7c 1369 *
wolfSSL 15:117db924cf7c 1370 * Oficial reference for TLS extension types:
wolfSSL 15:117db924cf7c 1371 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
wolfSSL 15:117db924cf7c 1372 *
wolfSSL 15:117db924cf7c 1373 * Motivation:
wolfSSL 15:117db924cf7c 1374 * Previously, we used the extension type itself as the index of that
wolfSSL 15:117db924cf7c 1375 * extension in the semaphore as the extension types were declared
wolfSSL 15:117db924cf7c 1376 * sequentially, but maintain a semaphore as big as the number of available
wolfSSL 15:117db924cf7c 1377 * extensions is no longer an option since the release of renegotiation_info.
wolfSSL 15:117db924cf7c 1378 *
wolfSSL 15:117db924cf7c 1379 * How to update:
wolfSSL 15:117db924cf7c 1380 * Assign extension types that extrapolate the number of available semaphores
wolfSSL 15:117db924cf7c 1381 * to the first available index going backwards in the semaphore array.
wolfSSL 15:117db924cf7c 1382 * When adding a new extension type that don't extrapolate the number of
wolfSSL 15:117db924cf7c 1383 * available semaphores, check for a possible collision with with a
wolfSSL 15:117db924cf7c 1384 * 'remapped' extension type.
wolfSSL 15:117db924cf7c 1385 */
wolfSSL 15:117db924cf7c 1386 static WC_INLINE word16 TLSX_ToSemaphore(word16 type)
wolfSSL 15:117db924cf7c 1387 {
wolfSSL 15:117db924cf7c 1388 switch (type) {
wolfSSL 15:117db924cf7c 1389
wolfSSL 15:117db924cf7c 1390 case TLSX_RENEGOTIATION_INFO: /* 0xFF01 */
wolfSSL 15:117db924cf7c 1391 return 63;
wolfSSL 15:117db924cf7c 1392
wolfSSL 15:117db924cf7c 1393 default:
wolfSSL 15:117db924cf7c 1394 if (type > 62) {
wolfSSL 15:117db924cf7c 1395 /* This message SHOULD only happens during the adding of
wolfSSL 15:117db924cf7c 1396 new TLS extensions in which its IANA number overflows
wolfSSL 15:117db924cf7c 1397 the current semaphore's range, or if its number already
wolfSSL 15:117db924cf7c 1398 is assigned to be used by another extension.
wolfSSL 15:117db924cf7c 1399 Use this check value for the new extension and decrement
wolfSSL 15:117db924cf7c 1400 the check value by one. */
wolfSSL 15:117db924cf7c 1401 WOLFSSL_MSG("### TLSX semaphore colision or overflow detected!");
wolfSSL 15:117db924cf7c 1402 }
wolfSSL 15:117db924cf7c 1403 }
wolfSSL 15:117db924cf7c 1404
wolfSSL 15:117db924cf7c 1405 return type;
wolfSSL 15:117db924cf7c 1406 }
wolfSSL 15:117db924cf7c 1407
wolfSSL 15:117db924cf7c 1408 /** Checks if a specific light (tls extension) is not set in the semaphore. */
wolfSSL 15:117db924cf7c 1409 #define IS_OFF(semaphore, light) \
wolfSSL 15:117db924cf7c 1410 (!(((semaphore)[(light) / 8] & (byte) (0x01 << ((light) % 8)))))
wolfSSL 15:117db924cf7c 1411
wolfSSL 15:117db924cf7c 1412 /** Turn on a specific light (tls extension) in the semaphore. */
wolfSSL 15:117db924cf7c 1413 /* the semaphore marks the extensions already written to the message */
wolfSSL 15:117db924cf7c 1414 #define TURN_ON(semaphore, light) \
wolfSSL 15:117db924cf7c 1415 ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
wolfSSL 15:117db924cf7c 1416
wolfSSL 15:117db924cf7c 1417 /** Turn off a specific light (tls extension) in the semaphore. */
wolfSSL 15:117db924cf7c 1418 #define TURN_OFF(semaphore, light) \
wolfSSL 15:117db924cf7c 1419 ((semaphore)[(light) / 8] &= (byte) ~(0x01 << ((light) % 8)))
wolfSSL 15:117db924cf7c 1420
wolfSSL 15:117db924cf7c 1421 /** Creates a new extension. */
wolfSSL 15:117db924cf7c 1422 static TLSX* TLSX_New(TLSX_Type type, void* data, void* heap)
wolfSSL 15:117db924cf7c 1423 {
wolfSSL 15:117db924cf7c 1424 TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1425
wolfSSL 15:117db924cf7c 1426 (void)heap;
wolfSSL 15:117db924cf7c 1427
wolfSSL 15:117db924cf7c 1428 if (extension) {
wolfSSL 15:117db924cf7c 1429 extension->type = type;
wolfSSL 15:117db924cf7c 1430 extension->data = data;
wolfSSL 15:117db924cf7c 1431 extension->resp = 0;
wolfSSL 15:117db924cf7c 1432 extension->next = NULL;
wolfSSL 15:117db924cf7c 1433 }
wolfSSL 15:117db924cf7c 1434
wolfSSL 15:117db924cf7c 1435 return extension;
wolfSSL 15:117db924cf7c 1436 }
wolfSSL 15:117db924cf7c 1437
wolfSSL 15:117db924cf7c 1438 /**
wolfSSL 15:117db924cf7c 1439 * Creates a new extension and pushes it to the provided list.
wolfSSL 15:117db924cf7c 1440 * Checks for duplicate extensions, keeps the newest.
wolfSSL 15:117db924cf7c 1441 */
wolfSSL 15:117db924cf7c 1442 static int TLSX_Push(TLSX** list, TLSX_Type type, void* data, void* heap)
wolfSSL 15:117db924cf7c 1443 {
wolfSSL 15:117db924cf7c 1444 TLSX* extension = TLSX_New(type, data, heap);
wolfSSL 15:117db924cf7c 1445
wolfSSL 15:117db924cf7c 1446 if (extension == NULL)
wolfSSL 15:117db924cf7c 1447 return MEMORY_E;
wolfSSL 15:117db924cf7c 1448
wolfSSL 15:117db924cf7c 1449 /* pushes the new extension on the list. */
wolfSSL 15:117db924cf7c 1450 extension->next = *list;
wolfSSL 15:117db924cf7c 1451 *list = extension;
wolfSSL 15:117db924cf7c 1452
wolfSSL 15:117db924cf7c 1453 /* remove duplicate extensions, there should be only one of each type. */
wolfSSL 15:117db924cf7c 1454 do {
wolfSSL 15:117db924cf7c 1455 if (extension->next && extension->next->type == type) {
wolfSSL 15:117db924cf7c 1456 TLSX *next = extension->next;
wolfSSL 15:117db924cf7c 1457
wolfSSL 15:117db924cf7c 1458 extension->next = next->next;
wolfSSL 15:117db924cf7c 1459 next->next = NULL;
wolfSSL 15:117db924cf7c 1460
wolfSSL 15:117db924cf7c 1461 TLSX_FreeAll(next, heap);
wolfSSL 15:117db924cf7c 1462
wolfSSL 15:117db924cf7c 1463 /* there is no way to occur more than
wolfSSL 15:117db924cf7c 1464 * two extensions of the same type.
wolfSSL 15:117db924cf7c 1465 */
wolfSSL 15:117db924cf7c 1466 break;
wolfSSL 15:117db924cf7c 1467 }
wolfSSL 15:117db924cf7c 1468 } while ((extension = extension->next));
wolfSSL 15:117db924cf7c 1469
wolfSSL 15:117db924cf7c 1470 return 0;
wolfSSL 15:117db924cf7c 1471 }
wolfSSL 15:117db924cf7c 1472
wolfSSL 15:117db924cf7c 1473 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 1474
wolfSSL 15:117db924cf7c 1475 int TLSX_CheckUnsupportedExtension(WOLFSSL* ssl, TLSX_Type type);
wolfSSL 15:117db924cf7c 1476
wolfSSL 15:117db924cf7c 1477 int TLSX_CheckUnsupportedExtension(WOLFSSL* ssl, TLSX_Type type)
wolfSSL 15:117db924cf7c 1478 {
wolfSSL 15:117db924cf7c 1479 TLSX *extension = TLSX_Find(ssl->extensions, type);
wolfSSL 15:117db924cf7c 1480
wolfSSL 15:117db924cf7c 1481 if (!extension)
wolfSSL 15:117db924cf7c 1482 extension = TLSX_Find(ssl->ctx->extensions, type);
wolfSSL 15:117db924cf7c 1483
wolfSSL 15:117db924cf7c 1484 return extension == NULL;
wolfSSL 15:117db924cf7c 1485 }
wolfSSL 15:117db924cf7c 1486
wolfSSL 15:117db924cf7c 1487 int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 1488
wolfSSL 15:117db924cf7c 1489 int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 1490 {
wolfSSL 15:117db924cf7c 1491 SendAlert(ssl, alert_fatal, unsupported_extension);
wolfSSL 15:117db924cf7c 1492 return UNSUPPORTED_EXTENSION;
wolfSSL 15:117db924cf7c 1493 }
wolfSSL 15:117db924cf7c 1494
wolfSSL 15:117db924cf7c 1495 #else
wolfSSL 15:117db924cf7c 1496
wolfSSL 15:117db924cf7c 1497 #define TLSX_CheckUnsupportedExtension(ssl, type) 0
wolfSSL 15:117db924cf7c 1498 #define TLSX_HandleUnsupportedExtension(ssl) 0
wolfSSL 15:117db924cf7c 1499
wolfSSL 15:117db924cf7c 1500 #endif
wolfSSL 15:117db924cf7c 1501
wolfSSL 15:117db924cf7c 1502 /** Mark an extension to be sent back to the client. */
wolfSSL 15:117db924cf7c 1503 void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type);
wolfSSL 15:117db924cf7c 1504
wolfSSL 15:117db924cf7c 1505 void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
wolfSSL 15:117db924cf7c 1506 {
wolfSSL 15:117db924cf7c 1507 TLSX *extension = TLSX_Find(ssl->extensions, type);
wolfSSL 15:117db924cf7c 1508
wolfSSL 15:117db924cf7c 1509 if (extension)
wolfSSL 15:117db924cf7c 1510 extension->resp = 1;
wolfSSL 15:117db924cf7c 1511 }
wolfSSL 15:117db924cf7c 1512
wolfSSL 15:117db924cf7c 1513 /******************************************************************************/
wolfSSL 15:117db924cf7c 1514 /* Application-Layer Protocol Negotiation */
wolfSSL 15:117db924cf7c 1515 /******************************************************************************/
wolfSSL 15:117db924cf7c 1516
wolfSSL 15:117db924cf7c 1517 #ifdef HAVE_ALPN
wolfSSL 15:117db924cf7c 1518 /** Creates a new ALPN object, providing protocol name to use. */
wolfSSL 15:117db924cf7c 1519 static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz,
wolfSSL 15:117db924cf7c 1520 void* heap)
wolfSSL 15:117db924cf7c 1521 {
wolfSSL 15:117db924cf7c 1522 ALPN *alpn;
wolfSSL 15:117db924cf7c 1523
wolfSSL 15:117db924cf7c 1524 WOLFSSL_ENTER("TLSX_ALPN_New");
wolfSSL 15:117db924cf7c 1525
wolfSSL 15:117db924cf7c 1526 if (protocol_name == NULL ||
wolfSSL 15:117db924cf7c 1527 protocol_nameSz > WOLFSSL_MAX_ALPN_PROTO_NAME_LEN) {
wolfSSL 15:117db924cf7c 1528 WOLFSSL_MSG("Invalid arguments");
wolfSSL 15:117db924cf7c 1529 return NULL;
wolfSSL 15:117db924cf7c 1530 }
wolfSSL 15:117db924cf7c 1531
wolfSSL 15:117db924cf7c 1532 alpn = (ALPN*)XMALLOC(sizeof(ALPN), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1533 if (alpn == NULL) {
wolfSSL 15:117db924cf7c 1534 WOLFSSL_MSG("Memory failure");
wolfSSL 15:117db924cf7c 1535 return NULL;
wolfSSL 15:117db924cf7c 1536 }
wolfSSL 15:117db924cf7c 1537
wolfSSL 15:117db924cf7c 1538 alpn->next = NULL;
wolfSSL 15:117db924cf7c 1539 alpn->negotiated = 0;
wolfSSL 15:117db924cf7c 1540 alpn->options = 0;
wolfSSL 15:117db924cf7c 1541
wolfSSL 15:117db924cf7c 1542 alpn->protocol_name = (char*)XMALLOC(protocol_nameSz + 1,
wolfSSL 15:117db924cf7c 1543 heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1544 if (alpn->protocol_name == NULL) {
wolfSSL 15:117db924cf7c 1545 WOLFSSL_MSG("Memory failure");
wolfSSL 15:117db924cf7c 1546 XFREE(alpn, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1547 return NULL;
wolfSSL 15:117db924cf7c 1548 }
wolfSSL 15:117db924cf7c 1549
wolfSSL 15:117db924cf7c 1550 XMEMCPY(alpn->protocol_name, protocol_name, protocol_nameSz);
wolfSSL 15:117db924cf7c 1551 alpn->protocol_name[protocol_nameSz] = 0;
wolfSSL 15:117db924cf7c 1552
wolfSSL 15:117db924cf7c 1553 return alpn;
wolfSSL 15:117db924cf7c 1554 }
wolfSSL 15:117db924cf7c 1555
wolfSSL 15:117db924cf7c 1556 /** Releases an ALPN object. */
wolfSSL 15:117db924cf7c 1557 static void TLSX_ALPN_Free(ALPN *alpn, void* heap)
wolfSSL 15:117db924cf7c 1558 {
wolfSSL 15:117db924cf7c 1559 (void)heap;
wolfSSL 15:117db924cf7c 1560
wolfSSL 15:117db924cf7c 1561 if (alpn == NULL)
wolfSSL 15:117db924cf7c 1562 return;
wolfSSL 15:117db924cf7c 1563
wolfSSL 15:117db924cf7c 1564 XFREE(alpn->protocol_name, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1565 XFREE(alpn, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1566 }
wolfSSL 15:117db924cf7c 1567
wolfSSL 15:117db924cf7c 1568 /** Releases all ALPN objects in the provided list. */
wolfSSL 15:117db924cf7c 1569 static void TLSX_ALPN_FreeAll(ALPN *list, void* heap)
wolfSSL 15:117db924cf7c 1570 {
wolfSSL 15:117db924cf7c 1571 ALPN* alpn;
wolfSSL 15:117db924cf7c 1572
wolfSSL 15:117db924cf7c 1573 while ((alpn = list)) {
wolfSSL 15:117db924cf7c 1574 list = alpn->next;
wolfSSL 15:117db924cf7c 1575 TLSX_ALPN_Free(alpn, heap);
wolfSSL 15:117db924cf7c 1576 }
wolfSSL 15:117db924cf7c 1577 }
wolfSSL 15:117db924cf7c 1578
wolfSSL 15:117db924cf7c 1579 /** Tells the buffered size of the ALPN objects in a list. */
wolfSSL 15:117db924cf7c 1580 static word16 TLSX_ALPN_GetSize(ALPN *list)
wolfSSL 15:117db924cf7c 1581 {
wolfSSL 15:117db924cf7c 1582 ALPN* alpn;
wolfSSL 15:117db924cf7c 1583 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 15:117db924cf7c 1584
wolfSSL 15:117db924cf7c 1585 while ((alpn = list)) {
wolfSSL 15:117db924cf7c 1586 list = alpn->next;
wolfSSL 15:117db924cf7c 1587
wolfSSL 15:117db924cf7c 1588 length++; /* protocol name length is on one byte */
wolfSSL 15:117db924cf7c 1589 length += (word16)XSTRLEN(alpn->protocol_name);
wolfSSL 15:117db924cf7c 1590 }
wolfSSL 15:117db924cf7c 1591
wolfSSL 15:117db924cf7c 1592 return length;
wolfSSL 15:117db924cf7c 1593 }
wolfSSL 15:117db924cf7c 1594
wolfSSL 15:117db924cf7c 1595 /** Writes the ALPN objects of a list in a buffer. */
wolfSSL 15:117db924cf7c 1596 static word16 TLSX_ALPN_Write(ALPN *list, byte *output)
wolfSSL 15:117db924cf7c 1597 {
wolfSSL 15:117db924cf7c 1598 ALPN* alpn;
wolfSSL 15:117db924cf7c 1599 word16 length = 0;
wolfSSL 15:117db924cf7c 1600 word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL 15:117db924cf7c 1601
wolfSSL 15:117db924cf7c 1602 while ((alpn = list)) {
wolfSSL 15:117db924cf7c 1603 list = alpn->next;
wolfSSL 15:117db924cf7c 1604
wolfSSL 15:117db924cf7c 1605 length = (word16)XSTRLEN(alpn->protocol_name);
wolfSSL 15:117db924cf7c 1606
wolfSSL 15:117db924cf7c 1607 /* protocol name length */
wolfSSL 15:117db924cf7c 1608 output[offset++] = (byte)length;
wolfSSL 15:117db924cf7c 1609
wolfSSL 15:117db924cf7c 1610 /* protocol name value */
wolfSSL 15:117db924cf7c 1611 XMEMCPY(output + offset, alpn->protocol_name, length);
wolfSSL 15:117db924cf7c 1612
wolfSSL 15:117db924cf7c 1613 offset += length;
wolfSSL 15:117db924cf7c 1614 }
wolfSSL 15:117db924cf7c 1615
wolfSSL 15:117db924cf7c 1616 /* writing list length */
wolfSSL 15:117db924cf7c 1617 c16toa(offset - OPAQUE16_LEN, output);
wolfSSL 15:117db924cf7c 1618
wolfSSL 15:117db924cf7c 1619 return offset;
wolfSSL 15:117db924cf7c 1620 }
wolfSSL 15:117db924cf7c 1621
wolfSSL 15:117db924cf7c 1622 /** Finds a protocol name in the provided ALPN list */
wolfSSL 15:117db924cf7c 1623 static ALPN* TLSX_ALPN_Find(ALPN *list, char *protocol_name, word16 size)
wolfSSL 15:117db924cf7c 1624 {
wolfSSL 15:117db924cf7c 1625 ALPN *alpn;
wolfSSL 15:117db924cf7c 1626
wolfSSL 15:117db924cf7c 1627 if (list == NULL || protocol_name == NULL)
wolfSSL 15:117db924cf7c 1628 return NULL;
wolfSSL 15:117db924cf7c 1629
wolfSSL 15:117db924cf7c 1630 alpn = list;
wolfSSL 15:117db924cf7c 1631 while (alpn != NULL && (
wolfSSL 15:117db924cf7c 1632 (word16)XSTRLEN(alpn->protocol_name) != size ||
wolfSSL 15:117db924cf7c 1633 XSTRNCMP(alpn->protocol_name, protocol_name, size)))
wolfSSL 15:117db924cf7c 1634 alpn = alpn->next;
wolfSSL 15:117db924cf7c 1635
wolfSSL 15:117db924cf7c 1636 return alpn;
wolfSSL 15:117db924cf7c 1637 }
wolfSSL 15:117db924cf7c 1638
wolfSSL 15:117db924cf7c 1639 /** Set the ALPN matching client and server requirements */
wolfSSL 15:117db924cf7c 1640 static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size,
wolfSSL 15:117db924cf7c 1641 void* heap)
wolfSSL 15:117db924cf7c 1642 {
wolfSSL 15:117db924cf7c 1643 ALPN *alpn;
wolfSSL 15:117db924cf7c 1644 int ret;
wolfSSL 15:117db924cf7c 1645
wolfSSL 15:117db924cf7c 1646 if (extensions == NULL || data == NULL)
wolfSSL 15:117db924cf7c 1647 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1648
wolfSSL 15:117db924cf7c 1649 alpn = TLSX_ALPN_New((char *)data, size, heap);
wolfSSL 15:117db924cf7c 1650 if (alpn == NULL) {
wolfSSL 15:117db924cf7c 1651 WOLFSSL_MSG("Memory failure");
wolfSSL 15:117db924cf7c 1652 return MEMORY_E;
wolfSSL 15:117db924cf7c 1653 }
wolfSSL 15:117db924cf7c 1654
wolfSSL 15:117db924cf7c 1655 alpn->negotiated = 1;
wolfSSL 15:117db924cf7c 1656
wolfSSL 15:117db924cf7c 1657 ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn,
wolfSSL 15:117db924cf7c 1658 heap);
wolfSSL 15:117db924cf7c 1659 if (ret != 0) {
wolfSSL 15:117db924cf7c 1660 TLSX_ALPN_Free(alpn, heap);
wolfSSL 15:117db924cf7c 1661 return ret;
wolfSSL 15:117db924cf7c 1662 }
wolfSSL 15:117db924cf7c 1663
wolfSSL 15:117db924cf7c 1664 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1665 }
wolfSSL 15:117db924cf7c 1666
wolfSSL 15:117db924cf7c 1667 /** Parses a buffer of ALPN extensions and set the first one matching
wolfSSL 15:117db924cf7c 1668 * client and server requirements */
wolfSSL 15:117db924cf7c 1669 static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
wolfSSL 15:117db924cf7c 1670 byte isRequest)
wolfSSL 15:117db924cf7c 1671 {
wolfSSL 15:117db924cf7c 1672 word16 size = 0, offset = 0, idx = 0;
wolfSSL 15:117db924cf7c 1673 int r = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 1674 byte match = 0;
wolfSSL 15:117db924cf7c 1675 TLSX *extension;
wolfSSL 15:117db924cf7c 1676 ALPN *alpn = NULL, *list;
wolfSSL 15:117db924cf7c 1677
wolfSSL 15:117db924cf7c 1678 if (OPAQUE16_LEN > length)
wolfSSL 15:117db924cf7c 1679 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 1680
wolfSSL 15:117db924cf7c 1681 ato16(input, &size);
wolfSSL 15:117db924cf7c 1682 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 1683
wolfSSL 15:117db924cf7c 1684 extension = TLSX_Find(ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 15:117db924cf7c 1685 if (extension == NULL)
wolfSSL 15:117db924cf7c 1686 extension = TLSX_Find(ssl->ctx->extensions,
wolfSSL 15:117db924cf7c 1687 TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 15:117db924cf7c 1688
wolfSSL 15:117db924cf7c 1689 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 1690 if (ssl->alpnSelect != NULL) {
wolfSSL 15:117db924cf7c 1691 const byte* out;
wolfSSL 15:117db924cf7c 1692 unsigned char outLen;
wolfSSL 15:117db924cf7c 1693
wolfSSL 15:117db924cf7c 1694 if (ssl->alpnSelect(ssl, &out, &outLen, input + offset, size,
wolfSSL 15:117db924cf7c 1695 ssl->alpnSelectArg) == 0) {
wolfSSL 15:117db924cf7c 1696 WOLFSSL_MSG("ALPN protocol match");
wolfSSL 15:117db924cf7c 1697 if (TLSX_UseALPN(&ssl->extensions, (char*)out, outLen, 0, ssl->heap)
wolfSSL 15:117db924cf7c 1698 == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 1699 if (extension == NULL) {
wolfSSL 15:117db924cf7c 1700 extension = TLSX_Find(ssl->extensions,
wolfSSL 15:117db924cf7c 1701 TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 15:117db924cf7c 1702 }
wolfSSL 15:117db924cf7c 1703 }
wolfSSL 15:117db924cf7c 1704 }
wolfSSL 15:117db924cf7c 1705 }
wolfSSL 15:117db924cf7c 1706 #endif
wolfSSL 15:117db924cf7c 1707
wolfSSL 15:117db924cf7c 1708 if (extension == NULL || extension->data == NULL) {
wolfSSL 15:117db924cf7c 1709 return isRequest ? 0
wolfSSL 15:117db924cf7c 1710 : TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 1711 }
wolfSSL 15:117db924cf7c 1712
wolfSSL 15:117db924cf7c 1713 /* validating alpn list length */
wolfSSL 15:117db924cf7c 1714 if (length != OPAQUE16_LEN + size)
wolfSSL 15:117db924cf7c 1715 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 1716
wolfSSL 15:117db924cf7c 1717 list = (ALPN*)extension->data;
wolfSSL 15:117db924cf7c 1718
wolfSSL 15:117db924cf7c 1719 /* keep the list sent by client */
wolfSSL 15:117db924cf7c 1720 if (isRequest) {
wolfSSL 15:117db924cf7c 1721 if (ssl->alpn_client_list != NULL)
wolfSSL 15:117db924cf7c 1722 XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_ALPN);
wolfSSL 15:117db924cf7c 1723
wolfSSL 15:117db924cf7c 1724 ssl->alpn_client_list = (char *)XMALLOC(size, ssl->heap,
wolfSSL 15:117db924cf7c 1725 DYNAMIC_TYPE_ALPN);
wolfSSL 15:117db924cf7c 1726 if (ssl->alpn_client_list == NULL)
wolfSSL 15:117db924cf7c 1727 return MEMORY_ERROR;
wolfSSL 15:117db924cf7c 1728 }
wolfSSL 15:117db924cf7c 1729
wolfSSL 15:117db924cf7c 1730 for (size = 0; offset < length; offset += size) {
wolfSSL 15:117db924cf7c 1731
wolfSSL 15:117db924cf7c 1732 size = input[offset++];
wolfSSL 15:117db924cf7c 1733 if (offset + size > length)
wolfSSL 15:117db924cf7c 1734 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 1735
wolfSSL 15:117db924cf7c 1736 if (isRequest) {
wolfSSL 15:117db924cf7c 1737 XMEMCPY(ssl->alpn_client_list+idx, (char*)input + offset, size);
wolfSSL 15:117db924cf7c 1738 idx += size;
wolfSSL 15:117db924cf7c 1739 ssl->alpn_client_list[idx++] = ',';
wolfSSL 15:117db924cf7c 1740 }
wolfSSL 15:117db924cf7c 1741
wolfSSL 15:117db924cf7c 1742 if (!match) {
wolfSSL 15:117db924cf7c 1743 alpn = TLSX_ALPN_Find(list, (char*)input + offset, size);
wolfSSL 15:117db924cf7c 1744 if (alpn != NULL) {
wolfSSL 15:117db924cf7c 1745 WOLFSSL_MSG("ALPN protocol match");
wolfSSL 15:117db924cf7c 1746 match = 1;
wolfSSL 15:117db924cf7c 1747
wolfSSL 15:117db924cf7c 1748 /* skip reading other values if not required */
wolfSSL 15:117db924cf7c 1749 if (!isRequest)
wolfSSL 15:117db924cf7c 1750 break;
wolfSSL 15:117db924cf7c 1751 }
wolfSSL 15:117db924cf7c 1752 }
wolfSSL 15:117db924cf7c 1753 }
wolfSSL 15:117db924cf7c 1754
wolfSSL 15:117db924cf7c 1755 if (isRequest)
wolfSSL 15:117db924cf7c 1756 ssl->alpn_client_list[idx-1] = 0;
wolfSSL 15:117db924cf7c 1757
wolfSSL 15:117db924cf7c 1758 if (!match) {
wolfSSL 15:117db924cf7c 1759 WOLFSSL_MSG("No ALPN protocol match");
wolfSSL 15:117db924cf7c 1760
wolfSSL 15:117db924cf7c 1761 /* do nothing if no protocol match between client and server and option
wolfSSL 15:117db924cf7c 1762 is set to continue (like OpenSSL) */
wolfSSL 15:117db924cf7c 1763 if (list->options & WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) {
wolfSSL 15:117db924cf7c 1764 WOLFSSL_MSG("Continue on mismatch");
wolfSSL 15:117db924cf7c 1765 return 0;
wolfSSL 15:117db924cf7c 1766 }
wolfSSL 15:117db924cf7c 1767
wolfSSL 15:117db924cf7c 1768 SendAlert(ssl, alert_fatal, no_application_protocol);
wolfSSL 15:117db924cf7c 1769 return UNKNOWN_ALPN_PROTOCOL_NAME_E;
wolfSSL 15:117db924cf7c 1770 }
wolfSSL 15:117db924cf7c 1771
wolfSSL 15:117db924cf7c 1772 /* set the matching negotiated protocol */
wolfSSL 15:117db924cf7c 1773 r = TLSX_SetALPN(&ssl->extensions,
wolfSSL 15:117db924cf7c 1774 alpn->protocol_name,
wolfSSL 15:117db924cf7c 1775 (word16)XSTRLEN(alpn->protocol_name),
wolfSSL 15:117db924cf7c 1776 ssl->heap);
wolfSSL 15:117db924cf7c 1777 if (r != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 1778 WOLFSSL_MSG("TLSX_UseALPN failed");
wolfSSL 15:117db924cf7c 1779 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 1780 }
wolfSSL 15:117db924cf7c 1781
wolfSSL 15:117db924cf7c 1782 /* reply to ALPN extension sent from client */
wolfSSL 15:117db924cf7c 1783 if (isRequest) {
wolfSSL 15:117db924cf7c 1784 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 1785 TLSX_SetResponse(ssl, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 15:117db924cf7c 1786 #endif
wolfSSL 15:117db924cf7c 1787 }
wolfSSL 15:117db924cf7c 1788
wolfSSL 15:117db924cf7c 1789 return 0;
wolfSSL 15:117db924cf7c 1790 }
wolfSSL 15:117db924cf7c 1791
wolfSSL 15:117db924cf7c 1792 /** Add a protocol name to the list of accepted usable ones */
wolfSSL 15:117db924cf7c 1793 int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options,
wolfSSL 15:117db924cf7c 1794 void* heap)
wolfSSL 15:117db924cf7c 1795 {
wolfSSL 15:117db924cf7c 1796 ALPN *alpn;
wolfSSL 15:117db924cf7c 1797 TLSX *extension;
wolfSSL 15:117db924cf7c 1798 int ret;
wolfSSL 15:117db924cf7c 1799
wolfSSL 15:117db924cf7c 1800 if (extensions == NULL || data == NULL)
wolfSSL 15:117db924cf7c 1801 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1802
wolfSSL 15:117db924cf7c 1803 alpn = TLSX_ALPN_New((char *)data, size, heap);
wolfSSL 15:117db924cf7c 1804 if (alpn == NULL) {
wolfSSL 15:117db924cf7c 1805 WOLFSSL_MSG("Memory failure");
wolfSSL 15:117db924cf7c 1806 return MEMORY_E;
wolfSSL 15:117db924cf7c 1807 }
wolfSSL 15:117db924cf7c 1808
wolfSSL 15:117db924cf7c 1809 /* Set Options of ALPN */
wolfSSL 15:117db924cf7c 1810 alpn->options = options;
wolfSSL 15:117db924cf7c 1811
wolfSSL 15:117db924cf7c 1812 extension = TLSX_Find(*extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 15:117db924cf7c 1813 if (extension == NULL) {
wolfSSL 15:117db924cf7c 1814 ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL,
wolfSSL 15:117db924cf7c 1815 (void*)alpn, heap);
wolfSSL 15:117db924cf7c 1816 if (ret != 0) {
wolfSSL 15:117db924cf7c 1817 TLSX_ALPN_Free(alpn, heap);
wolfSSL 15:117db924cf7c 1818 return ret;
wolfSSL 15:117db924cf7c 1819 }
wolfSSL 15:117db924cf7c 1820 }
wolfSSL 15:117db924cf7c 1821 else {
wolfSSL 15:117db924cf7c 1822 /* push new ALPN object to extension data. */
wolfSSL 15:117db924cf7c 1823 alpn->next = (ALPN*)extension->data;
wolfSSL 15:117db924cf7c 1824 extension->data = (void*)alpn;
wolfSSL 15:117db924cf7c 1825 }
wolfSSL 15:117db924cf7c 1826
wolfSSL 15:117db924cf7c 1827 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1828 }
wolfSSL 15:117db924cf7c 1829
wolfSSL 15:117db924cf7c 1830 /** Get the protocol name set by the server */
wolfSSL 15:117db924cf7c 1831 int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz)
wolfSSL 15:117db924cf7c 1832 {
wolfSSL 15:117db924cf7c 1833 TLSX *extension;
wolfSSL 15:117db924cf7c 1834 ALPN *alpn;
wolfSSL 15:117db924cf7c 1835
wolfSSL 15:117db924cf7c 1836 if (extensions == NULL || data == NULL || dataSz == NULL)
wolfSSL 15:117db924cf7c 1837 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1838
wolfSSL 15:117db924cf7c 1839 extension = TLSX_Find(extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 15:117db924cf7c 1840 if (extension == NULL) {
wolfSSL 15:117db924cf7c 1841 WOLFSSL_MSG("TLS extension not found");
wolfSSL 15:117db924cf7c 1842 return WOLFSSL_ALPN_NOT_FOUND;
wolfSSL 15:117db924cf7c 1843 }
wolfSSL 15:117db924cf7c 1844
wolfSSL 15:117db924cf7c 1845 alpn = (ALPN *)extension->data;
wolfSSL 15:117db924cf7c 1846 if (alpn == NULL) {
wolfSSL 15:117db924cf7c 1847 WOLFSSL_MSG("ALPN extension not found");
wolfSSL 15:117db924cf7c 1848 *data = NULL;
wolfSSL 15:117db924cf7c 1849 *dataSz = 0;
wolfSSL 15:117db924cf7c 1850 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 1851 }
wolfSSL 15:117db924cf7c 1852
wolfSSL 15:117db924cf7c 1853 if (alpn->negotiated != 1) {
wolfSSL 15:117db924cf7c 1854
wolfSSL 15:117db924cf7c 1855 /* consider as an error */
wolfSSL 15:117db924cf7c 1856 if (alpn->options & WOLFSSL_ALPN_FAILED_ON_MISMATCH) {
wolfSSL 15:117db924cf7c 1857 WOLFSSL_MSG("No protocol match with peer -> Failed");
wolfSSL 15:117db924cf7c 1858 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 1859 }
wolfSSL 15:117db924cf7c 1860
wolfSSL 15:117db924cf7c 1861 /* continue without negotiated protocol */
wolfSSL 15:117db924cf7c 1862 WOLFSSL_MSG("No protocol match with peer -> Continue");
wolfSSL 15:117db924cf7c 1863 return WOLFSSL_ALPN_NOT_FOUND;
wolfSSL 15:117db924cf7c 1864 }
wolfSSL 15:117db924cf7c 1865
wolfSSL 15:117db924cf7c 1866 if (alpn->next != NULL) {
wolfSSL 15:117db924cf7c 1867 WOLFSSL_MSG("Only one protocol name must be accepted");
wolfSSL 15:117db924cf7c 1868 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 1869 }
wolfSSL 15:117db924cf7c 1870
wolfSSL 15:117db924cf7c 1871 *data = alpn->protocol_name;
wolfSSL 15:117db924cf7c 1872 *dataSz = (word16)XSTRLEN((char*)*data);
wolfSSL 15:117db924cf7c 1873
wolfSSL 15:117db924cf7c 1874 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1875 }
wolfSSL 15:117db924cf7c 1876
wolfSSL 15:117db924cf7c 1877 #define ALPN_FREE_ALL TLSX_ALPN_FreeAll
wolfSSL 15:117db924cf7c 1878 #define ALPN_GET_SIZE TLSX_ALPN_GetSize
wolfSSL 15:117db924cf7c 1879 #define ALPN_WRITE TLSX_ALPN_Write
wolfSSL 15:117db924cf7c 1880 #define ALPN_PARSE TLSX_ALPN_ParseAndSet
wolfSSL 15:117db924cf7c 1881
wolfSSL 15:117db924cf7c 1882 #else /* HAVE_ALPN */
wolfSSL 15:117db924cf7c 1883
wolfSSL 15:117db924cf7c 1884 #define ALPN_FREE_ALL(list, heap)
wolfSSL 15:117db924cf7c 1885 #define ALPN_GET_SIZE(list) 0
wolfSSL 15:117db924cf7c 1886 #define ALPN_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 1887 #define ALPN_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 1888
wolfSSL 15:117db924cf7c 1889 #endif /* HAVE_ALPN */
wolfSSL 15:117db924cf7c 1890
wolfSSL 15:117db924cf7c 1891 /******************************************************************************/
wolfSSL 15:117db924cf7c 1892 /* Server Name Indication */
wolfSSL 15:117db924cf7c 1893 /******************************************************************************/
wolfSSL 15:117db924cf7c 1894
wolfSSL 15:117db924cf7c 1895 #ifdef HAVE_SNI
wolfSSL 15:117db924cf7c 1896
wolfSSL 15:117db924cf7c 1897 /** Creates a new SNI object. */
wolfSSL 15:117db924cf7c 1898 static SNI* TLSX_SNI_New(byte type, const void* data, word16 size, void* heap)
wolfSSL 15:117db924cf7c 1899 {
wolfSSL 15:117db924cf7c 1900 SNI* sni = (SNI*)XMALLOC(sizeof(SNI), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1901
wolfSSL 15:117db924cf7c 1902 if (sni) {
wolfSSL 15:117db924cf7c 1903 sni->type = type;
wolfSSL 15:117db924cf7c 1904 sni->next = NULL;
wolfSSL 15:117db924cf7c 1905
wolfSSL 15:117db924cf7c 1906 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 1907 sni->options = 0;
wolfSSL 15:117db924cf7c 1908 sni->status = WOLFSSL_SNI_NO_MATCH;
wolfSSL 15:117db924cf7c 1909 #endif
wolfSSL 15:117db924cf7c 1910
wolfSSL 15:117db924cf7c 1911 switch (sni->type) {
wolfSSL 15:117db924cf7c 1912 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 15:117db924cf7c 1913 sni->data.host_name = (char*)XMALLOC(size + 1, heap,
wolfSSL 15:117db924cf7c 1914 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1915 if (sni->data.host_name) {
wolfSSL 15:117db924cf7c 1916 XSTRNCPY(sni->data.host_name, (const char*)data, size);
wolfSSL 15:117db924cf7c 1917 sni->data.host_name[size] = '\0';
wolfSSL 15:117db924cf7c 1918 } else {
wolfSSL 15:117db924cf7c 1919 XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1920 sni = NULL;
wolfSSL 15:117db924cf7c 1921 }
wolfSSL 15:117db924cf7c 1922 break;
wolfSSL 15:117db924cf7c 1923
wolfSSL 15:117db924cf7c 1924 default: /* invalid type */
wolfSSL 15:117db924cf7c 1925 XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1926 sni = NULL;
wolfSSL 15:117db924cf7c 1927 }
wolfSSL 15:117db924cf7c 1928 }
wolfSSL 15:117db924cf7c 1929
wolfSSL 15:117db924cf7c 1930 return sni;
wolfSSL 15:117db924cf7c 1931 }
wolfSSL 15:117db924cf7c 1932
wolfSSL 15:117db924cf7c 1933 /** Releases a SNI object. */
wolfSSL 15:117db924cf7c 1934 static void TLSX_SNI_Free(SNI* sni, void* heap)
wolfSSL 15:117db924cf7c 1935 {
wolfSSL 15:117db924cf7c 1936 if (sni) {
wolfSSL 15:117db924cf7c 1937 switch (sni->type) {
wolfSSL 15:117db924cf7c 1938 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 15:117db924cf7c 1939 XFREE(sni->data.host_name, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1940 break;
wolfSSL 15:117db924cf7c 1941 }
wolfSSL 15:117db924cf7c 1942
wolfSSL 15:117db924cf7c 1943 XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1944 }
wolfSSL 15:117db924cf7c 1945 (void)heap;
wolfSSL 15:117db924cf7c 1946 }
wolfSSL 15:117db924cf7c 1947
wolfSSL 15:117db924cf7c 1948 /** Releases all SNI objects in the provided list. */
wolfSSL 15:117db924cf7c 1949 static void TLSX_SNI_FreeAll(SNI* list, void* heap)
wolfSSL 15:117db924cf7c 1950 {
wolfSSL 15:117db924cf7c 1951 SNI* sni;
wolfSSL 15:117db924cf7c 1952
wolfSSL 15:117db924cf7c 1953 while ((sni = list)) {
wolfSSL 15:117db924cf7c 1954 list = sni->next;
wolfSSL 15:117db924cf7c 1955 TLSX_SNI_Free(sni, heap);
wolfSSL 15:117db924cf7c 1956 }
wolfSSL 15:117db924cf7c 1957 }
wolfSSL 15:117db924cf7c 1958
wolfSSL 15:117db924cf7c 1959 /** Tells the buffered size of the SNI objects in a list. */
wolfSSL 15:117db924cf7c 1960 static word16 TLSX_SNI_GetSize(SNI* list)
wolfSSL 15:117db924cf7c 1961 {
wolfSSL 15:117db924cf7c 1962 SNI* sni;
wolfSSL 15:117db924cf7c 1963 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 15:117db924cf7c 1964
wolfSSL 15:117db924cf7c 1965 while ((sni = list)) {
wolfSSL 15:117db924cf7c 1966 list = sni->next;
wolfSSL 15:117db924cf7c 1967
wolfSSL 15:117db924cf7c 1968 length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */
wolfSSL 15:117db924cf7c 1969
wolfSSL 15:117db924cf7c 1970 switch (sni->type) {
wolfSSL 15:117db924cf7c 1971 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 15:117db924cf7c 1972 length += (word16)XSTRLEN((char*)sni->data.host_name);
wolfSSL 15:117db924cf7c 1973 break;
wolfSSL 15:117db924cf7c 1974 }
wolfSSL 15:117db924cf7c 1975 }
wolfSSL 15:117db924cf7c 1976
wolfSSL 15:117db924cf7c 1977 return length;
wolfSSL 15:117db924cf7c 1978 }
wolfSSL 15:117db924cf7c 1979
wolfSSL 15:117db924cf7c 1980 /** Writes the SNI objects of a list in a buffer. */
wolfSSL 15:117db924cf7c 1981 static word16 TLSX_SNI_Write(SNI* list, byte* output)
wolfSSL 15:117db924cf7c 1982 {
wolfSSL 15:117db924cf7c 1983 SNI* sni;
wolfSSL 15:117db924cf7c 1984 word16 length = 0;
wolfSSL 15:117db924cf7c 1985 word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL 15:117db924cf7c 1986
wolfSSL 15:117db924cf7c 1987 while ((sni = list)) {
wolfSSL 15:117db924cf7c 1988 list = sni->next;
wolfSSL 15:117db924cf7c 1989
wolfSSL 15:117db924cf7c 1990 output[offset++] = sni->type; /* sni type */
wolfSSL 15:117db924cf7c 1991
wolfSSL 15:117db924cf7c 1992 switch (sni->type) {
wolfSSL 15:117db924cf7c 1993 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 15:117db924cf7c 1994 length = (word16)XSTRLEN((char*)sni->data.host_name);
wolfSSL 15:117db924cf7c 1995
wolfSSL 15:117db924cf7c 1996 c16toa(length, output + offset); /* sni length */
wolfSSL 15:117db924cf7c 1997 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 1998
wolfSSL 15:117db924cf7c 1999 XMEMCPY(output + offset, sni->data.host_name, length);
wolfSSL 15:117db924cf7c 2000
wolfSSL 15:117db924cf7c 2001 offset += length;
wolfSSL 15:117db924cf7c 2002 break;
wolfSSL 15:117db924cf7c 2003 }
wolfSSL 15:117db924cf7c 2004 }
wolfSSL 15:117db924cf7c 2005
wolfSSL 15:117db924cf7c 2006 c16toa(offset - OPAQUE16_LEN, output); /* writing list length */
wolfSSL 15:117db924cf7c 2007
wolfSSL 15:117db924cf7c 2008 return offset;
wolfSSL 15:117db924cf7c 2009 }
wolfSSL 15:117db924cf7c 2010
wolfSSL 15:117db924cf7c 2011 /** Finds a SNI object in the provided list. */
wolfSSL 15:117db924cf7c 2012 static SNI* TLSX_SNI_Find(SNI *list, byte type)
wolfSSL 15:117db924cf7c 2013 {
wolfSSL 15:117db924cf7c 2014 SNI* sni = list;
wolfSSL 15:117db924cf7c 2015
wolfSSL 15:117db924cf7c 2016 while (sni && sni->type != type)
wolfSSL 15:117db924cf7c 2017 sni = sni->next;
wolfSSL 15:117db924cf7c 2018
wolfSSL 15:117db924cf7c 2019 return sni;
wolfSSL 15:117db924cf7c 2020 }
wolfSSL 15:117db924cf7c 2021
wolfSSL 15:117db924cf7c 2022 /** Sets the status of a SNI object. */
wolfSSL 15:117db924cf7c 2023 static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
wolfSSL 15:117db924cf7c 2024 {
wolfSSL 15:117db924cf7c 2025 TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2026 SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL 15:117db924cf7c 2027
wolfSSL 15:117db924cf7c 2028 if (sni)
wolfSSL 15:117db924cf7c 2029 sni->status = status;
wolfSSL 15:117db924cf7c 2030 }
wolfSSL 15:117db924cf7c 2031
wolfSSL 15:117db924cf7c 2032 /** Gets the status of a SNI object. */
wolfSSL 15:117db924cf7c 2033 byte TLSX_SNI_Status(TLSX* extensions, byte type)
wolfSSL 15:117db924cf7c 2034 {
wolfSSL 15:117db924cf7c 2035 TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2036 SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL 15:117db924cf7c 2037
wolfSSL 15:117db924cf7c 2038 if (sni)
wolfSSL 15:117db924cf7c 2039 return sni->status;
wolfSSL 15:117db924cf7c 2040
wolfSSL 15:117db924cf7c 2041 return 0;
wolfSSL 15:117db924cf7c 2042 }
wolfSSL 15:117db924cf7c 2043
wolfSSL 15:117db924cf7c 2044 /** Parses a buffer of SNI extensions. */
wolfSSL 15:117db924cf7c 2045 static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 2046 byte isRequest)
wolfSSL 15:117db924cf7c 2047 {
wolfSSL 15:117db924cf7c 2048 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2049 word16 size = 0;
wolfSSL 15:117db924cf7c 2050 word16 offset = 0;
wolfSSL 15:117db924cf7c 2051 int cacheOnly = 0;
wolfSSL 15:117db924cf7c 2052 #endif
wolfSSL 15:117db924cf7c 2053
wolfSSL 15:117db924cf7c 2054 TLSX *extension = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2055
wolfSSL 15:117db924cf7c 2056 if (!extension)
wolfSSL 15:117db924cf7c 2057 extension = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2058
wolfSSL 15:117db924cf7c 2059 if (!isRequest) {
wolfSSL 15:117db924cf7c 2060 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 2061 if (!extension || !extension->data)
wolfSSL 15:117db924cf7c 2062 return TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 2063
wolfSSL 15:117db924cf7c 2064 if (length > 0)
wolfSSL 15:117db924cf7c 2065 return BUFFER_ERROR; /* SNI response MUST be empty. */
wolfSSL 15:117db924cf7c 2066
wolfSSL 15:117db924cf7c 2067 /* This call enables wolfSSL_SNI_GetRequest() to be called in the
wolfSSL 15:117db924cf7c 2068 * client side to fetch the used SNI. It will only work if the SNI
wolfSSL 15:117db924cf7c 2069 * was set at the SSL object level. Right now we only support one
wolfSSL 15:117db924cf7c 2070 * name type, WOLFSSL_SNI_HOST_NAME, but in the future, the
wolfSSL 15:117db924cf7c 2071 * inclusion of other name types will turn this method inaccurate,
wolfSSL 15:117db924cf7c 2072 * as the extension response doesn't contains information of which
wolfSSL 15:117db924cf7c 2073 * name was accepted.
wolfSSL 15:117db924cf7c 2074 */
wolfSSL 15:117db924cf7c 2075 TLSX_SNI_SetStatus(ssl->extensions, WOLFSSL_SNI_HOST_NAME,
wolfSSL 15:117db924cf7c 2076 WOLFSSL_SNI_REAL_MATCH);
wolfSSL 15:117db924cf7c 2077
wolfSSL 15:117db924cf7c 2078 return 0;
wolfSSL 15:117db924cf7c 2079 #endif
wolfSSL 15:117db924cf7c 2080 }
wolfSSL 15:117db924cf7c 2081
wolfSSL 15:117db924cf7c 2082 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2083 if (!extension || !extension->data) {
wolfSSL 15:117db924cf7c 2084 #if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 2085 /* This will keep SNI even though TLSX_UseSNI has not been called.
wolfSSL 15:117db924cf7c 2086 * Enable it so that the received sni is available to functions
wolfSSL 15:117db924cf7c 2087 * that use a custom callback when SNI is received.
wolfSSL 15:117db924cf7c 2088 */
wolfSSL 15:117db924cf7c 2089
wolfSSL 15:117db924cf7c 2090 cacheOnly = 1;
wolfSSL 15:117db924cf7c 2091 WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
wolfSSL 15:117db924cf7c 2092 #else
wolfSSL 15:117db924cf7c 2093 /* Skipping, SNI not enabled at server side. */
wolfSSL 15:117db924cf7c 2094 return 0;
wolfSSL 15:117db924cf7c 2095 #endif
wolfSSL 15:117db924cf7c 2096 }
wolfSSL 15:117db924cf7c 2097
wolfSSL 15:117db924cf7c 2098 if (OPAQUE16_LEN > length)
wolfSSL 15:117db924cf7c 2099 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2100
wolfSSL 15:117db924cf7c 2101 ato16(input, &size);
wolfSSL 15:117db924cf7c 2102 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2103
wolfSSL 15:117db924cf7c 2104 /* validating sni list length */
wolfSSL 15:117db924cf7c 2105 if (length != OPAQUE16_LEN + size)
wolfSSL 15:117db924cf7c 2106 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2107
wolfSSL 15:117db924cf7c 2108 for (size = 0; offset < length; offset += size) {
wolfSSL 15:117db924cf7c 2109 SNI *sni = NULL;
wolfSSL 15:117db924cf7c 2110 byte type = input[offset++];
wolfSSL 15:117db924cf7c 2111
wolfSSL 15:117db924cf7c 2112 if (offset + OPAQUE16_LEN > length)
wolfSSL 15:117db924cf7c 2113 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2114
wolfSSL 15:117db924cf7c 2115 ato16(input + offset, &size);
wolfSSL 15:117db924cf7c 2116 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2117
wolfSSL 15:117db924cf7c 2118 if (offset + size > length)
wolfSSL 15:117db924cf7c 2119 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2120
wolfSSL 15:117db924cf7c 2121 if (!cacheOnly && !(sni = TLSX_SNI_Find((SNI*)extension->data, type)))
wolfSSL 15:117db924cf7c 2122 continue; /* not using this type of SNI. */
wolfSSL 15:117db924cf7c 2123
wolfSSL 15:117db924cf7c 2124 switch(type) {
wolfSSL 15:117db924cf7c 2125 case WOLFSSL_SNI_HOST_NAME: {
wolfSSL 15:117db924cf7c 2126 int matchStat;
wolfSSL 15:117db924cf7c 2127 byte matched;
wolfSSL 15:117db924cf7c 2128
wolfSSL 15:117db924cf7c 2129 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 2130 /* Don't process the second ClientHello SNI extension if there
wolfSSL 15:117db924cf7c 2131 * was problems with the first.
wolfSSL 15:117db924cf7c 2132 */
wolfSSL 15:117db924cf7c 2133 if (!cacheOnly && sni->status != 0)
wolfSSL 15:117db924cf7c 2134 break;
wolfSSL 15:117db924cf7c 2135 #endif
wolfSSL 15:117db924cf7c 2136 matched = cacheOnly ||
wolfSSL 15:117db924cf7c 2137 ((XSTRLEN(sni->data.host_name) == size) &&
wolfSSL 15:117db924cf7c 2138 (XSTRNCMP(sni->data.host_name,
wolfSSL 15:117db924cf7c 2139 (const char*)input + offset, size) == 0));
wolfSSL 15:117db924cf7c 2140
wolfSSL 15:117db924cf7c 2141 if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) {
wolfSSL 15:117db924cf7c 2142 int r = TLSX_UseSNI(&ssl->extensions,
wolfSSL 15:117db924cf7c 2143 type, input + offset, size, ssl->heap);
wolfSSL 15:117db924cf7c 2144
wolfSSL 15:117db924cf7c 2145 if (r != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 2146 return r; /* throws error. */
wolfSSL 15:117db924cf7c 2147
wolfSSL 15:117db924cf7c 2148 if(cacheOnly) {
wolfSSL 15:117db924cf7c 2149 WOLFSSL_MSG("Forcing storage of SNI, Fake match");
wolfSSL 15:117db924cf7c 2150 matchStat = WOLFSSL_SNI_FORCE_KEEP;
wolfSSL 15:117db924cf7c 2151 } else if(matched) {
wolfSSL 15:117db924cf7c 2152 WOLFSSL_MSG("SNI did match!");
wolfSSL 15:117db924cf7c 2153 matchStat = WOLFSSL_SNI_REAL_MATCH;
wolfSSL 15:117db924cf7c 2154 } else {
wolfSSL 15:117db924cf7c 2155 WOLFSSL_MSG("fake SNI match from ANSWER_ON_MISMATCH");
wolfSSL 15:117db924cf7c 2156 matchStat = WOLFSSL_SNI_FAKE_MATCH;
wolfSSL 15:117db924cf7c 2157 }
wolfSSL 15:117db924cf7c 2158
wolfSSL 15:117db924cf7c 2159 TLSX_SNI_SetStatus(ssl->extensions, type, (byte)matchStat);
wolfSSL 15:117db924cf7c 2160
wolfSSL 15:117db924cf7c 2161 if(!cacheOnly)
wolfSSL 15:117db924cf7c 2162 TLSX_SetResponse(ssl, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2163
wolfSSL 15:117db924cf7c 2164 } else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
wolfSSL 15:117db924cf7c 2165 SendAlert(ssl, alert_fatal, unrecognized_name);
wolfSSL 15:117db924cf7c 2166
wolfSSL 15:117db924cf7c 2167 return UNKNOWN_SNI_HOST_NAME_E;
wolfSSL 15:117db924cf7c 2168 }
wolfSSL 15:117db924cf7c 2169 break;
wolfSSL 15:117db924cf7c 2170 }
wolfSSL 15:117db924cf7c 2171 }
wolfSSL 15:117db924cf7c 2172 }
wolfSSL 15:117db924cf7c 2173 #else
wolfSSL 15:117db924cf7c 2174 (void)input;
wolfSSL 15:117db924cf7c 2175 #endif
wolfSSL 15:117db924cf7c 2176
wolfSSL 15:117db924cf7c 2177 return 0;
wolfSSL 15:117db924cf7c 2178 }
wolfSSL 15:117db924cf7c 2179
wolfSSL 15:117db924cf7c 2180 static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
wolfSSL 15:117db924cf7c 2181 {
wolfSSL 15:117db924cf7c 2182 (void)ssl;
wolfSSL 15:117db924cf7c 2183
wolfSSL 15:117db924cf7c 2184 if (isRequest) {
wolfSSL 15:117db924cf7c 2185 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2186 TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2187 TLSX* ssl_ext = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2188 SNI* ctx_sni = ctx_ext ? (SNI*)ctx_ext->data : NULL;
wolfSSL 15:117db924cf7c 2189 SNI* ssl_sni = ssl_ext ? (SNI*)ssl_ext->data : NULL;
wolfSSL 15:117db924cf7c 2190 SNI* sni = NULL;
wolfSSL 15:117db924cf7c 2191
wolfSSL 15:117db924cf7c 2192 for (; ctx_sni; ctx_sni = ctx_sni->next) {
wolfSSL 15:117db924cf7c 2193 if (ctx_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
wolfSSL 15:117db924cf7c 2194 sni = TLSX_SNI_Find(ssl_sni, ctx_sni->type);
wolfSSL 15:117db924cf7c 2195
wolfSSL 15:117db924cf7c 2196 if (sni) {
wolfSSL 15:117db924cf7c 2197 if (sni->status != WOLFSSL_SNI_NO_MATCH)
wolfSSL 15:117db924cf7c 2198 continue;
wolfSSL 15:117db924cf7c 2199
wolfSSL 15:117db924cf7c 2200 /* if ssl level overrides ctx level, it is ok. */
wolfSSL 15:117db924cf7c 2201 if ((sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) == 0)
wolfSSL 15:117db924cf7c 2202 continue;
wolfSSL 15:117db924cf7c 2203 }
wolfSSL 15:117db924cf7c 2204
wolfSSL 15:117db924cf7c 2205 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 15:117db924cf7c 2206 return SNI_ABSENT_ERROR;
wolfSSL 15:117db924cf7c 2207 }
wolfSSL 15:117db924cf7c 2208 }
wolfSSL 15:117db924cf7c 2209
wolfSSL 15:117db924cf7c 2210 for (; ssl_sni; ssl_sni = ssl_sni->next) {
wolfSSL 15:117db924cf7c 2211 if (ssl_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
wolfSSL 15:117db924cf7c 2212 if (ssl_sni->status != WOLFSSL_SNI_NO_MATCH)
wolfSSL 15:117db924cf7c 2213 continue;
wolfSSL 15:117db924cf7c 2214
wolfSSL 15:117db924cf7c 2215 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 15:117db924cf7c 2216 return SNI_ABSENT_ERROR;
wolfSSL 15:117db924cf7c 2217 }
wolfSSL 15:117db924cf7c 2218 }
wolfSSL 15:117db924cf7c 2219 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 2220 }
wolfSSL 15:117db924cf7c 2221
wolfSSL 15:117db924cf7c 2222 return 0;
wolfSSL 15:117db924cf7c 2223 }
wolfSSL 15:117db924cf7c 2224
wolfSSL 15:117db924cf7c 2225 int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
wolfSSL 15:117db924cf7c 2226 void* heap)
wolfSSL 15:117db924cf7c 2227 {
wolfSSL 15:117db924cf7c 2228 TLSX* extension;
wolfSSL 15:117db924cf7c 2229 SNI* sni = NULL;
wolfSSL 15:117db924cf7c 2230
wolfSSL 15:117db924cf7c 2231 if (extensions == NULL || data == NULL)
wolfSSL 15:117db924cf7c 2232 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2233
wolfSSL 15:117db924cf7c 2234 if ((sni = TLSX_SNI_New(type, data, size, heap)) == NULL)
wolfSSL 15:117db924cf7c 2235 return MEMORY_E;
wolfSSL 15:117db924cf7c 2236
wolfSSL 15:117db924cf7c 2237 extension = TLSX_Find(*extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2238 if (!extension) {
wolfSSL 15:117db924cf7c 2239 int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap);
wolfSSL 15:117db924cf7c 2240
wolfSSL 15:117db924cf7c 2241 if (ret != 0) {
wolfSSL 15:117db924cf7c 2242 TLSX_SNI_Free(sni, heap);
wolfSSL 15:117db924cf7c 2243 return ret;
wolfSSL 15:117db924cf7c 2244 }
wolfSSL 15:117db924cf7c 2245 }
wolfSSL 15:117db924cf7c 2246 else {
wolfSSL 15:117db924cf7c 2247 /* push new SNI object to extension data. */
wolfSSL 15:117db924cf7c 2248 sni->next = (SNI*)extension->data;
wolfSSL 15:117db924cf7c 2249 extension->data = (void*)sni;
wolfSSL 15:117db924cf7c 2250
wolfSSL 15:117db924cf7c 2251 /* remove duplicate SNI, there should be only one of each type. */
wolfSSL 15:117db924cf7c 2252 do {
wolfSSL 15:117db924cf7c 2253 if (sni->next && sni->next->type == type) {
wolfSSL 15:117db924cf7c 2254 SNI* next = sni->next;
wolfSSL 15:117db924cf7c 2255
wolfSSL 15:117db924cf7c 2256 sni->next = next->next;
wolfSSL 15:117db924cf7c 2257 TLSX_SNI_Free(next, heap);
wolfSSL 15:117db924cf7c 2258
wolfSSL 15:117db924cf7c 2259 /* there is no way to occur more than
wolfSSL 15:117db924cf7c 2260 * two SNIs of the same type.
