wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfssl/internal.h@15:117db924cf7c, 2018-08-18 (annotated)
- Committer:
- wolfSSL
- Date:
- Sat Aug 18 22:20:43 2018 +0000
- Revision:
- 15:117db924cf7c
- Child:
- 16:8e0d178b1d1e
wolfSSL 3.15.3
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 15:117db924cf7c | 1 | /* internal.h |
wolfSSL | 15:117db924cf7c | 2 | * |
wolfSSL | 15:117db924cf7c | 3 | * Copyright (C) 2006-2017 wolfSSL Inc. |
wolfSSL | 15:117db924cf7c | 4 | * |
wolfSSL | 15:117db924cf7c | 5 | * This file is part of wolfSSL. |
wolfSSL | 15:117db924cf7c | 6 | * |
wolfSSL | 15:117db924cf7c | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 15:117db924cf7c | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 15:117db924cf7c | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 15:117db924cf7c | 10 | * (at your option) any later version. |
wolfSSL | 15:117db924cf7c | 11 | * |
wolfSSL | 15:117db924cf7c | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 15:117db924cf7c | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 15:117db924cf7c | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 15:117db924cf7c | 15 | * GNU General Public License for more details. |
wolfSSL | 15:117db924cf7c | 16 | * |
wolfSSL | 15:117db924cf7c | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 15:117db924cf7c | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 15:117db924cf7c | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 15:117db924cf7c | 20 | */ |
wolfSSL | 15:117db924cf7c | 21 | |
wolfSSL | 15:117db924cf7c | 22 | |
wolfSSL | 15:117db924cf7c | 23 | |
wolfSSL | 15:117db924cf7c | 24 | #ifndef WOLFSSL_INT_H |
wolfSSL | 15:117db924cf7c | 25 | #define WOLFSSL_INT_H |
wolfSSL | 15:117db924cf7c | 26 | |
wolfSSL | 15:117db924cf7c | 27 | |
wolfSSL | 15:117db924cf7c | 28 | #include <wolfssl/wolfcrypt/types.h> |
wolfSSL | 15:117db924cf7c | 29 | #include <wolfssl/ssl.h> |
wolfSSL | 15:117db924cf7c | 30 | #ifdef HAVE_CRL |
wolfSSL | 15:117db924cf7c | 31 | #include <wolfssl/crl.h> |
wolfSSL | 15:117db924cf7c | 32 | #endif |
wolfSSL | 15:117db924cf7c | 33 | #include <wolfssl/wolfcrypt/random.h> |
wolfSSL | 15:117db924cf7c | 34 | #ifndef NO_DES3 |
wolfSSL | 15:117db924cf7c | 35 | #include <wolfssl/wolfcrypt/des3.h> |
wolfSSL | 15:117db924cf7c | 36 | #endif |
wolfSSL | 15:117db924cf7c | 37 | #ifndef NO_HC128 |
wolfSSL | 15:117db924cf7c | 38 | #include <wolfssl/wolfcrypt/hc128.h> |
wolfSSL | 15:117db924cf7c | 39 | #endif |
wolfSSL | 15:117db924cf7c | 40 | #ifndef NO_RABBIT |
wolfSSL | 15:117db924cf7c | 41 | #include <wolfssl/wolfcrypt/rabbit.h> |
wolfSSL | 15:117db924cf7c | 42 | #endif |
wolfSSL | 15:117db924cf7c | 43 | #ifdef HAVE_CHACHA |
wolfSSL | 15:117db924cf7c | 44 | #include <wolfssl/wolfcrypt/chacha.h> |
wolfSSL | 15:117db924cf7c | 45 | #endif |
wolfSSL | 15:117db924cf7c | 46 | #ifndef NO_ASN |
wolfSSL | 15:117db924cf7c | 47 | #include <wolfssl/wolfcrypt/asn.h> |
wolfSSL | 15:117db924cf7c | 48 | #include <wolfssl/wolfcrypt/pkcs12.h> |
wolfSSL | 15:117db924cf7c | 49 | #endif |
wolfSSL | 15:117db924cf7c | 50 | #ifndef NO_MD5 |
wolfSSL | 15:117db924cf7c | 51 | #include <wolfssl/wolfcrypt/md5.h> |
wolfSSL | 15:117db924cf7c | 52 | #endif |
wolfSSL | 15:117db924cf7c | 53 | #ifndef NO_SHA |
wolfSSL | 15:117db924cf7c | 54 | #include <wolfssl/wolfcrypt/sha.h> |
wolfSSL | 15:117db924cf7c | 55 | #endif |
wolfSSL | 15:117db924cf7c | 56 | #ifndef NO_AES |
wolfSSL | 15:117db924cf7c | 57 | #include <wolfssl/wolfcrypt/aes.h> |
wolfSSL | 15:117db924cf7c | 58 | #endif |
wolfSSL | 15:117db924cf7c | 59 | #ifdef HAVE_POLY1305 |
wolfSSL | 15:117db924cf7c | 60 | #include <wolfssl/wolfcrypt/poly1305.h> |
wolfSSL | 15:117db924cf7c | 61 | #endif |
wolfSSL | 15:117db924cf7c | 62 | #ifdef HAVE_CAMELLIA |
wolfSSL | 15:117db924cf7c | 63 | #include <wolfssl/wolfcrypt/camellia.h> |
wolfSSL | 15:117db924cf7c | 64 | #endif |
wolfSSL | 15:117db924cf7c | 65 | #include <wolfssl/wolfcrypt/logging.h> |
wolfSSL | 15:117db924cf7c | 66 | #ifndef NO_HMAC |
wolfSSL | 15:117db924cf7c | 67 | #include <wolfssl/wolfcrypt/hmac.h> |
wolfSSL | 15:117db924cf7c | 68 | #endif |
wolfSSL | 15:117db924cf7c | 69 | #ifndef NO_RC4 |
wolfSSL | 15:117db924cf7c | 70 | #include <wolfssl/wolfcrypt/arc4.h> |
wolfSSL | 15:117db924cf7c | 71 | #endif |
wolfSSL | 15:117db924cf7c | 72 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 73 | #include <wolfssl/wolfcrypt/sha256.h> |
wolfSSL | 15:117db924cf7c | 74 | #endif |
wolfSSL | 15:117db924cf7c | 75 | #ifdef HAVE_OCSP |
wolfSSL | 15:117db924cf7c | 76 | #include <wolfssl/ocsp.h> |
wolfSSL | 15:117db924cf7c | 77 | #endif |
wolfSSL | 15:117db924cf7c | 78 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 79 | #include <wolfssl/wolfcrypt/sha512.h> |
wolfSSL | 15:117db924cf7c | 80 | #endif |
wolfSSL | 15:117db924cf7c | 81 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 15:117db924cf7c | 82 | #include <wolfssl/wolfcrypt/sha512.h> |
wolfSSL | 15:117db924cf7c | 83 | #endif |
wolfSSL | 15:117db924cf7c | 84 | #ifdef HAVE_AESGCM |
wolfSSL | 15:117db924cf7c | 85 | #include <wolfssl/wolfcrypt/sha512.h> |
wolfSSL | 15:117db924cf7c | 86 | #endif |
wolfSSL | 15:117db924cf7c | 87 | #ifdef WOLFSSL_RIPEMD |
wolfSSL | 15:117db924cf7c | 88 | #include <wolfssl/wolfcrypt/ripemd.h> |
wolfSSL | 15:117db924cf7c | 89 | #endif |
wolfSSL | 15:117db924cf7c | 90 | #ifdef HAVE_IDEA |
wolfSSL | 15:117db924cf7c | 91 | #include <wolfssl/wolfcrypt/idea.h> |
wolfSSL | 15:117db924cf7c | 92 | #endif |
wolfSSL | 15:117db924cf7c | 93 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 94 | #include <wolfssl/wolfcrypt/rsa.h> |
wolfSSL | 15:117db924cf7c | 95 | #endif |
wolfSSL | 15:117db924cf7c | 96 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 97 | #include <wolfssl/wolfcrypt/ecc.h> |
wolfSSL | 15:117db924cf7c | 98 | #endif |
wolfSSL | 15:117db924cf7c | 99 | #ifndef NO_DH |
wolfSSL | 15:117db924cf7c | 100 | #include <wolfssl/wolfcrypt/dh.h> |
wolfSSL | 15:117db924cf7c | 101 | #endif |
wolfSSL | 15:117db924cf7c | 102 | #ifdef HAVE_ED25519 |
wolfSSL | 15:117db924cf7c | 103 | #include <wolfssl/wolfcrypt/ed25519.h> |
wolfSSL | 15:117db924cf7c | 104 | #endif |
wolfSSL | 15:117db924cf7c | 105 | #ifdef HAVE_CURVE25519 |
wolfSSL | 15:117db924cf7c | 106 | #include <wolfssl/wolfcrypt/curve25519.h> |
wolfSSL | 15:117db924cf7c | 107 | #endif |
wolfSSL | 15:117db924cf7c | 108 | |
wolfSSL | 15:117db924cf7c | 109 | #include <wolfssl/wolfcrypt/wc_encrypt.h> |
wolfSSL | 15:117db924cf7c | 110 | #include <wolfssl/wolfcrypt/hash.h> |
wolfSSL | 15:117db924cf7c | 111 | |
wolfSSL | 15:117db924cf7c | 112 | #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) |
wolfSSL | 15:117db924cf7c | 113 | #include <wolfssl/callbacks.h> |
wolfSSL | 15:117db924cf7c | 114 | #endif |
wolfSSL | 15:117db924cf7c | 115 | #ifdef WOLFSSL_CALLBACKS |
wolfSSL | 15:117db924cf7c | 116 | #include <signal.h> |
wolfSSL | 15:117db924cf7c | 117 | #endif |
wolfSSL | 15:117db924cf7c | 118 | |
wolfSSL | 15:117db924cf7c | 119 | #ifdef USE_WINDOWS_API |
wolfSSL | 15:117db924cf7c | 120 | #ifdef WOLFSSL_GAME_BUILD |
wolfSSL | 15:117db924cf7c | 121 | #include "system/xtl.h" |
wolfSSL | 15:117db924cf7c | 122 | #else |
wolfSSL | 15:117db924cf7c | 123 | #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) |
wolfSSL | 15:117db924cf7c | 124 | /* On WinCE winsock2.h must be included before windows.h */ |
wolfSSL | 15:117db924cf7c | 125 | #include <winsock2.h> |
wolfSSL | 15:117db924cf7c | 126 | #endif |
wolfSSL | 15:117db924cf7c | 127 | #include <windows.h> |
wolfSSL | 15:117db924cf7c | 128 | #endif |
wolfSSL | 15:117db924cf7c | 129 | #elif defined(THREADX) |
wolfSSL | 15:117db924cf7c | 130 | #ifndef SINGLE_THREADED |
wolfSSL | 15:117db924cf7c | 131 | #include "tx_api.h" |
wolfSSL | 15:117db924cf7c | 132 | #endif |
wolfSSL | 15:117db924cf7c | 133 | #elif defined(MICRIUM) |
wolfSSL | 15:117db924cf7c | 134 | /* do nothing, just don't pick Unix */ |
wolfSSL | 15:117db924cf7c | 135 | #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS) |
wolfSSL | 15:117db924cf7c | 136 | /* do nothing */ |
wolfSSL | 15:117db924cf7c | 137 | #elif defined(EBSNET) |
wolfSSL | 15:117db924cf7c | 138 | /* do nothing */ |
wolfSSL | 15:117db924cf7c | 139 | #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) |
wolfSSL | 15:117db924cf7c | 140 | /* do nothing */ |
wolfSSL | 15:117db924cf7c | 141 | #elif defined(FREESCALE_FREE_RTOS) |
wolfSSL | 15:117db924cf7c | 142 | #include "fsl_os_abstraction.h" |
wolfSSL | 15:117db924cf7c | 143 | #elif defined(WOLFSSL_uITRON4) |
wolfSSL | 15:117db924cf7c | 144 | /* do nothing */ |
wolfSSL | 15:117db924cf7c | 145 | #elif defined(WOLFSSL_uTKERNEL2) |
wolfSSL | 15:117db924cf7c | 146 | /* do nothing */ |
wolfSSL | 15:117db924cf7c | 147 | #elif defined(WOLFSSL_CMSIS_RTOS) |
wolfSSL | 15:117db924cf7c | 148 | #include "cmsis_os.h" |
wolfSSL | 15:117db924cf7c | 149 | #elif defined(WOLFSSL_MDK_ARM) |
wolfSSL | 15:117db924cf7c | 150 | #if defined(WOLFSSL_MDK5) |
wolfSSL | 15:117db924cf7c | 151 | #include "cmsis_os.h" |
wolfSSL | 15:117db924cf7c | 152 | #else |
wolfSSL | 15:117db924cf7c | 153 | #include <rtl.h> |
wolfSSL | 15:117db924cf7c | 154 | #endif |
wolfSSL | 15:117db924cf7c | 155 | #elif defined(WOLFSSL_CMSIS_RTOS) |
wolfSSL | 15:117db924cf7c | 156 | #include "cmsis_os.h" |
wolfSSL | 15:117db924cf7c | 157 | #elif defined(MBED) |
wolfSSL | 15:117db924cf7c | 158 | #elif defined(WOLFSSL_TIRTOS) |
wolfSSL | 15:117db924cf7c | 159 | /* do nothing */ |
wolfSSL | 15:117db924cf7c | 160 | #elif defined(INTIME_RTOS) |
wolfSSL | 15:117db924cf7c | 161 | #include <rt.h> |
wolfSSL | 15:117db924cf7c | 162 | #elif defined(WOLFSSL_NUCLEUS_1_2) |
wolfSSL | 15:117db924cf7c | 163 | /* do nothing */ |
wolfSSL | 15:117db924cf7c | 164 | #else |
wolfSSL | 15:117db924cf7c | 165 | #ifndef SINGLE_THREADED |
wolfSSL | 15:117db924cf7c | 166 | #define WOLFSSL_PTHREADS |
wolfSSL | 15:117db924cf7c | 167 | #include <pthread.h> |
wolfSSL | 15:117db924cf7c | 168 | #endif |
wolfSSL | 15:117db924cf7c | 169 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 170 | #include <unistd.h> /* for close of BIO */ |
wolfSSL | 15:117db924cf7c | 171 | #endif |
wolfSSL | 15:117db924cf7c | 172 | #endif |
wolfSSL | 15:117db924cf7c | 173 | |
wolfSSL | 15:117db924cf7c | 174 | #ifndef CHAR_BIT |
wolfSSL | 15:117db924cf7c | 175 | /* Needed for DTLS without big math */ |
wolfSSL | 15:117db924cf7c | 176 | #include <limits.h> |
wolfSSL | 15:117db924cf7c | 177 | #endif |
wolfSSL | 15:117db924cf7c | 178 | |
wolfSSL | 15:117db924cf7c | 179 | |
wolfSSL | 15:117db924cf7c | 180 | #ifdef HAVE_LIBZ |
wolfSSL | 15:117db924cf7c | 181 | #include "zlib.h" |
wolfSSL | 15:117db924cf7c | 182 | #endif |
wolfSSL | 15:117db924cf7c | 183 | |
wolfSSL | 15:117db924cf7c | 184 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 15:117db924cf7c | 185 | #include <wolfssl/wolfcrypt/async.h> |
wolfSSL | 15:117db924cf7c | 186 | #endif |
wolfSSL | 15:117db924cf7c | 187 | |
wolfSSL | 15:117db924cf7c | 188 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 189 | #ifdef WOLFCRYPT_HAVE_SRP |
wolfSSL | 15:117db924cf7c | 190 | #include <wolfssl/wolfcrypt/srp.h> |
wolfSSL | 15:117db924cf7c | 191 | #endif |
wolfSSL | 15:117db924cf7c | 192 | #endif |
wolfSSL | 15:117db924cf7c | 193 | |
wolfSSL | 15:117db924cf7c | 194 | #ifdef _MSC_VER |
wolfSSL | 15:117db924cf7c | 195 | /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ |
wolfSSL | 15:117db924cf7c | 196 | #pragma warning(disable: 4996) |
wolfSSL | 15:117db924cf7c | 197 | #endif |
wolfSSL | 15:117db924cf7c | 198 | |
wolfSSL | 15:117db924cf7c | 199 | #ifdef NO_SHA |
wolfSSL | 15:117db924cf7c | 200 | #define WC_SHA_DIGEST_SIZE 20 |
wolfSSL | 15:117db924cf7c | 201 | #endif |
wolfSSL | 15:117db924cf7c | 202 | |
wolfSSL | 15:117db924cf7c | 203 | #ifdef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 204 | #define WC_SHA256_DIGEST_SIZE 32 |
wolfSSL | 15:117db924cf7c | 205 | #endif |
wolfSSL | 15:117db924cf7c | 206 | |
wolfSSL | 15:117db924cf7c | 207 | #ifdef NO_MD5 |
wolfSSL | 15:117db924cf7c | 208 | #define WC_MD5_DIGEST_SIZE 16 |
wolfSSL | 15:117db924cf7c | 209 | #endif |
wolfSSL | 15:117db924cf7c | 210 | |
wolfSSL | 15:117db924cf7c | 211 | |
wolfSSL | 15:117db924cf7c | 212 | #ifdef __cplusplus |
wolfSSL | 15:117db924cf7c | 213 | extern "C" { |
wolfSSL | 15:117db924cf7c | 214 | #endif |
wolfSSL | 15:117db924cf7c | 215 | |
wolfSSL | 15:117db924cf7c | 216 | /* Define or comment out the cipher suites you'd like to be compiled in |
wolfSSL | 15:117db924cf7c | 217 | make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined |
wolfSSL | 15:117db924cf7c | 218 | |
wolfSSL | 15:117db924cf7c | 219 | When adding cipher suites, add name to cipher_names, idx to cipher_name_idx |
wolfSSL | 15:117db924cf7c | 220 | |
wolfSSL | 15:117db924cf7c | 221 | Now that there is a maximum strength crypto build, the following BUILD_XXX |
wolfSSL | 15:117db924cf7c | 222 | flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH. |
wolfSSL | 15:117db924cf7c | 223 | Those that do not use Perfect Forward Security and do not use AEAD ciphers |
wolfSSL | 15:117db924cf7c | 224 | need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or |
wolfSSL | 15:117db924cf7c | 225 | CHACHA-POLY. |
wolfSSL | 15:117db924cf7c | 226 | */ |
wolfSSL | 15:117db924cf7c | 227 | |
wolfSSL | 15:117db924cf7c | 228 | /* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are |
wolfSSL | 15:117db924cf7c | 229 | * not turned off. */ |
wolfSSL | 15:117db924cf7c | 230 | #if defined(WOLFSSL_MAX_STRENGTH) && \ |
wolfSSL | 15:117db924cf7c | 231 | ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \ |
wolfSSL | 15:117db924cf7c | 232 | (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \ |
wolfSSL | 15:117db924cf7c | 233 | (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \ |
wolfSSL | 15:117db924cf7c | 234 | (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \ |
wolfSSL | 15:117db924cf7c | 235 | !defined(NO_OLD_TLS)) |
wolfSSL | 15:117db924cf7c | 236 | |
wolfSSL | 15:117db924cf7c | 237 | #error "You are trying to build max strength with requirements disabled." |
wolfSSL | 15:117db924cf7c | 238 | #endif |
wolfSSL | 15:117db924cf7c | 239 | |
wolfSSL | 15:117db924cf7c | 240 | /* Have QSH : Quantum-safe Handshake */ |
wolfSSL | 15:117db924cf7c | 241 | #if defined(HAVE_QSH) |
wolfSSL | 15:117db924cf7c | 242 | #define BUILD_TLS_QSH |
wolfSSL | 15:117db924cf7c | 243 | #endif |
wolfSSL | 15:117db924cf7c | 244 | |
wolfSSL | 15:117db924cf7c | 245 | #ifndef WOLFSSL_MAX_STRENGTH |
wolfSSL | 15:117db924cf7c | 246 | |
wolfSSL | 15:117db924cf7c | 247 | #if !defined(NO_RSA) && !defined(NO_RC4) |
wolfSSL | 15:117db924cf7c | 248 | #if defined(WOLFSSL_STATIC_RSA) |
wolfSSL | 15:117db924cf7c | 249 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 250 | #define BUILD_SSL_RSA_WITH_RC4_128_SHA |
wolfSSL | 15:117db924cf7c | 251 | #endif |
wolfSSL | 15:117db924cf7c | 252 | #if !defined(NO_MD5) |
wolfSSL | 15:117db924cf7c | 253 | #define BUILD_SSL_RSA_WITH_RC4_128_MD5 |
wolfSSL | 15:117db924cf7c | 254 | #endif |
wolfSSL | 15:117db924cf7c | 255 | #endif |
wolfSSL | 15:117db924cf7c | 256 | #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \ |
wolfSSL | 15:117db924cf7c | 257 | && defined(WOLFSSL_STATIC_RSA) |
wolfSSL | 15:117db924cf7c | 258 | #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA |
wolfSSL | 15:117db924cf7c | 259 | #endif |
wolfSSL | 15:117db924cf7c | 260 | #endif |
wolfSSL | 15:117db924cf7c | 261 | |
wolfSSL | 15:117db924cf7c | 262 | #if !defined(NO_RSA) && !defined(NO_DES3) |
wolfSSL | 15:117db924cf7c | 263 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 264 | #if defined(WOLFSSL_STATIC_RSA) |
wolfSSL | 15:117db924cf7c | 265 | #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA |
wolfSSL | 15:117db924cf7c | 266 | #endif |
wolfSSL | 15:117db924cf7c | 267 | #if !defined(NO_TLS) && defined(HAVE_NTRU) \ |
wolfSSL | 15:117db924cf7c | 268 | && defined(WOLFSSL_STATIC_RSA) |
wolfSSL | 15:117db924cf7c | 269 | #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA |
wolfSSL | 15:117db924cf7c | 270 | #endif |
wolfSSL | 15:117db924cf7c | 271 | #endif |
wolfSSL | 15:117db924cf7c | 272 | #endif |
wolfSSL | 15:117db924cf7c | 273 | |
wolfSSL | 15:117db924cf7c | 274 | #if !defined(NO_RSA) && defined(HAVE_IDEA) |
wolfSSL | 15:117db924cf7c | 275 | #if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA) |
wolfSSL | 15:117db924cf7c | 276 | #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA |
wolfSSL | 15:117db924cf7c | 277 | #endif |
wolfSSL | 15:117db924cf7c | 278 | #endif |
wolfSSL | 15:117db924cf7c | 279 | |
wolfSSL | 15:117db924cf7c | 280 | #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) |
wolfSSL | 15:117db924cf7c | 281 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 282 | #if defined(WOLFSSL_STATIC_RSA) |
wolfSSL | 15:117db924cf7c | 283 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 284 | #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA |
wolfSSL | 15:117db924cf7c | 285 | #endif |
wolfSSL | 15:117db924cf7c | 286 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 287 | #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA |
wolfSSL | 15:117db924cf7c | 288 | #endif |
wolfSSL | 15:117db924cf7c | 289 | #endif |
wolfSSL | 15:117db924cf7c | 290 | #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA) |
wolfSSL | 15:117db924cf7c | 291 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 292 | #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA |
wolfSSL | 15:117db924cf7c | 293 | #endif |
wolfSSL | 15:117db924cf7c | 294 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 295 | #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA |
wolfSSL | 15:117db924cf7c | 296 | #endif |
wolfSSL | 15:117db924cf7c | 297 | #endif |
wolfSSL | 15:117db924cf7c | 298 | #endif |
wolfSSL | 15:117db924cf7c | 299 | #if defined(WOLFSSL_STATIC_RSA) |
wolfSSL | 15:117db924cf7c | 300 | #if !defined (NO_SHA256) |
wolfSSL | 15:117db924cf7c | 301 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 302 | #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 303 | #endif |
wolfSSL | 15:117db924cf7c | 304 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 305 | #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 306 | #endif |
wolfSSL | 15:117db924cf7c | 307 | #endif |
wolfSSL | 15:117db924cf7c | 308 | #if defined (HAVE_AESGCM) |
wolfSSL | 15:117db924cf7c | 309 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 310 | #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 |
wolfSSL | 15:117db924cf7c | 311 | #endif |
wolfSSL | 15:117db924cf7c | 312 | #if defined (WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) |
wolfSSL | 15:117db924cf7c | 313 | #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 |
wolfSSL | 15:117db924cf7c | 314 | #endif |
wolfSSL | 15:117db924cf7c | 315 | #endif |
wolfSSL | 15:117db924cf7c | 316 | #if defined (HAVE_AESCCM) |
wolfSSL | 15:117db924cf7c | 317 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 318 | #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 |
wolfSSL | 15:117db924cf7c | 319 | #endif |
wolfSSL | 15:117db924cf7c | 320 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 321 | #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 |
wolfSSL | 15:117db924cf7c | 322 | #endif |
wolfSSL | 15:117db924cf7c | 323 | #endif |
wolfSSL | 15:117db924cf7c | 324 | #if defined(HAVE_BLAKE2) |
wolfSSL | 15:117db924cf7c | 325 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 326 | #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 |
wolfSSL | 15:117db924cf7c | 327 | #endif |
wolfSSL | 15:117db924cf7c | 328 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 329 | #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 |
wolfSSL | 15:117db924cf7c | 330 | #endif |
wolfSSL | 15:117db924cf7c | 331 | #endif |
wolfSSL | 15:117db924cf7c | 332 | #endif |
wolfSSL | 15:117db924cf7c | 333 | #endif |
wolfSSL | 15:117db924cf7c | 334 | |
wolfSSL | 15:117db924cf7c | 335 | #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) |
wolfSSL | 15:117db924cf7c | 336 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 337 | #if defined(WOLFSSL_STATIC_RSA) |
wolfSSL | 15:117db924cf7c | 338 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 339 | #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
wolfSSL | 15:117db924cf7c | 340 | #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
wolfSSL | 15:117db924cf7c | 341 | #endif |
wolfSSL | 15:117db924cf7c | 342 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 343 | #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 344 | #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 345 | #endif |
wolfSSL | 15:117db924cf7c | 346 | #endif |
wolfSSL | 15:117db924cf7c | 347 | #if !defined(NO_DH) |
wolfSSL | 15:117db924cf7c | 348 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 349 | #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
wolfSSL | 15:117db924cf7c | 350 | #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
wolfSSL | 15:117db924cf7c | 351 | #endif |
wolfSSL | 15:117db924cf7c | 352 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 353 | #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 354 | #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 355 | #endif |
wolfSSL | 15:117db924cf7c | 356 | #endif |
wolfSSL | 15:117db924cf7c | 357 | #endif |
wolfSSL | 15:117db924cf7c | 358 | #endif |
wolfSSL | 15:117db924cf7c | 359 | |
wolfSSL | 15:117db924cf7c | 360 | #if defined(WOLFSSL_STATIC_PSK) |
wolfSSL | 15:117db924cf7c | 361 | #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) |
wolfSSL | 15:117db924cf7c | 362 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 363 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 364 | #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA |
wolfSSL | 15:117db924cf7c | 365 | #endif |
wolfSSL | 15:117db924cf7c | 366 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 367 | #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA |
wolfSSL | 15:117db924cf7c | 368 | #endif |
wolfSSL | 15:117db924cf7c | 369 | #endif |
wolfSSL | 15:117db924cf7c | 370 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 371 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 372 | #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 373 | #ifdef HAVE_AESGCM |
wolfSSL | 15:117db924cf7c | 374 | #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 |
wolfSSL | 15:117db924cf7c | 375 | #endif |
wolfSSL | 15:117db924cf7c | 376 | #endif /* WOLFSSL_AES_128 */ |
wolfSSL | 15:117db924cf7c | 377 | #ifdef HAVE_AESCCM |
wolfSSL | 15:117db924cf7c | 378 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 379 | #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 |
wolfSSL | 15:117db924cf7c | 380 | #define BUILD_TLS_PSK_WITH_AES_128_CCM |
wolfSSL | 15:117db924cf7c | 381 | #endif |
wolfSSL | 15:117db924cf7c | 382 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 383 | #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 |
wolfSSL | 15:117db924cf7c | 384 | #define BUILD_TLS_PSK_WITH_AES_256_CCM |
wolfSSL | 15:117db924cf7c | 385 | #endif |
wolfSSL | 15:117db924cf7c | 386 | #endif |
wolfSSL | 15:117db924cf7c | 387 | #endif |
wolfSSL | 15:117db924cf7c | 388 | #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) |
wolfSSL | 15:117db924cf7c | 389 | #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 |
wolfSSL | 15:117db924cf7c | 390 | #ifdef HAVE_AESGCM |
wolfSSL | 15:117db924cf7c | 391 | #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 |
wolfSSL | 15:117db924cf7c | 392 | #endif |
wolfSSL | 15:117db924cf7c | 393 | #endif |
wolfSSL | 15:117db924cf7c | 394 | #endif |
wolfSSL | 15:117db924cf7c | 395 | #endif |
wolfSSL | 15:117db924cf7c | 396 | |
wolfSSL | 15:117db924cf7c | 397 | #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) |
wolfSSL | 15:117db924cf7c | 398 | #if !defined(NO_RSA) |
wolfSSL | 15:117db924cf7c | 399 | #if defined(WOLFSSL_STATIC_RSA) |
wolfSSL | 15:117db924cf7c | 400 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 401 | #define BUILD_TLS_RSA_WITH_NULL_SHA |
wolfSSL | 15:117db924cf7c | 402 | #endif |
wolfSSL | 15:117db924cf7c | 403 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 404 | #define BUILD_TLS_RSA_WITH_NULL_SHA256 |
wolfSSL | 15:117db924cf7c | 405 | #endif |
wolfSSL | 15:117db924cf7c | 406 | #endif |
wolfSSL | 15:117db924cf7c | 407 | #endif |
wolfSSL | 15:117db924cf7c | 408 | #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK) |
wolfSSL | 15:117db924cf7c | 409 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 410 | #define BUILD_TLS_PSK_WITH_NULL_SHA |
wolfSSL | 15:117db924cf7c | 411 | #endif |
wolfSSL | 15:117db924cf7c | 412 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 413 | #define BUILD_TLS_PSK_WITH_NULL_SHA256 |
wolfSSL | 15:117db924cf7c | 414 | #endif |
wolfSSL | 15:117db924cf7c | 415 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 416 | #define BUILD_TLS_PSK_WITH_NULL_SHA384 |
wolfSSL | 15:117db924cf7c | 417 | #endif |
wolfSSL | 15:117db924cf7c | 418 | #endif |
wolfSSL | 15:117db924cf7c | 419 | #endif |
wolfSSL | 15:117db924cf7c | 420 | |
wolfSSL | 15:117db924cf7c | 421 | #if defined(WOLFSSL_STATIC_RSA) |
wolfSSL | 15:117db924cf7c | 422 | #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) |
wolfSSL | 15:117db924cf7c | 423 | #ifndef NO_MD5 |
wolfSSL | 15:117db924cf7c | 424 | #define BUILD_TLS_RSA_WITH_HC_128_MD5 |
wolfSSL | 15:117db924cf7c | 425 | #endif |
wolfSSL | 15:117db924cf7c | 426 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 427 | #define BUILD_TLS_RSA_WITH_HC_128_SHA |
wolfSSL | 15:117db924cf7c | 428 | #endif |
wolfSSL | 15:117db924cf7c | 429 | #if defined(HAVE_BLAKE2) |
wolfSSL | 15:117db924cf7c | 430 | #define BUILD_TLS_RSA_WITH_HC_128_B2B256 |
wolfSSL | 15:117db924cf7c | 431 | #endif |
wolfSSL | 15:117db924cf7c | 432 | #endif |
wolfSSL | 15:117db924cf7c | 433 | |
wolfSSL | 15:117db924cf7c | 434 | #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) |
wolfSSL | 15:117db924cf7c | 435 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 436 | #define BUILD_TLS_RSA_WITH_RABBIT_SHA |
wolfSSL | 15:117db924cf7c | 437 | #endif |
wolfSSL | 15:117db924cf7c | 438 | #endif |
wolfSSL | 15:117db924cf7c | 439 | #endif |
wolfSSL | 15:117db924cf7c | 440 | |
wolfSSL | 15:117db924cf7c | 441 | #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ |
wolfSSL | 15:117db924cf7c | 442 | !defined(NO_RSA) |
wolfSSL | 15:117db924cf7c | 443 | |
wolfSSL | 15:117db924cf7c | 444 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 445 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 446 | #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
wolfSSL | 15:117db924cf7c | 447 | #endif |
wolfSSL | 15:117db924cf7c | 448 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 449 | #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
wolfSSL | 15:117db924cf7c | 450 | #endif |
wolfSSL | 15:117db924cf7c | 451 | #if !defined(NO_DES3) |
wolfSSL | 15:117db924cf7c | 452 | #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
wolfSSL | 15:117db924cf7c | 453 | #endif |
wolfSSL | 15:117db924cf7c | 454 | #endif |
wolfSSL | 15:117db924cf7c | 455 | #if !defined(NO_SHA256) && defined(HAVE_AES_CBC) |
wolfSSL | 15:117db924cf7c | 456 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 457 | #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 458 | #endif |
wolfSSL | 15:117db924cf7c | 459 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 460 | #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 461 | #endif |
wolfSSL | 15:117db924cf7c | 462 | #endif |
wolfSSL | 15:117db924cf7c | 463 | #endif |
wolfSSL | 15:117db924cf7c | 464 | |
wolfSSL | 15:117db924cf7c | 465 | #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \ |
wolfSSL | 15:117db924cf7c | 466 | !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) |
wolfSSL | 15:117db924cf7c | 467 | #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA |
wolfSSL | 15:117db924cf7c | 468 | |
wolfSSL | 15:117db924cf7c | 469 | #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) |
wolfSSL | 15:117db924cf7c | 470 | #define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 |
wolfSSL | 15:117db924cf7c | 471 | #endif |
wolfSSL | 15:117db924cf7c | 472 | #endif |
wolfSSL | 15:117db924cf7c | 473 | |
wolfSSL | 15:117db924cf7c | 474 | #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) |
wolfSSL | 15:117db924cf7c | 475 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 476 | #if !defined(NO_AES) && defined(WOLFSSL_AES_128) |
wolfSSL | 15:117db924cf7c | 477 | #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 478 | #endif |
wolfSSL | 15:117db924cf7c | 479 | #ifdef HAVE_NULL_CIPHER |
wolfSSL | 15:117db924cf7c | 480 | #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 |
wolfSSL | 15:117db924cf7c | 481 | #endif |
wolfSSL | 15:117db924cf7c | 482 | #endif |
wolfSSL | 15:117db924cf7c | 483 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 484 | #if !defined(NO_AES) && defined(WOLFSSL_AES_256) |
wolfSSL | 15:117db924cf7c | 485 | #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 |
wolfSSL | 15:117db924cf7c | 486 | #endif |
wolfSSL | 15:117db924cf7c | 487 | #ifdef HAVE_NULL_CIPHER |
wolfSSL | 15:117db924cf7c | 488 | #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 |
wolfSSL | 15:117db924cf7c | 489 | #endif |
wolfSSL | 15:117db924cf7c | 490 | #endif |
wolfSSL | 15:117db924cf7c | 491 | #endif |
wolfSSL | 15:117db924cf7c | 492 | |
wolfSSL | 15:117db924cf7c | 493 | #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) |
wolfSSL | 15:117db924cf7c | 494 | #if !defined(NO_AES) |
wolfSSL | 15:117db924cf7c | 495 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 496 | #if !defined(NO_RSA) |
wolfSSL | 15:117db924cf7c | 497 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 498 | #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
wolfSSL | 15:117db924cf7c | 499 | #endif |
wolfSSL | 15:117db924cf7c | 500 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 501 | #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
wolfSSL | 15:117db924cf7c | 502 | #endif |
wolfSSL | 15:117db924cf7c | 503 | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 504 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 505 | #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
wolfSSL | 15:117db924cf7c | 506 | #endif |
wolfSSL | 15:117db924cf7c | 507 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 508 | #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
wolfSSL | 15:117db924cf7c | 509 | #endif |
wolfSSL | 15:117db924cf7c | 510 | #endif |
wolfSSL | 15:117db924cf7c | 511 | #endif |
wolfSSL | 15:117db924cf7c | 512 | |
wolfSSL | 15:117db924cf7c | 513 | #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ |
wolfSSL | 15:117db924cf7c | 514 | defined(HAVE_ED25519)) |
wolfSSL | 15:117db924cf7c | 515 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 516 | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
wolfSSL | 15:117db924cf7c | 517 | #endif |
wolfSSL | 15:117db924cf7c | 518 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 519 | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
wolfSSL | 15:117db924cf7c | 520 | #endif |
wolfSSL | 15:117db924cf7c | 521 | #endif |
wolfSSL | 15:117db924cf7c | 522 | |
wolfSSL | 15:117db924cf7c | 523 | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 524 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 525 | #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
wolfSSL | 15:117db924cf7c | 526 | #endif |
wolfSSL | 15:117db924cf7c | 527 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 528 | #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
wolfSSL | 15:117db924cf7c | 529 | #endif |
wolfSSL | 15:117db924cf7c | 530 | #endif |
wolfSSL | 15:117db924cf7c | 531 | #endif /* NO_SHA */ |
wolfSSL | 15:117db924cf7c | 532 | #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) |
wolfSSL | 15:117db924cf7c | 533 | #if !defined(NO_RSA) |
wolfSSL | 15:117db924cf7c | 534 | #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 535 | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 536 | #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 537 | #endif |
wolfSSL | 15:117db924cf7c | 538 | #endif |
wolfSSL | 15:117db924cf7c | 539 | #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ |
wolfSSL | 15:117db924cf7c | 540 | defined(HAVE_ED25519)) |
wolfSSL | 15:117db924cf7c | 541 | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 542 | #endif |
wolfSSL | 15:117db924cf7c | 543 | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 544 | #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 545 | #endif |
wolfSSL | 15:117db924cf7c | 546 | #endif |
wolfSSL | 15:117db924cf7c | 547 | |
wolfSSL | 15:117db924cf7c | 548 | #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) |
wolfSSL | 15:117db924cf7c | 549 | #if !defined(NO_RSA) |
wolfSSL | 15:117db924cf7c | 550 | #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
wolfSSL | 15:117db924cf7c | 551 | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 552 | #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
wolfSSL | 15:117db924cf7c | 553 | #endif |
wolfSSL | 15:117db924cf7c | 554 | #endif |
wolfSSL | 15:117db924cf7c | 555 | #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ |
wolfSSL | 15:117db924cf7c | 556 | defined(HAVE_ED25519)) |
wolfSSL | 15:117db924cf7c | 557 | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
wolfSSL | 15:117db924cf7c | 558 | #endif |
wolfSSL | 15:117db924cf7c | 559 | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 560 | #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
wolfSSL | 15:117db924cf7c | 561 | #endif |
wolfSSL | 15:117db924cf7c | 562 | #endif |
wolfSSL | 15:117db924cf7c | 563 | |
wolfSSL | 15:117db924cf7c | 564 | #if defined (HAVE_AESGCM) |
wolfSSL | 15:117db924cf7c | 565 | #if !defined(NO_RSA) |
wolfSSL | 15:117db924cf7c | 566 | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 567 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 568 | #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
wolfSSL | 15:117db924cf7c | 569 | #endif |
wolfSSL | 15:117db924cf7c | 570 | #endif |
wolfSSL | 15:117db924cf7c | 571 | #if defined(WOLFSSL_SHA384) |
