wolfSSL - wolfSSL SSL/TLS library, support up to TLS1.3

Users » wolfSSL » Code » wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

src/tls.c@4:1b0d80432c79, 2016-04-28 (annotated)

Committer:: wolfSSL
Date:: Thu Apr 28 00:57:21 2016 +0000
Revision:: 4:1b0d80432c79

wolfSSL 3.9.0

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	4:1b0d80432c79	1	/* tls.c
wolfSSL	4:1b0d80432c79	2	*
wolfSSL	4:1b0d80432c79	3	* Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL	4:1b0d80432c79	4	*
wolfSSL	4:1b0d80432c79	5	* This file is part of wolfSSL.
wolfSSL	4:1b0d80432c79	6	*
wolfSSL	4:1b0d80432c79	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	4:1b0d80432c79	8	* it under the terms of the GNU General Public License as published by
wolfSSL	4:1b0d80432c79	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	4:1b0d80432c79	10	* (at your option) any later version.
wolfSSL	4:1b0d80432c79	11	*
wolfSSL	4:1b0d80432c79	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	4:1b0d80432c79	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	4:1b0d80432c79	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	4:1b0d80432c79	15	* GNU General Public License for more details.
wolfSSL	4:1b0d80432c79	16	*
wolfSSL	4:1b0d80432c79	17	* You should have received a copy of the GNU General Public License
wolfSSL	4:1b0d80432c79	18	* along with this program; if not, write to the Free Software
wolfSSL	4:1b0d80432c79	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	4:1b0d80432c79	20	*/
wolfSSL	4:1b0d80432c79	21
wolfSSL	4:1b0d80432c79	22
wolfSSL	4:1b0d80432c79	23
wolfSSL	4:1b0d80432c79	24	#ifdef HAVE_CONFIG_H
wolfSSL	4:1b0d80432c79	25	#include <config.h>
wolfSSL	4:1b0d80432c79	26	#endif
wolfSSL	4:1b0d80432c79	27
wolfSSL	4:1b0d80432c79	28	#include <wolfssl/wolfcrypt/settings.h>
wolfSSL	4:1b0d80432c79	29
wolfSSL	4:1b0d80432c79	30	#ifndef WOLFCRYPT_ONLY
wolfSSL	4:1b0d80432c79	31
wolfSSL	4:1b0d80432c79	32	#include <wolfssl/ssl.h>
wolfSSL	4:1b0d80432c79	33	#include <wolfssl/internal.h>
wolfSSL	4:1b0d80432c79	34	#include <wolfssl/error-ssl.h>
wolfSSL	4:1b0d80432c79	35	#include <wolfssl/wolfcrypt/hmac.h>
wolfSSL	4:1b0d80432c79	36	#ifdef NO_INLINE
wolfSSL	4:1b0d80432c79	37	#include <wolfssl/wolfcrypt/misc.h>
wolfSSL	4:1b0d80432c79	38	#else
wolfSSL	4:1b0d80432c79	39	#include <wolfcrypt/src/misc.c>
wolfSSL	4:1b0d80432c79	40	#endif
wolfSSL	4:1b0d80432c79	41
wolfSSL	4:1b0d80432c79	42	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	43	#include "libntruencrypt/ntru_crypto.h"
wolfSSL	4:1b0d80432c79	44	#include <wolfssl/wolfcrypt/random.h>
wolfSSL	4:1b0d80432c79	45	#endif
wolfSSL	4:1b0d80432c79	46	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	47	static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key);
wolfSSL	4:1b0d80432c79	48	static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name);
wolfSSL	4:1b0d80432c79	49	static int TLSX_CreateNtruKey(WOLFSSL* ssl, int type);
wolfSSL	4:1b0d80432c79	50	#endif
wolfSSL	4:1b0d80432c79	51
wolfSSL	4:1b0d80432c79	52
wolfSSL	4:1b0d80432c79	53	#ifndef NO_TLS
wolfSSL	4:1b0d80432c79	54
wolfSSL	4:1b0d80432c79	55
wolfSSL	4:1b0d80432c79	56	#ifndef WOLFSSL_HAVE_MIN
wolfSSL	4:1b0d80432c79	57	#define WOLFSSL_HAVE_MIN
wolfSSL	4:1b0d80432c79	58
wolfSSL	4:1b0d80432c79	59	static INLINE word32 min(word32 a, word32 b)
wolfSSL	4:1b0d80432c79	60	{
wolfSSL	4:1b0d80432c79	61	return a > b ? b : a;
wolfSSL	4:1b0d80432c79	62	}
wolfSSL	4:1b0d80432c79	63
wolfSSL	4:1b0d80432c79	64	#endif /* WOLFSSL_HAVE_MIN */
wolfSSL	4:1b0d80432c79	65
wolfSSL	4:1b0d80432c79	66
wolfSSL	4:1b0d80432c79	67	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	68	#define P_HASH_MAX_SIZE SHA384_DIGEST_SIZE
wolfSSL	4:1b0d80432c79	69	#else
wolfSSL	4:1b0d80432c79	70	#define P_HASH_MAX_SIZE SHA256_DIGEST_SIZE
wolfSSL	4:1b0d80432c79	71	#endif
wolfSSL	4:1b0d80432c79	72
wolfSSL	4:1b0d80432c79	73	/* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
wolfSSL	4:1b0d80432c79	74	static int p_hash(byte* result, word32 resLen, const byte* secret,
wolfSSL	4:1b0d80432c79	75	word32 secLen, const byte* seed, word32 seedLen, int hash)
wolfSSL	4:1b0d80432c79	76	{
wolfSSL	4:1b0d80432c79	77	word32 len = P_HASH_MAX_SIZE;
wolfSSL	4:1b0d80432c79	78	word32 times;
wolfSSL	4:1b0d80432c79	79	word32 lastLen;
wolfSSL	4:1b0d80432c79	80	word32 lastTime;
wolfSSL	4:1b0d80432c79	81	word32 i;
wolfSSL	4:1b0d80432c79	82	word32 idx = 0;
wolfSSL	4:1b0d80432c79	83	int ret = 0;
wolfSSL	4:1b0d80432c79	84	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	85	byte* previous;
wolfSSL	4:1b0d80432c79	86	byte* current;
wolfSSL	4:1b0d80432c79	87	Hmac* hmac;
wolfSSL	4:1b0d80432c79	88	#else
wolfSSL	4:1b0d80432c79	89	byte previous[P_HASH_MAX_SIZE]; /* max size */
wolfSSL	4:1b0d80432c79	90	byte current[P_HASH_MAX_SIZE]; /* max size */
wolfSSL	4:1b0d80432c79	91	Hmac hmac[1];
wolfSSL	4:1b0d80432c79	92	#endif
wolfSSL	4:1b0d80432c79	93
wolfSSL	4:1b0d80432c79	94	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	95	previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	96	current = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	97	hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	98
wolfSSL	4:1b0d80432c79	99	if (previous == NULL \|\| current == NULL \|\| hmac == NULL) {
wolfSSL	4:1b0d80432c79	100	if (previous) XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	101	if (current) XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	102	if (hmac) XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	103
wolfSSL	4:1b0d80432c79	104	return MEMORY_E;
wolfSSL	4:1b0d80432c79	105	}
wolfSSL	4:1b0d80432c79	106	#endif
wolfSSL	4:1b0d80432c79	107
wolfSSL	4:1b0d80432c79	108	switch (hash) {
wolfSSL	4:1b0d80432c79	109	#ifndef NO_MD5
wolfSSL	4:1b0d80432c79	110	case md5_mac:
wolfSSL	4:1b0d80432c79	111	hash = MD5;
wolfSSL	4:1b0d80432c79	112	len = MD5_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	113	break;
wolfSSL	4:1b0d80432c79	114	#endif
wolfSSL	4:1b0d80432c79	115
wolfSSL	4:1b0d80432c79	116	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	117	case sha256_mac:
wolfSSL	4:1b0d80432c79	118	hash = SHA256;
wolfSSL	4:1b0d80432c79	119	len = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	120	break;
wolfSSL	4:1b0d80432c79	121	#endif
wolfSSL	4:1b0d80432c79	122
wolfSSL	4:1b0d80432c79	123	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	124	case sha384_mac:
wolfSSL	4:1b0d80432c79	125	hash = SHA384;
wolfSSL	4:1b0d80432c79	126	len = SHA384_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	127	break;
wolfSSL	4:1b0d80432c79	128	#endif
wolfSSL	4:1b0d80432c79	129
wolfSSL	4:1b0d80432c79	130	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	131	case sha_mac:
wolfSSL	4:1b0d80432c79	132	default:
wolfSSL	4:1b0d80432c79	133	hash = SHA;
wolfSSL	4:1b0d80432c79	134	len = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	135	break;
wolfSSL	4:1b0d80432c79	136	#endif
wolfSSL	4:1b0d80432c79	137	}
wolfSSL	4:1b0d80432c79	138
wolfSSL	4:1b0d80432c79	139	times = resLen / len;
wolfSSL	4:1b0d80432c79	140	lastLen = resLen % len;
wolfSSL	4:1b0d80432c79	141
wolfSSL	4:1b0d80432c79	142	if (lastLen)
wolfSSL	4:1b0d80432c79	143	times += 1;
wolfSSL	4:1b0d80432c79	144
wolfSSL	4:1b0d80432c79	145	lastTime = times - 1;
wolfSSL	4:1b0d80432c79	146
wolfSSL	4:1b0d80432c79	147	if ((ret = wc_HmacSetKey(hmac, hash, secret, secLen)) == 0) {
wolfSSL	4:1b0d80432c79	148	if ((ret = wc_HmacUpdate(hmac, seed, seedLen)) == 0) { /* A0 = seed */
wolfSSL	4:1b0d80432c79	149	if ((ret = wc_HmacFinal(hmac, previous)) == 0) { /* A1 */
wolfSSL	4:1b0d80432c79	150	for (i = 0; i < times; i++) {
wolfSSL	4:1b0d80432c79	151	ret = wc_HmacUpdate(hmac, previous, len);
wolfSSL	4:1b0d80432c79	152	if (ret != 0)
wolfSSL	4:1b0d80432c79	153	break;
wolfSSL	4:1b0d80432c79	154	ret = wc_HmacUpdate(hmac, seed, seedLen);
wolfSSL	4:1b0d80432c79	155	if (ret != 0)
wolfSSL	4:1b0d80432c79	156	break;
wolfSSL	4:1b0d80432c79	157	ret = wc_HmacFinal(hmac, current);
wolfSSL	4:1b0d80432c79	158	if (ret != 0)
wolfSSL	4:1b0d80432c79	159	break;
wolfSSL	4:1b0d80432c79	160
wolfSSL	4:1b0d80432c79	161	if ((i == lastTime) && lastLen)
wolfSSL	4:1b0d80432c79	162	XMEMCPY(&result[idx], current,
wolfSSL	4:1b0d80432c79	163	min(lastLen, P_HASH_MAX_SIZE));
wolfSSL	4:1b0d80432c79	164	else {
wolfSSL	4:1b0d80432c79	165	XMEMCPY(&result[idx], current, len);
wolfSSL	4:1b0d80432c79	166	idx += len;
wolfSSL	4:1b0d80432c79	167	ret = wc_HmacUpdate(hmac, previous, len);
wolfSSL	4:1b0d80432c79	168	if (ret != 0)
wolfSSL	4:1b0d80432c79	169	break;
wolfSSL	4:1b0d80432c79	170	ret = wc_HmacFinal(hmac, previous);
wolfSSL	4:1b0d80432c79	171	if (ret != 0)
wolfSSL	4:1b0d80432c79	172	break;
wolfSSL	4:1b0d80432c79	173	}
wolfSSL	4:1b0d80432c79	174	}
wolfSSL	4:1b0d80432c79	175	}
wolfSSL	4:1b0d80432c79	176	}
wolfSSL	4:1b0d80432c79	177	}
wolfSSL	4:1b0d80432c79	178
wolfSSL	4:1b0d80432c79	179	ForceZero(previous, P_HASH_MAX_SIZE);
wolfSSL	4:1b0d80432c79	180	ForceZero(current, P_HASH_MAX_SIZE);
wolfSSL	4:1b0d80432c79	181	ForceZero(hmac, sizeof(Hmac));
wolfSSL	4:1b0d80432c79	182
wolfSSL	4:1b0d80432c79	183	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	184	XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	185	XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	186	XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	187	#endif
wolfSSL	4:1b0d80432c79	188
wolfSSL	4:1b0d80432c79	189	return ret;
wolfSSL	4:1b0d80432c79	190	}
wolfSSL	4:1b0d80432c79	191
wolfSSL	4:1b0d80432c79	192	#undef P_HASH_MAX_SIZE
wolfSSL	4:1b0d80432c79	193
wolfSSL	4:1b0d80432c79	194
wolfSSL	4:1b0d80432c79	195	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	196
wolfSSL	4:1b0d80432c79	197	/* calculate XOR for TLSv1 PRF */
wolfSSL	4:1b0d80432c79	198	static INLINE void get_xor(byte digest, word32 digLen, byte md5, byte* sha)
wolfSSL	4:1b0d80432c79	199	{
wolfSSL	4:1b0d80432c79	200	word32 i;
wolfSSL	4:1b0d80432c79	201
wolfSSL	4:1b0d80432c79	202	for (i = 0; i < digLen; i++)
wolfSSL	4:1b0d80432c79	203	digest[i] = md5[i] ^ sha[i];
wolfSSL	4:1b0d80432c79	204	}
wolfSSL	4:1b0d80432c79	205
wolfSSL	4:1b0d80432c79	206
wolfSSL	4:1b0d80432c79	207	/* compute TLSv1 PRF (pseudo random function using HMAC) */
wolfSSL	4:1b0d80432c79	208	static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
wolfSSL	4:1b0d80432c79	209	const byte* label, word32 labLen, const byte* seed,
wolfSSL	4:1b0d80432c79	210	word32 seedLen)
wolfSSL	4:1b0d80432c79	211	{
wolfSSL	4:1b0d80432c79	212	int ret = 0;
wolfSSL	4:1b0d80432c79	213	word32 half = (secLen + 1) / 2;
wolfSSL	4:1b0d80432c79	214
wolfSSL	4:1b0d80432c79	215	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	216	byte* md5_half;
wolfSSL	4:1b0d80432c79	217	byte* sha_half;
wolfSSL	4:1b0d80432c79	218	byte* labelSeed;
wolfSSL	4:1b0d80432c79	219	byte* md5_result;
wolfSSL	4:1b0d80432c79	220	byte* sha_result;
wolfSSL	4:1b0d80432c79	221	#else
wolfSSL	4:1b0d80432c79	222	byte md5_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL	4:1b0d80432c79	223	byte sha_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL	4:1b0d80432c79	224	byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
wolfSSL	4:1b0d80432c79	225	byte md5_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL	4:1b0d80432c79	226	byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL	4:1b0d80432c79	227	#endif
wolfSSL	4:1b0d80432c79	228
wolfSSL	4:1b0d80432c79	229	if (half > MAX_PRF_HALF)
wolfSSL	4:1b0d80432c79	230	return BUFFER_E;
wolfSSL	4:1b0d80432c79	231	if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL	4:1b0d80432c79	232	return BUFFER_E;
wolfSSL	4:1b0d80432c79	233	if (digLen > MAX_PRF_DIG)
wolfSSL	4:1b0d80432c79	234	return BUFFER_E;
wolfSSL	4:1b0d80432c79	235
wolfSSL	4:1b0d80432c79	236	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	237	md5_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	238	sha_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	239	labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	240	md5_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	241	sha_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	242
wolfSSL	4:1b0d80432c79	243	if (md5_half == NULL \|\| sha_half == NULL \|\| labelSeed == NULL \|\|
wolfSSL	4:1b0d80432c79	244	md5_result == NULL \|\| sha_result == NULL) {
wolfSSL	4:1b0d80432c79	245	if (md5_half) XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	246	if (sha_half) XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	247	if (labelSeed) XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	248	if (md5_result) XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	249	if (sha_result) XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	250
wolfSSL	4:1b0d80432c79	251	return MEMORY_E;
wolfSSL	4:1b0d80432c79	252	}
wolfSSL	4:1b0d80432c79	253	#endif
wolfSSL	4:1b0d80432c79	254
wolfSSL	4:1b0d80432c79	255	XMEMSET(md5_result, 0, digLen);
wolfSSL	4:1b0d80432c79	256	XMEMSET(sha_result, 0, digLen);
wolfSSL	4:1b0d80432c79	257
wolfSSL	4:1b0d80432c79	258	XMEMCPY(md5_half, secret, half);
wolfSSL	4:1b0d80432c79	259	XMEMCPY(sha_half, secret + half - secLen % 2, half);
wolfSSL	4:1b0d80432c79	260
wolfSSL	4:1b0d80432c79	261	XMEMCPY(labelSeed, label, labLen);
wolfSSL	4:1b0d80432c79	262	XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL	4:1b0d80432c79	263
wolfSSL	4:1b0d80432c79	264	if ((ret = p_hash(md5_result, digLen, md5_half, half, labelSeed,