wolfSSL 15:117db924cf7c 2261 */
wolfSSL 15:117db924cf7c 2262 break;
wolfSSL 15:117db924cf7c 2263 }
wolfSSL 15:117db924cf7c 2264 } while ((sni = sni->next));
wolfSSL 15:117db924cf7c 2265 }
wolfSSL 15:117db924cf7c 2266
wolfSSL 15:117db924cf7c 2267 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2268 }
wolfSSL 15:117db924cf7c 2269
wolfSSL 15:117db924cf7c 2270 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2271
wolfSSL 15:117db924cf7c 2272 /** Tells the SNI requested by the client. */
wolfSSL 15:117db924cf7c 2273 word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
wolfSSL 15:117db924cf7c 2274 {
wolfSSL 15:117db924cf7c 2275 TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2276 SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL 15:117db924cf7c 2277
wolfSSL 15:117db924cf7c 2278 if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) {
wolfSSL 15:117db924cf7c 2279 switch (sni->type) {
wolfSSL 15:117db924cf7c 2280 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 15:117db924cf7c 2281 if (data) {
wolfSSL 15:117db924cf7c 2282 *data = sni->data.host_name;
wolfSSL 15:117db924cf7c 2283 return (word16)XSTRLEN((char*)*data);
wolfSSL 15:117db924cf7c 2284 }
wolfSSL 15:117db924cf7c 2285 }
wolfSSL 15:117db924cf7c 2286 }
wolfSSL 15:117db924cf7c 2287
wolfSSL 15:117db924cf7c 2288 return 0;
wolfSSL 15:117db924cf7c 2289 }
wolfSSL 15:117db924cf7c 2290
wolfSSL 15:117db924cf7c 2291 /** Sets the options for a SNI object. */
wolfSSL 15:117db924cf7c 2292 void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
wolfSSL 15:117db924cf7c 2293 {
wolfSSL 15:117db924cf7c 2294 TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2295 SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL 15:117db924cf7c 2296
wolfSSL 15:117db924cf7c 2297 if (sni)
wolfSSL 15:117db924cf7c 2298 sni->options = options;
wolfSSL 15:117db924cf7c 2299 }
wolfSSL 15:117db924cf7c 2300
wolfSSL 15:117db924cf7c 2301 /** Retrieves a SNI request from a client hello buffer. */
wolfSSL 15:117db924cf7c 2302 int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
wolfSSL 15:117db924cf7c 2303 byte type, byte* sni, word32* inOutSz)
wolfSSL 15:117db924cf7c 2304 {
wolfSSL 15:117db924cf7c 2305 word32 offset = 0;
wolfSSL 15:117db924cf7c 2306 word32 len32 = 0;
wolfSSL 15:117db924cf7c 2307 word16 len16 = 0;
wolfSSL 15:117db924cf7c 2308
wolfSSL 15:117db924cf7c 2309 if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST)
wolfSSL 15:117db924cf7c 2310 return INCOMPLETE_DATA;
wolfSSL 15:117db924cf7c 2311
wolfSSL 15:117db924cf7c 2312 /* TLS record header */
wolfSSL 15:117db924cf7c 2313 if ((enum ContentType) clientHello[offset++] != handshake) {
wolfSSL 15:117db924cf7c 2314
wolfSSL 15:117db924cf7c 2315 /* checking for SSLv2.0 client hello according to: */
wolfSSL 15:117db924cf7c 2316 /* http://tools.ietf.org/html/rfc4346#appendix-E.1 */
wolfSSL 15:117db924cf7c 2317 if ((enum HandShakeType) clientHello[++offset] == client_hello) {
wolfSSL 15:117db924cf7c 2318 offset += ENUM_LEN + VERSION_SZ; /* skip version */
wolfSSL 15:117db924cf7c 2319
wolfSSL 15:117db924cf7c 2320 ato16(clientHello + offset, &len16);
wolfSSL 15:117db924cf7c 2321 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2322
wolfSSL 15:117db924cf7c 2323 if (len16 % 3) /* cipher_spec_length must be multiple of 3 */
wolfSSL 15:117db924cf7c 2324 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2325
wolfSSL 15:117db924cf7c 2326 ato16(clientHello + offset, &len16);
wolfSSL 15:117db924cf7c 2327 /* Returning SNI_UNSUPPORTED do not increment offset here */
wolfSSL 15:117db924cf7c 2328
wolfSSL 15:117db924cf7c 2329 if (len16 != 0) /* session_id_length must be 0 */
wolfSSL 15:117db924cf7c 2330 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2331
wolfSSL 15:117db924cf7c 2332 return SNI_UNSUPPORTED;
wolfSSL 15:117db924cf7c 2333 }
wolfSSL 15:117db924cf7c 2334
wolfSSL 15:117db924cf7c 2335 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2336 }
wolfSSL 15:117db924cf7c 2337
wolfSSL 15:117db924cf7c 2338 if (clientHello[offset++] != SSLv3_MAJOR)
wolfSSL 15:117db924cf7c 2339 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2340
wolfSSL 15:117db924cf7c 2341 if (clientHello[offset++] < TLSv1_MINOR)
wolfSSL 15:117db924cf7c 2342 return SNI_UNSUPPORTED;
wolfSSL 15:117db924cf7c 2343
wolfSSL 15:117db924cf7c 2344 ato16(clientHello + offset, &len16);
wolfSSL 15:117db924cf7c 2345 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2346
wolfSSL 15:117db924cf7c 2347 if (offset + len16 > helloSz)
wolfSSL 15:117db924cf7c 2348 return INCOMPLETE_DATA;
wolfSSL 15:117db924cf7c 2349
wolfSSL 15:117db924cf7c 2350 /* Handshake header */
wolfSSL 15:117db924cf7c 2351 if ((enum HandShakeType) clientHello[offset] != client_hello)
wolfSSL 15:117db924cf7c 2352 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2353
wolfSSL 15:117db924cf7c 2354 c24to32(clientHello + offset + 1, &len32);
wolfSSL 15:117db924cf7c 2355 offset += HANDSHAKE_HEADER_SZ;
wolfSSL 15:117db924cf7c 2356
wolfSSL 15:117db924cf7c 2357 if (offset + len32 > helloSz)
wolfSSL 15:117db924cf7c 2358 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2359
wolfSSL 15:117db924cf7c 2360 /* client hello */
wolfSSL 15:117db924cf7c 2361 offset += VERSION_SZ + RAN_LEN; /* version, random */
wolfSSL 15:117db924cf7c 2362
wolfSSL 15:117db924cf7c 2363 if (helloSz < offset + clientHello[offset])
wolfSSL 15:117db924cf7c 2364 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2365
wolfSSL 15:117db924cf7c 2366 offset += ENUM_LEN + clientHello[offset]; /* skip session id */
wolfSSL 15:117db924cf7c 2367
wolfSSL 15:117db924cf7c 2368 /* cypher suites */
wolfSSL 15:117db924cf7c 2369 if (helloSz < offset + OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 2370 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2371
wolfSSL 15:117db924cf7c 2372 ato16(clientHello + offset, &len16);
wolfSSL 15:117db924cf7c 2373 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2374
wolfSSL 15:117db924cf7c 2375 if (helloSz < offset + len16)
wolfSSL 15:117db924cf7c 2376 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2377
wolfSSL 15:117db924cf7c 2378 offset += len16; /* skip cypher suites */
wolfSSL 15:117db924cf7c 2379
wolfSSL 15:117db924cf7c 2380 /* compression methods */
wolfSSL 15:117db924cf7c 2381 if (helloSz < offset + 1)
wolfSSL 15:117db924cf7c 2382 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2383
wolfSSL 15:117db924cf7c 2384 if (helloSz < offset + clientHello[offset])
wolfSSL 15:117db924cf7c 2385 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2386
wolfSSL 15:117db924cf7c 2387 offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
wolfSSL 15:117db924cf7c 2388
wolfSSL 15:117db924cf7c 2389 /* extensions */
wolfSSL 15:117db924cf7c 2390 if (helloSz < offset + OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 2391 return 0; /* no extensions in client hello. */
wolfSSL 15:117db924cf7c 2392
wolfSSL 15:117db924cf7c 2393 ato16(clientHello + offset, &len16);
wolfSSL 15:117db924cf7c 2394 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2395
wolfSSL 15:117db924cf7c 2396 if (helloSz < offset + len16)
wolfSSL 15:117db924cf7c 2397 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2398
wolfSSL 15:117db924cf7c 2399 while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) {
wolfSSL 15:117db924cf7c 2400 word16 extType;
wolfSSL 15:117db924cf7c 2401 word16 extLen;
wolfSSL 15:117db924cf7c 2402
wolfSSL 15:117db924cf7c 2403 ato16(clientHello + offset, &extType);
wolfSSL 15:117db924cf7c 2404 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2405
wolfSSL 15:117db924cf7c 2406 ato16(clientHello + offset, &extLen);
wolfSSL 15:117db924cf7c 2407 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2408
wolfSSL 15:117db924cf7c 2409 if (helloSz < offset + extLen)
wolfSSL 15:117db924cf7c 2410 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2411
wolfSSL 15:117db924cf7c 2412 if (extType != TLSX_SERVER_NAME) {
wolfSSL 15:117db924cf7c 2413 offset += extLen; /* skip extension */
wolfSSL 15:117db924cf7c 2414 } else {
wolfSSL 15:117db924cf7c 2415 word16 listLen;
wolfSSL 15:117db924cf7c 2416
wolfSSL 15:117db924cf7c 2417 ato16(clientHello + offset, &listLen);
wolfSSL 15:117db924cf7c 2418 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2419
wolfSSL 15:117db924cf7c 2420 if (helloSz < offset + listLen)
wolfSSL 15:117db924cf7c 2421 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2422
wolfSSL 15:117db924cf7c 2423 while (listLen > ENUM_LEN + OPAQUE16_LEN) {
wolfSSL 15:117db924cf7c 2424 byte sniType = clientHello[offset++];
wolfSSL 15:117db924cf7c 2425 word16 sniLen;
wolfSSL 15:117db924cf7c 2426
wolfSSL 15:117db924cf7c 2427 ato16(clientHello + offset, &sniLen);
wolfSSL 15:117db924cf7c 2428 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2429
wolfSSL 15:117db924cf7c 2430 if (helloSz < offset + sniLen)
wolfSSL 15:117db924cf7c 2431 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2432
wolfSSL 15:117db924cf7c 2433 if (sniType != type) {
wolfSSL 15:117db924cf7c 2434 offset += sniLen;
wolfSSL 15:117db924cf7c 2435 listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen);
wolfSSL 15:117db924cf7c 2436 continue;
wolfSSL 15:117db924cf7c 2437 }
wolfSSL 15:117db924cf7c 2438
wolfSSL 15:117db924cf7c 2439 *inOutSz = min(sniLen, *inOutSz);
wolfSSL 15:117db924cf7c 2440 XMEMCPY(sni, clientHello + offset, *inOutSz);
wolfSSL 15:117db924cf7c 2441
wolfSSL 15:117db924cf7c 2442 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2443 }
wolfSSL 15:117db924cf7c 2444 }
wolfSSL 15:117db924cf7c 2445
wolfSSL 15:117db924cf7c 2446 len16 -= min(2 * OPAQUE16_LEN + extLen, len16);
wolfSSL 15:117db924cf7c 2447 }
wolfSSL 15:117db924cf7c 2448
wolfSSL 15:117db924cf7c 2449 return len16 ? BUFFER_ERROR : 0;
wolfSSL 15:117db924cf7c 2450 }
wolfSSL 15:117db924cf7c 2451
wolfSSL 15:117db924cf7c 2452 #endif
wolfSSL 15:117db924cf7c 2453
wolfSSL 15:117db924cf7c 2454 #define SNI_FREE_ALL TLSX_SNI_FreeAll
wolfSSL 15:117db924cf7c 2455 #define SNI_GET_SIZE TLSX_SNI_GetSize
wolfSSL 15:117db924cf7c 2456 #define SNI_WRITE TLSX_SNI_Write
wolfSSL 15:117db924cf7c 2457 #define SNI_PARSE TLSX_SNI_Parse
wolfSSL 15:117db924cf7c 2458 #define SNI_VERIFY_PARSE TLSX_SNI_VerifyParse
wolfSSL 15:117db924cf7c 2459
wolfSSL 15:117db924cf7c 2460 #else
wolfSSL 15:117db924cf7c 2461
wolfSSL 15:117db924cf7c 2462 #define SNI_FREE_ALL(list, heap)
wolfSSL 15:117db924cf7c 2463 #define SNI_GET_SIZE(list) 0
wolfSSL 15:117db924cf7c 2464 #define SNI_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 2465 #define SNI_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 2466 #define SNI_VERIFY_PARSE(a, b) 0
wolfSSL 15:117db924cf7c 2467
wolfSSL 15:117db924cf7c 2468 #endif /* HAVE_SNI */
wolfSSL 15:117db924cf7c 2469
wolfSSL 15:117db924cf7c 2470 /******************************************************************************/
wolfSSL 15:117db924cf7c 2471 /* Max Fragment Length Negotiation */
wolfSSL 15:117db924cf7c 2472 /******************************************************************************/
wolfSSL 15:117db924cf7c 2473
wolfSSL 15:117db924cf7c 2474 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 15:117db924cf7c 2475
wolfSSL 15:117db924cf7c 2476 static word16 TLSX_MFL_Write(byte* data, byte* output)
wolfSSL 15:117db924cf7c 2477 {
wolfSSL 15:117db924cf7c 2478 output[0] = data[0];
wolfSSL 15:117db924cf7c 2479
wolfSSL 15:117db924cf7c 2480 return ENUM_LEN;
wolfSSL 15:117db924cf7c 2481 }
wolfSSL 15:117db924cf7c 2482
wolfSSL 15:117db924cf7c 2483 static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 2484 byte isRequest)
wolfSSL 15:117db924cf7c 2485 {
wolfSSL 15:117db924cf7c 2486 if (length != ENUM_LEN)
wolfSSL 15:117db924cf7c 2487 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2488
wolfSSL 15:117db924cf7c 2489 #ifdef WOLFSSL_OLD_UNSUPPORTED_EXTENSION
wolfSSL 15:117db924cf7c 2490 (void) isRequest;
wolfSSL 15:117db924cf7c 2491 #else
wolfSSL 15:117db924cf7c 2492 if (!isRequest)
wolfSSL 15:117db924cf7c 2493 if (TLSX_CheckUnsupportedExtension(ssl, TLSX_MAX_FRAGMENT_LENGTH))
wolfSSL 15:117db924cf7c 2494 return TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 2495 #endif
wolfSSL 15:117db924cf7c 2496
wolfSSL 15:117db924cf7c 2497 switch (*input) {
wolfSSL 15:117db924cf7c 2498 case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break;
wolfSSL 15:117db924cf7c 2499 case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break;
wolfSSL 15:117db924cf7c 2500 case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break;
wolfSSL 15:117db924cf7c 2501 case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break;
wolfSSL 15:117db924cf7c 2502 case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break;
wolfSSL 15:117db924cf7c 2503
wolfSSL 15:117db924cf7c 2504 default:
wolfSSL 15:117db924cf7c 2505 SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL 15:117db924cf7c 2506
wolfSSL 15:117db924cf7c 2507 return UNKNOWN_MAX_FRAG_LEN_E;
wolfSSL 15:117db924cf7c 2508 }
wolfSSL 15:117db924cf7c 2509
wolfSSL 15:117db924cf7c 2510 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2511 if (isRequest) {
wolfSSL 15:117db924cf7c 2512 int ret = TLSX_UseMaxFragment(&ssl->extensions, *input, ssl->heap);
wolfSSL 15:117db924cf7c 2513
wolfSSL 15:117db924cf7c 2514 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 2515 return ret; /* throw error */
wolfSSL 15:117db924cf7c 2516
wolfSSL 15:117db924cf7c 2517 TLSX_SetResponse(ssl, TLSX_MAX_FRAGMENT_LENGTH);
wolfSSL 15:117db924cf7c 2518 }
wolfSSL 15:117db924cf7c 2519 #endif
wolfSSL 15:117db924cf7c 2520
wolfSSL 15:117db924cf7c 2521 return 0;
wolfSSL 15:117db924cf7c 2522 }
wolfSSL 15:117db924cf7c 2523
wolfSSL 15:117db924cf7c 2524 int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap)
wolfSSL 15:117db924cf7c 2525 {
wolfSSL 15:117db924cf7c 2526 byte* data = NULL;
wolfSSL 15:117db924cf7c 2527 int ret = 0;
wolfSSL 15:117db924cf7c 2528
wolfSSL 15:117db924cf7c 2529 if (extensions == NULL || mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl)
wolfSSL 15:117db924cf7c 2530 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2531
wolfSSL 15:117db924cf7c 2532 data = (byte*)XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 2533 if (data == NULL)
wolfSSL 15:117db924cf7c 2534 return MEMORY_E;
wolfSSL 15:117db924cf7c 2535
wolfSSL 15:117db924cf7c 2536 data[0] = mfl;
wolfSSL 15:117db924cf7c 2537
wolfSSL 15:117db924cf7c 2538 ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data, heap);
wolfSSL 15:117db924cf7c 2539 if (ret != 0) {
wolfSSL 15:117db924cf7c 2540 XFREE(data, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 2541 return ret;
wolfSSL 15:117db924cf7c 2542 }
wolfSSL 15:117db924cf7c 2543
wolfSSL 15:117db924cf7c 2544 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2545 }
wolfSSL 15:117db924cf7c 2546
wolfSSL 15:117db924cf7c 2547
wolfSSL 15:117db924cf7c 2548 #define MFL_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX)
wolfSSL 15:117db924cf7c 2549 #define MFL_GET_SIZE(data) ENUM_LEN
wolfSSL 15:117db924cf7c 2550 #define MFL_WRITE TLSX_MFL_Write
wolfSSL 15:117db924cf7c 2551 #define MFL_PARSE TLSX_MFL_Parse
wolfSSL 15:117db924cf7c 2552
wolfSSL 15:117db924cf7c 2553 #else
wolfSSL 15:117db924cf7c 2554
wolfSSL 15:117db924cf7c 2555 #define MFL_FREE_ALL(a, b)
wolfSSL 15:117db924cf7c 2556 #define MFL_GET_SIZE(a) 0
wolfSSL 15:117db924cf7c 2557 #define MFL_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 2558 #define MFL_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 2559
wolfSSL 15:117db924cf7c 2560 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 15:117db924cf7c 2561
wolfSSL 15:117db924cf7c 2562 /******************************************************************************/
wolfSSL 15:117db924cf7c 2563 /* Truncated HMAC */
wolfSSL 15:117db924cf7c 2564 /******************************************************************************/
wolfSSL 15:117db924cf7c 2565
wolfSSL 15:117db924cf7c 2566 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 15:117db924cf7c 2567
wolfSSL 15:117db924cf7c 2568 static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 2569 byte isRequest)
wolfSSL 15:117db924cf7c 2570 {
wolfSSL 15:117db924cf7c 2571 if (length != 0 || input == NULL)
wolfSSL 15:117db924cf7c 2572 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2573
wolfSSL 15:117db924cf7c 2574 if (!isRequest) {
wolfSSL 15:117db924cf7c 2575 #ifndef WOLFSSL_OLD_UNSUPPORTED_EXTENSION
wolfSSL 15:117db924cf7c 2576 if (TLSX_CheckUnsupportedExtension(ssl, TLSX_TRUNCATED_HMAC))
wolfSSL 15:117db924cf7c 2577 return TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 2578 #endif
wolfSSL 15:117db924cf7c 2579 }
wolfSSL 15:117db924cf7c 2580 else {
wolfSSL 15:117db924cf7c 2581 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2582 int ret = TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap);
wolfSSL 15:117db924cf7c 2583
wolfSSL 15:117db924cf7c 2584 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 2585 return ret; /* throw error */
wolfSSL 15:117db924cf7c 2586
wolfSSL 15:117db924cf7c 2587 TLSX_SetResponse(ssl, TLSX_TRUNCATED_HMAC);
wolfSSL 15:117db924cf7c 2588 #endif
wolfSSL 15:117db924cf7c 2589 }
wolfSSL 15:117db924cf7c 2590
wolfSSL 15:117db924cf7c 2591 ssl->truncated_hmac = 1;
wolfSSL 15:117db924cf7c 2592
wolfSSL 15:117db924cf7c 2593 return 0;
wolfSSL 15:117db924cf7c 2594 }
wolfSSL 15:117db924cf7c 2595
wolfSSL 15:117db924cf7c 2596 int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap)
wolfSSL 15:117db924cf7c 2597 {
wolfSSL 15:117db924cf7c 2598 int ret = 0;
wolfSSL 15:117db924cf7c 2599
wolfSSL 15:117db924cf7c 2600 if (extensions == NULL)
wolfSSL 15:117db924cf7c 2601 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2602
wolfSSL 15:117db924cf7c 2603 ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL, heap);
wolfSSL 15:117db924cf7c 2604 if (ret != 0)
wolfSSL 15:117db924cf7c 2605 return ret;
wolfSSL 15:117db924cf7c 2606
wolfSSL 15:117db924cf7c 2607 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2608 }
wolfSSL 15:117db924cf7c 2609
wolfSSL 15:117db924cf7c 2610 #define THM_PARSE TLSX_THM_Parse
wolfSSL 15:117db924cf7c 2611
wolfSSL 15:117db924cf7c 2612 #else
wolfSSL 15:117db924cf7c 2613
wolfSSL 15:117db924cf7c 2614 #define THM_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 2615
wolfSSL 15:117db924cf7c 2616 #endif /* HAVE_TRUNCATED_HMAC */
wolfSSL 15:117db924cf7c 2617
wolfSSL 15:117db924cf7c 2618 /******************************************************************************/
wolfSSL 15:117db924cf7c 2619 /* Certificate Status Request */
wolfSSL 15:117db924cf7c 2620 /******************************************************************************/
wolfSSL 15:117db924cf7c 2621
wolfSSL 15:117db924cf7c 2622 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 15:117db924cf7c 2623
wolfSSL 15:117db924cf7c 2624 static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap)
wolfSSL 15:117db924cf7c 2625 {
wolfSSL 15:117db924cf7c 2626 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 2627 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 2628 FreeOcspRequest(&csr->request.ocsp);
wolfSSL 15:117db924cf7c 2629 break;
wolfSSL 15:117db924cf7c 2630 }
wolfSSL 15:117db924cf7c 2631
wolfSSL 15:117db924cf7c 2632 XFREE(csr, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 2633 (void)heap;
wolfSSL 15:117db924cf7c 2634 }
wolfSSL 15:117db924cf7c 2635
wolfSSL 15:117db924cf7c 2636 static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
wolfSSL 15:117db924cf7c 2637 {
wolfSSL 15:117db924cf7c 2638 word16 size = 0;
wolfSSL 15:117db924cf7c 2639
wolfSSL 15:117db924cf7c 2640 /* shut up compiler warnings */
wolfSSL 15:117db924cf7c 2641 (void) csr; (void) isRequest;
wolfSSL 15:117db924cf7c 2642
wolfSSL 15:117db924cf7c 2643 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 2644 if (isRequest) {
wolfSSL 15:117db924cf7c 2645 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 2646 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 2647 size += ENUM_LEN + 2 * OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2648
wolfSSL 15:117db924cf7c 2649 if (csr->request.ocsp.nonceSz)
wolfSSL 15:117db924cf7c 2650 size += OCSP_NONCE_EXT_SZ;
wolfSSL 15:117db924cf7c 2651 break;
wolfSSL 15:117db924cf7c 2652 }
wolfSSL 15:117db924cf7c 2653 }
wolfSSL 15:117db924cf7c 2654 #endif
wolfSSL 15:117db924cf7c 2655 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 2656 if (!isRequest && csr->ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 2657 if (csr->response.buffer == NULL) {
wolfSSL 15:117db924cf7c 2658 OcspRequest* request = &csr->request.ocsp;
wolfSSL 15:117db924cf7c 2659 int ret = CreateOcspResponse(csr->ssl, &request, &csr->response);
wolfSSL 15:117db924cf7c 2660 if (ret < 0)
wolfSSL 15:117db924cf7c 2661 return ret;
wolfSSL 15:117db924cf7c 2662 }
wolfSSL 15:117db924cf7c 2663 return OPAQUE8_LEN + OPAQUE24_LEN + csr->response.length;
wolfSSL 15:117db924cf7c 2664 }
wolfSSL 15:117db924cf7c 2665 #endif
wolfSSL 15:117db924cf7c 2666
wolfSSL 15:117db924cf7c 2667 return size;
wolfSSL 15:117db924cf7c 2668 }
wolfSSL 15:117db924cf7c 2669
wolfSSL 15:117db924cf7c 2670 static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
wolfSSL 15:117db924cf7c 2671 byte isRequest)
wolfSSL 15:117db924cf7c 2672 {
wolfSSL 15:117db924cf7c 2673 /* shut up compiler warnings */
wolfSSL 15:117db924cf7c 2674 (void) csr; (void) output; (void) isRequest;
wolfSSL 15:117db924cf7c 2675
wolfSSL 15:117db924cf7c 2676 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 2677 if (isRequest) {
wolfSSL 15:117db924cf7c 2678 word16 offset = 0;
wolfSSL 15:117db924cf7c 2679 word16 length = 0;
wolfSSL 15:117db924cf7c 2680
wolfSSL 15:117db924cf7c 2681 /* type */
wolfSSL 15:117db924cf7c 2682 output[offset++] = csr->status_type;
wolfSSL 15:117db924cf7c 2683
wolfSSL 15:117db924cf7c 2684 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 2685 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 2686 /* responder id list */
wolfSSL 15:117db924cf7c 2687 c16toa(0, output + offset);
wolfSSL 15:117db924cf7c 2688 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2689
wolfSSL 15:117db924cf7c 2690 /* request extensions */
wolfSSL 15:117db924cf7c 2691 if (csr->request.ocsp.nonceSz)
wolfSSL 15:117db924cf7c 2692 length = (word16)EncodeOcspRequestExtensions(
wolfSSL 15:117db924cf7c 2693 &csr->request.ocsp,
wolfSSL 15:117db924cf7c 2694 output + offset + OPAQUE16_LEN,
wolfSSL 15:117db924cf7c 2695 OCSP_NONCE_EXT_SZ);
wolfSSL 15:117db924cf7c 2696
wolfSSL 15:117db924cf7c 2697 c16toa(length, output + offset);
wolfSSL 15:117db924cf7c 2698 offset += OPAQUE16_LEN + length;
wolfSSL 15:117db924cf7c 2699
wolfSSL 15:117db924cf7c 2700 break;
wolfSSL 15:117db924cf7c 2701 }
wolfSSL 15:117db924cf7c 2702
wolfSSL 15:117db924cf7c 2703 return offset;
wolfSSL 15:117db924cf7c 2704 }
wolfSSL 15:117db924cf7c 2705 #endif
wolfSSL 15:117db924cf7c 2706 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 2707 if (!isRequest && csr->ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 2708 word16 offset = 0;
wolfSSL 15:117db924cf7c 2709 output[offset++] = csr->status_type;
wolfSSL 15:117db924cf7c 2710 c32to24(csr->response.length, output + offset);
wolfSSL 15:117db924cf7c 2711 offset += OPAQUE24_LEN;
wolfSSL 15:117db924cf7c 2712 XMEMCPY(output + offset, csr->response.buffer, csr->response.length);
wolfSSL 15:117db924cf7c 2713 offset += csr->response.length;
wolfSSL 15:117db924cf7c 2714 return offset;
wolfSSL 15:117db924cf7c 2715 }
wolfSSL 15:117db924cf7c 2716 #endif
wolfSSL 15:117db924cf7c 2717
wolfSSL 15:117db924cf7c 2718 return 0;
wolfSSL 15:117db924cf7c 2719 }
wolfSSL 15:117db924cf7c 2720
wolfSSL 15:117db924cf7c 2721 static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 2722 byte isRequest)
wolfSSL 15:117db924cf7c 2723 {
wolfSSL 15:117db924cf7c 2724 int ret;
wolfSSL 15:117db924cf7c 2725
wolfSSL 15:117db924cf7c 2726 /* shut up compiler warnings */
wolfSSL 15:117db924cf7c 2727 (void) ssl; (void) input;
wolfSSL 15:117db924cf7c 2728
wolfSSL 15:117db924cf7c 2729 if (!isRequest) {
wolfSSL 15:117db924cf7c 2730 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 2731 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
wolfSSL 15:117db924cf7c 2732 CertificateStatusRequest* csr = extension ?
wolfSSL 15:117db924cf7c 2733 (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 15:117db924cf7c 2734
wolfSSL 15:117db924cf7c 2735 if (!csr) {
wolfSSL 15:117db924cf7c 2736 /* look at context level */
wolfSSL 15:117db924cf7c 2737 extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST);
wolfSSL 15:117db924cf7c 2738 csr = extension ? (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 15:117db924cf7c 2739
wolfSSL 15:117db924cf7c 2740 if (!csr) /* unexpected extension */
wolfSSL 15:117db924cf7c 2741 return TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 2742
wolfSSL 15:117db924cf7c 2743 /* enable extension at ssl level */
wolfSSL 15:117db924cf7c 2744 ret = TLSX_UseCertificateStatusRequest(&ssl->extensions,
wolfSSL 15:117db924cf7c 2745 csr->status_type, csr->options, ssl,
wolfSSL 15:117db924cf7c 2746 ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 2747 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 2748 return ret;
wolfSSL 15:117db924cf7c 2749
wolfSSL 15:117db924cf7c 2750 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 2751 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 2752 /* propagate nonce */
wolfSSL 15:117db924cf7c 2753 if (csr->request.ocsp.nonceSz) {
wolfSSL 15:117db924cf7c 2754 OcspRequest* request =
wolfSSL 15:117db924cf7c 2755 (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions);
wolfSSL 15:117db924cf7c 2756
wolfSSL 15:117db924cf7c 2757 if (request) {
wolfSSL 15:117db924cf7c 2758 XMEMCPY(request->nonce, csr->request.ocsp.nonce,
wolfSSL 15:117db924cf7c 2759 csr->request.ocsp.nonceSz);
wolfSSL 15:117db924cf7c 2760 request->nonceSz = csr->request.ocsp.nonceSz;
wolfSSL 15:117db924cf7c 2761 }
wolfSSL 15:117db924cf7c 2762 }
wolfSSL 15:117db924cf7c 2763 break;
wolfSSL 15:117db924cf7c 2764 }
wolfSSL 15:117db924cf7c 2765 }
wolfSSL 15:117db924cf7c 2766
wolfSSL 15:117db924cf7c 2767 ssl->status_request = 1;
wolfSSL 15:117db924cf7c 2768
wolfSSL 15:117db924cf7c 2769 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 2770 if (ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 2771 word32 resp_length;
wolfSSL 15:117db924cf7c 2772 word32 offset = 0;
wolfSSL 15:117db924cf7c 2773 ret = 0;
wolfSSL 15:117db924cf7c 2774 if (OPAQUE8_LEN + OPAQUE24_LEN > length)
wolfSSL 15:117db924cf7c 2775 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2776 if (ret == 0 && input[offset++] != WOLFSSL_CSR_OCSP)
wolfSSL 15:117db924cf7c 2777 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 15:117db924cf7c 2778 if (ret == 0) {
wolfSSL 15:117db924cf7c 2779 c24to32(input + offset, &resp_length);
wolfSSL 15:117db924cf7c 2780 offset += OPAQUE24_LEN;
wolfSSL 15:117db924cf7c 2781 if (offset + resp_length != length)
wolfSSL 15:117db924cf7c 2782 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2783 }
wolfSSL 15:117db924cf7c 2784 if (ret == 0) {
wolfSSL 15:117db924cf7c 2785 csr->response.buffer = input + offset;
wolfSSL 15:117db924cf7c 2786 csr->response.length = resp_length;
wolfSSL 15:117db924cf7c 2787 }
wolfSSL 15:117db924cf7c 2788
wolfSSL 15:117db924cf7c 2789 return ret;
wolfSSL 15:117db924cf7c 2790 }
wolfSSL 15:117db924cf7c 2791 else
wolfSSL 15:117db924cf7c 2792 #endif
wolfSSL 15:117db924cf7c 2793 {
wolfSSL 15:117db924cf7c 2794 /* extension_data MUST be empty. */
wolfSSL 15:117db924cf7c 2795 return length ? BUFFER_ERROR : 0;
wolfSSL 15:117db924cf7c 2796 }
wolfSSL 15:117db924cf7c 2797 #endif
wolfSSL 15:117db924cf7c 2798 }
wolfSSL 15:117db924cf7c 2799 else {
wolfSSL 15:117db924cf7c 2800 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2801 byte status_type;
wolfSSL 15:117db924cf7c 2802 word16 offset = 0;
wolfSSL 15:117db924cf7c 2803 word16 size = 0;
wolfSSL 15:117db924cf7c 2804
wolfSSL 15:117db924cf7c 2805 if (length < ENUM_LEN)
wolfSSL 15:117db924cf7c 2806 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2807
wolfSSL 15:117db924cf7c 2808 status_type = input[offset++];
wolfSSL 15:117db924cf7c 2809
wolfSSL 15:117db924cf7c 2810 switch (status_type) {
wolfSSL 15:117db924cf7c 2811 case WOLFSSL_CSR_OCSP: {
wolfSSL 15:117db924cf7c 2812
wolfSSL 15:117db924cf7c 2813 /* skip responder_id_list */
wolfSSL 15:117db924cf7c 2814 if (length - offset < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 2815 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2816
wolfSSL 15:117db924cf7c 2817 ato16(input + offset, &size);
wolfSSL 15:117db924cf7c 2818 offset += OPAQUE16_LEN + size;
wolfSSL 15:117db924cf7c 2819
wolfSSL 15:117db924cf7c 2820 /* skip request_extensions */
wolfSSL 15:117db924cf7c 2821 if (length - offset < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 2822 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2823
wolfSSL 15:117db924cf7c 2824 ato16(input + offset, &size);
wolfSSL 15:117db924cf7c 2825 offset += OPAQUE16_LEN + size;
wolfSSL 15:117db924cf7c 2826
wolfSSL 15:117db924cf7c 2827 if (offset > length)
wolfSSL 15:117db924cf7c 2828 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2829
wolfSSL 15:117db924cf7c 2830 /* is able to send OCSP response? */
wolfSSL 15:117db924cf7c 2831 if (ssl->ctx->cm == NULL || !ssl->ctx->cm->ocspStaplingEnabled)
wolfSSL 15:117db924cf7c 2832 return 0;
wolfSSL 15:117db924cf7c 2833 }
wolfSSL 15:117db924cf7c 2834 break;
wolfSSL 15:117db924cf7c 2835
wolfSSL 15:117db924cf7c 2836 /* unknown status type */
wolfSSL 15:117db924cf7c 2837 default:
wolfSSL 15:117db924cf7c 2838 return 0;
wolfSSL 15:117db924cf7c 2839 }
wolfSSL 15:117db924cf7c 2840
wolfSSL 15:117db924cf7c 2841 /* if using status_request and already sending it, skip this one */
wolfSSL 15:117db924cf7c 2842 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 15:117db924cf7c 2843 if (ssl->status_request_v2)
wolfSSL 15:117db924cf7c 2844 return 0;
wolfSSL 15:117db924cf7c 2845 #endif
wolfSSL 15:117db924cf7c 2846
wolfSSL 15:117db924cf7c 2847 /* accept the first good status_type and return */
wolfSSL 15:117db924cf7c 2848 ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type,
wolfSSL 15:117db924cf7c 2849 0, ssl, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 2850 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 2851 return ret; /* throw error */
wolfSSL 15:117db924cf7c 2852
wolfSSL 15:117db924cf7c 2853 TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST);
wolfSSL 15:117db924cf7c 2854 ssl->status_request = status_type;
wolfSSL 15:117db924cf7c 2855 #endif
wolfSSL 15:117db924cf7c 2856 }
wolfSSL 15:117db924cf7c 2857
wolfSSL 15:117db924cf7c 2858 return 0;
wolfSSL 15:117db924cf7c 2859 }
wolfSSL 15:117db924cf7c 2860
wolfSSL 15:117db924cf7c 2861 int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
wolfSSL 15:117db924cf7c 2862 {
wolfSSL 15:117db924cf7c 2863 TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
wolfSSL 15:117db924cf7c 2864 CertificateStatusRequest* csr = extension ?
wolfSSL 15:117db924cf7c 2865 (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 15:117db924cf7c 2866 int ret = 0;
wolfSSL 15:117db924cf7c 2867
wolfSSL 15:117db924cf7c 2868 if (csr) {
wolfSSL 15:117db924cf7c 2869 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 2870 case WOLFSSL_CSR_OCSP: {
wolfSSL 15:117db924cf7c 2871 byte nonce[MAX_OCSP_NONCE_SZ];
wolfSSL 15:117db924cf7c 2872 int nonceSz = csr->request.ocsp.nonceSz;
wolfSSL 15:117db924cf7c 2873
wolfSSL 15:117db924cf7c 2874 /* preserve nonce */
wolfSSL 15:117db924cf7c 2875 XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz);
wolfSSL 15:117db924cf7c 2876
wolfSSL 15:117db924cf7c 2877 if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap))
wolfSSL 15:117db924cf7c 2878 != 0)
wolfSSL 15:117db924cf7c 2879 return ret;
wolfSSL 15:117db924cf7c 2880
wolfSSL 15:117db924cf7c 2881 /* restore nonce */
wolfSSL 15:117db924cf7c 2882 XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz);
wolfSSL 15:117db924cf7c 2883 csr->request.ocsp.nonceSz = nonceSz;
wolfSSL 15:117db924cf7c 2884 }
wolfSSL 15:117db924cf7c 2885 break;
wolfSSL 15:117db924cf7c 2886 }
wolfSSL 15:117db924cf7c 2887 }
wolfSSL 15:117db924cf7c 2888
wolfSSL 15:117db924cf7c 2889 return ret;
wolfSSL 15:117db924cf7c 2890 }
wolfSSL 15:117db924cf7c 2891
wolfSSL 15:117db924cf7c 2892 void* TLSX_CSR_GetRequest(TLSX* extensions)
wolfSSL 15:117db924cf7c 2893 {
wolfSSL 15:117db924cf7c 2894 TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
wolfSSL 15:117db924cf7c 2895 CertificateStatusRequest* csr = extension ?
wolfSSL 15:117db924cf7c 2896 (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 15:117db924cf7c 2897
wolfSSL 15:117db924cf7c 2898 if (csr) {
wolfSSL 15:117db924cf7c 2899 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 2900 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 2901 return &csr->request.ocsp;
wolfSSL 15:117db924cf7c 2902 break;
wolfSSL 15:117db924cf7c 2903 }
wolfSSL 15:117db924cf7c 2904 }
wolfSSL 15:117db924cf7c 2905
wolfSSL 15:117db924cf7c 2906 return NULL;
wolfSSL 15:117db924cf7c 2907 }
wolfSSL 15:117db924cf7c 2908
wolfSSL 15:117db924cf7c 2909 int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 2910 {
wolfSSL 15:117db924cf7c 2911 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
wolfSSL 15:117db924cf7c 2912 CertificateStatusRequest* csr = extension ?
wolfSSL 15:117db924cf7c 2913 (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 15:117db924cf7c 2914
wolfSSL 15:117db924cf7c 2915 if (csr) {
wolfSSL 15:117db924cf7c 2916 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 2917 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 2918 if (ssl->ctx->cm->ocspEnabled) {
wolfSSL 15:117db924cf7c 2919 csr->request.ocsp.ssl = ssl;
wolfSSL 15:117db924cf7c 2920 return CheckOcspRequest(ssl->ctx->cm->ocsp,
wolfSSL 15:117db924cf7c 2921 &csr->request.ocsp, NULL);
wolfSSL 15:117db924cf7c 2922 }
wolfSSL 15:117db924cf7c 2923 else
wolfSSL 15:117db924cf7c 2924 return OCSP_LOOKUP_FAIL;
wolfSSL 15:117db924cf7c 2925 }
wolfSSL 15:117db924cf7c 2926 }
wolfSSL 15:117db924cf7c 2927
wolfSSL 15:117db924cf7c 2928 return 0;
wolfSSL 15:117db924cf7c 2929 }
wolfSSL 15:117db924cf7c 2930
wolfSSL 15:117db924cf7c 2931 int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
wolfSSL 15:117db924cf7c 2932 byte options, WOLFSSL* ssl, void* heap,
wolfSSL 15:117db924cf7c 2933 int devId)
wolfSSL 15:117db924cf7c 2934 {
wolfSSL 15:117db924cf7c 2935 CertificateStatusRequest* csr = NULL;
wolfSSL 15:117db924cf7c 2936 int ret = 0;
wolfSSL 15:117db924cf7c 2937
wolfSSL 15:117db924cf7c 2938 if (!extensions || status_type != WOLFSSL_CSR_OCSP)
wolfSSL 15:117db924cf7c 2939 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2940
wolfSSL 15:117db924cf7c 2941 csr = (CertificateStatusRequest*)
wolfSSL 15:117db924cf7c 2942 XMALLOC(sizeof(CertificateStatusRequest), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 2943 if (!csr)
wolfSSL 15:117db924cf7c 2944 return MEMORY_E;
wolfSSL 15:117db924cf7c 2945
wolfSSL 15:117db924cf7c 2946 ForceZero(csr, sizeof(CertificateStatusRequest));
wolfSSL 15:117db924cf7c 2947
wolfSSL 15:117db924cf7c 2948 csr->status_type = status_type;
wolfSSL 15:117db924cf7c 2949 csr->options = options;
wolfSSL 15:117db924cf7c 2950 csr->ssl = ssl;
wolfSSL 15:117db924cf7c 2951
wolfSSL 15:117db924cf7c 2952 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 2953 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 2954 if (options & WOLFSSL_CSR_OCSP_USE_NONCE) {
wolfSSL 15:117db924cf7c 2955 WC_RNG rng;
wolfSSL 15:117db924cf7c 2956
wolfSSL 15:117db924cf7c 2957 #ifndef HAVE_FIPS
wolfSSL 15:117db924cf7c 2958 ret = wc_InitRng_ex(&rng, heap, devId);
wolfSSL 15:117db924cf7c 2959 #else
wolfSSL 15:117db924cf7c 2960 ret = wc_InitRng(&rng);
wolfSSL 15:117db924cf7c 2961 (void)devId;
wolfSSL 15:117db924cf7c 2962 #endif
wolfSSL 15:117db924cf7c 2963 if (ret == 0) {
wolfSSL 15:117db924cf7c 2964 if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce,
wolfSSL 15:117db924cf7c 2965 MAX_OCSP_NONCE_SZ) == 0)
wolfSSL 15:117db924cf7c 2966 csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ;
wolfSSL 15:117db924cf7c 2967
wolfSSL 15:117db924cf7c 2968 wc_FreeRng(&rng);
wolfSSL 15:117db924cf7c 2969 }
wolfSSL 15:117db924cf7c 2970 }
wolfSSL 15:117db924cf7c 2971 break;
wolfSSL 15:117db924cf7c 2972 }
wolfSSL 15:117db924cf7c 2973
wolfSSL 15:117db924cf7c 2974 if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST, csr, heap)) != 0) {
wolfSSL 15:117db924cf7c 2975 XFREE(csr, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 2976 return ret;
wolfSSL 15:117db924cf7c 2977 }
wolfSSL 15:117db924cf7c 2978
wolfSSL 15:117db924cf7c 2979 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2980 }
wolfSSL 15:117db924cf7c 2981
wolfSSL 15:117db924cf7c 2982 #define CSR_FREE_ALL TLSX_CSR_Free
wolfSSL 15:117db924cf7c 2983 #define CSR_GET_SIZE TLSX_CSR_GetSize
wolfSSL 15:117db924cf7c 2984 #define CSR_WRITE TLSX_CSR_Write
wolfSSL 15:117db924cf7c 2985 #define CSR_PARSE TLSX_CSR_Parse
wolfSSL 15:117db924cf7c 2986
wolfSSL 15:117db924cf7c 2987 #else
wolfSSL 15:117db924cf7c 2988
wolfSSL 15:117db924cf7c 2989 #define CSR_FREE_ALL(data, heap)
wolfSSL 15:117db924cf7c 2990 #define CSR_GET_SIZE(a, b) 0
wolfSSL 15:117db924cf7c 2991 #define CSR_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 2992 #define CSR_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 2993
wolfSSL 15:117db924cf7c 2994 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL 15:117db924cf7c 2995
wolfSSL 15:117db924cf7c 2996 /******************************************************************************/
wolfSSL 15:117db924cf7c 2997 /* Certificate Status Request v2 */
wolfSSL 15:117db924cf7c 2998 /******************************************************************************/
wolfSSL 15:117db924cf7c 2999
wolfSSL 15:117db924cf7c 3000 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 15:117db924cf7c 3001
wolfSSL 15:117db924cf7c 3002 static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2, void* heap)
wolfSSL 15:117db924cf7c 3003 {
wolfSSL 15:117db924cf7c 3004 CertificateStatusRequestItemV2* next;
wolfSSL 15:117db924cf7c 3005
wolfSSL 15:117db924cf7c 3006 for (; csr2; csr2 = next) {
wolfSSL 15:117db924cf7c 3007 next = csr2->next;
wolfSSL 15:117db924cf7c 3008
wolfSSL 15:117db924cf7c 3009 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3010 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3011 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3012 while(csr2->requests--)
wolfSSL 15:117db924cf7c 3013 FreeOcspRequest(&csr2->request.ocsp[csr2->requests]);
wolfSSL 15:117db924cf7c 3014 break;
wolfSSL 15:117db924cf7c 3015 }
wolfSSL 15:117db924cf7c 3016
wolfSSL 15:117db924cf7c 3017 XFREE(csr2, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3018 }
wolfSSL 15:117db924cf7c 3019 (void)heap;
wolfSSL 15:117db924cf7c 3020 }
wolfSSL 15:117db924cf7c 3021
wolfSSL 15:117db924cf7c 3022 static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2,
wolfSSL 15:117db924cf7c 3023 byte isRequest)
wolfSSL 15:117db924cf7c 3024 {
wolfSSL 15:117db924cf7c 3025 word16 size = 0;
wolfSSL 15:117db924cf7c 3026
wolfSSL 15:117db924cf7c 3027 /* shut up compiler warnings */
wolfSSL 15:117db924cf7c 3028 (void) csr2; (void) isRequest;
wolfSSL 15:117db924cf7c 3029
wolfSSL 15:117db924cf7c 3030 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 3031 if (isRequest) {
wolfSSL 15:117db924cf7c 3032 CertificateStatusRequestItemV2* next;
wolfSSL 15:117db924cf7c 3033
wolfSSL 15:117db924cf7c 3034 for (size = OPAQUE16_LEN; csr2; csr2 = next) {
wolfSSL 15:117db924cf7c 3035 next = csr2->next;
wolfSSL 15:117db924cf7c 3036
wolfSSL 15:117db924cf7c 3037 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3038 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3039 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3040 size += ENUM_LEN + 3 * OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3041
wolfSSL 15:117db924cf7c 3042 if (csr2->request.ocsp[0].nonceSz)
wolfSSL 15:117db924cf7c 3043 size += OCSP_NONCE_EXT_SZ;
wolfSSL 15:117db924cf7c 3044 break;
wolfSSL 15:117db924cf7c 3045 }
wolfSSL 15:117db924cf7c 3046 }
wolfSSL 15:117db924cf7c 3047 }
wolfSSL 15:117db924cf7c 3048 #endif
wolfSSL 15:117db924cf7c 3049
wolfSSL 15:117db924cf7c 3050 return size;
wolfSSL 15:117db924cf7c 3051 }
wolfSSL 15:117db924cf7c 3052
wolfSSL 15:117db924cf7c 3053 static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
wolfSSL 15:117db924cf7c 3054 byte* output, byte isRequest)
wolfSSL 15:117db924cf7c 3055 {
wolfSSL 15:117db924cf7c 3056 /* shut up compiler warnings */
wolfSSL 15:117db924cf7c 3057 (void) csr2; (void) output; (void) isRequest;
wolfSSL 15:117db924cf7c 3058
wolfSSL 15:117db924cf7c 3059 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 3060 if (isRequest) {
wolfSSL 15:117db924cf7c 3061 word16 offset;
wolfSSL 15:117db924cf7c 3062 word16 length;
wolfSSL 15:117db924cf7c 3063
wolfSSL 15:117db924cf7c 3064 for (offset = OPAQUE16_LEN; csr2 != NULL; csr2 = csr2->next) {
wolfSSL 15:117db924cf7c 3065 /* status_type */
wolfSSL 15:117db924cf7c 3066 output[offset++] = csr2->status_type;
wolfSSL 15:117db924cf7c 3067
wolfSSL 15:117db924cf7c 3068 /* request */
wolfSSL 15:117db924cf7c 3069 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3070 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3071 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3072 /* request_length */
wolfSSL 15:117db924cf7c 3073 length = 2 * OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3074
wolfSSL 15:117db924cf7c 3075 if (csr2->request.ocsp[0].nonceSz)
wolfSSL 15:117db924cf7c 3076 length += OCSP_NONCE_EXT_SZ;
wolfSSL 15:117db924cf7c 3077
wolfSSL 15:117db924cf7c 3078 c16toa(length, output + offset);
wolfSSL 15:117db924cf7c 3079 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3080
wolfSSL 15:117db924cf7c 3081 /* responder id list */
wolfSSL 15:117db924cf7c 3082 c16toa(0, output + offset);
wolfSSL 15:117db924cf7c 3083 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3084
wolfSSL 15:117db924cf7c 3085 /* request extensions */
wolfSSL 15:117db924cf7c 3086 length = 0;
wolfSSL 15:117db924cf7c 3087
wolfSSL 15:117db924cf7c 3088 if (csr2->request.ocsp[0].nonceSz)
wolfSSL 15:117db924cf7c 3089 length = (word16)EncodeOcspRequestExtensions(
wolfSSL 15:117db924cf7c 3090 &csr2->request.ocsp[0],
wolfSSL 15:117db924cf7c 3091 output + offset + OPAQUE16_LEN,
wolfSSL 15:117db924cf7c 3092 OCSP_NONCE_EXT_SZ);
wolfSSL 15:117db924cf7c 3093
wolfSSL 15:117db924cf7c 3094 c16toa(length, output + offset);
wolfSSL 15:117db924cf7c 3095 offset += OPAQUE16_LEN + length;
wolfSSL 15:117db924cf7c 3096 break;
wolfSSL 15:117db924cf7c 3097 }
wolfSSL 15:117db924cf7c 3098 }
wolfSSL 15:117db924cf7c 3099
wolfSSL 15:117db924cf7c 3100 /* list size */
wolfSSL 15:117db924cf7c 3101 c16toa(offset - OPAQUE16_LEN, output);
wolfSSL 15:117db924cf7c 3102
wolfSSL 15:117db924cf7c 3103 return offset;
wolfSSL 15:117db924cf7c 3104 }
wolfSSL 15:117db924cf7c 3105 #endif
wolfSSL 15:117db924cf7c 3106
wolfSSL 15:117db924cf7c 3107 return 0;
wolfSSL 15:117db924cf7c 3108 }
wolfSSL 15:117db924cf7c 3109
wolfSSL 15:117db924cf7c 3110 static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 3111 byte isRequest)
wolfSSL 15:117db924cf7c 3112 {
wolfSSL 15:117db924cf7c 3113 int ret;
wolfSSL 15:117db924cf7c 3114
wolfSSL 15:117db924cf7c 3115 /* shut up compiler warnings */
wolfSSL 15:117db924cf7c 3116 (void) ssl; (void) input;
wolfSSL 15:117db924cf7c 3117
wolfSSL 15:117db924cf7c 3118 if (!isRequest) {
wolfSSL 15:117db924cf7c 3119 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 3120 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 15:117db924cf7c 3121 CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL 15:117db924cf7c 3122 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 15:117db924cf7c 3123
wolfSSL 15:117db924cf7c 3124 if (!csr2) {
wolfSSL 15:117db924cf7c 3125 /* look at context level */
wolfSSL 15:117db924cf7c 3126 extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 15:117db924cf7c 3127 csr2 = extension ?
wolfSSL 15:117db924cf7c 3128 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 15:117db924cf7c 3129
wolfSSL 15:117db924cf7c 3130 if (!csr2) /* unexpected extension */
wolfSSL 15:117db924cf7c 3131 return TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 3132
wolfSSL 15:117db924cf7c 3133 /* enable extension at ssl level */
wolfSSL 15:117db924cf7c 3134 for (; csr2; csr2 = csr2->next) {
wolfSSL 15:117db924cf7c 3135 ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions,
wolfSSL 15:117db924cf7c 3136 csr2->status_type, csr2->options, ssl->heap,
wolfSSL 15:117db924cf7c 3137 ssl->devId);
wolfSSL 15:117db924cf7c 3138 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 3139 return ret;
wolfSSL 15:117db924cf7c 3140
wolfSSL 15:117db924cf7c 3141 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3142 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3143 /* followed by */
wolfSSL 15:117db924cf7c 3144 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3145 /* propagate nonce */
wolfSSL 15:117db924cf7c 3146 if (csr2->request.ocsp[0].nonceSz) {
wolfSSL 15:117db924cf7c 3147 OcspRequest* request =
wolfSSL 15:117db924cf7c 3148 (OcspRequest*)TLSX_CSR2_GetRequest(ssl->extensions,
wolfSSL 15:117db924cf7c 3149 csr2->status_type, 0);
wolfSSL 15:117db924cf7c 3150
wolfSSL 15:117db924cf7c 3151 if (request) {
wolfSSL 15:117db924cf7c 3152 XMEMCPY(request->nonce,
wolfSSL 15:117db924cf7c 3153 csr2->request.ocsp[0].nonce,
wolfSSL 15:117db924cf7c 3154 csr2->request.ocsp[0].nonceSz);
wolfSSL 15:117db924cf7c 3155
wolfSSL 15:117db924cf7c 3156 request->nonceSz =
wolfSSL 15:117db924cf7c 3157 csr2->request.ocsp[0].nonceSz;
wolfSSL 15:117db924cf7c 3158 }
wolfSSL 15:117db924cf7c 3159 }
wolfSSL 15:117db924cf7c 3160 break;
wolfSSL 15:117db924cf7c 3161 }
wolfSSL 15:117db924cf7c 3162 }
wolfSSL 15:117db924cf7c 3163 }
wolfSSL 15:117db924cf7c 3164
wolfSSL 15:117db924cf7c 3165 ssl->status_request_v2 = 1;
wolfSSL 15:117db924cf7c 3166
wolfSSL 15:117db924cf7c 3167 return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */
wolfSSL 15:117db924cf7c 3168 #endif
wolfSSL 15:117db924cf7c 3169 }
wolfSSL 15:117db924cf7c 3170 else {
wolfSSL 15:117db924cf7c 3171 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 3172 byte status_type;
wolfSSL 15:117db924cf7c 3173 word16 request_length;
wolfSSL 15:117db924cf7c 3174 word16 offset = 0;
wolfSSL 15:117db924cf7c 3175 word16 size = 0;
wolfSSL 15:117db924cf7c 3176
wolfSSL 15:117db924cf7c 3177 /* list size */
wolfSSL 15:117db924cf7c 3178 if (offset + OPAQUE16_LEN >= length) {
wolfSSL 15:117db924cf7c 3179 return BUFFER_E;
wolfSSL 15:117db924cf7c 3180 }
wolfSSL 15:117db924cf7c 3181
wolfSSL 15:117db924cf7c 3182 ato16(input + offset, &request_length);
wolfSSL 15:117db924cf7c 3183 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3184
wolfSSL 15:117db924cf7c 3185 if (length - OPAQUE16_LEN != request_length)
wolfSSL 15:117db924cf7c 3186 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3187
wolfSSL 15:117db924cf7c 3188 while (length > offset) {
wolfSSL 15:117db924cf7c 3189 if (length - offset < ENUM_LEN + OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 3190 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3191
wolfSSL 15:117db924cf7c 3192 status_type = input[offset++];
wolfSSL 15:117db924cf7c 3193
wolfSSL 15:117db924cf7c 3194 ato16(input + offset, &request_length);
wolfSSL 15:117db924cf7c 3195 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3196
wolfSSL 15:117db924cf7c 3197 if (length - offset < request_length)
wolfSSL 15:117db924cf7c 3198 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3199
wolfSSL 15:117db924cf7c 3200 switch (status_type) {
wolfSSL 15:117db924cf7c 3201 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3202 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3203 /* skip responder_id_list */
wolfSSL 15:117db924cf7c 3204 if (length - offset < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 3205 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3206
wolfSSL 15:117db924cf7c 3207 ato16(input + offset, &size);
wolfSSL 15:117db924cf7c 3208 offset += OPAQUE16_LEN + size;
wolfSSL 15:117db924cf7c 3209
wolfSSL 15:117db924cf7c 3210 /* skip request_extensions */
wolfSSL 15:117db924cf7c 3211 if (length - offset < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 3212 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3213
wolfSSL 15:117db924cf7c 3214 ato16(input + offset, &size);
wolfSSL 15:117db924cf7c 3215 offset += OPAQUE16_LEN + size;
wolfSSL 15:117db924cf7c 3216
wolfSSL 15:117db924cf7c 3217 if (offset > length)
wolfSSL 15:117db924cf7c 3218 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3219
wolfSSL 15:117db924cf7c 3220 /* is able to send OCSP response? */
wolfSSL 15:117db924cf7c 3221 if (ssl->ctx->cm == NULL
wolfSSL 15:117db924cf7c 3222 || !ssl->ctx->cm->ocspStaplingEnabled)
wolfSSL 15:117db924cf7c 3223 continue;
wolfSSL 15:117db924cf7c 3224 break;
wolfSSL 15:117db924cf7c 3225
wolfSSL 15:117db924cf7c 3226 default:
wolfSSL 15:117db924cf7c 3227 /* unknown status type, skipping! */
wolfSSL 15:117db924cf7c 3228 offset += request_length;
wolfSSL 15:117db924cf7c 3229 continue;
wolfSSL 15:117db924cf7c 3230 }
wolfSSL 15:117db924cf7c 3231
wolfSSL 15:117db924cf7c 3232 /* if using status_request and already sending it, skip this one */
wolfSSL 15:117db924cf7c 3233 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 15:117db924cf7c 3234 if (ssl->status_request)
wolfSSL 15:117db924cf7c 3235 return 0;
wolfSSL 15:117db924cf7c 3236 #endif
wolfSSL 15:117db924cf7c 3237
wolfSSL 15:117db924cf7c 3238 /* accept the first good status_type and return */
wolfSSL 15:117db924cf7c 3239 ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions,
wolfSSL 15:117db924cf7c 3240 status_type, 0, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 3241 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 3242 return ret; /* throw error */
wolfSSL 15:117db924cf7c 3243
wolfSSL 15:117db924cf7c 3244 TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST_V2);
wolfSSL 15:117db924cf7c 3245 ssl->status_request_v2 = status_type;
wolfSSL 15:117db924cf7c 3246
wolfSSL 15:117db924cf7c 3247 return 0;
wolfSSL 15:117db924cf7c 3248 }
wolfSSL 15:117db924cf7c 3249 #endif
wolfSSL 15:117db924cf7c 3250 }
wolfSSL 15:117db924cf7c 3251
wolfSSL 15:117db924cf7c 3252 return 0;
wolfSSL 15:117db924cf7c 3253 }
wolfSSL 15:117db924cf7c 3254
wolfSSL 15:117db924cf7c 3255 int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer,
wolfSSL 15:117db924cf7c 3256 void* heap)
wolfSSL 15:117db924cf7c 3257 {
wolfSSL 15:117db924cf7c 3258 TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 15:117db924cf7c 3259 CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL 15:117db924cf7c 3260 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 15:117db924cf7c 3261 int ret = 0;
wolfSSL 15:117db924cf7c 3262
wolfSSL 15:117db924cf7c 3263 for (; csr2; csr2 = csr2->next) {
wolfSSL 15:117db924cf7c 3264 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3265 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3266 if (!isPeer || csr2->requests != 0)
wolfSSL 15:117db924cf7c 3267 break;
wolfSSL 15:117db924cf7c 3268
wolfSSL 15:117db924cf7c 3269 FALL_THROUGH; /* followed by */
wolfSSL 15:117db924cf7c 3270
wolfSSL 15:117db924cf7c 3271 case WOLFSSL_CSR2_OCSP_MULTI: {
wolfSSL 15:117db924cf7c 3272 if (csr2->requests < 1 + MAX_CHAIN_DEPTH) {
wolfSSL 15:117db924cf7c 3273 byte nonce[MAX_OCSP_NONCE_SZ];
wolfSSL 15:117db924cf7c 3274 int nonceSz = csr2->request.ocsp[0].nonceSz;
wolfSSL 15:117db924cf7c 3275
wolfSSL 15:117db924cf7c 3276 /* preserve nonce, replicating nonce of ocsp[0] */
wolfSSL 15:117db924cf7c 3277 XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz);
wolfSSL 15:117db924cf7c 3278
wolfSSL 15:117db924cf7c 3279 if ((ret = InitOcspRequest(
wolfSSL 15:117db924cf7c 3280 &csr2->request.ocsp[csr2->requests], cert,
wolfSSL 15:117db924cf7c 3281 0, heap)) != 0)
wolfSSL 15:117db924cf7c 3282 return ret;
wolfSSL 15:117db924cf7c 3283
wolfSSL 15:117db924cf7c 3284 /* restore nonce */
wolfSSL 15:117db924cf7c 3285 XMEMCPY(csr2->request.ocsp[csr2->requests].nonce,
wolfSSL 15:117db924cf7c 3286 nonce, nonceSz);
wolfSSL 15:117db924cf7c 3287 csr2->request.ocsp[csr2->requests].nonceSz = nonceSz;
wolfSSL 15:117db924cf7c 3288 csr2->requests++;
wolfSSL 15:117db924cf7c 3289 }
wolfSSL 15:117db924cf7c 3290 }
wolfSSL 15:117db924cf7c 3291 break;
wolfSSL 15:117db924cf7c 3292 }
wolfSSL 15:117db924cf7c 3293 }
wolfSSL 15:117db924cf7c 3294
wolfSSL 15:117db924cf7c 3295 (void)cert;
wolfSSL 15:117db924cf7c 3296 return ret;
wolfSSL 15:117db924cf7c 3297 }
wolfSSL 15:117db924cf7c 3298
wolfSSL 15:117db924cf7c 3299 void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte idx)
wolfSSL 15:117db924cf7c 3300 {
wolfSSL 15:117db924cf7c 3301 TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 15:117db924cf7c 3302 CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL 15:117db924cf7c 3303 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 15:117db924cf7c 3304
wolfSSL 15:117db924cf7c 3305 for (; csr2; csr2 = csr2->next) {
wolfSSL 15:117db924cf7c 3306 if (csr2->status_type == status_type) {
wolfSSL 15:117db924cf7c 3307 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3308 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3309 /* followed by */
wolfSSL 15:117db924cf7c 3310
wolfSSL 15:117db924cf7c 3311 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3312 /* requests are initialized in the reverse order */
wolfSSL 15:117db924cf7c 3313 return idx < csr2->requests
wolfSSL 15:117db924cf7c 3314 ? &csr2->request.ocsp[csr2->requests - idx - 1]
wolfSSL 15:117db924cf7c 3315 : NULL;
wolfSSL 15:117db924cf7c 3316 break;
wolfSSL 15:117db924cf7c 3317 }
wolfSSL 15:117db924cf7c 3318 }
wolfSSL 15:117db924cf7c 3319 }
wolfSSL 15:117db924cf7c 3320
wolfSSL 15:117db924cf7c 3321 return NULL;
wolfSSL 15:117db924cf7c 3322 }
wolfSSL 15:117db924cf7c 3323
wolfSSL 15:117db924cf7c 3324 int TLSX_CSR2_ForceRequest(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3325 {
wolfSSL 15:117db924cf7c 3326 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 15:117db924cf7c 3327 CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL 15:117db924cf7c 3328 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 15:117db924cf7c 3329
wolfSSL 15:117db924cf7c 3330 /* forces only the first one */
wolfSSL 15:117db924cf7c 3331 if (csr2) {
wolfSSL 15:117db924cf7c 3332 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3333 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3334 /* followed by */
wolfSSL 15:117db924cf7c 3335
wolfSSL 15:117db924cf7c 3336 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3337 if (ssl->ctx->cm->ocspEnabled) {
wolfSSL 15:117db924cf7c 3338 csr2->request.ocsp[0].ssl = ssl;
wolfSSL 15:117db924cf7c 3339 return CheckOcspRequest(ssl->ctx->cm->ocsp,
wolfSSL 15:117db924cf7c 3340 &csr2->request.ocsp[0], NULL);
wolfSSL 15:117db924cf7c 3341 }
wolfSSL 15:117db924cf7c 3342 else
wolfSSL 15:117db924cf7c 3343 return OCSP_LOOKUP_FAIL;
wolfSSL 15:117db924cf7c 3344 }
wolfSSL 15:117db924cf7c 3345 }
wolfSSL 15:117db924cf7c 3346
wolfSSL 15:117db924cf7c 3347 return 0;
wolfSSL 15:117db924cf7c 3348 }
wolfSSL 15:117db924cf7c 3349
wolfSSL 15:117db924cf7c 3350 int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
wolfSSL 15:117db924cf7c 3351 byte options, void* heap, int devId)
wolfSSL 15:117db924cf7c 3352 {
wolfSSL 15:117db924cf7c 3353 TLSX* extension = NULL;
wolfSSL 15:117db924cf7c 3354 CertificateStatusRequestItemV2* csr2 = NULL;
wolfSSL 15:117db924cf7c 3355 int ret = 0;
wolfSSL 15:117db924cf7c 3356
wolfSSL 15:117db924cf7c 3357 if (!extensions)
wolfSSL 15:117db924cf7c 3358 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3359
wolfSSL 15:117db924cf7c 3360 if (status_type != WOLFSSL_CSR2_OCSP
wolfSSL 15:117db924cf7c 3361 && status_type != WOLFSSL_CSR2_OCSP_MULTI)
wolfSSL 15:117db924cf7c 3362 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3363
wolfSSL 15:117db924cf7c 3364 csr2 = (CertificateStatusRequestItemV2*)
wolfSSL 15:117db924cf7c 3365 XMALLOC(sizeof(CertificateStatusRequestItemV2), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3366 if (!csr2)
wolfSSL 15:117db924cf7c 3367 return MEMORY_E;
wolfSSL 15:117db924cf7c 3368
wolfSSL 15:117db924cf7c 3369 ForceZero(csr2, sizeof(CertificateStatusRequestItemV2));
wolfSSL 15:117db924cf7c 3370
wolfSSL 15:117db924cf7c 3371 csr2->status_type = status_type;
wolfSSL 15:117db924cf7c 3372 csr2->options = options;
wolfSSL 15:117db924cf7c 3373 csr2->next = NULL;
wolfSSL 15:117db924cf7c 3374
wolfSSL 15:117db924cf7c 3375 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3376 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3377 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3378 if (options & WOLFSSL_CSR2_OCSP_USE_NONCE) {
wolfSSL 15:117db924cf7c 3379 WC_RNG rng;
wolfSSL 15:117db924cf7c 3380
wolfSSL 15:117db924cf7c 3381 #ifndef HAVE_FIPS
wolfSSL 15:117db924cf7c 3382 ret = wc_InitRng_ex(&rng, heap, devId);
wolfSSL 15:117db924cf7c 3383 #else
wolfSSL 15:117db924cf7c 3384 ret = wc_InitRng(&rng);
wolfSSL 15:117db924cf7c 3385 (void)devId;
wolfSSL 15:117db924cf7c 3386 #endif
wolfSSL 15:117db924cf7c 3387 if (ret == 0) {
wolfSSL 15:117db924cf7c 3388 if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp[0].nonce,
wolfSSL 15:117db924cf7c 3389 MAX_OCSP_NONCE_SZ) == 0)
wolfSSL 15:117db924cf7c 3390 csr2->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ;
wolfSSL 15:117db924cf7c 3391
wolfSSL 15:117db924cf7c 3392 wc_FreeRng(&rng);
wolfSSL 15:117db924cf7c 3393 }
wolfSSL 15:117db924cf7c 3394 }
wolfSSL 15:117db924cf7c 3395 break;
wolfSSL 15:117db924cf7c 3396 }
wolfSSL 15:117db924cf7c 3397
wolfSSL 15:117db924cf7c 3398 /* append new item */
wolfSSL 15:117db924cf7c 3399 if ((extension = TLSX_Find(*extensions, TLSX_STATUS_REQUEST_V2))) {
wolfSSL 15:117db924cf7c 3400 CertificateStatusRequestItemV2* last =
wolfSSL 15:117db924cf7c 3401 (CertificateStatusRequestItemV2*)extension->data;
wolfSSL 15:117db924cf7c 3402
wolfSSL 15:117db924cf7c 3403 for (; last->next; last = last->next);
wolfSSL 15:117db924cf7c 3404
wolfSSL 15:117db924cf7c 3405 last->next = csr2;
wolfSSL 15:117db924cf7c 3406 }
wolfSSL 15:117db924cf7c 3407 else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2,heap))) {
wolfSSL 15:117db924cf7c 3408 XFREE(csr2, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3409 return ret;
wolfSSL 15:117db924cf7c 3410 }
wolfSSL 15:117db924cf7c 3411
wolfSSL 15:117db924cf7c 3412 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 3413 }
wolfSSL 15:117db924cf7c 3414
wolfSSL 15:117db924cf7c 3415 #define CSR2_FREE_ALL TLSX_CSR2_FreeAll
wolfSSL 15:117db924cf7c 3416 #define CSR2_GET_SIZE TLSX_CSR2_GetSize
wolfSSL 15:117db924cf7c 3417 #define CSR2_WRITE TLSX_CSR2_Write
wolfSSL 15:117db924cf7c 3418 #define CSR2_PARSE TLSX_CSR2_Parse
wolfSSL 15:117db924cf7c 3419
wolfSSL 15:117db924cf7c 3420 #else
wolfSSL 15:117db924cf7c 3421
wolfSSL 15:117db924cf7c 3422 #define CSR2_FREE_ALL(data, heap)
wolfSSL 15:117db924cf7c 3423 #define CSR2_GET_SIZE(a, b) 0
wolfSSL 15:117db924cf7c 3424 #define CSR2_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 3425 #define CSR2_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 3426
wolfSSL 15:117db924cf7c 3427 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 15:117db924cf7c 3428
wolfSSL 15:117db924cf7c 3429 /******************************************************************************/
wolfSSL 15:117db924cf7c 3430 /* Supported Elliptic Curves */
wolfSSL 15:117db924cf7c 3431 /******************************************************************************/
wolfSSL 15:117db924cf7c 3432
wolfSSL 15:117db924cf7c 3433 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 15:117db924cf7c 3434
wolfSSL 15:117db924cf7c 3435 #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && !defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 3436 #error Elliptic Curves Extension requires Elliptic Curve Cryptography. \
wolfSSL 15:117db924cf7c 3437 Use --enable-ecc in the configure script or define HAVE_ECC.
wolfSSL 15:117db924cf7c 3438 #endif
wolfSSL 15:117db924cf7c 3439
wolfSSL 15:117db924cf7c 3440 static int TLSX_SupportedCurve_New(SupportedCurve** curve, word16 name,
wolfSSL 15:117db924cf7c 3441 void* heap)
wolfSSL 15:117db924cf7c 3442 {
wolfSSL 15:117db924cf7c 3443 if (curve == NULL)
wolfSSL 15:117db924cf7c 3444 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3445
wolfSSL 15:117db924cf7c 3446 (void)heap;
wolfSSL 15:117db924cf7c 3447
wolfSSL 15:117db924cf7c 3448 *curve = (SupportedCurve*)XMALLOC(sizeof(SupportedCurve), heap,
wolfSSL 15:117db924cf7c 3449 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3450 if (*curve == NULL)
wolfSSL 15:117db924cf7c 3451 return MEMORY_E;
wolfSSL 15:117db924cf7c 3452
wolfSSL 15:117db924cf7c 3453 (*curve)->name = name;
wolfSSL 15:117db924cf7c 3454 (*curve)->next = NULL;
wolfSSL 15:117db924cf7c 3455
wolfSSL 15:117db924cf7c 3456 return 0;
wolfSSL 15:117db924cf7c 3457 }
wolfSSL 15:117db924cf7c 3458
wolfSSL 15:117db924cf7c 3459 static int TLSX_PointFormat_New(PointFormat** point, byte format, void* heap)
wolfSSL 15:117db924cf7c 3460 {
wolfSSL 15:117db924cf7c 3461 if (point == NULL)
wolfSSL 15:117db924cf7c 3462 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3463
wolfSSL 15:117db924cf7c 3464 (void)heap;
wolfSSL 15:117db924cf7c 3465
wolfSSL 15:117db924cf7c 3466 *point = (PointFormat*)XMALLOC(sizeof(PointFormat), heap,
wolfSSL 15:117db924cf7c 3467 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3468 if (*point == NULL)
wolfSSL 15:117db924cf7c 3469 return MEMORY_E;
wolfSSL 15:117db924cf7c 3470
wolfSSL 15:117db924cf7c 3471 (*point)->format = format;
wolfSSL 15:117db924cf7c 3472 (*point)->next = NULL;
wolfSSL 15:117db924cf7c 3473
wolfSSL 15:117db924cf7c 3474 return 0;
wolfSSL 15:117db924cf7c 3475 }
wolfSSL 15:117db924cf7c 3476
wolfSSL 15:117db924cf7c 3477 static void TLSX_SupportedCurve_FreeAll(SupportedCurve* list, void* heap)
wolfSSL 15:117db924cf7c 3478 {
wolfSSL 15:117db924cf7c 3479 SupportedCurve* curve;
wolfSSL 15:117db924cf7c 3480
wolfSSL 15:117db924cf7c 3481 while ((curve = list)) {
wolfSSL 15:117db924cf7c 3482 list = curve->next;
wolfSSL 15:117db924cf7c 3483 XFREE(curve, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3484 }
wolfSSL 15:117db924cf7c 3485 (void)heap;
wolfSSL 15:117db924cf7c 3486 }
wolfSSL 15:117db924cf7c 3487
wolfSSL 15:117db924cf7c 3488 static void TLSX_PointFormat_FreeAll(PointFormat* list, void* heap)
wolfSSL 15:117db924cf7c 3489 {
wolfSSL 15:117db924cf7c 3490 PointFormat* point;
wolfSSL 15:117db924cf7c 3491
wolfSSL 15:117db924cf7c 3492 while ((point = list)) {
wolfSSL 15:117db924cf7c 3493 list = point->next;
wolfSSL 15:117db924cf7c 3494 XFREE(point, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3495 }
wolfSSL 15:117db924cf7c 3496 (void)heap;
wolfSSL 15:117db924cf7c 3497 }
wolfSSL 15:117db924cf7c 3498
wolfSSL 15:117db924cf7c 3499 static int TLSX_SupportedCurve_Append(SupportedCurve* list, word16 name,
wolfSSL 15:117db924cf7c 3500 void* heap)
wolfSSL 15:117db924cf7c 3501 {
wolfSSL 15:117db924cf7c 3502 int ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3503
wolfSSL 15:117db924cf7c 3504 while (list) {
wolfSSL 15:117db924cf7c 3505 if (list->name == name) {
wolfSSL 15:117db924cf7c 3506 ret = 0; /* curve alreay in use */
wolfSSL 15:117db924cf7c 3507 break;
wolfSSL 15:117db924cf7c 3508 }
wolfSSL 15:117db924cf7c 3509
wolfSSL 15:117db924cf7c 3510 if (list->next == NULL) {
wolfSSL 15:117db924cf7c 3511 ret = TLSX_SupportedCurve_New(&list->next, name, heap);
wolfSSL 15:117db924cf7c 3512 break;
wolfSSL 15:117db924cf7c 3513 }
wolfSSL 15:117db924cf7c 3514
wolfSSL 15:117db924cf7c 3515 list = list->next;
wolfSSL 15:117db924cf7c 3516 }
wolfSSL 15:117db924cf7c 3517
wolfSSL 15:117db924cf7c 3518 return ret;
wolfSSL 15:117db924cf7c 3519 }
wolfSSL 15:117db924cf7c 3520
wolfSSL 15:117db924cf7c 3521 static int TLSX_PointFormat_Append(PointFormat* list, byte format, void* heap)
wolfSSL 15:117db924cf7c 3522 {
wolfSSL 15:117db924cf7c 3523 int ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3524
wolfSSL 15:117db924cf7c 3525 while (list) {
wolfSSL 15:117db924cf7c 3526 if (list->format == format) {
wolfSSL 15:117db924cf7c 3527 ret = 0; /* format already in use */
wolfSSL 15:117db924cf7c 3528 break;
wolfSSL 15:117db924cf7c 3529 }
wolfSSL 15:117db924cf7c 3530
wolfSSL 15:117db924cf7c 3531 if (list->next == NULL) {
wolfSSL 15:117db924cf7c 3532 ret = TLSX_PointFormat_New(&list->next, format, heap);
wolfSSL 15:117db924cf7c 3533 break;
wolfSSL 15:117db924cf7c 3534 }
wolfSSL 15:117db924cf7c 3535
wolfSSL 15:117db924cf7c 3536 list = list->next;
wolfSSL 15:117db924cf7c 3537 }
wolfSSL 15:117db924cf7c 3538
wolfSSL 15:117db924cf7c 3539 return ret;
wolfSSL 15:117db924cf7c 3540 }
wolfSSL 15:117db924cf7c 3541
wolfSSL 15:117db924cf7c 3542 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
wolfSSL 15:117db924cf7c 3543
wolfSSL 15:117db924cf7c 3544 static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
wolfSSL 15:117db924cf7c 3545 {
wolfSSL 15:117db924cf7c 3546 int i;
wolfSSL 15:117db924cf7c 3547
wolfSSL 15:117db924cf7c 3548 for (i = 0; i < ssl->suites->suiteSz; i+= 2)
wolfSSL 15:117db924cf7c 3549 if (ssl->suites->suites[i] == ECC_BYTE ||
wolfSSL 15:117db924cf7c 3550 ssl->suites->suites[i] == CHACHA_BYTE ||
wolfSSL 15:117db924cf7c 3551 ssl->suites->suites[i] == TLS13_BYTE)
wolfSSL 15:117db924cf7c 3552 return;
wolfSSL 15:117db924cf7c 3553
wolfSSL 15:117db924cf7c 3554 /* turns semaphore on to avoid sending this extension. */
wolfSSL 15:117db924cf7c 3555 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS));
wolfSSL 15:117db924cf7c 3556 }
wolfSSL 15:117db924cf7c 3557
wolfSSL 15:117db924cf7c 3558 static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
wolfSSL 15:117db924cf7c 3559 {
wolfSSL 15:117db924cf7c 3560 int i;
wolfSSL 15:117db924cf7c 3561
wolfSSL 15:117db924cf7c 3562 for (i = 0; i < ssl->suites->suiteSz; i+= 2)
wolfSSL 15:117db924cf7c 3563 if (ssl->suites->suites[i] == ECC_BYTE ||
wolfSSL 15:117db924cf7c 3564 ssl->suites->suites[i] == CHACHA_BYTE ||
wolfSSL 15:117db924cf7c 3565 ssl->suites->suites[i] == TLS13_BYTE)
wolfSSL 15:117db924cf7c 3566 return;
wolfSSL 15:117db924cf7c 3567
wolfSSL 15:117db924cf7c 3568 /* turns semaphore on to avoid sending this extension. */
wolfSSL 15:117db924cf7c 3569 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
wolfSSL 15:117db924cf7c 3570 }
wolfSSL 15:117db924cf7c 3571
wolfSSL 15:117db924cf7c 3572 #endif
wolfSSL 15:117db924cf7c 3573
wolfSSL 15:117db924cf7c 3574 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 3575
wolfSSL 15:117db924cf7c 3576 static void TLSX_PointFormat_ValidateResponse(WOLFSSL* ssl, byte* semaphore)
wolfSSL 15:117db924cf7c 3577 {
wolfSSL 15:117db924cf7c 3578 if (ssl->options.cipherSuite0 == ECC_BYTE ||
wolfSSL 15:117db924cf7c 3579 ssl->options.cipherSuite0 == CHACHA_BYTE ||
wolfSSL 15:117db924cf7c 3580 ssl->options.cipherSuite0 == TLS13_BYTE)
wolfSSL 15:117db924cf7c 3581 return;
wolfSSL 15:117db924cf7c 3582
wolfSSL 15:117db924cf7c 3583 /* turns semaphore on to avoid sending this extension. */
wolfSSL 15:117db924cf7c 3584 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
wolfSSL 15:117db924cf7c 3585 }
wolfSSL 15:117db924cf7c 3586
wolfSSL 15:117db924cf7c 3587 #endif
wolfSSL 15:117db924cf7c 3588 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 3589
wolfSSL 15:117db924cf7c 3590 static word16 TLSX_SupportedCurve_GetSize(SupportedCurve* list)
wolfSSL 15:117db924cf7c 3591 {
wolfSSL 15:117db924cf7c 3592 SupportedCurve* curve;
wolfSSL 15:117db924cf7c 3593 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 15:117db924cf7c 3594
wolfSSL 15:117db924cf7c 3595 while ((curve = list)) {
wolfSSL 15:117db924cf7c 3596 list = curve->next;
wolfSSL 15:117db924cf7c 3597 length += OPAQUE16_LEN; /* curve length */
wolfSSL 15:117db924cf7c 3598 }
wolfSSL 15:117db924cf7c 3599
wolfSSL 15:117db924cf7c 3600 return length;
wolfSSL 15:117db924cf7c 3601 }
wolfSSL 15:117db924cf7c 3602
wolfSSL 15:117db924cf7c 3603 #endif
wolfSSL 15:117db924cf7c 3604
wolfSSL 15:117db924cf7c 3605 static word16 TLSX_PointFormat_GetSize(PointFormat* list)
wolfSSL 15:117db924cf7c 3606 {
wolfSSL 15:117db924cf7c 3607 PointFormat* point;
wolfSSL 15:117db924cf7c 3608 word16 length = ENUM_LEN; /* list length */
wolfSSL 15:117db924cf7c 3609
wolfSSL 15:117db924cf7c 3610 while ((point = list)) {
wolfSSL 15:117db924cf7c 3611 list = point->next;
wolfSSL 15:117db924cf7c 3612 length += ENUM_LEN; /* format length */
wolfSSL 15:117db924cf7c 3613 }
wolfSSL 15:117db924cf7c 3614
wolfSSL 15:117db924cf7c 3615 return length;
wolfSSL 15:117db924cf7c 3616 }
wolfSSL 15:117db924cf7c 3617
wolfSSL 15:117db924cf7c 3618 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 3619
wolfSSL 15:117db924cf7c 3620 static word16 TLSX_SupportedCurve_Write(SupportedCurve* list, byte* output)
wolfSSL 15:117db924cf7c 3621 {
wolfSSL 15:117db924cf7c 3622 word16 offset = OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3623
wolfSSL 15:117db924cf7c 3624 while (list) {
wolfSSL 15:117db924cf7c 3625 c16toa(list->name, output + offset);
wolfSSL 15:117db924cf7c 3626 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3627 list = list->next;
wolfSSL 15:117db924cf7c 3628 }
wolfSSL 15:117db924cf7c 3629
wolfSSL 15:117db924cf7c 3630 c16toa(offset - OPAQUE16_LEN, output); /* writing list length */
wolfSSL 15:117db924cf7c 3631
wolfSSL 15:117db924cf7c 3632 return offset;
wolfSSL 15:117db924cf7c 3633 }
wolfSSL 15:117db924cf7c 3634
wolfSSL 15:117db924cf7c 3635 #endif
wolfSSL 15:117db924cf7c 3636
wolfSSL 15:117db924cf7c 3637 static word16 TLSX_PointFormat_Write(PointFormat* list, byte* output)
wolfSSL 15:117db924cf7c 3638 {
wolfSSL 15:117db924cf7c 3639 word16 offset = ENUM_LEN;
wolfSSL 15:117db924cf7c 3640
wolfSSL 15:117db924cf7c 3641 while (list) {
wolfSSL 15:117db924cf7c 3642 output[offset++] = list->format;
wolfSSL 15:117db924cf7c 3643 list = list->next;
wolfSSL 15:117db924cf7c 3644 }
wolfSSL 15:117db924cf7c 3645
wolfSSL 15:117db924cf7c 3646 output[0] = (byte)(offset - ENUM_LEN);
wolfSSL 15:117db924cf7c 3647
wolfSSL 15:117db924cf7c 3648 return offset;
wolfSSL 15:117db924cf7c 3649 }
wolfSSL 15:117db924cf7c 3650
wolfSSL 15:117db924cf7c 3651 #if !defined(NO_WOLFSSL_SERVER) || (defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 3652 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT))
wolfSSL 15:117db924cf7c 3653
wolfSSL 15:117db924cf7c 3654 static int TLSX_SupportedCurve_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 3655 byte isRequest)
wolfSSL 15:117db924cf7c 3656 {
wolfSSL 15:117db924cf7c 3657 word16 offset;
wolfSSL 15:117db924cf7c 3658 word16 name;
wolfSSL 15:117db924cf7c 3659 int ret;
wolfSSL 15:117db924cf7c 3660
wolfSSL 15:117db924cf7c 3661 if(!isRequest && !IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 3662 return BUFFER_ERROR; /* servers doesn't send this extension. */
wolfSSL 15:117db924cf7c 3663
wolfSSL 15:117db924cf7c 3664 if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 3665 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3666
wolfSSL 15:117db924cf7c 3667 ato16(input, &offset);
wolfSSL 15:117db924cf7c 3668
wolfSSL 15:117db924cf7c 3669 /* validating curve list length */
wolfSSL 15:117db924cf7c 3670 if (length != OPAQUE16_LEN + offset)
wolfSSL 15:117db924cf7c 3671 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3672
wolfSSL 15:117db924cf7c 3673 offset = OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3674 if (offset == length)
wolfSSL 15:117db924cf7c 3675 return 0;
wolfSSL 15:117db924cf7c 3676
wolfSSL 15:117db924cf7c 3677 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)
wolfSSL 15:117db924cf7c 3678 if (!isRequest) {
wolfSSL 15:117db924cf7c 3679 TLSX* extension;
wolfSSL 15:117db924cf7c 3680 SupportedCurve* curve;
wolfSSL 15:117db924cf7c 3681
wolfSSL 15:117db924cf7c 3682 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL 15:117db924cf7c 3683 if (extension != NULL) {
wolfSSL 15:117db924cf7c 3684 /* Replace client list with server list of supported groups. */
wolfSSL 15:117db924cf7c 3685 curve = (SupportedCurve*)extension->data;
wolfSSL 15:117db924cf7c 3686 extension->data = NULL;
wolfSSL 15:117db924cf7c 3687 TLSX_SupportedCurve_FreeAll(curve, ssl->heap);
wolfSSL 15:117db924cf7c 3688
wolfSSL 15:117db924cf7c 3689 ato16(input + offset, &name);
wolfSSL 15:117db924cf7c 3690 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3691
wolfSSL 15:117db924cf7c 3692 ret = TLSX_SupportedCurve_New(&curve, name, ssl->heap);
wolfSSL 15:117db924cf7c 3693 if (ret != 0)
wolfSSL 15:117db924cf7c 3694 return ret; /* throw error */
wolfSSL 15:117db924cf7c 3695 extension->data = (void*)curve;
wolfSSL 15:117db924cf7c 3696 }
wolfSSL 15:117db924cf7c 3697 }
wolfSSL 15:117db924cf7c 3698 #endif
wolfSSL 15:117db924cf7c 3699
wolfSSL 15:117db924cf7c 3700 for (; offset < length; offset += OPAQUE16_LEN) {
wolfSSL 15:117db924cf7c 3701 ato16(input + offset, &name);
wolfSSL 15:117db924cf7c 3702
wolfSSL 15:117db924cf7c 3703 ret = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap);
wolfSSL 15:117db924cf7c 3704 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 3705 return ret; /* throw error */
wolfSSL 15:117db924cf7c 3706 }
wolfSSL 15:117db924cf7c 3707
wolfSSL 15:117db924cf7c 3708 return 0;
wolfSSL 15:117db924cf7c 3709 }
wolfSSL 15:117db924cf7c 3710
wolfSSL 15:117db924cf7c 3711 #endif
wolfSSL 15:117db924cf7c 3712
wolfSSL 15:117db924cf7c 3713 #if !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 3714 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)
wolfSSL 15:117db924cf7c 3715
wolfSSL 15:117db924cf7c 3716 /* Checks the priority of the groups on the server and set the supported groups
wolfSSL 15:117db924cf7c 3717 * response if there is a group not advertised by the client that is preferred.