wolfSSL | 15:117db924cf7c | 572 | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 573 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 574 | #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
wolfSSL | 15:117db924cf7c | 575 | #endif |
wolfSSL | 15:117db924cf7c | 576 | #endif |
wolfSSL | 15:117db924cf7c | 577 | #endif |
wolfSSL | 15:117db924cf7c | 578 | #endif |
wolfSSL | 15:117db924cf7c | 579 | |
wolfSSL | 15:117db924cf7c | 580 | #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) && \ |
wolfSSL | 15:117db924cf7c | 581 | defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 582 | #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
wolfSSL | 15:117db924cf7c | 583 | #endif |
wolfSSL | 15:117db924cf7c | 584 | |
wolfSSL | 15:117db924cf7c | 585 | #if defined(WOLFSSL_SHA384) |
wolfSSL | 15:117db924cf7c | 586 | #if defined(WOLFSSL_STATIC_DH) && \ |
wolfSSL | 15:117db924cf7c | 587 | defined(WOLFSSL_AES_256) && defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 588 | #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
wolfSSL | 15:117db924cf7c | 589 | #endif |
wolfSSL | 15:117db924cf7c | 590 | #endif |
wolfSSL | 15:117db924cf7c | 591 | #endif |
wolfSSL | 15:117db924cf7c | 592 | #endif /* NO_AES */ |
wolfSSL | 15:117db924cf7c | 593 | #if !defined(NO_RC4) |
wolfSSL | 15:117db924cf7c | 594 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 595 | #if !defined(NO_RSA) |
wolfSSL | 15:117db924cf7c | 596 | #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA |
wolfSSL | 15:117db924cf7c | 597 | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 598 | #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA |
wolfSSL | 15:117db924cf7c | 599 | #endif |
wolfSSL | 15:117db924cf7c | 600 | #endif |
wolfSSL | 15:117db924cf7c | 601 | |
wolfSSL | 15:117db924cf7c | 602 | #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ |
wolfSSL | 15:117db924cf7c | 603 | defined(HAVE_ED25519)) |
wolfSSL | 15:117db924cf7c | 604 | #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
wolfSSL | 15:117db924cf7c | 605 | #endif |
wolfSSL | 15:117db924cf7c | 606 | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 607 | #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
wolfSSL | 15:117db924cf7c | 608 | #endif |
wolfSSL | 15:117db924cf7c | 609 | #endif |
wolfSSL | 15:117db924cf7c | 610 | #endif |
wolfSSL | 15:117db924cf7c | 611 | #if !defined(NO_DES3) |
wolfSSL | 15:117db924cf7c | 612 | #ifndef NO_SHA |
wolfSSL | 15:117db924cf7c | 613 | #if !defined(NO_RSA) |
wolfSSL | 15:117db924cf7c | 614 | #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
wolfSSL | 15:117db924cf7c | 615 | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 616 | #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
wolfSSL | 15:117db924cf7c | 617 | #endif |
wolfSSL | 15:117db924cf7c | 618 | #endif |
wolfSSL | 15:117db924cf7c | 619 | |
wolfSSL | 15:117db924cf7c | 620 | #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ |
wolfSSL | 15:117db924cf7c | 621 | defined(HAVE_ED25519)) |
wolfSSL | 15:117db924cf7c | 622 | #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
wolfSSL | 15:117db924cf7c | 623 | #endif |
wolfSSL | 15:117db924cf7c | 624 | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 625 | #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
wolfSSL | 15:117db924cf7c | 626 | #endif |
wolfSSL | 15:117db924cf7c | 627 | #endif /* NO_SHA */ |
wolfSSL | 15:117db924cf7c | 628 | #endif |
wolfSSL | 15:117db924cf7c | 629 | #if defined(HAVE_NULL_CIPHER) |
wolfSSL | 15:117db924cf7c | 630 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 631 | #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ |
wolfSSL | 15:117db924cf7c | 632 | defined(HAVE_ED25519)) |
wolfSSL | 15:117db924cf7c | 633 | #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA |
wolfSSL | 15:117db924cf7c | 634 | #endif |
wolfSSL | 15:117db924cf7c | 635 | #endif |
wolfSSL | 15:117db924cf7c | 636 | #if !defined(NO_PSK) && !defined(NO_SHA256) |
wolfSSL | 15:117db924cf7c | 637 | #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 |
wolfSSL | 15:117db924cf7c | 638 | #endif |
wolfSSL | 15:117db924cf7c | 639 | #endif |
wolfSSL | 15:117db924cf7c | 640 | #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \ |
wolfSSL | 15:117db924cf7c | 641 | defined(WOLFSSL_AES_128) |
wolfSSL | 15:117db924cf7c | 642 | #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 |
wolfSSL | 15:117db924cf7c | 643 | #endif |
wolfSSL | 15:117db924cf7c | 644 | #endif |
wolfSSL | 15:117db924cf7c | 645 | #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) |
wolfSSL | 15:117db924cf7c | 646 | #if !defined(NO_OLD_POLY1305) |
wolfSSL | 15:117db924cf7c | 647 | #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ |
wolfSSL | 15:117db924cf7c | 648 | defined(HAVE_ED25519)) |
wolfSSL | 15:117db924cf7c | 649 | #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 |
wolfSSL | 15:117db924cf7c | 650 | #endif |
wolfSSL | 15:117db924cf7c | 651 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 652 | #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 |
wolfSSL | 15:117db924cf7c | 653 | #endif |
wolfSSL | 15:117db924cf7c | 654 | #if !defined(NO_DH) && !defined(NO_RSA) |
wolfSSL | 15:117db924cf7c | 655 | #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 |
wolfSSL | 15:117db924cf7c | 656 | #endif |
wolfSSL | 15:117db924cf7c | 657 | #endif /* NO_OLD_POLY1305 */ |
wolfSSL | 15:117db924cf7c | 658 | #if !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 659 | #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 |
wolfSSL | 15:117db924cf7c | 660 | #if defined(HAVE_ECC) || defined(HAVE_ED25519) |
wolfSSL | 15:117db924cf7c | 661 | #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |
wolfSSL | 15:117db924cf7c | 662 | #endif |
wolfSSL | 15:117db924cf7c | 663 | #ifndef NO_DH |
wolfSSL | 15:117db924cf7c | 664 | #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |
wolfSSL | 15:117db924cf7c | 665 | #endif |
wolfSSL | 15:117db924cf7c | 666 | #endif /* !NO_PSK */ |
wolfSSL | 15:117db924cf7c | 667 | #endif |
wolfSSL | 15:117db924cf7c | 668 | |
wolfSSL | 15:117db924cf7c | 669 | #endif /* !WOLFSSL_MAX_STRENGTH */ |
wolfSSL | 15:117db924cf7c | 670 | |
wolfSSL | 15:117db924cf7c | 671 | #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ |
wolfSSL | 15:117db924cf7c | 672 | !defined(NO_RSA) && defined(HAVE_AESGCM) |
wolfSSL | 15:117db924cf7c | 673 | |
wolfSSL | 15:117db924cf7c | 674 | #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) |
wolfSSL | 15:117db924cf7c | 675 | #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
wolfSSL | 15:117db924cf7c | 676 | #endif |
wolfSSL | 15:117db924cf7c | 677 | |
wolfSSL | 15:117db924cf7c | 678 | #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) |
wolfSSL | 15:117db924cf7c | 679 | #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
wolfSSL | 15:117db924cf7c | 680 | #endif |
wolfSSL | 15:117db924cf7c | 681 | #endif |
wolfSSL | 15:117db924cf7c | 682 | |
wolfSSL | 15:117db924cf7c | 683 | #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) |
wolfSSL | 15:117db924cf7c | 684 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 685 | #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) |
wolfSSL | 15:117db924cf7c | 686 | #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 |
wolfSSL | 15:117db924cf7c | 687 | #endif |
wolfSSL | 15:117db924cf7c | 688 | #ifdef HAVE_AESCCM |
wolfSSL | 15:117db924cf7c | 689 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 690 | #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM |
wolfSSL | 15:117db924cf7c | 691 | #endif |
wolfSSL | 15:117db924cf7c | 692 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 693 | #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM |
wolfSSL | 15:117db924cf7c | 694 | #endif |
wolfSSL | 15:117db924cf7c | 695 | #endif |
wolfSSL | 15:117db924cf7c | 696 | #endif |
wolfSSL | 15:117db924cf7c | 697 | #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \ |
wolfSSL | 15:117db924cf7c | 698 | defined(WOLFSSL_AES_256) |
wolfSSL | 15:117db924cf7c | 699 | #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 |
wolfSSL | 15:117db924cf7c | 700 | #endif |
wolfSSL | 15:117db924cf7c | 701 | #endif |
wolfSSL | 15:117db924cf7c | 702 | |
wolfSSL | 15:117db924cf7c | 703 | #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) && \ |
wolfSSL | 15:117db924cf7c | 704 | !defined(NO_AES) |
wolfSSL | 15:117db924cf7c | 705 | #ifdef HAVE_AESGCM |
wolfSSL | 15:117db924cf7c | 706 | #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) |
wolfSSL | 15:117db924cf7c | 707 | #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ |
wolfSSL | 15:117db924cf7c | 708 | defined(HAVE_ED25519)) |
wolfSSL | 15:117db924cf7c | 709 | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
wolfSSL | 15:117db924cf7c | 710 | #endif |
wolfSSL | 15:117db924cf7c | 711 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 712 | #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
wolfSSL | 15:117db924cf7c | 713 | #endif |
wolfSSL | 15:117db924cf7c | 714 | #endif |
wolfSSL | 15:117db924cf7c | 715 | #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) |
wolfSSL | 15:117db924cf7c | 716 | #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ |
wolfSSL | 15:117db924cf7c | 717 | defined(HAVE_ED25519)) |
wolfSSL | 15:117db924cf7c | 718 | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
wolfSSL | 15:117db924cf7c | 719 | #endif |
wolfSSL | 15:117db924cf7c | 720 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 721 | #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
wolfSSL | 15:117db924cf7c | 722 | #endif |
wolfSSL | 15:117db924cf7c | 723 | #endif |
wolfSSL | 15:117db924cf7c | 724 | #endif |
wolfSSL | 15:117db924cf7c | 725 | #if defined(HAVE_AESCCM) && !defined(NO_SHA256) |
wolfSSL | 15:117db924cf7c | 726 | #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ |
wolfSSL | 15:117db924cf7c | 727 | defined(HAVE_ED25519)) |
wolfSSL | 15:117db924cf7c | 728 | #ifdef WOLFSSL_AES_128 |
wolfSSL | 15:117db924cf7c | 729 | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM |
wolfSSL | 15:117db924cf7c | 730 | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 |
wolfSSL | 15:117db924cf7c | 731 | #endif |
wolfSSL | 15:117db924cf7c | 732 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 733 | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 |
wolfSSL | 15:117db924cf7c | 734 | #endif |
wolfSSL | 15:117db924cf7c | 735 | #endif |
wolfSSL | 15:117db924cf7c | 736 | #endif |
wolfSSL | 15:117db924cf7c | 737 | #endif |
wolfSSL | 15:117db924cf7c | 738 | |
wolfSSL | 15:117db924cf7c | 739 | #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) |
wolfSSL | 15:117db924cf7c | 740 | #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) |
wolfSSL | 15:117db924cf7c | 741 | #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ |
wolfSSL | 15:117db924cf7c | 742 | defined(HAVE_ED25519)) |
wolfSSL | 15:117db924cf7c | 743 | #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
wolfSSL | 15:117db924cf7c | 744 | #endif |
wolfSSL | 15:117db924cf7c | 745 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 746 | #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
wolfSSL | 15:117db924cf7c | 747 | #endif |
wolfSSL | 15:117db924cf7c | 748 | #endif |
wolfSSL | 15:117db924cf7c | 749 | #if !defined(NO_DH) && !defined(NO_RSA) |
wolfSSL | 15:117db924cf7c | 750 | #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
wolfSSL | 15:117db924cf7c | 751 | #endif |
wolfSSL | 15:117db924cf7c | 752 | #endif |
wolfSSL | 15:117db924cf7c | 753 | |
wolfSSL | 15:117db924cf7c | 754 | #if defined(WOLFSSL_TLS13) |
wolfSSL | 15:117db924cf7c | 755 | #ifdef HAVE_AESGCM |
wolfSSL | 15:117db924cf7c | 756 | #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) |
wolfSSL | 15:117db924cf7c | 757 | #define BUILD_TLS_AES_128_GCM_SHA256 |
wolfSSL | 15:117db924cf7c | 758 | #endif |
wolfSSL | 15:117db924cf7c | 759 | #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) |
wolfSSL | 15:117db924cf7c | 760 | #define BUILD_TLS_AES_256_GCM_SHA384 |
wolfSSL | 15:117db924cf7c | 761 | #endif |
wolfSSL | 15:117db924cf7c | 762 | #endif |
wolfSSL | 15:117db924cf7c | 763 | |
wolfSSL | 15:117db924cf7c | 764 | #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) |
wolfSSL | 15:117db924cf7c | 765 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 766 | #define BUILD_TLS_CHACHA20_POLY1305_SHA256 |
wolfSSL | 15:117db924cf7c | 767 | #endif |
wolfSSL | 15:117db924cf7c | 768 | #endif |
wolfSSL | 15:117db924cf7c | 769 | |
wolfSSL | 15:117db924cf7c | 770 | #ifdef HAVE_AESCCM |
wolfSSL | 15:117db924cf7c | 771 | #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) |
wolfSSL | 15:117db924cf7c | 772 | #define BUILD_TLS_AES_128_CCM_SHA256 |
wolfSSL | 15:117db924cf7c | 773 | #define BUILD_TLS_AES_128_CCM_8_SHA256 |
wolfSSL | 15:117db924cf7c | 774 | #endif |
wolfSSL | 15:117db924cf7c | 775 | #endif |
wolfSSL | 15:117db924cf7c | 776 | #endif |
wolfSSL | 15:117db924cf7c | 777 | |
wolfSSL | 15:117db924cf7c | 778 | #ifdef WOLFSSL_MULTICAST |
wolfSSL | 15:117db924cf7c | 779 | #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256) |
wolfSSL | 15:117db924cf7c | 780 | #define BUILD_WDM_WITH_NULL_SHA256 |
wolfSSL | 15:117db924cf7c | 781 | #endif |
wolfSSL | 15:117db924cf7c | 782 | #endif |
wolfSSL | 15:117db924cf7c | 783 | |
wolfSSL | 15:117db924cf7c | 784 | #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \ |
wolfSSL | 15:117db924cf7c | 785 | defined(BUILD_SSL_RSA_WITH_RC4_128_MD5) |
wolfSSL | 15:117db924cf7c | 786 | #define BUILD_ARC4 |
wolfSSL | 15:117db924cf7c | 787 | #endif |
wolfSSL | 15:117db924cf7c | 788 | |
wolfSSL | 15:117db924cf7c | 789 | #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA) |
wolfSSL | 15:117db924cf7c | 790 | #define BUILD_DES3 |
wolfSSL | 15:117db924cf7c | 791 | #endif |
wolfSSL | 15:117db924cf7c | 792 | |
wolfSSL | 15:117db924cf7c | 793 | #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ |
wolfSSL | 15:117db924cf7c | 794 | defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \ |
wolfSSL | 15:117db924cf7c | 795 | defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 796 | defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256) |
wolfSSL | 15:117db924cf7c | 797 | #undef BUILD_AES |
wolfSSL | 15:117db924cf7c | 798 | #define BUILD_AES |
wolfSSL | 15:117db924cf7c | 799 | #endif |
wolfSSL | 15:117db924cf7c | 800 | |
wolfSSL | 15:117db924cf7c | 801 | #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 802 | defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 803 | defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 804 | defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 805 | defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 806 | defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \ |
wolfSSL | 15:117db924cf7c | 807 | defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \ |
wolfSSL | 15:117db924cf7c | 808 | defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \ |
wolfSSL | 15:117db924cf7c | 809 | defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \ |
wolfSSL | 15:117db924cf7c | 810 | defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) |
wolfSSL | 15:117db924cf7c | 811 | #define BUILD_AESGCM |
wolfSSL | 15:117db924cf7c | 812 | #else |
wolfSSL | 15:117db924cf7c | 813 | /* No AES-GCM cipher suites available with build */ |
wolfSSL | 15:117db924cf7c | 814 | #define NO_AESGCM_AEAD |
wolfSSL | 15:117db924cf7c | 815 | #endif |
wolfSSL | 15:117db924cf7c | 816 | |
wolfSSL | 15:117db924cf7c | 817 | #if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 818 | defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 819 | defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 820 | defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 821 | defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 822 | defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 823 | defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 824 | defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 825 | defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ |
wolfSSL | 15:117db924cf7c | 826 | defined(BUILD_TLS_CHACHA20_POLY1305_SHA256) |
wolfSSL | 15:117db924cf7c | 827 | /* Have an available ChaCha Poly cipher suite */ |
wolfSSL | 15:117db924cf7c | 828 | #else |
wolfSSL | 15:117db924cf7c | 829 | /* No ChaCha Poly cipher suites available with build */ |
wolfSSL | 15:117db924cf7c | 830 | #define NO_CHAPOL_AEAD |
wolfSSL | 15:117db924cf7c | 831 | #endif |
wolfSSL | 15:117db924cf7c | 832 | |
wolfSSL | 15:117db924cf7c | 833 | #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ |
wolfSSL | 15:117db924cf7c | 834 | defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \ |
wolfSSL | 15:117db924cf7c | 835 | defined(BUILD_TLS_RSA_WITH_HC_128_B2B256) |
wolfSSL | 15:117db924cf7c | 836 | #define BUILD_HC128 |
wolfSSL | 15:117db924cf7c | 837 | #endif |
wolfSSL | 15:117db924cf7c | 838 | |
wolfSSL | 15:117db924cf7c | 839 | #if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA) |
wolfSSL | 15:117db924cf7c | 840 | #define BUILD_RABBIT |
wolfSSL | 15:117db924cf7c | 841 | #endif |
wolfSSL | 15:117db924cf7c | 842 | |
wolfSSL | 15:117db924cf7c | 843 | #ifdef NO_DES3 |
wolfSSL | 15:117db924cf7c | 844 | #define DES_BLOCK_SIZE 8 |
wolfSSL | 15:117db924cf7c | 845 | #else |
wolfSSL | 15:117db924cf7c | 846 | #undef BUILD_DES3 |
wolfSSL | 15:117db924cf7c | 847 | #define BUILD_DES3 |
wolfSSL | 15:117db924cf7c | 848 | #endif |
wolfSSL | 15:117db924cf7c | 849 | |
wolfSSL | 15:117db924cf7c | 850 | #if defined(NO_AES) || defined(NO_AES_DECRYPT) |
wolfSSL | 15:117db924cf7c | 851 | #define AES_BLOCK_SIZE 16 |
wolfSSL | 15:117db924cf7c | 852 | #undef BUILD_AES |
wolfSSL | 15:117db924cf7c | 853 | #else |
wolfSSL | 15:117db924cf7c | 854 | #undef BUILD_AES |
wolfSSL | 15:117db924cf7c | 855 | #define BUILD_AES |
wolfSSL | 15:117db924cf7c | 856 | #endif |
wolfSSL | 15:117db924cf7c | 857 | |
wolfSSL | 15:117db924cf7c | 858 | #ifndef NO_RC4 |
wolfSSL | 15:117db924cf7c | 859 | #undef BUILD_ARC4 |
wolfSSL | 15:117db924cf7c | 860 | #define BUILD_ARC4 |
wolfSSL | 15:117db924cf7c | 861 | #endif |
wolfSSL | 15:117db924cf7c | 862 | |
wolfSSL | 15:117db924cf7c | 863 | #ifdef HAVE_CHACHA |
wolfSSL | 15:117db924cf7c | 864 | #define CHACHA20_BLOCK_SIZE 16 |
wolfSSL | 15:117db924cf7c | 865 | #endif |
wolfSSL | 15:117db924cf7c | 866 | |
wolfSSL | 15:117db924cf7c | 867 | #if defined(WOLFSSL_MAX_STRENGTH) || \ |
wolfSSL | 15:117db924cf7c | 868 | (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \ |
wolfSSL | 15:117db924cf7c | 869 | defined(HAVE_AESCCM) || \ |
wolfSSL | 15:117db924cf7c | 870 | (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD)) |
wolfSSL | 15:117db924cf7c | 871 | |
wolfSSL | 15:117db924cf7c | 872 | #define HAVE_AEAD |
wolfSSL | 15:117db924cf7c | 873 | #endif |
wolfSSL | 15:117db924cf7c | 874 | |
wolfSSL | 15:117db924cf7c | 875 | #if defined(WOLFSSL_MAX_STRENGTH) || \ |
wolfSSL | 15:117db924cf7c | 876 | defined(HAVE_ECC) || !defined(NO_DH) |
wolfSSL | 15:117db924cf7c | 877 | |
wolfSSL | 15:117db924cf7c | 878 | #define HAVE_PFS |
wolfSSL | 15:117db924cf7c | 879 | #endif |
wolfSSL | 15:117db924cf7c | 880 | |
wolfSSL | 15:117db924cf7c | 881 | #if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA) |
wolfSSL | 15:117db924cf7c | 882 | #define BUILD_IDEA |
wolfSSL | 15:117db924cf7c | 883 | #endif |
wolfSSL | 15:117db924cf7c | 884 | |
wolfSSL | 15:117db924cf7c | 885 | /* actual cipher values, 2nd byte */ |
wolfSSL | 15:117db924cf7c | 886 | enum { |
wolfSSL | 15:117db924cf7c | 887 | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16, |
wolfSSL | 15:117db924cf7c | 888 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, |
wolfSSL | 15:117db924cf7c | 889 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, |
wolfSSL | 15:117db924cf7c | 890 | TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34, |
wolfSSL | 15:117db924cf7c | 891 | TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, |
wolfSSL | 15:117db924cf7c | 892 | TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, |
wolfSSL | 15:117db924cf7c | 893 | TLS_RSA_WITH_NULL_SHA = 0x02, |
wolfSSL | 15:117db924cf7c | 894 | TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, |
wolfSSL | 15:117db924cf7c | 895 | TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, |
wolfSSL | 15:117db924cf7c | 896 | TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf, |
wolfSSL | 15:117db924cf7c | 897 | TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, |
wolfSSL | 15:117db924cf7c | 898 | TLS_PSK_WITH_NULL_SHA256 = 0xb0, |
wolfSSL | 15:117db924cf7c | 899 | TLS_PSK_WITH_NULL_SHA384 = 0xb1, |
wolfSSL | 15:117db924cf7c | 900 | TLS_PSK_WITH_NULL_SHA = 0x2c, |
wolfSSL | 15:117db924cf7c | 901 | SSL_RSA_WITH_RC4_128_SHA = 0x05, |
wolfSSL | 15:117db924cf7c | 902 | SSL_RSA_WITH_RC4_128_MD5 = 0x04, |
wolfSSL | 15:117db924cf7c | 903 | SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A, |
wolfSSL | 15:117db924cf7c | 904 | SSL_RSA_WITH_IDEA_CBC_SHA = 0x07, |
wolfSSL | 15:117db924cf7c | 905 | |
wolfSSL | 15:117db924cf7c | 906 | /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ |
wolfSSL | 15:117db924cf7c | 907 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14, |
wolfSSL | 15:117db924cf7c | 908 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13, |
wolfSSL | 15:117db924cf7c | 909 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A, |
wolfSSL | 15:117db924cf7c | 910 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09, |
wolfSSL | 15:117db924cf7c | 911 | TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11, |
wolfSSL | 15:117db924cf7c | 912 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07, |
wolfSSL | 15:117db924cf7c | 913 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12, |
wolfSSL | 15:117db924cf7c | 914 | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08, |
wolfSSL | 15:117db924cf7c | 915 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27, |
wolfSSL | 15:117db924cf7c | 916 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, |
wolfSSL | 15:117db924cf7c | 917 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28, |
wolfSSL | 15:117db924cf7c | 918 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24, |
wolfSSL | 15:117db924cf7c | 919 | TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06, |
wolfSSL | 15:117db924cf7c | 920 | TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a, |
wolfSSL | 15:117db924cf7c | 921 | TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37, |
wolfSSL | 15:117db924cf7c | 922 | |
wolfSSL | 15:117db924cf7c | 923 | /* static ECDH, first byte is 0xC0 (ECC_BYTE) */ |
wolfSSL | 15:117db924cf7c | 924 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F, |
wolfSSL | 15:117db924cf7c | 925 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E, |
wolfSSL | 15:117db924cf7c | 926 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05, |
wolfSSL | 15:117db924cf7c | 927 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04, |
wolfSSL | 15:117db924cf7c | 928 | TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C, |
wolfSSL | 15:117db924cf7c | 929 | TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02, |
wolfSSL | 15:117db924cf7c | 930 | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D, |
wolfSSL | 15:117db924cf7c | 931 | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03, |
wolfSSL | 15:117db924cf7c | 932 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29, |
wolfSSL | 15:117db924cf7c | 933 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25, |
wolfSSL | 15:117db924cf7c | 934 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, |
wolfSSL | 15:117db924cf7c | 935 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, |
wolfSSL | 15:117db924cf7c | 936 | |
wolfSSL | 15:117db924cf7c | 937 | /* wolfSSL extension - eSTREAM */ |
wolfSSL | 15:117db924cf7c | 938 | TLS_RSA_WITH_HC_128_MD5 = 0xFB, |
wolfSSL | 15:117db924cf7c | 939 | TLS_RSA_WITH_HC_128_SHA = 0xFC, |
wolfSSL | 15:117db924cf7c | 940 | TLS_RSA_WITH_RABBIT_SHA = 0xFD, |
wolfSSL | 15:117db924cf7c | 941 | WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */ |
wolfSSL | 15:117db924cf7c | 942 | |
wolfSSL | 15:117db924cf7c | 943 | /* wolfSSL extension - Blake2b 256 */ |
wolfSSL | 15:117db924cf7c | 944 | TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8, |
wolfSSL | 15:117db924cf7c | 945 | TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9, |
wolfSSL | 15:117db924cf7c | 946 | TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */ |
wolfSSL | 15:117db924cf7c | 947 | |
wolfSSL | 15:117db924cf7c | 948 | /* wolfSSL extension - NTRU */ |
wolfSSL | 15:117db924cf7c | 949 | TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, |
wolfSSL | 15:117db924cf7c | 950 | TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, |
wolfSSL | 15:117db924cf7c | 951 | TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */ |
wolfSSL | 15:117db924cf7c | 952 | TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, |
wolfSSL | 15:117db924cf7c | 953 | |
wolfSSL | 15:117db924cf7c | 954 | /* wolfSSL extension - NTRU , Quantum-safe Handshake |
wolfSSL | 15:117db924cf7c | 955 | first byte is 0xD0 (QSH_BYTE) */ |
wolfSSL | 15:117db924cf7c | 956 | TLS_QSH = 0x01, |
wolfSSL | 15:117db924cf7c | 957 | |
wolfSSL | 15:117db924cf7c | 958 | /* SHA256 */ |
wolfSSL | 15:117db924cf7c | 959 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b, |
wolfSSL | 15:117db924cf7c | 960 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67, |
wolfSSL | 15:117db924cf7c | 961 | TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, |
wolfSSL | 15:117db924cf7c | 962 | TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, |
wolfSSL | 15:117db924cf7c | 963 | TLS_RSA_WITH_NULL_SHA256 = 0x3b, |
wolfSSL | 15:117db924cf7c | 964 | TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2, |
wolfSSL | 15:117db924cf7c | 965 | TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4, |
wolfSSL | 15:117db924cf7c | 966 | |
wolfSSL | 15:117db924cf7c | 967 | /* SHA384 */ |
wolfSSL | 15:117db924cf7c | 968 | TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3, |
wolfSSL | 15:117db924cf7c | 969 | TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5, |
wolfSSL | 15:117db924cf7c | 970 | |
wolfSSL | 15:117db924cf7c | 971 | /* AES-GCM */ |
wolfSSL | 15:117db924cf7c | 972 | TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, |
wolfSSL | 15:117db924cf7c | 973 | TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, |
wolfSSL | 15:117db924cf7c | 974 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, |
wolfSSL | 15:117db924cf7c | 975 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, |
wolfSSL | 15:117db924cf7c | 976 | TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7, |
wolfSSL | 15:117db924cf7c | 977 | TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, |
wolfSSL | 15:117db924cf7c | 978 | TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, |
wolfSSL | 15:117db924cf7c | 979 | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa, |
wolfSSL | 15:117db924cf7c | 980 | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab, |
wolfSSL | 15:117db924cf7c | 981 | |
wolfSSL | 15:117db924cf7c | 982 | /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ |
wolfSSL | 15:117db924cf7c | 983 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, |
wolfSSL | 15:117db924cf7c | 984 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c, |
wolfSSL | 15:117db924cf7c | 985 | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d, |
wolfSSL | 15:117db924cf7c | 986 | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e, |
wolfSSL | 15:117db924cf7c | 987 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, |
wolfSSL | 15:117db924cf7c | 988 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30, |
wolfSSL | 15:117db924cf7c | 989 | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31, |
wolfSSL | 15:117db924cf7c | 990 | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32, |
wolfSSL | 15:117db924cf7c | 991 | |
wolfSSL | 15:117db924cf7c | 992 | /* AES-CCM, first byte is 0xC0 but isn't ECC, |
wolfSSL | 15:117db924cf7c | 993 | * also, in some of the other AES-CCM suites |
wolfSSL | 15:117db924cf7c | 994 | * there will be second byte number conflicts |
wolfSSL | 15:117db924cf7c | 995 | * with non-ECC AES-GCM */ |
wolfSSL | 15:117db924cf7c | 996 | TLS_RSA_WITH_AES_128_CCM_8 = 0xa0, |
wolfSSL | 15:117db924cf7c | 997 | TLS_RSA_WITH_AES_256_CCM_8 = 0xa1, |
wolfSSL | 15:117db924cf7c | 998 | TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac, |
wolfSSL | 15:117db924cf7c | 999 | TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae, |
wolfSSL | 15:117db924cf7c | 1000 | TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf, |
wolfSSL | 15:117db924cf7c | 1001 | TLS_PSK_WITH_AES_128_CCM = 0xa4, |
wolfSSL | 15:117db924cf7c | 1002 | TLS_PSK_WITH_AES_256_CCM = 0xa5, |
wolfSSL | 15:117db924cf7c | 1003 | TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, |
wolfSSL | 15:117db924cf7c | 1004 | TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, |
wolfSSL | 15:117db924cf7c | 1005 | TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6, |
wolfSSL | 15:117db924cf7c | 1006 | TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7, |
wolfSSL | 15:117db924cf7c | 1007 | |
wolfSSL | 15:117db924cf7c | 1008 | /* Camellia */ |
wolfSSL | 15:117db924cf7c | 1009 | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, |
wolfSSL | 15:117db924cf7c | 1010 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, |
wolfSSL | 15:117db924cf7c | 1011 | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, |
wolfSSL | 15:117db924cf7c | 1012 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0, |
wolfSSL | 15:117db924cf7c | 1013 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45, |
wolfSSL | 15:117db924cf7c | 1014 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88, |
wolfSSL | 15:117db924cf7c | 1015 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, |
wolfSSL | 15:117db924cf7c | 1016 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, |
wolfSSL | 15:117db924cf7c | 1017 | |
wolfSSL | 15:117db924cf7c | 1018 | /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */ |
wolfSSL | 15:117db924cf7c | 1019 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8, |
wolfSSL | 15:117db924cf7c | 1020 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9, |
wolfSSL | 15:117db924cf7c | 1021 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa, |
wolfSSL | 15:117db924cf7c | 1022 | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac, |
wolfSSL | 15:117db924cf7c | 1023 | TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab, |
wolfSSL | 15:117db924cf7c | 1024 | TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad, |
wolfSSL | 15:117db924cf7c | 1025 | |
wolfSSL | 15:117db924cf7c | 1026 | /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */ |
wolfSSL | 15:117db924cf7c | 1027 | TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13, |
wolfSSL | 15:117db924cf7c | 1028 | TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14, |
wolfSSL | 15:117db924cf7c | 1029 | TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15, |
wolfSSL | 15:117db924cf7c | 1030 | |
wolfSSL | 15:117db924cf7c | 1031 | /* TLS v1.3 cipher suites */ |
wolfSSL | 15:117db924cf7c | 1032 | TLS_AES_128_GCM_SHA256 = 0x01, |
wolfSSL | 15:117db924cf7c | 1033 | TLS_AES_256_GCM_SHA384 = 0x02, |
wolfSSL | 15:117db924cf7c | 1034 | TLS_CHACHA20_POLY1305_SHA256 = 0x03, |
wolfSSL | 15:117db924cf7c | 1035 | TLS_AES_128_CCM_SHA256 = 0x04, |
wolfSSL | 15:117db924cf7c | 1036 | TLS_AES_128_CCM_8_SHA256 = 0x05, |
wolfSSL | 15:117db924cf7c | 1037 | |
wolfSSL | 15:117db924cf7c | 1038 | /* Renegotiation Indication Extension Special Suite */ |
wolfSSL | 15:117db924cf7c | 1039 | TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff |
wolfSSL | 15:117db924cf7c | 1040 | }; |
wolfSSL | 15:117db924cf7c | 1041 | |
wolfSSL | 15:117db924cf7c | 1042 | |
wolfSSL | 15:117db924cf7c | 1043 | #ifndef WOLFSSL_SESSION_TIMEOUT |
wolfSSL | 15:117db924cf7c | 1044 | #define WOLFSSL_SESSION_TIMEOUT 500 |
wolfSSL | 15:117db924cf7c | 1045 | /* default session resumption cache timeout in seconds */ |
wolfSSL | 15:117db924cf7c | 1046 | #endif |
wolfSSL | 15:117db924cf7c | 1047 | |
wolfSSL | 15:117db924cf7c | 1048 | |
wolfSSL | 15:117db924cf7c | 1049 | #ifndef WOLFSSL_DTLS_WINDOW_WORDS |
wolfSSL | 15:117db924cf7c | 1050 | #define WOLFSSL_DTLS_WINDOW_WORDS 2 |
wolfSSL | 15:117db924cf7c | 1051 | #endif /* WOLFSSL_DTLS_WINDOW_WORDS */ |
wolfSSL | 15:117db924cf7c | 1052 | #define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT) |
wolfSSL | 15:117db924cf7c | 1053 | #define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS) |
wolfSSL | 15:117db924cf7c | 1054 | #define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS) |
wolfSSL | 15:117db924cf7c | 1055 | |
wolfSSL | 15:117db924cf7c | 1056 | #ifndef WOLFSSL_MULTICAST |
wolfSSL | 15:117db924cf7c | 1057 | #define WOLFSSL_DTLS_PEERSEQ_SZ 1 |
wolfSSL | 15:117db924cf7c | 1058 | #else |
wolfSSL | 15:117db924cf7c | 1059 | #ifndef WOLFSSL_MULTICAST_PEERS |
wolfSSL | 15:117db924cf7c | 1060 | /* max allowed multicast group peers */ |
wolfSSL | 15:117db924cf7c | 1061 | #define WOLFSSL_MULTICAST_PEERS 100 |
wolfSSL | 15:117db924cf7c | 1062 | #endif |
wolfSSL | 15:117db924cf7c | 1063 | #define WOLFSSL_DTLS_PEERSEQ_SZ WOLFSSL_MULTICAST_PEERS |
wolfSSL | 15:117db924cf7c | 1064 | #endif /* WOLFSSL_MULTICAST */ |
wolfSSL | 15:117db924cf7c | 1065 | |
wolfSSL | 15:117db924cf7c | 1066 | #ifndef WOLFSSL_MAX_MTU |
wolfSSL | 15:117db924cf7c | 1067 | #define WOLFSSL_MAX_MTU 1500 |
wolfSSL | 15:117db924cf7c | 1068 | #endif /* WOLFSSL_MAX_MTU */ |
wolfSSL | 15:117db924cf7c | 1069 | |
wolfSSL | 15:117db924cf7c | 1070 | |
wolfSSL | 15:117db924cf7c | 1071 | /* set minimum DH key size allowed */ |
wolfSSL | 15:117db924cf7c | 1072 | #ifndef WOLFSSL_MIN_DHKEY_BITS |
wolfSSL | 15:117db924cf7c | 1073 | #ifdef WOLFSSL_MAX_STRENGTH |
wolfSSL | 15:117db924cf7c | 1074 | #define WOLFSSL_MIN_DHKEY_BITS 2048 |
wolfSSL | 15:117db924cf7c | 1075 | #else |
wolfSSL | 15:117db924cf7c | 1076 | #define WOLFSSL_MIN_DHKEY_BITS 1024 |