wolfSSL	4:1b0d80432c79	265	labLen + seedLen, md5_mac)) == 0) {
wolfSSL	4:1b0d80432c79	266	if ((ret = p_hash(sha_result, digLen, sha_half, half, labelSeed,
wolfSSL	4:1b0d80432c79	267	labLen + seedLen, sha_mac)) == 0) {
wolfSSL	4:1b0d80432c79	268	get_xor(digest, digLen, md5_result, sha_result);
wolfSSL	4:1b0d80432c79	269	}
wolfSSL	4:1b0d80432c79	270	}
wolfSSL	4:1b0d80432c79	271
wolfSSL	4:1b0d80432c79	272	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	273	XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	274	XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	275	XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	276	XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	277	XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	278	#endif
wolfSSL	4:1b0d80432c79	279
wolfSSL	4:1b0d80432c79	280	return ret;
wolfSSL	4:1b0d80432c79	281	}
wolfSSL	4:1b0d80432c79	282
wolfSSL	4:1b0d80432c79	283	#endif
wolfSSL	4:1b0d80432c79	284
wolfSSL	4:1b0d80432c79	285
wolfSSL	4:1b0d80432c79	286	/* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack
wolfSSL	4:1b0d80432c79	287	use */
wolfSSL	4:1b0d80432c79	288	static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
wolfSSL	4:1b0d80432c79	289	const byte* label, word32 labLen, const byte* seed, word32 seedLen,
wolfSSL	4:1b0d80432c79	290	int useAtLeastSha256, int hash_type)
wolfSSL	4:1b0d80432c79	291	{
wolfSSL	4:1b0d80432c79	292	int ret = 0;
wolfSSL	4:1b0d80432c79	293
wolfSSL	4:1b0d80432c79	294	if (useAtLeastSha256) {
wolfSSL	4:1b0d80432c79	295	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	296	byte* labelSeed;
wolfSSL	4:1b0d80432c79	297	#else
wolfSSL	4:1b0d80432c79	298	byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
wolfSSL	4:1b0d80432c79	299	#endif
wolfSSL	4:1b0d80432c79	300
wolfSSL	4:1b0d80432c79	301	if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL	4:1b0d80432c79	302	return BUFFER_E;
wolfSSL	4:1b0d80432c79	303
wolfSSL	4:1b0d80432c79	304	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	305	labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL,
wolfSSL	4:1b0d80432c79	306	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	307	if (labelSeed == NULL)
wolfSSL	4:1b0d80432c79	308	return MEMORY_E;
wolfSSL	4:1b0d80432c79	309	#endif
wolfSSL	4:1b0d80432c79	310
wolfSSL	4:1b0d80432c79	311	XMEMCPY(labelSeed, label, labLen);
wolfSSL	4:1b0d80432c79	312	XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL	4:1b0d80432c79	313
wolfSSL	4:1b0d80432c79	314	/* If a cipher suite wants an algorithm better than sha256, it
wolfSSL	4:1b0d80432c79	315	* should use better. */
wolfSSL	4:1b0d80432c79	316	if (hash_type < sha256_mac \|\| hash_type == blake2b_mac)
wolfSSL	4:1b0d80432c79	317	hash_type = sha256_mac;
wolfSSL	4:1b0d80432c79	318	ret = p_hash(digest, digLen, secret, secLen, labelSeed,
wolfSSL	4:1b0d80432c79	319	labLen + seedLen, hash_type);
wolfSSL	4:1b0d80432c79	320
wolfSSL	4:1b0d80432c79	321	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	322	XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	323	#endif
wolfSSL	4:1b0d80432c79	324	}
wolfSSL	4:1b0d80432c79	325	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	326	else {
wolfSSL	4:1b0d80432c79	327	ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed,
wolfSSL	4:1b0d80432c79	328	seedLen);
wolfSSL	4:1b0d80432c79	329	}
wolfSSL	4:1b0d80432c79	330	#endif
wolfSSL	4:1b0d80432c79	331
wolfSSL	4:1b0d80432c79	332	return ret;
wolfSSL	4:1b0d80432c79	333	}
wolfSSL	4:1b0d80432c79	334
wolfSSL	4:1b0d80432c79	335
wolfSSL	4:1b0d80432c79	336	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	337	#define HSHASH_SZ SHA384_DIGEST_SIZE
wolfSSL	4:1b0d80432c79	338	#else
wolfSSL	4:1b0d80432c79	339	#define HSHASH_SZ FINISHED_SZ
wolfSSL	4:1b0d80432c79	340	#endif
wolfSSL	4:1b0d80432c79	341
wolfSSL	4:1b0d80432c79	342
wolfSSL	4:1b0d80432c79	343	int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL	4:1b0d80432c79	344	{
wolfSSL	4:1b0d80432c79	345	const byte* side;
wolfSSL	4:1b0d80432c79	346	byte handshake_hash[HSHASH_SZ];
wolfSSL	4:1b0d80432c79	347	word32 hashSz = FINISHED_SZ;
wolfSSL	4:1b0d80432c79	348
wolfSSL	4:1b0d80432c79	349	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	350	wc_Md5GetHash(&ssl->hsHashes->hashMd5, handshake_hash);
wolfSSL	4:1b0d80432c79	351	wc_ShaGetHash(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
wolfSSL	4:1b0d80432c79	352	#endif
wolfSSL	4:1b0d80432c79	353
wolfSSL	4:1b0d80432c79	354	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	355	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	356	if (ssl->specs.mac_algorithm <= sha256_mac \|\| ssl->specs.mac_algorithm == blake2b_mac) {
wolfSSL	4:1b0d80432c79	357	int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash);
wolfSSL	4:1b0d80432c79	358
wolfSSL	4:1b0d80432c79	359	if (ret != 0)
wolfSSL	4:1b0d80432c79	360	return ret;
wolfSSL	4:1b0d80432c79	361
wolfSSL	4:1b0d80432c79	362	hashSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	363	}
wolfSSL	4:1b0d80432c79	364	#endif
wolfSSL	4:1b0d80432c79	365	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	366	if (ssl->specs.mac_algorithm == sha384_mac) {
wolfSSL	4:1b0d80432c79	367	int ret = wc_Sha384Final(&ssl->hsHashes->hashSha384,handshake_hash);
wolfSSL	4:1b0d80432c79	368
wolfSSL	4:1b0d80432c79	369	if (ret != 0)
wolfSSL	4:1b0d80432c79	370	return ret;
wolfSSL	4:1b0d80432c79	371
wolfSSL	4:1b0d80432c79	372	hashSz = SHA384_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	373	}
wolfSSL	4:1b0d80432c79	374	#endif
wolfSSL	4:1b0d80432c79	375	}
wolfSSL	4:1b0d80432c79	376
wolfSSL	4:1b0d80432c79	377	if ( XSTRNCMP((const char)sender, (const char)client, SIZEOF_SENDER) == 0)
wolfSSL	4:1b0d80432c79	378	side = tls_client;
wolfSSL	4:1b0d80432c79	379	else
wolfSSL	4:1b0d80432c79	380	side = tls_server;
wolfSSL	4:1b0d80432c79	381
wolfSSL	4:1b0d80432c79	382	return PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret,
wolfSSL	4:1b0d80432c79	383	SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz,
wolfSSL	4:1b0d80432c79	384	IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL	4:1b0d80432c79	385	}
wolfSSL	4:1b0d80432c79	386
wolfSSL	4:1b0d80432c79	387
wolfSSL	4:1b0d80432c79	388	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	389
wolfSSL	4:1b0d80432c79	390	ProtocolVersion MakeTLSv1(void)
wolfSSL	4:1b0d80432c79	391	{
wolfSSL	4:1b0d80432c79	392	ProtocolVersion pv;
wolfSSL	4:1b0d80432c79	393	pv.major = SSLv3_MAJOR;
wolfSSL	4:1b0d80432c79	394	pv.minor = TLSv1_MINOR;
wolfSSL	4:1b0d80432c79	395
wolfSSL	4:1b0d80432c79	396	return pv;
wolfSSL	4:1b0d80432c79	397	}
wolfSSL	4:1b0d80432c79	398
wolfSSL	4:1b0d80432c79	399
wolfSSL	4:1b0d80432c79	400	ProtocolVersion MakeTLSv1_1(void)
wolfSSL	4:1b0d80432c79	401	{
wolfSSL	4:1b0d80432c79	402	ProtocolVersion pv;
wolfSSL	4:1b0d80432c79	403	pv.major = SSLv3_MAJOR;
wolfSSL	4:1b0d80432c79	404	pv.minor = TLSv1_1_MINOR;
wolfSSL	4:1b0d80432c79	405
wolfSSL	4:1b0d80432c79	406	return pv;
wolfSSL	4:1b0d80432c79	407	}
wolfSSL	4:1b0d80432c79	408
wolfSSL	4:1b0d80432c79	409	#endif
wolfSSL	4:1b0d80432c79	410
wolfSSL	4:1b0d80432c79	411
wolfSSL	4:1b0d80432c79	412	ProtocolVersion MakeTLSv1_2(void)
wolfSSL	4:1b0d80432c79	413	{
wolfSSL	4:1b0d80432c79	414	ProtocolVersion pv;
wolfSSL	4:1b0d80432c79	415	pv.major = SSLv3_MAJOR;
wolfSSL	4:1b0d80432c79	416	pv.minor = TLSv1_2_MINOR;
wolfSSL	4:1b0d80432c79	417
wolfSSL	4:1b0d80432c79	418	return pv;
wolfSSL	4:1b0d80432c79	419	}
wolfSSL	4:1b0d80432c79	420
wolfSSL	4:1b0d80432c79	421
wolfSSL	4:1b0d80432c79	422	static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
wolfSSL	4:1b0d80432c79	423	static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
wolfSSL	4:1b0d80432c79	424
wolfSSL	4:1b0d80432c79	425
wolfSSL	4:1b0d80432c79	426	/* External facing wrapper so user can call as well, 0 on success */
wolfSSL	4:1b0d80432c79	427	int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen,
wolfSSL	4:1b0d80432c79	428	const byte* ms, word32 msLen,
wolfSSL	4:1b0d80432c79	429	const byte* sr, const byte* cr,
wolfSSL	4:1b0d80432c79	430	int tls1_2, int hash_type)
wolfSSL	4:1b0d80432c79	431	{
wolfSSL	4:1b0d80432c79	432	byte seed[SEED_LEN];
wolfSSL	4:1b0d80432c79	433
wolfSSL	4:1b0d80432c79	434	XMEMCPY(seed, sr, RAN_LEN);
wolfSSL	4:1b0d80432c79	435	XMEMCPY(seed + RAN_LEN, cr, RAN_LEN);
wolfSSL	4:1b0d80432c79	436
wolfSSL	4:1b0d80432c79	437	return PRF(key_data, keyLen, ms, msLen, key_label, KEY_LABEL_SZ,
wolfSSL	4:1b0d80432c79	438	seed, SEED_LEN, tls1_2, hash_type);
wolfSSL	4:1b0d80432c79	439	}
wolfSSL	4:1b0d80432c79	440
wolfSSL	4:1b0d80432c79	441
wolfSSL	4:1b0d80432c79	442	int DeriveTlsKeys(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	443	{
wolfSSL	4:1b0d80432c79	444	int ret;
wolfSSL	4:1b0d80432c79	445	int length = 2 * ssl->specs.hash_size +
wolfSSL	4:1b0d80432c79	446	2 * ssl->specs.key_size +
wolfSSL	4:1b0d80432c79	447	2 * ssl->specs.iv_size;
wolfSSL	4:1b0d80432c79	448	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	449	byte* key_data;
wolfSSL	4:1b0d80432c79	450	#else
wolfSSL	4:1b0d80432c79	451	byte key_data[MAX_PRF_DIG];
wolfSSL	4:1b0d80432c79	452	#endif
wolfSSL	4:1b0d80432c79	453
wolfSSL	4:1b0d80432c79	454	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	455	key_data = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	456	if (key_data == NULL) {
wolfSSL	4:1b0d80432c79	457	return MEMORY_E;
wolfSSL	4:1b0d80432c79	458	}
wolfSSL	4:1b0d80432c79	459	#endif
wolfSSL	4:1b0d80432c79	460
wolfSSL	4:1b0d80432c79	461	ret = wolfSSL_DeriveTlsKeys(key_data, length,
wolfSSL	4:1b0d80432c79	462	ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL	4:1b0d80432c79	463	ssl->arrays->serverRandom, ssl->arrays->clientRandom,
wolfSSL	4:1b0d80432c79	464	IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL	4:1b0d80432c79	465	if (ret == 0)
wolfSSL	4:1b0d80432c79	466	ret = StoreKeys(ssl, key_data);
wolfSSL	4:1b0d80432c79	467
wolfSSL	4:1b0d80432c79	468	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	469	XFREE(key_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	470	#endif
wolfSSL	4:1b0d80432c79	471
wolfSSL	4:1b0d80432c79	472	return ret;
wolfSSL	4:1b0d80432c79	473	}
wolfSSL	4:1b0d80432c79	474
wolfSSL	4:1b0d80432c79	475
wolfSSL	4:1b0d80432c79	476	/* External facing wrapper so user can call as well, 0 on success */
wolfSSL	4:1b0d80432c79	477	int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
wolfSSL	4:1b0d80432c79	478	const byte* pms, word32 pmsLen,
wolfSSL	4:1b0d80432c79	479	const byte* cr, const byte* sr,
wolfSSL	4:1b0d80432c79	480	int tls1_2, int hash_type)
wolfSSL	4:1b0d80432c79	481	{
wolfSSL	4:1b0d80432c79	482	byte seed[SEED_LEN];
wolfSSL	4:1b0d80432c79	483
wolfSSL	4:1b0d80432c79	484	XMEMCPY(seed, cr, RAN_LEN);
wolfSSL	4:1b0d80432c79	485	XMEMCPY(seed + RAN_LEN, sr, RAN_LEN);
wolfSSL	4:1b0d80432c79	486
wolfSSL	4:1b0d80432c79	487	return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ,
wolfSSL	4:1b0d80432c79	488	seed, SEED_LEN, tls1_2, hash_type);
wolfSSL	4:1b0d80432c79	489	}
wolfSSL	4:1b0d80432c79	490
wolfSSL	4:1b0d80432c79	491
wolfSSL	4:1b0d80432c79	492	int MakeTlsMasterSecret(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	493	{
wolfSSL	4:1b0d80432c79	494	int ret;
wolfSSL	4:1b0d80432c79	495
wolfSSL	4:1b0d80432c79	496	ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL	4:1b0d80432c79	497	ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
wolfSSL	4:1b0d80432c79	498	ssl->arrays->clientRandom, ssl->arrays->serverRandom,
wolfSSL	4:1b0d80432c79	499	IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL	4:1b0d80432c79	500
wolfSSL	4:1b0d80432c79	501	if (ret == 0) {
wolfSSL	4:1b0d80432c79	502	#ifdef SHOW_SECRETS
wolfSSL	4:1b0d80432c79	503	int i;
wolfSSL	4:1b0d80432c79	504
wolfSSL	4:1b0d80432c79	505	printf("master secret: ");
wolfSSL	4:1b0d80432c79	506	for (i = 0; i < SECRET_LEN; i++)
wolfSSL	4:1b0d80432c79	507	printf("%02x", ssl->arrays->masterSecret[i]);
wolfSSL	4:1b0d80432c79	508	printf("\n");
wolfSSL	4:1b0d80432c79	509	#endif
wolfSSL	4:1b0d80432c79	510
wolfSSL	4:1b0d80432c79	511	ret = DeriveTlsKeys(ssl);
wolfSSL	4:1b0d80432c79	512	}
wolfSSL	4:1b0d80432c79	513
wolfSSL	4:1b0d80432c79	514	return ret;
wolfSSL	4:1b0d80432c79	515	}
wolfSSL	4:1b0d80432c79	516
wolfSSL	4:1b0d80432c79	517
wolfSSL	4:1b0d80432c79	518	/* Used by EAP-TLS and EAP-TTLS to derive keying material from
wolfSSL	4:1b0d80432c79	519	* the master_secret. */
wolfSSL	4:1b0d80432c79	520	int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
wolfSSL	4:1b0d80432c79	521	const char* label)
wolfSSL	4:1b0d80432c79	522	{
wolfSSL	4:1b0d80432c79	523	int ret;
wolfSSL	4:1b0d80432c79	524	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	525	byte* seed;
wolfSSL	4:1b0d80432c79	526	#else
wolfSSL	4:1b0d80432c79	527	byte seed[SEED_LEN];
wolfSSL	4:1b0d80432c79	528	#endif
wolfSSL	4:1b0d80432c79	529
wolfSSL	4:1b0d80432c79	530	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	531	seed = (byte*)XMALLOC(SEED_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	532	if (seed == NULL)
wolfSSL	4:1b0d80432c79	533	return MEMORY_E;
wolfSSL	4:1b0d80432c79	534	#endif
wolfSSL	4:1b0d80432c79	535
wolfSSL	4:1b0d80432c79	536	/*
wolfSSL	4:1b0d80432c79	537	* As per RFC-5281, the order of the client and server randoms is reversed
wolfSSL	4:1b0d80432c79	538	* from that used by the TLS protocol to derive keys.