wolfSSL 15:117db924cf7c 3718 *
wolfSSL 15:117db924cf7c 3719 * ssl SSL/TLS object.
wolfSSL 15:117db924cf7c 3720 * returns 0 on success, otherwise an error.
wolfSSL 15:117db924cf7c 3721 */
wolfSSL 15:117db924cf7c 3722 int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3723 {
wolfSSL 15:117db924cf7c 3724 int ret;
wolfSSL 15:117db924cf7c 3725 TLSX* extension;
wolfSSL 15:117db924cf7c 3726 TLSX* priority = NULL;
wolfSSL 15:117db924cf7c 3727 TLSX* ext = NULL;
wolfSSL 15:117db924cf7c 3728 word16 name;
wolfSSL 15:117db924cf7c 3729 SupportedCurve* curve;
wolfSSL 15:117db924cf7c 3730
wolfSSL 15:117db924cf7c 3731 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL 15:117db924cf7c 3732 /* May be doing PSK with no key exchange. */
wolfSSL 15:117db924cf7c 3733 if (extension == NULL)
wolfSSL 15:117db924cf7c 3734 return 0;
wolfSSL 15:117db924cf7c 3735
wolfSSL 15:117db924cf7c 3736 if ((ret = TLSX_PopulateSupportedGroups(ssl, &priority)) != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 3737 return ret;
wolfSSL 15:117db924cf7c 3738
wolfSSL 15:117db924cf7c 3739 ext = TLSX_Find(priority, TLSX_SUPPORTED_GROUPS);
wolfSSL 15:117db924cf7c 3740 curve = (SupportedCurve*)ext->data;
wolfSSL 15:117db924cf7c 3741 name = curve->name;
wolfSSL 15:117db924cf7c 3742
wolfSSL 15:117db924cf7c 3743 curve = (SupportedCurve*)extension->data;
wolfSSL 15:117db924cf7c 3744 while (curve != NULL) {
wolfSSL 15:117db924cf7c 3745 if (curve->name == name)
wolfSSL 15:117db924cf7c 3746 break;
wolfSSL 15:117db924cf7c 3747 curve = curve->next;
wolfSSL 15:117db924cf7c 3748 }
wolfSSL 15:117db924cf7c 3749
wolfSSL 15:117db924cf7c 3750 if (curve == NULL) {
wolfSSL 15:117db924cf7c 3751 /* Couldn't find the preferred group in client list. */
wolfSSL 15:117db924cf7c 3752 extension->resp = 1;
wolfSSL 15:117db924cf7c 3753
wolfSSL 15:117db924cf7c 3754 /* Send server list back and free client list. */
wolfSSL 15:117db924cf7c 3755 curve = (SupportedCurve*)extension->data;
wolfSSL 15:117db924cf7c 3756 extension->data = ext->data;
wolfSSL 15:117db924cf7c 3757 ext->data = curve;
wolfSSL 15:117db924cf7c 3758 }
wolfSSL 15:117db924cf7c 3759
wolfSSL 15:117db924cf7c 3760 TLSX_FreeAll(priority, ssl->heap);
wolfSSL 15:117db924cf7c 3761
wolfSSL 15:117db924cf7c 3762 return 0;
wolfSSL 15:117db924cf7c 3763 }
wolfSSL 15:117db924cf7c 3764
wolfSSL 15:117db924cf7c 3765 #endif
wolfSSL 15:117db924cf7c 3766
wolfSSL 15:117db924cf7c 3767 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)
wolfSSL 15:117db924cf7c 3768 /* Return the preferred group.
wolfSSL 15:117db924cf7c 3769 *
wolfSSL 15:117db924cf7c 3770 * ssl SSL/TLS object.
wolfSSL 15:117db924cf7c 3771 * checkSupported Whether to check for the first supported group.
wolfSSL 15:117db924cf7c 3772 * returns BAD_FUNC_ARG if no group found, otherwise the group.
wolfSSL 15:117db924cf7c 3773 */
wolfSSL 15:117db924cf7c 3774 int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, int checkSupported)
wolfSSL 15:117db924cf7c 3775 {
wolfSSL 15:117db924cf7c 3776 TLSX* extension;
wolfSSL 15:117db924cf7c 3777 SupportedCurve* curve;
wolfSSL 15:117db924cf7c 3778
wolfSSL 15:117db924cf7c 3779 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL 15:117db924cf7c 3780 if (extension == NULL)
wolfSSL 15:117db924cf7c 3781 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3782
wolfSSL 15:117db924cf7c 3783 curve = (SupportedCurve*)extension->data;
wolfSSL 15:117db924cf7c 3784 while (curve != NULL) {
wolfSSL 15:117db924cf7c 3785 if (!checkSupported || TLSX_KeyShare_IsSupported(curve->name))
wolfSSL 15:117db924cf7c 3786 return curve->name;
wolfSSL 15:117db924cf7c 3787 curve = curve->next;
wolfSSL 15:117db924cf7c 3788 }
wolfSSL 15:117db924cf7c 3789
wolfSSL 15:117db924cf7c 3790 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3791 }
wolfSSL 15:117db924cf7c 3792
wolfSSL 15:117db924cf7c 3793 #endif
wolfSSL 15:117db924cf7c 3794
wolfSSL 15:117db924cf7c 3795 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 3796
wolfSSL 15:117db924cf7c 3797 static int TLSX_PointFormat_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 3798 byte isRequest)
wolfSSL 15:117db924cf7c 3799 {
wolfSSL 15:117db924cf7c 3800 int ret;
wolfSSL 15:117db924cf7c 3801
wolfSSL 15:117db924cf7c 3802 /* validating formats list length */
wolfSSL 15:117db924cf7c 3803 if (ENUM_LEN > length || length != ENUM_LEN + input[0])
wolfSSL 15:117db924cf7c 3804 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3805
wolfSSL 15:117db924cf7c 3806 if (isRequest) {
wolfSSL 15:117db924cf7c 3807 /* adding uncompressed point format to response */
wolfSSL 15:117db924cf7c 3808 ret = TLSX_UsePointFormat(&ssl->extensions, WOLFSSL_EC_PF_UNCOMPRESSED,
wolfSSL 15:117db924cf7c 3809 ssl->heap);
wolfSSL 15:117db924cf7c 3810 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 3811 return ret; /* throw error */
wolfSSL 15:117db924cf7c 3812
wolfSSL 15:117db924cf7c 3813 TLSX_SetResponse(ssl, TLSX_EC_POINT_FORMATS);
wolfSSL 15:117db924cf7c 3814 }
wolfSSL 15:117db924cf7c 3815
wolfSSL 15:117db924cf7c 3816 return 0;
wolfSSL 15:117db924cf7c 3817 }
wolfSSL 15:117db924cf7c 3818
wolfSSL 15:117db924cf7c 3819 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
wolfSSL 15:117db924cf7c 3820 int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
wolfSSL 15:117db924cf7c 3821 TLSX* extension = (first == ECC_BYTE || first == CHACHA_BYTE)
wolfSSL 15:117db924cf7c 3822 ? TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS)
wolfSSL 15:117db924cf7c 3823 : NULL;
wolfSSL 15:117db924cf7c 3824 SupportedCurve* curve = NULL;
wolfSSL 15:117db924cf7c 3825 word32 oid = 0;
wolfSSL 15:117db924cf7c 3826 word32 pkOid = 0;
wolfSSL 15:117db924cf7c 3827 word32 defOid = 0;
wolfSSL 15:117db924cf7c 3828 word32 defSz = 80; /* Maximum known curve size is 66. */
wolfSSL 15:117db924cf7c 3829 word32 nextOid = 0;
wolfSSL 15:117db924cf7c 3830 word32 nextSz = 80; /* Maximum known curve size is 66. */
wolfSSL 15:117db924cf7c 3831 word32 currOid = ssl->ecdhCurveOID;
wolfSSL 15:117db924cf7c 3832 int ephmSuite = 0;
wolfSSL 15:117db924cf7c 3833 word16 octets = 0; /* according to 'ecc_set_type ecc_sets[];' */
wolfSSL 15:117db924cf7c 3834 int sig = 0; /* validate signature */
wolfSSL 15:117db924cf7c 3835 int key = 0; /* validate key */
wolfSSL 15:117db924cf7c 3836
wolfSSL 15:117db924cf7c 3837 (void)oid;
wolfSSL 15:117db924cf7c 3838
wolfSSL 15:117db924cf7c 3839 if (!extension)
wolfSSL 15:117db924cf7c 3840 return 1; /* no suite restriction */
wolfSSL 15:117db924cf7c 3841
wolfSSL 15:117db924cf7c 3842 for (curve = (SupportedCurve*)extension->data;
wolfSSL 15:117db924cf7c 3843 curve && !(sig && key);
wolfSSL 15:117db924cf7c 3844 curve = curve->next) {
wolfSSL 15:117db924cf7c 3845
wolfSSL 15:117db924cf7c 3846 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 3847 if (ssl->ctx->disabledCurves & (1 << curve->name))
wolfSSL 15:117db924cf7c 3848 continue;
wolfSSL 15:117db924cf7c 3849 #endif
wolfSSL 15:117db924cf7c 3850
wolfSSL 15:117db924cf7c 3851 /* find supported curve */
wolfSSL 15:117db924cf7c 3852 switch (curve->name) {
wolfSSL 15:117db924cf7c 3853 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 3854 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 3855 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 3856 case WOLFSSL_ECC_SECP160R1:
wolfSSL 15:117db924cf7c 3857 pkOid = oid = ECC_SECP160R1_OID;
wolfSSL 15:117db924cf7c 3858 octets = 20;
wolfSSL 15:117db924cf7c 3859 break;
wolfSSL 15:117db924cf7c 3860 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 3861 #ifdef HAVE_ECC_SECPR2
wolfSSL 15:117db924cf7c 3862 case WOLFSSL_ECC_SECP160R2:
wolfSSL 15:117db924cf7c 3863 pkOid = oid = ECC_SECP160R2_OID;
wolfSSL 15:117db924cf7c 3864 octets = 20;
wolfSSL 15:117db924cf7c 3865 break;
wolfSSL 15:117db924cf7c 3866 #endif /* HAVE_ECC_SECPR2 */
wolfSSL 15:117db924cf7c 3867 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 15:117db924cf7c 3868 case WOLFSSL_ECC_SECP160K1:
wolfSSL 15:117db924cf7c 3869 pkOid = oid = ECC_SECP160K1_OID;
wolfSSL 15:117db924cf7c 3870 octets = 20;
wolfSSL 15:117db924cf7c 3871 break;
wolfSSL 15:117db924cf7c 3872 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 15:117db924cf7c 3873 #endif
wolfSSL 15:117db924cf7c 3874 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 3875 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 3876 case WOLFSSL_ECC_SECP192R1:
wolfSSL 15:117db924cf7c 3877 pkOid = oid = ECC_SECP192R1_OID;
wolfSSL 15:117db924cf7c 3878 octets = 24;
wolfSSL 15:117db924cf7c 3879 break;
wolfSSL 15:117db924cf7c 3880 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 3881 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 15:117db924cf7c 3882 case WOLFSSL_ECC_SECP192K1:
wolfSSL 15:117db924cf7c 3883 pkOid = oid = ECC_SECP192K1_OID;
wolfSSL 15:117db924cf7c 3884 octets = 24;
wolfSSL 15:117db924cf7c 3885 break;
wolfSSL 15:117db924cf7c 3886 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 15:117db924cf7c 3887 #endif
wolfSSL 15:117db924cf7c 3888 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 3889 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 3890 case WOLFSSL_ECC_SECP224R1:
wolfSSL 15:117db924cf7c 3891 pkOid = oid = ECC_SECP224R1_OID;
wolfSSL 15:117db924cf7c 3892 octets = 28;
wolfSSL 15:117db924cf7c 3893 break;
wolfSSL 15:117db924cf7c 3894 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 3895 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 15:117db924cf7c 3896 case WOLFSSL_ECC_SECP224K1:
wolfSSL 15:117db924cf7c 3897 pkOid = oid = ECC_SECP224K1_OID;
wolfSSL 15:117db924cf7c 3898 octets = 28;
wolfSSL 15:117db924cf7c 3899 break;
wolfSSL 15:117db924cf7c 3900 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 15:117db924cf7c 3901 #endif
wolfSSL 15:117db924cf7c 3902 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 3903 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 3904 case WOLFSSL_ECC_SECP256R1:
wolfSSL 15:117db924cf7c 3905 pkOid = oid = ECC_SECP256R1_OID;
wolfSSL 15:117db924cf7c 3906 octets = 32;
wolfSSL 15:117db924cf7c 3907 break;
wolfSSL 15:117db924cf7c 3908 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 3909 #endif /* !NO_ECC256 || HAVE_ALL_CURVES */
wolfSSL 15:117db924cf7c 3910 #endif
wolfSSL 15:117db924cf7c 3911 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 3912 case WOLFSSL_ECC_X25519:
wolfSSL 15:117db924cf7c 3913 oid = ECC_X25519_OID;
wolfSSL 15:117db924cf7c 3914 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 3915 pkOid = ECC_ED25519_OID;
wolfSSL 15:117db924cf7c 3916 #else
wolfSSL 15:117db924cf7c 3917 pkOid = ECC_X25519_OID;
wolfSSL 15:117db924cf7c 3918 #endif
wolfSSL 15:117db924cf7c 3919 octets = 32;
wolfSSL 15:117db924cf7c 3920 break;
wolfSSL 15:117db924cf7c 3921 #endif /* HAVE_CURVE25519 */
wolfSSL 15:117db924cf7c 3922 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 3923 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 3924 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 15:117db924cf7c 3925 case WOLFSSL_ECC_SECP256K1:
wolfSSL 15:117db924cf7c 3926 pkOid = oid = ECC_SECP256K1_OID;
wolfSSL 15:117db924cf7c 3927 octets = 32;
wolfSSL 15:117db924cf7c 3928 break;
wolfSSL 15:117db924cf7c 3929 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 15:117db924cf7c 3930 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 15:117db924cf7c 3931 case WOLFSSL_ECC_BRAINPOOLP256R1:
wolfSSL 15:117db924cf7c 3932 pkOid = oid = ECC_BRAINPOOLP256R1_OID;
wolfSSL 15:117db924cf7c 3933 octets = 32;
wolfSSL 15:117db924cf7c 3934 break;
wolfSSL 15:117db924cf7c 3935 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 15:117db924cf7c 3936 #endif
wolfSSL 15:117db924cf7c 3937 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 3938 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 3939 case WOLFSSL_ECC_SECP384R1:
wolfSSL 15:117db924cf7c 3940 pkOid = oid = ECC_SECP384R1_OID;
wolfSSL 15:117db924cf7c 3941 octets = 48;
wolfSSL 15:117db924cf7c 3942 break;
wolfSSL 15:117db924cf7c 3943 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 3944 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 15:117db924cf7c 3945 case WOLFSSL_ECC_BRAINPOOLP384R1:
wolfSSL 15:117db924cf7c 3946 pkOid = oid = ECC_BRAINPOOLP384R1_OID;
wolfSSL 15:117db924cf7c 3947 octets = 48;
wolfSSL 15:117db924cf7c 3948 break;
wolfSSL 15:117db924cf7c 3949 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 15:117db924cf7c 3950 #endif
wolfSSL 15:117db924cf7c 3951 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 3952 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 15:117db924cf7c 3953 case WOLFSSL_ECC_BRAINPOOLP512R1:
wolfSSL 15:117db924cf7c 3954 pkOid = oid = ECC_BRAINPOOLP512R1_OID;
wolfSSL 15:117db924cf7c 3955 octets = 64;
wolfSSL 15:117db924cf7c 3956 break;
wolfSSL 15:117db924cf7c 3957 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 15:117db924cf7c 3958 #endif
wolfSSL 15:117db924cf7c 3959 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 3960 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 3961 case WOLFSSL_ECC_SECP521R1:
wolfSSL 15:117db924cf7c 3962 pkOid = oid = ECC_SECP521R1_OID;
wolfSSL 15:117db924cf7c 3963 octets = 66;
wolfSSL 15:117db924cf7c 3964 break;
wolfSSL 15:117db924cf7c 3965 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 3966 #endif
wolfSSL 15:117db924cf7c 3967 #endif
wolfSSL 15:117db924cf7c 3968 default: continue; /* unsupported curve */
wolfSSL 15:117db924cf7c 3969 }
wolfSSL 15:117db924cf7c 3970
wolfSSL 15:117db924cf7c 3971 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 3972 /* Set default Oid */
wolfSSL 15:117db924cf7c 3973 if (defOid == 0 && ssl->eccTempKeySz <= octets && defSz > octets) {
wolfSSL 15:117db924cf7c 3974 defOid = oid;
wolfSSL 15:117db924cf7c 3975 defSz = octets;
wolfSSL 15:117db924cf7c 3976 }
wolfSSL 15:117db924cf7c 3977
wolfSSL 15:117db924cf7c 3978 if (currOid == 0 && ssl->eccTempKeySz == octets)
wolfSSL 15:117db924cf7c 3979 currOid = oid;
wolfSSL 15:117db924cf7c 3980 if ((nextOid == 0 || nextSz > octets) && ssl->eccTempKeySz <= octets) {
wolfSSL 15:117db924cf7c 3981 nextOid = oid;
wolfSSL 15:117db924cf7c 3982 nextSz = octets;
wolfSSL 15:117db924cf7c 3983 }
wolfSSL 15:117db924cf7c 3984 #else
wolfSSL 15:117db924cf7c 3985 if (defOid == 0 && defSz > octets) {
wolfSSL 15:117db924cf7c 3986 defOid = oid;
wolfSSL 15:117db924cf7c 3987 defSz = octets;
wolfSSL 15:117db924cf7c 3988 }
wolfSSL 15:117db924cf7c 3989
wolfSSL 15:117db924cf7c 3990 if (currOid == 0)
wolfSSL 15:117db924cf7c 3991 currOid = oid;
wolfSSL 15:117db924cf7c 3992 if (nextOid == 0 || nextSz > octets) {
wolfSSL 15:117db924cf7c 3993 nextOid = oid;
wolfSSL 15:117db924cf7c 3994 nextSz = octets;
wolfSSL 15:117db924cf7c 3995 }
wolfSSL 15:117db924cf7c 3996 #endif
wolfSSL 15:117db924cf7c 3997
wolfSSL 15:117db924cf7c 3998 if (first == ECC_BYTE) {
wolfSSL 15:117db924cf7c 3999 switch (second) {
wolfSSL 15:117db924cf7c 4000 /* ECDHE_ECDSA */
wolfSSL 15:117db924cf7c 4001 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL 15:117db924cf7c 4002 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL 15:117db924cf7c 4003 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
wolfSSL 15:117db924cf7c 4004 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 15:117db924cf7c 4005 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL 15:117db924cf7c 4006 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL 15:117db924cf7c 4007 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL 15:117db924cf7c 4008 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL 15:117db924cf7c 4009 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL 15:117db924cf7c 4010 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
wolfSSL 15:117db924cf7c 4011 sig |= ssl->pkCurveOID == pkOid;
wolfSSL 15:117db924cf7c 4012 key |= ssl->ecdhCurveOID == oid;
wolfSSL 15:117db924cf7c 4013 ephmSuite = 1;
wolfSSL 15:117db924cf7c 4014 break;
wolfSSL 15:117db924cf7c 4015
wolfSSL 15:117db924cf7c 4016 #ifdef WOLFSSL_STATIC_DH
wolfSSL 15:117db924cf7c 4017 /* ECDH_ECDSA */
wolfSSL 15:117db924cf7c 4018 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL 15:117db924cf7c 4019 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL 15:117db924cf7c 4020 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
wolfSSL 15:117db924cf7c 4021 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 15:117db924cf7c 4022 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL 15:117db924cf7c 4023 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL 15:117db924cf7c 4024 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL 15:117db924cf7c 4025 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL 15:117db924cf7c 4026 if (oid == ECC_X25519_OID && defOid == oid) {
wolfSSL 15:117db924cf7c 4027 defOid = 0;
wolfSSL 15:117db924cf7c 4028 defSz = 80;
wolfSSL 15:117db924cf7c 4029 }
wolfSSL 15:117db924cf7c 4030 sig |= ssl->pkCurveOID == pkOid;
wolfSSL 15:117db924cf7c 4031 key |= ssl->pkCurveOID == oid;
wolfSSL 15:117db924cf7c 4032 break;
wolfSSL 15:117db924cf7c 4033 #endif /* WOLFSSL_STATIC_DH */
wolfSSL 15:117db924cf7c 4034 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 4035 /* ECDHE_RSA */
wolfSSL 15:117db924cf7c 4036 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
wolfSSL 15:117db924cf7c 4037 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
wolfSSL 15:117db924cf7c 4038 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
wolfSSL 15:117db924cf7c 4039 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 15:117db924cf7c 4040 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL 15:117db924cf7c 4041 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL 15:117db924cf7c 4042 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL 15:117db924cf7c 4043 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL 15:117db924cf7c 4044 sig = 1;
wolfSSL 15:117db924cf7c 4045 key |= ssl->ecdhCurveOID == oid;
wolfSSL 15:117db924cf7c 4046 ephmSuite = 1;
wolfSSL 15:117db924cf7c 4047 break;
wolfSSL 15:117db924cf7c 4048
wolfSSL 15:117db924cf7c 4049 #ifdef WOLFSSL_STATIC_DH
wolfSSL 15:117db924cf7c 4050 /* ECDH_RSA */
wolfSSL 15:117db924cf7c 4051 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
wolfSSL 15:117db924cf7c 4052 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
wolfSSL 15:117db924cf7c 4053 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
wolfSSL 15:117db924cf7c 4054 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 15:117db924cf7c 4055 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL 15:117db924cf7c 4056 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL 15:117db924cf7c 4057 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL 15:117db924cf7c 4058 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL 15:117db924cf7c 4059 if (oid == ECC_X25519_OID && defOid == oid) {
wolfSSL 15:117db924cf7c 4060 defOid = 0;
wolfSSL 15:117db924cf7c 4061 defSz = 80;
wolfSSL 15:117db924cf7c 4062 }
wolfSSL 15:117db924cf7c 4063 sig = 1;
wolfSSL 15:117db924cf7c 4064 key |= ssl->pkCurveOID == pkOid;
wolfSSL 15:117db924cf7c 4065 break;
wolfSSL 15:117db924cf7c 4066 #endif /* WOLFSSL_STATIC_DH */
wolfSSL 15:117db924cf7c 4067 #endif
wolfSSL 15:117db924cf7c 4068 default:
wolfSSL 15:117db924cf7c 4069 if (oid == ECC_X25519_OID && defOid == oid) {
wolfSSL 15:117db924cf7c 4070 defOid = 0;
wolfSSL 15:117db924cf7c 4071 defSz = 80;
wolfSSL 15:117db924cf7c 4072 }
wolfSSL 15:117db924cf7c 4073 if (oid != ECC_X25519_OID)
wolfSSL 15:117db924cf7c 4074 sig = 1;
wolfSSL 15:117db924cf7c 4075 key = 1;
wolfSSL 15:117db924cf7c 4076 break;
wolfSSL 15:117db924cf7c 4077 }
wolfSSL 15:117db924cf7c 4078 }
wolfSSL 15:117db924cf7c 4079
wolfSSL 15:117db924cf7c 4080 /* ChaCha20-Poly1305 ECC cipher suites */
wolfSSL 15:117db924cf7c 4081 if (first == CHACHA_BYTE) {
wolfSSL 15:117db924cf7c 4082 switch (second) {
wolfSSL 15:117db924cf7c 4083 /* ECDHE_ECDSA */
wolfSSL 15:117db924cf7c 4084 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 15:117db924cf7c 4085 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 15:117db924cf7c 4086 sig |= ssl->pkCurveOID == pkOid;
wolfSSL 15:117db924cf7c 4087 key |= ssl->ecdhCurveOID == oid;
wolfSSL 15:117db924cf7c 4088 ephmSuite = 1;
wolfSSL 15:117db924cf7c 4089 break;
wolfSSL 15:117db924cf7c 4090 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 4091 /* ECDHE_RSA */
wolfSSL 15:117db924cf7c 4092 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 15:117db924cf7c 4093 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 15:117db924cf7c 4094 sig = 1;
wolfSSL 15:117db924cf7c 4095 key |= ssl->ecdhCurveOID == oid;
wolfSSL 15:117db924cf7c 4096 ephmSuite = 1;
wolfSSL 15:117db924cf7c 4097 break;
wolfSSL 15:117db924cf7c 4098 #endif
wolfSSL 15:117db924cf7c 4099 default:
wolfSSL 15:117db924cf7c 4100 sig = 1;
wolfSSL 15:117db924cf7c 4101 key = 1;
wolfSSL 15:117db924cf7c 4102 break;
wolfSSL 15:117db924cf7c 4103 }
wolfSSL 15:117db924cf7c 4104 }
wolfSSL 15:117db924cf7c 4105 }
wolfSSL 15:117db924cf7c 4106
wolfSSL 15:117db924cf7c 4107 /* Choose the default if it is at the required strength. */
wolfSSL 15:117db924cf7c 4108 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 4109 if (ssl->ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz)
wolfSSL 15:117db924cf7c 4110 #else
wolfSSL 15:117db924cf7c 4111 if (ssl->ecdhCurveOID == 0)
wolfSSL 15:117db924cf7c 4112 #endif
wolfSSL 15:117db924cf7c 4113 {
wolfSSL 15:117db924cf7c 4114 key = 1;
wolfSSL 15:117db924cf7c 4115 ssl->ecdhCurveOID = defOid;
wolfSSL 15:117db924cf7c 4116 }
wolfSSL 15:117db924cf7c 4117 /* Choose any curve at the required strength. */
wolfSSL 15:117db924cf7c 4118 if (ssl->ecdhCurveOID == 0) {
wolfSSL 15:117db924cf7c 4119 key = 1;
wolfSSL 15:117db924cf7c 4120 ssl->ecdhCurveOID = currOid;
wolfSSL 15:117db924cf7c 4121 }
wolfSSL 15:117db924cf7c 4122 /* Choose the default if it is at the next highest strength. */
wolfSSL 15:117db924cf7c 4123 if (ssl->ecdhCurveOID == 0 && defSz == nextSz)
wolfSSL 15:117db924cf7c 4124 ssl->ecdhCurveOID = defOid;
wolfSSL 15:117db924cf7c 4125 /* Choose any curve at the next highest strength. */
wolfSSL 15:117db924cf7c 4126 if (ssl->ecdhCurveOID == 0)
wolfSSL 15:117db924cf7c 4127 ssl->ecdhCurveOID = nextOid;
wolfSSL 15:117db924cf7c 4128 /* No curve and ephemeral ECC suite requires a matching curve. */
wolfSSL 15:117db924cf7c 4129 if (ssl->ecdhCurveOID == 0 && ephmSuite)
wolfSSL 15:117db924cf7c 4130 key = 0;
wolfSSL 15:117db924cf7c 4131
wolfSSL 15:117db924cf7c 4132 return sig && key;
wolfSSL 15:117db924cf7c 4133 }
wolfSSL 15:117db924cf7c 4134 #endif
wolfSSL 15:117db924cf7c 4135
wolfSSL 15:117db924cf7c 4136 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 4137
wolfSSL 15:117db924cf7c 4138 int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap)
wolfSSL 15:117db924cf7c 4139 {
wolfSSL 15:117db924cf7c 4140 TLSX* extension = NULL;
wolfSSL 15:117db924cf7c 4141 SupportedCurve* curve = NULL;
wolfSSL 15:117db924cf7c 4142 int ret;
wolfSSL 15:117db924cf7c 4143
wolfSSL 15:117db924cf7c 4144 if (extensions == NULL)
wolfSSL 15:117db924cf7c 4145 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 4146
wolfSSL 15:117db924cf7c 4147 extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL 15:117db924cf7c 4148
wolfSSL 15:117db924cf7c 4149 if (!extension) {
wolfSSL 15:117db924cf7c 4150 ret = TLSX_SupportedCurve_New(&curve, name, heap);
wolfSSL 15:117db924cf7c 4151 if (ret != 0)
wolfSSL 15:117db924cf7c 4152 return ret;
wolfSSL 15:117db924cf7c 4153
wolfSSL 15:117db924cf7c 4154 ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve, heap);
wolfSSL 15:117db924cf7c 4155 if (ret != 0) {
wolfSSL 15:117db924cf7c 4156 XFREE(curve, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4157 return ret;
wolfSSL 15:117db924cf7c 4158 }
wolfSSL 15:117db924cf7c 4159 }
wolfSSL 15:117db924cf7c 4160 else {
wolfSSL 15:117db924cf7c 4161 ret = TLSX_SupportedCurve_Append((SupportedCurve*)extension->data, name,
wolfSSL 15:117db924cf7c 4162 heap);
wolfSSL 15:117db924cf7c 4163 if (ret != 0)
wolfSSL 15:117db924cf7c 4164 return ret;
wolfSSL 15:117db924cf7c 4165 }
wolfSSL 15:117db924cf7c 4166
wolfSSL 15:117db924cf7c 4167 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 4168 }
wolfSSL 15:117db924cf7c 4169
wolfSSL 15:117db924cf7c 4170 int TLSX_UsePointFormat(TLSX** extensions, byte format, void* heap)
wolfSSL 15:117db924cf7c 4171 {
wolfSSL 15:117db924cf7c 4172 TLSX* extension = NULL;
wolfSSL 15:117db924cf7c 4173 PointFormat* point = NULL;
wolfSSL 15:117db924cf7c 4174 int ret = 0;
wolfSSL 15:117db924cf7c 4175
wolfSSL 15:117db924cf7c 4176 if (extensions == NULL)
wolfSSL 15:117db924cf7c 4177 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 4178
wolfSSL 15:117db924cf7c 4179 extension = TLSX_Find(*extensions, TLSX_EC_POINT_FORMATS);
wolfSSL 15:117db924cf7c 4180
wolfSSL 15:117db924cf7c 4181 if (!extension) {
wolfSSL 15:117db924cf7c 4182 ret = TLSX_PointFormat_New(&point, format, heap);
wolfSSL 15:117db924cf7c 4183 if (ret != 0)
wolfSSL 15:117db924cf7c 4184 return ret;
wolfSSL 15:117db924cf7c 4185
wolfSSL 15:117db924cf7c 4186 ret = TLSX_Push(extensions, TLSX_EC_POINT_FORMATS, point, heap);
wolfSSL 15:117db924cf7c 4187 if (ret != 0) {
wolfSSL 15:117db924cf7c 4188 XFREE(point, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4189 return ret;
wolfSSL 15:117db924cf7c 4190 }
wolfSSL 15:117db924cf7c 4191 }
wolfSSL 15:117db924cf7c 4192 else {
wolfSSL 15:117db924cf7c 4193 ret = TLSX_PointFormat_Append((PointFormat*)extension->data, format,
wolfSSL 15:117db924cf7c 4194 heap);
wolfSSL 15:117db924cf7c 4195 if (ret != 0)
wolfSSL 15:117db924cf7c 4196 return ret;
wolfSSL 15:117db924cf7c 4197 }
wolfSSL 15:117db924cf7c 4198
wolfSSL 15:117db924cf7c 4199 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 4200 }
wolfSSL 15:117db924cf7c 4201
wolfSSL 15:117db924cf7c 4202 #define EC_FREE_ALL TLSX_SupportedCurve_FreeAll
wolfSSL 15:117db924cf7c 4203 #define EC_VALIDATE_REQUEST TLSX_SupportedCurve_ValidateRequest
wolfSSL 15:117db924cf7c 4204
wolfSSL 15:117db924cf7c 4205 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 4206 #define EC_GET_SIZE TLSX_SupportedCurve_GetSize
wolfSSL 15:117db924cf7c 4207 #define EC_WRITE TLSX_SupportedCurve_Write
wolfSSL 15:117db924cf7c 4208 #else
wolfSSL 15:117db924cf7c 4209 #define EC_GET_SIZE(list) 0
wolfSSL 15:117db924cf7c 4210 #define EC_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 4211 #endif
wolfSSL 15:117db924cf7c 4212
wolfSSL 15:117db924cf7c 4213 #if !defined(NO_WOLFSSL_SERVER) || (defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 4214 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT))
wolfSSL 15:117db924cf7c 4215 #define EC_PARSE TLSX_SupportedCurve_Parse
wolfSSL 15:117db924cf7c 4216 #else
wolfSSL 15:117db924cf7c 4217 #define EC_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 4218 #endif
wolfSSL 15:117db924cf7c 4219
wolfSSL 15:117db924cf7c 4220 #define PF_FREE_ALL TLSX_PointFormat_FreeAll
wolfSSL 15:117db924cf7c 4221 #define PF_VALIDATE_REQUEST TLSX_PointFormat_ValidateRequest
wolfSSL 15:117db924cf7c 4222 #define PF_VALIDATE_RESPONSE TLSX_PointFormat_ValidateResponse
wolfSSL 15:117db924cf7c 4223
wolfSSL 15:117db924cf7c 4224 #define PF_GET_SIZE TLSX_PointFormat_GetSize
wolfSSL 15:117db924cf7c 4225 #define PF_WRITE TLSX_PointFormat_Write
wolfSSL 15:117db924cf7c 4226
wolfSSL 15:117db924cf7c 4227 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 4228 #define PF_PARSE TLSX_PointFormat_Parse
wolfSSL 15:117db924cf7c 4229 #else
wolfSSL 15:117db924cf7c 4230 #define PF_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 4231 #endif
wolfSSL 15:117db924cf7c 4232
wolfSSL 15:117db924cf7c 4233 #else
wolfSSL 15:117db924cf7c 4234
wolfSSL 15:117db924cf7c 4235 #define EC_FREE_ALL(list, heap)
wolfSSL 15:117db924cf7c 4236 #define EC_GET_SIZE(list) 0
wolfSSL 15:117db924cf7c 4237 #define EC_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 4238 #define EC_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 4239 #define EC_VALIDATE_REQUEST(a, b)
wolfSSL 15:117db924cf7c 4240
wolfSSL 15:117db924cf7c 4241 #define PF_FREE_ALL(list, heap)
wolfSSL 15:117db924cf7c 4242 #define PF_GET_SIZE(list) 0
wolfSSL 15:117db924cf7c 4243 #define PF_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 4244 #define PF_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 4245 #define PF_VALIDATE_REQUEST(a, b)
wolfSSL 15:117db924cf7c 4246 #define PF_VALIDATE_RESPONSE(a, b)
wolfSSL 15:117db924cf7c 4247
wolfSSL 15:117db924cf7c 4248 #endif /* HAVE_SUPPORTED_CURVES */
wolfSSL 15:117db924cf7c 4249
wolfSSL 15:117db924cf7c 4250 /******************************************************************************/
wolfSSL 15:117db924cf7c 4251 /* Renegotiation Indication */
wolfSSL 15:117db924cf7c 4252 /******************************************************************************/
wolfSSL 15:117db924cf7c 4253
wolfSSL 15:117db924cf7c 4254 #if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL 15:117db924cf7c 4255 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL 15:117db924cf7c 4256
wolfSSL 15:117db924cf7c 4257 static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data,
wolfSSL 15:117db924cf7c 4258 int isRequest)
wolfSSL 15:117db924cf7c 4259 {
wolfSSL 15:117db924cf7c 4260 byte length = OPAQUE8_LEN; /* empty info length */
wolfSSL 15:117db924cf7c 4261
wolfSSL 15:117db924cf7c 4262 /* data will be NULL for HAVE_SERVER_RENEGOTIATION_INFO only */
wolfSSL 15:117db924cf7c 4263 if (data && data->enabled) {
wolfSSL 15:117db924cf7c 4264 /* client sends client_verify_data only */
wolfSSL 15:117db924cf7c 4265 length += TLS_FINISHED_SZ;
wolfSSL 15:117db924cf7c 4266
wolfSSL 15:117db924cf7c 4267 /* server also sends server_verify_data */
wolfSSL 15:117db924cf7c 4268 if (!isRequest)
wolfSSL 15:117db924cf7c 4269 length += TLS_FINISHED_SZ;
wolfSSL 15:117db924cf7c 4270 }
wolfSSL 15:117db924cf7c 4271
wolfSSL 15:117db924cf7c 4272 return length;
wolfSSL 15:117db924cf7c 4273 }
wolfSSL 15:117db924cf7c 4274
wolfSSL 15:117db924cf7c 4275 static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data,
wolfSSL 15:117db924cf7c 4276 byte* output, int isRequest)
wolfSSL 15:117db924cf7c 4277 {
wolfSSL 15:117db924cf7c 4278 word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */
wolfSSL 15:117db924cf7c 4279
wolfSSL 15:117db924cf7c 4280 if (data && data->enabled) {
wolfSSL 15:117db924cf7c 4281 /* client sends client_verify_data only */
wolfSSL 15:117db924cf7c 4282 XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ);
wolfSSL 15:117db924cf7c 4283 offset += TLS_FINISHED_SZ;
wolfSSL 15:117db924cf7c 4284
wolfSSL 15:117db924cf7c 4285 /* server also sends server_verify_data */
wolfSSL 15:117db924cf7c 4286 if (!isRequest) {
wolfSSL 15:117db924cf7c 4287 XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ);
wolfSSL 15:117db924cf7c 4288 offset += TLS_FINISHED_SZ;
wolfSSL 15:117db924cf7c 4289 }
wolfSSL 15:117db924cf7c 4290 }
wolfSSL 15:117db924cf7c 4291
wolfSSL 15:117db924cf7c 4292 output[0] = (byte)(offset - 1); /* info length - self */
wolfSSL 15:117db924cf7c 4293
wolfSSL 15:117db924cf7c 4294 return offset;
wolfSSL 15:117db924cf7c 4295 }
wolfSSL 15:117db924cf7c 4296
wolfSSL 15:117db924cf7c 4297 static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
wolfSSL 15:117db924cf7c 4298 word16 length, byte isRequest)
wolfSSL 15:117db924cf7c 4299 {
wolfSSL 15:117db924cf7c 4300 int ret = SECURE_RENEGOTIATION_E;
wolfSSL 15:117db924cf7c 4301
wolfSSL 15:117db924cf7c 4302 if (length >= OPAQUE8_LEN) {
wolfSSL 15:117db924cf7c 4303 if (ssl->secure_renegotiation == NULL) {
wolfSSL 15:117db924cf7c 4304 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 4305 if (isRequest && *input == 0) {
wolfSSL 15:117db924cf7c 4306 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 15:117db924cf7c 4307 if (length == OPAQUE8_LEN) {
wolfSSL 15:117db924cf7c 4308 if (TLSX_Find(ssl->extensions,
wolfSSL 15:117db924cf7c 4309 TLSX_RENEGOTIATION_INFO) == NULL) {
wolfSSL 15:117db924cf7c 4310 ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions,
wolfSSL 15:117db924cf7c 4311 ssl->heap);
wolfSSL 15:117db924cf7c 4312 if (ret == WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 4313 ret = 0;
wolfSSL 15:117db924cf7c 4314
wolfSSL 15:117db924cf7c 4315 } else {
wolfSSL 15:117db924cf7c 4316 ret = 0;
wolfSSL 15:117db924cf7c 4317 }
wolfSSL 15:117db924cf7c 4318 }
wolfSSL 15:117db924cf7c 4319 #else
wolfSSL 15:117db924cf7c 4320 ret = 0; /* don't reply, user didn't enable */
wolfSSL 15:117db924cf7c 4321 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL 15:117db924cf7c 4322 }
wolfSSL 15:117db924cf7c 4323 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 15:117db924cf7c 4324 else if (!isRequest) {
wolfSSL 15:117db924cf7c 4325 /* don't do anything on client side */
wolfSSL 15:117db924cf7c 4326 ret = 0;
wolfSSL 15:117db924cf7c 4327 }
wolfSSL 15:117db924cf7c 4328 #endif
wolfSSL 15:117db924cf7c 4329 #endif
wolfSSL 15:117db924cf7c 4330 }
wolfSSL 15:117db924cf7c 4331 else if (isRequest) {
wolfSSL 15:117db924cf7c 4332 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 4333 if (*input == TLS_FINISHED_SZ) {
wolfSSL 15:117db924cf7c 4334 /* TODO compare client_verify_data */
wolfSSL 15:117db924cf7c 4335 ret = 0;
wolfSSL 15:117db924cf7c 4336 }
wolfSSL 15:117db924cf7c 4337 #endif
wolfSSL 15:117db924cf7c 4338 }
wolfSSL 15:117db924cf7c 4339 else {
wolfSSL 15:117db924cf7c 4340 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 4341 if (!ssl->secure_renegotiation->enabled) {
wolfSSL 15:117db924cf7c 4342 if (*input == 0) {
wolfSSL 15:117db924cf7c 4343 ssl->secure_renegotiation->enabled = 1;
wolfSSL 15:117db924cf7c 4344 ret = 0;
wolfSSL 15:117db924cf7c 4345 }
wolfSSL 15:117db924cf7c 4346 }
wolfSSL 15:117db924cf7c 4347 else if (*input == 2 * TLS_FINISHED_SZ &&
wolfSSL 15:117db924cf7c 4348 length == 2 * TLS_FINISHED_SZ + OPAQUE8_LEN) {
wolfSSL 15:117db924cf7c 4349 input++; /* get past size */
wolfSSL 15:117db924cf7c 4350
wolfSSL 15:117db924cf7c 4351 /* validate client and server verify data */
wolfSSL 15:117db924cf7c 4352 if (XMEMCMP(input,
wolfSSL 15:117db924cf7c 4353 ssl->secure_renegotiation->client_verify_data,
wolfSSL 15:117db924cf7c 4354 TLS_FINISHED_SZ) == 0 &&
wolfSSL 15:117db924cf7c 4355 XMEMCMP(input + TLS_FINISHED_SZ,
wolfSSL 15:117db924cf7c 4356 ssl->secure_renegotiation->server_verify_data,
wolfSSL 15:117db924cf7c 4357 TLS_FINISHED_SZ) == 0) {
wolfSSL 15:117db924cf7c 4358 WOLFSSL_MSG("SCR client and server verify data match");
wolfSSL 15:117db924cf7c 4359 ret = 0; /* verified */
wolfSSL 15:117db924cf7c 4360 } else {
wolfSSL 15:117db924cf7c 4361 /* already in error state */
wolfSSL 15:117db924cf7c 4362 WOLFSSL_MSG("SCR client and server verify data Failure");
wolfSSL 15:117db924cf7c 4363 }
wolfSSL 15:117db924cf7c 4364 }
wolfSSL 15:117db924cf7c 4365 #endif
wolfSSL 15:117db924cf7c 4366 }
wolfSSL 15:117db924cf7c 4367 }
wolfSSL 15:117db924cf7c 4368
wolfSSL 15:117db924cf7c 4369 if (ret != 0) {
wolfSSL 15:117db924cf7c 4370 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 15:117db924cf7c 4371 }
wolfSSL 15:117db924cf7c 4372
wolfSSL 15:117db924cf7c 4373 return ret;
wolfSSL 15:117db924cf7c 4374 }
wolfSSL 15:117db924cf7c 4375
wolfSSL 15:117db924cf7c 4376 int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap)
wolfSSL 15:117db924cf7c 4377 {
wolfSSL 15:117db924cf7c 4378 int ret = 0;
wolfSSL 15:117db924cf7c 4379 SecureRenegotiation* data = NULL;
wolfSSL 15:117db924cf7c 4380
wolfSSL 15:117db924cf7c 4381 data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), heap,
wolfSSL 15:117db924cf7c 4382 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4383 if (data == NULL)
wolfSSL 15:117db924cf7c 4384 return MEMORY_E;
wolfSSL 15:117db924cf7c 4385
wolfSSL 15:117db924cf7c 4386 XMEMSET(data, 0, sizeof(SecureRenegotiation));
wolfSSL 15:117db924cf7c 4387
wolfSSL 15:117db924cf7c 4388 ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data, heap);
wolfSSL 15:117db924cf7c 4389 if (ret != 0) {
wolfSSL 15:117db924cf7c 4390 XFREE(data, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4391 return ret;
wolfSSL 15:117db924cf7c 4392 }
wolfSSL 15:117db924cf7c 4393
wolfSSL 15:117db924cf7c 4394 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 4395 }
wolfSSL 15:117db924cf7c 4396
wolfSSL 15:117db924cf7c 4397 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 15:117db924cf7c 4398
wolfSSL 15:117db924cf7c 4399 int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap)
wolfSSL 15:117db924cf7c 4400 {
wolfSSL 15:117db924cf7c 4401 int ret;
wolfSSL 15:117db924cf7c 4402
wolfSSL 15:117db924cf7c 4403 ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, NULL, heap);
wolfSSL 15:117db924cf7c 4404 if (ret != 0)
wolfSSL 15:117db924cf7c 4405 return ret;
wolfSSL 15:117db924cf7c 4406
wolfSSL 15:117db924cf7c 4407 /* send empty renegotiation_info extension */
wolfSSL 15:117db924cf7c 4408 TLSX* ext = TLSX_Find(*extensions, TLSX_RENEGOTIATION_INFO);
wolfSSL 15:117db924cf7c 4409 if (ext)
wolfSSL 15:117db924cf7c 4410 ext->resp = 1;
wolfSSL 15:117db924cf7c 4411
wolfSSL 15:117db924cf7c 4412 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 4413 }
wolfSSL 15:117db924cf7c 4414
wolfSSL 15:117db924cf7c 4415 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL 15:117db924cf7c 4416
wolfSSL 15:117db924cf7c 4417
wolfSSL 15:117db924cf7c 4418 #define SCR_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX)
wolfSSL 15:117db924cf7c 4419 #define SCR_GET_SIZE TLSX_SecureRenegotiation_GetSize
wolfSSL 15:117db924cf7c 4420 #define SCR_WRITE TLSX_SecureRenegotiation_Write
wolfSSL 15:117db924cf7c 4421 #define SCR_PARSE TLSX_SecureRenegotiation_Parse
wolfSSL 15:117db924cf7c 4422
wolfSSL 15:117db924cf7c 4423 #else
wolfSSL 15:117db924cf7c 4424
wolfSSL 15:117db924cf7c 4425 #define SCR_FREE_ALL(a, heap)
wolfSSL 15:117db924cf7c 4426 #define SCR_GET_SIZE(a, b) 0
wolfSSL 15:117db924cf7c 4427 #define SCR_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 4428 #define SCR_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 4429
wolfSSL 15:117db924cf7c 4430 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 15:117db924cf7c 4431
wolfSSL 15:117db924cf7c 4432 /******************************************************************************/
wolfSSL 15:117db924cf7c 4433 /* Session Tickets */
wolfSSL 15:117db924cf7c 4434 /******************************************************************************/
wolfSSL 15:117db924cf7c 4435
wolfSSL 15:117db924cf7c 4436 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 4437
wolfSSL 15:117db924cf7c 4438 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
wolfSSL 15:117db924cf7c 4439 static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 4440 {
wolfSSL 15:117db924cf7c 4441 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET);
wolfSSL 15:117db924cf7c 4442 SessionTicket* ticket = extension ?
