wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
src/tls.c@4:1b0d80432c79, 2016-04-28 (annotated)
- Committer:
- wolfSSL
- Date:
- Thu Apr 28 00:57:21 2016 +0000
- Revision:
- 4:1b0d80432c79
wolfSSL 3.9.0
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 4:1b0d80432c79 | 1 | /* tls.c |
wolfSSL | 4:1b0d80432c79 | 2 | * |
wolfSSL | 4:1b0d80432c79 | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
wolfSSL | 4:1b0d80432c79 | 4 | * |
wolfSSL | 4:1b0d80432c79 | 5 | * This file is part of wolfSSL. |
wolfSSL | 4:1b0d80432c79 | 6 | * |
wolfSSL | 4:1b0d80432c79 | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 4:1b0d80432c79 | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 4:1b0d80432c79 | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 4:1b0d80432c79 | 10 | * (at your option) any later version. |
wolfSSL | 4:1b0d80432c79 | 11 | * |
wolfSSL | 4:1b0d80432c79 | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 4:1b0d80432c79 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 4:1b0d80432c79 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 4:1b0d80432c79 | 15 | * GNU General Public License for more details. |
wolfSSL | 4:1b0d80432c79 | 16 | * |
wolfSSL | 4:1b0d80432c79 | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 4:1b0d80432c79 | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 4:1b0d80432c79 | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 4:1b0d80432c79 | 20 | */ |
wolfSSL | 4:1b0d80432c79 | 21 | |
wolfSSL | 4:1b0d80432c79 | 22 | |
wolfSSL | 4:1b0d80432c79 | 23 | |
wolfSSL | 4:1b0d80432c79 | 24 | #ifdef HAVE_CONFIG_H |
wolfSSL | 4:1b0d80432c79 | 25 | #include <config.h> |
wolfSSL | 4:1b0d80432c79 | 26 | #endif |
wolfSSL | 4:1b0d80432c79 | 27 | |
wolfSSL | 4:1b0d80432c79 | 28 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 4:1b0d80432c79 | 29 | |
wolfSSL | 4:1b0d80432c79 | 30 | #ifndef WOLFCRYPT_ONLY |
wolfSSL | 4:1b0d80432c79 | 31 | |
wolfSSL | 4:1b0d80432c79 | 32 | #include <wolfssl/ssl.h> |
wolfSSL | 4:1b0d80432c79 | 33 | #include <wolfssl/internal.h> |
wolfSSL | 4:1b0d80432c79 | 34 | #include <wolfssl/error-ssl.h> |
wolfSSL | 4:1b0d80432c79 | 35 | #include <wolfssl/wolfcrypt/hmac.h> |
wolfSSL | 4:1b0d80432c79 | 36 | #ifdef NO_INLINE |
wolfSSL | 4:1b0d80432c79 | 37 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 4:1b0d80432c79 | 38 | #else |
wolfSSL | 4:1b0d80432c79 | 39 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 4:1b0d80432c79 | 40 | #endif |
wolfSSL | 4:1b0d80432c79 | 41 | |
wolfSSL | 4:1b0d80432c79 | 42 | #ifdef HAVE_NTRU |
wolfSSL | 4:1b0d80432c79 | 43 | #include "libntruencrypt/ntru_crypto.h" |
wolfSSL | 4:1b0d80432c79 | 44 | #include <wolfssl/wolfcrypt/random.h> |
wolfSSL | 4:1b0d80432c79 | 45 | #endif |
wolfSSL | 4:1b0d80432c79 | 46 | #ifdef HAVE_QSH |
wolfSSL | 4:1b0d80432c79 | 47 | static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key); |
wolfSSL | 4:1b0d80432c79 | 48 | static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name); |
wolfSSL | 4:1b0d80432c79 | 49 | static int TLSX_CreateNtruKey(WOLFSSL* ssl, int type); |
wolfSSL | 4:1b0d80432c79 | 50 | #endif |
wolfSSL | 4:1b0d80432c79 | 51 | |
wolfSSL | 4:1b0d80432c79 | 52 | |
wolfSSL | 4:1b0d80432c79 | 53 | #ifndef NO_TLS |
wolfSSL | 4:1b0d80432c79 | 54 | |
wolfSSL | 4:1b0d80432c79 | 55 | |
wolfSSL | 4:1b0d80432c79 | 56 | #ifndef WOLFSSL_HAVE_MIN |
wolfSSL | 4:1b0d80432c79 | 57 | #define WOLFSSL_HAVE_MIN |
wolfSSL | 4:1b0d80432c79 | 58 | |
wolfSSL | 4:1b0d80432c79 | 59 | static INLINE word32 min(word32 a, word32 b) |
wolfSSL | 4:1b0d80432c79 | 60 | { |
wolfSSL | 4:1b0d80432c79 | 61 | return a > b ? b : a; |
wolfSSL | 4:1b0d80432c79 | 62 | } |
wolfSSL | 4:1b0d80432c79 | 63 | |
wolfSSL | 4:1b0d80432c79 | 64 | #endif /* WOLFSSL_HAVE_MIN */ |
wolfSSL | 4:1b0d80432c79 | 65 | |
wolfSSL | 4:1b0d80432c79 | 66 | |
wolfSSL | 4:1b0d80432c79 | 67 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 4:1b0d80432c79 | 68 | #define P_HASH_MAX_SIZE SHA384_DIGEST_SIZE |
wolfSSL | 4:1b0d80432c79 | 69 | #else |
wolfSSL | 4:1b0d80432c79 | 70 | #define P_HASH_MAX_SIZE SHA256_DIGEST_SIZE |
wolfSSL | 4:1b0d80432c79 | 71 | #endif |
wolfSSL | 4:1b0d80432c79 | 72 | |
wolfSSL | 4:1b0d80432c79 | 73 | /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */ |
wolfSSL | 4:1b0d80432c79 | 74 | static int p_hash(byte* result, word32 resLen, const byte* secret, |
wolfSSL | 4:1b0d80432c79 | 75 | word32 secLen, const byte* seed, word32 seedLen, int hash) |
wolfSSL | 4:1b0d80432c79 | 76 | { |
wolfSSL | 4:1b0d80432c79 | 77 | word32 len = P_HASH_MAX_SIZE; |
wolfSSL | 4:1b0d80432c79 | 78 | word32 times; |
wolfSSL | 4:1b0d80432c79 | 79 | word32 lastLen; |
wolfSSL | 4:1b0d80432c79 | 80 | word32 lastTime; |
wolfSSL | 4:1b0d80432c79 | 81 | word32 i; |
wolfSSL | 4:1b0d80432c79 | 82 | word32 idx = 0; |
wolfSSL | 4:1b0d80432c79 | 83 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 84 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 85 | byte* previous; |
wolfSSL | 4:1b0d80432c79 | 86 | byte* current; |
wolfSSL | 4:1b0d80432c79 | 87 | Hmac* hmac; |
wolfSSL | 4:1b0d80432c79 | 88 | #else |
wolfSSL | 4:1b0d80432c79 | 89 | byte previous[P_HASH_MAX_SIZE]; /* max size */ |
wolfSSL | 4:1b0d80432c79 | 90 | byte current[P_HASH_MAX_SIZE]; /* max size */ |
wolfSSL | 4:1b0d80432c79 | 91 | Hmac hmac[1]; |
wolfSSL | 4:1b0d80432c79 | 92 | #endif |
wolfSSL | 4:1b0d80432c79 | 93 | |
wolfSSL | 4:1b0d80432c79 | 94 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 95 | previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 96 | current = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 97 | hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 98 | |
wolfSSL | 4:1b0d80432c79 | 99 | if (previous == NULL || current == NULL || hmac == NULL) { |
wolfSSL | 4:1b0d80432c79 | 100 | if (previous) XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 101 | if (current) XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 102 | if (hmac) XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 103 | |
wolfSSL | 4:1b0d80432c79 | 104 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 105 | } |
wolfSSL | 4:1b0d80432c79 | 106 | #endif |
wolfSSL | 4:1b0d80432c79 | 107 | |
wolfSSL | 4:1b0d80432c79 | 108 | switch (hash) { |
wolfSSL | 4:1b0d80432c79 | 109 | #ifndef NO_MD5 |
wolfSSL | 4:1b0d80432c79 | 110 | case md5_mac: |
wolfSSL | 4:1b0d80432c79 | 111 | hash = MD5; |
wolfSSL | 4:1b0d80432c79 | 112 | len = MD5_DIGEST_SIZE; |
wolfSSL | 4:1b0d80432c79 | 113 | break; |
wolfSSL | 4:1b0d80432c79 | 114 | #endif |
wolfSSL | 4:1b0d80432c79 | 115 | |
wolfSSL | 4:1b0d80432c79 | 116 | #ifndef NO_SHA256 |
wolfSSL | 4:1b0d80432c79 | 117 | case sha256_mac: |
wolfSSL | 4:1b0d80432c79 | 118 | hash = SHA256; |
wolfSSL | 4:1b0d80432c79 | 119 | len = SHA256_DIGEST_SIZE; |
wolfSSL | 4:1b0d80432c79 | 120 | break; |
wolfSSL | 4:1b0d80432c79 | 121 | #endif |
wolfSSL | 4:1b0d80432c79 | 122 | |
wolfSSL | 4:1b0d80432c79 | 123 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 4:1b0d80432c79 | 124 | case sha384_mac: |
wolfSSL | 4:1b0d80432c79 | 125 | hash = SHA384; |
wolfSSL | 4:1b0d80432c79 | 126 | len = SHA384_DIGEST_SIZE; |
wolfSSL | 4:1b0d80432c79 | 127 | break; |
wolfSSL | 4:1b0d80432c79 | 128 | #endif |
wolfSSL | 4:1b0d80432c79 | 129 | |
wolfSSL | 4:1b0d80432c79 | 130 | #ifndef NO_SHA |
wolfSSL | 4:1b0d80432c79 | 131 | case sha_mac: |
wolfSSL | 4:1b0d80432c79 | 132 | default: |
wolfSSL | 4:1b0d80432c79 | 133 | hash = SHA; |
wolfSSL | 4:1b0d80432c79 | 134 | len = SHA_DIGEST_SIZE; |
wolfSSL | 4:1b0d80432c79 | 135 | break; |
wolfSSL | 4:1b0d80432c79 | 136 | #endif |
wolfSSL | 4:1b0d80432c79 | 137 | } |
wolfSSL | 4:1b0d80432c79 | 138 | |
wolfSSL | 4:1b0d80432c79 | 139 | times = resLen / len; |
wolfSSL | 4:1b0d80432c79 | 140 | lastLen = resLen % len; |
wolfSSL | 4:1b0d80432c79 | 141 | |
wolfSSL | 4:1b0d80432c79 | 142 | if (lastLen) |
wolfSSL | 4:1b0d80432c79 | 143 | times += 1; |
wolfSSL | 4:1b0d80432c79 | 144 | |
wolfSSL | 4:1b0d80432c79 | 145 | lastTime = times - 1; |
wolfSSL | 4:1b0d80432c79 | 146 | |
wolfSSL | 4:1b0d80432c79 | 147 | if ((ret = wc_HmacSetKey(hmac, hash, secret, secLen)) == 0) { |
wolfSSL | 4:1b0d80432c79 | 148 | if ((ret = wc_HmacUpdate(hmac, seed, seedLen)) == 0) { /* A0 = seed */ |
wolfSSL | 4:1b0d80432c79 | 149 | if ((ret = wc_HmacFinal(hmac, previous)) == 0) { /* A1 */ |
wolfSSL | 4:1b0d80432c79 | 150 | for (i = 0; i < times; i++) { |
wolfSSL | 4:1b0d80432c79 | 151 | ret = wc_HmacUpdate(hmac, previous, len); |
wolfSSL | 4:1b0d80432c79 | 152 | if (ret != 0) |
wolfSSL | 4:1b0d80432c79 | 153 | break; |
wolfSSL | 4:1b0d80432c79 | 154 | ret = wc_HmacUpdate(hmac, seed, seedLen); |
wolfSSL | 4:1b0d80432c79 | 155 | if (ret != 0) |
wolfSSL | 4:1b0d80432c79 | 156 | break; |
wolfSSL | 4:1b0d80432c79 | 157 | ret = wc_HmacFinal(hmac, current); |
wolfSSL | 4:1b0d80432c79 | 158 | if (ret != 0) |
wolfSSL | 4:1b0d80432c79 | 159 | break; |
wolfSSL | 4:1b0d80432c79 | 160 | |
wolfSSL | 4:1b0d80432c79 | 161 | if ((i == lastTime) && lastLen) |
wolfSSL | 4:1b0d80432c79 | 162 | XMEMCPY(&result[idx], current, |
wolfSSL | 4:1b0d80432c79 | 163 | min(lastLen, P_HASH_MAX_SIZE)); |
wolfSSL | 4:1b0d80432c79 | 164 | else { |
wolfSSL | 4:1b0d80432c79 | 165 | XMEMCPY(&result[idx], current, len); |
wolfSSL | 4:1b0d80432c79 | 166 | idx += len; |
wolfSSL | 4:1b0d80432c79 | 167 | ret = wc_HmacUpdate(hmac, previous, len); |
wolfSSL | 4:1b0d80432c79 | 168 | if (ret != 0) |
wolfSSL | 4:1b0d80432c79 | 169 | break; |
wolfSSL | 4:1b0d80432c79 | 170 | ret = wc_HmacFinal(hmac, previous); |
wolfSSL | 4:1b0d80432c79 | 171 | if (ret != 0) |
wolfSSL | 4:1b0d80432c79 | 172 | break; |
wolfSSL | 4:1b0d80432c79 | 173 | } |
wolfSSL | 4:1b0d80432c79 | 174 | } |
wolfSSL | 4:1b0d80432c79 | 175 | } |
wolfSSL | 4:1b0d80432c79 | 176 | } |
wolfSSL | 4:1b0d80432c79 | 177 | } |
wolfSSL | 4:1b0d80432c79 | 178 | |
wolfSSL | 4:1b0d80432c79 | 179 | ForceZero(previous, P_HASH_MAX_SIZE); |
wolfSSL | 4:1b0d80432c79 | 180 | ForceZero(current, P_HASH_MAX_SIZE); |
wolfSSL | 4:1b0d80432c79 | 181 | ForceZero(hmac, sizeof(Hmac)); |
wolfSSL | 4:1b0d80432c79 | 182 | |
wolfSSL | 4:1b0d80432c79 | 183 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 184 | XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 185 | XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 186 | XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 187 | #endif |
wolfSSL | 4:1b0d80432c79 | 188 | |
wolfSSL | 4:1b0d80432c79 | 189 | return ret; |
wolfSSL | 4:1b0d80432c79 | 190 | } |
wolfSSL | 4:1b0d80432c79 | 191 | |
wolfSSL | 4:1b0d80432c79 | 192 | #undef P_HASH_MAX_SIZE |
wolfSSL | 4:1b0d80432c79 | 193 | |
wolfSSL | 4:1b0d80432c79 | 194 | |
wolfSSL | 4:1b0d80432c79 | 195 | #ifndef NO_OLD_TLS |
wolfSSL | 4:1b0d80432c79 | 196 | |
wolfSSL | 4:1b0d80432c79 | 197 | /* calculate XOR for TLSv1 PRF */ |
wolfSSL | 4:1b0d80432c79 | 198 | static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha) |
wolfSSL | 4:1b0d80432c79 | 199 | { |
wolfSSL | 4:1b0d80432c79 | 200 | word32 i; |
wolfSSL | 4:1b0d80432c79 | 201 | |
wolfSSL | 4:1b0d80432c79 | 202 | for (i = 0; i < digLen; i++) |
wolfSSL | 4:1b0d80432c79 | 203 | digest[i] = md5[i] ^ sha[i]; |
wolfSSL | 4:1b0d80432c79 | 204 | } |
wolfSSL | 4:1b0d80432c79 | 205 | |
wolfSSL | 4:1b0d80432c79 | 206 | |
wolfSSL | 4:1b0d80432c79 | 207 | /* compute TLSv1 PRF (pseudo random function using HMAC) */ |
wolfSSL | 4:1b0d80432c79 | 208 | static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, |
wolfSSL | 4:1b0d80432c79 | 209 | const byte* label, word32 labLen, const byte* seed, |
wolfSSL | 4:1b0d80432c79 | 210 | word32 seedLen) |
wolfSSL | 4:1b0d80432c79 | 211 | { |
wolfSSL | 4:1b0d80432c79 | 212 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 213 | word32 half = (secLen + 1) / 2; |
wolfSSL | 4:1b0d80432c79 | 214 | |
wolfSSL | 4:1b0d80432c79 | 215 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 216 | byte* md5_half; |
wolfSSL | 4:1b0d80432c79 | 217 | byte* sha_half; |
wolfSSL | 4:1b0d80432c79 | 218 | byte* labelSeed; |
wolfSSL | 4:1b0d80432c79 | 219 | byte* md5_result; |
wolfSSL | 4:1b0d80432c79 | 220 | byte* sha_result; |
wolfSSL | 4:1b0d80432c79 | 221 | #else |
wolfSSL | 4:1b0d80432c79 | 222 | byte md5_half[MAX_PRF_HALF]; /* half is real size */ |
wolfSSL | 4:1b0d80432c79 | 223 | byte sha_half[MAX_PRF_HALF]; /* half is real size */ |
wolfSSL | 4:1b0d80432c79 | 224 | byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */ |
wolfSSL | 4:1b0d80432c79 | 225 | byte md5_result[MAX_PRF_DIG]; /* digLen is real size */ |
wolfSSL | 4:1b0d80432c79 | 226 | byte sha_result[MAX_PRF_DIG]; /* digLen is real size */ |
wolfSSL | 4:1b0d80432c79 | 227 | #endif |
wolfSSL | 4:1b0d80432c79 | 228 | |
wolfSSL | 4:1b0d80432c79 | 229 | if (half > MAX_PRF_HALF) |
wolfSSL | 4:1b0d80432c79 | 230 | return BUFFER_E; |
wolfSSL | 4:1b0d80432c79 | 231 | if (labLen + seedLen > MAX_PRF_LABSEED) |
wolfSSL | 4:1b0d80432c79 | 232 | return BUFFER_E; |
wolfSSL | 4:1b0d80432c79 | 233 | if (digLen > MAX_PRF_DIG) |
wolfSSL | 4:1b0d80432c79 | 234 | return BUFFER_E; |
wolfSSL | 4:1b0d80432c79 | 235 | |
wolfSSL | 4:1b0d80432c79 | 236 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 237 | md5_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 238 | sha_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 239 | labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 240 | md5_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 241 | sha_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 242 | |
wolfSSL | 4:1b0d80432c79 | 243 | if (md5_half == NULL || sha_half == NULL || labelSeed == NULL || |
wolfSSL | 4:1b0d80432c79 | 244 | md5_result == NULL || sha_result == NULL) { |
wolfSSL | 4:1b0d80432c79 | 245 | if (md5_half) XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 246 | if (sha_half) XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 247 | if (labelSeed) XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 248 | if (md5_result) XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 249 | if (sha_result) XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 250 | |
wolfSSL | 4:1b0d80432c79 | 251 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 252 | } |
wolfSSL | 4:1b0d80432c79 | 253 | #endif |
wolfSSL | 4:1b0d80432c79 | 254 | |
wolfSSL | 4:1b0d80432c79 | 255 | XMEMSET(md5_result, 0, digLen); |
wolfSSL | 4:1b0d80432c79 | 256 | XMEMSET(sha_result, 0, digLen); |
wolfSSL | 4:1b0d80432c79 | 257 | |
wolfSSL | 4:1b0d80432c79 | 258 | XMEMCPY(md5_half, secret, half); |
wolfSSL | 4:1b0d80432c79 | 259 | XMEMCPY(sha_half, secret + half - secLen % 2, half); |
wolfSSL | 4:1b0d80432c79 | 260 | |
wolfSSL | 4:1b0d80432c79 | 261 | XMEMCPY(labelSeed, label, labLen); |
wolfSSL | 4:1b0d80432c79 | 262 | XMEMCPY(labelSeed + labLen, seed, seedLen); |
wolfSSL | 4:1b0d80432c79 | 263 | |
wolfSSL | 4:1b0d80432c79 | 264 | if ((ret = p_hash(md5_result, digLen, md5_half, half, labelSeed, |
wolfSSL | 4:1b0d80432c79 | 265 | labLen + seedLen, md5_mac)) == 0) { |
wolfSSL | 4:1b0d80432c79 | 266 | if ((ret = p_hash(sha_result, digLen, sha_half, half, labelSeed, |
wolfSSL | 4:1b0d80432c79 | 267 | labLen + seedLen, sha_mac)) == 0) { |
wolfSSL | 4:1b0d80432c79 | 268 | get_xor(digest, digLen, md5_result, sha_result); |
wolfSSL | 4:1b0d80432c79 | 269 | } |
wolfSSL | 4:1b0d80432c79 | 270 | } |
wolfSSL | 4:1b0d80432c79 | 271 | |
wolfSSL | 4:1b0d80432c79 | 272 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 273 | XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 274 | XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 275 | XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 276 | XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 277 | XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 278 | #endif |
wolfSSL | 4:1b0d80432c79 | 279 | |
wolfSSL | 4:1b0d80432c79 | 280 | return ret; |
wolfSSL | 4:1b0d80432c79 | 281 | } |
wolfSSL | 4:1b0d80432c79 | 282 | |
wolfSSL | 4:1b0d80432c79 | 283 | #endif |
wolfSSL | 4:1b0d80432c79 | 284 | |
wolfSSL | 4:1b0d80432c79 | 285 | |
wolfSSL | 4:1b0d80432c79 | 286 | /* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack |
wolfSSL | 4:1b0d80432c79 | 287 | use */ |
wolfSSL | 4:1b0d80432c79 | 288 | static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, |
wolfSSL | 4:1b0d80432c79 | 289 | const byte* label, word32 labLen, const byte* seed, word32 seedLen, |
wolfSSL | 4:1b0d80432c79 | 290 | int useAtLeastSha256, int hash_type) |
wolfSSL | 4:1b0d80432c79 | 291 | { |
wolfSSL | 4:1b0d80432c79 | 292 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 293 | |
wolfSSL | 4:1b0d80432c79 | 294 | if (useAtLeastSha256) { |
wolfSSL | 4:1b0d80432c79 | 295 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 296 | byte* labelSeed; |
wolfSSL | 4:1b0d80432c79 | 297 | #else |
wolfSSL | 4:1b0d80432c79 | 298 | byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */ |
wolfSSL | 4:1b0d80432c79 | 299 | #endif |
wolfSSL | 4:1b0d80432c79 | 300 | |
wolfSSL | 4:1b0d80432c79 | 301 | if (labLen + seedLen > MAX_PRF_LABSEED) |
wolfSSL | 4:1b0d80432c79 | 302 | return BUFFER_E; |
wolfSSL | 4:1b0d80432c79 | 303 | |
wolfSSL | 4:1b0d80432c79 | 304 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 305 | labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, |
wolfSSL | 4:1b0d80432c79 | 306 | DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 307 | if (labelSeed == NULL) |
wolfSSL | 4:1b0d80432c79 | 308 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 309 | #endif |
wolfSSL | 4:1b0d80432c79 | 310 | |
wolfSSL | 4:1b0d80432c79 | 311 | XMEMCPY(labelSeed, label, labLen); |
wolfSSL | 4:1b0d80432c79 | 312 | XMEMCPY(labelSeed + labLen, seed, seedLen); |
wolfSSL | 4:1b0d80432c79 | 313 | |
wolfSSL | 4:1b0d80432c79 | 314 | /* If a cipher suite wants an algorithm better than sha256, it |
wolfSSL | 4:1b0d80432c79 | 315 | * should use better. */ |
wolfSSL | 4:1b0d80432c79 | 316 | if (hash_type < sha256_mac || hash_type == blake2b_mac) |
wolfSSL | 4:1b0d80432c79 | 317 | hash_type = sha256_mac; |
wolfSSL | 4:1b0d80432c79 | 318 | ret = p_hash(digest, digLen, secret, secLen, labelSeed, |
wolfSSL | 4:1b0d80432c79 | 319 | labLen + seedLen, hash_type); |
wolfSSL | 4:1b0d80432c79 | 320 | |
wolfSSL | 4:1b0d80432c79 | 321 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 322 | XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 323 | #endif |
wolfSSL | 4:1b0d80432c79 | 324 | } |
wolfSSL | 4:1b0d80432c79 | 325 | #ifndef NO_OLD_TLS |
wolfSSL | 4:1b0d80432c79 | 326 | else { |
wolfSSL | 4:1b0d80432c79 | 327 | ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed, |
wolfSSL | 4:1b0d80432c79 | 328 | seedLen); |
wolfSSL | 4:1b0d80432c79 | 329 | } |
wolfSSL | 4:1b0d80432c79 | 330 | #endif |
wolfSSL | 4:1b0d80432c79 | 331 | |
wolfSSL | 4:1b0d80432c79 | 332 | return ret; |
wolfSSL | 4:1b0d80432c79 | 333 | } |
wolfSSL | 4:1b0d80432c79 | 334 | |
wolfSSL | 4:1b0d80432c79 | 335 | |
wolfSSL | 4:1b0d80432c79 | 336 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 4:1b0d80432c79 | 337 | #define HSHASH_SZ SHA384_DIGEST_SIZE |
wolfSSL | 4:1b0d80432c79 | 338 | #else |
wolfSSL | 4:1b0d80432c79 | 339 | #define HSHASH_SZ FINISHED_SZ |
wolfSSL | 4:1b0d80432c79 | 340 | #endif |
wolfSSL | 4:1b0d80432c79 | 341 | |
wolfSSL | 4:1b0d80432c79 | 342 | |
wolfSSL | 4:1b0d80432c79 | 343 | int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) |
wolfSSL | 4:1b0d80432c79 | 344 | { |
wolfSSL | 4:1b0d80432c79 | 345 | const byte* side; |
wolfSSL | 4:1b0d80432c79 | 346 | byte handshake_hash[HSHASH_SZ]; |
wolfSSL | 4:1b0d80432c79 | 347 | word32 hashSz = FINISHED_SZ; |
wolfSSL | 4:1b0d80432c79 | 348 | |
wolfSSL | 4:1b0d80432c79 | 349 | #ifndef NO_OLD_TLS |
wolfSSL | 4:1b0d80432c79 | 350 | wc_Md5GetHash(&ssl->hsHashes->hashMd5, handshake_hash); |
wolfSSL | 4:1b0d80432c79 | 351 | wc_ShaGetHash(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]); |
wolfSSL | 4:1b0d80432c79 | 352 | #endif |
wolfSSL | 4:1b0d80432c79 | 353 | |
wolfSSL | 4:1b0d80432c79 | 354 | if (IsAtLeastTLSv1_2(ssl)) { |
wolfSSL | 4:1b0d80432c79 | 355 | #ifndef NO_SHA256 |
wolfSSL | 4:1b0d80432c79 | 356 | if (ssl->specs.mac_algorithm <= sha256_mac || ssl->specs.mac_algorithm == blake2b_mac) { |
wolfSSL | 4:1b0d80432c79 | 357 | int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash); |
wolfSSL | 4:1b0d80432c79 | 358 | |
wolfSSL | 4:1b0d80432c79 | 359 | if (ret != 0) |
wolfSSL | 4:1b0d80432c79 | 360 | return ret; |
wolfSSL | 4:1b0d80432c79 | 361 | |
wolfSSL | 4:1b0d80432c79 | 362 | hashSz = SHA256_DIGEST_SIZE; |
wolfSSL | 4:1b0d80432c79 | 363 | } |
wolfSSL | 4:1b0d80432c79 | 364 | #endif |
wolfSSL | 4:1b0d80432c79 | 365 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 4:1b0d80432c79 | 366 | if (ssl->specs.mac_algorithm == sha384_mac) { |
wolfSSL | 4:1b0d80432c79 | 367 | int ret = wc_Sha384Final(&ssl->hsHashes->hashSha384,handshake_hash); |
wolfSSL | 4:1b0d80432c79 | 368 | |
wolfSSL | 4:1b0d80432c79 | 369 | if (ret != 0) |
wolfSSL | 4:1b0d80432c79 | 370 | return ret; |
wolfSSL | 4:1b0d80432c79 | 371 | |
wolfSSL | 4:1b0d80432c79 | 372 | hashSz = SHA384_DIGEST_SIZE; |
wolfSSL | 4:1b0d80432c79 | 373 | } |
wolfSSL | 4:1b0d80432c79 | 374 | #endif |
wolfSSL | 4:1b0d80432c79 | 375 | } |
wolfSSL | 4:1b0d80432c79 | 376 | |
wolfSSL | 4:1b0d80432c79 | 377 | if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0) |
wolfSSL | 4:1b0d80432c79 | 378 | side = tls_client; |
wolfSSL | 4:1b0d80432c79 | 379 | else |
wolfSSL | 4:1b0d80432c79 | 380 | side = tls_server; |
wolfSSL | 4:1b0d80432c79 | 381 | |
wolfSSL | 4:1b0d80432c79 | 382 | return PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, |
wolfSSL | 4:1b0d80432c79 | 383 | SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, |
wolfSSL | 4:1b0d80432c79 | 384 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 4:1b0d80432c79 | 385 | } |
wolfSSL | 4:1b0d80432c79 | 386 | |
wolfSSL | 4:1b0d80432c79 | 387 | |
wolfSSL | 4:1b0d80432c79 | 388 | #ifndef NO_OLD_TLS |
wolfSSL | 4:1b0d80432c79 | 389 | |
wolfSSL | 4:1b0d80432c79 | 390 | ProtocolVersion MakeTLSv1(void) |
wolfSSL | 4:1b0d80432c79 | 391 | { |
wolfSSL | 4:1b0d80432c79 | 392 | ProtocolVersion pv; |
wolfSSL | 4:1b0d80432c79 | 393 | pv.major = SSLv3_MAJOR; |
wolfSSL | 4:1b0d80432c79 | 394 | pv.minor = TLSv1_MINOR; |
wolfSSL | 4:1b0d80432c79 | 395 | |
wolfSSL | 4:1b0d80432c79 | 396 | return pv; |
wolfSSL | 4:1b0d80432c79 | 397 | } |
wolfSSL | 4:1b0d80432c79 | 398 | |
wolfSSL | 4:1b0d80432c79 | 399 | |
wolfSSL | 4:1b0d80432c79 | 400 | ProtocolVersion MakeTLSv1_1(void) |
wolfSSL | 4:1b0d80432c79 | 401 | { |
wolfSSL | 4:1b0d80432c79 | 402 | ProtocolVersion pv; |
wolfSSL | 4:1b0d80432c79 | 403 | pv.major = SSLv3_MAJOR; |
wolfSSL | 4:1b0d80432c79 | 404 | pv.minor = TLSv1_1_MINOR; |
wolfSSL | 4:1b0d80432c79 | 405 | |
wolfSSL | 4:1b0d80432c79 | 406 | return pv; |
wolfSSL | 4:1b0d80432c79 | 407 | } |
wolfSSL | 4:1b0d80432c79 | 408 | |
wolfSSL | 4:1b0d80432c79 | 409 | #endif |
wolfSSL | 4:1b0d80432c79 | 410 | |
wolfSSL | 4:1b0d80432c79 | 411 | |
wolfSSL | 4:1b0d80432c79 | 412 | ProtocolVersion MakeTLSv1_2(void) |
wolfSSL | 4:1b0d80432c79 | 413 | { |
wolfSSL | 4:1b0d80432c79 | 414 | ProtocolVersion pv; |
wolfSSL | 4:1b0d80432c79 | 415 | pv.major = SSLv3_MAJOR; |
wolfSSL | 4:1b0d80432c79 | 416 | pv.minor = TLSv1_2_MINOR; |
wolfSSL | 4:1b0d80432c79 | 417 | |
wolfSSL | 4:1b0d80432c79 | 418 | return pv; |
wolfSSL | 4:1b0d80432c79 | 419 | } |
wolfSSL | 4:1b0d80432c79 | 420 | |
wolfSSL | 4:1b0d80432c79 | 421 | |
wolfSSL | 4:1b0d80432c79 | 422 | static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret"; |
wolfSSL | 4:1b0d80432c79 | 423 | static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion"; |
wolfSSL | 4:1b0d80432c79 | 424 | |
wolfSSL | 4:1b0d80432c79 | 425 | |
wolfSSL | 4:1b0d80432c79 | 426 | /* External facing wrapper so user can call as well, 0 on success */ |
wolfSSL | 4:1b0d80432c79 | 427 | int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen, |
wolfSSL | 4:1b0d80432c79 | 428 | const byte* ms, word32 msLen, |
wolfSSL | 4:1b0d80432c79 | 429 | const byte* sr, const byte* cr, |
wolfSSL | 4:1b0d80432c79 | 430 | int tls1_2, int hash_type) |
wolfSSL | 4:1b0d80432c79 | 431 | { |
wolfSSL | 4:1b0d80432c79 | 432 | byte seed[SEED_LEN]; |
wolfSSL | 4:1b0d80432c79 | 433 | |
wolfSSL | 4:1b0d80432c79 | 434 | XMEMCPY(seed, sr, RAN_LEN); |
wolfSSL | 4:1b0d80432c79 | 435 | XMEMCPY(seed + RAN_LEN, cr, RAN_LEN); |
wolfSSL | 4:1b0d80432c79 | 436 | |
wolfSSL | 4:1b0d80432c79 | 437 | return PRF(key_data, keyLen, ms, msLen, key_label, KEY_LABEL_SZ, |
wolfSSL | 4:1b0d80432c79 | 438 | seed, SEED_LEN, tls1_2, hash_type); |
wolfSSL | 4:1b0d80432c79 | 439 | } |
wolfSSL | 4:1b0d80432c79 | 440 | |
wolfSSL | 4:1b0d80432c79 | 441 | |
wolfSSL | 4:1b0d80432c79 | 442 | int DeriveTlsKeys(WOLFSSL* ssl) |
wolfSSL | 4:1b0d80432c79 | 443 | { |
wolfSSL | 4:1b0d80432c79 | 444 | int ret; |
wolfSSL | 4:1b0d80432c79 | 445 | int length = 2 * ssl->specs.hash_size + |
wolfSSL | 4:1b0d80432c79 | 446 | 2 * ssl->specs.key_size + |
wolfSSL | 4:1b0d80432c79 | 447 | 2 * ssl->specs.iv_size; |
wolfSSL | 4:1b0d80432c79 | 448 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 449 | byte* key_data; |
wolfSSL | 4:1b0d80432c79 | 450 | #else |
wolfSSL | 4:1b0d80432c79 | 451 | byte key_data[MAX_PRF_DIG]; |
wolfSSL | 4:1b0d80432c79 | 452 | #endif |
wolfSSL | 4:1b0d80432c79 | 453 | |
wolfSSL | 4:1b0d80432c79 | 454 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 455 | key_data = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 456 | if (key_data == NULL) { |
wolfSSL | 4:1b0d80432c79 | 457 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 458 | } |
wolfSSL | 4:1b0d80432c79 | 459 | #endif |
wolfSSL | 4:1b0d80432c79 | 460 | |
wolfSSL | 4:1b0d80432c79 | 461 | ret = wolfSSL_DeriveTlsKeys(key_data, length, |
wolfSSL | 4:1b0d80432c79 | 462 | ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 4:1b0d80432c79 | 463 | ssl->arrays->serverRandom, ssl->arrays->clientRandom, |
wolfSSL | 4:1b0d80432c79 | 464 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 4:1b0d80432c79 | 465 | if (ret == 0) |
wolfSSL | 4:1b0d80432c79 | 466 | ret = StoreKeys(ssl, key_data); |
wolfSSL | 4:1b0d80432c79 | 467 | |
wolfSSL | 4:1b0d80432c79 | 468 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 469 | XFREE(key_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 470 | #endif |
wolfSSL | 4:1b0d80432c79 | 471 | |
wolfSSL | 4:1b0d80432c79 | 472 | return ret; |
wolfSSL | 4:1b0d80432c79 | 473 | } |
wolfSSL | 4:1b0d80432c79 | 474 | |
wolfSSL | 4:1b0d80432c79 | 475 | |
wolfSSL | 4:1b0d80432c79 | 476 | /* External facing wrapper so user can call as well, 0 on success */ |
wolfSSL | 4:1b0d80432c79 | 477 | int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen, |
wolfSSL | 4:1b0d80432c79 | 478 | const byte* pms, word32 pmsLen, |
wolfSSL | 4:1b0d80432c79 | 479 | const byte* cr, const byte* sr, |
wolfSSL | 4:1b0d80432c79 | 480 | int tls1_2, int hash_type) |
wolfSSL | 4:1b0d80432c79 | 481 | { |
wolfSSL | 4:1b0d80432c79 | 482 | byte seed[SEED_LEN]; |
wolfSSL | 4:1b0d80432c79 | 483 | |
wolfSSL | 4:1b0d80432c79 | 484 | XMEMCPY(seed, cr, RAN_LEN); |
wolfSSL | 4:1b0d80432c79 | 485 | XMEMCPY(seed + RAN_LEN, sr, RAN_LEN); |
wolfSSL | 4:1b0d80432c79 | 486 | |
wolfSSL | 4:1b0d80432c79 | 487 | return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ, |
wolfSSL | 4:1b0d80432c79 | 488 | seed, SEED_LEN, tls1_2, hash_type); |
wolfSSL | 4:1b0d80432c79 | 489 | } |
wolfSSL | 4:1b0d80432c79 | 490 | |
wolfSSL | 4:1b0d80432c79 | 491 | |
wolfSSL | 4:1b0d80432c79 | 492 | int MakeTlsMasterSecret(WOLFSSL* ssl) |
wolfSSL | 4:1b0d80432c79 | 493 | { |
wolfSSL | 4:1b0d80432c79 | 494 | int ret; |
wolfSSL | 4:1b0d80432c79 | 495 | |
wolfSSL | 4:1b0d80432c79 | 496 | ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 4:1b0d80432c79 | 497 | ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, |
wolfSSL | 4:1b0d80432c79 | 498 | ssl->arrays->clientRandom, ssl->arrays->serverRandom, |
wolfSSL | 4:1b0d80432c79 | 499 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 4:1b0d80432c79 | 500 | |
wolfSSL | 4:1b0d80432c79 | 501 | if (ret == 0) { |
wolfSSL | 4:1b0d80432c79 | 502 | #ifdef SHOW_SECRETS |
wolfSSL | 4:1b0d80432c79 | 503 | int i; |
wolfSSL | 4:1b0d80432c79 | 504 | |
wolfSSL | 4:1b0d80432c79 | 505 | printf("master secret: "); |
wolfSSL | 4:1b0d80432c79 | 506 | for (i = 0; i < SECRET_LEN; i++) |
wolfSSL | 4:1b0d80432c79 | 507 | printf("%02x", ssl->arrays->masterSecret[i]); |
wolfSSL | 4:1b0d80432c79 | 508 | printf("\n"); |
wolfSSL | 4:1b0d80432c79 | 509 | #endif |
wolfSSL | 4:1b0d80432c79 | 510 | |
wolfSSL | 4:1b0d80432c79 | 511 | ret = DeriveTlsKeys(ssl); |
wolfSSL | 4:1b0d80432c79 | 512 | } |
wolfSSL | 4:1b0d80432c79 | 513 | |
wolfSSL | 4:1b0d80432c79 | 514 | return ret; |
wolfSSL | 4:1b0d80432c79 | 515 | } |
wolfSSL | 4:1b0d80432c79 | 516 | |
wolfSSL | 4:1b0d80432c79 | 517 | |
wolfSSL | 4:1b0d80432c79 | 518 | /* Used by EAP-TLS and EAP-TTLS to derive keying material from |
wolfSSL | 4:1b0d80432c79 | 519 | * the master_secret. */ |
wolfSSL | 4:1b0d80432c79 | 520 | int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len, |
wolfSSL | 4:1b0d80432c79 | 521 | const char* label) |
wolfSSL | 4:1b0d80432c79 | 522 | { |
wolfSSL | 4:1b0d80432c79 | 523 | int ret; |
wolfSSL | 4:1b0d80432c79 | 524 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 525 | byte* seed; |
wolfSSL | 4:1b0d80432c79 | 526 | #else |
wolfSSL | 4:1b0d80432c79 | 527 | byte seed[SEED_LEN]; |
wolfSSL | 4:1b0d80432c79 | 528 | #endif |
wolfSSL | 4:1b0d80432c79 | 529 | |
wolfSSL | 4:1b0d80432c79 | 530 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 531 | seed = (byte*)XMALLOC(SEED_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 532 | if (seed == NULL) |
wolfSSL | 4:1b0d80432c79 | 533 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 534 | #endif |
wolfSSL | 4:1b0d80432c79 | 535 | |
wolfSSL | 4:1b0d80432c79 | 536 | /* |
wolfSSL | 4:1b0d80432c79 | 537 | * As per RFC-5281, the order of the client and server randoms is reversed |
wolfSSL | 4:1b0d80432c79 | 538 | * from that used by the TLS protocol to derive keys. |
wolfSSL | 4:1b0d80432c79 | 539 | */ |
wolfSSL | 4:1b0d80432c79 | 540 | XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); |
wolfSSL | 4:1b0d80432c79 | 541 | XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN); |
wolfSSL | 4:1b0d80432c79 | 542 | |
wolfSSL | 4:1b0d80432c79 | 543 | ret = PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 4:1b0d80432c79 | 544 | (const byte *)label, (word32)strlen(label), seed, SEED_LEN, |
wolfSSL | 4:1b0d80432c79 | 545 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 4:1b0d80432c79 | 546 | |
wolfSSL | 4:1b0d80432c79 | 547 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 548 | XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 549 | #endif |
wolfSSL | 4:1b0d80432c79 | 550 | |
wolfSSL | 4:1b0d80432c79 | 551 | return ret; |
wolfSSL | 4:1b0d80432c79 | 552 | } |
wolfSSL | 4:1b0d80432c79 | 553 | |
wolfSSL | 4:1b0d80432c79 | 554 | |
wolfSSL | 4:1b0d80432c79 | 555 | /*** next for static INLINE s copied internal.c ***/ |
wolfSSL | 4:1b0d80432c79 | 556 | |
wolfSSL | 4:1b0d80432c79 | 557 | /* convert 16 bit integer to opaque */ |
wolfSSL | 4:1b0d80432c79 | 558 | static INLINE void c16toa(word16 u16, byte* c) |
wolfSSL | 4:1b0d80432c79 | 559 | { |
wolfSSL | 4:1b0d80432c79 | 560 | c[0] = (u16 >> 8) & 0xff; |
wolfSSL | 4:1b0d80432c79 | 561 | c[1] = u16 & 0xff; |
wolfSSL | 4:1b0d80432c79 | 562 | } |
wolfSSL | 4:1b0d80432c79 | 563 | |
wolfSSL | 4:1b0d80432c79 | 564 | #ifdef HAVE_TLS_EXTENSIONS |
wolfSSL | 4:1b0d80432c79 | 565 | /* convert opaque to 16 bit integer */ |
wolfSSL | 4:1b0d80432c79 | 566 | static INLINE void ato16(const byte* c, word16* u16) |
wolfSSL | 4:1b0d80432c79 | 567 | { |
wolfSSL | 4:1b0d80432c79 | 568 | *u16 = (c[0] << 8) | (c[1]); |
wolfSSL | 4:1b0d80432c79 | 569 | } |
wolfSSL | 4:1b0d80432c79 | 570 | |
wolfSSL | 4:1b0d80432c79 | 571 | #if defined(HAVE_SNI) && !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 4:1b0d80432c79 | 572 | /* convert a 24 bit integer into a 32 bit one */ |
wolfSSL | 4:1b0d80432c79 | 573 | static INLINE void c24to32(const word24 u24, word32* u32) |
wolfSSL | 4:1b0d80432c79 | 574 | { |
wolfSSL | 4:1b0d80432c79 | 575 | *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2]; |
wolfSSL | 4:1b0d80432c79 | 576 | } |
wolfSSL | 4:1b0d80432c79 | 577 | #endif |
wolfSSL | 4:1b0d80432c79 | 578 | #endif |
wolfSSL | 4:1b0d80432c79 | 579 | |
wolfSSL | 4:1b0d80432c79 | 580 | /* convert 32 bit integer to opaque */ |
wolfSSL | 4:1b0d80432c79 | 581 | static INLINE void c32toa(word32 u32, byte* c) |
wolfSSL | 4:1b0d80432c79 | 582 | { |
wolfSSL | 4:1b0d80432c79 | 583 | c[0] = (u32 >> 24) & 0xff; |
wolfSSL | 4:1b0d80432c79 | 584 | c[1] = (u32 >> 16) & 0xff; |
wolfSSL | 4:1b0d80432c79 | 585 | c[2] = (u32 >> 8) & 0xff; |
wolfSSL | 4:1b0d80432c79 | 586 | c[3] = u32 & 0xff; |
wolfSSL | 4:1b0d80432c79 | 587 | } |
wolfSSL | 4:1b0d80432c79 | 588 | |
wolfSSL | 4:1b0d80432c79 | 589 | |
wolfSSL | 4:1b0d80432c79 | 590 | static INLINE word32 GetSEQIncrement(WOLFSSL* ssl, int verify) |
wolfSSL | 4:1b0d80432c79 | 591 | { |
wolfSSL | 4:1b0d80432c79 | 592 | #ifdef WOLFSSL_DTLS |
wolfSSL | 4:1b0d80432c79 | 593 | if (ssl->options.dtls) { |
wolfSSL | 4:1b0d80432c79 | 594 | if (verify) |
wolfSSL | 4:1b0d80432c79 | 595 | return ssl->keys.dtls_state.curSeq; /* explicit from peer */ |
wolfSSL | 4:1b0d80432c79 | 596 | else |
wolfSSL | 4:1b0d80432c79 | 597 | return ssl->keys.dtls_sequence_number - 1; /* already incremented */ |
wolfSSL | 4:1b0d80432c79 | 598 | } |
wolfSSL | 4:1b0d80432c79 | 599 | #endif |
wolfSSL | 4:1b0d80432c79 | 600 | if (verify) |
wolfSSL | 4:1b0d80432c79 | 601 | return ssl->keys.peer_sequence_number++; |
wolfSSL | 4:1b0d80432c79 | 602 | else |
wolfSSL | 4:1b0d80432c79 | 603 | return ssl->keys.sequence_number++; |
wolfSSL | 4:1b0d80432c79 | 604 | } |
wolfSSL | 4:1b0d80432c79 | 605 | |
wolfSSL | 4:1b0d80432c79 | 606 | |