wolfSSL | 15:117db924cf7c | 1077 | #endif |
wolfSSL | 15:117db924cf7c | 1078 | #endif |
wolfSSL | 15:117db924cf7c | 1079 | #if (WOLFSSL_MIN_DHKEY_BITS % 8) |
wolfSSL | 15:117db924cf7c | 1080 | #error DH minimum bit size must be multiple of 8 |
wolfSSL | 15:117db924cf7c | 1081 | #endif |
wolfSSL | 15:117db924cf7c | 1082 | #if (WOLFSSL_MIN_DHKEY_BITS > 16000) |
wolfSSL | 15:117db924cf7c | 1083 | #error DH minimum bit size must not be greater than 16000 |
wolfSSL | 15:117db924cf7c | 1084 | #endif |
wolfSSL | 15:117db924cf7c | 1085 | #define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8) |
wolfSSL | 15:117db924cf7c | 1086 | /* set maximum DH key size allowed */ |
wolfSSL | 15:117db924cf7c | 1087 | #ifndef WOLFSSL_MAX_DHKEY_BITS |
wolfSSL | 15:117db924cf7c | 1088 | #define WOLFSSL_MAX_DHKEY_BITS 4096 |
wolfSSL | 15:117db924cf7c | 1089 | #endif |
wolfSSL | 15:117db924cf7c | 1090 | #if (WOLFSSL_MAX_DHKEY_BITS % 8) |
wolfSSL | 15:117db924cf7c | 1091 | #error DH maximum bit size must be multiple of 8 |
wolfSSL | 15:117db924cf7c | 1092 | #endif |
wolfSSL | 15:117db924cf7c | 1093 | #if (WOLFSSL_MAX_DHKEY_BITS > 16000) |
wolfSSL | 15:117db924cf7c | 1094 | #error DH maximum bit size must not be greater than 16000 |
wolfSSL | 15:117db924cf7c | 1095 | #endif |
wolfSSL | 15:117db924cf7c | 1096 | #define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8) |
wolfSSL | 15:117db924cf7c | 1097 | |
wolfSSL | 15:117db924cf7c | 1098 | |
wolfSSL | 15:117db924cf7c | 1099 | |
wolfSSL | 15:117db924cf7c | 1100 | enum Misc { |
wolfSSL | 15:117db924cf7c | 1101 | CIPHER_BYTE = 0x00, /* Default ciphers */ |
wolfSSL | 15:117db924cf7c | 1102 | ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ |
wolfSSL | 15:117db924cf7c | 1103 | QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */ |
wolfSSL | 15:117db924cf7c | 1104 | CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ |
wolfSSL | 15:117db924cf7c | 1105 | TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */ |
wolfSSL | 15:117db924cf7c | 1106 | |
wolfSSL | 15:117db924cf7c | 1107 | SEND_CERT = 1, |
wolfSSL | 15:117db924cf7c | 1108 | SEND_BLANK_CERT = 2, |
wolfSSL | 15:117db924cf7c | 1109 | |
wolfSSL | 15:117db924cf7c | 1110 | DTLS_MAJOR = 0xfe, /* DTLS major version number */ |
wolfSSL | 15:117db924cf7c | 1111 | DTLS_MINOR = 0xff, /* DTLS minor version number */ |
wolfSSL | 15:117db924cf7c | 1112 | DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */ |
wolfSSL | 15:117db924cf7c | 1113 | SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ |
wolfSSL | 15:117db924cf7c | 1114 | SSLv3_MINOR = 0, /* TLSv1 minor version number */ |
wolfSSL | 15:117db924cf7c | 1115 | TLSv1_MINOR = 1, /* TLSv1 minor version number */ |
wolfSSL | 15:117db924cf7c | 1116 | TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ |
wolfSSL | 15:117db924cf7c | 1117 | TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ |
wolfSSL | 15:117db924cf7c | 1118 | TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ |
wolfSSL | 15:117db924cf7c | 1119 | #ifndef WOLFSSL_TLS13_FINAL |
wolfSSL | 15:117db924cf7c | 1120 | TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ |
wolfSSL | 15:117db924cf7c | 1121 | #ifdef WOLFSSL_TLS13_DRAFT_18 |
wolfSSL | 15:117db924cf7c | 1122 | TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */ |
wolfSSL | 15:117db924cf7c | 1123 | #elif defined(WOLFSSL_TLS13_DRAFT_22) |
wolfSSL | 15:117db924cf7c | 1124 | TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */ |
wolfSSL | 15:117db924cf7c | 1125 | #elif defined(WOLFSSL_TLS13_DRAFT_23) |
wolfSSL | 15:117db924cf7c | 1126 | TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */ |
wolfSSL | 15:117db924cf7c | 1127 | #elif defined(WOLFSSL_TLS13_DRAFT_26) |
wolfSSL | 15:117db924cf7c | 1128 | TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */ |
wolfSSL | 15:117db924cf7c | 1129 | #else |
wolfSSL | 15:117db924cf7c | 1130 | TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */ |
wolfSSL | 15:117db924cf7c | 1131 | #endif |
wolfSSL | 15:117db924cf7c | 1132 | #endif |
wolfSSL | 15:117db924cf7c | 1133 | OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ |
wolfSSL | 15:117db924cf7c | 1134 | INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ |
wolfSSL | 15:117db924cf7c | 1135 | NO_COMPRESSION = 0, |
wolfSSL | 15:117db924cf7c | 1136 | ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */ |
wolfSSL | 15:117db924cf7c | 1137 | HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */ |
wolfSSL | 15:117db924cf7c | 1138 | HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */ |
wolfSSL | 15:117db924cf7c | 1139 | SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH, |
wolfSSL | 15:117db924cf7c | 1140 | /* pre RSA and all master */ |
wolfSSL | 15:117db924cf7c | 1141 | #if defined(WOLFSSL_MYSQL_COMPATIBLE) |
wolfSSL | 15:117db924cf7c | 1142 | ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */ |
wolfSSL | 15:117db924cf7c | 1143 | #else |
wolfSSL | 15:117db924cf7c | 1144 | ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ |
wolfSSL | 15:117db924cf7c | 1145 | #endif |
wolfSSL | 15:117db924cf7c | 1146 | SIZEOF_SENDER = 4, /* clnt or srvr */ |
wolfSSL | 15:117db924cf7c | 1147 | FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */ |
wolfSSL | 15:117db924cf7c | 1148 | MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ |
wolfSSL | 15:117db924cf7c | 1149 | MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE, |
wolfSSL | 15:117db924cf7c | 1150 | /* max added to msg, mac + pad from */ |
wolfSSL | 15:117db924cf7c | 1151 | /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max |
wolfSSL | 15:117db924cf7c | 1152 | digest sz + BLOC_SZ (iv) + pad byte (1) */ |
wolfSSL | 15:117db924cf7c | 1153 | MAX_COMP_EXTRA = 1024, /* max compression extra */ |
wolfSSL | 15:117db924cf7c | 1154 | MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */ |
wolfSSL | 15:117db924cf7c | 1155 | MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */ |
wolfSSL | 15:117db924cf7c | 1156 | MAX_DH_SZ = (MAX_DHKEY_SZ * 2) + 12, |
wolfSSL | 15:117db924cf7c | 1157 | /* 4096 p, pub, g + 2 byte size for each */ |
wolfSSL | 15:117db924cf7c | 1158 | MAX_STR_VERSION = 8, /* string rep of protocol version */ |
wolfSSL | 15:117db924cf7c | 1159 | |
wolfSSL | 15:117db924cf7c | 1160 | PAD_MD5 = 48, /* pad length for finished */ |
wolfSSL | 15:117db924cf7c | 1161 | PAD_SHA = 40, /* pad length for finished */ |
wolfSSL | 15:117db924cf7c | 1162 | MAX_PAD_SIZE = 256, /* maximum length of padding */ |
wolfSSL | 15:117db924cf7c | 1163 | |
wolfSSL | 15:117db924cf7c | 1164 | LENGTH_SZ = 2, /* length field for HMAC, data only */ |
wolfSSL | 15:117db924cf7c | 1165 | VERSION_SZ = 2, /* length of proctocol version */ |
wolfSSL | 15:117db924cf7c | 1166 | SEQ_SZ = 8, /* 64 bit sequence number */ |
wolfSSL | 15:117db924cf7c | 1167 | ALERT_SIZE = 2, /* level + description */ |
wolfSSL | 15:117db924cf7c | 1168 | VERIFY_HEADER = 2, /* always use 2 bytes */ |
wolfSSL | 15:117db924cf7c | 1169 | EXTS_SZ = 2, /* always use 2 bytes */ |
wolfSSL | 15:117db924cf7c | 1170 | EXT_ID_SZ = 2, /* always use 2 bytes */ |
wolfSSL | 15:117db924cf7c | 1171 | MAX_DH_SIZE = MAX_DHKEY_SZ+1, |
wolfSSL | 15:117db924cf7c | 1172 | /* Max size plus possible leading 0 */ |
wolfSSL | 15:117db924cf7c | 1173 | NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */ |
wolfSSL | 15:117db924cf7c | 1174 | SESSION_HINT_SZ = 4, /* session timeout hint */ |
wolfSSL | 15:117db924cf7c | 1175 | SESSION_ADD_SZ = 4, /* session age add */ |
wolfSSL | 15:117db924cf7c | 1176 | TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */ |
wolfSSL | 15:117db924cf7c | 1177 | DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */ |
wolfSSL | 15:117db924cf7c | 1178 | MAX_TICKET_NONCE_SZ = 4, /* maximum ticket nonce size */ |
wolfSSL | 15:117db924cf7c | 1179 | MAX_LIFETIME = 604800, /* maximum ticket lifetime */ |
wolfSSL | 15:117db924cf7c | 1180 | MAX_EARLY_DATA_SZ = 4096, /* maximum early data size */ |
wolfSSL | 15:117db924cf7c | 1181 | |
wolfSSL | 15:117db924cf7c | 1182 | RAN_LEN = 32, /* random length */ |
wolfSSL | 15:117db924cf7c | 1183 | SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ |
wolfSSL | 15:117db924cf7c | 1184 | ID_LEN = 32, /* session id length */ |
wolfSSL | 15:117db924cf7c | 1185 | COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */ |
wolfSSL | 15:117db924cf7c | 1186 | MAX_COOKIE_LEN = 32, /* max dtls cookie size */ |
wolfSSL | 15:117db924cf7c | 1187 | COOKIE_SZ = 20, /* use a 20 byte cookie */ |
wolfSSL | 15:117db924cf7c | 1188 | SUITE_LEN = 2, /* cipher suite sz length */ |
wolfSSL | 15:117db924cf7c | 1189 | ENUM_LEN = 1, /* always a byte */ |
wolfSSL | 15:117db924cf7c | 1190 | OPAQUE8_LEN = 1, /* 1 byte */ |
wolfSSL | 15:117db924cf7c | 1191 | OPAQUE16_LEN = 2, /* 2 bytes */ |
wolfSSL | 15:117db924cf7c | 1192 | OPAQUE24_LEN = 3, /* 3 bytes */ |
wolfSSL | 15:117db924cf7c | 1193 | OPAQUE32_LEN = 4, /* 4 bytes */ |
wolfSSL | 15:117db924cf7c | 1194 | OPAQUE64_LEN = 8, /* 8 bytes */ |
wolfSSL | 15:117db924cf7c | 1195 | COMP_LEN = 1, /* compression length */ |
wolfSSL | 15:117db924cf7c | 1196 | CURVE_LEN = 2, /* ecc named curve length */ |
wolfSSL | 15:117db924cf7c | 1197 | KE_GROUP_LEN = 2, /* key exchange group length */ |
wolfSSL | 15:117db924cf7c | 1198 | SERVER_ID_LEN = 20, /* server session id length */ |
wolfSSL | 15:117db924cf7c | 1199 | |
wolfSSL | 15:117db924cf7c | 1200 | HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ |
wolfSSL | 15:117db924cf7c | 1201 | RECORD_HEADER_SZ = 5, /* type + version + len(2) */ |
wolfSSL | 15:117db924cf7c | 1202 | CERT_HEADER_SZ = 3, /* always 3 bytes */ |
wolfSSL | 15:117db924cf7c | 1203 | REQ_HEADER_SZ = 2, /* cert request header sz */ |
wolfSSL | 15:117db924cf7c | 1204 | HINT_LEN_SZ = 2, /* length of hint size field */ |
wolfSSL | 15:117db924cf7c | 1205 | TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */ |
wolfSSL | 15:117db924cf7c | 1206 | HELLO_EXT_SZ = 4, /* base length of a hello extension */ |
wolfSSL | 15:117db924cf7c | 1207 | HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */ |
wolfSSL | 15:117db924cf7c | 1208 | HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */ |
wolfSSL | 15:117db924cf7c | 1209 | HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */ |
wolfSSL | 15:117db924cf7c | 1210 | |
wolfSSL | 15:117db924cf7c | 1211 | DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ |
wolfSSL | 15:117db924cf7c | 1212 | DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ |
wolfSSL | 15:117db924cf7c | 1213 | DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */ |
wolfSSL | 15:117db924cf7c | 1214 | DTLS_RECORD_EXTRA = 8, /* diff from normal */ |
wolfSSL | 15:117db924cf7c | 1215 | DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */ |
wolfSSL | 15:117db924cf7c | 1216 | DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ |
wolfSSL | 15:117db924cf7c | 1217 | DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */ |
wolfSSL | 15:117db924cf7c | 1218 | DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */ |
wolfSSL | 15:117db924cf7c | 1219 | DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */ |
wolfSSL | 15:117db924cf7c | 1220 | DTLS_EXPORT_OPT_SZ = 60, /* amount of bytes used from Options */ |
wolfSSL | 15:117db924cf7c | 1221 | DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */ |
wolfSSL | 15:117db924cf7c | 1222 | DTLS_EXPORT_OPT_SZ_3 = 59, /* amount of bytes used from Options */ |
wolfSSL | 15:117db924cf7c | 1223 | DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2), |
wolfSSL | 15:117db924cf7c | 1224 | /* max amount of bytes used from Keys */ |
wolfSSL | 15:117db924cf7c | 1225 | DTLS_EXPORT_MIN_KEY_SZ = 78 + (DTLS_SEQ_SZ * 2), |
wolfSSL | 15:117db924cf7c | 1226 | /* min amount of bytes used from Keys */ |
wolfSSL | 15:117db924cf7c | 1227 | DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */ |
wolfSSL | 15:117db924cf7c | 1228 | DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */ |
wolfSSL | 15:117db924cf7c | 1229 | DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */ |
wolfSSL | 15:117db924cf7c | 1230 | MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */ |
wolfSSL | 15:117db924cf7c | 1231 | FINISHED_LABEL_SZ = 15, /* TLS finished label size */ |
wolfSSL | 15:117db924cf7c | 1232 | TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ |
wolfSSL | 15:117db924cf7c | 1233 | EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */ |
wolfSSL | 15:117db924cf7c | 1234 | MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ |
wolfSSL | 15:117db924cf7c | 1235 | KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ |
wolfSSL | 15:117db924cf7c | 1236 | MAX_PRF_HALF = 256, /* Maximum half secret len */ |
wolfSSL | 15:117db924cf7c | 1237 | MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ |
wolfSSL | 15:117db924cf7c | 1238 | MAX_PRF_DIG = 224, /* Maximum digest len */ |
wolfSSL | 15:117db924cf7c | 1239 | PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */ |
wolfSSL | 15:117db924cf7c | 1240 | MAX_LABEL_SZ = 34, /* Maximum length of a label */ |
wolfSSL | 15:117db924cf7c | 1241 | MAX_HKDF_LABEL_SZ = OPAQUE16_LEN + |
wolfSSL | 15:117db924cf7c | 1242 | OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ + |
wolfSSL | 15:117db924cf7c | 1243 | OPAQUE8_LEN + WC_MAX_DIGEST_SIZE, |
wolfSSL | 15:117db924cf7c | 1244 | MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ |
wolfSSL | 15:117db924cf7c | 1245 | SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ |
wolfSSL | 15:117db924cf7c | 1246 | TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */ |
wolfSSL | 15:117db924cf7c | 1247 | |
wolfSSL | 15:117db924cf7c | 1248 | #if defined(HAVE_FIPS) && \ |
wolfSSL | 15:117db924cf7c | 1249 | (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) |
wolfSSL | 15:117db924cf7c | 1250 | MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE, |
wolfSSL | 15:117db924cf7c | 1251 | #else |
wolfSSL | 15:117db924cf7c | 1252 | MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, |
wolfSSL | 15:117db924cf7c | 1253 | #endif |
wolfSSL | 15:117db924cf7c | 1254 | |
wolfSSL | 15:117db924cf7c | 1255 | #ifdef HAVE_SELFTEST |
wolfSSL | 15:117db924cf7c | 1256 | AES_256_KEY_SIZE = 32, |
wolfSSL | 15:117db924cf7c | 1257 | AES_IV_SIZE = 16, |
wolfSSL | 15:117db924cf7c | 1258 | AES_128_KEY_SIZE = 16, |
wolfSSL | 15:117db924cf7c | 1259 | #endif |
wolfSSL | 15:117db924cf7c | 1260 | |
wolfSSL | 15:117db924cf7c | 1261 | MAX_IV_SZ = AES_BLOCK_SIZE, |
wolfSSL | 15:117db924cf7c | 1262 | |
wolfSSL | 15:117db924cf7c | 1263 | AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ |
wolfSSL | 15:117db924cf7c | 1264 | AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ |
wolfSSL | 15:117db924cf7c | 1265 | AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */ |
wolfSSL | 15:117db924cf7c | 1266 | AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */ |
wolfSSL | 15:117db924cf7c | 1267 | AEAD_LEN_OFFSET = 11, /* Auth Data: Length */ |
wolfSSL | 15:117db924cf7c | 1268 | AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */ |
wolfSSL | 15:117db924cf7c | 1269 | AEAD_NONCE_SZ = 12, |
wolfSSL | 15:117db924cf7c | 1270 | AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */ |
wolfSSL | 15:117db924cf7c | 1271 | AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */ |
wolfSSL | 15:117db924cf7c | 1272 | AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ, |
wolfSSL | 15:117db924cf7c | 1273 | |
wolfSSL | 15:117db924cf7c | 1274 | CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */ |
wolfSSL | 15:117db924cf7c | 1275 | CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */ |
wolfSSL | 15:117db924cf7c | 1276 | CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */ |
wolfSSL | 15:117db924cf7c | 1277 | |
wolfSSL | 15:117db924cf7c | 1278 | /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */ |
wolfSSL | 15:117db924cf7c | 1279 | |
wolfSSL | 15:117db924cf7c | 1280 | AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */ |
wolfSSL | 15:117db924cf7c | 1281 | AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */ |
wolfSSL | 15:117db924cf7c | 1282 | AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */ |
wolfSSL | 15:117db924cf7c | 1283 | AESCCM_NONCE_SZ = 12, |
wolfSSL | 15:117db924cf7c | 1284 | |
wolfSSL | 15:117db924cf7c | 1285 | CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */ |
wolfSSL | 15:117db924cf7c | 1286 | CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */ |
wolfSSL | 15:117db924cf7c | 1287 | CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ |
wolfSSL | 15:117db924cf7c | 1288 | CAMELLIA_IV_SIZE = 16, /* always block size */ |
wolfSSL | 15:117db924cf7c | 1289 | |
wolfSSL | 15:117db924cf7c | 1290 | CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */ |
wolfSSL | 15:117db924cf7c | 1291 | CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */ |
wolfSSL | 15:117db924cf7c | 1292 | CHACHA20_IV_SIZE = 12, /* 96 bits for iv */ |
wolfSSL | 15:117db924cf7c | 1293 | |
wolfSSL | 15:117db924cf7c | 1294 | POLY1305_AUTH_SZ = 16, /* 128 bits */ |
wolfSSL | 15:117db924cf7c | 1295 | |
wolfSSL | 15:117db924cf7c | 1296 | HC_128_KEY_SIZE = 16, /* 128 bits */ |
wolfSSL | 15:117db924cf7c | 1297 | HC_128_IV_SIZE = 16, /* also 128 bits */ |
wolfSSL | 15:117db924cf7c | 1298 | |
wolfSSL | 15:117db924cf7c | 1299 | RABBIT_KEY_SIZE = 16, /* 128 bits */ |
wolfSSL | 15:117db924cf7c | 1300 | RABBIT_IV_SIZE = 8, /* 64 bits for iv */ |
wolfSSL | 15:117db924cf7c | 1301 | |
wolfSSL | 15:117db924cf7c | 1302 | EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ |
wolfSSL | 15:117db924cf7c | 1303 | |
wolfSSL | 15:117db924cf7c | 1304 | ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */ |
wolfSSL | 15:117db924cf7c | 1305 | MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */ |
wolfSSL | 15:117db924cf7c | 1306 | MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */ |
wolfSSL | 15:117db924cf7c | 1307 | |
wolfSSL | 15:117db924cf7c | 1308 | NEW_SA_MAJOR = 8, /* Most signicant byte used with new sig algos */ |
wolfSSL | 15:117db924cf7c | 1309 | ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */ |
wolfSSL | 15:117db924cf7c | 1310 | ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */ |
wolfSSL | 15:117db924cf7c | 1311 | ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */ |
wolfSSL | 15:117db924cf7c | 1312 | ED448_SA_MINOR = 8, /* Least significant byte for ED448 */ |
wolfSSL | 15:117db924cf7c | 1313 | |
wolfSSL | 15:117db924cf7c | 1314 | MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */ |
wolfSSL | 15:117db924cf7c | 1315 | MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */ |
wolfSSL | 15:117db924cf7c | 1316 | |
wolfSSL | 15:117db924cf7c | 1317 | MAX_CERT_VERIFY_SZ = 1024, /* max */ |
wolfSSL | 15:117db924cf7c | 1318 | CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ |
wolfSSL | 15:117db924cf7c | 1319 | MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ |
wolfSSL | 15:117db924cf7c | 1320 | |
wolfSSL | 15:117db924cf7c | 1321 | DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */ |
wolfSSL | 15:117db924cf7c | 1322 | DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ |
wolfSSL | 15:117db924cf7c | 1323 | DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ |
wolfSSL | 15:117db924cf7c | 1324 | |
wolfSSL | 15:117db924cf7c | 1325 | MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */ |
wolfSSL | 15:117db924cf7c | 1326 | NULL_TERM_LEN = 1, /* length of null '\0' termination character */ |
wolfSSL | 15:117db924cf7c | 1327 | MAX_PSK_KEY_LEN = 64, /* max psk key supported */ |
wolfSSL | 15:117db924cf7c | 1328 | MIN_PSK_ID_LEN = 6, /* min length of identities */ |
wolfSSL | 15:117db924cf7c | 1329 | MIN_PSK_BINDERS_LEN= 33, /* min length of binders */ |
wolfSSL | 15:117db924cf7c | 1330 | MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */ |
wolfSSL | 15:117db924cf7c | 1331 | |
wolfSSL | 15:117db924cf7c | 1332 | MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */ |
wolfSSL | 15:117db924cf7c | 1333 | |
wolfSSL | 15:117db924cf7c | 1334 | #if defined(HAVE_EX_DATA) || defined(FORTRESS) |
wolfSSL | 15:117db924cf7c | 1335 | MAX_EX_DATA = 5, /* allow for five items of ex_data */ |
wolfSSL | 15:117db924cf7c | 1336 | #endif |
wolfSSL | 15:117db924cf7c | 1337 | |
wolfSSL | 15:117db924cf7c | 1338 | MAX_X509_SIZE = 2048, /* max static x509 buffer size */ |
wolfSSL | 15:117db924cf7c | 1339 | CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ |
wolfSSL | 15:117db924cf7c | 1340 | |
wolfSSL | 15:117db924cf7c | 1341 | MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */ |
wolfSSL | 15:117db924cf7c | 1342 | MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */ |
wolfSSL | 15:117db924cf7c | 1343 | MAX_NTRU_BITS = 256, /* max symmetric bit strength */ |
wolfSSL | 15:117db924cf7c | 1344 | NO_SNIFF = 0, /* not sniffing */ |
wolfSSL | 15:117db924cf7c | 1345 | SNIFF = 1, /* currently sniffing */ |
wolfSSL | 15:117db924cf7c | 1346 | |
wolfSSL | 15:117db924cf7c | 1347 | HASH_SIG_SIZE = 2, /* default SHA1 RSA */ |
wolfSSL | 15:117db924cf7c | 1348 | |
wolfSSL | 15:117db924cf7c | 1349 | NO_COPY = 0, /* should we copy static buffer for write */ |
wolfSSL | 15:117db924cf7c | 1350 | COPY = 1, /* should we copy static buffer for write */ |
wolfSSL | 15:117db924cf7c | 1351 | |
wolfSSL | 15:117db924cf7c | 1352 | INVALID_PEER_ID = 0xFFFF, /* Initialize value for peer ID. */ |
wolfSSL | 15:117db924cf7c | 1353 | |
wolfSSL | 15:117db924cf7c | 1354 | PREV_ORDER = -1, /* Sequence number is in previous epoch. */ |
wolfSSL | 15:117db924cf7c | 1355 | PEER_ORDER = 1, /* Peer sequence number for verify. */ |
wolfSSL | 15:117db924cf7c | 1356 | CUR_ORDER = 0, /* Current sequence number. */ |
wolfSSL | 15:117db924cf7c | 1357 | WRITE_PROTO = 1, /* writing a protocol message */ |
wolfSSL | 15:117db924cf7c | 1358 | READ_PROTO = 0 /* reading a protocol message */ |
wolfSSL | 15:117db924cf7c | 1359 | }; |
wolfSSL | 15:117db924cf7c | 1360 | |
wolfSSL | 15:117db924cf7c | 1361 | /* minimum Downgrade Minor version */ |
wolfSSL | 15:117db924cf7c | 1362 | #ifndef WOLFSSL_MIN_DOWNGRADE |
wolfSSL | 15:117db924cf7c | 1363 | #ifndef NO_OLD_TLS |
wolfSSL | 15:117db924cf7c | 1364 | #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR |
wolfSSL | 15:117db924cf7c | 1365 | #else |
wolfSSL | 15:117db924cf7c | 1366 | #define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR |
wolfSSL | 15:117db924cf7c | 1367 | #endif |
wolfSSL | 15:117db924cf7c | 1368 | #endif |
wolfSSL | 15:117db924cf7c | 1369 | |
wolfSSL | 15:117db924cf7c | 1370 | /* Set max implicit IV size for AEAD cipher suites */ |
wolfSSL | 15:117db924cf7c | 1371 | #define AEAD_MAX_IMP_SZ 12 |
wolfSSL | 15:117db924cf7c | 1372 | |
wolfSSL | 15:117db924cf7c | 1373 | /* Set max explicit IV size for AEAD cipher suites */ |
wolfSSL | 15:117db924cf7c | 1374 | #define AEAD_MAX_EXP_SZ 8 |
wolfSSL | 15:117db924cf7c | 1375 | |
wolfSSL | 15:117db924cf7c | 1376 | |
wolfSSL | 15:117db924cf7c | 1377 | #ifndef WOLFSSL_MAX_SUITE_SZ |
wolfSSL | 15:117db924cf7c | 1378 | #define WOLFSSL_MAX_SUITE_SZ 300 |
wolfSSL | 15:117db924cf7c | 1379 | /* 150 suites for now! */ |
wolfSSL | 15:117db924cf7c | 1380 | #endif |
wolfSSL | 15:117db924cf7c | 1381 | |
wolfSSL | 15:117db924cf7c | 1382 | /* number of items in the signature algo list */ |
wolfSSL | 15:117db924cf7c | 1383 | #ifndef WOLFSSL_MAX_SIGALGO |
wolfSSL | 15:117db924cf7c | 1384 | #define WOLFSSL_MAX_SIGALGO 32 |
wolfSSL | 15:117db924cf7c | 1385 | #endif |
wolfSSL | 15:117db924cf7c | 1386 | |
wolfSSL | 15:117db924cf7c | 1387 | |
wolfSSL | 15:117db924cf7c | 1388 | /* set minimum ECC key size allowed */ |
wolfSSL | 15:117db924cf7c | 1389 | #ifndef WOLFSSL_MIN_ECC_BITS |
wolfSSL | 15:117db924cf7c | 1390 | #ifdef WOLFSSL_MAX_STRENGTH |
wolfSSL | 15:117db924cf7c | 1391 | #define WOLFSSL_MIN_ECC_BITS 256 |
wolfSSL | 15:117db924cf7c | 1392 | #else |
wolfSSL | 15:117db924cf7c | 1393 | #define WOLFSSL_MIN_ECC_BITS 224 |
wolfSSL | 15:117db924cf7c | 1394 | #endif |
wolfSSL | 15:117db924cf7c | 1395 | #endif /* WOLFSSL_MIN_ECC_BITS */ |
wolfSSL | 15:117db924cf7c | 1396 | #if (WOLFSSL_MIN_ECC_BITS % 8) |
wolfSSL | 15:117db924cf7c | 1397 | /* Some ECC keys are not divisable by 8 such as prime239v1 or sect131r1. |
wolfSSL | 15:117db924cf7c | 1398 | In these cases round down to the nearest value divisable by 8. The |
wolfSSL | 15:117db924cf7c | 1399 | restriction of being divisable by 8 is in place to match wc_ecc_size |
wolfSSL | 15:117db924cf7c | 1400 | function from wolfSSL. |
wolfSSL | 15:117db924cf7c | 1401 | */ |
wolfSSL | 15:117db924cf7c | 1402 | #error ECC minimum bit size must be a multiple of 8 |
wolfSSL | 15:117db924cf7c | 1403 | #endif |
wolfSSL | 15:117db924cf7c | 1404 | #define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8) |
wolfSSL | 15:117db924cf7c | 1405 | |
wolfSSL | 15:117db924cf7c | 1406 | /* set minimum RSA key size allowed */ |
wolfSSL | 15:117db924cf7c | 1407 | #ifndef WOLFSSL_MIN_RSA_BITS |
wolfSSL | 15:117db924cf7c | 1408 | #ifdef WOLFSSL_MAX_STRENGTH |
wolfSSL | 15:117db924cf7c | 1409 | #define WOLFSSL_MIN_RSA_BITS 2048 |
wolfSSL | 15:117db924cf7c | 1410 | #else |
wolfSSL | 15:117db924cf7c | 1411 | #define WOLFSSL_MIN_RSA_BITS 1024 |
wolfSSL | 15:117db924cf7c | 1412 | #endif |
wolfSSL | 15:117db924cf7c | 1413 | #endif /* WOLFSSL_MIN_RSA_BITS */ |
wolfSSL | 15:117db924cf7c | 1414 | #if (WOLFSSL_MIN_RSA_BITS % 8) |
wolfSSL | 15:117db924cf7c | 1415 | /* This is to account for the example case of a min size of 2050 bits but |
wolfSSL | 15:117db924cf7c | 1416 | still allows 2049 bit key. So we need the measurment to be in bytes. */ |
wolfSSL | 15:117db924cf7c | 1417 | #error RSA minimum bit size must be a multiple of 8 |
wolfSSL | 15:117db924cf7c | 1418 | #endif |
wolfSSL | 15:117db924cf7c | 1419 | #define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8) |
wolfSSL | 15:117db924cf7c | 1420 | |
wolfSSL | 15:117db924cf7c | 1421 | #ifdef SESSION_INDEX |
wolfSSL | 15:117db924cf7c | 1422 | /* Shift values for making a session index */ |
wolfSSL | 15:117db924cf7c | 1423 | #define SESSIDX_ROW_SHIFT 4 |
wolfSSL | 15:117db924cf7c | 1424 | #define SESSIDX_IDX_MASK 0x0F |
wolfSSL | 15:117db924cf7c | 1425 | #endif |
wolfSSL | 15:117db924cf7c | 1426 | |
wolfSSL | 15:117db924cf7c | 1427 | |
wolfSSL | 15:117db924cf7c | 1428 | /* max cert chain peer depth */ |
wolfSSL | 15:117db924cf7c | 1429 | #ifndef MAX_CHAIN_DEPTH |
wolfSSL | 15:117db924cf7c | 1430 | #define MAX_CHAIN_DEPTH 9 |
wolfSSL | 15:117db924cf7c | 1431 | #endif |
wolfSSL | 15:117db924cf7c | 1432 | |
wolfSSL | 15:117db924cf7c | 1433 | /* max size of a certificate message payload */ |
wolfSSL | 15:117db924cf7c | 1434 | /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */ |
wolfSSL | 15:117db924cf7c | 1435 | #ifndef MAX_CERTIFICATE_SZ |
wolfSSL | 15:117db924cf7c | 1436 | #define MAX_CERTIFICATE_SZ \ |
wolfSSL | 15:117db924cf7c | 1437 | CERT_HEADER_SZ + \ |
wolfSSL | 15:117db924cf7c | 1438 | (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH |
wolfSSL | 15:117db924cf7c | 1439 | #endif |
wolfSSL | 15:117db924cf7c | 1440 | |
wolfSSL | 15:117db924cf7c | 1441 | /* max size of a handshake message, currently set to the certificate */ |
wolfSSL | 15:117db924cf7c | 1442 | #ifndef MAX_HANDSHAKE_SZ |
wolfSSL | 15:117db924cf7c | 1443 | #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ |
wolfSSL | 15:117db924cf7c | 1444 | #endif |
wolfSSL | 15:117db924cf7c | 1445 | |
wolfSSL | 15:117db924cf7c | 1446 | #ifndef SESSION_TICKET_LEN |
wolfSSL | 15:117db924cf7c | 1447 | #define SESSION_TICKET_LEN 256 |
wolfSSL | 15:117db924cf7c | 1448 | #endif |
wolfSSL | 15:117db924cf7c | 1449 | |
wolfSSL | 15:117db924cf7c | 1450 | #ifndef SESSION_TICKET_HINT_DEFAULT |
wolfSSL | 15:117db924cf7c | 1451 | #define SESSION_TICKET_HINT_DEFAULT 300 |
wolfSSL | 15:117db924cf7c | 1452 | #endif |
wolfSSL | 15:117db924cf7c | 1453 | |
wolfSSL | 15:117db924cf7c | 1454 | |
wolfSSL | 15:117db924cf7c | 1455 | /* don't use extra 3/4k stack space unless need to */ |
wolfSSL | 15:117db924cf7c | 1456 | #ifdef HAVE_NTRU |
wolfSSL | 15:117db924cf7c | 1457 | #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ |
wolfSSL | 15:117db924cf7c | 1458 | #else |
wolfSSL | 15:117db924cf7c | 1459 | #define MAX_ENCRYPT_SZ ENCRYPT_LEN |
wolfSSL | 15:117db924cf7c | 1460 | #endif |
wolfSSL | 15:117db924cf7c | 1461 | |
wolfSSL | 15:117db924cf7c | 1462 | |
wolfSSL | 15:117db924cf7c | 1463 | /* states */ |
wolfSSL | 15:117db924cf7c | 1464 | enum states { |
wolfSSL | 15:117db924cf7c | 1465 | NULL_STATE = 0, |
wolfSSL | 15:117db924cf7c | 1466 | |
wolfSSL | 15:117db924cf7c | 1467 | SERVER_HELLOVERIFYREQUEST_COMPLETE, |
wolfSSL | 15:117db924cf7c | 1468 | SERVER_HELLO_RETRY_REQUEST_COMPLETE, |
wolfSSL | 15:117db924cf7c | 1469 | SERVER_HELLO_COMPLETE, |
wolfSSL | 15:117db924cf7c | 1470 | SERVER_ENCRYPTED_EXTENSIONS_COMPLETE, |
wolfSSL | 15:117db924cf7c | 1471 | SERVER_CERT_COMPLETE, |
wolfSSL | 15:117db924cf7c | 1472 | SERVER_KEYEXCHANGE_COMPLETE, |
wolfSSL | 15:117db924cf7c | 1473 | SERVER_HELLODONE_COMPLETE, |
wolfSSL | 15:117db924cf7c | 1474 | SERVER_CHANGECIPHERSPEC_COMPLETE, |
wolfSSL | 15:117db924cf7c | 1475 | SERVER_FINISHED_COMPLETE, |
wolfSSL | 15:117db924cf7c | 1476 | |
wolfSSL | 15:117db924cf7c | 1477 | CLIENT_HELLO_COMPLETE, |
wolfSSL | 15:117db924cf7c | 1478 | CLIENT_KEYEXCHANGE_COMPLETE, |
wolfSSL | 15:117db924cf7c | 1479 | CLIENT_CHANGECIPHERSPEC_COMPLETE, |
wolfSSL | 15:117db924cf7c | 1480 | CLIENT_FINISHED_COMPLETE, |
wolfSSL | 15:117db924cf7c | 1481 | |
wolfSSL | 15:117db924cf7c | 1482 | HANDSHAKE_DONE |
wolfSSL | 15:117db924cf7c | 1483 | }; |
wolfSSL | 15:117db924cf7c | 1484 | |
wolfSSL | 15:117db924cf7c | 1485 | /* SSL Version */ |
wolfSSL | 15:117db924cf7c | 1486 | typedef struct ProtocolVersion { |
wolfSSL | 15:117db924cf7c | 1487 | byte major; |
wolfSSL | 15:117db924cf7c | 1488 | byte minor; |
wolfSSL | 15:117db924cf7c | 1489 | } WOLFSSL_PACK ProtocolVersion; |
wolfSSL | 15:117db924cf7c | 1490 | |
wolfSSL | 15:117db924cf7c | 1491 | |
wolfSSL | 15:117db924cf7c | 1492 | WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void); |
wolfSSL | 15:117db924cf7c | 1493 | WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void); |
wolfSSL | 15:117db924cf7c | 1494 | WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void); |
wolfSSL | 15:117db924cf7c | 1495 | WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void); |
wolfSSL | 15:117db924cf7c | 1496 | WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void); |
wolfSSL | 15:117db924cf7c | 1497 | |
wolfSSL | 15:117db924cf7c | 1498 | #ifdef WOLFSSL_DTLS |
wolfSSL | 15:117db924cf7c | 1499 | WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void); |
wolfSSL | 15:117db924cf7c | 1500 | WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); |
wolfSSL | 15:117db924cf7c | 1501 | |
wolfSSL | 15:117db924cf7c | 1502 | #ifdef WOLFSSL_SESSION_EXPORT |
wolfSSL | 15:117db924cf7c | 1503 | WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, |
wolfSSL | 15:117db924cf7c | 1504 | word32 sz); |
wolfSSL | 15:117db924cf7c | 1505 | WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, |
wolfSSL | 15:117db924cf7c | 1506 | word32 sz); |
wolfSSL | 15:117db924cf7c | 1507 | WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 1508 | #endif |
wolfSSL | 15:117db924cf7c | 1509 | #endif |
wolfSSL | 15:117db924cf7c | 1510 | |
wolfSSL | 15:117db924cf7c | 1511 | |
wolfSSL | 15:117db924cf7c | 1512 | /* wolfSSL BIO_METHOD type */ |
wolfSSL | 15:117db924cf7c | 1513 | struct WOLFSSL_BIO_METHOD { |
wolfSSL | 15:117db924cf7c | 1514 | byte type; /* method type */ |
wolfSSL | 15:117db924cf7c | 1515 | }; |
wolfSSL | 15:117db924cf7c | 1516 | |
wolfSSL | 15:117db924cf7c | 1517 | |
wolfSSL | 15:117db924cf7c | 1518 | /* wolfSSL BIO type */ |
wolfSSL | 15:117db924cf7c | 1519 | struct WOLFSSL_BIO { |
wolfSSL | 15:117db924cf7c | 1520 | WOLFSSL_BUF_MEM* mem_buf; |
wolfSSL | 15:117db924cf7c | 1521 | WOLFSSL* ssl; /* possible associated ssl */ |
wolfSSL | 15:117db924cf7c | 1522 | #ifndef NO_FILESYSTEM |
wolfSSL | 15:117db924cf7c | 1523 | XFILE file; |
wolfSSL | 15:117db924cf7c | 1524 | #endif |
wolfSSL | 15:117db924cf7c | 1525 | WOLFSSL_BIO* prev; /* previous in chain */ |
wolfSSL | 15:117db924cf7c | 1526 | WOLFSSL_BIO* next; /* next in chain */ |
wolfSSL | 15:117db924cf7c | 1527 | WOLFSSL_BIO* pair; /* BIO paired with */ |
wolfSSL | 15:117db924cf7c | 1528 | void* heap; /* user heap hint */ |
wolfSSL | 15:117db924cf7c | 1529 | byte* mem; /* memory buffer */ |
wolfSSL | 15:117db924cf7c | 1530 | int wrSz; /* write buffer size (mem) */ |
wolfSSL | 15:117db924cf7c | 1531 | int wrIdx; /* current index for write buffer */ |
wolfSSL | 15:117db924cf7c | 1532 | int rdIdx; /* current read index */ |
wolfSSL | 15:117db924cf7c | 1533 | int readRq; /* read request */ |
wolfSSL | 15:117db924cf7c | 1534 | int memLen; /* memory buffer length */ |
wolfSSL | 15:117db924cf7c | 1535 | int fd; /* possible file descriptor */ |
wolfSSL | 15:117db924cf7c | 1536 | int eof; /* eof flag */ |
wolfSSL | 15:117db924cf7c | 1537 | int flags; |
wolfSSL | 15:117db924cf7c | 1538 | byte type; /* method type */ |
wolfSSL | 15:117db924cf7c | 1539 | byte close; /* close flag */ |
wolfSSL | 15:117db924cf7c | 1540 | }; |
wolfSSL | 15:117db924cf7c | 1541 | |
wolfSSL | 15:117db924cf7c | 1542 | |
wolfSSL | 15:117db924cf7c | 1543 | /* wolfSSL method type */ |
wolfSSL | 15:117db924cf7c | 1544 | struct WOLFSSL_METHOD { |
wolfSSL | 15:117db924cf7c | 1545 | ProtocolVersion version; |
wolfSSL | 15:117db924cf7c | 1546 | byte side; /* connection side, server or client */ |
wolfSSL | 15:117db924cf7c | 1547 | byte downgrade; /* whether to downgrade version, default no */ |
wolfSSL | 15:117db924cf7c | 1548 | }; |
wolfSSL | 15:117db924cf7c | 1549 | |
wolfSSL | 15:117db924cf7c | 1550 | /* wolfSSL buffer type - internal uses "buffer" type */ |
wolfSSL | 15:117db924cf7c | 1551 | typedef WOLFSSL_BUFFER_INFO buffer; |
wolfSSL | 15:117db924cf7c | 1552 | |
wolfSSL | 15:117db924cf7c | 1553 | typedef struct Suites Suites; |
wolfSSL | 15:117db924cf7c | 1554 | |
wolfSSL | 15:117db924cf7c | 1555 | |
wolfSSL | 15:117db924cf7c | 1556 | /* defaults to client */ |
wolfSSL | 15:117db924cf7c | 1557 | WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion); |