wolfSSL 15:117db924cf7c 4443 (SessionTicket*)extension->data : NULL;
wolfSSL 15:117db924cf7c 4444
wolfSSL 15:117db924cf7c 4445 if (ticket) {
wolfSSL 15:117db924cf7c 4446 /* TODO validate ticket timeout here! */
wolfSSL 15:117db924cf7c 4447 if (ticket->lifetime == 0xfffffff) {
wolfSSL 15:117db924cf7c 4448 /* send empty ticket on timeout */
wolfSSL 15:117db924cf7c 4449 TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 4450 }
wolfSSL 15:117db924cf7c 4451 }
wolfSSL 15:117db924cf7c 4452 }
wolfSSL 15:117db924cf7c 4453 #endif /* WLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 4454
wolfSSL 15:117db924cf7c 4455
wolfSSL 15:117db924cf7c 4456 static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
wolfSSL 15:117db924cf7c 4457 {
wolfSSL 15:117db924cf7c 4458 (void)isRequest;
wolfSSL 15:117db924cf7c 4459 return ticket ? ticket->size : 0;
wolfSSL 15:117db924cf7c 4460 }
wolfSSL 15:117db924cf7c 4461
wolfSSL 15:117db924cf7c 4462 static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
wolfSSL 15:117db924cf7c 4463 int isRequest)
wolfSSL 15:117db924cf7c 4464 {
wolfSSL 15:117db924cf7c 4465 word16 offset = 0; /* empty ticket */
wolfSSL 15:117db924cf7c 4466
wolfSSL 15:117db924cf7c 4467 if (isRequest && ticket) {
wolfSSL 15:117db924cf7c 4468 XMEMCPY(output + offset, ticket->data, ticket->size);
wolfSSL 15:117db924cf7c 4469 offset += ticket->size;
wolfSSL 15:117db924cf7c 4470 }
wolfSSL 15:117db924cf7c 4471
wolfSSL 15:117db924cf7c 4472 return offset;
wolfSSL 15:117db924cf7c 4473 }
wolfSSL 15:117db924cf7c 4474
wolfSSL 15:117db924cf7c 4475
wolfSSL 15:117db924cf7c 4476 static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 4477 byte isRequest)
wolfSSL 15:117db924cf7c 4478 {
wolfSSL 15:117db924cf7c 4479 int ret = 0;
wolfSSL 15:117db924cf7c 4480
wolfSSL 15:117db924cf7c 4481 (void) input; /* avoid unused parameter if NO_WOLFSSL_SERVER defined */
wolfSSL 15:117db924cf7c 4482
wolfSSL 15:117db924cf7c 4483 if (!isRequest) {
wolfSSL 15:117db924cf7c 4484 if (TLSX_CheckUnsupportedExtension(ssl, TLSX_SESSION_TICKET))
wolfSSL 15:117db924cf7c 4485 return TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 4486
wolfSSL 15:117db924cf7c 4487 if (length != 0)
wolfSSL 15:117db924cf7c 4488 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 4489
wolfSSL 15:117db924cf7c 4490 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 4491 ssl->expect_session_ticket = 1;
wolfSSL 15:117db924cf7c 4492 #endif
wolfSSL 15:117db924cf7c 4493 }
wolfSSL 15:117db924cf7c 4494 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 4495 else {
wolfSSL 15:117db924cf7c 4496 /* server side */
wolfSSL 15:117db924cf7c 4497 if (ssl->ctx->ticketEncCb == NULL) {
wolfSSL 15:117db924cf7c 4498 WOLFSSL_MSG("Client sent session ticket, server has no callback");
wolfSSL 15:117db924cf7c 4499 return 0;
wolfSSL 15:117db924cf7c 4500 }
wolfSSL 15:117db924cf7c 4501
wolfSSL 15:117db924cf7c 4502 if (length == 0) {
wolfSSL 15:117db924cf7c 4503 /* blank ticket */
wolfSSL 15:117db924cf7c 4504 ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 4505 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 4506 ret = 0;
wolfSSL 15:117db924cf7c 4507 TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); /* send blank ticket */
wolfSSL 15:117db924cf7c 4508 ssl->options.createTicket = 1; /* will send ticket msg */
wolfSSL 15:117db924cf7c 4509 ssl->options.useTicket = 1;
wolfSSL 15:117db924cf7c 4510 ssl->options.resuming = 0; /* no standard resumption */
wolfSSL 15:117db924cf7c 4511 ssl->arrays->sessionIDSz = 0; /* no echo on blank ticket */
wolfSSL 15:117db924cf7c 4512 }
wolfSSL 15:117db924cf7c 4513 } else {
wolfSSL 15:117db924cf7c 4514 /* got actual ticket from client */
wolfSSL 15:117db924cf7c 4515 ret = DoClientTicket(ssl, input, length);
wolfSSL 15:117db924cf7c 4516 if (ret == WOLFSSL_TICKET_RET_OK) { /* use ticket to resume */
wolfSSL 15:117db924cf7c 4517 WOLFSSL_MSG("Using exisitng client ticket");
wolfSSL 15:117db924cf7c 4518 ssl->options.useTicket = 1;
wolfSSL 15:117db924cf7c 4519 ssl->options.resuming = 1;
wolfSSL 15:117db924cf7c 4520 } else if (ret == WOLFSSL_TICKET_RET_CREATE) {
wolfSSL 15:117db924cf7c 4521 WOLFSSL_MSG("Using existing client ticket, creating new one");
wolfSSL 15:117db924cf7c 4522 ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 4523 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 4524 ret = 0;
wolfSSL 15:117db924cf7c 4525 TLSX_SetResponse(ssl, TLSX_SESSION_TICKET);
wolfSSL 15:117db924cf7c 4526 /* send blank ticket */
wolfSSL 15:117db924cf7c 4527 ssl->options.createTicket = 1; /* will send ticket msg */
wolfSSL 15:117db924cf7c 4528 ssl->options.useTicket = 1;
wolfSSL 15:117db924cf7c 4529 ssl->options.resuming = 1;
wolfSSL 15:117db924cf7c 4530 }
wolfSSL 15:117db924cf7c 4531 } else if (ret == WOLFSSL_TICKET_RET_REJECT) {
wolfSSL 15:117db924cf7c 4532 WOLFSSL_MSG("Process client ticket rejected, not using");
wolfSSL 15:117db924cf7c 4533 ssl->options.rejectTicket = 1;
wolfSSL 15:117db924cf7c 4534 ret = 0; /* not fatal */
wolfSSL 15:117db924cf7c 4535 } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) {
wolfSSL 15:117db924cf7c 4536 WOLFSSL_MSG("Process client ticket fatal error, not using");
wolfSSL 15:117db924cf7c 4537 }
wolfSSL 15:117db924cf7c 4538 }
wolfSSL 15:117db924cf7c 4539 }
wolfSSL 15:117db924cf7c 4540 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 4541
wolfSSL 15:117db924cf7c 4542 return ret;
wolfSSL 15:117db924cf7c 4543 }
wolfSSL 15:117db924cf7c 4544
wolfSSL 15:117db924cf7c 4545 WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
wolfSSL 15:117db924cf7c 4546 byte* data, word16 size, void* heap)
wolfSSL 15:117db924cf7c 4547 {
wolfSSL 15:117db924cf7c 4548 SessionTicket* ticket = (SessionTicket*)XMALLOC(sizeof(SessionTicket),
wolfSSL 15:117db924cf7c 4549 heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4550 if (ticket) {
wolfSSL 15:117db924cf7c 4551 ticket->data = (byte*)XMALLOC(size, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4552 if (ticket->data == NULL) {
wolfSSL 15:117db924cf7c 4553 XFREE(ticket, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4554 return NULL;
wolfSSL 15:117db924cf7c 4555 }
wolfSSL 15:117db924cf7c 4556
wolfSSL 15:117db924cf7c 4557 XMEMCPY(ticket->data, data, size);
wolfSSL 15:117db924cf7c 4558 ticket->size = size;
wolfSSL 15:117db924cf7c 4559 ticket->lifetime = lifetime;
wolfSSL 15:117db924cf7c 4560 }
wolfSSL 15:117db924cf7c 4561
wolfSSL 15:117db924cf7c 4562 return ticket;
wolfSSL 15:117db924cf7c 4563 }
wolfSSL 15:117db924cf7c 4564 WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap)
wolfSSL 15:117db924cf7c 4565 {
wolfSSL 15:117db924cf7c 4566 if (ticket) {
wolfSSL 15:117db924cf7c 4567 XFREE(ticket->data, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4568 XFREE(ticket, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4569 }
wolfSSL 15:117db924cf7c 4570
wolfSSL 15:117db924cf7c 4571 (void)heap;
wolfSSL 15:117db924cf7c 4572 }
wolfSSL 15:117db924cf7c 4573
wolfSSL 15:117db924cf7c 4574 int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket, void* heap)
wolfSSL 15:117db924cf7c 4575 {
wolfSSL 15:117db924cf7c 4576 int ret = 0;
wolfSSL 15:117db924cf7c 4577
wolfSSL 15:117db924cf7c 4578 if (extensions == NULL)
wolfSSL 15:117db924cf7c 4579 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 4580
wolfSSL 15:117db924cf7c 4581 /* If the ticket is NULL, the client will request a new ticket from the
wolfSSL 15:117db924cf7c 4582 server. Otherwise, the client will use it in the next client hello. */
wolfSSL 15:117db924cf7c 4583 if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket, heap))
wolfSSL 15:117db924cf7c 4584 != 0)
wolfSSL 15:117db924cf7c 4585 return ret;
wolfSSL 15:117db924cf7c 4586
wolfSSL 15:117db924cf7c 4587 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 4588 }
wolfSSL 15:117db924cf7c 4589
wolfSSL 15:117db924cf7c 4590 #define WOLF_STK_VALIDATE_REQUEST TLSX_SessionTicket_ValidateRequest
wolfSSL 15:117db924cf7c 4591 #define WOLF_STK_GET_SIZE TLSX_SessionTicket_GetSize
wolfSSL 15:117db924cf7c 4592 #define WOLF_STK_WRITE TLSX_SessionTicket_Write
wolfSSL 15:117db924cf7c 4593 #define WOLF_STK_PARSE TLSX_SessionTicket_Parse
wolfSSL 15:117db924cf7c 4594 #define WOLF_STK_FREE(stk, heap) TLSX_SessionTicket_Free((SessionTicket*)stk,(heap))
wolfSSL 15:117db924cf7c 4595
wolfSSL 15:117db924cf7c 4596 #else
wolfSSL 15:117db924cf7c 4597
wolfSSL 15:117db924cf7c 4598 #define WOLF_STK_FREE(a, b)
wolfSSL 15:117db924cf7c 4599 #define WOLF_STK_VALIDATE_REQUEST(a)
wolfSSL 15:117db924cf7c 4600 #define WOLF_STK_GET_SIZE(a, b) 0
wolfSSL 15:117db924cf7c 4601 #define WOLF_STK_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 4602 #define WOLF_STK_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 4603
wolfSSL 15:117db924cf7c 4604 #endif /* HAVE_SESSION_TICKET */
wolfSSL 15:117db924cf7c 4605
wolfSSL 15:117db924cf7c 4606 /******************************************************************************/
wolfSSL 15:117db924cf7c 4607 /* Quantum-Safe-Hybrid */
wolfSSL 15:117db924cf7c 4608 /******************************************************************************/
wolfSSL 15:117db924cf7c 4609
wolfSSL 15:117db924cf7c 4610 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 4611 #if defined(HAVE_NTRU)
wolfSSL 15:117db924cf7c 4612 static WC_RNG* gRng;
wolfSSL 15:117db924cf7c 4613 static wolfSSL_Mutex* gRngMutex;
wolfSSL 15:117db924cf7c 4614 #endif
wolfSSL 15:117db924cf7c 4615
wolfSSL 15:117db924cf7c 4616 static void TLSX_QSH_FreeAll(QSHScheme* list, void* heap)
wolfSSL 15:117db924cf7c 4617 {
wolfSSL 15:117db924cf7c 4618 QSHScheme* current;
wolfSSL 15:117db924cf7c 4619
wolfSSL 15:117db924cf7c 4620 while ((current = list)) {
wolfSSL 15:117db924cf7c 4621 list = current->next;
wolfSSL 15:117db924cf7c 4622 XFREE(current, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4623 }
wolfSSL 15:117db924cf7c 4624
wolfSSL 15:117db924cf7c 4625 (void)heap;
wolfSSL 15:117db924cf7c 4626 }
wolfSSL 15:117db924cf7c 4627
wolfSSL 15:117db924cf7c 4628 static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub,
wolfSSL 15:117db924cf7c 4629 word16 pubLen)
wolfSSL 15:117db924cf7c 4630 {
wolfSSL 15:117db924cf7c 4631 QSHScheme* temp;
wolfSSL 15:117db924cf7c 4632
wolfSSL 15:117db924cf7c 4633 if (list == NULL)
wolfSSL 15:117db924cf7c 4634 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 4635
wolfSSL 15:117db924cf7c 4636 if ((temp = (QSHScheme*)XMALLOC(sizeof(QSHScheme), NULL,
wolfSSL 15:117db924cf7c 4637 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 15:117db924cf7c 4638 return MEMORY_E;
wolfSSL 15:117db924cf7c 4639
wolfSSL 15:117db924cf7c 4640 temp->name = name;
wolfSSL 15:117db924cf7c 4641 temp->PK = pub;
wolfSSL 15:117db924cf7c 4642 temp->PKLen = pubLen;
wolfSSL 15:117db924cf7c 4643 temp->next = *list;
wolfSSL 15:117db924cf7c 4644
wolfSSL 15:117db924cf7c 4645 *list = temp;
wolfSSL 15:117db924cf7c 4646
wolfSSL 15:117db924cf7c 4647 return 0;
wolfSSL 15:117db924cf7c 4648 }
wolfSSL 15:117db924cf7c 4649
wolfSSL 15:117db924cf7c 4650
wolfSSL 15:117db924cf7c 4651 /* request for server's public key : 02 indicates 0-2 requested */
wolfSSL 15:117db924cf7c 4652 static byte TLSX_QSH_SerPKReq(byte* output, byte isRequest)
wolfSSL 15:117db924cf7c 4653 {
wolfSSL 15:117db924cf7c 4654 if (isRequest) {
wolfSSL 15:117db924cf7c 4655 /* only request one public key from the server */
wolfSSL 15:117db924cf7c 4656 output[0] = 0x01;
wolfSSL 15:117db924cf7c 4657
wolfSSL 15:117db924cf7c 4658 return OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 4659 }
wolfSSL 15:117db924cf7c 4660 else {
wolfSSL 15:117db924cf7c 4661 return 0;
wolfSSL 15:117db924cf7c 4662 }
wolfSSL 15:117db924cf7c 4663 }
wolfSSL 15:117db924cf7c 4664
wolfSSL 15:117db924cf7c 4665 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 4666
wolfSSL 15:117db924cf7c 4667 /* check for TLS_QSH suite */
wolfSSL 15:117db924cf7c 4668 static void TLSX_QSH_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
wolfSSL 15:117db924cf7c 4669 {
wolfSSL 15:117db924cf7c 4670 int i;
wolfSSL 15:117db924cf7c 4671
wolfSSL 15:117db924cf7c 4672 for (i = 0; i < ssl->suites->suiteSz; i+= 2)
wolfSSL 15:117db924cf7c 4673 if (ssl->suites->suites[i] == QSH_BYTE)
wolfSSL 15:117db924cf7c 4674 return;
wolfSSL 15:117db924cf7c 4675
wolfSSL 15:117db924cf7c 4676 /* No QSH suite found */
wolfSSL 15:117db924cf7c 4677 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_QUANTUM_SAFE_HYBRID));
wolfSSL 15:117db924cf7c 4678 }
wolfSSL 15:117db924cf7c 4679
wolfSSL 15:117db924cf7c 4680
wolfSSL 15:117db924cf7c 4681 /* return the size of the QSH hello extension
wolfSSL 15:117db924cf7c 4682 list the list of QSHScheme structs containing id and key
wolfSSL 15:117db924cf7c 4683 isRequest if 1 then is being sent to the server
wolfSSL 15:117db924cf7c 4684 */
wolfSSL 15:117db924cf7c 4685 word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest)
wolfSSL 15:117db924cf7c 4686 {
wolfSSL 15:117db924cf7c 4687 QSHScheme* temp = list;
wolfSSL 15:117db924cf7c 4688 word16 length = 0;
wolfSSL 15:117db924cf7c 4689
wolfSSL 15:117db924cf7c 4690 /* account for size of scheme list and public key list */
wolfSSL 15:117db924cf7c 4691 if (isRequest)
wolfSSL 15:117db924cf7c 4692 length = OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4693 length += OPAQUE24_LEN;
wolfSSL 15:117db924cf7c 4694
wolfSSL 15:117db924cf7c 4695 /* for each non null element in list add size */
wolfSSL 15:117db924cf7c 4696 while ((temp)) {
wolfSSL 15:117db924cf7c 4697 /* add public key info Scheme | Key Length | Key */
wolfSSL 15:117db924cf7c 4698 length += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4699 length += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4700 length += temp->PKLen;
wolfSSL 15:117db924cf7c 4701
wolfSSL 15:117db924cf7c 4702 /* if client add name size for scheme list
wolfSSL 15:117db924cf7c 4703 advance to next QSHScheme struct in list */
wolfSSL 15:117db924cf7c 4704 if (isRequest)
wolfSSL 15:117db924cf7c 4705 length += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4706 temp = temp->next;
wolfSSL 15:117db924cf7c 4707 }
wolfSSL 15:117db924cf7c 4708
wolfSSL 15:117db924cf7c 4709 /* add length for request server public keys */
wolfSSL 15:117db924cf7c 4710 if (isRequest)
wolfSSL 15:117db924cf7c 4711 length += OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 4712
wolfSSL 15:117db924cf7c 4713 return length;
wolfSSL 15:117db924cf7c 4714 }
wolfSSL 15:117db924cf7c 4715
wolfSSL 15:117db924cf7c 4716
wolfSSL 15:117db924cf7c 4717 /* write out a list of QSHScheme IDs */
wolfSSL 15:117db924cf7c 4718 static word16 TLSX_QSH_Write(QSHScheme* list, byte* output)
wolfSSL 15:117db924cf7c 4719 {
wolfSSL 15:117db924cf7c 4720 QSHScheme* current = list;
wolfSSL 15:117db924cf7c 4721 word16 length = 0;
wolfSSL 15:117db924cf7c 4722
wolfSSL 15:117db924cf7c 4723 length += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4724
wolfSSL 15:117db924cf7c 4725 while (current) {
wolfSSL 15:117db924cf7c 4726 c16toa(current->name, output + length);
wolfSSL 15:117db924cf7c 4727 length += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4728 current = (QSHScheme*)current->next;
wolfSSL 15:117db924cf7c 4729 }
wolfSSL 15:117db924cf7c 4730
wolfSSL 15:117db924cf7c 4731 c16toa(length - OPAQUE16_LEN, output); /* writing list length */
wolfSSL 15:117db924cf7c 4732
wolfSSL 15:117db924cf7c 4733 return length;
wolfSSL 15:117db924cf7c 4734 }
wolfSSL 15:117db924cf7c 4735
wolfSSL 15:117db924cf7c 4736
wolfSSL 15:117db924cf7c 4737 /* write public key list in extension */
wolfSSL 15:117db924cf7c 4738 static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output);
wolfSSL 15:117db924cf7c 4739 static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output)
wolfSSL 15:117db924cf7c 4740 {
wolfSSL 15:117db924cf7c 4741 word32 offset = 0;
wolfSSL 15:117db924cf7c 4742 word16 public_len = 0;
wolfSSL 15:117db924cf7c 4743
wolfSSL 15:117db924cf7c 4744 if (!format)
wolfSSL 15:117db924cf7c 4745 return offset;
wolfSSL 15:117db924cf7c 4746
wolfSSL 15:117db924cf7c 4747 /* write scheme ID */
wolfSSL 15:117db924cf7c 4748 c16toa(format->name, output + offset);
wolfSSL 15:117db924cf7c 4749 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4750
wolfSSL 15:117db924cf7c 4751 /* write public key matching scheme */
wolfSSL 15:117db924cf7c 4752 public_len = format->PKLen;
wolfSSL 15:117db924cf7c 4753 c16toa(public_len, output + offset);
wolfSSL 15:117db924cf7c 4754 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4755 if (format->PK) {
wolfSSL 15:117db924cf7c 4756 XMEMCPY(output+offset, format->PK, public_len);
wolfSSL 15:117db924cf7c 4757 }
wolfSSL 15:117db924cf7c 4758
wolfSSL 15:117db924cf7c 4759 return public_len + offset;
wolfSSL 15:117db924cf7c 4760 }
wolfSSL 15:117db924cf7c 4761
wolfSSL 15:117db924cf7c 4762 word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output)
wolfSSL 15:117db924cf7c 4763 {
wolfSSL 15:117db924cf7c 4764 QSHScheme* current = list;
wolfSSL 15:117db924cf7c 4765 word32 length = 0;
wolfSSL 15:117db924cf7c 4766 word24 toWire;
wolfSSL 15:117db924cf7c 4767
wolfSSL 15:117db924cf7c 4768 length += OPAQUE24_LEN;
wolfSSL 15:117db924cf7c 4769
wolfSSL 15:117db924cf7c 4770 while (current) {
wolfSSL 15:117db924cf7c 4771 length += TLSX_QSHPK_WriteR(current, output + length);
wolfSSL 15:117db924cf7c 4772 current = (QSHScheme*)current->next;
wolfSSL 15:117db924cf7c 4773 }
wolfSSL 15:117db924cf7c 4774 /* length of public keys sent */
wolfSSL 15:117db924cf7c 4775 c32to24(length - OPAQUE24_LEN, toWire);
wolfSSL 15:117db924cf7c 4776 output[0] = toWire[0];
wolfSSL 15:117db924cf7c 4777 output[1] = toWire[1];
wolfSSL 15:117db924cf7c 4778 output[2] = toWire[2];
wolfSSL 15:117db924cf7c 4779
wolfSSL 15:117db924cf7c 4780 return length;
wolfSSL 15:117db924cf7c 4781 }
wolfSSL 15:117db924cf7c 4782
wolfSSL 15:117db924cf7c 4783 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 4784 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 4785
wolfSSL 15:117db924cf7c 4786 static void TLSX_QSHAgreement(TLSX** extensions, void* heap)
wolfSSL 15:117db924cf7c 4787 {
wolfSSL 15:117db924cf7c 4788 TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 15:117db924cf7c 4789 QSHScheme* format = NULL;
wolfSSL 15:117db924cf7c 4790 QSHScheme* del = NULL;
wolfSSL 15:117db924cf7c 4791 QSHScheme* prev = NULL;
wolfSSL 15:117db924cf7c 4792
wolfSSL 15:117db924cf7c 4793 if (extension == NULL)
wolfSSL 15:117db924cf7c 4794 return;
wolfSSL 15:117db924cf7c 4795
wolfSSL 15:117db924cf7c 4796 format = (QSHScheme*)extension->data;
wolfSSL 15:117db924cf7c 4797 while (format) {
wolfSSL 15:117db924cf7c 4798 if (format->PKLen == 0) {
wolfSSL 15:117db924cf7c 4799 /* case of head */
wolfSSL 15:117db924cf7c 4800 if (format == extension->data) {
wolfSSL 15:117db924cf7c 4801 extension->data = format->next;
wolfSSL 15:117db924cf7c 4802 }
wolfSSL 15:117db924cf7c 4803 if (prev)
wolfSSL 15:117db924cf7c 4804 prev->next = format->next;
wolfSSL 15:117db924cf7c 4805 del = format;
wolfSSL 15:117db924cf7c 4806 format = format->next;
wolfSSL 15:117db924cf7c 4807 XFREE(del, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 4808 del = NULL;
wolfSSL 15:117db924cf7c 4809 } else {
wolfSSL 15:117db924cf7c 4810 prev = format;
wolfSSL 15:117db924cf7c 4811 format = format->next;
wolfSSL 15:117db924cf7c 4812 }
wolfSSL 15:117db924cf7c 4813 }
wolfSSL 15:117db924cf7c 4814
wolfSSL 15:117db924cf7c 4815 (void)heap;
wolfSSL 15:117db924cf7c 4816 }
wolfSSL 15:117db924cf7c 4817
wolfSSL 15:117db924cf7c 4818
wolfSSL 15:117db924cf7c 4819 /* Parse in hello extension
wolfSSL 15:117db924cf7c 4820 input the byte stream to process
wolfSSL 15:117db924cf7c 4821 length length of total extension found
wolfSSL 15:117db924cf7c 4822 isRequest set to 1 if being sent to the server
wolfSSL 15:117db924cf7c 4823 */
wolfSSL 15:117db924cf7c 4824 static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 4825 byte isRequest)
wolfSSL 15:117db924cf7c 4826 {
wolfSSL 15:117db924cf7c 4827 byte numKeys = 0;
wolfSSL 15:117db924cf7c 4828 word16 offset = 0;
wolfSSL 15:117db924cf7c 4829 word16 schemSz = 0;
wolfSSL 15:117db924cf7c 4830 word16 offset_len = 0;
wolfSSL 15:117db924cf7c 4831 word32 offset_pk = 0;
wolfSSL 15:117db924cf7c 4832 word16 name = 0;
wolfSSL 15:117db924cf7c 4833 word16 PKLen = 0;
wolfSSL 15:117db924cf7c 4834 byte* PK = NULL;
wolfSSL 15:117db924cf7c 4835 int r;
wolfSSL 15:117db924cf7c 4836
wolfSSL 15:117db924cf7c 4837
wolfSSL 15:117db924cf7c 4838 if (OPAQUE16_LEN > length)
wolfSSL 15:117db924cf7c 4839 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 4840
wolfSSL 15:117db924cf7c 4841 if (isRequest) {
wolfSSL 15:117db924cf7c 4842 ato16(input, &schemSz);
wolfSSL 15:117db924cf7c 4843
wolfSSL 15:117db924cf7c 4844 /* list of public keys available for QSH schemes */
wolfSSL 15:117db924cf7c 4845 offset_len = schemSz + OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4846 }
wolfSSL 15:117db924cf7c 4847
wolfSSL 15:117db924cf7c 4848 offset_pk = ((input[offset_len] << 16) & 0xFF00000) |
wolfSSL 15:117db924cf7c 4849 (((input[offset_len + 1]) << 8) & 0xFF00) |
wolfSSL 15:117db924cf7c 4850 (input[offset_len + 2] & 0xFF);
wolfSSL 15:117db924cf7c 4851 offset_len += OPAQUE24_LEN;
wolfSSL 15:117db924cf7c 4852
wolfSSL 15:117db924cf7c 4853 /* check buffer size */
wolfSSL 15:117db924cf7c 4854 if (offset_pk > length)
wolfSSL 15:117db924cf7c 4855 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 4856
wolfSSL 15:117db924cf7c 4857 /* set maximum number of keys the client will accept */
wolfSSL 15:117db924cf7c 4858 if (!isRequest)
wolfSSL 15:117db924cf7c 4859 numKeys = (ssl->maxRequest < 1)? 1 : ssl->maxRequest;
wolfSSL 15:117db924cf7c 4860
wolfSSL 15:117db924cf7c 4861 /* hello extension read list of scheme ids */
wolfSSL 15:117db924cf7c 4862 if (isRequest) {
wolfSSL 15:117db924cf7c 4863
wolfSSL 15:117db924cf7c 4864 /* read in request for public keys */
wolfSSL 15:117db924cf7c 4865 ssl->minRequest = (input[length -1] >> 4) & 0xFF;
wolfSSL 15:117db924cf7c 4866 ssl->maxRequest = input[length -1] & 0x0F;
wolfSSL 15:117db924cf7c 4867
wolfSSL 15:117db924cf7c 4868 /* choose the min between min requested by client and 1 */
wolfSSL 15:117db924cf7c 4869 numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
wolfSSL 15:117db924cf7c 4870
wolfSSL 15:117db924cf7c 4871 if (ssl->minRequest > ssl->maxRequest)
wolfSSL 15:117db924cf7c 4872 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 4873
wolfSSL 15:117db924cf7c 4874 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4875 schemSz += offset;
wolfSSL 15:117db924cf7c 4876
wolfSSL 15:117db924cf7c 4877 /* check buffer size */
wolfSSL 15:117db924cf7c 4878 if (schemSz > length)
wolfSSL 15:117db924cf7c 4879 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 4880
wolfSSL 15:117db924cf7c 4881 while ((offset < schemSz) && numKeys) {
wolfSSL 15:117db924cf7c 4882 /* Scheme ID list */
wolfSSL 15:117db924cf7c 4883 ato16(input + offset, &name);
wolfSSL 15:117db924cf7c 4884 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4885
wolfSSL 15:117db924cf7c 4886 /* validate we have scheme id */
wolfSSL 15:117db924cf7c 4887 if (ssl->user_set_QSHSchemes &&
wolfSSL 15:117db924cf7c 4888 !TLSX_ValidateQSHScheme(&ssl->extensions, name)) {
wolfSSL 15:117db924cf7c 4889 continue;
wolfSSL 15:117db924cf7c 4890 }
wolfSSL 15:117db924cf7c 4891
wolfSSL 15:117db924cf7c 4892 /* server create keys on demand */
wolfSSL 15:117db924cf7c 4893 if ((r = TLSX_CreateNtruKey(ssl, name)) != 0) {
wolfSSL 15:117db924cf7c 4894 WOLFSSL_MSG("Error creating ntru keys");
wolfSSL 15:117db924cf7c 4895 return r;
wolfSSL 15:117db924cf7c 4896 }
wolfSSL 15:117db924cf7c 4897
wolfSSL 15:117db924cf7c 4898 /* peer sent an agreed upon scheme */
wolfSSL 15:117db924cf7c 4899 r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap);
wolfSSL 15:117db924cf7c 4900
wolfSSL 15:117db924cf7c 4901 if (r != WOLFSSL_SUCCESS) return r; /* throw error */
wolfSSL 15:117db924cf7c 4902
wolfSSL 15:117db924cf7c 4903 numKeys--;
wolfSSL 15:117db924cf7c 4904 }
wolfSSL 15:117db924cf7c 4905
wolfSSL 15:117db924cf7c 4906 /* choose the min between min requested by client and 1 */
wolfSSL 15:117db924cf7c 4907 numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
wolfSSL 15:117db924cf7c 4908 }
wolfSSL 15:117db924cf7c 4909
wolfSSL 15:117db924cf7c 4910 /* QSHPK struct */
wolfSSL 15:117db924cf7c 4911 offset_pk += offset_len;
wolfSSL 15:117db924cf7c 4912 while ((offset_len < offset_pk) && numKeys) {
wolfSSL 15:117db924cf7c 4913 QSHKey * temp;
wolfSSL 15:117db924cf7c 4914
wolfSSL 15:117db924cf7c 4915 if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap,
wolfSSL 15:117db924cf7c 4916 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 15:117db924cf7c 4917 return MEMORY_E;
wolfSSL 15:117db924cf7c 4918
wolfSSL 15:117db924cf7c 4919 /* initialize */
wolfSSL 15:117db924cf7c 4920 temp->next = NULL;
wolfSSL 15:117db924cf7c 4921 temp->pub.buffer = NULL;
wolfSSL 15:117db924cf7c 4922 temp->pub.length = 0;
wolfSSL 15:117db924cf7c 4923 temp->pri.buffer = NULL;
wolfSSL 15:117db924cf7c 4924 temp->pri.length = 0;
wolfSSL 15:117db924cf7c 4925
wolfSSL 15:117db924cf7c 4926 /* scheme id */
wolfSSL 15:117db924cf7c 4927 ato16(input + offset_len, &(temp->name));
wolfSSL 15:117db924cf7c 4928 offset_len += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4929
wolfSSL 15:117db924cf7c 4930 /* public key length */
wolfSSL 15:117db924cf7c 4931 ato16(input + offset_len, &PKLen);
wolfSSL 15:117db924cf7c 4932 temp->pub.length = PKLen;
wolfSSL 15:117db924cf7c 4933 offset_len += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4934
wolfSSL 15:117db924cf7c 4935
wolfSSL 15:117db924cf7c 4936 if (isRequest) {
wolfSSL 15:117db924cf7c 4937 /* validate we have scheme id */
wolfSSL 15:117db924cf7c 4938 if (ssl->user_set_QSHSchemes &&
wolfSSL 15:117db924cf7c 4939 (!TLSX_ValidateQSHScheme(&ssl->extensions, temp->name))) {
wolfSSL 15:117db924cf7c 4940 offset_len += PKLen;
wolfSSL 15:117db924cf7c 4941 XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4942 continue;
wolfSSL 15:117db924cf7c 4943 }
wolfSSL 15:117db924cf7c 4944 }
wolfSSL 15:117db924cf7c 4945
wolfSSL 15:117db924cf7c 4946 /* read in public key */
wolfSSL 15:117db924cf7c 4947 if (PKLen > 0) {
wolfSSL 15:117db924cf7c 4948 temp->pub.buffer = (byte*)XMALLOC(temp->pub.length,
wolfSSL 15:117db924cf7c 4949 ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 4950 XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length);
wolfSSL 15:117db924cf7c 4951 offset_len += PKLen;
wolfSSL 15:117db924cf7c 4952 }
wolfSSL 15:117db924cf7c 4953 else {
wolfSSL 15:117db924cf7c 4954 PK = NULL;
wolfSSL 15:117db924cf7c 4955 }
wolfSSL 15:117db924cf7c 4956
wolfSSL 15:117db924cf7c 4957 /* use own key when adding to extensions list for sending reply */
wolfSSL 15:117db924cf7c 4958 PKLen = 0;
wolfSSL 15:117db924cf7c 4959 PK = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &PKLen, temp->name);
wolfSSL 15:117db924cf7c 4960 r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen,
wolfSSL 15:117db924cf7c 4961 ssl->heap);
wolfSSL 15:117db924cf7c 4962
wolfSSL 15:117db924cf7c 4963 /* store peers key */
wolfSSL 15:117db924cf7c 4964 ssl->peerQSHKeyPresent = 1;
wolfSSL 15:117db924cf7c 4965 if (TLSX_AddQSHKey(&ssl->peerQSHKey, temp) != 0)
wolfSSL 15:117db924cf7c 4966 return MEMORY_E;
wolfSSL 15:117db924cf7c 4967
wolfSSL 15:117db924cf7c 4968 if (temp->pub.length == 0) {
wolfSSL 15:117db924cf7c 4969 XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4970 }
wolfSSL 15:117db924cf7c 4971
wolfSSL 15:117db924cf7c 4972 if (r != WOLFSSL_SUCCESS) {return r;} /* throw error */
wolfSSL 15:117db924cf7c 4973
wolfSSL 15:117db924cf7c 4974 numKeys--;
wolfSSL 15:117db924cf7c 4975 }
wolfSSL 15:117db924cf7c 4976
wolfSSL 15:117db924cf7c 4977 /* reply to a QSH extension sent from client */
wolfSSL 15:117db924cf7c 4978 if (isRequest) {
wolfSSL 15:117db924cf7c 4979 TLSX_SetResponse(ssl, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 15:117db924cf7c 4980 /* only use schemes we have key generated for -- free the rest */
wolfSSL 15:117db924cf7c 4981 TLSX_QSHAgreement(&ssl->extensions, ssl->heap);
wolfSSL 15:117db924cf7c 4982 }
wolfSSL 15:117db924cf7c 4983
wolfSSL 15:117db924cf7c 4984 return 0;
wolfSSL 15:117db924cf7c 4985 }
wolfSSL 15:117db924cf7c 4986
wolfSSL 15:117db924cf7c 4987
wolfSSL 15:117db924cf7c 4988 /* Used for parsing in QSHCipher structs on Key Exchange */
wolfSSL 15:117db924cf7c 4989 int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length,
wolfSSL 15:117db924cf7c 4990 byte isServer)
wolfSSL 15:117db924cf7c 4991 {
wolfSSL 15:117db924cf7c 4992 QSHKey* key;
wolfSSL 15:117db924cf7c 4993 word16 Max_Secret_Len = 48;
wolfSSL 15:117db924cf7c 4994 word16 offset = 0;
wolfSSL 15:117db924cf7c 4995 word16 offset_len = 0;
wolfSSL 15:117db924cf7c 4996 word32 offset_pk = 0;
wolfSSL 15:117db924cf7c 4997 word16 name = 0;
wolfSSL 15:117db924cf7c 4998 word16 secretLen = 0;
wolfSSL 15:117db924cf7c 4999 byte* secret = NULL;
wolfSSL 15:117db924cf7c 5000 word16 buffLen = 0;
wolfSSL 15:117db924cf7c 5001 byte buff[145]; /* size enough for 3 secrets */
wolfSSL 15:117db924cf7c 5002 buffer* buf;
wolfSSL 15:117db924cf7c 5003
wolfSSL 15:117db924cf7c 5004 /* pointer to location where secret should be stored */
wolfSSL 15:117db924cf7c 5005 if (isServer) {
wolfSSL 15:117db924cf7c 5006 buf = ssl->QSH_secret->CliSi;
wolfSSL 15:117db924cf7c 5007 }
wolfSSL 15:117db924cf7c 5008 else {
wolfSSL 15:117db924cf7c 5009 buf = ssl->QSH_secret->SerSi;
wolfSSL 15:117db924cf7c 5010 }
wolfSSL 15:117db924cf7c 5011
wolfSSL 15:117db924cf7c 5012 offset_pk = ((input[offset_len] << 16) & 0xFF0000) |
wolfSSL 15:117db924cf7c 5013 (((input[offset_len + 1]) << 8) & 0xFF00) |
wolfSSL 15:117db924cf7c 5014 (input[offset_len + 2] & 0xFF);
wolfSSL 15:117db924cf7c 5015 offset_len += OPAQUE24_LEN;
wolfSSL 15:117db924cf7c 5016
wolfSSL 15:117db924cf7c 5017 /* validating extension list length -- check if trying to read over edge
wolfSSL 15:117db924cf7c 5018 of buffer */
wolfSSL 15:117db924cf7c 5019 if (length < (offset_pk + OPAQUE24_LEN)) {
wolfSSL 15:117db924cf7c 5020 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5021 }
wolfSSL 15:117db924cf7c 5022
wolfSSL 15:117db924cf7c 5023 /* QSHCipherList struct */
wolfSSL 15:117db924cf7c 5024 offset_pk += offset_len;
wolfSSL 15:117db924cf7c 5025 while (offset_len < offset_pk) {
wolfSSL 15:117db924cf7c 5026
wolfSSL 15:117db924cf7c 5027 /* scheme id */
wolfSSL 15:117db924cf7c 5028 ato16(input + offset_len, &name);
wolfSSL 15:117db924cf7c 5029 offset_len += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5030
wolfSSL 15:117db924cf7c 5031 /* public key length */
wolfSSL 15:117db924cf7c 5032 ato16(input + offset_len, &secretLen);
wolfSSL 15:117db924cf7c 5033 offset_len += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5034
wolfSSL 15:117db924cf7c 5035 /* read in public key */
wolfSSL 15:117db924cf7c 5036 if (secretLen > 0) {
wolfSSL 15:117db924cf7c 5037 secret = (byte*)(input + offset_len);
wolfSSL 15:117db924cf7c 5038 offset_len += secretLen;
wolfSSL 15:117db924cf7c 5039 }
wolfSSL 15:117db924cf7c 5040 else {
wolfSSL 15:117db924cf7c 5041 secret = NULL;
wolfSSL 15:117db924cf7c 5042 }
wolfSSL 15:117db924cf7c 5043
wolfSSL 15:117db924cf7c 5044 /* no secret sent */
wolfSSL 15:117db924cf7c 5045 if (secret == NULL)
wolfSSL 15:117db924cf7c 5046 continue;
wolfSSL 15:117db924cf7c 5047
wolfSSL 15:117db924cf7c 5048 /* find corresponding key */
wolfSSL 15:117db924cf7c 5049 key = ssl->QSH_Key;
wolfSSL 15:117db924cf7c 5050 while (key) {
wolfSSL 15:117db924cf7c 5051 if (key->name == name)
wolfSSL 15:117db924cf7c 5052 break;
wolfSSL 15:117db924cf7c 5053 else
wolfSSL 15:117db924cf7c 5054 key = (QSHKey*)key->next;
wolfSSL 15:117db924cf7c 5055 }
wolfSSL 15:117db924cf7c 5056
wolfSSL 15:117db924cf7c 5057 /* if we do not have the key than there was a big issue negotiation */
wolfSSL 15:117db924cf7c 5058 if (key == NULL) {
wolfSSL 15:117db924cf7c 5059 WOLFSSL_MSG("key was null for decryption!!!\n");
wolfSSL 15:117db924cf7c 5060 return MEMORY_E;
wolfSSL 15:117db924cf7c 5061 }
wolfSSL 15:117db924cf7c 5062
wolfSSL 15:117db924cf7c 5063 /* Decrypt sent secret */
wolfSSL 15:117db924cf7c 5064 buffLen = Max_Secret_Len;
wolfSSL 15:117db924cf7c 5065 QSH_Decrypt(key, secret, secretLen, buff + offset, &buffLen);
wolfSSL 15:117db924cf7c 5066 offset += buffLen;
wolfSSL 15:117db924cf7c 5067 }
wolfSSL 15:117db924cf7c 5068
wolfSSL 15:117db924cf7c 5069 /* allocate memory for buffer */
wolfSSL 15:117db924cf7c 5070 buf->length = offset;
wolfSSL 15:117db924cf7c 5071 buf->buffer = (byte*)XMALLOC(offset, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 5072 if (buf->buffer == NULL)
wolfSSL 15:117db924cf7c 5073 return MEMORY_E;
wolfSSL 15:117db924cf7c 5074
wolfSSL 15:117db924cf7c 5075 /* store secrets */
wolfSSL 15:117db924cf7c 5076 XMEMCPY(buf->buffer, buff, offset);
wolfSSL 15:117db924cf7c 5077 ForceZero(buff, offset);
wolfSSL 15:117db924cf7c 5078
wolfSSL 15:117db924cf7c 5079 return offset_len;
wolfSSL 15:117db924cf7c 5080 }
wolfSSL 15:117db924cf7c 5081
wolfSSL 15:117db924cf7c 5082
wolfSSL 15:117db924cf7c 5083 /* return 1 on success */
wolfSSL 15:117db924cf7c 5084 int TLSX_ValidateQSHScheme(TLSX** extensions, word16 theirs) {
wolfSSL 15:117db924cf7c 5085 TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 15:117db924cf7c 5086 QSHScheme* format = NULL;
wolfSSL 15:117db924cf7c 5087
wolfSSL 15:117db924cf7c 5088 /* if no extension is sent then do not use QSH */
wolfSSL 15:117db924cf7c 5089 if (!extension) {
wolfSSL 15:117db924cf7c 5090 WOLFSSL_MSG("No QSH Extension");
wolfSSL 15:117db924cf7c 5091 return 0;
wolfSSL 15:117db924cf7c 5092 }
wolfSSL 15:117db924cf7c 5093
wolfSSL 15:117db924cf7c 5094 for (format = (QSHScheme*)extension->data; format; format = format->next) {
wolfSSL 15:117db924cf7c 5095 if (format->name == theirs) {
wolfSSL 15:117db924cf7c 5096 WOLFSSL_MSG("Found Matching QSH Scheme");
wolfSSL 15:117db924cf7c 5097 return 1; /* have QSH */
wolfSSL 15:117db924cf7c 5098 }
wolfSSL 15:117db924cf7c 5099 }
wolfSSL 15:117db924cf7c 5100
wolfSSL 15:117db924cf7c 5101 return 0;
wolfSSL 15:117db924cf7c 5102 }
wolfSSL 15:117db924cf7c 5103 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 5104
wolfSSL 15:117db924cf7c 5105 /* test if the QSH Scheme is implemented
wolfSSL 15:117db924cf7c 5106 return 1 if yes 0 if no */
wolfSSL 15:117db924cf7c 5107 static int TLSX_HaveQSHScheme(word16 name)
wolfSSL 15:117db924cf7c 5108 {
wolfSSL 15:117db924cf7c 5109 switch(name) {
wolfSSL 15:117db924cf7c 5110 #ifdef HAVE_NTRU
wolfSSL 15:117db924cf7c 5111 case WOLFSSL_NTRU_EESS439:
wolfSSL 15:117db924cf7c 5112 case WOLFSSL_NTRU_EESS593:
wolfSSL 15:117db924cf7c 5113 case WOLFSSL_NTRU_EESS743:
wolfSSL 15:117db924cf7c 5114 return 1;
wolfSSL 15:117db924cf7c 5115 #endif
wolfSSL 15:117db924cf7c 5116 case WOLFSSL_LWE_XXX:
wolfSSL 15:117db924cf7c 5117 case WOLFSSL_HFE_XXX:
wolfSSL 15:117db924cf7c 5118 return 0; /* not supported yet */
wolfSSL 15:117db924cf7c 5119
wolfSSL 15:117db924cf7c 5120 default:
wolfSSL 15:117db924cf7c 5121 return 0;
wolfSSL 15:117db924cf7c 5122 }
wolfSSL 15:117db924cf7c 5123 }
wolfSSL 15:117db924cf7c 5124
wolfSSL 15:117db924cf7c 5125
wolfSSL 15:117db924cf7c 5126 /* Add a QSHScheme struct to list of usable ones */
wolfSSL 15:117db924cf7c 5127 int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz,
wolfSSL 15:117db924cf7c 5128 void* heap)
wolfSSL 15:117db924cf7c 5129 {
wolfSSL 15:117db924cf7c 5130 TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 15:117db924cf7c 5131 QSHScheme* format = NULL;
wolfSSL 15:117db924cf7c 5132 int ret = 0;
wolfSSL 15:117db924cf7c 5133
wolfSSL 15:117db924cf7c 5134 /* sanity check */
wolfSSL 15:117db924cf7c 5135 if (extensions == NULL || (pKey == NULL && pkeySz != 0))
wolfSSL 15:117db924cf7c 5136 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5137
wolfSSL 15:117db924cf7c 5138 /* if scheme is implemented than add */
wolfSSL 15:117db924cf7c 5139 if (TLSX_HaveQSHScheme(name)) {
wolfSSL 15:117db924cf7c 5140 if ((ret = TLSX_QSH_Append(&format, name, pKey, pkeySz)) != 0)
wolfSSL 15:117db924cf7c 5141 return ret;
wolfSSL 15:117db924cf7c 5142
wolfSSL 15:117db924cf7c 5143 if (!extension) {
wolfSSL 15:117db924cf7c 5144 if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format,
wolfSSL 15:117db924cf7c 5145 heap)) != 0) {
wolfSSL 15:117db924cf7c 5146 XFREE(format, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5147 return ret;
wolfSSL 15:117db924cf7c 5148 }
wolfSSL 15:117db924cf7c 5149 }
wolfSSL 15:117db924cf7c 5150 else {
wolfSSL 15:117db924cf7c 5151 /* push new QSH object to extension data. */
wolfSSL 15:117db924cf7c 5152 format->next = (QSHScheme*)extension->data;
wolfSSL 15:117db924cf7c 5153 extension->data = (void*)format;
wolfSSL 15:117db924cf7c 5154
wolfSSL 15:117db924cf7c 5155 /* look for another format of the same name to remove (replacement) */
wolfSSL 15:117db924cf7c 5156 do {
wolfSSL 15:117db924cf7c 5157 if (format->next && (format->next->name == name)) {
wolfSSL 15:117db924cf7c 5158 QSHScheme* next = format->next;
wolfSSL 15:117db924cf7c 5159
wolfSSL 15:117db924cf7c 5160 format->next = next->next;
wolfSSL 15:117db924cf7c 5161 XFREE(next, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5162
wolfSSL 15:117db924cf7c 5163 break;
wolfSSL 15:117db924cf7c 5164 }
wolfSSL 15:117db924cf7c 5165 } while ((format = format->next));
wolfSSL 15:117db924cf7c 5166 }
wolfSSL 15:117db924cf7c 5167 }
wolfSSL 15:117db924cf7c 5168 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 5169 }
wolfSSL 15:117db924cf7c 5170
wolfSSL 15:117db924cf7c 5171 #define QSH_FREE_ALL TLSX_QSH_FreeAll
wolfSSL 15:117db924cf7c 5172 #define QSH_VALIDATE_REQUEST TLSX_QSH_ValidateRequest
wolfSSL 15:117db924cf7c 5173
wolfSSL 15:117db924cf7c 5174 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 5175 #define QSH_GET_SIZE TLSX_QSH_GetSize
wolfSSL 15:117db924cf7c 5176 #define QSH_WRITE TLSX_QSH_Write
wolfSSL 15:117db924cf7c 5177 #else
wolfSSL 15:117db924cf7c 5178 #define QSH_GET_SIZE(list) 0
wolfSSL 15:117db924cf7c 5179 #define QSH_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 5180 #endif
wolfSSL 15:117db924cf7c 5181
wolfSSL 15:117db924cf7c 5182 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 5183 #define QSH_PARSE TLSX_QSH_Parse
wolfSSL 15:117db924cf7c 5184 #else
wolfSSL 15:117db924cf7c 5185 #define QSH_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 5186 #endif
wolfSSL 15:117db924cf7c 5187
wolfSSL 15:117db924cf7c 5188 #define QSHPK_WRITE TLSX_QSHPK_Write
wolfSSL 15:117db924cf7c 5189 #define QSH_SERREQ TLSX_QSH_SerPKReq
wolfSSL 15:117db924cf7c 5190 #else
wolfSSL 15:117db924cf7c 5191
wolfSSL 15:117db924cf7c 5192 #define QSH_FREE_ALL(list, heap)
wolfSSL 15:117db924cf7c 5193 #define QSH_GET_SIZE(list, a) 0
wolfSSL 15:117db924cf7c 5194 #define QSH_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 5195 #define QSH_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 5196 #define QSHPK_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 5197 #define QSH_SERREQ(a, b) 0
wolfSSL 15:117db924cf7c 5198 #define QSH_VALIDATE_REQUEST(a, b)
wolfSSL 15:117db924cf7c 5199
wolfSSL 15:117db924cf7c 5200 #endif /* HAVE_QSH */
wolfSSL 15:117db924cf7c 5201
wolfSSL 15:117db924cf7c 5202 /******************************************************************************/
wolfSSL 15:117db924cf7c 5203 /* Supported Versions */
wolfSSL 15:117db924cf7c 5204 /******************************************************************************/
wolfSSL 15:117db924cf7c 5205
wolfSSL 15:117db924cf7c 5206 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 5207 /* Return the size of the SupportedVersions extension's data.
wolfSSL 15:117db924cf7c 5208 *
wolfSSL 15:117db924cf7c 5209 * data The SSL/TLS object.
wolfSSL 15:117db924cf7c 5210 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 5211 * returns the length of data that will be in the extension.
wolfSSL 15:117db924cf7c 5212 */
wolfSSL 15:117db924cf7c 5213 static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
wolfSSL 15:117db924cf7c 5214 {
wolfSSL 15:117db924cf7c 5215 WOLFSSL* ssl = (WOLFSSL*)data;
wolfSSL 15:117db924cf7c 5216
wolfSSL 15:117db924cf7c 5217 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 5218 /* TLS v1.2 and TLS v1.3 */
wolfSSL 15:117db924cf7c 5219 int cnt = 2;
wolfSSL 15:117db924cf7c 5220
wolfSSL 15:117db924cf7c 5221 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 5222 /* TLS v1.1 */
wolfSSL 15:117db924cf7c 5223 cnt++;
wolfSSL 15:117db924cf7c 5224 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 15:117db924cf7c 5225 /* TLS v1.0 */
wolfSSL 15:117db924cf7c 5226 cnt++;
wolfSSL 15:117db924cf7c 5227 #endif
wolfSSL 15:117db924cf7c 5228 #endif
wolfSSL 15:117db924cf7c 5229
wolfSSL 15:117db924cf7c 5230 if (!ssl->options.downgrade)
wolfSSL 15:117db924cf7c 5231 cnt = 1;
wolfSSL 15:117db924cf7c 5232
wolfSSL 15:117db924cf7c 5233 *pSz += (word16)(OPAQUE8_LEN + cnt * OPAQUE16_LEN);
wolfSSL 15:117db924cf7c 5234 }
wolfSSL 15:117db924cf7c 5235 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 5236 else if (msgType == server_hello || msgType == hello_retry_request)
wolfSSL 15:117db924cf7c 5237 *pSz += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5238 #endif
wolfSSL 15:117db924cf7c 5239 else
wolfSSL 15:117db924cf7c 5240 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 5241
wolfSSL 15:117db924cf7c 5242 return 0;
wolfSSL 15:117db924cf7c 5243 }
wolfSSL 15:117db924cf7c 5244
wolfSSL 15:117db924cf7c 5245 /* Writes the SupportedVersions extension into the buffer.
wolfSSL 15:117db924cf7c 5246 *
wolfSSL 15:117db924cf7c 5247 * data The SSL/TLS object.
wolfSSL 15:117db924cf7c 5248 * output The buffer to write the extension into.
wolfSSL 15:117db924cf7c 5249 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 5250 * returns the length of data that was written.
wolfSSL 15:117db924cf7c 5251 */
wolfSSL 15:117db924cf7c 5252 static int TLSX_SupportedVersions_Write(void* data, byte* output,
wolfSSL 15:117db924cf7c 5253 byte msgType, word16* pSz)
wolfSSL 15:117db924cf7c 5254 {
wolfSSL 15:117db924cf7c 5255 WOLFSSL* ssl = (WOLFSSL*)data;
wolfSSL 15:117db924cf7c 5256 ProtocolVersion pv;
wolfSSL 15:117db924cf7c 5257 int i;
wolfSSL 15:117db924cf7c 5258 int cnt;
wolfSSL 15:117db924cf7c 5259
wolfSSL 15:117db924cf7c 5260 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 5261 pv = ssl->ctx->method->version;
wolfSSL 15:117db924cf7c 5262 /* TLS v1.2 and TLS v1.3 */
wolfSSL 15:117db924cf7c 5263 cnt = 2;
wolfSSL 15:117db924cf7c 5264
wolfSSL 15:117db924cf7c 5265 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 5266 /* TLS v1.1 */
wolfSSL 15:117db924cf7c 5267 cnt++;
wolfSSL 15:117db924cf7c 5268 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 15:117db924cf7c 5269 /* TLS v1.0 */
wolfSSL 15:117db924cf7c 5270 cnt++;
wolfSSL 15:117db924cf7c 5271 #endif
wolfSSL 15:117db924cf7c 5272 #endif
wolfSSL 15:117db924cf7c 5273
wolfSSL 15:117db924cf7c 5274 if (!ssl->options.downgrade)
wolfSSL 15:117db924cf7c 5275 cnt = 1;
wolfSSL 15:117db924cf7c 5276
wolfSSL 15:117db924cf7c 5277 *(output++) = (byte)(cnt * OPAQUE16_LEN);
wolfSSL 15:117db924cf7c 5278 for (i = 0; i < cnt; i++) {
wolfSSL 15:117db924cf7c 5279 #ifndef WOLFSSL_TLS13_FINAL
wolfSSL 15:117db924cf7c 5280 /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
wolfSSL 15:117db924cf7c 5281 if (pv.minor - i == TLSv1_3_MINOR) {
wolfSSL 15:117db924cf7c 5282 /* The TLS draft major number. */
wolfSSL 15:117db924cf7c 5283 *(output++) = TLS_DRAFT_MAJOR;
wolfSSL 15:117db924cf7c 5284 /* Version of draft supported. */
wolfSSL 15:117db924cf7c 5285 *(output++) = TLS_DRAFT_MINOR;
wolfSSL 15:117db924cf7c 5286 continue;
wolfSSL 15:117db924cf7c 5287 }
wolfSSL 15:117db924cf7c 5288 #endif
wolfSSL 15:117db924cf7c 5289
wolfSSL 15:117db924cf7c 5290 *(output++) = pv.major;
wolfSSL 15:117db924cf7c 5291 *(output++) = (byte)(pv.minor - i);
wolfSSL 15:117db924cf7c 5292 }
wolfSSL 15:117db924cf7c 5293
wolfSSL 15:117db924cf7c 5294 *pSz += (word16)(OPAQUE8_LEN + cnt * OPAQUE16_LEN);
wolfSSL 15:117db924cf7c 5295 }
wolfSSL 15:117db924cf7c 5296 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 5297 else if (msgType == server_hello || msgType == hello_retry_request) {
wolfSSL 15:117db924cf7c 5298 #ifndef WOLFSSL_TLS13_FINAL
wolfSSL 15:117db924cf7c 5299 if (ssl->version.major == SSLv3_MAJOR &&
wolfSSL 15:117db924cf7c 5300 ssl->version.minor == TLSv1_3_MINOR) {
wolfSSL 15:117db924cf7c 5301 output[0] = TLS_DRAFT_MAJOR;
wolfSSL 15:117db924cf7c 5302 output[1] = TLS_DRAFT_MINOR;
wolfSSL 15:117db924cf7c 5303 }
wolfSSL 15:117db924cf7c 5304 else
wolfSSL 15:117db924cf7c 5305 #endif
wolfSSL 15:117db924cf7c 5306 {
wolfSSL 15:117db924cf7c 5307 output[0] = ssl->version.major;
wolfSSL 15:117db924cf7c 5308 output[1] = ssl->version.minor;
wolfSSL 15:117db924cf7c 5309 }
wolfSSL 15:117db924cf7c 5310
wolfSSL 15:117db924cf7c 5311 *pSz += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5312 }
wolfSSL 15:117db924cf7c 5313 #endif
wolfSSL 15:117db924cf7c 5314 else
wolfSSL 15:117db924cf7c 5315 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 5316
wolfSSL 15:117db924cf7c 5317 return 0;
wolfSSL 15:117db924cf7c 5318 }
wolfSSL 15:117db924cf7c 5319
wolfSSL 15:117db924cf7c 5320 /* Parse the SupportedVersions extension.
wolfSSL 15:117db924cf7c 5321 *
wolfSSL 15:117db924cf7c 5322 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 5323 * input The buffer with the extension data.
wolfSSL 15:117db924cf7c 5324 * length The length of the extension data.
wolfSSL 15:117db924cf7c 5325 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 5326 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 5327 */
wolfSSL 15:117db924cf7c 5328 static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input,
wolfSSL 15:117db924cf7c 5329 word16 length, byte msgType)
wolfSSL 15:117db924cf7c 5330 {
wolfSSL 15:117db924cf7c 5331 ProtocolVersion pv = ssl->ctx->method->version;
wolfSSL 15:117db924cf7c 5332 int i;
wolfSSL 15:117db924cf7c 5333 int len;
wolfSSL 15:117db924cf7c 5334 byte major, minor;
wolfSSL 15:117db924cf7c 5335 int newMinor = 0;
wolfSSL 15:117db924cf7c 5336
wolfSSL 15:117db924cf7c 5337 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 5338 /* Must contain a length and at least one version. */
wolfSSL 15:117db924cf7c 5339 if (length < OPAQUE8_LEN + OPAQUE16_LEN || (length & 1) != 1)
wolfSSL 15:117db924cf7c 5340 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5341
wolfSSL 15:117db924cf7c 5342 len = *input;
wolfSSL 15:117db924cf7c 5343
wolfSSL 15:117db924cf7c 5344 /* Protocol version array must fill rest of data. */
wolfSSL 15:117db924cf7c 5345 if (length != OPAQUE8_LEN + len)
wolfSSL 15:117db924cf7c 5346 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5347
wolfSSL 15:117db924cf7c 5348 input++;
wolfSSL 15:117db924cf7c 5349
wolfSSL 15:117db924cf7c 5350 /* Find first match. */
wolfSSL 15:117db924cf7c 5351 for (i = 0; i < len; i += OPAQUE16_LEN) {
wolfSSL 15:117db924cf7c 5352 major = input[i];
wolfSSL 15:117db924cf7c 5353 minor = input[i + OPAQUE8_LEN];
wolfSSL 15:117db924cf7c 5354
wolfSSL 15:117db924cf7c 5355 #ifndef WOLFSSL_TLS13_FINAL
wolfSSL 15:117db924cf7c 5356 /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
wolfSSL 15:117db924cf7c 5357 if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) {
wolfSSL 15:117db924cf7c 5358 major = SSLv3_MAJOR;
wolfSSL 15:117db924cf7c 5359 minor = TLSv1_3_MINOR;
wolfSSL 15:117db924cf7c 5360 }
wolfSSL 15:117db924cf7c 5361 #endif
wolfSSL 15:117db924cf7c 5362
wolfSSL 15:117db924cf7c 5363 if (major != pv.major)
wolfSSL 15:117db924cf7c 5364 continue;
wolfSSL 15:117db924cf7c 5365
wolfSSL 15:117db924cf7c 5366 /* No upgrade allowed. */
wolfSSL 15:117db924cf7c 5367 if (minor > ssl->version.minor)
wolfSSL 15:117db924cf7c 5368 continue;
wolfSSL 15:117db924cf7c 5369 /* Check downgrade. */
wolfSSL 15:117db924cf7c 5370 if (minor < ssl->version.minor) {
wolfSSL 15:117db924cf7c 5371 if (!ssl->options.downgrade)
wolfSSL 15:117db924cf7c 5372 continue;
wolfSSL 15:117db924cf7c 5373
wolfSSL 15:117db924cf7c 5374 if (minor < ssl->options.minDowngrade)
wolfSSL 15:117db924cf7c 5375 continue;
wolfSSL 15:117db924cf7c 5376
wolfSSL 15:117db924cf7c 5377 if (newMinor == 0 && minor > ssl->options.oldMinor) {
wolfSSL 15:117db924cf7c 5378 /* Downgrade the version. */
wolfSSL 15:117db924cf7c 5379 ssl->version.minor = minor;
wolfSSL 15:117db924cf7c 5380 }
wolfSSL 15:117db924cf7c 5381 }
wolfSSL 15:117db924cf7c 5382
wolfSSL 15:117db924cf7c 5383 if (minor >= TLSv1_3_MINOR) {
wolfSSL 15:117db924cf7c 5384 if (!ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 5385 ssl->options.tls1_3 = 1;
wolfSSL 15:117db924cf7c 5386 TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl,
wolfSSL 15:117db924cf7c 5387 ssl->heap);
wolfSSL 15:117db924cf7c 5388 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 5389 TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS);
wolfSSL 15:117db924cf7c 5390 #endif
wolfSSL 15:117db924cf7c 5391 }
wolfSSL 15:117db924cf7c 5392 if (minor > newMinor) {
wolfSSL 15:117db924cf7c 5393 ssl->version.minor = minor;
wolfSSL 15:117db924cf7c 5394 newMinor = minor;
wolfSSL 15:117db924cf7c 5395 }
wolfSSL 15:117db924cf7c 5396 }
wolfSSL 15:117db924cf7c 5397 else if (minor > ssl->options.oldMinor)
wolfSSL 15:117db924cf7c 5398 ssl->options.oldMinor = minor;
wolfSSL 15:117db924cf7c 5399 }
wolfSSL 15:117db924cf7c 5400 }
wolfSSL 15:117db924cf7c 5401 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 5402 else if (msgType == server_hello || msgType == hello_retry_request) {
wolfSSL 15:117db924cf7c 5403 /* Must contain one version. */
wolfSSL 15:117db924cf7c 5404 if (length != OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 5405 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5406
wolfSSL 15:117db924cf7c 5407 major = input[0];
wolfSSL 15:117db924cf7c 5408 minor = input[OPAQUE8_LEN];
wolfSSL 15:117db924cf7c 5409
wolfSSL 15:117db924cf7c 5410 #ifndef WOLFSSL_TLS13_FINAL
wolfSSL 15:117db924cf7c 5411 /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
wolfSSL 15:117db924cf7c 5412 if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) {
wolfSSL 15:117db924cf7c 5413 major = SSLv3_MAJOR;
wolfSSL 15:117db924cf7c 5414 minor = TLSv1_3_MINOR;
wolfSSL 15:117db924cf7c 5415 }
wolfSSL 15:117db924cf7c 5416 #endif
wolfSSL 15:117db924cf7c 5417
wolfSSL 15:117db924cf7c 5418 if (major != pv.major)
wolfSSL 15:117db924cf7c 5419 return VERSION_ERROR;
wolfSSL 15:117db924cf7c 5420
wolfSSL 15:117db924cf7c 5421 /* Can't downgrade with this extension below TLS v1.3. */
wolfSSL 15:117db924cf7c 5422 if (minor < TLSv1_3_MINOR)
wolfSSL 15:117db924cf7c 5423 return VERSION_ERROR;
wolfSSL 15:117db924cf7c 5424
wolfSSL 15:117db924cf7c 5425 /* Version is TLS v1.2 to handle downgrading from TLS v1.3+. */
wolfSSL 15:117db924cf7c 5426 if (ssl->options.downgrade && ssl->version.minor == TLSv1_2_MINOR) {
wolfSSL 15:117db924cf7c 5427 /* Set minor version back to TLS v1.3+ */
wolfSSL 15:117db924cf7c 5428 ssl->version.minor = ssl->ctx->method->version.minor;
wolfSSL 15:117db924cf7c 5429 }
wolfSSL 15:117db924cf7c 5430
wolfSSL 15:117db924cf7c 5431 /* No upgrade allowed. */
wolfSSL 15:117db924cf7c 5432 if (ssl->version.minor < minor)
wolfSSL 15:117db924cf7c 5433 return VERSION_ERROR;
wolfSSL 15:117db924cf7c 5434
wolfSSL 15:117db924cf7c 5435 /* Check downgrade. */
wolfSSL 15:117db924cf7c 5436 if (ssl->version.minor > minor) {
wolfSSL 15:117db924cf7c 5437 if (!ssl->options.downgrade)
wolfSSL 15:117db924cf7c 5438 return VERSION_ERROR;
wolfSSL 15:117db924cf7c 5439
wolfSSL 15:117db924cf7c 5440 if (minor < ssl->options.minDowngrade)
wolfSSL 15:117db924cf7c 5441 return VERSION_ERROR;
wolfSSL 15:117db924cf7c 5442
wolfSSL 15:117db924cf7c 5443 /* Downgrade the version. */
wolfSSL 15:117db924cf7c 5444 ssl->version.minor = minor;
wolfSSL 15:117db924cf7c 5445 }
wolfSSL 15:117db924cf7c 5446 }
wolfSSL 15:117db924cf7c 5447 #endif
wolfSSL 15:117db924cf7c 5448 else
wolfSSL 15:117db924cf7c 5449 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 5450
wolfSSL 15:117db924cf7c 5451 return 0;
wolfSSL 15:117db924cf7c 5452 }
wolfSSL 15:117db924cf7c 5453
wolfSSL 15:117db924cf7c 5454 /* Sets a new SupportedVersions extension into the extension list.
wolfSSL 15:117db924cf7c 5455 *
wolfSSL 15:117db924cf7c 5456 * extensions The list of extensions.
wolfSSL 15:117db924cf7c 5457 * data The extensions specific data.
wolfSSL 15:117db924cf7c 5458 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 5459 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 5460 */
wolfSSL 15:117db924cf7c 5461 static int TLSX_SetSupportedVersions(TLSX** extensions, const void* data,
wolfSSL 15:117db924cf7c 5462 void* heap)
wolfSSL 15:117db924cf7c 5463 {
wolfSSL 15:117db924cf7c 5464 if (extensions == NULL || data == NULL)
wolfSSL 15:117db924cf7c 5465 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5466
wolfSSL 15:117db924cf7c 5467 return TLSX_Push(extensions, TLSX_SUPPORTED_VERSIONS, (void *)data, heap);
wolfSSL 15:117db924cf7c 5468 }
wolfSSL 15:117db924cf7c 5469
wolfSSL 15:117db924cf7c 5470 #define SV_GET_SIZE TLSX_SupportedVersions_GetSize
wolfSSL 15:117db924cf7c 5471 #define SV_WRITE TLSX_SupportedVersions_Write
wolfSSL 15:117db924cf7c 5472 #define SV_PARSE TLSX_SupportedVersions_Parse
wolfSSL 15:117db924cf7c 5473
wolfSSL 15:117db924cf7c 5474 #else
wolfSSL 15:117db924cf7c 5475
wolfSSL 15:117db924cf7c 5476 #define SV_GET_SIZE(a, b, c) 0
wolfSSL 15:117db924cf7c 5477 #define SV_WRITE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 5478 #define SV_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 5479
wolfSSL 15:117db924cf7c 5480 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 5481
wolfSSL 15:117db924cf7c 5482 #if defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 5483
wolfSSL 15:117db924cf7c 5484 /******************************************************************************/
wolfSSL 15:117db924cf7c 5485 /* Cookie */
wolfSSL 15:117db924cf7c 5486 /******************************************************************************/
wolfSSL 15:117db924cf7c 5487
wolfSSL 15:117db924cf7c 5488 /* Free the cookie data.
wolfSSL 15:117db924cf7c 5489 *
wolfSSL 15:117db924cf7c 5490 * cookie Cookie data.
wolfSSL 15:117db924cf7c 5491 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 5492 */
wolfSSL 15:117db924cf7c 5493 static void TLSX_Cookie_FreeAll(Cookie* cookie, void* heap)
wolfSSL 15:117db924cf7c 5494 {
wolfSSL 15:117db924cf7c 5495 (void)heap;
wolfSSL 15:117db924cf7c 5496
wolfSSL 15:117db924cf7c 5497 if (cookie != NULL)
wolfSSL 15:117db924cf7c 5498 XFREE(cookie, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5499 }
wolfSSL 15:117db924cf7c 5500
wolfSSL 15:117db924cf7c 5501 /* Get the size of the encoded Cookie extension.
wolfSSL 15:117db924cf7c 5502 * In messages: ClientHello and HelloRetryRequest.
wolfSSL 15:117db924cf7c 5503 *
wolfSSL 15:117db924cf7c 5504 * cookie The cookie to write.
wolfSSL 15:117db924cf7c 5505 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 5506 * returns the number of bytes of the encoded Cookie extension.
wolfSSL 15:117db924cf7c 5507 */
wolfSSL 15:117db924cf7c 5508 static int TLSX_Cookie_GetSize(Cookie* cookie, byte msgType, word16* pSz)
wolfSSL 15:117db924cf7c 5509 {
wolfSSL 15:117db924cf7c 5510 if (msgType == client_hello || msgType == hello_retry_request)
wolfSSL 15:117db924cf7c 5511 *pSz += OPAQUE16_LEN + cookie->len;
wolfSSL 15:117db924cf7c 5512 else
wolfSSL 15:117db924cf7c 5513 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 5514 return 0;
wolfSSL 15:117db924cf7c 5515 }
wolfSSL 15:117db924cf7c 5516
wolfSSL 15:117db924cf7c 5517 /* Writes the Cookie extension into the output buffer.
wolfSSL 15:117db924cf7c 5518 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 5519 * In messages: ClientHello and HelloRetryRequest.
wolfSSL 15:117db924cf7c 5520 *
wolfSSL 15:117db924cf7c 5521 * cookie The cookie to write.
wolfSSL 15:117db924cf7c 5522 * output The buffer to write into.
wolfSSL 15:117db924cf7c 5523 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 5524 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 5525 */
wolfSSL 15:117db924cf7c 5526 static int TLSX_Cookie_Write(Cookie* cookie, byte* output, byte msgType, word16* pSz)
wolfSSL 15:117db924cf7c 5527 {
wolfSSL 15:117db924cf7c 5528 if (msgType == client_hello || msgType == hello_retry_request) {
wolfSSL 15:117db924cf7c 5529 c16toa(cookie->len, output);
wolfSSL 15:117db924cf7c 5530 output += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5531 XMEMCPY(output, &cookie->data, cookie->len);
wolfSSL 15:117db924cf7c 5532 *pSz += OPAQUE16_LEN + cookie->len;
wolfSSL 15:117db924cf7c 5533 }
wolfSSL 15:117db924cf7c 5534 else
wolfSSL 15:117db924cf7c 5535 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 5536 return 0;
wolfSSL 15:117db924cf7c 5537 }
wolfSSL 15:117db924cf7c 5538
wolfSSL 15:117db924cf7c 5539 /* Parse the Cookie extension.
wolfSSL 15:117db924cf7c 5540 * In messages: ClientHello and HelloRetryRequest.
wolfSSL 15:117db924cf7c 5541 *
wolfSSL 15:117db924cf7c 5542 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 5543 * input The extension data.
wolfSSL 15:117db924cf7c 5544 * length The length of the extension data.
wolfSSL 15:117db924cf7c 5545 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 5546 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 5547 */
wolfSSL 15:117db924cf7c 5548 static int TLSX_Cookie_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 5549 byte msgType)
wolfSSL 15:117db924cf7c 5550 {
wolfSSL 15:117db924cf7c 5551 word16 len;
wolfSSL 15:117db924cf7c 5552 word16 idx = 0;
wolfSSL 15:117db924cf7c 5553 TLSX* extension;
wolfSSL 15:117db924cf7c 5554 Cookie* cookie;
wolfSSL 15:117db924cf7c 5555
wolfSSL 15:117db924cf7c 5556 if (msgType != client_hello && msgType != hello_retry_request)
wolfSSL 15:117db924cf7c 5557 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 5558
wolfSSL 15:117db924cf7c 5559 /* Message contains length and Cookie which must be at least one byte
wolfSSL 15:117db924cf7c 5560 * in length.
wolfSSL 15:117db924cf7c 5561 */
wolfSSL 15:117db924cf7c 5562 if (length < OPAQUE16_LEN + 1)
wolfSSL 15:117db924cf7c 5563 return BUFFER_E;
wolfSSL 15:117db924cf7c 5564 ato16(input + idx, &len);
wolfSSL 15:117db924cf7c 5565 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5566 if (length - idx != len)
wolfSSL 15:117db924cf7c 5567 return BUFFER_E;
wolfSSL 15:117db924cf7c 5568
wolfSSL 15:117db924cf7c 5569 if (msgType == hello_retry_request)
wolfSSL 15:117db924cf7c 5570 return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 0);
wolfSSL 15:117db924cf7c 5571
wolfSSL 15:117db924cf7c 5572 /* client_hello */
wolfSSL 15:117db924cf7c 5573 extension = TLSX_Find(ssl->extensions, TLSX_COOKIE);
wolfSSL 15:117db924cf7c 5574 if (extension == NULL)
wolfSSL 15:117db924cf7c 5575 return HRR_COOKIE_ERROR;
wolfSSL 15:117db924cf7c 5576
wolfSSL 15:117db924cf7c 5577 cookie = (Cookie*)extension->data;
wolfSSL 15:117db924cf7c 5578 if (cookie->len != len || XMEMCMP(&cookie->data, input + idx, len) != 0)
wolfSSL 15:117db924cf7c 5579 return HRR_COOKIE_ERROR;
wolfSSL 15:117db924cf7c 5580
wolfSSL 15:117db924cf7c 5581 /* Request seen. */
wolfSSL 15:117db924cf7c 5582 extension->resp = 0;
wolfSSL 15:117db924cf7c 5583
wolfSSL 15:117db924cf7c 5584 return 0;
wolfSSL 15:117db924cf7c 5585 }
wolfSSL 15:117db924cf7c 5586
wolfSSL 15:117db924cf7c 5587 /* Use the data to create a new Cookie object in the extensions.
wolfSSL 15:117db924cf7c 5588 *
wolfSSL 15:117db924cf7c 5589 * ssl SSL/TLS object.
wolfSSL 15:117db924cf7c 5590 * data Cookie data.
wolfSSL 15:117db924cf7c 5591 * len Length of cookie data in bytes.
wolfSSL 15:117db924cf7c 5592 * mac MAC data.
wolfSSL 15:117db924cf7c 5593 * macSz Length of MAC data in bytes.
wolfSSL 15:117db924cf7c 5594 * resp Indicates the extension will go into a response (HelloRetryRequest).
wolfSSL 15:117db924cf7c 5595 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 5596 */
wolfSSL 15:117db924cf7c 5597 int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len, byte* mac,
wolfSSL 15:117db924cf7c 5598 byte macSz, int resp)
wolfSSL 15:117db924cf7c 5599 {
wolfSSL 15:117db924cf7c 5600 int ret = 0;
wolfSSL 15:117db924cf7c 5601 TLSX* extension;
wolfSSL 15:117db924cf7c 5602 Cookie* cookie;
wolfSSL 15:117db924cf7c 5603
wolfSSL 15:117db924cf7c 5604 /* Find the cookie extension if it exists. */
wolfSSL 15:117db924cf7c 5605 extension = TLSX_Find(ssl->extensions, TLSX_COOKIE);
wolfSSL 15:117db924cf7c 5606 if (extension == NULL) {
wolfSSL 15:117db924cf7c 5607 /* Push new cookie extension. */
wolfSSL 15:117db924cf7c 5608 ret = TLSX_Push(&ssl->extensions, TLSX_COOKIE, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 5609 if (ret != 0)
wolfSSL 15:117db924cf7c 5610 return ret;
wolfSSL 15:117db924cf7c 5611
wolfSSL 15:117db924cf7c 5612 extension = TLSX_Find(ssl->extensions, TLSX_COOKIE);
wolfSSL 15:117db924cf7c 5613 if (extension == NULL)
wolfSSL 15:117db924cf7c 5614 return MEMORY_E;
wolfSSL 15:117db924cf7c 5615 }
wolfSSL 15:117db924cf7c 5616
wolfSSL 15:117db924cf7c 5617 /* The Cookie structure has one byte for cookie data already. */
wolfSSL 15:117db924cf7c 5618 cookie = (Cookie*)XMALLOC(sizeof(Cookie) + len + macSz - 1, ssl->heap,
wolfSSL 15:117db924cf7c 5619 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5620 if (cookie == NULL)
wolfSSL 15:117db924cf7c 5621 return MEMORY_E;
wolfSSL 15:117db924cf7c 5622
wolfSSL 15:117db924cf7c 5623 cookie->len = len + macSz;
wolfSSL 15:117db924cf7c 5624 XMEMCPY(&cookie->data, data, len);
wolfSSL 15:117db924cf7c 5625 if (mac != NULL)
wolfSSL 15:117db924cf7c 5626 XMEMCPY(&cookie->data + len, mac, macSz);
wolfSSL 15:117db924cf7c 5627
wolfSSL 15:117db924cf7c 5628 extension->data = (void*)cookie;
wolfSSL 15:117db924cf7c 5629 extension->resp = (byte)resp;
wolfSSL 15:117db924cf7c 5630
wolfSSL 15:117db924cf7c 5631 return 0;
wolfSSL 15:117db924cf7c 5632 }
wolfSSL 15:117db924cf7c 5633
wolfSSL 15:117db924cf7c 5634 #define CKE_FREE_ALL TLSX_Cookie_FreeAll
wolfSSL 15:117db924cf7c 5635 #define CKE_GET_SIZE TLSX_Cookie_GetSize
wolfSSL 15:117db924cf7c 5636 #define CKE_WRITE TLSX_Cookie_Write
wolfSSL 15:117db924cf7c 5637 #define CKE_PARSE TLSX_Cookie_Parse
wolfSSL 15:117db924cf7c 5638
wolfSSL 15:117db924cf7c 5639 #else
wolfSSL 15:117db924cf7c 5640
wolfSSL 15:117db924cf7c 5641 #define CKE_FREE_ALL(a, b) 0
wolfSSL 15:117db924cf7c 5642 #define CKE_GET_SIZE(a, b, c) 0
wolfSSL 15:117db924cf7c 5643 #define CKE_WRITE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 5644 #define CKE_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 5645
wolfSSL 15:117db924cf7c 5646 #endif
wolfSSL 15:117db924cf7c 5647
wolfSSL 15:117db924cf7c 5648 /******************************************************************************/
wolfSSL 15:117db924cf7c 5649 /* Signature Algorithms */
wolfSSL 15:117db924cf7c 5650 /******************************************************************************/
wolfSSL 15:117db924cf7c 5651
wolfSSL 15:117db924cf7c 5652 /* Return the size of the SignatureAlgorithms extension's data.
wolfSSL 15:117db924cf7c 5653 *
wolfSSL 15:117db924cf7c 5654 * data Unused
wolfSSL 15:117db924cf7c 5655 * returns the length of data that will be in the extension.
wolfSSL 15:117db924cf7c 5656 */
wolfSSL 15:117db924cf7c 5657 static word16 TLSX_SignatureAlgorithms_GetSize(void* data)
wolfSSL 15:117db924cf7c 5658 {
wolfSSL 15:117db924cf7c 5659 WOLFSSL* ssl = (WOLFSSL*)data;
wolfSSL 15:117db924cf7c 5660
wolfSSL 15:117db924cf7c 5661 return OPAQUE16_LEN + ssl->suites->hashSigAlgoSz;
wolfSSL 15:117db924cf7c 5662 }
wolfSSL 15:117db924cf7c 5663
wolfSSL 15:117db924cf7c 5664 /* Creates a bit string of supported hash algorithms with RSA PSS.
wolfSSL 15:117db924cf7c 5665 * The bit string is used when determining which signature algorithm to use
wolfSSL 15:117db924cf7c 5666 * when creating the CertificateVerify message.
wolfSSL 15:117db924cf7c 5667 * Note: Valid data has an even length as each signature algorithm is two bytes.
wolfSSL 15:117db924cf7c 5668 *
wolfSSL 15:117db924cf7c 5669 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 5670 * input The buffer with the list of supported signature algorithms.
wolfSSL 15:117db924cf7c 5671 * length The length of the list in bytes.
wolfSSL 15:117db924cf7c 5672 * returns 0 on success, BUFFER_ERROR when the length is not even.
wolfSSL 15:117db924cf7c 5673 */
wolfSSL 15:117db924cf7c 5674 static int TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, byte* input,
wolfSSL 15:117db924cf7c 5675 word16 length)
wolfSSL 15:117db924cf7c 5676 {
wolfSSL 15:117db924cf7c 5677 word16 i;
wolfSSL 15:117db924cf7c 5678
wolfSSL 15:117db924cf7c 5679 if ((length & 1) == 1)
wolfSSL 15:117db924cf7c 5680 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5681
wolfSSL 15:117db924cf7c 5682 ssl->pssAlgo = 0;
wolfSSL 15:117db924cf7c 5683 for (i = 0; i < length; i += 2) {
wolfSSL 15:117db924cf7c 5684 if (input[i] == rsa_pss_sa_algo && input[i + 1] <= sha512_mac)
wolfSSL 15:117db924cf7c 5685 ssl->pssAlgo |= 1 << input[i + 1];
wolfSSL 15:117db924cf7c 5686 }
wolfSSL 15:117db924cf7c 5687
wolfSSL 15:117db924cf7c 5688 return 0;
wolfSSL 15:117db924cf7c 5689 }
wolfSSL 15:117db924cf7c 5690
wolfSSL 15:117db924cf7c 5691 /* Writes the SignatureAlgorithms extension into the buffer.
wolfSSL 15:117db924cf7c 5692 *
wolfSSL 15:117db924cf7c 5693 * data Unused
wolfSSL 15:117db924cf7c 5694 * output The buffer to write the extension into.
wolfSSL 15:117db924cf7c 5695 * returns the length of data that was written.
wolfSSL 15:117db924cf7c 5696 */
wolfSSL 15:117db924cf7c 5697 static word16 TLSX_SignatureAlgorithms_Write(void* data, byte* output)
wolfSSL 15:117db924cf7c 5698 {
wolfSSL 15:117db924cf7c 5699 WOLFSSL* ssl = (WOLFSSL*)data;
wolfSSL 15:117db924cf7c 5700
wolfSSL 15:117db924cf7c 5701 c16toa(ssl->suites->hashSigAlgoSz, output);
wolfSSL 15:117db924cf7c 5702 XMEMCPY(output + OPAQUE16_LEN, ssl->suites->hashSigAlgo,
wolfSSL 15:117db924cf7c 5703 ssl->suites->hashSigAlgoSz);
wolfSSL 15:117db924cf7c 5704
wolfSSL 15:117db924cf7c 5705 TLSX_SignatureAlgorithms_MapPss(ssl, output + OPAQUE16_LEN,
wolfSSL 15:117db924cf7c 5706 ssl->suites->hashSigAlgoSz);
wolfSSL 15:117db924cf7c 5707
wolfSSL 15:117db924cf7c 5708 return OPAQUE16_LEN + ssl->suites->hashSigAlgoSz;
wolfSSL 15:117db924cf7c 5709 }
wolfSSL 15:117db924cf7c 5710
wolfSSL 15:117db924cf7c 5711 /* Parse the SignatureAlgorithms extension.
wolfSSL 15:117db924cf7c 5712 *
wolfSSL 15:117db924cf7c 5713 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 5714 * input The buffer with the extension data.
wolfSSL 15:117db924cf7c 5715 * length The length of the extension data.
wolfSSL 15:117db924cf7c 5716 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 5717 */
wolfSSL 15:117db924cf7c 5718 static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, byte* input,
wolfSSL 15:117db924cf7c 5719 word16 length, byte isRequest, Suites* suites)
wolfSSL 15:117db924cf7c 5720 {
wolfSSL 15:117db924cf7c 5721 word16 len;
wolfSSL 15:117db924cf7c 5722
wolfSSL 15:117db924cf7c 5723 if (!isRequest)
wolfSSL 15:117db924cf7c 5724 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5725
wolfSSL 15:117db924cf7c 5726 /* Must contain a length and at least algorithm. */
wolfSSL 15:117db924cf7c 5727 if (length < OPAQUE16_LEN + OPAQUE16_LEN || (length & 1) != 0)
wolfSSL 15:117db924cf7c 5728 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5729
wolfSSL 15:117db924cf7c 5730 ato16(input, &len);
wolfSSL 15:117db924cf7c 5731 input += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5732
wolfSSL 15:117db924cf7c 5733 /* Algorithm array must fill rest of data. */
wolfSSL 15:117db924cf7c 5734 if (length != OPAQUE16_LEN + len)
wolfSSL 15:117db924cf7c 5735 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5736
wolfSSL 15:117db924cf7c 5737 /* truncate hashSigAlgo list if too long */
wolfSSL 15:117db924cf7c 5738 suites->hashSigAlgoSz = len;
wolfSSL 15:117db924cf7c 5739 if (suites->hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) {
wolfSSL 15:117db924cf7c 5740 WOLFSSL_MSG("TLSX SigAlgo list exceeds max, truncating");
wolfSSL 15:117db924cf7c 5741 suites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
wolfSSL 15:117db924cf7c 5742 }
wolfSSL 15:117db924cf7c 5743 XMEMCPY(suites->hashSigAlgo, input, suites->hashSigAlgoSz);
wolfSSL 15:117db924cf7c 5744
wolfSSL 15:117db924cf7c 5745 return TLSX_SignatureAlgorithms_MapPss(ssl, input, len);
wolfSSL 15:117db924cf7c 5746 }
wolfSSL 15:117db924cf7c 5747
wolfSSL 15:117db924cf7c 5748 /* Sets a new SignatureAlgorithms extension into the extension list.
wolfSSL 15:117db924cf7c 5749 *
wolfSSL 15:117db924cf7c 5750 * extensions The list of extensions.
wolfSSL 15:117db924cf7c 5751 * data The extensions specific data.
wolfSSL 15:117db924cf7c 5752 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 5753 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 5754 */
wolfSSL 15:117db924cf7c 5755 static int TLSX_SetSignatureAlgorithms(TLSX** extensions, const void* data,
wolfSSL 15:117db924cf7c 5756 void* heap)
wolfSSL 15:117db924cf7c 5757 {
wolfSSL 15:117db924cf7c 5758 if (extensions == NULL)
wolfSSL 15:117db924cf7c 5759 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5760
wolfSSL 15:117db924cf7c 5761 return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS, (void *)data, heap);
wolfSSL 15:117db924cf7c 5762 }
wolfSSL 15:117db924cf7c 5763
wolfSSL 15:117db924cf7c 5764 #define SA_GET_SIZE TLSX_SignatureAlgorithms_GetSize
wolfSSL 15:117db924cf7c 5765 #define SA_WRITE TLSX_SignatureAlgorithms_Write
wolfSSL 15:117db924cf7c 5766 #define SA_PARSE TLSX_SignatureAlgorithms_Parse
wolfSSL 15:117db924cf7c 5767
wolfSSL 15:117db924cf7c 5768 /******************************************************************************/
wolfSSL 15:117db924cf7c 5769 /* Signature Algorithms Certificate */
wolfSSL 15:117db924cf7c 5770 /******************************************************************************/
wolfSSL 15:117db924cf7c 5771
wolfSSL 15:117db924cf7c 5772 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 5773 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 5774 /* Return the size of the SignatureAlgorithms extension's data.
wolfSSL 15:117db924cf7c 5775 *
wolfSSL 15:117db924cf7c 5776 * data Unused
wolfSSL 15:117db924cf7c 5777 * returns the length of data that will be in the extension.
wolfSSL 15:117db924cf7c 5778 */
wolfSSL 15:117db924cf7c 5779 static word16 TLSX_SignatureAlgorithmsCert_GetSize(void* data)
wolfSSL 15:117db924cf7c 5780 {
wolfSSL 15:117db924cf7c 5781 WOLFSSL* ssl = (WOLFSSL*)data;
wolfSSL 15:117db924cf7c 5782
wolfSSL 15:117db924cf7c 5783 return OPAQUE16_LEN + ssl->certHashSigAlgoSz;
wolfSSL 15:117db924cf7c 5784 }
wolfSSL 15:117db924cf7c 5785
wolfSSL 15:117db924cf7c 5786 /* Writes the SignatureAlgorithmsCert extension into the buffer.
wolfSSL 15:117db924cf7c 5787 *
wolfSSL 15:117db924cf7c 5788 * data Unused
wolfSSL 15:117db924cf7c 5789 * output The buffer to write the extension into.
wolfSSL 15:117db924cf7c 5790 * returns the length of data that was written.
wolfSSL 15:117db924cf7c 5791 */
wolfSSL 15:117db924cf7c 5792 static word16 TLSX_SignatureAlgorithmsCert_Write(void* data, byte* output)
wolfSSL 15:117db924cf7c 5793 {
wolfSSL 15:117db924cf7c 5794 WOLFSSL* ssl = (WOLFSSL*)data;
wolfSSL 15:117db924cf7c 5795
wolfSSL 15:117db924cf7c 5796 c16toa(ssl->certHashSigAlgoSz, output);
wolfSSL 15:117db924cf7c 5797 XMEMCPY(output + OPAQUE16_LEN, ssl->certHashSigAlgo,
wolfSSL 15:117db924cf7c 5798 ssl->certHashSigAlgoSz);
wolfSSL 15:117db924cf7c 5799
wolfSSL 15:117db924cf7c 5800 return OPAQUE16_LEN + ssl->certHashSigAlgoSz;
wolfSSL 15:117db924cf7c 5801 }
wolfSSL 15:117db924cf7c 5802
wolfSSL 15:117db924cf7c 5803 /* Parse the SignatureAlgorithmsCert extension.
wolfSSL 15:117db924cf7c 5804 *
wolfSSL 15:117db924cf7c 5805 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 5806 * input The buffer with the extension data.
wolfSSL 15:117db924cf7c 5807 * length The length of the extension data.