wolfSSL | 4:1b0d80432c79 | 607 | #ifdef WOLFSSL_DTLS |
wolfSSL | 4:1b0d80432c79 | 608 | |
wolfSSL | 4:1b0d80432c79 | 609 | static INLINE word32 GetEpoch(WOLFSSL* ssl, int verify) |
wolfSSL | 4:1b0d80432c79 | 610 | { |
wolfSSL | 4:1b0d80432c79 | 611 | if (verify) |
wolfSSL | 4:1b0d80432c79 | 612 | return ssl->keys.dtls_state.curEpoch; |
wolfSSL | 4:1b0d80432c79 | 613 | else |
wolfSSL | 4:1b0d80432c79 | 614 | return ssl->keys.dtls_epoch; |
wolfSSL | 4:1b0d80432c79 | 615 | } |
wolfSSL | 4:1b0d80432c79 | 616 | |
wolfSSL | 4:1b0d80432c79 | 617 | #endif /* WOLFSSL_DTLS */ |
wolfSSL | 4:1b0d80432c79 | 618 | |
wolfSSL | 4:1b0d80432c79 | 619 | |
wolfSSL | 4:1b0d80432c79 | 620 | /*** end copy ***/ |
wolfSSL | 4:1b0d80432c79 | 621 | |
wolfSSL | 4:1b0d80432c79 | 622 | |
wolfSSL | 4:1b0d80432c79 | 623 | /* return HMAC digest type in wolfSSL format */ |
wolfSSL | 4:1b0d80432c79 | 624 | int wolfSSL_GetHmacType(WOLFSSL* ssl) |
wolfSSL | 4:1b0d80432c79 | 625 | { |
wolfSSL | 4:1b0d80432c79 | 626 | if (ssl == NULL) |
wolfSSL | 4:1b0d80432c79 | 627 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 628 | |
wolfSSL | 4:1b0d80432c79 | 629 | switch (ssl->specs.mac_algorithm) { |
wolfSSL | 4:1b0d80432c79 | 630 | #ifndef NO_MD5 |
wolfSSL | 4:1b0d80432c79 | 631 | case md5_mac: |
wolfSSL | 4:1b0d80432c79 | 632 | { |
wolfSSL | 4:1b0d80432c79 | 633 | return MD5; |
wolfSSL | 4:1b0d80432c79 | 634 | } |
wolfSSL | 4:1b0d80432c79 | 635 | #endif |
wolfSSL | 4:1b0d80432c79 | 636 | #ifndef NO_SHA256 |
wolfSSL | 4:1b0d80432c79 | 637 | case sha256_mac: |
wolfSSL | 4:1b0d80432c79 | 638 | { |
wolfSSL | 4:1b0d80432c79 | 639 | return SHA256; |
wolfSSL | 4:1b0d80432c79 | 640 | } |
wolfSSL | 4:1b0d80432c79 | 641 | #endif |
wolfSSL | 4:1b0d80432c79 | 642 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 4:1b0d80432c79 | 643 | case sha384_mac: |
wolfSSL | 4:1b0d80432c79 | 644 | { |
wolfSSL | 4:1b0d80432c79 | 645 | return SHA384; |
wolfSSL | 4:1b0d80432c79 | 646 | } |
wolfSSL | 4:1b0d80432c79 | 647 | |
wolfSSL | 4:1b0d80432c79 | 648 | #endif |
wolfSSL | 4:1b0d80432c79 | 649 | #ifndef NO_SHA |
wolfSSL | 4:1b0d80432c79 | 650 | case sha_mac: |
wolfSSL | 4:1b0d80432c79 | 651 | { |
wolfSSL | 4:1b0d80432c79 | 652 | return SHA; |
wolfSSL | 4:1b0d80432c79 | 653 | } |
wolfSSL | 4:1b0d80432c79 | 654 | #endif |
wolfSSL | 4:1b0d80432c79 | 655 | #ifdef HAVE_BLAKE2 |
wolfSSL | 4:1b0d80432c79 | 656 | case blake2b_mac: |
wolfSSL | 4:1b0d80432c79 | 657 | { |
wolfSSL | 4:1b0d80432c79 | 658 | return BLAKE2B_ID; |
wolfSSL | 4:1b0d80432c79 | 659 | } |
wolfSSL | 4:1b0d80432c79 | 660 | #endif |
wolfSSL | 4:1b0d80432c79 | 661 | default: |
wolfSSL | 4:1b0d80432c79 | 662 | { |
wolfSSL | 4:1b0d80432c79 | 663 | return SSL_FATAL_ERROR; |
wolfSSL | 4:1b0d80432c79 | 664 | } |
wolfSSL | 4:1b0d80432c79 | 665 | } |
wolfSSL | 4:1b0d80432c79 | 666 | } |
wolfSSL | 4:1b0d80432c79 | 667 | |
wolfSSL | 4:1b0d80432c79 | 668 | |
wolfSSL | 4:1b0d80432c79 | 669 | int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, |
wolfSSL | 4:1b0d80432c79 | 670 | int verify) |
wolfSSL | 4:1b0d80432c79 | 671 | { |
wolfSSL | 4:1b0d80432c79 | 672 | if (ssl == NULL || inner == NULL) |
wolfSSL | 4:1b0d80432c79 | 673 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 674 | |
wolfSSL | 4:1b0d80432c79 | 675 | XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ); |
wolfSSL | 4:1b0d80432c79 | 676 | |
wolfSSL | 4:1b0d80432c79 | 677 | #ifdef WOLFSSL_DTLS |
wolfSSL | 4:1b0d80432c79 | 678 | if (ssl->options.dtls) |
wolfSSL | 4:1b0d80432c79 | 679 | c16toa((word16)GetEpoch(ssl, verify), inner); |
wolfSSL | 4:1b0d80432c79 | 680 | #endif |
wolfSSL | 4:1b0d80432c79 | 681 | c32toa(GetSEQIncrement(ssl, verify), &inner[sizeof(word32)]); |
wolfSSL | 4:1b0d80432c79 | 682 | inner[SEQ_SZ] = (byte)content; |
wolfSSL | 4:1b0d80432c79 | 683 | inner[SEQ_SZ + ENUM_LEN] = ssl->version.major; |
wolfSSL | 4:1b0d80432c79 | 684 | inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor; |
wolfSSL | 4:1b0d80432c79 | 685 | c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ); |
wolfSSL | 4:1b0d80432c79 | 686 | |
wolfSSL | 4:1b0d80432c79 | 687 | return 0; |
wolfSSL | 4:1b0d80432c79 | 688 | } |
wolfSSL | 4:1b0d80432c79 | 689 | |
wolfSSL | 4:1b0d80432c79 | 690 | |
wolfSSL | 4:1b0d80432c79 | 691 | /* TLS type HMAC */ |
wolfSSL | 4:1b0d80432c79 | 692 | int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, |
wolfSSL | 4:1b0d80432c79 | 693 | int content, int verify) |
wolfSSL | 4:1b0d80432c79 | 694 | { |
wolfSSL | 4:1b0d80432c79 | 695 | Hmac hmac; |
wolfSSL | 4:1b0d80432c79 | 696 | int ret; |
wolfSSL | 4:1b0d80432c79 | 697 | byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; |
wolfSSL | 4:1b0d80432c79 | 698 | |
wolfSSL | 4:1b0d80432c79 | 699 | if (ssl == NULL) |
wolfSSL | 4:1b0d80432c79 | 700 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 701 | |
wolfSSL | 4:1b0d80432c79 | 702 | #ifdef HAVE_FUZZER |
wolfSSL | 4:1b0d80432c79 | 703 | if (ssl->fuzzerCb) |
wolfSSL | 4:1b0d80432c79 | 704 | ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); |
wolfSSL | 4:1b0d80432c79 | 705 | #endif |
wolfSSL | 4:1b0d80432c79 | 706 | |
wolfSSL | 4:1b0d80432c79 | 707 | wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); |
wolfSSL | 4:1b0d80432c79 | 708 | |
wolfSSL | 4:1b0d80432c79 | 709 | ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), |
wolfSSL | 4:1b0d80432c79 | 710 | wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); |
wolfSSL | 4:1b0d80432c79 | 711 | if (ret != 0) |
wolfSSL | 4:1b0d80432c79 | 712 | return ret; |
wolfSSL | 4:1b0d80432c79 | 713 | ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); |
wolfSSL | 4:1b0d80432c79 | 714 | if (ret != 0) |
wolfSSL | 4:1b0d80432c79 | 715 | return ret; |
wolfSSL | 4:1b0d80432c79 | 716 | ret = wc_HmacUpdate(&hmac, in, sz); /* content */ |
wolfSSL | 4:1b0d80432c79 | 717 | if (ret != 0) |
wolfSSL | 4:1b0d80432c79 | 718 | return ret; |
wolfSSL | 4:1b0d80432c79 | 719 | ret = wc_HmacFinal(&hmac, digest); |
wolfSSL | 4:1b0d80432c79 | 720 | if (ret != 0) |
wolfSSL | 4:1b0d80432c79 | 721 | return ret; |
wolfSSL | 4:1b0d80432c79 | 722 | |
wolfSSL | 4:1b0d80432c79 | 723 | return 0; |
wolfSSL | 4:1b0d80432c79 | 724 | } |
wolfSSL | 4:1b0d80432c79 | 725 | |
wolfSSL | 4:1b0d80432c79 | 726 | #ifdef HAVE_TLS_EXTENSIONS |
wolfSSL | 4:1b0d80432c79 | 727 | |
wolfSSL | 4:1b0d80432c79 | 728 | /** |
wolfSSL | 4:1b0d80432c79 | 729 | * The TLSX semaphore is used to calculate the size of the extensions to be sent |
wolfSSL | 4:1b0d80432c79 | 730 | * from one peer to another. |
wolfSSL | 4:1b0d80432c79 | 731 | */ |
wolfSSL | 4:1b0d80432c79 | 732 | |
wolfSSL | 4:1b0d80432c79 | 733 | /** Supports up to 64 flags. Increase as needed. */ |
wolfSSL | 4:1b0d80432c79 | 734 | #define SEMAPHORE_SIZE 8 |
wolfSSL | 4:1b0d80432c79 | 735 | |
wolfSSL | 4:1b0d80432c79 | 736 | /** |
wolfSSL | 4:1b0d80432c79 | 737 | * Converts the extension type (id) to an index in the semaphore. |
wolfSSL | 4:1b0d80432c79 | 738 | * |
wolfSSL | 4:1b0d80432c79 | 739 | * Oficial reference for TLS extension types: |
wolfSSL | 4:1b0d80432c79 | 740 | * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml |
wolfSSL | 4:1b0d80432c79 | 741 | * |
wolfSSL | 4:1b0d80432c79 | 742 | * Motivation: |
wolfSSL | 4:1b0d80432c79 | 743 | * Previously, we used the extension type itself as the index of that |
wolfSSL | 4:1b0d80432c79 | 744 | * extension in the semaphore as the extension types were declared |
wolfSSL | 4:1b0d80432c79 | 745 | * sequentially, but maintain a semaphore as big as the number of available |
wolfSSL | 4:1b0d80432c79 | 746 | * extensions is no longer an option since the release of renegotiation_info. |
wolfSSL | 4:1b0d80432c79 | 747 | * |
wolfSSL | 4:1b0d80432c79 | 748 | * How to update: |
wolfSSL | 4:1b0d80432c79 | 749 | * Assign extension types that extrapolate the number of available semaphores |
wolfSSL | 4:1b0d80432c79 | 750 | * to the first available index going backwards in the semaphore array. |
wolfSSL | 4:1b0d80432c79 | 751 | * When adding a new extension type that don't extrapolate the number of |
wolfSSL | 4:1b0d80432c79 | 752 | * available semaphores, check for a possible collision with with a |
wolfSSL | 4:1b0d80432c79 | 753 | * 'remapped' extension type. |
wolfSSL | 4:1b0d80432c79 | 754 | */ |
wolfSSL | 4:1b0d80432c79 | 755 | static INLINE word16 TLSX_ToSemaphore(word16 type) |
wolfSSL | 4:1b0d80432c79 | 756 | { |
wolfSSL | 4:1b0d80432c79 | 757 | switch (type) { |
wolfSSL | 4:1b0d80432c79 | 758 | |
wolfSSL | 4:1b0d80432c79 | 759 | case TLSX_RENEGOTIATION_INFO: /* 0xFF01 */ |
wolfSSL | 4:1b0d80432c79 | 760 | return 63; |
wolfSSL | 4:1b0d80432c79 | 761 | |
wolfSSL | 4:1b0d80432c79 | 762 | default: |
wolfSSL | 4:1b0d80432c79 | 763 | if (type > 62) { |
wolfSSL | 4:1b0d80432c79 | 764 | /* This message SHOULD only happens during the adding of |
wolfSSL | 4:1b0d80432c79 | 765 | new TLS extensions in which its IANA number overflows |
wolfSSL | 4:1b0d80432c79 | 766 | the current semaphore's range, or if its number already |
wolfSSL | 4:1b0d80432c79 | 767 | is assigned to be used by another extension. |
wolfSSL | 4:1b0d80432c79 | 768 | Use this check value for the new extension and decrement |
wolfSSL | 4:1b0d80432c79 | 769 | the check value by one. */ |
wolfSSL | 4:1b0d80432c79 | 770 | WOLFSSL_MSG("### TLSX semaphore colision or overflow detected!"); |
wolfSSL | 4:1b0d80432c79 | 771 | } |
wolfSSL | 4:1b0d80432c79 | 772 | } |
wolfSSL | 4:1b0d80432c79 | 773 | |
wolfSSL | 4:1b0d80432c79 | 774 | return type; |
wolfSSL | 4:1b0d80432c79 | 775 | } |
wolfSSL | 4:1b0d80432c79 | 776 | |
wolfSSL | 4:1b0d80432c79 | 777 | /** Checks if a specific light (tls extension) is not set in the semaphore. */ |
wolfSSL | 4:1b0d80432c79 | 778 | #define IS_OFF(semaphore, light) \ |
wolfSSL | 4:1b0d80432c79 | 779 | ((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8))) |
wolfSSL | 4:1b0d80432c79 | 780 | |
wolfSSL | 4:1b0d80432c79 | 781 | /** Turn on a specific light (tls extension) in the semaphore. */ |
wolfSSL | 4:1b0d80432c79 | 782 | #define TURN_ON(semaphore, light) \ |
wolfSSL | 4:1b0d80432c79 | 783 | ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8))) |
wolfSSL | 4:1b0d80432c79 | 784 | |
wolfSSL | 4:1b0d80432c79 | 785 | /** Creates a new extension. */ |
wolfSSL | 4:1b0d80432c79 | 786 | static TLSX* TLSX_New(TLSX_Type type, void* data) |
wolfSSL | 4:1b0d80432c79 | 787 | { |
wolfSSL | 4:1b0d80432c79 | 788 | TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 789 | |
wolfSSL | 4:1b0d80432c79 | 790 | if (extension) { |
wolfSSL | 4:1b0d80432c79 | 791 | extension->type = type; |
wolfSSL | 4:1b0d80432c79 | 792 | extension->data = data; |
wolfSSL | 4:1b0d80432c79 | 793 | extension->resp = 0; |
wolfSSL | 4:1b0d80432c79 | 794 | extension->next = NULL; |
wolfSSL | 4:1b0d80432c79 | 795 | } |
wolfSSL | 4:1b0d80432c79 | 796 | |
wolfSSL | 4:1b0d80432c79 | 797 | return extension; |
wolfSSL | 4:1b0d80432c79 | 798 | } |
wolfSSL | 4:1b0d80432c79 | 799 | |
wolfSSL | 4:1b0d80432c79 | 800 | /** |
wolfSSL | 4:1b0d80432c79 | 801 | * Creates a new extension and pushes it to the provided list. |
wolfSSL | 4:1b0d80432c79 | 802 | * Checks for duplicate extensions, keeps the newest. |
wolfSSL | 4:1b0d80432c79 | 803 | */ |
wolfSSL | 4:1b0d80432c79 | 804 | static int TLSX_Push(TLSX** list, TLSX_Type type, void* data) |
wolfSSL | 4:1b0d80432c79 | 805 | { |
wolfSSL | 4:1b0d80432c79 | 806 | TLSX* extension = TLSX_New(type, data); |
wolfSSL | 4:1b0d80432c79 | 807 | |
wolfSSL | 4:1b0d80432c79 | 808 | if (extension == NULL) |
wolfSSL | 4:1b0d80432c79 | 809 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 810 | |
wolfSSL | 4:1b0d80432c79 | 811 | /* pushes the new extension on the list. */ |
wolfSSL | 4:1b0d80432c79 | 812 | extension->next = *list; |
wolfSSL | 4:1b0d80432c79 | 813 | *list = extension; |
wolfSSL | 4:1b0d80432c79 | 814 | |
wolfSSL | 4:1b0d80432c79 | 815 | /* remove duplicate extensions, there should be only one of each type. */ |
wolfSSL | 4:1b0d80432c79 | 816 | do { |
wolfSSL | 4:1b0d80432c79 | 817 | if (extension->next && extension->next->type == type) { |
wolfSSL | 4:1b0d80432c79 | 818 | TLSX *next = extension->next; |
wolfSSL | 4:1b0d80432c79 | 819 | |
wolfSSL | 4:1b0d80432c79 | 820 | extension->next = next->next; |
wolfSSL | 4:1b0d80432c79 | 821 | next->next = NULL; |
wolfSSL | 4:1b0d80432c79 | 822 | |
wolfSSL | 4:1b0d80432c79 | 823 | TLSX_FreeAll(next); |
wolfSSL | 4:1b0d80432c79 | 824 | |
wolfSSL | 4:1b0d80432c79 | 825 | /* there is no way to occur more than */ |
wolfSSL | 4:1b0d80432c79 | 826 | /* two extensions of the same type. */ |
wolfSSL | 4:1b0d80432c79 | 827 | break; |
wolfSSL | 4:1b0d80432c79 | 828 | } |
wolfSSL | 4:1b0d80432c79 | 829 | } while ((extension = extension->next)); |
wolfSSL | 4:1b0d80432c79 | 830 | |
wolfSSL | 4:1b0d80432c79 | 831 | return 0; |
wolfSSL | 4:1b0d80432c79 | 832 | } |
wolfSSL | 4:1b0d80432c79 | 833 | |
wolfSSL | 4:1b0d80432c79 | 834 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 835 | |
wolfSSL | 4:1b0d80432c79 | 836 | /** Mark an extension to be sent back to the client. */ |
wolfSSL | 4:1b0d80432c79 | 837 | void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type); |
wolfSSL | 4:1b0d80432c79 | 838 | |
wolfSSL | 4:1b0d80432c79 | 839 | void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type) |
wolfSSL | 4:1b0d80432c79 | 840 | { |
wolfSSL | 4:1b0d80432c79 | 841 | TLSX *ext = TLSX_Find(ssl->extensions, type); |
wolfSSL | 4:1b0d80432c79 | 842 | |
wolfSSL | 4:1b0d80432c79 | 843 | if (ext) |
wolfSSL | 4:1b0d80432c79 | 844 | ext->resp = 1; |
wolfSSL | 4:1b0d80432c79 | 845 | } |
wolfSSL | 4:1b0d80432c79 | 846 | |
wolfSSL | 4:1b0d80432c79 | 847 | #endif |
wolfSSL | 4:1b0d80432c79 | 848 | |
wolfSSL | 4:1b0d80432c79 | 849 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 850 | /* Application-Layer Protocol Negotiation */ |
wolfSSL | 4:1b0d80432c79 | 851 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 852 | |
wolfSSL | 4:1b0d80432c79 | 853 | #ifdef HAVE_ALPN |
wolfSSL | 4:1b0d80432c79 | 854 | /** Creates a new ALPN object, providing protocol name to use. */ |
wolfSSL | 4:1b0d80432c79 | 855 | static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz) |
wolfSSL | 4:1b0d80432c79 | 856 | { |
wolfSSL | 4:1b0d80432c79 | 857 | ALPN *alpn; |
wolfSSL | 4:1b0d80432c79 | 858 | |
wolfSSL | 4:1b0d80432c79 | 859 | WOLFSSL_ENTER("TLSX_ALPN_New"); |
wolfSSL | 4:1b0d80432c79 | 860 | |
wolfSSL | 4:1b0d80432c79 | 861 | if (protocol_name == NULL || |
wolfSSL | 4:1b0d80432c79 | 862 | protocol_nameSz > WOLFSSL_MAX_ALPN_PROTO_NAME_LEN) { |
wolfSSL | 4:1b0d80432c79 | 863 | WOLFSSL_MSG("Invalid arguments"); |
wolfSSL | 4:1b0d80432c79 | 864 | return NULL; |
wolfSSL | 4:1b0d80432c79 | 865 | } |
wolfSSL | 4:1b0d80432c79 | 866 | |
wolfSSL | 4:1b0d80432c79 | 867 | alpn = (ALPN*)XMALLOC(sizeof(ALPN), 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 868 | if (alpn == NULL) { |
wolfSSL | 4:1b0d80432c79 | 869 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 4:1b0d80432c79 | 870 | return NULL; |
wolfSSL | 4:1b0d80432c79 | 871 | } |
wolfSSL | 4:1b0d80432c79 | 872 | |
wolfSSL | 4:1b0d80432c79 | 873 | alpn->next = NULL; |
wolfSSL | 4:1b0d80432c79 | 874 | alpn->negotiated = 0; |
wolfSSL | 4:1b0d80432c79 | 875 | alpn->options = 0; |
wolfSSL | 4:1b0d80432c79 | 876 | |
wolfSSL | 4:1b0d80432c79 | 877 | alpn->protocol_name = XMALLOC(protocol_nameSz + 1, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 878 | if (alpn->protocol_name == NULL) { |
wolfSSL | 4:1b0d80432c79 | 879 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 4:1b0d80432c79 | 880 | XFREE(alpn, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 881 | return NULL; |
wolfSSL | 4:1b0d80432c79 | 882 | } |
wolfSSL | 4:1b0d80432c79 | 883 | |
wolfSSL | 4:1b0d80432c79 | 884 | XMEMCPY(alpn->protocol_name, protocol_name, protocol_nameSz); |
wolfSSL | 4:1b0d80432c79 | 885 | alpn->protocol_name[protocol_nameSz] = 0; |
wolfSSL | 4:1b0d80432c79 | 886 | |
wolfSSL | 4:1b0d80432c79 | 887 | return alpn; |
wolfSSL | 4:1b0d80432c79 | 888 | } |
wolfSSL | 4:1b0d80432c79 | 889 | |
wolfSSL | 4:1b0d80432c79 | 890 | /** Releases an ALPN object. */ |
wolfSSL | 4:1b0d80432c79 | 891 | static void TLSX_ALPN_Free(ALPN *alpn) |
wolfSSL | 4:1b0d80432c79 | 892 | { |
wolfSSL | 4:1b0d80432c79 | 893 | if (alpn == NULL) |
wolfSSL | 4:1b0d80432c79 | 894 | return; |
wolfSSL | 4:1b0d80432c79 | 895 | |
wolfSSL | 4:1b0d80432c79 | 896 | XFREE(alpn->protocol_name, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 897 | XFREE(alpn, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 898 | } |
wolfSSL | 4:1b0d80432c79 | 899 | |
wolfSSL | 4:1b0d80432c79 | 900 | /** Releases all ALPN objects in the provided list. */ |
wolfSSL | 4:1b0d80432c79 | 901 | static void TLSX_ALPN_FreeAll(ALPN *list) |
wolfSSL | 4:1b0d80432c79 | 902 | { |
wolfSSL | 4:1b0d80432c79 | 903 | ALPN* alpn; |
wolfSSL | 4:1b0d80432c79 | 904 | |
wolfSSL | 4:1b0d80432c79 | 905 | while ((alpn = list)) { |
wolfSSL | 4:1b0d80432c79 | 906 | list = alpn->next; |
wolfSSL | 4:1b0d80432c79 | 907 | TLSX_ALPN_Free(alpn); |
wolfSSL | 4:1b0d80432c79 | 908 | } |
wolfSSL | 4:1b0d80432c79 | 909 | } |
wolfSSL | 4:1b0d80432c79 | 910 | |
wolfSSL | 4:1b0d80432c79 | 911 | /** Tells the buffered size of the ALPN objects in a list. */ |
wolfSSL | 4:1b0d80432c79 | 912 | static word16 TLSX_ALPN_GetSize(ALPN *list) |
wolfSSL | 4:1b0d80432c79 | 913 | { |
wolfSSL | 4:1b0d80432c79 | 914 | ALPN* alpn; |
wolfSSL | 4:1b0d80432c79 | 915 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 4:1b0d80432c79 | 916 | |
wolfSSL | 4:1b0d80432c79 | 917 | while ((alpn = list)) { |
wolfSSL | 4:1b0d80432c79 | 918 | list = alpn->next; |
wolfSSL | 4:1b0d80432c79 | 919 | |
wolfSSL | 4:1b0d80432c79 | 920 | length++; /* protocol name length is on one byte */ |
wolfSSL | 4:1b0d80432c79 | 921 | length += (word16)XSTRLEN(alpn->protocol_name); |
wolfSSL | 4:1b0d80432c79 | 922 | } |
wolfSSL | 4:1b0d80432c79 | 923 | |
wolfSSL | 4:1b0d80432c79 | 924 | return length; |
wolfSSL | 4:1b0d80432c79 | 925 | } |
wolfSSL | 4:1b0d80432c79 | 926 | |
wolfSSL | 4:1b0d80432c79 | 927 | /** Writes the ALPN objects of a list in a buffer. */ |
wolfSSL | 4:1b0d80432c79 | 928 | static word16 TLSX_ALPN_Write(ALPN *list, byte *output) |
wolfSSL | 4:1b0d80432c79 | 929 | { |
wolfSSL | 4:1b0d80432c79 | 930 | ALPN* alpn; |
wolfSSL | 4:1b0d80432c79 | 931 | word16 length = 0; |
wolfSSL | 4:1b0d80432c79 | 932 | word16 offset = OPAQUE16_LEN; /* list length offset */ |
wolfSSL | 4:1b0d80432c79 | 933 | |
wolfSSL | 4:1b0d80432c79 | 934 | while ((alpn = list)) { |
wolfSSL | 4:1b0d80432c79 | 935 | list = alpn->next; |
wolfSSL | 4:1b0d80432c79 | 936 | |
wolfSSL | 4:1b0d80432c79 | 937 | length = (word16)XSTRLEN(alpn->protocol_name); |
wolfSSL | 4:1b0d80432c79 | 938 | |
wolfSSL | 4:1b0d80432c79 | 939 | /* protocol name length */ |
wolfSSL | 4:1b0d80432c79 | 940 | output[offset++] = (byte)length; |
wolfSSL | 4:1b0d80432c79 | 941 | |
wolfSSL | 4:1b0d80432c79 | 942 | /* protocol name value */ |
wolfSSL | 4:1b0d80432c79 | 943 | XMEMCPY(output + offset, alpn->protocol_name, length); |
wolfSSL | 4:1b0d80432c79 | 944 | |
wolfSSL | 4:1b0d80432c79 | 945 | offset += length; |
wolfSSL | 4:1b0d80432c79 | 946 | } |
wolfSSL | 4:1b0d80432c79 | 947 | |
wolfSSL | 4:1b0d80432c79 | 948 | /* writing list length */ |
wolfSSL | 4:1b0d80432c79 | 949 | c16toa(offset - OPAQUE16_LEN, output); |
wolfSSL | 4:1b0d80432c79 | 950 | |
wolfSSL | 4:1b0d80432c79 | 951 | return offset; |
wolfSSL | 4:1b0d80432c79 | 952 | } |
wolfSSL | 4:1b0d80432c79 | 953 | |
wolfSSL | 4:1b0d80432c79 | 954 | /** Finds a protocol name in the provided ALPN list */ |
wolfSSL | 4:1b0d80432c79 | 955 | static ALPN* TLSX_ALPN_Find(ALPN *list, char *protocol_name, word16 size) |
wolfSSL | 4:1b0d80432c79 | 956 | { |
wolfSSL | 4:1b0d80432c79 | 957 | ALPN *alpn; |
wolfSSL | 4:1b0d80432c79 | 958 | |
wolfSSL | 4:1b0d80432c79 | 959 | if (list == NULL || protocol_name == NULL) |
wolfSSL | 4:1b0d80432c79 | 960 | return NULL; |
wolfSSL | 4:1b0d80432c79 | 961 | |
wolfSSL | 4:1b0d80432c79 | 962 | alpn = list; |
wolfSSL | 4:1b0d80432c79 | 963 | while (alpn != NULL && ( |
wolfSSL | 4:1b0d80432c79 | 964 | (word16)XSTRLEN(alpn->protocol_name) != size || |
wolfSSL | 4:1b0d80432c79 | 965 | XSTRNCMP(alpn->protocol_name, protocol_name, size))) |
wolfSSL | 4:1b0d80432c79 | 966 | alpn = alpn->next; |
wolfSSL | 4:1b0d80432c79 | 967 | |
wolfSSL | 4:1b0d80432c79 | 968 | return alpn; |
wolfSSL | 4:1b0d80432c79 | 969 | } |
wolfSSL | 4:1b0d80432c79 | 970 | |
wolfSSL | 4:1b0d80432c79 | 971 | /** Set the ALPN matching client and server requirements */ |
wolfSSL | 4:1b0d80432c79 | 972 | static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size) |
wolfSSL | 4:1b0d80432c79 | 973 | { |
wolfSSL | 4:1b0d80432c79 | 974 | ALPN *alpn; |
wolfSSL | 4:1b0d80432c79 | 975 | int ret; |
wolfSSL | 4:1b0d80432c79 | 976 | |
wolfSSL | 4:1b0d80432c79 | 977 | if (extensions == NULL || data == NULL) |
wolfSSL | 4:1b0d80432c79 | 978 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 979 | |
wolfSSL | 4:1b0d80432c79 | 980 | alpn = TLSX_ALPN_New((char *)data, size); |
wolfSSL | 4:1b0d80432c79 | 981 | if (alpn == NULL) { |
wolfSSL | 4:1b0d80432c79 | 982 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 4:1b0d80432c79 | 983 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 984 | } |
wolfSSL | 4:1b0d80432c79 | 985 | |
wolfSSL | 4:1b0d80432c79 | 986 | alpn->negotiated = 1; |
wolfSSL | 4:1b0d80432c79 | 987 | |
wolfSSL | 4:1b0d80432c79 | 988 | ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn); |
wolfSSL | 4:1b0d80432c79 | 989 | if (ret != 0) { |
wolfSSL | 4:1b0d80432c79 | 990 | TLSX_ALPN_Free(alpn); |
wolfSSL | 4:1b0d80432c79 | 991 | return ret; |
wolfSSL | 4:1b0d80432c79 | 992 | } |
wolfSSL | 4:1b0d80432c79 | 993 | |
wolfSSL | 4:1b0d80432c79 | 994 | return SSL_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 995 | } |
wolfSSL | 4:1b0d80432c79 | 996 | |
wolfSSL | 4:1b0d80432c79 | 997 | /** Parses a buffer of ALPN extensions and set the first one matching |
wolfSSL | 4:1b0d80432c79 | 998 | * client and server requirements */ |
wolfSSL | 4:1b0d80432c79 | 999 | static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length, |
wolfSSL | 4:1b0d80432c79 | 1000 | byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 1001 | { |
wolfSSL | 4:1b0d80432c79 | 1002 | word16 size = 0, offset = 0, idx = 0; |
wolfSSL | 4:1b0d80432c79 | 1003 | int r = BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1004 | byte match = 0; |
wolfSSL | 4:1b0d80432c79 | 1005 | TLSX *extension; |
wolfSSL | 4:1b0d80432c79 | 1006 | ALPN *alpn = NULL, *list; |
wolfSSL | 4:1b0d80432c79 | 1007 | |
wolfSSL | 4:1b0d80432c79 | 1008 | extension = TLSX_Find(ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 4:1b0d80432c79 | 1009 | if (extension == NULL) |
wolfSSL | 4:1b0d80432c79 | 1010 | extension = TLSX_Find(ssl->ctx->extensions, |
wolfSSL | 4:1b0d80432c79 | 1011 | TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 4:1b0d80432c79 | 1012 | |
wolfSSL | 4:1b0d80432c79 | 1013 | if (extension == NULL || extension->data == NULL) { |
wolfSSL | 4:1b0d80432c79 | 1014 | WOLFSSL_MSG("No ALPN extensions not used or bad"); |
wolfSSL | 4:1b0d80432c79 | 1015 | return isRequest ? 0 /* not using ALPN */ |
wolfSSL | 4:1b0d80432c79 | 1016 | : BUFFER_ERROR; /* unexpected ALPN response */ |
wolfSSL | 4:1b0d80432c79 | 1017 | } |
wolfSSL | 4:1b0d80432c79 | 1018 | |
wolfSSL | 4:1b0d80432c79 | 1019 | if (OPAQUE16_LEN > length) |
wolfSSL | 4:1b0d80432c79 | 1020 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1021 | |
wolfSSL | 4:1b0d80432c79 | 1022 | ato16(input, &size); |
wolfSSL | 4:1b0d80432c79 | 1023 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1024 | |
wolfSSL | 4:1b0d80432c79 | 1025 | /* validating alpn list length */ |
wolfSSL | 4:1b0d80432c79 | 1026 | if (length != OPAQUE16_LEN + size) |
wolfSSL | 4:1b0d80432c79 | 1027 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1028 | |
wolfSSL | 4:1b0d80432c79 | 1029 | list = (ALPN*)extension->data; |
wolfSSL | 4:1b0d80432c79 | 1030 | |
wolfSSL | 4:1b0d80432c79 | 1031 | /* keep the list sent by client */ |
wolfSSL | 4:1b0d80432c79 | 1032 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 1033 | if (ssl->alpn_client_list != NULL) |
wolfSSL | 4:1b0d80432c79 | 1034 | XFREE(ssl->alpn_client_list, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 1035 | |
wolfSSL | 4:1b0d80432c79 | 1036 | ssl->alpn_client_list = (char *)XMALLOC(size, NULL, |
wolfSSL | 4:1b0d80432c79 | 1037 | DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 1038 | if (ssl->alpn_client_list == NULL) |
wolfSSL | 4:1b0d80432c79 | 1039 | return MEMORY_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1040 | } |
wolfSSL | 4:1b0d80432c79 | 1041 | |
wolfSSL | 4:1b0d80432c79 | 1042 | for (size = 0; offset < length; offset += size) { |
wolfSSL | 4:1b0d80432c79 | 1043 | |
wolfSSL | 4:1b0d80432c79 | 1044 | size = input[offset++]; |
wolfSSL | 4:1b0d80432c79 | 1045 | if (offset + size > length) |
wolfSSL | 4:1b0d80432c79 | 1046 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1047 | |
wolfSSL | 4:1b0d80432c79 | 1048 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 1049 | XMEMCPY(ssl->alpn_client_list+idx, (char*)input + offset, size); |
wolfSSL | 4:1b0d80432c79 | 1050 | idx += size; |
wolfSSL | 4:1b0d80432c79 | 1051 | ssl->alpn_client_list[idx++] = ','; |
wolfSSL | 4:1b0d80432c79 | 1052 | } |
wolfSSL | 4:1b0d80432c79 | 1053 | |
wolfSSL | 4:1b0d80432c79 | 1054 | if (!match) { |
wolfSSL | 4:1b0d80432c79 | 1055 | alpn = TLSX_ALPN_Find(list, (char*)input + offset, size); |
wolfSSL | 4:1b0d80432c79 | 1056 | if (alpn != NULL) { |
wolfSSL | 4:1b0d80432c79 | 1057 | WOLFSSL_MSG("ALPN protocol match"); |
wolfSSL | 4:1b0d80432c79 | 1058 | match = 1; |
wolfSSL | 4:1b0d80432c79 | 1059 | |
wolfSSL | 4:1b0d80432c79 | 1060 | /* skip reading other values if not required */ |
wolfSSL | 4:1b0d80432c79 | 1061 | if (!isRequest) |
wolfSSL | 4:1b0d80432c79 | 1062 | break; |
wolfSSL | 4:1b0d80432c79 | 1063 | } |
wolfSSL | 4:1b0d80432c79 | 1064 | } |
wolfSSL | 4:1b0d80432c79 | 1065 | } |
wolfSSL | 4:1b0d80432c79 | 1066 | |
wolfSSL | 4:1b0d80432c79 | 1067 | if (isRequest) |
wolfSSL | 4:1b0d80432c79 | 1068 | ssl->alpn_client_list[idx-1] = 0; |
wolfSSL | 4:1b0d80432c79 | 1069 | |
wolfSSL | 4:1b0d80432c79 | 1070 | if (!match) { |
wolfSSL | 4:1b0d80432c79 | 1071 | WOLFSSL_MSG("No ALPN protocol match"); |
wolfSSL | 4:1b0d80432c79 | 1072 | |
wolfSSL | 4:1b0d80432c79 | 1073 | /* do nothing if no protocol match between client and server and option |
wolfSSL | 4:1b0d80432c79 | 1074 | is set to continue (like OpenSSL) */ |
wolfSSL | 4:1b0d80432c79 | 1075 | if (list->options & WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) { |
wolfSSL | 4:1b0d80432c79 | 1076 | WOLFSSL_MSG("Continue on mismatch"); |
wolfSSL | 4:1b0d80432c79 | 1077 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1078 | } |
wolfSSL | 4:1b0d80432c79 | 1079 | |
wolfSSL | 4:1b0d80432c79 | 1080 | SendAlert(ssl, alert_fatal, no_application_protocol); |
wolfSSL | 4:1b0d80432c79 | 1081 | return UNKNOWN_ALPN_PROTOCOL_NAME_E; |
wolfSSL | 4:1b0d80432c79 | 1082 | } |
wolfSSL | 4:1b0d80432c79 | 1083 | |
wolfSSL | 4:1b0d80432c79 | 1084 | /* set the matching negotiated protocol */ |
wolfSSL | 4:1b0d80432c79 | 1085 | r = TLSX_SetALPN(&ssl->extensions, |
wolfSSL | 4:1b0d80432c79 | 1086 | alpn->protocol_name, |
wolfSSL | 4:1b0d80432c79 | 1087 | (word16)XSTRLEN(alpn->protocol_name)); |
wolfSSL | 4:1b0d80432c79 | 1088 | if (r != SSL_SUCCESS) { |
wolfSSL | 4:1b0d80432c79 | 1089 | WOLFSSL_MSG("TLSX_UseALPN failed"); |
wolfSSL | 4:1b0d80432c79 | 1090 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1091 | } |
wolfSSL | 4:1b0d80432c79 | 1092 | |
wolfSSL | 4:1b0d80432c79 | 1093 | /* reply to ALPN extension sent from client */ |
wolfSSL | 4:1b0d80432c79 | 1094 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 1095 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 1096 | TLSX_SetResponse(ssl, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 4:1b0d80432c79 | 1097 | #endif |
wolfSSL | 4:1b0d80432c79 | 1098 | } |
wolfSSL | 4:1b0d80432c79 | 1099 | |
wolfSSL | 4:1b0d80432c79 | 1100 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1101 | } |
wolfSSL | 4:1b0d80432c79 | 1102 | |
wolfSSL | 4:1b0d80432c79 | 1103 | /** Add a protocol name to the list of accepted usable ones */ |
wolfSSL | 4:1b0d80432c79 | 1104 | int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options) |
wolfSSL | 4:1b0d80432c79 | 1105 | { |
wolfSSL | 4:1b0d80432c79 | 1106 | ALPN *alpn; |
wolfSSL | 4:1b0d80432c79 | 1107 | TLSX *extension; |
wolfSSL | 4:1b0d80432c79 | 1108 | int ret; |
wolfSSL | 4:1b0d80432c79 | 1109 | |
wolfSSL | 4:1b0d80432c79 | 1110 | if (extensions == NULL || data == NULL) |
wolfSSL | 4:1b0d80432c79 | 1111 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 1112 | |
wolfSSL | 4:1b0d80432c79 | 1113 | alpn = TLSX_ALPN_New((char *)data, size); |
wolfSSL | 4:1b0d80432c79 | 1114 | if (alpn == NULL) { |
wolfSSL | 4:1b0d80432c79 | 1115 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 4:1b0d80432c79 | 1116 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 1117 | } |
wolfSSL | 4:1b0d80432c79 | 1118 | |
wolfSSL | 4:1b0d80432c79 | 1119 | /* Set Options of ALPN */ |
wolfSSL | 4:1b0d80432c79 | 1120 | alpn->options = options; |
wolfSSL | 4:1b0d80432c79 | 1121 | |
wolfSSL | 4:1b0d80432c79 | 1122 | extension = TLSX_Find(*extensions, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 4:1b0d80432c79 | 1123 | if (extension == NULL) { |
wolfSSL | 4:1b0d80432c79 | 1124 | ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, |
wolfSSL | 4:1b0d80432c79 | 1125 | (void*)alpn); |
wolfSSL | 4:1b0d80432c79 | 1126 | if (ret != 0) { |
wolfSSL | 4:1b0d80432c79 | 1127 | TLSX_ALPN_Free(alpn); |
wolfSSL | 4:1b0d80432c79 | 1128 | return ret; |
wolfSSL | 4:1b0d80432c79 | 1129 | } |
wolfSSL | 4:1b0d80432c79 | 1130 | } |
wolfSSL | 4:1b0d80432c79 | 1131 | else { |
wolfSSL | 4:1b0d80432c79 | 1132 | /* push new ALPN object to extension data. */ |
wolfSSL | 4:1b0d80432c79 | 1133 | alpn->next = (ALPN*)extension->data; |
wolfSSL | 4:1b0d80432c79 | 1134 | extension->data = (void*)alpn; |
wolfSSL | 4:1b0d80432c79 | 1135 | } |
wolfSSL | 4:1b0d80432c79 | 1136 | |
wolfSSL | 4:1b0d80432c79 | 1137 | return SSL_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 1138 | } |
wolfSSL | 4:1b0d80432c79 | 1139 | |
wolfSSL | 4:1b0d80432c79 | 1140 | /** Get the protocol name set by the server */ |
wolfSSL | 4:1b0d80432c79 | 1141 | int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz) |
wolfSSL | 4:1b0d80432c79 | 1142 | { |
wolfSSL | 4:1b0d80432c79 | 1143 | TLSX *extension; |
wolfSSL | 4:1b0d80432c79 | 1144 | ALPN *alpn; |
wolfSSL | 4:1b0d80432c79 | 1145 | |
wolfSSL | 4:1b0d80432c79 | 1146 | if (extensions == NULL || data == NULL || dataSz == NULL) |
wolfSSL | 4:1b0d80432c79 | 1147 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 1148 | |
wolfSSL | 4:1b0d80432c79 | 1149 | extension = TLSX_Find(extensions, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 4:1b0d80432c79 | 1150 | if (extension == NULL) { |
wolfSSL | 4:1b0d80432c79 | 1151 | WOLFSSL_MSG("TLS extension not found"); |
wolfSSL | 4:1b0d80432c79 | 1152 | return SSL_ALPN_NOT_FOUND; |
wolfSSL | 4:1b0d80432c79 | 1153 | } |
wolfSSL | 4:1b0d80432c79 | 1154 | |
wolfSSL | 4:1b0d80432c79 | 1155 | alpn = (ALPN *)extension->data; |
wolfSSL | 4:1b0d80432c79 | 1156 | if (alpn == NULL) { |
wolfSSL | 4:1b0d80432c79 | 1157 | WOLFSSL_MSG("ALPN extension not found"); |
wolfSSL | 4:1b0d80432c79 | 1158 | *data = NULL; |
wolfSSL | 4:1b0d80432c79 | 1159 | *dataSz = 0; |
wolfSSL | 4:1b0d80432c79 | 1160 | return SSL_FATAL_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1161 | } |
wolfSSL | 4:1b0d80432c79 | 1162 | |
wolfSSL | 4:1b0d80432c79 | 1163 | if (alpn->negotiated != 1) { |
wolfSSL | 4:1b0d80432c79 | 1164 | |
wolfSSL | 4:1b0d80432c79 | 1165 | /* consider as an error */ |
wolfSSL | 4:1b0d80432c79 | 1166 | if (alpn->options & WOLFSSL_ALPN_FAILED_ON_MISMATCH) { |
wolfSSL | 4:1b0d80432c79 | 1167 | WOLFSSL_MSG("No protocol match with peer -> Failed"); |
wolfSSL | 4:1b0d80432c79 | 1168 | return SSL_FATAL_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1169 | } |
wolfSSL | 4:1b0d80432c79 | 1170 | |
wolfSSL | 4:1b0d80432c79 | 1171 | /* continue without negotiated protocol */ |
wolfSSL | 4:1b0d80432c79 | 1172 | WOLFSSL_MSG("No protocol match with peer -> Continue"); |
wolfSSL | 4:1b0d80432c79 | 1173 | return SSL_ALPN_NOT_FOUND; |
wolfSSL | 4:1b0d80432c79 | 1174 | } |
wolfSSL | 4:1b0d80432c79 | 1175 | |
wolfSSL | 4:1b0d80432c79 | 1176 | if (alpn->next != NULL) { |
wolfSSL | 4:1b0d80432c79 | 1177 | WOLFSSL_MSG("Only one protocol name must be accepted"); |
wolfSSL | 4:1b0d80432c79 | 1178 | return SSL_FATAL_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1179 | } |
wolfSSL | 4:1b0d80432c79 | 1180 | |
wolfSSL | 4:1b0d80432c79 | 1181 | *data = alpn->protocol_name; |
wolfSSL | 4:1b0d80432c79 | 1182 | *dataSz = (word16)XSTRLEN(*data); |
wolfSSL | 4:1b0d80432c79 | 1183 | |
wolfSSL | 4:1b0d80432c79 | 1184 | return SSL_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 1185 | } |
wolfSSL | 4:1b0d80432c79 | 1186 | |
wolfSSL | 4:1b0d80432c79 | 1187 | #define ALPN_FREE_ALL TLSX_ALPN_FreeAll |
wolfSSL | 4:1b0d80432c79 | 1188 | #define ALPN_GET_SIZE TLSX_ALPN_GetSize |
wolfSSL | 4:1b0d80432c79 | 1189 | #define ALPN_WRITE TLSX_ALPN_Write |
wolfSSL | 4:1b0d80432c79 | 1190 | #define ALPN_PARSE TLSX_ALPN_ParseAndSet |
wolfSSL | 4:1b0d80432c79 | 1191 | |
wolfSSL | 4:1b0d80432c79 | 1192 | #else /* HAVE_ALPN */ |
wolfSSL | 4:1b0d80432c79 | 1193 | |
wolfSSL | 4:1b0d80432c79 | 1194 | #define ALPN_FREE_ALL(list) |
wolfSSL | 4:1b0d80432c79 | 1195 | #define ALPN_GET_SIZE(list) 0 |
wolfSSL | 4:1b0d80432c79 | 1196 | #define ALPN_WRITE(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 1197 | #define ALPN_PARSE(a, b, c, d) 0 |
wolfSSL | 4:1b0d80432c79 | 1198 | |