wolfSSL | 15:117db924cf7c | 1558 | |
wolfSSL | 15:117db924cf7c | 1559 | /* for sniffer */ |
wolfSSL | 15:117db924cf7c | 1560 | WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, |
wolfSSL | 15:117db924cf7c | 1561 | word32 size, word32 totalSz, int sniff); |
wolfSSL | 15:117db924cf7c | 1562 | WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx); |
wolfSSL | 15:117db924cf7c | 1563 | /* TLS v1.3 needs these */ |
wolfSSL | 15:117db924cf7c | 1564 | WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID, |
wolfSSL | 15:117db924cf7c | 1565 | Suites* clSuites); |
wolfSSL | 15:117db924cf7c | 1566 | WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*, |
wolfSSL | 15:117db924cf7c | 1567 | word32); |
wolfSSL | 15:117db924cf7c | 1568 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 1569 | WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, |
wolfSSL | 15:117db924cf7c | 1570 | word32* inOutIdx, word32 helloSz); |
wolfSSL | 15:117db924cf7c | 1571 | #endif |
wolfSSL | 15:117db924cf7c | 1572 | WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*, |
wolfSSL | 15:117db924cf7c | 1573 | word32); |
wolfSSL | 15:117db924cf7c | 1574 | WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl); |
wolfSSL | 15:117db924cf7c | 1575 | WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv); |
wolfSSL | 15:117db924cf7c | 1576 | WOLFSSL_LOCAL void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, |
wolfSSL | 15:117db924cf7c | 1577 | word32 hashSigAlgoSz); |
wolfSSL | 15:117db924cf7c | 1578 | WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length); |
wolfSSL | 15:117db924cf7c | 1579 | #ifdef HAVE_PK_CALLBACKS |
wolfSSL | 15:117db924cf7c | 1580 | WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 1581 | #ifndef NO_ASN |
wolfSSL | 15:117db924cf7c | 1582 | WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx); |
wolfSSL | 15:117db924cf7c | 1583 | #endif |
wolfSSL | 15:117db924cf7c | 1584 | #endif |
wolfSSL | 15:117db924cf7c | 1585 | WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 1586 | WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size); |
wolfSSL | 15:117db924cf7c | 1587 | WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); |
wolfSSL | 15:117db924cf7c | 1588 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 1589 | WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain); |
wolfSSL | 15:117db924cf7c | 1590 | #endif |
wolfSSL | 15:117db924cf7c | 1591 | WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 1592 | WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz); |
wolfSSL | 15:117db924cf7c | 1593 | WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz, |
wolfSSL | 15:117db924cf7c | 1594 | int ivSz); |
wolfSSL | 15:117db924cf7c | 1595 | WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); |
wolfSSL | 15:117db924cf7c | 1596 | #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 15:117db924cf7c | 1597 | WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 1598 | #endif |
wolfSSL | 15:117db924cf7c | 1599 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 1600 | WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, |
wolfSSL | 15:117db924cf7c | 1601 | word16 sz, const byte* aad, word16 aadSz); |
wolfSSL | 15:117db924cf7c | 1602 | WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, |
wolfSSL | 15:117db924cf7c | 1603 | word32* inOutIdx, byte type, |
wolfSSL | 15:117db924cf7c | 1604 | word32 size, word32 totalSz); |
wolfSSL | 15:117db924cf7c | 1605 | WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, |
wolfSSL | 15:117db924cf7c | 1606 | word32* inOutIdx, word32 totalSz); |
wolfSSL | 15:117db924cf7c | 1607 | WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, |
wolfSSL | 15:117db924cf7c | 1608 | word32* inOutIdx, word32 helloSz, |
wolfSSL | 15:117db924cf7c | 1609 | byte* extMsgType); |
wolfSSL | 15:117db924cf7c | 1610 | #endif |
wolfSSL | 15:117db924cf7c | 1611 | int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, |
wolfSSL | 15:117db924cf7c | 1612 | int pLen, int content); |
wolfSSL | 15:117db924cf7c | 1613 | |
wolfSSL | 15:117db924cf7c | 1614 | |
wolfSSL | 15:117db924cf7c | 1615 | enum { |
wolfSSL | 15:117db924cf7c | 1616 | FORCED_FREE = 1, |
wolfSSL | 15:117db924cf7c | 1617 | NO_FORCED_FREE = 0 |
wolfSSL | 15:117db924cf7c | 1618 | }; |
wolfSSL | 15:117db924cf7c | 1619 | |
wolfSSL | 15:117db924cf7c | 1620 | |
wolfSSL | 15:117db924cf7c | 1621 | /* only use compression extra if using compression */ |
wolfSSL | 15:117db924cf7c | 1622 | #ifdef HAVE_LIBZ |
wolfSSL | 15:117db924cf7c | 1623 | #define COMP_EXTRA MAX_COMP_EXTRA |
wolfSSL | 15:117db924cf7c | 1624 | #else |
wolfSSL | 15:117db924cf7c | 1625 | #define COMP_EXTRA 0 |
wolfSSL | 15:117db924cf7c | 1626 | #endif |
wolfSSL | 15:117db924cf7c | 1627 | |
wolfSSL | 15:117db924cf7c | 1628 | /* only the sniffer needs space in the buffer for extra MTU record(s) */ |
wolfSSL | 15:117db924cf7c | 1629 | #ifdef WOLFSSL_SNIFFER |
wolfSSL | 15:117db924cf7c | 1630 | #define MTU_EXTRA MAX_MTU * 3 |
wolfSSL | 15:117db924cf7c | 1631 | #else |
wolfSSL | 15:117db924cf7c | 1632 | #define MTU_EXTRA 0 |
wolfSSL | 15:117db924cf7c | 1633 | #endif |
wolfSSL | 15:117db924cf7c | 1634 | |
wolfSSL | 15:117db924cf7c | 1635 | |
wolfSSL | 15:117db924cf7c | 1636 | /* embedded callbacks require large static buffers, make sure on */ |
wolfSSL | 15:117db924cf7c | 1637 | #ifdef WOLFSSL_CALLBACKS |
wolfSSL | 15:117db924cf7c | 1638 | #undef LARGE_STATIC_BUFFERS |
wolfSSL | 15:117db924cf7c | 1639 | #define LARGE_STATIC_BUFFERS |
wolfSSL | 15:117db924cf7c | 1640 | #endif |
wolfSSL | 15:117db924cf7c | 1641 | |
wolfSSL | 15:117db924cf7c | 1642 | |
wolfSSL | 15:117db924cf7c | 1643 | /* give user option to use 16K static buffers */ |
wolfSSL | 15:117db924cf7c | 1644 | #if defined(LARGE_STATIC_BUFFERS) |
wolfSSL | 15:117db924cf7c | 1645 | #define RECORD_SIZE MAX_RECORD_SIZE |
wolfSSL | 15:117db924cf7c | 1646 | #else |
wolfSSL | 15:117db924cf7c | 1647 | #ifdef WOLFSSL_DTLS |
wolfSSL | 15:117db924cf7c | 1648 | #define RECORD_SIZE MAX_MTU |
wolfSSL | 15:117db924cf7c | 1649 | #else |
wolfSSL | 15:117db924cf7c | 1650 | #define RECORD_SIZE 128 |
wolfSSL | 15:117db924cf7c | 1651 | #endif |
wolfSSL | 15:117db924cf7c | 1652 | #endif |
wolfSSL | 15:117db924cf7c | 1653 | |
wolfSSL | 15:117db924cf7c | 1654 | |
wolfSSL | 15:117db924cf7c | 1655 | /* user option to turn off 16K output option */ |
wolfSSL | 15:117db924cf7c | 1656 | /* if using small static buffers (default) and SSL_write tries to write data |
wolfSSL | 15:117db924cf7c | 1657 | larger than the record we have, dynamically get it, unless user says only |
wolfSSL | 15:117db924cf7c | 1658 | write in static buffer chunks */ |
wolfSSL | 15:117db924cf7c | 1659 | #ifndef STATIC_CHUNKS_ONLY |
wolfSSL | 15:117db924cf7c | 1660 | #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE |
wolfSSL | 15:117db924cf7c | 1661 | #else |
wolfSSL | 15:117db924cf7c | 1662 | #define OUTPUT_RECORD_SIZE RECORD_SIZE |
wolfSSL | 15:117db924cf7c | 1663 | #endif |
wolfSSL | 15:117db924cf7c | 1664 | |
wolfSSL | 15:117db924cf7c | 1665 | /* wolfSSL input buffer |
wolfSSL | 15:117db924cf7c | 1666 | |
wolfSSL | 15:117db924cf7c | 1667 | RFC 2246: |
wolfSSL | 15:117db924cf7c | 1668 | |
wolfSSL | 15:117db924cf7c | 1669 | length |
wolfSSL | 15:117db924cf7c | 1670 | The length (in bytes) of the following TLSPlaintext.fragment. |
wolfSSL | 15:117db924cf7c | 1671 | The length should not exceed 2^14. |
wolfSSL | 15:117db924cf7c | 1672 | */ |
wolfSSL | 15:117db924cf7c | 1673 | #if defined(LARGE_STATIC_BUFFERS) |
wolfSSL | 15:117db924cf7c | 1674 | #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ |
wolfSSL | 15:117db924cf7c | 1675 | MTU_EXTRA + MAX_MSG_EXTRA |
wolfSSL | 15:117db924cf7c | 1676 | #else |
wolfSSL | 15:117db924cf7c | 1677 | /* don't fragment memory from the record header */ |
wolfSSL | 15:117db924cf7c | 1678 | #define STATIC_BUFFER_LEN RECORD_HEADER_SZ |
wolfSSL | 15:117db924cf7c | 1679 | #endif |
wolfSSL | 15:117db924cf7c | 1680 | |
wolfSSL | 15:117db924cf7c | 1681 | typedef struct { |
wolfSSL | 15:117db924cf7c | 1682 | ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; |
wolfSSL | 15:117db924cf7c | 1683 | byte* buffer; /* place holder for static or dynamic buffer */ |
wolfSSL | 15:117db924cf7c | 1684 | word32 length; /* total buffer length used */ |
wolfSSL | 15:117db924cf7c | 1685 | word32 idx; /* idx to part of length already consumed */ |
wolfSSL | 15:117db924cf7c | 1686 | word32 bufferSize; /* current buffer size */ |
wolfSSL | 15:117db924cf7c | 1687 | byte dynamicFlag; /* dynamic memory currently in use */ |
wolfSSL | 15:117db924cf7c | 1688 | byte offset; /* alignment offset attempt */ |
wolfSSL | 15:117db924cf7c | 1689 | } bufferStatic; |
wolfSSL | 15:117db924cf7c | 1690 | |
wolfSSL | 15:117db924cf7c | 1691 | /* Cipher Suites holder */ |
wolfSSL | 15:117db924cf7c | 1692 | struct Suites { |
wolfSSL | 15:117db924cf7c | 1693 | word16 suiteSz; /* suite length in bytes */ |
wolfSSL | 15:117db924cf7c | 1694 | word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ |
wolfSSL | 15:117db924cf7c | 1695 | byte suites[WOLFSSL_MAX_SUITE_SZ]; |
wolfSSL | 15:117db924cf7c | 1696 | byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */ |
wolfSSL | 15:117db924cf7c | 1697 | byte setSuites; /* user set suites from default */ |
wolfSSL | 15:117db924cf7c | 1698 | byte hashAlgo; /* selected hash algorithm */ |
wolfSSL | 15:117db924cf7c | 1699 | byte sigAlgo; /* selected sig algorithm */ |
wolfSSL | 15:117db924cf7c | 1700 | }; |
wolfSSL | 15:117db924cf7c | 1701 | |
wolfSSL | 15:117db924cf7c | 1702 | |
wolfSSL | 15:117db924cf7c | 1703 | WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, |
wolfSSL | 15:117db924cf7c | 1704 | int haveRSAsig, int haveAnon, |
wolfSSL | 15:117db924cf7c | 1705 | int tls1_2, int keySz); |
wolfSSL | 15:117db924cf7c | 1706 | WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16, |
wolfSSL | 15:117db924cf7c | 1707 | word16, word16, word16, word16, word16, int); |
wolfSSL | 15:117db924cf7c | 1708 | WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites); |
wolfSSL | 15:117db924cf7c | 1709 | WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list); |
wolfSSL | 15:117db924cf7c | 1710 | |
wolfSSL | 15:117db924cf7c | 1711 | #ifndef PSK_TYPES_DEFINED |
wolfSSL | 15:117db924cf7c | 1712 | typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*, |
wolfSSL | 15:117db924cf7c | 1713 | unsigned int, unsigned char*, unsigned int); |
wolfSSL | 15:117db924cf7c | 1714 | typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*, |
wolfSSL | 15:117db924cf7c | 1715 | unsigned char*, unsigned int); |
wolfSSL | 15:117db924cf7c | 1716 | #endif /* PSK_TYPES_DEFINED */ |
wolfSSL | 15:117db924cf7c | 1717 | #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \ |
wolfSSL | 15:117db924cf7c | 1718 | !defined(WOLFSSL_DTLS_EXPORT_TYPES) |
wolfSSL | 15:117db924cf7c | 1719 | typedef int (*wc_dtls_export)(WOLFSSL* ssl, |
wolfSSL | 15:117db924cf7c | 1720 | unsigned char* exportBuffer, unsigned int sz, void* userCtx); |
wolfSSL | 15:117db924cf7c | 1721 | #define WOLFSSL_DTLS_EXPORT_TYPES |
wolfSSL | 15:117db924cf7c | 1722 | #endif /* WOLFSSL_DTLS_EXPORT_TYPES */ |
wolfSSL | 15:117db924cf7c | 1723 | |
wolfSSL | 15:117db924cf7c | 1724 | |
wolfSSL | 15:117db924cf7c | 1725 | /* wolfSSL Cipher type just points back to SSL */ |
wolfSSL | 15:117db924cf7c | 1726 | struct WOLFSSL_CIPHER { |
wolfSSL | 15:117db924cf7c | 1727 | WOLFSSL* ssl; |
wolfSSL | 15:117db924cf7c | 1728 | }; |
wolfSSL | 15:117db924cf7c | 1729 | |
wolfSSL | 15:117db924cf7c | 1730 | |
wolfSSL | 15:117db924cf7c | 1731 | typedef struct OcspEntry OcspEntry; |
wolfSSL | 15:117db924cf7c | 1732 | |
wolfSSL | 15:117db924cf7c | 1733 | #ifdef NO_SHA |
wolfSSL | 15:117db924cf7c | 1734 | #define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE |
wolfSSL | 15:117db924cf7c | 1735 | #else |
wolfSSL | 15:117db924cf7c | 1736 | #define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE |
wolfSSL | 15:117db924cf7c | 1737 | #endif |
wolfSSL | 15:117db924cf7c | 1738 | |
wolfSSL | 15:117db924cf7c | 1739 | #ifdef NO_ASN |
wolfSSL | 15:117db924cf7c | 1740 | /* no_asn won't have */ |
wolfSSL | 15:117db924cf7c | 1741 | typedef struct CertStatus CertStatus; |
wolfSSL | 15:117db924cf7c | 1742 | #endif |
wolfSSL | 15:117db924cf7c | 1743 | |
wolfSSL | 15:117db924cf7c | 1744 | struct OcspEntry { |
wolfSSL | 15:117db924cf7c | 1745 | OcspEntry* next; /* next entry */ |
wolfSSL | 15:117db924cf7c | 1746 | byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */ |
wolfSSL | 15:117db924cf7c | 1747 | byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */ |
wolfSSL | 15:117db924cf7c | 1748 | CertStatus* status; /* OCSP response list */ |
wolfSSL | 15:117db924cf7c | 1749 | int totalStatus; /* number on list */ |
wolfSSL | 15:117db924cf7c | 1750 | }; |
wolfSSL | 15:117db924cf7c | 1751 | |
wolfSSL | 15:117db924cf7c | 1752 | |
wolfSSL | 15:117db924cf7c | 1753 | #ifndef HAVE_OCSP |
wolfSSL | 15:117db924cf7c | 1754 | typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; |
wolfSSL | 15:117db924cf7c | 1755 | #endif |
wolfSSL | 15:117db924cf7c | 1756 | |
wolfSSL | 15:117db924cf7c | 1757 | /* wolfSSL OCSP controller */ |
wolfSSL | 15:117db924cf7c | 1758 | struct WOLFSSL_OCSP { |
wolfSSL | 15:117db924cf7c | 1759 | WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ |
wolfSSL | 15:117db924cf7c | 1760 | OcspEntry* ocspList; /* OCSP response list */ |
wolfSSL | 15:117db924cf7c | 1761 | wolfSSL_Mutex ocspLock; /* OCSP list lock */ |
wolfSSL | 15:117db924cf7c | 1762 | #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ |
wolfSSL | 15:117db924cf7c | 1763 | defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 15:117db924cf7c | 1764 | int(*statusCb)(WOLFSSL*, void*); |
wolfSSL | 15:117db924cf7c | 1765 | #endif |
wolfSSL | 15:117db924cf7c | 1766 | }; |
wolfSSL | 15:117db924cf7c | 1767 | |
wolfSSL | 15:117db924cf7c | 1768 | #ifndef MAX_DATE_SIZE |
wolfSSL | 15:117db924cf7c | 1769 | #define MAX_DATE_SIZE 32 |
wolfSSL | 15:117db924cf7c | 1770 | #endif |
wolfSSL | 15:117db924cf7c | 1771 | |
wolfSSL | 15:117db924cf7c | 1772 | typedef struct CRL_Entry CRL_Entry; |
wolfSSL | 15:117db924cf7c | 1773 | |
wolfSSL | 15:117db924cf7c | 1774 | #ifdef NO_SHA |
wolfSSL | 15:117db924cf7c | 1775 | #define CRL_DIGEST_SIZE WC_SHA256_DIGEST_SIZE |
wolfSSL | 15:117db924cf7c | 1776 | #else |
wolfSSL | 15:117db924cf7c | 1777 | #define CRL_DIGEST_SIZE WC_SHA_DIGEST_SIZE |
wolfSSL | 15:117db924cf7c | 1778 | #endif |
wolfSSL | 15:117db924cf7c | 1779 | |
wolfSSL | 15:117db924cf7c | 1780 | #ifdef NO_ASN |
wolfSSL | 15:117db924cf7c | 1781 | typedef struct RevokedCert RevokedCert; |
wolfSSL | 15:117db924cf7c | 1782 | #endif |
wolfSSL | 15:117db924cf7c | 1783 | |
wolfSSL | 15:117db924cf7c | 1784 | /* Complete CRL */ |
wolfSSL | 15:117db924cf7c | 1785 | struct CRL_Entry { |
wolfSSL | 15:117db924cf7c | 1786 | CRL_Entry* next; /* next entry */ |
wolfSSL | 15:117db924cf7c | 1787 | byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ |
wolfSSL | 15:117db924cf7c | 1788 | /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ |
wolfSSL | 15:117db924cf7c | 1789 | /* restore the hash here if needed for optimized comparisons */ |
wolfSSL | 15:117db924cf7c | 1790 | byte lastDate[MAX_DATE_SIZE]; /* last date updated */ |
wolfSSL | 15:117db924cf7c | 1791 | byte nextDate[MAX_DATE_SIZE]; /* next update date */ |
wolfSSL | 15:117db924cf7c | 1792 | byte lastDateFormat; /* last date format */ |
wolfSSL | 15:117db924cf7c | 1793 | byte nextDateFormat; /* next date format */ |
wolfSSL | 15:117db924cf7c | 1794 | RevokedCert* certs; /* revoked cert list */ |
wolfSSL | 15:117db924cf7c | 1795 | int totalCerts; /* number on list */ |
wolfSSL | 15:117db924cf7c | 1796 | int verified; |
wolfSSL | 15:117db924cf7c | 1797 | byte* toBeSigned; |
wolfSSL | 15:117db924cf7c | 1798 | word32 tbsSz; |
wolfSSL | 15:117db924cf7c | 1799 | byte* signature; |
wolfSSL | 15:117db924cf7c | 1800 | word32 signatureSz; |
wolfSSL | 15:117db924cf7c | 1801 | word32 signatureOID; |
wolfSSL | 15:117db924cf7c | 1802 | #if !defined(NO_SKID) && defined(CRL_SKID_READY) |
wolfSSL | 15:117db924cf7c | 1803 | byte extAuthKeyIdSet; |
wolfSSL | 15:117db924cf7c | 1804 | byte extAuthKeyId[KEYID_SIZE]; |
wolfSSL | 15:117db924cf7c | 1805 | #endif |
wolfSSL | 15:117db924cf7c | 1806 | }; |
wolfSSL | 15:117db924cf7c | 1807 | |
wolfSSL | 15:117db924cf7c | 1808 | |
wolfSSL | 15:117db924cf7c | 1809 | typedef struct CRL_Monitor CRL_Monitor; |
wolfSSL | 15:117db924cf7c | 1810 | |
wolfSSL | 15:117db924cf7c | 1811 | /* CRL directory monitor */ |
wolfSSL | 15:117db924cf7c | 1812 | struct CRL_Monitor { |
wolfSSL | 15:117db924cf7c | 1813 | char* path; /* full dir path, if valid pointer we're using */ |
wolfSSL | 15:117db924cf7c | 1814 | int type; /* PEM or ASN1 type */ |
wolfSSL | 15:117db924cf7c | 1815 | }; |
wolfSSL | 15:117db924cf7c | 1816 | |
wolfSSL | 15:117db924cf7c | 1817 | |
wolfSSL | 15:117db924cf7c | 1818 | #if defined(HAVE_CRL) && defined(NO_FILESYSTEM) |
wolfSSL | 15:117db924cf7c | 1819 | #undef HAVE_CRL_MONITOR |
wolfSSL | 15:117db924cf7c | 1820 | #endif |
wolfSSL | 15:117db924cf7c | 1821 | |
wolfSSL | 15:117db924cf7c | 1822 | /* wolfSSL CRL controller */ |
wolfSSL | 15:117db924cf7c | 1823 | struct WOLFSSL_CRL { |
wolfSSL | 15:117db924cf7c | 1824 | WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ |
wolfSSL | 15:117db924cf7c | 1825 | CRL_Entry* crlList; /* our CRL list */ |
wolfSSL | 15:117db924cf7c | 1826 | #ifdef HAVE_CRL_IO |
wolfSSL | 15:117db924cf7c | 1827 | CbCrlIO crlIOCb; |
wolfSSL | 15:117db924cf7c | 1828 | #endif |
wolfSSL | 15:117db924cf7c | 1829 | wolfSSL_Mutex crlLock; /* CRL list lock */ |
wolfSSL | 15:117db924cf7c | 1830 | CRL_Monitor monitors[2]; /* PEM and DER possible */ |
wolfSSL | 15:117db924cf7c | 1831 | #ifdef HAVE_CRL_MONITOR |
wolfSSL | 15:117db924cf7c | 1832 | pthread_cond_t cond; /* condition to signal setup */ |
wolfSSL | 15:117db924cf7c | 1833 | pthread_t tid; /* monitoring thread */ |
wolfSSL | 15:117db924cf7c | 1834 | int mfd; /* monitor fd, -1 if no init yet */ |
wolfSSL | 15:117db924cf7c | 1835 | int setup; /* thread is setup predicate */ |
wolfSSL | 15:117db924cf7c | 1836 | #endif |
wolfSSL | 15:117db924cf7c | 1837 | void* heap; /* heap hint for dynamic memory */ |
wolfSSL | 15:117db924cf7c | 1838 | }; |
wolfSSL | 15:117db924cf7c | 1839 | |
wolfSSL | 15:117db924cf7c | 1840 | |
wolfSSL | 15:117db924cf7c | 1841 | #ifdef NO_ASN |
wolfSSL | 15:117db924cf7c | 1842 | typedef struct Signer Signer; |
wolfSSL | 15:117db924cf7c | 1843 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 15:117db924cf7c | 1844 | typedef struct TrustedPeerCert TrustedPeerCert; |
wolfSSL | 15:117db924cf7c | 1845 | #endif |
wolfSSL | 15:117db924cf7c | 1846 | #endif |
wolfSSL | 15:117db924cf7c | 1847 | |
wolfSSL | 15:117db924cf7c | 1848 | |
wolfSSL | 15:117db924cf7c | 1849 | #ifndef CA_TABLE_SIZE |
wolfSSL | 15:117db924cf7c | 1850 | #define CA_TABLE_SIZE 11 |
wolfSSL | 15:117db924cf7c | 1851 | #endif |
wolfSSL | 15:117db924cf7c | 1852 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 15:117db924cf7c | 1853 | #define TP_TABLE_SIZE 11 |
wolfSSL | 15:117db924cf7c | 1854 | #endif |
wolfSSL | 15:117db924cf7c | 1855 | |
wolfSSL | 15:117db924cf7c | 1856 | /* wolfSSL Certificate Manager */ |
wolfSSL | 15:117db924cf7c | 1857 | struct WOLFSSL_CERT_MANAGER { |
wolfSSL | 15:117db924cf7c | 1858 | Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */ |
wolfSSL | 15:117db924cf7c | 1859 | void* heap; /* heap helper */ |
wolfSSL | 15:117db924cf7c | 1860 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 15:117db924cf7c | 1861 | TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */ |
wolfSSL | 15:117db924cf7c | 1862 | wolfSSL_Mutex tpLock; /* trusted peer list lock */ |
wolfSSL | 15:117db924cf7c | 1863 | #endif |
wolfSSL | 15:117db924cf7c | 1864 | WOLFSSL_CRL* crl; /* CRL checker */ |
wolfSSL | 15:117db924cf7c | 1865 | WOLFSSL_OCSP* ocsp; /* OCSP checker */ |
wolfSSL | 15:117db924cf7c | 1866 | #if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ |
wolfSSL | 15:117db924cf7c | 1867 | || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) |
wolfSSL | 15:117db924cf7c | 1868 | WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */ |
wolfSSL | 15:117db924cf7c | 1869 | #endif |
wolfSSL | 15:117db924cf7c | 1870 | char* ocspOverrideURL; /* use this responder */ |
wolfSSL | 15:117db924cf7c | 1871 | void* ocspIOCtx; /* I/O callback CTX */ |
wolfSSL | 15:117db924cf7c | 1872 | CallbackCACache caCacheCallback; /* CA cache addition callback */ |
wolfSSL | 15:117db924cf7c | 1873 | CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ |
wolfSSL | 15:117db924cf7c | 1874 | CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ |
wolfSSL | 15:117db924cf7c | 1875 | CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ |
wolfSSL | 15:117db924cf7c | 1876 | wolfSSL_Mutex caLock; /* CA list lock */ |
wolfSSL | 15:117db924cf7c | 1877 | byte crlEnabled; /* is CRL on ? */ |
wolfSSL | 15:117db924cf7c | 1878 | byte crlCheckAll; /* always leaf, but all ? */ |
wolfSSL | 15:117db924cf7c | 1879 | byte ocspEnabled; /* is OCSP on ? */ |
wolfSSL | 15:117db924cf7c | 1880 | byte ocspCheckAll; /* always leaf, but all ? */ |
wolfSSL | 15:117db924cf7c | 1881 | byte ocspSendNonce; /* send the OCSP nonce ? */ |
wolfSSL | 15:117db924cf7c | 1882 | byte ocspUseOverrideURL; /* ignore cert's responder, override */ |
wolfSSL | 15:117db924cf7c | 1883 | byte ocspStaplingEnabled; /* is OCSP Stapling on ? */ |
wolfSSL | 15:117db924cf7c | 1884 | |
wolfSSL | 15:117db924cf7c | 1885 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 1886 | short minRsaKeySz; /* minimum allowed RSA key size */ |
wolfSSL | 15:117db924cf7c | 1887 | #endif |
wolfSSL | 15:117db924cf7c | 1888 | #if defined(HAVE_ECC) || defined(HAVE_ED25519) |
wolfSSL | 15:117db924cf7c | 1889 | short minEccKeySz; /* minimum allowed ECC key size */ |
wolfSSL | 15:117db924cf7c | 1890 | #endif |
wolfSSL | 15:117db924cf7c | 1891 | }; |
wolfSSL | 15:117db924cf7c | 1892 | |
wolfSSL | 15:117db924cf7c | 1893 | WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); |
wolfSSL | 15:117db924cf7c | 1894 | WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*); |
wolfSSL | 15:117db924cf7c | 1895 | WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*); |
wolfSSL | 15:117db924cf7c | 1896 | WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int); |
wolfSSL | 15:117db924cf7c | 1897 | WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*); |
wolfSSL | 15:117db924cf7c | 1898 | |
wolfSSL | 15:117db924cf7c | 1899 | /* wolfSSL Sock Addr */ |
wolfSSL | 15:117db924cf7c | 1900 | struct WOLFSSL_SOCKADDR { |
wolfSSL | 15:117db924cf7c | 1901 | unsigned int sz; /* sockaddr size */ |
wolfSSL | 15:117db924cf7c | 1902 | void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */ |
wolfSSL | 15:117db924cf7c | 1903 | }; |
wolfSSL | 15:117db924cf7c | 1904 | |
wolfSSL | 15:117db924cf7c | 1905 | typedef struct WOLFSSL_DTLS_CTX { |
wolfSSL | 15:117db924cf7c | 1906 | WOLFSSL_SOCKADDR peer; |
wolfSSL | 15:117db924cf7c | 1907 | int rfd; |
wolfSSL | 15:117db924cf7c | 1908 | int wfd; |
wolfSSL | 15:117db924cf7c | 1909 | } WOLFSSL_DTLS_CTX; |
wolfSSL | 15:117db924cf7c | 1910 | |
wolfSSL | 15:117db924cf7c | 1911 | |
wolfSSL | 15:117db924cf7c | 1912 | typedef struct WOLFSSL_DTLS_PEERSEQ { |
wolfSSL | 15:117db924cf7c | 1913 | word32 window[WOLFSSL_DTLS_WINDOW_WORDS]; |
wolfSSL | 15:117db924cf7c | 1914 | /* Sliding window for current epoch */ |
wolfSSL | 15:117db924cf7c | 1915 | word16 nextEpoch; /* Expected epoch in next record */ |
wolfSSL | 15:117db924cf7c | 1916 | word16 nextSeq_hi; /* Expected sequence in next record */ |
wolfSSL | 15:117db924cf7c | 1917 | word32 nextSeq_lo; |
wolfSSL | 15:117db924cf7c | 1918 | |
wolfSSL | 15:117db924cf7c | 1919 | word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS]; |
wolfSSL | 15:117db924cf7c | 1920 | /* Sliding window for old epoch */ |
wolfSSL | 15:117db924cf7c | 1921 | word32 prevSeq_lo; |
wolfSSL | 15:117db924cf7c | 1922 | word16 prevSeq_hi; /* Next sequence in allowed old epoch */ |
wolfSSL | 15:117db924cf7c | 1923 | |
wolfSSL | 15:117db924cf7c | 1924 | #ifdef WOLFSSL_MULTICAST |
wolfSSL | 15:117db924cf7c | 1925 | word16 peerId; |
wolfSSL | 15:117db924cf7c | 1926 | word32 highwaterMark; |
wolfSSL | 15:117db924cf7c | 1927 | #endif |
wolfSSL | 15:117db924cf7c | 1928 | } WOLFSSL_DTLS_PEERSEQ; |
wolfSSL | 15:117db924cf7c | 1929 | |
wolfSSL | 15:117db924cf7c | 1930 | |
wolfSSL | 15:117db924cf7c | 1931 | #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */ |
wolfSSL | 15:117db924cf7c | 1932 | |
wolfSSL | 15:117db924cf7c | 1933 | /* keys and secrets |
wolfSSL | 15:117db924cf7c | 1934 | * keep as a constant size (no additional ifdefs) for session export */ |
wolfSSL | 15:117db924cf7c | 1935 | typedef struct Keys { |
wolfSSL | 15:117db924cf7c | 1936 | byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */ |
wolfSSL | 15:117db924cf7c | 1937 | byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE]; |
wolfSSL | 15:117db924cf7c | 1938 | byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */ |
wolfSSL | 15:117db924cf7c | 1939 | byte server_write_key[MAX_SYM_KEY_SIZE]; |
wolfSSL | 15:117db924cf7c | 1940 | byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */ |
wolfSSL | 15:117db924cf7c | 1941 | byte server_write_IV[MAX_WRITE_IV_SZ]; |
wolfSSL | 15:117db924cf7c | 1942 | #if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT) |
wolfSSL | 15:117db924cf7c | 1943 | byte aead_exp_IV[AEAD_MAX_EXP_SZ]; |
wolfSSL | 15:117db924cf7c | 1944 | byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ]; |
wolfSSL | 15:117db924cf7c | 1945 | byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ]; |
wolfSSL | 15:117db924cf7c | 1946 | #endif |
wolfSSL | 15:117db924cf7c | 1947 | |
wolfSSL | 15:117db924cf7c | 1948 | word32 peer_sequence_number_hi; |
wolfSSL | 15:117db924cf7c | 1949 | word32 peer_sequence_number_lo; |
wolfSSL | 15:117db924cf7c | 1950 | word32 sequence_number_hi; |
wolfSSL | 15:117db924cf7c | 1951 | word32 sequence_number_lo; |
wolfSSL | 15:117db924cf7c | 1952 | |
wolfSSL | 15:117db924cf7c | 1953 | #ifdef WOLFSSL_DTLS |
wolfSSL | 15:117db924cf7c | 1954 | word16 curEpoch; /* Received epoch in current record */ |
wolfSSL | 15:117db924cf7c | 1955 | word16 curSeq_hi; /* Received sequence in current record */ |
wolfSSL | 15:117db924cf7c | 1956 | word32 curSeq_lo; |
wolfSSL | 15:117db924cf7c | 1957 | #ifdef WOLFSSL_MULTICAST |
wolfSSL | 15:117db924cf7c | 1958 | byte curPeerId; /* Received peer group ID in current record */ |
wolfSSL | 15:117db924cf7c | 1959 | #endif |
wolfSSL | 15:117db924cf7c | 1960 | WOLFSSL_DTLS_PEERSEQ peerSeq[WOLFSSL_DTLS_PEERSEQ_SZ]; |
wolfSSL | 15:117db924cf7c | 1961 | |
wolfSSL | 15:117db924cf7c | 1962 | word16 dtls_peer_handshake_number; |
wolfSSL | 15:117db924cf7c | 1963 | word16 dtls_expected_peer_handshake_number; |
wolfSSL | 15:117db924cf7c | 1964 | |
wolfSSL | 15:117db924cf7c | 1965 | word16 dtls_epoch; /* Current epoch */ |
wolfSSL | 15:117db924cf7c | 1966 | word16 dtls_sequence_number_hi; /* Current epoch */ |
wolfSSL | 15:117db924cf7c | 1967 | word32 dtls_sequence_number_lo; |
wolfSSL | 15:117db924cf7c | 1968 | word16 dtls_prev_sequence_number_hi; /* Previous epoch */ |
wolfSSL | 15:117db924cf7c | 1969 | word32 dtls_prev_sequence_number_lo; |
wolfSSL | 15:117db924cf7c | 1970 | word16 dtls_handshake_number; /* Current tx handshake seq */ |
wolfSSL | 15:117db924cf7c | 1971 | #endif |
wolfSSL | 15:117db924cf7c | 1972 | |
wolfSSL | 15:117db924cf7c | 1973 | word32 encryptSz; /* last size of encrypted data */ |
wolfSSL | 15:117db924cf7c | 1974 | word32 padSz; /* how much to advance after decrypt part */ |
wolfSSL | 15:117db924cf7c | 1975 | byte encryptionOn; /* true after change cipher spec */ |
wolfSSL | 15:117db924cf7c | 1976 | byte decryptedCur; /* only decrypt current record once */ |
wolfSSL | 15:117db924cf7c | 1977 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 1978 | byte updateResponseReq:1; /* KeyUpdate response from peer required. */ |
wolfSSL | 15:117db924cf7c | 1979 | byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */ |
wolfSSL | 15:117db924cf7c | 1980 | #endif |
wolfSSL | 15:117db924cf7c | 1981 | } Keys; |
wolfSSL | 15:117db924cf7c | 1982 | |
wolfSSL | 15:117db924cf7c | 1983 | |
wolfSSL | 15:117db924cf7c | 1984 | |
wolfSSL | 15:117db924cf7c | 1985 | /** TLS Extensions - RFC 6066 */ |
wolfSSL | 15:117db924cf7c | 1986 | #ifdef HAVE_TLS_EXTENSIONS |
wolfSSL | 15:117db924cf7c | 1987 | |
wolfSSL | 15:117db924cf7c | 1988 | typedef enum { |
wolfSSL | 15:117db924cf7c | 1989 | TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */ |
wolfSSL | 15:117db924cf7c | 1990 | TLSX_MAX_FRAGMENT_LENGTH = 0x0001, |
wolfSSL | 15:117db924cf7c | 1991 | TLSX_TRUNCATED_HMAC = 0x0004, |
wolfSSL | 15:117db924cf7c | 1992 | TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */ |
wolfSSL | 15:117db924cf7c | 1993 | TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ |
wolfSSL | 15:117db924cf7c | 1994 | TLSX_EC_POINT_FORMATS = 0x000b, |
wolfSSL | 15:117db924cf7c | 1995 | TLSX_SIGNATURE_ALGORITHMS = 0x000d, |
wolfSSL | 15:117db924cf7c | 1996 | TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ |
wolfSSL | 15:117db924cf7c | 1997 | TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */ |
wolfSSL | 15:117db924cf7c | 1998 | TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */ |
wolfSSL | 15:117db924cf7c | 1999 | TLSX_SESSION_TICKET = 0x0023, |
wolfSSL | 15:117db924cf7c | 2000 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 2001 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 2002 | TLSX_PRE_SHARED_KEY = 0x0029, |
wolfSSL | 15:117db924cf7c | 2003 | #endif |
wolfSSL | 15:117db924cf7c | 2004 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 2005 | TLSX_EARLY_DATA = 0x002a, |
wolfSSL | 15:117db924cf7c | 2006 | #endif |
wolfSSL | 15:117db924cf7c | 2007 | TLSX_SUPPORTED_VERSIONS = 0x002b, |
wolfSSL | 15:117db924cf7c | 2008 | TLSX_COOKIE = 0x002c, |
wolfSSL | 15:117db924cf7c | 2009 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 2010 | TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d, |
wolfSSL | 15:117db924cf7c | 2011 | #endif |
wolfSSL | 15:117db924cf7c | 2012 | #ifdef WOLFSSL_POST_HANDSHAKE_AUTH |
wolfSSL | 15:117db924cf7c | 2013 | TLSX_POST_HANDSHAKE_AUTH = 0x0031, |
wolfSSL | 15:117db924cf7c | 2014 | #endif |
wolfSSL | 15:117db924cf7c | 2015 | #if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22) |
wolfSSL | 15:117db924cf7c | 2016 | TLSX_KEY_SHARE = 0x0028, |
wolfSSL | 15:117db924cf7c | 2017 | #else |
wolfSSL | 15:117db924cf7c | 2018 | TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032, |
wolfSSL | 15:117db924cf7c | 2019 | TLSX_KEY_SHARE = 0x0033, |
wolfSSL | 15:117db924cf7c | 2020 | #endif |
wolfSSL | 15:117db924cf7c | 2021 | #endif |
wolfSSL | 15:117db924cf7c | 2022 | TLSX_RENEGOTIATION_INFO = 0xff01 |
wolfSSL | 15:117db924cf7c | 2023 | } TLSX_Type; |
wolfSSL | 15:117db924cf7c | 2024 | |
wolfSSL | 15:117db924cf7c | 2025 | typedef struct TLSX { |
wolfSSL | 15:117db924cf7c | 2026 | TLSX_Type type; /* Extension Type */ |
wolfSSL | 15:117db924cf7c | 2027 | void* data; /* Extension Data */ |
wolfSSL | 15:117db924cf7c | 2028 | word32 val; /* Extension Value */ |
wolfSSL | 15:117db924cf7c | 2029 | byte resp; /* IsResponse Flag */ |
wolfSSL | 15:117db924cf7c | 2030 | struct TLSX* next; /* List Behavior */ |
wolfSSL | 15:117db924cf7c | 2031 | } TLSX; |
wolfSSL | 15:117db924cf7c | 2032 | |
wolfSSL | 15:117db924cf7c | 2033 | WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); |
wolfSSL | 15:117db924cf7c | 2034 | WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap); |
wolfSSL | 15:117db924cf7c | 2035 | WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap); |
wolfSSL | 15:117db924cf7c | 2036 | WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 2037 | WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest); |
wolfSSL | 15:117db924cf7c | 2038 | |
wolfSSL | 15:117db924cf7c | 2039 | #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) |
wolfSSL | 15:117db924cf7c | 2040 | WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, |
wolfSSL | 15:117db924cf7c | 2041 | word16* pLength); |
wolfSSL | 15:117db924cf7c | 2042 | WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, |
wolfSSL | 15:117db924cf7c | 2043 | byte msgType, word16* pOffset); |
wolfSSL | 15:117db924cf7c | 2044 | #endif |
wolfSSL | 15:117db924cf7c | 2045 | |
wolfSSL | 15:117db924cf7c | 2046 | #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 15:117db924cf7c | 2047 | /* TLS 1.3 Certificate messages have extensions. */ |
wolfSSL | 15:117db924cf7c | 2048 | WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, |
wolfSSL | 15:117db924cf7c | 2049 | word16* pLength); |
wolfSSL | 15:117db924cf7c | 2050 | WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, |
wolfSSL | 15:117db924cf7c | 2051 | word16* pOffset); |
wolfSSL | 15:117db924cf7c | 2052 | #endif |
wolfSSL | 15:117db924cf7c | 2053 | |
wolfSSL | 15:117db924cf7c | 2054 | WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 2055 | byte msgType, Suites *suites); |
wolfSSL | 15:117db924cf7c | 2056 | |
wolfSSL | 15:117db924cf7c | 2057 | #elif defined(HAVE_SNI) \ |
wolfSSL | 15:117db924cf7c | 2058 | || defined(HAVE_MAX_FRAGMENT) \ |
wolfSSL | 15:117db924cf7c | 2059 | || defined(HAVE_TRUNCATED_HMAC) \ |
wolfSSL | 15:117db924cf7c | 2060 | || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ |
wolfSSL | 15:117db924cf7c | 2061 | || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ |
wolfSSL | 15:117db924cf7c | 2062 | || defined(HAVE_SUPPORTED_CURVES) \ |
wolfSSL | 15:117db924cf7c | 2063 | || defined(HAVE_ALPN) \ |
wolfSSL | 15:117db924cf7c | 2064 | || defined(HAVE_QSH) \ |
wolfSSL | 15:117db924cf7c | 2065 | || defined(HAVE_SESSION_TICKET) \ |
wolfSSL | 15:117db924cf7c | 2066 | || defined(HAVE_SECURE_RENEGOTIATION) \ |
wolfSSL | 15:117db924cf7c | 2067 | || defined(HAVE_SERVER_RENEGOTIATION_INFO) |
wolfSSL | 15:117db924cf7c | 2068 | |
wolfSSL | 15:117db924cf7c | 2069 | #error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined. |