wolfSSL 15:117db924cf7c 5808 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 5809 */
wolfSSL 15:117db924cf7c 5810 static int TLSX_SignatureAlgorithmsCert_Parse(WOLFSSL *ssl, byte* input,
wolfSSL 15:117db924cf7c 5811 word16 length, byte isRequest)
wolfSSL 15:117db924cf7c 5812 {
wolfSSL 15:117db924cf7c 5813 word16 len;
wolfSSL 15:117db924cf7c 5814
wolfSSL 15:117db924cf7c 5815 if (!isRequest)
wolfSSL 15:117db924cf7c 5816 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5817
wolfSSL 15:117db924cf7c 5818 /* Must contain a length and at least algorithm. */
wolfSSL 15:117db924cf7c 5819 if (length < OPAQUE16_LEN + OPAQUE16_LEN || (length & 1) != 0)
wolfSSL 15:117db924cf7c 5820 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5821
wolfSSL 15:117db924cf7c 5822 ato16(input, &len);
wolfSSL 15:117db924cf7c 5823 input += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5824
wolfSSL 15:117db924cf7c 5825 /* Algorithm array must fill rest of data. */
wolfSSL 15:117db924cf7c 5826 if (length != OPAQUE16_LEN + len)
wolfSSL 15:117db924cf7c 5827 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5828
wolfSSL 15:117db924cf7c 5829 /* truncate hashSigAlgo list if too long */
wolfSSL 15:117db924cf7c 5830 ssl->certHashSigAlgoSz = len;
wolfSSL 15:117db924cf7c 5831 if (ssl->certHashSigAlgoSz > WOLFSSL_MAX_SIGALGO) {
wolfSSL 15:117db924cf7c 5832 WOLFSSL_MSG("TLSX SigAlgo list exceeds max, truncating");
wolfSSL 15:117db924cf7c 5833 ssl->certHashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
wolfSSL 15:117db924cf7c 5834 }
wolfSSL 15:117db924cf7c 5835 XMEMCPY(ssl->certHashSigAlgo, input, ssl->certHashSigAlgoSz);
wolfSSL 15:117db924cf7c 5836
wolfSSL 15:117db924cf7c 5837 return 0;
wolfSSL 15:117db924cf7c 5838 }
wolfSSL 15:117db924cf7c 5839
wolfSSL 15:117db924cf7c 5840 /* Sets a new SignatureAlgorithmsCert extension into the extension list.
wolfSSL 15:117db924cf7c 5841 *
wolfSSL 15:117db924cf7c 5842 * extensions The list of extensions.
wolfSSL 15:117db924cf7c 5843 * data The extensions specific data.
wolfSSL 15:117db924cf7c 5844 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 5845 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 5846 */
wolfSSL 15:117db924cf7c 5847 static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, const void* data,
wolfSSL 15:117db924cf7c 5848 void* heap)
wolfSSL 15:117db924cf7c 5849 {
wolfSSL 15:117db924cf7c 5850 if (extensions == NULL)
wolfSSL 15:117db924cf7c 5851 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5852
wolfSSL 15:117db924cf7c 5853 return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS_CERT, (void *)data,
wolfSSL 15:117db924cf7c 5854 heap);
wolfSSL 15:117db924cf7c 5855 }
wolfSSL 15:117db924cf7c 5856
wolfSSL 15:117db924cf7c 5857 #define SAC_GET_SIZE TLSX_SignatureAlgorithmsCert_GetSize
wolfSSL 15:117db924cf7c 5858 #define SAC_WRITE TLSX_SignatureAlgorithmsCert_Write
wolfSSL 15:117db924cf7c 5859 #define SAC_PARSE TLSX_SignatureAlgorithmsCert_Parse
wolfSSL 15:117db924cf7c 5860 #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */
wolfSSL 15:117db924cf7c 5861 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 5862
wolfSSL 15:117db924cf7c 5863
wolfSSL 15:117db924cf7c 5864 /******************************************************************************/
wolfSSL 15:117db924cf7c 5865 /* Key Share */
wolfSSL 15:117db924cf7c 5866 /******************************************************************************/
wolfSSL 15:117db924cf7c 5867
wolfSSL 15:117db924cf7c 5868 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 5869 /* Create a key share entry using named Diffie-Hellman parameters group.
wolfSSL 15:117db924cf7c 5870 * Generates a key pair.
wolfSSL 15:117db924cf7c 5871 *
wolfSSL 15:117db924cf7c 5872 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 5873 * kse The key share entry object.
wolfSSL 15:117db924cf7c 5874 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 5875 */
wolfSSL 15:117db924cf7c 5876 static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse)
wolfSSL 15:117db924cf7c 5877 {
wolfSSL 15:117db924cf7c 5878 int ret;
wolfSSL 15:117db924cf7c 5879 #ifndef NO_DH
wolfSSL 15:117db924cf7c 5880 byte* keyData;
wolfSSL 15:117db924cf7c 5881 void* key = NULL;
wolfSSL 15:117db924cf7c 5882 word32 keySz;
wolfSSL 15:117db924cf7c 5883 word32 dataSz;
wolfSSL 15:117db924cf7c 5884 const DhParams* params;
wolfSSL 15:117db924cf7c 5885 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 5886 DhKey* dhKey = NULL;
wolfSSL 15:117db924cf7c 5887 #else
wolfSSL 15:117db924cf7c 5888 DhKey dhKey[1];
wolfSSL 15:117db924cf7c 5889 #endif
wolfSSL 15:117db924cf7c 5890
wolfSSL 15:117db924cf7c 5891 /* TODO: [TLS13] The key size should come from wolfcrypt. */
wolfSSL 15:117db924cf7c 5892 /* Pick the parameters from the named group. */
wolfSSL 15:117db924cf7c 5893 switch (kse->group) {
wolfSSL 15:117db924cf7c 5894 #ifdef HAVE_FFDHE_2048
wolfSSL 15:117db924cf7c 5895 case WOLFSSL_FFDHE_2048:
wolfSSL 15:117db924cf7c 5896 params = wc_Dh_ffdhe2048_Get();
wolfSSL 15:117db924cf7c 5897 keySz = 29;
wolfSSL 15:117db924cf7c 5898 break;
wolfSSL 15:117db924cf7c 5899 #endif
wolfSSL 15:117db924cf7c 5900 #ifdef HAVE_FFDHE_3072
wolfSSL 15:117db924cf7c 5901 case WOLFSSL_FFDHE_3072:
wolfSSL 15:117db924cf7c 5902 params = wc_Dh_ffdhe3072_Get();
wolfSSL 15:117db924cf7c 5903 keySz = 34;
wolfSSL 15:117db924cf7c 5904 break;
wolfSSL 15:117db924cf7c 5905 #endif
wolfSSL 15:117db924cf7c 5906 #ifdef HAVE_FFDHE_4096
wolfSSL 15:117db924cf7c 5907 case WOLFSSL_FFDHE_4096:
wolfSSL 15:117db924cf7c 5908 params = wc_Dh_ffdhe4096_Get();
wolfSSL 15:117db924cf7c 5909 keySz = 39;
wolfSSL 15:117db924cf7c 5910 break;
wolfSSL 15:117db924cf7c 5911 #endif
wolfSSL 15:117db924cf7c 5912 #ifdef HAVE_FFDHE_6144
wolfSSL 15:117db924cf7c 5913 case WOLFSSL_FFDHE_6144:
wolfSSL 15:117db924cf7c 5914 params = wc_Dh_ffdhe6144_Get();
wolfSSL 15:117db924cf7c 5915 keySz = 46;
wolfSSL 15:117db924cf7c 5916 break;
wolfSSL 15:117db924cf7c 5917 #endif
wolfSSL 15:117db924cf7c 5918 #ifdef HAVE_FFDHE_8192
wolfSSL 15:117db924cf7c 5919 case WOLFSSL_FFDHE_8192:
wolfSSL 15:117db924cf7c 5920 params = wc_Dh_ffdhe8192_Get();
wolfSSL 15:117db924cf7c 5921 keySz = 52;
wolfSSL 15:117db924cf7c 5922 break;
wolfSSL 15:117db924cf7c 5923 #endif
wolfSSL 15:117db924cf7c 5924 default:
wolfSSL 15:117db924cf7c 5925 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5926 }
wolfSSL 15:117db924cf7c 5927
wolfSSL 15:117db924cf7c 5928 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 5929 dhKey = (DhKey*)XMALLOC(sizeof(DhKey), ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 5930 if (dhKey == NULL)
wolfSSL 15:117db924cf7c 5931 return MEMORY_E;
wolfSSL 15:117db924cf7c 5932 #endif
wolfSSL 15:117db924cf7c 5933
wolfSSL 15:117db924cf7c 5934 ret = wc_InitDhKey_ex(dhKey, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 5935 if (ret != 0) {
wolfSSL 15:117db924cf7c 5936 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 5937 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 5938 #endif
wolfSSL 15:117db924cf7c 5939 return ret;
wolfSSL 15:117db924cf7c 5940 }
wolfSSL 15:117db924cf7c 5941
wolfSSL 15:117db924cf7c 5942 /* Allocate space for the public key. */
wolfSSL 15:117db924cf7c 5943 dataSz = params->p_len;
wolfSSL 15:117db924cf7c 5944 keyData = (byte*)XMALLOC(dataSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 5945 if (keyData == NULL) {
wolfSSL 15:117db924cf7c 5946 ret = MEMORY_E;
wolfSSL 15:117db924cf7c 5947 goto end;
wolfSSL 15:117db924cf7c 5948 }
wolfSSL 15:117db924cf7c 5949 /* Allocate space for the private key. */
wolfSSL 15:117db924cf7c 5950 key = (byte*)XMALLOC(keySz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 5951 if (key == NULL) {
wolfSSL 15:117db924cf7c 5952 ret = MEMORY_E;
wolfSSL 15:117db924cf7c 5953 goto end;
wolfSSL 15:117db924cf7c 5954 }
wolfSSL 15:117db924cf7c 5955
wolfSSL 15:117db924cf7c 5956 /* Set key */
wolfSSL 15:117db924cf7c 5957 ret = wc_DhSetKey(dhKey,
wolfSSL 15:117db924cf7c 5958 (byte*)params->p, params->p_len,
wolfSSL 15:117db924cf7c 5959 (byte*)params->g, params->g_len);
wolfSSL 15:117db924cf7c 5960 if (ret != 0)
wolfSSL 15:117db924cf7c 5961 goto end;
wolfSSL 15:117db924cf7c 5962
wolfSSL 15:117db924cf7c 5963 /* Generate a new key pair. */
wolfSSL 15:117db924cf7c 5964 ret = wc_DhGenerateKeyPair(dhKey, ssl->rng, (byte*)key, &keySz, keyData,
wolfSSL 15:117db924cf7c 5965 &dataSz);
wolfSSL 15:117db924cf7c 5966 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 5967 /* TODO: Make this function non-blocking */
wolfSSL 15:117db924cf7c 5968 if (ret == WC_PENDING_E) {
wolfSSL 15:117db924cf7c 5969 ret = wc_AsyncWait(ret, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 15:117db924cf7c 5970 }
wolfSSL 15:117db924cf7c 5971 #endif
wolfSSL 15:117db924cf7c 5972 if (ret != 0)
wolfSSL 15:117db924cf7c 5973 goto end;
wolfSSL 15:117db924cf7c 5974
wolfSSL 15:117db924cf7c 5975 if (params->p_len != dataSz) {
wolfSSL 15:117db924cf7c 5976 /* Pad the front of the key data with zeros. */
wolfSSL 15:117db924cf7c 5977 XMEMMOVE(keyData + params->p_len - dataSz, keyData, dataSz);
wolfSSL 15:117db924cf7c 5978 XMEMSET(keyData, 0, params->p_len - dataSz);
wolfSSL 15:117db924cf7c 5979 }
wolfSSL 15:117db924cf7c 5980
wolfSSL 15:117db924cf7c 5981 kse->pubKey = keyData;
wolfSSL 15:117db924cf7c 5982 kse->pubKeyLen = params->p_len;
wolfSSL 15:117db924cf7c 5983 kse->key = key;
wolfSSL 15:117db924cf7c 5984 kse->keyLen = keySz;
wolfSSL 15:117db924cf7c 5985
wolfSSL 15:117db924cf7c 5986 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 5987 WOLFSSL_MSG("Public DH Key");
wolfSSL 15:117db924cf7c 5988 WOLFSSL_BUFFER(keyData, params->p_len);
wolfSSL 15:117db924cf7c 5989 #endif
wolfSSL 15:117db924cf7c 5990
wolfSSL 15:117db924cf7c 5991 end:
wolfSSL 15:117db924cf7c 5992
wolfSSL 15:117db924cf7c 5993 wc_FreeDhKey(dhKey);
wolfSSL 15:117db924cf7c 5994 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 5995 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 5996 #endif
wolfSSL 15:117db924cf7c 5997
wolfSSL 15:117db924cf7c 5998 if (ret != 0) {
wolfSSL 15:117db924cf7c 5999 /* Data owned by key share entry otherwise. */
wolfSSL 15:117db924cf7c 6000 if (keyData != NULL)
wolfSSL 15:117db924cf7c 6001 XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6002 if (key != NULL)
wolfSSL 15:117db924cf7c 6003 XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 6004 }
wolfSSL 15:117db924cf7c 6005 #else
wolfSSL 15:117db924cf7c 6006 (void)ssl;
wolfSSL 15:117db924cf7c 6007 (void)kse;
wolfSSL 15:117db924cf7c 6008
wolfSSL 15:117db924cf7c 6009 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 6010 #endif
wolfSSL 15:117db924cf7c 6011
wolfSSL 15:117db924cf7c 6012 return ret;
wolfSSL 15:117db924cf7c 6013 }
wolfSSL 15:117db924cf7c 6014
wolfSSL 15:117db924cf7c 6015 /* Create a key share entry using X25519 parameters group.
wolfSSL 15:117db924cf7c 6016 * Generates a key pair.
wolfSSL 15:117db924cf7c 6017 *
wolfSSL 15:117db924cf7c 6018 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6019 * kse The key share entry object.
wolfSSL 15:117db924cf7c 6020 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 6021 */
wolfSSL 15:117db924cf7c 6022 static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse)
wolfSSL 15:117db924cf7c 6023 {
wolfSSL 15:117db924cf7c 6024 int ret;
wolfSSL 15:117db924cf7c 6025 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 6026 byte* keyData = NULL;
wolfSSL 15:117db924cf7c 6027 word32 dataSize = CURVE25519_KEYSIZE;
wolfSSL 15:117db924cf7c 6028 curve25519_key* key;
wolfSSL 15:117db924cf7c 6029
wolfSSL 15:117db924cf7c 6030 /* Allocate an ECC key to hold private key. */
wolfSSL 15:117db924cf7c 6031 key = (curve25519_key*)XMALLOC(sizeof(curve25519_key),
wolfSSL 15:117db924cf7c 6032 ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 6033 if (key == NULL) {
wolfSSL 15:117db924cf7c 6034 WOLFSSL_MSG("EccTempKey Memory error");
wolfSSL 15:117db924cf7c 6035 return MEMORY_E;
wolfSSL 15:117db924cf7c 6036 }
wolfSSL 15:117db924cf7c 6037
wolfSSL 15:117db924cf7c 6038 /* Make an ECC key. */
wolfSSL 15:117db924cf7c 6039 ret = wc_curve25519_init(key);
wolfSSL 15:117db924cf7c 6040 if (ret != 0)
wolfSSL 15:117db924cf7c 6041 goto end;
wolfSSL 15:117db924cf7c 6042 ret = wc_curve25519_make_key(ssl->rng, CURVE25519_KEYSIZE, key);
wolfSSL 15:117db924cf7c 6043 if (ret != 0)
wolfSSL 15:117db924cf7c 6044 goto end;
wolfSSL 15:117db924cf7c 6045
wolfSSL 15:117db924cf7c 6046 /* Allocate space for the public key. */
wolfSSL 15:117db924cf7c 6047 keyData = (byte*)XMALLOC(CURVE25519_KEYSIZE, ssl->heap,
wolfSSL 15:117db924cf7c 6048 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6049 if (keyData == NULL) {
wolfSSL 15:117db924cf7c 6050 WOLFSSL_MSG("Key data Memory error");
wolfSSL 15:117db924cf7c 6051 ret = MEMORY_E;
wolfSSL 15:117db924cf7c 6052 goto end;
wolfSSL 15:117db924cf7c 6053 }
wolfSSL 15:117db924cf7c 6054
wolfSSL 15:117db924cf7c 6055 /* Export public key. */
wolfSSL 15:117db924cf7c 6056 if (wc_curve25519_export_public_ex(key, keyData, &dataSize,
wolfSSL 15:117db924cf7c 6057 EC25519_LITTLE_ENDIAN) != 0) {
wolfSSL 15:117db924cf7c 6058 ret = ECC_EXPORT_ERROR;
wolfSSL 15:117db924cf7c 6059 goto end;
wolfSSL 15:117db924cf7c 6060 }
wolfSSL 15:117db924cf7c 6061
wolfSSL 15:117db924cf7c 6062 kse->pubKey = keyData;
wolfSSL 15:117db924cf7c 6063 kse->pubKeyLen = CURVE25519_KEYSIZE;
wolfSSL 15:117db924cf7c 6064 kse->key = key;
wolfSSL 15:117db924cf7c 6065
wolfSSL 15:117db924cf7c 6066 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 6067 WOLFSSL_MSG("Public Curve25519 Key");
wolfSSL 15:117db924cf7c 6068 WOLFSSL_BUFFER(keyData, dataSize);
wolfSSL 15:117db924cf7c 6069 #endif
wolfSSL 15:117db924cf7c 6070
wolfSSL 15:117db924cf7c 6071 end:
wolfSSL 15:117db924cf7c 6072 if (ret != 0) {
wolfSSL 15:117db924cf7c 6073 /* Data owned by key share entry otherwise. */
wolfSSL 15:117db924cf7c 6074 if (keyData != NULL)
wolfSSL 15:117db924cf7c 6075 XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6076 wc_curve25519_free(key);
wolfSSL 15:117db924cf7c 6077 XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 6078 }
wolfSSL 15:117db924cf7c 6079 #else
wolfSSL 15:117db924cf7c 6080 (void)ssl;
wolfSSL 15:117db924cf7c 6081 (void)kse;
wolfSSL 15:117db924cf7c 6082
wolfSSL 15:117db924cf7c 6083 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 6084 #endif /* HAVE_CURVE25519 */
wolfSSL 15:117db924cf7c 6085
wolfSSL 15:117db924cf7c 6086 return ret;
wolfSSL 15:117db924cf7c 6087 }
wolfSSL 15:117db924cf7c 6088
wolfSSL 15:117db924cf7c 6089 /* Create a key share entry using named elliptic curve parameters group.
wolfSSL 15:117db924cf7c 6090 * Generates a key pair.
wolfSSL 15:117db924cf7c 6091 *
wolfSSL 15:117db924cf7c 6092 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6093 * kse The key share entry object.
wolfSSL 15:117db924cf7c 6094 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 6095 */
wolfSSL 15:117db924cf7c 6096 static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
wolfSSL 15:117db924cf7c 6097 {
wolfSSL 15:117db924cf7c 6098 int ret;
wolfSSL 15:117db924cf7c 6099 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 6100 byte* keyData = NULL;
wolfSSL 15:117db924cf7c 6101 word32 dataSize;
wolfSSL 15:117db924cf7c 6102 byte* keyPtr = NULL;
wolfSSL 15:117db924cf7c 6103 word32 keySize;
wolfSSL 15:117db924cf7c 6104 ecc_key* eccKey;
wolfSSL 15:117db924cf7c 6105 word16 curveId;
wolfSSL 15:117db924cf7c 6106
wolfSSL 15:117db924cf7c 6107 /* TODO: [TLS13] The key sizes should come from wolfcrypt. */
wolfSSL 15:117db924cf7c 6108 /* Translate named group to a curve id. */
wolfSSL 15:117db924cf7c 6109 switch (kse->group) {
wolfSSL 15:117db924cf7c 6110 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 6111 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 6112 case WOLFSSL_ECC_SECP256R1:
wolfSSL 15:117db924cf7c 6113 curveId = ECC_SECP256R1;
wolfSSL 15:117db924cf7c 6114 keySize = 32;
wolfSSL 15:117db924cf7c 6115 dataSize = keySize * 2 + 1;
wolfSSL 15:117db924cf7c 6116 break;
wolfSSL 15:117db924cf7c 6117 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 6118 #endif
wolfSSL 15:117db924cf7c 6119 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 6120 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 6121 case WOLFSSL_ECC_SECP384R1:
wolfSSL 15:117db924cf7c 6122 curveId = ECC_SECP384R1;
wolfSSL 15:117db924cf7c 6123 keySize = 48;
wolfSSL 15:117db924cf7c 6124 dataSize = keySize * 2 + 1;
wolfSSL 15:117db924cf7c 6125 break;
wolfSSL 15:117db924cf7c 6126 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 6127 #endif
wolfSSL 15:117db924cf7c 6128 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 6129 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 6130 case WOLFSSL_ECC_SECP521R1:
wolfSSL 15:117db924cf7c 6131 curveId = ECC_SECP521R1;
wolfSSL 15:117db924cf7c 6132 keySize = 66;
wolfSSL 15:117db924cf7c 6133 dataSize = keySize * 2 + 1;
wolfSSL 15:117db924cf7c 6134 break;
wolfSSL 15:117db924cf7c 6135 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 6136 #endif
wolfSSL 15:117db924cf7c 6137 #ifdef HAVE_X448
wolfSSL 15:117db924cf7c 6138 case WOLFSSL_ECC_X448:
wolfSSL 15:117db924cf7c 6139 curveId = ECC_X448;
wolfSSL 15:117db924cf7c 6140 dataSize = keySize = 56;
wolfSSL 15:117db924cf7c 6141 break;
wolfSSL 15:117db924cf7c 6142 #endif
wolfSSL 15:117db924cf7c 6143 default:
wolfSSL 15:117db924cf7c 6144 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6145 }
wolfSSL 15:117db924cf7c 6146
wolfSSL 15:117db924cf7c 6147 /* Allocate an ECC key to hold private key. */
wolfSSL 15:117db924cf7c 6148 keyPtr = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap,
wolfSSL 15:117db924cf7c 6149 DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 6150 if (keyPtr == NULL) {
wolfSSL 15:117db924cf7c 6151 WOLFSSL_MSG("EccTempKey Memory error");
wolfSSL 15:117db924cf7c 6152 return MEMORY_E;
wolfSSL 15:117db924cf7c 6153 }
wolfSSL 15:117db924cf7c 6154 eccKey = (ecc_key*)keyPtr;
wolfSSL 15:117db924cf7c 6155
wolfSSL 15:117db924cf7c 6156 /* Make an ECC key. */
wolfSSL 15:117db924cf7c 6157 ret = wc_ecc_init_ex(eccKey, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 6158 if (ret != 0)
wolfSSL 15:117db924cf7c 6159 goto end;
wolfSSL 15:117db924cf7c 6160 ret = wc_ecc_make_key_ex(ssl->rng, keySize, eccKey, curveId);
wolfSSL 15:117db924cf7c 6161 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 6162 /* TODO: Make this function non-blocking */
wolfSSL 15:117db924cf7c 6163 if (ret == WC_PENDING_E) {
wolfSSL 15:117db924cf7c 6164 ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 15:117db924cf7c 6165 }
wolfSSL 15:117db924cf7c 6166 #endif
wolfSSL 15:117db924cf7c 6167 if (ret != 0)
wolfSSL 15:117db924cf7c 6168 goto end;
wolfSSL 15:117db924cf7c 6169
wolfSSL 15:117db924cf7c 6170 /* Allocate space for the public key. */
wolfSSL 15:117db924cf7c 6171 keyData = (byte*)XMALLOC(dataSize, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6172 if (keyData == NULL) {
wolfSSL 15:117db924cf7c 6173 WOLFSSL_MSG("Key data Memory error");
wolfSSL 15:117db924cf7c 6174 ret = MEMORY_E;
wolfSSL 15:117db924cf7c 6175 goto end;
wolfSSL 15:117db924cf7c 6176 }
wolfSSL 15:117db924cf7c 6177
wolfSSL 15:117db924cf7c 6178 /* Export public key. */
wolfSSL 15:117db924cf7c 6179 if (wc_ecc_export_x963(eccKey, keyData, &dataSize) != 0) {
wolfSSL 15:117db924cf7c 6180 ret = ECC_EXPORT_ERROR;
wolfSSL 15:117db924cf7c 6181 goto end;
wolfSSL 15:117db924cf7c 6182 }
wolfSSL 15:117db924cf7c 6183
wolfSSL 15:117db924cf7c 6184 kse->pubKey = keyData;
wolfSSL 15:117db924cf7c 6185 kse->pubKeyLen = dataSize;
wolfSSL 15:117db924cf7c 6186 kse->key = keyPtr;
wolfSSL 15:117db924cf7c 6187
wolfSSL 15:117db924cf7c 6188 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 6189 WOLFSSL_MSG("Public ECC Key");
wolfSSL 15:117db924cf7c 6190 WOLFSSL_BUFFER(keyData, dataSize);
wolfSSL 15:117db924cf7c 6191 #endif
wolfSSL 15:117db924cf7c 6192
wolfSSL 15:117db924cf7c 6193 end:
wolfSSL 15:117db924cf7c 6194 if (ret != 0) {
wolfSSL 15:117db924cf7c 6195 /* Data owned by key share entry otherwise. */
wolfSSL 15:117db924cf7c 6196 if (keyPtr != NULL)
wolfSSL 15:117db924cf7c 6197 XFREE(keyPtr, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 6198 if (keyData != NULL)
wolfSSL 15:117db924cf7c 6199 XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6200 }
wolfSSL 15:117db924cf7c 6201 #else
wolfSSL 15:117db924cf7c 6202 (void)ssl;
wolfSSL 15:117db924cf7c 6203 (void)kse;
wolfSSL 15:117db924cf7c 6204
wolfSSL 15:117db924cf7c 6205 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 6206 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 6207
wolfSSL 15:117db924cf7c 6208 return ret;
wolfSSL 15:117db924cf7c 6209 }
wolfSSL 15:117db924cf7c 6210
wolfSSL 15:117db924cf7c 6211 /* Generate a secret/key using the key share entry.
wolfSSL 15:117db924cf7c 6212 *
wolfSSL 15:117db924cf7c 6213 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6214 * kse The key share entry holding peer data.
wolfSSL 15:117db924cf7c 6215 */
wolfSSL 15:117db924cf7c 6216 static int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse)
wolfSSL 15:117db924cf7c 6217 {
wolfSSL 15:117db924cf7c 6218 /* Named FFHE groups have a bit set to identify them. */
wolfSSL 15:117db924cf7c 6219 if ((kse->group & NAMED_DH_MASK) == NAMED_DH_MASK)
wolfSSL 15:117db924cf7c 6220 return TLSX_KeyShare_GenDhKey(ssl, kse);
wolfSSL 15:117db924cf7c 6221 if (kse->group == WOLFSSL_ECC_X25519)
wolfSSL 15:117db924cf7c 6222 return TLSX_KeyShare_GenX25519Key(ssl, kse);
wolfSSL 15:117db924cf7c 6223 return TLSX_KeyShare_GenEccKey(ssl, kse);
wolfSSL 15:117db924cf7c 6224 }
wolfSSL 15:117db924cf7c 6225
wolfSSL 15:117db924cf7c 6226 /* Free the key share dynamic data.
wolfSSL 15:117db924cf7c 6227 *
wolfSSL 15:117db924cf7c 6228 * list The linked list of key share entry objects.
wolfSSL 15:117db924cf7c 6229 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 6230 */
wolfSSL 15:117db924cf7c 6231 static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
wolfSSL 15:117db924cf7c 6232 {
wolfSSL 15:117db924cf7c 6233 KeyShareEntry* current;
wolfSSL 15:117db924cf7c 6234
wolfSSL 15:117db924cf7c 6235 while ((current = list) != NULL) {
wolfSSL 15:117db924cf7c 6236 list = current->next;
wolfSSL 15:117db924cf7c 6237 if ((current->group & NAMED_DH_MASK) == 0) {
wolfSSL 15:117db924cf7c 6238 if (current->group == WOLFSSL_ECC_X25519) {
wolfSSL 15:117db924cf7c 6239 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 6240 wc_curve25519_free((curve25519_key*)current->key);
wolfSSL 15:117db924cf7c 6241 #endif
wolfSSL 15:117db924cf7c 6242 }
wolfSSL 15:117db924cf7c 6243 else {
wolfSSL 15:117db924cf7c 6244 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 6245 wc_ecc_free((ecc_key*)(current->key));
wolfSSL 15:117db924cf7c 6246 #endif
wolfSSL 15:117db924cf7c 6247 }
wolfSSL 15:117db924cf7c 6248 }
wolfSSL 15:117db924cf7c 6249 XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 6250 XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6251 XFREE(current->ke, heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6252 XFREE(current, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 6253 }
wolfSSL 15:117db924cf7c 6254
wolfSSL 15:117db924cf7c 6255 (void)heap;
wolfSSL 15:117db924cf7c 6256 }
wolfSSL 15:117db924cf7c 6257
wolfSSL 15:117db924cf7c 6258 /* Get the size of the encoded key share extension.
wolfSSL 15:117db924cf7c 6259 *
wolfSSL 15:117db924cf7c 6260 * list The linked list of key share extensions.
wolfSSL 15:117db924cf7c 6261 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 6262 * returns the number of bytes of the encoded key share extension.
wolfSSL 15:117db924cf7c 6263 */
wolfSSL 15:117db924cf7c 6264 static word16 TLSX_KeyShare_GetSize(KeyShareEntry* list, byte msgType)
wolfSSL 15:117db924cf7c 6265 {
wolfSSL 15:117db924cf7c 6266 int len = 0;
wolfSSL 15:117db924cf7c 6267 byte isRequest = (msgType == client_hello);
wolfSSL 15:117db924cf7c 6268 KeyShareEntry* current;
wolfSSL 15:117db924cf7c 6269
wolfSSL 15:117db924cf7c 6270 /* The named group the server wants to use. */
wolfSSL 15:117db924cf7c 6271 if (msgType == hello_retry_request)
wolfSSL 15:117db924cf7c 6272 return OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 6273
wolfSSL 15:117db924cf7c 6274 /* List of key exchange groups. */
wolfSSL 15:117db924cf7c 6275 if (isRequest)
wolfSSL 15:117db924cf7c 6276 len += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 6277 while ((current = list) != NULL) {
wolfSSL 15:117db924cf7c 6278 list = current->next;
wolfSSL 15:117db924cf7c 6279
wolfSSL 15:117db924cf7c 6280 if (!isRequest && current->key == NULL)
wolfSSL 15:117db924cf7c 6281 continue;
wolfSSL 15:117db924cf7c 6282
wolfSSL 15:117db924cf7c 6283 len += (int)(KE_GROUP_LEN + OPAQUE16_LEN + current->pubKeyLen);
wolfSSL 15:117db924cf7c 6284 }
wolfSSL 15:117db924cf7c 6285
wolfSSL 15:117db924cf7c 6286 return (word16)len;
wolfSSL 15:117db924cf7c 6287 }
wolfSSL 15:117db924cf7c 6288
wolfSSL 15:117db924cf7c 6289 /* Writes the key share extension into the output buffer.
wolfSSL 15:117db924cf7c 6290 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 6291 *
wolfSSL 15:117db924cf7c 6292 * list The linked list of key share entries.
wolfSSL 15:117db924cf7c 6293 * output The buffer to write into.
wolfSSL 15:117db924cf7c 6294 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 6295 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 6296 */
wolfSSL 15:117db924cf7c 6297 static word16 TLSX_KeyShare_Write(KeyShareEntry* list, byte* output,
wolfSSL 15:117db924cf7c 6298 byte msgType)
wolfSSL 15:117db924cf7c 6299 {
wolfSSL 15:117db924cf7c 6300 word16 i = 0;
wolfSSL 15:117db924cf7c 6301 byte isRequest = (msgType == client_hello);
wolfSSL 15:117db924cf7c 6302 KeyShareEntry* current;
wolfSSL 15:117db924cf7c 6303
wolfSSL 15:117db924cf7c 6304 if (msgType == hello_retry_request) {
wolfSSL 15:117db924cf7c 6305 c16toa(list->group, output);
wolfSSL 15:117db924cf7c 6306 return OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 6307 }
wolfSSL 15:117db924cf7c 6308
wolfSSL 15:117db924cf7c 6309 /* ClientHello has a list but ServerHello is only the chosen. */
wolfSSL 15:117db924cf7c 6310 if (isRequest)
wolfSSL 15:117db924cf7c 6311 i += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 6312
wolfSSL 15:117db924cf7c 6313 /* Write out all in the list. */
wolfSSL 15:117db924cf7c 6314 while ((current = list) != NULL) {
wolfSSL 15:117db924cf7c 6315 list = current->next;
wolfSSL 15:117db924cf7c 6316
wolfSSL 15:117db924cf7c 6317 if (!isRequest && current->key == NULL)
wolfSSL 15:117db924cf7c 6318 continue;
wolfSSL 15:117db924cf7c 6319
wolfSSL 15:117db924cf7c 6320 c16toa(current->group, &output[i]);
wolfSSL 15:117db924cf7c 6321 i += KE_GROUP_LEN;
wolfSSL 15:117db924cf7c 6322 c16toa((word16)(current->pubKeyLen), &output[i]);
wolfSSL 15:117db924cf7c 6323 i += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 6324 XMEMCPY(&output[i], current->pubKey, current->pubKeyLen);
wolfSSL 15:117db924cf7c 6325 i += (word16)current->pubKeyLen;
wolfSSL 15:117db924cf7c 6326 }
wolfSSL 15:117db924cf7c 6327 /* Write the length of the list if required. */
wolfSSL 15:117db924cf7c 6328 if (isRequest)
wolfSSL 15:117db924cf7c 6329 c16toa(i - OPAQUE16_LEN, output);
wolfSSL 15:117db924cf7c 6330
wolfSSL 15:117db924cf7c 6331 return i;
wolfSSL 15:117db924cf7c 6332 }
wolfSSL 15:117db924cf7c 6333
wolfSSL 15:117db924cf7c 6334 /* Process the DH key share extension on the client side.
wolfSSL 15:117db924cf7c 6335 *
wolfSSL 15:117db924cf7c 6336 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6337 * keyShareEntry The key share entry object to use to calculate shared secret.
wolfSSL 15:117db924cf7c 6338 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 6339 */
wolfSSL 15:117db924cf7c 6340 static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
wolfSSL 15:117db924cf7c 6341 {
wolfSSL 15:117db924cf7c 6342 #ifndef NO_DH
wolfSSL 15:117db924cf7c 6343 int ret;
wolfSSL 15:117db924cf7c 6344 const DhParams* params;
wolfSSL 15:117db924cf7c 6345 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6346 DhKey* dhKey = NULL;
wolfSSL 15:117db924cf7c 6347 #else
wolfSSL 15:117db924cf7c 6348 DhKey dhKey[1];
wolfSSL 15:117db924cf7c 6349 #endif
wolfSSL 15:117db924cf7c 6350
wolfSSL 15:117db924cf7c 6351 switch (keyShareEntry->group) {
wolfSSL 15:117db924cf7c 6352 #ifdef HAVE_FFDHE_2048
wolfSSL 15:117db924cf7c 6353 case WOLFSSL_FFDHE_2048:
wolfSSL 15:117db924cf7c 6354 params = wc_Dh_ffdhe2048_Get();
wolfSSL 15:117db924cf7c 6355 break;
wolfSSL 15:117db924cf7c 6356 #endif
wolfSSL 15:117db924cf7c 6357 #ifdef HAVE_FFDHE_3072
wolfSSL 15:117db924cf7c 6358 case WOLFSSL_FFDHE_3072:
wolfSSL 15:117db924cf7c 6359 params = wc_Dh_ffdhe3072_Get();
wolfSSL 15:117db924cf7c 6360 break;
wolfSSL 15:117db924cf7c 6361 #endif
wolfSSL 15:117db924cf7c 6362 #ifdef HAVE_FFDHE_4096
wolfSSL 15:117db924cf7c 6363 case WOLFSSL_FFDHE_4096:
wolfSSL 15:117db924cf7c 6364 params = wc_Dh_ffdhe4096_Get();
wolfSSL 15:117db924cf7c 6365 break;
wolfSSL 15:117db924cf7c 6366 #endif
wolfSSL 15:117db924cf7c 6367 #ifdef HAVE_FFDHE_6144
wolfSSL 15:117db924cf7c 6368 case WOLFSSL_FFDHE_6144:
wolfSSL 15:117db924cf7c 6369 params = wc_Dh_ffdhe6144_Get();
wolfSSL 15:117db924cf7c 6370 break;
wolfSSL 15:117db924cf7c 6371 #endif
wolfSSL 15:117db924cf7c 6372 #ifdef HAVE_FFDHE_8192
wolfSSL 15:117db924cf7c 6373 case WOLFSSL_FFDHE_8192:
wolfSSL 15:117db924cf7c 6374 params = wc_Dh_ffdhe8192_Get();
wolfSSL 15:117db924cf7c 6375 break;
wolfSSL 15:117db924cf7c 6376 #endif
wolfSSL 15:117db924cf7c 6377 default:
wolfSSL 15:117db924cf7c 6378 return PEER_KEY_ERROR;
wolfSSL 15:117db924cf7c 6379 }
wolfSSL 15:117db924cf7c 6380
wolfSSL 15:117db924cf7c 6381 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 6382 WOLFSSL_MSG("Peer DH Key");
wolfSSL 15:117db924cf7c 6383 WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen);
wolfSSL 15:117db924cf7c 6384 #endif
wolfSSL 15:117db924cf7c 6385
wolfSSL 15:117db924cf7c 6386 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6387 dhKey = (DhKey*)XMALLOC(sizeof(DhKey), ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 6388 if (dhKey == NULL)
wolfSSL 15:117db924cf7c 6389 return MEMORY_E;
wolfSSL 15:117db924cf7c 6390 #endif
wolfSSL 15:117db924cf7c 6391
wolfSSL 15:117db924cf7c 6392 ret = wc_InitDhKey_ex(dhKey, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 6393 if (ret != 0) {
wolfSSL 15:117db924cf7c 6394 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6395 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 6396 #endif
wolfSSL 15:117db924cf7c 6397 return ret;
wolfSSL 15:117db924cf7c 6398 }
wolfSSL 15:117db924cf7c 6399
wolfSSL 15:117db924cf7c 6400 /* Set key */
wolfSSL 15:117db924cf7c 6401 ret = wc_DhSetKey(dhKey, (byte*)params->p, params->p_len, (byte*)params->g,
wolfSSL 15:117db924cf7c 6402 params->g_len);
wolfSSL 15:117db924cf7c 6403 if (ret != 0) {
wolfSSL 15:117db924cf7c 6404 wc_FreeDhKey(dhKey);
wolfSSL 15:117db924cf7c 6405 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6406 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 6407 #endif
wolfSSL 15:117db924cf7c 6408 return ret;
wolfSSL 15:117db924cf7c 6409 }
wolfSSL 15:117db924cf7c 6410
wolfSSL 15:117db924cf7c 6411 ret = wc_DhCheckPubKey(dhKey, keyShareEntry->ke, keyShareEntry->keLen);
wolfSSL 15:117db924cf7c 6412 if (ret != 0) {
wolfSSL 15:117db924cf7c 6413 wc_FreeDhKey(dhKey);
wolfSSL 15:117db924cf7c 6414 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6415 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 6416 #endif
wolfSSL 15:117db924cf7c 6417 return PEER_KEY_ERROR;
wolfSSL 15:117db924cf7c 6418 }
wolfSSL 15:117db924cf7c 6419
wolfSSL 15:117db924cf7c 6420 /* Derive secret from private key and peer's public key. */
wolfSSL 15:117db924cf7c 6421 ret = wc_DhAgree(dhKey,
wolfSSL 15:117db924cf7c 6422 ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz,
wolfSSL 15:117db924cf7c 6423 (const byte*)keyShareEntry->key, keyShareEntry->keyLen,
wolfSSL 15:117db924cf7c 6424 keyShareEntry->ke, keyShareEntry->keLen);
wolfSSL 15:117db924cf7c 6425 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 6426 /* TODO: Make this function non-blocking */
wolfSSL 15:117db924cf7c 6427 if (ret == WC_PENDING_E) {
wolfSSL 15:117db924cf7c 6428 ret = wc_AsyncWait(ret, dhKey.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 15:117db924cf7c 6429 }
wolfSSL 15:117db924cf7c 6430 #endif
wolfSSL 15:117db924cf7c 6431
wolfSSL 15:117db924cf7c 6432 wc_FreeDhKey(dhKey);
wolfSSL 15:117db924cf7c 6433 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6434 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 6435 #endif
wolfSSL 15:117db924cf7c 6436
wolfSSL 15:117db924cf7c 6437 return ret;
wolfSSL 15:117db924cf7c 6438 #else
wolfSSL 15:117db924cf7c 6439 (void)ssl;
wolfSSL 15:117db924cf7c 6440 (void)keyShareEntry;
wolfSSL 15:117db924cf7c 6441 return PEER_KEY_ERROR;
wolfSSL 15:117db924cf7c 6442 #endif
wolfSSL 15:117db924cf7c 6443 }
wolfSSL 15:117db924cf7c 6444
wolfSSL 15:117db924cf7c 6445 /* Process the X25519 key share extension on the client side.
wolfSSL 15:117db924cf7c 6446 *
wolfSSL 15:117db924cf7c 6447 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6448 * keyShareEntry The key share entry object to use to calculate shared secret.
wolfSSL 15:117db924cf7c 6449 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 6450 */
wolfSSL 15:117db924cf7c 6451 static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 6452 KeyShareEntry* keyShareEntry)
wolfSSL 15:117db924cf7c 6453 {
wolfSSL 15:117db924cf7c 6454 int ret;
wolfSSL 15:117db924cf7c 6455
wolfSSL 15:117db924cf7c 6456 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 6457 curve25519_key* key = (curve25519_key*)keyShareEntry->key;
wolfSSL 15:117db924cf7c 6458 curve25519_key* peerX25519Key;
wolfSSL 15:117db924cf7c 6459
wolfSSL 15:117db924cf7c 6460 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 6461 if (ssl->peerEccKey != NULL) {
wolfSSL 15:117db924cf7c 6462 wc_ecc_free(ssl->peerEccKey);
wolfSSL 15:117db924cf7c 6463 ssl->peerEccKey = NULL;
wolfSSL 15:117db924cf7c 6464 }
wolfSSL 15:117db924cf7c 6465 #endif
wolfSSL 15:117db924cf7c 6466
wolfSSL 15:117db924cf7c 6467 peerX25519Key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), ssl->heap,
wolfSSL 15:117db924cf7c 6468 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 6469 if (peerX25519Key == NULL) {
wolfSSL 15:117db924cf7c 6470 WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL 15:117db924cf7c 6471 return MEMORY_ERROR;
wolfSSL 15:117db924cf7c 6472 }
wolfSSL 15:117db924cf7c 6473 ret = wc_curve25519_init(peerX25519Key);
wolfSSL 15:117db924cf7c 6474 if (ret != 0) {
wolfSSL 15:117db924cf7c 6475 XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 6476 return ret;
wolfSSL 15:117db924cf7c 6477 }
wolfSSL 15:117db924cf7c 6478 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 6479 WOLFSSL_MSG("Peer Curve25519 Key");
wolfSSL 15:117db924cf7c 6480 WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen);
wolfSSL 15:117db924cf7c 6481 #endif
wolfSSL 15:117db924cf7c 6482
wolfSSL 15:117db924cf7c 6483 /* Point is validated by import function. */
wolfSSL 15:117db924cf7c 6484 if (wc_curve25519_import_public_ex(keyShareEntry->ke, keyShareEntry->keLen,
wolfSSL 15:117db924cf7c 6485 peerX25519Key,
wolfSSL 15:117db924cf7c 6486 EC25519_LITTLE_ENDIAN) != 0) {
wolfSSL 15:117db924cf7c 6487 ret = ECC_PEERKEY_ERROR;
wolfSSL 15:117db924cf7c 6488 }
wolfSSL 15:117db924cf7c 6489
wolfSSL 15:117db924cf7c 6490 if (ret == 0) {
wolfSSL 15:117db924cf7c 6491 ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL 15:117db924cf7c 6492 ssl->ecdhCurveOID = ECC_X25519_OID;
wolfSSL 15:117db924cf7c 6493
wolfSSL 15:117db924cf7c 6494 ret = wc_curve25519_shared_secret_ex(key, peerX25519Key,
wolfSSL 15:117db924cf7c 6495 ssl->arrays->preMasterSecret,
wolfSSL 15:117db924cf7c 6496 &ssl->arrays->preMasterSz,
wolfSSL 15:117db924cf7c 6497 EC25519_LITTLE_ENDIAN);
wolfSSL 15:117db924cf7c 6498 }
wolfSSL 15:117db924cf7c 6499 wc_curve25519_free(peerX25519Key);
wolfSSL 15:117db924cf7c 6500 XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 6501 #else
wolfSSL 15:117db924cf7c 6502 (void)ssl;
wolfSSL 15:117db924cf7c 6503 (void)keyShareEntry;
wolfSSL 15:117db924cf7c 6504
wolfSSL 15:117db924cf7c 6505 ret = PEER_KEY_ERROR;
wolfSSL 15:117db924cf7c 6506 #endif /* HAVE_CURVE25519 */
wolfSSL 15:117db924cf7c 6507
wolfSSL 15:117db924cf7c 6508 return ret;
wolfSSL 15:117db924cf7c 6509 }
wolfSSL 15:117db924cf7c 6510
wolfSSL 15:117db924cf7c 6511 /* Process the ECC key share extension on the client side.
wolfSSL 15:117db924cf7c 6512 *
wolfSSL 15:117db924cf7c 6513 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6514 * keyShareEntry The key share entry object to use to calculate shared secret.
wolfSSL 15:117db924cf7c 6515 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 6516 */
wolfSSL 15:117db924cf7c 6517 static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
wolfSSL 15:117db924cf7c 6518 {
wolfSSL 15:117db924cf7c 6519 int ret;
wolfSSL 15:117db924cf7c 6520
wolfSSL 15:117db924cf7c 6521 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 6522 int curveId;
wolfSSL 15:117db924cf7c 6523 ecc_key* keyShareKey = (ecc_key*)keyShareEntry->key;
wolfSSL 15:117db924cf7c 6524
wolfSSL 15:117db924cf7c 6525 if (ssl->peerEccKey != NULL)
wolfSSL 15:117db924cf7c 6526 wc_ecc_free(ssl->peerEccKey);
wolfSSL 15:117db924cf7c 6527
wolfSSL 15:117db924cf7c 6528 ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap,
wolfSSL 15:117db924cf7c 6529 DYNAMIC_TYPE_ECC);
wolfSSL 15:117db924cf7c 6530 if (ssl->peerEccKey == NULL) {
wolfSSL 15:117db924cf7c 6531 WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL 15:117db924cf7c 6532 return MEMORY_ERROR;
wolfSSL 15:117db924cf7c 6533 }
wolfSSL 15:117db924cf7c 6534 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 6535 if (ret != 0)
wolfSSL 15:117db924cf7c 6536 return ret;
wolfSSL 15:117db924cf7c 6537
wolfSSL 15:117db924cf7c 6538 /* find supported curve */
wolfSSL 15:117db924cf7c 6539 switch (keyShareEntry->group) {
wolfSSL 15:117db924cf7c 6540 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 6541 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 6542 case WOLFSSL_ECC_SECP256R1:
wolfSSL 15:117db924cf7c 6543 curveId = ECC_SECP256R1;
wolfSSL 15:117db924cf7c 6544 break;
wolfSSL 15:117db924cf7c 6545 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 6546 #endif
wolfSSL 15:117db924cf7c 6547 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 6548 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 6549 case WOLFSSL_ECC_SECP384R1:
wolfSSL 15:117db924cf7c 6550 curveId = ECC_SECP384R1;
wolfSSL 15:117db924cf7c 6551 break;
wolfSSL 15:117db924cf7c 6552 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 6553 #endif
wolfSSL 15:117db924cf7c 6554 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 6555 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 6556 case WOLFSSL_ECC_SECP521R1:
wolfSSL 15:117db924cf7c 6557 curveId = ECC_SECP521R1;
wolfSSL 15:117db924cf7c 6558 break;
wolfSSL 15:117db924cf7c 6559 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 6560 #endif
wolfSSL 15:117db924cf7c 6561 #ifdef HAVE_X448
wolfSSL 15:117db924cf7c 6562 case WOLFSSL_ECC_X448:
wolfSSL 15:117db924cf7c 6563 curveId = ECC_X448;
wolfSSL 15:117db924cf7c 6564 break;
wolfSSL 15:117db924cf7c 6565 #endif
wolfSSL 15:117db924cf7c 6566 default:
wolfSSL 15:117db924cf7c 6567 /* unsupported curve */
wolfSSL 15:117db924cf7c 6568 return ECC_PEERKEY_ERROR;
wolfSSL 15:117db924cf7c 6569 }
wolfSSL 15:117db924cf7c 6570
wolfSSL 15:117db924cf7c 6571 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 6572 WOLFSSL_MSG("Peer ECC Key");
wolfSSL 15:117db924cf7c 6573 WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen);
wolfSSL 15:117db924cf7c 6574 #endif
wolfSSL 15:117db924cf7c 6575
wolfSSL 15:117db924cf7c 6576 /* Point is validated by import function. */
wolfSSL 15:117db924cf7c 6577 if (wc_ecc_import_x963_ex(keyShareEntry->ke, keyShareEntry->keLen,
wolfSSL 15:117db924cf7c 6578 ssl->peerEccKey, curveId) != 0) {
wolfSSL 15:117db924cf7c 6579 return ECC_PEERKEY_ERROR;
wolfSSL 15:117db924cf7c 6580 }
wolfSSL 15:117db924cf7c 6581 ssl->ecdhCurveOID = ssl->peerEccKey->dp->oidSum;
wolfSSL 15:117db924cf7c 6582
wolfSSL 15:117db924cf7c 6583 ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL 15:117db924cf7c 6584 do {
wolfSSL 15:117db924cf7c 6585 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 15:117db924cf7c 6586 ret = wc_AsyncWait(ret, &keyShareKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 15:117db924cf7c 6587 #endif
wolfSSL 15:117db924cf7c 6588 if (ret >= 0)
wolfSSL 15:117db924cf7c 6589 ret = wc_ecc_shared_secret(keyShareKey, ssl->peerEccKey,
wolfSSL 15:117db924cf7c 6590 ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz);
wolfSSL 15:117db924cf7c 6591 } while (ret == WC_PENDING_E);
wolfSSL 15:117db924cf7c 6592
wolfSSL 15:117db924cf7c 6593 #if 0
wolfSSL 15:117db924cf7c 6594 /* TODO: Switch to support async here and use: */
wolfSSL 15:117db924cf7c 6595 ret = EccSharedSecret(ssl, keyShareEntry->key, ssl->peerEccKey,
wolfSSL 15:117db924cf7c 6596 keyShareEntry->ke, &keyShareEntry->keLen,
wolfSSL 15:117db924cf7c 6597 ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz,
wolfSSL 15:117db924cf7c 6598 ssl->options.side
wolfSSL 15:117db924cf7c 6599 );
wolfSSL 15:117db924cf7c 6600 #endif
wolfSSL 15:117db924cf7c 6601
wolfSSL 15:117db924cf7c 6602
wolfSSL 15:117db924cf7c 6603 #else
wolfSSL 15:117db924cf7c 6604 (void)ssl;
wolfSSL 15:117db924cf7c 6605 (void)keyShareEntry;
wolfSSL 15:117db924cf7c 6606
wolfSSL 15:117db924cf7c 6607 ret = PEER_KEY_ERROR;
wolfSSL 15:117db924cf7c 6608 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 6609
wolfSSL 15:117db924cf7c 6610 return ret;
wolfSSL 15:117db924cf7c 6611 }
wolfSSL 15:117db924cf7c 6612
wolfSSL 15:117db924cf7c 6613 /* Process the key share extension on the client side.
wolfSSL 15:117db924cf7c 6614 *
wolfSSL 15:117db924cf7c 6615 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6616 * keyShareEntry The key share entry object to use to calculate shared secret.
wolfSSL 15:117db924cf7c 6617 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 6618 */
wolfSSL 15:117db924cf7c 6619 static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
wolfSSL 15:117db924cf7c 6620 {
wolfSSL 15:117db924cf7c 6621 int ret;
wolfSSL 15:117db924cf7c 6622
wolfSSL 15:117db924cf7c 6623 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 6624 ssl->session.namedGroup = (byte)keyShareEntry->group;
wolfSSL 15:117db924cf7c 6625 #endif
wolfSSL 15:117db924cf7c 6626 /* Use Key Share Data from server. */
wolfSSL 15:117db924cf7c 6627 if (keyShareEntry->group & NAMED_DH_MASK)
wolfSSL 15:117db924cf7c 6628 ret = TLSX_KeyShare_ProcessDh(ssl, keyShareEntry);
wolfSSL 15:117db924cf7c 6629 else if (keyShareEntry->group == WOLFSSL_ECC_X25519)
wolfSSL 15:117db924cf7c 6630 ret = TLSX_KeyShare_ProcessX25519(ssl, keyShareEntry);
wolfSSL 15:117db924cf7c 6631 else
wolfSSL 15:117db924cf7c 6632 ret = TLSX_KeyShare_ProcessEcc(ssl, keyShareEntry);
wolfSSL 15:117db924cf7c 6633
wolfSSL 15:117db924cf7c 6634 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 6635 WOLFSSL_MSG("KE Secret");
wolfSSL 15:117db924cf7c 6636 WOLFSSL_BUFFER(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
wolfSSL 15:117db924cf7c 6637 #endif
wolfSSL 15:117db924cf7c 6638
wolfSSL 15:117db924cf7c 6639 return ret;
wolfSSL 15:117db924cf7c 6640 }
wolfSSL 15:117db924cf7c 6641
wolfSSL 15:117db924cf7c 6642 /* Parse an entry of the KeyShare extension.
wolfSSL 15:117db924cf7c 6643 *
wolfSSL 15:117db924cf7c 6644 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6645 * input The extension data.
wolfSSL 15:117db924cf7c 6646 * length The length of the extension data.
wolfSSL 15:117db924cf7c 6647 * kse The new key share entry object.
wolfSSL 15:117db924cf7c 6648 * returns a positive number to indicate amount of data parsed and a negative
wolfSSL 15:117db924cf7c 6649 * number on error.
wolfSSL 15:117db924cf7c 6650 */
wolfSSL 15:117db924cf7c 6651 static int TLSX_KeyShareEntry_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 6652 KeyShareEntry **kse)
wolfSSL 15:117db924cf7c 6653 {
wolfSSL 15:117db924cf7c 6654 int ret;
wolfSSL 15:117db924cf7c 6655 word16 group;
wolfSSL 15:117db924cf7c 6656 word16 keLen;
wolfSSL 15:117db924cf7c 6657 int offset = 0;
wolfSSL 15:117db924cf7c 6658 byte* ke;
wolfSSL 15:117db924cf7c 6659
wolfSSL 15:117db924cf7c 6660 if (length < OPAQUE16_LEN + OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 6661 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6662 /* Named group */
wolfSSL 15:117db924cf7c 6663 ato16(&input[offset], &group);
wolfSSL 15:117db924cf7c 6664 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 6665 /* Key exchange data - public key. */
wolfSSL 15:117db924cf7c 6666 ato16(&input[offset], &keLen);
wolfSSL 15:117db924cf7c 6667 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 6668 if (keLen < 1 || keLen > length - offset)
wolfSSL 15:117db924cf7c 6669 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6670
wolfSSL 15:117db924cf7c 6671 /* Store a copy in the key share object. */
wolfSSL 15:117db924cf7c 6672 ke = (byte*)XMALLOC(keLen, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6673 if (ke == NULL)
wolfSSL 15:117db924cf7c 6674 return MEMORY_E;
wolfSSL 15:117db924cf7c 6675 XMEMCPY(ke, &input[offset], keLen);
wolfSSL 15:117db924cf7c 6676
wolfSSL 15:117db924cf7c 6677 /* Populate a key share object in the extension. */
wolfSSL 15:117db924cf7c 6678 ret = TLSX_KeyShare_Use(ssl, group, keLen, ke, kse);
wolfSSL 15:117db924cf7c 6679 if (ret != 0) {
wolfSSL 15:117db924cf7c 6680 XFREE(ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6681 return ret;
wolfSSL 15:117db924cf7c 6682 }
wolfSSL 15:117db924cf7c 6683
wolfSSL 15:117db924cf7c 6684 /* Total length of the parsed data. */
wolfSSL 15:117db924cf7c 6685 return offset + keLen;
wolfSSL 15:117db924cf7c 6686 }
wolfSSL 15:117db924cf7c 6687
wolfSSL 15:117db924cf7c 6688 /* Searches the groups sent for the specified named group.
wolfSSL 15:117db924cf7c 6689 *
wolfSSL 15:117db924cf7c 6690 * ssl SSL/TLS object.
wolfSSL 15:117db924cf7c 6691 * name Group name to match.
wolfSSL 15:117db924cf7c 6692 * returns 1 when the extension has the group name and 0 otherwise.
wolfSSL 15:117db924cf7c 6693 */
wolfSSL 15:117db924cf7c 6694 static int TLSX_KeyShare_Find(WOLFSSL* ssl, word16 group)
wolfSSL 15:117db924cf7c 6695 {
wolfSSL 15:117db924cf7c 6696 TLSX* extension;
wolfSSL 15:117db924cf7c 6697 KeyShareEntry* list;
wolfSSL 15:117db924cf7c 6698
wolfSSL 15:117db924cf7c 6699 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 6700 if (extension == NULL) {
wolfSSL 15:117db924cf7c 6701 extension = TLSX_Find(ssl->ctx->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 6702 if (extension == NULL)
wolfSSL 15:117db924cf7c 6703 return 0;
wolfSSL 15:117db924cf7c 6704 }
wolfSSL 15:117db924cf7c 6705
wolfSSL 15:117db924cf7c 6706 list = (KeyShareEntry*)extension->data;
wolfSSL 15:117db924cf7c 6707 while (list != NULL) {
wolfSSL 15:117db924cf7c 6708 if (list->group == group)
wolfSSL 15:117db924cf7c 6709 return 1;
wolfSSL 15:117db924cf7c 6710 list = list->next;
wolfSSL 15:117db924cf7c 6711 }
wolfSSL 15:117db924cf7c 6712
wolfSSL 15:117db924cf7c 6713 return 0;
wolfSSL 15:117db924cf7c 6714 }
wolfSSL 15:117db924cf7c 6715
wolfSSL 15:117db924cf7c 6716
wolfSSL 15:117db924cf7c 6717 /* Searches the supported groups extension for the specified named group.
wolfSSL 15:117db924cf7c 6718 *
wolfSSL 15:117db924cf7c 6719 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6720 * name The group name to match.
wolfSSL 15:117db924cf7c 6721 * returns 1 when the extension has the group name and 0 otherwise.
wolfSSL 15:117db924cf7c 6722 */
wolfSSL 15:117db924cf7c 6723 static int TLSX_SupportedGroups_Find(WOLFSSL* ssl, word16 name)
wolfSSL 15:117db924cf7c 6724 {
wolfSSL 15:117db924cf7c 6725 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 15:117db924cf7c 6726 TLSX* extension;
wolfSSL 15:117db924cf7c 6727 SupportedCurve* curve = NULL;
wolfSSL 15:117db924cf7c 6728
wolfSSL 15:117db924cf7c 6729 if ((extension = TLSX_Find(ssl->extensions,
wolfSSL 15:117db924cf7c 6730 TLSX_SUPPORTED_GROUPS)) == NULL) {
wolfSSL 15:117db924cf7c 6731 if ((extension = TLSX_Find(ssl->ctx->extensions,
wolfSSL 15:117db924cf7c 6732 TLSX_SUPPORTED_GROUPS)) == NULL) {
wolfSSL 15:117db924cf7c 6733 return 0;
wolfSSL 15:117db924cf7c 6734 }
wolfSSL 15:117db924cf7c 6735 }
wolfSSL 15:117db924cf7c 6736
wolfSSL 15:117db924cf7c 6737 for (curve = (SupportedCurve*)extension->data; curve; curve = curve->next) {
wolfSSL 15:117db924cf7c 6738 if (curve->name == name)
wolfSSL 15:117db924cf7c 6739 return 1;
wolfSSL 15:117db924cf7c 6740 }
wolfSSL 15:117db924cf7c 6741 #endif
wolfSSL 15:117db924cf7c 6742
wolfSSL 15:117db924cf7c 6743 (void)ssl;
wolfSSL 15:117db924cf7c 6744 (void)name;
wolfSSL 15:117db924cf7c 6745
wolfSSL 15:117db924cf7c 6746 return 0;
wolfSSL 15:117db924cf7c 6747 }
wolfSSL 15:117db924cf7c 6748
wolfSSL 15:117db924cf7c 6749
wolfSSL 15:117db924cf7c 6750 /* Parse the KeyShare extension.
wolfSSL 15:117db924cf7c 6751 * Different formats in different messages.
wolfSSL 15:117db924cf7c 6752 *
wolfSSL 15:117db924cf7c 6753 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6754 * input The extension data.
wolfSSL 15:117db924cf7c 6755 * length The length of the extension data.
wolfSSL 15:117db924cf7c 6756 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 6757 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 6758 */
wolfSSL 15:117db924cf7c 6759 static int TLSX_KeyShare_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 6760 byte msgType)
wolfSSL 15:117db924cf7c 6761 {
wolfSSL 15:117db924cf7c 6762 int ret;
wolfSSL 15:117db924cf7c 6763 KeyShareEntry *keyShareEntry;
wolfSSL 15:117db924cf7c 6764 word16 group;
wolfSSL 15:117db924cf7c 6765
wolfSSL 15:117db924cf7c 6766 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 6767 int offset = 0;
wolfSSL 15:117db924cf7c 6768 word16 len;
wolfSSL 15:117db924cf7c 6769 TLSX* extension;
wolfSSL 15:117db924cf7c 6770
wolfSSL 15:117db924cf7c 6771 /* Add a KeyShare extension if it doesn't exist. */
wolfSSL 15:117db924cf7c 6772 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 6773 if (extension == NULL) {
wolfSSL 15:117db924cf7c 6774 /* Push new KeyShare extension. */
wolfSSL 15:117db924cf7c 6775 ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 6776 if (ret != 0)
wolfSSL 15:117db924cf7c 6777 return ret;
wolfSSL 15:117db924cf7c 6778 }
wolfSSL 15:117db924cf7c 6779
wolfSSL 15:117db924cf7c 6780 if (length < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 6781 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6782
wolfSSL 15:117db924cf7c 6783 /* ClientHello contains zero or more key share entries. */
wolfSSL 15:117db924cf7c 6784 ato16(input, &len);
wolfSSL 15:117db924cf7c 6785 if (len != length - OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 6786 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6787 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 6788
wolfSSL 15:117db924cf7c 6789 while (offset < length) {
wolfSSL 15:117db924cf7c 6790 ret = TLSX_KeyShareEntry_Parse(ssl, &input[offset], length,
wolfSSL 15:117db924cf7c 6791 &keyShareEntry);
wolfSSL 15:117db924cf7c 6792 if (ret < 0)
wolfSSL 15:117db924cf7c 6793 return ret;
wolfSSL 15:117db924cf7c 6794
wolfSSL 15:117db924cf7c 6795 offset += ret;
wolfSSL 15:117db924cf7c 6796 }
wolfSSL 15:117db924cf7c 6797
wolfSSL 15:117db924cf7c 6798 ret = 0;
wolfSSL 15:117db924cf7c 6799 }
wolfSSL 15:117db924cf7c 6800 else if (msgType == server_hello) {
wolfSSL 15:117db924cf7c 6801 int len;
wolfSSL 15:117db924cf7c 6802
wolfSSL 15:117db924cf7c 6803 if (length < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 6804 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6805
wolfSSL 15:117db924cf7c 6806 /* The data is the named group the server wants to use. */
wolfSSL 15:117db924cf7c 6807 ato16(input, &group);
wolfSSL 15:117db924cf7c 6808
wolfSSL 15:117db924cf7c 6809 /* Check the selected group was supported by ClientHello extensions. */
wolfSSL 15:117db924cf7c 6810 if (!TLSX_SupportedGroups_Find(ssl, group))
wolfSSL 15:117db924cf7c 6811 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 6812
wolfSSL 15:117db924cf7c 6813 /* Check if the group was sent. */
wolfSSL 15:117db924cf7c 6814 if (!TLSX_KeyShare_Find(ssl, group))
wolfSSL 15:117db924cf7c 6815 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 6816
wolfSSL 15:117db924cf7c 6817 /* ServerHello contains one key share entry. */
wolfSSL 15:117db924cf7c 6818 len = TLSX_KeyShareEntry_Parse(ssl, input, length, &keyShareEntry);
wolfSSL 15:117db924cf7c 6819 if (len != length)
wolfSSL 15:117db924cf7c 6820 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6821
wolfSSL 15:117db924cf7c 6822 /* Not in list sent if there isn't a private key. */
wolfSSL 15:117db924cf7c 6823 if (keyShareEntry->key == NULL)
wolfSSL 15:117db924cf7c 6824 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 6825
wolfSSL 15:117db924cf7c 6826 /* Process the entry to calculate the secret. */
wolfSSL 15:117db924cf7c 6827 ret = TLSX_KeyShare_Process(ssl, keyShareEntry);
wolfSSL 15:117db924cf7c 6828 if (ret == 0)
wolfSSL 15:117db924cf7c 6829 ssl->session.namedGroup = ssl->namedGroup = group;
wolfSSL 15:117db924cf7c 6830 }
wolfSSL 15:117db924cf7c 6831 else if (msgType == hello_retry_request) {
wolfSSL 15:117db924cf7c 6832 if (length != OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 6833 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6834
wolfSSL 15:117db924cf7c 6835 /* The data is the named group the server wants to use. */
wolfSSL 15:117db924cf7c 6836 ato16(input, &group);
wolfSSL 15:117db924cf7c 6837
wolfSSL 15:117db924cf7c 6838 /* Check the selected group was supported by ClientHello extensions. */
wolfSSL 15:117db924cf7c 6839 if (!TLSX_SupportedGroups_Find(ssl, group))
wolfSSL 15:117db924cf7c 6840 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 6841
wolfSSL 15:117db924cf7c 6842 /* Check if the group was sent. */
wolfSSL 15:117db924cf7c 6843 if (TLSX_KeyShare_Find(ssl, group))
wolfSSL 15:117db924cf7c 6844 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 6845
wolfSSL 15:117db924cf7c 6846 /* Clear out unusable key shares. */
wolfSSL 15:117db924cf7c 6847 ret = TLSX_KeyShare_Empty(ssl);
wolfSSL 15:117db924cf7c 6848 if (ret != 0)
wolfSSL 15:117db924cf7c 6849 return ret;
wolfSSL 15:117db924cf7c 6850
wolfSSL 15:117db924cf7c 6851 /* Try to use the server's group. */
wolfSSL 15:117db924cf7c 6852 ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL);
wolfSSL 15:117db924cf7c 6853 }
wolfSSL 15:117db924cf7c 6854 else {
wolfSSL 15:117db924cf7c 6855 /* Not a message type that is allowed to have this extension. */
wolfSSL 15:117db924cf7c 6856 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 6857 }
wolfSSL 15:117db924cf7c 6858
wolfSSL 15:117db924cf7c 6859 return ret;
wolfSSL 15:117db924cf7c 6860 }
wolfSSL 15:117db924cf7c 6861
wolfSSL 15:117db924cf7c 6862 /* Create a new key share entry and put it into the list.
wolfSSL 15:117db924cf7c 6863 *
wolfSSL 15:117db924cf7c 6864 * list The linked list of key share entries.
wolfSSL 15:117db924cf7c 6865 * group The named group.
wolfSSL 15:117db924cf7c 6866 * heap The memory to allocate with.
wolfSSL 15:117db924cf7c 6867 * keyShareEntry The new key share entry object.
wolfSSL 15:117db924cf7c 6868 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 6869 */
wolfSSL 15:117db924cf7c 6870 static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap,
wolfSSL 15:117db924cf7c 6871 KeyShareEntry** keyShareEntry)
wolfSSL 15:117db924cf7c 6872 {
wolfSSL 15:117db924cf7c 6873 KeyShareEntry* kse;
wolfSSL 15:117db924cf7c 6874
wolfSSL 15:117db924cf7c 6875 kse = (KeyShareEntry*)XMALLOC(sizeof(KeyShareEntry), heap,
wolfSSL 15:117db924cf7c 6876 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 6877 if (kse == NULL)
wolfSSL 15:117db924cf7c 6878 return MEMORY_E;
wolfSSL 15:117db924cf7c 6879
wolfSSL 15:117db924cf7c 6880 XMEMSET(kse, 0, sizeof(*kse));
wolfSSL 15:117db924cf7c 6881 kse->group = (word16)group;
wolfSSL 15:117db924cf7c 6882
wolfSSL 15:117db924cf7c 6883 /* Add it to the back and maintain the links. */
wolfSSL 15:117db924cf7c 6884 while (*list != NULL)
wolfSSL 15:117db924cf7c 6885 list = &((*list)->next);
wolfSSL 15:117db924cf7c 6886 *list = kse;
wolfSSL 15:117db924cf7c 6887 *keyShareEntry = kse;
wolfSSL 15:117db924cf7c 6888
wolfSSL 15:117db924cf7c 6889 (void)heap;
wolfSSL 15:117db924cf7c 6890
wolfSSL 15:117db924cf7c 6891 return 0;
wolfSSL 15:117db924cf7c 6892 }
wolfSSL 15:117db924cf7c 6893
wolfSSL 15:117db924cf7c 6894 /* Use the data to create a new key share object in the extensions.
wolfSSL 15:117db924cf7c 6895 *
wolfSSL 15:117db924cf7c 6896 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6897 * group The named group.
wolfSSL 15:117db924cf7c 6898 * len The length of the public key data.
wolfSSL 15:117db924cf7c 6899 * data The public key data.
wolfSSL 15:117db924cf7c 6900 * kse The new key share entry object.
wolfSSL 15:117db924cf7c 6901 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 6902 */
wolfSSL 15:117db924cf7c 6903 int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, byte* data,
wolfSSL 15:117db924cf7c 6904 KeyShareEntry **kse)
wolfSSL 15:117db924cf7c 6905 {
wolfSSL 15:117db924cf7c 6906 int ret = 0;
wolfSSL 15:117db924cf7c 6907 TLSX* extension;
wolfSSL 15:117db924cf7c 6908 KeyShareEntry* keyShareEntry = NULL;
wolfSSL 15:117db924cf7c 6909
wolfSSL 15:117db924cf7c 6910 /* Find the KeyShare extension if it exists. */
wolfSSL 15:117db924cf7c 6911 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 6912 if (extension == NULL) {
wolfSSL 15:117db924cf7c 6913 /* Push new KeyShare extension. */
wolfSSL 15:117db924cf7c 6914 ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 6915 if (ret != 0)
wolfSSL 15:117db924cf7c 6916 return ret;
wolfSSL 15:117db924cf7c 6917
wolfSSL 15:117db924cf7c 6918 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 6919 if (extension == NULL)
wolfSSL 15:117db924cf7c 6920 return MEMORY_E;
wolfSSL 15:117db924cf7c 6921 }
wolfSSL 15:117db924cf7c 6922 extension->resp = 0;
wolfSSL 15:117db924cf7c 6923
wolfSSL 15:117db924cf7c 6924 /* Try to find the key share entry with this group. */
wolfSSL 15:117db924cf7c 6925 keyShareEntry = (KeyShareEntry*)extension->data;
wolfSSL 15:117db924cf7c 6926 while (keyShareEntry != NULL) {
wolfSSL 15:117db924cf7c 6927 if (keyShareEntry->group == group)
wolfSSL 15:117db924cf7c 6928 break;
wolfSSL 15:117db924cf7c 6929 keyShareEntry = keyShareEntry->next;
wolfSSL 15:117db924cf7c 6930 }
wolfSSL 15:117db924cf7c 6931
wolfSSL 15:117db924cf7c 6932 /* Create a new key share entry if not found. */
wolfSSL 15:117db924cf7c 6933 if (keyShareEntry == NULL) {
wolfSSL 15:117db924cf7c 6934 ret = TLSX_KeyShare_New((KeyShareEntry**)&extension->data, group,
wolfSSL 15:117db924cf7c 6935 ssl->heap, &keyShareEntry);
wolfSSL 15:117db924cf7c 6936 if (ret != 0)
wolfSSL 15:117db924cf7c 6937 return ret;
wolfSSL 15:117db924cf7c 6938 }
wolfSSL 15:117db924cf7c 6939
wolfSSL 15:117db924cf7c 6940 if (data != NULL) {
wolfSSL 15:117db924cf7c 6941 keyShareEntry->ke = data;
wolfSSL 15:117db924cf7c 6942 keyShareEntry->keLen = len;
wolfSSL 15:117db924cf7c 6943 }
wolfSSL 15:117db924cf7c 6944 else {
wolfSSL 15:117db924cf7c 6945 /* Generate a key pair. */
wolfSSL 15:117db924cf7c 6946 ret = TLSX_KeyShare_GenKey(ssl, keyShareEntry);
wolfSSL 15:117db924cf7c 6947 if (ret != 0)
wolfSSL 15:117db924cf7c 6948 return ret;
wolfSSL 15:117db924cf7c 6949 }
wolfSSL 15:117db924cf7c 6950
wolfSSL 15:117db924cf7c 6951 if (kse != NULL)
wolfSSL 15:117db924cf7c 6952 *kse = keyShareEntry;
wolfSSL 15:117db924cf7c 6953
wolfSSL 15:117db924cf7c 6954 return 0;
wolfSSL 15:117db924cf7c 6955 }
wolfSSL 15:117db924cf7c 6956
wolfSSL 15:117db924cf7c 6957 /* Set an empty Key Share extension.