wolfSSL | 4:1b0d80432c79 | 1199 | #endif /* HAVE_ALPN */ |
wolfSSL | 4:1b0d80432c79 | 1200 | |
wolfSSL | 4:1b0d80432c79 | 1201 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 1202 | /* Server Name Indication */ |
wolfSSL | 4:1b0d80432c79 | 1203 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 1204 | |
wolfSSL | 4:1b0d80432c79 | 1205 | #ifdef HAVE_SNI |
wolfSSL | 4:1b0d80432c79 | 1206 | |
wolfSSL | 4:1b0d80432c79 | 1207 | /** Creates a new SNI object. */ |
wolfSSL | 4:1b0d80432c79 | 1208 | static SNI* TLSX_SNI_New(byte type, const void* data, word16 size) |
wolfSSL | 4:1b0d80432c79 | 1209 | { |
wolfSSL | 4:1b0d80432c79 | 1210 | SNI* sni = (SNI*)XMALLOC(sizeof(SNI), NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 1211 | |
wolfSSL | 4:1b0d80432c79 | 1212 | if (sni) { |
wolfSSL | 4:1b0d80432c79 | 1213 | sni->type = type; |
wolfSSL | 4:1b0d80432c79 | 1214 | sni->next = NULL; |
wolfSSL | 4:1b0d80432c79 | 1215 | |
wolfSSL | 4:1b0d80432c79 | 1216 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 1217 | sni->options = 0; |
wolfSSL | 4:1b0d80432c79 | 1218 | sni->status = WOLFSSL_SNI_NO_MATCH; |
wolfSSL | 4:1b0d80432c79 | 1219 | #endif |
wolfSSL | 4:1b0d80432c79 | 1220 | |
wolfSSL | 4:1b0d80432c79 | 1221 | switch (sni->type) { |
wolfSSL | 4:1b0d80432c79 | 1222 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 4:1b0d80432c79 | 1223 | sni->data.host_name = XMALLOC(size+1, NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 1224 | |
wolfSSL | 4:1b0d80432c79 | 1225 | if (sni->data.host_name) { |
wolfSSL | 4:1b0d80432c79 | 1226 | XSTRNCPY(sni->data.host_name, (const char*)data, size); |
wolfSSL | 4:1b0d80432c79 | 1227 | sni->data.host_name[size] = 0; |
wolfSSL | 4:1b0d80432c79 | 1228 | } else { |
wolfSSL | 4:1b0d80432c79 | 1229 | XFREE(sni, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 1230 | sni = NULL; |
wolfSSL | 4:1b0d80432c79 | 1231 | } |
wolfSSL | 4:1b0d80432c79 | 1232 | break; |
wolfSSL | 4:1b0d80432c79 | 1233 | |
wolfSSL | 4:1b0d80432c79 | 1234 | default: /* invalid type */ |
wolfSSL | 4:1b0d80432c79 | 1235 | XFREE(sni, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 1236 | sni = NULL; |
wolfSSL | 4:1b0d80432c79 | 1237 | } |
wolfSSL | 4:1b0d80432c79 | 1238 | } |
wolfSSL | 4:1b0d80432c79 | 1239 | |
wolfSSL | 4:1b0d80432c79 | 1240 | return sni; |
wolfSSL | 4:1b0d80432c79 | 1241 | } |
wolfSSL | 4:1b0d80432c79 | 1242 | |
wolfSSL | 4:1b0d80432c79 | 1243 | /** Releases a SNI object. */ |
wolfSSL | 4:1b0d80432c79 | 1244 | static void TLSX_SNI_Free(SNI* sni) |
wolfSSL | 4:1b0d80432c79 | 1245 | { |
wolfSSL | 4:1b0d80432c79 | 1246 | if (sni) { |
wolfSSL | 4:1b0d80432c79 | 1247 | switch (sni->type) { |
wolfSSL | 4:1b0d80432c79 | 1248 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 4:1b0d80432c79 | 1249 | XFREE(sni->data.host_name, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 1250 | break; |
wolfSSL | 4:1b0d80432c79 | 1251 | } |
wolfSSL | 4:1b0d80432c79 | 1252 | |
wolfSSL | 4:1b0d80432c79 | 1253 | XFREE(sni, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 1254 | } |
wolfSSL | 4:1b0d80432c79 | 1255 | } |
wolfSSL | 4:1b0d80432c79 | 1256 | |
wolfSSL | 4:1b0d80432c79 | 1257 | /** Releases all SNI objects in the provided list. */ |
wolfSSL | 4:1b0d80432c79 | 1258 | static void TLSX_SNI_FreeAll(SNI* list) |
wolfSSL | 4:1b0d80432c79 | 1259 | { |
wolfSSL | 4:1b0d80432c79 | 1260 | SNI* sni; |
wolfSSL | 4:1b0d80432c79 | 1261 | |
wolfSSL | 4:1b0d80432c79 | 1262 | while ((sni = list)) { |
wolfSSL | 4:1b0d80432c79 | 1263 | list = sni->next; |
wolfSSL | 4:1b0d80432c79 | 1264 | TLSX_SNI_Free(sni); |
wolfSSL | 4:1b0d80432c79 | 1265 | } |
wolfSSL | 4:1b0d80432c79 | 1266 | } |
wolfSSL | 4:1b0d80432c79 | 1267 | |
wolfSSL | 4:1b0d80432c79 | 1268 | /** Tells the buffered size of the SNI objects in a list. */ |
wolfSSL | 4:1b0d80432c79 | 1269 | static word16 TLSX_SNI_GetSize(SNI* list) |
wolfSSL | 4:1b0d80432c79 | 1270 | { |
wolfSSL | 4:1b0d80432c79 | 1271 | SNI* sni; |
wolfSSL | 4:1b0d80432c79 | 1272 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 4:1b0d80432c79 | 1273 | |
wolfSSL | 4:1b0d80432c79 | 1274 | while ((sni = list)) { |
wolfSSL | 4:1b0d80432c79 | 1275 | list = sni->next; |
wolfSSL | 4:1b0d80432c79 | 1276 | |
wolfSSL | 4:1b0d80432c79 | 1277 | length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */ |
wolfSSL | 4:1b0d80432c79 | 1278 | |
wolfSSL | 4:1b0d80432c79 | 1279 | switch (sni->type) { |
wolfSSL | 4:1b0d80432c79 | 1280 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 4:1b0d80432c79 | 1281 | length += XSTRLEN((char*)sni->data.host_name); |
wolfSSL | 4:1b0d80432c79 | 1282 | break; |
wolfSSL | 4:1b0d80432c79 | 1283 | } |
wolfSSL | 4:1b0d80432c79 | 1284 | } |
wolfSSL | 4:1b0d80432c79 | 1285 | |
wolfSSL | 4:1b0d80432c79 | 1286 | return length; |
wolfSSL | 4:1b0d80432c79 | 1287 | } |
wolfSSL | 4:1b0d80432c79 | 1288 | |
wolfSSL | 4:1b0d80432c79 | 1289 | /** Writes the SNI objects of a list in a buffer. */ |
wolfSSL | 4:1b0d80432c79 | 1290 | static word16 TLSX_SNI_Write(SNI* list, byte* output) |
wolfSSL | 4:1b0d80432c79 | 1291 | { |
wolfSSL | 4:1b0d80432c79 | 1292 | SNI* sni; |
wolfSSL | 4:1b0d80432c79 | 1293 | word16 length = 0; |
wolfSSL | 4:1b0d80432c79 | 1294 | word16 offset = OPAQUE16_LEN; /* list length offset */ |
wolfSSL | 4:1b0d80432c79 | 1295 | |
wolfSSL | 4:1b0d80432c79 | 1296 | while ((sni = list)) { |
wolfSSL | 4:1b0d80432c79 | 1297 | list = sni->next; |
wolfSSL | 4:1b0d80432c79 | 1298 | |
wolfSSL | 4:1b0d80432c79 | 1299 | output[offset++] = sni->type; /* sni type */ |
wolfSSL | 4:1b0d80432c79 | 1300 | |
wolfSSL | 4:1b0d80432c79 | 1301 | switch (sni->type) { |
wolfSSL | 4:1b0d80432c79 | 1302 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 4:1b0d80432c79 | 1303 | length = XSTRLEN((char*)sni->data.host_name); |
wolfSSL | 4:1b0d80432c79 | 1304 | |
wolfSSL | 4:1b0d80432c79 | 1305 | c16toa(length, output + offset); /* sni length */ |
wolfSSL | 4:1b0d80432c79 | 1306 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1307 | |
wolfSSL | 4:1b0d80432c79 | 1308 | XMEMCPY(output + offset, sni->data.host_name, length); |
wolfSSL | 4:1b0d80432c79 | 1309 | |
wolfSSL | 4:1b0d80432c79 | 1310 | offset += length; |
wolfSSL | 4:1b0d80432c79 | 1311 | break; |
wolfSSL | 4:1b0d80432c79 | 1312 | } |
wolfSSL | 4:1b0d80432c79 | 1313 | } |
wolfSSL | 4:1b0d80432c79 | 1314 | |
wolfSSL | 4:1b0d80432c79 | 1315 | c16toa(offset - OPAQUE16_LEN, output); /* writing list length */ |
wolfSSL | 4:1b0d80432c79 | 1316 | |
wolfSSL | 4:1b0d80432c79 | 1317 | return offset; |
wolfSSL | 4:1b0d80432c79 | 1318 | } |
wolfSSL | 4:1b0d80432c79 | 1319 | |
wolfSSL | 4:1b0d80432c79 | 1320 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 1321 | |
wolfSSL | 4:1b0d80432c79 | 1322 | /** Finds a SNI object in the provided list. */ |
wolfSSL | 4:1b0d80432c79 | 1323 | static SNI* TLSX_SNI_Find(SNI *list, byte type) |
wolfSSL | 4:1b0d80432c79 | 1324 | { |
wolfSSL | 4:1b0d80432c79 | 1325 | SNI *sni = list; |
wolfSSL | 4:1b0d80432c79 | 1326 | |
wolfSSL | 4:1b0d80432c79 | 1327 | while (sni && sni->type != type) |
wolfSSL | 4:1b0d80432c79 | 1328 | sni = sni->next; |
wolfSSL | 4:1b0d80432c79 | 1329 | |
wolfSSL | 4:1b0d80432c79 | 1330 | return sni; |
wolfSSL | 4:1b0d80432c79 | 1331 | } |
wolfSSL | 4:1b0d80432c79 | 1332 | |
wolfSSL | 4:1b0d80432c79 | 1333 | |
wolfSSL | 4:1b0d80432c79 | 1334 | /** Sets the status of a SNI object. */ |
wolfSSL | 4:1b0d80432c79 | 1335 | static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status) |
wolfSSL | 4:1b0d80432c79 | 1336 | { |
wolfSSL | 4:1b0d80432c79 | 1337 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 4:1b0d80432c79 | 1338 | SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); |
wolfSSL | 4:1b0d80432c79 | 1339 | |
wolfSSL | 4:1b0d80432c79 | 1340 | if (sni) |
wolfSSL | 4:1b0d80432c79 | 1341 | sni->status = status; |
wolfSSL | 4:1b0d80432c79 | 1342 | } |
wolfSSL | 4:1b0d80432c79 | 1343 | |
wolfSSL | 4:1b0d80432c79 | 1344 | /** Gets the status of a SNI object. */ |
wolfSSL | 4:1b0d80432c79 | 1345 | byte TLSX_SNI_Status(TLSX* extensions, byte type) |
wolfSSL | 4:1b0d80432c79 | 1346 | { |
wolfSSL | 4:1b0d80432c79 | 1347 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 4:1b0d80432c79 | 1348 | SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); |
wolfSSL | 4:1b0d80432c79 | 1349 | |
wolfSSL | 4:1b0d80432c79 | 1350 | if (sni) |
wolfSSL | 4:1b0d80432c79 | 1351 | return sni->status; |
wolfSSL | 4:1b0d80432c79 | 1352 | |
wolfSSL | 4:1b0d80432c79 | 1353 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1354 | } |
wolfSSL | 4:1b0d80432c79 | 1355 | |
wolfSSL | 4:1b0d80432c79 | 1356 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 4:1b0d80432c79 | 1357 | |
wolfSSL | 4:1b0d80432c79 | 1358 | /** Parses a buffer of SNI extensions. */ |
wolfSSL | 4:1b0d80432c79 | 1359 | static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 4:1b0d80432c79 | 1360 | byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 1361 | { |
wolfSSL | 4:1b0d80432c79 | 1362 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 1363 | word16 size = 0; |
wolfSSL | 4:1b0d80432c79 | 1364 | word16 offset = 0; |
wolfSSL | 4:1b0d80432c79 | 1365 | int cacheOnly = 0; |
wolfSSL | 4:1b0d80432c79 | 1366 | #endif |
wolfSSL | 4:1b0d80432c79 | 1367 | |
wolfSSL | 4:1b0d80432c79 | 1368 | TLSX *extension = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME); |
wolfSSL | 4:1b0d80432c79 | 1369 | |
wolfSSL | 4:1b0d80432c79 | 1370 | if (!extension) |
wolfSSL | 4:1b0d80432c79 | 1371 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME); |
wolfSSL | 4:1b0d80432c79 | 1372 | |
wolfSSL | 4:1b0d80432c79 | 1373 | (void)isRequest; |
wolfSSL | 4:1b0d80432c79 | 1374 | (void)input; |
wolfSSL | 4:1b0d80432c79 | 1375 | |
wolfSSL | 4:1b0d80432c79 | 1376 | if (!extension || !extension->data) { |
wolfSSL | 4:1b0d80432c79 | 1377 | #if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 4:1b0d80432c79 | 1378 | /* This will keep SNI even though TLSX_UseSNI has not been called. |
wolfSSL | 4:1b0d80432c79 | 1379 | * Enable it so that the received sni is available to functions |
wolfSSL | 4:1b0d80432c79 | 1380 | * that use a custom callback when SNI is received */ |
wolfSSL | 4:1b0d80432c79 | 1381 | cacheOnly = 1; |
wolfSSL | 4:1b0d80432c79 | 1382 | WOLFSSL_MSG("Forcing SSL object to store SNI parameter"); |
wolfSSL | 4:1b0d80432c79 | 1383 | #else |
wolfSSL | 4:1b0d80432c79 | 1384 | return isRequest ? 0 /* not using SNI. */ |
wolfSSL | 4:1b0d80432c79 | 1385 | : BUFFER_ERROR; /* unexpected SNI response. */ |
wolfSSL | 4:1b0d80432c79 | 1386 | #endif |
wolfSSL | 4:1b0d80432c79 | 1387 | } |
wolfSSL | 4:1b0d80432c79 | 1388 | |
wolfSSL | 4:1b0d80432c79 | 1389 | if (!isRequest) |
wolfSSL | 4:1b0d80432c79 | 1390 | return length ? BUFFER_ERROR /* SNI response MUST be empty. */ |
wolfSSL | 4:1b0d80432c79 | 1391 | : 0; /* nothing else to do. */ |
wolfSSL | 4:1b0d80432c79 | 1392 | |
wolfSSL | 4:1b0d80432c79 | 1393 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 1394 | |
wolfSSL | 4:1b0d80432c79 | 1395 | if (OPAQUE16_LEN > length) |
wolfSSL | 4:1b0d80432c79 | 1396 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1397 | |
wolfSSL | 4:1b0d80432c79 | 1398 | ato16(input, &size); |
wolfSSL | 4:1b0d80432c79 | 1399 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1400 | |
wolfSSL | 4:1b0d80432c79 | 1401 | /* validating sni list length */ |
wolfSSL | 4:1b0d80432c79 | 1402 | if (length != OPAQUE16_LEN + size) |
wolfSSL | 4:1b0d80432c79 | 1403 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1404 | |
wolfSSL | 4:1b0d80432c79 | 1405 | for (size = 0; offset < length; offset += size) { |
wolfSSL | 4:1b0d80432c79 | 1406 | SNI *sni = NULL; |
wolfSSL | 4:1b0d80432c79 | 1407 | byte type = input[offset++]; |
wolfSSL | 4:1b0d80432c79 | 1408 | |
wolfSSL | 4:1b0d80432c79 | 1409 | if (offset + OPAQUE16_LEN > length) |
wolfSSL | 4:1b0d80432c79 | 1410 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1411 | |
wolfSSL | 4:1b0d80432c79 | 1412 | ato16(input + offset, &size); |
wolfSSL | 4:1b0d80432c79 | 1413 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1414 | |
wolfSSL | 4:1b0d80432c79 | 1415 | if (offset + size > length) |
wolfSSL | 4:1b0d80432c79 | 1416 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1417 | |
wolfSSL | 4:1b0d80432c79 | 1418 | if (!cacheOnly && !(sni = TLSX_SNI_Find((SNI*)extension->data, type))) |
wolfSSL | 4:1b0d80432c79 | 1419 | continue; /* not using this type of SNI. */ |
wolfSSL | 4:1b0d80432c79 | 1420 | |
wolfSSL | 4:1b0d80432c79 | 1421 | switch(type) { |
wolfSSL | 4:1b0d80432c79 | 1422 | case WOLFSSL_SNI_HOST_NAME: { |
wolfSSL | 4:1b0d80432c79 | 1423 | int matchStat; |
wolfSSL | 4:1b0d80432c79 | 1424 | byte matched = cacheOnly || |
wolfSSL | 4:1b0d80432c79 | 1425 | ((XSTRLEN(sni->data.host_name) == size) |
wolfSSL | 4:1b0d80432c79 | 1426 | && (XSTRNCMP(sni->data.host_name, |
wolfSSL | 4:1b0d80432c79 | 1427 | (const char*)input + offset, size) == 0)); |
wolfSSL | 4:1b0d80432c79 | 1428 | |
wolfSSL | 4:1b0d80432c79 | 1429 | if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) { |
wolfSSL | 4:1b0d80432c79 | 1430 | int r = TLSX_UseSNI(&ssl->extensions, |
wolfSSL | 4:1b0d80432c79 | 1431 | type, input + offset, size); |
wolfSSL | 4:1b0d80432c79 | 1432 | |
wolfSSL | 4:1b0d80432c79 | 1433 | if (r != SSL_SUCCESS) |
wolfSSL | 4:1b0d80432c79 | 1434 | return r; /* throws error. */ |
wolfSSL | 4:1b0d80432c79 | 1435 | |
wolfSSL | 4:1b0d80432c79 | 1436 | if(cacheOnly) { |
wolfSSL | 4:1b0d80432c79 | 1437 | WOLFSSL_MSG("Forcing storage of SNI, Fake match"); |
wolfSSL | 4:1b0d80432c79 | 1438 | matchStat = WOLFSSL_SNI_FORCE_KEEP; |
wolfSSL | 4:1b0d80432c79 | 1439 | } else if(matched) { |
wolfSSL | 4:1b0d80432c79 | 1440 | WOLFSSL_MSG("SNI did match!"); |
wolfSSL | 4:1b0d80432c79 | 1441 | matchStat = WOLFSSL_SNI_REAL_MATCH; |
wolfSSL | 4:1b0d80432c79 | 1442 | } else { |
wolfSSL | 4:1b0d80432c79 | 1443 | WOLFSSL_MSG("fake SNI match from ANSWER_ON_MISMATCH"); |
wolfSSL | 4:1b0d80432c79 | 1444 | matchStat = WOLFSSL_SNI_FAKE_MATCH; |
wolfSSL | 4:1b0d80432c79 | 1445 | } |
wolfSSL | 4:1b0d80432c79 | 1446 | |
wolfSSL | 4:1b0d80432c79 | 1447 | TLSX_SNI_SetStatus(ssl->extensions, type, matchStat); |
wolfSSL | 4:1b0d80432c79 | 1448 | |
wolfSSL | 4:1b0d80432c79 | 1449 | if(!cacheOnly) |
wolfSSL | 4:1b0d80432c79 | 1450 | TLSX_SetResponse(ssl, TLSX_SERVER_NAME); |
wolfSSL | 4:1b0d80432c79 | 1451 | |
wolfSSL | 4:1b0d80432c79 | 1452 | } else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) { |
wolfSSL | 4:1b0d80432c79 | 1453 | SendAlert(ssl, alert_fatal, unrecognized_name); |
wolfSSL | 4:1b0d80432c79 | 1454 | |
wolfSSL | 4:1b0d80432c79 | 1455 | return UNKNOWN_SNI_HOST_NAME_E; |
wolfSSL | 4:1b0d80432c79 | 1456 | } |
wolfSSL | 4:1b0d80432c79 | 1457 | break; |
wolfSSL | 4:1b0d80432c79 | 1458 | } |
wolfSSL | 4:1b0d80432c79 | 1459 | } |
wolfSSL | 4:1b0d80432c79 | 1460 | } |
wolfSSL | 4:1b0d80432c79 | 1461 | |
wolfSSL | 4:1b0d80432c79 | 1462 | #endif |
wolfSSL | 4:1b0d80432c79 | 1463 | |
wolfSSL | 4:1b0d80432c79 | 1464 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1465 | } |
wolfSSL | 4:1b0d80432c79 | 1466 | |
wolfSSL | 4:1b0d80432c79 | 1467 | static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 1468 | { |
wolfSSL | 4:1b0d80432c79 | 1469 | (void)ssl; |
wolfSSL | 4:1b0d80432c79 | 1470 | |
wolfSSL | 4:1b0d80432c79 | 1471 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 1472 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 1473 | TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME); |
wolfSSL | 4:1b0d80432c79 | 1474 | TLSX* ssl_ext = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME); |
wolfSSL | 4:1b0d80432c79 | 1475 | SNI* ctx_sni = ctx_ext ? ctx_ext->data : NULL; |
wolfSSL | 4:1b0d80432c79 | 1476 | SNI* ssl_sni = ssl_ext ? ssl_ext->data : NULL; |
wolfSSL | 4:1b0d80432c79 | 1477 | SNI* sni = NULL; |
wolfSSL | 4:1b0d80432c79 | 1478 | |
wolfSSL | 4:1b0d80432c79 | 1479 | for (; ctx_sni; ctx_sni = ctx_sni->next) { |
wolfSSL | 4:1b0d80432c79 | 1480 | if (ctx_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) { |
wolfSSL | 4:1b0d80432c79 | 1481 | sni = TLSX_SNI_Find(ssl_sni, ctx_sni->type); |
wolfSSL | 4:1b0d80432c79 | 1482 | |
wolfSSL | 4:1b0d80432c79 | 1483 | if (sni) { |
wolfSSL | 4:1b0d80432c79 | 1484 | if (sni->status != WOLFSSL_SNI_NO_MATCH) |
wolfSSL | 4:1b0d80432c79 | 1485 | continue; |
wolfSSL | 4:1b0d80432c79 | 1486 | |
wolfSSL | 4:1b0d80432c79 | 1487 | /* if ssl level overrides ctx level, it is ok. */ |
wolfSSL | 4:1b0d80432c79 | 1488 | if ((sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) == 0) |
wolfSSL | 4:1b0d80432c79 | 1489 | continue; |
wolfSSL | 4:1b0d80432c79 | 1490 | } |
wolfSSL | 4:1b0d80432c79 | 1491 | |
wolfSSL | 4:1b0d80432c79 | 1492 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 4:1b0d80432c79 | 1493 | return SNI_ABSENT_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1494 | } |
wolfSSL | 4:1b0d80432c79 | 1495 | } |
wolfSSL | 4:1b0d80432c79 | 1496 | |
wolfSSL | 4:1b0d80432c79 | 1497 | for (; ssl_sni; ssl_sni = ssl_sni->next) { |
wolfSSL | 4:1b0d80432c79 | 1498 | if (ssl_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) { |
wolfSSL | 4:1b0d80432c79 | 1499 | if (ssl_sni->status != WOLFSSL_SNI_NO_MATCH) |
wolfSSL | 4:1b0d80432c79 | 1500 | continue; |
wolfSSL | 4:1b0d80432c79 | 1501 | |
wolfSSL | 4:1b0d80432c79 | 1502 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 4:1b0d80432c79 | 1503 | return SNI_ABSENT_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1504 | } |
wolfSSL | 4:1b0d80432c79 | 1505 | } |
wolfSSL | 4:1b0d80432c79 | 1506 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 4:1b0d80432c79 | 1507 | } |
wolfSSL | 4:1b0d80432c79 | 1508 | |
wolfSSL | 4:1b0d80432c79 | 1509 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1510 | } |
wolfSSL | 4:1b0d80432c79 | 1511 | |
wolfSSL | 4:1b0d80432c79 | 1512 | int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size) |
wolfSSL | 4:1b0d80432c79 | 1513 | { |
wolfSSL | 4:1b0d80432c79 | 1514 | TLSX* extension = TLSX_Find(*extensions, TLSX_SERVER_NAME); |
wolfSSL | 4:1b0d80432c79 | 1515 | SNI* sni = NULL; |
wolfSSL | 4:1b0d80432c79 | 1516 | |
wolfSSL | 4:1b0d80432c79 | 1517 | if (extensions == NULL || data == NULL) |
wolfSSL | 4:1b0d80432c79 | 1518 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 1519 | |
wolfSSL | 4:1b0d80432c79 | 1520 | if ((sni = TLSX_SNI_New(type, data, size)) == NULL) |
wolfSSL | 4:1b0d80432c79 | 1521 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 1522 | |
wolfSSL | 4:1b0d80432c79 | 1523 | if (!extension) { |
wolfSSL | 4:1b0d80432c79 | 1524 | int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni); |
wolfSSL | 4:1b0d80432c79 | 1525 | if (ret != 0) { |
wolfSSL | 4:1b0d80432c79 | 1526 | TLSX_SNI_Free(sni); |
wolfSSL | 4:1b0d80432c79 | 1527 | return ret; |
wolfSSL | 4:1b0d80432c79 | 1528 | } |
wolfSSL | 4:1b0d80432c79 | 1529 | } |
wolfSSL | 4:1b0d80432c79 | 1530 | else { |
wolfSSL | 4:1b0d80432c79 | 1531 | /* push new SNI object to extension data. */ |
wolfSSL | 4:1b0d80432c79 | 1532 | sni->next = (SNI*)extension->data; |
wolfSSL | 4:1b0d80432c79 | 1533 | extension->data = (void*)sni; |
wolfSSL | 4:1b0d80432c79 | 1534 | |
wolfSSL | 4:1b0d80432c79 | 1535 | /* remove duplicate SNI, there should be only one of each type. */ |
wolfSSL | 4:1b0d80432c79 | 1536 | do { |
wolfSSL | 4:1b0d80432c79 | 1537 | if (sni->next && sni->next->type == type) { |
wolfSSL | 4:1b0d80432c79 | 1538 | SNI *next = sni->next; |
wolfSSL | 4:1b0d80432c79 | 1539 | |
wolfSSL | 4:1b0d80432c79 | 1540 | sni->next = next->next; |
wolfSSL | 4:1b0d80432c79 | 1541 | TLSX_SNI_Free(next); |
wolfSSL | 4:1b0d80432c79 | 1542 | |
wolfSSL | 4:1b0d80432c79 | 1543 | /* there is no way to occur more than */ |
wolfSSL | 4:1b0d80432c79 | 1544 | /* two SNIs of the same type. */ |
wolfSSL | 4:1b0d80432c79 | 1545 | break; |
wolfSSL | 4:1b0d80432c79 | 1546 | } |
wolfSSL | 4:1b0d80432c79 | 1547 | } while ((sni = sni->next)); |
wolfSSL | 4:1b0d80432c79 | 1548 | } |
wolfSSL | 4:1b0d80432c79 | 1549 | |
wolfSSL | 4:1b0d80432c79 | 1550 | return SSL_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 1551 | } |
wolfSSL | 4:1b0d80432c79 | 1552 | |
wolfSSL | 4:1b0d80432c79 | 1553 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 1554 | |
wolfSSL | 4:1b0d80432c79 | 1555 | /** Tells the SNI requested by the client. */ |
wolfSSL | 4:1b0d80432c79 | 1556 | word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data) |
wolfSSL | 4:1b0d80432c79 | 1557 | { |
wolfSSL | 4:1b0d80432c79 | 1558 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 4:1b0d80432c79 | 1559 | SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); |
wolfSSL | 4:1b0d80432c79 | 1560 | |
wolfSSL | 4:1b0d80432c79 | 1561 | if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) { |
wolfSSL | 4:1b0d80432c79 | 1562 | switch (sni->type) { |
wolfSSL | 4:1b0d80432c79 | 1563 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 4:1b0d80432c79 | 1564 | *data = sni->data.host_name; |
wolfSSL | 4:1b0d80432c79 | 1565 | return XSTRLEN(*data); |
wolfSSL | 4:1b0d80432c79 | 1566 | } |
wolfSSL | 4:1b0d80432c79 | 1567 | } |
wolfSSL | 4:1b0d80432c79 | 1568 | |
wolfSSL | 4:1b0d80432c79 | 1569 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1570 | } |
wolfSSL | 4:1b0d80432c79 | 1571 | |
wolfSSL | 4:1b0d80432c79 | 1572 | /** Sets the options for a SNI object. */ |
wolfSSL | 4:1b0d80432c79 | 1573 | void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options) |
wolfSSL | 4:1b0d80432c79 | 1574 | { |
wolfSSL | 4:1b0d80432c79 | 1575 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 4:1b0d80432c79 | 1576 | SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); |
wolfSSL | 4:1b0d80432c79 | 1577 | |
wolfSSL | 4:1b0d80432c79 | 1578 | if (sni) |
wolfSSL | 4:1b0d80432c79 | 1579 | sni->options = options; |
wolfSSL | 4:1b0d80432c79 | 1580 | } |
wolfSSL | 4:1b0d80432c79 | 1581 | |
wolfSSL | 4:1b0d80432c79 | 1582 | /** Retrieves a SNI request from a client hello buffer. */ |
wolfSSL | 4:1b0d80432c79 | 1583 | int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, |
wolfSSL | 4:1b0d80432c79 | 1584 | byte type, byte* sni, word32* inOutSz) |
wolfSSL | 4:1b0d80432c79 | 1585 | { |
wolfSSL | 4:1b0d80432c79 | 1586 | word32 offset = 0; |
wolfSSL | 4:1b0d80432c79 | 1587 | word32 len32 = 0; |
wolfSSL | 4:1b0d80432c79 | 1588 | word16 len16 = 0; |
wolfSSL | 4:1b0d80432c79 | 1589 | |
wolfSSL | 4:1b0d80432c79 | 1590 | if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST) |
wolfSSL | 4:1b0d80432c79 | 1591 | return INCOMPLETE_DATA; |
wolfSSL | 4:1b0d80432c79 | 1592 | |
wolfSSL | 4:1b0d80432c79 | 1593 | /* TLS record header */ |
wolfSSL | 4:1b0d80432c79 | 1594 | if ((enum ContentType) clientHello[offset++] != handshake) { |
wolfSSL | 4:1b0d80432c79 | 1595 | |
wolfSSL | 4:1b0d80432c79 | 1596 | /* checking for SSLv2.0 client hello according to: */ |
wolfSSL | 4:1b0d80432c79 | 1597 | /* http://tools.ietf.org/html/rfc4346#appendix-E.1 */ |
wolfSSL | 4:1b0d80432c79 | 1598 | if ((enum HandShakeType) clientHello[++offset] == client_hello) { |
wolfSSL | 4:1b0d80432c79 | 1599 | offset += ENUM_LEN + VERSION_SZ; /* skip version */ |
wolfSSL | 4:1b0d80432c79 | 1600 | |
wolfSSL | 4:1b0d80432c79 | 1601 | ato16(clientHello + offset, &len16); |
wolfSSL | 4:1b0d80432c79 | 1602 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1603 | |
wolfSSL | 4:1b0d80432c79 | 1604 | if (len16 % 3) /* cipher_spec_length must be multiple of 3 */ |
wolfSSL | 4:1b0d80432c79 | 1605 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1606 | |
wolfSSL | 4:1b0d80432c79 | 1607 | ato16(clientHello + offset, &len16); |
wolfSSL | 4:1b0d80432c79 | 1608 | /* Returning SNI_UNSUPPORTED do not increment offset here */ |
wolfSSL | 4:1b0d80432c79 | 1609 | |
wolfSSL | 4:1b0d80432c79 | 1610 | if (len16 != 0) /* session_id_length must be 0 */ |
wolfSSL | 4:1b0d80432c79 | 1611 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1612 | |
wolfSSL | 4:1b0d80432c79 | 1613 | return SNI_UNSUPPORTED; |
wolfSSL | 4:1b0d80432c79 | 1614 | } |
wolfSSL | 4:1b0d80432c79 | 1615 | |
wolfSSL | 4:1b0d80432c79 | 1616 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1617 | } |
wolfSSL | 4:1b0d80432c79 | 1618 | |
wolfSSL | 4:1b0d80432c79 | 1619 | if (clientHello[offset++] != SSLv3_MAJOR) |
wolfSSL | 4:1b0d80432c79 | 1620 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1621 | |
wolfSSL | 4:1b0d80432c79 | 1622 | if (clientHello[offset++] < TLSv1_MINOR) |
wolfSSL | 4:1b0d80432c79 | 1623 | return SNI_UNSUPPORTED; |
wolfSSL | 4:1b0d80432c79 | 1624 | |
wolfSSL | 4:1b0d80432c79 | 1625 | ato16(clientHello + offset, &len16); |
wolfSSL | 4:1b0d80432c79 | 1626 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1627 | |
wolfSSL | 4:1b0d80432c79 | 1628 | if (offset + len16 > helloSz) |
wolfSSL | 4:1b0d80432c79 | 1629 | return INCOMPLETE_DATA; |
wolfSSL | 4:1b0d80432c79 | 1630 | |
wolfSSL | 4:1b0d80432c79 | 1631 | /* Handshake header */ |
wolfSSL | 4:1b0d80432c79 | 1632 | if ((enum HandShakeType) clientHello[offset] != client_hello) |
wolfSSL | 4:1b0d80432c79 | 1633 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1634 | |
wolfSSL | 4:1b0d80432c79 | 1635 | c24to32(clientHello + offset + 1, &len32); |
wolfSSL | 4:1b0d80432c79 | 1636 | offset += HANDSHAKE_HEADER_SZ; |
wolfSSL | 4:1b0d80432c79 | 1637 | |
wolfSSL | 4:1b0d80432c79 | 1638 | if (offset + len32 > helloSz) |
wolfSSL | 4:1b0d80432c79 | 1639 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1640 | |
wolfSSL | 4:1b0d80432c79 | 1641 | /* client hello */ |
wolfSSL | 4:1b0d80432c79 | 1642 | offset += VERSION_SZ + RAN_LEN; /* version, random */ |
wolfSSL | 4:1b0d80432c79 | 1643 | |
wolfSSL | 4:1b0d80432c79 | 1644 | if (helloSz < offset + clientHello[offset]) |
wolfSSL | 4:1b0d80432c79 | 1645 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1646 | |
wolfSSL | 4:1b0d80432c79 | 1647 | offset += ENUM_LEN + clientHello[offset]; /* skip session id */ |
wolfSSL | 4:1b0d80432c79 | 1648 | |
wolfSSL | 4:1b0d80432c79 | 1649 | /* cypher suites */ |
wolfSSL | 4:1b0d80432c79 | 1650 | if (helloSz < offset + OPAQUE16_LEN) |
wolfSSL | 4:1b0d80432c79 | 1651 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1652 | |
wolfSSL | 4:1b0d80432c79 | 1653 | ato16(clientHello + offset, &len16); |
wolfSSL | 4:1b0d80432c79 | 1654 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1655 | |
wolfSSL | 4:1b0d80432c79 | 1656 | if (helloSz < offset + len16) |
wolfSSL | 4:1b0d80432c79 | 1657 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1658 | |
wolfSSL | 4:1b0d80432c79 | 1659 | offset += len16; /* skip cypher suites */ |
wolfSSL | 4:1b0d80432c79 | 1660 | |
wolfSSL | 4:1b0d80432c79 | 1661 | /* compression methods */ |
wolfSSL | 4:1b0d80432c79 | 1662 | if (helloSz < offset + 1) |
wolfSSL | 4:1b0d80432c79 | 1663 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1664 | |
wolfSSL | 4:1b0d80432c79 | 1665 | if (helloSz < offset + clientHello[offset]) |
wolfSSL | 4:1b0d80432c79 | 1666 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1667 | |
wolfSSL | 4:1b0d80432c79 | 1668 | offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */ |
wolfSSL | 4:1b0d80432c79 | 1669 | |
wolfSSL | 4:1b0d80432c79 | 1670 | /* extensions */ |
wolfSSL | 4:1b0d80432c79 | 1671 | if (helloSz < offset + OPAQUE16_LEN) |
wolfSSL | 4:1b0d80432c79 | 1672 | return 0; /* no extensions in client hello. */ |
wolfSSL | 4:1b0d80432c79 | 1673 | |
wolfSSL | 4:1b0d80432c79 | 1674 | ato16(clientHello + offset, &len16); |
wolfSSL | 4:1b0d80432c79 | 1675 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1676 | |
wolfSSL | 4:1b0d80432c79 | 1677 | if (helloSz < offset + len16) |
wolfSSL | 4:1b0d80432c79 | 1678 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1679 | |
wolfSSL | 4:1b0d80432c79 | 1680 | while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) { |
wolfSSL | 4:1b0d80432c79 | 1681 | word16 extType; |
wolfSSL | 4:1b0d80432c79 | 1682 | word16 extLen; |
wolfSSL | 4:1b0d80432c79 | 1683 | |
wolfSSL | 4:1b0d80432c79 | 1684 | ato16(clientHello + offset, &extType); |
wolfSSL | 4:1b0d80432c79 | 1685 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1686 | |
wolfSSL | 4:1b0d80432c79 | 1687 | ato16(clientHello + offset, &extLen); |
wolfSSL | 4:1b0d80432c79 | 1688 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1689 | |
wolfSSL | 4:1b0d80432c79 | 1690 | if (helloSz < offset + extLen) |
wolfSSL | 4:1b0d80432c79 | 1691 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1692 | |
wolfSSL | 4:1b0d80432c79 | 1693 | if (extType != TLSX_SERVER_NAME) { |
wolfSSL | 4:1b0d80432c79 | 1694 | offset += extLen; /* skip extension */ |
wolfSSL | 4:1b0d80432c79 | 1695 | } else { |
wolfSSL | 4:1b0d80432c79 | 1696 | word16 listLen; |
wolfSSL | 4:1b0d80432c79 | 1697 | |
wolfSSL | 4:1b0d80432c79 | 1698 | ato16(clientHello + offset, &listLen); |
wolfSSL | 4:1b0d80432c79 | 1699 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1700 | |
wolfSSL | 4:1b0d80432c79 | 1701 | if (helloSz < offset + listLen) |
wolfSSL | 4:1b0d80432c79 | 1702 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1703 | |
wolfSSL | 4:1b0d80432c79 | 1704 | while (listLen > ENUM_LEN + OPAQUE16_LEN) { |
wolfSSL | 4:1b0d80432c79 | 1705 | byte sniType = clientHello[offset++]; |
wolfSSL | 4:1b0d80432c79 | 1706 | word16 sniLen; |
wolfSSL | 4:1b0d80432c79 | 1707 | |
wolfSSL | 4:1b0d80432c79 | 1708 | ato16(clientHello + offset, &sniLen); |
wolfSSL | 4:1b0d80432c79 | 1709 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1710 | |
wolfSSL | 4:1b0d80432c79 | 1711 | if (helloSz < offset + sniLen) |
wolfSSL | 4:1b0d80432c79 | 1712 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1713 | |
wolfSSL | 4:1b0d80432c79 | 1714 | if (sniType != type) { |
wolfSSL | 4:1b0d80432c79 | 1715 | offset += sniLen; |
wolfSSL | 4:1b0d80432c79 | 1716 | listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen); |
wolfSSL | 4:1b0d80432c79 | 1717 | continue; |
wolfSSL | 4:1b0d80432c79 | 1718 | } |
wolfSSL | 4:1b0d80432c79 | 1719 | |
wolfSSL | 4:1b0d80432c79 | 1720 | *inOutSz = min(sniLen, *inOutSz); |
wolfSSL | 4:1b0d80432c79 | 1721 | XMEMCPY(sni, clientHello + offset, *inOutSz); |
wolfSSL | 4:1b0d80432c79 | 1722 | |
wolfSSL | 4:1b0d80432c79 | 1723 | return SSL_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 1724 | } |
wolfSSL | 4:1b0d80432c79 | 1725 | } |
wolfSSL | 4:1b0d80432c79 | 1726 | |
wolfSSL | 4:1b0d80432c79 | 1727 | len16 -= min(2 * OPAQUE16_LEN + extLen, len16); |
wolfSSL | 4:1b0d80432c79 | 1728 | } |
wolfSSL | 4:1b0d80432c79 | 1729 | |
wolfSSL | 4:1b0d80432c79 | 1730 | return len16 ? BUFFER_ERROR : 0; |
wolfSSL | 4:1b0d80432c79 | 1731 | } |
wolfSSL | 4:1b0d80432c79 | 1732 | |
wolfSSL | 4:1b0d80432c79 | 1733 | #endif |
wolfSSL | 4:1b0d80432c79 | 1734 | |
wolfSSL | 4:1b0d80432c79 | 1735 | #define SNI_FREE_ALL TLSX_SNI_FreeAll |
wolfSSL | 4:1b0d80432c79 | 1736 | #define SNI_GET_SIZE TLSX_SNI_GetSize |
wolfSSL | 4:1b0d80432c79 | 1737 | #define SNI_WRITE TLSX_SNI_Write |
wolfSSL | 4:1b0d80432c79 | 1738 | #define SNI_PARSE TLSX_SNI_Parse |
wolfSSL | 4:1b0d80432c79 | 1739 | #define SNI_VERIFY_PARSE TLSX_SNI_VerifyParse |
wolfSSL | 4:1b0d80432c79 | 1740 | |
wolfSSL | 4:1b0d80432c79 | 1741 | #else |
wolfSSL | 4:1b0d80432c79 | 1742 | |
wolfSSL | 4:1b0d80432c79 | 1743 | #define SNI_FREE_ALL(list) |
wolfSSL | 4:1b0d80432c79 | 1744 | #define SNI_GET_SIZE(list) 0 |
wolfSSL | 4:1b0d80432c79 | 1745 | #define SNI_WRITE(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 1746 | #define SNI_PARSE(a, b, c, d) 0 |
wolfSSL | 4:1b0d80432c79 | 1747 | #define SNI_VERIFY_PARSE(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 1748 | |
wolfSSL | 4:1b0d80432c79 | 1749 | #endif /* HAVE_SNI */ |
wolfSSL | 4:1b0d80432c79 | 1750 | |
wolfSSL | 4:1b0d80432c79 | 1751 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 1752 | /* Max Fragment Length Negotiation */ |
wolfSSL | 4:1b0d80432c79 | 1753 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 1754 | |
wolfSSL | 4:1b0d80432c79 | 1755 | #ifdef HAVE_MAX_FRAGMENT |
wolfSSL | 4:1b0d80432c79 | 1756 | |
wolfSSL | 4:1b0d80432c79 | 1757 | static word16 TLSX_MFL_Write(byte* data, byte* output) |
wolfSSL | 4:1b0d80432c79 | 1758 | { |
wolfSSL | 4:1b0d80432c79 | 1759 | output[0] = data[0]; |
wolfSSL | 4:1b0d80432c79 | 1760 | |
wolfSSL | 4:1b0d80432c79 | 1761 | return ENUM_LEN; |
wolfSSL | 4:1b0d80432c79 | 1762 | } |
wolfSSL | 4:1b0d80432c79 | 1763 | |
wolfSSL | 4:1b0d80432c79 | 1764 | static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 4:1b0d80432c79 | 1765 | byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 1766 | { |
wolfSSL | 4:1b0d80432c79 | 1767 | (void)isRequest; |
wolfSSL | 4:1b0d80432c79 | 1768 | |
wolfSSL | 4:1b0d80432c79 | 1769 | if (length != ENUM_LEN) |
wolfSSL | 4:1b0d80432c79 | 1770 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1771 | |
wolfSSL | 4:1b0d80432c79 | 1772 | switch (*input) { |
wolfSSL | 4:1b0d80432c79 | 1773 | case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break; |
wolfSSL | 4:1b0d80432c79 | 1774 | case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break; |
wolfSSL | 4:1b0d80432c79 | 1775 | case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break; |
wolfSSL | 4:1b0d80432c79 | 1776 | case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break; |
wolfSSL | 4:1b0d80432c79 | 1777 | case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break; |
wolfSSL | 4:1b0d80432c79 | 1778 | |
wolfSSL | 4:1b0d80432c79 | 1779 | default: |
wolfSSL | 4:1b0d80432c79 | 1780 | SendAlert(ssl, alert_fatal, illegal_parameter); |
wolfSSL | 4:1b0d80432c79 | 1781 | |
wolfSSL | 4:1b0d80432c79 | 1782 | return UNKNOWN_MAX_FRAG_LEN_E; |
wolfSSL | 4:1b0d80432c79 | 1783 | } |
wolfSSL | 4:1b0d80432c79 | 1784 | |
wolfSSL | 4:1b0d80432c79 | 1785 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 1786 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 1787 | int r = TLSX_UseMaxFragment(&ssl->extensions, *input); |
wolfSSL | 4:1b0d80432c79 | 1788 | |