wolfSSL | 15:117db924cf7c | 2070 | |
wolfSSL | 15:117db924cf7c | 2071 | #endif /* HAVE_TLS_EXTENSIONS */ |
wolfSSL | 15:117db924cf7c | 2072 | |
wolfSSL | 15:117db924cf7c | 2073 | /** Server Name Indication - RFC 6066 (session 3) */ |
wolfSSL | 15:117db924cf7c | 2074 | #ifdef HAVE_SNI |
wolfSSL | 15:117db924cf7c | 2075 | |
wolfSSL | 15:117db924cf7c | 2076 | typedef struct SNI { |
wolfSSL | 15:117db924cf7c | 2077 | byte type; /* SNI Type */ |
wolfSSL | 15:117db924cf7c | 2078 | union { char* host_name; } data; /* SNI Data */ |
wolfSSL | 15:117db924cf7c | 2079 | struct SNI* next; /* List Behavior */ |
wolfSSL | 15:117db924cf7c | 2080 | byte status; /* Matching result */ |
wolfSSL | 15:117db924cf7c | 2081 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 2082 | byte options; /* Behavior options */ |
wolfSSL | 15:117db924cf7c | 2083 | #endif |
wolfSSL | 15:117db924cf7c | 2084 | } SNI; |
wolfSSL | 15:117db924cf7c | 2085 | |
wolfSSL | 15:117db924cf7c | 2086 | WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, |
wolfSSL | 15:117db924cf7c | 2087 | word16 size, void* heap); |
wolfSSL | 15:117db924cf7c | 2088 | WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); |
wolfSSL | 15:117db924cf7c | 2089 | WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, |
wolfSSL | 15:117db924cf7c | 2090 | void** data); |
wolfSSL | 15:117db924cf7c | 2091 | |
wolfSSL | 15:117db924cf7c | 2092 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 2093 | WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, |
wolfSSL | 15:117db924cf7c | 2094 | byte options); |
wolfSSL | 15:117db924cf7c | 2095 | WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz, |
wolfSSL | 15:117db924cf7c | 2096 | byte type, byte* sni, word32* inOutSz); |
wolfSSL | 15:117db924cf7c | 2097 | #endif |
wolfSSL | 15:117db924cf7c | 2098 | |
wolfSSL | 15:117db924cf7c | 2099 | #endif /* HAVE_SNI */ |
wolfSSL | 15:117db924cf7c | 2100 | |
wolfSSL | 15:117db924cf7c | 2101 | /* Application-Layer Protocol Negotiation - RFC 7301 */ |
wolfSSL | 15:117db924cf7c | 2102 | #ifdef HAVE_ALPN |
wolfSSL | 15:117db924cf7c | 2103 | typedef struct ALPN { |
wolfSSL | 15:117db924cf7c | 2104 | char* protocol_name; /* ALPN protocol name */ |
wolfSSL | 15:117db924cf7c | 2105 | struct ALPN* next; /* List Behavior */ |
wolfSSL | 15:117db924cf7c | 2106 | byte options; /* Behavior options */ |
wolfSSL | 15:117db924cf7c | 2107 | byte negotiated; /* ALPN protocol negotiated or not */ |
wolfSSL | 15:117db924cf7c | 2108 | } ALPN; |
wolfSSL | 15:117db924cf7c | 2109 | |
wolfSSL | 15:117db924cf7c | 2110 | WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions, |
wolfSSL | 15:117db924cf7c | 2111 | void** data, word16 *dataSz); |
wolfSSL | 15:117db924cf7c | 2112 | |
wolfSSL | 15:117db924cf7c | 2113 | WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data, |
wolfSSL | 15:117db924cf7c | 2114 | word16 size, byte options, void* heap); |
wolfSSL | 15:117db924cf7c | 2115 | |
wolfSSL | 15:117db924cf7c | 2116 | WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option); |
wolfSSL | 15:117db924cf7c | 2117 | |
wolfSSL | 15:117db924cf7c | 2118 | #endif /* HAVE_ALPN */ |
wolfSSL | 15:117db924cf7c | 2119 | |
wolfSSL | 15:117db924cf7c | 2120 | /** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */ |
wolfSSL | 15:117db924cf7c | 2121 | #ifdef HAVE_MAX_FRAGMENT |
wolfSSL | 15:117db924cf7c | 2122 | |
wolfSSL | 15:117db924cf7c | 2123 | WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap); |
wolfSSL | 15:117db924cf7c | 2124 | |
wolfSSL | 15:117db924cf7c | 2125 | #endif /* HAVE_MAX_FRAGMENT */ |
wolfSSL | 15:117db924cf7c | 2126 | |
wolfSSL | 15:117db924cf7c | 2127 | /** Truncated HMAC - RFC 6066 (session 7) */ |
wolfSSL | 15:117db924cf7c | 2128 | #ifdef HAVE_TRUNCATED_HMAC |
wolfSSL | 15:117db924cf7c | 2129 | |
wolfSSL | 15:117db924cf7c | 2130 | WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap); |
wolfSSL | 15:117db924cf7c | 2131 | |
wolfSSL | 15:117db924cf7c | 2132 | #endif /* HAVE_TRUNCATED_HMAC */ |
wolfSSL | 15:117db924cf7c | 2133 | |
wolfSSL | 15:117db924cf7c | 2134 | /** Certificate Status Request - RFC 6066 (session 8) */ |
wolfSSL | 15:117db924cf7c | 2135 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
wolfSSL | 15:117db924cf7c | 2136 | |
wolfSSL | 15:117db924cf7c | 2137 | typedef struct { |
wolfSSL | 15:117db924cf7c | 2138 | byte status_type; |
wolfSSL | 15:117db924cf7c | 2139 | byte options; |
wolfSSL | 15:117db924cf7c | 2140 | WOLFSSL* ssl; |
wolfSSL | 15:117db924cf7c | 2141 | union { |
wolfSSL | 15:117db924cf7c | 2142 | OcspRequest ocsp; |
wolfSSL | 15:117db924cf7c | 2143 | } request; |
wolfSSL | 15:117db924cf7c | 2144 | #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 15:117db924cf7c | 2145 | buffer response; |
wolfSSL | 15:117db924cf7c | 2146 | #endif |
wolfSSL | 15:117db924cf7c | 2147 | } CertificateStatusRequest; |
wolfSSL | 15:117db924cf7c | 2148 | |
wolfSSL | 15:117db924cf7c | 2149 | WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, |
wolfSSL | 15:117db924cf7c | 2150 | byte status_type, byte options, WOLFSSL* ssl, void* heap, int devId); |
wolfSSL | 15:117db924cf7c | 2151 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 2152 | WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, |
wolfSSL | 15:117db924cf7c | 2153 | void* heap); |
wolfSSL | 15:117db924cf7c | 2154 | #endif |
wolfSSL | 15:117db924cf7c | 2155 | WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); |
wolfSSL | 15:117db924cf7c | 2156 | WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 2157 | |
wolfSSL | 15:117db924cf7c | 2158 | #endif |
wolfSSL | 15:117db924cf7c | 2159 | |
wolfSSL | 15:117db924cf7c | 2160 | /** Certificate Status Request v2 - RFC 6961 */ |
wolfSSL | 15:117db924cf7c | 2161 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 |
wolfSSL | 15:117db924cf7c | 2162 | |
wolfSSL | 15:117db924cf7c | 2163 | typedef struct CSRIv2 { |
wolfSSL | 15:117db924cf7c | 2164 | byte status_type; |
wolfSSL | 15:117db924cf7c | 2165 | byte options; |
wolfSSL | 15:117db924cf7c | 2166 | word16 requests; |
wolfSSL | 15:117db924cf7c | 2167 | union { |
wolfSSL | 15:117db924cf7c | 2168 | OcspRequest ocsp[1 + MAX_CHAIN_DEPTH]; |
wolfSSL | 15:117db924cf7c | 2169 | } request; |
wolfSSL | 15:117db924cf7c | 2170 | struct CSRIv2* next; |
wolfSSL | 15:117db924cf7c | 2171 | } CertificateStatusRequestItemV2; |
wolfSSL | 15:117db924cf7c | 2172 | |
wolfSSL | 15:117db924cf7c | 2173 | WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, |
wolfSSL | 15:117db924cf7c | 2174 | byte status_type, byte options, void* heap, int devId); |
wolfSSL | 15:117db924cf7c | 2175 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 2176 | WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, |
wolfSSL | 15:117db924cf7c | 2177 | byte isPeer, void* heap); |
wolfSSL | 15:117db924cf7c | 2178 | #endif |
wolfSSL | 15:117db924cf7c | 2179 | WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, |
wolfSSL | 15:117db924cf7c | 2180 | byte index); |
wolfSSL | 15:117db924cf7c | 2181 | WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 2182 | |
wolfSSL | 15:117db924cf7c | 2183 | #endif |
wolfSSL | 15:117db924cf7c | 2184 | |
wolfSSL | 15:117db924cf7c | 2185 | /** Supported Elliptic Curves - RFC 4492 (session 4) */ |
wolfSSL | 15:117db924cf7c | 2186 | #ifdef HAVE_SUPPORTED_CURVES |
wolfSSL | 15:117db924cf7c | 2187 | |
wolfSSL | 15:117db924cf7c | 2188 | typedef struct SupportedCurve { |
wolfSSL | 15:117db924cf7c | 2189 | word16 name; /* Curve Names */ |
wolfSSL | 15:117db924cf7c | 2190 | struct SupportedCurve* next; /* List Behavior */ |
wolfSSL | 15:117db924cf7c | 2191 | } SupportedCurve; |
wolfSSL | 15:117db924cf7c | 2192 | |
wolfSSL | 15:117db924cf7c | 2193 | typedef struct PointFormat { |
wolfSSL | 15:117db924cf7c | 2194 | byte format; /* PointFormat */ |
wolfSSL | 15:117db924cf7c | 2195 | struct PointFormat* next; /* List Behavior */ |
wolfSSL | 15:117db924cf7c | 2196 | } PointFormat; |
wolfSSL | 15:117db924cf7c | 2197 | |
wolfSSL | 15:117db924cf7c | 2198 | WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, |
wolfSSL | 15:117db924cf7c | 2199 | void* heap); |
wolfSSL | 15:117db924cf7c | 2200 | |
wolfSSL | 15:117db924cf7c | 2201 | WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point, |
wolfSSL | 15:117db924cf7c | 2202 | void* heap); |
wolfSSL | 15:117db924cf7c | 2203 | |
wolfSSL | 15:117db924cf7c | 2204 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 2205 | WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, |
wolfSSL | 15:117db924cf7c | 2206 | byte second); |
wolfSSL | 15:117db924cf7c | 2207 | WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 2208 | #endif |
wolfSSL | 15:117db924cf7c | 2209 | WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, |
wolfSSL | 15:117db924cf7c | 2210 | int checkSupported); |
wolfSSL | 15:117db924cf7c | 2211 | |
wolfSSL | 15:117db924cf7c | 2212 | #endif /* HAVE_SUPPORTED_CURVES */ |
wolfSSL | 15:117db924cf7c | 2213 | |
wolfSSL | 15:117db924cf7c | 2214 | /** Renegotiation Indication - RFC 5746 */ |
wolfSSL | 15:117db924cf7c | 2215 | #if defined(HAVE_SECURE_RENEGOTIATION) \ |
wolfSSL | 15:117db924cf7c | 2216 | || defined(HAVE_SERVER_RENEGOTIATION_INFO) |
wolfSSL | 15:117db924cf7c | 2217 | |
wolfSSL | 15:117db924cf7c | 2218 | enum key_cache_state { |
wolfSSL | 15:117db924cf7c | 2219 | SCR_CACHE_NULL = 0, /* empty / begin state */ |
wolfSSL | 15:117db924cf7c | 2220 | SCR_CACHE_NEEDED, /* need to cache keys */ |
wolfSSL | 15:117db924cf7c | 2221 | SCR_CACHE_COPY, /* we have a cached copy */ |
wolfSSL | 15:117db924cf7c | 2222 | SCR_CACHE_PARTIAL, /* partial restore to real keys */ |
wolfSSL | 15:117db924cf7c | 2223 | SCR_CACHE_COMPLETE /* complete restore to real keys */ |
wolfSSL | 15:117db924cf7c | 2224 | }; |
wolfSSL | 15:117db924cf7c | 2225 | |
wolfSSL | 15:117db924cf7c | 2226 | /* Additional Connection State according to rfc5746 section 3.1 */ |
wolfSSL | 15:117db924cf7c | 2227 | typedef struct SecureRenegotiation { |
wolfSSL | 15:117db924cf7c | 2228 | byte enabled; /* secure_renegotiation flag in rfc */ |
wolfSSL | 15:117db924cf7c | 2229 | byte startScr; /* server requested client to start scr */ |
wolfSSL | 15:117db924cf7c | 2230 | enum key_cache_state cache_status; /* track key cache state */ |
wolfSSL | 15:117db924cf7c | 2231 | byte client_verify_data[TLS_FINISHED_SZ]; /* cached */ |
wolfSSL | 15:117db924cf7c | 2232 | byte server_verify_data[TLS_FINISHED_SZ]; /* cached */ |
wolfSSL | 15:117db924cf7c | 2233 | byte subject_hash[WC_SHA_DIGEST_SIZE]; /* peer cert hash */ |
wolfSSL | 15:117db924cf7c | 2234 | Keys tmp_keys; /* can't overwrite real keys yet */ |
wolfSSL | 15:117db924cf7c | 2235 | } SecureRenegotiation; |
wolfSSL | 15:117db924cf7c | 2236 | |
wolfSSL | 15:117db924cf7c | 2237 | WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap); |
wolfSSL | 15:117db924cf7c | 2238 | |
wolfSSL | 15:117db924cf7c | 2239 | #ifdef HAVE_SERVER_RENEGOTIATION_INFO |
wolfSSL | 15:117db924cf7c | 2240 | WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap); |
wolfSSL | 15:117db924cf7c | 2241 | #endif |
wolfSSL | 15:117db924cf7c | 2242 | |
wolfSSL | 15:117db924cf7c | 2243 | #endif /* HAVE_SECURE_RENEGOTIATION */ |
wolfSSL | 15:117db924cf7c | 2244 | |
wolfSSL | 15:117db924cf7c | 2245 | /** Session Ticket - RFC 5077 (session 3.2) */ |
wolfSSL | 15:117db924cf7c | 2246 | #ifdef HAVE_SESSION_TICKET |
wolfSSL | 15:117db924cf7c | 2247 | |
wolfSSL | 15:117db924cf7c | 2248 | typedef struct SessionTicket { |
wolfSSL | 15:117db924cf7c | 2249 | word32 lifetime; |
wolfSSL | 15:117db924cf7c | 2250 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 2251 | word64 seen; |
wolfSSL | 15:117db924cf7c | 2252 | word32 ageAdd; |
wolfSSL | 15:117db924cf7c | 2253 | #endif |
wolfSSL | 15:117db924cf7c | 2254 | byte* data; |
wolfSSL | 15:117db924cf7c | 2255 | word16 size; |
wolfSSL | 15:117db924cf7c | 2256 | } SessionTicket; |
wolfSSL | 15:117db924cf7c | 2257 | |
wolfSSL | 15:117db924cf7c | 2258 | WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions, |
wolfSSL | 15:117db924cf7c | 2259 | SessionTicket* ticket, void* heap); |
wolfSSL | 15:117db924cf7c | 2260 | WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, |
wolfSSL | 15:117db924cf7c | 2261 | byte* data, word16 size, void* heap); |
wolfSSL | 15:117db924cf7c | 2262 | WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap); |
wolfSSL | 15:117db924cf7c | 2263 | |
wolfSSL | 15:117db924cf7c | 2264 | #endif /* HAVE_SESSION_TICKET */ |
wolfSSL | 15:117db924cf7c | 2265 | |
wolfSSL | 15:117db924cf7c | 2266 | /** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */ |
wolfSSL | 15:117db924cf7c | 2267 | #ifdef HAVE_QSH |
wolfSSL | 15:117db924cf7c | 2268 | |
wolfSSL | 15:117db924cf7c | 2269 | typedef struct QSHScheme { |
wolfSSL | 15:117db924cf7c | 2270 | struct QSHScheme* next; /* List Behavior */ |
wolfSSL | 15:117db924cf7c | 2271 | byte* PK; |
wolfSSL | 15:117db924cf7c | 2272 | word16 name; /* QSHScheme Names */ |
wolfSSL | 15:117db924cf7c | 2273 | word16 PKLen; |
wolfSSL | 15:117db924cf7c | 2274 | } QSHScheme; |
wolfSSL | 15:117db924cf7c | 2275 | |
wolfSSL | 15:117db924cf7c | 2276 | typedef struct QSHkey { |
wolfSSL | 15:117db924cf7c | 2277 | struct QSHKey* next; |
wolfSSL | 15:117db924cf7c | 2278 | word16 name; |
wolfSSL | 15:117db924cf7c | 2279 | buffer pub; |
wolfSSL | 15:117db924cf7c | 2280 | buffer pri; |
wolfSSL | 15:117db924cf7c | 2281 | } QSHKey; |
wolfSSL | 15:117db924cf7c | 2282 | |
wolfSSL | 15:117db924cf7c | 2283 | typedef struct QSHSecret { |
wolfSSL | 15:117db924cf7c | 2284 | QSHScheme* list; |
wolfSSL | 15:117db924cf7c | 2285 | buffer* SerSi; |
wolfSSL | 15:117db924cf7c | 2286 | buffer* CliSi; |
wolfSSL | 15:117db924cf7c | 2287 | } QSHSecret; |
wolfSSL | 15:117db924cf7c | 2288 | |
wolfSSL | 15:117db924cf7c | 2289 | /* used in key exchange during handshake */ |
wolfSSL | 15:117db924cf7c | 2290 | WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, |
wolfSSL | 15:117db924cf7c | 2291 | word16 length, byte isServer); |
wolfSSL | 15:117db924cf7c | 2292 | WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output); |
wolfSSL | 15:117db924cf7c | 2293 | WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest); |
wolfSSL | 15:117db924cf7c | 2294 | |
wolfSSL | 15:117db924cf7c | 2295 | /* used by api for setting a specific QSH scheme */ |
wolfSSL | 15:117db924cf7c | 2296 | WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name, |
wolfSSL | 15:117db924cf7c | 2297 | byte* pKey, word16 pKeySz, void* heap); |
wolfSSL | 15:117db924cf7c | 2298 | |
wolfSSL | 15:117db924cf7c | 2299 | /* used when parsing in QSHCipher structs */ |
wolfSSL | 15:117db924cf7c | 2300 | WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn, |
wolfSSL | 15:117db924cf7c | 2301 | byte* out, word16* szOut); |
wolfSSL | 15:117db924cf7c | 2302 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 2303 | WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name); |
wolfSSL | 15:117db924cf7c | 2304 | #endif |
wolfSSL | 15:117db924cf7c | 2305 | |
wolfSSL | 15:117db924cf7c | 2306 | #endif /* HAVE_QSH */ |
wolfSSL | 15:117db924cf7c | 2307 | |
wolfSSL | 15:117db924cf7c | 2308 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 2309 | /* Cookie extension information - cookie data. */ |
wolfSSL | 15:117db924cf7c | 2310 | typedef struct Cookie { |
wolfSSL | 15:117db924cf7c | 2311 | word16 len; |
wolfSSL | 15:117db924cf7c | 2312 | byte data; |
wolfSSL | 15:117db924cf7c | 2313 | } Cookie; |
wolfSSL | 15:117db924cf7c | 2314 | |
wolfSSL | 15:117db924cf7c | 2315 | WOLFSSL_LOCAL int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len, |
wolfSSL | 15:117db924cf7c | 2316 | byte* mac, byte macSz, int resp); |
wolfSSL | 15:117db924cf7c | 2317 | |
wolfSSL | 15:117db924cf7c | 2318 | |
wolfSSL | 15:117db924cf7c | 2319 | /* Key Share - TLS v1.3 Specification */ |
wolfSSL | 15:117db924cf7c | 2320 | |
wolfSSL | 15:117db924cf7c | 2321 | /* The KeyShare extension information - entry in a linked list. */ |
wolfSSL | 15:117db924cf7c | 2322 | typedef struct KeyShareEntry { |
wolfSSL | 15:117db924cf7c | 2323 | word16 group; /* NamedGroup */ |
wolfSSL | 15:117db924cf7c | 2324 | byte* ke; /* Key exchange data */ |
wolfSSL | 15:117db924cf7c | 2325 | word32 keLen; /* Key exchange data length */ |
wolfSSL | 15:117db924cf7c | 2326 | void* key; /* Private key */ |
wolfSSL | 15:117db924cf7c | 2327 | word32 keyLen; /* Private key length */ |
wolfSSL | 15:117db924cf7c | 2328 | byte* pubKey; /* Public key */ |
wolfSSL | 15:117db924cf7c | 2329 | word32 pubKeyLen; /* Public key length */ |
wolfSSL | 15:117db924cf7c | 2330 | struct KeyShareEntry* next; /* List pointer */ |
wolfSSL | 15:117db924cf7c | 2331 | } KeyShareEntry; |
wolfSSL | 15:117db924cf7c | 2332 | |
wolfSSL | 15:117db924cf7c | 2333 | WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, |
wolfSSL | 15:117db924cf7c | 2334 | byte* data, KeyShareEntry **kse); |
wolfSSL | 15:117db924cf7c | 2335 | WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 2336 | WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 2337 | WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 2338 | |
wolfSSL | 15:117db924cf7c | 2339 | |
wolfSSL | 15:117db924cf7c | 2340 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 2341 | #ifndef WOLFSSL_TLS13_DRAFT_18 |
wolfSSL | 15:117db924cf7c | 2342 | /* Ticket nonce - for deriving PSK. |
wolfSSL | 15:117db924cf7c | 2343 | * Length allowed to be: 1..255. Only support 4 bytes. |
wolfSSL | 15:117db924cf7c | 2344 | */ |
wolfSSL | 15:117db924cf7c | 2345 | typedef struct TicketNonce { |
wolfSSL | 15:117db924cf7c | 2346 | byte len; |
wolfSSL | 15:117db924cf7c | 2347 | byte data[MAX_TICKET_NONCE_SZ]; |
wolfSSL | 15:117db924cf7c | 2348 | } TicketNonce; |
wolfSSL | 15:117db924cf7c | 2349 | #endif |
wolfSSL | 15:117db924cf7c | 2350 | |
wolfSSL | 15:117db924cf7c | 2351 | /* The PreSharedKey extension information - entry in a linked list. */ |
wolfSSL | 15:117db924cf7c | 2352 | typedef struct PreSharedKey { |
wolfSSL | 15:117db924cf7c | 2353 | word16 identityLen; /* Length of identity */ |
wolfSSL | 15:117db924cf7c | 2354 | byte* identity; /* PSK identity */ |
wolfSSL | 15:117db924cf7c | 2355 | word32 ticketAge; /* Age of the ticket */ |
wolfSSL | 15:117db924cf7c | 2356 | byte cipherSuite0; /* Cipher Suite */ |
wolfSSL | 15:117db924cf7c | 2357 | byte cipherSuite; /* Cipher Suite */ |
wolfSSL | 15:117db924cf7c | 2358 | word32 binderLen; /* Length of HMAC */ |
wolfSSL | 15:117db924cf7c | 2359 | byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of hanshake */ |
wolfSSL | 15:117db924cf7c | 2360 | byte hmac; /* HMAC algorithm */ |
wolfSSL | 15:117db924cf7c | 2361 | byte resumption:1; /* Resumption PSK */ |
wolfSSL | 15:117db924cf7c | 2362 | byte chosen:1; /* Server's choice */ |
wolfSSL | 15:117db924cf7c | 2363 | struct PreSharedKey* next; /* List pointer */ |
wolfSSL | 15:117db924cf7c | 2364 | } PreSharedKey; |
wolfSSL | 15:117db924cf7c | 2365 | |
wolfSSL | 15:117db924cf7c | 2366 | WOLFSSL_LOCAL word16 TLSX_PreSharedKey_WriteBinders(PreSharedKey* list, |
wolfSSL | 15:117db924cf7c | 2367 | byte* output, byte msgType); |
wolfSSL | 15:117db924cf7c | 2368 | WOLFSSL_LOCAL word16 TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list, |
wolfSSL | 15:117db924cf7c | 2369 | byte msgType); |
wolfSSL | 15:117db924cf7c | 2370 | WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity, |
wolfSSL | 15:117db924cf7c | 2371 | word16 len, word32 age, byte hmac, |
wolfSSL | 15:117db924cf7c | 2372 | byte cipherSuite0, byte cipherSuite, |
wolfSSL | 15:117db924cf7c | 2373 | byte resumption, |
wolfSSL | 15:117db924cf7c | 2374 | PreSharedKey **preSharedKey); |
wolfSSL | 15:117db924cf7c | 2375 | |
wolfSSL | 15:117db924cf7c | 2376 | /* The possible Pre-Shared Key key exchange modes. */ |
wolfSSL | 15:117db924cf7c | 2377 | enum PskKeyExchangeMode { |
wolfSSL | 15:117db924cf7c | 2378 | PSK_KE, |
wolfSSL | 15:117db924cf7c | 2379 | PSK_DHE_KE |
wolfSSL | 15:117db924cf7c | 2380 | }; |
wolfSSL | 15:117db924cf7c | 2381 | |
wolfSSL | 15:117db924cf7c | 2382 | /* User can define this. */ |
wolfSSL | 15:117db924cf7c | 2383 | #ifndef WOLFSSL_DEF_PSK_CIPHER |
wolfSSL | 15:117db924cf7c | 2384 | #define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256 |
wolfSSL | 15:117db924cf7c | 2385 | #endif |
wolfSSL | 15:117db924cf7c | 2386 | |
wolfSSL | 15:117db924cf7c | 2387 | WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes); |
wolfSSL | 15:117db924cf7c | 2388 | |
wolfSSL | 15:117db924cf7c | 2389 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 2390 | WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max); |
wolfSSL | 15:117db924cf7c | 2391 | #endif |
wolfSSL | 15:117db924cf7c | 2392 | #endif /* HAVE_SESSION_TICKET || !NO_PSK */ |
wolfSSL | 15:117db924cf7c | 2393 | |
wolfSSL | 15:117db924cf7c | 2394 | |
wolfSSL | 15:117db924cf7c | 2395 | /* The types of keys to derive for. */ |
wolfSSL | 15:117db924cf7c | 2396 | enum DeriveKeyType { |
wolfSSL | 15:117db924cf7c | 2397 | no_key, |
wolfSSL | 15:117db924cf7c | 2398 | early_data_key, |
wolfSSL | 15:117db924cf7c | 2399 | handshake_key, |
wolfSSL | 15:117db924cf7c | 2400 | traffic_key, |
wolfSSL | 15:117db924cf7c | 2401 | update_traffic_key |
wolfSSL | 15:117db924cf7c | 2402 | }; |
wolfSSL | 15:117db924cf7c | 2403 | |
wolfSSL | 15:117db924cf7c | 2404 | /* The key update request values for KeyUpdate message. */ |
wolfSSL | 15:117db924cf7c | 2405 | enum KeyUpdateRequest { |
wolfSSL | 15:117db924cf7c | 2406 | update_not_requested, |
wolfSSL | 15:117db924cf7c | 2407 | update_requested |
wolfSSL | 15:117db924cf7c | 2408 | }; |
wolfSSL | 15:117db924cf7c | 2409 | #endif /* WOLFSSL_TLS13 */ |
wolfSSL | 15:117db924cf7c | 2410 | |
wolfSSL | 15:117db924cf7c | 2411 | |
wolfSSL | 15:117db924cf7c | 2412 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 2413 | enum SetCBIO { |
wolfSSL | 15:117db924cf7c | 2414 | WOLFSSL_CBIO_NONE = 0, |
wolfSSL | 15:117db924cf7c | 2415 | WOLFSSL_CBIO_RECV = 0x1, |
wolfSSL | 15:117db924cf7c | 2416 | WOLFSSL_CBIO_SEND = 0x2, |
wolfSSL | 15:117db924cf7c | 2417 | }; |
wolfSSL | 15:117db924cf7c | 2418 | #endif |
wolfSSL | 15:117db924cf7c | 2419 | |
wolfSSL | 15:117db924cf7c | 2420 | /* wolfSSL context type */ |
wolfSSL | 15:117db924cf7c | 2421 | struct WOLFSSL_CTX { |
wolfSSL | 15:117db924cf7c | 2422 | WOLFSSL_METHOD* method; |
wolfSSL | 15:117db924cf7c | 2423 | #ifdef SINGLE_THREADED |
wolfSSL | 15:117db924cf7c | 2424 | WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */ |
wolfSSL | 15:117db924cf7c | 2425 | #endif |
wolfSSL | 15:117db924cf7c | 2426 | wolfSSL_Mutex countMutex; /* reference count mutex */ |
wolfSSL | 15:117db924cf7c | 2427 | int refCount; /* reference count */ |
wolfSSL | 15:117db924cf7c | 2428 | int err; /* error code in case of mutex not created */ |
wolfSSL | 15:117db924cf7c | 2429 | #ifndef NO_DH |
wolfSSL | 15:117db924cf7c | 2430 | buffer serverDH_P; |
wolfSSL | 15:117db924cf7c | 2431 | buffer serverDH_G; |
wolfSSL | 15:117db924cf7c | 2432 | #endif |
wolfSSL | 15:117db924cf7c | 2433 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 2434 | DerBuffer* certificate; |
wolfSSL | 15:117db924cf7c | 2435 | DerBuffer* certChain; |
wolfSSL | 15:117db924cf7c | 2436 | /* chain after self, in DER, with leading size for each cert */ |
wolfSSL | 15:117db924cf7c | 2437 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 2438 | WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; |
wolfSSL | 15:117db924cf7c | 2439 | #endif |
wolfSSL | 15:117db924cf7c | 2440 | #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ |
wolfSSL | 15:117db924cf7c | 2441 | defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) |
wolfSSL | 15:117db924cf7c | 2442 | WOLF_STACK_OF(WOLFSSL_X509)* x509Chain; |
wolfSSL | 15:117db924cf7c | 2443 | #endif |
wolfSSL | 15:117db924cf7c | 2444 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 2445 | int certChainCnt; |
wolfSSL | 15:117db924cf7c | 2446 | #endif |
wolfSSL | 15:117db924cf7c | 2447 | DerBuffer* privateKey; |
wolfSSL | 15:117db924cf7c | 2448 | byte privateKeyType; |
wolfSSL | 15:117db924cf7c | 2449 | int privateKeySz; |
wolfSSL | 15:117db924cf7c | 2450 | WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ |
wolfSSL | 15:117db924cf7c | 2451 | #endif |
wolfSSL | 15:117db924cf7c | 2452 | #ifdef KEEP_OUR_CERT |
wolfSSL | 15:117db924cf7c | 2453 | WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */ |
wolfSSL | 15:117db924cf7c | 2454 | int ownOurCert; /* Dispose of certificate if we own */ |
wolfSSL | 15:117db924cf7c | 2455 | #endif |
wolfSSL | 15:117db924cf7c | 2456 | Suites* suites; /* make dynamic, user may not need/set */ |
wolfSSL | 15:117db924cf7c | 2457 | void* heap; /* for user memory overrides */ |
wolfSSL | 15:117db924cf7c | 2458 | byte verifyDepth; |
wolfSSL | 15:117db924cf7c | 2459 | byte verifyPeer:1; |
wolfSSL | 15:117db924cf7c | 2460 | byte verifyNone:1; |
wolfSSL | 15:117db924cf7c | 2461 | byte failNoCert:1; |
wolfSSL | 15:117db924cf7c | 2462 | byte failNoCertxPSK:1; /* fail if no cert with the exception of PSK*/ |
wolfSSL | 15:117db924cf7c | 2463 | byte sessionCacheOff:1; |
wolfSSL | 15:117db924cf7c | 2464 | byte sessionCacheFlushOff:1; |
wolfSSL | 15:117db924cf7c | 2465 | #ifdef HAVE_EXT_CACHE |
wolfSSL | 15:117db924cf7c | 2466 | byte internalCacheOff:1; |
wolfSSL | 15:117db924cf7c | 2467 | #endif |
wolfSSL | 15:117db924cf7c | 2468 | byte sendVerify; /* for client side (can not be single bit) */ |
wolfSSL | 15:117db924cf7c | 2469 | byte haveRSA:1; /* RSA available */ |
wolfSSL | 15:117db924cf7c | 2470 | byte haveECC:1; /* ECC available */ |
wolfSSL | 15:117db924cf7c | 2471 | byte haveDH:1; /* server DH parms set by user */ |
wolfSSL | 15:117db924cf7c | 2472 | byte haveNTRU:1; /* server private NTRU key loaded */ |
wolfSSL | 15:117db924cf7c | 2473 | byte haveECDSAsig:1; /* server cert signed w/ ECDSA */ |
wolfSSL | 15:117db924cf7c | 2474 | byte haveStaticECC:1; /* static server ECC private key */ |
wolfSSL | 15:117db924cf7c | 2475 | byte partialWrite:1; /* only one msg per write call */ |
wolfSSL | 15:117db924cf7c | 2476 | byte quietShutdown:1; /* don't send close notify */ |
wolfSSL | 15:117db924cf7c | 2477 | byte groupMessages:1; /* group handshake messages before sending */ |
wolfSSL | 15:117db924cf7c | 2478 | byte minDowngrade; /* minimum downgrade version */ |
wolfSSL | 15:117db924cf7c | 2479 | byte haveEMS:1; /* have extended master secret extension */ |
wolfSSL | 15:117db924cf7c | 2480 | byte useClientOrder:1; /* Use client's cipher preference order */ |
wolfSSL | 15:117db924cf7c | 2481 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 2482 | byte noTicketTls13:1; /* Server won't create new Ticket */ |
wolfSSL | 15:117db924cf7c | 2483 | byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */ |
wolfSSL | 15:117db924cf7c | 2484 | #endif |
wolfSSL | 15:117db924cf7c | 2485 | #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) |
wolfSSL | 15:117db924cf7c | 2486 | byte postHandshakeAuth:1; /* Post-handshake auth supported. */ |
wolfSSL | 15:117db924cf7c | 2487 | #endif |
wolfSSL | 15:117db924cf7c | 2488 | #ifdef WOLFSSL_MULTICAST |
wolfSSL | 15:117db924cf7c | 2489 | byte haveMcast; /* multicast requested */ |
wolfSSL | 15:117db924cf7c | 2490 | byte mcastID; /* multicast group ID */ |
wolfSSL | 15:117db924cf7c | 2491 | #endif |
wolfSSL | 15:117db924cf7c | 2492 | #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) |
wolfSSL | 15:117db924cf7c | 2493 | byte dtlsSctp; /* DTLS-over-SCTP mode */ |
wolfSSL | 15:117db924cf7c | 2494 | word16 dtlsMtuSz; /* DTLS MTU size */ |
wolfSSL | 15:117db924cf7c | 2495 | #endif |
wolfSSL | 15:117db924cf7c | 2496 | #ifndef NO_DH |
wolfSSL | 15:117db924cf7c | 2497 | word16 minDhKeySz; /* minimum DH key size */ |
wolfSSL | 15:117db924cf7c | 2498 | word16 maxDhKeySz; /* maximum DH key size */ |
wolfSSL | 15:117db924cf7c | 2499 | #endif |
wolfSSL | 15:117db924cf7c | 2500 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 2501 | short minRsaKeySz; /* minimum RSA key size */ |
wolfSSL | 15:117db924cf7c | 2502 | #endif |
wolfSSL | 15:117db924cf7c | 2503 | #if defined(HAVE_ECC) || defined(HAVE_ED25519) |
wolfSSL | 15:117db924cf7c | 2504 | short minEccKeySz; /* minimum ECC key size */ |
wolfSSL | 15:117db924cf7c | 2505 | #endif |
wolfSSL | 15:117db924cf7c | 2506 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 2507 | byte sessionCtx[ID_LEN]; /* app session context ID */ |
wolfSSL | 15:117db924cf7c | 2508 | word32 disabledCurves; /* curves disabled by user */ |
wolfSSL | 15:117db924cf7c | 2509 | unsigned long mask; /* store SSL_OP_ flags */ |
wolfSSL | 15:117db924cf7c | 2510 | const unsigned char *alpn_cli_protos;/* ALPN client protocol list */ |
wolfSSL | 15:117db924cf7c | 2511 | unsigned int alpn_cli_protos_len; |
wolfSSL | 15:117db924cf7c | 2512 | byte sessionCtxSz; |
wolfSSL | 15:117db924cf7c | 2513 | byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */ |
wolfSSL | 15:117db924cf7c | 2514 | CallbackInfoState* CBIS; /* used to get info about SSL state */ |
wolfSSL | 15:117db924cf7c | 2515 | #endif |
wolfSSL | 15:117db924cf7c | 2516 | CallbackIORecv CBIORecv; |
wolfSSL | 15:117db924cf7c | 2517 | CallbackIOSend CBIOSend; |
wolfSSL | 15:117db924cf7c | 2518 | #ifdef WOLFSSL_DTLS |
wolfSSL | 15:117db924cf7c | 2519 | CallbackGenCookie CBIOCookie; /* gen cookie callback */ |
wolfSSL | 15:117db924cf7c | 2520 | #ifdef WOLFSSL_SESSION_EXPORT |
wolfSSL | 15:117db924cf7c | 2521 | wc_dtls_export dtls_export; /* export function for DTLS session */ |
wolfSSL | 15:117db924cf7c | 2522 | CallbackGetPeer CBGetPeer; |
wolfSSL | 15:117db924cf7c | 2523 | CallbackSetPeer CBSetPeer; |
wolfSSL | 15:117db924cf7c | 2524 | #endif |
wolfSSL | 15:117db924cf7c | 2525 | #endif /* WOLFSSL_DTLS */ |
wolfSSL | 15:117db924cf7c | 2526 | VerifyCallback verifyCallback; /* cert verification callback */ |
wolfSSL | 15:117db924cf7c | 2527 | word32 timeout; /* session timeout */ |
wolfSSL | 15:117db924cf7c | 2528 | #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) |
wolfSSL | 15:117db924cf7c | 2529 | word32 ecdhCurveOID; /* curve Ecc_Sum */ |
wolfSSL | 15:117db924cf7c | 2530 | #endif |
wolfSSL | 15:117db924cf7c | 2531 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 2532 | word16 eccTempKeySz; /* in octets 20 - 66 */ |
wolfSSL | 15:117db924cf7c | 2533 | #endif |
wolfSSL | 15:117db924cf7c | 2534 | #if defined(HAVE_ECC) || defined(HAVE_ED25519) |
wolfSSL | 15:117db924cf7c | 2535 | word32 pkCurveOID; /* curve Ecc_Sum */ |
wolfSSL | 15:117db924cf7c | 2536 | #endif |
wolfSSL | 15:117db924cf7c | 2537 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 2538 | byte havePSK; /* psk key set by user */ |
wolfSSL | 15:117db924cf7c | 2539 | wc_psk_client_callback client_psk_cb; /* client callback */ |
wolfSSL | 15:117db924cf7c | 2540 | wc_psk_server_callback server_psk_cb; /* server callback */ |
wolfSSL | 15:117db924cf7c | 2541 | char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; |
wolfSSL | 15:117db924cf7c | 2542 | #endif /* HAVE_SESSION_TICKET || !NO_PSK */ |
wolfSSL | 15:117db924cf7c | 2543 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 2544 | word16 group[WOLFSSL_MAX_GROUP_COUNT]; |
wolfSSL | 15:117db924cf7c | 2545 | byte numGroups; |
wolfSSL | 15:117db924cf7c | 2546 | #endif |
wolfSSL | 15:117db924cf7c | 2547 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 2548 | word32 maxEarlyDataSz; |
wolfSSL | 15:117db924cf7c | 2549 | #endif |
wolfSSL | 15:117db924cf7c | 2550 | #ifdef HAVE_ANON |
wolfSSL | 15:117db924cf7c | 2551 | byte haveAnon; /* User wants to allow Anon suites */ |
wolfSSL | 15:117db924cf7c | 2552 | #endif /* HAVE_ANON */ |
wolfSSL | 15:117db924cf7c | 2553 | #ifdef WOLFSSL_ENCRYPTED_KEYS |
wolfSSL | 15:117db924cf7c | 2554 | pem_password_cb* passwd_cb; |
wolfSSL | 15:117db924cf7c | 2555 | void* passwd_userdata; |
wolfSSL | 15:117db924cf7c | 2556 | #endif |
wolfSSL | 15:117db924cf7c | 2557 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
wolfSSL | 15:117db924cf7c | 2558 | WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */ |
wolfSSL | 15:117db924cf7c | 2559 | WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */ |
wolfSSL | 15:117db924cf7c | 2560 | byte readAhead; |
wolfSSL | 15:117db924cf7c | 2561 | void* userPRFArg; /* passed to prf callback */ |
wolfSSL | 15:117db924cf7c | 2562 | #endif |
wolfSSL | 15:117db924cf7c | 2563 | #ifdef HAVE_EX_DATA |
wolfSSL | 15:117db924cf7c | 2564 | void* ex_data[MAX_EX_DATA]; |
wolfSSL | 15:117db924cf7c | 2565 | #endif |
wolfSSL | 15:117db924cf7c | 2566 | #if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) |
wolfSSL | 15:117db924cf7c | 2567 | CallbackALPNSelect alpnSelect; |
wolfSSL | 15:117db924cf7c | 2568 | void* alpnSelectArg; |
wolfSSL | 15:117db924cf7c | 2569 | #endif |
wolfSSL | 15:117db924cf7c | 2570 | #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY))) |
wolfSSL | 15:117db924cf7c | 2571 | CallbackSniRecv sniRecvCb; |
wolfSSL | 15:117db924cf7c | 2572 | void* sniRecvCbArg; |
wolfSSL | 15:117db924cf7c | 2573 | #endif |
wolfSSL | 15:117db924cf7c | 2574 | #if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS) |
wolfSSL | 15:117db924cf7c | 2575 | CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */ |
wolfSSL | 15:117db924cf7c | 2576 | word32 mcastFirstSeq; /* first trigger level */ |
wolfSSL | 15:117db924cf7c | 2577 | word32 mcastSecondSeq; /* second tigger level */ |
wolfSSL | 15:117db924cf7c | 2578 | word32 mcastMaxSeq; /* max level */ |
wolfSSL | 15:117db924cf7c | 2579 | #endif |
wolfSSL | 15:117db924cf7c | 2580 | #ifdef HAVE_OCSP |
wolfSSL | 15:117db924cf7c | 2581 | WOLFSSL_OCSP ocsp; |
wolfSSL | 15:117db924cf7c | 2582 | #endif |
wolfSSL | 15:117db924cf7c | 2583 | int devId; /* async device id to use */ |
wolfSSL | 15:117db924cf7c | 2584 | #ifdef HAVE_TLS_EXTENSIONS |
wolfSSL | 15:117db924cf7c | 2585 | TLSX* extensions; /* RFC 6066 TLS Extensions data */ |
wolfSSL | 15:117db924cf7c | 2586 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 2587 | #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ |
wolfSSL | 15:117db924cf7c | 2588 | || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) |
wolfSSL | 15:117db924cf7c | 2589 | OcspRequest* certOcspRequest; |
wolfSSL | 15:117db924cf7c | 2590 | #endif |