wolfSSL 15:117db924cf7c 6958 *
wolfSSL 15:117db924cf7c 6959 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6960 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 6961 */
wolfSSL 15:117db924cf7c 6962 int TLSX_KeyShare_Empty(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 6963 {
wolfSSL 15:117db924cf7c 6964 int ret = 0;
wolfSSL 15:117db924cf7c 6965 TLSX* extension;
wolfSSL 15:117db924cf7c 6966
wolfSSL 15:117db924cf7c 6967 /* Find the KeyShare extension if it exists. */
wolfSSL 15:117db924cf7c 6968 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 6969 if (extension == NULL) {
wolfSSL 15:117db924cf7c 6970 /* Push new KeyShare extension. */
wolfSSL 15:117db924cf7c 6971 ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 6972 }
wolfSSL 15:117db924cf7c 6973 else if (extension->data != NULL) {
wolfSSL 15:117db924cf7c 6974 TLSX_KeyShare_FreeAll((KeyShareEntry*)extension->data, ssl->heap);
wolfSSL 15:117db924cf7c 6975 extension->data = NULL;
wolfSSL 15:117db924cf7c 6976 }
wolfSSL 15:117db924cf7c 6977
wolfSSL 15:117db924cf7c 6978 return ret;
wolfSSL 15:117db924cf7c 6979 }
wolfSSL 15:117db924cf7c 6980
wolfSSL 15:117db924cf7c 6981 /* Returns whether this group is supported.
wolfSSL 15:117db924cf7c 6982 *
wolfSSL 15:117db924cf7c 6983 * namedGroup The named group to check.
wolfSSL 15:117db924cf7c 6984 * returns 1 when supported or 0 otherwise.
wolfSSL 15:117db924cf7c 6985 */
wolfSSL 15:117db924cf7c 6986 static int TLSX_KeyShare_IsSupported(int namedGroup)
wolfSSL 15:117db924cf7c 6987 {
wolfSSL 15:117db924cf7c 6988 switch (namedGroup) {
wolfSSL 15:117db924cf7c 6989 #ifdef HAVE_FFDHE_2048
wolfSSL 15:117db924cf7c 6990 case WOLFSSL_FFDHE_2048:
wolfSSL 15:117db924cf7c 6991 break;
wolfSSL 15:117db924cf7c 6992 #endif
wolfSSL 15:117db924cf7c 6993 #ifdef HAVE_FFDHE_3072
wolfSSL 15:117db924cf7c 6994 case WOLFSSL_FFDHE_3072:
wolfSSL 15:117db924cf7c 6995 break;
wolfSSL 15:117db924cf7c 6996 #endif
wolfSSL 15:117db924cf7c 6997 #ifdef HAVE_FFDHE_4096
wolfSSL 15:117db924cf7c 6998 case WOLFSSL_FFDHE_4096:
wolfSSL 15:117db924cf7c 6999 break;
wolfSSL 15:117db924cf7c 7000 #endif
wolfSSL 15:117db924cf7c 7001 #ifdef HAVE_FFDHE_6144
wolfSSL 15:117db924cf7c 7002 case WOLFSSL_FFDHE_6144:
wolfSSL 15:117db924cf7c 7003 break;
wolfSSL 15:117db924cf7c 7004 #endif
wolfSSL 15:117db924cf7c 7005 #ifdef HAVE_FFDHE_8192
wolfSSL 15:117db924cf7c 7006 case WOLFSSL_FFDHE_8192:
wolfSSL 15:117db924cf7c 7007 break;
wolfSSL 15:117db924cf7c 7008 #endif
wolfSSL 15:117db924cf7c 7009 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7010 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7011 case WOLFSSL_ECC_SECP256R1:
wolfSSL 15:117db924cf7c 7012 break;
wolfSSL 15:117db924cf7c 7013 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 7014 #endif
wolfSSL 15:117db924cf7c 7015 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 7016 case WOLFSSL_ECC_X25519:
wolfSSL 15:117db924cf7c 7017 break;
wolfSSL 15:117db924cf7c 7018 #endif
wolfSSL 15:117db924cf7c 7019 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7020 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7021 case WOLFSSL_ECC_SECP384R1:
wolfSSL 15:117db924cf7c 7022 break;
wolfSSL 15:117db924cf7c 7023 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 7024 #endif
wolfSSL 15:117db924cf7c 7025 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7026 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7027 case WOLFSSL_ECC_SECP521R1:
wolfSSL 15:117db924cf7c 7028 break;
wolfSSL 15:117db924cf7c 7029 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 7030 #endif
wolfSSL 15:117db924cf7c 7031 #ifdef HAVE_X448
wolfSSL 15:117db924cf7c 7032 case WOLFSSL_ECC_X448:
wolfSSL 15:117db924cf7c 7033 break;
wolfSSL 15:117db924cf7c 7034 #endif
wolfSSL 15:117db924cf7c 7035 default:
wolfSSL 15:117db924cf7c 7036 return 0;
wolfSSL 15:117db924cf7c 7037 }
wolfSSL 15:117db924cf7c 7038
wolfSSL 15:117db924cf7c 7039 return 1;
wolfSSL 15:117db924cf7c 7040 }
wolfSSL 15:117db924cf7c 7041
wolfSSL 15:117db924cf7c 7042 /* Examines the application specified group ranking and returns the rank of the
wolfSSL 15:117db924cf7c 7043 * group.
wolfSSL 15:117db924cf7c 7044 * If no group ranking set then all groups are rank 0 (highest).
wolfSSL 15:117db924cf7c 7045 *
wolfSSL 15:117db924cf7c 7046 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7047 * group The group to check ranking for.
wolfSSL 15:117db924cf7c 7048 * returns ranking from 0 to MAX_GROUP_COUNT-1 or -1 when group not in list.
wolfSSL 15:117db924cf7c 7049 */
wolfSSL 15:117db924cf7c 7050 static int TLSX_KeyShare_GroupRank(WOLFSSL* ssl, int group)
wolfSSL 15:117db924cf7c 7051 {
wolfSSL 15:117db924cf7c 7052 byte i;
wolfSSL 15:117db924cf7c 7053
wolfSSL 15:117db924cf7c 7054 if (ssl->numGroups == 0) {
wolfSSL 15:117db924cf7c 7055 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL 15:117db924cf7c 7056 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7057 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7058 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP256R1;
wolfSSL 15:117db924cf7c 7059 #endif
wolfSSL 15:117db924cf7c 7060 #endif
wolfSSL 15:117db924cf7c 7061 #endif
wolfSSL 15:117db924cf7c 7062 #ifndef HAVE_FIPS
wolfSSL 15:117db924cf7c 7063 #if defined(HAVE_CURVE25519)
wolfSSL 15:117db924cf7c 7064 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_X25519;
wolfSSL 15:117db924cf7c 7065 #endif
wolfSSL 15:117db924cf7c 7066 #endif
wolfSSL 15:117db924cf7c 7067 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL 15:117db924cf7c 7068 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7069 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7070 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP384R1;
wolfSSL 15:117db924cf7c 7071 #endif
wolfSSL 15:117db924cf7c 7072 #endif
wolfSSL 15:117db924cf7c 7073 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7074 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7075 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP521R1;
wolfSSL 15:117db924cf7c 7076 #endif
wolfSSL 15:117db924cf7c 7077 #endif
wolfSSL 15:117db924cf7c 7078 #endif
wolfSSL 15:117db924cf7c 7079 /* Add FFDHE supported groups. */
wolfSSL 15:117db924cf7c 7080 #ifdef HAVE_FFDHE_2048
wolfSSL 15:117db924cf7c 7081 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_2048;
wolfSSL 15:117db924cf7c 7082 #endif
wolfSSL 15:117db924cf7c 7083 #ifdef HAVE_FFDHE_3072
wolfSSL 15:117db924cf7c 7084 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_3072;
wolfSSL 15:117db924cf7c 7085 #endif
wolfSSL 15:117db924cf7c 7086 #ifdef HAVE_FFDHE_4096
wolfSSL 15:117db924cf7c 7087 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_4096;
wolfSSL 15:117db924cf7c 7088 #endif
wolfSSL 15:117db924cf7c 7089 #ifdef HAVE_FFDHE_6144
wolfSSL 15:117db924cf7c 7090 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_6144;
wolfSSL 15:117db924cf7c 7091 #endif
wolfSSL 15:117db924cf7c 7092 #ifdef HAVE_FFDHE_8192
wolfSSL 15:117db924cf7c 7093 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_8192;
wolfSSL 15:117db924cf7c 7094 #endif
wolfSSL 15:117db924cf7c 7095 }
wolfSSL 15:117db924cf7c 7096
wolfSSL 15:117db924cf7c 7097 for (i = 0; i < ssl->numGroups; i++)
wolfSSL 15:117db924cf7c 7098 if (ssl->group[i] == group)
wolfSSL 15:117db924cf7c 7099 return i;
wolfSSL 15:117db924cf7c 7100
wolfSSL 15:117db924cf7c 7101 return -1;
wolfSSL 15:117db924cf7c 7102 }
wolfSSL 15:117db924cf7c 7103
wolfSSL 15:117db924cf7c 7104 /* Set a key share that is supported by the client into extensions.
wolfSSL 15:117db924cf7c 7105 *
wolfSSL 15:117db924cf7c 7106 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7107 * returns BAD_KEY_SHARE_DATA if no supported group has a key share,
wolfSSL 15:117db924cf7c 7108 * 0 if a supported group has a key share and other values indicate an error.
wolfSSL 15:117db924cf7c 7109 */
wolfSSL 15:117db924cf7c 7110 static int TLSX_KeyShare_SetSupported(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 7111 {
wolfSSL 15:117db924cf7c 7112 int ret;
wolfSSL 15:117db924cf7c 7113 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 15:117db924cf7c 7114 TLSX* extension;
wolfSSL 15:117db924cf7c 7115 SupportedCurve* curve = NULL;
wolfSSL 15:117db924cf7c 7116 SupportedCurve* preferredCurve = NULL;
wolfSSL 15:117db924cf7c 7117 int preferredRank = WOLFSSL_MAX_GROUP_COUNT;
wolfSSL 15:117db924cf7c 7118 int rank;
wolfSSL 15:117db924cf7c 7119
wolfSSL 15:117db924cf7c 7120 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL 15:117db924cf7c 7121 if (extension != NULL)
wolfSSL 15:117db924cf7c 7122 curve = (SupportedCurve*)extension->data;
wolfSSL 15:117db924cf7c 7123 /* Use server's preference order. */
wolfSSL 15:117db924cf7c 7124 for (; curve != NULL; curve = curve->next) {
wolfSSL 15:117db924cf7c 7125 if (!TLSX_KeyShare_IsSupported(curve->name))
wolfSSL 15:117db924cf7c 7126 continue;
wolfSSL 15:117db924cf7c 7127
wolfSSL 15:117db924cf7c 7128 rank = TLSX_KeyShare_GroupRank(ssl, curve->name);
wolfSSL 15:117db924cf7c 7129 if (rank == -1)
wolfSSL 15:117db924cf7c 7130 continue;
wolfSSL 15:117db924cf7c 7131 if (rank < preferredRank) {
wolfSSL 15:117db924cf7c 7132 preferredCurve = curve;
wolfSSL 15:117db924cf7c 7133 preferredRank = rank;
wolfSSL 15:117db924cf7c 7134 }
wolfSSL 15:117db924cf7c 7135 }
wolfSSL 15:117db924cf7c 7136 curve = preferredCurve;
wolfSSL 15:117db924cf7c 7137
wolfSSL 15:117db924cf7c 7138 if (curve == NULL)
wolfSSL 15:117db924cf7c 7139 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 7140
wolfSSL 15:117db924cf7c 7141 /* Delete the old key share data list. */
wolfSSL 15:117db924cf7c 7142 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 7143 if (extension != NULL) {
wolfSSL 15:117db924cf7c 7144 TLSX_KeyShare_FreeAll((KeyShareEntry*)extension->data, ssl->heap);
wolfSSL 15:117db924cf7c 7145 extension->data = NULL;
wolfSSL 15:117db924cf7c 7146 }
wolfSSL 15:117db924cf7c 7147
wolfSSL 15:117db924cf7c 7148 /* Add in the chosen group. */
wolfSSL 15:117db924cf7c 7149 ret = TLSX_KeyShare_Use(ssl, curve->name, 0, NULL, NULL);
wolfSSL 15:117db924cf7c 7150 if (ret != 0)
wolfSSL 15:117db924cf7c 7151 return ret;
wolfSSL 15:117db924cf7c 7152
wolfSSL 15:117db924cf7c 7153 /* Set extension to be in reponse. */
wolfSSL 15:117db924cf7c 7154 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 7155 extension->resp = 1;
wolfSSL 15:117db924cf7c 7156 #else
wolfSSL 15:117db924cf7c 7157
wolfSSL 15:117db924cf7c 7158 (void)ssl;
wolfSSL 15:117db924cf7c 7159 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 7160 #endif
wolfSSL 15:117db924cf7c 7161
wolfSSL 15:117db924cf7c 7162 return ret;
wolfSSL 15:117db924cf7c 7163 }
wolfSSL 15:117db924cf7c 7164
wolfSSL 15:117db924cf7c 7165 /* Ensure there is a key pair that can be used for key exchange.
wolfSSL 15:117db924cf7c 7166 *
wolfSSL 15:117db924cf7c 7167 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7168 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7169 */
wolfSSL 15:117db924cf7c 7170 int TLSX_KeyShare_Establish(WOLFSSL *ssl)
wolfSSL 15:117db924cf7c 7171 {
wolfSSL 15:117db924cf7c 7172 int ret;
wolfSSL 15:117db924cf7c 7173 TLSX* extension;
wolfSSL 15:117db924cf7c 7174 KeyShareEntry* clientKSE = NULL;
wolfSSL 15:117db924cf7c 7175 KeyShareEntry* serverKSE;
wolfSSL 15:117db924cf7c 7176 KeyShareEntry* list = NULL;
wolfSSL 15:117db924cf7c 7177 KeyShareEntry* preferredKSE = NULL;
wolfSSL 15:117db924cf7c 7178 int preferredRank = WOLFSSL_MAX_GROUP_COUNT;
wolfSSL 15:117db924cf7c 7179 int rank;
wolfSSL 15:117db924cf7c 7180
wolfSSL 15:117db924cf7c 7181 /* Find the KeyShare extension if it exists. */
wolfSSL 15:117db924cf7c 7182 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 7183 if (extension != NULL)
wolfSSL 15:117db924cf7c 7184 list = (KeyShareEntry*)extension->data;
wolfSSL 15:117db924cf7c 7185
wolfSSL 15:117db924cf7c 7186 if (extension && extension->resp == 1)
wolfSSL 15:117db924cf7c 7187 return 0;
wolfSSL 15:117db924cf7c 7188
wolfSSL 15:117db924cf7c 7189 /* Use server's preference order. */
wolfSSL 15:117db924cf7c 7190 for (clientKSE = list; clientKSE != NULL; clientKSE = clientKSE->next) {
wolfSSL 15:117db924cf7c 7191 if (clientKSE->ke == NULL)
wolfSSL 15:117db924cf7c 7192 continue;
wolfSSL 15:117db924cf7c 7193
wolfSSL 15:117db924cf7c 7194 /* Check consistency now - extensions in any order. */
wolfSSL 15:117db924cf7c 7195 if (!TLSX_SupportedGroups_Find(ssl, clientKSE->group))
wolfSSL 15:117db924cf7c 7196 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 7197
wolfSSL 15:117db924cf7c 7198 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 7199 if ((clientKSE->group & NAMED_DH_MASK) == 0) {
wolfSSL 15:117db924cf7c 7200 /* Check if server supports group. */
wolfSSL 15:117db924cf7c 7201 if (ssl->ctx->disabledCurves & (1 << clientKSE->group))
wolfSSL 15:117db924cf7c 7202 continue;
wolfSSL 15:117db924cf7c 7203 }
wolfSSL 15:117db924cf7c 7204 #endif
wolfSSL 15:117db924cf7c 7205 if (!TLSX_KeyShare_IsSupported(clientKSE->group))
wolfSSL 15:117db924cf7c 7206 continue;
wolfSSL 15:117db924cf7c 7207
wolfSSL 15:117db924cf7c 7208 rank = TLSX_KeyShare_GroupRank(ssl, clientKSE->group);
wolfSSL 15:117db924cf7c 7209 if (rank == -1)
wolfSSL 15:117db924cf7c 7210 continue;
wolfSSL 15:117db924cf7c 7211 if (rank < preferredRank) {
wolfSSL 15:117db924cf7c 7212 preferredKSE = clientKSE;
wolfSSL 15:117db924cf7c 7213 preferredRank = rank;
wolfSSL 15:117db924cf7c 7214 }
wolfSSL 15:117db924cf7c 7215 }
wolfSSL 15:117db924cf7c 7216 clientKSE = preferredKSE;
wolfSSL 15:117db924cf7c 7217
wolfSSL 15:117db924cf7c 7218 /* No supported group found - send HelloRetryRequest. */
wolfSSL 15:117db924cf7c 7219 if (clientKSE == NULL) {
wolfSSL 15:117db924cf7c 7220 ret = TLSX_KeyShare_SetSupported(ssl);
wolfSSL 15:117db924cf7c 7221 /* Return KEY_SHARE_ERROR to indicate HelloRetryRequest required. */
wolfSSL 15:117db924cf7c 7222 if (ret == 0)
wolfSSL 15:117db924cf7c 7223 return KEY_SHARE_ERROR;
wolfSSL 15:117db924cf7c 7224 return ret;
wolfSSL 15:117db924cf7c 7225 }
wolfSSL 15:117db924cf7c 7226
wolfSSL 15:117db924cf7c 7227 list = NULL;
wolfSSL 15:117db924cf7c 7228 /* Generate a new key pair. */
wolfSSL 15:117db924cf7c 7229 ret = TLSX_KeyShare_New(&list, clientKSE->group, ssl->heap, &serverKSE);
wolfSSL 15:117db924cf7c 7230 if (ret != 0)
wolfSSL 15:117db924cf7c 7231 return ret;
wolfSSL 15:117db924cf7c 7232
wolfSSL 15:117db924cf7c 7233 if (clientKSE->key == NULL) {
wolfSSL 15:117db924cf7c 7234 ret = TLSX_KeyShare_GenKey(ssl, serverKSE);
wolfSSL 15:117db924cf7c 7235 if (ret != 0)
wolfSSL 15:117db924cf7c 7236 return ret;
wolfSSL 15:117db924cf7c 7237 }
wolfSSL 15:117db924cf7c 7238 else {
wolfSSL 15:117db924cf7c 7239 serverKSE->key = clientKSE->key;
wolfSSL 15:117db924cf7c 7240 serverKSE->keyLen = clientKSE->keyLen;
wolfSSL 15:117db924cf7c 7241 serverKSE->pubKey = clientKSE->pubKey;
wolfSSL 15:117db924cf7c 7242 serverKSE->pubKeyLen = clientKSE->pubKeyLen;
wolfSSL 15:117db924cf7c 7243 clientKSE->key = NULL;
wolfSSL 15:117db924cf7c 7244 clientKSE->pubKey = NULL;
wolfSSL 15:117db924cf7c 7245 }
wolfSSL 15:117db924cf7c 7246 serverKSE->ke = clientKSE->ke;
wolfSSL 15:117db924cf7c 7247 serverKSE->keLen = clientKSE->keLen;
wolfSSL 15:117db924cf7c 7248 clientKSE->ke = NULL;
wolfSSL 15:117db924cf7c 7249 clientKSE->keLen = 0;
wolfSSL 15:117db924cf7c 7250
wolfSSL 15:117db924cf7c 7251 TLSX_KeyShare_FreeAll((KeyShareEntry*)extension->data, ssl->heap);
wolfSSL 15:117db924cf7c 7252 extension->data = (void *)serverKSE;
wolfSSL 15:117db924cf7c 7253
wolfSSL 15:117db924cf7c 7254 extension->resp = 1;
wolfSSL 15:117db924cf7c 7255
wolfSSL 15:117db924cf7c 7256 return 0;
wolfSSL 15:117db924cf7c 7257 }
wolfSSL 15:117db924cf7c 7258
wolfSSL 15:117db924cf7c 7259 /* Derive the shared secret of the key exchange.
wolfSSL 15:117db924cf7c 7260 *
wolfSSL 15:117db924cf7c 7261 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7262 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7263 */
wolfSSL 15:117db924cf7c 7264 int TLSX_KeyShare_DeriveSecret(WOLFSSL *ssl)
wolfSSL 15:117db924cf7c 7265 {
wolfSSL 15:117db924cf7c 7266 int ret;
wolfSSL 15:117db924cf7c 7267 TLSX* extension;
wolfSSL 15:117db924cf7c 7268 KeyShareEntry* list = NULL;
wolfSSL 15:117db924cf7c 7269
wolfSSL 15:117db924cf7c 7270 /* Find the KeyShare extension if it exists. */
wolfSSL 15:117db924cf7c 7271 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 7272 if (extension != NULL)
wolfSSL 15:117db924cf7c 7273 list = (KeyShareEntry*)extension->data;
wolfSSL 15:117db924cf7c 7274
wolfSSL 15:117db924cf7c 7275 if (list == NULL)
wolfSSL 15:117db924cf7c 7276 return KEY_SHARE_ERROR;
wolfSSL 15:117db924cf7c 7277
wolfSSL 15:117db924cf7c 7278 /* Calculate secret. */
wolfSSL 15:117db924cf7c 7279 ret = TLSX_KeyShare_Process(ssl, list);
wolfSSL 15:117db924cf7c 7280 if (ret != 0)
wolfSSL 15:117db924cf7c 7281 return ret;
wolfSSL 15:117db924cf7c 7282
wolfSSL 15:117db924cf7c 7283 return ret;
wolfSSL 15:117db924cf7c 7284 }
wolfSSL 15:117db924cf7c 7285
wolfSSL 15:117db924cf7c 7286 #define KS_FREE_ALL TLSX_KeyShare_FreeAll
wolfSSL 15:117db924cf7c 7287 #define KS_GET_SIZE TLSX_KeyShare_GetSize
wolfSSL 15:117db924cf7c 7288 #define KS_WRITE TLSX_KeyShare_Write
wolfSSL 15:117db924cf7c 7289 #define KS_PARSE TLSX_KeyShare_Parse
wolfSSL 15:117db924cf7c 7290
wolfSSL 15:117db924cf7c 7291 #else
wolfSSL 15:117db924cf7c 7292
wolfSSL 15:117db924cf7c 7293 #define KS_FREE_ALL(a, b)
wolfSSL 15:117db924cf7c 7294 #define KS_GET_SIZE(a, b) 0
wolfSSL 15:117db924cf7c 7295 #define KS_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 7296 #define KS_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 7297
wolfSSL 15:117db924cf7c 7298 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 7299
wolfSSL 15:117db924cf7c 7300 /******************************************************************************/
wolfSSL 15:117db924cf7c 7301 /* Pre-Shared Key */
wolfSSL 15:117db924cf7c 7302 /******************************************************************************/
wolfSSL 15:117db924cf7c 7303
wolfSSL 15:117db924cf7c 7304 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
wolfSSL 15:117db924cf7c 7305 /* Free the pre-shared key dynamic data.
wolfSSL 15:117db924cf7c 7306 *
wolfSSL 15:117db924cf7c 7307 * list The linked list of key share entry objects.
wolfSSL 15:117db924cf7c 7308 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 7309 */
wolfSSL 15:117db924cf7c 7310 static void TLSX_PreSharedKey_FreeAll(PreSharedKey* list, void* heap)
wolfSSL 15:117db924cf7c 7311 {
wolfSSL 15:117db924cf7c 7312 PreSharedKey* current;
wolfSSL 15:117db924cf7c 7313
wolfSSL 15:117db924cf7c 7314 while ((current = list) != NULL) {
wolfSSL 15:117db924cf7c 7315 list = current->next;
wolfSSL 15:117db924cf7c 7316 XFREE(current->identity, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 7317 XFREE(current, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 7318 }
wolfSSL 15:117db924cf7c 7319
wolfSSL 15:117db924cf7c 7320 (void)heap;
wolfSSL 15:117db924cf7c 7321 }
wolfSSL 15:117db924cf7c 7322
wolfSSL 15:117db924cf7c 7323 /* Get the size of the encoded pre shared key extension.
wolfSSL 15:117db924cf7c 7324 *
wolfSSL 15:117db924cf7c 7325 * list The linked list of pre-shared key extensions.
wolfSSL 15:117db924cf7c 7326 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 7327 * returns the number of bytes of the encoded pre-shared key extension or
wolfSSL 15:117db924cf7c 7328 * SANITY_MSG_E to indicate invalid message type.
wolfSSL 15:117db924cf7c 7329 */
wolfSSL 15:117db924cf7c 7330 static word16 TLSX_PreSharedKey_GetSize(PreSharedKey* list, byte msgType)
wolfSSL 15:117db924cf7c 7331 {
wolfSSL 15:117db924cf7c 7332 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 7333 /* Length of identities + Length of binders. */
wolfSSL 15:117db924cf7c 7334 word16 len = OPAQUE16_LEN + OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7335 while (list != NULL) {
wolfSSL 15:117db924cf7c 7336 /* Each entry has: identity, ticket age and binder. */
wolfSSL 15:117db924cf7c 7337 len += OPAQUE16_LEN + list->identityLen + OPAQUE32_LEN +
wolfSSL 15:117db924cf7c 7338 OPAQUE8_LEN + list->binderLen;
wolfSSL 15:117db924cf7c 7339 list = list->next;
wolfSSL 15:117db924cf7c 7340 }
wolfSSL 15:117db924cf7c 7341 return len;
wolfSSL 15:117db924cf7c 7342 }
wolfSSL 15:117db924cf7c 7343
wolfSSL 15:117db924cf7c 7344 if (msgType == server_hello) {
wolfSSL 15:117db924cf7c 7345 return OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7346 }
wolfSSL 15:117db924cf7c 7347
wolfSSL 15:117db924cf7c 7348 return 0;
wolfSSL 15:117db924cf7c 7349 }
wolfSSL 15:117db924cf7c 7350
wolfSSL 15:117db924cf7c 7351 /* The number of bytes to be written for the binders.
wolfSSL 15:117db924cf7c 7352 *
wolfSSL 15:117db924cf7c 7353 * list The linked list of pre-shared key extensions.
wolfSSL 15:117db924cf7c 7354 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 7355 * returns the number of bytes of the encoded pre-shared key extension or
wolfSSL 15:117db924cf7c 7356 * SANITY_MSG_E to indicate invalid message type.
wolfSSL 15:117db924cf7c 7357 */
wolfSSL 15:117db924cf7c 7358 word16 TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list, byte msgType)
wolfSSL 15:117db924cf7c 7359 {
wolfSSL 15:117db924cf7c 7360 word16 len;
wolfSSL 15:117db924cf7c 7361
wolfSSL 15:117db924cf7c 7362 if (msgType != client_hello)
wolfSSL 15:117db924cf7c 7363 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 7364
wolfSSL 15:117db924cf7c 7365 /* Length of all binders. */
wolfSSL 15:117db924cf7c 7366 len = OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7367 while (list != NULL) {
wolfSSL 15:117db924cf7c 7368 len += OPAQUE8_LEN + list->binderLen;
wolfSSL 15:117db924cf7c 7369 list = list->next;
wolfSSL 15:117db924cf7c 7370 }
wolfSSL 15:117db924cf7c 7371
wolfSSL 15:117db924cf7c 7372 return len;
wolfSSL 15:117db924cf7c 7373 }
wolfSSL 15:117db924cf7c 7374
wolfSSL 15:117db924cf7c 7375 /* Writes the pre-shared key extension into the output buffer - binders only.
wolfSSL 15:117db924cf7c 7376 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 7377 *
wolfSSL 15:117db924cf7c 7378 * list The linked list of key share entries.
wolfSSL 15:117db924cf7c 7379 * output The buffer to write into.
wolfSSL 15:117db924cf7c 7380 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 7381 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 7382 */
wolfSSL 15:117db924cf7c 7383 word16 TLSX_PreSharedKey_WriteBinders(PreSharedKey* list, byte* output,
wolfSSL 15:117db924cf7c 7384 byte msgType)
wolfSSL 15:117db924cf7c 7385 {
wolfSSL 15:117db924cf7c 7386 PreSharedKey* current = list;
wolfSSL 15:117db924cf7c 7387 word16 idx = 0;
wolfSSL 15:117db924cf7c 7388 word16 lenIdx;
wolfSSL 15:117db924cf7c 7389 word16 len;
wolfSSL 15:117db924cf7c 7390
wolfSSL 15:117db924cf7c 7391 if (msgType != client_hello)
wolfSSL 15:117db924cf7c 7392 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 7393
wolfSSL 15:117db924cf7c 7394 /* Skip length of all binders. */
wolfSSL 15:117db924cf7c 7395 lenIdx = idx;
wolfSSL 15:117db924cf7c 7396 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7397 while (current != NULL) {
wolfSSL 15:117db924cf7c 7398 /* Binder data length. */
wolfSSL 15:117db924cf7c 7399 output[idx++] = current->binderLen;
wolfSSL 15:117db924cf7c 7400 /* Binder data. */
wolfSSL 15:117db924cf7c 7401 XMEMCPY(output + idx, current->binder, current->binderLen);
wolfSSL 15:117db924cf7c 7402 idx += current->binderLen;
wolfSSL 15:117db924cf7c 7403
wolfSSL 15:117db924cf7c 7404 current = current->next;
wolfSSL 15:117db924cf7c 7405 }
wolfSSL 15:117db924cf7c 7406 /* Length of the binders. */
wolfSSL 15:117db924cf7c 7407 len = idx - lenIdx - OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7408 c16toa(len, output + lenIdx);
wolfSSL 15:117db924cf7c 7409
wolfSSL 15:117db924cf7c 7410 return idx;
wolfSSL 15:117db924cf7c 7411 }
wolfSSL 15:117db924cf7c 7412
wolfSSL 15:117db924cf7c 7413
wolfSSL 15:117db924cf7c 7414 /* Writes the pre-shared key extension into the output buffer.
wolfSSL 15:117db924cf7c 7415 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 7416 *
wolfSSL 15:117db924cf7c 7417 * list The linked list of key share entries.
wolfSSL 15:117db924cf7c 7418 * output The buffer to write into.
wolfSSL 15:117db924cf7c 7419 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 7420 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 7421 */
wolfSSL 15:117db924cf7c 7422 static word16 TLSX_PreSharedKey_Write(PreSharedKey* list, byte* output,
wolfSSL 15:117db924cf7c 7423 byte msgType)
wolfSSL 15:117db924cf7c 7424 {
wolfSSL 15:117db924cf7c 7425 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 7426 PreSharedKey* current = list;
wolfSSL 15:117db924cf7c 7427 word16 idx = 0;
wolfSSL 15:117db924cf7c 7428 word16 lenIdx;
wolfSSL 15:117db924cf7c 7429 word16 len;
wolfSSL 15:117db924cf7c 7430
wolfSSL 15:117db924cf7c 7431 /* Write identites only. Binders after HMACing over this. */
wolfSSL 15:117db924cf7c 7432 lenIdx = idx;
wolfSSL 15:117db924cf7c 7433 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7434 while (current != NULL) {
wolfSSL 15:117db924cf7c 7435 /* Identity length */
wolfSSL 15:117db924cf7c 7436 c16toa(current->identityLen, output + idx);
wolfSSL 15:117db924cf7c 7437 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7438 /* Identity data */
wolfSSL 15:117db924cf7c 7439 XMEMCPY(output + idx, current->identity, current->identityLen);
wolfSSL 15:117db924cf7c 7440 idx += current->identityLen;
wolfSSL 15:117db924cf7c 7441
wolfSSL 15:117db924cf7c 7442 /* Obfuscated ticket age. */
wolfSSL 15:117db924cf7c 7443 c32toa(current->ticketAge, output + idx);
wolfSSL 15:117db924cf7c 7444 idx += OPAQUE32_LEN;
wolfSSL 15:117db924cf7c 7445
wolfSSL 15:117db924cf7c 7446 current = current->next;
wolfSSL 15:117db924cf7c 7447 }
wolfSSL 15:117db924cf7c 7448 /* Length of the identites. */
wolfSSL 15:117db924cf7c 7449 len = idx - lenIdx - OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7450 c16toa(len, output + lenIdx);
wolfSSL 15:117db924cf7c 7451
wolfSSL 15:117db924cf7c 7452 /* Don't include binders here.
wolfSSL 15:117db924cf7c 7453 * The binders are based on the hash of all the ClientHello data up to
wolfSSL 15:117db924cf7c 7454 * and include the identities written above.
wolfSSL 15:117db924cf7c 7455 */
wolfSSL 15:117db924cf7c 7456 idx += TLSX_PreSharedKey_GetSizeBinders(list, msgType);
wolfSSL 15:117db924cf7c 7457
wolfSSL 15:117db924cf7c 7458 return idx;
wolfSSL 15:117db924cf7c 7459 }
wolfSSL 15:117db924cf7c 7460
wolfSSL 15:117db924cf7c 7461 if (msgType == server_hello) {
wolfSSL 15:117db924cf7c 7462 word16 i;
wolfSSL 15:117db924cf7c 7463
wolfSSL 15:117db924cf7c 7464 /* Find the index of the chosen identity. */
wolfSSL 15:117db924cf7c 7465 for (i=0; list != NULL && !list->chosen; i++)
wolfSSL 15:117db924cf7c 7466 list = list->next;
wolfSSL 15:117db924cf7c 7467 if (list == NULL)
wolfSSL 15:117db924cf7c 7468 return BUILD_MSG_ERROR;
wolfSSL 15:117db924cf7c 7469
wolfSSL 15:117db924cf7c 7470 /* The index of the identity chosen by the server from the list supplied
wolfSSL 15:117db924cf7c 7471 * by the client.
wolfSSL 15:117db924cf7c 7472 */
wolfSSL 15:117db924cf7c 7473 c16toa(i, output);
wolfSSL 15:117db924cf7c 7474 return OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7475 }
wolfSSL 15:117db924cf7c 7476
wolfSSL 15:117db924cf7c 7477 return 0;
wolfSSL 15:117db924cf7c 7478 }
wolfSSL 15:117db924cf7c 7479
wolfSSL 15:117db924cf7c 7480 /* Parse the pre-shared key extension.
wolfSSL 15:117db924cf7c 7481 * Different formats in different messages.
wolfSSL 15:117db924cf7c 7482 *
wolfSSL 15:117db924cf7c 7483 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7484 * input The extension data.
wolfSSL 15:117db924cf7c 7485 * length The length of the extension data.
wolfSSL 15:117db924cf7c 7486 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 7487 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7488 */
wolfSSL 15:117db924cf7c 7489 static int TLSX_PreSharedKey_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 7490 byte msgType)
wolfSSL 15:117db924cf7c 7491 {
wolfSSL 15:117db924cf7c 7492 TLSX* extension;
wolfSSL 15:117db924cf7c 7493 PreSharedKey* list;
wolfSSL 15:117db924cf7c 7494
wolfSSL 15:117db924cf7c 7495 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 7496 int ret;
wolfSSL 15:117db924cf7c 7497 word16 len;
wolfSSL 15:117db924cf7c 7498 word16 idx = 0;
wolfSSL 15:117db924cf7c 7499
wolfSSL 15:117db924cf7c 7500 TLSX_Remove(&ssl->extensions, TLSX_PRE_SHARED_KEY, ssl->heap);
wolfSSL 15:117db924cf7c 7501
wolfSSL 15:117db924cf7c 7502 /* Length of identities and of binders. */
wolfSSL 15:117db924cf7c 7503 if (length - idx < OPAQUE16_LEN + OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 7504 return BUFFER_E;
wolfSSL 15:117db924cf7c 7505
wolfSSL 15:117db924cf7c 7506 /* Length of identities. */
wolfSSL 15:117db924cf7c 7507 ato16(input + idx, &len);
wolfSSL 15:117db924cf7c 7508 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7509 if (len < MIN_PSK_ID_LEN || length - idx < len)
wolfSSL 15:117db924cf7c 7510 return BUFFER_E;
wolfSSL 15:117db924cf7c 7511
wolfSSL 15:117db924cf7c 7512 /* Create a pre-shared key object for each identity. */
wolfSSL 15:117db924cf7c 7513 while (len > 0) {
wolfSSL 15:117db924cf7c 7514 byte* identity;
wolfSSL 15:117db924cf7c 7515 word16 identityLen;
wolfSSL 15:117db924cf7c 7516 word32 age;
wolfSSL 15:117db924cf7c 7517
wolfSSL 15:117db924cf7c 7518 if (len < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 7519 return BUFFER_E;
wolfSSL 15:117db924cf7c 7520
wolfSSL 15:117db924cf7c 7521 /* Length of identity. */
wolfSSL 15:117db924cf7c 7522 ato16(input + idx, &identityLen);
wolfSSL 15:117db924cf7c 7523 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7524 if (len < OPAQUE16_LEN + identityLen + OPAQUE32_LEN)
wolfSSL 15:117db924cf7c 7525 return BUFFER_E;
wolfSSL 15:117db924cf7c 7526 /* Cache identity pointer. */
wolfSSL 15:117db924cf7c 7527 identity = input + idx;
wolfSSL 15:117db924cf7c 7528 idx += identityLen;
wolfSSL 15:117db924cf7c 7529 /* Ticket age. */
wolfSSL 15:117db924cf7c 7530 ato32(input + idx, &age);
wolfSSL 15:117db924cf7c 7531 idx += OPAQUE32_LEN;
wolfSSL 15:117db924cf7c 7532
wolfSSL 15:117db924cf7c 7533 ret = TLSX_PreSharedKey_Use(ssl, identity, identityLen, age, no_mac,
wolfSSL 15:117db924cf7c 7534 0, 0, 1, NULL);
wolfSSL 15:117db924cf7c 7535 if (ret != 0)
wolfSSL 15:117db924cf7c 7536 return ret;
wolfSSL 15:117db924cf7c 7537
wolfSSL 15:117db924cf7c 7538 /* Done with this identity. */
wolfSSL 15:117db924cf7c 7539 len -= OPAQUE16_LEN + identityLen + OPAQUE32_LEN;
wolfSSL 15:117db924cf7c 7540 }
wolfSSL 15:117db924cf7c 7541
wolfSSL 15:117db924cf7c 7542 /* Find the list of identities sent to server. */
wolfSSL 15:117db924cf7c 7543 extension = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
wolfSSL 15:117db924cf7c 7544 if (extension == NULL)
wolfSSL 15:117db924cf7c 7545 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 7546 list = (PreSharedKey*)extension->data;
wolfSSL 15:117db924cf7c 7547
wolfSSL 15:117db924cf7c 7548 /* Length of binders. */
wolfSSL 15:117db924cf7c 7549 ato16(input + idx, &len);
wolfSSL 15:117db924cf7c 7550 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7551 if (len < MIN_PSK_BINDERS_LEN || length - idx < len)
wolfSSL 15:117db924cf7c 7552 return BUFFER_E;
wolfSSL 15:117db924cf7c 7553
wolfSSL 15:117db924cf7c 7554 /* Set binder for each identity. */
wolfSSL 15:117db924cf7c 7555 while (list != NULL && len > 0) {
wolfSSL 15:117db924cf7c 7556 /* Length of binder */
wolfSSL 15:117db924cf7c 7557 list->binderLen = input[idx++];
wolfSSL 15:117db924cf7c 7558 if (list->binderLen < WC_SHA256_DIGEST_SIZE ||
wolfSSL 15:117db924cf7c 7559 list->binderLen > WC_MAX_DIGEST_SIZE)
wolfSSL 15:117db924cf7c 7560 return BUFFER_E;
wolfSSL 15:117db924cf7c 7561 if (len < OPAQUE8_LEN + list->binderLen)
wolfSSL 15:117db924cf7c 7562 return BUFFER_E;
wolfSSL 15:117db924cf7c 7563
wolfSSL 15:117db924cf7c 7564 /* Copy binder into static buffer. */
wolfSSL 15:117db924cf7c 7565 XMEMCPY(list->binder, input + idx, list->binderLen);
wolfSSL 15:117db924cf7c 7566 idx += list->binderLen;
wolfSSL 15:117db924cf7c 7567
wolfSSL 15:117db924cf7c 7568 /* Done with binder entry. */
wolfSSL 15:117db924cf7c 7569 len -= OPAQUE8_LEN + list->binderLen;
wolfSSL 15:117db924cf7c 7570
wolfSSL 15:117db924cf7c 7571 /* Next identity. */
wolfSSL 15:117db924cf7c 7572 list = list->next;
wolfSSL 15:117db924cf7c 7573 }
wolfSSL 15:117db924cf7c 7574 if (list != NULL || len != 0)
wolfSSL 15:117db924cf7c 7575 return BUFFER_E;
wolfSSL 15:117db924cf7c 7576
wolfSSL 15:117db924cf7c 7577 return 0;
wolfSSL 15:117db924cf7c 7578 }
wolfSSL 15:117db924cf7c 7579
wolfSSL 15:117db924cf7c 7580 if (msgType == server_hello) {
wolfSSL 15:117db924cf7c 7581 word16 idx;
wolfSSL 15:117db924cf7c 7582
wolfSSL 15:117db924cf7c 7583 /* Index of identity chosen by server. */
wolfSSL 15:117db924cf7c 7584 if (length != OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 7585 return BUFFER_E;
wolfSSL 15:117db924cf7c 7586 ato16(input, &idx);
wolfSSL 15:117db924cf7c 7587
wolfSSL 15:117db924cf7c 7588 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 7589 ssl->options.pskIdIndex = idx + 1;
wolfSSL 15:117db924cf7c 7590 #endif
wolfSSL 15:117db924cf7c 7591
wolfSSL 15:117db924cf7c 7592 /* Find the list of identities sent to server. */
wolfSSL 15:117db924cf7c 7593 extension = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
wolfSSL 15:117db924cf7c 7594 if (extension == NULL)
wolfSSL 15:117db924cf7c 7595 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 7596 list = (PreSharedKey*)extension->data;
wolfSSL 15:117db924cf7c 7597
wolfSSL 15:117db924cf7c 7598 /* Mark the identity as chosen. */
wolfSSL 15:117db924cf7c 7599 for (; list != NULL && idx > 0; idx--)
wolfSSL 15:117db924cf7c 7600 list = list->next;
wolfSSL 15:117db924cf7c 7601 if (list == NULL)
wolfSSL 15:117db924cf7c 7602 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 7603 list->chosen = 1;
wolfSSL 15:117db924cf7c 7604
wolfSSL 15:117db924cf7c 7605 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 7606 if (list->resumption) {
wolfSSL 15:117db924cf7c 7607 /* Check that the session's details are the same as the server's. */
wolfSSL 15:117db924cf7c 7608 if (ssl->options.cipherSuite0 != ssl->session.cipherSuite0 ||
wolfSSL 15:117db924cf7c 7609 ssl->options.cipherSuite != ssl->session.cipherSuite ||
wolfSSL 15:117db924cf7c 7610 ssl->session.version.major != ssl->ctx->method->version.major ||
wolfSSL 15:117db924cf7c 7611 ssl->session.version.minor != ssl->ctx->method->version.minor) {
wolfSSL 15:117db924cf7c 7612 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 7613 }
wolfSSL 15:117db924cf7c 7614 }
wolfSSL 15:117db924cf7c 7615 #endif
wolfSSL 15:117db924cf7c 7616
wolfSSL 15:117db924cf7c 7617 return 0;
wolfSSL 15:117db924cf7c 7618 }
wolfSSL 15:117db924cf7c 7619
wolfSSL 15:117db924cf7c 7620 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 7621 }
wolfSSL 15:117db924cf7c 7622
wolfSSL 15:117db924cf7c 7623 /* Create a new pre-shared key and put it into the list.
wolfSSL 15:117db924cf7c 7624 *
wolfSSL 15:117db924cf7c 7625 * list The linked list of pre-shared key.
wolfSSL 15:117db924cf7c 7626 * identity The identity.
wolfSSL 15:117db924cf7c 7627 * len The length of the identity data.
wolfSSL 15:117db924cf7c 7628 * heap The memory to allocate with.
wolfSSL 15:117db924cf7c 7629 * preSharedKey The new pre-shared key object.
wolfSSL 15:117db924cf7c 7630 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7631 */
wolfSSL 15:117db924cf7c 7632 static int TLSX_PreSharedKey_New(PreSharedKey** list, byte* identity,
wolfSSL 15:117db924cf7c 7633 word16 len, void *heap,
wolfSSL 15:117db924cf7c 7634 PreSharedKey** preSharedKey)
wolfSSL 15:117db924cf7c 7635 {
wolfSSL 15:117db924cf7c 7636 PreSharedKey* psk;
wolfSSL 15:117db924cf7c 7637
wolfSSL 15:117db924cf7c 7638 psk = (PreSharedKey*)XMALLOC(sizeof(PreSharedKey), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 7639 if (psk == NULL)
wolfSSL 15:117db924cf7c 7640 return MEMORY_E;
wolfSSL 15:117db924cf7c 7641 XMEMSET(psk, 0, sizeof(*psk));
wolfSSL 15:117db924cf7c 7642
wolfSSL 15:117db924cf7c 7643 /* Make a copy of the identity data. */
wolfSSL 15:117db924cf7c 7644 psk->identity = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 7645 if (psk->identity == NULL) {
wolfSSL 15:117db924cf7c 7646 XFREE(psk, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 7647 return MEMORY_E;
wolfSSL 15:117db924cf7c 7648 }
wolfSSL 15:117db924cf7c 7649 XMEMCPY(psk->identity, identity, len);
wolfSSL 15:117db924cf7c 7650 psk->identityLen = len;
wolfSSL 15:117db924cf7c 7651
wolfSSL 15:117db924cf7c 7652 /* Add it to the end and maintain the links. */
wolfSSL 15:117db924cf7c 7653 while (*list != NULL)
wolfSSL 15:117db924cf7c 7654 list = &((*list)->next);
wolfSSL 15:117db924cf7c 7655 *list = psk;
wolfSSL 15:117db924cf7c 7656 *preSharedKey = psk;
wolfSSL 15:117db924cf7c 7657
wolfSSL 15:117db924cf7c 7658 return 0;
wolfSSL 15:117db924cf7c 7659 }
wolfSSL 15:117db924cf7c 7660
wolfSSL 15:117db924cf7c 7661 static WC_INLINE byte GetHmacLength(int hmac)
wolfSSL 15:117db924cf7c 7662 {
wolfSSL 15:117db924cf7c 7663 switch (hmac) {
wolfSSL 15:117db924cf7c 7664 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 7665 case sha256_mac:
wolfSSL 15:117db924cf7c 7666 return WC_SHA256_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 7667 #endif
wolfSSL 15:117db924cf7c 7668 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 7669 case sha384_mac:
wolfSSL 15:117db924cf7c 7670 return WC_SHA384_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 7671 #endif
wolfSSL 15:117db924cf7c 7672 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 7673 case sha512_mac:
wolfSSL 15:117db924cf7c 7674 return WC_SHA512_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 7675 #endif
wolfSSL 15:117db924cf7c 7676 }
wolfSSL 15:117db924cf7c 7677 return 0;
wolfSSL 15:117db924cf7c 7678 }
wolfSSL 15:117db924cf7c 7679
wolfSSL 15:117db924cf7c 7680 /* Use the data to create a new pre-shared key object in the extensions.
wolfSSL 15:117db924cf7c 7681 *
wolfSSL 15:117db924cf7c 7682 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7683 * identity The identity.
wolfSSL 15:117db924cf7c 7684 * len The length of the identity data.
wolfSSL 15:117db924cf7c 7685 * age The age of the identity.
wolfSSL 15:117db924cf7c 7686 * hmac The HMAC algorithm.
wolfSSL 15:117db924cf7c 7687 * ciphersuite0 The first byte of the ciphersuite to use.
wolfSSL 15:117db924cf7c 7688 * ciphersuite The second byte of the ciphersuite to use.
wolfSSL 15:117db924cf7c 7689 * resumption The PSK is for resumption of a session.
wolfSSL 15:117db924cf7c 7690 * preSharedKey The new pre-shared key object.
wolfSSL 15:117db924cf7c 7691 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7692 */
wolfSSL 15:117db924cf7c 7693 int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity, word16 len, word32 age,
wolfSSL 15:117db924cf7c 7694 byte hmac, byte cipherSuite0,
wolfSSL 15:117db924cf7c 7695 byte cipherSuite, byte resumption,
wolfSSL 15:117db924cf7c 7696 PreSharedKey **preSharedKey)
wolfSSL 15:117db924cf7c 7697 {
wolfSSL 15:117db924cf7c 7698 int ret = 0;
wolfSSL 15:117db924cf7c 7699 TLSX* extension;
wolfSSL 15:117db924cf7c 7700 PreSharedKey* psk = NULL;
wolfSSL 15:117db924cf7c 7701
wolfSSL 15:117db924cf7c 7702 /* Find the pre-shared key extension if it exists. */
wolfSSL 15:117db924cf7c 7703 extension = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
wolfSSL 15:117db924cf7c 7704 if (extension == NULL) {
wolfSSL 15:117db924cf7c 7705 /* Push new pre-shared key extension. */
wolfSSL 15:117db924cf7c 7706 ret = TLSX_Push(&ssl->extensions, TLSX_PRE_SHARED_KEY, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 7707 if (ret != 0)
wolfSSL 15:117db924cf7c 7708 return ret;
wolfSSL 15:117db924cf7c 7709
wolfSSL 15:117db924cf7c 7710 extension = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
wolfSSL 15:117db924cf7c 7711 if (extension == NULL)
wolfSSL 15:117db924cf7c 7712 return MEMORY_E;
wolfSSL 15:117db924cf7c 7713 }
wolfSSL 15:117db924cf7c 7714
wolfSSL 15:117db924cf7c 7715 /* Try to find the pre-shared key with this identity. */
wolfSSL 15:117db924cf7c 7716 psk = (PreSharedKey*)extension->data;
wolfSSL 15:117db924cf7c 7717 while (psk != NULL) {
wolfSSL 15:117db924cf7c 7718 if ((psk->identityLen == len) &&
wolfSSL 15:117db924cf7c 7719 (XMEMCMP(psk->identity, identity, len) == 0)) {
wolfSSL 15:117db924cf7c 7720 break;
wolfSSL 15:117db924cf7c 7721 }
wolfSSL 15:117db924cf7c 7722 psk = psk->next;
wolfSSL 15:117db924cf7c 7723 }
wolfSSL 15:117db924cf7c 7724
wolfSSL 15:117db924cf7c 7725 /* Create a new pre-shared key object if not found. */
wolfSSL 15:117db924cf7c 7726 if (psk == NULL) {
wolfSSL 15:117db924cf7c 7727 ret = TLSX_PreSharedKey_New((PreSharedKey**)&extension->data, identity,
wolfSSL 15:117db924cf7c 7728 len, ssl->heap, &psk);
wolfSSL 15:117db924cf7c 7729 if (ret != 0)
wolfSSL 15:117db924cf7c 7730 return ret;
wolfSSL 15:117db924cf7c 7731 }
wolfSSL 15:117db924cf7c 7732
wolfSSL 15:117db924cf7c 7733 /* Update/set age and HMAC algorithm. */
wolfSSL 15:117db924cf7c 7734 psk->ticketAge = age;
wolfSSL 15:117db924cf7c 7735 psk->hmac = hmac;
wolfSSL 15:117db924cf7c 7736 psk->cipherSuite0 = cipherSuite0;
wolfSSL 15:117db924cf7c 7737 psk->cipherSuite = cipherSuite;
wolfSSL 15:117db924cf7c 7738 psk->resumption = resumption;
wolfSSL 15:117db924cf7c 7739 psk->binderLen = GetHmacLength(psk->hmac);
wolfSSL 15:117db924cf7c 7740
wolfSSL 15:117db924cf7c 7741 if (preSharedKey != NULL)
wolfSSL 15:117db924cf7c 7742 *preSharedKey = psk;
wolfSSL 15:117db924cf7c 7743
wolfSSL 15:117db924cf7c 7744 return 0;
wolfSSL 15:117db924cf7c 7745 }
wolfSSL 15:117db924cf7c 7746
wolfSSL 15:117db924cf7c 7747 #define PSK_FREE_ALL TLSX_PreSharedKey_FreeAll
wolfSSL 15:117db924cf7c 7748 #define PSK_GET_SIZE TLSX_PreSharedKey_GetSize
wolfSSL 15:117db924cf7c 7749 #define PSK_WRITE TLSX_PreSharedKey_Write
wolfSSL 15:117db924cf7c 7750 #define PSK_PARSE TLSX_PreSharedKey_Parse
wolfSSL 15:117db924cf7c 7751
wolfSSL 15:117db924cf7c 7752 #else
wolfSSL 15:117db924cf7c 7753
wolfSSL 15:117db924cf7c 7754 #define PSK_FREE_ALL(a, b)
wolfSSL 15:117db924cf7c 7755 #define PSK_GET_SIZE(a, b) 0
wolfSSL 15:117db924cf7c 7756 #define PSK_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 7757 #define PSK_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 7758
wolfSSL 15:117db924cf7c 7759 #endif
wolfSSL 15:117db924cf7c 7760
wolfSSL 15:117db924cf7c 7761 /******************************************************************************/
wolfSSL 15:117db924cf7c 7762 /* PSK Key Exchange Modes */
wolfSSL 15:117db924cf7c 7763 /******************************************************************************/
wolfSSL 15:117db924cf7c 7764
wolfSSL 15:117db924cf7c 7765 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
wolfSSL 15:117db924cf7c 7766 /* Get the size of the encoded PSK KE modes extension.
wolfSSL 15:117db924cf7c 7767 * Only in ClientHello.
wolfSSL 15:117db924cf7c 7768 *
wolfSSL 15:117db924cf7c 7769 * modes The PSK KE mode bit string.
wolfSSL 15:117db924cf7c 7770 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 7771 * returns the number of bytes of the encoded PSK KE mode extension.
wolfSSL 15:117db924cf7c 7772 */
wolfSSL 15:117db924cf7c 7773 static word16 TLSX_PskKeModes_GetSize(byte modes, byte msgType)
wolfSSL 15:117db924cf7c 7774 {
wolfSSL 15:117db924cf7c 7775 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 7776 /* Format: Len | Modes* */
wolfSSL 15:117db924cf7c 7777 word16 len = OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 7778 /* Check whether each possible mode is to be written. */
wolfSSL 15:117db924cf7c 7779 if (modes & (1 << PSK_KE))
wolfSSL 15:117db924cf7c 7780 len += OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 7781 if (modes & (1 << PSK_DHE_KE))
wolfSSL 15:117db924cf7c 7782 len += OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 7783 return len;
wolfSSL 15:117db924cf7c 7784 }
wolfSSL 15:117db924cf7c 7785
wolfSSL 15:117db924cf7c 7786 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 7787 }
wolfSSL 15:117db924cf7c 7788
wolfSSL 15:117db924cf7c 7789 /* Writes the PSK KE modes extension into the output buffer.
wolfSSL 15:117db924cf7c 7790 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 7791 * Only in ClientHello.
wolfSSL 15:117db924cf7c 7792 *
wolfSSL 15:117db924cf7c 7793 * modes The PSK KE mode bit string.
wolfSSL 15:117db924cf7c 7794 * output The buffer to write into.
wolfSSL 15:117db924cf7c 7795 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 7796 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 7797 */
wolfSSL 15:117db924cf7c 7798 static word16 TLSX_PskKeModes_Write(byte modes, byte* output, byte msgType)
wolfSSL 15:117db924cf7c 7799 {
wolfSSL 15:117db924cf7c 7800 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 7801 /* Format: Len | Modes* */
wolfSSL 15:117db924cf7c 7802 int idx = OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 7803
wolfSSL 15:117db924cf7c 7804 /* Write out each possible mode. */
wolfSSL 15:117db924cf7c 7805 if (modes & (1 << PSK_KE))
wolfSSL 15:117db924cf7c 7806 output[idx++] = PSK_KE;
wolfSSL 15:117db924cf7c 7807 if (modes & (1 << PSK_DHE_KE))
wolfSSL 15:117db924cf7c 7808 output[idx++] = PSK_DHE_KE;
wolfSSL 15:117db924cf7c 7809 /* Write out length of mode list. */
wolfSSL 15:117db924cf7c 7810 output[0] = idx - OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 7811
wolfSSL 15:117db924cf7c 7812 return idx;
wolfSSL 15:117db924cf7c 7813 }
wolfSSL 15:117db924cf7c 7814
wolfSSL 15:117db924cf7c 7815 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 7816 }
wolfSSL 15:117db924cf7c 7817
wolfSSL 15:117db924cf7c 7818 /* Parse the PSK KE modes extension.
wolfSSL 15:117db924cf7c 7819 * Only in ClientHello.
wolfSSL 15:117db924cf7c 7820 *
wolfSSL 15:117db924cf7c 7821 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7822 * input The extension data.
wolfSSL 15:117db924cf7c 7823 * length The length of the extension data.
wolfSSL 15:117db924cf7c 7824 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 7825 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7826 */
wolfSSL 15:117db924cf7c 7827 static int TLSX_PskKeModes_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 7828 byte msgType)
wolfSSL 15:117db924cf7c 7829 {
wolfSSL 15:117db924cf7c 7830 int ret;
wolfSSL 15:117db924cf7c 7831
wolfSSL 15:117db924cf7c 7832 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 7833 /* Format: Len | Modes* */
wolfSSL 15:117db924cf7c 7834 int idx = 0;
wolfSSL 15:117db924cf7c 7835 int len;
wolfSSL 15:117db924cf7c 7836 byte modes = 0;
wolfSSL 15:117db924cf7c 7837
wolfSSL 15:117db924cf7c 7838 /* Ensure length byte exists. */
wolfSSL 15:117db924cf7c 7839 if (length < OPAQUE8_LEN)
wolfSSL 15:117db924cf7c 7840 return BUFFER_E;
wolfSSL 15:117db924cf7c 7841
wolfSSL 15:117db924cf7c 7842 /* Get length of mode list and ensure that is the only data. */
wolfSSL 15:117db924cf7c 7843 len = input[0];
wolfSSL 15:117db924cf7c 7844 if (length - OPAQUE8_LEN != len)
wolfSSL 15:117db924cf7c 7845 return BUFFER_E;
wolfSSL 15:117db924cf7c 7846
wolfSSL 15:117db924cf7c 7847 idx = OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 7848 /* Set a bit for each recognized modes. */
wolfSSL 15:117db924cf7c 7849 while (len > 0) {
wolfSSL 15:117db924cf7c 7850 /* Ignore unrecognized modes. */
wolfSSL 15:117db924cf7c 7851 if (input[idx] <= PSK_DHE_KE)
wolfSSL 15:117db924cf7c 7852 modes |= 1 << input[idx];
wolfSSL 15:117db924cf7c 7853 idx++;
wolfSSL 15:117db924cf7c 7854 len--;
wolfSSL 15:117db924cf7c 7855 }
wolfSSL 15:117db924cf7c 7856
wolfSSL 15:117db924cf7c 7857 ret = TLSX_PskKeModes_Use(ssl, modes);
wolfSSL 15:117db924cf7c 7858 if (ret != 0)
wolfSSL 15:117db924cf7c 7859 return ret;
wolfSSL 15:117db924cf7c 7860
wolfSSL 15:117db924cf7c 7861 return 0;
wolfSSL 15:117db924cf7c 7862 }
wolfSSL 15:117db924cf7c 7863
wolfSSL 15:117db924cf7c 7864 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 7865 }
wolfSSL 15:117db924cf7c 7866
wolfSSL 15:117db924cf7c 7867 /* Use the data to create a new PSK Key Exchange Modes object in the extensions.
wolfSSL 15:117db924cf7c 7868 *
wolfSSL 15:117db924cf7c 7869 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7870 * modes The PSK key exchange modes.
wolfSSL 15:117db924cf7c 7871 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7872 */
wolfSSL 15:117db924cf7c 7873 int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes)
wolfSSL 15:117db924cf7c 7874 {
wolfSSL 15:117db924cf7c 7875 int ret = 0;
wolfSSL 15:117db924cf7c 7876 TLSX* extension;
wolfSSL 15:117db924cf7c 7877
wolfSSL 15:117db924cf7c 7878 /* Find the PSK key exchange modes extension if it exists. */
wolfSSL 15:117db924cf7c 7879 extension = TLSX_Find(ssl->extensions, TLSX_PSK_KEY_EXCHANGE_MODES);
wolfSSL 15:117db924cf7c 7880 if (extension == NULL) {
wolfSSL 15:117db924cf7c 7881 /* Push new PSK key exchange modes extension. */
wolfSSL 15:117db924cf7c 7882 ret = TLSX_Push(&ssl->extensions, TLSX_PSK_KEY_EXCHANGE_MODES, NULL,
wolfSSL 15:117db924cf7c 7883 ssl->heap);
wolfSSL 15:117db924cf7c 7884 if (ret != 0)
wolfSSL 15:117db924cf7c 7885 return ret;
wolfSSL 15:117db924cf7c 7886
wolfSSL 15:117db924cf7c 7887 extension = TLSX_Find(ssl->extensions, TLSX_PSK_KEY_EXCHANGE_MODES);
wolfSSL 15:117db924cf7c 7888 if (extension == NULL)
wolfSSL 15:117db924cf7c 7889 return MEMORY_E;
wolfSSL 15:117db924cf7c 7890 }
wolfSSL 15:117db924cf7c 7891
wolfSSL 15:117db924cf7c 7892 extension->val = modes;
wolfSSL 15:117db924cf7c 7893
wolfSSL 15:117db924cf7c 7894 return 0;
wolfSSL 15:117db924cf7c 7895 }
wolfSSL 15:117db924cf7c 7896
wolfSSL 15:117db924cf7c 7897 #define PKM_GET_SIZE TLSX_PskKeModes_GetSize
wolfSSL 15:117db924cf7c 7898 #define PKM_WRITE TLSX_PskKeModes_Write
wolfSSL 15:117db924cf7c 7899 #define PKM_PARSE TLSX_PskKeModes_Parse
wolfSSL 15:117db924cf7c 7900
wolfSSL 15:117db924cf7c 7901 #else
wolfSSL 15:117db924cf7c 7902
wolfSSL 15:117db924cf7c 7903 #define PKM_GET_SIZE(a, b) 0
wolfSSL 15:117db924cf7c 7904 #define PKM_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 7905 #define PKM_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 7906
wolfSSL 15:117db924cf7c 7907 #endif
wolfSSL 15:117db924cf7c 7908
wolfSSL 15:117db924cf7c 7909 /******************************************************************************/
wolfSSL 15:117db924cf7c 7910 /* Post-Handshake Authentication */
wolfSSL 15:117db924cf7c 7911 /******************************************************************************/
wolfSSL 15:117db924cf7c 7912
wolfSSL 15:117db924cf7c 7913 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL 15:117db924cf7c 7914 /* Get the size of the encoded Post-Hanshake Authentication extension.
wolfSSL 15:117db924cf7c 7915 * Only in ClientHello.
wolfSSL 15:117db924cf7c 7916 *
wolfSSL 15:117db924cf7c 7917 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 7918 * returns the number of bytes of the encoded Post-Hanshake Authentication
wolfSSL 15:117db924cf7c 7919 * extension.
wolfSSL 15:117db924cf7c 7920 */
wolfSSL 15:117db924cf7c 7921 static word16 TLSX_PostHandAuth_GetSize(byte msgType)
wolfSSL 15:117db924cf7c 7922 {
wolfSSL 15:117db924cf7c 7923 if (msgType == client_hello)
wolfSSL 15:117db924cf7c 7924 return 0;
wolfSSL 15:117db924cf7c 7925
wolfSSL 15:117db924cf7c 7926 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 7927 }
wolfSSL 15:117db924cf7c 7928
wolfSSL 15:117db924cf7c 7929 /* Writes the Post-Handshake Authentication extension into the output buffer.
wolfSSL 15:117db924cf7c 7930 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 7931 * Only in ClientHello.
wolfSSL 15:117db924cf7c 7932 *
wolfSSL 15:117db924cf7c 7933 * output The buffer to write into.
wolfSSL 15:117db924cf7c 7934 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 7935 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 7936 */
wolfSSL 15:117db924cf7c 7937 static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType)
wolfSSL 15:117db924cf7c 7938 {
wolfSSL 15:117db924cf7c 7939 (void)output;
wolfSSL 15:117db924cf7c 7940
wolfSSL 15:117db924cf7c 7941 if (msgType == client_hello)
wolfSSL 15:117db924cf7c 7942 return 0;
wolfSSL 15:117db924cf7c 7943
wolfSSL 15:117db924cf7c 7944 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 7945 }
wolfSSL 15:117db924cf7c 7946
wolfSSL 15:117db924cf7c 7947 /* Parse the Post-Handshake Authentication extension.
wolfSSL 15:117db924cf7c 7948 * Only in ClientHello.
wolfSSL 15:117db924cf7c 7949 *
wolfSSL 15:117db924cf7c 7950 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7951 * input The extension data.
wolfSSL 15:117db924cf7c 7952 * length The length of the extension data.
wolfSSL 15:117db924cf7c 7953 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 7954 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7955 */
wolfSSL 15:117db924cf7c 7956 static int TLSX_PostHandAuth_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 7957 byte msgType)
wolfSSL 15:117db924cf7c 7958 {
wolfSSL 15:117db924cf7c 7959 (void)input;
wolfSSL 15:117db924cf7c 7960
wolfSSL 15:117db924cf7c 7961 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 7962 /* Ensure extension is empty. */
wolfSSL 15:117db924cf7c 7963 if (length != 0)
wolfSSL 15:117db924cf7c 7964 return BUFFER_E;
wolfSSL 15:117db924cf7c 7965
wolfSSL 15:117db924cf7c 7966 ssl->options.postHandshakeAuth = 1;
wolfSSL 15:117db924cf7c 7967 return 0;
wolfSSL 15:117db924cf7c 7968 }
wolfSSL 15:117db924cf7c 7969
wolfSSL 15:117db924cf7c 7970 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 7971 }
wolfSSL 15:117db924cf7c 7972
wolfSSL 15:117db924cf7c 7973 /* Create a new Post-handshake authentication object in the extensions.
wolfSSL 15:117db924cf7c 7974 *
wolfSSL 15:117db924cf7c 7975 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7976 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7977 */
wolfSSL 15:117db924cf7c 7978 static int TLSX_PostHandAuth_Use(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 7979 {
wolfSSL 15:117db924cf7c 7980 int ret = 0;
wolfSSL 15:117db924cf7c 7981 TLSX* extension;
wolfSSL 15:117db924cf7c 7982
wolfSSL 15:117db924cf7c 7983 /* Find the PSK key exchange modes extension if it exists. */
wolfSSL 15:117db924cf7c 7984 extension = TLSX_Find(ssl->extensions, TLSX_POST_HANDSHAKE_AUTH);
wolfSSL 15:117db924cf7c 7985 if (extension == NULL) {
wolfSSL 15:117db924cf7c 7986 /* Push new Post-handshake Authentication extension. */
wolfSSL 15:117db924cf7c 7987 ret = TLSX_Push(&ssl->extensions, TLSX_POST_HANDSHAKE_AUTH, NULL,
wolfSSL 15:117db924cf7c 7988 ssl->heap);
wolfSSL 15:117db924cf7c 7989 if (ret != 0)
wolfSSL 15:117db924cf7c 7990 return ret;
wolfSSL 15:117db924cf7c 7991 }
wolfSSL 15:117db924cf7c 7992
wolfSSL 15:117db924cf7c 7993 return 0;
wolfSSL 15:117db924cf7c 7994 }
wolfSSL 15:117db924cf7c 7995
wolfSSL 15:117db924cf7c 7996 #define PHA_GET_SIZE TLSX_PostHandAuth_GetSize
wolfSSL 15:117db924cf7c 7997 #define PHA_WRITE TLSX_PostHandAuth_Write
wolfSSL 15:117db924cf7c 7998 #define PHA_PARSE TLSX_PostHandAuth_Parse
wolfSSL 15:117db924cf7c 7999
wolfSSL 15:117db924cf7c 8000 #else
wolfSSL 15:117db924cf7c 8001
wolfSSL 15:117db924cf7c 8002 #define PHA_GET_SIZE(a) 0
wolfSSL 15:117db924cf7c 8003 #define PHA_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 8004 #define PHA_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 8005
wolfSSL 15:117db924cf7c 8006 #endif
wolfSSL 15:117db924cf7c 8007
wolfSSL 15:117db924cf7c 8008 /******************************************************************************/
wolfSSL 15:117db924cf7c 8009 /* Early Data Indication */
wolfSSL 15:117db924cf7c 8010 /******************************************************************************/
wolfSSL 15:117db924cf7c 8011
wolfSSL 15:117db924cf7c 8012 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 8013 /* Get the size of the encoded Early Data Indication extension.
wolfSSL 15:117db924cf7c 8014 * In messages: ClientHello, EncryptedExtensions and NewSessionTicket.
wolfSSL 15:117db924cf7c 8015 *
wolfSSL 15:117db924cf7c 8016 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 8017 * returns the number of bytes of the encoded Early Data Indication extension.
wolfSSL 15:117db924cf7c 8018 */
wolfSSL 15:117db924cf7c 8019 static word16 TLSX_EarlyData_GetSize(byte msgType)
wolfSSL 15:117db924cf7c 8020 {
wolfSSL 15:117db924cf7c 8021 if (msgType == client_hello || msgType == encrypted_extensions)
wolfSSL 15:117db924cf7c 8022 return 0;
wolfSSL 15:117db924cf7c 8023 if (msgType == session_ticket)
wolfSSL 15:117db924cf7c 8024 return OPAQUE32_LEN;
wolfSSL 15:117db924cf7c 8025
wolfSSL 15:117db924cf7c 8026 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8027 }
wolfSSL 15:117db924cf7c 8028
wolfSSL 15:117db924cf7c 8029 /* Writes the Early Data Indicator extension into the output buffer.
wolfSSL 15:117db924cf7c 8030 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 8031 * In messages: ClientHello, EncryptedExtensions and NewSessionTicket.
wolfSSL 15:117db924cf7c 8032 *
wolfSSL 15:117db924cf7c 8033 * max The maximum early data size.
wolfSSL 15:117db924cf7c 8034 * output The buffer to write into.