wolfSSL	4:1b0d80432c79	539	*/
wolfSSL	4:1b0d80432c79	540	XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	541	XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	542
wolfSSL	4:1b0d80432c79	543	ret = PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL	4:1b0d80432c79	544	(const byte *)label, (word32)strlen(label), seed, SEED_LEN,
wolfSSL	4:1b0d80432c79	545	IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL	4:1b0d80432c79	546
wolfSSL	4:1b0d80432c79	547	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	548	XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	549	#endif
wolfSSL	4:1b0d80432c79	550
wolfSSL	4:1b0d80432c79	551	return ret;
wolfSSL	4:1b0d80432c79	552	}
wolfSSL	4:1b0d80432c79	553
wolfSSL	4:1b0d80432c79	554
wolfSSL	4:1b0d80432c79	555	/* next for static INLINE s copied internal.c */
wolfSSL	4:1b0d80432c79	556
wolfSSL	4:1b0d80432c79	557	/* convert 16 bit integer to opaque */
wolfSSL	4:1b0d80432c79	558	static INLINE void c16toa(word16 u16, byte* c)
wolfSSL	4:1b0d80432c79	559	{
wolfSSL	4:1b0d80432c79	560	c[0] = (u16 >> 8) & 0xff;
wolfSSL	4:1b0d80432c79	561	c[1] = u16 & 0xff;
wolfSSL	4:1b0d80432c79	562	}
wolfSSL	4:1b0d80432c79	563
wolfSSL	4:1b0d80432c79	564	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	565	/* convert opaque to 16 bit integer */
wolfSSL	4:1b0d80432c79	566	static INLINE void ato16(const byte* c, word16* u16)
wolfSSL	4:1b0d80432c79	567	{
wolfSSL	4:1b0d80432c79	568	*u16 = (c[0] << 8) \| (c[1]);
wolfSSL	4:1b0d80432c79	569	}
wolfSSL	4:1b0d80432c79	570
wolfSSL	4:1b0d80432c79	571	#if defined(HAVE_SNI) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	4:1b0d80432c79	572	/* convert a 24 bit integer into a 32 bit one */
wolfSSL	4:1b0d80432c79	573	static INLINE void c24to32(const word24 u24, word32* u32)
wolfSSL	4:1b0d80432c79	574	{
wolfSSL	4:1b0d80432c79	575	*u32 = (u24[0] << 16) \| (u24[1] << 8) \| u24[2];
wolfSSL	4:1b0d80432c79	576	}
wolfSSL	4:1b0d80432c79	577	#endif
wolfSSL	4:1b0d80432c79	578	#endif
wolfSSL	4:1b0d80432c79	579
wolfSSL	4:1b0d80432c79	580	/* convert 32 bit integer to opaque */
wolfSSL	4:1b0d80432c79	581	static INLINE void c32toa(word32 u32, byte* c)
wolfSSL	4:1b0d80432c79	582	{
wolfSSL	4:1b0d80432c79	583	c[0] = (u32 >> 24) & 0xff;
wolfSSL	4:1b0d80432c79	584	c[1] = (u32 >> 16) & 0xff;
wolfSSL	4:1b0d80432c79	585	c[2] = (u32 >> 8) & 0xff;
wolfSSL	4:1b0d80432c79	586	c[3] = u32 & 0xff;
wolfSSL	4:1b0d80432c79	587	}
wolfSSL	4:1b0d80432c79	588
wolfSSL	4:1b0d80432c79	589
wolfSSL	4:1b0d80432c79	590	static INLINE word32 GetSEQIncrement(WOLFSSL* ssl, int verify)
wolfSSL	4:1b0d80432c79	591	{
wolfSSL	4:1b0d80432c79	592	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	593	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	594	if (verify)
wolfSSL	4:1b0d80432c79	595	return ssl->keys.dtls_state.curSeq; /* explicit from peer */
wolfSSL	4:1b0d80432c79	596	else
wolfSSL	4:1b0d80432c79	597	return ssl->keys.dtls_sequence_number - 1; /* already incremented */
wolfSSL	4:1b0d80432c79	598	}
wolfSSL	4:1b0d80432c79	599	#endif
wolfSSL	4:1b0d80432c79	600	if (verify)
wolfSSL	4:1b0d80432c79	601	return ssl->keys.peer_sequence_number++;
wolfSSL	4:1b0d80432c79	602	else
wolfSSL	4:1b0d80432c79	603	return ssl->keys.sequence_number++;
wolfSSL	4:1b0d80432c79	604	}
wolfSSL	4:1b0d80432c79	605
wolfSSL	4:1b0d80432c79	606
wolfSSL	4:1b0d80432c79	607	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	608
wolfSSL	4:1b0d80432c79	609	static INLINE word32 GetEpoch(WOLFSSL* ssl, int verify)
wolfSSL	4:1b0d80432c79	610	{
wolfSSL	4:1b0d80432c79	611	if (verify)
wolfSSL	4:1b0d80432c79	612	return ssl->keys.dtls_state.curEpoch;
wolfSSL	4:1b0d80432c79	613	else
wolfSSL	4:1b0d80432c79	614	return ssl->keys.dtls_epoch;
wolfSSL	4:1b0d80432c79	615	}
wolfSSL	4:1b0d80432c79	616
wolfSSL	4:1b0d80432c79	617	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	618
wolfSSL	4:1b0d80432c79	619
wolfSSL	4:1b0d80432c79	620	/* end copy */
wolfSSL	4:1b0d80432c79	621
wolfSSL	4:1b0d80432c79	622
wolfSSL	4:1b0d80432c79	623	/* return HMAC digest type in wolfSSL format */
wolfSSL	4:1b0d80432c79	624	int wolfSSL_GetHmacType(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	625	{
wolfSSL	4:1b0d80432c79	626	if (ssl == NULL)
wolfSSL	4:1b0d80432c79	627	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	628
wolfSSL	4:1b0d80432c79	629	switch (ssl->specs.mac_algorithm) {
wolfSSL	4:1b0d80432c79	630	#ifndef NO_MD5
wolfSSL	4:1b0d80432c79	631	case md5_mac:
wolfSSL	4:1b0d80432c79	632	{
wolfSSL	4:1b0d80432c79	633	return MD5;
wolfSSL	4:1b0d80432c79	634	}
wolfSSL	4:1b0d80432c79	635	#endif
wolfSSL	4:1b0d80432c79	636	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	637	case sha256_mac:
wolfSSL	4:1b0d80432c79	638	{
wolfSSL	4:1b0d80432c79	639	return SHA256;
wolfSSL	4:1b0d80432c79	640	}
wolfSSL	4:1b0d80432c79	641	#endif
wolfSSL	4:1b0d80432c79	642	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	643	case sha384_mac:
wolfSSL	4:1b0d80432c79	644	{
wolfSSL	4:1b0d80432c79	645	return SHA384;
wolfSSL	4:1b0d80432c79	646	}
wolfSSL	4:1b0d80432c79	647
wolfSSL	4:1b0d80432c79	648	#endif
wolfSSL	4:1b0d80432c79	649	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	650	case sha_mac:
wolfSSL	4:1b0d80432c79	651	{
wolfSSL	4:1b0d80432c79	652	return SHA;
wolfSSL	4:1b0d80432c79	653	}
wolfSSL	4:1b0d80432c79	654	#endif
wolfSSL	4:1b0d80432c79	655	#ifdef HAVE_BLAKE2
wolfSSL	4:1b0d80432c79	656	case blake2b_mac:
wolfSSL	4:1b0d80432c79	657	{
wolfSSL	4:1b0d80432c79	658	return BLAKE2B_ID;
wolfSSL	4:1b0d80432c79	659	}
wolfSSL	4:1b0d80432c79	660	#endif
wolfSSL	4:1b0d80432c79	661	default:
wolfSSL	4:1b0d80432c79	662	{
wolfSSL	4:1b0d80432c79	663	return SSL_FATAL_ERROR;
wolfSSL	4:1b0d80432c79	664	}
wolfSSL	4:1b0d80432c79	665	}
wolfSSL	4:1b0d80432c79	666	}
wolfSSL	4:1b0d80432c79	667
wolfSSL	4:1b0d80432c79	668
wolfSSL	4:1b0d80432c79	669	int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
wolfSSL	4:1b0d80432c79	670	int verify)
wolfSSL	4:1b0d80432c79	671	{
wolfSSL	4:1b0d80432c79	672	if (ssl == NULL \|\| inner == NULL)
wolfSSL	4:1b0d80432c79	673	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	674
wolfSSL	4:1b0d80432c79	675	XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ);
wolfSSL	4:1b0d80432c79	676
wolfSSL	4:1b0d80432c79	677	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	678	if (ssl->options.dtls)
wolfSSL	4:1b0d80432c79	679	c16toa((word16)GetEpoch(ssl, verify), inner);
wolfSSL	4:1b0d80432c79	680	#endif
wolfSSL	4:1b0d80432c79	681	c32toa(GetSEQIncrement(ssl, verify), &inner[sizeof(word32)]);
wolfSSL	4:1b0d80432c79	682	inner[SEQ_SZ] = (byte)content;
wolfSSL	4:1b0d80432c79	683	inner[SEQ_SZ + ENUM_LEN] = ssl->version.major;
wolfSSL	4:1b0d80432c79	684	inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
wolfSSL	4:1b0d80432c79	685	c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
wolfSSL	4:1b0d80432c79	686
wolfSSL	4:1b0d80432c79	687	return 0;
wolfSSL	4:1b0d80432c79	688	}
wolfSSL	4:1b0d80432c79	689
wolfSSL	4:1b0d80432c79	690
wolfSSL	4:1b0d80432c79	691	/* TLS type HMAC */
wolfSSL	4:1b0d80432c79	692	int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL	4:1b0d80432c79	693	int content, int verify)
wolfSSL	4:1b0d80432c79	694	{
wolfSSL	4:1b0d80432c79	695	Hmac hmac;
wolfSSL	4:1b0d80432c79	696	int ret;
wolfSSL	4:1b0d80432c79	697	byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
wolfSSL	4:1b0d80432c79	698
wolfSSL	4:1b0d80432c79	699	if (ssl == NULL)
wolfSSL	4:1b0d80432c79	700	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	701
wolfSSL	4:1b0d80432c79	702	#ifdef HAVE_FUZZER
wolfSSL	4:1b0d80432c79	703	if (ssl->fuzzerCb)
wolfSSL	4:1b0d80432c79	704	ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
wolfSSL	4:1b0d80432c79	705	#endif
wolfSSL	4:1b0d80432c79	706
wolfSSL	4:1b0d80432c79	707	wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
wolfSSL	4:1b0d80432c79	708
wolfSSL	4:1b0d80432c79	709	ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
wolfSSL	4:1b0d80432c79	710	wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
wolfSSL	4:1b0d80432c79	711	if (ret != 0)
wolfSSL	4:1b0d80432c79	712	return ret;
wolfSSL	4:1b0d80432c79	713	ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
wolfSSL	4:1b0d80432c79	714	if (ret != 0)
wolfSSL	4:1b0d80432c79	715	return ret;
wolfSSL	4:1b0d80432c79	716	ret = wc_HmacUpdate(&hmac, in, sz); /* content */
wolfSSL	4:1b0d80432c79	717	if (ret != 0)
wolfSSL	4:1b0d80432c79	718	return ret;
wolfSSL	4:1b0d80432c79	719	ret = wc_HmacFinal(&hmac, digest);
wolfSSL	4:1b0d80432c79	720	if (ret != 0)
wolfSSL	4:1b0d80432c79	721	return ret;
wolfSSL	4:1b0d80432c79	722
wolfSSL	4:1b0d80432c79	723	return 0;
wolfSSL	4:1b0d80432c79	724	}
wolfSSL	4:1b0d80432c79	725
wolfSSL	4:1b0d80432c79	726	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	727
wolfSSL	4:1b0d80432c79	728	/**
wolfSSL	4:1b0d80432c79	729	* The TLSX semaphore is used to calculate the size of the extensions to be sent
wolfSSL	4:1b0d80432c79	730	* from one peer to another.
wolfSSL	4:1b0d80432c79	731	*/
wolfSSL	4:1b0d80432c79	732
wolfSSL	4:1b0d80432c79	733	/** Supports up to 64 flags. Increase as needed. */
wolfSSL	4:1b0d80432c79	734	#define SEMAPHORE_SIZE 8
wolfSSL	4:1b0d80432c79	735
wolfSSL	4:1b0d80432c79	736	/**
wolfSSL	4:1b0d80432c79	737	* Converts the extension type (id) to an index in the semaphore.
wolfSSL	4:1b0d80432c79	738	*
wolfSSL	4:1b0d80432c79	739	* Oficial reference for TLS extension types:
wolfSSL	4:1b0d80432c79	740	* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
wolfSSL	4:1b0d80432c79	741	*
wolfSSL	4:1b0d80432c79	742	* Motivation:
wolfSSL	4:1b0d80432c79	743	* Previously, we used the extension type itself as the index of that
wolfSSL	4:1b0d80432c79	744	* extension in the semaphore as the extension types were declared
wolfSSL	4:1b0d80432c79	745	* sequentially, but maintain a semaphore as big as the number of available
wolfSSL	4:1b0d80432c79	746	* extensions is no longer an option since the release of renegotiation_info.
wolfSSL	4:1b0d80432c79	747	*
wolfSSL	4:1b0d80432c79	748	* How to update:
wolfSSL	4:1b0d80432c79	749	* Assign extension types that extrapolate the number of available semaphores
wolfSSL	4:1b0d80432c79	750	* to the first available index going backwards in the semaphore array.
wolfSSL	4:1b0d80432c79	751	* When adding a new extension type that don't extrapolate the number of
wolfSSL	4:1b0d80432c79	752	* available semaphores, check for a possible collision with with a
wolfSSL	4:1b0d80432c79	753	* 'remapped' extension type.
wolfSSL	4:1b0d80432c79	754	*/
wolfSSL	4:1b0d80432c79	755	static INLINE word16 TLSX_ToSemaphore(word16 type)
wolfSSL	4:1b0d80432c79	756	{
wolfSSL	4:1b0d80432c79	757	switch (type) {
wolfSSL	4:1b0d80432c79	758
wolfSSL	4:1b0d80432c79	759	case TLSX_RENEGOTIATION_INFO: /* 0xFF01 */
wolfSSL	4:1b0d80432c79	760	return 63;
wolfSSL	4:1b0d80432c79	761
wolfSSL	4:1b0d80432c79	762	default:
wolfSSL	4:1b0d80432c79	763	if (type > 62) {
wolfSSL	4:1b0d80432c79	764	/* This message SHOULD only happens during the adding of
wolfSSL	4:1b0d80432c79	765	new TLS extensions in which its IANA number overflows
wolfSSL	4:1b0d80432c79	766	the current semaphore's range, or if its number already
wolfSSL	4:1b0d80432c79	767	is assigned to be used by another extension.
wolfSSL	4:1b0d80432c79	768	Use this check value for the new extension and decrement
wolfSSL	4:1b0d80432c79	769	the check value by one. */
wolfSSL	4:1b0d80432c79	770	WOLFSSL_MSG("### TLSX semaphore colision or overflow detected!");
wolfSSL	4:1b0d80432c79	771	}
wolfSSL	4:1b0d80432c79	772	}
wolfSSL	4:1b0d80432c79	773
wolfSSL	4:1b0d80432c79	774	return type;
wolfSSL	4:1b0d80432c79	775	}
wolfSSL	4:1b0d80432c79	776
wolfSSL	4:1b0d80432c79	777	/** Checks if a specific light (tls extension) is not set in the semaphore. */
wolfSSL	4:1b0d80432c79	778	#define IS_OFF(semaphore, light) \
wolfSSL	4:1b0d80432c79	779	((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
wolfSSL	4:1b0d80432c79	780
wolfSSL	4:1b0d80432c79	781	/** Turn on a specific light (tls extension) in the semaphore. */
wolfSSL	4:1b0d80432c79	782	#define TURN_ON(semaphore, light) \
wolfSSL	4:1b0d80432c79	783	((semaphore)[(light) / 8] \|= (byte) (0x01 << ((light) % 8)))
wolfSSL	4:1b0d80432c79	784
wolfSSL	4:1b0d80432c79	785	/** Creates a new extension. */
wolfSSL	4:1b0d80432c79	786	static TLSX* TLSX_New(TLSX_Type type, void* data)
wolfSSL	4:1b0d80432c79	787	{
wolfSSL	4:1b0d80432c79	788	TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	789
wolfSSL	4:1b0d80432c79	790	if (extension) {
wolfSSL	4:1b0d80432c79	791	extension->type = type;
wolfSSL	4:1b0d80432c79	792	extension->data = data;
wolfSSL	4:1b0d80432c79	793	extension->resp = 0;
wolfSSL	4:1b0d80432c79	794	extension->next = NULL;
wolfSSL	4:1b0d80432c79	795	}
wolfSSL	4:1b0d80432c79	796
wolfSSL	4:1b0d80432c79	797	return extension;
wolfSSL	4:1b0d80432c79	798	}
wolfSSL	4:1b0d80432c79	799
wolfSSL	4:1b0d80432c79	800	/**
wolfSSL	4:1b0d80432c79	801	* Creates a new extension and pushes it to the provided list.
wolfSSL	4:1b0d80432c79	802	* Checks for duplicate extensions, keeps the newest.