wolfSSL | 15:117db924cf7c | 2591 | #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) |
wolfSSL | 15:117db924cf7c | 2592 | OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH]; |
wolfSSL | 15:117db924cf7c | 2593 | #endif |
wolfSSL | 15:117db924cf7c | 2594 | #endif |
wolfSSL | 15:117db924cf7c | 2595 | #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 15:117db924cf7c | 2596 | SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */ |
wolfSSL | 15:117db924cf7c | 2597 | void* ticketEncCtx; /* session encrypt context */ |
wolfSSL | 15:117db924cf7c | 2598 | int ticketHint; /* ticket hint in seconds */ |
wolfSSL | 15:117db924cf7c | 2599 | #endif |
wolfSSL | 15:117db924cf7c | 2600 | #ifdef HAVE_SUPPORTED_CURVES |
wolfSSL | 15:117db924cf7c | 2601 | byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */ |
wolfSSL | 15:117db924cf7c | 2602 | #endif |
wolfSSL | 15:117db924cf7c | 2603 | #endif |
wolfSSL | 15:117db924cf7c | 2604 | #ifdef ATOMIC_USER |
wolfSSL | 15:117db924cf7c | 2605 | CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */ |
wolfSSL | 15:117db924cf7c | 2606 | CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */ |
wolfSSL | 15:117db924cf7c | 2607 | #endif |
wolfSSL | 15:117db924cf7c | 2608 | #ifdef HAVE_PK_CALLBACKS |
wolfSSL | 15:117db924cf7c | 2609 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 2610 | CallbackEccKeyGen EccKeyGenCb; /* User EccKeyGen Callback Handler */ |
wolfSSL | 15:117db924cf7c | 2611 | CallbackEccSign EccSignCb; /* User EccSign Callback handler */ |
wolfSSL | 15:117db924cf7c | 2612 | CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */ |
wolfSSL | 15:117db924cf7c | 2613 | CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */ |
wolfSSL | 15:117db924cf7c | 2614 | #ifdef HAVE_ED25519 |
wolfSSL | 15:117db924cf7c | 2615 | /* User Ed25519Sign Callback handler */ |
wolfSSL | 15:117db924cf7c | 2616 | CallbackEd25519Sign Ed25519SignCb; |
wolfSSL | 15:117db924cf7c | 2617 | /* User Ed25519Verify Callback handler */ |
wolfSSL | 15:117db924cf7c | 2618 | CallbackEd25519Verify Ed25519VerifyCb; |
wolfSSL | 15:117db924cf7c | 2619 | #endif |
wolfSSL | 15:117db924cf7c | 2620 | #ifdef HAVE_CURVE25519 |
wolfSSL | 15:117db924cf7c | 2621 | /* User X25519 KeyGen Callback Handler */ |
wolfSSL | 15:117db924cf7c | 2622 | CallbackX25519KeyGen X25519KeyGenCb; |
wolfSSL | 15:117db924cf7c | 2623 | /* User X25519 SharedSecret Callback handler */ |
wolfSSL | 15:117db924cf7c | 2624 | CallbackX25519SharedSecret X25519SharedSecretCb; |
wolfSSL | 15:117db924cf7c | 2625 | #endif |
wolfSSL | 15:117db924cf7c | 2626 | #endif /* HAVE_ECC */ |
wolfSSL | 15:117db924cf7c | 2627 | #ifndef NO_DH |
wolfSSL | 15:117db924cf7c | 2628 | CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */ |
wolfSSL | 15:117db924cf7c | 2629 | #endif |
wolfSSL | 15:117db924cf7c | 2630 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 2631 | CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler (priv key) */ |
wolfSSL | 15:117db924cf7c | 2632 | CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler (pub key) */ |
wolfSSL | 15:117db924cf7c | 2633 | CallbackRsaVerify RsaSignCheckCb; /* User VerifyRsaSign Callback handler (priv key) */ |
wolfSSL | 15:117db924cf7c | 2634 | #ifdef WC_RSA_PSS |
wolfSSL | 15:117db924cf7c | 2635 | CallbackRsaPssSign RsaPssSignCb; /* User RsaSign (priv key) */ |
wolfSSL | 15:117db924cf7c | 2636 | CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaVerify (pub key) */ |
wolfSSL | 15:117db924cf7c | 2637 | CallbackRsaPssVerify RsaPssSignCheckCb; /* User VerifyRsaSign (priv key) */ |
wolfSSL | 15:117db924cf7c | 2638 | #endif |
wolfSSL | 15:117db924cf7c | 2639 | CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */ |
wolfSSL | 15:117db924cf7c | 2640 | CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */ |
wolfSSL | 15:117db924cf7c | 2641 | #endif /* NO_RSA */ |
wolfSSL | 15:117db924cf7c | 2642 | #endif /* HAVE_PK_CALLBACKS */ |
wolfSSL | 15:117db924cf7c | 2643 | #ifdef HAVE_WOLF_EVENT |
wolfSSL | 15:117db924cf7c | 2644 | WOLF_EVENT_QUEUE event_queue; |
wolfSSL | 15:117db924cf7c | 2645 | #endif /* HAVE_WOLF_EVENT */ |
wolfSSL | 15:117db924cf7c | 2646 | #ifdef HAVE_EXT_CACHE |
wolfSSL | 15:117db924cf7c | 2647 | WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*); |
wolfSSL | 15:117db924cf7c | 2648 | int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*); |
wolfSSL | 15:117db924cf7c | 2649 | void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*); |
wolfSSL | 15:117db924cf7c | 2650 | #endif |
wolfSSL | 15:117db924cf7c | 2651 | #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) |
wolfSSL | 15:117db924cf7c | 2652 | Srp* srp; /* TLS Secure Remote Password Protocol*/ |
wolfSSL | 15:117db924cf7c | 2653 | byte* srp_password; |
wolfSSL | 15:117db924cf7c | 2654 | #endif |
wolfSSL | 15:117db924cf7c | 2655 | }; |
wolfSSL | 15:117db924cf7c | 2656 | |
wolfSSL | 15:117db924cf7c | 2657 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 2658 | WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap); |
wolfSSL | 15:117db924cf7c | 2659 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 2660 | int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap); |
wolfSSL | 15:117db924cf7c | 2661 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 2662 | void FreeSSL_Ctx(WOLFSSL_CTX*); |
wolfSSL | 15:117db924cf7c | 2663 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 2664 | void SSL_CtxResourceFree(WOLFSSL_CTX*); |
wolfSSL | 15:117db924cf7c | 2665 | |
wolfSSL | 15:117db924cf7c | 2666 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 2667 | int DeriveTlsKeys(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 2668 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 2669 | int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, |
wolfSSL | 15:117db924cf7c | 2670 | word32 inSz, word16 sz); |
wolfSSL | 15:117db924cf7c | 2671 | |
wolfSSL | 15:117db924cf7c | 2672 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 2673 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 2674 | int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify); |
wolfSSL | 15:117db924cf7c | 2675 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 2676 | int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash); |
wolfSSL | 15:117db924cf7c | 2677 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 15:117db924cf7c | 2678 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 2679 | int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify); |
wolfSSL | 15:117db924cf7c | 2680 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 2681 | int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash); |
wolfSSL | 15:117db924cf7c | 2682 | #endif |
wolfSSL | 15:117db924cf7c | 2683 | #endif |
wolfSSL | 15:117db924cf7c | 2684 | |
wolfSSL | 15:117db924cf7c | 2685 | /* All cipher suite related info |
wolfSSL | 15:117db924cf7c | 2686 | * Keep as a constant size (no ifdefs) for session export */ |
wolfSSL | 15:117db924cf7c | 2687 | typedef struct CipherSpecs { |
wolfSSL | 15:117db924cf7c | 2688 | word16 key_size; |
wolfSSL | 15:117db924cf7c | 2689 | word16 iv_size; |
wolfSSL | 15:117db924cf7c | 2690 | word16 block_size; |
wolfSSL | 15:117db924cf7c | 2691 | word16 aead_mac_size; |
wolfSSL | 15:117db924cf7c | 2692 | byte bulk_cipher_algorithm; |
wolfSSL | 15:117db924cf7c | 2693 | byte cipher_type; /* block, stream, or aead */ |
wolfSSL | 15:117db924cf7c | 2694 | byte mac_algorithm; |
wolfSSL | 15:117db924cf7c | 2695 | byte kea; /* key exchange algo */ |
wolfSSL | 15:117db924cf7c | 2696 | byte sig_algo; |
wolfSSL | 15:117db924cf7c | 2697 | byte hash_size; |
wolfSSL | 15:117db924cf7c | 2698 | byte pad_size; |
wolfSSL | 15:117db924cf7c | 2699 | byte static_ecdh; |
wolfSSL | 15:117db924cf7c | 2700 | } CipherSpecs; |
wolfSSL | 15:117db924cf7c | 2701 | |
wolfSSL | 15:117db924cf7c | 2702 | |
wolfSSL | 15:117db924cf7c | 2703 | void InitCipherSpecs(CipherSpecs* cs); |
wolfSSL | 15:117db924cf7c | 2704 | |
wolfSSL | 15:117db924cf7c | 2705 | |
wolfSSL | 15:117db924cf7c | 2706 | /* Supported Message Authentication Codes from page 43 */ |
wolfSSL | 15:117db924cf7c | 2707 | enum MACAlgorithm { |
wolfSSL | 15:117db924cf7c | 2708 | no_mac, |
wolfSSL | 15:117db924cf7c | 2709 | md5_mac, |
wolfSSL | 15:117db924cf7c | 2710 | sha_mac, |
wolfSSL | 15:117db924cf7c | 2711 | sha224_mac, |
wolfSSL | 15:117db924cf7c | 2712 | sha256_mac, /* needs to match external KDF_MacAlgorithm */ |
wolfSSL | 15:117db924cf7c | 2713 | sha384_mac, |
wolfSSL | 15:117db924cf7c | 2714 | sha512_mac, |
wolfSSL | 15:117db924cf7c | 2715 | rmd_mac, |
wolfSSL | 15:117db924cf7c | 2716 | blake2b_mac |
wolfSSL | 15:117db924cf7c | 2717 | }; |
wolfSSL | 15:117db924cf7c | 2718 | |
wolfSSL | 15:117db924cf7c | 2719 | |
wolfSSL | 15:117db924cf7c | 2720 | /* Supported Key Exchange Protocols */ |
wolfSSL | 15:117db924cf7c | 2721 | enum KeyExchangeAlgorithm { |
wolfSSL | 15:117db924cf7c | 2722 | no_kea, |
wolfSSL | 15:117db924cf7c | 2723 | rsa_kea, |
wolfSSL | 15:117db924cf7c | 2724 | diffie_hellman_kea, |
wolfSSL | 15:117db924cf7c | 2725 | fortezza_kea, |
wolfSSL | 15:117db924cf7c | 2726 | psk_kea, |
wolfSSL | 15:117db924cf7c | 2727 | dhe_psk_kea, |
wolfSSL | 15:117db924cf7c | 2728 | ecdhe_psk_kea, |
wolfSSL | 15:117db924cf7c | 2729 | ntru_kea, |
wolfSSL | 15:117db924cf7c | 2730 | ecc_diffie_hellman_kea, |
wolfSSL | 15:117db924cf7c | 2731 | ecc_static_diffie_hellman_kea /* for verify suite only */ |
wolfSSL | 15:117db924cf7c | 2732 | }; |
wolfSSL | 15:117db924cf7c | 2733 | |
wolfSSL | 15:117db924cf7c | 2734 | |
wolfSSL | 15:117db924cf7c | 2735 | /* Supported Authentication Schemes */ |
wolfSSL | 15:117db924cf7c | 2736 | enum SignatureAlgorithm { |
wolfSSL | 15:117db924cf7c | 2737 | anonymous_sa_algo = 0, |
wolfSSL | 15:117db924cf7c | 2738 | rsa_sa_algo = 1, |
wolfSSL | 15:117db924cf7c | 2739 | dsa_sa_algo = 2, |
wolfSSL | 15:117db924cf7c | 2740 | ecc_dsa_sa_algo = 3, |
wolfSSL | 15:117db924cf7c | 2741 | rsa_pss_sa_algo = 8, |
wolfSSL | 15:117db924cf7c | 2742 | ed25519_sa_algo = 9 |
wolfSSL | 15:117db924cf7c | 2743 | }; |
wolfSSL | 15:117db924cf7c | 2744 | |
wolfSSL | 15:117db924cf7c | 2745 | |
wolfSSL | 15:117db924cf7c | 2746 | /* Supprted ECC Curve Types */ |
wolfSSL | 15:117db924cf7c | 2747 | enum EccCurves { |
wolfSSL | 15:117db924cf7c | 2748 | named_curve = 3 |
wolfSSL | 15:117db924cf7c | 2749 | }; |
wolfSSL | 15:117db924cf7c | 2750 | |
wolfSSL | 15:117db924cf7c | 2751 | |
wolfSSL | 15:117db924cf7c | 2752 | /* Valid client certificate request types from page 27 */ |
wolfSSL | 15:117db924cf7c | 2753 | enum ClientCertificateType { |
wolfSSL | 15:117db924cf7c | 2754 | rsa_sign = 1, |
wolfSSL | 15:117db924cf7c | 2755 | dss_sign = 2, |
wolfSSL | 15:117db924cf7c | 2756 | rsa_fixed_dh = 3, |
wolfSSL | 15:117db924cf7c | 2757 | dss_fixed_dh = 4, |
wolfSSL | 15:117db924cf7c | 2758 | rsa_ephemeral_dh = 5, |
wolfSSL | 15:117db924cf7c | 2759 | dss_ephemeral_dh = 6, |
wolfSSL | 15:117db924cf7c | 2760 | fortezza_kea_cert = 20, |
wolfSSL | 15:117db924cf7c | 2761 | ecdsa_sign = 64, |
wolfSSL | 15:117db924cf7c | 2762 | rsa_fixed_ecdh = 65, |
wolfSSL | 15:117db924cf7c | 2763 | ecdsa_fixed_ecdh = 66 |
wolfSSL | 15:117db924cf7c | 2764 | }; |
wolfSSL | 15:117db924cf7c | 2765 | |
wolfSSL | 15:117db924cf7c | 2766 | |
wolfSSL | 15:117db924cf7c | 2767 | enum CipherType { stream, block, aead }; |
wolfSSL | 15:117db924cf7c | 2768 | |
wolfSSL | 15:117db924cf7c | 2769 | |
wolfSSL | 15:117db924cf7c | 2770 | |
wolfSSL | 15:117db924cf7c | 2771 | |
wolfSSL | 15:117db924cf7c | 2772 | |
wolfSSL | 15:117db924cf7c | 2773 | |
wolfSSL | 15:117db924cf7c | 2774 | /* cipher for now */ |
wolfSSL | 15:117db924cf7c | 2775 | typedef struct Ciphers { |
wolfSSL | 15:117db924cf7c | 2776 | #ifdef BUILD_ARC4 |
wolfSSL | 15:117db924cf7c | 2777 | Arc4* arc4; |
wolfSSL | 15:117db924cf7c | 2778 | #endif |
wolfSSL | 15:117db924cf7c | 2779 | #ifdef BUILD_DES3 |
wolfSSL | 15:117db924cf7c | 2780 | Des3* des3; |
wolfSSL | 15:117db924cf7c | 2781 | #endif |
wolfSSL | 15:117db924cf7c | 2782 | #if defined(BUILD_AES) || defined(BUILD_AESGCM) |
wolfSSL | 15:117db924cf7c | 2783 | Aes* aes; |
wolfSSL | 15:117db924cf7c | 2784 | #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(WOLFSSL_TLS13) |
wolfSSL | 15:117db924cf7c | 2785 | byte* additional; |
wolfSSL | 15:117db924cf7c | 2786 | byte* nonce; |
wolfSSL | 15:117db924cf7c | 2787 | #endif |
wolfSSL | 15:117db924cf7c | 2788 | #endif |
wolfSSL | 15:117db924cf7c | 2789 | #ifdef HAVE_CAMELLIA |
wolfSSL | 15:117db924cf7c | 2790 | Camellia* cam; |
wolfSSL | 15:117db924cf7c | 2791 | #endif |
wolfSSL | 15:117db924cf7c | 2792 | #ifdef HAVE_CHACHA |
wolfSSL | 15:117db924cf7c | 2793 | ChaCha* chacha; |
wolfSSL | 15:117db924cf7c | 2794 | #endif |
wolfSSL | 15:117db924cf7c | 2795 | #ifdef HAVE_HC128 |
wolfSSL | 15:117db924cf7c | 2796 | HC128* hc128; |
wolfSSL | 15:117db924cf7c | 2797 | #endif |
wolfSSL | 15:117db924cf7c | 2798 | #ifdef BUILD_RABBIT |
wolfSSL | 15:117db924cf7c | 2799 | Rabbit* rabbit; |
wolfSSL | 15:117db924cf7c | 2800 | #endif |
wolfSSL | 15:117db924cf7c | 2801 | #ifdef HAVE_IDEA |
wolfSSL | 15:117db924cf7c | 2802 | Idea* idea; |
wolfSSL | 15:117db924cf7c | 2803 | #endif |
wolfSSL | 15:117db924cf7c | 2804 | byte state; |
wolfSSL | 15:117db924cf7c | 2805 | byte setup; /* have we set it up flag for detection */ |
wolfSSL | 15:117db924cf7c | 2806 | } Ciphers; |
wolfSSL | 15:117db924cf7c | 2807 | |
wolfSSL | 15:117db924cf7c | 2808 | |
wolfSSL | 15:117db924cf7c | 2809 | #ifdef HAVE_ONE_TIME_AUTH |
wolfSSL | 15:117db924cf7c | 2810 | /* Ciphers for one time authentication such as poly1305 */ |
wolfSSL | 15:117db924cf7c | 2811 | typedef struct OneTimeAuth { |
wolfSSL | 15:117db924cf7c | 2812 | #ifdef HAVE_POLY1305 |
wolfSSL | 15:117db924cf7c | 2813 | Poly1305* poly1305; |
wolfSSL | 15:117db924cf7c | 2814 | #endif |
wolfSSL | 15:117db924cf7c | 2815 | byte setup; /* flag for if a cipher has been set */ |
wolfSSL | 15:117db924cf7c | 2816 | |
wolfSSL | 15:117db924cf7c | 2817 | } OneTimeAuth; |
wolfSSL | 15:117db924cf7c | 2818 | #endif |
wolfSSL | 15:117db924cf7c | 2819 | |
wolfSSL | 15:117db924cf7c | 2820 | |
wolfSSL | 15:117db924cf7c | 2821 | WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 2822 | WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 2823 | |
wolfSSL | 15:117db924cf7c | 2824 | |
wolfSSL | 15:117db924cf7c | 2825 | /* hashes type */ |
wolfSSL | 15:117db924cf7c | 2826 | typedef struct Hashes { |
wolfSSL | 15:117db924cf7c | 2827 | #if !defined(NO_MD5) && !defined(NO_OLD_TLS) |
wolfSSL | 15:117db924cf7c | 2828 | byte md5[WC_MD5_DIGEST_SIZE]; |
wolfSSL | 15:117db924cf7c | 2829 | #endif |
wolfSSL | 15:117db924cf7c | 2830 | #if !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 2831 | byte sha[WC_SHA_DIGEST_SIZE]; |
wolfSSL | 15:117db924cf7c | 2832 | #endif |
wolfSSL | 15:117db924cf7c | 2833 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 2834 | byte sha256[WC_SHA256_DIGEST_SIZE]; |
wolfSSL | 15:117db924cf7c | 2835 | #endif |
wolfSSL | 15:117db924cf7c | 2836 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 2837 | byte sha384[WC_SHA384_DIGEST_SIZE]; |
wolfSSL | 15:117db924cf7c | 2838 | #endif |
wolfSSL | 15:117db924cf7c | 2839 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 15:117db924cf7c | 2840 | byte sha512[WC_SHA512_DIGEST_SIZE]; |
wolfSSL | 15:117db924cf7c | 2841 | #endif |
wolfSSL | 15:117db924cf7c | 2842 | } Hashes; |
wolfSSL | 15:117db924cf7c | 2843 | |
wolfSSL | 15:117db924cf7c | 2844 | WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes); |
wolfSSL | 15:117db924cf7c | 2845 | |
wolfSSL | 15:117db924cf7c | 2846 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 2847 | typedef union Digest { |
wolfSSL | 15:117db924cf7c | 2848 | #ifndef NO_WOLFSSL_SHA256 |
wolfSSL | 15:117db924cf7c | 2849 | wc_Sha256 sha256; |
wolfSSL | 15:117db924cf7c | 2850 | #endif |
wolfSSL | 15:117db924cf7c | 2851 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 2852 | wc_Sha384 sha384; |
wolfSSL | 15:117db924cf7c | 2853 | #endif |
wolfSSL | 15:117db924cf7c | 2854 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 15:117db924cf7c | 2855 | wc_Sha512 sha512; |
wolfSSL | 15:117db924cf7c | 2856 | #endif |
wolfSSL | 15:117db924cf7c | 2857 | } Digest; |
wolfSSL | 15:117db924cf7c | 2858 | #endif |
wolfSSL | 15:117db924cf7c | 2859 | |
wolfSSL | 15:117db924cf7c | 2860 | /* Static x509 buffer */ |
wolfSSL | 15:117db924cf7c | 2861 | typedef struct x509_buffer { |
wolfSSL | 15:117db924cf7c | 2862 | int length; /* actual size */ |
wolfSSL | 15:117db924cf7c | 2863 | byte buffer[MAX_X509_SIZE]; /* max static cert size */ |
wolfSSL | 15:117db924cf7c | 2864 | } x509_buffer; |
wolfSSL | 15:117db924cf7c | 2865 | |
wolfSSL | 15:117db924cf7c | 2866 | |
wolfSSL | 15:117db924cf7c | 2867 | /* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */ |
wolfSSL | 15:117db924cf7c | 2868 | struct WOLFSSL_X509_CHAIN { |
wolfSSL | 15:117db924cf7c | 2869 | int count; /* total number in chain */ |
wolfSSL | 15:117db924cf7c | 2870 | x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */ |
wolfSSL | 15:117db924cf7c | 2871 | }; |
wolfSSL | 15:117db924cf7c | 2872 | |
wolfSSL | 15:117db924cf7c | 2873 | |
wolfSSL | 15:117db924cf7c | 2874 | /* wolfSSL session type */ |
wolfSSL | 15:117db924cf7c | 2875 | struct WOLFSSL_SESSION { |
wolfSSL | 15:117db924cf7c | 2876 | word32 bornOn; /* create time in seconds */ |
wolfSSL | 15:117db924cf7c | 2877 | word32 timeout; /* timeout in seconds */ |
wolfSSL | 15:117db924cf7c | 2878 | byte sessionID[ID_LEN]; /* id for protocol */ |
wolfSSL | 15:117db924cf7c | 2879 | byte sessionIDSz; |
wolfSSL | 15:117db924cf7c | 2880 | byte masterSecret[SECRET_LEN]; /* stored secret */ |
wolfSSL | 15:117db924cf7c | 2881 | word16 haveEMS; /* ext master secret flag */ |
wolfSSL | 15:117db924cf7c | 2882 | #ifdef SESSION_CERTS |
wolfSSL | 15:117db924cf7c | 2883 | WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ |
wolfSSL | 15:117db924cf7c | 2884 | #ifdef WOLFSSL_ALT_CERT_CHAINS |
wolfSSL | 15:117db924cf7c | 2885 | WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */ |
wolfSSL | 15:117db924cf7c | 2886 | #endif |
wolfSSL | 15:117db924cf7c | 2887 | #endif |
wolfSSL | 15:117db924cf7c | 2888 | #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ |
wolfSSL | 15:117db924cf7c | 2889 | defined(HAVE_SESSION_TICKET)) |
wolfSSL | 15:117db924cf7c | 2890 | ProtocolVersion version; /* which version was used */ |
wolfSSL | 15:117db924cf7c | 2891 | byte cipherSuite0; /* first byte, normally 0 */ |
wolfSSL | 15:117db924cf7c | 2892 | byte cipherSuite; /* 2nd byte, actual suite */ |
wolfSSL | 15:117db924cf7c | 2893 | #endif |
wolfSSL | 15:117db924cf7c | 2894 | #ifndef NO_CLIENT_CACHE |
wolfSSL | 15:117db924cf7c | 2895 | word16 idLen; /* serverID length */ |
wolfSSL | 15:117db924cf7c | 2896 | byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ |
wolfSSL | 15:117db924cf7c | 2897 | #endif |
wolfSSL | 15:117db924cf7c | 2898 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 2899 | byte sessionCtxSz; /* sessionCtx length */ |
wolfSSL | 15:117db924cf7c | 2900 | byte sessionCtx[ID_LEN]; /* app specific context id */ |
wolfSSL | 15:117db924cf7c | 2901 | #endif |
wolfSSL | 15:117db924cf7c | 2902 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 2903 | word16 namedGroup; |
wolfSSL | 15:117db924cf7c | 2904 | #endif |
wolfSSL | 15:117db924cf7c | 2905 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 2906 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 2907 | word32 ticketSeen; /* Time ticket seen (ms) */ |
wolfSSL | 15:117db924cf7c | 2908 | word32 ticketAdd; /* Added by client */ |
wolfSSL | 15:117db924cf7c | 2909 | #ifndef WOLFSSL_TLS13_DRAFT_18 |
wolfSSL | 15:117db924cf7c | 2910 | TicketNonce ticketNonce; /* Nonce used to derive PSK */ |
wolfSSL | 15:117db924cf7c | 2911 | #endif |
wolfSSL | 15:117db924cf7c | 2912 | #endif |
wolfSSL | 15:117db924cf7c | 2913 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 2914 | word32 maxEarlyDataSz; |
wolfSSL | 15:117db924cf7c | 2915 | #endif |
wolfSSL | 15:117db924cf7c | 2916 | #endif |
wolfSSL | 15:117db924cf7c | 2917 | #ifdef HAVE_SESSION_TICKET |
wolfSSL | 15:117db924cf7c | 2918 | byte* ticket; |
wolfSSL | 15:117db924cf7c | 2919 | word16 ticketLen; |
wolfSSL | 15:117db924cf7c | 2920 | byte staticTicket[SESSION_TICKET_LEN]; |
wolfSSL | 15:117db924cf7c | 2921 | byte isDynamic; |
wolfSSL | 15:117db924cf7c | 2922 | #endif |
wolfSSL | 15:117db924cf7c | 2923 | #ifdef HAVE_EXT_CACHE |
wolfSSL | 15:117db924cf7c | 2924 | byte isAlloced; |
wolfSSL | 15:117db924cf7c | 2925 | #endif |
wolfSSL | 15:117db924cf7c | 2926 | #ifdef HAVE_EX_DATA |
wolfSSL | 15:117db924cf7c | 2927 | void* ex_data[MAX_EX_DATA]; |
wolfSSL | 15:117db924cf7c | 2928 | #endif |
wolfSSL | 15:117db924cf7c | 2929 | }; |
wolfSSL | 15:117db924cf7c | 2930 | |
wolfSSL | 15:117db924cf7c | 2931 | |
wolfSSL | 15:117db924cf7c | 2932 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 2933 | WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); |
wolfSSL | 15:117db924cf7c | 2934 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 2935 | int SetSession(WOLFSSL*, WOLFSSL_SESSION*); |
wolfSSL | 15:117db924cf7c | 2936 | |
wolfSSL | 15:117db924cf7c | 2937 | typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int); |
wolfSSL | 15:117db924cf7c | 2938 | |
wolfSSL | 15:117db924cf7c | 2939 | #ifndef NO_CLIENT_CACHE |
wolfSSL | 15:117db924cf7c | 2940 | WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); |
wolfSSL | 15:117db924cf7c | 2941 | #endif |
wolfSSL | 15:117db924cf7c | 2942 | |
wolfSSL | 15:117db924cf7c | 2943 | /* client connect state for nonblocking restart */ |
wolfSSL | 15:117db924cf7c | 2944 | enum ConnectState { |
wolfSSL | 15:117db924cf7c | 2945 | CONNECT_BEGIN = 0, |
wolfSSL | 15:117db924cf7c | 2946 | CLIENT_HELLO_SENT, |
wolfSSL | 15:117db924cf7c | 2947 | HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */ |
wolfSSL | 15:117db924cf7c | 2948 | HELLO_AGAIN_REPLY, |
wolfSSL | 15:117db924cf7c | 2949 | FIRST_REPLY_DONE, |
wolfSSL | 15:117db924cf7c | 2950 | FIRST_REPLY_FIRST, |
wolfSSL | 15:117db924cf7c | 2951 | FIRST_REPLY_SECOND, |
wolfSSL | 15:117db924cf7c | 2952 | FIRST_REPLY_THIRD, |
wolfSSL | 15:117db924cf7c | 2953 | FIRST_REPLY_FOURTH, |
wolfSSL | 15:117db924cf7c | 2954 | FINISHED_DONE, |
wolfSSL | 15:117db924cf7c | 2955 | SECOND_REPLY_DONE |
wolfSSL | 15:117db924cf7c | 2956 | }; |
wolfSSL | 15:117db924cf7c | 2957 | |
wolfSSL | 15:117db924cf7c | 2958 | |
wolfSSL | 15:117db924cf7c | 2959 | /* server accept state for nonblocking restart */ |
wolfSSL | 15:117db924cf7c | 2960 | enum AcceptState { |
wolfSSL | 15:117db924cf7c | 2961 | ACCEPT_BEGIN = 0, |
wolfSSL | 15:117db924cf7c | 2962 | ACCEPT_CLIENT_HELLO_DONE, |
wolfSSL | 15:117db924cf7c | 2963 | ACCEPT_HELLO_RETRY_REQUEST_DONE, |
wolfSSL | 15:117db924cf7c | 2964 | ACCEPT_FIRST_REPLY_DONE, |
wolfSSL | 15:117db924cf7c | 2965 | SERVER_HELLO_SENT, |
wolfSSL | 15:117db924cf7c | 2966 | SERVER_EXTENSIONS_SENT, |
wolfSSL | 15:117db924cf7c | 2967 | CERT_SENT, |
wolfSSL | 15:117db924cf7c | 2968 | CERT_VERIFY_SENT, |
wolfSSL | 15:117db924cf7c | 2969 | CERT_STATUS_SENT, |
wolfSSL | 15:117db924cf7c | 2970 | KEY_EXCHANGE_SENT, |
wolfSSL | 15:117db924cf7c | 2971 | CERT_REQ_SENT, |
wolfSSL | 15:117db924cf7c | 2972 | SERVER_HELLO_DONE, |
wolfSSL | 15:117db924cf7c | 2973 | ACCEPT_SECOND_REPLY_DONE, |
wolfSSL | 15:117db924cf7c | 2974 | TICKET_SENT, |
wolfSSL | 15:117db924cf7c | 2975 | CHANGE_CIPHER_SENT, |
wolfSSL | 15:117db924cf7c | 2976 | ACCEPT_FINISHED_DONE, |
wolfSSL | 15:117db924cf7c | 2977 | ACCEPT_THIRD_REPLY_DONE |
wolfSSL | 15:117db924cf7c | 2978 | }; |
wolfSSL | 15:117db924cf7c | 2979 | |
wolfSSL | 15:117db924cf7c | 2980 | /* TLS 1.3 server accept state for nonblocking restart */ |
wolfSSL | 15:117db924cf7c | 2981 | enum AcceptStateTls13 { |
wolfSSL | 15:117db924cf7c | 2982 | TLS13_ACCEPT_BEGIN = 0, |
wolfSSL | 15:117db924cf7c | 2983 | TLS13_ACCEPT_CLIENT_HELLO_DONE, |
wolfSSL | 15:117db924cf7c | 2984 | TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE, |
wolfSSL | 15:117db924cf7c | 2985 | TLS13_ACCEPT_FIRST_REPLY_DONE, |
wolfSSL | 15:117db924cf7c | 2986 | TLS13_ACCEPT_SECOND_REPLY_DONE, |
wolfSSL | 15:117db924cf7c | 2987 | TLS13_SERVER_HELLO_SENT, |
wolfSSL | 15:117db924cf7c | 2988 | TLS13_ACCEPT_THIRD_REPLY_DONE, |
wolfSSL | 15:117db924cf7c | 2989 | TLS13_SERVER_EXTENSIONS_SENT, |
wolfSSL | 15:117db924cf7c | 2990 | TLS13_CERT_REQ_SENT, |
wolfSSL | 15:117db924cf7c | 2991 | TLS13_CERT_SENT, |
wolfSSL | 15:117db924cf7c | 2992 | TLS13_CERT_VERIFY_SENT, |
wolfSSL | 15:117db924cf7c | 2993 | TLS13_ACCEPT_FINISHED_SENT, |
wolfSSL | 15:117db924cf7c | 2994 | TLS13_PRE_TICKET_SENT, |
wolfSSL | 15:117db924cf7c | 2995 | TLS13_ACCEPT_FINISHED_DONE, |
wolfSSL | 15:117db924cf7c | 2996 | TLS13_TICKET_SENT |
wolfSSL | 15:117db924cf7c | 2997 | }; |
wolfSSL | 15:117db924cf7c | 2998 | |
wolfSSL | 15:117db924cf7c | 2999 | /* buffers for struct WOLFSSL */ |
wolfSSL | 15:117db924cf7c | 3000 | typedef struct Buffers { |
wolfSSL | 15:117db924cf7c | 3001 | bufferStatic inputBuffer; |
wolfSSL | 15:117db924cf7c | 3002 | bufferStatic outputBuffer; |
wolfSSL | 15:117db924cf7c | 3003 | buffer domainName; /* for client check */ |
wolfSSL | 15:117db924cf7c | 3004 | buffer clearOutputBuffer; |
wolfSSL | 15:117db924cf7c | 3005 | buffer sig; /* signature data */ |
wolfSSL | 15:117db924cf7c | 3006 | buffer digest; /* digest data */ |
wolfSSL | 15:117db924cf7c | 3007 | int prevSent; /* previous plain text bytes sent |
wolfSSL | 15:117db924cf7c | 3008 | when got WANT_WRITE */ |
wolfSSL | 15:117db924cf7c | 3009 | int plainSz; /* plain text bytes in buffer to send |
wolfSSL | 15:117db924cf7c | 3010 | when got WANT_WRITE */ |
wolfSSL | 15:117db924cf7c | 3011 | byte weOwnCert; /* SSL own cert flag */ |
wolfSSL | 15:117db924cf7c | 3012 | byte weOwnCertChain; /* SSL own cert chain flag */ |
wolfSSL | 15:117db924cf7c | 3013 | byte weOwnKey; /* SSL own key flag */ |
wolfSSL | 15:117db924cf7c | 3014 | byte weOwnDH; /* SSL own dh (p,g) flag */ |
wolfSSL | 15:117db924cf7c | 3015 | #ifndef NO_DH |
wolfSSL | 15:117db924cf7c | 3016 | buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */ |
wolfSSL | 15:117db924cf7c | 3017 | buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */ |
wolfSSL | 15:117db924cf7c | 3018 | buffer serverDH_Pub; |
wolfSSL | 15:117db924cf7c | 3019 | buffer serverDH_Priv; |
wolfSSL | 15:117db924cf7c | 3020 | DhKey* serverDH_Key; |
wolfSSL | 15:117db924cf7c | 3021 | #endif |
wolfSSL | 15:117db924cf7c | 3022 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 3023 | DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */ |
wolfSSL | 15:117db924cf7c | 3024 | DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */ |
wolfSSL | 15:117db924cf7c | 3025 | byte keyType; /* Type of key: RSA, ECC, Ed25519 */ |
wolfSSL | 15:117db924cf7c | 3026 | int keySz; /* Size of RSA key */ |
wolfSSL | 15:117db924cf7c | 3027 | DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */ |
wolfSSL | 15:117db924cf7c | 3028 | /* chain after self, in DER, with leading size for each cert */ |
wolfSSL | 15:117db924cf7c | 3029 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 3030 | int certChainCnt; |
wolfSSL | 15:117db924cf7c | 3031 | DerBuffer* certExts; |
wolfSSL | 15:117db924cf7c | 3032 | #endif |
wolfSSL | 15:117db924cf7c | 3033 | #endif |
wolfSSL | 15:117db924cf7c | 3034 | #ifdef WOLFSSL_SEND_HRR_COOKIE |
wolfSSL | 15:117db924cf7c | 3035 | buffer tls13CookieSecret; /* HRR cookie secret */ |
wolfSSL | 15:117db924cf7c | 3036 | #endif |
wolfSSL | 15:117db924cf7c | 3037 | #ifdef WOLFSSL_DTLS |
wolfSSL | 15:117db924cf7c | 3038 | WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */ |
wolfSSL | 15:117db924cf7c | 3039 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 3040 | buffer dtlsCookieSecret; /* DTLS cookie secret */ |
wolfSSL | 15:117db924cf7c | 3041 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 15:117db924cf7c | 3042 | #endif |
wolfSSL | 15:117db924cf7c | 3043 | #ifdef HAVE_PK_CALLBACKS |
wolfSSL | 15:117db924cf7c | 3044 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 3045 | buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */ |
wolfSSL | 15:117db924cf7c | 3046 | #endif /* HAVE_ECC */ |
wolfSSL | 15:117db924cf7c | 3047 | #ifdef HAVE_ED25519 |
wolfSSL | 15:117db924cf7c | 3048 | buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */ |
wolfSSL | 15:117db924cf7c | 3049 | #endif /* HAVE_ED25519 */ |
wolfSSL | 15:117db924cf7c | 3050 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 3051 | buffer peerRsaKey; /* we own for Rsa Verify Callbacks */ |
wolfSSL | 15:117db924cf7c | 3052 | #endif /* NO_RSA */ |
wolfSSL | 15:117db924cf7c | 3053 | #endif /* HAVE_PK_CALLBACKS */ |
wolfSSL | 15:117db924cf7c | 3054 | } Buffers; |
wolfSSL | 15:117db924cf7c | 3055 | |
wolfSSL | 15:117db924cf7c | 3056 | /* sub-states for send/do key share (key exchange) */ |
wolfSSL | 15:117db924cf7c | 3057 | enum asyncState { |
wolfSSL | 15:117db924cf7c | 3058 | TLS_ASYNC_BEGIN = 0, |
wolfSSL | 15:117db924cf7c | 3059 | TLS_ASYNC_BUILD, |
wolfSSL | 15:117db924cf7c | 3060 | TLS_ASYNC_DO, |
wolfSSL | 15:117db924cf7c | 3061 | TLS_ASYNC_VERIFY, |
wolfSSL | 15:117db924cf7c | 3062 | TLS_ASYNC_FINALIZE, |
wolfSSL | 15:117db924cf7c | 3063 | TLS_ASYNC_END |
wolfSSL | 15:117db924cf7c | 3064 | }; |
wolfSSL | 15:117db924cf7c | 3065 | |
wolfSSL | 15:117db924cf7c | 3066 | /* sub-states for build message */ |
wolfSSL | 15:117db924cf7c | 3067 | enum buildMsgState { |
wolfSSL | 15:117db924cf7c | 3068 | BUILD_MSG_BEGIN = 0, |
wolfSSL | 15:117db924cf7c | 3069 | BUILD_MSG_SIZE, |
wolfSSL | 15:117db924cf7c | 3070 | BUILD_MSG_HASH, |
wolfSSL | 15:117db924cf7c | 3071 | BUILD_MSG_VERIFY_MAC, |
wolfSSL | 15:117db924cf7c | 3072 | BUILD_MSG_ENCRYPT, |
wolfSSL | 15:117db924cf7c | 3073 | }; |
wolfSSL | 15:117db924cf7c | 3074 | |
wolfSSL | 15:117db924cf7c | 3075 | /* sub-states for cipher operations */ |
wolfSSL | 15:117db924cf7c | 3076 | enum cipherState { |
wolfSSL | 15:117db924cf7c | 3077 | CIPHER_STATE_BEGIN = 0, |
wolfSSL | 15:117db924cf7c | 3078 | CIPHER_STATE_DO, |
wolfSSL | 15:117db924cf7c | 3079 | CIPHER_STATE_END, |
wolfSSL | 15:117db924cf7c | 3080 | }; |
wolfSSL | 15:117db924cf7c | 3081 | |
wolfSSL | 15:117db924cf7c | 3082 | typedef struct Options { |
wolfSSL | 15:117db924cf7c | 3083 | #ifndef NO_PSK |
wolfSSL | 15:117db924cf7c | 3084 | wc_psk_client_callback client_psk_cb; |
wolfSSL | 15:117db924cf7c | 3085 | wc_psk_server_callback server_psk_cb; |
wolfSSL | 15:117db924cf7c | 3086 | #endif /* NO_PSK */ |
wolfSSL | 15:117db924cf7c | 3087 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 3088 | unsigned long mask; /* store SSL_OP_ flags */ |
wolfSSL | 15:117db924cf7c | 3089 | #endif |
wolfSSL | 15:117db924cf7c | 3090 | |
wolfSSL | 15:117db924cf7c | 3091 | /* on/off or small bit flags, optimize layout */ |
wolfSSL | 15:117db924cf7c | 3092 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 3093 | word16 havePSK:1; /* psk key set by user */ |
wolfSSL | 15:117db924cf7c | 3094 | #endif /* HAVE_SESSION_TICKET || !NO_PSK */ |
wolfSSL | 15:117db924cf7c | 3095 | word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */ |
wolfSSL | 15:117db924cf7c | 3096 | word16 sessionCacheOff:1; |
wolfSSL | 15:117db924cf7c | 3097 | word16 sessionCacheFlushOff:1; |
wolfSSL | 15:117db924cf7c | 3098 | #ifdef HAVE_EXT_CACHE |
wolfSSL | 15:117db924cf7c | 3099 | word16 internalCacheOff:1; |
wolfSSL | 15:117db924cf7c | 3100 | #endif |
wolfSSL | 15:117db924cf7c | 3101 | word16 side:1; /* client or server end */ |
wolfSSL | 15:117db924cf7c | 3102 | word16 verifyPeer:1; |
wolfSSL | 15:117db924cf7c | 3103 | word16 verifyNone:1; |
wolfSSL | 15:117db924cf7c | 3104 | word16 failNoCert:1; |
wolfSSL | 15:117db924cf7c | 3105 | word16 failNoCertxPSK:1; /* fail for no cert except with PSK */ |
wolfSSL | 15:117db924cf7c | 3106 | word16 downgrade:1; /* allow downgrade of versions */ |
wolfSSL | 15:117db924cf7c | 3107 | word16 resuming:1; |
wolfSSL | 15:117db924cf7c | 3108 | word16 haveSessionId:1; /* server may not send */ |
wolfSSL | 15:117db924cf7c | 3109 | word16 tls:1; /* using TLS ? */ |
wolfSSL | 15:117db924cf7c | 3110 | word16 tls1_1:1; /* using TLSv1.1+ ? */ |
wolfSSL | 15:117db924cf7c | 3111 | word16 tls1_3:1; /* using TLSv1.3+ ? */ |
wolfSSL | 15:117db924cf7c | 3112 | word16 dtls:1; /* using datagrams ? */ |
wolfSSL | 15:117db924cf7c | 3113 | word16 connReset:1; /* has the peer reset */ |
wolfSSL | 15:117db924cf7c | 3114 | word16 isClosed:1; /* if we consider conn closed */ |
wolfSSL | 15:117db924cf7c | 3115 | word16 closeNotify:1; /* we've received a close notify */ |
wolfSSL | 15:117db924cf7c | 3116 | word16 sentNotify:1; /* we've sent a close notify */ |
wolfSSL | 15:117db924cf7c | 3117 | word16 usingCompression:1; /* are we using compression */ |
wolfSSL | 15:117db924cf7c | 3118 | word16 haveRSA:1; /* RSA available */ |
wolfSSL | 15:117db924cf7c | 3119 | word16 haveECC:1; /* ECC available */ |
wolfSSL | 15:117db924cf7c | 3120 | word16 haveDH:1; /* server DH parms set by user */ |
wolfSSL | 15:117db924cf7c | 3121 | word16 haveNTRU:1; /* server NTRU private key loaded */ |
wolfSSL | 15:117db924cf7c | 3122 | word16 haveQSH:1; /* have QSH ability */ |
wolfSSL | 15:117db924cf7c | 3123 | word16 haveECDSAsig:1; /* server ECDSA signed cert */ |
wolfSSL | 15:117db924cf7c | 3124 | word16 haveStaticECC:1; /* static server ECC private key */ |
wolfSSL | 15:117db924cf7c | 3125 | word16 havePeerCert:1; /* do we have peer's cert */ |
wolfSSL | 15:117db924cf7c | 3126 | word16 havePeerVerify:1; /* and peer's cert verify */ |
wolfSSL | 15:117db924cf7c | 3127 | word16 usingPSK_cipher:1; /* are using psk as cipher */ |
wolfSSL | 15:117db924cf7c | 3128 | word16 usingAnon_cipher:1; /* are we using an anon cipher */ |
wolfSSL | 15:117db924cf7c | 3129 | word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */ |
wolfSSL | 15:117db924cf7c | 3130 | word16 sendAlertState:1; /* nonblocking resume */ |
wolfSSL | 15:117db924cf7c | 3131 | word16 partialWrite:1; /* only one msg per write call */ |
wolfSSL | 15:117db924cf7c | 3132 | word16 quietShutdown:1; /* don't send close notify */ |