wolfSSL 15:117db924cf7c 8035 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 8036 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 8037 */
wolfSSL 15:117db924cf7c 8038 static word16 TLSX_EarlyData_Write(word32 max, byte* output, byte msgType)
wolfSSL 15:117db924cf7c 8039 {
wolfSSL 15:117db924cf7c 8040 if (msgType == client_hello || msgType == encrypted_extensions) {
wolfSSL 15:117db924cf7c 8041 return 0;
wolfSSL 15:117db924cf7c 8042 }
wolfSSL 15:117db924cf7c 8043 if (msgType == session_ticket) {
wolfSSL 15:117db924cf7c 8044 c32toa(max, output);
wolfSSL 15:117db924cf7c 8045 return OPAQUE32_LEN;
wolfSSL 15:117db924cf7c 8046 }
wolfSSL 15:117db924cf7c 8047
wolfSSL 15:117db924cf7c 8048 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8049 }
wolfSSL 15:117db924cf7c 8050
wolfSSL 15:117db924cf7c 8051 /* Parse the Early Data Indicator extension.
wolfSSL 15:117db924cf7c 8052 * In messages: ClientHello, EncryptedExtensions and NewSessionTicket.
wolfSSL 15:117db924cf7c 8053 *
wolfSSL 15:117db924cf7c 8054 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 8055 * input The extension data.
wolfSSL 15:117db924cf7c 8056 * length The length of the extension data.
wolfSSL 15:117db924cf7c 8057 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 8058 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 8059 */
wolfSSL 15:117db924cf7c 8060 static int TLSX_EarlyData_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 8061 byte msgType)
wolfSSL 15:117db924cf7c 8062 {
wolfSSL 15:117db924cf7c 8063 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 8064 if (length != 0)
wolfSSL 15:117db924cf7c 8065 return BUFFER_E;
wolfSSL 15:117db924cf7c 8066
wolfSSL 15:117db924cf7c 8067 return TLSX_EarlyData_Use(ssl, 0);
wolfSSL 15:117db924cf7c 8068 }
wolfSSL 15:117db924cf7c 8069 if (msgType == encrypted_extensions) {
wolfSSL 15:117db924cf7c 8070 if (length != 0)
wolfSSL 15:117db924cf7c 8071 return BUFFER_E;
wolfSSL 15:117db924cf7c 8072
wolfSSL 15:117db924cf7c 8073 /* Ensure the index of PSK identity chosen by server is 0.
wolfSSL 15:117db924cf7c 8074 * Index is plus one to handle 'not set' value of 0.
wolfSSL 15:117db924cf7c 8075 */
wolfSSL 15:117db924cf7c 8076 if (ssl->options.pskIdIndex != 1)
wolfSSL 15:117db924cf7c 8077 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 8078
wolfSSL 15:117db924cf7c 8079 return TLSX_EarlyData_Use(ssl, 1);
wolfSSL 15:117db924cf7c 8080 }
wolfSSL 15:117db924cf7c 8081 if (msgType == session_ticket) {
wolfSSL 15:117db924cf7c 8082 word32 max;
wolfSSL 15:117db924cf7c 8083
wolfSSL 15:117db924cf7c 8084 if (length != OPAQUE32_LEN)
wolfSSL 15:117db924cf7c 8085 return BUFFER_E;
wolfSSL 15:117db924cf7c 8086 ato32(input, &max);
wolfSSL 15:117db924cf7c 8087
wolfSSL 15:117db924cf7c 8088 ssl->session.maxEarlyDataSz = max;
wolfSSL 15:117db924cf7c 8089 return 0;
wolfSSL 15:117db924cf7c 8090 }
wolfSSL 15:117db924cf7c 8091
wolfSSL 15:117db924cf7c 8092 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8093 }
wolfSSL 15:117db924cf7c 8094
wolfSSL 15:117db924cf7c 8095 /* Use the data to create a new Early Data object in the extensions.
wolfSSL 15:117db924cf7c 8096 *
wolfSSL 15:117db924cf7c 8097 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 8098 * max The maximum early data size.
wolfSSL 15:117db924cf7c 8099 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 8100 */
wolfSSL 15:117db924cf7c 8101 int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max)
wolfSSL 15:117db924cf7c 8102 {
wolfSSL 15:117db924cf7c 8103 int ret = 0;
wolfSSL 15:117db924cf7c 8104 TLSX* extension;
wolfSSL 15:117db924cf7c 8105
wolfSSL 15:117db924cf7c 8106 /* Find the early data extension if it exists. */
wolfSSL 15:117db924cf7c 8107 extension = TLSX_Find(ssl->extensions, TLSX_EARLY_DATA);
wolfSSL 15:117db924cf7c 8108 if (extension == NULL) {
wolfSSL 15:117db924cf7c 8109 /* Push new early data extension. */
wolfSSL 15:117db924cf7c 8110 ret = TLSX_Push(&ssl->extensions, TLSX_EARLY_DATA, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 8111 if (ret != 0)
wolfSSL 15:117db924cf7c 8112 return ret;
wolfSSL 15:117db924cf7c 8113
wolfSSL 15:117db924cf7c 8114 extension = TLSX_Find(ssl->extensions, TLSX_EARLY_DATA);
wolfSSL 15:117db924cf7c 8115 if (extension == NULL)
wolfSSL 15:117db924cf7c 8116 return MEMORY_E;
wolfSSL 15:117db924cf7c 8117 }
wolfSSL 15:117db924cf7c 8118
wolfSSL 15:117db924cf7c 8119 extension->resp = 1;
wolfSSL 15:117db924cf7c 8120 extension->val = max;
wolfSSL 15:117db924cf7c 8121
wolfSSL 15:117db924cf7c 8122 return 0;
wolfSSL 15:117db924cf7c 8123 }
wolfSSL 15:117db924cf7c 8124
wolfSSL 15:117db924cf7c 8125 #define EDI_GET_SIZE TLSX_EarlyData_GetSize
wolfSSL 15:117db924cf7c 8126 #define EDI_WRITE TLSX_EarlyData_Write
wolfSSL 15:117db924cf7c 8127 #define EDI_PARSE TLSX_EarlyData_Parse
wolfSSL 15:117db924cf7c 8128
wolfSSL 15:117db924cf7c 8129 #else
wolfSSL 15:117db924cf7c 8130
wolfSSL 15:117db924cf7c 8131 #define EDI_GET_SIZE(a) 0
wolfSSL 15:117db924cf7c 8132 #define EDI_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 8133 #define EDI_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 8134
wolfSSL 15:117db924cf7c 8135 #endif
wolfSSL 15:117db924cf7c 8136
wolfSSL 15:117db924cf7c 8137 /******************************************************************************/
wolfSSL 15:117db924cf7c 8138 /* TLS Extensions Framework */
wolfSSL 15:117db924cf7c 8139 /******************************************************************************/
wolfSSL 15:117db924cf7c 8140
wolfSSL 15:117db924cf7c 8141 /** Finds an extension in the provided list. */
wolfSSL 15:117db924cf7c 8142 TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
wolfSSL 15:117db924cf7c 8143 {
wolfSSL 15:117db924cf7c 8144 TLSX* extension = list;
wolfSSL 15:117db924cf7c 8145
wolfSSL 15:117db924cf7c 8146 while (extension && extension->type != type)
wolfSSL 15:117db924cf7c 8147 extension = extension->next;
wolfSSL 15:117db924cf7c 8148
wolfSSL 15:117db924cf7c 8149 return extension;
wolfSSL 15:117db924cf7c 8150 }
wolfSSL 15:117db924cf7c 8151
wolfSSL 15:117db924cf7c 8152 /** Remove an extension. */
wolfSSL 15:117db924cf7c 8153 void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap)
wolfSSL 15:117db924cf7c 8154 {
wolfSSL 15:117db924cf7c 8155 TLSX* extension = *list;
wolfSSL 15:117db924cf7c 8156 TLSX** next = list;
wolfSSL 15:117db924cf7c 8157
wolfSSL 15:117db924cf7c 8158 while (extension && extension->type != type) {
wolfSSL 15:117db924cf7c 8159 next = &extension->next;
wolfSSL 15:117db924cf7c 8160 extension = extension->next;
wolfSSL 15:117db924cf7c 8161 }
wolfSSL 15:117db924cf7c 8162
wolfSSL 15:117db924cf7c 8163 if (extension) {
wolfSSL 15:117db924cf7c 8164 *next = extension->next;
wolfSSL 15:117db924cf7c 8165 extension->next = NULL;
wolfSSL 15:117db924cf7c 8166 TLSX_FreeAll(extension, heap);
wolfSSL 15:117db924cf7c 8167 }
wolfSSL 15:117db924cf7c 8168 }
wolfSSL 15:117db924cf7c 8169
wolfSSL 15:117db924cf7c 8170 /** Releases all extensions in the provided list. */
wolfSSL 15:117db924cf7c 8171 void TLSX_FreeAll(TLSX* list, void* heap)
wolfSSL 15:117db924cf7c 8172 {
wolfSSL 15:117db924cf7c 8173 TLSX* extension;
wolfSSL 15:117db924cf7c 8174
wolfSSL 15:117db924cf7c 8175 while ((extension = list)) {
wolfSSL 15:117db924cf7c 8176 list = extension->next;
wolfSSL 15:117db924cf7c 8177
wolfSSL 15:117db924cf7c 8178 switch (extension->type) {
wolfSSL 15:117db924cf7c 8179
wolfSSL 15:117db924cf7c 8180 case TLSX_SERVER_NAME:
wolfSSL 15:117db924cf7c 8181 SNI_FREE_ALL((SNI*)extension->data, heap);
wolfSSL 15:117db924cf7c 8182 break;
wolfSSL 15:117db924cf7c 8183
wolfSSL 15:117db924cf7c 8184 case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL 15:117db924cf7c 8185 MFL_FREE_ALL(extension->data, heap);
wolfSSL 15:117db924cf7c 8186 break;
wolfSSL 15:117db924cf7c 8187
wolfSSL 15:117db924cf7c 8188 case TLSX_TRUNCATED_HMAC:
wolfSSL 15:117db924cf7c 8189 /* Nothing to do. */
wolfSSL 15:117db924cf7c 8190 break;
wolfSSL 15:117db924cf7c 8191
wolfSSL 15:117db924cf7c 8192 case TLSX_SUPPORTED_GROUPS:
wolfSSL 15:117db924cf7c 8193 EC_FREE_ALL((SupportedCurve*)extension->data, heap);
wolfSSL 15:117db924cf7c 8194 break;
wolfSSL 15:117db924cf7c 8195
wolfSSL 15:117db924cf7c 8196 case TLSX_EC_POINT_FORMATS:
wolfSSL 15:117db924cf7c 8197 PF_FREE_ALL((PointFormat*)extension->data, heap);
wolfSSL 15:117db924cf7c 8198 break;
wolfSSL 15:117db924cf7c 8199
wolfSSL 15:117db924cf7c 8200 case TLSX_STATUS_REQUEST:
wolfSSL 15:117db924cf7c 8201 CSR_FREE_ALL((CertificateStatusRequest*)extension->data, heap);
wolfSSL 15:117db924cf7c 8202 break;
wolfSSL 15:117db924cf7c 8203
wolfSSL 15:117db924cf7c 8204 case TLSX_STATUS_REQUEST_V2:
wolfSSL 15:117db924cf7c 8205 CSR2_FREE_ALL((CertificateStatusRequestItemV2*)extension->data,
wolfSSL 15:117db924cf7c 8206 heap);
wolfSSL 15:117db924cf7c 8207 break;
wolfSSL 15:117db924cf7c 8208
wolfSSL 15:117db924cf7c 8209 case TLSX_RENEGOTIATION_INFO:
wolfSSL 15:117db924cf7c 8210 SCR_FREE_ALL(extension->data, heap);
wolfSSL 15:117db924cf7c 8211 break;
wolfSSL 15:117db924cf7c 8212
wolfSSL 15:117db924cf7c 8213 case TLSX_SESSION_TICKET:
wolfSSL 15:117db924cf7c 8214 WOLF_STK_FREE(extension->data, heap);
wolfSSL 15:117db924cf7c 8215 break;
wolfSSL 15:117db924cf7c 8216
wolfSSL 15:117db924cf7c 8217 case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL 15:117db924cf7c 8218 QSH_FREE_ALL((QSHScheme*)extension->data, heap);
wolfSSL 15:117db924cf7c 8219 break;
wolfSSL 15:117db924cf7c 8220
wolfSSL 15:117db924cf7c 8221 case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL 15:117db924cf7c 8222 ALPN_FREE_ALL((ALPN*)extension->data, heap);
wolfSSL 15:117db924cf7c 8223 break;
wolfSSL 15:117db924cf7c 8224
wolfSSL 15:117db924cf7c 8225 case TLSX_SIGNATURE_ALGORITHMS:
wolfSSL 15:117db924cf7c 8226 break;
wolfSSL 15:117db924cf7c 8227
wolfSSL 15:117db924cf7c 8228 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 8229 case TLSX_SUPPORTED_VERSIONS:
wolfSSL 15:117db924cf7c 8230 break;
wolfSSL 15:117db924cf7c 8231
wolfSSL 15:117db924cf7c 8232 case TLSX_COOKIE:
wolfSSL 15:117db924cf7c 8233 CKE_FREE_ALL((Cookie*)extension->data, heap);
wolfSSL 15:117db924cf7c 8234 break;
wolfSSL 15:117db924cf7c 8235
wolfSSL 15:117db924cf7c 8236 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 8237 case TLSX_PRE_SHARED_KEY:
wolfSSL 15:117db924cf7c 8238 PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
wolfSSL 15:117db924cf7c 8239 break;
wolfSSL 15:117db924cf7c 8240
wolfSSL 15:117db924cf7c 8241 case TLSX_PSK_KEY_EXCHANGE_MODES:
wolfSSL 15:117db924cf7c 8242 break;
wolfSSL 15:117db924cf7c 8243 #endif
wolfSSL 15:117db924cf7c 8244
wolfSSL 15:117db924cf7c 8245 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 8246 case TLSX_EARLY_DATA:
wolfSSL 15:117db924cf7c 8247 break;
wolfSSL 15:117db924cf7c 8248 #endif
wolfSSL 15:117db924cf7c 8249
wolfSSL 15:117db924cf7c 8250 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 15:117db924cf7c 8251 case TLSX_POST_HANDSHAKE_AUTH:
wolfSSL 15:117db924cf7c 8252 break;
wolfSSL 15:117db924cf7c 8253 #endif
wolfSSL 15:117db924cf7c 8254
wolfSSL 15:117db924cf7c 8255 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 8256 case TLSX_SIGNATURE_ALGORITHMS_CERT:
wolfSSL 15:117db924cf7c 8257 break;
wolfSSL 15:117db924cf7c 8258 #endif
wolfSSL 15:117db924cf7c 8259
wolfSSL 15:117db924cf7c 8260 case TLSX_KEY_SHARE:
wolfSSL 15:117db924cf7c 8261 KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
wolfSSL 15:117db924cf7c 8262 break;
wolfSSL 15:117db924cf7c 8263 #endif
wolfSSL 15:117db924cf7c 8264 }
wolfSSL 15:117db924cf7c 8265
wolfSSL 15:117db924cf7c 8266 XFREE(extension, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 8267 }
wolfSSL 15:117db924cf7c 8268
wolfSSL 15:117db924cf7c 8269 (void)heap;
wolfSSL 15:117db924cf7c 8270 }
wolfSSL 15:117db924cf7c 8271
wolfSSL 15:117db924cf7c 8272 /** Checks if the tls extensions are supported based on the protocol version. */
wolfSSL 15:117db924cf7c 8273 int TLSX_SupportExtensions(WOLFSSL* ssl) {
wolfSSL 15:117db924cf7c 8274 return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR);
wolfSSL 15:117db924cf7c 8275 }
wolfSSL 15:117db924cf7c 8276
wolfSSL 15:117db924cf7c 8277 /** Tells the buffered size of the extensions in a list. */
wolfSSL 15:117db924cf7c 8278 static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, word16* pLength)
wolfSSL 15:117db924cf7c 8279 {
wolfSSL 15:117db924cf7c 8280 int ret = 0;
wolfSSL 15:117db924cf7c 8281 TLSX* extension;
wolfSSL 15:117db924cf7c 8282 word16 length = 0;
wolfSSL 15:117db924cf7c 8283 byte isRequest = (msgType == client_hello ||
wolfSSL 15:117db924cf7c 8284 msgType == certificate_request);
wolfSSL 15:117db924cf7c 8285
wolfSSL 15:117db924cf7c 8286 while ((extension = list)) {
wolfSSL 15:117db924cf7c 8287 list = extension->next;
wolfSSL 15:117db924cf7c 8288
wolfSSL 15:117db924cf7c 8289 /* only extensions marked as response are sent back to the client. */
wolfSSL 15:117db924cf7c 8290 if (!isRequest && !extension->resp)
wolfSSL 15:117db924cf7c 8291 continue; /* skip! */
wolfSSL 15:117db924cf7c 8292
wolfSSL 15:117db924cf7c 8293 /* ssl level extensions are expected to override ctx level ones. */
wolfSSL 15:117db924cf7c 8294 if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
wolfSSL 15:117db924cf7c 8295 continue; /* skip! */
wolfSSL 15:117db924cf7c 8296
wolfSSL 15:117db924cf7c 8297 /* extension type + extension data length. */
wolfSSL 15:117db924cf7c 8298 length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 8299
wolfSSL 15:117db924cf7c 8300
wolfSSL 15:117db924cf7c 8301 switch (extension->type) {
wolfSSL 15:117db924cf7c 8302
wolfSSL 15:117db924cf7c 8303 case TLSX_SERVER_NAME:
wolfSSL 15:117db924cf7c 8304 /* SNI only sends the name on the request. */
wolfSSL 15:117db924cf7c 8305 if (isRequest)
wolfSSL 15:117db924cf7c 8306 length += SNI_GET_SIZE((SNI*)extension->data);
wolfSSL 15:117db924cf7c 8307 break;
wolfSSL 15:117db924cf7c 8308
wolfSSL 15:117db924cf7c 8309 case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL 15:117db924cf7c 8310 length += MFL_GET_SIZE(extension->data);
wolfSSL 15:117db924cf7c 8311 break;
wolfSSL 15:117db924cf7c 8312
wolfSSL 15:117db924cf7c 8313 case TLSX_TRUNCATED_HMAC:
wolfSSL 15:117db924cf7c 8314 /* always empty. */
wolfSSL 15:117db924cf7c 8315 break;
wolfSSL 15:117db924cf7c 8316
wolfSSL 15:117db924cf7c 8317 case TLSX_SUPPORTED_GROUPS:
wolfSSL 15:117db924cf7c 8318 length += EC_GET_SIZE((SupportedCurve*)extension->data);
wolfSSL 15:117db924cf7c 8319 break;
wolfSSL 15:117db924cf7c 8320
wolfSSL 15:117db924cf7c 8321 case TLSX_EC_POINT_FORMATS:
wolfSSL 15:117db924cf7c 8322 length += PF_GET_SIZE((PointFormat*)extension->data);
wolfSSL 15:117db924cf7c 8323 break;
wolfSSL 15:117db924cf7c 8324
wolfSSL 15:117db924cf7c 8325 case TLSX_STATUS_REQUEST:
wolfSSL 15:117db924cf7c 8326 length += CSR_GET_SIZE(
wolfSSL 15:117db924cf7c 8327 (CertificateStatusRequest*)extension->data, isRequest);
wolfSSL 15:117db924cf7c 8328 break;
wolfSSL 15:117db924cf7c 8329
wolfSSL 15:117db924cf7c 8330 case TLSX_STATUS_REQUEST_V2:
wolfSSL 15:117db924cf7c 8331 length += CSR2_GET_SIZE(
wolfSSL 15:117db924cf7c 8332 (CertificateStatusRequestItemV2*)extension->data,
wolfSSL 15:117db924cf7c 8333 isRequest);
wolfSSL 15:117db924cf7c 8334 break;
wolfSSL 15:117db924cf7c 8335
wolfSSL 15:117db924cf7c 8336 case TLSX_RENEGOTIATION_INFO:
wolfSSL 15:117db924cf7c 8337 length += SCR_GET_SIZE((SecureRenegotiation*)extension->data,
wolfSSL 15:117db924cf7c 8338 isRequest);
wolfSSL 15:117db924cf7c 8339 break;
wolfSSL 15:117db924cf7c 8340
wolfSSL 15:117db924cf7c 8341 case TLSX_SESSION_TICKET:
wolfSSL 15:117db924cf7c 8342 length += WOLF_STK_GET_SIZE((SessionTicket*)extension->data,
wolfSSL 15:117db924cf7c 8343 isRequest);
wolfSSL 15:117db924cf7c 8344 break;
wolfSSL 15:117db924cf7c 8345
wolfSSL 15:117db924cf7c 8346 case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL 15:117db924cf7c 8347 length += QSH_GET_SIZE((QSHScheme*)extension->data, isRequest);
wolfSSL 15:117db924cf7c 8348 break;
wolfSSL 15:117db924cf7c 8349
wolfSSL 15:117db924cf7c 8350 case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL 15:117db924cf7c 8351 length += ALPN_GET_SIZE((ALPN*)extension->data);
wolfSSL 15:117db924cf7c 8352 break;
wolfSSL 15:117db924cf7c 8353
wolfSSL 15:117db924cf7c 8354 case TLSX_SIGNATURE_ALGORITHMS:
wolfSSL 15:117db924cf7c 8355 length += SA_GET_SIZE(extension->data);
wolfSSL 15:117db924cf7c 8356 break;
wolfSSL 15:117db924cf7c 8357
wolfSSL 15:117db924cf7c 8358 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 8359 case TLSX_SUPPORTED_VERSIONS:
wolfSSL 15:117db924cf7c 8360 ret = SV_GET_SIZE(extension->data, msgType, &length);
wolfSSL 15:117db924cf7c 8361 break;
wolfSSL 15:117db924cf7c 8362
wolfSSL 15:117db924cf7c 8363 case TLSX_COOKIE:
wolfSSL 15:117db924cf7c 8364 ret = CKE_GET_SIZE((Cookie*)extension->data, msgType, &length);
wolfSSL 15:117db924cf7c 8365 break;
wolfSSL 15:117db924cf7c 8366
wolfSSL 15:117db924cf7c 8367 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 8368 case TLSX_PRE_SHARED_KEY:
wolfSSL 15:117db924cf7c 8369 length += PSK_GET_SIZE((PreSharedKey*)extension->data, msgType);
wolfSSL 15:117db924cf7c 8370 break;
wolfSSL 15:117db924cf7c 8371
wolfSSL 15:117db924cf7c 8372 case TLSX_PSK_KEY_EXCHANGE_MODES:
wolfSSL 15:117db924cf7c 8373 length += PKM_GET_SIZE(extension->val, msgType);
wolfSSL 15:117db924cf7c 8374 break;
wolfSSL 15:117db924cf7c 8375 #endif
wolfSSL 15:117db924cf7c 8376
wolfSSL 15:117db924cf7c 8377 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 8378 case TLSX_EARLY_DATA:
wolfSSL 15:117db924cf7c 8379 length += EDI_GET_SIZE(msgType);
wolfSSL 15:117db924cf7c 8380 break;
wolfSSL 15:117db924cf7c 8381 #endif
wolfSSL 15:117db924cf7c 8382
wolfSSL 15:117db924cf7c 8383 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 15:117db924cf7c 8384 case TLSX_POST_HANDSHAKE_AUTH:
wolfSSL 15:117db924cf7c 8385 length += PHA_GET_SIZE(msgType);
wolfSSL 15:117db924cf7c 8386 break;
wolfSSL 15:117db924cf7c 8387 #endif
wolfSSL 15:117db924cf7c 8388
wolfSSL 15:117db924cf7c 8389 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 8390 case TLSX_SIGNATURE_ALGORITHMS_CERT:
wolfSSL 15:117db924cf7c 8391 length += SAC_GET_SIZE(extension->data);
wolfSSL 15:117db924cf7c 8392 break;
wolfSSL 15:117db924cf7c 8393 #endif
wolfSSL 15:117db924cf7c 8394
wolfSSL 15:117db924cf7c 8395 case TLSX_KEY_SHARE:
wolfSSL 15:117db924cf7c 8396 length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
wolfSSL 15:117db924cf7c 8397 break;
wolfSSL 15:117db924cf7c 8398 #endif
wolfSSL 15:117db924cf7c 8399 }
wolfSSL 15:117db924cf7c 8400
wolfSSL 15:117db924cf7c 8401 /* marks the extension as processed so ctx level */
wolfSSL 15:117db924cf7c 8402 /* extensions don't overlap with ssl level ones. */
wolfSSL 15:117db924cf7c 8403 TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
wolfSSL 15:117db924cf7c 8404 }
wolfSSL 15:117db924cf7c 8405
wolfSSL 15:117db924cf7c 8406 *pLength += length;
wolfSSL 15:117db924cf7c 8407
wolfSSL 15:117db924cf7c 8408 return ret;
wolfSSL 15:117db924cf7c 8409 }
wolfSSL 15:117db924cf7c 8410
wolfSSL 15:117db924cf7c 8411 /** Writes the extensions of a list in a buffer. */
wolfSSL 15:117db924cf7c 8412 static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
wolfSSL 15:117db924cf7c 8413 byte msgType, word16* pOffset)
wolfSSL 15:117db924cf7c 8414 {
wolfSSL 15:117db924cf7c 8415 int ret = 0;
wolfSSL 15:117db924cf7c 8416 TLSX* extension;
wolfSSL 15:117db924cf7c 8417 word16 offset = 0;
wolfSSL 15:117db924cf7c 8418 word16 length_offset = 0;
wolfSSL 15:117db924cf7c 8419 byte isRequest = (msgType == client_hello ||
wolfSSL 15:117db924cf7c 8420 msgType == certificate_request);
wolfSSL 15:117db924cf7c 8421
wolfSSL 15:117db924cf7c 8422 while ((extension = list)) {
wolfSSL 15:117db924cf7c 8423 list = extension->next;
wolfSSL 15:117db924cf7c 8424
wolfSSL 15:117db924cf7c 8425 /* only extensions marked as response are written in a response. */
wolfSSL 15:117db924cf7c 8426 if (!isRequest && !extension->resp)
wolfSSL 15:117db924cf7c 8427 continue; /* skip! */
wolfSSL 15:117db924cf7c 8428
wolfSSL 15:117db924cf7c 8429 /* ssl level extensions are expected to override ctx level ones. */
wolfSSL 15:117db924cf7c 8430 if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
wolfSSL 15:117db924cf7c 8431 continue; /* skip! */
wolfSSL 15:117db924cf7c 8432
wolfSSL 15:117db924cf7c 8433 /* writes extension type. */
wolfSSL 15:117db924cf7c 8434 c16toa(extension->type, output + offset);
wolfSSL 15:117db924cf7c 8435 offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 8436 length_offset = offset;
wolfSSL 15:117db924cf7c 8437
wolfSSL 15:117db924cf7c 8438 /* extension data should be written internally. */
wolfSSL 15:117db924cf7c 8439 switch (extension->type) {
wolfSSL 15:117db924cf7c 8440 case TLSX_SERVER_NAME:
wolfSSL 15:117db924cf7c 8441 if (isRequest) {
wolfSSL 15:117db924cf7c 8442 WOLFSSL_MSG("SNI extension to write");
wolfSSL 15:117db924cf7c 8443 offset += SNI_WRITE((SNI*)extension->data, output + offset);
wolfSSL 15:117db924cf7c 8444 }
wolfSSL 15:117db924cf7c 8445 break;
wolfSSL 15:117db924cf7c 8446
wolfSSL 15:117db924cf7c 8447 case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL 15:117db924cf7c 8448 WOLFSSL_MSG("Max Fragment Length extension to write");
wolfSSL 15:117db924cf7c 8449 offset += MFL_WRITE((byte*)extension->data, output + offset);
wolfSSL 15:117db924cf7c 8450 break;
wolfSSL 15:117db924cf7c 8451
wolfSSL 15:117db924cf7c 8452 case TLSX_TRUNCATED_HMAC:
wolfSSL 15:117db924cf7c 8453 WOLFSSL_MSG("Truncated HMAC extension to write");
wolfSSL 15:117db924cf7c 8454 /* always empty. */
wolfSSL 15:117db924cf7c 8455 break;
wolfSSL 15:117db924cf7c 8456
wolfSSL 15:117db924cf7c 8457 case TLSX_SUPPORTED_GROUPS:
wolfSSL 15:117db924cf7c 8458 WOLFSSL_MSG("Supported Groups extension to write");
wolfSSL 15:117db924cf7c 8459 offset += EC_WRITE((SupportedCurve*)extension->data,
wolfSSL 15:117db924cf7c 8460 output + offset);
wolfSSL 15:117db924cf7c 8461 break;
wolfSSL 15:117db924cf7c 8462
wolfSSL 15:117db924cf7c 8463 case TLSX_EC_POINT_FORMATS:
wolfSSL 15:117db924cf7c 8464 WOLFSSL_MSG("Point Formats extension to write");
wolfSSL 15:117db924cf7c 8465 offset += PF_WRITE((PointFormat*)extension->data,
wolfSSL 15:117db924cf7c 8466 output + offset);
wolfSSL 15:117db924cf7c 8467 break;
wolfSSL 15:117db924cf7c 8468
wolfSSL 15:117db924cf7c 8469 case TLSX_STATUS_REQUEST:
wolfSSL 15:117db924cf7c 8470 WOLFSSL_MSG("Certificate Status Request extension to write");
wolfSSL 15:117db924cf7c 8471 offset += CSR_WRITE((CertificateStatusRequest*)extension->data,
wolfSSL 15:117db924cf7c 8472 output + offset, isRequest);
wolfSSL 15:117db924cf7c 8473 break;
wolfSSL 15:117db924cf7c 8474
wolfSSL 15:117db924cf7c 8475 case TLSX_STATUS_REQUEST_V2:
wolfSSL 15:117db924cf7c 8476 WOLFSSL_MSG("Certificate Status Request v2 extension to write");
wolfSSL 15:117db924cf7c 8477 offset += CSR2_WRITE(
wolfSSL 15:117db924cf7c 8478 (CertificateStatusRequestItemV2*)extension->data,
wolfSSL 15:117db924cf7c 8479 output + offset, isRequest);
wolfSSL 15:117db924cf7c 8480 break;
wolfSSL 15:117db924cf7c 8481
wolfSSL 15:117db924cf7c 8482 case TLSX_RENEGOTIATION_INFO:
wolfSSL 15:117db924cf7c 8483 WOLFSSL_MSG("Secure Renegotiation extension to write");
wolfSSL 15:117db924cf7c 8484 offset += SCR_WRITE((SecureRenegotiation*)extension->data,
wolfSSL 15:117db924cf7c 8485 output + offset, isRequest);
wolfSSL 15:117db924cf7c 8486 break;
wolfSSL 15:117db924cf7c 8487
wolfSSL 15:117db924cf7c 8488 case TLSX_SESSION_TICKET:
wolfSSL 15:117db924cf7c 8489 WOLFSSL_MSG("Session Ticket extension to write");
wolfSSL 15:117db924cf7c 8490 offset += WOLF_STK_WRITE((SessionTicket*)extension->data,
wolfSSL 15:117db924cf7c 8491 output + offset, isRequest);
wolfSSL 15:117db924cf7c 8492 break;
wolfSSL 15:117db924cf7c 8493
wolfSSL 15:117db924cf7c 8494 case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL 15:117db924cf7c 8495 WOLFSSL_MSG("Quantum-Safe-Hybrid extension to write");
wolfSSL 15:117db924cf7c 8496 if (isRequest) {
wolfSSL 15:117db924cf7c 8497 offset += QSH_WRITE((QSHScheme*)extension->data, output + offset);
wolfSSL 15:117db924cf7c 8498 }
wolfSSL 15:117db924cf7c 8499 offset += QSHPK_WRITE((QSHScheme*)extension->data, output + offset);
wolfSSL 15:117db924cf7c 8500 offset += QSH_SERREQ(output + offset, isRequest);
wolfSSL 15:117db924cf7c 8501 break;
wolfSSL 15:117db924cf7c 8502
wolfSSL 15:117db924cf7c 8503 case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL 15:117db924cf7c 8504 WOLFSSL_MSG("ALPN extension to write");
wolfSSL 15:117db924cf7c 8505 offset += ALPN_WRITE((ALPN*)extension->data, output + offset);
wolfSSL 15:117db924cf7c 8506 break;
wolfSSL 15:117db924cf7c 8507
wolfSSL 15:117db924cf7c 8508 case TLSX_SIGNATURE_ALGORITHMS:
wolfSSL 15:117db924cf7c 8509 WOLFSSL_MSG("Signature Algorithms extension to write");
wolfSSL 15:117db924cf7c 8510 offset += SA_WRITE(extension->data, output + offset);
wolfSSL 15:117db924cf7c 8511 break;
wolfSSL 15:117db924cf7c 8512
wolfSSL 15:117db924cf7c 8513 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 8514 case TLSX_SUPPORTED_VERSIONS:
wolfSSL 15:117db924cf7c 8515 WOLFSSL_MSG("Supported Versions extension to write");
wolfSSL 15:117db924cf7c 8516 ret = SV_WRITE(extension->data, output + offset, msgType, &offset);
wolfSSL 15:117db924cf7c 8517 break;
wolfSSL 15:117db924cf7c 8518
wolfSSL 15:117db924cf7c 8519 case TLSX_COOKIE:
wolfSSL 15:117db924cf7c 8520 WOLFSSL_MSG("Cookie extension to write");
wolfSSL 15:117db924cf7c 8521 ret = CKE_WRITE((Cookie*)extension->data, output + offset,
wolfSSL 15:117db924cf7c 8522 msgType, &offset);
wolfSSL 15:117db924cf7c 8523 break;
wolfSSL 15:117db924cf7c 8524
wolfSSL 15:117db924cf7c 8525 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 8526 case TLSX_PRE_SHARED_KEY:
wolfSSL 15:117db924cf7c 8527 WOLFSSL_MSG("Pre-Shared Key extension to write");
wolfSSL 15:117db924cf7c 8528 offset += PSK_WRITE((PreSharedKey*)extension->data,
wolfSSL 15:117db924cf7c 8529 output + offset, msgType);
wolfSSL 15:117db924cf7c 8530 break;
wolfSSL 15:117db924cf7c 8531
wolfSSL 15:117db924cf7c 8532 case TLSX_PSK_KEY_EXCHANGE_MODES:
wolfSSL 15:117db924cf7c 8533 WOLFSSL_MSG("PSK Key Exchange Modes extension to write");
wolfSSL 15:117db924cf7c 8534 offset += PKM_WRITE(extension->val, output + offset, msgType);
wolfSSL 15:117db924cf7c 8535 break;
wolfSSL 15:117db924cf7c 8536 #endif
wolfSSL 15:117db924cf7c 8537
wolfSSL 15:117db924cf7c 8538 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 8539 case TLSX_EARLY_DATA:
wolfSSL 15:117db924cf7c 8540 WOLFSSL_MSG("Early Data extension to write");
wolfSSL 15:117db924cf7c 8541 offset += EDI_WRITE(extension->val, output + offset, msgType);
wolfSSL 15:117db924cf7c 8542 break;
wolfSSL 15:117db924cf7c 8543 #endif
wolfSSL 15:117db924cf7c 8544
wolfSSL 15:117db924cf7c 8545 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 15:117db924cf7c 8546 case TLSX_POST_HANDSHAKE_AUTH:
wolfSSL 15:117db924cf7c 8547 WOLFSSL_MSG("Post-Handshake Authentication extension to write");
wolfSSL 15:117db924cf7c 8548 offset += PHA_WRITE(output + offset, msgType);
wolfSSL 15:117db924cf7c 8549 break;
wolfSSL 15:117db924cf7c 8550 #endif
wolfSSL 15:117db924cf7c 8551
wolfSSL 15:117db924cf7c 8552 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 8553 case TLSX_SIGNATURE_ALGORITHMS_CERT:
wolfSSL 15:117db924cf7c 8554 WOLFSSL_MSG("Signature Algorithms extension to write");
wolfSSL 15:117db924cf7c 8555 offset += SAC_WRITE(extension->data, output + offset);
wolfSSL 15:117db924cf7c 8556 break;
wolfSSL 15:117db924cf7c 8557 #endif
wolfSSL 15:117db924cf7c 8558
wolfSSL 15:117db924cf7c 8559 case TLSX_KEY_SHARE:
wolfSSL 15:117db924cf7c 8560 WOLFSSL_MSG("Key Share extension to write");
wolfSSL 15:117db924cf7c 8561 offset += KS_WRITE((KeyShareEntry*)extension->data,
wolfSSL 15:117db924cf7c 8562 output + offset, msgType);
wolfSSL 15:117db924cf7c 8563 break;
wolfSSL 15:117db924cf7c 8564 #endif
wolfSSL 15:117db924cf7c 8565 }
wolfSSL 15:117db924cf7c 8566
wolfSSL 15:117db924cf7c 8567 /* writes extension data length. */
wolfSSL 15:117db924cf7c 8568 c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN);
wolfSSL 15:117db924cf7c 8569
wolfSSL 15:117db924cf7c 8570 /* marks the extension as processed so ctx level */
wolfSSL 15:117db924cf7c 8571 /* extensions don't overlap with ssl level ones. */
wolfSSL 15:117db924cf7c 8572 TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
wolfSSL 15:117db924cf7c 8573 }
wolfSSL 15:117db924cf7c 8574
wolfSSL 15:117db924cf7c 8575 *pOffset += offset;
wolfSSL 15:117db924cf7c 8576
wolfSSL 15:117db924cf7c 8577 return ret;
wolfSSL 15:117db924cf7c 8578 }
wolfSSL 15:117db924cf7c 8579
wolfSSL 15:117db924cf7c 8580
wolfSSL 15:117db924cf7c 8581 #if defined(HAVE_NTRU) && defined(HAVE_QSH)
wolfSSL 15:117db924cf7c 8582
wolfSSL 15:117db924cf7c 8583 static word32 GetEntropy(unsigned char* out, word32 num_bytes)
wolfSSL 15:117db924cf7c 8584 {
wolfSSL 15:117db924cf7c 8585 int ret = 0;
wolfSSL 15:117db924cf7c 8586
wolfSSL 15:117db924cf7c 8587 if (gRng == NULL) {
wolfSSL 15:117db924cf7c 8588 if ((gRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL,
wolfSSL 15:117db924cf7c 8589 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 15:117db924cf7c 8590 return DRBG_OUT_OF_MEMORY;
wolfSSL 15:117db924cf7c 8591 wc_InitRng(gRng);
wolfSSL 15:117db924cf7c 8592 }
wolfSSL 15:117db924cf7c 8593
wolfSSL 15:117db924cf7c 8594 if (gRngMutex == NULL) {
wolfSSL 15:117db924cf7c 8595 if ((gRngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL,
wolfSSL 15:117db924cf7c 8596 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 15:117db924cf7c 8597 return DRBG_OUT_OF_MEMORY;
wolfSSL 15:117db924cf7c 8598 wc_InitMutex(gRngMutex);
wolfSSL 15:117db924cf7c 8599 }
wolfSSL 15:117db924cf7c 8600
wolfSSL 15:117db924cf7c 8601 ret |= wc_LockMutex(gRngMutex);
wolfSSL 15:117db924cf7c 8602 ret |= wc_RNG_GenerateBlock(gRng, out, num_bytes);
wolfSSL 15:117db924cf7c 8603 ret |= wc_UnLockMutex(gRngMutex);
wolfSSL 15:117db924cf7c 8604
wolfSSL 15:117db924cf7c 8605 if (ret != 0)
wolfSSL 15:117db924cf7c 8606 return DRBG_ENTROPY_FAIL;
wolfSSL 15:117db924cf7c 8607
wolfSSL 15:117db924cf7c 8608 return DRBG_OK;
wolfSSL 15:117db924cf7c 8609 }
wolfSSL 15:117db924cf7c 8610 #endif
wolfSSL 15:117db924cf7c 8611
wolfSSL 15:117db924cf7c 8612
wolfSSL 15:117db924cf7c 8613 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 8614 static int TLSX_CreateQSHKey(WOLFSSL* ssl, int type)
wolfSSL 15:117db924cf7c 8615 {
wolfSSL 15:117db924cf7c 8616 int ret;
wolfSSL 15:117db924cf7c 8617
wolfSSL 15:117db924cf7c 8618 (void)ssl;
wolfSSL 15:117db924cf7c 8619
wolfSSL 15:117db924cf7c 8620 switch (type) {
wolfSSL 15:117db924cf7c 8621 #ifdef HAVE_NTRU
wolfSSL 15:117db924cf7c 8622 case WOLFSSL_NTRU_EESS439:
wolfSSL 15:117db924cf7c 8623 case WOLFSSL_NTRU_EESS593:
wolfSSL 15:117db924cf7c 8624 case WOLFSSL_NTRU_EESS743:
wolfSSL 15:117db924cf7c 8625 ret = TLSX_CreateNtruKey(ssl, type);
wolfSSL 15:117db924cf7c 8626 break;
wolfSSL 15:117db924cf7c 8627 #endif
wolfSSL 15:117db924cf7c 8628 default:
wolfSSL 15:117db924cf7c 8629 WOLFSSL_MSG("Unknown type for creating NTRU key");
wolfSSL 15:117db924cf7c 8630 return -1;
wolfSSL 15:117db924cf7c 8631 }
wolfSSL 15:117db924cf7c 8632
wolfSSL 15:117db924cf7c 8633 return ret;
wolfSSL 15:117db924cf7c 8634 }
wolfSSL 15:117db924cf7c 8635
wolfSSL 15:117db924cf7c 8636
wolfSSL 15:117db924cf7c 8637 static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key)
wolfSSL 15:117db924cf7c 8638 {
wolfSSL 15:117db924cf7c 8639 QSHKey* current;
wolfSSL 15:117db924cf7c 8640
wolfSSL 15:117db924cf7c 8641 if (key == NULL)
wolfSSL 15:117db924cf7c 8642 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 8643
wolfSSL 15:117db924cf7c 8644 /* if no public key stored in key then do not add */
wolfSSL 15:117db924cf7c 8645 if (key->pub.length == 0 || key->pub.buffer == NULL)
wolfSSL 15:117db924cf7c 8646 return 0;
wolfSSL 15:117db924cf7c 8647
wolfSSL 15:117db924cf7c 8648 /* first element to be added to the list */
wolfSSL 15:117db924cf7c 8649 current = *list;
wolfSSL 15:117db924cf7c 8650 if (current == NULL) {
wolfSSL 15:117db924cf7c 8651 *list = key;
wolfSSL 15:117db924cf7c 8652 return 0;
wolfSSL 15:117db924cf7c 8653 }
wolfSSL 15:117db924cf7c 8654
wolfSSL 15:117db924cf7c 8655 while (current->next) {
wolfSSL 15:117db924cf7c 8656 /* can only have one of the key in the list */
wolfSSL 15:117db924cf7c 8657 if (current->name == key->name)
wolfSSL 15:117db924cf7c 8658 return -1;
wolfSSL 15:117db924cf7c 8659 current = (QSHKey*)current->next;
wolfSSL 15:117db924cf7c 8660 }
wolfSSL 15:117db924cf7c 8661
wolfSSL 15:117db924cf7c 8662 current->next = (struct QSHKey*)key;
wolfSSL 15:117db924cf7c 8663
wolfSSL 15:117db924cf7c 8664 return 0;
wolfSSL 15:117db924cf7c 8665 }
wolfSSL 15:117db924cf7c 8666
wolfSSL 15:117db924cf7c 8667
wolfSSL 15:117db924cf7c 8668 #if defined(HAVE_NTRU)
wolfSSL 15:117db924cf7c 8669 int TLSX_CreateNtruKey(WOLFSSL* ssl, int type)
wolfSSL 15:117db924cf7c 8670 {
wolfSSL 15:117db924cf7c 8671 int ret = -1;
wolfSSL 15:117db924cf7c 8672 int ntruType;
wolfSSL 15:117db924cf7c 8673
wolfSSL 15:117db924cf7c 8674 /* variable declarations for NTRU*/
wolfSSL 15:117db924cf7c 8675 QSHKey* temp = NULL;
wolfSSL 15:117db924cf7c 8676 byte public_key[1027];
wolfSSL 15:117db924cf7c 8677 word16 public_key_len = sizeof(public_key);
wolfSSL 15:117db924cf7c 8678 byte private_key[1120];
wolfSSL 15:117db924cf7c 8679 word16 private_key_len = sizeof(private_key);
wolfSSL 15:117db924cf7c 8680 DRBG_HANDLE drbg;
wolfSSL 15:117db924cf7c 8681
wolfSSL 15:117db924cf7c 8682 if (ssl == NULL)
wolfSSL 15:117db924cf7c 8683 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 8684
wolfSSL 15:117db924cf7c 8685 switch (type) {
wolfSSL 15:117db924cf7c 8686 case WOLFSSL_NTRU_EESS439:
wolfSSL 15:117db924cf7c 8687 ntruType = NTRU_EES439EP1;
wolfSSL 15:117db924cf7c 8688 break;
wolfSSL 15:117db924cf7c 8689 case WOLFSSL_NTRU_EESS593:
wolfSSL 15:117db924cf7c 8690 ntruType = NTRU_EES593EP1;
wolfSSL 15:117db924cf7c 8691 break;
wolfSSL 15:117db924cf7c 8692 case WOLFSSL_NTRU_EESS743:
wolfSSL 15:117db924cf7c 8693 ntruType = NTRU_EES743EP1;
wolfSSL 15:117db924cf7c 8694 break;
wolfSSL 15:117db924cf7c 8695 default:
wolfSSL 15:117db924cf7c 8696 WOLFSSL_MSG("Unknown type for creating NTRU key");
wolfSSL 15:117db924cf7c 8697 return -1;
wolfSSL 15:117db924cf7c 8698 }
wolfSSL 15:117db924cf7c 8699 ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 15:117db924cf7c 8700 if (ret != DRBG_OK) {
wolfSSL 15:117db924cf7c 8701 WOLFSSL_MSG("NTRU drbg instantiate failed\n");
wolfSSL 15:117db924cf7c 8702 return ret;
wolfSSL 15:117db924cf7c 8703 }
wolfSSL 15:117db924cf7c 8704
wolfSSL 15:117db924cf7c 8705 if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
wolfSSL 15:117db924cf7c 8706 &public_key_len, NULL, &private_key_len, NULL)) != NTRU_OK)
wolfSSL 15:117db924cf7c 8707 return ret;
wolfSSL 15:117db924cf7c 8708
wolfSSL 15:117db924cf7c 8709 if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
wolfSSL 15:117db924cf7c 8710 &public_key_len, public_key, &private_key_len, private_key)) != NTRU_OK)
wolfSSL 15:117db924cf7c 8711 return ret;
wolfSSL 15:117db924cf7c 8712
wolfSSL 15:117db924cf7c 8713 ret = ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 15:117db924cf7c 8714 if (ret != NTRU_OK) {
wolfSSL 15:117db924cf7c 8715 WOLFSSL_MSG("NTRU drbg uninstantiate failed\n");
wolfSSL 15:117db924cf7c 8716 return ret;
wolfSSL 15:117db924cf7c 8717 }
wolfSSL 15:117db924cf7c 8718
wolfSSL 15:117db924cf7c 8719 if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap,
wolfSSL 15:117db924cf7c 8720 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 15:117db924cf7c 8721 return MEMORY_E;
wolfSSL 15:117db924cf7c 8722 temp->name = type;
wolfSSL 15:117db924cf7c 8723 temp->pub.length = public_key_len;
wolfSSL 15:117db924cf7c 8724 temp->pub.buffer = (byte*)XMALLOC(public_key_len, ssl->heap,
wolfSSL 15:117db924cf7c 8725 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 8726 XMEMCPY(temp->pub.buffer, public_key, public_key_len);
wolfSSL 15:117db924cf7c 8727 temp->pri.length = private_key_len;
wolfSSL 15:117db924cf7c 8728 temp->pri.buffer = (byte*)XMALLOC(private_key_len, ssl->heap,
wolfSSL 15:117db924cf7c 8729 DYNAMIC_TYPE_ARRAYS);
wolfSSL 15:117db924cf7c 8730 XMEMCPY(temp->pri.buffer, private_key, private_key_len);
wolfSSL 15:117db924cf7c 8731 temp->next = NULL;
wolfSSL 15:117db924cf7c 8732
wolfSSL 15:117db924cf7c 8733 TLSX_AddQSHKey(&ssl->QSH_Key, temp);
wolfSSL 15:117db924cf7c 8734
wolfSSL 15:117db924cf7c 8735 (void)ssl;
wolfSSL 15:117db924cf7c 8736 (void)type;
wolfSSL 15:117db924cf7c 8737
wolfSSL 15:117db924cf7c 8738 return ret;
wolfSSL 15:117db924cf7c 8739 }
wolfSSL 15:117db924cf7c 8740 #endif
wolfSSL 15:117db924cf7c 8741
wolfSSL 15:117db924cf7c 8742
wolfSSL 15:117db924cf7c 8743 /*
wolfSSL 15:117db924cf7c 8744 Used to find a public key from the list of keys
wolfSSL 15:117db924cf7c 8745 pubLen length of array
wolfSSL 15:117db924cf7c 8746 name input the name of the scheme looking for ie WOLFSSL_NTRU_ESSXXX
wolfSSL 15:117db924cf7c 8747
wolfSSL 15:117db924cf7c 8748 returns a pointer to public key byte* or NULL if not found
wolfSSL 15:117db924cf7c 8749 */
wolfSSL 15:117db924cf7c 8750 static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name)
wolfSSL 15:117db924cf7c 8751 {
wolfSSL 15:117db924cf7c 8752 QSHKey* current = qsh;
wolfSSL 15:117db924cf7c 8753
wolfSSL 15:117db924cf7c 8754 if (qsh == NULL || pubLen == NULL)
wolfSSL 15:117db924cf7c 8755 return NULL;
wolfSSL 15:117db924cf7c 8756
wolfSSL 15:117db924cf7c 8757 *pubLen = 0;
wolfSSL 15:117db924cf7c 8758
wolfSSL 15:117db924cf7c 8759 while(current) {
wolfSSL 15:117db924cf7c 8760 if (current->name == name) {
wolfSSL 15:117db924cf7c 8761 *pubLen = current->pub.length;
wolfSSL 15:117db924cf7c 8762 return current->pub.buffer;
wolfSSL 15:117db924cf7c 8763 }
wolfSSL 15:117db924cf7c 8764 current = (QSHKey*)current->next;
wolfSSL 15:117db924cf7c 8765 }
wolfSSL 15:117db924cf7c 8766
wolfSSL 15:117db924cf7c 8767 return NULL;
wolfSSL 15:117db924cf7c 8768 }
wolfSSL 15:117db924cf7c 8769 #endif /* HAVE_QSH */
wolfSSL 15:117db924cf7c 8770
wolfSSL 15:117db924cf7c 8771 #if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 8772 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \
wolfSSL 15:117db924cf7c 8773 (defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && \
wolfSSL 15:117db924cf7c 8774 !defined(HAVE_CURVE25519) && defined(HAVE_SUPPORTED_CURVES)) || \
wolfSSL 15:117db924cf7c 8775 ((defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \
wolfSSL 15:117db924cf7c 8776 defined(HAVE_SUPPORTED_CURVES))
wolfSSL 15:117db924cf7c 8777
wolfSSL 15:117db924cf7c 8778 static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
wolfSSL 15:117db924cf7c 8779 {
wolfSSL 15:117db924cf7c 8780 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 8781 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 8782 int i;
wolfSSL 15:117db924cf7c 8783
wolfSSL 15:117db924cf7c 8784 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 8785 if (ssl->options.resuming && ssl->session.namedGroup != 0) {
wolfSSL 15:117db924cf7c 8786 return TLSX_UseSupportedCurve(extensions, ssl->session.namedGroup,
wolfSSL 15:117db924cf7c 8787 ssl->heap);
wolfSSL 15:117db924cf7c 8788 }
wolfSSL 15:117db924cf7c 8789 #endif
wolfSSL 15:117db924cf7c 8790
wolfSSL 15:117db924cf7c 8791 if (ssl->numGroups != 0) {
wolfSSL 15:117db924cf7c 8792 for (i = 0; i < ssl->numGroups; i++) {
wolfSSL 15:117db924cf7c 8793 ret = TLSX_UseSupportedCurve(extensions, ssl->group[i], ssl->heap);
wolfSSL 15:117db924cf7c 8794 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 8795 return ret;
wolfSSL 15:117db924cf7c 8796 }
wolfSSL 15:117db924cf7c 8797 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 8798 }
wolfSSL 15:117db924cf7c 8799 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 8800
wolfSSL 15:117db924cf7c 8801 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL 15:117db924cf7c 8802 #ifndef HAVE_FIPS
wolfSSL 15:117db924cf7c 8803 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 8804 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 8805 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8806 WOLFSSL_ECC_SECP160R1, ssl->heap);
wolfSSL 15:117db924cf7c 8807 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8808 #endif
wolfSSL 15:117db924cf7c 8809 #ifdef HAVE_ECC_SECPR2
wolfSSL 15:117db924cf7c 8810 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8811 WOLFSSL_ECC_SECP160R2, ssl->heap);
wolfSSL 15:117db924cf7c 8812 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8813 #endif
wolfSSL 15:117db924cf7c 8814 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 15:117db924cf7c 8815 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8816 WOLFSSL_ECC_SECP160K1, ssl->heap);
wolfSSL 15:117db924cf7c 8817 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8818 #endif
wolfSSL 15:117db924cf7c 8819 #endif
wolfSSL 15:117db924cf7c 8820 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 8821 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 8822 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8823 WOLFSSL_ECC_SECP192R1, ssl->heap);
wolfSSL 15:117db924cf7c 8824 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8825 #endif
wolfSSL 15:117db924cf7c 8826 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 15:117db924cf7c 8827 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8828 WOLFSSL_ECC_SECP192K1, ssl->heap);
wolfSSL 15:117db924cf7c 8829 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8830 #endif
wolfSSL 15:117db924cf7c 8831 #endif
wolfSSL 15:117db924cf7c 8832 #endif
wolfSSL 15:117db924cf7c 8833 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 8834 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 8835 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8836 WOLFSSL_ECC_SECP224R1, ssl->heap);
wolfSSL 15:117db924cf7c 8837 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8838 #endif
wolfSSL 15:117db924cf7c 8839 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 15:117db924cf7c 8840 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8841 WOLFSSL_ECC_SECP224K1, ssl->heap);
wolfSSL 15:117db924cf7c 8842 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8843 #endif
wolfSSL 15:117db924cf7c 8844 #endif
wolfSSL 15:117db924cf7c 8845 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 8846 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 8847 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8848 WOLFSSL_ECC_SECP256R1, ssl->heap);
wolfSSL 15:117db924cf7c 8849 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8850 #endif
wolfSSL 15:117db924cf7c 8851 #endif
wolfSSL 15:117db924cf7c 8852 #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */
wolfSSL 15:117db924cf7c 8853
wolfSSL 15:117db924cf7c 8854 #ifndef HAVE_FIPS
wolfSSL 15:117db924cf7c 8855 #if defined(HAVE_CURVE25519)
wolfSSL 15:117db924cf7c 8856 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8857 WOLFSSL_ECC_X25519, ssl->heap);
wolfSSL 15:117db924cf7c 8858 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8859 #endif
wolfSSL 15:117db924cf7c 8860 #endif /* HAVE_FIPS */
wolfSSL 15:117db924cf7c 8861
wolfSSL 15:117db924cf7c 8862 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL 15:117db924cf7c 8863 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 8864 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 15:117db924cf7c 8865 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8866 WOLFSSL_ECC_SECP256K1, ssl->heap);
wolfSSL 15:117db924cf7c 8867 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8868 #endif
wolfSSL 15:117db924cf7c 8869 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 15:117db924cf7c 8870 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8871 WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap);
wolfSSL 15:117db924cf7c 8872 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8873 #endif
wolfSSL 15:117db924cf7c 8874 #endif
wolfSSL 15:117db924cf7c 8875 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 8876 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 8877 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8878 WOLFSSL_ECC_SECP384R1, ssl->heap);
wolfSSL 15:117db924cf7c 8879 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8880 #endif
wolfSSL 15:117db924cf7c 8881 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 15:117db924cf7c 8882 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8883 WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap);
wolfSSL 15:117db924cf7c 8884 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8885 #endif
wolfSSL 15:117db924cf7c 8886 #endif
wolfSSL 15:117db924cf7c 8887 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 8888 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 15:117db924cf7c 8889 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8890 WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap);
wolfSSL 15:117db924cf7c 8891 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8892 #endif
wolfSSL 15:117db924cf7c 8893 #endif
wolfSSL 15:117db924cf7c 8894 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 8895 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 8896 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8897 WOLFSSL_ECC_SECP521R1, ssl->heap);
wolfSSL 15:117db924cf7c 8898 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 8899 #endif
wolfSSL 15:117db924cf7c 8900 #endif
wolfSSL 15:117db924cf7c 8901 #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */
wolfSSL 15:117db924cf7c 8902
wolfSSL 15:117db924cf7c 8903 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 8904 if (IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 8905 /* Add FFDHE supported groups. */
wolfSSL 15:117db924cf7c 8906 #ifdef HAVE_FFDHE_2048
wolfSSL 15:117db924cf7c 8907 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8908 WOLFSSL_FFDHE_2048, ssl->heap);
wolfSSL 15:117db924cf7c 8909 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 8910 return ret;
wolfSSL 15:117db924cf7c 8911 #endif
wolfSSL 15:117db924cf7c 8912 #ifdef HAVE_FFDHE_3072
wolfSSL 15:117db924cf7c 8913 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8914 WOLFSSL_FFDHE_3072, ssl->heap);
wolfSSL 15:117db924cf7c 8915 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 8916 return ret;
wolfSSL 15:117db924cf7c 8917 #endif
wolfSSL 15:117db924cf7c 8918 #ifdef HAVE_FFDHE_4096
wolfSSL 15:117db924cf7c 8919 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8920 WOLFSSL_FFDHE_4096, ssl->heap);
wolfSSL 15:117db924cf7c 8921 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 8922 return ret;
wolfSSL 15:117db924cf7c 8923 #endif
wolfSSL 15:117db924cf7c 8924 #ifdef HAVE_FFDHE_6144
wolfSSL 15:117db924cf7c 8925 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8926 WOLFSSL_FFDHE_6144, ssl->heap);
wolfSSL 15:117db924cf7c 8927 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 8928 return ret;
wolfSSL 15:117db924cf7c 8929 #endif
wolfSSL 15:117db924cf7c 8930 #ifdef HAVE_FFDHE_8192
wolfSSL 15:117db924cf7c 8931 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 8932 WOLFSSL_FFDHE_8192, ssl->heap);
wolfSSL 15:117db924cf7c 8933 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 8934 return ret;
wolfSSL 15:117db924cf7c 8935 #endif
wolfSSL 15:117db924cf7c 8936 }
wolfSSL 15:117db924cf7c 8937 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 8938
wolfSSL 15:117db924cf7c 8939 (void)ssl;
wolfSSL 15:117db924cf7c 8940 (void)extensions;
wolfSSL 15:117db924cf7c 8941
wolfSSL 15:117db924cf7c 8942 return ret;
wolfSSL 15:117db924cf7c 8943 }
wolfSSL 15:117db924cf7c 8944
wolfSSL 15:117db924cf7c 8945 #endif
wolfSSL 15:117db924cf7c 8946
wolfSSL 15:117db924cf7c 8947 int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
wolfSSL 15:117db924cf7c 8948 {
wolfSSL 15:117db924cf7c 8949 int ret = 0;
wolfSSL 15:117db924cf7c 8950 byte* public_key = NULL;
wolfSSL 15:117db924cf7c 8951 word16 public_key_len = 0;
wolfSSL 15:117db924cf7c 8952 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
wolfSSL 15:117db924cf7c 8953 int usingPSK = 0;
wolfSSL 15:117db924cf7c 8954 #endif
wolfSSL 15:117db924cf7c 8955 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 8956 TLSX* extension;
wolfSSL 15:117db924cf7c 8957 QSHScheme* qsh;
wolfSSL 15:117db924cf7c 8958 QSHScheme* next;
wolfSSL 15:117db924cf7c 8959
wolfSSL 15:117db924cf7c 8960 /* add supported QSHSchemes */
wolfSSL 15:117db924cf7c 8961 WOLFSSL_MSG("Adding supported QSH Schemes");
wolfSSL 15:117db924cf7c 8962 #endif
wolfSSL 15:117db924cf7c 8963
wolfSSL 15:117db924cf7c 8964 /* server will add extension depending on whats parsed from client */
wolfSSL 15:117db924cf7c 8965 if (!isServer) {
wolfSSL 15:117db924cf7c 8966 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 8967 /* test if user has set a specific scheme already */
wolfSSL 15:117db924cf7c 8968 if (!ssl->user_set_QSHSchemes) {
wolfSSL 15:117db924cf7c 8969 if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
wolfSSL 15:117db924cf7c 8970 if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS743)) != 0) {
wolfSSL 15:117db924cf7c 8971 WOLFSSL_MSG("Error creating ntru keys");
wolfSSL 15:117db924cf7c 8972 return ret;
wolfSSL 15:117db924cf7c 8973 }
wolfSSL 15:117db924cf7c 8974 if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS593)) != 0) {
wolfSSL 15:117db924cf7c 8975 WOLFSSL_MSG("Error creating ntru keys");
wolfSSL 15:117db924cf7c 8976 return ret;
wolfSSL 15:117db924cf7c 8977 }
wolfSSL 15:117db924cf7c 8978 if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS439)) != 0) {
wolfSSL 15:117db924cf7c 8979 WOLFSSL_MSG("Error creating ntru keys");
wolfSSL 15:117db924cf7c 8980 return ret;
wolfSSL 15:117db924cf7c 8981 }
wolfSSL 15:117db924cf7c 8982
wolfSSL 15:117db924cf7c 8983 /* add NTRU 256 */
wolfSSL 15:117db924cf7c 8984 public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL 15:117db924cf7c 8985 &public_key_len, WOLFSSL_NTRU_EESS743);
wolfSSL 15:117db924cf7c 8986 }
wolfSSL 15:117db924cf7c 8987 if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS743,
wolfSSL 15:117db924cf7c 8988 public_key, public_key_len, ssl->heap)
wolfSSL 15:117db924cf7c 8989 != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 8990 ret = -1;
wolfSSL 15:117db924cf7c 8991
wolfSSL 15:117db924cf7c 8992 /* add NTRU 196 */
wolfSSL 15:117db924cf7c 8993 if (ssl->sendQSHKeys) {
wolfSSL 15:117db924cf7c 8994 public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL 15:117db924cf7c 8995 &public_key_len, WOLFSSL_NTRU_EESS593);
wolfSSL 15:117db924cf7c 8996 }
wolfSSL 15:117db924cf7c 8997 if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS593,
wolfSSL 15:117db924cf7c 8998 public_key, public_key_len, ssl->heap)
wolfSSL 15:117db924cf7c 8999 != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 9000 ret = -1;
wolfSSL 15:117db924cf7c 9001
wolfSSL 15:117db924cf7c 9002 /* add NTRU 128 */
wolfSSL 15:117db924cf7c 9003 if (ssl->sendQSHKeys) {
wolfSSL 15:117db924cf7c 9004 public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL 15:117db924cf7c 9005 &public_key_len, WOLFSSL_NTRU_EESS439);
wolfSSL 15:117db924cf7c 9006 }
wolfSSL 15:117db924cf7c 9007 if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS439,
wolfSSL 15:117db924cf7c 9008 public_key, public_key_len, ssl->heap)
wolfSSL 15:117db924cf7c 9009 != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 9010 ret = -1;
wolfSSL 15:117db924cf7c 9011 }
wolfSSL 15:117db924cf7c 9012 else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
wolfSSL 15:117db924cf7c 9013 /* for each scheme make a client key */
wolfSSL 15:117db924cf7c 9014 extension = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 15:117db924cf7c 9015 if (extension) {
wolfSSL 15:117db924cf7c 9016 qsh = (QSHScheme*)extension->data;
wolfSSL 15:117db924cf7c 9017
wolfSSL 15:117db924cf7c 9018 while (qsh) {
wolfSSL 15:117db924cf7c 9019 if ((ret = TLSX_CreateQSHKey(ssl, qsh->name)) != 0)
wolfSSL 15:117db924cf7c 9020 return ret;
wolfSSL 15:117db924cf7c 9021
wolfSSL 15:117db924cf7c 9022 /* get next now because qsh could be freed */
wolfSSL 15:117db924cf7c 9023 next = qsh->next;
wolfSSL 15:117db924cf7c 9024
wolfSSL 15:117db924cf7c 9025 /* find the public key created and add to extension*/
wolfSSL 15:117db924cf7c 9026 public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL 15:117db924cf7c 9027 &public_key_len, qsh->name);
wolfSSL 15:117db924cf7c 9028 if (TLSX_UseQSHScheme(&ssl->extensions, qsh->name,
wolfSSL 15:117db924cf7c 9029 public_key, public_key_len,
wolfSSL 15:117db924cf7c 9030 ssl->heap) != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 9031 ret = -1;
wolfSSL 15:117db924cf7c 9032 qsh = next;
wolfSSL 15:117db924cf7c 9033 }
wolfSSL 15:117db924cf7c 9034 }
wolfSSL 15:117db924cf7c 9035 }
wolfSSL 15:117db924cf7c 9036 #endif
wolfSSL 15:117db924cf7c 9037
wolfSSL 15:117db924cf7c 9038 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \
wolfSSL 15:117db924cf7c 9039 defined(HAVE_SUPPORTED_CURVES)
wolfSSL 15:117db924cf7c 9040 if (!ssl->options.userCurves && !ssl->ctx->userCurves) {
wolfSSL 15:117db924cf7c 9041 if (TLSX_Find(ssl->ctx->extensions,
wolfSSL 15:117db924cf7c 9042 TLSX_SUPPORTED_GROUPS) == NULL) {
wolfSSL 15:117db924cf7c 9043 ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions);
wolfSSL 15:117db924cf7c 9044 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 9045 return ret;
wolfSSL 15:117db924cf7c 9046 if (!IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9047 TLSX_Find(ssl->ctx->extensions,
wolfSSL 15:117db924cf7c 9048 TLSX_EC_POINT_FORMATS) == NULL &&
wolfSSL 15:117db924cf7c 9049 TLSX_Find(ssl->extensions,
wolfSSL 15:117db924cf7c 9050 TLSX_EC_POINT_FORMATS) == NULL) {
wolfSSL 15:117db924cf7c 9051 ret = TLSX_UsePointFormat(&ssl->extensions,
wolfSSL 15:117db924cf7c 9052 WOLFSSL_EC_PF_UNCOMPRESSED,
wolfSSL 15:117db924cf7c 9053 ssl->heap);
wolfSSL 15:117db924cf7c 9054 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 9055 return ret;
wolfSSL 15:117db924cf7c 9056 }
wolfSSL 15:117db924cf7c 9057 }
wolfSSL 15:117db924cf7c 9058 else if (!IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9059 TLSX_Find(ssl->ctx->extensions,
wolfSSL 15:117db924cf7c 9060 TLSX_EC_POINT_FORMATS) == NULL) {
wolfSSL 15:117db924cf7c 9061 ret = TLSX_UsePointFormat(&ssl->ctx->extensions,
wolfSSL 15:117db924cf7c 9062 WOLFSSL_EC_PF_UNCOMPRESSED,
wolfSSL 15:117db924cf7c 9063 ssl->heap);
wolfSSL 15:117db924cf7c 9064 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 9065 return ret;
wolfSSL 15:117db924cf7c 9066 }
wolfSSL 15:117db924cf7c 9067 }
wolfSSL 15:117db924cf7c 9068 #endif /* (HAVE_ECC || HAVE_CURVE25519) && HAVE_SUPPORTED_CURVES */
wolfSSL 15:117db924cf7c 9069 } /* is not server */
wolfSSL 15:117db924cf7c 9070
wolfSSL 15:117db924cf7c 9071 WOLFSSL_MSG("Adding signature algorithms extension");
wolfSSL 15:117db924cf7c 9072 if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, ssl, ssl->heap))
wolfSSL 15:117db924cf7c 9073 != 0) {
wolfSSL 15:117db924cf7c 9074 return ret;
wolfSSL 15:117db924cf7c 9075 }
wolfSSL 15:117db924cf7c 9076
wolfSSL 15:117db924cf7c 9077 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9078 if (!isServer && IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 9079 /* Add mandatory TLS v1.3 extension: supported version */
wolfSSL 15:117db924cf7c 9080 WOLFSSL_MSG("Adding supported versions extension");
wolfSSL 15:117db924cf7c 9081 if ((ret = TLSX_SetSupportedVersions(&ssl->extensions, ssl,
wolfSSL 15:117db924cf7c 9082 ssl->heap)) != 0) {
wolfSSL 15:117db924cf7c 9083 return ret;
wolfSSL 15:117db924cf7c 9084 }
wolfSSL 15:117db924cf7c 9085
wolfSSL 15:117db924cf7c 9086 #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && \
wolfSSL 15:117db924cf7c 9087 defined(HAVE_SUPPORTED_CURVES)
wolfSSL 15:117db924cf7c 9088 if (TLSX_Find(ssl->ctx->extensions, TLSX_SUPPORTED_GROUPS) == NULL) {
wolfSSL 15:117db924cf7c 9089 /* Put in DH groups for TLS 1.3 only. */
wolfSSL 15:117db924cf7c 9090 ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions);
wolfSSL 15:117db924cf7c 9091 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 9092 return ret;
wolfSSL 15:117db924cf7c 9093 ret = 0;
wolfSSL 15:117db924cf7c 9094 }
wolfSSL 15:117db924cf7c 9095 #endif /* !HAVE_ECC && !HAVE_CURVE25519 && HAVE_SUPPORTED_CURVES */
wolfSSL 15:117db924cf7c 9096
wolfSSL 15:117db924cf7c 9097 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 9098 if (ssl->certHashSigAlgoSz > 0) {
wolfSSL 15:117db924cf7c 9099 WOLFSSL_MSG("Adding signature algorithms cert extension");
wolfSSL 15:117db924cf7c 9100 if ((ret = TLSX_SetSignatureAlgorithmsCert(&ssl->extensions,
wolfSSL 15:117db924cf7c 9101 ssl, ssl->heap)) != 0) {
wolfSSL 15:117db924cf7c 9102 return ret;
wolfSSL 15:117db924cf7c 9103 }
wolfSSL 15:117db924cf7c 9104 }
wolfSSL 15:117db924cf7c 9105 #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */
wolfSSL 15:117db924cf7c 9106
wolfSSL 15:117db924cf7c 9107 if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) {
wolfSSL 15:117db924cf7c 9108 word16 namedGroup;
wolfSSL 15:117db924cf7c 9109
wolfSSL 15:117db924cf7c 9110 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9111 if (ssl->options.resuming && ssl->session.namedGroup != 0)
wolfSSL 15:117db924cf7c 9112 namedGroup = ssl->session.namedGroup;
wolfSSL 15:117db924cf7c 9113 else
wolfSSL 15:117db924cf7c 9114 #endif
wolfSSL 15:117db924cf7c 9115 {
wolfSSL 15:117db924cf7c 9116 #if defined(HAVE_ECC) && (!defined(NO_ECC256) || \
wolfSSL 15:117db924cf7c 9117 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP)
wolfSSL 15:117db924cf7c 9118 namedGroup = WOLFSSL_ECC_SECP256R1;
wolfSSL 15:117db924cf7c 9119 #elif defined(HAVE_CURVE25519)
wolfSSL 15:117db924cf7c 9120 namedGroup = WOLFSSL_ECC_X25519;
wolfSSL 15:117db924cf7c 9121 #elif defined(HAVE_ECC) && (!defined(NO_ECC384) || \
wolfSSL 15:117db924cf7c 9122 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP)
wolfSSL 15:117db924cf7c 9123 namedGroup = WOLFSSL_ECC_SECP384R1;
wolfSSL 15:117db924cf7c 9124 #elif defined(HAVE_ECC) && (!defined(NO_ECC521) || \
wolfSSL 15:117db924cf7c 9125 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP)
wolfSSL 15:117db924cf7c 9126 namedGroup = WOLFSSL_ECC_SECP521R1;
wolfSSL 15:117db924cf7c 9127 #elif defined(HAVE_FFDHE_2048)
wolfSSL 15:117db924cf7c 9128 namedGroup = WOLFSSL_FFDHE_2048;
wolfSSL 15:117db924cf7c 9129 #elif defined(HAVE_FFDHE_3072)
wolfSSL 15:117db924cf7c 9130 namedGroup = WOLFSSL_FFDHE_3072;
wolfSSL 15:117db924cf7c 9131 #elif defined(HAVE_FFDHE_4096)
wolfSSL 15:117db924cf7c 9132 namedGroup = WOLFSSL_FFDHE_4096;
wolfSSL 15:117db924cf7c 9133 #elif defined(HAVE_FFDHE_6144)
wolfSSL 15:117db924cf7c 9134 namedGroup = WOLFSSL_FFDHE_6144;
wolfSSL 15:117db924cf7c 9135 #elif defined(HAVE_FFDHE_8192)
wolfSSL 15:117db924cf7c 9136 namedGroup = WOLFSSL_FFDHE_8192;
wolfSSL 15:117db924cf7c 9137 #else
wolfSSL 15:117db924cf7c 9138 return KEY_SHARE_ERROR;
wolfSSL 15:117db924cf7c 9139 #endif
wolfSSL 15:117db924cf7c 9140 }
wolfSSL 15:117db924cf7c 9141 ret = TLSX_KeyShare_Use(ssl, namedGroup, 0, NULL, NULL);
wolfSSL 15:117db924cf7c 9142 if (ret != 0)
wolfSSL 15:117db924cf7c 9143 return ret;
wolfSSL 15:117db924cf7c 9144 }
wolfSSL 15:117db924cf7c 9145
wolfSSL 15:117db924cf7c 9146 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9147 TLSX_Remove(&ssl->extensions, TLSX_PRE_SHARED_KEY, ssl->heap);
wolfSSL 15:117db924cf7c 9148 #endif
wolfSSL 15:117db924cf7c 9149 #if defined(HAVE_SESSION_TICKET)
wolfSSL 15:117db924cf7c 9150 if (ssl->options.resuming && ssl->session.ticketLen > 0) {
wolfSSL 15:117db924cf7c 9151 WOLFSSL_SESSION* sess = &ssl->session;
wolfSSL 15:117db924cf7c 9152 word32 milli;
wolfSSL 15:117db924cf7c 9153
wolfSSL 15:117db924cf7c 9154 /* Determine the MAC algorithm for the cipher suite used. */
wolfSSL 15:117db924cf7c 9155 ssl->options.cipherSuite0 = sess->cipherSuite0;
wolfSSL 15:117db924cf7c 9156 ssl->options.cipherSuite = sess->cipherSuite;
wolfSSL 15:117db924cf7c 9157 ret = SetCipherSpecs(ssl);
wolfSSL 15:117db924cf7c 9158 if (ret != 0)
wolfSSL 15:117db924cf7c 9159 return ret;
wolfSSL 15:117db924cf7c 9160 milli = TimeNowInMilliseconds() - sess->ticketSeen +
wolfSSL 15:117db924cf7c 9161 sess->ticketAdd;
wolfSSL 15:117db924cf7c 9162 /* Pre-shared key is mandatory extension for resumption. */
wolfSSL 15:117db924cf7c 9163 ret = TLSX_PreSharedKey_Use(ssl, sess->ticket, sess->ticketLen,
wolfSSL 15:117db924cf7c 9164 milli, ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 9165 ssl->options.cipherSuite0,
wolfSSL 15:117db924cf7c 9166 ssl->options.cipherSuite, 1,
wolfSSL 15:117db924cf7c 9167 NULL);
wolfSSL 15:117db924cf7c 9168 if (ret != 0)
wolfSSL 15:117db924cf7c 9169 return ret;
wolfSSL 15:117db924cf7c 9170
wolfSSL 15:117db924cf7c 9171 usingPSK = 1;
wolfSSL 15:117db924cf7c 9172 }
wolfSSL 15:117db924cf7c 9173 #endif
wolfSSL 15:117db924cf7c 9174 #ifndef NO_PSK
wolfSSL 15:117db924cf7c 9175 if (ssl->options.client_psk_cb != NULL) {
wolfSSL 15:117db924cf7c 9176 /* Default ciphersuite. */
wolfSSL 15:117db924cf7c 9177 byte cipherSuite0 = TLS13_BYTE;
wolfSSL 15:117db924cf7c 9178 byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
wolfSSL 15:117db924cf7c 9179
wolfSSL 15:117db924cf7c 9180 ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL 15:117db924cf7c 9181 ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL 15:117db924cf7c 9182 MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL 15:117db924cf7c 9183 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 15:117db924cf7c 9184 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 15:117db924cf7c 9185 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 9186 }
wolfSSL 15:117db924cf7c 9187 ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
wolfSSL 15:117db924cf7c 9188 /* TODO: Callback should be able to change ciphersuite. */
wolfSSL 15:117db924cf7c 9189 ssl->options.cipherSuite0 = cipherSuite0;
wolfSSL 15:117db924cf7c 9190 ssl->options.cipherSuite = cipherSuite;
wolfSSL 15:117db924cf7c 9191 ret = SetCipherSpecs(ssl);
wolfSSL 15:117db924cf7c 9192 if (ret != 0)
wolfSSL 15:117db924cf7c 9193 return ret;
wolfSSL 15:117db924cf7c 9194
wolfSSL 15:117db924cf7c 9195 ret = TLSX_PreSharedKey_Use(ssl,
wolfSSL 15:117db924cf7c 9196 (byte*)ssl->arrays->client_identity,
wolfSSL 15:117db924cf7c 9197 (word16)XSTRLEN(ssl->arrays->client_identity),
wolfSSL 15:117db924cf7c 9198 0, ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 9199 cipherSuite0, cipherSuite, 0,
wolfSSL 15:117db924cf7c 9200 NULL);
wolfSSL 15:117db924cf7c 9201 if (ret != 0)
wolfSSL 15:117db924cf7c 9202 return ret;
wolfSSL 15:117db924cf7c 9203
wolfSSL 15:117db924cf7c 9204 usingPSK = 1;
wolfSSL 15:117db924cf7c 9205 }
wolfSSL 15:117db924cf7c 9206 #endif
wolfSSL 15:117db924cf7c 9207 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9208 if (usingPSK) {
wolfSSL 15:117db924cf7c 9209 byte modes;
wolfSSL 15:117db924cf7c 9210
wolfSSL 15:117db924cf7c 9211 /* Pre-shared key modes: mandatory extension for resumption. */
wolfSSL 15:117db924cf7c 9212 modes = 1 << PSK_KE;
wolfSSL 15:117db924cf7c 9213 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_CURVE25519)
wolfSSL 15:117db924cf7c 9214 if (!ssl->options.noPskDheKe)
wolfSSL 15:117db924cf7c 9215 modes |= 1 << PSK_DHE_KE;
wolfSSL 15:117db924cf7c 9216 #endif
wolfSSL 15:117db924cf7c 9217 ret = TLSX_PskKeModes_Use(ssl, modes);
wolfSSL 15:117db924cf7c 9218 if (ret != 0)
wolfSSL 15:117db924cf7c 9219 return ret;
wolfSSL 15:117db924cf7c 9220 }
wolfSSL 15:117db924cf7c 9221 #endif
wolfSSL 15:117db924cf7c 9222 #if defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL 15:117db924cf7c 9223 if (!isServer && ssl->options.postHandshakeAuth) {
wolfSSL 15:117db924cf7c 9224 ret = TLSX_PostHandAuth_Use(ssl);
wolfSSL 15:117db924cf7c 9225 if (ret != 0)
wolfSSL 15:117db924cf7c 9226 return ret;
wolfSSL 15:117db924cf7c 9227 }
wolfSSL 15:117db924cf7c 9228 #endif
wolfSSL 15:117db924cf7c 9229 }
wolfSSL 15:117db924cf7c 9230
wolfSSL 15:117db924cf7c 9231 #endif
wolfSSL 15:117db924cf7c 9232
wolfSSL 15:117db924cf7c 9233 (void)isServer;
wolfSSL 15:117db924cf7c 9234 (void)public_key;
wolfSSL 15:117db924cf7c 9235 (void)public_key_len;
wolfSSL 15:117db924cf7c 9236 (void)ssl;
wolfSSL 15:117db924cf7c 9237
wolfSSL 15:117db924cf7c 9238 return ret;
wolfSSL 15:117db924cf7c 9239 }
wolfSSL 15:117db924cf7c 9240
wolfSSL 15:117db924cf7c 9241
wolfSSL 15:117db924cf7c 9242 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
wolfSSL 15:117db924cf7c 9243
wolfSSL 15:117db924cf7c 9244 /** Tells the buffered size of extensions to be sent into the client hello. */
wolfSSL 15:117db924cf7c 9245 int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
wolfSSL 15:117db924cf7c 9246 {
wolfSSL 15:117db924cf7c 9247 int ret = 0;
wolfSSL 15:117db924cf7c 9248 word16 length = 0;
wolfSSL 15:117db924cf7c 9249 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 15:117db924cf7c 9250
wolfSSL 15:117db924cf7c 9251 if (!TLSX_SupportExtensions(ssl))
wolfSSL 15:117db924cf7c 9252 return 0;
wolfSSL 15:117db924cf7c 9253 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 9254 EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 15:117db924cf7c 9255 PF_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 15:117db924cf7c 9256 QSH_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 15:117db924cf7c 9257 WOLF_STK_VALIDATE_REQUEST(ssl);
wolfSSL 15:117db924cf7c 9258 if (ssl->suites->hashSigAlgoSz == 0)
wolfSSL 15:117db924cf7c 9259 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
wolfSSL 15:117db924cf7c 9260 #if defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 9261 if (!IsAtLeastTLSv1_2(ssl))
wolfSSL 15:117db924cf7c 9262 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 9263 if (!IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 9264 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9265 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9266 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 9267 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
wolfSSL 15:117db924cf7c 9268 #endif
wolfSSL 15:117db924cf7c 9269 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 9270 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));
wolfSSL 15:117db924cf7c 9271 #endif
wolfSSL 15:117db924cf7c 9272 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
wolfSSL 15:117db924cf7c 9273 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 15:117db924cf7c 9274 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH));
wolfSSL 15:117db924cf7c 9275 #endif
wolfSSL 15:117db924cf7c 9276 }
wolfSSL 15:117db924cf7c 9277 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9278 if (IsAtLeastTLSv1_3(ssl->version) && ssl->options.noPskDheKe) {
wolfSSL 15:117db924cf7c 9279 #if !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9280 if (ssl->options.havePSK)
wolfSSL 15:117db924cf7c 9281 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9282 #endif
wolfSSL 15:117db924cf7c 9283 #if defined(HAVE_SESSION_TICKET)
wolfSSL 15:117db924cf7c 9284 if (ssl->options.resuming)
wolfSSL 15:117db924cf7c 9285 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9286 #endif
wolfSSL 15:117db924cf7c 9287 }
wolfSSL 15:117db924cf7c 9288 #endif
wolfSSL 15:117db924cf7c 9289 #endif
wolfSSL 15:117db924cf7c 9290 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 15:117db924cf7c 9291 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 15:117db924cf7c 9292 if (!ssl->ctx->cm->ocspStaplingEnabled) {
wolfSSL 15:117db924cf7c 9293 /* mark already sent, so it won't send it */
wolfSSL 15:117db924cf7c 9294 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
wolfSSL 15:117db924cf7c 9295 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2));
wolfSSL 15:117db924cf7c 9296 }
wolfSSL 15:117db924cf7c 9297 #endif
wolfSSL 15:117db924cf7c 9298 }
wolfSSL 15:117db924cf7c 9299 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9300 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 9301 else if (msgType == certificate_request) {
wolfSSL 15:117db924cf7c 9302 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 9303 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
wolfSSL 15:117db924cf7c 9304 /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP,
wolfSSL 15:117db924cf7c 9305 * TLSX_CERTIFICATE_AUTHORITIES, OID_FILTERS
wolfSSL 15:117db924cf7c 9306 * TLSX_STATUS_REQUEST
wolfSSL 15:117db924cf7c 9307 */
wolfSSL 15:117db924cf7c 9308 }
wolfSSL 15:117db924cf7c 9309 #endif
wolfSSL 15:117db924cf7c 9310 #endif
wolfSSL 15:117db924cf7c 9311
wolfSSL 15:117db924cf7c 9312 if (ssl->extensions)
wolfSSL 15:117db924cf7c 9313 ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length);
wolfSSL 15:117db924cf7c 9314 if (ssl->ctx && ssl->ctx->extensions)
wolfSSL 15:117db924cf7c 9315 ret = TLSX_GetSize(ssl->ctx->extensions, semaphore, msgType, &length);
wolfSSL 15:117db924cf7c 9316
wolfSSL 15:117db924cf7c 9317 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 9318 if (msgType == client_hello && ssl->options.haveEMS &&
wolfSSL 15:117db924cf7c 9319 !IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 9320 length += HELLO_EXT_SZ;
wolfSSL 15:117db924cf7c 9321 }
wolfSSL 15:117db924cf7c 9322 #endif
wolfSSL 15:117db924cf7c 9323
wolfSSL 15:117db924cf7c 9324 if (length)
wolfSSL 15:117db924cf7c 9325 length += OPAQUE16_LEN; /* for total length storage. */
wolfSSL 15:117db924cf7c 9326
wolfSSL 15:117db924cf7c 9327 *pLength += length;
wolfSSL 15:117db924cf7c 9328
wolfSSL 15:117db924cf7c 9329 return ret;
wolfSSL 15:117db924cf7c 9330 }
wolfSSL 15:117db924cf7c 9331
wolfSSL 15:117db924cf7c 9332 /** Writes the extensions to be sent into the client hello. */
wolfSSL 15:117db924cf7c 9333 int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
wolfSSL 15:117db924cf7c 9334 {
wolfSSL 15:117db924cf7c 9335 int ret = 0;
wolfSSL 15:117db924cf7c 9336 word16 offset = 0;
wolfSSL 15:117db924cf7c 9337 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 15:117db924cf7c 9338
wolfSSL 15:117db924cf7c 9339 if (!TLSX_SupportExtensions(ssl) || output == NULL)
wolfSSL 15:117db924cf7c 9340 return 0;
wolfSSL 15:117db924cf7c 9341
wolfSSL 15:117db924cf7c 9342 offset += OPAQUE16_LEN; /* extensions length */
wolfSSL 15:117db924cf7c 9343
wolfSSL 15:117db924cf7c 9344 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 9345 EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 15:117db924cf7c 9346 PF_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 15:117db924cf7c 9347 WOLF_STK_VALIDATE_REQUEST(ssl);
wolfSSL 15:117db924cf7c 9348 QSH_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 15:117db924cf7c 9349 if (ssl->suites->hashSigAlgoSz == 0)
wolfSSL 15:117db924cf7c 9350 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
wolfSSL 15:117db924cf7c 9351 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9352 if (!IsAtLeastTLSv1_2(ssl))
wolfSSL 15:117db924cf7c 9353 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 9354 if (!IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 9355 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9356 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9357 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
wolfSSL 15:117db924cf7c 9358 #endif
wolfSSL 15:117db924cf7c 9359 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 9360 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));
wolfSSL 15:117db924cf7c 9361 #endif
wolfSSL 15:117db924cf7c 9362 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
wolfSSL 15:117db924cf7c 9363 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 15:117db924cf7c 9364 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH));
wolfSSL 15:117db924cf7c 9365 #endif
wolfSSL 15:117db924cf7c 9366 }
wolfSSL 15:117db924cf7c 9367 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9368 if (IsAtLeastTLSv1_3(ssl->version) && ssl->options.noPskDheKe) {
wolfSSL 15:117db924cf7c 9369 #if !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9370 if (ssl->options.havePSK)
wolfSSL 15:117db924cf7c 9371 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9372 #endif
wolfSSL 15:117db924cf7c 9373 #if defined(HAVE_SESSION_TICKET)
wolfSSL 15:117db924cf7c 9374 if (ssl->options.resuming)
wolfSSL 15:117db924cf7c 9375 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9376 #endif
wolfSSL 15:117db924cf7c 9377 }
wolfSSL 15:117db924cf7c 9378 #endif
wolfSSL 15:117db924cf7c 9379 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9380 /* Must write Pre-shared Key extension at the end in TLS v1.3.