wolfSSL	4:1b0d80432c79	803	*/
wolfSSL	4:1b0d80432c79	804	static int TLSX_Push(TLSX** list, TLSX_Type type, void* data)
wolfSSL	4:1b0d80432c79	805	{
wolfSSL	4:1b0d80432c79	806	TLSX* extension = TLSX_New(type, data);
wolfSSL	4:1b0d80432c79	807
wolfSSL	4:1b0d80432c79	808	if (extension == NULL)
wolfSSL	4:1b0d80432c79	809	return MEMORY_E;
wolfSSL	4:1b0d80432c79	810
wolfSSL	4:1b0d80432c79	811	/* pushes the new extension on the list. */
wolfSSL	4:1b0d80432c79	812	extension->next = *list;
wolfSSL	4:1b0d80432c79	813	*list = extension;
wolfSSL	4:1b0d80432c79	814
wolfSSL	4:1b0d80432c79	815	/* remove duplicate extensions, there should be only one of each type. */
wolfSSL	4:1b0d80432c79	816	do {
wolfSSL	4:1b0d80432c79	817	if (extension->next && extension->next->type == type) {
wolfSSL	4:1b0d80432c79	818	TLSX *next = extension->next;
wolfSSL	4:1b0d80432c79	819
wolfSSL	4:1b0d80432c79	820	extension->next = next->next;
wolfSSL	4:1b0d80432c79	821	next->next = NULL;
wolfSSL	4:1b0d80432c79	822
wolfSSL	4:1b0d80432c79	823	TLSX_FreeAll(next);
wolfSSL	4:1b0d80432c79	824
wolfSSL	4:1b0d80432c79	825	/* there is no way to occur more than */
wolfSSL	4:1b0d80432c79	826	/* two extensions of the same type. */
wolfSSL	4:1b0d80432c79	827	break;
wolfSSL	4:1b0d80432c79	828	}
wolfSSL	4:1b0d80432c79	829	} while ((extension = extension->next));
wolfSSL	4:1b0d80432c79	830
wolfSSL	4:1b0d80432c79	831	return 0;
wolfSSL	4:1b0d80432c79	832	}
wolfSSL	4:1b0d80432c79	833
wolfSSL	4:1b0d80432c79	834	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	835
wolfSSL	4:1b0d80432c79	836	/** Mark an extension to be sent back to the client. */
wolfSSL	4:1b0d80432c79	837	void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type);
wolfSSL	4:1b0d80432c79	838
wolfSSL	4:1b0d80432c79	839	void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
wolfSSL	4:1b0d80432c79	840	{
wolfSSL	4:1b0d80432c79	841	TLSX *ext = TLSX_Find(ssl->extensions, type);
wolfSSL	4:1b0d80432c79	842
wolfSSL	4:1b0d80432c79	843	if (ext)
wolfSSL	4:1b0d80432c79	844	ext->resp = 1;
wolfSSL	4:1b0d80432c79	845	}
wolfSSL	4:1b0d80432c79	846
wolfSSL	4:1b0d80432c79	847	#endif
wolfSSL	4:1b0d80432c79	848
wolfSSL	4:1b0d80432c79	849	/******************************************************************************/
wolfSSL	4:1b0d80432c79	850	/* Application-Layer Protocol Negotiation */
wolfSSL	4:1b0d80432c79	851	/******************************************************************************/
wolfSSL	4:1b0d80432c79	852
wolfSSL	4:1b0d80432c79	853	#ifdef HAVE_ALPN
wolfSSL	4:1b0d80432c79	854	/** Creates a new ALPN object, providing protocol name to use. */
wolfSSL	4:1b0d80432c79	855	static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz)
wolfSSL	4:1b0d80432c79	856	{
wolfSSL	4:1b0d80432c79	857	ALPN *alpn;
wolfSSL	4:1b0d80432c79	858
wolfSSL	4:1b0d80432c79	859	WOLFSSL_ENTER("TLSX_ALPN_New");
wolfSSL	4:1b0d80432c79	860
wolfSSL	4:1b0d80432c79	861	if (protocol_name == NULL \|\|
wolfSSL	4:1b0d80432c79	862	protocol_nameSz > WOLFSSL_MAX_ALPN_PROTO_NAME_LEN) {
wolfSSL	4:1b0d80432c79	863	WOLFSSL_MSG("Invalid arguments");
wolfSSL	4:1b0d80432c79	864	return NULL;
wolfSSL	4:1b0d80432c79	865	}
wolfSSL	4:1b0d80432c79	866
wolfSSL	4:1b0d80432c79	867	alpn = (ALPN*)XMALLOC(sizeof(ALPN), 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	868	if (alpn == NULL) {
wolfSSL	4:1b0d80432c79	869	WOLFSSL_MSG("Memory failure");
wolfSSL	4:1b0d80432c79	870	return NULL;
wolfSSL	4:1b0d80432c79	871	}
wolfSSL	4:1b0d80432c79	872
wolfSSL	4:1b0d80432c79	873	alpn->next = NULL;
wolfSSL	4:1b0d80432c79	874	alpn->negotiated = 0;
wolfSSL	4:1b0d80432c79	875	alpn->options = 0;
wolfSSL	4:1b0d80432c79	876
wolfSSL	4:1b0d80432c79	877	alpn->protocol_name = XMALLOC(protocol_nameSz + 1, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	878	if (alpn->protocol_name == NULL) {
wolfSSL	4:1b0d80432c79	879	WOLFSSL_MSG("Memory failure");
wolfSSL	4:1b0d80432c79	880	XFREE(alpn, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	881	return NULL;
wolfSSL	4:1b0d80432c79	882	}
wolfSSL	4:1b0d80432c79	883
wolfSSL	4:1b0d80432c79	884	XMEMCPY(alpn->protocol_name, protocol_name, protocol_nameSz);
wolfSSL	4:1b0d80432c79	885	alpn->protocol_name[protocol_nameSz] = 0;
wolfSSL	4:1b0d80432c79	886
wolfSSL	4:1b0d80432c79	887	return alpn;
wolfSSL	4:1b0d80432c79	888	}
wolfSSL	4:1b0d80432c79	889
wolfSSL	4:1b0d80432c79	890	/** Releases an ALPN object. */
wolfSSL	4:1b0d80432c79	891	static void TLSX_ALPN_Free(ALPN *alpn)
wolfSSL	4:1b0d80432c79	892	{
wolfSSL	4:1b0d80432c79	893	if (alpn == NULL)
wolfSSL	4:1b0d80432c79	894	return;
wolfSSL	4:1b0d80432c79	895
wolfSSL	4:1b0d80432c79	896	XFREE(alpn->protocol_name, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	897	XFREE(alpn, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	898	}
wolfSSL	4:1b0d80432c79	899
wolfSSL	4:1b0d80432c79	900	/** Releases all ALPN objects in the provided list. */
wolfSSL	4:1b0d80432c79	901	static void TLSX_ALPN_FreeAll(ALPN *list)
wolfSSL	4:1b0d80432c79	902	{
wolfSSL	4:1b0d80432c79	903	ALPN* alpn;
wolfSSL	4:1b0d80432c79	904
wolfSSL	4:1b0d80432c79	905	while ((alpn = list)) {
wolfSSL	4:1b0d80432c79	906	list = alpn->next;
wolfSSL	4:1b0d80432c79	907	TLSX_ALPN_Free(alpn);
wolfSSL	4:1b0d80432c79	908	}
wolfSSL	4:1b0d80432c79	909	}
wolfSSL	4:1b0d80432c79	910
wolfSSL	4:1b0d80432c79	911	/** Tells the buffered size of the ALPN objects in a list. */
wolfSSL	4:1b0d80432c79	912	static word16 TLSX_ALPN_GetSize(ALPN *list)
wolfSSL	4:1b0d80432c79	913	{
wolfSSL	4:1b0d80432c79	914	ALPN* alpn;
wolfSSL	4:1b0d80432c79	915	word16 length = OPAQUE16_LEN; /* list length */
wolfSSL	4:1b0d80432c79	916
wolfSSL	4:1b0d80432c79	917	while ((alpn = list)) {
wolfSSL	4:1b0d80432c79	918	list = alpn->next;
wolfSSL	4:1b0d80432c79	919
wolfSSL	4:1b0d80432c79	920	length++; /* protocol name length is on one byte */
wolfSSL	4:1b0d80432c79	921	length += (word16)XSTRLEN(alpn->protocol_name);
wolfSSL	4:1b0d80432c79	922	}
wolfSSL	4:1b0d80432c79	923
wolfSSL	4:1b0d80432c79	924	return length;
wolfSSL	4:1b0d80432c79	925	}
wolfSSL	4:1b0d80432c79	926
wolfSSL	4:1b0d80432c79	927	/** Writes the ALPN objects of a list in a buffer. */
wolfSSL	4:1b0d80432c79	928	static word16 TLSX_ALPN_Write(ALPN list, byte output)
wolfSSL	4:1b0d80432c79	929	{
wolfSSL	4:1b0d80432c79	930	ALPN* alpn;
wolfSSL	4:1b0d80432c79	931	word16 length = 0;
wolfSSL	4:1b0d80432c79	932	word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL	4:1b0d80432c79	933
wolfSSL	4:1b0d80432c79	934	while ((alpn = list)) {
wolfSSL	4:1b0d80432c79	935	list = alpn->next;
wolfSSL	4:1b0d80432c79	936
wolfSSL	4:1b0d80432c79	937	length = (word16)XSTRLEN(alpn->protocol_name);
wolfSSL	4:1b0d80432c79	938
wolfSSL	4:1b0d80432c79	939	/* protocol name length */
wolfSSL	4:1b0d80432c79	940	output[offset++] = (byte)length;
wolfSSL	4:1b0d80432c79	941
wolfSSL	4:1b0d80432c79	942	/* protocol name value */
wolfSSL	4:1b0d80432c79	943	XMEMCPY(output + offset, alpn->protocol_name, length);
wolfSSL	4:1b0d80432c79	944
wolfSSL	4:1b0d80432c79	945	offset += length;
wolfSSL	4:1b0d80432c79	946	}
wolfSSL	4:1b0d80432c79	947
wolfSSL	4:1b0d80432c79	948	/* writing list length */
wolfSSL	4:1b0d80432c79	949	c16toa(offset - OPAQUE16_LEN, output);
wolfSSL	4:1b0d80432c79	950
wolfSSL	4:1b0d80432c79	951	return offset;
wolfSSL	4:1b0d80432c79	952	}
wolfSSL	4:1b0d80432c79	953
wolfSSL	4:1b0d80432c79	954	/** Finds a protocol name in the provided ALPN list */
wolfSSL	4:1b0d80432c79	955	static ALPN* TLSX_ALPN_Find(ALPN list, char protocol_name, word16 size)
wolfSSL	4:1b0d80432c79	956	{
wolfSSL	4:1b0d80432c79	957	ALPN *alpn;
wolfSSL	4:1b0d80432c79	958
wolfSSL	4:1b0d80432c79	959	if (list == NULL \|\| protocol_name == NULL)
wolfSSL	4:1b0d80432c79	960	return NULL;
wolfSSL	4:1b0d80432c79	961
wolfSSL	4:1b0d80432c79	962	alpn = list;
wolfSSL	4:1b0d80432c79	963	while (alpn != NULL && (
wolfSSL	4:1b0d80432c79	964	(word16)XSTRLEN(alpn->protocol_name) != size \|\|
wolfSSL	4:1b0d80432c79	965	XSTRNCMP(alpn->protocol_name, protocol_name, size)))
wolfSSL	4:1b0d80432c79	966	alpn = alpn->next;
wolfSSL	4:1b0d80432c79	967
wolfSSL	4:1b0d80432c79	968	return alpn;
wolfSSL	4:1b0d80432c79	969	}
wolfSSL	4:1b0d80432c79	970
wolfSSL	4:1b0d80432c79	971	/** Set the ALPN matching client and server requirements */
wolfSSL	4:1b0d80432c79	972	static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size)
wolfSSL	4:1b0d80432c79	973	{
wolfSSL	4:1b0d80432c79	974	ALPN *alpn;
wolfSSL	4:1b0d80432c79	975	int ret;
wolfSSL	4:1b0d80432c79	976
wolfSSL	4:1b0d80432c79	977	if (extensions == NULL \|\| data == NULL)
wolfSSL	4:1b0d80432c79	978	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	979
wolfSSL	4:1b0d80432c79	980	alpn = TLSX_ALPN_New((char *)data, size);
wolfSSL	4:1b0d80432c79	981	if (alpn == NULL) {
wolfSSL	4:1b0d80432c79	982	WOLFSSL_MSG("Memory failure");
wolfSSL	4:1b0d80432c79	983	return MEMORY_E;
wolfSSL	4:1b0d80432c79	984	}
wolfSSL	4:1b0d80432c79	985
wolfSSL	4:1b0d80432c79	986	alpn->negotiated = 1;
wolfSSL	4:1b0d80432c79	987
wolfSSL	4:1b0d80432c79	988	ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn);
wolfSSL	4:1b0d80432c79	989	if (ret != 0) {
wolfSSL	4:1b0d80432c79	990	TLSX_ALPN_Free(alpn);
wolfSSL	4:1b0d80432c79	991	return ret;
wolfSSL	4:1b0d80432c79	992	}
wolfSSL	4:1b0d80432c79	993
wolfSSL	4:1b0d80432c79	994	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	995	}
wolfSSL	4:1b0d80432c79	996
wolfSSL	4:1b0d80432c79	997	/** Parses a buffer of ALPN extensions and set the first one matching
wolfSSL	4:1b0d80432c79	998	* client and server requirements */
wolfSSL	4:1b0d80432c79	999	static int TLSX_ALPN_ParseAndSet(WOLFSSL ssl, byte input, word16 length,
wolfSSL	4:1b0d80432c79	1000	byte isRequest)
wolfSSL	4:1b0d80432c79	1001	{
wolfSSL	4:1b0d80432c79	1002	word16 size = 0, offset = 0, idx = 0;
wolfSSL	4:1b0d80432c79	1003	int r = BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1004	byte match = 0;
wolfSSL	4:1b0d80432c79	1005	TLSX *extension;
wolfSSL	4:1b0d80432c79	1006	ALPN alpn = NULL, list;
wolfSSL	4:1b0d80432c79	1007
wolfSSL	4:1b0d80432c79	1008	extension = TLSX_Find(ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL	4:1b0d80432c79	1009	if (extension == NULL)
wolfSSL	4:1b0d80432c79	1010	extension = TLSX_Find(ssl->ctx->extensions,
wolfSSL	4:1b0d80432c79	1011	TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL	4:1b0d80432c79	1012
wolfSSL	4:1b0d80432c79	1013	if (extension == NULL \|\| extension->data == NULL) {
wolfSSL	4:1b0d80432c79	1014	WOLFSSL_MSG("No ALPN extensions not used or bad");
wolfSSL	4:1b0d80432c79	1015	return isRequest ? 0 /* not using ALPN */
wolfSSL	4:1b0d80432c79	1016	: BUFFER_ERROR; /* unexpected ALPN response */
wolfSSL	4:1b0d80432c79	1017	}
wolfSSL	4:1b0d80432c79	1018
wolfSSL	4:1b0d80432c79	1019	if (OPAQUE16_LEN > length)
wolfSSL	4:1b0d80432c79	1020	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1021
wolfSSL	4:1b0d80432c79	1022	ato16(input, &size);
wolfSSL	4:1b0d80432c79	1023	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1024
wolfSSL	4:1b0d80432c79	1025	/* validating alpn list length */
wolfSSL	4:1b0d80432c79	1026	if (length != OPAQUE16_LEN + size)
wolfSSL	4:1b0d80432c79	1027	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1028
wolfSSL	4:1b0d80432c79	1029	list = (ALPN*)extension->data;
wolfSSL	4:1b0d80432c79	1030
wolfSSL	4:1b0d80432c79	1031	/* keep the list sent by client */
wolfSSL	4:1b0d80432c79	1032	if (isRequest) {
wolfSSL	4:1b0d80432c79	1033	if (ssl->alpn_client_list != NULL)
wolfSSL	4:1b0d80432c79	1034	XFREE(ssl->alpn_client_list, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	1035
wolfSSL	4:1b0d80432c79	1036	ssl->alpn_client_list = (char *)XMALLOC(size, NULL,
wolfSSL	4:1b0d80432c79	1037	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	1038	if (ssl->alpn_client_list == NULL)
wolfSSL	4:1b0d80432c79	1039	return MEMORY_ERROR;
wolfSSL	4:1b0d80432c79	1040	}
wolfSSL	4:1b0d80432c79	1041
wolfSSL	4:1b0d80432c79	1042	for (size = 0; offset < length; offset += size) {
wolfSSL	4:1b0d80432c79	1043
wolfSSL	4:1b0d80432c79	1044	size = input[offset++];
wolfSSL	4:1b0d80432c79	1045	if (offset + size > length)
wolfSSL	4:1b0d80432c79	1046	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1047
wolfSSL	4:1b0d80432c79	1048	if (isRequest) {
wolfSSL	4:1b0d80432c79	1049	XMEMCPY(ssl->alpn_client_list+idx, (char*)input + offset, size);
wolfSSL	4:1b0d80432c79	1050	idx += size;
wolfSSL	4:1b0d80432c79	1051	ssl->alpn_client_list[idx++] = ',';
wolfSSL	4:1b0d80432c79	1052	}
wolfSSL	4:1b0d80432c79	1053
wolfSSL	4:1b0d80432c79	1054	if (!match) {