wolfSSL | 4:1b0d80432c79 | 1789 | if (r != SSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 4:1b0d80432c79 | 1790 | |
wolfSSL | 4:1b0d80432c79 | 1791 | TLSX_SetResponse(ssl, TLSX_MAX_FRAGMENT_LENGTH); |
wolfSSL | 4:1b0d80432c79 | 1792 | } |
wolfSSL | 4:1b0d80432c79 | 1793 | #endif |
wolfSSL | 4:1b0d80432c79 | 1794 | |
wolfSSL | 4:1b0d80432c79 | 1795 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1796 | } |
wolfSSL | 4:1b0d80432c79 | 1797 | |
wolfSSL | 4:1b0d80432c79 | 1798 | int TLSX_UseMaxFragment(TLSX** extensions, byte mfl) |
wolfSSL | 4:1b0d80432c79 | 1799 | { |
wolfSSL | 4:1b0d80432c79 | 1800 | byte* data = NULL; |
wolfSSL | 4:1b0d80432c79 | 1801 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 1802 | |
wolfSSL | 4:1b0d80432c79 | 1803 | if (extensions == NULL) |
wolfSSL | 4:1b0d80432c79 | 1804 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 1805 | |
wolfSSL | 4:1b0d80432c79 | 1806 | if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl) |
wolfSSL | 4:1b0d80432c79 | 1807 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 1808 | |
wolfSSL | 4:1b0d80432c79 | 1809 | if ((data = XMALLOC(ENUM_LEN, NULL, DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 4:1b0d80432c79 | 1810 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 1811 | |
wolfSSL | 4:1b0d80432c79 | 1812 | data[0] = mfl; |
wolfSSL | 4:1b0d80432c79 | 1813 | |
wolfSSL | 4:1b0d80432c79 | 1814 | /* push new MFL extension. */ |
wolfSSL | 4:1b0d80432c79 | 1815 | if ((ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data)) != 0) { |
wolfSSL | 4:1b0d80432c79 | 1816 | XFREE(data, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 1817 | return ret; |
wolfSSL | 4:1b0d80432c79 | 1818 | } |
wolfSSL | 4:1b0d80432c79 | 1819 | |
wolfSSL | 4:1b0d80432c79 | 1820 | return SSL_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 1821 | } |
wolfSSL | 4:1b0d80432c79 | 1822 | |
wolfSSL | 4:1b0d80432c79 | 1823 | |
wolfSSL | 4:1b0d80432c79 | 1824 | #define MFL_FREE_ALL(data) XFREE(data, 0, DYNAMIC_TYPE_TLSX) |
wolfSSL | 4:1b0d80432c79 | 1825 | #define MFL_GET_SIZE(data) ENUM_LEN |
wolfSSL | 4:1b0d80432c79 | 1826 | #define MFL_WRITE TLSX_MFL_Write |
wolfSSL | 4:1b0d80432c79 | 1827 | #define MFL_PARSE TLSX_MFL_Parse |
wolfSSL | 4:1b0d80432c79 | 1828 | |
wolfSSL | 4:1b0d80432c79 | 1829 | #else |
wolfSSL | 4:1b0d80432c79 | 1830 | |
wolfSSL | 4:1b0d80432c79 | 1831 | #define MFL_FREE_ALL(a) |
wolfSSL | 4:1b0d80432c79 | 1832 | #define MFL_GET_SIZE(a) 0 |
wolfSSL | 4:1b0d80432c79 | 1833 | #define MFL_WRITE(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 1834 | #define MFL_PARSE(a, b, c, d) 0 |
wolfSSL | 4:1b0d80432c79 | 1835 | |
wolfSSL | 4:1b0d80432c79 | 1836 | #endif /* HAVE_MAX_FRAGMENT */ |
wolfSSL | 4:1b0d80432c79 | 1837 | |
wolfSSL | 4:1b0d80432c79 | 1838 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 1839 | /* Truncated HMAC */ |
wolfSSL | 4:1b0d80432c79 | 1840 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 1841 | |
wolfSSL | 4:1b0d80432c79 | 1842 | #ifdef HAVE_TRUNCATED_HMAC |
wolfSSL | 4:1b0d80432c79 | 1843 | |
wolfSSL | 4:1b0d80432c79 | 1844 | static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 4:1b0d80432c79 | 1845 | byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 1846 | { |
wolfSSL | 4:1b0d80432c79 | 1847 | (void)isRequest; |
wolfSSL | 4:1b0d80432c79 | 1848 | |
wolfSSL | 4:1b0d80432c79 | 1849 | if (length != 0 || input == NULL) |
wolfSSL | 4:1b0d80432c79 | 1850 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 1851 | |
wolfSSL | 4:1b0d80432c79 | 1852 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 1853 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 1854 | int r = TLSX_UseTruncatedHMAC(&ssl->extensions); |
wolfSSL | 4:1b0d80432c79 | 1855 | |
wolfSSL | 4:1b0d80432c79 | 1856 | if (r != SSL_SUCCESS) |
wolfSSL | 4:1b0d80432c79 | 1857 | return r; /* throw error */ |
wolfSSL | 4:1b0d80432c79 | 1858 | |
wolfSSL | 4:1b0d80432c79 | 1859 | TLSX_SetResponse(ssl, TLSX_TRUNCATED_HMAC); |
wolfSSL | 4:1b0d80432c79 | 1860 | } |
wolfSSL | 4:1b0d80432c79 | 1861 | #endif |
wolfSSL | 4:1b0d80432c79 | 1862 | |
wolfSSL | 4:1b0d80432c79 | 1863 | ssl->truncated_hmac = 1; |
wolfSSL | 4:1b0d80432c79 | 1864 | |
wolfSSL | 4:1b0d80432c79 | 1865 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1866 | } |
wolfSSL | 4:1b0d80432c79 | 1867 | |
wolfSSL | 4:1b0d80432c79 | 1868 | int TLSX_UseTruncatedHMAC(TLSX** extensions) |
wolfSSL | 4:1b0d80432c79 | 1869 | { |
wolfSSL | 4:1b0d80432c79 | 1870 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 1871 | |
wolfSSL | 4:1b0d80432c79 | 1872 | if (extensions == NULL) |
wolfSSL | 4:1b0d80432c79 | 1873 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 1874 | |
wolfSSL | 4:1b0d80432c79 | 1875 | if ((ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL)) != 0) |
wolfSSL | 4:1b0d80432c79 | 1876 | return ret; |
wolfSSL | 4:1b0d80432c79 | 1877 | |
wolfSSL | 4:1b0d80432c79 | 1878 | return SSL_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 1879 | } |
wolfSSL | 4:1b0d80432c79 | 1880 | |
wolfSSL | 4:1b0d80432c79 | 1881 | #define THM_PARSE TLSX_THM_Parse |
wolfSSL | 4:1b0d80432c79 | 1882 | |
wolfSSL | 4:1b0d80432c79 | 1883 | #else |
wolfSSL | 4:1b0d80432c79 | 1884 | |
wolfSSL | 4:1b0d80432c79 | 1885 | #define THM_PARSE(a, b, c, d) 0 |
wolfSSL | 4:1b0d80432c79 | 1886 | |
wolfSSL | 4:1b0d80432c79 | 1887 | #endif /* HAVE_TRUNCATED_HMAC */ |
wolfSSL | 4:1b0d80432c79 | 1888 | |
wolfSSL | 4:1b0d80432c79 | 1889 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 1890 | /* Certificate Status Request */ |
wolfSSL | 4:1b0d80432c79 | 1891 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 1892 | |
wolfSSL | 4:1b0d80432c79 | 1893 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
wolfSSL | 4:1b0d80432c79 | 1894 | |
wolfSSL | 4:1b0d80432c79 | 1895 | static void TLSX_CSR_Free(CertificateStatusRequest* csr) |
wolfSSL | 4:1b0d80432c79 | 1896 | { |
wolfSSL | 4:1b0d80432c79 | 1897 | switch (csr->status_type) { |
wolfSSL | 4:1b0d80432c79 | 1898 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 4:1b0d80432c79 | 1899 | FreeOcspRequest(&csr->request.ocsp); |
wolfSSL | 4:1b0d80432c79 | 1900 | break; |
wolfSSL | 4:1b0d80432c79 | 1901 | } |
wolfSSL | 4:1b0d80432c79 | 1902 | |
wolfSSL | 4:1b0d80432c79 | 1903 | XFREE(csr, NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 1904 | } |
wolfSSL | 4:1b0d80432c79 | 1905 | |
wolfSSL | 4:1b0d80432c79 | 1906 | static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 1907 | { |
wolfSSL | 4:1b0d80432c79 | 1908 | word16 size = 0; |
wolfSSL | 4:1b0d80432c79 | 1909 | |
wolfSSL | 4:1b0d80432c79 | 1910 | /* shut up compiler warnings */ |
wolfSSL | 4:1b0d80432c79 | 1911 | (void) csr; (void) isRequest; |
wolfSSL | 4:1b0d80432c79 | 1912 | |
wolfSSL | 4:1b0d80432c79 | 1913 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 4:1b0d80432c79 | 1914 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 1915 | switch (csr->status_type) { |
wolfSSL | 4:1b0d80432c79 | 1916 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 4:1b0d80432c79 | 1917 | size += ENUM_LEN + 2 * OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1918 | |
wolfSSL | 4:1b0d80432c79 | 1919 | if (csr->request.ocsp.nonceSz) |
wolfSSL | 4:1b0d80432c79 | 1920 | size += OCSP_NONCE_EXT_SZ; |
wolfSSL | 4:1b0d80432c79 | 1921 | break; |
wolfSSL | 4:1b0d80432c79 | 1922 | } |
wolfSSL | 4:1b0d80432c79 | 1923 | } |
wolfSSL | 4:1b0d80432c79 | 1924 | #endif |
wolfSSL | 4:1b0d80432c79 | 1925 | |
wolfSSL | 4:1b0d80432c79 | 1926 | return size; |
wolfSSL | 4:1b0d80432c79 | 1927 | } |
wolfSSL | 4:1b0d80432c79 | 1928 | |
wolfSSL | 4:1b0d80432c79 | 1929 | static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, |
wolfSSL | 4:1b0d80432c79 | 1930 | byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 1931 | { |
wolfSSL | 4:1b0d80432c79 | 1932 | /* shut up compiler warnings */ |
wolfSSL | 4:1b0d80432c79 | 1933 | (void) csr; (void) output; (void) isRequest; |
wolfSSL | 4:1b0d80432c79 | 1934 | |
wolfSSL | 4:1b0d80432c79 | 1935 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 4:1b0d80432c79 | 1936 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 1937 | word16 offset = 0; |
wolfSSL | 4:1b0d80432c79 | 1938 | word16 length = 0; |
wolfSSL | 4:1b0d80432c79 | 1939 | |
wolfSSL | 4:1b0d80432c79 | 1940 | /* type */ |
wolfSSL | 4:1b0d80432c79 | 1941 | output[offset++] = csr->status_type; |
wolfSSL | 4:1b0d80432c79 | 1942 | |
wolfSSL | 4:1b0d80432c79 | 1943 | switch (csr->status_type) { |
wolfSSL | 4:1b0d80432c79 | 1944 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 4:1b0d80432c79 | 1945 | /* responder id list */ |
wolfSSL | 4:1b0d80432c79 | 1946 | c16toa(0, output + offset); |
wolfSSL | 4:1b0d80432c79 | 1947 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 1948 | |
wolfSSL | 4:1b0d80432c79 | 1949 | /* request extensions */ |
wolfSSL | 4:1b0d80432c79 | 1950 | if (csr->request.ocsp.nonceSz) |
wolfSSL | 4:1b0d80432c79 | 1951 | length = EncodeOcspRequestExtensions( |
wolfSSL | 4:1b0d80432c79 | 1952 | &csr->request.ocsp, |
wolfSSL | 4:1b0d80432c79 | 1953 | output + offset + OPAQUE16_LEN, |
wolfSSL | 4:1b0d80432c79 | 1954 | OCSP_NONCE_EXT_SZ); |
wolfSSL | 4:1b0d80432c79 | 1955 | |
wolfSSL | 4:1b0d80432c79 | 1956 | c16toa(length, output + offset); |
wolfSSL | 4:1b0d80432c79 | 1957 | offset += OPAQUE16_LEN + length; |
wolfSSL | 4:1b0d80432c79 | 1958 | |
wolfSSL | 4:1b0d80432c79 | 1959 | break; |
wolfSSL | 4:1b0d80432c79 | 1960 | } |
wolfSSL | 4:1b0d80432c79 | 1961 | |
wolfSSL | 4:1b0d80432c79 | 1962 | return offset; |
wolfSSL | 4:1b0d80432c79 | 1963 | } |
wolfSSL | 4:1b0d80432c79 | 1964 | #endif |
wolfSSL | 4:1b0d80432c79 | 1965 | |
wolfSSL | 4:1b0d80432c79 | 1966 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1967 | } |
wolfSSL | 4:1b0d80432c79 | 1968 | |
wolfSSL | 4:1b0d80432c79 | 1969 | static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 4:1b0d80432c79 | 1970 | byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 1971 | { |
wolfSSL | 4:1b0d80432c79 | 1972 | int ret; |
wolfSSL | 4:1b0d80432c79 | 1973 | |
wolfSSL | 4:1b0d80432c79 | 1974 | /* shut up compiler warnings */ |
wolfSSL | 4:1b0d80432c79 | 1975 | (void) ssl; (void) input; |
wolfSSL | 4:1b0d80432c79 | 1976 | |
wolfSSL | 4:1b0d80432c79 | 1977 | if (!isRequest) { |
wolfSSL | 4:1b0d80432c79 | 1978 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 4:1b0d80432c79 | 1979 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 4:1b0d80432c79 | 1980 | CertificateStatusRequest* csr = extension ? extension->data : NULL; |
wolfSSL | 4:1b0d80432c79 | 1981 | |
wolfSSL | 4:1b0d80432c79 | 1982 | if (!csr) { |
wolfSSL | 4:1b0d80432c79 | 1983 | /* look at context level */ |
wolfSSL | 4:1b0d80432c79 | 1984 | |
wolfSSL | 4:1b0d80432c79 | 1985 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 4:1b0d80432c79 | 1986 | csr = extension ? extension->data : NULL; |
wolfSSL | 4:1b0d80432c79 | 1987 | |
wolfSSL | 4:1b0d80432c79 | 1988 | if (!csr) |
wolfSSL | 4:1b0d80432c79 | 1989 | return BUFFER_ERROR; /* unexpected extension */ |
wolfSSL | 4:1b0d80432c79 | 1990 | |
wolfSSL | 4:1b0d80432c79 | 1991 | /* enable extension at ssl level */ |
wolfSSL | 4:1b0d80432c79 | 1992 | ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, |
wolfSSL | 4:1b0d80432c79 | 1993 | csr->status_type, csr->options); |
wolfSSL | 4:1b0d80432c79 | 1994 | if (ret != SSL_SUCCESS) |
wolfSSL | 4:1b0d80432c79 | 1995 | return ret; |
wolfSSL | 4:1b0d80432c79 | 1996 | |
wolfSSL | 4:1b0d80432c79 | 1997 | switch (csr->status_type) { |
wolfSSL | 4:1b0d80432c79 | 1998 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 4:1b0d80432c79 | 1999 | /* propagate nonce */ |
wolfSSL | 4:1b0d80432c79 | 2000 | if (csr->request.ocsp.nonceSz) { |
wolfSSL | 4:1b0d80432c79 | 2001 | OcspRequest* request = |
wolfSSL | 4:1b0d80432c79 | 2002 | TLSX_CSR_GetRequest(ssl->extensions); |
wolfSSL | 4:1b0d80432c79 | 2003 | |
wolfSSL | 4:1b0d80432c79 | 2004 | if (request) { |
wolfSSL | 4:1b0d80432c79 | 2005 | XMEMCPY(request->nonce, csr->request.ocsp.nonce, |
wolfSSL | 4:1b0d80432c79 | 2006 | csr->request.ocsp.nonceSz); |
wolfSSL | 4:1b0d80432c79 | 2007 | request->nonceSz = csr->request.ocsp.nonceSz; |
wolfSSL | 4:1b0d80432c79 | 2008 | } |
wolfSSL | 4:1b0d80432c79 | 2009 | } |
wolfSSL | 4:1b0d80432c79 | 2010 | break; |
wolfSSL | 4:1b0d80432c79 | 2011 | } |
wolfSSL | 4:1b0d80432c79 | 2012 | } |
wolfSSL | 4:1b0d80432c79 | 2013 | |
wolfSSL | 4:1b0d80432c79 | 2014 | ssl->status_request = 1; |
wolfSSL | 4:1b0d80432c79 | 2015 | |
wolfSSL | 4:1b0d80432c79 | 2016 | return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */ |
wolfSSL | 4:1b0d80432c79 | 2017 | #endif |
wolfSSL | 4:1b0d80432c79 | 2018 | } |
wolfSSL | 4:1b0d80432c79 | 2019 | else { |
wolfSSL | 4:1b0d80432c79 | 2020 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 2021 | byte status_type; |
wolfSSL | 4:1b0d80432c79 | 2022 | word16 offset = 0; |
wolfSSL | 4:1b0d80432c79 | 2023 | word16 size = 0; |
wolfSSL | 4:1b0d80432c79 | 2024 | |
wolfSSL | 4:1b0d80432c79 | 2025 | if (length < ENUM_LEN) |
wolfSSL | 4:1b0d80432c79 | 2026 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 2027 | |
wolfSSL | 4:1b0d80432c79 | 2028 | status_type = input[offset++]; |
wolfSSL | 4:1b0d80432c79 | 2029 | |
wolfSSL | 4:1b0d80432c79 | 2030 | switch (status_type) { |
wolfSSL | 4:1b0d80432c79 | 2031 | case WOLFSSL_CSR_OCSP: { |
wolfSSL | 4:1b0d80432c79 | 2032 | |
wolfSSL | 4:1b0d80432c79 | 2033 | /* skip responder_id_list */ |
wolfSSL | 4:1b0d80432c79 | 2034 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 4:1b0d80432c79 | 2035 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 2036 | |
wolfSSL | 4:1b0d80432c79 | 2037 | ato16(input + offset, &size); |
wolfSSL | 4:1b0d80432c79 | 2038 | offset += OPAQUE16_LEN + size; |
wolfSSL | 4:1b0d80432c79 | 2039 | |
wolfSSL | 4:1b0d80432c79 | 2040 | /* skip request_extensions */ |
wolfSSL | 4:1b0d80432c79 | 2041 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 4:1b0d80432c79 | 2042 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 2043 | |
wolfSSL | 4:1b0d80432c79 | 2044 | ato16(input + offset, &size); |
wolfSSL | 4:1b0d80432c79 | 2045 | offset += OPAQUE16_LEN + size; |
wolfSSL | 4:1b0d80432c79 | 2046 | |
wolfSSL | 4:1b0d80432c79 | 2047 | if (offset > length) |
wolfSSL | 4:1b0d80432c79 | 2048 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 2049 | |
wolfSSL | 4:1b0d80432c79 | 2050 | /* is able to send OCSP response? */ |
wolfSSL | 4:1b0d80432c79 | 2051 | if (ssl->ctx->cm == NULL || !ssl->ctx->cm->ocspStaplingEnabled) |
wolfSSL | 4:1b0d80432c79 | 2052 | return 0; |
wolfSSL | 4:1b0d80432c79 | 2053 | } |
wolfSSL | 4:1b0d80432c79 | 2054 | break; |
wolfSSL | 4:1b0d80432c79 | 2055 | } |
wolfSSL | 4:1b0d80432c79 | 2056 | |
wolfSSL | 4:1b0d80432c79 | 2057 | /* if using status_request and already sending it, skip this one */ |
wolfSSL | 4:1b0d80432c79 | 2058 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 |
wolfSSL | 4:1b0d80432c79 | 2059 | if (ssl->status_request_v2) |
wolfSSL | 4:1b0d80432c79 | 2060 | return 0; |
wolfSSL | 4:1b0d80432c79 | 2061 | #endif |
wolfSSL | 4:1b0d80432c79 | 2062 | |
wolfSSL | 4:1b0d80432c79 | 2063 | /* accept the first good status_type and return */ |
wolfSSL | 4:1b0d80432c79 | 2064 | ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type, |
wolfSSL | 4:1b0d80432c79 | 2065 | 0); |
wolfSSL | 4:1b0d80432c79 | 2066 | if (ret != SSL_SUCCESS) |
wolfSSL | 4:1b0d80432c79 | 2067 | return ret; /* throw error */ |
wolfSSL | 4:1b0d80432c79 | 2068 | |
wolfSSL | 4:1b0d80432c79 | 2069 | TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST); |
wolfSSL | 4:1b0d80432c79 | 2070 | ssl->status_request = status_type; |
wolfSSL | 4:1b0d80432c79 | 2071 | |
wolfSSL | 4:1b0d80432c79 | 2072 | #endif |
wolfSSL | 4:1b0d80432c79 | 2073 | } |
wolfSSL | 4:1b0d80432c79 | 2074 | |
wolfSSL | 4:1b0d80432c79 | 2075 | return 0; |
wolfSSL | 4:1b0d80432c79 | 2076 | } |
wolfSSL | 4:1b0d80432c79 | 2077 | |
wolfSSL | 4:1b0d80432c79 | 2078 | int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert) |
wolfSSL | 4:1b0d80432c79 | 2079 | { |
wolfSSL | 4:1b0d80432c79 | 2080 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 4:1b0d80432c79 | 2081 | CertificateStatusRequest* csr = extension ? extension->data : NULL; |
wolfSSL | 4:1b0d80432c79 | 2082 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 2083 | |
wolfSSL | 4:1b0d80432c79 | 2084 | if (csr) { |
wolfSSL | 4:1b0d80432c79 | 2085 | switch (csr->status_type) { |
wolfSSL | 4:1b0d80432c79 | 2086 | case WOLFSSL_CSR_OCSP: { |
wolfSSL | 4:1b0d80432c79 | 2087 | byte nonce[MAX_OCSP_NONCE_SZ]; |
wolfSSL | 4:1b0d80432c79 | 2088 | int nonceSz = csr->request.ocsp.nonceSz; |
wolfSSL | 4:1b0d80432c79 | 2089 | |
wolfSSL | 4:1b0d80432c79 | 2090 | /* preserve nonce */ |
wolfSSL | 4:1b0d80432c79 | 2091 | XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz); |
wolfSSL | 4:1b0d80432c79 | 2092 | |
wolfSSL | 4:1b0d80432c79 | 2093 | if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0)) != 0) |
wolfSSL | 4:1b0d80432c79 | 2094 | return ret; |
wolfSSL | 4:1b0d80432c79 | 2095 | |
wolfSSL | 4:1b0d80432c79 | 2096 | /* restore nonce */ |
wolfSSL | 4:1b0d80432c79 | 2097 | XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz); |
wolfSSL | 4:1b0d80432c79 | 2098 | csr->request.ocsp.nonceSz = nonceSz; |
wolfSSL | 4:1b0d80432c79 | 2099 | } |
wolfSSL | 4:1b0d80432c79 | 2100 | break; |
wolfSSL | 4:1b0d80432c79 | 2101 | } |
wolfSSL | 4:1b0d80432c79 | 2102 | } |
wolfSSL | 4:1b0d80432c79 | 2103 | |
wolfSSL | 4:1b0d80432c79 | 2104 | return ret; |
wolfSSL | 4:1b0d80432c79 | 2105 | } |
wolfSSL | 4:1b0d80432c79 | 2106 | |
wolfSSL | 4:1b0d80432c79 | 2107 | void* TLSX_CSR_GetRequest(TLSX* extensions) |
wolfSSL | 4:1b0d80432c79 | 2108 | { |
wolfSSL | 4:1b0d80432c79 | 2109 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 4:1b0d80432c79 | 2110 | CertificateStatusRequest* csr = extension ? extension->data : NULL; |
wolfSSL | 4:1b0d80432c79 | 2111 | |
wolfSSL | 4:1b0d80432c79 | 2112 | if (csr) { |
wolfSSL | 4:1b0d80432c79 | 2113 | switch (csr->status_type) { |
wolfSSL | 4:1b0d80432c79 | 2114 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 4:1b0d80432c79 | 2115 | return &csr->request.ocsp; |
wolfSSL | 4:1b0d80432c79 | 2116 | break; |
wolfSSL | 4:1b0d80432c79 | 2117 | } |
wolfSSL | 4:1b0d80432c79 | 2118 | } |
wolfSSL | 4:1b0d80432c79 | 2119 | |
wolfSSL | 4:1b0d80432c79 | 2120 | return NULL; |
wolfSSL | 4:1b0d80432c79 | 2121 | } |
wolfSSL | 4:1b0d80432c79 | 2122 | |
wolfSSL | 4:1b0d80432c79 | 2123 | int TLSX_CSR_ForceRequest(WOLFSSL* ssl) |
wolfSSL | 4:1b0d80432c79 | 2124 | { |
wolfSSL | 4:1b0d80432c79 | 2125 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 4:1b0d80432c79 | 2126 | CertificateStatusRequest* csr = extension ? extension->data : NULL; |
wolfSSL | 4:1b0d80432c79 | 2127 | |
wolfSSL | 4:1b0d80432c79 | 2128 | if (csr) { |
wolfSSL | 4:1b0d80432c79 | 2129 | switch (csr->status_type) { |
wolfSSL | 4:1b0d80432c79 | 2130 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 4:1b0d80432c79 | 2131 | if (ssl->ctx->cm->ocspEnabled) |
wolfSSL | 4:1b0d80432c79 | 2132 | return CheckOcspRequest(ssl->ctx->cm->ocsp, |
wolfSSL | 4:1b0d80432c79 | 2133 | &csr->request.ocsp, NULL); |
wolfSSL | 4:1b0d80432c79 | 2134 | else |
wolfSSL | 4:1b0d80432c79 | 2135 | return OCSP_LOOKUP_FAIL; |
wolfSSL | 4:1b0d80432c79 | 2136 | } |
wolfSSL | 4:1b0d80432c79 | 2137 | } |
wolfSSL | 4:1b0d80432c79 | 2138 | |
wolfSSL | 4:1b0d80432c79 | 2139 | return 0; |
wolfSSL | 4:1b0d80432c79 | 2140 | } |
wolfSSL | 4:1b0d80432c79 | 2141 | |
wolfSSL | 4:1b0d80432c79 | 2142 | int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, |
wolfSSL | 4:1b0d80432c79 | 2143 | byte options) |
wolfSSL | 4:1b0d80432c79 | 2144 | { |
wolfSSL | 4:1b0d80432c79 | 2145 | CertificateStatusRequest* csr = NULL; |
wolfSSL | 4:1b0d80432c79 | 2146 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 2147 | |
wolfSSL | 4:1b0d80432c79 | 2148 | if (!extensions || status_type != WOLFSSL_CSR_OCSP) |
wolfSSL | 4:1b0d80432c79 | 2149 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 2150 | |
wolfSSL | 4:1b0d80432c79 | 2151 | csr = (CertificateStatusRequest*) |
wolfSSL | 4:1b0d80432c79 | 2152 | XMALLOC(sizeof(CertificateStatusRequest), NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 2153 | if (!csr) |
wolfSSL | 4:1b0d80432c79 | 2154 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 2155 | |
wolfSSL | 4:1b0d80432c79 | 2156 | ForceZero(csr, sizeof(CertificateStatusRequest)); |
wolfSSL | 4:1b0d80432c79 | 2157 | |
wolfSSL | 4:1b0d80432c79 | 2158 | csr->status_type = status_type; |
wolfSSL | 4:1b0d80432c79 | 2159 | csr->options = options; |
wolfSSL | 4:1b0d80432c79 | 2160 | |
wolfSSL | 4:1b0d80432c79 | 2161 | switch (csr->status_type) { |
wolfSSL | 4:1b0d80432c79 | 2162 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 4:1b0d80432c79 | 2163 | if (options & WOLFSSL_CSR_OCSP_USE_NONCE) { |
wolfSSL | 4:1b0d80432c79 | 2164 | WC_RNG rng; |
wolfSSL | 4:1b0d80432c79 | 2165 | |
wolfSSL | 4:1b0d80432c79 | 2166 | if (wc_InitRng(&rng) == 0) { |
wolfSSL | 4:1b0d80432c79 | 2167 | if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce, |
wolfSSL | 4:1b0d80432c79 | 2168 | MAX_OCSP_NONCE_SZ) == 0) |
wolfSSL | 4:1b0d80432c79 | 2169 | csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ; |
wolfSSL | 4:1b0d80432c79 | 2170 | |
wolfSSL | 4:1b0d80432c79 | 2171 | wc_FreeRng(&rng); |
wolfSSL | 4:1b0d80432c79 | 2172 | } |
wolfSSL | 4:1b0d80432c79 | 2173 | } |
wolfSSL | 4:1b0d80432c79 | 2174 | break; |
wolfSSL | 4:1b0d80432c79 | 2175 | } |
wolfSSL | 4:1b0d80432c79 | 2176 | |
wolfSSL | 4:1b0d80432c79 | 2177 | if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST, csr)) != 0) { |
wolfSSL | 4:1b0d80432c79 | 2178 | XFREE(csr, NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 2179 | return ret; |
wolfSSL | 4:1b0d80432c79 | 2180 | } |
wolfSSL | 4:1b0d80432c79 | 2181 | |
wolfSSL | 4:1b0d80432c79 | 2182 | return SSL_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 2183 | } |
wolfSSL | 4:1b0d80432c79 | 2184 | |
wolfSSL | 4:1b0d80432c79 | 2185 | #define CSR_FREE_ALL TLSX_CSR_Free |
wolfSSL | 4:1b0d80432c79 | 2186 | #define CSR_GET_SIZE TLSX_CSR_GetSize |
wolfSSL | 4:1b0d80432c79 | 2187 | #define CSR_WRITE TLSX_CSR_Write |
wolfSSL | 4:1b0d80432c79 | 2188 | #define CSR_PARSE TLSX_CSR_Parse |
wolfSSL | 4:1b0d80432c79 | 2189 | |
wolfSSL | 4:1b0d80432c79 | 2190 | #else |
wolfSSL | 4:1b0d80432c79 | 2191 | |
wolfSSL | 4:1b0d80432c79 | 2192 | #define CSR_FREE_ALL(data) |
wolfSSL | 4:1b0d80432c79 | 2193 | #define CSR_GET_SIZE(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 2194 | #define CSR_WRITE(a, b, c) 0 |
wolfSSL | 4:1b0d80432c79 | 2195 | #define CSR_PARSE(a, b, c, d) 0 |
wolfSSL | 4:1b0d80432c79 | 2196 | |
wolfSSL | 4:1b0d80432c79 | 2197 | #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ |
wolfSSL | 4:1b0d80432c79 | 2198 | |
wolfSSL | 4:1b0d80432c79 | 2199 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 2200 | /* Certificate Status Request v2 */ |
wolfSSL | 4:1b0d80432c79 | 2201 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 2202 | |
wolfSSL | 4:1b0d80432c79 | 2203 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 |
wolfSSL | 4:1b0d80432c79 | 2204 | |
wolfSSL | 4:1b0d80432c79 | 2205 | static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2) |
wolfSSL | 4:1b0d80432c79 | 2206 | { |
wolfSSL | 4:1b0d80432c79 | 2207 | CertificateStatusRequestItemV2* next; |
wolfSSL | 4:1b0d80432c79 | 2208 | |
wolfSSL | 4:1b0d80432c79 | 2209 | for (; csr2; csr2 = next) { |
wolfSSL | 4:1b0d80432c79 | 2210 | next = csr2->next; |
wolfSSL | 4:1b0d80432c79 | 2211 | |
wolfSSL | 4:1b0d80432c79 | 2212 | switch (csr2->status_type) { |
wolfSSL | 4:1b0d80432c79 | 2213 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 4:1b0d80432c79 | 2214 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 4:1b0d80432c79 | 2215 | while(csr2->requests--) |
wolfSSL | 4:1b0d80432c79 | 2216 | FreeOcspRequest(&csr2->request.ocsp[csr2->requests]); |
wolfSSL | 4:1b0d80432c79 | 2217 | break; |
wolfSSL | 4:1b0d80432c79 | 2218 | } |
wolfSSL | 4:1b0d80432c79 | 2219 | |
wolfSSL | 4:1b0d80432c79 | 2220 | XFREE(csr2, NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 2221 | } |
wolfSSL | 4:1b0d80432c79 | 2222 | } |
wolfSSL | 4:1b0d80432c79 | 2223 | |
wolfSSL | 4:1b0d80432c79 | 2224 | static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2, |
wolfSSL | 4:1b0d80432c79 | 2225 | byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 2226 | { |
wolfSSL | 4:1b0d80432c79 | 2227 | word16 size = 0; |
wolfSSL | 4:1b0d80432c79 | 2228 | |
wolfSSL | 4:1b0d80432c79 | 2229 | /* shut up compiler warnings */ |
wolfSSL | 4:1b0d80432c79 | 2230 | (void) csr2; (void) isRequest; |
wolfSSL | 4:1b0d80432c79 | 2231 | |
wolfSSL | 4:1b0d80432c79 | 2232 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 4:1b0d80432c79 | 2233 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 2234 | CertificateStatusRequestItemV2* next; |
wolfSSL | 4:1b0d80432c79 | 2235 | |
wolfSSL | 4:1b0d80432c79 | 2236 | for (size = OPAQUE16_LEN; csr2; csr2 = next) { |
wolfSSL | 4:1b0d80432c79 | 2237 | next = csr2->next; |
wolfSSL | 4:1b0d80432c79 | 2238 | |
wolfSSL | 4:1b0d80432c79 | 2239 | switch (csr2->status_type) { |
wolfSSL | 4:1b0d80432c79 | 2240 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 4:1b0d80432c79 | 2241 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 4:1b0d80432c79 | 2242 | size += ENUM_LEN + 3 * OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 2243 | |
wolfSSL | 4:1b0d80432c79 | 2244 | if (csr2->request.ocsp[0].nonceSz) |
wolfSSL | 4:1b0d80432c79 | 2245 | size += OCSP_NONCE_EXT_SZ; |
wolfSSL | 4:1b0d80432c79 | 2246 | break; |
wolfSSL | 4:1b0d80432c79 | 2247 | } |
wolfSSL | 4:1b0d80432c79 | 2248 | } |
wolfSSL | 4:1b0d80432c79 | 2249 | } |
wolfSSL | 4:1b0d80432c79 | 2250 | #endif |
wolfSSL | 4:1b0d80432c79 | 2251 | |
wolfSSL | 4:1b0d80432c79 | 2252 | return size; |
wolfSSL | 4:1b0d80432c79 | 2253 | } |
wolfSSL | 4:1b0d80432c79 | 2254 | |
wolfSSL | 4:1b0d80432c79 | 2255 | static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2, |
wolfSSL | 4:1b0d80432c79 | 2256 | byte* output, byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 2257 | { |
wolfSSL | 4:1b0d80432c79 | 2258 | /* shut up compiler warnings */ |
wolfSSL | 4:1b0d80432c79 | 2259 | (void) csr2; (void) output; (void) isRequest; |
wolfSSL | 4:1b0d80432c79 | 2260 | |
wolfSSL | 4:1b0d80432c79 | 2261 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 4:1b0d80432c79 | 2262 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 2263 | word16 offset; |
wolfSSL | 4:1b0d80432c79 | 2264 | word16 length; |
wolfSSL | 4:1b0d80432c79 | 2265 | |
wolfSSL | 4:1b0d80432c79 | 2266 | for (offset = OPAQUE16_LEN; csr2 != NULL; csr2 = csr2->next) { |
wolfSSL | 4:1b0d80432c79 | 2267 | /* status_type */ |
wolfSSL | 4:1b0d80432c79 | 2268 | output[offset++] = csr2->status_type; |
wolfSSL | 4:1b0d80432c79 | 2269 | |
wolfSSL | 4:1b0d80432c79 | 2270 | /* request */ |
wolfSSL | 4:1b0d80432c79 | 2271 | switch (csr2->status_type) { |
wolfSSL | 4:1b0d80432c79 | 2272 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 4:1b0d80432c79 | 2273 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 4:1b0d80432c79 | 2274 | /* request_length */ |
wolfSSL | 4:1b0d80432c79 | 2275 | length = 2 * OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 2276 | |
wolfSSL | 4:1b0d80432c79 | 2277 | if (csr2->request.ocsp[0].nonceSz) |
wolfSSL | 4:1b0d80432c79 | 2278 | length += OCSP_NONCE_EXT_SZ; |
wolfSSL | 4:1b0d80432c79 | 2279 | |
wolfSSL | 4:1b0d80432c79 | 2280 | c16toa(length, output + offset); |
wolfSSL | 4:1b0d80432c79 | 2281 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 2282 | |
wolfSSL | 4:1b0d80432c79 | 2283 | /* responder id list */ |
wolfSSL | 4:1b0d80432c79 | 2284 | c16toa(0, output + offset); |
wolfSSL | 4:1b0d80432c79 | 2285 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 2286 | |
wolfSSL | 4:1b0d80432c79 | 2287 | /* request extensions */ |
wolfSSL | 4:1b0d80432c79 | 2288 | length = 0; |
wolfSSL | 4:1b0d80432c79 | 2289 | |
wolfSSL | 4:1b0d80432c79 | 2290 | if (csr2->request.ocsp[0].nonceSz) |
wolfSSL | 4:1b0d80432c79 | 2291 | length = EncodeOcspRequestExtensions( |
wolfSSL | 4:1b0d80432c79 | 2292 | &csr2->request.ocsp[0], |
wolfSSL | 4:1b0d80432c79 | 2293 | output + offset + OPAQUE16_LEN, |
wolfSSL | 4:1b0d80432c79 | 2294 | OCSP_NONCE_EXT_SZ); |
wolfSSL | 4:1b0d80432c79 | 2295 | |
wolfSSL | 4:1b0d80432c79 | 2296 | c16toa(length, output + offset); |
wolfSSL | 4:1b0d80432c79 | 2297 | offset += OPAQUE16_LEN + length; |
wolfSSL | 4:1b0d80432c79 | 2298 | break; |
wolfSSL | 4:1b0d80432c79 | 2299 | } |
wolfSSL | 4:1b0d80432c79 | 2300 | } |
wolfSSL | 4:1b0d80432c79 | 2301 | |
wolfSSL | 4:1b0d80432c79 | 2302 | /* list size */ |
wolfSSL | 4:1b0d80432c79 | 2303 | c16toa(offset - OPAQUE16_LEN, output); |
wolfSSL | 4:1b0d80432c79 | 2304 | |
wolfSSL | 4:1b0d80432c79 | 2305 | return offset; |
wolfSSL | 4:1b0d80432c79 | 2306 | } |
wolfSSL | 4:1b0d80432c79 | 2307 | #endif |
wolfSSL | 4:1b0d80432c79 | 2308 | |
wolfSSL | 4:1b0d80432c79 | 2309 | return 0; |
wolfSSL | 4:1b0d80432c79 | 2310 | } |
wolfSSL | 4:1b0d80432c79 | 2311 | |
wolfSSL | 4:1b0d80432c79 | 2312 | static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 4:1b0d80432c79 | 2313 | byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 2314 | { |
wolfSSL | 4:1b0d80432c79 | 2315 | int ret; |
wolfSSL | 4:1b0d80432c79 | 2316 | |
wolfSSL | 4:1b0d80432c79 | 2317 | /* shut up compiler warnings */ |
wolfSSL | 4:1b0d80432c79 | 2318 | (void) ssl; (void) input; |
wolfSSL | 4:1b0d80432c79 | 2319 | |
wolfSSL | 4:1b0d80432c79 | 2320 | if (!isRequest) { |
wolfSSL | 4:1b0d80432c79 | 2321 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 4:1b0d80432c79 | 2322 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 4:1b0d80432c79 | 2323 | CertificateStatusRequestItemV2* csr2 = extension ? extension->data |
wolfSSL | 4:1b0d80432c79 | 2324 | : NULL; |
wolfSSL | 4:1b0d80432c79 | 2325 | |
wolfSSL | 4:1b0d80432c79 | 2326 | if (!csr2) { |
wolfSSL | 4:1b0d80432c79 | 2327 | /* look at context level */ |
wolfSSL | 4:1b0d80432c79 | 2328 | |
wolfSSL | 4:1b0d80432c79 | 2329 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 4:1b0d80432c79 | 2330 | csr2 = extension ? extension->data : NULL; |
wolfSSL | 4:1b0d80432c79 | 2331 | |
wolfSSL | 4:1b0d80432c79 | 2332 | if (!csr2) |
wolfSSL | 4:1b0d80432c79 | 2333 | return BUFFER_ERROR; /* unexpected extension */ |
wolfSSL | 4:1b0d80432c79 | 2334 | |
wolfSSL | 4:1b0d80432c79 | 2335 | /* enable extension at ssl level */ |
wolfSSL | 4:1b0d80432c79 | 2336 | for (; csr2; csr2 = csr2->next) { |
wolfSSL | 4:1b0d80432c79 | 2337 | ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, |
wolfSSL | 4:1b0d80432c79 | 2338 | csr2->status_type, csr2->options); |
wolfSSL | 4:1b0d80432c79 | 2339 | if (ret != SSL_SUCCESS) |
wolfSSL | 4:1b0d80432c79 | 2340 | return ret; |
wolfSSL | 4:1b0d80432c79 | 2341 | |
wolfSSL | 4:1b0d80432c79 | 2342 | switch (csr2->status_type) { |
wolfSSL | 4:1b0d80432c79 | 2343 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 4:1b0d80432c79 | 2344 | /* followed by */ |
wolfSSL | 4:1b0d80432c79 | 2345 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 4:1b0d80432c79 | 2346 | /* propagate nonce */ |
wolfSSL | 4:1b0d80432c79 | 2347 | if (csr2->request.ocsp[0].nonceSz) { |
wolfSSL | 4:1b0d80432c79 | 2348 | OcspRequest* request = |
wolfSSL | 4:1b0d80432c79 | 2349 | TLSX_CSR2_GetRequest(ssl->extensions, |
wolfSSL | 4:1b0d80432c79 | 2350 | csr2->status_type, 0); |
wolfSSL | 4:1b0d80432c79 | 2351 | |
wolfSSL | 4:1b0d80432c79 | 2352 | if (request) { |
wolfSSL | 4:1b0d80432c79 | 2353 | XMEMCPY(request->nonce, |
wolfSSL | 4:1b0d80432c79 | 2354 | csr2->request.ocsp[0].nonce, |
wolfSSL | 4:1b0d80432c79 | 2355 | csr2->request.ocsp[0].nonceSz); |
wolfSSL | 4:1b0d80432c79 | 2356 | |
wolfSSL | 4:1b0d80432c79 | 2357 | request->nonceSz = |
wolfSSL | 4:1b0d80432c79 | 2358 | csr2->request.ocsp[0].nonceSz; |
wolfSSL | 4:1b0d80432c79 | 2359 | } |
wolfSSL | 4:1b0d80432c79 | 2360 | } |
wolfSSL | 4:1b0d80432c79 | 2361 | break; |
wolfSSL | 4:1b0d80432c79 | 2362 | } |
wolfSSL | 4:1b0d80432c79 | 2363 | } |
wolfSSL | 4:1b0d80432c79 | 2364 | |
wolfSSL | 4:1b0d80432c79 | 2365 | } |
wolfSSL | 4:1b0d80432c79 | 2366 | |
wolfSSL | 4:1b0d80432c79 | 2367 | ssl->status_request_v2 = 1; |
wolfSSL | 4:1b0d80432c79 | 2368 | |
wolfSSL | 4:1b0d80432c79 | 2369 | return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */ |
wolfSSL | 4:1b0d80432c79 | 2370 | #endif |
wolfSSL | 4:1b0d80432c79 | 2371 | } |
wolfSSL | 4:1b0d80432c79 | 2372 | else { |
wolfSSL | 4:1b0d80432c79 | 2373 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 2374 | byte status_type; |
wolfSSL | 4:1b0d80432c79 | 2375 | word16 request_length; |
wolfSSL | 4:1b0d80432c79 | 2376 | word16 offset = 0; |
wolfSSL | 4:1b0d80432c79 | 2377 | word16 size = 0; |
wolfSSL | 4:1b0d80432c79 | 2378 | |
wolfSSL | 4:1b0d80432c79 | 2379 | /* list size */ |
wolfSSL | 4:1b0d80432c79 | 2380 | ato16(input + offset, &request_length); |
wolfSSL | 4:1b0d80432c79 | 2381 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 2382 | |
wolfSSL | 4:1b0d80432c79 | 2383 | if (length - OPAQUE16_LEN != request_length) |
wolfSSL | 4:1b0d80432c79 | 2384 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 2385 | |
wolfSSL | 4:1b0d80432c79 | 2386 | while (length > offset) { |
wolfSSL | 4:1b0d80432c79 | 2387 | if (length - offset < ENUM_LEN + OPAQUE16_LEN) |
wolfSSL | 4:1b0d80432c79 | 2388 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 2389 | |
wolfSSL | 4:1b0d80432c79 | 2390 | status_type = input[offset++]; |
wolfSSL | 4:1b0d80432c79 | 2391 | |
wolfSSL | 4:1b0d80432c79 | 2392 | ato16(input + offset, &request_length); |
wolfSSL | 4:1b0d80432c79 | 2393 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 2394 | |
wolfSSL | 4:1b0d80432c79 | 2395 | if (length - offset < request_length) |