wolfSSL 15:117db924cf7c 9381 * Must not write out Pre-shared Key extension in earlier versions of
wolfSSL 15:117db924cf7c 9382 * protocol.
wolfSSL 15:117db924cf7c 9383 */
wolfSSL 15:117db924cf7c 9384 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 9385 #endif
wolfSSL 15:117db924cf7c 9386 #endif
wolfSSL 15:117db924cf7c 9387 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 15:117db924cf7c 9388 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 15:117db924cf7c 9389 /* mark already sent, so it won't send it */
wolfSSL 15:117db924cf7c 9390 if (!ssl->ctx->cm->ocspStaplingEnabled) {
wolfSSL 15:117db924cf7c 9391 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
wolfSSL 15:117db924cf7c 9392 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2));
wolfSSL 15:117db924cf7c 9393 }
wolfSSL 15:117db924cf7c 9394 #endif
wolfSSL 15:117db924cf7c 9395 }
wolfSSL 15:117db924cf7c 9396 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9397 #ifndef NO_CERT
wolfSSL 15:117db924cf7c 9398 else if (msgType == certificate_request) {
wolfSSL 15:117db924cf7c 9399 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 9400 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
wolfSSL 15:117db924cf7c 9401 /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP,
wolfSSL 15:117db924cf7c 9402 * TLSX_CERTIFICATE_AUTHORITIES, TLSX_OID_FILTERS
wolfSSL 15:117db924cf7c 9403 * TLSX_STATUS_REQUEST
wolfSSL 15:117db924cf7c 9404 */
wolfSSL 15:117db924cf7c 9405 }
wolfSSL 15:117db924cf7c 9406 #endif
wolfSSL 15:117db924cf7c 9407 #endif
wolfSSL 15:117db924cf7c 9408
wolfSSL 15:117db924cf7c 9409 if (ssl->extensions) {
wolfSSL 15:117db924cf7c 9410 ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
wolfSSL 15:117db924cf7c 9411 msgType, &offset);
wolfSSL 15:117db924cf7c 9412 }
wolfSSL 15:117db924cf7c 9413 if (ssl->ctx && ssl->ctx->extensions) {
wolfSSL 15:117db924cf7c 9414 ret = TLSX_Write(ssl->ctx->extensions, output + offset, semaphore,
wolfSSL 15:117db924cf7c 9415 msgType, &offset);
wolfSSL 15:117db924cf7c 9416 }
wolfSSL 15:117db924cf7c 9417
wolfSSL 15:117db924cf7c 9418 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 9419 if (msgType == client_hello && ssl->options.haveEMS &&
wolfSSL 15:117db924cf7c 9420 !IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 9421 c16toa(HELLO_EXT_EXTMS, output + offset);
wolfSSL 15:117db924cf7c 9422 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 15:117db924cf7c 9423 c16toa(0, output + offset);
wolfSSL 15:117db924cf7c 9424 offset += HELLO_EXT_SZ_SZ;
wolfSSL 15:117db924cf7c 9425 }
wolfSSL 15:117db924cf7c 9426 #endif
wolfSSL 15:117db924cf7c 9427
wolfSSL 15:117db924cf7c 9428 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9429 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9430 if (msgType == client_hello && IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 9431 /* Write out what we can of Pre-shared key extension. */
wolfSSL 15:117db924cf7c 9432 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 9433 ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
wolfSSL 15:117db924cf7c 9434 client_hello, &offset);
wolfSSL 15:117db924cf7c 9435 }
wolfSSL 15:117db924cf7c 9436 #endif
wolfSSL 15:117db924cf7c 9437 #endif
wolfSSL 15:117db924cf7c 9438
wolfSSL 15:117db924cf7c 9439 if (offset > OPAQUE16_LEN || msgType != client_hello)
wolfSSL 15:117db924cf7c 9440 c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL 15:117db924cf7c 9441
wolfSSL 15:117db924cf7c 9442 *pOffset += offset;
wolfSSL 15:117db924cf7c 9443
wolfSSL 15:117db924cf7c 9444 return ret;
wolfSSL 15:117db924cf7c 9445 }
wolfSSL 15:117db924cf7c 9446
wolfSSL 15:117db924cf7c 9447 #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 9448
wolfSSL 15:117db924cf7c 9449 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 9450
wolfSSL 15:117db924cf7c 9451 /** Tells the buffered size of extensions to be sent into the server hello. */
wolfSSL 15:117db924cf7c 9452 int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
wolfSSL 15:117db924cf7c 9453 {
wolfSSL 15:117db924cf7c 9454 int ret = 0;
wolfSSL 15:117db924cf7c 9455 word16 length = 0;
wolfSSL 15:117db924cf7c 9456 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 15:117db924cf7c 9457
wolfSSL 15:117db924cf7c 9458 switch (msgType) {
wolfSSL 15:117db924cf7c 9459 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 9460 case server_hello:
wolfSSL 15:117db924cf7c 9461 PF_VALIDATE_RESPONSE(ssl, semaphore);
wolfSSL 15:117db924cf7c 9462 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9463 if (ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 9464 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 9465 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 9466 TURN_OFF(semaphore,
wolfSSL 15:117db924cf7c 9467 TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 9468 #endif
wolfSSL 15:117db924cf7c 9469 if (!ssl->options.noPskDheKe)
wolfSSL 15:117db924cf7c 9470 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9471 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9472 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 9473 #endif
wolfSSL 15:117db924cf7c 9474 }
wolfSSL 15:117db924cf7c 9475 else {
wolfSSL 15:117db924cf7c 9476 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9477 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9478 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 9479 #endif
wolfSSL 15:117db924cf7c 9480 }
wolfSSL 15:117db924cf7c 9481 #endif
wolfSSL 15:117db924cf7c 9482 break;
wolfSSL 15:117db924cf7c 9483
wolfSSL 15:117db924cf7c 9484 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9485 case hello_retry_request:
wolfSSL 15:117db924cf7c 9486 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 9487 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 9488 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 9489 #endif
wolfSSL 15:117db924cf7c 9490 if (!ssl->options.noPskDheKe)
wolfSSL 15:117db924cf7c 9491 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9492 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
wolfSSL 15:117db924cf7c 9493 break;
wolfSSL 15:117db924cf7c 9494 #endif
wolfSSL 15:117db924cf7c 9495
wolfSSL 15:117db924cf7c 9496 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9497 case encrypted_extensions:
wolfSSL 15:117db924cf7c 9498 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
wolfSSL 15:117db924cf7c 9499 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 9500 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
wolfSSL 15:117db924cf7c 9501 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9502 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9503 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 9504 #endif
wolfSSL 15:117db924cf7c 9505 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 15:117db924cf7c 9506 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
wolfSSL 15:117db924cf7c 9507 #endif
wolfSSL 15:117db924cf7c 9508 break;
wolfSSL 15:117db924cf7c 9509
wolfSSL 15:117db924cf7c 9510 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 9511 case session_ticket:
wolfSSL 15:117db924cf7c 9512 if (ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 9513 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 9514 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));
wolfSSL 15:117db924cf7c 9515 }
wolfSSL 15:117db924cf7c 9516 break;
wolfSSL 15:117db924cf7c 9517 #endif
wolfSSL 15:117db924cf7c 9518 #endif
wolfSSL 15:117db924cf7c 9519 #endif
wolfSSL 15:117db924cf7c 9520
wolfSSL 15:117db924cf7c 9521 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9522 #ifndef NO_CERT
wolfSSL 15:117db924cf7c 9523 case certificate:
wolfSSL 15:117db924cf7c 9524 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 9525 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
wolfSSL 15:117db924cf7c 9526 /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP,
wolfSSL 15:117db924cf7c 9527 * TLSX_SERVER_CERTIFICATE_TYPE
wolfSSL 15:117db924cf7c 9528 */
wolfSSL 15:117db924cf7c 9529 break;
wolfSSL 15:117db924cf7c 9530 #endif
wolfSSL 15:117db924cf7c 9531 #endif
wolfSSL 15:117db924cf7c 9532 }
wolfSSL 15:117db924cf7c 9533
wolfSSL 15:117db924cf7c 9534 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 9535 /* change response if not using TLS_QSH */
wolfSSL 15:117db924cf7c 9536 if (!ssl->options.haveQSH) {
wolfSSL 15:117db924cf7c 9537 TLSX* ext = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 15:117db924cf7c 9538 if (ext)
wolfSSL 15:117db924cf7c 9539 ext->resp = 0;
wolfSSL 15:117db924cf7c 9540 }
wolfSSL 15:117db924cf7c 9541 #endif
wolfSSL 15:117db924cf7c 9542
wolfSSL 15:117db924cf7c 9543 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 9544 if (ssl->options.haveEMS && msgType == server_hello)
wolfSSL 15:117db924cf7c 9545 length += HELLO_EXT_SZ;
wolfSSL 15:117db924cf7c 9546 #endif
wolfSSL 15:117db924cf7c 9547
wolfSSL 15:117db924cf7c 9548 if (TLSX_SupportExtensions(ssl))
wolfSSL 15:117db924cf7c 9549 ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length);
wolfSSL 15:117db924cf7c 9550
wolfSSL 15:117db924cf7c 9551 /* All the response data is set at the ssl object only, so no ctx here. */
wolfSSL 15:117db924cf7c 9552
wolfSSL 15:117db924cf7c 9553 if (length || msgType != server_hello)
wolfSSL 15:117db924cf7c 9554 length += OPAQUE16_LEN; /* for total length storage. */
wolfSSL 15:117db924cf7c 9555
wolfSSL 15:117db924cf7c 9556 *pLength += length;
wolfSSL 15:117db924cf7c 9557
wolfSSL 15:117db924cf7c 9558 return ret;
wolfSSL 15:117db924cf7c 9559 }
wolfSSL 15:117db924cf7c 9560
wolfSSL 15:117db924cf7c 9561 /** Writes the server hello extensions into a buffer. */
wolfSSL 15:117db924cf7c 9562 int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset)
wolfSSL 15:117db924cf7c 9563 {
wolfSSL 15:117db924cf7c 9564 int ret = 0;
wolfSSL 15:117db924cf7c 9565 word16 offset = 0;
wolfSSL 15:117db924cf7c 9566
wolfSSL 15:117db924cf7c 9567 if (TLSX_SupportExtensions(ssl) && output) {
wolfSSL 15:117db924cf7c 9568 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 15:117db924cf7c 9569
wolfSSL 15:117db924cf7c 9570 switch (msgType) {
wolfSSL 15:117db924cf7c 9571 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 9572 case server_hello:
wolfSSL 15:117db924cf7c 9573 PF_VALIDATE_RESPONSE(ssl, semaphore);
wolfSSL 15:117db924cf7c 9574 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9575 if (ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 9576 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 9577 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 9578 TURN_OFF(semaphore,
wolfSSL 15:117db924cf7c 9579 TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 9580 #endif
wolfSSL 15:117db924cf7c 9581 if (!ssl->options.noPskDheKe)
wolfSSL 15:117db924cf7c 9582 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9583 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9584 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 9585 #endif
wolfSSL 15:117db924cf7c 9586 }
wolfSSL 15:117db924cf7c 9587 else {
wolfSSL 15:117db924cf7c 9588 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9589 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9590 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 9591 #endif
wolfSSL 15:117db924cf7c 9592 }
wolfSSL 15:117db924cf7c 9593 #endif
wolfSSL 15:117db924cf7c 9594 break;
wolfSSL 15:117db924cf7c 9595
wolfSSL 15:117db924cf7c 9596 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9597 case hello_retry_request:
wolfSSL 15:117db924cf7c 9598 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 9599 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 9600 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 9601 #endif
wolfSSL 15:117db924cf7c 9602 if (!ssl->options.noPskDheKe)
wolfSSL 15:117db924cf7c 9603 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9604 /* Cookie is written below as last extension. */
wolfSSL 15:117db924cf7c 9605 break;
wolfSSL 15:117db924cf7c 9606 #endif
wolfSSL 15:117db924cf7c 9607
wolfSSL 15:117db924cf7c 9608 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9609 case encrypted_extensions:
wolfSSL 15:117db924cf7c 9610 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
wolfSSL 15:117db924cf7c 9611 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 9612 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
wolfSSL 15:117db924cf7c 9613 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 9614 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9615 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 9616 #endif
wolfSSL 15:117db924cf7c 9617 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 15:117db924cf7c 9618 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
wolfSSL 15:117db924cf7c 9619 #endif
wolfSSL 15:117db924cf7c 9620 break;
wolfSSL 15:117db924cf7c 9621
wolfSSL 15:117db924cf7c 9622 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 9623 case session_ticket:
wolfSSL 15:117db924cf7c 9624 if (ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 9625 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 9626 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));
wolfSSL 15:117db924cf7c 9627 }
wolfSSL 15:117db924cf7c 9628 break;
wolfSSL 15:117db924cf7c 9629 #endif
wolfSSL 15:117db924cf7c 9630 #endif
wolfSSL 15:117db924cf7c 9631 #endif
wolfSSL 15:117db924cf7c 9632
wolfSSL 15:117db924cf7c 9633 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9634 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 9635 case certificate:
wolfSSL 15:117db924cf7c 9636 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 9637 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
wolfSSL 15:117db924cf7c 9638 /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP,
wolfSSL 15:117db924cf7c 9639 * TLSX_SERVER_CERTIFICATE_TYPE
wolfSSL 15:117db924cf7c 9640 */
wolfSSL 15:117db924cf7c 9641 break;
wolfSSL 15:117db924cf7c 9642 #endif
wolfSSL 15:117db924cf7c 9643 #endif
wolfSSL 15:117db924cf7c 9644 }
wolfSSL 15:117db924cf7c 9645
wolfSSL 15:117db924cf7c 9646 offset += OPAQUE16_LEN; /* extensions length */
wolfSSL 15:117db924cf7c 9647
wolfSSL 15:117db924cf7c 9648 ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
wolfSSL 15:117db924cf7c 9649 msgType, &offset);
wolfSSL 15:117db924cf7c 9650
wolfSSL 15:117db924cf7c 9651 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9652 if (msgType == hello_retry_request) {
wolfSSL 15:117db924cf7c 9653 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 9654 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
wolfSSL 15:117db924cf7c 9655 ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
wolfSSL 15:117db924cf7c 9656 msgType, &offset);
wolfSSL 15:117db924cf7c 9657 }
wolfSSL 15:117db924cf7c 9658 #endif
wolfSSL 15:117db924cf7c 9659
wolfSSL 15:117db924cf7c 9660 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 9661 if (ssl->options.haveEMS && msgType == server_hello) {
wolfSSL 15:117db924cf7c 9662 c16toa(HELLO_EXT_EXTMS, output + offset);
wolfSSL 15:117db924cf7c 9663 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 15:117db924cf7c 9664 c16toa(0, output + offset);
wolfSSL 15:117db924cf7c 9665 offset += HELLO_EXT_SZ_SZ;
wolfSSL 15:117db924cf7c 9666 }
wolfSSL 15:117db924cf7c 9667 #endif
wolfSSL 15:117db924cf7c 9668
wolfSSL 15:117db924cf7c 9669 if (offset > OPAQUE16_LEN || msgType != server_hello)
wolfSSL 15:117db924cf7c 9670 c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL 15:117db924cf7c 9671 }
wolfSSL 15:117db924cf7c 9672
wolfSSL 15:117db924cf7c 9673 if (pOffset)
wolfSSL 15:117db924cf7c 9674 *pOffset += offset;
wolfSSL 15:117db924cf7c 9675
wolfSSL 15:117db924cf7c 9676 return ret;
wolfSSL 15:117db924cf7c 9677 }
wolfSSL 15:117db924cf7c 9678
wolfSSL 15:117db924cf7c 9679 #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 9680
wolfSSL 15:117db924cf7c 9681 /** Parses a buffer of TLS extensions. */
wolfSSL 15:117db924cf7c 9682 int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
wolfSSL 15:117db924cf7c 9683 Suites *suites)
wolfSSL 15:117db924cf7c 9684 {
wolfSSL 15:117db924cf7c 9685 int ret = 0;
wolfSSL 15:117db924cf7c 9686 word16 offset = 0;
wolfSSL 15:117db924cf7c 9687 byte isRequest = (msgType == client_hello ||
wolfSSL 15:117db924cf7c 9688 msgType == certificate_request);
wolfSSL 15:117db924cf7c 9689
wolfSSL 15:117db924cf7c 9690 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 9691 byte pendingEMS = 0;
wolfSSL 15:117db924cf7c 9692 #endif
wolfSSL 15:117db924cf7c 9693 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
wolfSSL 15:117db924cf7c 9694 int pskDone = 0;
wolfSSL 15:117db924cf7c 9695 #endif
wolfSSL 15:117db924cf7c 9696
wolfSSL 15:117db924cf7c 9697 if (!ssl || !input || (isRequest && !suites))
wolfSSL 15:117db924cf7c 9698 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 9699
wolfSSL 15:117db924cf7c 9700 while (ret == 0 && offset < length) {
wolfSSL 15:117db924cf7c 9701 word16 type;
wolfSSL 15:117db924cf7c 9702 word16 size;
wolfSSL 15:117db924cf7c 9703
wolfSSL 15:117db924cf7c 9704 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
wolfSSL 15:117db924cf7c 9705 if (msgType == client_hello && pskDone)
wolfSSL 15:117db924cf7c 9706 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 9707 #endif
wolfSSL 15:117db924cf7c 9708
wolfSSL 15:117db924cf7c 9709 if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 9710 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 9711
wolfSSL 15:117db924cf7c 9712 ato16(input + offset, &type);
wolfSSL 15:117db924cf7c 9713 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 15:117db924cf7c 9714
wolfSSL 15:117db924cf7c 9715 ato16(input + offset, &size);
wolfSSL 15:117db924cf7c 9716 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 9717
wolfSSL 15:117db924cf7c 9718 if (offset + size > length)
wolfSSL 15:117db924cf7c 9719 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 9720
wolfSSL 15:117db924cf7c 9721 switch (type) {
wolfSSL 15:117db924cf7c 9722 case TLSX_SERVER_NAME:
wolfSSL 15:117db924cf7c 9723 WOLFSSL_MSG("SNI extension received");
wolfSSL 15:117db924cf7c 9724
wolfSSL 15:117db924cf7c 9725 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9726 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9727 msgType != client_hello &&
wolfSSL 15:117db924cf7c 9728 msgType != encrypted_extensions) {
wolfSSL 15:117db924cf7c 9729 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9730 }
wolfSSL 15:117db924cf7c 9731 #endif
wolfSSL 15:117db924cf7c 9732 ret = SNI_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 9733 break;
wolfSSL 15:117db924cf7c 9734
wolfSSL 15:117db924cf7c 9735 case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL 15:117db924cf7c 9736 WOLFSSL_MSG("Max Fragment Length extension received");
wolfSSL 15:117db924cf7c 9737
wolfSSL 15:117db924cf7c 9738 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9739 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9740 msgType != client_hello &&
wolfSSL 15:117db924cf7c 9741 msgType != encrypted_extensions) {
wolfSSL 15:117db924cf7c 9742 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9743 }
wolfSSL 15:117db924cf7c 9744 #endif
wolfSSL 15:117db924cf7c 9745 ret = MFL_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 9746 break;
wolfSSL 15:117db924cf7c 9747
wolfSSL 15:117db924cf7c 9748 case TLSX_TRUNCATED_HMAC:
wolfSSL 15:117db924cf7c 9749 WOLFSSL_MSG("Truncated HMAC extension received");
wolfSSL 15:117db924cf7c 9750
wolfSSL 15:117db924cf7c 9751 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9752 if (IsAtLeastTLSv1_3(ssl->version) && !ssl->options.downgrade)
wolfSSL 15:117db924cf7c 9753 break;
wolfSSL 15:117db924cf7c 9754 #endif
wolfSSL 15:117db924cf7c 9755 ret = THM_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 9756 break;
wolfSSL 15:117db924cf7c 9757
wolfSSL 15:117db924cf7c 9758 case TLSX_SUPPORTED_GROUPS:
wolfSSL 15:117db924cf7c 9759 WOLFSSL_MSG("Supported Groups extension received");
wolfSSL 15:117db924cf7c 9760
wolfSSL 15:117db924cf7c 9761 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9762 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9763 msgType != client_hello &&
wolfSSL 15:117db924cf7c 9764 msgType != encrypted_extensions) {
wolfSSL 15:117db924cf7c 9765 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9766 }
wolfSSL 15:117db924cf7c 9767 #endif
wolfSSL 15:117db924cf7c 9768 ret = EC_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 9769 break;
wolfSSL 15:117db924cf7c 9770
wolfSSL 15:117db924cf7c 9771 case TLSX_EC_POINT_FORMATS:
wolfSSL 15:117db924cf7c 9772 WOLFSSL_MSG("Point Formats extension received");
wolfSSL 15:117db924cf7c 9773
wolfSSL 15:117db924cf7c 9774 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9775 if (IsAtLeastTLSv1_3(ssl->version) && !ssl->options.downgrade)
wolfSSL 15:117db924cf7c 9776 break;
wolfSSL 15:117db924cf7c 9777 #endif
wolfSSL 15:117db924cf7c 9778 ret = PF_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 9779 break;
wolfSSL 15:117db924cf7c 9780
wolfSSL 15:117db924cf7c 9781 case TLSX_STATUS_REQUEST:
wolfSSL 15:117db924cf7c 9782 WOLFSSL_MSG("Certificate Status Request extension received");
wolfSSL 15:117db924cf7c 9783
wolfSSL 15:117db924cf7c 9784 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9785 if (IsAtLeastTLSv1_3(ssl->version) && !ssl->options.downgrade)
wolfSSL 15:117db924cf7c 9786 break;
wolfSSL 15:117db924cf7c 9787 #endif
wolfSSL 15:117db924cf7c 9788 ret = CSR_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 9789 break;
wolfSSL 15:117db924cf7c 9790
wolfSSL 15:117db924cf7c 9791 case TLSX_STATUS_REQUEST_V2:
wolfSSL 15:117db924cf7c 9792 WOLFSSL_MSG("Certificate Status Request v2 extension received");
wolfSSL 15:117db924cf7c 9793
wolfSSL 15:117db924cf7c 9794 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9795 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9796 msgType != client_hello &&
wolfSSL 15:117db924cf7c 9797 msgType != certificate_request &&
wolfSSL 15:117db924cf7c 9798 msgType != certificate) {
wolfSSL 15:117db924cf7c 9799 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9800 }
wolfSSL 15:117db924cf7c 9801 #endif
wolfSSL 15:117db924cf7c 9802 ret = CSR2_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 9803 break;
wolfSSL 15:117db924cf7c 9804
wolfSSL 15:117db924cf7c 9805 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 9806 case HELLO_EXT_EXTMS:
wolfSSL 15:117db924cf7c 9807 WOLFSSL_MSG("Extended Master Secret extension received");
wolfSSL 15:117db924cf7c 9808
wolfSSL 15:117db924cf7c 9809 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9810 if (IsAtLeastTLSv1_3(ssl->version) && !ssl->options.downgrade)
wolfSSL 15:117db924cf7c 9811 break;
wolfSSL 15:117db924cf7c 9812 #endif
wolfSSL 15:117db924cf7c 9813 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 9814 if (isRequest)
wolfSSL 15:117db924cf7c 9815 ssl->options.haveEMS = 1;
wolfSSL 15:117db924cf7c 9816 #endif
wolfSSL 15:117db924cf7c 9817 pendingEMS = 1;
wolfSSL 15:117db924cf7c 9818 break;
wolfSSL 15:117db924cf7c 9819 #endif
wolfSSL 15:117db924cf7c 9820
wolfSSL 15:117db924cf7c 9821 case TLSX_RENEGOTIATION_INFO:
wolfSSL 15:117db924cf7c 9822 WOLFSSL_MSG("Secure Renegotiation extension received");
wolfSSL 15:117db924cf7c 9823
wolfSSL 15:117db924cf7c 9824 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9825 if (IsAtLeastTLSv1_3(ssl->version) && !ssl->options.downgrade)
wolfSSL 15:117db924cf7c 9826 break;
wolfSSL 15:117db924cf7c 9827 #endif
wolfSSL 15:117db924cf7c 9828 ret = SCR_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 9829 break;
wolfSSL 15:117db924cf7c 9830
wolfSSL 15:117db924cf7c 9831 case TLSX_SESSION_TICKET:
wolfSSL 15:117db924cf7c 9832 WOLFSSL_MSG("Session Ticket extension received");
wolfSSL 15:117db924cf7c 9833
wolfSSL 15:117db924cf7c 9834 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9835 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9836 msgType != client_hello) {
wolfSSL 15:117db924cf7c 9837 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9838 }
wolfSSL 15:117db924cf7c 9839 #endif
wolfSSL 15:117db924cf7c 9840 ret = WOLF_STK_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 9841 break;
wolfSSL 15:117db924cf7c 9842
wolfSSL 15:117db924cf7c 9843 case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL 15:117db924cf7c 9844 WOLFSSL_MSG("Quantum-Safe-Hybrid extension received");
wolfSSL 15:117db924cf7c 9845
wolfSSL 15:117db924cf7c 9846 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9847 if (IsAtLeastTLSv1_3(ssl->version) && !ssl->options.downgrade)
wolfSSL 15:117db924cf7c 9848 break;
wolfSSL 15:117db924cf7c 9849 #endif
wolfSSL 15:117db924cf7c 9850 ret = QSH_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 9851 break;
wolfSSL 15:117db924cf7c 9852
wolfSSL 15:117db924cf7c 9853 case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL 15:117db924cf7c 9854 WOLFSSL_MSG("ALPN extension received");
wolfSSL 15:117db924cf7c 9855
wolfSSL 15:117db924cf7c 9856 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9857 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9858 msgType != client_hello &&
wolfSSL 15:117db924cf7c 9859 msgType != encrypted_extensions) {
wolfSSL 15:117db924cf7c 9860 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9861 }
wolfSSL 15:117db924cf7c 9862 #endif
wolfSSL 15:117db924cf7c 9863 ret = ALPN_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 9864 break;
wolfSSL 15:117db924cf7c 9865
wolfSSL 15:117db924cf7c 9866 case TLSX_SIGNATURE_ALGORITHMS:
wolfSSL 15:117db924cf7c 9867 WOLFSSL_MSG("Signature Algorithms extension received");
wolfSSL 15:117db924cf7c 9868
wolfSSL 15:117db924cf7c 9869 if (!IsAtLeastTLSv1_2(ssl))
wolfSSL 15:117db924cf7c 9870 break;
wolfSSL 15:117db924cf7c 9871
wolfSSL 15:117db924cf7c 9872 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9873 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9874 msgType != client_hello &&
wolfSSL 15:117db924cf7c 9875 msgType != certificate_request) {
wolfSSL 15:117db924cf7c 9876 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9877 }
wolfSSL 15:117db924cf7c 9878 #endif
wolfSSL 15:117db924cf7c 9879 ret = SA_PARSE(ssl, input + offset, size, isRequest, suites);
wolfSSL 15:117db924cf7c 9880 break;
wolfSSL 15:117db924cf7c 9881
wolfSSL 15:117db924cf7c 9882 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9883 case TLSX_SUPPORTED_VERSIONS:
wolfSSL 15:117db924cf7c 9884 WOLFSSL_MSG("Supported Versions extension received");
wolfSSL 15:117db924cf7c 9885
wolfSSL 15:117db924cf7c 9886 if (!IsAtLeastTLSv1_3(ssl->ctx->method->version))
wolfSSL 15:117db924cf7c 9887 break;
wolfSSL 15:117db924cf7c 9888
wolfSSL 15:117db924cf7c 9889 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9890 #ifdef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 9891 msgType != client_hello
wolfSSL 15:117db924cf7c 9892 #else
wolfSSL 15:117db924cf7c 9893 msgType != client_hello &&
wolfSSL 15:117db924cf7c 9894 msgType != server_hello &&
wolfSSL 15:117db924cf7c 9895 msgType != hello_retry_request
wolfSSL 15:117db924cf7c 9896 #endif
wolfSSL 15:117db924cf7c 9897 ) {
wolfSSL 15:117db924cf7c 9898 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9899 }
wolfSSL 15:117db924cf7c 9900 ret = SV_PARSE(ssl, input + offset, size, msgType);
wolfSSL 15:117db924cf7c 9901 break;
wolfSSL 15:117db924cf7c 9902
wolfSSL 15:117db924cf7c 9903 case TLSX_COOKIE:
wolfSSL 15:117db924cf7c 9904 WOLFSSL_MSG("Cookie extension received");
wolfSSL 15:117db924cf7c 9905
wolfSSL 15:117db924cf7c 9906 if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 9907 break;
wolfSSL 15:117db924cf7c 9908
wolfSSL 15:117db924cf7c 9909 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9910 msgType != client_hello &&
wolfSSL 15:117db924cf7c 9911 msgType != hello_retry_request) {
wolfSSL 15:117db924cf7c 9912 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9913 }
wolfSSL 15:117db924cf7c 9914 ret = CKE_PARSE(ssl, input + offset, size, msgType);
wolfSSL 15:117db924cf7c 9915 break;
wolfSSL 15:117db924cf7c 9916
wolfSSL 15:117db924cf7c 9917 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9918 case TLSX_PRE_SHARED_KEY:
wolfSSL 15:117db924cf7c 9919 WOLFSSL_MSG("Pre-Shared Key extension received");
wolfSSL 15:117db924cf7c 9920
wolfSSL 15:117db924cf7c 9921 if (!IsAtLeastTLSv1_3(ssl->ctx->method->version))
wolfSSL 15:117db924cf7c 9922 break;
wolfSSL 15:117db924cf7c 9923
wolfSSL 15:117db924cf7c 9924 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9925 msgType != client_hello &&
wolfSSL 15:117db924cf7c 9926 msgType != server_hello) {
wolfSSL 15:117db924cf7c 9927 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9928 }
wolfSSL 15:117db924cf7c 9929 ret = PSK_PARSE(ssl, input + offset, size, msgType);
wolfSSL 15:117db924cf7c 9930 pskDone = 1;
wolfSSL 15:117db924cf7c 9931 break;
wolfSSL 15:117db924cf7c 9932
wolfSSL 15:117db924cf7c 9933 case TLSX_PSK_KEY_EXCHANGE_MODES:
wolfSSL 15:117db924cf7c 9934 WOLFSSL_MSG("PSK Key Exchange Modes extension received");
wolfSSL 15:117db924cf7c 9935
wolfSSL 15:117db924cf7c 9936 if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 9937 break;
wolfSSL 15:117db924cf7c 9938
wolfSSL 15:117db924cf7c 9939 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9940 msgType != client_hello) {
wolfSSL 15:117db924cf7c 9941 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9942 }
wolfSSL 15:117db924cf7c 9943 ret = PKM_PARSE(ssl, input + offset, size, msgType);
wolfSSL 15:117db924cf7c 9944 break;
wolfSSL 15:117db924cf7c 9945 #endif
wolfSSL 15:117db924cf7c 9946
wolfSSL 15:117db924cf7c 9947 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 9948 case TLSX_EARLY_DATA:
wolfSSL 15:117db924cf7c 9949 WOLFSSL_MSG("Early Data extension received");
wolfSSL 15:117db924cf7c 9950
wolfSSL 15:117db924cf7c 9951 if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 9952 break;
wolfSSL 15:117db924cf7c 9953
wolfSSL 15:117db924cf7c 9954 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9955 msgType != client_hello &&
wolfSSL 15:117db924cf7c 9956 msgType != session_ticket &&
wolfSSL 15:117db924cf7c 9957 msgType != encrypted_extensions) {
wolfSSL 15:117db924cf7c 9958 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9959 }
wolfSSL 15:117db924cf7c 9960 ret = EDI_PARSE(ssl, input + offset, size, msgType);
wolfSSL 15:117db924cf7c 9961 break;
wolfSSL 15:117db924cf7c 9962 #endif
wolfSSL 15:117db924cf7c 9963
wolfSSL 15:117db924cf7c 9964 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 15:117db924cf7c 9965 case TLSX_POST_HANDSHAKE_AUTH:
wolfSSL 15:117db924cf7c 9966 WOLFSSL_MSG("Post Handshake Authentication extension received");
wolfSSL 15:117db924cf7c 9967
wolfSSL 15:117db924cf7c 9968 if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 9969 break;
wolfSSL 15:117db924cf7c 9970
wolfSSL 15:117db924cf7c 9971 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9972 msgType != client_hello) {
wolfSSL 15:117db924cf7c 9973 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9974 }
wolfSSL 15:117db924cf7c 9975 ret = PHA_PARSE(ssl, input + offset, size, msgType);
wolfSSL 15:117db924cf7c 9976 break;
wolfSSL 15:117db924cf7c 9977 #endif
wolfSSL 15:117db924cf7c 9978
wolfSSL 15:117db924cf7c 9979 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 9980 case TLSX_SIGNATURE_ALGORITHMS_CERT:
wolfSSL 15:117db924cf7c 9981 WOLFSSL_MSG("Signature Algorithms extension received");
wolfSSL 15:117db924cf7c 9982
wolfSSL 15:117db924cf7c 9983 if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 9984 break;
wolfSSL 15:117db924cf7c 9985
wolfSSL 15:117db924cf7c 9986 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 9987 msgType != client_hello &&
wolfSSL 15:117db924cf7c 9988 msgType != certificate_request) {
wolfSSL 15:117db924cf7c 9989 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 9990 }
wolfSSL 15:117db924cf7c 9991
wolfSSL 15:117db924cf7c 9992 ret = SAC_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 9993 break;
wolfSSL 15:117db924cf7c 9994 #endif
wolfSSL 15:117db924cf7c 9995
wolfSSL 15:117db924cf7c 9996 case TLSX_KEY_SHARE:
wolfSSL 15:117db924cf7c 9997 WOLFSSL_MSG("Key Share extension received");
wolfSSL 15:117db924cf7c 9998
wolfSSL 15:117db924cf7c 9999 if (!IsAtLeastTLSv1_3(ssl->ctx->method->version))
wolfSSL 15:117db924cf7c 10000 break;
wolfSSL 15:117db924cf7c 10001
wolfSSL 15:117db924cf7c 10002 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) &&
wolfSSL 15:117db924cf7c 10003 msgType != client_hello &&
wolfSSL 15:117db924cf7c 10004 msgType != server_hello &&
wolfSSL 15:117db924cf7c 10005 msgType != hello_retry_request) {
wolfSSL 15:117db924cf7c 10006 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 10007 }
wolfSSL 15:117db924cf7c 10008 ret = KS_PARSE(ssl, input + offset, size, msgType);
wolfSSL 15:117db924cf7c 10009 break;
wolfSSL 15:117db924cf7c 10010 #endif
wolfSSL 15:117db924cf7c 10011 }
wolfSSL 15:117db924cf7c 10012
wolfSSL 15:117db924cf7c 10013 /* offset should be updated here! */
wolfSSL 15:117db924cf7c 10014 offset += size;
wolfSSL 15:117db924cf7c 10015 }
wolfSSL 15:117db924cf7c 10016
wolfSSL 15:117db924cf7c 10017 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 10018 if (!isRequest && ssl->options.haveEMS && !pendingEMS)
wolfSSL 15:117db924cf7c 10019 ssl->options.haveEMS = 0;
wolfSSL 15:117db924cf7c 10020 #endif
wolfSSL 15:117db924cf7c 10021
wolfSSL 15:117db924cf7c 10022 if (ret == 0)
wolfSSL 15:117db924cf7c 10023 ret = SNI_VERIFY_PARSE(ssl, isRequest);
wolfSSL 15:117db924cf7c 10024
wolfSSL 15:117db924cf7c 10025 return ret;
wolfSSL 15:117db924cf7c 10026 }
wolfSSL 15:117db924cf7c 10027
wolfSSL 15:117db924cf7c 10028 /* undefining semaphore macros */
wolfSSL 15:117db924cf7c 10029 #undef IS_OFF
wolfSSL 15:117db924cf7c 10030 #undef TURN_ON
wolfSSL 15:117db924cf7c 10031 #undef SEMAPHORE_SIZE
wolfSSL 15:117db924cf7c 10032
wolfSSL 15:117db924cf7c 10033 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 15:117db924cf7c 10034
wolfSSL 15:117db924cf7c 10035 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 10036
wolfSSL 15:117db924cf7c 10037 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 10038
wolfSSL 15:117db924cf7c 10039 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 15:117db924cf7c 10040 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
wolfSSL 15:117db924cf7c 10041 /* Gets a WOLFSL_METHOD type that is not set as client or server
wolfSSL 15:117db924cf7c 10042 *
wolfSSL 15:117db924cf7c 10043 * Returns a pointer to a WOLFSSL_METHOD struct
wolfSSL 15:117db924cf7c 10044 */
wolfSSL 15:117db924cf7c 10045 WOLFSSL_METHOD* wolfTLSv1_method(void) {
wolfSSL 15:117db924cf7c 10046 WOLFSSL_METHOD* m;
wolfSSL 15:117db924cf7c 10047 WOLFSSL_ENTER("wolfTLSv1_method");
wolfSSL 15:117db924cf7c 10048 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 10049 m = wolfTLSv1_client_method();
wolfSSL 15:117db924cf7c 10050 #else
wolfSSL 15:117db924cf7c 10051 m = wolfTLSv1_server_method();
wolfSSL 15:117db924cf7c 10052 #endif
wolfSSL 15:117db924cf7c 10053 if (m != NULL) {
wolfSSL 15:117db924cf7c 10054 m->side = WOLFSSL_NEITHER_END;
wolfSSL 15:117db924cf7c 10055 }
wolfSSL 15:117db924cf7c 10056
wolfSSL 15:117db924cf7c 10057 return m;
wolfSSL 15:117db924cf7c 10058 }
wolfSSL 15:117db924cf7c 10059 #endif /* OPENSSL_EXTRA || OPENSSL_ALL*/
wolfSSL 15:117db924cf7c 10060
wolfSSL 15:117db924cf7c 10061 WOLFSSL_METHOD* wolfTLSv1_client_method(void)
wolfSSL 15:117db924cf7c 10062 {
wolfSSL 15:117db924cf7c 10063 return wolfTLSv1_client_method_ex(NULL);
wolfSSL 15:117db924cf7c 10064 }
wolfSSL 15:117db924cf7c 10065
wolfSSL 15:117db924cf7c 10066 WOLFSSL_METHOD* wolfTLSv1_client_method_ex(void* heap)
wolfSSL 15:117db924cf7c 10067 {
wolfSSL 15:117db924cf7c 10068 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 10069 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 10070 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 10071 (void)heap;
wolfSSL 15:117db924cf7c 10072 if (method)
wolfSSL 15:117db924cf7c 10073 InitSSL_Method(method, MakeTLSv1());
wolfSSL 15:117db924cf7c 10074 return method;
wolfSSL 15:117db924cf7c 10075 }
wolfSSL 15:117db924cf7c 10076 #endif /* WOLFSSL_ALLOW_TLSV10 */
wolfSSL 15:117db924cf7c 10077
wolfSSL 15:117db924cf7c 10078 WOLFSSL_METHOD* wolfTLSv1_1_client_method(void)
wolfSSL 15:117db924cf7c 10079 {
wolfSSL 15:117db924cf7c 10080 return wolfTLSv1_1_client_method_ex(NULL);
wolfSSL 15:117db924cf7c 10081 }
wolfSSL 15:117db924cf7c 10082
wolfSSL 15:117db924cf7c 10083 WOLFSSL_METHOD* wolfTLSv1_1_client_method_ex(void* heap)
wolfSSL 15:117db924cf7c 10084 {
wolfSSL 15:117db924cf7c 10085 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 10086 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 10087 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 10088 (void)heap;
wolfSSL 15:117db924cf7c 10089 if (method)
wolfSSL 15:117db924cf7c 10090 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 15:117db924cf7c 10091 return method;
wolfSSL 15:117db924cf7c 10092 }
wolfSSL 15:117db924cf7c 10093
wolfSSL 15:117db924cf7c 10094 #endif /* !NO_OLD_TLS */
wolfSSL 15:117db924cf7c 10095
wolfSSL 15:117db924cf7c 10096 #ifndef WOLFSSL_NO_TLS12
wolfSSL 15:117db924cf7c 10097
wolfSSL 15:117db924cf7c 10098 WOLFSSL_METHOD* wolfTLSv1_2_client_method(void)
wolfSSL 15:117db924cf7c 10099 {
wolfSSL 15:117db924cf7c 10100 return wolfTLSv1_2_client_method_ex(NULL);
wolfSSL 15:117db924cf7c 10101 }
wolfSSL 15:117db924cf7c 10102
wolfSSL 15:117db924cf7c 10103 WOLFSSL_METHOD* wolfTLSv1_2_client_method_ex(void* heap)
wolfSSL 15:117db924cf7c 10104 {
wolfSSL 15:117db924cf7c 10105 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 10106 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 10107 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 10108 (void)heap;
wolfSSL 15:117db924cf7c 10109 if (method)
wolfSSL 15:117db924cf7c 10110 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 15:117db924cf7c 10111 return method;
wolfSSL 15:117db924cf7c 10112 }
wolfSSL 15:117db924cf7c 10113
wolfSSL 15:117db924cf7c 10114 #endif /* WOLFSSL_NO_TLS12 */
wolfSSL 15:117db924cf7c 10115
wolfSSL 15:117db924cf7c 10116 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10117 /* The TLS v1.3 client method data.
wolfSSL 15:117db924cf7c 10118 *
wolfSSL 15:117db924cf7c 10119 * returns the method data for a TLS v1.3 client.
wolfSSL 15:117db924cf7c 10120 */
wolfSSL 15:117db924cf7c 10121 WOLFSSL_METHOD* wolfTLSv1_3_client_method(void)
wolfSSL 15:117db924cf7c 10122 {
wolfSSL 15:117db924cf7c 10123 return wolfTLSv1_3_client_method_ex(NULL);
wolfSSL 15:117db924cf7c 10124 }
wolfSSL 15:117db924cf7c 10125
wolfSSL 15:117db924cf7c 10126 /* The TLS v1.3 client method data.
wolfSSL 15:117db924cf7c 10127 *
wolfSSL 15:117db924cf7c 10128 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 10129 * returns the method data for a TLS v1.3 client.
wolfSSL 15:117db924cf7c 10130 */
wolfSSL 15:117db924cf7c 10131 WOLFSSL_METHOD* wolfTLSv1_3_client_method_ex(void* heap)
wolfSSL 15:117db924cf7c 10132 {
wolfSSL 15:117db924cf7c 10133 WOLFSSL_METHOD* method = (WOLFSSL_METHOD*)
wolfSSL 15:117db924cf7c 10134 XMALLOC(sizeof(WOLFSSL_METHOD), heap,
wolfSSL 15:117db924cf7c 10135 DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 10136 (void)heap;
wolfSSL 15:117db924cf7c 10137 if (method)
wolfSSL 15:117db924cf7c 10138 InitSSL_Method(method, MakeTLSv1_3());
wolfSSL 15:117db924cf7c 10139 return method;
wolfSSL 15:117db924cf7c 10140 }
wolfSSL 15:117db924cf7c 10141 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 10142
wolfSSL 15:117db924cf7c 10143
wolfSSL 15:117db924cf7c 10144 WOLFSSL_METHOD* wolfSSLv23_client_method(void)
wolfSSL 15:117db924cf7c 10145 {
wolfSSL 15:117db924cf7c 10146 return wolfSSLv23_client_method_ex(NULL);
wolfSSL 15:117db924cf7c 10147 }
wolfSSL 15:117db924cf7c 10148
wolfSSL 15:117db924cf7c 10149
wolfSSL 15:117db924cf7c 10150 WOLFSSL_METHOD* wolfSSLv23_client_method_ex(void* heap)
wolfSSL 15:117db924cf7c 10151 {
wolfSSL 15:117db924cf7c 10152 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 10153 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 10154 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 10155 (void)heap;
wolfSSL 15:117db924cf7c 10156 if (method) {
wolfSSL 15:117db924cf7c 10157 #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
wolfSSL 15:117db924cf7c 10158 #if defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 10159 InitSSL_Method(method, MakeTLSv1_3());
wolfSSL 15:117db924cf7c 10160 #else
wolfSSL 15:117db924cf7c 10161 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 15:117db924cf7c 10162 #endif
wolfSSL 15:117db924cf7c 10163 #else
wolfSSL 15:117db924cf7c 10164 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 10165 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 15:117db924cf7c 10166 #endif
wolfSSL 15:117db924cf7c 10167 #endif
wolfSSL 15:117db924cf7c 10168 #if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 10169 method->downgrade = 1;
wolfSSL 15:117db924cf7c 10170 #endif
wolfSSL 15:117db924cf7c 10171 }
wolfSSL 15:117db924cf7c 10172 return method;
wolfSSL 15:117db924cf7c 10173 }
wolfSSL 15:117db924cf7c 10174
wolfSSL 15:117db924cf7c 10175 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 10176
wolfSSL 15:117db924cf7c 10177
wolfSSL 15:117db924cf7c 10178
wolfSSL 15:117db924cf7c 10179 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 10180
wolfSSL 15:117db924cf7c 10181 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 10182 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 15:117db924cf7c 10183 WOLFSSL_METHOD* wolfTLSv1_server_method(void)
wolfSSL 15:117db924cf7c 10184 {
wolfSSL 15:117db924cf7c 10185 return wolfTLSv1_server_method_ex(NULL);
wolfSSL 15:117db924cf7c 10186 }
wolfSSL 15:117db924cf7c 10187
wolfSSL 15:117db924cf7c 10188 WOLFSSL_METHOD* wolfTLSv1_server_method_ex(void* heap)
wolfSSL 15:117db924cf7c 10189 {
wolfSSL 15:117db924cf7c 10190 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 10191 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 10192 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 10193 (void)heap;
wolfSSL 15:117db924cf7c 10194 if (method) {
wolfSSL 15:117db924cf7c 10195 InitSSL_Method(method, MakeTLSv1());
wolfSSL 15:117db924cf7c 10196 method->side = WOLFSSL_SERVER_END;
wolfSSL 15:117db924cf7c 10197 }
wolfSSL 15:117db924cf7c 10198 return method;
wolfSSL 15:117db924cf7c 10199 }
wolfSSL 15:117db924cf7c 10200 #endif /* WOLFSSL_ALLOW_TLSV10 */
wolfSSL 15:117db924cf7c 10201
wolfSSL 15:117db924cf7c 10202 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
wolfSSL 15:117db924cf7c 10203 /* Gets a WOLFSL_METHOD type that is not set as client or server
wolfSSL 15:117db924cf7c 10204 *
wolfSSL 15:117db924cf7c 10205 * Returns a pointer to a WOLFSSL_METHOD struct
wolfSSL 15:117db924cf7c 10206 */
wolfSSL 15:117db924cf7c 10207 WOLFSSL_METHOD* wolfTLSv1_1_method(void) {
wolfSSL 15:117db924cf7c 10208 WOLFSSL_METHOD* m;
wolfSSL 15:117db924cf7c 10209 WOLFSSL_ENTER("wolfTLSv1_1_method");
wolfSSL 15:117db924cf7c 10210 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 10211 m = wolfTLSv1_1_client_method();
wolfSSL 15:117db924cf7c 10212 #else
wolfSSL 15:117db924cf7c 10213 m = wolfTLSv1_1_server_method();
wolfSSL 15:117db924cf7c 10214 #endif
wolfSSL 15:117db924cf7c 10215 if (m != NULL) {
wolfSSL 15:117db924cf7c 10216 m->side = WOLFSSL_NEITHER_END;
wolfSSL 15:117db924cf7c 10217 }
wolfSSL 15:117db924cf7c 10218 return m;
wolfSSL 15:117db924cf7c 10219 }
wolfSSL 15:117db924cf7c 10220 #endif /* OPENSSL_EXTRA || OPENSSL_ALL */
wolfSSL 15:117db924cf7c 10221
wolfSSL 15:117db924cf7c 10222 WOLFSSL_METHOD* wolfTLSv1_1_server_method(void)
wolfSSL 15:117db924cf7c 10223 {
wolfSSL 15:117db924cf7c 10224 return wolfTLSv1_1_server_method_ex(NULL);
wolfSSL 15:117db924cf7c 10225 }
wolfSSL 15:117db924cf7c 10226
wolfSSL 15:117db924cf7c 10227 WOLFSSL_METHOD* wolfTLSv1_1_server_method_ex(void* heap)
wolfSSL 15:117db924cf7c 10228 {
wolfSSL 15:117db924cf7c 10229 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 10230 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 10231 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 10232 (void)heap;
wolfSSL 15:117db924cf7c 10233 if (method) {
wolfSSL 15:117db924cf7c 10234 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 15:117db924cf7c 10235 method->side = WOLFSSL_SERVER_END;
wolfSSL 15:117db924cf7c 10236 }
wolfSSL 15:117db924cf7c 10237 return method;
wolfSSL 15:117db924cf7c 10238 }
wolfSSL 15:117db924cf7c 10239 #endif /* !NO_OLD_TLS */
wolfSSL 15:117db924cf7c 10240
wolfSSL 15:117db924cf7c 10241 #ifndef WOLFSSL_NO_TLS12
wolfSSL 15:117db924cf7c 10242
wolfSSL 15:117db924cf7c 10243 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
wolfSSL 15:117db924cf7c 10244 /* Gets a WOLFSL_METHOD type that is not set as client or server
wolfSSL 15:117db924cf7c 10245 *
wolfSSL 15:117db924cf7c 10246 * Returns a pointer to a WOLFSSL_METHOD struct
wolfSSL 15:117db924cf7c 10247 */
wolfSSL 15:117db924cf7c 10248 WOLFSSL_METHOD* wolfTLSv1_2_method(void) {
wolfSSL 15:117db924cf7c 10249 WOLFSSL_METHOD* m;
wolfSSL 15:117db924cf7c 10250 WOLFSSL_ENTER("wolfTLSv1_2_method");
wolfSSL 15:117db924cf7c 10251 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 10252 m = wolfTLSv1_2_client_method();
wolfSSL 15:117db924cf7c 10253 #else
wolfSSL 15:117db924cf7c 10254 m = wolfTLSv1_2_server_method();
wolfSSL 15:117db924cf7c 10255 #endif
wolfSSL 15:117db924cf7c 10256 if (m != NULL) {
wolfSSL 15:117db924cf7c 10257 m->side = WOLFSSL_NEITHER_END;
wolfSSL 15:117db924cf7c 10258 }
wolfSSL 15:117db924cf7c 10259 return m;
wolfSSL 15:117db924cf7c 10260 }
wolfSSL 15:117db924cf7c 10261 #endif /* OPENSSL_EXTRA || OPENSSL_ALL */
wolfSSL 15:117db924cf7c 10262
wolfSSL 15:117db924cf7c 10263 WOLFSSL_METHOD* wolfTLSv1_2_server_method(void)
wolfSSL 15:117db924cf7c 10264 {
wolfSSL 15:117db924cf7c 10265 return wolfTLSv1_2_server_method_ex(NULL);
wolfSSL 15:117db924cf7c 10266 }
wolfSSL 15:117db924cf7c 10267
wolfSSL 15:117db924cf7c 10268 WOLFSSL_METHOD* wolfTLSv1_2_server_method_ex(void* heap)
wolfSSL 15:117db924cf7c 10269 {
wolfSSL 15:117db924cf7c 10270 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 10271 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 10272 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 10273 (void)heap;
wolfSSL 15:117db924cf7c 10274 if (method) {
wolfSSL 15:117db924cf7c 10275 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 15:117db924cf7c 10276 method->side = WOLFSSL_SERVER_END;
wolfSSL 15:117db924cf7c 10277 }
wolfSSL 15:117db924cf7c 10278 return method;
wolfSSL 15:117db924cf7c 10279 }
wolfSSL 15:117db924cf7c 10280
wolfSSL 15:117db924cf7c 10281 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 15:117db924cf7c 10282
wolfSSL 15:117db924cf7c 10283 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10284 /* The TLS v1.3 server method data.
wolfSSL 15:117db924cf7c 10285 *
wolfSSL 15:117db924cf7c 10286 * returns the method data for a TLS v1.3 server.
wolfSSL 15:117db924cf7c 10287 */
wolfSSL 15:117db924cf7c 10288 WOLFSSL_METHOD* wolfTLSv1_3_server_method(void)
wolfSSL 15:117db924cf7c 10289 {
wolfSSL 15:117db924cf7c 10290 return wolfTLSv1_3_server_method_ex(NULL);
wolfSSL 15:117db924cf7c 10291 }
wolfSSL 15:117db924cf7c 10292
wolfSSL 15:117db924cf7c 10293 /* The TLS v1.3 server method data.
wolfSSL 15:117db924cf7c 10294 *
wolfSSL 15:117db924cf7c 10295 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 10296 * returns the method data for a TLS v1.3 server.
wolfSSL 15:117db924cf7c 10297 */
wolfSSL 15:117db924cf7c 10298 WOLFSSL_METHOD* wolfTLSv1_3_server_method_ex(void* heap)
wolfSSL 15:117db924cf7c 10299 {
wolfSSL 15:117db924cf7c 10300 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 10301 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 10302 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 10303 (void)heap;
wolfSSL 15:117db924cf7c 10304 if (method) {
wolfSSL 15:117db924cf7c 10305 InitSSL_Method(method, MakeTLSv1_3());
wolfSSL 15:117db924cf7c 10306 method->side = WOLFSSL_SERVER_END;
wolfSSL 15:117db924cf7c 10307 }
wolfSSL 15:117db924cf7c 10308 return method;
wolfSSL 15:117db924cf7c 10309 }
wolfSSL 15:117db924cf7c 10310 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 10311
wolfSSL 15:117db924cf7c 10312 WOLFSSL_METHOD* wolfSSLv23_server_method(void)
wolfSSL 15:117db924cf7c 10313 {
wolfSSL 15:117db924cf7c 10314 return wolfSSLv23_server_method_ex(NULL);
wolfSSL 15:117db924cf7c 10315 }
wolfSSL 15:117db924cf7c 10316
wolfSSL 15:117db924cf7c 10317 WOLFSSL_METHOD* wolfSSLv23_server_method_ex(void* heap)
wolfSSL 15:117db924cf7c 10318 {
wolfSSL 15:117db924cf7c 10319 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 10320 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 10321 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 10322 (void)heap;
wolfSSL 15:117db924cf7c 10323 if (method) {
wolfSSL 15:117db924cf7c 10324 #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
wolfSSL 15:117db924cf7c 10325 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10326 InitSSL_Method(method, MakeTLSv1_3());
wolfSSL 15:117db924cf7c 10327 #else
wolfSSL 15:117db924cf7c 10328 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 15:117db924cf7c 10329 #endif
wolfSSL 15:117db924cf7c 10330 #else
wolfSSL 15:117db924cf7c 10331 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 10332 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 15:117db924cf7c 10333 #else
wolfSSL 15:117db924cf7c 10334 #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2
wolfSSL 15:117db924cf7c 10335 #endif
wolfSSL 15:117db924cf7c 10336 #endif
wolfSSL 15:117db924cf7c 10337 #if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 10338 method->downgrade = 1;
wolfSSL 15:117db924cf7c 10339 #endif
wolfSSL 15:117db924cf7c 10340 method->side = WOLFSSL_SERVER_END;
wolfSSL 15:117db924cf7c 10341 }
wolfSSL 15:117db924cf7c 10342 return method;
wolfSSL 15:117db924cf7c 10343 }
wolfSSL 15:117db924cf7c 10344
wolfSSL 15:117db924cf7c 10345
wolfSSL 15:117db924cf7c 10346 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 10347 #endif /* NO_TLS */
wolfSSL 15:117db924cf7c 10348 #endif /* WOLFCRYPT_ONLY */
wolfSSL 15:117db924cf7c 10349