wolfSSL	4:1b0d80432c79	1055	alpn = TLSX_ALPN_Find(list, (char*)input + offset, size);
wolfSSL	4:1b0d80432c79	1056	if (alpn != NULL) {
wolfSSL	4:1b0d80432c79	1057	WOLFSSL_MSG("ALPN protocol match");
wolfSSL	4:1b0d80432c79	1058	match = 1;
wolfSSL	4:1b0d80432c79	1059
wolfSSL	4:1b0d80432c79	1060	/* skip reading other values if not required */
wolfSSL	4:1b0d80432c79	1061	if (!isRequest)
wolfSSL	4:1b0d80432c79	1062	break;
wolfSSL	4:1b0d80432c79	1063	}
wolfSSL	4:1b0d80432c79	1064	}
wolfSSL	4:1b0d80432c79	1065	}
wolfSSL	4:1b0d80432c79	1066
wolfSSL	4:1b0d80432c79	1067	if (isRequest)
wolfSSL	4:1b0d80432c79	1068	ssl->alpn_client_list[idx-1] = 0;
wolfSSL	4:1b0d80432c79	1069
wolfSSL	4:1b0d80432c79	1070	if (!match) {
wolfSSL	4:1b0d80432c79	1071	WOLFSSL_MSG("No ALPN protocol match");
wolfSSL	4:1b0d80432c79	1072
wolfSSL	4:1b0d80432c79	1073	/* do nothing if no protocol match between client and server and option
wolfSSL	4:1b0d80432c79	1074	is set to continue (like OpenSSL) */
wolfSSL	4:1b0d80432c79	1075	if (list->options & WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) {
wolfSSL	4:1b0d80432c79	1076	WOLFSSL_MSG("Continue on mismatch");
wolfSSL	4:1b0d80432c79	1077	return 0;
wolfSSL	4:1b0d80432c79	1078	}
wolfSSL	4:1b0d80432c79	1079
wolfSSL	4:1b0d80432c79	1080	SendAlert(ssl, alert_fatal, no_application_protocol);
wolfSSL	4:1b0d80432c79	1081	return UNKNOWN_ALPN_PROTOCOL_NAME_E;
wolfSSL	4:1b0d80432c79	1082	}
wolfSSL	4:1b0d80432c79	1083
wolfSSL	4:1b0d80432c79	1084	/* set the matching negotiated protocol */
wolfSSL	4:1b0d80432c79	1085	r = TLSX_SetALPN(&ssl->extensions,
wolfSSL	4:1b0d80432c79	1086	alpn->protocol_name,
wolfSSL	4:1b0d80432c79	1087	(word16)XSTRLEN(alpn->protocol_name));
wolfSSL	4:1b0d80432c79	1088	if (r != SSL_SUCCESS) {
wolfSSL	4:1b0d80432c79	1089	WOLFSSL_MSG("TLSX_UseALPN failed");
wolfSSL	4:1b0d80432c79	1090	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1091	}
wolfSSL	4:1b0d80432c79	1092
wolfSSL	4:1b0d80432c79	1093	/* reply to ALPN extension sent from client */
wolfSSL	4:1b0d80432c79	1094	if (isRequest) {
wolfSSL	4:1b0d80432c79	1095	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1096	TLSX_SetResponse(ssl, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL	4:1b0d80432c79	1097	#endif
wolfSSL	4:1b0d80432c79	1098	}
wolfSSL	4:1b0d80432c79	1099
wolfSSL	4:1b0d80432c79	1100	return 0;
wolfSSL	4:1b0d80432c79	1101	}
wolfSSL	4:1b0d80432c79	1102
wolfSSL	4:1b0d80432c79	1103	/** Add a protocol name to the list of accepted usable ones */
wolfSSL	4:1b0d80432c79	1104	int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options)
wolfSSL	4:1b0d80432c79	1105	{
wolfSSL	4:1b0d80432c79	1106	ALPN *alpn;
wolfSSL	4:1b0d80432c79	1107	TLSX *extension;
wolfSSL	4:1b0d80432c79	1108	int ret;
wolfSSL	4:1b0d80432c79	1109
wolfSSL	4:1b0d80432c79	1110	if (extensions == NULL \|\| data == NULL)
wolfSSL	4:1b0d80432c79	1111	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	1112
wolfSSL	4:1b0d80432c79	1113	alpn = TLSX_ALPN_New((char *)data, size);
wolfSSL	4:1b0d80432c79	1114	if (alpn == NULL) {
wolfSSL	4:1b0d80432c79	1115	WOLFSSL_MSG("Memory failure");
wolfSSL	4:1b0d80432c79	1116	return MEMORY_E;
wolfSSL	4:1b0d80432c79	1117	}
wolfSSL	4:1b0d80432c79	1118
wolfSSL	4:1b0d80432c79	1119	/* Set Options of ALPN */
wolfSSL	4:1b0d80432c79	1120	alpn->options = options;
wolfSSL	4:1b0d80432c79	1121
wolfSSL	4:1b0d80432c79	1122	extension = TLSX_Find(*extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL	4:1b0d80432c79	1123	if (extension == NULL) {
wolfSSL	4:1b0d80432c79	1124	ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL,
wolfSSL	4:1b0d80432c79	1125	(void*)alpn);
wolfSSL	4:1b0d80432c79	1126	if (ret != 0) {
wolfSSL	4:1b0d80432c79	1127	TLSX_ALPN_Free(alpn);
wolfSSL	4:1b0d80432c79	1128	return ret;
wolfSSL	4:1b0d80432c79	1129	}
wolfSSL	4:1b0d80432c79	1130	}
wolfSSL	4:1b0d80432c79	1131	else {
wolfSSL	4:1b0d80432c79	1132	/* push new ALPN object to extension data. */
wolfSSL	4:1b0d80432c79	1133	alpn->next = (ALPN*)extension->data;
wolfSSL	4:1b0d80432c79	1134	extension->data = (void*)alpn;
wolfSSL	4:1b0d80432c79	1135	}
wolfSSL	4:1b0d80432c79	1136
wolfSSL	4:1b0d80432c79	1137	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	1138	}
wolfSSL	4:1b0d80432c79	1139
wolfSSL	4:1b0d80432c79	1140	/** Get the protocol name set by the server */
wolfSSL	4:1b0d80432c79	1141	int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz)
wolfSSL	4:1b0d80432c79	1142	{
wolfSSL	4:1b0d80432c79	1143	TLSX *extension;
wolfSSL	4:1b0d80432c79	1144	ALPN *alpn;
wolfSSL	4:1b0d80432c79	1145
wolfSSL	4:1b0d80432c79	1146	if (extensions == NULL \|\| data == NULL \|\| dataSz == NULL)
wolfSSL	4:1b0d80432c79	1147	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	1148
wolfSSL	4:1b0d80432c79	1149	extension = TLSX_Find(extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL	4:1b0d80432c79	1150	if (extension == NULL) {
wolfSSL	4:1b0d80432c79	1151	WOLFSSL_MSG("TLS extension not found");
wolfSSL	4:1b0d80432c79	1152	return SSL_ALPN_NOT_FOUND;
wolfSSL	4:1b0d80432c79	1153	}
wolfSSL	4:1b0d80432c79	1154
wolfSSL	4:1b0d80432c79	1155	alpn = (ALPN *)extension->data;
wolfSSL	4:1b0d80432c79	1156	if (alpn == NULL) {
wolfSSL	4:1b0d80432c79	1157	WOLFSSL_MSG("ALPN extension not found");
wolfSSL	4:1b0d80432c79	1158	*data = NULL;
wolfSSL	4:1b0d80432c79	1159	*dataSz = 0;
wolfSSL	4:1b0d80432c79	1160	return SSL_FATAL_ERROR;
wolfSSL	4:1b0d80432c79	1161	}
wolfSSL	4:1b0d80432c79	1162
wolfSSL	4:1b0d80432c79	1163	if (alpn->negotiated != 1) {
wolfSSL	4:1b0d80432c79	1164
wolfSSL	4:1b0d80432c79	1165	/* consider as an error */
wolfSSL	4:1b0d80432c79	1166	if (alpn->options & WOLFSSL_ALPN_FAILED_ON_MISMATCH) {
wolfSSL	4:1b0d80432c79	1167	WOLFSSL_MSG("No protocol match with peer -> Failed");
wolfSSL	4:1b0d80432c79	1168	return SSL_FATAL_ERROR;
wolfSSL	4:1b0d80432c79	1169	}
wolfSSL	4:1b0d80432c79	1170
wolfSSL	4:1b0d80432c79	1171	/* continue without negotiated protocol */
wolfSSL	4:1b0d80432c79	1172	WOLFSSL_MSG("No protocol match with peer -> Continue");
wolfSSL	4:1b0d80432c79	1173	return SSL_ALPN_NOT_FOUND;
wolfSSL	4:1b0d80432c79	1174	}
wolfSSL	4:1b0d80432c79	1175
wolfSSL	4:1b0d80432c79	1176	if (alpn->next != NULL) {
wolfSSL	4:1b0d80432c79	1177	WOLFSSL_MSG("Only one protocol name must be accepted");
wolfSSL	4:1b0d80432c79	1178	return SSL_FATAL_ERROR;
wolfSSL	4:1b0d80432c79	1179	}
wolfSSL	4:1b0d80432c79	1180
wolfSSL	4:1b0d80432c79	1181	*data = alpn->protocol_name;
wolfSSL	4:1b0d80432c79	1182	dataSz = (word16)XSTRLEN(data);
wolfSSL	4:1b0d80432c79	1183
wolfSSL	4:1b0d80432c79	1184	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	1185	}
wolfSSL	4:1b0d80432c79	1186
wolfSSL	4:1b0d80432c79	1187	#define ALPN_FREE_ALL TLSX_ALPN_FreeAll
wolfSSL	4:1b0d80432c79	1188	#define ALPN_GET_SIZE TLSX_ALPN_GetSize
wolfSSL	4:1b0d80432c79	1189	#define ALPN_WRITE TLSX_ALPN_Write
wolfSSL	4:1b0d80432c79	1190	#define ALPN_PARSE TLSX_ALPN_ParseAndSet
wolfSSL	4:1b0d80432c79	1191
wolfSSL	4:1b0d80432c79	1192	#else /* HAVE_ALPN */
wolfSSL	4:1b0d80432c79	1193
wolfSSL	4:1b0d80432c79	1194	#define ALPN_FREE_ALL(list)
wolfSSL	4:1b0d80432c79	1195	#define ALPN_GET_SIZE(list) 0
wolfSSL	4:1b0d80432c79	1196	#define ALPN_WRITE(a, b) 0
wolfSSL	4:1b0d80432c79	1197	#define ALPN_PARSE(a, b, c, d) 0
wolfSSL	4:1b0d80432c79	1198
wolfSSL	4:1b0d80432c79	1199	#endif /* HAVE_ALPN */
wolfSSL	4:1b0d80432c79	1200
wolfSSL	4:1b0d80432c79	1201	/******************************************************************************/
wolfSSL	4:1b0d80432c79	1202	/* Server Name Indication */
wolfSSL	4:1b0d80432c79	1203	/******************************************************************************/
wolfSSL	4:1b0d80432c79	1204
wolfSSL	4:1b0d80432c79	1205	#ifdef HAVE_SNI
wolfSSL	4:1b0d80432c79	1206
wolfSSL	4:1b0d80432c79	1207	/** Creates a new SNI object. */
wolfSSL	4:1b0d80432c79	1208	static SNI* TLSX_SNI_New(byte type, const void* data, word16 size)
wolfSSL	4:1b0d80432c79	1209	{
wolfSSL	4:1b0d80432c79	1210	SNI* sni = (SNI*)XMALLOC(sizeof(SNI), NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	1211
wolfSSL	4:1b0d80432c79	1212	if (sni) {
wolfSSL	4:1b0d80432c79	1213	sni->type = type;
wolfSSL	4:1b0d80432c79	1214	sni->next = NULL;
wolfSSL	4:1b0d80432c79	1215
wolfSSL	4:1b0d80432c79	1216	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1217	sni->options = 0;
wolfSSL	4:1b0d80432c79	1218	sni->status = WOLFSSL_SNI_NO_MATCH;
wolfSSL	4:1b0d80432c79	1219	#endif
wolfSSL	4:1b0d80432c79	1220
wolfSSL	4:1b0d80432c79	1221	switch (sni->type) {
wolfSSL	4:1b0d80432c79	1222	case WOLFSSL_SNI_HOST_NAME:
wolfSSL	4:1b0d80432c79	1223	sni->data.host_name = XMALLOC(size+1, NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	1224
wolfSSL	4:1b0d80432c79	1225	if (sni->data.host_name) {
wolfSSL	4:1b0d80432c79	1226	XSTRNCPY(sni->data.host_name, (const char*)data, size);
wolfSSL	4:1b0d80432c79	1227	sni->data.host_name[size] = 0;
wolfSSL	4:1b0d80432c79	1228	} else {
wolfSSL	4:1b0d80432c79	1229	XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	1230	sni = NULL;
wolfSSL	4:1b0d80432c79	1231	}
wolfSSL	4:1b0d80432c79	1232	break;
wolfSSL	4:1b0d80432c79	1233
wolfSSL	4:1b0d80432c79	1234	default: /* invalid type */
wolfSSL	4:1b0d80432c79	1235	XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	1236	sni = NULL;
wolfSSL	4:1b0d80432c79	1237	}
wolfSSL	4:1b0d80432c79	1238	}
wolfSSL	4:1b0d80432c79	1239
wolfSSL	4:1b0d80432c79	1240	return sni;
wolfSSL	4:1b0d80432c79	1241	}
wolfSSL	4:1b0d80432c79	1242
wolfSSL	4:1b0d80432c79	1243	/** Releases a SNI object. */
wolfSSL	4:1b0d80432c79	1244	static void TLSX_SNI_Free(SNI* sni)
wolfSSL	4:1b0d80432c79	1245	{
wolfSSL	4:1b0d80432c79	1246	if (sni) {
wolfSSL	4:1b0d80432c79	1247	switch (sni->type) {
wolfSSL	4:1b0d80432c79	1248	case WOLFSSL_SNI_HOST_NAME:
wolfSSL	4:1b0d80432c79	1249	XFREE(sni->data.host_name, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	1250	break;
wolfSSL	4:1b0d80432c79	1251	}
wolfSSL	4:1b0d80432c79	1252
wolfSSL	4:1b0d80432c79	1253	XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	1254	}
wolfSSL	4:1b0d80432c79	1255	}
wolfSSL	4:1b0d80432c79	1256
wolfSSL	4:1b0d80432c79	1257	/** Releases all SNI objects in the provided list. */
wolfSSL	4:1b0d80432c79	1258	static void TLSX_SNI_FreeAll(SNI* list)
wolfSSL	4:1b0d80432c79	1259	{
wolfSSL	4:1b0d80432c79	1260	SNI* sni;
wolfSSL	4:1b0d80432c79	1261
wolfSSL	4:1b0d80432c79	1262	while ((sni = list)) {
wolfSSL	4:1b0d80432c79	1263	list = sni->next;
wolfSSL	4:1b0d80432c79	1264	TLSX_SNI_Free(sni);
wolfSSL	4:1b0d80432c79	1265	}
wolfSSL	4:1b0d80432c79	1266	}
wolfSSL	4:1b0d80432c79	1267
wolfSSL	4:1b0d80432c79	1268	/** Tells the buffered size of the SNI objects in a list. */
wolfSSL	4:1b0d80432c79	1269	static word16 TLSX_SNI_GetSize(SNI* list)
wolfSSL	4:1b0d80432c79	1270	{
wolfSSL	4:1b0d80432c79	1271	SNI* sni;
wolfSSL	4:1b0d80432c79	1272	word16 length = OPAQUE16_LEN; /* list length */
wolfSSL	4:1b0d80432c79	1273
wolfSSL	4:1b0d80432c79	1274	while ((sni = list)) {
wolfSSL	4:1b0d80432c79	1275	list = sni->next;
wolfSSL	4:1b0d80432c79	1276
wolfSSL	4:1b0d80432c79	1277	length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */
wolfSSL	4:1b0d80432c79	1278
wolfSSL	4:1b0d80432c79	1279	switch (sni->type) {
wolfSSL	4:1b0d80432c79	1280	case WOLFSSL_SNI_HOST_NAME:
wolfSSL	4:1b0d80432c79	1281	length += XSTRLEN((char*)sni->data.host_name);
wolfSSL	4:1b0d80432c79	1282	break;
wolfSSL	4:1b0d80432c79	1283	}
wolfSSL	4:1b0d80432c79	1284	}
wolfSSL	4:1b0d80432c79	1285
wolfSSL	4:1b0d80432c79	1286	return length;
wolfSSL	4:1b0d80432c79	1287	}
wolfSSL	4:1b0d80432c79	1288
wolfSSL	4:1b0d80432c79	1289	/** Writes the SNI objects of a list in a buffer. */
wolfSSL	4:1b0d80432c79	1290	static word16 TLSX_SNI_Write(SNI* list, byte* output)
wolfSSL	4:1b0d80432c79	1291	{
wolfSSL	4:1b0d80432c79	1292	SNI* sni;
wolfSSL	4:1b0d80432c79	1293	word16 length = 0;
wolfSSL	4:1b0d80432c79	1294	word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL	4:1b0d80432c79	1295
wolfSSL	4:1b0d80432c79	1296	while ((sni = list)) {
wolfSSL	4:1b0d80432c79	1297	list = sni->next;
wolfSSL	4:1b0d80432c79	1298
wolfSSL	4:1b0d80432c79	1299	output[offset++] = sni->type; /* sni type */
wolfSSL	4:1b0d80432c79	1300
wolfSSL	4:1b0d80432c79	1301	switch (sni->type) {
wolfSSL	4:1b0d80432c79	1302	case WOLFSSL_SNI_HOST_NAME:
wolfSSL	4:1b0d80432c79	1303	length = XSTRLEN((char*)sni->data.host_name);
wolfSSL	4:1b0d80432c79	1304
wolfSSL	4:1b0d80432c79	1305	c16toa(length, output + offset); /* sni length */
wolfSSL	4:1b0d80432c79	1306	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1307
wolfSSL	4:1b0d80432c79	1308	XMEMCPY(output + offset, sni->data.host_name, length);