wolfSSL | 15:117db924cf7c | 3133 | word16 certOnly:1; /* stop once we get cert */ |
wolfSSL | 15:117db924cf7c | 3134 | word16 groupMessages:1; /* group handshake messages */ |
wolfSSL | 15:117db924cf7c | 3135 | word16 saveArrays:1; /* save array Memory for user get keys |
wolfSSL | 15:117db924cf7c | 3136 | or psk */ |
wolfSSL | 15:117db924cf7c | 3137 | word16 weOwnRng:1; /* will be true unless CTX owns */ |
wolfSSL | 15:117db924cf7c | 3138 | word16 haveEMS:1; /* using extended master secret */ |
wolfSSL | 15:117db924cf7c | 3139 | #ifdef HAVE_POLY1305 |
wolfSSL | 15:117db924cf7c | 3140 | word16 oldPoly:1; /* set when to use old rfc way of poly*/ |
wolfSSL | 15:117db924cf7c | 3141 | #endif |
wolfSSL | 15:117db924cf7c | 3142 | #ifdef HAVE_ANON |
wolfSSL | 15:117db924cf7c | 3143 | word16 haveAnon:1; /* User wants to allow Anon suites */ |
wolfSSL | 15:117db924cf7c | 3144 | #endif |
wolfSSL | 15:117db924cf7c | 3145 | #ifdef HAVE_SESSION_TICKET |
wolfSSL | 15:117db924cf7c | 3146 | word16 createTicket:1; /* Server to create new Ticket */ |
wolfSSL | 15:117db924cf7c | 3147 | word16 useTicket:1; /* Use Ticket not session cache */ |
wolfSSL | 15:117db924cf7c | 3148 | word16 rejectTicket:1; /* Callback rejected ticket */ |
wolfSSL | 15:117db924cf7c | 3149 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 3150 | word16 noTicketTls13:1; /* Server won't create new Ticket */ |
wolfSSL | 15:117db924cf7c | 3151 | #endif |
wolfSSL | 15:117db924cf7c | 3152 | #endif |
wolfSSL | 15:117db924cf7c | 3153 | #ifdef WOLFSSL_DTLS |
wolfSSL | 15:117db924cf7c | 3154 | word16 dtlsUseNonblock:1; /* are we using nonblocking socket */ |
wolfSSL | 15:117db924cf7c | 3155 | word16 dtlsHsRetain:1; /* DTLS retaining HS data */ |
wolfSSL | 15:117db924cf7c | 3156 | word16 haveMcast:1; /* using multicast ? */ |
wolfSSL | 15:117db924cf7c | 3157 | #ifdef WOLFSSL_SCTP |
wolfSSL | 15:117db924cf7c | 3158 | word16 dtlsSctp:1; /* DTLS-over-SCTP mode */ |
wolfSSL | 15:117db924cf7c | 3159 | #endif |
wolfSSL | 15:117db924cf7c | 3160 | #endif |
wolfSSL | 15:117db924cf7c | 3161 | #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES) |
wolfSSL | 15:117db924cf7c | 3162 | word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */ |
wolfSSL | 15:117db924cf7c | 3163 | #endif |
wolfSSL | 15:117db924cf7c | 3164 | word16 keepResources:1; /* Keep resources after handshake */ |
wolfSSL | 15:117db924cf7c | 3165 | word16 useClientOrder:1; /* Use client's cipher order */ |
wolfSSL | 15:117db924cf7c | 3166 | #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) |
wolfSSL | 15:117db924cf7c | 3167 | word16 postHandshakeAuth:1;/* Client send post_handshake_auth |
wolfSSL | 15:117db924cf7c | 3168 | * extendion. */ |
wolfSSL | 15:117db924cf7c | 3169 | #endif |
wolfSSL | 15:117db924cf7c | 3170 | #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 15:117db924cf7c | 3171 | word16 sendCookie:1; /* Server creates a Cookie in HRR */ |
wolfSSL | 15:117db924cf7c | 3172 | #endif |
wolfSSL | 15:117db924cf7c | 3173 | #ifdef WOLFSSL_ALT_CERT_CHAINS |
wolfSSL | 15:117db924cf7c | 3174 | word16 usingAltCertChain:1;/* Alternate cert chain was used */ |
wolfSSL | 15:117db924cf7c | 3175 | #endif |
wolfSSL | 15:117db924cf7c | 3176 | #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) |
wolfSSL | 15:117db924cf7c | 3177 | word16 sentChangeCipher:1; /* Change Cipher Spec sent */ |
wolfSSL | 15:117db924cf7c | 3178 | #endif |
wolfSSL | 15:117db924cf7c | 3179 | #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ |
wolfSSL | 15:117db924cf7c | 3180 | !defined(NO_ED25519_CLIENT_AUTH) |
wolfSSL | 15:117db924cf7c | 3181 | word16 cacheMessages:1; /* Cache messages for sign/verify */ |
wolfSSL | 15:117db924cf7c | 3182 | #endif |
wolfSSL | 15:117db924cf7c | 3183 | |
wolfSSL | 15:117db924cf7c | 3184 | /* need full byte values for this section */ |
wolfSSL | 15:117db924cf7c | 3185 | byte processReply; /* nonblocking resume */ |
wolfSSL | 15:117db924cf7c | 3186 | byte cipherSuite0; /* first byte, normally 0 */ |
wolfSSL | 15:117db924cf7c | 3187 | byte cipherSuite; /* second byte, actual suite */ |
wolfSSL | 15:117db924cf7c | 3188 | byte serverState; |
wolfSSL | 15:117db924cf7c | 3189 | byte clientState; |
wolfSSL | 15:117db924cf7c | 3190 | byte handShakeState; |
wolfSSL | 15:117db924cf7c | 3191 | byte handShakeDone; /* at least one handshake complete */ |
wolfSSL | 15:117db924cf7c | 3192 | byte minDowngrade; /* minimum downgrade version */ |
wolfSSL | 15:117db924cf7c | 3193 | byte connectState; /* nonblocking resume */ |
wolfSSL | 15:117db924cf7c | 3194 | byte acceptState; /* nonblocking resume */ |
wolfSSL | 15:117db924cf7c | 3195 | byte asyncState; /* sub-state for enum asyncState */ |
wolfSSL | 15:117db924cf7c | 3196 | byte buildMsgState; /* sub-state for enum buildMsgState */ |
wolfSSL | 15:117db924cf7c | 3197 | byte alertCount; /* detect warning dos attempt */ |
wolfSSL | 15:117db924cf7c | 3198 | #ifdef WOLFSSL_MULTICAST |
wolfSSL | 15:117db924cf7c | 3199 | word16 mcastID; /* Multicast group ID */ |
wolfSSL | 15:117db924cf7c | 3200 | #endif |
wolfSSL | 15:117db924cf7c | 3201 | #ifndef NO_DH |
wolfSSL | 15:117db924cf7c | 3202 | word16 minDhKeySz; /* minimum DH key size */ |
wolfSSL | 15:117db924cf7c | 3203 | word16 maxDhKeySz; /* minimum DH key size */ |
wolfSSL | 15:117db924cf7c | 3204 | word16 dhKeySz; /* actual DH key size */ |
wolfSSL | 15:117db924cf7c | 3205 | #endif |
wolfSSL | 15:117db924cf7c | 3206 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 3207 | short minRsaKeySz; /* minimum RSA key size */ |
wolfSSL | 15:117db924cf7c | 3208 | #endif |
wolfSSL | 15:117db924cf7c | 3209 | #if defined(HAVE_ECC) || defined(HAVE_ED25519) |
wolfSSL | 15:117db924cf7c | 3210 | short minEccKeySz; /* minimum ECC key size */ |
wolfSSL | 15:117db924cf7c | 3211 | #endif |
wolfSSL | 15:117db924cf7c | 3212 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 3213 | byte verifyDepth; /* maximum verification depth */ |
wolfSSL | 15:117db924cf7c | 3214 | #endif |
wolfSSL | 15:117db924cf7c | 3215 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 3216 | word16 pskIdIndex; |
wolfSSL | 15:117db924cf7c | 3217 | word32 maxEarlyDataSz; |
wolfSSL | 15:117db924cf7c | 3218 | #endif |
wolfSSL | 15:117db924cf7c | 3219 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 3220 | byte oldMinor; /* client preferred version < TLS 1.3 */ |
wolfSSL | 15:117db924cf7c | 3221 | #endif |
wolfSSL | 15:117db924cf7c | 3222 | } Options; |
wolfSSL | 15:117db924cf7c | 3223 | |
wolfSSL | 15:117db924cf7c | 3224 | typedef struct Arrays { |
wolfSSL | 15:117db924cf7c | 3225 | byte* pendingMsg; /* defrag buffer */ |
wolfSSL | 15:117db924cf7c | 3226 | byte* preMasterSecret; |
wolfSSL | 15:117db924cf7c | 3227 | word32 preMasterSz; /* differs for DH, actual size */ |
wolfSSL | 15:117db924cf7c | 3228 | word32 pendingMsgSz; /* defrag buffer size */ |
wolfSSL | 15:117db924cf7c | 3229 | word32 pendingMsgOffset; /* current offset into defrag buffer */ |
wolfSSL | 15:117db924cf7c | 3230 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 3231 | word32 psk_keySz; /* actual size */ |
wolfSSL | 15:117db924cf7c | 3232 | char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN]; |
wolfSSL | 15:117db924cf7c | 3233 | char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; |
wolfSSL | 15:117db924cf7c | 3234 | byte psk_key[MAX_PSK_KEY_LEN]; |
wolfSSL | 15:117db924cf7c | 3235 | #endif |
wolfSSL | 15:117db924cf7c | 3236 | byte clientRandom[RAN_LEN]; |
wolfSSL | 15:117db924cf7c | 3237 | byte serverRandom[RAN_LEN]; |
wolfSSL | 15:117db924cf7c | 3238 | byte sessionID[ID_LEN]; |
wolfSSL | 15:117db924cf7c | 3239 | byte sessionIDSz; |
wolfSSL | 15:117db924cf7c | 3240 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 3241 | byte clientSecret[SECRET_LEN]; |
wolfSSL | 15:117db924cf7c | 3242 | byte serverSecret[SECRET_LEN]; |
wolfSSL | 15:117db924cf7c | 3243 | byte secret[SECRET_LEN]; |
wolfSSL | 15:117db924cf7c | 3244 | #endif |
wolfSSL | 15:117db924cf7c | 3245 | byte masterSecret[SECRET_LEN]; |
wolfSSL | 15:117db924cf7c | 3246 | #ifdef WOLFSSL_DTLS |
wolfSSL | 15:117db924cf7c | 3247 | byte cookie[MAX_COOKIE_LEN]; |
wolfSSL | 15:117db924cf7c | 3248 | byte cookieSz; |
wolfSSL | 15:117db924cf7c | 3249 | #endif |
wolfSSL | 15:117db924cf7c | 3250 | byte pendingMsgType; /* defrag buffer message type */ |
wolfSSL | 15:117db924cf7c | 3251 | } Arrays; |
wolfSSL | 15:117db924cf7c | 3252 | |
wolfSSL | 15:117db924cf7c | 3253 | #ifndef ASN_NAME_MAX |
wolfSSL | 15:117db924cf7c | 3254 | #define ASN_NAME_MAX 256 |
wolfSSL | 15:117db924cf7c | 3255 | #endif |
wolfSSL | 15:117db924cf7c | 3256 | |
wolfSSL | 15:117db924cf7c | 3257 | #ifndef MAX_DATE_SZ |
wolfSSL | 15:117db924cf7c | 3258 | #define MAX_DATE_SZ 32 |
wolfSSL | 15:117db924cf7c | 3259 | #endif |
wolfSSL | 15:117db924cf7c | 3260 | |
wolfSSL | 15:117db924cf7c | 3261 | struct WOLFSSL_STACK { |
wolfSSL | 15:117db924cf7c | 3262 | unsigned long num; /* number of nodes in stack |
wolfSSL | 15:117db924cf7c | 3263 | * (saftey measure for freeing and shortcut for count) */ |
wolfSSL | 15:117db924cf7c | 3264 | union { |
wolfSSL | 15:117db924cf7c | 3265 | WOLFSSL_X509* x509; |
wolfSSL | 15:117db924cf7c | 3266 | WOLFSSL_X509_NAME* name; |
wolfSSL | 15:117db924cf7c | 3267 | WOLFSSL_BIO* bio; |
wolfSSL | 15:117db924cf7c | 3268 | WOLFSSL_ASN1_OBJECT* obj; |
wolfSSL | 15:117db924cf7c | 3269 | char* string; |
wolfSSL | 15:117db924cf7c | 3270 | } data; |
wolfSSL | 15:117db924cf7c | 3271 | WOLFSSL_STACK* next; |
wolfSSL | 15:117db924cf7c | 3272 | }; |
wolfSSL | 15:117db924cf7c | 3273 | |
wolfSSL | 15:117db924cf7c | 3274 | |
wolfSSL | 15:117db924cf7c | 3275 | struct WOLFSSL_X509_NAME { |
wolfSSL | 15:117db924cf7c | 3276 | char *name; |
wolfSSL | 15:117db924cf7c | 3277 | int dynamicName; |
wolfSSL | 15:117db924cf7c | 3278 | int sz; |
wolfSSL | 15:117db924cf7c | 3279 | char staticName[ASN_NAME_MAX]; |
wolfSSL | 15:117db924cf7c | 3280 | #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ |
wolfSSL | 15:117db924cf7c | 3281 | !defined(NO_ASN) |
wolfSSL | 15:117db924cf7c | 3282 | DecodedName fullName; |
wolfSSL | 15:117db924cf7c | 3283 | WOLFSSL_X509_NAME_ENTRY cnEntry; |
wolfSSL | 15:117db924cf7c | 3284 | WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */ |
wolfSSL | 15:117db924cf7c | 3285 | WOLFSSL_X509* x509; /* x509 that struct belongs to */ |
wolfSSL | 15:117db924cf7c | 3286 | #endif /* OPENSSL_EXTRA */ |
wolfSSL | 15:117db924cf7c | 3287 | #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) |
wolfSSL | 15:117db924cf7c | 3288 | byte raw[ASN_NAME_MAX]; |
wolfSSL | 15:117db924cf7c | 3289 | int rawLen; |
wolfSSL | 15:117db924cf7c | 3290 | #endif |
wolfSSL | 15:117db924cf7c | 3291 | }; |
wolfSSL | 15:117db924cf7c | 3292 | |
wolfSSL | 15:117db924cf7c | 3293 | #ifndef EXTERNAL_SERIAL_SIZE |
wolfSSL | 15:117db924cf7c | 3294 | #define EXTERNAL_SERIAL_SIZE 32 |
wolfSSL | 15:117db924cf7c | 3295 | #endif |
wolfSSL | 15:117db924cf7c | 3296 | |
wolfSSL | 15:117db924cf7c | 3297 | #ifdef NO_ASN |
wolfSSL | 15:117db924cf7c | 3298 | typedef struct DNS_entry DNS_entry; |
wolfSSL | 15:117db924cf7c | 3299 | #endif |
wolfSSL | 15:117db924cf7c | 3300 | |
wolfSSL | 15:117db924cf7c | 3301 | struct WOLFSSL_X509 { |
wolfSSL | 15:117db924cf7c | 3302 | int version; |
wolfSSL | 15:117db924cf7c | 3303 | int serialSz; |
wolfSSL | 15:117db924cf7c | 3304 | #ifdef WOLFSSL_SEP |
wolfSSL | 15:117db924cf7c | 3305 | int deviceTypeSz; |
wolfSSL | 15:117db924cf7c | 3306 | int hwTypeSz; |
wolfSSL | 15:117db924cf7c | 3307 | byte deviceType[EXTERNAL_SERIAL_SIZE]; |
wolfSSL | 15:117db924cf7c | 3308 | byte hwType[EXTERNAL_SERIAL_SIZE]; |
wolfSSL | 15:117db924cf7c | 3309 | int hwSerialNumSz; |
wolfSSL | 15:117db924cf7c | 3310 | byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; |
wolfSSL | 15:117db924cf7c | 3311 | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
wolfSSL | 15:117db924cf7c | 3312 | byte certPolicySet; |
wolfSSL | 15:117db924cf7c | 3313 | byte certPolicyCrit; |
wolfSSL | 15:117db924cf7c | 3314 | #endif /* OPENSSL_EXTRA */ |
wolfSSL | 15:117db924cf7c | 3315 | #endif |
wolfSSL | 15:117db924cf7c | 3316 | int notBeforeSz; |
wolfSSL | 15:117db924cf7c | 3317 | int notAfterSz; |
wolfSSL | 15:117db924cf7c | 3318 | byte notBefore[MAX_DATE_SZ]; |
wolfSSL | 15:117db924cf7c | 3319 | byte notAfter[MAX_DATE_SZ]; |
wolfSSL | 15:117db924cf7c | 3320 | buffer sig; |
wolfSSL | 15:117db924cf7c | 3321 | int sigOID; |
wolfSSL | 15:117db924cf7c | 3322 | DNS_entry* altNames; /* alt names list */ |
wolfSSL | 15:117db924cf7c | 3323 | buffer pubKey; |
wolfSSL | 15:117db924cf7c | 3324 | int pubKeyOID; |
wolfSSL | 15:117db924cf7c | 3325 | DNS_entry* altNamesNext; /* hint for retrieval */ |
wolfSSL | 15:117db924cf7c | 3326 | #if defined(HAVE_ECC) || defined(HAVE_ED25519) |
wolfSSL | 15:117db924cf7c | 3327 | word32 pkCurveOID; |
wolfSSL | 15:117db924cf7c | 3328 | #endif /* HAVE_ECC */ |
wolfSSL | 15:117db924cf7c | 3329 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 3330 | DerBuffer* derCert; /* may need */ |
wolfSSL | 15:117db924cf7c | 3331 | #endif |
wolfSSL | 15:117db924cf7c | 3332 | void* heap; /* heap hint */ |
wolfSSL | 15:117db924cf7c | 3333 | byte dynamicMemory; /* dynamic memory flag */ |
wolfSSL | 15:117db924cf7c | 3334 | byte isCa:1; |
wolfSSL | 15:117db924cf7c | 3335 | #ifdef WOLFSSL_CERT_EXT |
wolfSSL | 15:117db924cf7c | 3336 | char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; |
wolfSSL | 15:117db924cf7c | 3337 | int certPoliciesNb; |
wolfSSL | 15:117db924cf7c | 3338 | #endif /* WOLFSSL_CERT_EXT */ |
wolfSSL | 15:117db924cf7c | 3339 | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
wolfSSL | 15:117db924cf7c | 3340 | #ifdef HAVE_EX_DATA |
wolfSSL | 15:117db924cf7c | 3341 | void* ex_data[MAX_EX_DATA]; |
wolfSSL | 15:117db924cf7c | 3342 | #endif |
wolfSSL | 15:117db924cf7c | 3343 | byte* authKeyId; |
wolfSSL | 15:117db924cf7c | 3344 | byte* subjKeyId; |
wolfSSL | 15:117db924cf7c | 3345 | byte* extKeyUsageSrc; |
wolfSSL | 15:117db924cf7c | 3346 | byte* CRLInfo; |
wolfSSL | 15:117db924cf7c | 3347 | byte* authInfo; |
wolfSSL | 15:117db924cf7c | 3348 | word32 pathLength; |
wolfSSL | 15:117db924cf7c | 3349 | word16 keyUsage; |
wolfSSL | 15:117db924cf7c | 3350 | int CRLInfoSz; |
wolfSSL | 15:117db924cf7c | 3351 | int authInfoSz; |
wolfSSL | 15:117db924cf7c | 3352 | word32 authKeyIdSz; |
wolfSSL | 15:117db924cf7c | 3353 | word32 subjKeyIdSz; |
wolfSSL | 15:117db924cf7c | 3354 | word32 extKeyUsageSz; |
wolfSSL | 15:117db924cf7c | 3355 | word32 extKeyUsageCount; |
wolfSSL | 15:117db924cf7c | 3356 | |
wolfSSL | 15:117db924cf7c | 3357 | byte CRLdistSet:1; |
wolfSSL | 15:117db924cf7c | 3358 | byte CRLdistCrit:1; |
wolfSSL | 15:117db924cf7c | 3359 | byte authInfoSet:1; |
wolfSSL | 15:117db924cf7c | 3360 | byte authInfoCrit:1; |
wolfSSL | 15:117db924cf7c | 3361 | byte keyUsageSet:1; |
wolfSSL | 15:117db924cf7c | 3362 | byte keyUsageCrit:1; |
wolfSSL | 15:117db924cf7c | 3363 | byte extKeyUsageCrit:1; |
wolfSSL | 15:117db924cf7c | 3364 | byte subjKeyIdSet:1; |
wolfSSL | 15:117db924cf7c | 3365 | |
wolfSSL | 15:117db924cf7c | 3366 | byte subjKeyIdCrit:1; |
wolfSSL | 15:117db924cf7c | 3367 | byte basicConstSet:1; |
wolfSSL | 15:117db924cf7c | 3368 | byte basicConstCrit:1; |
wolfSSL | 15:117db924cf7c | 3369 | byte basicConstPlSet:1; |
wolfSSL | 15:117db924cf7c | 3370 | byte subjAltNameSet:1; |
wolfSSL | 15:117db924cf7c | 3371 | byte subjAltNameCrit:1; |
wolfSSL | 15:117db924cf7c | 3372 | byte authKeyIdSet:1; |
wolfSSL | 15:117db924cf7c | 3373 | byte authKeyIdCrit:1; |
wolfSSL | 15:117db924cf7c | 3374 | #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ |
wolfSSL | 15:117db924cf7c | 3375 | byte serial[EXTERNAL_SERIAL_SIZE]; |
wolfSSL | 15:117db924cf7c | 3376 | char subjectCN[ASN_NAME_MAX]; /* common name short cut */ |
wolfSSL | 15:117db924cf7c | 3377 | #ifdef WOLFSSL_CERT_REQ |
wolfSSL | 15:117db924cf7c | 3378 | char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ |
wolfSSL | 15:117db924cf7c | 3379 | #endif |
wolfSSL | 15:117db924cf7c | 3380 | WOLFSSL_X509_NAME issuer; |
wolfSSL | 15:117db924cf7c | 3381 | WOLFSSL_X509_NAME subject; |
wolfSSL | 15:117db924cf7c | 3382 | }; |
wolfSSL | 15:117db924cf7c | 3383 | |
wolfSSL | 15:117db924cf7c | 3384 | |
wolfSSL | 15:117db924cf7c | 3385 | /* record layer header for PlainText, Compressed, and CipherText */ |
wolfSSL | 15:117db924cf7c | 3386 | typedef struct RecordLayerHeader { |
wolfSSL | 15:117db924cf7c | 3387 | byte type; |
wolfSSL | 15:117db924cf7c | 3388 | byte pvMajor; |
wolfSSL | 15:117db924cf7c | 3389 | byte pvMinor; |
wolfSSL | 15:117db924cf7c | 3390 | byte length[2]; |
wolfSSL | 15:117db924cf7c | 3391 | } RecordLayerHeader; |
wolfSSL | 15:117db924cf7c | 3392 | |
wolfSSL | 15:117db924cf7c | 3393 | |
wolfSSL | 15:117db924cf7c | 3394 | /* record layer header for DTLS PlainText, Compressed, and CipherText */ |
wolfSSL | 15:117db924cf7c | 3395 | typedef struct DtlsRecordLayerHeader { |
wolfSSL | 15:117db924cf7c | 3396 | byte type; |
wolfSSL | 15:117db924cf7c | 3397 | byte pvMajor; |
wolfSSL | 15:117db924cf7c | 3398 | byte pvMinor; |
wolfSSL | 15:117db924cf7c | 3399 | byte sequence_number[8]; /* per record */ |
wolfSSL | 15:117db924cf7c | 3400 | byte length[2]; |
wolfSSL | 15:117db924cf7c | 3401 | } DtlsRecordLayerHeader; |
wolfSSL | 15:117db924cf7c | 3402 | |
wolfSSL | 15:117db924cf7c | 3403 | |
wolfSSL | 15:117db924cf7c | 3404 | typedef struct DtlsFrag { |
wolfSSL | 15:117db924cf7c | 3405 | word32 begin; |
wolfSSL | 15:117db924cf7c | 3406 | word32 end; |
wolfSSL | 15:117db924cf7c | 3407 | struct DtlsFrag* next; |
wolfSSL | 15:117db924cf7c | 3408 | } DtlsFrag; |
wolfSSL | 15:117db924cf7c | 3409 | |
wolfSSL | 15:117db924cf7c | 3410 | |
wolfSSL | 15:117db924cf7c | 3411 | typedef struct DtlsMsg { |
wolfSSL | 15:117db924cf7c | 3412 | struct DtlsMsg* next; |
wolfSSL | 15:117db924cf7c | 3413 | byte* buf; |
wolfSSL | 15:117db924cf7c | 3414 | byte* msg; |
wolfSSL | 15:117db924cf7c | 3415 | DtlsFrag* fragList; |
wolfSSL | 15:117db924cf7c | 3416 | word32 fragSz; /* Length of fragments received */ |
wolfSSL | 15:117db924cf7c | 3417 | word32 seq; /* Handshake sequence number */ |
wolfSSL | 15:117db924cf7c | 3418 | word32 sz; /* Length of whole mesage */ |
wolfSSL | 15:117db924cf7c | 3419 | byte type; |
wolfSSL | 15:117db924cf7c | 3420 | } DtlsMsg; |
wolfSSL | 15:117db924cf7c | 3421 | |
wolfSSL | 15:117db924cf7c | 3422 | |
wolfSSL | 15:117db924cf7c | 3423 | #ifdef HAVE_NETX |
wolfSSL | 15:117db924cf7c | 3424 | |
wolfSSL | 15:117db924cf7c | 3425 | /* NETX I/O Callback default */ |
wolfSSL | 15:117db924cf7c | 3426 | typedef struct NetX_Ctx { |
wolfSSL | 15:117db924cf7c | 3427 | NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */ |
wolfSSL | 15:117db924cf7c | 3428 | NX_PACKET* nxPacket; /* incoming packet handle for short reads */ |
wolfSSL | 15:117db924cf7c | 3429 | ULONG nxOffset; /* offset already read from nxPacket */ |
wolfSSL | 15:117db924cf7c | 3430 | ULONG nxWait; /* wait option flag */ |
wolfSSL | 15:117db924cf7c | 3431 | } NetX_Ctx; |
wolfSSL | 15:117db924cf7c | 3432 | |
wolfSSL | 15:117db924cf7c | 3433 | #endif |
wolfSSL | 15:117db924cf7c | 3434 | |
wolfSSL | 15:117db924cf7c | 3435 | |
wolfSSL | 15:117db924cf7c | 3436 | /* Handshake messages received from peer (plus change cipher */ |
wolfSSL | 15:117db924cf7c | 3437 | typedef struct MsgsReceived { |
wolfSSL | 15:117db924cf7c | 3438 | word16 got_hello_request:1; |
wolfSSL | 15:117db924cf7c | 3439 | word16 got_client_hello:2; |
wolfSSL | 15:117db924cf7c | 3440 | word16 got_server_hello:2; |
wolfSSL | 15:117db924cf7c | 3441 | word16 got_hello_verify_request:1; |
wolfSSL | 15:117db924cf7c | 3442 | word16 got_session_ticket:1; |
wolfSSL | 15:117db924cf7c | 3443 | word16 got_end_of_early_data:1; |
wolfSSL | 15:117db924cf7c | 3444 | word16 got_hello_retry_request:1; |
wolfSSL | 15:117db924cf7c | 3445 | word16 got_encrypted_extensions:1; |
wolfSSL | 15:117db924cf7c | 3446 | word16 got_certificate:1; |
wolfSSL | 15:117db924cf7c | 3447 | word16 got_certificate_status:1; |
wolfSSL | 15:117db924cf7c | 3448 | word16 got_server_key_exchange:1; |
wolfSSL | 15:117db924cf7c | 3449 | word16 got_certificate_request:1; |
wolfSSL | 15:117db924cf7c | 3450 | word16 got_server_hello_done:1; |
wolfSSL | 15:117db924cf7c | 3451 | word16 got_certificate_verify:1; |
wolfSSL | 15:117db924cf7c | 3452 | word16 got_client_key_exchange:1; |
wolfSSL | 15:117db924cf7c | 3453 | word16 got_finished:1; |
wolfSSL | 15:117db924cf7c | 3454 | word16 got_key_update:1; |
wolfSSL | 15:117db924cf7c | 3455 | word16 got_change_cipher:1; |
wolfSSL | 15:117db924cf7c | 3456 | } MsgsReceived; |
wolfSSL | 15:117db924cf7c | 3457 | |
wolfSSL | 15:117db924cf7c | 3458 | |
wolfSSL | 15:117db924cf7c | 3459 | /* Handshake hashes */ |
wolfSSL | 15:117db924cf7c | 3460 | typedef struct HS_Hashes { |
wolfSSL | 15:117db924cf7c | 3461 | Hashes verifyHashes; |
wolfSSL | 15:117db924cf7c | 3462 | Hashes certHashes; /* for cert verify */ |
wolfSSL | 15:117db924cf7c | 3463 | #ifndef NO_SHA |
wolfSSL | 15:117db924cf7c | 3464 | wc_Sha hashSha; /* sha hash of handshake msgs */ |
wolfSSL | 15:117db924cf7c | 3465 | #endif |
wolfSSL | 15:117db924cf7c | 3466 | #if !defined(NO_MD5) && !defined(NO_OLD_TLS) |
wolfSSL | 15:117db924cf7c | 3467 | wc_Md5 hashMd5; /* md5 hash of handshake msgs */ |
wolfSSL | 15:117db924cf7c | 3468 | #endif |
wolfSSL | 15:117db924cf7c | 3469 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 3470 | wc_Sha256 hashSha256; /* sha256 hash of handshake msgs */ |
wolfSSL | 15:117db924cf7c | 3471 | #endif |
wolfSSL | 15:117db924cf7c | 3472 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 3473 | wc_Sha384 hashSha384; /* sha384 hash of handshake msgs */ |
wolfSSL | 15:117db924cf7c | 3474 | #endif |
wolfSSL | 15:117db924cf7c | 3475 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 15:117db924cf7c | 3476 | wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */ |
wolfSSL | 15:117db924cf7c | 3477 | #endif |
wolfSSL | 15:117db924cf7c | 3478 | #if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) |
wolfSSL | 15:117db924cf7c | 3479 | byte* messages; /* handshake messages */ |
wolfSSL | 15:117db924cf7c | 3480 | int length; /* length of handhsake messages' data */ |
wolfSSL | 15:117db924cf7c | 3481 | int prevLen; /* length of messages but last */ |
wolfSSL | 15:117db924cf7c | 3482 | #endif |
wolfSSL | 15:117db924cf7c | 3483 | } HS_Hashes; |
wolfSSL | 15:117db924cf7c | 3484 | |
wolfSSL | 15:117db924cf7c | 3485 | |
wolfSSL | 15:117db924cf7c | 3486 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 15:117db924cf7c | 3487 | #define MAX_ASYNC_ARGS 18 |
wolfSSL | 15:117db924cf7c | 3488 | typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs); |
wolfSSL | 15:117db924cf7c | 3489 | |
wolfSSL | 15:117db924cf7c | 3490 | struct WOLFSSL_ASYNC { |
wolfSSL | 15:117db924cf7c | 3491 | WC_ASYNC_DEV* dev; |
wolfSSL | 15:117db924cf7c | 3492 | FreeArgsCb freeArgs; /* function pointer to cleanup args */ |
wolfSSL | 15:117db924cf7c | 3493 | word32 args[MAX_ASYNC_ARGS]; /* holder for current args */ |
wolfSSL | 15:117db924cf7c | 3494 | }; |
wolfSSL | 15:117db924cf7c | 3495 | #endif |
wolfSSL | 15:117db924cf7c | 3496 | |
wolfSSL | 15:117db924cf7c | 3497 | #ifdef HAVE_WRITE_DUP |
wolfSSL | 15:117db924cf7c | 3498 | |
wolfSSL | 15:117db924cf7c | 3499 | #define WRITE_DUP_SIDE 1 |
wolfSSL | 15:117db924cf7c | 3500 | #define READ_DUP_SIDE 2 |
wolfSSL | 15:117db924cf7c | 3501 | |
wolfSSL | 15:117db924cf7c | 3502 | typedef struct WriteDup { |
wolfSSL | 15:117db924cf7c | 3503 | wolfSSL_Mutex dupMutex; /* reference count mutex */ |
wolfSSL | 15:117db924cf7c | 3504 | int dupCount; /* reference count */ |
wolfSSL | 15:117db924cf7c | 3505 | int dupErr; /* under dupMutex, pass to other side */ |
wolfSSL | 15:117db924cf7c | 3506 | } WriteDup; |
wolfSSL | 15:117db924cf7c | 3507 | |
wolfSSL | 15:117db924cf7c | 3508 | WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 3509 | WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err); |
wolfSSL | 15:117db924cf7c | 3510 | #endif /* HAVE_WRITE_DUP */ |
wolfSSL | 15:117db924cf7c | 3511 | |
wolfSSL | 15:117db924cf7c | 3512 | #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) |
wolfSSL | 15:117db924cf7c | 3513 | typedef struct CertReqCtx CertReqCtx; |
wolfSSL | 15:117db924cf7c | 3514 | |
wolfSSL | 15:117db924cf7c | 3515 | struct CertReqCtx { |
wolfSSL | 15:117db924cf7c | 3516 | CertReqCtx* next; |
wolfSSL | 15:117db924cf7c | 3517 | byte len; |
wolfSSL | 15:117db924cf7c | 3518 | byte ctx; |
wolfSSL | 15:117db924cf7c | 3519 | }; |
wolfSSL | 15:117db924cf7c | 3520 | #endif |
wolfSSL | 15:117db924cf7c | 3521 | |
wolfSSL | 15:117db924cf7c | 3522 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 3523 | typedef enum EarlyDataState { |
wolfSSL | 15:117db924cf7c | 3524 | no_early_data, |
wolfSSL | 15:117db924cf7c | 3525 | expecting_early_data, |
wolfSSL | 15:117db924cf7c | 3526 | process_early_data, |
wolfSSL | 15:117db924cf7c | 3527 | done_early_data |
wolfSSL | 15:117db924cf7c | 3528 | } EarlyDataState; |
wolfSSL | 15:117db924cf7c | 3529 | #endif |
wolfSSL | 15:117db924cf7c | 3530 | |
wolfSSL | 15:117db924cf7c | 3531 | /* wolfSSL ssl type */ |
wolfSSL | 15:117db924cf7c | 3532 | struct WOLFSSL { |
wolfSSL | 15:117db924cf7c | 3533 | WOLFSSL_CTX* ctx; |
wolfSSL | 15:117db924cf7c | 3534 | Suites* suites; /* only need during handshake */ |
wolfSSL | 15:117db924cf7c | 3535 | Arrays* arrays; |
wolfSSL | 15:117db924cf7c | 3536 | HS_Hashes* hsHashes; |
wolfSSL | 15:117db924cf7c | 3537 | void* IOCB_ReadCtx; |
wolfSSL | 15:117db924cf7c | 3538 | void* IOCB_WriteCtx; |
wolfSSL | 15:117db924cf7c | 3539 | WC_RNG* rng; |
wolfSSL | 15:117db924cf7c | 3540 | void* verifyCbCtx; /* cert verify callback user ctx*/ |
wolfSSL | 15:117db924cf7c | 3541 | VerifyCallback verifyCallback; /* cert verification callback */ |
wolfSSL | 15:117db924cf7c | 3542 | void* heap; /* for user overrides */ |
wolfSSL | 15:117db924cf7c | 3543 | #ifdef HAVE_WRITE_DUP |
wolfSSL | 15:117db924cf7c | 3544 | WriteDup* dupWrite; /* valid pointer indicates ON */ |
wolfSSL | 15:117db924cf7c | 3545 | /* side that decrements dupCount to zero frees overall structure */ |
wolfSSL | 15:117db924cf7c | 3546 | byte dupSide; /* write side or read side */ |
wolfSSL | 15:117db924cf7c | 3547 | #endif |
wolfSSL | 15:117db924cf7c | 3548 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 3549 | byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */ |
wolfSSL | 15:117db924cf7c | 3550 | #endif |
wolfSSL | 15:117db924cf7c | 3551 | CallbackIORecv CBIORecv; |
wolfSSL | 15:117db924cf7c | 3552 | CallbackIOSend CBIOSend; |
wolfSSL | 15:117db924cf7c | 3553 | #ifdef WOLFSSL_STATIC_MEMORY |
wolfSSL | 15:117db924cf7c | 3554 | WOLFSSL_HEAP_HINT heap_hint; |
wolfSSL | 15:117db924cf7c | 3555 | #endif |
wolfSSL | 15:117db924cf7c | 3556 | #ifndef NO_HANDSHAKE_DONE_CB |
wolfSSL | 15:117db924cf7c | 3557 | HandShakeDoneCb hsDoneCb; /* notify user handshake done */ |
wolfSSL | 15:117db924cf7c | 3558 | void* hsDoneCtx; /* user handshake cb context */ |
wolfSSL | 15:117db924cf7c | 3559 | #endif |
wolfSSL | 15:117db924cf7c | 3560 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 15:117db924cf7c | 3561 | struct WOLFSSL_ASYNC async; |
wolfSSL | 15:117db924cf7c | 3562 | #elif defined(WOLFSSL_NONBLOCK_OCSP) |
wolfSSL | 15:117db924cf7c | 3563 | void* nonblockarg; /* dynamic arg for handling non-block resume */ |
wolfSSL | 15:117db924cf7c | 3564 | #endif |
wolfSSL | 15:117db924cf7c | 3565 | void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */ |
wolfSSL | 15:117db924cf7c | 3566 | word32 hsType; /* Type of Handshake key (hsKey) */ |
wolfSSL | 15:117db924cf7c | 3567 | WOLFSSL_CIPHER cipher; |
wolfSSL | 15:117db924cf7c | 3568 | hmacfp hmac; |
wolfSSL | 15:117db924cf7c | 3569 | Ciphers encrypt; |
wolfSSL | 15:117db924cf7c | 3570 | Ciphers decrypt; |
wolfSSL | 15:117db924cf7c | 3571 | Buffers buffers; |
wolfSSL | 15:117db924cf7c | 3572 | WOLFSSL_SESSION session; |
wolfSSL | 15:117db924cf7c | 3573 | #ifdef HAVE_EXT_CACHE |
wolfSSL | 15:117db924cf7c | 3574 | WOLFSSL_SESSION* extSession; |
wolfSSL | 15:117db924cf7c | 3575 | #endif |
wolfSSL | 15:117db924cf7c | 3576 | WOLFSSL_ALERT_HISTORY alert_history; |
wolfSSL | 15:117db924cf7c | 3577 | int error; |
wolfSSL | 15:117db924cf7c | 3578 | int rfd; /* read file descriptor */ |
wolfSSL | 15:117db924cf7c | 3579 | int wfd; /* write file descriptor */ |
wolfSSL | 15:117db924cf7c | 3580 | int rflags; /* user read flags */ |
wolfSSL | 15:117db924cf7c | 3581 | int wflags; /* user write flags */ |
wolfSSL | 15:117db924cf7c | 3582 | word32 timeout; /* session timeout */ |
wolfSSL | 15:117db924cf7c | 3583 | word32 fragOffset; /* fragment offset */ |
wolfSSL | 15:117db924cf7c | 3584 | word16 curSize; |
wolfSSL | 15:117db924cf7c | 3585 | byte verifyDepth; |
wolfSSL | 15:117db924cf7c | 3586 | RecordLayerHeader curRL; |
wolfSSL | 15:117db924cf7c | 3587 | MsgsReceived msgsReceived; /* peer messages received */ |
wolfSSL | 15:117db924cf7c | 3588 | ProtocolVersion version; /* negotiated version */ |
wolfSSL | 15:117db924cf7c | 3589 | ProtocolVersion chVersion; /* client hello version */ |
wolfSSL | 15:117db924cf7c | 3590 | CipherSpecs specs; |
wolfSSL | 15:117db924cf7c | 3591 | Keys keys; |
wolfSSL | 15:117db924cf7c | 3592 | Options options; |
wolfSSL | 15:117db924cf7c | 3593 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 3594 | CallbackInfoState* CBIS; /* used to get info about SSL state */ |
wolfSSL | 15:117db924cf7c | 3595 | int cbmode; /* read or write on info callback */ |
wolfSSL | 15:117db924cf7c | 3596 | int cbtype; /* event type in info callback */ |
wolfSSL | 15:117db924cf7c | 3597 | WOLFSSL_BIO* biord; /* socket bio read to free/close */ |
wolfSSL | 15:117db924cf7c | 3598 | WOLFSSL_BIO* biowr; /* socket bio write to free/close */ |
wolfSSL | 15:117db924cf7c | 3599 | byte sessionCtx[ID_LEN]; /* app session context ID */ |
wolfSSL | 15:117db924cf7c | 3600 | unsigned long peerVerifyRet; |
wolfSSL | 15:117db924cf7c | 3601 | byte readAhead; |
wolfSSL | 15:117db924cf7c | 3602 | byte sessionCtxSz; /* size of sessionCtx stored */ |
wolfSSL | 15:117db924cf7c | 3603 | #ifdef HAVE_PK_CALLBACKS |
wolfSSL | 15:117db924cf7c | 3604 | void* loggingCtx; /* logging callback argument */ |
wolfSSL | 15:117db924cf7c | 3605 | #endif |
wolfSSL | 15:117db924cf7c | 3606 | #endif /* OPENSSL_EXTRA */ |
wolfSSL | 15:117db924cf7c | 3607 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 3608 | RsaKey* peerRsaKey; |
wolfSSL | 15:117db924cf7c | 3609 | byte peerRsaKeyPresent; |
wolfSSL | 15:117db924cf7c | 3610 | #endif |
wolfSSL | 15:117db924cf7c | 3611 | #ifdef HAVE_QSH |
wolfSSL | 15:117db924cf7c | 3612 | QSHKey* QSH_Key; |
wolfSSL | 15:117db924cf7c | 3613 | QSHKey* peerQSHKey; |
wolfSSL | 15:117db924cf7c | 3614 | QSHSecret* QSH_secret; |
wolfSSL | 15:117db924cf7c | 3615 | byte isQSH; /* is the handshake a QSH? */ |
wolfSSL | 15:117db924cf7c | 3616 | byte sendQSHKeys; /* flag for if the client should sen |
wolfSSL | 15:117db924cf7c | 3617 | public keys */ |
wolfSSL | 15:117db924cf7c | 3618 | byte peerQSHKeyPresent; |
wolfSSL | 15:117db924cf7c | 3619 | byte minRequest; |
wolfSSL | 15:117db924cf7c | 3620 | byte maxRequest; |
wolfSSL | 15:117db924cf7c | 3621 | byte user_set_QSHSchemes; |
wolfSSL | 15:117db924cf7c | 3622 | #endif |
wolfSSL | 15:117db924cf7c | 3623 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 3624 | word16 namedGroup; |
wolfSSL | 15:117db924cf7c | 3625 | word16 group[WOLFSSL_MAX_GROUP_COUNT]; |
wolfSSL | 15:117db924cf7c | 3626 | byte numGroups; |
wolfSSL | 15:117db924cf7c | 3627 | #endif |
wolfSSL | 15:117db924cf7c | 3628 | byte pssAlgo; |
wolfSSL | 15:117db924cf7c | 3629 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 3630 | #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) |
wolfSSL | 15:117db924cf7c | 3631 | word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */ |
wolfSSL | 15:117db924cf7c | 3632 | byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to |
wolfSSL | 15:117db924cf7c | 3633 | * offer */ |
wolfSSL | 15:117db924cf7c | 3634 | #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */ |
wolfSSL | 15:117db924cf7c | 3635 | #endif |
wolfSSL | 15:117db924cf7c | 3636 | #ifdef HAVE_NTRU |
wolfSSL | 15:117db924cf7c | 3637 | word16 peerNtruKeyLen; |
wolfSSL | 15:117db924cf7c | 3638 | byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; |
wolfSSL | 15:117db924cf7c | 3639 | byte peerNtruKeyPresent; |
wolfSSL | 15:117db924cf7c | 3640 | #endif |
wolfSSL | 15:117db924cf7c | 3641 | #if defined(HAVE_ECC) || defined(HAVE_ED25519) |
wolfSSL | 15:117db924cf7c | 3642 | int eccVerifyRes; |
wolfSSL | 15:117db924cf7c | 3643 | #endif |
wolfSSL | 15:117db924cf7c | 3644 | #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) |
wolfSSL | 15:117db924cf7c | 3645 | word32 ecdhCurveOID; /* curve Ecc_Sum */ |
wolfSSL | 15:117db924cf7c | 3646 | ecc_key* eccTempKey; /* private ECDHE key */ |
wolfSSL | 15:117db924cf7c | 3647 | byte eccTempKeyPresent; /* also holds type */ |
wolfSSL | 15:117db924cf7c | 3648 | byte peerEccKeyPresent; |
wolfSSL | 15:117db924cf7c | 3649 | #endif |
wolfSSL | 15:117db924cf7c | 3650 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 3651 | ecc_key* peerEccKey; /* peer's ECDHE key */ |
wolfSSL | 15:117db924cf7c | 3652 | ecc_key* peerEccDsaKey; /* peer's ECDSA key */ |
wolfSSL | 15:117db924cf7c | 3653 | word16 eccTempKeySz; /* in octets 20 - 66 */ |
wolfSSL | 15:117db924cf7c | 3654 | byte peerEccDsaKeyPresent; |
wolfSSL | 15:117db924cf7c | 3655 | #endif |
wolfSSL | 15:117db924cf7c | 3656 | #if defined(HAVE_ECC) || defined(HAVE_ED25519) |
wolfSSL | 15:117db924cf7c | 3657 | word32 pkCurveOID; /* curve Ecc_Sum */ |
wolfSSL | 15:117db924cf7c | 3658 | #endif |
wolfSSL | 15:117db924cf7c | 3659 | #ifdef HAVE_ED25519 |
wolfSSL | 15:117db924cf7c | 3660 | ed25519_key* peerEd25519Key; |
wolfSSL | 15:117db924cf7c | 3661 | byte peerEd25519KeyPresent; |
wolfSSL | 15:117db924cf7c | 3662 | #endif |
wolfSSL | 15:117db924cf7c | 3663 | #ifdef HAVE_CURVE25519 |
wolfSSL | 15:117db924cf7c | 3664 | curve25519_key* peerX25519Key; |
wolfSSL | 15:117db924cf7c | 3665 | byte peerX25519KeyPresent; |
wolfSSL | 15:117db924cf7c | 3666 | #endif |