wolfSSL | 4:1b0d80432c79 | 2396 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 2397 | |
wolfSSL | 4:1b0d80432c79 | 2398 | switch (status_type) { |
wolfSSL | 4:1b0d80432c79 | 2399 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 4:1b0d80432c79 | 2400 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 4:1b0d80432c79 | 2401 | /* skip responder_id_list */ |
wolfSSL | 4:1b0d80432c79 | 2402 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 4:1b0d80432c79 | 2403 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 2404 | |
wolfSSL | 4:1b0d80432c79 | 2405 | ato16(input + offset, &size); |
wolfSSL | 4:1b0d80432c79 | 2406 | offset += OPAQUE16_LEN + size; |
wolfSSL | 4:1b0d80432c79 | 2407 | |
wolfSSL | 4:1b0d80432c79 | 2408 | /* skip request_extensions */ |
wolfSSL | 4:1b0d80432c79 | 2409 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 4:1b0d80432c79 | 2410 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 2411 | |
wolfSSL | 4:1b0d80432c79 | 2412 | ato16(input + offset, &size); |
wolfSSL | 4:1b0d80432c79 | 2413 | offset += OPAQUE16_LEN + size; |
wolfSSL | 4:1b0d80432c79 | 2414 | |
wolfSSL | 4:1b0d80432c79 | 2415 | if (offset > length) |
wolfSSL | 4:1b0d80432c79 | 2416 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 2417 | |
wolfSSL | 4:1b0d80432c79 | 2418 | /* is able to send OCSP response? */ |
wolfSSL | 4:1b0d80432c79 | 2419 | if (ssl->ctx->cm == NULL |
wolfSSL | 4:1b0d80432c79 | 2420 | || !ssl->ctx->cm->ocspStaplingEnabled) |
wolfSSL | 4:1b0d80432c79 | 2421 | continue; |
wolfSSL | 4:1b0d80432c79 | 2422 | break; |
wolfSSL | 4:1b0d80432c79 | 2423 | |
wolfSSL | 4:1b0d80432c79 | 2424 | default: |
wolfSSL | 4:1b0d80432c79 | 2425 | /* unknown status type, skipping! */ |
wolfSSL | 4:1b0d80432c79 | 2426 | offset += request_length; |
wolfSSL | 4:1b0d80432c79 | 2427 | continue; |
wolfSSL | 4:1b0d80432c79 | 2428 | } |
wolfSSL | 4:1b0d80432c79 | 2429 | |
wolfSSL | 4:1b0d80432c79 | 2430 | /* if using status_request and already sending it, skip this one */ |
wolfSSL | 4:1b0d80432c79 | 2431 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
wolfSSL | 4:1b0d80432c79 | 2432 | if (ssl->status_request) |
wolfSSL | 4:1b0d80432c79 | 2433 | return 0; |
wolfSSL | 4:1b0d80432c79 | 2434 | #endif |
wolfSSL | 4:1b0d80432c79 | 2435 | |
wolfSSL | 4:1b0d80432c79 | 2436 | /* accept the first good status_type and return */ |
wolfSSL | 4:1b0d80432c79 | 2437 | ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, |
wolfSSL | 4:1b0d80432c79 | 2438 | status_type, 0); |
wolfSSL | 4:1b0d80432c79 | 2439 | if (ret != SSL_SUCCESS) |
wolfSSL | 4:1b0d80432c79 | 2440 | return ret; /* throw error */ |
wolfSSL | 4:1b0d80432c79 | 2441 | |
wolfSSL | 4:1b0d80432c79 | 2442 | TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 4:1b0d80432c79 | 2443 | ssl->status_request_v2 = status_type; |
wolfSSL | 4:1b0d80432c79 | 2444 | |
wolfSSL | 4:1b0d80432c79 | 2445 | return 0; |
wolfSSL | 4:1b0d80432c79 | 2446 | } |
wolfSSL | 4:1b0d80432c79 | 2447 | #endif |
wolfSSL | 4:1b0d80432c79 | 2448 | } |
wolfSSL | 4:1b0d80432c79 | 2449 | |
wolfSSL | 4:1b0d80432c79 | 2450 | return 0; |
wolfSSL | 4:1b0d80432c79 | 2451 | } |
wolfSSL | 4:1b0d80432c79 | 2452 | |
wolfSSL | 4:1b0d80432c79 | 2453 | int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer) |
wolfSSL | 4:1b0d80432c79 | 2454 | { |
wolfSSL | 4:1b0d80432c79 | 2455 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 4:1b0d80432c79 | 2456 | CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; |
wolfSSL | 4:1b0d80432c79 | 2457 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 2458 | |
wolfSSL | 4:1b0d80432c79 | 2459 | for (; csr2; csr2 = csr2->next) { |
wolfSSL | 4:1b0d80432c79 | 2460 | switch (csr2->status_type) { |
wolfSSL | 4:1b0d80432c79 | 2461 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 4:1b0d80432c79 | 2462 | if (!isPeer || csr2->requests != 0) |
wolfSSL | 4:1b0d80432c79 | 2463 | break; |
wolfSSL | 4:1b0d80432c79 | 2464 | |
wolfSSL | 4:1b0d80432c79 | 2465 | /* followed by */ |
wolfSSL | 4:1b0d80432c79 | 2466 | |
wolfSSL | 4:1b0d80432c79 | 2467 | case WOLFSSL_CSR2_OCSP_MULTI: { |
wolfSSL | 4:1b0d80432c79 | 2468 | if (csr2->requests < 1 + MAX_CHAIN_DEPTH) { |
wolfSSL | 4:1b0d80432c79 | 2469 | byte nonce[MAX_OCSP_NONCE_SZ]; |
wolfSSL | 4:1b0d80432c79 | 2470 | int nonceSz = csr2->request.ocsp[0].nonceSz; |
wolfSSL | 4:1b0d80432c79 | 2471 | |
wolfSSL | 4:1b0d80432c79 | 2472 | /* preserve nonce, replicating nonce of ocsp[0] */ |
wolfSSL | 4:1b0d80432c79 | 2473 | XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz); |
wolfSSL | 4:1b0d80432c79 | 2474 | |
wolfSSL | 4:1b0d80432c79 | 2475 | if ((ret = InitOcspRequest( |
wolfSSL | 4:1b0d80432c79 | 2476 | &csr2->request.ocsp[csr2->requests], cert, 0)) != 0) |
wolfSSL | 4:1b0d80432c79 | 2477 | return ret; |
wolfSSL | 4:1b0d80432c79 | 2478 | |
wolfSSL | 4:1b0d80432c79 | 2479 | /* restore nonce */ |
wolfSSL | 4:1b0d80432c79 | 2480 | XMEMCPY(csr2->request.ocsp[csr2->requests].nonce, |
wolfSSL | 4:1b0d80432c79 | 2481 | nonce, nonceSz); |
wolfSSL | 4:1b0d80432c79 | 2482 | csr2->request.ocsp[csr2->requests].nonceSz = nonceSz; |
wolfSSL | 4:1b0d80432c79 | 2483 | csr2->requests++; |
wolfSSL | 4:1b0d80432c79 | 2484 | } |
wolfSSL | 4:1b0d80432c79 | 2485 | } |
wolfSSL | 4:1b0d80432c79 | 2486 | break; |
wolfSSL | 4:1b0d80432c79 | 2487 | } |
wolfSSL | 4:1b0d80432c79 | 2488 | } |
wolfSSL | 4:1b0d80432c79 | 2489 | |
wolfSSL | 4:1b0d80432c79 | 2490 | return ret; |
wolfSSL | 4:1b0d80432c79 | 2491 | } |
wolfSSL | 4:1b0d80432c79 | 2492 | |
wolfSSL | 4:1b0d80432c79 | 2493 | void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte index) |
wolfSSL | 4:1b0d80432c79 | 2494 | { |
wolfSSL | 4:1b0d80432c79 | 2495 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 4:1b0d80432c79 | 2496 | CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; |
wolfSSL | 4:1b0d80432c79 | 2497 | |
wolfSSL | 4:1b0d80432c79 | 2498 | for (; csr2; csr2 = csr2->next) { |
wolfSSL | 4:1b0d80432c79 | 2499 | if (csr2->status_type == status_type) { |
wolfSSL | 4:1b0d80432c79 | 2500 | switch (csr2->status_type) { |
wolfSSL | 4:1b0d80432c79 | 2501 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 4:1b0d80432c79 | 2502 | /* followed by */ |
wolfSSL | 4:1b0d80432c79 | 2503 | |
wolfSSL | 4:1b0d80432c79 | 2504 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 4:1b0d80432c79 | 2505 | /* requests are initialized in the reverse order */ |
wolfSSL | 4:1b0d80432c79 | 2506 | return index < csr2->requests |
wolfSSL | 4:1b0d80432c79 | 2507 | ? &csr2->request.ocsp[csr2->requests - index - 1] |
wolfSSL | 4:1b0d80432c79 | 2508 | : NULL; |
wolfSSL | 4:1b0d80432c79 | 2509 | break; |
wolfSSL | 4:1b0d80432c79 | 2510 | } |
wolfSSL | 4:1b0d80432c79 | 2511 | } |
wolfSSL | 4:1b0d80432c79 | 2512 | } |
wolfSSL | 4:1b0d80432c79 | 2513 | |
wolfSSL | 4:1b0d80432c79 | 2514 | return NULL; |
wolfSSL | 4:1b0d80432c79 | 2515 | } |
wolfSSL | 4:1b0d80432c79 | 2516 | |
wolfSSL | 4:1b0d80432c79 | 2517 | int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) |
wolfSSL | 4:1b0d80432c79 | 2518 | { |
wolfSSL | 4:1b0d80432c79 | 2519 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 4:1b0d80432c79 | 2520 | CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; |
wolfSSL | 4:1b0d80432c79 | 2521 | |
wolfSSL | 4:1b0d80432c79 | 2522 | /* forces only the first one */ |
wolfSSL | 4:1b0d80432c79 | 2523 | if (csr2) { |
wolfSSL | 4:1b0d80432c79 | 2524 | switch (csr2->status_type) { |
wolfSSL | 4:1b0d80432c79 | 2525 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 4:1b0d80432c79 | 2526 | /* followed by */ |
wolfSSL | 4:1b0d80432c79 | 2527 | |
wolfSSL | 4:1b0d80432c79 | 2528 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 4:1b0d80432c79 | 2529 | if (ssl->ctx->cm->ocspEnabled) |
wolfSSL | 4:1b0d80432c79 | 2530 | return CheckOcspRequest(ssl->ctx->cm->ocsp, |
wolfSSL | 4:1b0d80432c79 | 2531 | &csr2->request.ocsp[0], NULL); |
wolfSSL | 4:1b0d80432c79 | 2532 | else |
wolfSSL | 4:1b0d80432c79 | 2533 | return OCSP_LOOKUP_FAIL; |
wolfSSL | 4:1b0d80432c79 | 2534 | } |
wolfSSL | 4:1b0d80432c79 | 2535 | } |
wolfSSL | 4:1b0d80432c79 | 2536 | |
wolfSSL | 4:1b0d80432c79 | 2537 | return 0; |
wolfSSL | 4:1b0d80432c79 | 2538 | } |
wolfSSL | 4:1b0d80432c79 | 2539 | |
wolfSSL | 4:1b0d80432c79 | 2540 | int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, |
wolfSSL | 4:1b0d80432c79 | 2541 | byte options) |
wolfSSL | 4:1b0d80432c79 | 2542 | { |
wolfSSL | 4:1b0d80432c79 | 2543 | TLSX* extension = NULL; |
wolfSSL | 4:1b0d80432c79 | 2544 | CertificateStatusRequestItemV2* csr2 = NULL; |
wolfSSL | 4:1b0d80432c79 | 2545 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 2546 | |
wolfSSL | 4:1b0d80432c79 | 2547 | if (!extensions) |
wolfSSL | 4:1b0d80432c79 | 2548 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 2549 | |
wolfSSL | 4:1b0d80432c79 | 2550 | if (status_type != WOLFSSL_CSR2_OCSP |
wolfSSL | 4:1b0d80432c79 | 2551 | && status_type != WOLFSSL_CSR2_OCSP_MULTI) |
wolfSSL | 4:1b0d80432c79 | 2552 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 2553 | |
wolfSSL | 4:1b0d80432c79 | 2554 | csr2 = (CertificateStatusRequestItemV2*) |
wolfSSL | 4:1b0d80432c79 | 2555 | XMALLOC(sizeof(CertificateStatusRequestItemV2), NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 2556 | if (!csr2) |
wolfSSL | 4:1b0d80432c79 | 2557 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 2558 | |
wolfSSL | 4:1b0d80432c79 | 2559 | ForceZero(csr2, sizeof(CertificateStatusRequestItemV2)); |
wolfSSL | 4:1b0d80432c79 | 2560 | |
wolfSSL | 4:1b0d80432c79 | 2561 | csr2->status_type = status_type; |
wolfSSL | 4:1b0d80432c79 | 2562 | csr2->options = options; |
wolfSSL | 4:1b0d80432c79 | 2563 | csr2->next = NULL; |
wolfSSL | 4:1b0d80432c79 | 2564 | |
wolfSSL | 4:1b0d80432c79 | 2565 | switch (csr2->status_type) { |
wolfSSL | 4:1b0d80432c79 | 2566 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 4:1b0d80432c79 | 2567 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 4:1b0d80432c79 | 2568 | if (options & WOLFSSL_CSR2_OCSP_USE_NONCE) { |
wolfSSL | 4:1b0d80432c79 | 2569 | WC_RNG rng; |
wolfSSL | 4:1b0d80432c79 | 2570 | |
wolfSSL | 4:1b0d80432c79 | 2571 | if (wc_InitRng(&rng) == 0) { |
wolfSSL | 4:1b0d80432c79 | 2572 | if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp[0].nonce, |
wolfSSL | 4:1b0d80432c79 | 2573 | MAX_OCSP_NONCE_SZ) == 0) |
wolfSSL | 4:1b0d80432c79 | 2574 | csr2->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ; |
wolfSSL | 4:1b0d80432c79 | 2575 | |
wolfSSL | 4:1b0d80432c79 | 2576 | wc_FreeRng(&rng); |
wolfSSL | 4:1b0d80432c79 | 2577 | } |
wolfSSL | 4:1b0d80432c79 | 2578 | } |
wolfSSL | 4:1b0d80432c79 | 2579 | break; |
wolfSSL | 4:1b0d80432c79 | 2580 | } |
wolfSSL | 4:1b0d80432c79 | 2581 | |
wolfSSL | 4:1b0d80432c79 | 2582 | /* append new item */ |
wolfSSL | 4:1b0d80432c79 | 2583 | if ((extension = TLSX_Find(*extensions, TLSX_STATUS_REQUEST_V2))) { |
wolfSSL | 4:1b0d80432c79 | 2584 | CertificateStatusRequestItemV2* last = |
wolfSSL | 4:1b0d80432c79 | 2585 | (CertificateStatusRequestItemV2*)extension->data; |
wolfSSL | 4:1b0d80432c79 | 2586 | |
wolfSSL | 4:1b0d80432c79 | 2587 | for (; last->next; last = last->next); |
wolfSSL | 4:1b0d80432c79 | 2588 | |
wolfSSL | 4:1b0d80432c79 | 2589 | last->next = csr2; |
wolfSSL | 4:1b0d80432c79 | 2590 | } |
wolfSSL | 4:1b0d80432c79 | 2591 | else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2))) { |
wolfSSL | 4:1b0d80432c79 | 2592 | XFREE(csr2, NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 2593 | return ret; |
wolfSSL | 4:1b0d80432c79 | 2594 | } |
wolfSSL | 4:1b0d80432c79 | 2595 | |
wolfSSL | 4:1b0d80432c79 | 2596 | return SSL_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 2597 | } |
wolfSSL | 4:1b0d80432c79 | 2598 | |
wolfSSL | 4:1b0d80432c79 | 2599 | #define CSR2_FREE_ALL TLSX_CSR2_FreeAll |
wolfSSL | 4:1b0d80432c79 | 2600 | #define CSR2_GET_SIZE TLSX_CSR2_GetSize |
wolfSSL | 4:1b0d80432c79 | 2601 | #define CSR2_WRITE TLSX_CSR2_Write |
wolfSSL | 4:1b0d80432c79 | 2602 | #define CSR2_PARSE TLSX_CSR2_Parse |
wolfSSL | 4:1b0d80432c79 | 2603 | |
wolfSSL | 4:1b0d80432c79 | 2604 | #else |
wolfSSL | 4:1b0d80432c79 | 2605 | |
wolfSSL | 4:1b0d80432c79 | 2606 | #define CSR2_FREE_ALL(data) |
wolfSSL | 4:1b0d80432c79 | 2607 | #define CSR2_GET_SIZE(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 2608 | #define CSR2_WRITE(a, b, c) 0 |
wolfSSL | 4:1b0d80432c79 | 2609 | #define CSR2_PARSE(a, b, c, d) 0 |
wolfSSL | 4:1b0d80432c79 | 2610 | |
wolfSSL | 4:1b0d80432c79 | 2611 | #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ |
wolfSSL | 4:1b0d80432c79 | 2612 | |
wolfSSL | 4:1b0d80432c79 | 2613 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 2614 | /* Supported Elliptic Curves */ |
wolfSSL | 4:1b0d80432c79 | 2615 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 2616 | |
wolfSSL | 4:1b0d80432c79 | 2617 | #ifdef HAVE_SUPPORTED_CURVES |
wolfSSL | 4:1b0d80432c79 | 2618 | |
wolfSSL | 4:1b0d80432c79 | 2619 | #ifndef HAVE_ECC |
wolfSSL | 4:1b0d80432c79 | 2620 | #error Elliptic Curves Extension requires Elliptic Curve Cryptography. \ |
wolfSSL | 4:1b0d80432c79 | 2621 | Use --enable-ecc in the configure script or define HAVE_ECC. |
wolfSSL | 4:1b0d80432c79 | 2622 | #endif |
wolfSSL | 4:1b0d80432c79 | 2623 | |
wolfSSL | 4:1b0d80432c79 | 2624 | static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list) |
wolfSSL | 4:1b0d80432c79 | 2625 | { |
wolfSSL | 4:1b0d80432c79 | 2626 | EllipticCurve* curve; |
wolfSSL | 4:1b0d80432c79 | 2627 | |
wolfSSL | 4:1b0d80432c79 | 2628 | while ((curve = list)) { |
wolfSSL | 4:1b0d80432c79 | 2629 | list = curve->next; |
wolfSSL | 4:1b0d80432c79 | 2630 | XFREE(curve, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 2631 | } |
wolfSSL | 4:1b0d80432c79 | 2632 | } |
wolfSSL | 4:1b0d80432c79 | 2633 | |
wolfSSL | 4:1b0d80432c79 | 2634 | static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name) |
wolfSSL | 4:1b0d80432c79 | 2635 | { |
wolfSSL | 4:1b0d80432c79 | 2636 | EllipticCurve* curve = NULL; |
wolfSSL | 4:1b0d80432c79 | 2637 | |
wolfSSL | 4:1b0d80432c79 | 2638 | if (list == NULL) |
wolfSSL | 4:1b0d80432c79 | 2639 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 2640 | |
wolfSSL | 4:1b0d80432c79 | 2641 | curve = (EllipticCurve*)XMALLOC(sizeof(EllipticCurve), NULL, |
wolfSSL | 4:1b0d80432c79 | 2642 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 2643 | if (curve == NULL) |
wolfSSL | 4:1b0d80432c79 | 2644 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 2645 | |
wolfSSL | 4:1b0d80432c79 | 2646 | curve->name = name; |
wolfSSL | 4:1b0d80432c79 | 2647 | curve->next = *list; |
wolfSSL | 4:1b0d80432c79 | 2648 | |
wolfSSL | 4:1b0d80432c79 | 2649 | *list = curve; |
wolfSSL | 4:1b0d80432c79 | 2650 | |
wolfSSL | 4:1b0d80432c79 | 2651 | return 0; |
wolfSSL | 4:1b0d80432c79 | 2652 | } |
wolfSSL | 4:1b0d80432c79 | 2653 | |
wolfSSL | 4:1b0d80432c79 | 2654 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 4:1b0d80432c79 | 2655 | |
wolfSSL | 4:1b0d80432c79 | 2656 | static void TLSX_EllipticCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore) |
wolfSSL | 4:1b0d80432c79 | 2657 | { |
wolfSSL | 4:1b0d80432c79 | 2658 | int i; |
wolfSSL | 4:1b0d80432c79 | 2659 | |
wolfSSL | 4:1b0d80432c79 | 2660 | for (i = 0; i < ssl->suites->suiteSz; i+= 2) |
wolfSSL | 4:1b0d80432c79 | 2661 | if (ssl->suites->suites[i] == ECC_BYTE || |
wolfSSL | 4:1b0d80432c79 | 2662 | ssl->suites->suites[i] == CHACHA_BYTE) |
wolfSSL | 4:1b0d80432c79 | 2663 | return; |
wolfSSL | 4:1b0d80432c79 | 2664 | |
wolfSSL | 4:1b0d80432c79 | 2665 | /* turns semaphore on to avoid sending this extension. */ |
wolfSSL | 4:1b0d80432c79 | 2666 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS)); |
wolfSSL | 4:1b0d80432c79 | 2667 | } |
wolfSSL | 4:1b0d80432c79 | 2668 | |
wolfSSL | 4:1b0d80432c79 | 2669 | static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list) |
wolfSSL | 4:1b0d80432c79 | 2670 | { |
wolfSSL | 4:1b0d80432c79 | 2671 | EllipticCurve* curve; |
wolfSSL | 4:1b0d80432c79 | 2672 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 4:1b0d80432c79 | 2673 | |
wolfSSL | 4:1b0d80432c79 | 2674 | while ((curve = list)) { |
wolfSSL | 4:1b0d80432c79 | 2675 | list = curve->next; |
wolfSSL | 4:1b0d80432c79 | 2676 | length += OPAQUE16_LEN; /* curve length */ |
wolfSSL | 4:1b0d80432c79 | 2677 | } |
wolfSSL | 4:1b0d80432c79 | 2678 | |
wolfSSL | 4:1b0d80432c79 | 2679 | return length; |
wolfSSL | 4:1b0d80432c79 | 2680 | } |
wolfSSL | 4:1b0d80432c79 | 2681 | |
wolfSSL | 4:1b0d80432c79 | 2682 | static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output); |
wolfSSL | 4:1b0d80432c79 | 2683 | static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output) |
wolfSSL | 4:1b0d80432c79 | 2684 | { |
wolfSSL | 4:1b0d80432c79 | 2685 | word16 offset = 0; |
wolfSSL | 4:1b0d80432c79 | 2686 | |
wolfSSL | 4:1b0d80432c79 | 2687 | if (!curve) |
wolfSSL | 4:1b0d80432c79 | 2688 | return offset; |
wolfSSL | 4:1b0d80432c79 | 2689 | |
wolfSSL | 4:1b0d80432c79 | 2690 | offset = TLSX_EllipticCurve_WriteR(curve->next, output); |
wolfSSL | 4:1b0d80432c79 | 2691 | c16toa(curve->name, output + offset); |
wolfSSL | 4:1b0d80432c79 | 2692 | |
wolfSSL | 4:1b0d80432c79 | 2693 | return OPAQUE16_LEN + offset; |
wolfSSL | 4:1b0d80432c79 | 2694 | } |
wolfSSL | 4:1b0d80432c79 | 2695 | |
wolfSSL | 4:1b0d80432c79 | 2696 | static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output) |
wolfSSL | 4:1b0d80432c79 | 2697 | { |
wolfSSL | 4:1b0d80432c79 | 2698 | word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN); |
wolfSSL | 4:1b0d80432c79 | 2699 | |
wolfSSL | 4:1b0d80432c79 | 2700 | c16toa(length, output); /* writing list length */ |
wolfSSL | 4:1b0d80432c79 | 2701 | |
wolfSSL | 4:1b0d80432c79 | 2702 | return OPAQUE16_LEN + length; |
wolfSSL | 4:1b0d80432c79 | 2703 | } |
wolfSSL | 4:1b0d80432c79 | 2704 | |
wolfSSL | 4:1b0d80432c79 | 2705 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 4:1b0d80432c79 | 2706 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 2707 | |
wolfSSL | 4:1b0d80432c79 | 2708 | static int TLSX_EllipticCurve_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 4:1b0d80432c79 | 2709 | byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 2710 | { |
wolfSSL | 4:1b0d80432c79 | 2711 | word16 offset; |
wolfSSL | 4:1b0d80432c79 | 2712 | word16 name; |
wolfSSL | 4:1b0d80432c79 | 2713 | int r; |
wolfSSL | 4:1b0d80432c79 | 2714 | |
wolfSSL | 4:1b0d80432c79 | 2715 | (void) isRequest; /* shut up compiler! */ |
wolfSSL | 4:1b0d80432c79 | 2716 | |
wolfSSL | 4:1b0d80432c79 | 2717 | if (OPAQUE16_LEN > length || length % OPAQUE16_LEN) |
wolfSSL | 4:1b0d80432c79 | 2718 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 2719 | |
wolfSSL | 4:1b0d80432c79 | 2720 | ato16(input, &offset); |
wolfSSL | 4:1b0d80432c79 | 2721 | |
wolfSSL | 4:1b0d80432c79 | 2722 | /* validating curve list length */ |
wolfSSL | 4:1b0d80432c79 | 2723 | if (length != OPAQUE16_LEN + offset) |
wolfSSL | 4:1b0d80432c79 | 2724 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 2725 | |
wolfSSL | 4:1b0d80432c79 | 2726 | while (offset) { |
wolfSSL | 4:1b0d80432c79 | 2727 | ato16(input + offset, &name); |
wolfSSL | 4:1b0d80432c79 | 2728 | offset -= OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 2729 | |
wolfSSL | 4:1b0d80432c79 | 2730 | r = TLSX_UseSupportedCurve(&ssl->extensions, name); |
wolfSSL | 4:1b0d80432c79 | 2731 | |
wolfSSL | 4:1b0d80432c79 | 2732 | if (r != SSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 4:1b0d80432c79 | 2733 | } |
wolfSSL | 4:1b0d80432c79 | 2734 | |
wolfSSL | 4:1b0d80432c79 | 2735 | return 0; |
wolfSSL | 4:1b0d80432c79 | 2736 | } |
wolfSSL | 4:1b0d80432c79 | 2737 | |
wolfSSL | 4:1b0d80432c79 | 2738 | int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) { |
wolfSSL | 4:1b0d80432c79 | 2739 | TLSX* extension = (first == ECC_BYTE || first == CHACHA_BYTE) |
wolfSSL | 4:1b0d80432c79 | 2740 | ? TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS) |
wolfSSL | 4:1b0d80432c79 | 2741 | : NULL; |
wolfSSL | 4:1b0d80432c79 | 2742 | EllipticCurve* curve = NULL; |
wolfSSL | 4:1b0d80432c79 | 2743 | word32 oid = 0; |
wolfSSL | 4:1b0d80432c79 | 2744 | word16 octets = 0; /* according to 'ecc_set_type ecc_sets[];' */ |
wolfSSL | 4:1b0d80432c79 | 2745 | int sig = 0; /* validate signature */ |
wolfSSL | 4:1b0d80432c79 | 2746 | int key = 0; /* validate key */ |
wolfSSL | 4:1b0d80432c79 | 2747 | |
wolfSSL | 4:1b0d80432c79 | 2748 | (void)oid; |
wolfSSL | 4:1b0d80432c79 | 2749 | (void)octets; |
wolfSSL | 4:1b0d80432c79 | 2750 | |
wolfSSL | 4:1b0d80432c79 | 2751 | if (!extension) |
wolfSSL | 4:1b0d80432c79 | 2752 | return 1; /* no suite restriction */ |
wolfSSL | 4:1b0d80432c79 | 2753 | |
wolfSSL | 4:1b0d80432c79 | 2754 | for (curve = extension->data; curve && !(sig && key); curve = curve->next) { |
wolfSSL | 4:1b0d80432c79 | 2755 | |
wolfSSL | 4:1b0d80432c79 | 2756 | switch (curve->name) { |
wolfSSL | 4:1b0d80432c79 | 2757 | #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160) |
wolfSSL | 4:1b0d80432c79 | 2758 | case WOLFSSL_ECC_SECP160R1: oid = ECC_160R1; octets = 20; break; |
wolfSSL | 4:1b0d80432c79 | 2759 | #endif |
wolfSSL | 4:1b0d80432c79 | 2760 | #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192) |
wolfSSL | 4:1b0d80432c79 | 2761 | case WOLFSSL_ECC_SECP192R1: oid = ECC_192R1; octets = 24; break; |
wolfSSL | 4:1b0d80432c79 | 2762 | #endif |
wolfSSL | 4:1b0d80432c79 | 2763 | #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224) |
wolfSSL | 4:1b0d80432c79 | 2764 | case WOLFSSL_ECC_SECP224R1: oid = ECC_224R1; octets = 28; break; |
wolfSSL | 4:1b0d80432c79 | 2765 | #endif |
wolfSSL | 4:1b0d80432c79 | 2766 | #if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256) |
wolfSSL | 4:1b0d80432c79 | 2767 | case WOLFSSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break; |
wolfSSL | 4:1b0d80432c79 | 2768 | #endif |
wolfSSL | 4:1b0d80432c79 | 2769 | #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384) |
wolfSSL | 4:1b0d80432c79 | 2770 | case WOLFSSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break; |
wolfSSL | 4:1b0d80432c79 | 2771 | #endif |
wolfSSL | 4:1b0d80432c79 | 2772 | #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521) |
wolfSSL | 4:1b0d80432c79 | 2773 | case WOLFSSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break; |
wolfSSL | 4:1b0d80432c79 | 2774 | #endif |
wolfSSL | 4:1b0d80432c79 | 2775 | default: continue; /* unsupported curve */ |
wolfSSL | 4:1b0d80432c79 | 2776 | } |
wolfSSL | 4:1b0d80432c79 | 2777 | |
wolfSSL | 4:1b0d80432c79 | 2778 | if (first == ECC_BYTE) { |
wolfSSL | 4:1b0d80432c79 | 2779 | switch (second) { |
wolfSSL | 4:1b0d80432c79 | 2780 | #ifndef NO_DSA |
wolfSSL | 4:1b0d80432c79 | 2781 | /* ECDHE_ECDSA */ |
wolfSSL | 4:1b0d80432c79 | 2782 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 4:1b0d80432c79 | 2783 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 4:1b0d80432c79 | 2784 | case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: |
wolfSSL | 4:1b0d80432c79 | 2785 | case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 4:1b0d80432c79 | 2786 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 4:1b0d80432c79 | 2787 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 4:1b0d80432c79 | 2788 | case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 4:1b0d80432c79 | 2789 | case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 4:1b0d80432c79 | 2790 | case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: |
wolfSSL | 4:1b0d80432c79 | 2791 | case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8: |
wolfSSL | 4:1b0d80432c79 | 2792 | sig |= ssl->pkCurveOID == oid; |
wolfSSL | 4:1b0d80432c79 | 2793 | key |= ssl->eccTempKeySz == octets; |
wolfSSL | 4:1b0d80432c79 | 2794 | break; |
wolfSSL | 4:1b0d80432c79 | 2795 | |
wolfSSL | 4:1b0d80432c79 | 2796 | /* ECDH_ECDSA */ |
wolfSSL | 4:1b0d80432c79 | 2797 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 4:1b0d80432c79 | 2798 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 4:1b0d80432c79 | 2799 | case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: |
wolfSSL | 4:1b0d80432c79 | 2800 | case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 4:1b0d80432c79 | 2801 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 4:1b0d80432c79 | 2802 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 4:1b0d80432c79 | 2803 | case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 4:1b0d80432c79 | 2804 | case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 4:1b0d80432c79 | 2805 | sig |= ssl->pkCurveOID == oid; |
wolfSSL | 4:1b0d80432c79 | 2806 | key |= ssl->pkCurveOID == oid; |
wolfSSL | 4:1b0d80432c79 | 2807 | break; |
wolfSSL | 4:1b0d80432c79 | 2808 | #endif |
wolfSSL | 4:1b0d80432c79 | 2809 | #ifndef NO_RSA |
wolfSSL | 4:1b0d80432c79 | 2810 | /* ECDHE_RSA */ |
wolfSSL | 4:1b0d80432c79 | 2811 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 4:1b0d80432c79 | 2812 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 4:1b0d80432c79 | 2813 | case TLS_ECDHE_RSA_WITH_RC4_128_SHA: |
wolfSSL | 4:1b0d80432c79 | 2814 | case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 4:1b0d80432c79 | 2815 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 4:1b0d80432c79 | 2816 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 4:1b0d80432c79 | 2817 | case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 4:1b0d80432c79 | 2818 | case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 4:1b0d80432c79 | 2819 | sig = 1; |
wolfSSL | 4:1b0d80432c79 | 2820 | key |= ssl->eccTempKeySz == octets; |
wolfSSL | 4:1b0d80432c79 | 2821 | break; |
wolfSSL | 4:1b0d80432c79 | 2822 | |
wolfSSL | 4:1b0d80432c79 | 2823 | /* ECDH_RSA */ |
wolfSSL | 4:1b0d80432c79 | 2824 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 4:1b0d80432c79 | 2825 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 4:1b0d80432c79 | 2826 | case TLS_ECDH_RSA_WITH_RC4_128_SHA: |
wolfSSL | 4:1b0d80432c79 | 2827 | case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 4:1b0d80432c79 | 2828 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 4:1b0d80432c79 | 2829 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 4:1b0d80432c79 | 2830 | case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 4:1b0d80432c79 | 2831 | case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 4:1b0d80432c79 | 2832 | sig = 1; |
wolfSSL | 4:1b0d80432c79 | 2833 | key |= ssl->pkCurveOID == oid; |
wolfSSL | 4:1b0d80432c79 | 2834 | break; |
wolfSSL | 4:1b0d80432c79 | 2835 | #endif |
wolfSSL | 4:1b0d80432c79 | 2836 | default: |
wolfSSL | 4:1b0d80432c79 | 2837 | sig = 1; |
wolfSSL | 4:1b0d80432c79 | 2838 | key = 1; |
wolfSSL | 4:1b0d80432c79 | 2839 | break; |
wolfSSL | 4:1b0d80432c79 | 2840 | } |
wolfSSL | 4:1b0d80432c79 | 2841 | } |
wolfSSL | 4:1b0d80432c79 | 2842 | |
wolfSSL | 4:1b0d80432c79 | 2843 | /* ChaCha20-Poly1305 ECC cipher suites */ |
wolfSSL | 4:1b0d80432c79 | 2844 | if (first == CHACHA_BYTE) { |
wolfSSL | 4:1b0d80432c79 | 2845 | switch (second) { |
wolfSSL | 4:1b0d80432c79 | 2846 | #ifndef NO_DSA |
wolfSSL | 4:1b0d80432c79 | 2847 | /* ECDHE_ECDSA */ |
wolfSSL | 4:1b0d80432c79 | 2848 | case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : |
wolfSSL | 4:1b0d80432c79 | 2849 | case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : |
wolfSSL | 4:1b0d80432c79 | 2850 | sig |= ssl->pkCurveOID == oid; |
wolfSSL | 4:1b0d80432c79 | 2851 | key |= ssl->eccTempKeySz == octets; |
wolfSSL | 4:1b0d80432c79 | 2852 | break; |
wolfSSL | 4:1b0d80432c79 | 2853 | #endif |
wolfSSL | 4:1b0d80432c79 | 2854 | #ifndef NO_RSA |
wolfSSL | 4:1b0d80432c79 | 2855 | /* ECDHE_RSA */ |
wolfSSL | 4:1b0d80432c79 | 2856 | case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : |
wolfSSL | 4:1b0d80432c79 | 2857 | case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : |
wolfSSL | 4:1b0d80432c79 | 2858 | sig = 1; |
wolfSSL | 4:1b0d80432c79 | 2859 | key |= ssl->eccTempKeySz == octets; |
wolfSSL | 4:1b0d80432c79 | 2860 | break; |
wolfSSL | 4:1b0d80432c79 | 2861 | #endif |
wolfSSL | 4:1b0d80432c79 | 2862 | default: |
wolfSSL | 4:1b0d80432c79 | 2863 | sig = 1; |
wolfSSL | 4:1b0d80432c79 | 2864 | key = 1; |
wolfSSL | 4:1b0d80432c79 | 2865 | break; |
wolfSSL | 4:1b0d80432c79 | 2866 | } |
wolfSSL | 4:1b0d80432c79 | 2867 | } |
wolfSSL | 4:1b0d80432c79 | 2868 | } |
wolfSSL | 4:1b0d80432c79 | 2869 | |
wolfSSL | 4:1b0d80432c79 | 2870 | return sig && key; |
wolfSSL | 4:1b0d80432c79 | 2871 | } |
wolfSSL | 4:1b0d80432c79 | 2872 | |
wolfSSL | 4:1b0d80432c79 | 2873 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 4:1b0d80432c79 | 2874 | |
wolfSSL | 4:1b0d80432c79 | 2875 | int TLSX_UseSupportedCurve(TLSX** extensions, word16 name) |
wolfSSL | 4:1b0d80432c79 | 2876 | { |
wolfSSL | 4:1b0d80432c79 | 2877 | TLSX* extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); |
wolfSSL | 4:1b0d80432c79 | 2878 | EllipticCurve* curve = NULL; |
wolfSSL | 4:1b0d80432c79 | 2879 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 2880 | |
wolfSSL | 4:1b0d80432c79 | 2881 | if (extensions == NULL) |
wolfSSL | 4:1b0d80432c79 | 2882 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 2883 | |
wolfSSL | 4:1b0d80432c79 | 2884 | if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0) |
wolfSSL | 4:1b0d80432c79 | 2885 | return ret; |
wolfSSL | 4:1b0d80432c79 | 2886 | |
wolfSSL | 4:1b0d80432c79 | 2887 | if (!extension) { |
wolfSSL | 4:1b0d80432c79 | 2888 | if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve)) != 0) { |
wolfSSL | 4:1b0d80432c79 | 2889 | XFREE(curve, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 2890 | return ret; |
wolfSSL | 4:1b0d80432c79 | 2891 | } |
wolfSSL | 4:1b0d80432c79 | 2892 | } |
wolfSSL | 4:1b0d80432c79 | 2893 | else { |
wolfSSL | 4:1b0d80432c79 | 2894 | /* push new EllipticCurve object to extension data. */ |
wolfSSL | 4:1b0d80432c79 | 2895 | curve->next = (EllipticCurve*)extension->data; |
wolfSSL | 4:1b0d80432c79 | 2896 | extension->data = (void*)curve; |
wolfSSL | 4:1b0d80432c79 | 2897 | |
wolfSSL | 4:1b0d80432c79 | 2898 | /* look for another curve of the same name to remove (replacement) */ |
wolfSSL | 4:1b0d80432c79 | 2899 | do { |
wolfSSL | 4:1b0d80432c79 | 2900 | if (curve->next && curve->next->name == name) { |
wolfSSL | 4:1b0d80432c79 | 2901 | EllipticCurve *next = curve->next; |
wolfSSL | 4:1b0d80432c79 | 2902 | |
wolfSSL | 4:1b0d80432c79 | 2903 | curve->next = next->next; |
wolfSSL | 4:1b0d80432c79 | 2904 | XFREE(next, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 2905 | |
wolfSSL | 4:1b0d80432c79 | 2906 | break; |
wolfSSL | 4:1b0d80432c79 | 2907 | } |
wolfSSL | 4:1b0d80432c79 | 2908 | } while ((curve = curve->next)); |
wolfSSL | 4:1b0d80432c79 | 2909 | } |
wolfSSL | 4:1b0d80432c79 | 2910 | |
wolfSSL | 4:1b0d80432c79 | 2911 | return SSL_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 2912 | } |
wolfSSL | 4:1b0d80432c79 | 2913 | |
wolfSSL | 4:1b0d80432c79 | 2914 | #define EC_FREE_ALL TLSX_EllipticCurve_FreeAll |
wolfSSL | 4:1b0d80432c79 | 2915 | #define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest |
wolfSSL | 4:1b0d80432c79 | 2916 | |
wolfSSL | 4:1b0d80432c79 | 2917 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 4:1b0d80432c79 | 2918 | #define EC_GET_SIZE TLSX_EllipticCurve_GetSize |
wolfSSL | 4:1b0d80432c79 | 2919 | #define EC_WRITE TLSX_EllipticCurve_Write |
wolfSSL | 4:1b0d80432c79 | 2920 | #else |
wolfSSL | 4:1b0d80432c79 | 2921 | #define EC_GET_SIZE(list) 0 |
wolfSSL | 4:1b0d80432c79 | 2922 | #define EC_WRITE(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 2923 | #endif |
wolfSSL | 4:1b0d80432c79 | 2924 | |
wolfSSL | 4:1b0d80432c79 | 2925 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 2926 | #define EC_PARSE TLSX_EllipticCurve_Parse |
wolfSSL | 4:1b0d80432c79 | 2927 | #else |
wolfSSL | 4:1b0d80432c79 | 2928 | #define EC_PARSE(a, b, c, d) 0 |
wolfSSL | 4:1b0d80432c79 | 2929 | #endif |
wolfSSL | 4:1b0d80432c79 | 2930 | |
wolfSSL | 4:1b0d80432c79 | 2931 | #else |
wolfSSL | 4:1b0d80432c79 | 2932 | |
wolfSSL | 4:1b0d80432c79 | 2933 | #define EC_FREE_ALL(list) |
wolfSSL | 4:1b0d80432c79 | 2934 | #define EC_GET_SIZE(list) 0 |
wolfSSL | 4:1b0d80432c79 | 2935 | #define EC_WRITE(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 2936 | #define EC_PARSE(a, b, c, d) 0 |
wolfSSL | 4:1b0d80432c79 | 2937 | #define EC_VALIDATE_REQUEST(a, b) |
wolfSSL | 4:1b0d80432c79 | 2938 | |
wolfSSL | 4:1b0d80432c79 | 2939 | #endif /* HAVE_SUPPORTED_CURVES */ |
wolfSSL | 4:1b0d80432c79 | 2940 | |
wolfSSL | 4:1b0d80432c79 | 2941 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 2942 | /* Renegotiation Indication */ |
wolfSSL | 4:1b0d80432c79 | 2943 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 2944 | |
wolfSSL | 4:1b0d80432c79 | 2945 | #ifdef HAVE_SECURE_RENEGOTIATION |
wolfSSL | 4:1b0d80432c79 | 2946 | |
wolfSSL | 4:1b0d80432c79 | 2947 | static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data, |
wolfSSL | 4:1b0d80432c79 | 2948 | int isRequest) |
wolfSSL | 4:1b0d80432c79 | 2949 | { |
wolfSSL | 4:1b0d80432c79 | 2950 | byte length = OPAQUE8_LEN; /* empty info length */ |
wolfSSL | 4:1b0d80432c79 | 2951 | |
wolfSSL | 4:1b0d80432c79 | 2952 | if (data->enabled) { |
wolfSSL | 4:1b0d80432c79 | 2953 | /* client sends client_verify_data only */ |
wolfSSL | 4:1b0d80432c79 | 2954 | length += TLS_FINISHED_SZ; |
wolfSSL | 4:1b0d80432c79 | 2955 | |
wolfSSL | 4:1b0d80432c79 | 2956 | /* server also sends server_verify_data */ |
wolfSSL | 4:1b0d80432c79 | 2957 | if (!isRequest) |
wolfSSL | 4:1b0d80432c79 | 2958 | length += TLS_FINISHED_SZ; |
wolfSSL | 4:1b0d80432c79 | 2959 | } |
wolfSSL | 4:1b0d80432c79 | 2960 | |
wolfSSL | 4:1b0d80432c79 | 2961 | return length; |
wolfSSL | 4:1b0d80432c79 | 2962 | } |
wolfSSL | 4:1b0d80432c79 | 2963 | |
wolfSSL | 4:1b0d80432c79 | 2964 | static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data, |
wolfSSL | 4:1b0d80432c79 | 2965 | byte* output, int isRequest) |
wolfSSL | 4:1b0d80432c79 | 2966 | { |
wolfSSL | 4:1b0d80432c79 | 2967 | word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */ |
wolfSSL | 4:1b0d80432c79 | 2968 | |
wolfSSL | 4:1b0d80432c79 | 2969 | if (data->enabled) { |
wolfSSL | 4:1b0d80432c79 | 2970 | /* client sends client_verify_data only */ |
wolfSSL | 4:1b0d80432c79 | 2971 | XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ); |
wolfSSL | 4:1b0d80432c79 | 2972 | offset += TLS_FINISHED_SZ; |
wolfSSL | 4:1b0d80432c79 | 2973 | |
wolfSSL | 4:1b0d80432c79 | 2974 | /* server also sends server_verify_data */ |
wolfSSL | 4:1b0d80432c79 | 2975 | if (!isRequest) { |
wolfSSL | 4:1b0d80432c79 | 2976 | XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ); |
wolfSSL | 4:1b0d80432c79 | 2977 | offset += TLS_FINISHED_SZ; |
wolfSSL | 4:1b0d80432c79 | 2978 | } |
wolfSSL | 4:1b0d80432c79 | 2979 | } |
wolfSSL | 4:1b0d80432c79 | 2980 | |
wolfSSL | 4:1b0d80432c79 | 2981 | output[0] = offset - 1; /* info length - self */ |
wolfSSL | 4:1b0d80432c79 | 2982 | |
wolfSSL | 4:1b0d80432c79 | 2983 | return offset; |
wolfSSL | 4:1b0d80432c79 | 2984 | } |
wolfSSL | 4:1b0d80432c79 | 2985 | |
wolfSSL | 4:1b0d80432c79 | 2986 | static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input, |
wolfSSL | 4:1b0d80432c79 | 2987 | word16 length, byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 2988 | { |
wolfSSL | 4:1b0d80432c79 | 2989 | int ret = SECURE_RENEGOTIATION_E; |
wolfSSL | 4:1b0d80432c79 | 2990 | |
wolfSSL | 4:1b0d80432c79 | 2991 | if (length >= OPAQUE8_LEN) { |
wolfSSL | 4:1b0d80432c79 | 2992 | if (ssl->secure_renegotiation == NULL) { |
wolfSSL | 4:1b0d80432c79 | 2993 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 2994 | if (isRequest && *input == 0) { |
wolfSSL | 4:1b0d80432c79 | 2995 | ret = 0; /* don't reply, user didn't enable */ |
wolfSSL | 4:1b0d80432c79 | 2996 | } |
wolfSSL | 4:1b0d80432c79 | 2997 | #endif |
wolfSSL | 4:1b0d80432c79 | 2998 | } |
wolfSSL | 4:1b0d80432c79 | 2999 | else if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 3000 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 3001 | if (*input == TLS_FINISHED_SZ) { |
wolfSSL | 4:1b0d80432c79 | 3002 | /* TODO compare client_verify_data */ |
wolfSSL | 4:1b0d80432c79 | 3003 | ret = 0; |
wolfSSL | 4:1b0d80432c79 | 3004 | } |
wolfSSL | 4:1b0d80432c79 | 3005 | #endif |
wolfSSL | 4:1b0d80432c79 | 3006 | } |
wolfSSL | 4:1b0d80432c79 | 3007 | else { |
wolfSSL | 4:1b0d80432c79 | 3008 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 4:1b0d80432c79 | 3009 | if (!ssl->secure_renegotiation->enabled) { |
wolfSSL | 4:1b0d80432c79 | 3010 | if (*input == 0) { |
wolfSSL | 4:1b0d80432c79 | 3011 | ssl->secure_renegotiation->enabled = 1; |
wolfSSL | 4:1b0d80432c79 | 3012 | ret = 0; |
wolfSSL | 4:1b0d80432c79 | 3013 | } |
wolfSSL | 4:1b0d80432c79 | 3014 | } |
wolfSSL | 4:1b0d80432c79 | 3015 | else if (*input == 2 * TLS_FINISHED_SZ) { |
wolfSSL | 4:1b0d80432c79 | 3016 | /* TODO compare client_verify_data and server_verify_data */ |
wolfSSL | 4:1b0d80432c79 | 3017 | ret = 0; |
wolfSSL | 4:1b0d80432c79 | 3018 | } |
wolfSSL | 4:1b0d80432c79 | 3019 | #endif |
wolfSSL | 4:1b0d80432c79 | 3020 | } |
wolfSSL | 4:1b0d80432c79 | 3021 | } |
wolfSSL | 4:1b0d80432c79 | 3022 | |
wolfSSL | 4:1b0d80432c79 | 3023 | if (ret != 0) { |
wolfSSL | 4:1b0d80432c79 | 3024 | /* TODO: turn on fatal error at ssl level too */ |
wolfSSL | 4:1b0d80432c79 | 3025 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 4:1b0d80432c79 | 3026 | } |
wolfSSL | 4:1b0d80432c79 | 3027 | |
wolfSSL | 4:1b0d80432c79 | 3028 | return ret; |
wolfSSL | 4:1b0d80432c79 | 3029 | } |
wolfSSL | 4:1b0d80432c79 | 3030 | |
wolfSSL | 4:1b0d80432c79 | 3031 | int TLSX_UseSecureRenegotiation(TLSX** extensions) |
wolfSSL | 4:1b0d80432c79 | 3032 | { |
wolfSSL | 4:1b0d80432c79 | 3033 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 3034 | SecureRenegotiation* data = NULL; |
wolfSSL | 4:1b0d80432c79 | 3035 | |
wolfSSL | 4:1b0d80432c79 | 3036 | data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), NULL, |
wolfSSL | 4:1b0d80432c79 | 3037 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 3038 | if (data == NULL) |
wolfSSL | 4:1b0d80432c79 | 3039 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 3040 | |
wolfSSL | 4:1b0d80432c79 | 3041 | XMEMSET(data, 0, sizeof(SecureRenegotiation)); |
wolfSSL | 4:1b0d80432c79 | 3042 | |
wolfSSL | 4:1b0d80432c79 | 3043 | ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data); |
wolfSSL | 4:1b0d80432c79 | 3044 | if (ret != 0) { |
wolfSSL | 4:1b0d80432c79 | 3045 | XFREE(data, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 3046 | return ret; |
wolfSSL | 4:1b0d80432c79 | 3047 | } |
wolfSSL | 4:1b0d80432c79 | 3048 | |
wolfSSL | 4:1b0d80432c79 | 3049 | return SSL_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 3050 | } |
wolfSSL | 4:1b0d80432c79 | 3051 | |
wolfSSL | 4:1b0d80432c79 | 3052 | |
wolfSSL | 4:1b0d80432c79 | 3053 | #define SCR_FREE_ALL(data) XFREE(data, NULL, DYNAMIC_TYPE_TLSX) |
wolfSSL | 4:1b0d80432c79 | 3054 | #define SCR_GET_SIZE TLSX_SecureRenegotiation_GetSize |
wolfSSL | 4:1b0d80432c79 | 3055 | #define SCR_WRITE TLSX_SecureRenegotiation_Write |
wolfSSL | 4:1b0d80432c79 | 3056 | #define SCR_PARSE TLSX_SecureRenegotiation_Parse |
wolfSSL | 4:1b0d80432c79 | 3057 | |
wolfSSL | 4:1b0d80432c79 | 3058 | #else |
wolfSSL | 4:1b0d80432c79 | 3059 | |
wolfSSL | 4:1b0d80432c79 | 3060 | #define SCR_FREE_ALL(a) |
wolfSSL | 4:1b0d80432c79 | 3061 | #define SCR_GET_SIZE(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 3062 | #define SCR_WRITE(a, b, c) 0 |
wolfSSL | 4:1b0d80432c79 | 3063 | #define SCR_PARSE(a, b, c, d) 0 |
wolfSSL | 4:1b0d80432c79 | 3064 | |
wolfSSL | 4:1b0d80432c79 | 3065 | #endif /* HAVE_SECURE_RENEGOTIATION */ |
wolfSSL | 4:1b0d80432c79 | 3066 | |
wolfSSL | 4:1b0d80432c79 | 3067 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 3068 | /* Session Tickets */ |
wolfSSL | 4:1b0d80432c79 | 3069 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 3070 | |
wolfSSL | 4:1b0d80432c79 | 3071 | #ifdef HAVE_SESSION_TICKET |
wolfSSL | 4:1b0d80432c79 | 3072 | |
wolfSSL | 4:1b0d80432c79 | 3073 | static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) |
wolfSSL | 4:1b0d80432c79 | 3074 | { |
wolfSSL | 4:1b0d80432c79 | 3075 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET); |
wolfSSL | 4:1b0d80432c79 | 3076 | SessionTicket* ticket = extension ? extension->data : NULL; |
wolfSSL | 4:1b0d80432c79 | 3077 | |
wolfSSL | 4:1b0d80432c79 | 3078 | if (ticket) { |
wolfSSL | 4:1b0d80432c79 | 3079 | /* TODO validate ticket timeout here! */ |
wolfSSL | 4:1b0d80432c79 | 3080 | if (ticket->lifetime == 0xfffffff) { |
wolfSSL | 4:1b0d80432c79 | 3081 | /* send empty ticket on timeout */ |
wolfSSL | 4:1b0d80432c79 | 3082 | TLSX_UseSessionTicket(&ssl->extensions, NULL); |
wolfSSL | 4:1b0d80432c79 | 3083 | } |
wolfSSL | 4:1b0d80432c79 | 3084 | } |
wolfSSL | 4:1b0d80432c79 | 3085 | } |
wolfSSL | 4:1b0d80432c79 | 3086 | |
wolfSSL | 4:1b0d80432c79 | 3087 | |
wolfSSL | 4:1b0d80432c79 | 3088 | static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest) |
wolfSSL | 4:1b0d80432c79 | 3089 | { |
wolfSSL | 4:1b0d80432c79 | 3090 | (void)isRequest; |
wolfSSL | 4:1b0d80432c79 | 3091 | return ticket ? ticket->size : 0; |
wolfSSL | 4:1b0d80432c79 | 3092 | } |
wolfSSL | 4:1b0d80432c79 | 3093 | |
wolfSSL | 4:1b0d80432c79 | 3094 | static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output, |
wolfSSL | 4:1b0d80432c79 | 3095 | int isRequest) |
wolfSSL | 4:1b0d80432c79 | 3096 | { |
wolfSSL | 4:1b0d80432c79 | 3097 | word16 offset = 0; /* empty ticket */ |
wolfSSL | 4:1b0d80432c79 | 3098 | |
wolfSSL | 4:1b0d80432c79 | 3099 | if (isRequest && ticket) { |
wolfSSL | 4:1b0d80432c79 | 3100 | XMEMCPY(output + offset, ticket->data, ticket->size); |
wolfSSL | 4:1b0d80432c79 | 3101 | offset += ticket->size; |
wolfSSL | 4:1b0d80432c79 | 3102 | } |
wolfSSL | 4:1b0d80432c79 | 3103 | |
wolfSSL | 4:1b0d80432c79 | 3104 | return offset; |
wolfSSL | 4:1b0d80432c79 | 3105 | } |
wolfSSL | 4:1b0d80432c79 | 3106 | |
wolfSSL | 4:1b0d80432c79 | 3107 | |
wolfSSL | 4:1b0d80432c79 | 3108 | static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 4:1b0d80432c79 | 3109 | byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 3110 | { |
wolfSSL | 4:1b0d80432c79 | 3111 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 3112 | |
wolfSSL | 4:1b0d80432c79 | 3113 | if (!isRequest) { |
wolfSSL | 4:1b0d80432c79 | 3114 | /* client side */ |
wolfSSL | 4:1b0d80432c79 | 3115 | if (length != 0) |
wolfSSL | 4:1b0d80432c79 | 3116 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 3117 | |
wolfSSL | 4:1b0d80432c79 | 3118 | ssl->expect_session_ticket = 1; |
wolfSSL | 4:1b0d80432c79 | 3119 | } |
wolfSSL | 4:1b0d80432c79 | 3120 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 3121 | else { |
wolfSSL | 4:1b0d80432c79 | 3122 | /* server side */ |
wolfSSL | 4:1b0d80432c79 | 3123 | if (ssl->ctx->ticketEncCb == NULL) { |
wolfSSL | 4:1b0d80432c79 | 3124 | WOLFSSL_MSG("Client sent session ticket, server has no callback"); |
wolfSSL | 4:1b0d80432c79 | 3125 | return 0; |
wolfSSL | 4:1b0d80432c79 | 3126 | } |
wolfSSL | 4:1b0d80432c79 | 3127 | |
wolfSSL | 4:1b0d80432c79 | 3128 | if (length == 0) { |
wolfSSL | 4:1b0d80432c79 | 3129 | /* blank ticket */ |
wolfSSL | 4:1b0d80432c79 | 3130 | ret = TLSX_UseSessionTicket(&ssl->extensions, NULL); |
wolfSSL | 4:1b0d80432c79 | 3131 | if (ret == SSL_SUCCESS) { |
wolfSSL | 4:1b0d80432c79 | 3132 | ret = 0; |
wolfSSL | 4:1b0d80432c79 | 3133 | TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); /* send blank ticket */ |
wolfSSL | 4:1b0d80432c79 | 3134 | ssl->options.createTicket = 1; /* will send ticket msg */ |
wolfSSL | 4:1b0d80432c79 | 3135 | ssl->options.useTicket = 1; |
wolfSSL | 4:1b0d80432c79 | 3136 | } |
wolfSSL | 4:1b0d80432c79 | 3137 | } else { |
wolfSSL | 4:1b0d80432c79 | 3138 | /* got actual ticket from client */ |
wolfSSL | 4:1b0d80432c79 | 3139 | ret = DoClientTicket(ssl, input, length); |
wolfSSL | 4:1b0d80432c79 | 3140 | if (ret == WOLFSSL_TICKET_RET_OK) { /* use ticket to resume */ |
wolfSSL | 4:1b0d80432c79 | 3141 | WOLFSSL_MSG("Using exisitng client ticket"); |
wolfSSL | 4:1b0d80432c79 | 3142 | ssl->options.useTicket = 1; |
wolfSSL | 4:1b0d80432c79 | 3143 | ssl->options.resuming = 1; |
wolfSSL | 4:1b0d80432c79 | 3144 | } else if (ret == WOLFSSL_TICKET_RET_CREATE) { |
wolfSSL | 4:1b0d80432c79 | 3145 | WOLFSSL_MSG("Using existing client ticket, creating new one"); |
wolfSSL | 4:1b0d80432c79 | 3146 | ret = TLSX_UseSessionTicket(&ssl->extensions, NULL); |
wolfSSL | 4:1b0d80432c79 | 3147 | if (ret == SSL_SUCCESS) { |
wolfSSL | 4:1b0d80432c79 | 3148 | ret = 0; |
wolfSSL | 4:1b0d80432c79 | 3149 | TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); |
wolfSSL | 4:1b0d80432c79 | 3150 | /* send blank ticket */ |
wolfSSL | 4:1b0d80432c79 | 3151 | ssl->options.createTicket = 1; /* will send ticket msg */ |
wolfSSL | 4:1b0d80432c79 | 3152 | ssl->options.useTicket = 1; |
wolfSSL | 4:1b0d80432c79 | 3153 | ssl->options.resuming = 1; |
wolfSSL | 4:1b0d80432c79 | 3154 | } |
wolfSSL | 4:1b0d80432c79 | 3155 | } else if (ret == WOLFSSL_TICKET_RET_REJECT) { |
wolfSSL | 4:1b0d80432c79 | 3156 | WOLFSSL_MSG("Process client ticket rejected, not using"); |
wolfSSL | 4:1b0d80432c79 | 3157 | ret = 0; /* not fatal */ |
wolfSSL | 4:1b0d80432c79 | 3158 | } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) { |
wolfSSL | 4:1b0d80432c79 | 3159 | WOLFSSL_MSG("Process client ticket fatal error, not using"); |
wolfSSL | 4:1b0d80432c79 | 3160 | } |
wolfSSL | 4:1b0d80432c79 | 3161 | } |
wolfSSL | 4:1b0d80432c79 | 3162 | } |
wolfSSL | 4:1b0d80432c79 | 3163 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 4:1b0d80432c79 | 3164 | |
wolfSSL | 4:1b0d80432c79 | 3165 | return ret; |
wolfSSL | 4:1b0d80432c79 | 3166 | } |
wolfSSL | 4:1b0d80432c79 | 3167 | |
wolfSSL | 4:1b0d80432c79 | 3168 | WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, |
wolfSSL | 4:1b0d80432c79 | 3169 | byte* data, word16 size) |
wolfSSL | 4:1b0d80432c79 | 3170 | { |
wolfSSL | 4:1b0d80432c79 | 3171 | SessionTicket* ticket = (SessionTicket*)XMALLOC(sizeof(SessionTicket), |
wolfSSL | 4:1b0d80432c79 | 3172 | NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 3173 | if (ticket) { |
wolfSSL | 4:1b0d80432c79 | 3174 | ticket->data = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 3175 | if (ticket->data == NULL) { |
wolfSSL | 4:1b0d80432c79 | 3176 | XFREE(ticket, NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 3177 | return NULL; |
wolfSSL | 4:1b0d80432c79 | 3178 | } |
wolfSSL | 4:1b0d80432c79 | 3179 | |
wolfSSL | 4:1b0d80432c79 | 3180 | XMEMCPY(ticket->data, data, size); |
wolfSSL | 4:1b0d80432c79 | 3181 | ticket->size = size; |
wolfSSL | 4:1b0d80432c79 | 3182 | ticket->lifetime = lifetime; |
wolfSSL | 4:1b0d80432c79 | 3183 | } |
wolfSSL | 4:1b0d80432c79 | 3184 | |
wolfSSL | 4:1b0d80432c79 | 3185 | return ticket; |
wolfSSL | 4:1b0d80432c79 | 3186 | } |
wolfSSL | 4:1b0d80432c79 | 3187 | WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket) |
wolfSSL | 4:1b0d80432c79 | 3188 | { |
wolfSSL | 4:1b0d80432c79 | 3189 | if (ticket) { |
wolfSSL | 4:1b0d80432c79 | 3190 | XFREE(ticket->data, NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 3191 | XFREE(ticket, NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 3192 | } |
wolfSSL | 4:1b0d80432c79 | 3193 | } |
wolfSSL | 4:1b0d80432c79 | 3194 | |
wolfSSL | 4:1b0d80432c79 | 3195 | int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket) |
wolfSSL | 4:1b0d80432c79 | 3196 | { |
wolfSSL | 4:1b0d80432c79 | 3197 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 3198 | |
wolfSSL | 4:1b0d80432c79 | 3199 | if (extensions == NULL) |
wolfSSL | 4:1b0d80432c79 | 3200 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 3201 | |
wolfSSL | 4:1b0d80432c79 | 3202 | /* If the ticket is NULL, the client will request a new ticket from the |
wolfSSL | 4:1b0d80432c79 | 3203 | server. Otherwise, the client will use it in the next client hello. */ |
wolfSSL | 4:1b0d80432c79 | 3204 | if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket)) != 0) |
wolfSSL | 4:1b0d80432c79 | 3205 | return ret; |
wolfSSL | 4:1b0d80432c79 | 3206 | |
wolfSSL | 4:1b0d80432c79 | 3207 | return SSL_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 3208 | } |
wolfSSL | 4:1b0d80432c79 | 3209 | |
wolfSSL | 4:1b0d80432c79 | 3210 | #define STK_VALIDATE_REQUEST TLSX_SessionTicket_ValidateRequest |
wolfSSL | 4:1b0d80432c79 | 3211 | #define STK_GET_SIZE TLSX_SessionTicket_GetSize |
wolfSSL | 4:1b0d80432c79 | 3212 | #define STK_WRITE TLSX_SessionTicket_Write |
wolfSSL | 4:1b0d80432c79 | 3213 | #define STK_PARSE TLSX_SessionTicket_Parse |
wolfSSL | 4:1b0d80432c79 | 3214 | |
wolfSSL | 4:1b0d80432c79 | 3215 | #else |
wolfSSL | 4:1b0d80432c79 | 3216 | |
wolfSSL | 4:1b0d80432c79 | 3217 | #define STK_VALIDATE_REQUEST(a) |
wolfSSL | 4:1b0d80432c79 | 3218 | #define STK_GET_SIZE(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 3219 | #define STK_WRITE(a, b, c) 0 |
wolfSSL | 4:1b0d80432c79 | 3220 | #define STK_PARSE(a, b, c, d) 0 |
wolfSSL | 4:1b0d80432c79 | 3221 | |
wolfSSL | 4:1b0d80432c79 | 3222 | #endif /* HAVE_SESSION_TICKET */ |
wolfSSL | 4:1b0d80432c79 | 3223 | |
wolfSSL | 4:1b0d80432c79 | 3224 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 3225 | /* Quantum-Safe-Hybrid */ |
wolfSSL | 4:1b0d80432c79 | 3226 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 3227 | |
wolfSSL | 4:1b0d80432c79 | 3228 | #ifdef HAVE_QSH |
wolfSSL | 4:1b0d80432c79 | 3229 | static WC_RNG* rng; |
wolfSSL | 4:1b0d80432c79 | 3230 | static wolfSSL_Mutex* rngMutex; |
wolfSSL | 4:1b0d80432c79 | 3231 | |
wolfSSL | 4:1b0d80432c79 | 3232 | static void TLSX_QSH_FreeAll(QSHScheme* list) |
wolfSSL | 4:1b0d80432c79 | 3233 | { |
wolfSSL | 4:1b0d80432c79 | 3234 | QSHScheme* current; |
wolfSSL | 4:1b0d80432c79 | 3235 | |
wolfSSL | 4:1b0d80432c79 | 3236 | while ((current = list)) { |
wolfSSL | 4:1b0d80432c79 | 3237 | list = current->next; |
wolfSSL | 4:1b0d80432c79 | 3238 | XFREE(current, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 3239 | } |
wolfSSL | 4:1b0d80432c79 | 3240 | } |
wolfSSL | 4:1b0d80432c79 | 3241 | |
wolfSSL | 4:1b0d80432c79 | 3242 | static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub, |
wolfSSL | 4:1b0d80432c79 | 3243 | word16 pubLen) |
wolfSSL | 4:1b0d80432c79 | 3244 | { |
wolfSSL | 4:1b0d80432c79 | 3245 | QSHScheme* temp; |
wolfSSL | 4:1b0d80432c79 | 3246 | |
wolfSSL | 4:1b0d80432c79 | 3247 | if (list == NULL) |
wolfSSL | 4:1b0d80432c79 | 3248 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 3249 | |
wolfSSL | 4:1b0d80432c79 | 3250 | if ((temp = (QSHScheme*)XMALLOC(sizeof(QSHScheme), NULL, |
wolfSSL | 4:1b0d80432c79 | 3251 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 4:1b0d80432c79 | 3252 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 3253 | |
wolfSSL | 4:1b0d80432c79 | 3254 | temp->name = name; |
wolfSSL | 4:1b0d80432c79 | 3255 | temp->PK = pub; |
wolfSSL | 4:1b0d80432c79 | 3256 | temp->PKLen = pubLen; |
wolfSSL | 4:1b0d80432c79 | 3257 | temp->next = *list; |
wolfSSL | 4:1b0d80432c79 | 3258 | |
wolfSSL | 4:1b0d80432c79 | 3259 | *list = temp; |
wolfSSL | 4:1b0d80432c79 | 3260 | |
wolfSSL | 4:1b0d80432c79 | 3261 | return 0; |
wolfSSL | 4:1b0d80432c79 | 3262 | } |
wolfSSL | 4:1b0d80432c79 | 3263 | |
wolfSSL | 4:1b0d80432c79 | 3264 | |
wolfSSL | 4:1b0d80432c79 | 3265 | /* request for server's public key : 02 indicates 0-2 requested */ |
wolfSSL | 4:1b0d80432c79 | 3266 | static byte TLSX_QSH_SerPKReq(byte* output, byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 3267 | { |
wolfSSL | 4:1b0d80432c79 | 3268 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 3269 | /* only request one public key from the server */ |
wolfSSL | 4:1b0d80432c79 | 3270 | output[0] = 0x01; |
wolfSSL | 4:1b0d80432c79 | 3271 | |
wolfSSL | 4:1b0d80432c79 | 3272 | return OPAQUE8_LEN; |
wolfSSL | 4:1b0d80432c79 | 3273 | } |
wolfSSL | 4:1b0d80432c79 | 3274 | else { |
wolfSSL | 4:1b0d80432c79 | 3275 | return 0; |
wolfSSL | 4:1b0d80432c79 | 3276 | } |
wolfSSL | 4:1b0d80432c79 | 3277 | } |
wolfSSL | 4:1b0d80432c79 | 3278 | |
wolfSSL | 4:1b0d80432c79 | 3279 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 4:1b0d80432c79 | 3280 | |
wolfSSL | 4:1b0d80432c79 | 3281 | /* check for TLS_QSH suite */ |
wolfSSL | 4:1b0d80432c79 | 3282 | static void TLSX_QSH_ValidateRequest(WOLFSSL* ssl, byte* semaphore) |
wolfSSL | 4:1b0d80432c79 | 3283 | { |
wolfSSL | 4:1b0d80432c79 | 3284 | int i; |
wolfSSL | 4:1b0d80432c79 | 3285 | |
wolfSSL | 4:1b0d80432c79 | 3286 | for (i = 0; i < ssl->suites->suiteSz; i+= 2) |
wolfSSL | 4:1b0d80432c79 | 3287 | if (ssl->suites->suites[i] == QSH_BYTE) |
wolfSSL | 4:1b0d80432c79 | 3288 | return; |
wolfSSL | 4:1b0d80432c79 | 3289 | |
wolfSSL | 4:1b0d80432c79 | 3290 | /* No QSH suite found */ |
wolfSSL | 4:1b0d80432c79 | 3291 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_QUANTUM_SAFE_HYBRID)); |
wolfSSL | 4:1b0d80432c79 | 3292 | } |
wolfSSL | 4:1b0d80432c79 | 3293 | |
wolfSSL | 4:1b0d80432c79 | 3294 | |
wolfSSL | 4:1b0d80432c79 | 3295 | /* return the size of the QSH hello extension |
wolfSSL | 4:1b0d80432c79 | 3296 | list the list of QSHScheme structs containing id and key |
wolfSSL | 4:1b0d80432c79 | 3297 | isRequest if 1 then is being sent to the server |
wolfSSL | 4:1b0d80432c79 | 3298 | */ |
wolfSSL | 4:1b0d80432c79 | 3299 | word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 3300 | { |
wolfSSL | 4:1b0d80432c79 | 3301 | QSHScheme* temp = list; |
wolfSSL | 4:1b0d80432c79 | 3302 | word16 length = 0; |
wolfSSL | 4:1b0d80432c79 | 3303 | |
wolfSSL | 4:1b0d80432c79 | 3304 | /* account for size of scheme list and public key list */ |
wolfSSL | 4:1b0d80432c79 | 3305 | if (isRequest) |
wolfSSL | 4:1b0d80432c79 | 3306 | length = OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3307 | length += OPAQUE24_LEN; |
wolfSSL | 4:1b0d80432c79 | 3308 | |
wolfSSL | 4:1b0d80432c79 | 3309 | /* for each non null element in list add size */ |
wolfSSL | 4:1b0d80432c79 | 3310 | while ((temp)) { |
wolfSSL | 4:1b0d80432c79 | 3311 | /* add public key info Scheme | Key Length | Key */ |
wolfSSL | 4:1b0d80432c79 | 3312 | length += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3313 | length += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3314 | length += temp->PKLen; |
wolfSSL | 4:1b0d80432c79 | 3315 | |
wolfSSL | 4:1b0d80432c79 | 3316 | /* if client add name size for scheme list |
wolfSSL | 4:1b0d80432c79 | 3317 | advance to next QSHScheme struct in list */ |
wolfSSL | 4:1b0d80432c79 | 3318 | if (isRequest) |
wolfSSL | 4:1b0d80432c79 | 3319 | length += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3320 | temp = temp->next; |
wolfSSL | 4:1b0d80432c79 | 3321 | } |
wolfSSL | 4:1b0d80432c79 | 3322 | |
wolfSSL | 4:1b0d80432c79 | 3323 | /* add length for request server public keys */ |
wolfSSL | 4:1b0d80432c79 | 3324 | if (isRequest) |
wolfSSL | 4:1b0d80432c79 | 3325 | length += OPAQUE8_LEN; |
wolfSSL | 4:1b0d80432c79 | 3326 | |
wolfSSL | 4:1b0d80432c79 | 3327 | return length; |
wolfSSL | 4:1b0d80432c79 | 3328 | } |
wolfSSL | 4:1b0d80432c79 | 3329 | |
wolfSSL | 4:1b0d80432c79 | 3330 | |
wolfSSL | 4:1b0d80432c79 | 3331 | /* write out a list of QSHScheme IDs */ |
wolfSSL | 4:1b0d80432c79 | 3332 | static word16 TLSX_QSH_Write(QSHScheme* list, byte* output) |
wolfSSL | 4:1b0d80432c79 | 3333 | { |
wolfSSL | 4:1b0d80432c79 | 3334 | QSHScheme* current = list; |
wolfSSL | 4:1b0d80432c79 | 3335 | word16 length = 0; |
wolfSSL | 4:1b0d80432c79 | 3336 | |
wolfSSL | 4:1b0d80432c79 | 3337 | length += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3338 | |
wolfSSL | 4:1b0d80432c79 | 3339 | while (current) { |
wolfSSL | 4:1b0d80432c79 | 3340 | c16toa(current->name, output + length); |
wolfSSL | 4:1b0d80432c79 | 3341 | length += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3342 | current = (QSHScheme*)current->next; |
wolfSSL | 4:1b0d80432c79 | 3343 | } |
wolfSSL | 4:1b0d80432c79 | 3344 | |
wolfSSL | 4:1b0d80432c79 | 3345 | c16toa(length - OPAQUE16_LEN, output); /* writing list length */ |
wolfSSL | 4:1b0d80432c79 | 3346 | |
wolfSSL | 4:1b0d80432c79 | 3347 | return length; |
wolfSSL | 4:1b0d80432c79 | 3348 | } |
wolfSSL | 4:1b0d80432c79 | 3349 | |
wolfSSL | 4:1b0d80432c79 | 3350 | |
wolfSSL | 4:1b0d80432c79 | 3351 | /* write public key list in extension */ |
wolfSSL | 4:1b0d80432c79 | 3352 | static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output); |
wolfSSL | 4:1b0d80432c79 | 3353 | static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output) |
wolfSSL | 4:1b0d80432c79 | 3354 | { |
wolfSSL | 4:1b0d80432c79 | 3355 | word32 offset = 0; |
wolfSSL | 4:1b0d80432c79 | 3356 | word16 public_len = 0; |
wolfSSL | 4:1b0d80432c79 | 3357 | |
wolfSSL | 4:1b0d80432c79 | 3358 | if (!format) |
wolfSSL | 4:1b0d80432c79 | 3359 | return offset; |
wolfSSL | 4:1b0d80432c79 | 3360 | |
wolfSSL | 4:1b0d80432c79 | 3361 | /* write scheme ID */ |
wolfSSL | 4:1b0d80432c79 | 3362 | c16toa(format->name, output + offset); |
wolfSSL | 4:1b0d80432c79 | 3363 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3364 | |
wolfSSL | 4:1b0d80432c79 | 3365 | /* write public key matching scheme */ |
wolfSSL | 4:1b0d80432c79 | 3366 | public_len = format->PKLen; |
wolfSSL | 4:1b0d80432c79 | 3367 | c16toa(public_len, output + offset); |
wolfSSL | 4:1b0d80432c79 | 3368 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3369 | if (format->PK) { |
wolfSSL | 4:1b0d80432c79 | 3370 | XMEMCPY(output+offset, format->PK, public_len); |
wolfSSL | 4:1b0d80432c79 | 3371 | } |
wolfSSL | 4:1b0d80432c79 | 3372 | |
wolfSSL | 4:1b0d80432c79 | 3373 | return public_len + offset; |
wolfSSL | 4:1b0d80432c79 | 3374 | } |
wolfSSL | 4:1b0d80432c79 | 3375 | |
wolfSSL | 4:1b0d80432c79 | 3376 | word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output) |
wolfSSL | 4:1b0d80432c79 | 3377 | { |
wolfSSL | 4:1b0d80432c79 | 3378 | QSHScheme* current = list; |
wolfSSL | 4:1b0d80432c79 | 3379 | word32 length = 0; |
wolfSSL | 4:1b0d80432c79 | 3380 | word24 toWire; |
wolfSSL | 4:1b0d80432c79 | 3381 | |
wolfSSL | 4:1b0d80432c79 | 3382 | length += OPAQUE24_LEN; |
wolfSSL | 4:1b0d80432c79 | 3383 | |
wolfSSL | 4:1b0d80432c79 | 3384 | while (current) { |
wolfSSL | 4:1b0d80432c79 | 3385 | length += TLSX_QSHPK_WriteR(current, output + length); |
wolfSSL | 4:1b0d80432c79 | 3386 | current = (QSHScheme*)current->next; |
wolfSSL | 4:1b0d80432c79 | 3387 | } |
wolfSSL | 4:1b0d80432c79 | 3388 | /* length of public keys sent */ |
wolfSSL | 4:1b0d80432c79 | 3389 | c32to24(length - OPAQUE24_LEN, toWire); |
wolfSSL | 4:1b0d80432c79 | 3390 | output[0] = toWire[0]; |
wolfSSL | 4:1b0d80432c79 | 3391 | output[1] = toWire[1]; |
wolfSSL | 4:1b0d80432c79 | 3392 | output[2] = toWire[2]; |
wolfSSL | 4:1b0d80432c79 | 3393 | |
wolfSSL | 4:1b0d80432c79 | 3394 | return length; |
wolfSSL | 4:1b0d80432c79 | 3395 | } |
wolfSSL | 4:1b0d80432c79 | 3396 | |
wolfSSL | 4:1b0d80432c79 | 3397 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 4:1b0d80432c79 | 3398 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 3399 | |
wolfSSL | 4:1b0d80432c79 | 3400 | static void TLSX_QSHAgreement(TLSX** extensions) |
wolfSSL | 4:1b0d80432c79 | 3401 | { |
wolfSSL | 4:1b0d80432c79 | 3402 | TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 4:1b0d80432c79 | 3403 | QSHScheme* format = NULL; |
wolfSSL | 4:1b0d80432c79 | 3404 | QSHScheme* del = NULL; |
wolfSSL | 4:1b0d80432c79 | 3405 | QSHScheme* prev = NULL; |
wolfSSL | 4:1b0d80432c79 | 3406 | |
wolfSSL | 4:1b0d80432c79 | 3407 | if (extension == NULL) |
wolfSSL | 4:1b0d80432c79 | 3408 | return; |
wolfSSL | 4:1b0d80432c79 | 3409 | |
wolfSSL | 4:1b0d80432c79 | 3410 | format = (QSHScheme*)extension->data; |
wolfSSL | 4:1b0d80432c79 | 3411 | while (format) { |
wolfSSL | 4:1b0d80432c79 | 3412 | if (format->PKLen == 0) { |
wolfSSL | 4:1b0d80432c79 | 3413 | /* case of head */ |
wolfSSL | 4:1b0d80432c79 | 3414 | if (format == extension->data) { |
wolfSSL | 4:1b0d80432c79 | 3415 | extension->data = format->next; |
wolfSSL | 4:1b0d80432c79 | 3416 | } |
wolfSSL | 4:1b0d80432c79 | 3417 | if (prev) |
wolfSSL | 4:1b0d80432c79 | 3418 | prev->next = format->next; |
wolfSSL | 4:1b0d80432c79 | 3419 | del = format; |
wolfSSL | 4:1b0d80432c79 | 3420 | format = format->next; |
wolfSSL | 4:1b0d80432c79 | 3421 | XFREE(del, 0, DYNAMIC_TYPE_TMP_ARRAY); |
wolfSSL | 4:1b0d80432c79 | 3422 | del = NULL; |
wolfSSL | 4:1b0d80432c79 | 3423 | } else { |
wolfSSL | 4:1b0d80432c79 | 3424 | prev = format; |
wolfSSL | 4:1b0d80432c79 | 3425 | format = format->next; |
wolfSSL | 4:1b0d80432c79 | 3426 | } |
wolfSSL | 4:1b0d80432c79 | 3427 | } |
wolfSSL | 4:1b0d80432c79 | 3428 | } |
wolfSSL | 4:1b0d80432c79 | 3429 | |
wolfSSL | 4:1b0d80432c79 | 3430 | |
wolfSSL | 4:1b0d80432c79 | 3431 | /* Parse in hello extension |
wolfSSL | 4:1b0d80432c79 | 3432 | input the byte stream to process |
wolfSSL | 4:1b0d80432c79 | 3433 | length length of total extension found |
wolfSSL | 4:1b0d80432c79 | 3434 | isRequest set to 1 if being sent to the server |
wolfSSL | 4:1b0d80432c79 | 3435 | */ |
wolfSSL | 4:1b0d80432c79 | 3436 | static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 4:1b0d80432c79 | 3437 | byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 3438 | { |
wolfSSL | 4:1b0d80432c79 | 3439 | byte numKeys = 0; |
wolfSSL | 4:1b0d80432c79 | 3440 | word16 offset = 0; |
wolfSSL | 4:1b0d80432c79 | 3441 | word16 schemSz = 0; |
wolfSSL | 4:1b0d80432c79 | 3442 | word16 offset_len = 0; |
wolfSSL | 4:1b0d80432c79 | 3443 | word32 offset_pk = 0; |
wolfSSL | 4:1b0d80432c79 | 3444 | word16 name = 0; |
wolfSSL | 4:1b0d80432c79 | 3445 | word16 PKLen = 0; |
wolfSSL | 4:1b0d80432c79 | 3446 | byte* PK = NULL; |
wolfSSL | 4:1b0d80432c79 | 3447 | int r; |
wolfSSL | 4:1b0d80432c79 | 3448 | |
wolfSSL | 4:1b0d80432c79 | 3449 | |
wolfSSL | 4:1b0d80432c79 | 3450 | if (OPAQUE16_LEN > length) |
wolfSSL | 4:1b0d80432c79 | 3451 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 3452 | |
wolfSSL | 4:1b0d80432c79 | 3453 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 3454 | ato16(input, &schemSz); |
wolfSSL | 4:1b0d80432c79 | 3455 | |
wolfSSL | 4:1b0d80432c79 | 3456 | /* list of public keys available for QSH schemes */ |
wolfSSL | 4:1b0d80432c79 | 3457 | offset_len = schemSz + OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3458 | } |
wolfSSL | 4:1b0d80432c79 | 3459 | |
wolfSSL | 4:1b0d80432c79 | 3460 | offset_pk = ((input[offset_len] << 16) & 0xFF00000) | |
wolfSSL | 4:1b0d80432c79 | 3461 | (((input[offset_len + 1]) << 8) & 0xFF00) | |
wolfSSL | 4:1b0d80432c79 | 3462 | (input[offset_len + 2] & 0xFF); |
wolfSSL | 4:1b0d80432c79 | 3463 | offset_len += OPAQUE24_LEN; |
wolfSSL | 4:1b0d80432c79 | 3464 | |
wolfSSL | 4:1b0d80432c79 | 3465 | /* check buffer size */ |
wolfSSL | 4:1b0d80432c79 | 3466 | if (offset_pk > length) |
wolfSSL | 4:1b0d80432c79 | 3467 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 3468 | |
wolfSSL | 4:1b0d80432c79 | 3469 | /* set maximum number of keys the client will accept */ |
wolfSSL | 4:1b0d80432c79 | 3470 | if (!isRequest) |
wolfSSL | 4:1b0d80432c79 | 3471 | numKeys = (ssl->maxRequest < 1)? 1 : ssl->maxRequest; |
wolfSSL | 4:1b0d80432c79 | 3472 | |
wolfSSL | 4:1b0d80432c79 | 3473 | /* hello extension read list of scheme ids */ |
wolfSSL | 4:1b0d80432c79 | 3474 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 3475 | |
wolfSSL | 4:1b0d80432c79 | 3476 | /* read in request for public keys */ |
wolfSSL | 4:1b0d80432c79 | 3477 | ssl->minRequest = (input[length -1] >> 4) & 0xFF; |
wolfSSL | 4:1b0d80432c79 | 3478 | ssl->maxRequest = input[length -1] & 0x0F; |
wolfSSL | 4:1b0d80432c79 | 3479 | |
wolfSSL | 4:1b0d80432c79 | 3480 | /* choose the min between min requested by client and 1 */ |
wolfSSL | 4:1b0d80432c79 | 3481 | numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1; |
wolfSSL | 4:1b0d80432c79 | 3482 | |
wolfSSL | 4:1b0d80432c79 | 3483 | if (ssl->minRequest > ssl->maxRequest) |
wolfSSL | 4:1b0d80432c79 | 3484 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 3485 | |
wolfSSL | 4:1b0d80432c79 | 3486 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3487 | schemSz += offset; |
wolfSSL | 4:1b0d80432c79 | 3488 | |
wolfSSL | 4:1b0d80432c79 | 3489 | /* check buffer size */ |
wolfSSL | 4:1b0d80432c79 | 3490 | if (schemSz > length) |
wolfSSL | 4:1b0d80432c79 | 3491 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 3492 | |
wolfSSL | 4:1b0d80432c79 | 3493 | while ((offset < schemSz) && numKeys) { |
wolfSSL | 4:1b0d80432c79 | 3494 | /* Scheme ID list */ |
wolfSSL | 4:1b0d80432c79 | 3495 | ato16(input + offset, &name); |
wolfSSL | 4:1b0d80432c79 | 3496 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3497 | |
wolfSSL | 4:1b0d80432c79 | 3498 | /* validate we have scheme id */ |
wolfSSL | 4:1b0d80432c79 | 3499 | if (ssl->user_set_QSHSchemes && |
wolfSSL | 4:1b0d80432c79 | 3500 | !TLSX_ValidateQSHScheme(&ssl->extensions, name)) { |
wolfSSL | 4:1b0d80432c79 | 3501 | continue; |
wolfSSL | 4:1b0d80432c79 | 3502 | } |
wolfSSL | 4:1b0d80432c79 | 3503 | |
wolfSSL | 4:1b0d80432c79 | 3504 | /* server create keys on demand */ |
wolfSSL | 4:1b0d80432c79 | 3505 | if ((r = TLSX_CreateNtruKey(ssl, name)) != 0) { |
wolfSSL | 4:1b0d80432c79 | 3506 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 4:1b0d80432c79 | 3507 | return r; |
wolfSSL | 4:1b0d80432c79 | 3508 | } |
wolfSSL | 4:1b0d80432c79 | 3509 | |
wolfSSL | 4:1b0d80432c79 | 3510 | /* peer sent an agreed upon scheme */ |
wolfSSL | 4:1b0d80432c79 | 3511 | r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0); |
wolfSSL | 4:1b0d80432c79 | 3512 | |
wolfSSL | 4:1b0d80432c79 | 3513 | if (r != SSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 4:1b0d80432c79 | 3514 | |
wolfSSL | 4:1b0d80432c79 | 3515 | numKeys--; |
wolfSSL | 4:1b0d80432c79 | 3516 | } |
wolfSSL | 4:1b0d80432c79 | 3517 | |
wolfSSL | 4:1b0d80432c79 | 3518 | /* choose the min between min requested by client and 1 */ |
wolfSSL | 4:1b0d80432c79 | 3519 | numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1; |
wolfSSL | 4:1b0d80432c79 | 3520 | } |
wolfSSL | 4:1b0d80432c79 | 3521 | |
wolfSSL | 4:1b0d80432c79 | 3522 | /* QSHPK struct */ |
wolfSSL | 4:1b0d80432c79 | 3523 | offset_pk += offset_len; |
wolfSSL | 4:1b0d80432c79 | 3524 | while ((offset_len < offset_pk) && numKeys) { |
wolfSSL | 4:1b0d80432c79 | 3525 | QSHKey * temp; |
wolfSSL | 4:1b0d80432c79 | 3526 | |
wolfSSL | 4:1b0d80432c79 | 3527 | if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), NULL, |
wolfSSL | 4:1b0d80432c79 | 3528 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 4:1b0d80432c79 | 3529 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 3530 | |
wolfSSL | 4:1b0d80432c79 | 3531 | /* initialize */ |
wolfSSL | 4:1b0d80432c79 | 3532 | temp->next = NULL; |
wolfSSL | 4:1b0d80432c79 | 3533 | temp->pub.buffer = NULL; |
wolfSSL | 4:1b0d80432c79 | 3534 | temp->pub.length = 0; |
wolfSSL | 4:1b0d80432c79 | 3535 | temp->pri.buffer = NULL; |
wolfSSL | 4:1b0d80432c79 | 3536 | temp->pri.length = 0; |
wolfSSL | 4:1b0d80432c79 | 3537 | |
wolfSSL | 4:1b0d80432c79 | 3538 | /* scheme id */ |
wolfSSL | 4:1b0d80432c79 | 3539 | ato16(input + offset_len, &(temp->name)); |
wolfSSL | 4:1b0d80432c79 | 3540 | offset_len += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3541 | |
wolfSSL | 4:1b0d80432c79 | 3542 | /* public key length */ |
wolfSSL | 4:1b0d80432c79 | 3543 | ato16(input + offset_len, &PKLen); |
wolfSSL | 4:1b0d80432c79 | 3544 | temp->pub.length = PKLen; |
wolfSSL | 4:1b0d80432c79 | 3545 | offset_len += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3546 | |
wolfSSL | 4:1b0d80432c79 | 3547 | |
wolfSSL | 4:1b0d80432c79 | 3548 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 3549 | /* validate we have scheme id */ |
wolfSSL | 4:1b0d80432c79 | 3550 | if (ssl->user_set_QSHSchemes && |
wolfSSL | 4:1b0d80432c79 | 3551 | (!TLSX_ValidateQSHScheme(&ssl->extensions, temp->name))) { |
wolfSSL | 4:1b0d80432c79 | 3552 | offset_len += PKLen; |