wolfSSL	4:1b0d80432c79	1309
wolfSSL	4:1b0d80432c79	1310	offset += length;
wolfSSL	4:1b0d80432c79	1311	break;
wolfSSL	4:1b0d80432c79	1312	}
wolfSSL	4:1b0d80432c79	1313	}
wolfSSL	4:1b0d80432c79	1314
wolfSSL	4:1b0d80432c79	1315	c16toa(offset - OPAQUE16_LEN, output); /* writing list length */
wolfSSL	4:1b0d80432c79	1316
wolfSSL	4:1b0d80432c79	1317	return offset;
wolfSSL	4:1b0d80432c79	1318	}
wolfSSL	4:1b0d80432c79	1319
wolfSSL	4:1b0d80432c79	1320	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1321
wolfSSL	4:1b0d80432c79	1322	/** Finds a SNI object in the provided list. */
wolfSSL	4:1b0d80432c79	1323	static SNI* TLSX_SNI_Find(SNI *list, byte type)
wolfSSL	4:1b0d80432c79	1324	{
wolfSSL	4:1b0d80432c79	1325	SNI *sni = list;
wolfSSL	4:1b0d80432c79	1326
wolfSSL	4:1b0d80432c79	1327	while (sni && sni->type != type)
wolfSSL	4:1b0d80432c79	1328	sni = sni->next;
wolfSSL	4:1b0d80432c79	1329
wolfSSL	4:1b0d80432c79	1330	return sni;
wolfSSL	4:1b0d80432c79	1331	}
wolfSSL	4:1b0d80432c79	1332
wolfSSL	4:1b0d80432c79	1333
wolfSSL	4:1b0d80432c79	1334	/** Sets the status of a SNI object. */
wolfSSL	4:1b0d80432c79	1335	static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
wolfSSL	4:1b0d80432c79	1336	{
wolfSSL	4:1b0d80432c79	1337	TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL	4:1b0d80432c79	1338	SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL	4:1b0d80432c79	1339
wolfSSL	4:1b0d80432c79	1340	if (sni)
wolfSSL	4:1b0d80432c79	1341	sni->status = status;
wolfSSL	4:1b0d80432c79	1342	}
wolfSSL	4:1b0d80432c79	1343
wolfSSL	4:1b0d80432c79	1344	/** Gets the status of a SNI object. */
wolfSSL	4:1b0d80432c79	1345	byte TLSX_SNI_Status(TLSX* extensions, byte type)
wolfSSL	4:1b0d80432c79	1346	{
wolfSSL	4:1b0d80432c79	1347	TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL	4:1b0d80432c79	1348	SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL	4:1b0d80432c79	1349
wolfSSL	4:1b0d80432c79	1350	if (sni)
wolfSSL	4:1b0d80432c79	1351	return sni->status;
wolfSSL	4:1b0d80432c79	1352
wolfSSL	4:1b0d80432c79	1353	return 0;
wolfSSL	4:1b0d80432c79	1354	}
wolfSSL	4:1b0d80432c79	1355
wolfSSL	4:1b0d80432c79	1356	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	4:1b0d80432c79	1357
wolfSSL	4:1b0d80432c79	1358	/** Parses a buffer of SNI extensions. */
wolfSSL	4:1b0d80432c79	1359	static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	4:1b0d80432c79	1360	byte isRequest)
wolfSSL	4:1b0d80432c79	1361	{
wolfSSL	4:1b0d80432c79	1362	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1363	word16 size = 0;
wolfSSL	4:1b0d80432c79	1364	word16 offset = 0;
wolfSSL	4:1b0d80432c79	1365	int cacheOnly = 0;
wolfSSL	4:1b0d80432c79	1366	#endif
wolfSSL	4:1b0d80432c79	1367
wolfSSL	4:1b0d80432c79	1368	TLSX *extension = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
wolfSSL	4:1b0d80432c79	1369
wolfSSL	4:1b0d80432c79	1370	if (!extension)
wolfSSL	4:1b0d80432c79	1371	extension = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
wolfSSL	4:1b0d80432c79	1372
wolfSSL	4:1b0d80432c79	1373	(void)isRequest;
wolfSSL	4:1b0d80432c79	1374	(void)input;
wolfSSL	4:1b0d80432c79	1375
wolfSSL	4:1b0d80432c79	1376	if (!extension \|\| !extension->data) {
wolfSSL	4:1b0d80432c79	1377	#if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	4:1b0d80432c79	1378	/* This will keep SNI even though TLSX_UseSNI has not been called.
wolfSSL	4:1b0d80432c79	1379	* Enable it so that the received sni is available to functions
wolfSSL	4:1b0d80432c79	1380	* that use a custom callback when SNI is received */
wolfSSL	4:1b0d80432c79	1381	cacheOnly = 1;
wolfSSL	4:1b0d80432c79	1382	WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
wolfSSL	4:1b0d80432c79	1383	#else
wolfSSL	4:1b0d80432c79	1384	return isRequest ? 0 /* not using SNI. */
wolfSSL	4:1b0d80432c79	1385	: BUFFER_ERROR; /* unexpected SNI response. */
wolfSSL	4:1b0d80432c79	1386	#endif
wolfSSL	4:1b0d80432c79	1387	}
wolfSSL	4:1b0d80432c79	1388
wolfSSL	4:1b0d80432c79	1389	if (!isRequest)
wolfSSL	4:1b0d80432c79	1390	return length ? BUFFER_ERROR /* SNI response MUST be empty. */
wolfSSL	4:1b0d80432c79	1391	: 0; /* nothing else to do. */
wolfSSL	4:1b0d80432c79	1392
wolfSSL	4:1b0d80432c79	1393	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1394
wolfSSL	4:1b0d80432c79	1395	if (OPAQUE16_LEN > length)
wolfSSL	4:1b0d80432c79	1396	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1397
wolfSSL	4:1b0d80432c79	1398	ato16(input, &size);
wolfSSL	4:1b0d80432c79	1399	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1400
wolfSSL	4:1b0d80432c79	1401	/* validating sni list length */
wolfSSL	4:1b0d80432c79	1402	if (length != OPAQUE16_LEN + size)
wolfSSL	4:1b0d80432c79	1403	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1404
wolfSSL	4:1b0d80432c79	1405	for (size = 0; offset < length; offset += size) {
wolfSSL	4:1b0d80432c79	1406	SNI *sni = NULL;
wolfSSL	4:1b0d80432c79	1407	byte type = input[offset++];
wolfSSL	4:1b0d80432c79	1408
wolfSSL	4:1b0d80432c79	1409	if (offset + OPAQUE16_LEN > length)
wolfSSL	4:1b0d80432c79	1410	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1411
wolfSSL	4:1b0d80432c79	1412	ato16(input + offset, &size);
wolfSSL	4:1b0d80432c79	1413	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1414
wolfSSL	4:1b0d80432c79	1415	if (offset + size > length)
wolfSSL	4:1b0d80432c79	1416	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1417
wolfSSL	4:1b0d80432c79	1418	if (!cacheOnly && !(sni = TLSX_SNI_Find((SNI*)extension->data, type)))
wolfSSL	4:1b0d80432c79	1419	continue; /* not using this type of SNI. */
wolfSSL	4:1b0d80432c79	1420
wolfSSL	4:1b0d80432c79	1421	switch(type) {
wolfSSL	4:1b0d80432c79	1422	case WOLFSSL_SNI_HOST_NAME: {
wolfSSL	4:1b0d80432c79	1423	int matchStat;
wolfSSL	4:1b0d80432c79	1424	byte matched = cacheOnly \|\|
wolfSSL	4:1b0d80432c79	1425	((XSTRLEN(sni->data.host_name) == size)
wolfSSL	4:1b0d80432c79	1426	&& (XSTRNCMP(sni->data.host_name,
wolfSSL	4:1b0d80432c79	1427	(const char*)input + offset, size) == 0));
wolfSSL	4:1b0d80432c79	1428
wolfSSL	4:1b0d80432c79	1429	if (matched \|\| sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) {
wolfSSL	4:1b0d80432c79	1430	int r = TLSX_UseSNI(&ssl->extensions,
wolfSSL	4:1b0d80432c79	1431	type, input + offset, size);
wolfSSL	4:1b0d80432c79	1432
wolfSSL	4:1b0d80432c79	1433	if (r != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	1434	return r; /* throws error. */
wolfSSL	4:1b0d80432c79	1435
wolfSSL	4:1b0d80432c79	1436	if(cacheOnly) {
wolfSSL	4:1b0d80432c79	1437	WOLFSSL_MSG("Forcing storage of SNI, Fake match");
wolfSSL	4:1b0d80432c79	1438	matchStat = WOLFSSL_SNI_FORCE_KEEP;
wolfSSL	4:1b0d80432c79	1439	} else if(matched) {
wolfSSL	4:1b0d80432c79	1440	WOLFSSL_MSG("SNI did match!");
wolfSSL	4:1b0d80432c79	1441	matchStat = WOLFSSL_SNI_REAL_MATCH;
wolfSSL	4:1b0d80432c79	1442	} else {
wolfSSL	4:1b0d80432c79	1443	WOLFSSL_MSG("fake SNI match from ANSWER_ON_MISMATCH");
wolfSSL	4:1b0d80432c79	1444	matchStat = WOLFSSL_SNI_FAKE_MATCH;
wolfSSL	4:1b0d80432c79	1445	}
wolfSSL	4:1b0d80432c79	1446
wolfSSL	4:1b0d80432c79	1447	TLSX_SNI_SetStatus(ssl->extensions, type, matchStat);
wolfSSL	4:1b0d80432c79	1448
wolfSSL	4:1b0d80432c79	1449	if(!cacheOnly)
wolfSSL	4:1b0d80432c79	1450	TLSX_SetResponse(ssl, TLSX_SERVER_NAME);
wolfSSL	4:1b0d80432c79	1451
wolfSSL	4:1b0d80432c79	1452	} else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
wolfSSL	4:1b0d80432c79	1453	SendAlert(ssl, alert_fatal, unrecognized_name);
wolfSSL	4:1b0d80432c79	1454
wolfSSL	4:1b0d80432c79	1455	return UNKNOWN_SNI_HOST_NAME_E;
wolfSSL	4:1b0d80432c79	1456	}
wolfSSL	4:1b0d80432c79	1457	break;
wolfSSL	4:1b0d80432c79	1458	}
wolfSSL	4:1b0d80432c79	1459	}
wolfSSL	4:1b0d80432c79	1460	}
wolfSSL	4:1b0d80432c79	1461
wolfSSL	4:1b0d80432c79	1462	#endif
wolfSSL	4:1b0d80432c79	1463
wolfSSL	4:1b0d80432c79	1464	return 0;
wolfSSL	4:1b0d80432c79	1465	}
wolfSSL	4:1b0d80432c79	1466
wolfSSL	4:1b0d80432c79	1467	static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
wolfSSL	4:1b0d80432c79	1468	{
wolfSSL	4:1b0d80432c79	1469	(void)ssl;
wolfSSL	4:1b0d80432c79	1470
wolfSSL	4:1b0d80432c79	1471	if (isRequest) {
wolfSSL	4:1b0d80432c79	1472	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1473	TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
wolfSSL	4:1b0d80432c79	1474	TLSX* ssl_ext = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
wolfSSL	4:1b0d80432c79	1475	SNI* ctx_sni = ctx_ext ? ctx_ext->data : NULL;
wolfSSL	4:1b0d80432c79	1476	SNI* ssl_sni = ssl_ext ? ssl_ext->data : NULL;
wolfSSL	4:1b0d80432c79	1477	SNI* sni = NULL;
wolfSSL	4:1b0d80432c79	1478
wolfSSL	4:1b0d80432c79	1479	for (; ctx_sni; ctx_sni = ctx_sni->next) {
wolfSSL	4:1b0d80432c79	1480	if (ctx_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
wolfSSL	4:1b0d80432c79	1481	sni = TLSX_SNI_Find(ssl_sni, ctx_sni->type);
wolfSSL	4:1b0d80432c79	1482
wolfSSL	4:1b0d80432c79	1483	if (sni) {
wolfSSL	4:1b0d80432c79	1484	if (sni->status != WOLFSSL_SNI_NO_MATCH)
wolfSSL	4:1b0d80432c79	1485	continue;
wolfSSL	4:1b0d80432c79	1486
wolfSSL	4:1b0d80432c79	1487	/* if ssl level overrides ctx level, it is ok. */
wolfSSL	4:1b0d80432c79	1488	if ((sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) == 0)
wolfSSL	4:1b0d80432c79	1489	continue;
wolfSSL	4:1b0d80432c79	1490	}
wolfSSL	4:1b0d80432c79	1491
wolfSSL	4:1b0d80432c79	1492	SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL	4:1b0d80432c79	1493	return SNI_ABSENT_ERROR;
wolfSSL	4:1b0d80432c79	1494	}
wolfSSL	4:1b0d80432c79	1495	}
wolfSSL	4:1b0d80432c79	1496
wolfSSL	4:1b0d80432c79	1497	for (; ssl_sni; ssl_sni = ssl_sni->next) {
wolfSSL	4:1b0d80432c79	1498	if (ssl_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
wolfSSL	4:1b0d80432c79	1499	if (ssl_sni->status != WOLFSSL_SNI_NO_MATCH)
wolfSSL	4:1b0d80432c79	1500	continue;
wolfSSL	4:1b0d80432c79	1501
wolfSSL	4:1b0d80432c79	1502	SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL	4:1b0d80432c79	1503	return SNI_ABSENT_ERROR;
wolfSSL	4:1b0d80432c79	1504	}
wolfSSL	4:1b0d80432c79	1505	}
wolfSSL	4:1b0d80432c79	1506	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	4:1b0d80432c79	1507	}
wolfSSL	4:1b0d80432c79	1508
wolfSSL	4:1b0d80432c79	1509	return 0;
wolfSSL	4:1b0d80432c79	1510	}
wolfSSL	4:1b0d80432c79	1511
wolfSSL	4:1b0d80432c79	1512	int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
wolfSSL	4:1b0d80432c79	1513	{
wolfSSL	4:1b0d80432c79	1514	TLSX* extension = TLSX_Find(*extensions, TLSX_SERVER_NAME);
wolfSSL	4:1b0d80432c79	1515	SNI* sni = NULL;
wolfSSL	4:1b0d80432c79	1516
wolfSSL	4:1b0d80432c79	1517	if (extensions == NULL \|\| data == NULL)
wolfSSL	4:1b0d80432c79	1518	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	1519
wolfSSL	4:1b0d80432c79	1520	if ((sni = TLSX_SNI_New(type, data, size)) == NULL)
wolfSSL	4:1b0d80432c79	1521	return MEMORY_E;
wolfSSL	4:1b0d80432c79	1522
wolfSSL	4:1b0d80432c79	1523	if (!extension) {
wolfSSL	4:1b0d80432c79	1524	int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni);
wolfSSL	4:1b0d80432c79	1525	if (ret != 0) {
wolfSSL	4:1b0d80432c79	1526	TLSX_SNI_Free(sni);
wolfSSL	4:1b0d80432c79	1527	return ret;
wolfSSL	4:1b0d80432c79	1528	}
wolfSSL	4:1b0d80432c79	1529	}
wolfSSL	4:1b0d80432c79	1530	else {
wolfSSL	4:1b0d80432c79	1531	/* push new SNI object to extension data. */
wolfSSL	4:1b0d80432c79	1532	sni->next = (SNI*)extension->data;
wolfSSL	4:1b0d80432c79	1533	extension->data = (void*)sni;
wolfSSL	4:1b0d80432c79	1534
wolfSSL	4:1b0d80432c79	1535	/* remove duplicate SNI, there should be only one of each type. */
wolfSSL	4:1b0d80432c79	1536	do {
wolfSSL	4:1b0d80432c79	1537	if (sni->next && sni->next->type == type) {
wolfSSL	4:1b0d80432c79	1538	SNI *next = sni->next;
wolfSSL	4:1b0d80432c79	1539
wolfSSL	4:1b0d80432c79	1540	sni->next = next->next;
wolfSSL	4:1b0d80432c79	1541	TLSX_SNI_Free(next);
wolfSSL	4:1b0d80432c79	1542
wolfSSL	4:1b0d80432c79	1543	/* there is no way to occur more than */
wolfSSL	4:1b0d80432c79	1544	/* two SNIs of the same type. */
wolfSSL	4:1b0d80432c79	1545	break;
wolfSSL	4:1b0d80432c79	1546	}
wolfSSL	4:1b0d80432c79	1547	} while ((sni = sni->next));
wolfSSL	4:1b0d80432c79	1548	}
wolfSSL	4:1b0d80432c79	1549
wolfSSL	4:1b0d80432c79	1550	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	1551	}
wolfSSL	4:1b0d80432c79	1552
wolfSSL	4:1b0d80432c79	1553	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1554
wolfSSL	4:1b0d80432c79	1555	/** Tells the SNI requested by the client. */
wolfSSL	4:1b0d80432c79	1556	word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
wolfSSL	4:1b0d80432c79	1557	{