wolfSSL | 15:117db924cf7c | 3667 | #ifdef HAVE_LIBZ |
wolfSSL | 15:117db924cf7c | 3668 | z_stream c_stream; /* compression stream */ |
wolfSSL | 15:117db924cf7c | 3669 | z_stream d_stream; /* decompression stream */ |
wolfSSL | 15:117db924cf7c | 3670 | byte didStreamInit; /* for stream init and end */ |
wolfSSL | 15:117db924cf7c | 3671 | #endif |
wolfSSL | 15:117db924cf7c | 3672 | #ifdef WOLFSSL_DTLS |
wolfSSL | 15:117db924cf7c | 3673 | int dtls_timeout_init; /* starting timeout value */ |
wolfSSL | 15:117db924cf7c | 3674 | int dtls_timeout_max; /* maximum timeout value */ |
wolfSSL | 15:117db924cf7c | 3675 | int dtls_timeout; /* current timeout value, changes */ |
wolfSSL | 15:117db924cf7c | 3676 | word32 dtls_tx_msg_list_sz; |
wolfSSL | 15:117db924cf7c | 3677 | word32 dtls_rx_msg_list_sz; |
wolfSSL | 15:117db924cf7c | 3678 | DtlsMsg* dtls_tx_msg_list; |
wolfSSL | 15:117db924cf7c | 3679 | DtlsMsg* dtls_rx_msg_list; |
wolfSSL | 15:117db924cf7c | 3680 | void* IOCB_CookieCtx; /* gen cookie ctx */ |
wolfSSL | 15:117db924cf7c | 3681 | word32 dtls_expected_rx; |
wolfSSL | 15:117db924cf7c | 3682 | #ifdef WOLFSSL_SESSION_EXPORT |
wolfSSL | 15:117db924cf7c | 3683 | wc_dtls_export dtls_export; /* export function for session */ |
wolfSSL | 15:117db924cf7c | 3684 | #endif |
wolfSSL | 15:117db924cf7c | 3685 | #ifdef WOLFSSL_SCTP |
wolfSSL | 15:117db924cf7c | 3686 | word16 dtlsMtuSz; |
wolfSSL | 15:117db924cf7c | 3687 | #endif /* WOLFSSL_SCTP */ |
wolfSSL | 15:117db924cf7c | 3688 | #ifdef WOLFSSL_MULTICAST |
wolfSSL | 15:117db924cf7c | 3689 | void* mcastHwCbCtx; /* Multicast highwater callback ctx */ |
wolfSSL | 15:117db924cf7c | 3690 | #endif /* WOLFSSL_MULTICAST */ |
wolfSSL | 15:117db924cf7c | 3691 | #ifdef WOLFSSL_DTLS_DROP_STATS |
wolfSSL | 15:117db924cf7c | 3692 | word32 macDropCount; |
wolfSSL | 15:117db924cf7c | 3693 | word32 replayDropCount; |
wolfSSL | 15:117db924cf7c | 3694 | #endif /* WOLFSSL_DTLS_DROP_STATS */ |
wolfSSL | 15:117db924cf7c | 3695 | #endif /* WOLFSSL_DTLS */ |
wolfSSL | 15:117db924cf7c | 3696 | #ifdef WOLFSSL_CALLBACKS |
wolfSSL | 15:117db924cf7c | 3697 | TimeoutInfo timeoutInfo; /* info saved during handshake */ |
wolfSSL | 15:117db924cf7c | 3698 | HandShakeInfo handShakeInfo; /* info saved during handshake */ |
wolfSSL | 15:117db924cf7c | 3699 | #endif |
wolfSSL | 15:117db924cf7c | 3700 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 3701 | SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */ |
wolfSSL | 15:117db924cf7c | 3702 | void* protoMsgCtx; /* user set context with msg callback */ |
wolfSSL | 15:117db924cf7c | 3703 | #endif |
wolfSSL | 15:117db924cf7c | 3704 | #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) |
wolfSSL | 15:117db924cf7c | 3705 | byte hsInfoOn; /* track handshake info */ |
wolfSSL | 15:117db924cf7c | 3706 | byte toInfoOn; /* track timeout info */ |
wolfSSL | 15:117db924cf7c | 3707 | #endif |
wolfSSL | 15:117db924cf7c | 3708 | #ifdef HAVE_FUZZER |
wolfSSL | 15:117db924cf7c | 3709 | CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */ |
wolfSSL | 15:117db924cf7c | 3710 | void* fuzzerCtx; /* user defined pointer */ |
wolfSSL | 15:117db924cf7c | 3711 | #endif |
wolfSSL | 15:117db924cf7c | 3712 | #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) |
wolfSSL | 15:117db924cf7c | 3713 | CertReqCtx* certReqCtx; |
wolfSSL | 15:117db924cf7c | 3714 | #endif |
wolfSSL | 15:117db924cf7c | 3715 | #ifdef KEEP_PEER_CERT |
wolfSSL | 15:117db924cf7c | 3716 | WOLFSSL_X509 peerCert; /* X509 peer cert */ |
wolfSSL | 15:117db924cf7c | 3717 | #endif |
wolfSSL | 15:117db924cf7c | 3718 | #ifdef KEEP_OUR_CERT |
wolfSSL | 15:117db924cf7c | 3719 | WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert. |
wolfSSL | 15:117db924cf7c | 3720 | points to ctx if not owned (owned |
wolfSSL | 15:117db924cf7c | 3721 | flag found in buffers.weOwnCert) */ |
wolfSSL | 15:117db924cf7c | 3722 | #endif |
wolfSSL | 15:117db924cf7c | 3723 | byte keepCert; /* keep certificate after handshake */ |
wolfSSL | 15:117db924cf7c | 3724 | #if defined(HAVE_EX_DATA) || defined(FORTRESS) |
wolfSSL | 15:117db924cf7c | 3725 | void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ |
wolfSSL | 15:117db924cf7c | 3726 | #endif |
wolfSSL | 15:117db924cf7c | 3727 | int devId; /* async device id to use */ |
wolfSSL | 15:117db924cf7c | 3728 | #ifdef HAVE_ONE_TIME_AUTH |
wolfSSL | 15:117db924cf7c | 3729 | OneTimeAuth auth; |
wolfSSL | 15:117db924cf7c | 3730 | #endif |
wolfSSL | 15:117db924cf7c | 3731 | #ifdef HAVE_TLS_EXTENSIONS |
wolfSSL | 15:117db924cf7c | 3732 | TLSX* extensions; /* RFC 6066 TLS Extensions data */ |
wolfSSL | 15:117db924cf7c | 3733 | #ifdef HAVE_MAX_FRAGMENT |
wolfSSL | 15:117db924cf7c | 3734 | word16 max_fragment; |
wolfSSL | 15:117db924cf7c | 3735 | #endif |
wolfSSL | 15:117db924cf7c | 3736 | #ifdef HAVE_TRUNCATED_HMAC |
wolfSSL | 15:117db924cf7c | 3737 | byte truncated_hmac; |
wolfSSL | 15:117db924cf7c | 3738 | #endif |
wolfSSL | 15:117db924cf7c | 3739 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
wolfSSL | 15:117db924cf7c | 3740 | byte status_request; |
wolfSSL | 15:117db924cf7c | 3741 | #endif |
wolfSSL | 15:117db924cf7c | 3742 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 |
wolfSSL | 15:117db924cf7c | 3743 | byte status_request_v2; |
wolfSSL | 15:117db924cf7c | 3744 | #endif |
wolfSSL | 15:117db924cf7c | 3745 | #if defined(HAVE_SECURE_RENEGOTIATION) \ |
wolfSSL | 15:117db924cf7c | 3746 | || defined(HAVE_SERVER_RENEGOTIATION_INFO) |
wolfSSL | 15:117db924cf7c | 3747 | SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */ |
wolfSSL | 15:117db924cf7c | 3748 | #endif /* user turned on */ |
wolfSSL | 15:117db924cf7c | 3749 | #ifdef HAVE_ALPN |
wolfSSL | 15:117db924cf7c | 3750 | char* alpn_client_list; /* keep the client's list */ |
wolfSSL | 15:117db924cf7c | 3751 | #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 15:117db924cf7c | 3752 | CallbackALPNSelect alpnSelect; |
wolfSSL | 15:117db924cf7c | 3753 | void* alpnSelectArg; |
wolfSSL | 15:117db924cf7c | 3754 | #endif |
wolfSSL | 15:117db924cf7c | 3755 | #endif /* of accepted protocols */ |
wolfSSL | 15:117db924cf7c | 3756 | #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) |
wolfSSL | 15:117db924cf7c | 3757 | CallbackSessionTicket session_ticket_cb; |
wolfSSL | 15:117db924cf7c | 3758 | void* session_ticket_ctx; |
wolfSSL | 15:117db924cf7c | 3759 | byte expect_session_ticket; |
wolfSSL | 15:117db924cf7c | 3760 | #endif |
wolfSSL | 15:117db924cf7c | 3761 | #endif /* HAVE_TLS_EXTENSIONS */ |
wolfSSL | 15:117db924cf7c | 3762 | #ifdef HAVE_OCSP |
wolfSSL | 15:117db924cf7c | 3763 | void* ocspIOCtx; |
wolfSSL | 15:117db924cf7c | 3764 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 3765 | byte* ocspResp; |
wolfSSL | 15:117db924cf7c | 3766 | int ocspRespSz; |
wolfSSL | 15:117db924cf7c | 3767 | #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 15:117db924cf7c | 3768 | char* url; |
wolfSSL | 15:117db924cf7c | 3769 | #endif |
wolfSSL | 15:117db924cf7c | 3770 | #endif |
wolfSSL | 15:117db924cf7c | 3771 | #endif |
wolfSSL | 15:117db924cf7c | 3772 | #ifdef HAVE_NETX |
wolfSSL | 15:117db924cf7c | 3773 | NetX_Ctx nxCtx; /* NetX IO Context */ |
wolfSSL | 15:117db924cf7c | 3774 | #endif |
wolfSSL | 15:117db924cf7c | 3775 | #ifdef SESSION_INDEX |
wolfSSL | 15:117db924cf7c | 3776 | int sessionIndex; /* Session's location in the cache. */ |
wolfSSL | 15:117db924cf7c | 3777 | #endif |
wolfSSL | 15:117db924cf7c | 3778 | #ifdef ATOMIC_USER |
wolfSSL | 15:117db924cf7c | 3779 | void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */ |
wolfSSL | 15:117db924cf7c | 3780 | void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */ |
wolfSSL | 15:117db924cf7c | 3781 | #endif |
wolfSSL | 15:117db924cf7c | 3782 | #ifdef HAVE_PK_CALLBACKS |
wolfSSL | 15:117db924cf7c | 3783 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 3784 | void* EccKeyGenCtx; /* EccKeyGen Callback Context */ |
wolfSSL | 15:117db924cf7c | 3785 | void* EccSignCtx; /* Ecc Sign Callback Context */ |
wolfSSL | 15:117db924cf7c | 3786 | void* EccVerifyCtx; /* Ecc Verify Callback Context */ |
wolfSSL | 15:117db924cf7c | 3787 | void* EccSharedSecretCtx; /* Ecc Pms Callback Context */ |
wolfSSL | 15:117db924cf7c | 3788 | #ifdef HAVE_ED25519 |
wolfSSL | 15:117db924cf7c | 3789 | void* Ed25519SignCtx; /* ED25519 Sign Callback Context */ |
wolfSSL | 15:117db924cf7c | 3790 | void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */ |
wolfSSL | 15:117db924cf7c | 3791 | #endif |
wolfSSL | 15:117db924cf7c | 3792 | #ifdef HAVE_CURVE25519 |
wolfSSL | 15:117db924cf7c | 3793 | void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */ |
wolfSSL | 15:117db924cf7c | 3794 | void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */ |
wolfSSL | 15:117db924cf7c | 3795 | #endif |
wolfSSL | 15:117db924cf7c | 3796 | #endif /* HAVE_ECC */ |
wolfSSL | 15:117db924cf7c | 3797 | #ifndef NO_DH |
wolfSSL | 15:117db924cf7c | 3798 | void* DhAgreeCtx; /* DH Pms Callback Context */ |
wolfSSL | 15:117db924cf7c | 3799 | #endif /* !NO_DH */ |
wolfSSL | 15:117db924cf7c | 3800 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 3801 | void* RsaSignCtx; /* Rsa Sign Callback Context */ |
wolfSSL | 15:117db924cf7c | 3802 | void* RsaVerifyCtx; /* Rsa Verify Callback Context */ |
wolfSSL | 15:117db924cf7c | 3803 | #ifdef WC_RSA_PSS |
wolfSSL | 15:117db924cf7c | 3804 | void* RsaPssSignCtx; /* Rsa PSS Sign Callback Context */ |
wolfSSL | 15:117db924cf7c | 3805 | void* RsaPssVerifyCtx; /* Rsa PSS Verify Callback Context */ |
wolfSSL | 15:117db924cf7c | 3806 | #endif |
wolfSSL | 15:117db924cf7c | 3807 | void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */ |
wolfSSL | 15:117db924cf7c | 3808 | void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */ |
wolfSSL | 15:117db924cf7c | 3809 | #endif /* NO_RSA */ |
wolfSSL | 15:117db924cf7c | 3810 | #endif /* HAVE_PK_CALLBACKS */ |
wolfSSL | 15:117db924cf7c | 3811 | #ifdef HAVE_SECRET_CALLBACK |
wolfSSL | 15:117db924cf7c | 3812 | SessionSecretCb sessionSecretCb; |
wolfSSL | 15:117db924cf7c | 3813 | void* sessionSecretCtx; |
wolfSSL | 15:117db924cf7c | 3814 | #endif /* HAVE_SECRET_CALLBACK */ |
wolfSSL | 15:117db924cf7c | 3815 | #ifdef WOLFSSL_JNI |
wolfSSL | 15:117db924cf7c | 3816 | void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */ |
wolfSSL | 15:117db924cf7c | 3817 | #endif /* WOLFSSL_JNI */ |
wolfSSL | 15:117db924cf7c | 3818 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 3819 | EarlyDataState earlyData; |
wolfSSL | 15:117db924cf7c | 3820 | word32 earlyDataSz; |
wolfSSL | 15:117db924cf7c | 3821 | #endif |
wolfSSL | 15:117db924cf7c | 3822 | }; |
wolfSSL | 15:117db924cf7c | 3823 | |
wolfSSL | 15:117db924cf7c | 3824 | |
wolfSSL | 15:117db924cf7c | 3825 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 3826 | int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int); |
wolfSSL | 15:117db924cf7c | 3827 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 3828 | int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int); |
wolfSSL | 15:117db924cf7c | 3829 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 3830 | void FreeSSL(WOLFSSL*, void* heap); |
wolfSSL | 15:117db924cf7c | 3831 | WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ |
wolfSSL | 15:117db924cf7c | 3832 | |
wolfSSL | 15:117db924cf7c | 3833 | |
wolfSSL | 15:117db924cf7c | 3834 | |
wolfSSL | 15:117db924cf7c | 3835 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 3836 | |
wolfSSL | 15:117db924cf7c | 3837 | WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, |
wolfSSL | 15:117db924cf7c | 3838 | long sz, int format, int type, WOLFSSL* ssl, |
wolfSSL | 15:117db924cf7c | 3839 | long* used, int userChain); |
wolfSSL | 15:117db924cf7c | 3840 | WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, |
wolfSSL | 15:117db924cf7c | 3841 | int type, WOLFSSL* ssl, int userChain, |
wolfSSL | 15:117db924cf7c | 3842 | WOLFSSL_CRL* crl); |
wolfSSL | 15:117db924cf7c | 3843 | |
wolfSSL | 15:117db924cf7c | 3844 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 3845 | WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName, |
wolfSSL | 15:117db924cf7c | 3846 | size_t domainNameLen); |
wolfSSL | 15:117db924cf7c | 3847 | #endif |
wolfSSL | 15:117db924cf7c | 3848 | #endif |
wolfSSL | 15:117db924cf7c | 3849 | |
wolfSSL | 15:117db924cf7c | 3850 | |
wolfSSL | 15:117db924cf7c | 3851 | #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) |
wolfSSL | 15:117db924cf7c | 3852 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 3853 | void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3854 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 3855 | void FinishHandShakeInfo(HandShakeInfo*); |
wolfSSL | 15:117db924cf7c | 3856 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 3857 | void AddPacketName(WOLFSSL* ssl, const char* name); |
wolfSSL | 15:117db924cf7c | 3858 | |
wolfSSL | 15:117db924cf7c | 3859 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 3860 | void InitTimeoutInfo(TimeoutInfo*); |
wolfSSL | 15:117db924cf7c | 3861 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 3862 | void FreeTimeoutInfo(TimeoutInfo*, void*); |
wolfSSL | 15:117db924cf7c | 3863 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 3864 | void AddPacketInfo(WOLFSSL* ssl, const char* name, int type, |
wolfSSL | 15:117db924cf7c | 3865 | const byte* data, int sz, int write, void* heap); |
wolfSSL | 15:117db924cf7c | 3866 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 3867 | void AddLateName(const char*, TimeoutInfo*); |
wolfSSL | 15:117db924cf7c | 3868 | WOLFSSL_LOCAL |
wolfSSL | 15:117db924cf7c | 3869 | void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info); |
wolfSSL | 15:117db924cf7c | 3870 | #endif |
wolfSSL | 15:117db924cf7c | 3871 | |
wolfSSL | 15:117db924cf7c | 3872 | |
wolfSSL | 15:117db924cf7c | 3873 | /* Record Layer Header identifier from page 12 */ |
wolfSSL | 15:117db924cf7c | 3874 | enum ContentType { |
wolfSSL | 15:117db924cf7c | 3875 | no_type = 0, |
wolfSSL | 15:117db924cf7c | 3876 | change_cipher_spec = 20, |
wolfSSL | 15:117db924cf7c | 3877 | alert = 21, |
wolfSSL | 15:117db924cf7c | 3878 | handshake = 22, |
wolfSSL | 15:117db924cf7c | 3879 | application_data = 23 |
wolfSSL | 15:117db924cf7c | 3880 | }; |
wolfSSL | 15:117db924cf7c | 3881 | |
wolfSSL | 15:117db924cf7c | 3882 | |
wolfSSL | 15:117db924cf7c | 3883 | /* handshake header, same for each message type, pgs 20/21 */ |
wolfSSL | 15:117db924cf7c | 3884 | typedef struct HandShakeHeader { |
wolfSSL | 15:117db924cf7c | 3885 | byte type; |
wolfSSL | 15:117db924cf7c | 3886 | word24 length; |
wolfSSL | 15:117db924cf7c | 3887 | } HandShakeHeader; |
wolfSSL | 15:117db924cf7c | 3888 | |
wolfSSL | 15:117db924cf7c | 3889 | |
wolfSSL | 15:117db924cf7c | 3890 | /* DTLS handshake header, same for each message type */ |
wolfSSL | 15:117db924cf7c | 3891 | typedef struct DtlsHandShakeHeader { |
wolfSSL | 15:117db924cf7c | 3892 | byte type; |
wolfSSL | 15:117db924cf7c | 3893 | word24 length; |
wolfSSL | 15:117db924cf7c | 3894 | byte message_seq[2]; /* start at 0, retransmit gets same # */ |
wolfSSL | 15:117db924cf7c | 3895 | word24 fragment_offset; /* bytes in previous fragments */ |
wolfSSL | 15:117db924cf7c | 3896 | word24 fragment_length; /* length of this fragment */ |
wolfSSL | 15:117db924cf7c | 3897 | } DtlsHandShakeHeader; |
wolfSSL | 15:117db924cf7c | 3898 | |
wolfSSL | 15:117db924cf7c | 3899 | |
wolfSSL | 15:117db924cf7c | 3900 | enum HandShakeType { |
wolfSSL | 15:117db924cf7c | 3901 | hello_request = 0, |
wolfSSL | 15:117db924cf7c | 3902 | client_hello = 1, |
wolfSSL | 15:117db924cf7c | 3903 | server_hello = 2, |
wolfSSL | 15:117db924cf7c | 3904 | hello_verify_request = 3, /* DTLS addition */ |
wolfSSL | 15:117db924cf7c | 3905 | session_ticket = 4, |
wolfSSL | 15:117db924cf7c | 3906 | end_of_early_data = 5, |
wolfSSL | 15:117db924cf7c | 3907 | hello_retry_request = 6, |
wolfSSL | 15:117db924cf7c | 3908 | encrypted_extensions = 8, |
wolfSSL | 15:117db924cf7c | 3909 | certificate = 11, |
wolfSSL | 15:117db924cf7c | 3910 | server_key_exchange = 12, |
wolfSSL | 15:117db924cf7c | 3911 | certificate_request = 13, |
wolfSSL | 15:117db924cf7c | 3912 | server_hello_done = 14, |
wolfSSL | 15:117db924cf7c | 3913 | certificate_verify = 15, |
wolfSSL | 15:117db924cf7c | 3914 | client_key_exchange = 16, |
wolfSSL | 15:117db924cf7c | 3915 | finished = 20, |
wolfSSL | 15:117db924cf7c | 3916 | certificate_status = 22, |
wolfSSL | 15:117db924cf7c | 3917 | key_update = 24, |
wolfSSL | 15:117db924cf7c | 3918 | change_cipher_hs = 55, /* simulate unique handshake type for sanity |
wolfSSL | 15:117db924cf7c | 3919 | checks. record layer change_cipher |
wolfSSL | 15:117db924cf7c | 3920 | conflicts with handshake finished */ |
wolfSSL | 15:117db924cf7c | 3921 | message_hash = 254, /* synthetic message type for TLS v1.3 */ |
wolfSSL | 15:117db924cf7c | 3922 | no_shake = 255 /* used to initialize the DtlsMsg record */ |
wolfSSL | 15:117db924cf7c | 3923 | }; |
wolfSSL | 15:117db924cf7c | 3924 | |
wolfSSL | 15:117db924cf7c | 3925 | enum ProvisionSide { |
wolfSSL | 15:117db924cf7c | 3926 | PROVISION_CLIENT = 1, |
wolfSSL | 15:117db924cf7c | 3927 | PROVISION_SERVER = 2, |
wolfSSL | 15:117db924cf7c | 3928 | PROVISION_CLIENT_SERVER = 3 |
wolfSSL | 15:117db924cf7c | 3929 | }; |
wolfSSL | 15:117db924cf7c | 3930 | |
wolfSSL | 15:117db924cf7c | 3931 | |
wolfSSL | 15:117db924cf7c | 3932 | static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 }; |
wolfSSL | 15:117db924cf7c | 3933 | static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 }; |
wolfSSL | 15:117db924cf7c | 3934 | |
wolfSSL | 15:117db924cf7c | 3935 | static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; |
wolfSSL | 15:117db924cf7c | 3936 | static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; |
wolfSSL | 15:117db924cf7c | 3937 | |
wolfSSL | 15:117db924cf7c | 3938 | |
wolfSSL | 15:117db924cf7c | 3939 | /* internal functions */ |
wolfSSL | 15:117db924cf7c | 3940 | WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3941 | WOLFSSL_LOCAL int SendTicket(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3942 | WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); |
wolfSSL | 15:117db924cf7c | 3943 | WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); |
wolfSSL | 15:117db924cf7c | 3944 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 3945 | #ifdef WOLFSSL_TLS13_DRAFT_18 |
wolfSSL | 15:117db924cf7c | 3946 | WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3947 | #else |
wolfSSL | 15:117db924cf7c | 3948 | WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte); |
wolfSSL | 15:117db924cf7c | 3949 | #endif |
wolfSSL | 15:117db924cf7c | 3950 | #endif |
wolfSSL | 15:117db924cf7c | 3951 | WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3952 | WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3953 | #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ |
wolfSSL | 15:117db924cf7c | 3954 | || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) |
wolfSSL | 15:117db924cf7c | 3955 | WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL*, OcspRequest**, buffer*); |
wolfSSL | 15:117db924cf7c | 3956 | #endif |
wolfSSL | 15:117db924cf7c | 3957 | WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3958 | WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3959 | WOLFSSL_LOCAL int SendBuffered(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3960 | WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int); |
wolfSSL | 15:117db924cf7c | 3961 | WOLFSSL_LOCAL int SendFinished(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3962 | WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int); |
wolfSSL | 15:117db924cf7c | 3963 | WOLFSSL_LOCAL int ProcessReply(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3964 | |
wolfSSL | 15:117db924cf7c | 3965 | WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3966 | WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3967 | |
wolfSSL | 15:117db924cf7c | 3968 | WOLFSSL_LOCAL int AddSession(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 3969 | WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 3970 | WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side); |
wolfSSL | 15:117db924cf7c | 3971 | |
wolfSSL | 15:117db924cf7c | 3972 | WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 3973 | WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 3974 | WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv); |
wolfSSL | 15:117db924cf7c | 3975 | |
wolfSSL | 15:117db924cf7c | 3976 | WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 3977 | WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree); |
wolfSSL | 15:117db924cf7c | 3978 | WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 3979 | |
wolfSSL | 15:117db924cf7c | 3980 | WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 3981 | |
wolfSSL | 15:117db924cf7c | 3982 | WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32); |
wolfSSL | 15:117db924cf7c | 3983 | WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment); |
wolfSSL | 15:117db924cf7c | 3984 | |
wolfSSL | 15:117db924cf7c | 3985 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 3986 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 3987 | #ifdef WC_RSA_PSS |
wolfSSL | 15:117db924cf7c | 3988 | WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz, |
wolfSSL | 15:117db924cf7c | 3989 | byte* out, word32 sigSz, enum wc_HashType hashType); |
wolfSSL | 15:117db924cf7c | 3990 | WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo, |
wolfSSL | 15:117db924cf7c | 3991 | enum wc_HashType* hashType, int* mgf); |
wolfSSL | 15:117db924cf7c | 3992 | #endif |
wolfSSL | 15:117db924cf7c | 3993 | WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, |
wolfSSL | 15:117db924cf7c | 3994 | word32 sigSz, const byte* plain, word32 plainSz, int sigAlgo, |
wolfSSL | 15:117db924cf7c | 3995 | int hashAlgo, RsaKey* key, DerBuffer* keyBufInfo); |
wolfSSL | 15:117db924cf7c | 3996 | WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, |
wolfSSL | 15:117db924cf7c | 3997 | byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key, |
wolfSSL | 15:117db924cf7c | 3998 | DerBuffer* keyBufInfo); |
wolfSSL | 15:117db924cf7c | 3999 | WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, |
wolfSSL | 15:117db924cf7c | 4000 | byte** out, int sigAlgo, int hashAlgo, RsaKey* key, |
wolfSSL | 15:117db924cf7c | 4001 | buffer* keyBufInfo); |
wolfSSL | 15:117db924cf7c | 4002 | WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, |
wolfSSL | 15:117db924cf7c | 4003 | word32* outSz, RsaKey* key, DerBuffer* keyBufInfo); |
wolfSSL | 15:117db924cf7c | 4004 | WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, |
wolfSSL | 15:117db924cf7c | 4005 | word32* outSz, RsaKey* key, buffer* keyBufInfo); |
wolfSSL | 15:117db924cf7c | 4006 | #endif /* !NO_RSA */ |
wolfSSL | 15:117db924cf7c | 4007 | |
wolfSSL | 15:117db924cf7c | 4008 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 4009 | WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, |
wolfSSL | 15:117db924cf7c | 4010 | byte* out, word32* outSz, ecc_key* key, DerBuffer* keyBufInfo); |
wolfSSL | 15:117db924cf7c | 4011 | WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, |
wolfSSL | 15:117db924cf7c | 4012 | const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo); |
wolfSSL | 15:117db924cf7c | 4013 | WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, |
wolfSSL | 15:117db924cf7c | 4014 | ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out, |
wolfSSL | 15:117db924cf7c | 4015 | word32* outlen, int side); |
wolfSSL | 15:117db924cf7c | 4016 | #endif /* HAVE_ECC */ |
wolfSSL | 15:117db924cf7c | 4017 | #ifdef HAVE_ED25519 |
wolfSSL | 15:117db924cf7c | 4018 | WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 4019 | WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, |
wolfSSL | 15:117db924cf7c | 4020 | byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo); |
wolfSSL | 15:117db924cf7c | 4021 | WOLFSSL_LOCAL int Ed25519Verify(WOLFSSL* ssl, const byte* in, |
wolfSSL | 15:117db924cf7c | 4022 | word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key, |
wolfSSL | 15:117db924cf7c | 4023 | buffer* keyBufInfo); |
wolfSSL | 15:117db924cf7c | 4024 | #endif /* HAVE_ED25519 */ |
wolfSSL | 15:117db924cf7c | 4025 | |
wolfSSL | 15:117db924cf7c | 4026 | |
wolfSSL | 15:117db924cf7c | 4027 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 15:117db924cf7c | 4028 | |
wolfSSL | 15:117db924cf7c | 4029 | /* options for searching hash table for a matching trusted peer cert */ |
wolfSSL | 15:117db924cf7c | 4030 | #define WC_MATCH_SKID 0 |
wolfSSL | 15:117db924cf7c | 4031 | #define WC_MATCH_NAME 1 |
wolfSSL | 15:117db924cf7c | 4032 | |
wolfSSL | 15:117db924cf7c | 4033 | WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash, |
wolfSSL | 15:117db924cf7c | 4034 | int type); |
wolfSSL | 15:117db924cf7c | 4035 | WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp, |
wolfSSL | 15:117db924cf7c | 4036 | DecodedCert* cert); |
wolfSSL | 15:117db924cf7c | 4037 | #endif |
wolfSSL | 15:117db924cf7c | 4038 | |
wolfSSL | 15:117db924cf7c | 4039 | WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash); |
wolfSSL | 15:117db924cf7c | 4040 | #ifndef NO_SKID |
wolfSSL | 15:117db924cf7c | 4041 | WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash); |
wolfSSL | 15:117db924cf7c | 4042 | #endif |
wolfSSL | 15:117db924cf7c | 4043 | #endif /* !NO_CERTS */ |
wolfSSL | 15:117db924cf7c | 4044 | WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, |
wolfSSL | 15:117db924cf7c | 4045 | word32* hashLen); |
wolfSSL | 15:117db924cf7c | 4046 | WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, |
wolfSSL | 15:117db924cf7c | 4047 | const byte* sender); |
wolfSSL | 15:117db924cf7c | 4048 | WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep); |
wolfSSL | 15:117db924cf7c | 4049 | WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size); |
wolfSSL | 15:117db924cf7c | 4050 | WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); |
wolfSSL | 15:117db924cf7c | 4051 | |
wolfSSL | 15:117db924cf7c | 4052 | #ifndef NO_TLS |
wolfSSL | 15:117db924cf7c | 4053 | WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 4054 | WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, |
wolfSSL | 15:117db924cf7c | 4055 | word32 sz, int padSz, int content, int verify); |
wolfSSL | 15:117db924cf7c | 4056 | #endif |
wolfSSL | 15:117db924cf7c | 4057 | |
wolfSSL | 15:117db924cf7c | 4058 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 4059 | WOLFSSL_LOCAL int SendClientHello(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 4060 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 4061 | WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 4062 | #endif |
wolfSSL | 15:117db924cf7c | 4063 | WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 4064 | WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 4065 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 15:117db924cf7c | 4066 | |
wolfSSL | 15:117db924cf7c | 4067 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 4068 | WOLFSSL_LOCAL int SendServerHello(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 4069 | WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 4070 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 15:117db924cf7c | 4071 | |
wolfSSL | 15:117db924cf7c | 4072 | #ifdef WOLFSSL_DTLS |
wolfSSL | 15:117db924cf7c | 4073 | WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); |
wolfSSL | 15:117db924cf7c | 4074 | WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); |
wolfSSL | 15:117db924cf7c | 4075 | WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); |
wolfSSL | 15:117db924cf7c | 4076 | WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, |
wolfSSL | 15:117db924cf7c | 4077 | word32, word32, void*); |
wolfSSL | 15:117db924cf7c | 4078 | WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); |
wolfSSL | 15:117db924cf7c | 4079 | WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32, |
wolfSSL | 15:117db924cf7c | 4080 | byte, word32, word32, void*); |
wolfSSL | 15:117db924cf7c | 4081 | WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); |
wolfSSL | 15:117db924cf7c | 4082 | |
wolfSSL | 15:117db924cf7c | 4083 | WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32); |
wolfSSL | 15:117db924cf7c | 4084 | WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 4085 | WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32); |
wolfSSL | 15:117db924cf7c | 4086 | WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*); |
wolfSSL | 15:117db924cf7c | 4087 | WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int); |
wolfSSL | 15:117db924cf7c | 4088 | #endif /* WOLFSSL_DTLS */ |
wolfSSL | 15:117db924cf7c | 4089 | |
wolfSSL | 15:117db924cf7c | 4090 | #ifndef NO_TLS |
wolfSSL | 15:117db924cf7c | 4091 | |
wolfSSL | 15:117db924cf7c | 4092 | |
wolfSSL | 15:117db924cf7c | 4093 | #endif /* NO_TLS */ |
wolfSSL | 15:117db924cf7c | 4094 | |
wolfSSL | 15:117db924cf7c | 4095 | #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) |
wolfSSL | 15:117db924cf7c | 4096 | WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void); |
wolfSSL | 15:117db924cf7c | 4097 | #endif |
wolfSSL | 15:117db924cf7c | 4098 | WOLFSSL_LOCAL word32 LowResTimer(void); |
wolfSSL | 15:117db924cf7c | 4099 | |
wolfSSL | 15:117db924cf7c | 4100 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 4101 | WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int); |
wolfSSL | 15:117db924cf7c | 4102 | WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap); |
wolfSSL | 15:117db924cf7c | 4103 | WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap); |
wolfSSL | 15:117db924cf7c | 4104 | WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); |
wolfSSL | 15:117db924cf7c | 4105 | WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); |
wolfSSL | 15:117db924cf7c | 4106 | #endif |
wolfSSL | 15:117db924cf7c | 4107 | |
wolfSSL | 15:117db924cf7c | 4108 | typedef struct CipherSuiteInfo { |
wolfSSL | 15:117db924cf7c | 4109 | const char* name; |
wolfSSL | 15:117db924cf7c | 4110 | #ifndef NO_ERROR_STRINGS |
wolfSSL | 15:117db924cf7c | 4111 | const char* name_iana; |
wolfSSL | 15:117db924cf7c | 4112 | #endif |
wolfSSL | 15:117db924cf7c | 4113 | byte cipherSuite0; |
wolfSSL | 15:117db924cf7c | 4114 | byte cipherSuite; |
wolfSSL | 15:117db924cf7c | 4115 | } CipherSuiteInfo; |
wolfSSL | 15:117db924cf7c | 4116 | |
wolfSSL | 15:117db924cf7c | 4117 | WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void); |
wolfSSL | 15:117db924cf7c | 4118 | WOLFSSL_LOCAL int GetCipherNamesSize(void); |
wolfSSL | 15:117db924cf7c | 4119 | WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite); |
wolfSSL | 15:117db924cf7c | 4120 | WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite); |
wolfSSL | 15:117db924cf7c | 4121 | WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 4122 | WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 4123 | |
wolfSSL | 15:117db924cf7c | 4124 | enum encrypt_side { |
wolfSSL | 15:117db924cf7c | 4125 | ENCRYPT_SIDE_ONLY = 1, |
wolfSSL | 15:117db924cf7c | 4126 | DECRYPT_SIDE_ONLY, |
wolfSSL | 15:117db924cf7c | 4127 | ENCRYPT_AND_DECRYPT_SIDE |
wolfSSL | 15:117db924cf7c | 4128 | }; |
wolfSSL | 15:117db924cf7c | 4129 | |
wolfSSL | 15:117db924cf7c | 4130 | WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); |
wolfSSL | 15:117db924cf7c | 4131 | |
wolfSSL | 15:117db924cf7c | 4132 | |
wolfSSL | 15:117db924cf7c | 4133 | #ifndef NO_DH |
wolfSSL | 15:117db924cf7c | 4134 | WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey, |
wolfSSL | 15:117db924cf7c | 4135 | byte* priv, word32* privSz, |
wolfSSL | 15:117db924cf7c | 4136 | byte* pub, word32* pubSz); |
wolfSSL | 15:117db924cf7c | 4137 | WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey, |
wolfSSL | 15:117db924cf7c | 4138 | const byte* priv, word32 privSz, |
wolfSSL | 15:117db924cf7c | 4139 | const byte* otherPub, word32 otherPubSz, |
wolfSSL | 15:117db924cf7c | 4140 | byte* agree, word32* agreeSz); |
wolfSSL | 15:117db924cf7c | 4141 | #endif /* !NO_DH */ |
wolfSSL | 15:117db924cf7c | 4142 | |
wolfSSL | 15:117db924cf7c | 4143 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 4144 | WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer); |
wolfSSL | 15:117db924cf7c | 4145 | #endif |
wolfSSL | 15:117db924cf7c | 4146 | |
wolfSSL | 15:117db924cf7c | 4147 | WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 4148 | WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 4149 | |
wolfSSL | 15:117db924cf7c | 4150 | WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, |
wolfSSL | 15:117db924cf7c | 4151 | const byte* input, int inSz, int type, int hashOutput, |
wolfSSL | 15:117db924cf7c | 4152 | int sizeOnly, int asyncOkay); |
wolfSSL | 15:117db924cf7c | 4153 | |
wolfSSL | 15:117db924cf7c | 4154 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 4155 | int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, |
wolfSSL | 15:117db924cf7c | 4156 | int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay); |
wolfSSL | 15:117db924cf7c | 4157 | #endif |
wolfSSL | 15:117db924cf7c | 4158 | |
wolfSSL | 15:117db924cf7c | 4159 | WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey); |
wolfSSL | 15:117db924cf7c | 4160 | WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey); |
wolfSSL | 15:117db924cf7c | 4161 | |
wolfSSL | 15:117db924cf7c | 4162 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 15:117db924cf7c | 4163 | WOLFSSL_LOCAL int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags); |
wolfSSL | 15:117db924cf7c | 4164 | WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state); |
wolfSSL | 15:117db924cf7c | 4165 | WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev); |
wolfSSL | 15:117db924cf7c | 4166 | #endif |
wolfSSL | 15:117db924cf7c | 4167 | |
wolfSSL | 15:117db924cf7c | 4168 | |
wolfSSL | 15:117db924cf7c | 4169 | #ifdef __cplusplus |
wolfSSL | 15:117db924cf7c | 4170 | } /* extern "C" */ |
wolfSSL | 15:117db924cf7c | 4171 | #endif |
wolfSSL | 15:117db924cf7c | 4172 | |
wolfSSL | 15:117db924cf7c | 4173 | #endif /* wolfSSL_INT_H */ |
wolfSSL | 15:117db924cf7c | 4174 |