wolfSSL | 4:1b0d80432c79 | 3553 | XFREE(temp, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 3554 | continue; |
wolfSSL | 4:1b0d80432c79 | 3555 | } |
wolfSSL | 4:1b0d80432c79 | 3556 | } |
wolfSSL | 4:1b0d80432c79 | 3557 | |
wolfSSL | 4:1b0d80432c79 | 3558 | /* read in public key */ |
wolfSSL | 4:1b0d80432c79 | 3559 | if (PKLen > 0) { |
wolfSSL | 4:1b0d80432c79 | 3560 | temp->pub.buffer = (byte*)XMALLOC(temp->pub.length, |
wolfSSL | 4:1b0d80432c79 | 3561 | NULL, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 4:1b0d80432c79 | 3562 | XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length); |
wolfSSL | 4:1b0d80432c79 | 3563 | offset_len += PKLen; |
wolfSSL | 4:1b0d80432c79 | 3564 | } |
wolfSSL | 4:1b0d80432c79 | 3565 | else { |
wolfSSL | 4:1b0d80432c79 | 3566 | PK = NULL; |
wolfSSL | 4:1b0d80432c79 | 3567 | } |
wolfSSL | 4:1b0d80432c79 | 3568 | |
wolfSSL | 4:1b0d80432c79 | 3569 | /* use own key when adding to extensions list for sending reply */ |
wolfSSL | 4:1b0d80432c79 | 3570 | PKLen = 0; |
wolfSSL | 4:1b0d80432c79 | 3571 | PK = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &PKLen, temp->name); |
wolfSSL | 4:1b0d80432c79 | 3572 | r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen); |
wolfSSL | 4:1b0d80432c79 | 3573 | |
wolfSSL | 4:1b0d80432c79 | 3574 | /* store peers key */ |
wolfSSL | 4:1b0d80432c79 | 3575 | ssl->peerQSHKeyPresent = 1; |
wolfSSL | 4:1b0d80432c79 | 3576 | if (TLSX_AddQSHKey(&ssl->peerQSHKey, temp) != 0) |
wolfSSL | 4:1b0d80432c79 | 3577 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 3578 | |
wolfSSL | 4:1b0d80432c79 | 3579 | if (temp->pub.length == 0) { |
wolfSSL | 4:1b0d80432c79 | 3580 | XFREE(temp, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 3581 | } |
wolfSSL | 4:1b0d80432c79 | 3582 | |
wolfSSL | 4:1b0d80432c79 | 3583 | if (r != SSL_SUCCESS) {return r;} /* throw error */ |
wolfSSL | 4:1b0d80432c79 | 3584 | |
wolfSSL | 4:1b0d80432c79 | 3585 | numKeys--; |
wolfSSL | 4:1b0d80432c79 | 3586 | } |
wolfSSL | 4:1b0d80432c79 | 3587 | |
wolfSSL | 4:1b0d80432c79 | 3588 | /* reply to a QSH extension sent from client */ |
wolfSSL | 4:1b0d80432c79 | 3589 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 3590 | TLSX_SetResponse(ssl, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 4:1b0d80432c79 | 3591 | /* only use schemes we have key generated for -- free the rest */ |
wolfSSL | 4:1b0d80432c79 | 3592 | TLSX_QSHAgreement(&ssl->extensions); |
wolfSSL | 4:1b0d80432c79 | 3593 | } |
wolfSSL | 4:1b0d80432c79 | 3594 | |
wolfSSL | 4:1b0d80432c79 | 3595 | return 0; |
wolfSSL | 4:1b0d80432c79 | 3596 | } |
wolfSSL | 4:1b0d80432c79 | 3597 | |
wolfSSL | 4:1b0d80432c79 | 3598 | |
wolfSSL | 4:1b0d80432c79 | 3599 | /* Used for parsing in QSHCipher structs on Key Exchange */ |
wolfSSL | 4:1b0d80432c79 | 3600 | int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length, |
wolfSSL | 4:1b0d80432c79 | 3601 | byte isServer) |
wolfSSL | 4:1b0d80432c79 | 3602 | { |
wolfSSL | 4:1b0d80432c79 | 3603 | QSHKey* key; |
wolfSSL | 4:1b0d80432c79 | 3604 | word16 Max_Secret_Len = 48; |
wolfSSL | 4:1b0d80432c79 | 3605 | word16 offset = 0; |
wolfSSL | 4:1b0d80432c79 | 3606 | word16 offset_len = 0; |
wolfSSL | 4:1b0d80432c79 | 3607 | word32 offset_pk = 0; |
wolfSSL | 4:1b0d80432c79 | 3608 | word16 name = 0; |
wolfSSL | 4:1b0d80432c79 | 3609 | word16 secretLen = 0; |
wolfSSL | 4:1b0d80432c79 | 3610 | byte* secret = NULL; |
wolfSSL | 4:1b0d80432c79 | 3611 | word16 buffLen = 0; |
wolfSSL | 4:1b0d80432c79 | 3612 | byte buff[145]; /* size enough for 3 secrets */ |
wolfSSL | 4:1b0d80432c79 | 3613 | buffer* buf; |
wolfSSL | 4:1b0d80432c79 | 3614 | |
wolfSSL | 4:1b0d80432c79 | 3615 | /* pointer to location where secret should be stored */ |
wolfSSL | 4:1b0d80432c79 | 3616 | if (isServer) { |
wolfSSL | 4:1b0d80432c79 | 3617 | buf = ssl->QSH_secret->CliSi; |
wolfSSL | 4:1b0d80432c79 | 3618 | } |
wolfSSL | 4:1b0d80432c79 | 3619 | else { |
wolfSSL | 4:1b0d80432c79 | 3620 | buf = ssl->QSH_secret->SerSi; |
wolfSSL | 4:1b0d80432c79 | 3621 | } |
wolfSSL | 4:1b0d80432c79 | 3622 | |
wolfSSL | 4:1b0d80432c79 | 3623 | offset_pk = ((input[offset_len] << 16) & 0xFF0000) | |
wolfSSL | 4:1b0d80432c79 | 3624 | (((input[offset_len + 1]) << 8) & 0xFF00) | |
wolfSSL | 4:1b0d80432c79 | 3625 | (input[offset_len + 2] & 0xFF); |
wolfSSL | 4:1b0d80432c79 | 3626 | offset_len += OPAQUE24_LEN; |
wolfSSL | 4:1b0d80432c79 | 3627 | |
wolfSSL | 4:1b0d80432c79 | 3628 | /* validating extension list length -- check if trying to read over edge |
wolfSSL | 4:1b0d80432c79 | 3629 | of buffer */ |
wolfSSL | 4:1b0d80432c79 | 3630 | if (length < (offset_pk + OPAQUE24_LEN)) { |
wolfSSL | 4:1b0d80432c79 | 3631 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 3632 | } |
wolfSSL | 4:1b0d80432c79 | 3633 | |
wolfSSL | 4:1b0d80432c79 | 3634 | /* QSHCipherList struct */ |
wolfSSL | 4:1b0d80432c79 | 3635 | offset_pk += offset_len; |
wolfSSL | 4:1b0d80432c79 | 3636 | while (offset_len < offset_pk) { |
wolfSSL | 4:1b0d80432c79 | 3637 | |
wolfSSL | 4:1b0d80432c79 | 3638 | /* scheme id */ |
wolfSSL | 4:1b0d80432c79 | 3639 | ato16(input + offset_len, &name); |
wolfSSL | 4:1b0d80432c79 | 3640 | offset_len += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3641 | |
wolfSSL | 4:1b0d80432c79 | 3642 | /* public key length */ |
wolfSSL | 4:1b0d80432c79 | 3643 | ato16(input + offset_len, &secretLen); |
wolfSSL | 4:1b0d80432c79 | 3644 | offset_len += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3645 | |
wolfSSL | 4:1b0d80432c79 | 3646 | /* read in public key */ |
wolfSSL | 4:1b0d80432c79 | 3647 | if (secretLen > 0) { |
wolfSSL | 4:1b0d80432c79 | 3648 | secret = (byte*)(input + offset_len); |
wolfSSL | 4:1b0d80432c79 | 3649 | offset_len += secretLen; |
wolfSSL | 4:1b0d80432c79 | 3650 | } |
wolfSSL | 4:1b0d80432c79 | 3651 | else { |
wolfSSL | 4:1b0d80432c79 | 3652 | secret = NULL; |
wolfSSL | 4:1b0d80432c79 | 3653 | } |
wolfSSL | 4:1b0d80432c79 | 3654 | |
wolfSSL | 4:1b0d80432c79 | 3655 | /* no secret sent */ |
wolfSSL | 4:1b0d80432c79 | 3656 | if (secret == NULL) |
wolfSSL | 4:1b0d80432c79 | 3657 | continue; |
wolfSSL | 4:1b0d80432c79 | 3658 | |
wolfSSL | 4:1b0d80432c79 | 3659 | /* find corresponding key */ |
wolfSSL | 4:1b0d80432c79 | 3660 | key = ssl->QSH_Key; |
wolfSSL | 4:1b0d80432c79 | 3661 | while (key) { |
wolfSSL | 4:1b0d80432c79 | 3662 | if (key->name == name) |
wolfSSL | 4:1b0d80432c79 | 3663 | break; |
wolfSSL | 4:1b0d80432c79 | 3664 | else |
wolfSSL | 4:1b0d80432c79 | 3665 | key = (QSHKey*)key->next; |
wolfSSL | 4:1b0d80432c79 | 3666 | } |
wolfSSL | 4:1b0d80432c79 | 3667 | |
wolfSSL | 4:1b0d80432c79 | 3668 | /* if we do not have the key than there was a big issue negotiation */ |
wolfSSL | 4:1b0d80432c79 | 3669 | if (key == NULL) { |
wolfSSL | 4:1b0d80432c79 | 3670 | WOLFSSL_MSG("key was null for decryption!!!\n"); |
wolfSSL | 4:1b0d80432c79 | 3671 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 3672 | } |
wolfSSL | 4:1b0d80432c79 | 3673 | |
wolfSSL | 4:1b0d80432c79 | 3674 | /* Decrypt sent secret */ |
wolfSSL | 4:1b0d80432c79 | 3675 | buffLen = Max_Secret_Len; |
wolfSSL | 4:1b0d80432c79 | 3676 | QSH_Decrypt(key, secret, secretLen, buff + offset, &buffLen); |
wolfSSL | 4:1b0d80432c79 | 3677 | offset += buffLen; |
wolfSSL | 4:1b0d80432c79 | 3678 | } |
wolfSSL | 4:1b0d80432c79 | 3679 | |
wolfSSL | 4:1b0d80432c79 | 3680 | /* allocate memory for buffer */ |
wolfSSL | 4:1b0d80432c79 | 3681 | buf->length = offset; |
wolfSSL | 4:1b0d80432c79 | 3682 | buf->buffer = (byte*)XMALLOC(offset, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 3683 | if (buf->buffer == NULL) |
wolfSSL | 4:1b0d80432c79 | 3684 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 3685 | |
wolfSSL | 4:1b0d80432c79 | 3686 | /* store secrets */ |
wolfSSL | 4:1b0d80432c79 | 3687 | XMEMCPY(buf->buffer, buff, offset); |
wolfSSL | 4:1b0d80432c79 | 3688 | ForceZero(buff, offset); |
wolfSSL | 4:1b0d80432c79 | 3689 | |
wolfSSL | 4:1b0d80432c79 | 3690 | return offset_len; |
wolfSSL | 4:1b0d80432c79 | 3691 | } |
wolfSSL | 4:1b0d80432c79 | 3692 | |
wolfSSL | 4:1b0d80432c79 | 3693 | |
wolfSSL | 4:1b0d80432c79 | 3694 | /* return 1 on success */ |
wolfSSL | 4:1b0d80432c79 | 3695 | int TLSX_ValidateQSHScheme(TLSX** extensions, word16 theirs) { |
wolfSSL | 4:1b0d80432c79 | 3696 | TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 4:1b0d80432c79 | 3697 | QSHScheme* format = NULL; |
wolfSSL | 4:1b0d80432c79 | 3698 | |
wolfSSL | 4:1b0d80432c79 | 3699 | /* if no extension is sent then do not use QSH */ |
wolfSSL | 4:1b0d80432c79 | 3700 | if (!extension) { |
wolfSSL | 4:1b0d80432c79 | 3701 | WOLFSSL_MSG("No QSH Extension"); |
wolfSSL | 4:1b0d80432c79 | 3702 | return 0; |
wolfSSL | 4:1b0d80432c79 | 3703 | } |
wolfSSL | 4:1b0d80432c79 | 3704 | |
wolfSSL | 4:1b0d80432c79 | 3705 | for (format = (QSHScheme*)extension->data; format; format = format->next) { |
wolfSSL | 4:1b0d80432c79 | 3706 | if (format->name == theirs) { |
wolfSSL | 4:1b0d80432c79 | 3707 | WOLFSSL_MSG("Found Matching QSH Scheme"); |
wolfSSL | 4:1b0d80432c79 | 3708 | return 1; /* have QSH */ |
wolfSSL | 4:1b0d80432c79 | 3709 | } |
wolfSSL | 4:1b0d80432c79 | 3710 | } |
wolfSSL | 4:1b0d80432c79 | 3711 | |
wolfSSL | 4:1b0d80432c79 | 3712 | return 0; |
wolfSSL | 4:1b0d80432c79 | 3713 | } |
wolfSSL | 4:1b0d80432c79 | 3714 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 4:1b0d80432c79 | 3715 | |
wolfSSL | 4:1b0d80432c79 | 3716 | /* test if the QSH Scheme is implemented |
wolfSSL | 4:1b0d80432c79 | 3717 | return 1 if yes 0 if no */ |
wolfSSL | 4:1b0d80432c79 | 3718 | static int TLSX_HaveQSHScheme(word16 name) |
wolfSSL | 4:1b0d80432c79 | 3719 | { |
wolfSSL | 4:1b0d80432c79 | 3720 | switch(name) { |
wolfSSL | 4:1b0d80432c79 | 3721 | #ifdef HAVE_NTRU |
wolfSSL | 4:1b0d80432c79 | 3722 | case WOLFSSL_NTRU_EESS439: |
wolfSSL | 4:1b0d80432c79 | 3723 | case WOLFSSL_NTRU_EESS593: |
wolfSSL | 4:1b0d80432c79 | 3724 | case WOLFSSL_NTRU_EESS743: |
wolfSSL | 4:1b0d80432c79 | 3725 | return 1; |
wolfSSL | 4:1b0d80432c79 | 3726 | #endif |
wolfSSL | 4:1b0d80432c79 | 3727 | case WOLFSSL_LWE_XXX: |
wolfSSL | 4:1b0d80432c79 | 3728 | case WOLFSSL_HFE_XXX: |
wolfSSL | 4:1b0d80432c79 | 3729 | return 0; /* not supported yet */ |
wolfSSL | 4:1b0d80432c79 | 3730 | |
wolfSSL | 4:1b0d80432c79 | 3731 | default: |
wolfSSL | 4:1b0d80432c79 | 3732 | return 0; |
wolfSSL | 4:1b0d80432c79 | 3733 | } |
wolfSSL | 4:1b0d80432c79 | 3734 | } |
wolfSSL | 4:1b0d80432c79 | 3735 | |
wolfSSL | 4:1b0d80432c79 | 3736 | |
wolfSSL | 4:1b0d80432c79 | 3737 | /* Add a QSHScheme struct to list of usable ones */ |
wolfSSL | 4:1b0d80432c79 | 3738 | int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz) |
wolfSSL | 4:1b0d80432c79 | 3739 | { |
wolfSSL | 4:1b0d80432c79 | 3740 | TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 4:1b0d80432c79 | 3741 | QSHScheme* format = NULL; |
wolfSSL | 4:1b0d80432c79 | 3742 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 3743 | |
wolfSSL | 4:1b0d80432c79 | 3744 | /* sanity check */ |
wolfSSL | 4:1b0d80432c79 | 3745 | if (extensions == NULL || (pKey == NULL && pkeySz != 0)) |
wolfSSL | 4:1b0d80432c79 | 3746 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 3747 | |
wolfSSL | 4:1b0d80432c79 | 3748 | /* if scheme is implemented than add */ |
wolfSSL | 4:1b0d80432c79 | 3749 | if (TLSX_HaveQSHScheme(name)) { |
wolfSSL | 4:1b0d80432c79 | 3750 | if ((ret = TLSX_QSH_Append(&format, name, pKey, pkeySz)) != 0) |
wolfSSL | 4:1b0d80432c79 | 3751 | return ret; |
wolfSSL | 4:1b0d80432c79 | 3752 | |
wolfSSL | 4:1b0d80432c79 | 3753 | if (!extension) { |
wolfSSL | 4:1b0d80432c79 | 3754 | if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format)) |
wolfSSL | 4:1b0d80432c79 | 3755 | != 0) { |
wolfSSL | 4:1b0d80432c79 | 3756 | XFREE(format, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 3757 | return ret; |
wolfSSL | 4:1b0d80432c79 | 3758 | } |
wolfSSL | 4:1b0d80432c79 | 3759 | } |
wolfSSL | 4:1b0d80432c79 | 3760 | else { |
wolfSSL | 4:1b0d80432c79 | 3761 | /* push new QSH object to extension data. */ |
wolfSSL | 4:1b0d80432c79 | 3762 | format->next = (QSHScheme*)extension->data; |
wolfSSL | 4:1b0d80432c79 | 3763 | extension->data = (void*)format; |
wolfSSL | 4:1b0d80432c79 | 3764 | |
wolfSSL | 4:1b0d80432c79 | 3765 | /* look for another format of the same name to remove (replacement) */ |
wolfSSL | 4:1b0d80432c79 | 3766 | do { |
wolfSSL | 4:1b0d80432c79 | 3767 | if (format->next && (format->next->name == name)) { |
wolfSSL | 4:1b0d80432c79 | 3768 | QSHScheme* next = format->next; |
wolfSSL | 4:1b0d80432c79 | 3769 | |
wolfSSL | 4:1b0d80432c79 | 3770 | format->next = next->next; |
wolfSSL | 4:1b0d80432c79 | 3771 | XFREE(next, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 3772 | |
wolfSSL | 4:1b0d80432c79 | 3773 | break; |
wolfSSL | 4:1b0d80432c79 | 3774 | } |
wolfSSL | 4:1b0d80432c79 | 3775 | } while ((format = format->next)); |
wolfSSL | 4:1b0d80432c79 | 3776 | } |
wolfSSL | 4:1b0d80432c79 | 3777 | } |
wolfSSL | 4:1b0d80432c79 | 3778 | return SSL_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 3779 | } |
wolfSSL | 4:1b0d80432c79 | 3780 | |
wolfSSL | 4:1b0d80432c79 | 3781 | #define QSH_FREE_ALL TLSX_QSH_FreeAll |
wolfSSL | 4:1b0d80432c79 | 3782 | #define QSH_VALIDATE_REQUEST TLSX_QSH_ValidateRequest |
wolfSSL | 4:1b0d80432c79 | 3783 | |
wolfSSL | 4:1b0d80432c79 | 3784 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 4:1b0d80432c79 | 3785 | #define QSH_GET_SIZE TLSX_QSH_GetSize |
wolfSSL | 4:1b0d80432c79 | 3786 | #define QSH_WRITE TLSX_QSH_Write |
wolfSSL | 4:1b0d80432c79 | 3787 | #else |
wolfSSL | 4:1b0d80432c79 | 3788 | #define QSH_GET_SIZE(list) 0 |
wolfSSL | 4:1b0d80432c79 | 3789 | #define QSH_WRITE(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 3790 | #endif |
wolfSSL | 4:1b0d80432c79 | 3791 | |
wolfSSL | 4:1b0d80432c79 | 3792 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 3793 | #define QSH_PARSE TLSX_QSH_Parse |
wolfSSL | 4:1b0d80432c79 | 3794 | #else |
wolfSSL | 4:1b0d80432c79 | 3795 | #define QSH_PARSE(a, b, c, d) 0 |
wolfSSL | 4:1b0d80432c79 | 3796 | #endif |
wolfSSL | 4:1b0d80432c79 | 3797 | |
wolfSSL | 4:1b0d80432c79 | 3798 | #define QSHPK_WRITE TLSX_QSHPK_Write |
wolfSSL | 4:1b0d80432c79 | 3799 | #define QSH_SERREQ TLSX_QSH_SerPKReq |
wolfSSL | 4:1b0d80432c79 | 3800 | #else |
wolfSSL | 4:1b0d80432c79 | 3801 | |
wolfSSL | 4:1b0d80432c79 | 3802 | #define QSH_FREE_ALL(list) |
wolfSSL | 4:1b0d80432c79 | 3803 | #define QSH_GET_SIZE(list, a) 0 |
wolfSSL | 4:1b0d80432c79 | 3804 | #define QSH_WRITE(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 3805 | #define QSH_PARSE(a, b, c, d) 0 |
wolfSSL | 4:1b0d80432c79 | 3806 | #define QSHPK_WRITE(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 3807 | #define QSH_SERREQ(a, b) 0 |
wolfSSL | 4:1b0d80432c79 | 3808 | #define QSH_VALIDATE_REQUEST(a, b) |
wolfSSL | 4:1b0d80432c79 | 3809 | |
wolfSSL | 4:1b0d80432c79 | 3810 | #endif /* HAVE_QSH */ |
wolfSSL | 4:1b0d80432c79 | 3811 | |
wolfSSL | 4:1b0d80432c79 | 3812 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 3813 | /* TLS Extensions Framework */ |
wolfSSL | 4:1b0d80432c79 | 3814 | /******************************************************************************/ |
wolfSSL | 4:1b0d80432c79 | 3815 | |
wolfSSL | 4:1b0d80432c79 | 3816 | /** Finds an extension in the provided list. */ |
wolfSSL | 4:1b0d80432c79 | 3817 | TLSX* TLSX_Find(TLSX* list, TLSX_Type type) |
wolfSSL | 4:1b0d80432c79 | 3818 | { |
wolfSSL | 4:1b0d80432c79 | 3819 | TLSX* extension = list; |
wolfSSL | 4:1b0d80432c79 | 3820 | |
wolfSSL | 4:1b0d80432c79 | 3821 | while (extension && extension->type != type) |
wolfSSL | 4:1b0d80432c79 | 3822 | extension = extension->next; |
wolfSSL | 4:1b0d80432c79 | 3823 | |
wolfSSL | 4:1b0d80432c79 | 3824 | return extension; |
wolfSSL | 4:1b0d80432c79 | 3825 | } |
wolfSSL | 4:1b0d80432c79 | 3826 | |
wolfSSL | 4:1b0d80432c79 | 3827 | /** Releases all extensions in the provided list. */ |
wolfSSL | 4:1b0d80432c79 | 3828 | void TLSX_FreeAll(TLSX* list) |
wolfSSL | 4:1b0d80432c79 | 3829 | { |
wolfSSL | 4:1b0d80432c79 | 3830 | TLSX* extension; |
wolfSSL | 4:1b0d80432c79 | 3831 | |
wolfSSL | 4:1b0d80432c79 | 3832 | while ((extension = list)) { |
wolfSSL | 4:1b0d80432c79 | 3833 | list = extension->next; |
wolfSSL | 4:1b0d80432c79 | 3834 | |
wolfSSL | 4:1b0d80432c79 | 3835 | switch (extension->type) { |
wolfSSL | 4:1b0d80432c79 | 3836 | |
wolfSSL | 4:1b0d80432c79 | 3837 | case TLSX_SERVER_NAME: |
wolfSSL | 4:1b0d80432c79 | 3838 | SNI_FREE_ALL((SNI*)extension->data); |
wolfSSL | 4:1b0d80432c79 | 3839 | break; |
wolfSSL | 4:1b0d80432c79 | 3840 | |
wolfSSL | 4:1b0d80432c79 | 3841 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 4:1b0d80432c79 | 3842 | MFL_FREE_ALL(extension->data); |
wolfSSL | 4:1b0d80432c79 | 3843 | break; |
wolfSSL | 4:1b0d80432c79 | 3844 | |
wolfSSL | 4:1b0d80432c79 | 3845 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 4:1b0d80432c79 | 3846 | /* Nothing to do. */ |
wolfSSL | 4:1b0d80432c79 | 3847 | break; |
wolfSSL | 4:1b0d80432c79 | 3848 | |
wolfSSL | 4:1b0d80432c79 | 3849 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 4:1b0d80432c79 | 3850 | EC_FREE_ALL(extension->data); |
wolfSSL | 4:1b0d80432c79 | 3851 | break; |
wolfSSL | 4:1b0d80432c79 | 3852 | |
wolfSSL | 4:1b0d80432c79 | 3853 | case TLSX_STATUS_REQUEST: |
wolfSSL | 4:1b0d80432c79 | 3854 | CSR_FREE_ALL(extension->data); |
wolfSSL | 4:1b0d80432c79 | 3855 | break; |
wolfSSL | 4:1b0d80432c79 | 3856 | |
wolfSSL | 4:1b0d80432c79 | 3857 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 4:1b0d80432c79 | 3858 | CSR2_FREE_ALL(extension->data); |
wolfSSL | 4:1b0d80432c79 | 3859 | break; |
wolfSSL | 4:1b0d80432c79 | 3860 | |
wolfSSL | 4:1b0d80432c79 | 3861 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 4:1b0d80432c79 | 3862 | SCR_FREE_ALL(extension->data); |
wolfSSL | 4:1b0d80432c79 | 3863 | break; |
wolfSSL | 4:1b0d80432c79 | 3864 | |
wolfSSL | 4:1b0d80432c79 | 3865 | case TLSX_SESSION_TICKET: |
wolfSSL | 4:1b0d80432c79 | 3866 | /* Nothing to do. */ |
wolfSSL | 4:1b0d80432c79 | 3867 | break; |
wolfSSL | 4:1b0d80432c79 | 3868 | |
wolfSSL | 4:1b0d80432c79 | 3869 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 4:1b0d80432c79 | 3870 | QSH_FREE_ALL((QSHScheme*)extension->data); |
wolfSSL | 4:1b0d80432c79 | 3871 | break; |
wolfSSL | 4:1b0d80432c79 | 3872 | |
wolfSSL | 4:1b0d80432c79 | 3873 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 4:1b0d80432c79 | 3874 | ALPN_FREE_ALL((ALPN*)extension->data); |
wolfSSL | 4:1b0d80432c79 | 3875 | break; |
wolfSSL | 4:1b0d80432c79 | 3876 | } |
wolfSSL | 4:1b0d80432c79 | 3877 | |
wolfSSL | 4:1b0d80432c79 | 3878 | XFREE(extension, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 4:1b0d80432c79 | 3879 | } |
wolfSSL | 4:1b0d80432c79 | 3880 | } |
wolfSSL | 4:1b0d80432c79 | 3881 | |
wolfSSL | 4:1b0d80432c79 | 3882 | /** Checks if the tls extensions are supported based on the protocol version. */ |
wolfSSL | 4:1b0d80432c79 | 3883 | int TLSX_SupportExtensions(WOLFSSL* ssl) { |
wolfSSL | 4:1b0d80432c79 | 3884 | return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR); |
wolfSSL | 4:1b0d80432c79 | 3885 | } |
wolfSSL | 4:1b0d80432c79 | 3886 | |
wolfSSL | 4:1b0d80432c79 | 3887 | /** Tells the buffered size of the extensions in a list. */ |
wolfSSL | 4:1b0d80432c79 | 3888 | static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 3889 | { |
wolfSSL | 4:1b0d80432c79 | 3890 | TLSX* extension; |
wolfSSL | 4:1b0d80432c79 | 3891 | word16 length = 0; |
wolfSSL | 4:1b0d80432c79 | 3892 | |
wolfSSL | 4:1b0d80432c79 | 3893 | while ((extension = list)) { |
wolfSSL | 4:1b0d80432c79 | 3894 | list = extension->next; |
wolfSSL | 4:1b0d80432c79 | 3895 | |
wolfSSL | 4:1b0d80432c79 | 3896 | /* only extensions marked as response are sent back to the client. */ |
wolfSSL | 4:1b0d80432c79 | 3897 | if (!isRequest && !extension->resp) |
wolfSSL | 4:1b0d80432c79 | 3898 | continue; /* skip! */ |
wolfSSL | 4:1b0d80432c79 | 3899 | |
wolfSSL | 4:1b0d80432c79 | 3900 | /* ssl level extensions are expected to override ctx level ones. */ |
wolfSSL | 4:1b0d80432c79 | 3901 | if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) |
wolfSSL | 4:1b0d80432c79 | 3902 | continue; /* skip! */ |
wolfSSL | 4:1b0d80432c79 | 3903 | |
wolfSSL | 4:1b0d80432c79 | 3904 | /* extension type + extension data length. */ |
wolfSSL | 4:1b0d80432c79 | 3905 | length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3906 | |
wolfSSL | 4:1b0d80432c79 | 3907 | |
wolfSSL | 4:1b0d80432c79 | 3908 | switch (extension->type) { |
wolfSSL | 4:1b0d80432c79 | 3909 | |
wolfSSL | 4:1b0d80432c79 | 3910 | case TLSX_SERVER_NAME: |
wolfSSL | 4:1b0d80432c79 | 3911 | /* SNI only sends the name on the request. */ |
wolfSSL | 4:1b0d80432c79 | 3912 | if (isRequest) |
wolfSSL | 4:1b0d80432c79 | 3913 | length += SNI_GET_SIZE(extension->data); |
wolfSSL | 4:1b0d80432c79 | 3914 | break; |
wolfSSL | 4:1b0d80432c79 | 3915 | |
wolfSSL | 4:1b0d80432c79 | 3916 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 4:1b0d80432c79 | 3917 | length += MFL_GET_SIZE(extension->data); |
wolfSSL | 4:1b0d80432c79 | 3918 | break; |
wolfSSL | 4:1b0d80432c79 | 3919 | |
wolfSSL | 4:1b0d80432c79 | 3920 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 4:1b0d80432c79 | 3921 | /* always empty. */ |
wolfSSL | 4:1b0d80432c79 | 3922 | break; |
wolfSSL | 4:1b0d80432c79 | 3923 | |
wolfSSL | 4:1b0d80432c79 | 3924 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 4:1b0d80432c79 | 3925 | length += EC_GET_SIZE(extension->data); |
wolfSSL | 4:1b0d80432c79 | 3926 | break; |
wolfSSL | 4:1b0d80432c79 | 3927 | |
wolfSSL | 4:1b0d80432c79 | 3928 | case TLSX_STATUS_REQUEST: |
wolfSSL | 4:1b0d80432c79 | 3929 | length += CSR_GET_SIZE(extension->data, isRequest); |
wolfSSL | 4:1b0d80432c79 | 3930 | break; |
wolfSSL | 4:1b0d80432c79 | 3931 | |
wolfSSL | 4:1b0d80432c79 | 3932 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 4:1b0d80432c79 | 3933 | length += CSR2_GET_SIZE(extension->data, isRequest); |
wolfSSL | 4:1b0d80432c79 | 3934 | break; |
wolfSSL | 4:1b0d80432c79 | 3935 | |
wolfSSL | 4:1b0d80432c79 | 3936 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 4:1b0d80432c79 | 3937 | length += SCR_GET_SIZE(extension->data, isRequest); |
wolfSSL | 4:1b0d80432c79 | 3938 | break; |
wolfSSL | 4:1b0d80432c79 | 3939 | |
wolfSSL | 4:1b0d80432c79 | 3940 | case TLSX_SESSION_TICKET: |
wolfSSL | 4:1b0d80432c79 | 3941 | length += STK_GET_SIZE(extension->data, isRequest); |
wolfSSL | 4:1b0d80432c79 | 3942 | break; |
wolfSSL | 4:1b0d80432c79 | 3943 | |
wolfSSL | 4:1b0d80432c79 | 3944 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 4:1b0d80432c79 | 3945 | length += QSH_GET_SIZE((QSHScheme*)extension->data, isRequest); |
wolfSSL | 4:1b0d80432c79 | 3946 | break; |
wolfSSL | 4:1b0d80432c79 | 3947 | |
wolfSSL | 4:1b0d80432c79 | 3948 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 4:1b0d80432c79 | 3949 | length += ALPN_GET_SIZE(extension->data); |
wolfSSL | 4:1b0d80432c79 | 3950 | break; |
wolfSSL | 4:1b0d80432c79 | 3951 | |
wolfSSL | 4:1b0d80432c79 | 3952 | } |
wolfSSL | 4:1b0d80432c79 | 3953 | |
wolfSSL | 4:1b0d80432c79 | 3954 | /* marks the extension as processed so ctx level */ |
wolfSSL | 4:1b0d80432c79 | 3955 | /* extensions don't overlap with ssl level ones. */ |
wolfSSL | 4:1b0d80432c79 | 3956 | TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); |
wolfSSL | 4:1b0d80432c79 | 3957 | } |
wolfSSL | 4:1b0d80432c79 | 3958 | |
wolfSSL | 4:1b0d80432c79 | 3959 | return length; |
wolfSSL | 4:1b0d80432c79 | 3960 | } |
wolfSSL | 4:1b0d80432c79 | 3961 | |
wolfSSL | 4:1b0d80432c79 | 3962 | /** Writes the extensions of a list in a buffer. */ |
wolfSSL | 4:1b0d80432c79 | 3963 | static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, |
wolfSSL | 4:1b0d80432c79 | 3964 | byte isRequest) |
wolfSSL | 4:1b0d80432c79 | 3965 | { |
wolfSSL | 4:1b0d80432c79 | 3966 | TLSX* extension; |
wolfSSL | 4:1b0d80432c79 | 3967 | word16 offset = 0; |
wolfSSL | 4:1b0d80432c79 | 3968 | word16 length_offset = 0; |
wolfSSL | 4:1b0d80432c79 | 3969 | |
wolfSSL | 4:1b0d80432c79 | 3970 | while ((extension = list)) { |
wolfSSL | 4:1b0d80432c79 | 3971 | list = extension->next; |
wolfSSL | 4:1b0d80432c79 | 3972 | |
wolfSSL | 4:1b0d80432c79 | 3973 | /* only extensions marked as response are written in a response. */ |
wolfSSL | 4:1b0d80432c79 | 3974 | if (!isRequest && !extension->resp) |
wolfSSL | 4:1b0d80432c79 | 3975 | continue; /* skip! */ |
wolfSSL | 4:1b0d80432c79 | 3976 | |
wolfSSL | 4:1b0d80432c79 | 3977 | /* ssl level extensions are expected to override ctx level ones. */ |
wolfSSL | 4:1b0d80432c79 | 3978 | if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) |
wolfSSL | 4:1b0d80432c79 | 3979 | continue; /* skip! */ |
wolfSSL | 4:1b0d80432c79 | 3980 | |
wolfSSL | 4:1b0d80432c79 | 3981 | /* writes extension type. */ |
wolfSSL | 4:1b0d80432c79 | 3982 | c16toa(extension->type, output + offset); |
wolfSSL | 4:1b0d80432c79 | 3983 | offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 3984 | length_offset = offset; |
wolfSSL | 4:1b0d80432c79 | 3985 | |
wolfSSL | 4:1b0d80432c79 | 3986 | /* extension data should be written internally. */ |
wolfSSL | 4:1b0d80432c79 | 3987 | switch (extension->type) { |
wolfSSL | 4:1b0d80432c79 | 3988 | case TLSX_SERVER_NAME: |
wolfSSL | 4:1b0d80432c79 | 3989 | if (isRequest) |
wolfSSL | 4:1b0d80432c79 | 3990 | offset += SNI_WRITE(extension->data, output + offset); |
wolfSSL | 4:1b0d80432c79 | 3991 | break; |
wolfSSL | 4:1b0d80432c79 | 3992 | |
wolfSSL | 4:1b0d80432c79 | 3993 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 4:1b0d80432c79 | 3994 | offset += MFL_WRITE(extension->data, output + offset); |
wolfSSL | 4:1b0d80432c79 | 3995 | break; |
wolfSSL | 4:1b0d80432c79 | 3996 | |
wolfSSL | 4:1b0d80432c79 | 3997 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 4:1b0d80432c79 | 3998 | /* always empty. */ |
wolfSSL | 4:1b0d80432c79 | 3999 | break; |
wolfSSL | 4:1b0d80432c79 | 4000 | |
wolfSSL | 4:1b0d80432c79 | 4001 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 4:1b0d80432c79 | 4002 | offset += EC_WRITE(extension->data, output + offset); |
wolfSSL | 4:1b0d80432c79 | 4003 | break; |
wolfSSL | 4:1b0d80432c79 | 4004 | |
wolfSSL | 4:1b0d80432c79 | 4005 | case TLSX_STATUS_REQUEST: |
wolfSSL | 4:1b0d80432c79 | 4006 | offset += CSR_WRITE(extension->data, output + offset, |
wolfSSL | 4:1b0d80432c79 | 4007 | isRequest); |
wolfSSL | 4:1b0d80432c79 | 4008 | break; |
wolfSSL | 4:1b0d80432c79 | 4009 | |
wolfSSL | 4:1b0d80432c79 | 4010 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 4:1b0d80432c79 | 4011 | offset += CSR2_WRITE(extension->data, output + offset, |
wolfSSL | 4:1b0d80432c79 | 4012 | isRequest); |
wolfSSL | 4:1b0d80432c79 | 4013 | break; |
wolfSSL | 4:1b0d80432c79 | 4014 | |
wolfSSL | 4:1b0d80432c79 | 4015 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 4:1b0d80432c79 | 4016 | offset += SCR_WRITE(extension->data, output + offset, |
wolfSSL | 4:1b0d80432c79 | 4017 | isRequest); |
wolfSSL | 4:1b0d80432c79 | 4018 | break; |
wolfSSL | 4:1b0d80432c79 | 4019 | |
wolfSSL | 4:1b0d80432c79 | 4020 | case TLSX_SESSION_TICKET: |
wolfSSL | 4:1b0d80432c79 | 4021 | offset += STK_WRITE(extension->data, output + offset, |
wolfSSL | 4:1b0d80432c79 | 4022 | isRequest); |
wolfSSL | 4:1b0d80432c79 | 4023 | break; |
wolfSSL | 4:1b0d80432c79 | 4024 | |
wolfSSL | 4:1b0d80432c79 | 4025 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 4:1b0d80432c79 | 4026 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 4027 | offset += QSH_WRITE((QSHScheme*)extension->data, output + offset); |
wolfSSL | 4:1b0d80432c79 | 4028 | } |
wolfSSL | 4:1b0d80432c79 | 4029 | offset += QSHPK_WRITE((QSHScheme*)extension->data, output + offset); |
wolfSSL | 4:1b0d80432c79 | 4030 | offset += QSH_SERREQ(output + offset, isRequest); |
wolfSSL | 4:1b0d80432c79 | 4031 | break; |
wolfSSL | 4:1b0d80432c79 | 4032 | |
wolfSSL | 4:1b0d80432c79 | 4033 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 4:1b0d80432c79 | 4034 | offset += ALPN_WRITE(extension->data, output + offset); |
wolfSSL | 4:1b0d80432c79 | 4035 | break; |
wolfSSL | 4:1b0d80432c79 | 4036 | } |
wolfSSL | 4:1b0d80432c79 | 4037 | |
wolfSSL | 4:1b0d80432c79 | 4038 | /* writes extension data length. */ |
wolfSSL | 4:1b0d80432c79 | 4039 | c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN); |
wolfSSL | 4:1b0d80432c79 | 4040 | |
wolfSSL | 4:1b0d80432c79 | 4041 | /* marks the extension as processed so ctx level */ |
wolfSSL | 4:1b0d80432c79 | 4042 | /* extensions don't overlap with ssl level ones. */ |
wolfSSL | 4:1b0d80432c79 | 4043 | TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); |
wolfSSL | 4:1b0d80432c79 | 4044 | } |
wolfSSL | 4:1b0d80432c79 | 4045 | |
wolfSSL | 4:1b0d80432c79 | 4046 | return offset; |
wolfSSL | 4:1b0d80432c79 | 4047 | } |
wolfSSL | 4:1b0d80432c79 | 4048 | |
wolfSSL | 4:1b0d80432c79 | 4049 | |
wolfSSL | 4:1b0d80432c79 | 4050 | #ifdef HAVE_NTRU |
wolfSSL | 4:1b0d80432c79 | 4051 | |
wolfSSL | 4:1b0d80432c79 | 4052 | static word32 GetEntropy(unsigned char* out, word32 num_bytes) |
wolfSSL | 4:1b0d80432c79 | 4053 | { |
wolfSSL | 4:1b0d80432c79 | 4054 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 4055 | |
wolfSSL | 4:1b0d80432c79 | 4056 | if (rng == NULL) { |
wolfSSL | 4:1b0d80432c79 | 4057 | if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, |
wolfSSL | 4:1b0d80432c79 | 4058 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 4:1b0d80432c79 | 4059 | return DRBG_OUT_OF_MEMORY; |
wolfSSL | 4:1b0d80432c79 | 4060 | wc_InitRng(rng); |
wolfSSL | 4:1b0d80432c79 | 4061 | } |
wolfSSL | 4:1b0d80432c79 | 4062 | |
wolfSSL | 4:1b0d80432c79 | 4063 | if (rngMutex == NULL) { |
wolfSSL | 4:1b0d80432c79 | 4064 | if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL, |
wolfSSL | 4:1b0d80432c79 | 4065 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 4:1b0d80432c79 | 4066 | return DRBG_OUT_OF_MEMORY; |
wolfSSL | 4:1b0d80432c79 | 4067 | InitMutex(rngMutex); |
wolfSSL | 4:1b0d80432c79 | 4068 | } |
wolfSSL | 4:1b0d80432c79 | 4069 | |
wolfSSL | 4:1b0d80432c79 | 4070 | ret |= LockMutex(rngMutex); |
wolfSSL | 4:1b0d80432c79 | 4071 | ret |= wc_RNG_GenerateBlock(rng, out, num_bytes); |
wolfSSL | 4:1b0d80432c79 | 4072 | ret |= UnLockMutex(rngMutex); |
wolfSSL | 4:1b0d80432c79 | 4073 | |
wolfSSL | 4:1b0d80432c79 | 4074 | if (ret != 0) |
wolfSSL | 4:1b0d80432c79 | 4075 | return DRBG_ENTROPY_FAIL; |
wolfSSL | 4:1b0d80432c79 | 4076 | |
wolfSSL | 4:1b0d80432c79 | 4077 | return DRBG_OK; |
wolfSSL | 4:1b0d80432c79 | 4078 | } |
wolfSSL | 4:1b0d80432c79 | 4079 | #endif |
wolfSSL | 4:1b0d80432c79 | 4080 | |
wolfSSL | 4:1b0d80432c79 | 4081 | |
wolfSSL | 4:1b0d80432c79 | 4082 | #ifdef HAVE_QSH |
wolfSSL | 4:1b0d80432c79 | 4083 | static int TLSX_CreateQSHKey(WOLFSSL* ssl, int type) |
wolfSSL | 4:1b0d80432c79 | 4084 | { |
wolfSSL | 4:1b0d80432c79 | 4085 | int ret; |
wolfSSL | 4:1b0d80432c79 | 4086 | |
wolfSSL | 4:1b0d80432c79 | 4087 | switch (type) { |
wolfSSL | 4:1b0d80432c79 | 4088 | #ifdef HAVE_NTRU |
wolfSSL | 4:1b0d80432c79 | 4089 | case WOLFSSL_NTRU_EESS439: |
wolfSSL | 4:1b0d80432c79 | 4090 | case WOLFSSL_NTRU_EESS593: |
wolfSSL | 4:1b0d80432c79 | 4091 | case WOLFSSL_NTRU_EESS743: |
wolfSSL | 4:1b0d80432c79 | 4092 | ret = TLSX_CreateNtruKey(ssl, type); |
wolfSSL | 4:1b0d80432c79 | 4093 | break; |
wolfSSL | 4:1b0d80432c79 | 4094 | #endif |
wolfSSL | 4:1b0d80432c79 | 4095 | default: |
wolfSSL | 4:1b0d80432c79 | 4096 | WOLFSSL_MSG("Unknown type for creating NTRU key"); |
wolfSSL | 4:1b0d80432c79 | 4097 | return -1; |
wolfSSL | 4:1b0d80432c79 | 4098 | } |
wolfSSL | 4:1b0d80432c79 | 4099 | |
wolfSSL | 4:1b0d80432c79 | 4100 | return ret; |
wolfSSL | 4:1b0d80432c79 | 4101 | } |
wolfSSL | 4:1b0d80432c79 | 4102 | |
wolfSSL | 4:1b0d80432c79 | 4103 | |
wolfSSL | 4:1b0d80432c79 | 4104 | static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key) |
wolfSSL | 4:1b0d80432c79 | 4105 | { |
wolfSSL | 4:1b0d80432c79 | 4106 | QSHKey* current; |
wolfSSL | 4:1b0d80432c79 | 4107 | |
wolfSSL | 4:1b0d80432c79 | 4108 | if (key == NULL) |
wolfSSL | 4:1b0d80432c79 | 4109 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 4110 | |
wolfSSL | 4:1b0d80432c79 | 4111 | /* if no public key stored in key then do not add */ |
wolfSSL | 4:1b0d80432c79 | 4112 | if (key->pub.length == 0 || key->pub.buffer == NULL) |
wolfSSL | 4:1b0d80432c79 | 4113 | return 0; |
wolfSSL | 4:1b0d80432c79 | 4114 | |
wolfSSL | 4:1b0d80432c79 | 4115 | /* first element to be added to the list */ |
wolfSSL | 4:1b0d80432c79 | 4116 | current = *list; |
wolfSSL | 4:1b0d80432c79 | 4117 | if (current == NULL) { |
wolfSSL | 4:1b0d80432c79 | 4118 | *list = key; |
wolfSSL | 4:1b0d80432c79 | 4119 | return 0; |
wolfSSL | 4:1b0d80432c79 | 4120 | } |
wolfSSL | 4:1b0d80432c79 | 4121 | |
wolfSSL | 4:1b0d80432c79 | 4122 | while (current->next) { |
wolfSSL | 4:1b0d80432c79 | 4123 | /* can only have one of the key in the list */ |
wolfSSL | 4:1b0d80432c79 | 4124 | if (current->name == key->name) |
wolfSSL | 4:1b0d80432c79 | 4125 | return -1; |
wolfSSL | 4:1b0d80432c79 | 4126 | current = (QSHKey*)current->next; |
wolfSSL | 4:1b0d80432c79 | 4127 | } |
wolfSSL | 4:1b0d80432c79 | 4128 | |
wolfSSL | 4:1b0d80432c79 | 4129 | current->next = (struct QSHKey*)key; |
wolfSSL | 4:1b0d80432c79 | 4130 | |
wolfSSL | 4:1b0d80432c79 | 4131 | return 0; |
wolfSSL | 4:1b0d80432c79 | 4132 | } |
wolfSSL | 4:1b0d80432c79 | 4133 | |
wolfSSL | 4:1b0d80432c79 | 4134 | |
wolfSSL | 4:1b0d80432c79 | 4135 | #ifdef HAVE_NTRU |
wolfSSL | 4:1b0d80432c79 | 4136 | int TLSX_CreateNtruKey(WOLFSSL* ssl, int type) |
wolfSSL | 4:1b0d80432c79 | 4137 | { |
wolfSSL | 4:1b0d80432c79 | 4138 | int ret; |
wolfSSL | 4:1b0d80432c79 | 4139 | int ntruType; |
wolfSSL | 4:1b0d80432c79 | 4140 | |
wolfSSL | 4:1b0d80432c79 | 4141 | /* variable declarations for NTRU*/ |
wolfSSL | 4:1b0d80432c79 | 4142 | QSHKey* temp = NULL; |
wolfSSL | 4:1b0d80432c79 | 4143 | byte public_key[1027]; |