wolfSSL	4:1b0d80432c79	1558	TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL	4:1b0d80432c79	1559	SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL	4:1b0d80432c79	1560
wolfSSL	4:1b0d80432c79	1561	if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) {
wolfSSL	4:1b0d80432c79	1562	switch (sni->type) {
wolfSSL	4:1b0d80432c79	1563	case WOLFSSL_SNI_HOST_NAME:
wolfSSL	4:1b0d80432c79	1564	*data = sni->data.host_name;
wolfSSL	4:1b0d80432c79	1565	return XSTRLEN(*data);
wolfSSL	4:1b0d80432c79	1566	}
wolfSSL	4:1b0d80432c79	1567	}
wolfSSL	4:1b0d80432c79	1568
wolfSSL	4:1b0d80432c79	1569	return 0;
wolfSSL	4:1b0d80432c79	1570	}
wolfSSL	4:1b0d80432c79	1571
wolfSSL	4:1b0d80432c79	1572	/** Sets the options for a SNI object. */
wolfSSL	4:1b0d80432c79	1573	void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
wolfSSL	4:1b0d80432c79	1574	{
wolfSSL	4:1b0d80432c79	1575	TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL	4:1b0d80432c79	1576	SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL	4:1b0d80432c79	1577
wolfSSL	4:1b0d80432c79	1578	if (sni)
wolfSSL	4:1b0d80432c79	1579	sni->options = options;
wolfSSL	4:1b0d80432c79	1580	}
wolfSSL	4:1b0d80432c79	1581
wolfSSL	4:1b0d80432c79	1582	/** Retrieves a SNI request from a client hello buffer. */
wolfSSL	4:1b0d80432c79	1583	int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
wolfSSL	4:1b0d80432c79	1584	byte type, byte* sni, word32* inOutSz)
wolfSSL	4:1b0d80432c79	1585	{
wolfSSL	4:1b0d80432c79	1586	word32 offset = 0;
wolfSSL	4:1b0d80432c79	1587	word32 len32 = 0;
wolfSSL	4:1b0d80432c79	1588	word16 len16 = 0;
wolfSSL	4:1b0d80432c79	1589
wolfSSL	4:1b0d80432c79	1590	if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST)
wolfSSL	4:1b0d80432c79	1591	return INCOMPLETE_DATA;
wolfSSL	4:1b0d80432c79	1592
wolfSSL	4:1b0d80432c79	1593	/* TLS record header */
wolfSSL	4:1b0d80432c79	1594	if ((enum ContentType) clientHello[offset++] != handshake) {
wolfSSL	4:1b0d80432c79	1595
wolfSSL	4:1b0d80432c79	1596	/* checking for SSLv2.0 client hello according to: */
wolfSSL	4:1b0d80432c79	1597	/* http://tools.ietf.org/html/rfc4346#appendix-E.1 */
wolfSSL	4:1b0d80432c79	1598	if ((enum HandShakeType) clientHello[++offset] == client_hello) {
wolfSSL	4:1b0d80432c79	1599	offset += ENUM_LEN + VERSION_SZ; /* skip version */
wolfSSL	4:1b0d80432c79	1600
wolfSSL	4:1b0d80432c79	1601	ato16(clientHello + offset, &len16);
wolfSSL	4:1b0d80432c79	1602	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1603
wolfSSL	4:1b0d80432c79	1604	if (len16 % 3) /* cipher_spec_length must be multiple of 3 */
wolfSSL	4:1b0d80432c79	1605	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1606
wolfSSL	4:1b0d80432c79	1607	ato16(clientHello + offset, &len16);
wolfSSL	4:1b0d80432c79	1608	/* Returning SNI_UNSUPPORTED do not increment offset here */
wolfSSL	4:1b0d80432c79	1609
wolfSSL	4:1b0d80432c79	1610	if (len16 != 0) /* session_id_length must be 0 */
wolfSSL	4:1b0d80432c79	1611	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1612
wolfSSL	4:1b0d80432c79	1613	return SNI_UNSUPPORTED;
wolfSSL	4:1b0d80432c79	1614	}
wolfSSL	4:1b0d80432c79	1615
wolfSSL	4:1b0d80432c79	1616	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1617	}
wolfSSL	4:1b0d80432c79	1618
wolfSSL	4:1b0d80432c79	1619	if (clientHello[offset++] != SSLv3_MAJOR)
wolfSSL	4:1b0d80432c79	1620	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1621
wolfSSL	4:1b0d80432c79	1622	if (clientHello[offset++] < TLSv1_MINOR)
wolfSSL	4:1b0d80432c79	1623	return SNI_UNSUPPORTED;
wolfSSL	4:1b0d80432c79	1624
wolfSSL	4:1b0d80432c79	1625	ato16(clientHello + offset, &len16);
wolfSSL	4:1b0d80432c79	1626	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1627
wolfSSL	4:1b0d80432c79	1628	if (offset + len16 > helloSz)
wolfSSL	4:1b0d80432c79	1629	return INCOMPLETE_DATA;
wolfSSL	4:1b0d80432c79	1630
wolfSSL	4:1b0d80432c79	1631	/* Handshake header */
wolfSSL	4:1b0d80432c79	1632	if ((enum HandShakeType) clientHello[offset] != client_hello)
wolfSSL	4:1b0d80432c79	1633	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1634
wolfSSL	4:1b0d80432c79	1635	c24to32(clientHello + offset + 1, &len32);
wolfSSL	4:1b0d80432c79	1636	offset += HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	1637
wolfSSL	4:1b0d80432c79	1638	if (offset + len32 > helloSz)
wolfSSL	4:1b0d80432c79	1639	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1640
wolfSSL	4:1b0d80432c79	1641	/* client hello */
wolfSSL	4:1b0d80432c79	1642	offset += VERSION_SZ + RAN_LEN; /* version, random */
wolfSSL	4:1b0d80432c79	1643
wolfSSL	4:1b0d80432c79	1644	if (helloSz < offset + clientHello[offset])
wolfSSL	4:1b0d80432c79	1645	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1646
wolfSSL	4:1b0d80432c79	1647	offset += ENUM_LEN + clientHello[offset]; /* skip session id */
wolfSSL	4:1b0d80432c79	1648
wolfSSL	4:1b0d80432c79	1649	/* cypher suites */
wolfSSL	4:1b0d80432c79	1650	if (helloSz < offset + OPAQUE16_LEN)
wolfSSL	4:1b0d80432c79	1651	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1652
wolfSSL	4:1b0d80432c79	1653	ato16(clientHello + offset, &len16);
wolfSSL	4:1b0d80432c79	1654	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1655
wolfSSL	4:1b0d80432c79	1656	if (helloSz < offset + len16)
wolfSSL	4:1b0d80432c79	1657	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1658
wolfSSL	4:1b0d80432c79	1659	offset += len16; /* skip cypher suites */
wolfSSL	4:1b0d80432c79	1660
wolfSSL	4:1b0d80432c79	1661	/* compression methods */
wolfSSL	4:1b0d80432c79	1662	if (helloSz < offset + 1)
wolfSSL	4:1b0d80432c79	1663	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1664
wolfSSL	4:1b0d80432c79	1665	if (helloSz < offset + clientHello[offset])
wolfSSL	4:1b0d80432c79	1666	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1667
wolfSSL	4:1b0d80432c79	1668	offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
wolfSSL	4:1b0d80432c79	1669
wolfSSL	4:1b0d80432c79	1670	/* extensions */
wolfSSL	4:1b0d80432c79	1671	if (helloSz < offset + OPAQUE16_LEN)
wolfSSL	4:1b0d80432c79	1672	return 0; /* no extensions in client hello. */
wolfSSL	4:1b0d80432c79	1673
wolfSSL	4:1b0d80432c79	1674	ato16(clientHello + offset, &len16);
wolfSSL	4:1b0d80432c79	1675	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1676
wolfSSL	4:1b0d80432c79	1677	if (helloSz < offset + len16)
wolfSSL	4:1b0d80432c79	1678	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1679
wolfSSL	4:1b0d80432c79	1680	while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) {
wolfSSL	4:1b0d80432c79	1681	word16 extType;
wolfSSL	4:1b0d80432c79	1682	word16 extLen;
wolfSSL	4:1b0d80432c79	1683
wolfSSL	4:1b0d80432c79	1684	ato16(clientHello + offset, &extType);
wolfSSL	4:1b0d80432c79	1685	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1686
wolfSSL	4:1b0d80432c79	1687	ato16(clientHello + offset, &extLen);
wolfSSL	4:1b0d80432c79	1688	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1689
wolfSSL	4:1b0d80432c79	1690	if (helloSz < offset + extLen)
wolfSSL	4:1b0d80432c79	1691	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1692
wolfSSL	4:1b0d80432c79	1693	if (extType != TLSX_SERVER_NAME) {
wolfSSL	4:1b0d80432c79	1694	offset += extLen; /* skip extension */
wolfSSL	4:1b0d80432c79	1695	} else {
wolfSSL	4:1b0d80432c79	1696	word16 listLen;
wolfSSL	4:1b0d80432c79	1697
wolfSSL	4:1b0d80432c79	1698	ato16(clientHello + offset, &listLen);
wolfSSL	4:1b0d80432c79	1699	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1700
wolfSSL	4:1b0d80432c79	1701	if (helloSz < offset + listLen)
wolfSSL	4:1b0d80432c79	1702	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1703
wolfSSL	4:1b0d80432c79	1704	while (listLen > ENUM_LEN + OPAQUE16_LEN) {
wolfSSL	4:1b0d80432c79	1705	byte sniType = clientHello[offset++];
wolfSSL	4:1b0d80432c79	1706	word16 sniLen;
wolfSSL	4:1b0d80432c79	1707
wolfSSL	4:1b0d80432c79	1708	ato16(clientHello + offset, &sniLen);
wolfSSL	4:1b0d80432c79	1709	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1710
wolfSSL	4:1b0d80432c79	1711	if (helloSz < offset + sniLen)
wolfSSL	4:1b0d80432c79	1712	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1713
wolfSSL	4:1b0d80432c79	1714	if (sniType != type) {
wolfSSL	4:1b0d80432c79	1715	offset += sniLen;
wolfSSL	4:1b0d80432c79	1716	listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen);
wolfSSL	4:1b0d80432c79	1717	continue;
wolfSSL	4:1b0d80432c79	1718	}
wolfSSL	4:1b0d80432c79	1719
wolfSSL	4:1b0d80432c79	1720	inOutSz = min(sniLen, inOutSz);
wolfSSL	4:1b0d80432c79	1721	XMEMCPY(sni, clientHello + offset, *inOutSz);
wolfSSL	4:1b0d80432c79	1722
wolfSSL	4:1b0d80432c79	1723	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	1724	}
wolfSSL	4:1b0d80432c79	1725	}
wolfSSL	4:1b0d80432c79	1726
wolfSSL	4:1b0d80432c79	1727	len16 -= min(2 * OPAQUE16_LEN + extLen, len16);
wolfSSL	4:1b0d80432c79	1728	}
wolfSSL	4:1b0d80432c79	1729
wolfSSL	4:1b0d80432c79	1730	return len16 ? BUFFER_ERROR : 0;
wolfSSL	4:1b0d80432c79	1731	}
wolfSSL	4:1b0d80432c79	1732
wolfSSL	4:1b0d80432c79	1733	#endif
wolfSSL	4:1b0d80432c79	1734
wolfSSL	4:1b0d80432c79	1735	#define SNI_FREE_ALL TLSX_SNI_FreeAll
wolfSSL	4:1b0d80432c79	1736	#define SNI_GET_SIZE TLSX_SNI_GetSize
wolfSSL	4:1b0d80432c79	1737	#define SNI_WRITE TLSX_SNI_Write
wolfSSL	4:1b0d80432c79	1738	#define SNI_PARSE TLSX_SNI_Parse
wolfSSL	4:1b0d80432c79	1739	#define SNI_VERIFY_PARSE TLSX_SNI_VerifyParse
wolfSSL	4:1b0d80432c79	1740
wolfSSL	4:1b0d80432c79	1741	#else
wolfSSL	4:1b0d80432c79	1742
wolfSSL	4:1b0d80432c79	1743	#define SNI_FREE_ALL(list)
wolfSSL	4:1b0d80432c79	1744	#define SNI_GET_SIZE(list) 0
wolfSSL	4:1b0d80432c79	1745	#define SNI_WRITE(a, b) 0
wolfSSL	4:1b0d80432c79	1746	#define SNI_PARSE(a, b, c, d) 0
wolfSSL	4:1b0d80432c79	1747	#define SNI_VERIFY_PARSE(a, b) 0
wolfSSL	4:1b0d80432c79	1748
wolfSSL	4:1b0d80432c79	1749	#endif /* HAVE_SNI */
wolfSSL	4:1b0d80432c79	1750
wolfSSL	4:1b0d80432c79	1751	/******************************************************************************/
wolfSSL	4:1b0d80432c79	1752	/* Max Fragment Length Negotiation */
wolfSSL	4:1b0d80432c79	1753	/******************************************************************************/
wolfSSL	4:1b0d80432c79	1754
wolfSSL	4:1b0d80432c79	1755	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	4:1b0d80432c79	1756
wolfSSL	4:1b0d80432c79	1757	static word16 TLSX_MFL_Write(byte* data, byte* output)
wolfSSL	4:1b0d80432c79	1758	{
wolfSSL	4:1b0d80432c79	1759	output[0] = data[0];
wolfSSL	4:1b0d80432c79	1760
wolfSSL	4:1b0d80432c79	1761	return ENUM_LEN;
wolfSSL	4:1b0d80432c79	1762	}
wolfSSL	4:1b0d80432c79	1763
wolfSSL	4:1b0d80432c79	1764	static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	4:1b0d80432c79	1765	byte isRequest)
wolfSSL	4:1b0d80432c79	1766	{
wolfSSL	4:1b0d80432c79	1767	(void)isRequest;
wolfSSL	4:1b0d80432c79	1768
wolfSSL	4:1b0d80432c79	1769	if (length != ENUM_LEN)
wolfSSL	4:1b0d80432c79	1770	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1771
wolfSSL	4:1b0d80432c79	1772	switch (*input) {
wolfSSL	4:1b0d80432c79	1773	case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break;
wolfSSL	4:1b0d80432c79	1774	case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break;
wolfSSL	4:1b0d80432c79	1775	case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break;
wolfSSL	4:1b0d80432c79	1776	case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break;
wolfSSL	4:1b0d80432c79	1777	case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break;
wolfSSL	4:1b0d80432c79	1778
wolfSSL	4:1b0d80432c79	1779	default:
wolfSSL	4:1b0d80432c79	1780	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	4:1b0d80432c79	1781
wolfSSL	4:1b0d80432c79	1782	return UNKNOWN_MAX_FRAG_LEN_E;
wolfSSL	4:1b0d80432c79	1783	}
wolfSSL	4:1b0d80432c79	1784
wolfSSL	4:1b0d80432c79	1785	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1786	if (isRequest) {
wolfSSL	4:1b0d80432c79	1787	int r = TLSX_UseMaxFragment(&ssl->extensions, *input);
wolfSSL	4:1b0d80432c79	1788
wolfSSL	4:1b0d80432c79	1789	if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL	4:1b0d80432c79	1790
wolfSSL	4:1b0d80432c79	1791	TLSX_SetResponse(ssl, TLSX_MAX_FRAGMENT_LENGTH);
wolfSSL	4:1b0d80432c79	1792	}
wolfSSL	4:1b0d80432c79	1793	#endif
wolfSSL	4:1b0d80432c79	1794
wolfSSL	4:1b0d80432c79	1795	return 0;
wolfSSL	4:1b0d80432c79	1796	}
wolfSSL	4:1b0d80432c79	1797
wolfSSL	4:1b0d80432c79	1798	int TLSX_UseMaxFragment(TLSX** extensions, byte mfl)
wolfSSL	4:1b0d80432c79	1799	{
wolfSSL	4:1b0d80432c79	1800	byte* data = NULL;
wolfSSL	4:1b0d80432c79	1801	int ret = 0;
wolfSSL	4:1b0d80432c79	1802
wolfSSL	4:1b0d80432c79	1803	if (extensions == NULL)