wolfSSL | 4:1b0d80432c79 | 4144 | word16 public_key_len = sizeof(public_key); |
wolfSSL | 4:1b0d80432c79 | 4145 | byte private_key[1120]; |
wolfSSL | 4:1b0d80432c79 | 4146 | word16 private_key_len = sizeof(private_key); |
wolfSSL | 4:1b0d80432c79 | 4147 | DRBG_HANDLE drbg; |
wolfSSL | 4:1b0d80432c79 | 4148 | |
wolfSSL | 4:1b0d80432c79 | 4149 | if (ssl == NULL) |
wolfSSL | 4:1b0d80432c79 | 4150 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 4151 | |
wolfSSL | 4:1b0d80432c79 | 4152 | switch (type) { |
wolfSSL | 4:1b0d80432c79 | 4153 | case WOLFSSL_NTRU_EESS439: |
wolfSSL | 4:1b0d80432c79 | 4154 | ntruType = NTRU_EES439EP1; |
wolfSSL | 4:1b0d80432c79 | 4155 | break; |
wolfSSL | 4:1b0d80432c79 | 4156 | case WOLFSSL_NTRU_EESS593: |
wolfSSL | 4:1b0d80432c79 | 4157 | ntruType = NTRU_EES593EP1; |
wolfSSL | 4:1b0d80432c79 | 4158 | break; |
wolfSSL | 4:1b0d80432c79 | 4159 | case WOLFSSL_NTRU_EESS743: |
wolfSSL | 4:1b0d80432c79 | 4160 | ntruType = NTRU_EES743EP1; |
wolfSSL | 4:1b0d80432c79 | 4161 | break; |
wolfSSL | 4:1b0d80432c79 | 4162 | default: |
wolfSSL | 4:1b0d80432c79 | 4163 | WOLFSSL_MSG("Unknown type for creating NTRU key"); |
wolfSSL | 4:1b0d80432c79 | 4164 | return -1; |
wolfSSL | 4:1b0d80432c79 | 4165 | } |
wolfSSL | 4:1b0d80432c79 | 4166 | ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg); |
wolfSSL | 4:1b0d80432c79 | 4167 | if (ret != DRBG_OK) { |
wolfSSL | 4:1b0d80432c79 | 4168 | WOLFSSL_MSG("NTRU drbg instantiate failed\n"); |
wolfSSL | 4:1b0d80432c79 | 4169 | return ret; |
wolfSSL | 4:1b0d80432c79 | 4170 | } |
wolfSSL | 4:1b0d80432c79 | 4171 | |
wolfSSL | 4:1b0d80432c79 | 4172 | if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType, |
wolfSSL | 4:1b0d80432c79 | 4173 | &public_key_len, NULL, &private_key_len, NULL)) != NTRU_OK) |
wolfSSL | 4:1b0d80432c79 | 4174 | return ret; |
wolfSSL | 4:1b0d80432c79 | 4175 | |
wolfSSL | 4:1b0d80432c79 | 4176 | if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType, |
wolfSSL | 4:1b0d80432c79 | 4177 | &public_key_len, public_key, &private_key_len, private_key)) != NTRU_OK) |
wolfSSL | 4:1b0d80432c79 | 4178 | return ret; |
wolfSSL | 4:1b0d80432c79 | 4179 | |
wolfSSL | 4:1b0d80432c79 | 4180 | ret = ntru_crypto_drbg_uninstantiate(drbg); |
wolfSSL | 4:1b0d80432c79 | 4181 | if (ret != NTRU_OK) { |
wolfSSL | 4:1b0d80432c79 | 4182 | WOLFSSL_MSG("NTRU drbg uninstantiate failed\n"); |
wolfSSL | 4:1b0d80432c79 | 4183 | return ret; |
wolfSSL | 4:1b0d80432c79 | 4184 | } |
wolfSSL | 4:1b0d80432c79 | 4185 | |
wolfSSL | 4:1b0d80432c79 | 4186 | if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), NULL, |
wolfSSL | 4:1b0d80432c79 | 4187 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 4:1b0d80432c79 | 4188 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 4189 | temp->name = type; |
wolfSSL | 4:1b0d80432c79 | 4190 | temp->pub.length = public_key_len; |
wolfSSL | 4:1b0d80432c79 | 4191 | temp->pub.buffer = (byte*)XMALLOC(public_key_len, public_key, |
wolfSSL | 4:1b0d80432c79 | 4192 | DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 4:1b0d80432c79 | 4193 | XMEMCPY(temp->pub.buffer, public_key, public_key_len); |
wolfSSL | 4:1b0d80432c79 | 4194 | temp->pri.length = private_key_len; |
wolfSSL | 4:1b0d80432c79 | 4195 | temp->pri.buffer = (byte*)XMALLOC(private_key_len, private_key, |
wolfSSL | 4:1b0d80432c79 | 4196 | DYNAMIC_TYPE_ARRAYS); |
wolfSSL | 4:1b0d80432c79 | 4197 | XMEMCPY(temp->pri.buffer, private_key, private_key_len); |
wolfSSL | 4:1b0d80432c79 | 4198 | temp->next = NULL; |
wolfSSL | 4:1b0d80432c79 | 4199 | |
wolfSSL | 4:1b0d80432c79 | 4200 | TLSX_AddQSHKey(&ssl->QSH_Key, temp); |
wolfSSL | 4:1b0d80432c79 | 4201 | |
wolfSSL | 4:1b0d80432c79 | 4202 | return ret; |
wolfSSL | 4:1b0d80432c79 | 4203 | } |
wolfSSL | 4:1b0d80432c79 | 4204 | #endif |
wolfSSL | 4:1b0d80432c79 | 4205 | |
wolfSSL | 4:1b0d80432c79 | 4206 | |
wolfSSL | 4:1b0d80432c79 | 4207 | /* |
wolfSSL | 4:1b0d80432c79 | 4208 | Used to find a public key from the list of keys |
wolfSSL | 4:1b0d80432c79 | 4209 | pubLen length of array |
wolfSSL | 4:1b0d80432c79 | 4210 | name input the name of the scheme looking for ie WOLFSSL_NTRU_ESSXXX |
wolfSSL | 4:1b0d80432c79 | 4211 | |
wolfSSL | 4:1b0d80432c79 | 4212 | returns a pointer to public key byte* or NULL if not found |
wolfSSL | 4:1b0d80432c79 | 4213 | */ |
wolfSSL | 4:1b0d80432c79 | 4214 | static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name) |
wolfSSL | 4:1b0d80432c79 | 4215 | { |
wolfSSL | 4:1b0d80432c79 | 4216 | QSHKey* current = qsh; |
wolfSSL | 4:1b0d80432c79 | 4217 | |
wolfSSL | 4:1b0d80432c79 | 4218 | if (qsh == NULL || pubLen == NULL) |
wolfSSL | 4:1b0d80432c79 | 4219 | return NULL; |
wolfSSL | 4:1b0d80432c79 | 4220 | |
wolfSSL | 4:1b0d80432c79 | 4221 | *pubLen = 0; |
wolfSSL | 4:1b0d80432c79 | 4222 | |
wolfSSL | 4:1b0d80432c79 | 4223 | while(current) { |
wolfSSL | 4:1b0d80432c79 | 4224 | if (current->name == name) { |
wolfSSL | 4:1b0d80432c79 | 4225 | *pubLen = current->pub.length; |
wolfSSL | 4:1b0d80432c79 | 4226 | return current->pub.buffer; |
wolfSSL | 4:1b0d80432c79 | 4227 | } |
wolfSSL | 4:1b0d80432c79 | 4228 | current = (QSHKey*)current->next; |
wolfSSL | 4:1b0d80432c79 | 4229 | } |
wolfSSL | 4:1b0d80432c79 | 4230 | |
wolfSSL | 4:1b0d80432c79 | 4231 | return NULL; |
wolfSSL | 4:1b0d80432c79 | 4232 | } |
wolfSSL | 4:1b0d80432c79 | 4233 | #endif /* HAVE_QSH */ |
wolfSSL | 4:1b0d80432c79 | 4234 | |
wolfSSL | 4:1b0d80432c79 | 4235 | |
wolfSSL | 4:1b0d80432c79 | 4236 | int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) |
wolfSSL | 4:1b0d80432c79 | 4237 | { |
wolfSSL | 4:1b0d80432c79 | 4238 | byte* public_key = NULL; |
wolfSSL | 4:1b0d80432c79 | 4239 | word16 public_key_len = 0; |
wolfSSL | 4:1b0d80432c79 | 4240 | #ifdef HAVE_QSH |
wolfSSL | 4:1b0d80432c79 | 4241 | TLSX* extension; |
wolfSSL | 4:1b0d80432c79 | 4242 | QSHScheme* qsh; |
wolfSSL | 4:1b0d80432c79 | 4243 | QSHScheme* next; |
wolfSSL | 4:1b0d80432c79 | 4244 | #endif |
wolfSSL | 4:1b0d80432c79 | 4245 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 4246 | |
wolfSSL | 4:1b0d80432c79 | 4247 | #ifdef HAVE_QSH |
wolfSSL | 4:1b0d80432c79 | 4248 | /* add supported QSHSchemes */ |
wolfSSL | 4:1b0d80432c79 | 4249 | WOLFSSL_MSG("Adding supported QSH Schemes"); |
wolfSSL | 4:1b0d80432c79 | 4250 | |
wolfSSL | 4:1b0d80432c79 | 4251 | /* server will add extension depending on whats parsed from client */ |
wolfSSL | 4:1b0d80432c79 | 4252 | if (!isServer) { |
wolfSSL | 4:1b0d80432c79 | 4253 | |
wolfSSL | 4:1b0d80432c79 | 4254 | /* test if user has set a specific scheme already */ |
wolfSSL | 4:1b0d80432c79 | 4255 | if (!ssl->user_set_QSHSchemes) { |
wolfSSL | 4:1b0d80432c79 | 4256 | if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) { |
wolfSSL | 4:1b0d80432c79 | 4257 | if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS743)) != 0) { |
wolfSSL | 4:1b0d80432c79 | 4258 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 4:1b0d80432c79 | 4259 | return ret; |
wolfSSL | 4:1b0d80432c79 | 4260 | } |
wolfSSL | 4:1b0d80432c79 | 4261 | if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS593)) != 0) { |
wolfSSL | 4:1b0d80432c79 | 4262 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 4:1b0d80432c79 | 4263 | return ret; |
wolfSSL | 4:1b0d80432c79 | 4264 | } |
wolfSSL | 4:1b0d80432c79 | 4265 | if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS439)) != 0) { |
wolfSSL | 4:1b0d80432c79 | 4266 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 4:1b0d80432c79 | 4267 | return ret; |
wolfSSL | 4:1b0d80432c79 | 4268 | } |
wolfSSL | 4:1b0d80432c79 | 4269 | |
wolfSSL | 4:1b0d80432c79 | 4270 | /* add NTRU 256 */ |
wolfSSL | 4:1b0d80432c79 | 4271 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 4:1b0d80432c79 | 4272 | &public_key_len, WOLFSSL_NTRU_EESS743); |
wolfSSL | 4:1b0d80432c79 | 4273 | } |
wolfSSL | 4:1b0d80432c79 | 4274 | if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS743, |
wolfSSL | 4:1b0d80432c79 | 4275 | public_key, public_key_len) != SSL_SUCCESS) |
wolfSSL | 4:1b0d80432c79 | 4276 | ret = -1; |
wolfSSL | 4:1b0d80432c79 | 4277 | |
wolfSSL | 4:1b0d80432c79 | 4278 | /* add NTRU 196 */ |
wolfSSL | 4:1b0d80432c79 | 4279 | if (ssl->sendQSHKeys) { |
wolfSSL | 4:1b0d80432c79 | 4280 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 4:1b0d80432c79 | 4281 | &public_key_len, WOLFSSL_NTRU_EESS593); |
wolfSSL | 4:1b0d80432c79 | 4282 | } |
wolfSSL | 4:1b0d80432c79 | 4283 | if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS593, |
wolfSSL | 4:1b0d80432c79 | 4284 | public_key, public_key_len) != SSL_SUCCESS) |
wolfSSL | 4:1b0d80432c79 | 4285 | ret = -1; |
wolfSSL | 4:1b0d80432c79 | 4286 | |
wolfSSL | 4:1b0d80432c79 | 4287 | /* add NTRU 128 */ |
wolfSSL | 4:1b0d80432c79 | 4288 | if (ssl->sendQSHKeys) { |
wolfSSL | 4:1b0d80432c79 | 4289 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 4:1b0d80432c79 | 4290 | &public_key_len, WOLFSSL_NTRU_EESS439); |
wolfSSL | 4:1b0d80432c79 | 4291 | } |
wolfSSL | 4:1b0d80432c79 | 4292 | if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS439, |
wolfSSL | 4:1b0d80432c79 | 4293 | public_key, public_key_len) != SSL_SUCCESS) |
wolfSSL | 4:1b0d80432c79 | 4294 | ret = -1; |
wolfSSL | 4:1b0d80432c79 | 4295 | } |
wolfSSL | 4:1b0d80432c79 | 4296 | else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) { |
wolfSSL | 4:1b0d80432c79 | 4297 | /* for each scheme make a client key */ |
wolfSSL | 4:1b0d80432c79 | 4298 | extension = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 4:1b0d80432c79 | 4299 | if (extension) { |
wolfSSL | 4:1b0d80432c79 | 4300 | qsh = (QSHScheme*)extension->data; |
wolfSSL | 4:1b0d80432c79 | 4301 | |
wolfSSL | 4:1b0d80432c79 | 4302 | while (qsh) { |
wolfSSL | 4:1b0d80432c79 | 4303 | if ((ret = TLSX_CreateQSHKey(ssl, qsh->name)) != 0) |
wolfSSL | 4:1b0d80432c79 | 4304 | return ret; |
wolfSSL | 4:1b0d80432c79 | 4305 | |
wolfSSL | 4:1b0d80432c79 | 4306 | /* get next now because qsh could be freed */ |
wolfSSL | 4:1b0d80432c79 | 4307 | next = qsh->next; |
wolfSSL | 4:1b0d80432c79 | 4308 | |
wolfSSL | 4:1b0d80432c79 | 4309 | /* find the public key created and add to extension*/ |
wolfSSL | 4:1b0d80432c79 | 4310 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 4:1b0d80432c79 | 4311 | &public_key_len, qsh->name); |
wolfSSL | 4:1b0d80432c79 | 4312 | if (TLSX_UseQSHScheme(&ssl->extensions, qsh->name, |
wolfSSL | 4:1b0d80432c79 | 4313 | public_key, public_key_len) != SSL_SUCCESS) |
wolfSSL | 4:1b0d80432c79 | 4314 | ret = -1; |
wolfSSL | 4:1b0d80432c79 | 4315 | qsh = next; |
wolfSSL | 4:1b0d80432c79 | 4316 | } |
wolfSSL | 4:1b0d80432c79 | 4317 | } |
wolfSSL | 4:1b0d80432c79 | 4318 | } |
wolfSSL | 4:1b0d80432c79 | 4319 | } /* is not server */ |
wolfSSL | 4:1b0d80432c79 | 4320 | #endif |
wolfSSL | 4:1b0d80432c79 | 4321 | |
wolfSSL | 4:1b0d80432c79 | 4322 | (void)isServer; |
wolfSSL | 4:1b0d80432c79 | 4323 | (void)public_key; |
wolfSSL | 4:1b0d80432c79 | 4324 | (void)public_key_len; |
wolfSSL | 4:1b0d80432c79 | 4325 | (void)ssl; |
wolfSSL | 4:1b0d80432c79 | 4326 | |
wolfSSL | 4:1b0d80432c79 | 4327 | return ret; |
wolfSSL | 4:1b0d80432c79 | 4328 | } |
wolfSSL | 4:1b0d80432c79 | 4329 | |
wolfSSL | 4:1b0d80432c79 | 4330 | |
wolfSSL | 4:1b0d80432c79 | 4331 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 4:1b0d80432c79 | 4332 | |
wolfSSL | 4:1b0d80432c79 | 4333 | /** Tells the buffered size of extensions to be sent into the client hello. */ |
wolfSSL | 4:1b0d80432c79 | 4334 | word16 TLSX_GetRequestSize(WOLFSSL* ssl) |
wolfSSL | 4:1b0d80432c79 | 4335 | { |
wolfSSL | 4:1b0d80432c79 | 4336 | word16 length = 0; |
wolfSSL | 4:1b0d80432c79 | 4337 | |
wolfSSL | 4:1b0d80432c79 | 4338 | if (TLSX_SupportExtensions(ssl)) { |
wolfSSL | 4:1b0d80432c79 | 4339 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 4:1b0d80432c79 | 4340 | |
wolfSSL | 4:1b0d80432c79 | 4341 | EC_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 4:1b0d80432c79 | 4342 | QSH_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 4:1b0d80432c79 | 4343 | STK_VALIDATE_REQUEST(ssl); |
wolfSSL | 4:1b0d80432c79 | 4344 | |
wolfSSL | 4:1b0d80432c79 | 4345 | if (ssl->extensions) |
wolfSSL | 4:1b0d80432c79 | 4346 | length += TLSX_GetSize(ssl->extensions, semaphore, 1); |
wolfSSL | 4:1b0d80432c79 | 4347 | |
wolfSSL | 4:1b0d80432c79 | 4348 | if (ssl->ctx && ssl->ctx->extensions) |
wolfSSL | 4:1b0d80432c79 | 4349 | length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1); |
wolfSSL | 4:1b0d80432c79 | 4350 | |
wolfSSL | 4:1b0d80432c79 | 4351 | if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) |
wolfSSL | 4:1b0d80432c79 | 4352 | length += ssl->suites->hashSigAlgoSz + HELLO_EXT_LEN; |
wolfSSL | 4:1b0d80432c79 | 4353 | } |
wolfSSL | 4:1b0d80432c79 | 4354 | |
wolfSSL | 4:1b0d80432c79 | 4355 | if (length) |
wolfSSL | 4:1b0d80432c79 | 4356 | length += OPAQUE16_LEN; /* for total length storage. */ |
wolfSSL | 4:1b0d80432c79 | 4357 | |
wolfSSL | 4:1b0d80432c79 | 4358 | return length; |
wolfSSL | 4:1b0d80432c79 | 4359 | } |
wolfSSL | 4:1b0d80432c79 | 4360 | |
wolfSSL | 4:1b0d80432c79 | 4361 | /** Writes the extensions to be sent into the client hello. */ |
wolfSSL | 4:1b0d80432c79 | 4362 | word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output) |
wolfSSL | 4:1b0d80432c79 | 4363 | { |
wolfSSL | 4:1b0d80432c79 | 4364 | word16 offset = 0; |
wolfSSL | 4:1b0d80432c79 | 4365 | |
wolfSSL | 4:1b0d80432c79 | 4366 | if (TLSX_SupportExtensions(ssl) && output) { |
wolfSSL | 4:1b0d80432c79 | 4367 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 4:1b0d80432c79 | 4368 | |
wolfSSL | 4:1b0d80432c79 | 4369 | offset += OPAQUE16_LEN; /* extensions length */ |
wolfSSL | 4:1b0d80432c79 | 4370 | |
wolfSSL | 4:1b0d80432c79 | 4371 | EC_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 4:1b0d80432c79 | 4372 | STK_VALIDATE_REQUEST(ssl); |
wolfSSL | 4:1b0d80432c79 | 4373 | QSH_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 4:1b0d80432c79 | 4374 | |
wolfSSL | 4:1b0d80432c79 | 4375 | if (ssl->extensions) |
wolfSSL | 4:1b0d80432c79 | 4376 | offset += TLSX_Write(ssl->extensions, output + offset, |
wolfSSL | 4:1b0d80432c79 | 4377 | semaphore, 1); |
wolfSSL | 4:1b0d80432c79 | 4378 | |
wolfSSL | 4:1b0d80432c79 | 4379 | if (ssl->ctx && ssl->ctx->extensions) |
wolfSSL | 4:1b0d80432c79 | 4380 | offset += TLSX_Write(ssl->ctx->extensions, output + offset, |
wolfSSL | 4:1b0d80432c79 | 4381 | semaphore, 1); |
wolfSSL | 4:1b0d80432c79 | 4382 | |
wolfSSL | 4:1b0d80432c79 | 4383 | if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) |
wolfSSL | 4:1b0d80432c79 | 4384 | { |
wolfSSL | 4:1b0d80432c79 | 4385 | int i; |
wolfSSL | 4:1b0d80432c79 | 4386 | /* extension type */ |
wolfSSL | 4:1b0d80432c79 | 4387 | c16toa(HELLO_EXT_SIG_ALGO, output + offset); |
wolfSSL | 4:1b0d80432c79 | 4388 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 4:1b0d80432c79 | 4389 | |
wolfSSL | 4:1b0d80432c79 | 4390 | /* extension data length */ |
wolfSSL | 4:1b0d80432c79 | 4391 | c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz, output + offset); |
wolfSSL | 4:1b0d80432c79 | 4392 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 4393 | |
wolfSSL | 4:1b0d80432c79 | 4394 | /* sig algos length */ |
wolfSSL | 4:1b0d80432c79 | 4395 | c16toa(ssl->suites->hashSigAlgoSz, output + offset); |
wolfSSL | 4:1b0d80432c79 | 4396 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 4397 | |
wolfSSL | 4:1b0d80432c79 | 4398 | /* sig algos */ |
wolfSSL | 4:1b0d80432c79 | 4399 | for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, offset++) |
wolfSSL | 4:1b0d80432c79 | 4400 | output[offset] = ssl->suites->hashSigAlgo[i]; |
wolfSSL | 4:1b0d80432c79 | 4401 | } |
wolfSSL | 4:1b0d80432c79 | 4402 | |
wolfSSL | 4:1b0d80432c79 | 4403 | if (offset > OPAQUE16_LEN) |
wolfSSL | 4:1b0d80432c79 | 4404 | c16toa(offset - OPAQUE16_LEN, output); /* extensions length */ |
wolfSSL | 4:1b0d80432c79 | 4405 | } |
wolfSSL | 4:1b0d80432c79 | 4406 | |
wolfSSL | 4:1b0d80432c79 | 4407 | return offset; |
wolfSSL | 4:1b0d80432c79 | 4408 | } |
wolfSSL | 4:1b0d80432c79 | 4409 | |
wolfSSL | 4:1b0d80432c79 | 4410 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 4:1b0d80432c79 | 4411 | |
wolfSSL | 4:1b0d80432c79 | 4412 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 4413 | |
wolfSSL | 4:1b0d80432c79 | 4414 | /** Tells the buffered size of extensions to be sent into the server hello. */ |
wolfSSL | 4:1b0d80432c79 | 4415 | word16 TLSX_GetResponseSize(WOLFSSL* ssl) |
wolfSSL | 4:1b0d80432c79 | 4416 | { |
wolfSSL | 4:1b0d80432c79 | 4417 | word16 length = 0; |
wolfSSL | 4:1b0d80432c79 | 4418 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 4:1b0d80432c79 | 4419 | |
wolfSSL | 4:1b0d80432c79 | 4420 | #ifdef HAVE_QSH |
wolfSSL | 4:1b0d80432c79 | 4421 | /* change response if not using TLS_QSH */ |
wolfSSL | 4:1b0d80432c79 | 4422 | if (!ssl->options.haveQSH) { |
wolfSSL | 4:1b0d80432c79 | 4423 | TLSX* ext = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 4:1b0d80432c79 | 4424 | if (ext) |
wolfSSL | 4:1b0d80432c79 | 4425 | ext->resp = 0; |
wolfSSL | 4:1b0d80432c79 | 4426 | } |
wolfSSL | 4:1b0d80432c79 | 4427 | #endif |
wolfSSL | 4:1b0d80432c79 | 4428 | |
wolfSSL | 4:1b0d80432c79 | 4429 | if (TLSX_SupportExtensions(ssl)) |
wolfSSL | 4:1b0d80432c79 | 4430 | length += TLSX_GetSize(ssl->extensions, semaphore, 0); |
wolfSSL | 4:1b0d80432c79 | 4431 | |
wolfSSL | 4:1b0d80432c79 | 4432 | /* All the response data is set at the ssl object only, so no ctx here. */ |
wolfSSL | 4:1b0d80432c79 | 4433 | |
wolfSSL | 4:1b0d80432c79 | 4434 | if (length) |
wolfSSL | 4:1b0d80432c79 | 4435 | length += OPAQUE16_LEN; /* for total length storage */ |
wolfSSL | 4:1b0d80432c79 | 4436 | |
wolfSSL | 4:1b0d80432c79 | 4437 | return length; |
wolfSSL | 4:1b0d80432c79 | 4438 | } |
wolfSSL | 4:1b0d80432c79 | 4439 | |
wolfSSL | 4:1b0d80432c79 | 4440 | /** Writes the server hello extensions into a buffer. */ |
wolfSSL | 4:1b0d80432c79 | 4441 | word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output) |
wolfSSL | 4:1b0d80432c79 | 4442 | { |
wolfSSL | 4:1b0d80432c79 | 4443 | word16 offset = 0; |
wolfSSL | 4:1b0d80432c79 | 4444 | |
wolfSSL | 4:1b0d80432c79 | 4445 | if (TLSX_SupportExtensions(ssl) && output) { |
wolfSSL | 4:1b0d80432c79 | 4446 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 4:1b0d80432c79 | 4447 | |
wolfSSL | 4:1b0d80432c79 | 4448 | offset += OPAQUE16_LEN; /* extensions length */ |
wolfSSL | 4:1b0d80432c79 | 4449 | |
wolfSSL | 4:1b0d80432c79 | 4450 | offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0); |
wolfSSL | 4:1b0d80432c79 | 4451 | |
wolfSSL | 4:1b0d80432c79 | 4452 | if (offset > OPAQUE16_LEN) |
wolfSSL | 4:1b0d80432c79 | 4453 | c16toa(offset - OPAQUE16_LEN, output); /* extensions length */ |
wolfSSL | 4:1b0d80432c79 | 4454 | } |
wolfSSL | 4:1b0d80432c79 | 4455 | |
wolfSSL | 4:1b0d80432c79 | 4456 | return offset; |
wolfSSL | 4:1b0d80432c79 | 4457 | } |
wolfSSL | 4:1b0d80432c79 | 4458 | |
wolfSSL | 4:1b0d80432c79 | 4459 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 4:1b0d80432c79 | 4460 | |
wolfSSL | 4:1b0d80432c79 | 4461 | /** Parses a buffer of TLS extensions. */ |
wolfSSL | 4:1b0d80432c79 | 4462 | int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest, |
wolfSSL | 4:1b0d80432c79 | 4463 | Suites *suites) |
wolfSSL | 4:1b0d80432c79 | 4464 | { |
wolfSSL | 4:1b0d80432c79 | 4465 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 4466 | word16 offset = 0; |
wolfSSL | 4:1b0d80432c79 | 4467 | |
wolfSSL | 4:1b0d80432c79 | 4468 | if (!ssl || !input || (isRequest && !suites)) |
wolfSSL | 4:1b0d80432c79 | 4469 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 4470 | |
wolfSSL | 4:1b0d80432c79 | 4471 | while (ret == 0 && offset < length) { |
wolfSSL | 4:1b0d80432c79 | 4472 | word16 type; |
wolfSSL | 4:1b0d80432c79 | 4473 | word16 size; |
wolfSSL | 4:1b0d80432c79 | 4474 | |
wolfSSL | 4:1b0d80432c79 | 4475 | if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN) |
wolfSSL | 4:1b0d80432c79 | 4476 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 4477 | |
wolfSSL | 4:1b0d80432c79 | 4478 | ato16(input + offset, &type); |
wolfSSL | 4:1b0d80432c79 | 4479 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 4:1b0d80432c79 | 4480 | |
wolfSSL | 4:1b0d80432c79 | 4481 | ato16(input + offset, &size); |
wolfSSL | 4:1b0d80432c79 | 4482 | offset += OPAQUE16_LEN; |
wolfSSL | 4:1b0d80432c79 | 4483 | |
wolfSSL | 4:1b0d80432c79 | 4484 | if (offset + size > length) |
wolfSSL | 4:1b0d80432c79 | 4485 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 4486 | |
wolfSSL | 4:1b0d80432c79 | 4487 | switch (type) { |
wolfSSL | 4:1b0d80432c79 | 4488 | case TLSX_SERVER_NAME: |
wolfSSL | 4:1b0d80432c79 | 4489 | WOLFSSL_MSG("SNI extension received"); |
wolfSSL | 4:1b0d80432c79 | 4490 | |
wolfSSL | 4:1b0d80432c79 | 4491 | ret = SNI_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 4:1b0d80432c79 | 4492 | break; |
wolfSSL | 4:1b0d80432c79 | 4493 | |
wolfSSL | 4:1b0d80432c79 | 4494 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 4:1b0d80432c79 | 4495 | WOLFSSL_MSG("Max Fragment Length extension received"); |
wolfSSL | 4:1b0d80432c79 | 4496 | |
wolfSSL | 4:1b0d80432c79 | 4497 | ret = MFL_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 4:1b0d80432c79 | 4498 | break; |
wolfSSL | 4:1b0d80432c79 | 4499 | |
wolfSSL | 4:1b0d80432c79 | 4500 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 4:1b0d80432c79 | 4501 | WOLFSSL_MSG("Truncated HMAC extension received"); |
wolfSSL | 4:1b0d80432c79 | 4502 | |
wolfSSL | 4:1b0d80432c79 | 4503 | ret = THM_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 4:1b0d80432c79 | 4504 | break; |
wolfSSL | 4:1b0d80432c79 | 4505 | |
wolfSSL | 4:1b0d80432c79 | 4506 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 4:1b0d80432c79 | 4507 | WOLFSSL_MSG("Elliptic Curves extension received"); |
wolfSSL | 4:1b0d80432c79 | 4508 | |
wolfSSL | 4:1b0d80432c79 | 4509 | ret = EC_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 4:1b0d80432c79 | 4510 | break; |
wolfSSL | 4:1b0d80432c79 | 4511 | |
wolfSSL | 4:1b0d80432c79 | 4512 | case TLSX_STATUS_REQUEST: |
wolfSSL | 4:1b0d80432c79 | 4513 | WOLFSSL_MSG("Certificate Status Request extension received"); |
wolfSSL | 4:1b0d80432c79 | 4514 | |
wolfSSL | 4:1b0d80432c79 | 4515 | ret = CSR_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 4:1b0d80432c79 | 4516 | break; |
wolfSSL | 4:1b0d80432c79 | 4517 | |
wolfSSL | 4:1b0d80432c79 | 4518 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 4:1b0d80432c79 | 4519 | WOLFSSL_MSG("Certificate Status Request v2 extension received"); |
wolfSSL | 4:1b0d80432c79 | 4520 | |
wolfSSL | 4:1b0d80432c79 | 4521 | ret = CSR2_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 4:1b0d80432c79 | 4522 | break; |
wolfSSL | 4:1b0d80432c79 | 4523 | |
wolfSSL | 4:1b0d80432c79 | 4524 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 4:1b0d80432c79 | 4525 | WOLFSSL_MSG("Secure Renegotiation extension received"); |
wolfSSL | 4:1b0d80432c79 | 4526 | |
wolfSSL | 4:1b0d80432c79 | 4527 | ret = SCR_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 4:1b0d80432c79 | 4528 | break; |
wolfSSL | 4:1b0d80432c79 | 4529 | |
wolfSSL | 4:1b0d80432c79 | 4530 | case TLSX_SESSION_TICKET: |
wolfSSL | 4:1b0d80432c79 | 4531 | WOLFSSL_MSG("Session Ticket extension received"); |
wolfSSL | 4:1b0d80432c79 | 4532 | |
wolfSSL | 4:1b0d80432c79 | 4533 | ret = STK_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 4:1b0d80432c79 | 4534 | break; |
wolfSSL | 4:1b0d80432c79 | 4535 | |
wolfSSL | 4:1b0d80432c79 | 4536 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 4:1b0d80432c79 | 4537 | WOLFSSL_MSG("Quantum-Safe-Hybrid extension received"); |
wolfSSL | 4:1b0d80432c79 | 4538 | |
wolfSSL | 4:1b0d80432c79 | 4539 | ret = QSH_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 4:1b0d80432c79 | 4540 | break; |
wolfSSL | 4:1b0d80432c79 | 4541 | |
wolfSSL | 4:1b0d80432c79 | 4542 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 4:1b0d80432c79 | 4543 | WOLFSSL_MSG("ALPN extension received"); |
wolfSSL | 4:1b0d80432c79 | 4544 | |
wolfSSL | 4:1b0d80432c79 | 4545 | ret = ALPN_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 4:1b0d80432c79 | 4546 | break; |
wolfSSL | 4:1b0d80432c79 | 4547 | |
wolfSSL | 4:1b0d80432c79 | 4548 | case HELLO_EXT_SIG_ALGO: |
wolfSSL | 4:1b0d80432c79 | 4549 | if (isRequest) { |
wolfSSL | 4:1b0d80432c79 | 4550 | /* do not mess with offset inside the switch! */ |
wolfSSL | 4:1b0d80432c79 | 4551 | if (IsAtLeastTLSv1_2(ssl)) { |
wolfSSL | 4:1b0d80432c79 | 4552 | ato16(input + offset, &suites->hashSigAlgoSz); |
wolfSSL | 4:1b0d80432c79 | 4553 | |
wolfSSL | 4:1b0d80432c79 | 4554 | if (suites->hashSigAlgoSz > size - OPAQUE16_LEN) |
wolfSSL | 4:1b0d80432c79 | 4555 | return BUFFER_ERROR; |
wolfSSL | 4:1b0d80432c79 | 4556 | |
wolfSSL | 4:1b0d80432c79 | 4557 | XMEMCPY(suites->hashSigAlgo, |
wolfSSL | 4:1b0d80432c79 | 4558 | input + offset + OPAQUE16_LEN, |
wolfSSL | 4:1b0d80432c79 | 4559 | min(suites->hashSigAlgoSz, |
wolfSSL | 4:1b0d80432c79 | 4560 | HELLO_EXT_SIGALGO_MAX)); |
wolfSSL | 4:1b0d80432c79 | 4561 | } |
wolfSSL | 4:1b0d80432c79 | 4562 | } else { |
wolfSSL | 4:1b0d80432c79 | 4563 | WOLFSSL_MSG("Servers MUST NOT send SIG ALGO extension."); |
wolfSSL | 4:1b0d80432c79 | 4564 | } |
wolfSSL | 4:1b0d80432c79 | 4565 | |
wolfSSL | 4:1b0d80432c79 | 4566 | break; |
wolfSSL | 4:1b0d80432c79 | 4567 | } |
wolfSSL | 4:1b0d80432c79 | 4568 | |
wolfSSL | 4:1b0d80432c79 | 4569 | /* offset should be updated here! */ |
wolfSSL | 4:1b0d80432c79 | 4570 | offset += size; |
wolfSSL | 4:1b0d80432c79 | 4571 | } |
wolfSSL | 4:1b0d80432c79 | 4572 | |
wolfSSL | 4:1b0d80432c79 | 4573 | if (ret == 0) |
wolfSSL | 4:1b0d80432c79 | 4574 | ret = SNI_VERIFY_PARSE(ssl, isRequest); |
wolfSSL | 4:1b0d80432c79 | 4575 | |
wolfSSL | 4:1b0d80432c79 | 4576 | return ret; |
wolfSSL | 4:1b0d80432c79 | 4577 | } |
wolfSSL | 4:1b0d80432c79 | 4578 | |
wolfSSL | 4:1b0d80432c79 | 4579 | /* undefining semaphore macros */ |
wolfSSL | 4:1b0d80432c79 | 4580 | #undef IS_OFF |
wolfSSL | 4:1b0d80432c79 | 4581 | #undef TURN_ON |
wolfSSL | 4:1b0d80432c79 | 4582 | #undef SEMAPHORE_SIZE |
wolfSSL | 4:1b0d80432c79 | 4583 | |
wolfSSL | 4:1b0d80432c79 | 4584 | #endif /* HAVE_TLS_EXTENSIONS */ |
wolfSSL | 4:1b0d80432c79 | 4585 | |
wolfSSL | 4:1b0d80432c79 | 4586 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 4:1b0d80432c79 | 4587 | |
wolfSSL | 4:1b0d80432c79 | 4588 | #ifndef NO_OLD_TLS |
wolfSSL | 4:1b0d80432c79 | 4589 | |
wolfSSL | 4:1b0d80432c79 | 4590 | WOLFSSL_METHOD* wolfTLSv1_client_method(void) |
wolfSSL | 4:1b0d80432c79 | 4591 | { |
wolfSSL | 4:1b0d80432c79 | 4592 | WOLFSSL_METHOD* method = |
wolfSSL | 4:1b0d80432c79 | 4593 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 4:1b0d80432c79 | 4594 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 4:1b0d80432c79 | 4595 | if (method) |
wolfSSL | 4:1b0d80432c79 | 4596 | InitSSL_Method(method, MakeTLSv1()); |
wolfSSL | 4:1b0d80432c79 | 4597 | return method; |
wolfSSL | 4:1b0d80432c79 | 4598 | } |
wolfSSL | 4:1b0d80432c79 | 4599 | |
wolfSSL | 4:1b0d80432c79 | 4600 | |
wolfSSL | 4:1b0d80432c79 | 4601 | WOLFSSL_METHOD* wolfTLSv1_1_client_method(void) |
wolfSSL | 4:1b0d80432c79 | 4602 | { |
wolfSSL | 4:1b0d80432c79 | 4603 | WOLFSSL_METHOD* method = |
wolfSSL | 4:1b0d80432c79 | 4604 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 4:1b0d80432c79 | 4605 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 4:1b0d80432c79 | 4606 | if (method) |
wolfSSL | 4:1b0d80432c79 | 4607 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 4:1b0d80432c79 | 4608 | return method; |
wolfSSL | 4:1b0d80432c79 | 4609 | } |
wolfSSL | 4:1b0d80432c79 | 4610 | |
wolfSSL | 4:1b0d80432c79 | 4611 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 4:1b0d80432c79 | 4612 | |
wolfSSL | 4:1b0d80432c79 | 4613 | #ifndef NO_SHA256 /* can't use without SHA256 */ |
wolfSSL | 4:1b0d80432c79 | 4614 | |
wolfSSL | 4:1b0d80432c79 | 4615 | WOLFSSL_METHOD* wolfTLSv1_2_client_method(void) |
wolfSSL | 4:1b0d80432c79 | 4616 | { |
wolfSSL | 4:1b0d80432c79 | 4617 | WOLFSSL_METHOD* method = |
wolfSSL | 4:1b0d80432c79 | 4618 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 4:1b0d80432c79 | 4619 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 4:1b0d80432c79 | 4620 | if (method) |
wolfSSL | 4:1b0d80432c79 | 4621 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 4:1b0d80432c79 | 4622 | return method; |
wolfSSL | 4:1b0d80432c79 | 4623 | } |
wolfSSL | 4:1b0d80432c79 | 4624 | |
wolfSSL | 4:1b0d80432c79 | 4625 | #endif |
wolfSSL | 4:1b0d80432c79 | 4626 | |
wolfSSL | 4:1b0d80432c79 | 4627 | |
wolfSSL | 4:1b0d80432c79 | 4628 | WOLFSSL_METHOD* wolfSSLv23_client_method(void) |
wolfSSL | 4:1b0d80432c79 | 4629 | { |
wolfSSL | 4:1b0d80432c79 | 4630 | WOLFSSL_METHOD* method = |
wolfSSL | 4:1b0d80432c79 | 4631 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 4:1b0d80432c79 | 4632 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 4:1b0d80432c79 | 4633 | if (method) { |
wolfSSL | 4:1b0d80432c79 | 4634 | #ifndef NO_SHA256 /* 1.2 requires SHA256 */ |
wolfSSL | 4:1b0d80432c79 | 4635 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 4:1b0d80432c79 | 4636 | #else |
wolfSSL | 4:1b0d80432c79 | 4637 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 4:1b0d80432c79 | 4638 | #endif |
wolfSSL | 4:1b0d80432c79 | 4639 | #ifndef NO_OLD_TLS |
wolfSSL | 4:1b0d80432c79 | 4640 | method->downgrade = 1; |
wolfSSL | 4:1b0d80432c79 | 4641 | #endif |
wolfSSL | 4:1b0d80432c79 | 4642 | } |
wolfSSL | 4:1b0d80432c79 | 4643 | return method; |
wolfSSL | 4:1b0d80432c79 | 4644 | } |
wolfSSL | 4:1b0d80432c79 | 4645 | |
wolfSSL | 4:1b0d80432c79 | 4646 | |
wolfSSL | 4:1b0d80432c79 | 4647 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 4:1b0d80432c79 | 4648 | |
wolfSSL | 4:1b0d80432c79 | 4649 | |
wolfSSL | 4:1b0d80432c79 | 4650 | |
wolfSSL | 4:1b0d80432c79 | 4651 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 4:1b0d80432c79 | 4652 | |
wolfSSL | 4:1b0d80432c79 | 4653 | #ifndef NO_OLD_TLS |
wolfSSL | 4:1b0d80432c79 | 4654 | |
wolfSSL | 4:1b0d80432c79 | 4655 | WOLFSSL_METHOD* wolfTLSv1_server_method(void) |
wolfSSL | 4:1b0d80432c79 | 4656 | { |
wolfSSL | 4:1b0d80432c79 | 4657 | WOLFSSL_METHOD* method = |
wolfSSL | 4:1b0d80432c79 | 4658 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 4:1b0d80432c79 | 4659 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 4:1b0d80432c79 | 4660 | if (method) { |
wolfSSL | 4:1b0d80432c79 | 4661 | InitSSL_Method(method, MakeTLSv1()); |
wolfSSL | 4:1b0d80432c79 | 4662 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 4:1b0d80432c79 | 4663 | } |
wolfSSL | 4:1b0d80432c79 | 4664 | return method; |
wolfSSL | 4:1b0d80432c79 | 4665 | } |
wolfSSL | 4:1b0d80432c79 | 4666 | |
wolfSSL | 4:1b0d80432c79 | 4667 | |
wolfSSL | 4:1b0d80432c79 | 4668 | WOLFSSL_METHOD* wolfTLSv1_1_server_method(void) |
wolfSSL | 4:1b0d80432c79 | 4669 | { |
wolfSSL | 4:1b0d80432c79 | 4670 | WOLFSSL_METHOD* method = |
wolfSSL | 4:1b0d80432c79 | 4671 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 4:1b0d80432c79 | 4672 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 4:1b0d80432c79 | 4673 | if (method) { |
wolfSSL | 4:1b0d80432c79 | 4674 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 4:1b0d80432c79 | 4675 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 4:1b0d80432c79 | 4676 | } |
wolfSSL | 4:1b0d80432c79 | 4677 | return method; |
wolfSSL | 4:1b0d80432c79 | 4678 | } |
wolfSSL | 4:1b0d80432c79 | 4679 | |
wolfSSL | 4:1b0d80432c79 | 4680 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 4:1b0d80432c79 | 4681 | |
wolfSSL | 4:1b0d80432c79 | 4682 | #ifndef NO_SHA256 /* can't use without SHA256 */ |
wolfSSL | 4:1b0d80432c79 | 4683 | |
wolfSSL | 4:1b0d80432c79 | 4684 | WOLFSSL_METHOD* wolfTLSv1_2_server_method(void) |
wolfSSL | 4:1b0d80432c79 | 4685 | { |
wolfSSL | 4:1b0d80432c79 | 4686 | WOLFSSL_METHOD* method = |
wolfSSL | 4:1b0d80432c79 | 4687 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 4:1b0d80432c79 | 4688 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 4:1b0d80432c79 | 4689 | if (method) { |
wolfSSL | 4:1b0d80432c79 | 4690 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 4:1b0d80432c79 | 4691 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 4:1b0d80432c79 | 4692 | } |
wolfSSL | 4:1b0d80432c79 | 4693 | return method; |
wolfSSL | 4:1b0d80432c79 | 4694 | } |
wolfSSL | 4:1b0d80432c79 | 4695 | |
wolfSSL | 4:1b0d80432c79 | 4696 | #endif |
wolfSSL | 4:1b0d80432c79 | 4697 | |
wolfSSL | 4:1b0d80432c79 | 4698 | |
wolfSSL | 4:1b0d80432c79 | 4699 | WOLFSSL_METHOD* wolfSSLv23_server_method(void) |
wolfSSL | 4:1b0d80432c79 | 4700 | { |
wolfSSL | 4:1b0d80432c79 | 4701 | WOLFSSL_METHOD* method = |
wolfSSL | 4:1b0d80432c79 | 4702 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 4:1b0d80432c79 | 4703 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 4:1b0d80432c79 | 4704 | if (method) { |
wolfSSL | 4:1b0d80432c79 | 4705 | #ifndef NO_SHA256 /* 1.2 requires SHA256 */ |
wolfSSL | 4:1b0d80432c79 | 4706 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 4:1b0d80432c79 | 4707 | #else |
wolfSSL | 4:1b0d80432c79 | 4708 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 4:1b0d80432c79 | 4709 | #endif |
wolfSSL | 4:1b0d80432c79 | 4710 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 4:1b0d80432c79 | 4711 | #ifndef NO_OLD_TLS |
wolfSSL | 4:1b0d80432c79 | 4712 | method->downgrade = 1; |
wolfSSL | 4:1b0d80432c79 | 4713 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 4:1b0d80432c79 | 4714 | } |
wolfSSL | 4:1b0d80432c79 | 4715 | return method; |
wolfSSL | 4:1b0d80432c79 | 4716 | } |
wolfSSL | 4:1b0d80432c79 | 4717 | |
wolfSSL | 4:1b0d80432c79 | 4718 | |
wolfSSL | 4:1b0d80432c79 | 4719 | |
wolfSSL | 4:1b0d80432c79 | 4720 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 4:1b0d80432c79 | 4721 | #endif /* NO_TLS */ |
wolfSSL | 4:1b0d80432c79 | 4722 | #endif /* WOLFCRYPT_ONLY */ |
wolfSSL | 4:1b0d80432c79 | 4723 |