wolfSSL	4:1b0d80432c79	1804	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	1805
wolfSSL	4:1b0d80432c79	1806	if (mfl < WOLFSSL_MFL_2_9 \|\| WOLFSSL_MFL_2_13 < mfl)
wolfSSL	4:1b0d80432c79	1807	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	1808
wolfSSL	4:1b0d80432c79	1809	if ((data = XMALLOC(ENUM_LEN, NULL, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	4:1b0d80432c79	1810	return MEMORY_E;
wolfSSL	4:1b0d80432c79	1811
wolfSSL	4:1b0d80432c79	1812	data[0] = mfl;
wolfSSL	4:1b0d80432c79	1813
wolfSSL	4:1b0d80432c79	1814	/* push new MFL extension. */
wolfSSL	4:1b0d80432c79	1815	if ((ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data)) != 0) {
wolfSSL	4:1b0d80432c79	1816	XFREE(data, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	1817	return ret;
wolfSSL	4:1b0d80432c79	1818	}
wolfSSL	4:1b0d80432c79	1819
wolfSSL	4:1b0d80432c79	1820	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	1821	}
wolfSSL	4:1b0d80432c79	1822
wolfSSL	4:1b0d80432c79	1823
wolfSSL	4:1b0d80432c79	1824	#define MFL_FREE_ALL(data) XFREE(data, 0, DYNAMIC_TYPE_TLSX)
wolfSSL	4:1b0d80432c79	1825	#define MFL_GET_SIZE(data) ENUM_LEN
wolfSSL	4:1b0d80432c79	1826	#define MFL_WRITE TLSX_MFL_Write
wolfSSL	4:1b0d80432c79	1827	#define MFL_PARSE TLSX_MFL_Parse
wolfSSL	4:1b0d80432c79	1828
wolfSSL	4:1b0d80432c79	1829	#else
wolfSSL	4:1b0d80432c79	1830
wolfSSL	4:1b0d80432c79	1831	#define MFL_FREE_ALL(a)
wolfSSL	4:1b0d80432c79	1832	#define MFL_GET_SIZE(a) 0
wolfSSL	4:1b0d80432c79	1833	#define MFL_WRITE(a, b) 0
wolfSSL	4:1b0d80432c79	1834	#define MFL_PARSE(a, b, c, d) 0
wolfSSL	4:1b0d80432c79	1835
wolfSSL	4:1b0d80432c79	1836	#endif /* HAVE_MAX_FRAGMENT */
wolfSSL	4:1b0d80432c79	1837
wolfSSL	4:1b0d80432c79	1838	/******************************************************************************/
wolfSSL	4:1b0d80432c79	1839	/* Truncated HMAC */
wolfSSL	4:1b0d80432c79	1840	/******************************************************************************/
wolfSSL	4:1b0d80432c79	1841
wolfSSL	4:1b0d80432c79	1842	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	4:1b0d80432c79	1843
wolfSSL	4:1b0d80432c79	1844	static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	4:1b0d80432c79	1845	byte isRequest)
wolfSSL	4:1b0d80432c79	1846	{
wolfSSL	4:1b0d80432c79	1847	(void)isRequest;
wolfSSL	4:1b0d80432c79	1848
wolfSSL	4:1b0d80432c79	1849	if (length != 0 \|\| input == NULL)
wolfSSL	4:1b0d80432c79	1850	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	1851
wolfSSL	4:1b0d80432c79	1852	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1853	if (isRequest) {
wolfSSL	4:1b0d80432c79	1854	int r = TLSX_UseTruncatedHMAC(&ssl->extensions);
wolfSSL	4:1b0d80432c79	1855
wolfSSL	4:1b0d80432c79	1856	if (r != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	1857	return r; /* throw error */
wolfSSL	4:1b0d80432c79	1858
wolfSSL	4:1b0d80432c79	1859	TLSX_SetResponse(ssl, TLSX_TRUNCATED_HMAC);
wolfSSL	4:1b0d80432c79	1860	}
wolfSSL	4:1b0d80432c79	1861	#endif
wolfSSL	4:1b0d80432c79	1862
wolfSSL	4:1b0d80432c79	1863	ssl->truncated_hmac = 1;
wolfSSL	4:1b0d80432c79	1864
wolfSSL	4:1b0d80432c79	1865	return 0;
wolfSSL	4:1b0d80432c79	1866	}
wolfSSL	4:1b0d80432c79	1867
wolfSSL	4:1b0d80432c79	1868	int TLSX_UseTruncatedHMAC(TLSX** extensions)
wolfSSL	4:1b0d80432c79	1869	{
wolfSSL	4:1b0d80432c79	1870	int ret = 0;
wolfSSL	4:1b0d80432c79	1871
wolfSSL	4:1b0d80432c79	1872	if (extensions == NULL)
wolfSSL	4:1b0d80432c79	1873	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	1874
wolfSSL	4:1b0d80432c79	1875	if ((ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL)) != 0)
wolfSSL	4:1b0d80432c79	1876	return ret;
wolfSSL	4:1b0d80432c79	1877
wolfSSL	4:1b0d80432c79	1878	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	1879	}
wolfSSL	4:1b0d80432c79	1880
wolfSSL	4:1b0d80432c79	1881	#define THM_PARSE TLSX_THM_Parse
wolfSSL	4:1b0d80432c79	1882
wolfSSL	4:1b0d80432c79	1883	#else
wolfSSL	4:1b0d80432c79	1884
wolfSSL	4:1b0d80432c79	1885	#define THM_PARSE(a, b, c, d) 0
wolfSSL	4:1b0d80432c79	1886
wolfSSL	4:1b0d80432c79	1887	#endif /* HAVE_TRUNCATED_HMAC */
wolfSSL	4:1b0d80432c79	1888
wolfSSL	4:1b0d80432c79	1889	/******************************************************************************/
wolfSSL	4:1b0d80432c79	1890	/* Certificate Status Request */
wolfSSL	4:1b0d80432c79	1891	/******************************************************************************/
wolfSSL	4:1b0d80432c79	1892
wolfSSL	4:1b0d80432c79	1893	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	4:1b0d80432c79	1894
wolfSSL	4:1b0d80432c79	1895	static void TLSX_CSR_Free(CertificateStatusRequest* csr)
wolfSSL	4:1b0d80432c79	1896	{
wolfSSL	4:1b0d80432c79	1897	switch (csr->status_type) {
wolfSSL	4:1b0d80432c79	1898	case WOLFSSL_CSR_OCSP:
wolfSSL	4:1b0d80432c79	1899	FreeOcspRequest(&csr->request.ocsp);
wolfSSL	4:1b0d80432c79	1900	break;
wolfSSL	4:1b0d80432c79	1901	}
wolfSSL	4:1b0d80432c79	1902
wolfSSL	4:1b0d80432c79	1903	XFREE(csr, NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	1904	}
wolfSSL	4:1b0d80432c79	1905
wolfSSL	4:1b0d80432c79	1906	static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
wolfSSL	4:1b0d80432c79	1907	{
wolfSSL	4:1b0d80432c79	1908	word16 size = 0;
wolfSSL	4:1b0d80432c79	1909
wolfSSL	4:1b0d80432c79	1910	/* shut up compiler warnings */
wolfSSL	4:1b0d80432c79	1911	(void) csr; (void) isRequest;
wolfSSL	4:1b0d80432c79	1912
wolfSSL	4:1b0d80432c79	1913	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	1914	if (isRequest) {
wolfSSL	4:1b0d80432c79	1915	switch (csr->status_type) {
wolfSSL	4:1b0d80432c79	1916	case WOLFSSL_CSR_OCSP:
wolfSSL	4:1b0d80432c79	1917	size += ENUM_LEN + 2 * OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1918
wolfSSL	4:1b0d80432c79	1919	if (csr->request.ocsp.nonceSz)
wolfSSL	4:1b0d80432c79	1920	size += OCSP_NONCE_EXT_SZ;
wolfSSL	4:1b0d80432c79	1921	break;
wolfSSL	4:1b0d80432c79	1922	}
wolfSSL	4:1b0d80432c79	1923	}
wolfSSL	4:1b0d80432c79	1924	#endif
wolfSSL	4:1b0d80432c79	1925
wolfSSL	4:1b0d80432c79	1926	return size;
wolfSSL	4:1b0d80432c79	1927	}
wolfSSL	4:1b0d80432c79	1928
wolfSSL	4:1b0d80432c79	1929	static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
wolfSSL	4:1b0d80432c79	1930	byte isRequest)
wolfSSL	4:1b0d80432c79	1931	{
wolfSSL	4:1b0d80432c79	1932	/* shut up compiler warnings */
wolfSSL	4:1b0d80432c79	1933	(void) csr; (void) output; (void) isRequest;
wolfSSL	4:1b0d80432c79	1934
wolfSSL	4:1b0d80432c79	1935	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	1936	if (isRequest) {
wolfSSL	4:1b0d80432c79	1937	word16 offset = 0;
wolfSSL	4:1b0d80432c79	1938	word16 length = 0;
wolfSSL	4:1b0d80432c79	1939
wolfSSL	4:1b0d80432c79	1940	/* type */
wolfSSL	4:1b0d80432c79	1941	output[offset++] = csr->status_type;
wolfSSL	4:1b0d80432c79	1942
wolfSSL	4:1b0d80432c79	1943	switch (csr->status_type) {
wolfSSL	4:1b0d80432c79	1944	case WOLFSSL_CSR_OCSP:
wolfSSL	4:1b0d80432c79	1945	/* responder id list */
wolfSSL	4:1b0d80432c79	1946	c16toa(0, output + offset);
wolfSSL	4:1b0d80432c79	1947	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	1948
wolfSSL	4:1b0d80432c79	1949	/* request extensions */
wolfSSL	4:1b0d80432c79	1950	if (csr->request.ocsp.nonceSz)
wolfSSL	4:1b0d80432c79	1951	length = EncodeOcspRequestExtensions(
wolfSSL	4:1b0d80432c79	1952	&csr->request.ocsp,
wolfSSL	4:1b0d80432c79	1953	output + offset + OPAQUE16_LEN,
wolfSSL	4:1b0d80432c79	1954	OCSP_NONCE_EXT_SZ);
wolfSSL	4:1b0d80432c79	1955
wolfSSL	4:1b0d80432c79	1956	c16toa(length, output + offset);
wolfSSL	4:1b0d80432c79	1957	offset += OPAQUE16_LEN + length;
wolfSSL	4:1b0d80432c79	1958
wolfSSL	4:1b0d80432c79	1959	break;
wolfSSL	4:1b0d80432c79	1960	}
wolfSSL	4:1b0d80432c79	1961
wolfSSL	4:1b0d80432c79	1962	return offset;
wolfSSL	4:1b0d80432c79	1963	}
wolfSSL	4:1b0d80432c79	1964	#endif
wolfSSL	4:1b0d80432c79	1965
wolfSSL	4:1b0d80432c79	1966	return 0;
wolfSSL	4:1b0d80432c79	1967	}
wolfSSL	4:1b0d80432c79	1968
wolfSSL	4:1b0d80432c79	1969	static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	4:1b0d80432c79	1970	byte isRequest)
wolfSSL	4:1b0d80432c79	1971	{
wolfSSL	4:1b0d80432c79	1972	int ret;
wolfSSL	4:1b0d80432c79	1973
wolfSSL	4:1b0d80432c79	1974	/* shut up compiler warnings */
wolfSSL	4:1b0d80432c79	1975	(void) ssl; (void) input;
wolfSSL	4:1b0d80432c79	1976
wolfSSL	4:1b0d80432c79	1977	if (!isRequest) {
wolfSSL	4:1b0d80432c79	1978	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	1979	TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
wolfSSL	4:1b0d80432c79	1980	CertificateStatusRequest* csr = extension ? extension->data : NULL;
wolfSSL	4:1b0d80432c79	1981
wolfSSL	4:1b0d80432c79	1982	if (!csr) {
wolfSSL	4:1b0d80432c79	1983	/* look at context level */
wolfSSL	4:1b0d80432c79	1984
wolfSSL	4:1b0d80432c79	1985	extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST);
wolfSSL	4:1b0d80432c79	1986	csr = extension ? extension->data : NULL;
wolfSSL	4:1b0d80432c79	1987
wolfSSL	4:1b0d80432c79	1988	if (!csr)
wolfSSL	4:1b0d80432c79	1989	return BUFFER_ERROR; /* unexpected extension */
wolfSSL	4:1b0d80432c79	1990
wolfSSL	4:1b0d80432c79	1991	/* enable extension at ssl level */
wolfSSL	4:1b0d80432c79	1992	ret = TLSX_UseCertificateStatusRequest(&ssl->extensions,
wolfSSL	4:1b0d80432c79	1993	csr->status_type, csr->options);
wolfSSL	4:1b0d80432c79	1994	if (ret != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	1995	return ret;
wolfSSL	4:1b0d80432c79	1996
wolfSSL	4:1b0d80432c79	1997	switch (csr->status_type) {
wolfSSL	4:1b0d80432c79	1998	case WOLFSSL_CSR_OCSP:
wolfSSL	4:1b0d80432c79	1999	/* propagate nonce */
wolfSSL	4:1b0d80432c79	2000	if (csr->request.ocsp.nonceSz) {
wolfSSL	4:1b0d80432c79	2001	OcspRequest* request =
wolfSSL	4:1b0d80432c79	2002	TLSX_CSR_GetRequest(ssl->extensions);
wolfSSL	4:1b0d80432c79	2003
wolfSSL	4:1b0d80432c79	2004	if (request) {
wolfSSL	4:1b0d80432c79	2005	XMEMCPY(request->nonce, csr->request.ocsp.nonce,
wolfSSL	4:1b0d80432c79	2006	csr->request.ocsp.nonceSz);
wolfSSL	4:1b0d80432c79	2007	request->nonceSz = csr->request.ocsp.nonceSz;
wolfSSL	4:1b0d80432c79	2008	}
wolfSSL	4:1b0d80432c79	2009	}
wolfSSL	4:1b0d80432c79	2010	break;
wolfSSL	4:1b0d80432c79	2011	}
wolfSSL	4:1b0d80432c79	2012	}
wolfSSL	4:1b0d80432c79	2013
wolfSSL	4:1b0d80432c79	2014	ssl->status_request = 1;
wolfSSL	4:1b0d80432c79	2015
wolfSSL	4:1b0d80432c79	2016	return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */
wolfSSL	4:1b0d80432c79	2017	#endif
wolfSSL	4:1b0d80432c79	2018	}
wolfSSL	4:1b0d80432c79	2019	else {
wolfSSL	4:1b0d80432c79	2020	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	2021	byte status_type;
wolfSSL	4:1b0d80432c79	2022	word16 offset = 0;
wolfSSL	4:1b0d80432c79	2023	word16 size = 0;
wolfSSL	4:1b0d80432c79	2024
wolfSSL	4:1b0d80432c79	2025	if (length < ENUM_LEN)
wolfSSL	4:1b0d80432c79	2026	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	2027
wolfSSL	4:1b0d80432c79	2028	status_type = input[offset++];
wolfSSL	4:1b0d80432c79	2029
wolfSSL	4:1b0d80432c79	2030	switch (status_type) {
wolfSSL	4:1b0d80432c79	2031	case WOLFSSL_CSR_OCSP: {
wolfSSL	4:1b0d80432c79	2032
wolfSSL	4:1b0d80432c79	2033	/* skip responder_id_list */
wolfSSL	4:1b0d80432c79	2034	if (length - offset < OPAQUE16_LEN)
wolfSSL	4:1b0d80432c79	2035	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	2036
wolfSSL	4:1b0d80432c79	2037	ato16(input + offset, &size);
wolfSSL	4:1b0d80432c79	2038	offset += OPAQUE16_LEN + size;
wolfSSL	4:1b0d80432c79	2039
wolfSSL	4:1b0d80432c79	2040	/* skip request_extensions */
wolfSSL	4:1b0d80432c79	2041	if (length - offset < OPAQUE16_LEN)
wolfSSL	4:1b0d80432c79	2042	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	2043
wolfSSL	4:1b0d80432c79	2044	ato16(input + offset, &size);
wolfSSL	4:1b0d80432c79	2045	offset += OPAQUE16_LEN + size;
wolfSSL	4:1b0d80432c79	2046
wolfSSL	4:1b0d80432c79	2047	if (offset > length)
wolfSSL	4:1b0d80432c79	2048	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	2049
wolfSSL	4:1b0d80432c79	2050	/* is able to send OCSP response? */
wolfSSL	4:1b0d80432c79	2051	if (ssl->ctx->cm == NULL \|\| !ssl->ctx->cm->ocspStaplingEnabled)
wolfSSL	4:1b0d80432c79	2052	return 0;
wolfSSL	4:1b0d80432c79	2053	}
wolfSSL	4:1b0d80432c79	2054	break;
wolfSSL	4:1b0d80432c79	2055	}
wolfSSL	4:1b0d80432c79	2056
wolfSSL	4:1b0d80432c79	2057	/* if using status_request and already sending it, skip this one */
wolfSSL	4:1b0d80432c79	2058	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	4:1b0d80432c79	2059	if (ssl->status_request_v2)
wolfSSL	4:1b0d80432c79	2060	return 0;
wolfSSL	4:1b0d80432c79	2061	#endif
wolfSSL	4:1b0d80432c79	2062
wolfSSL	4:1b0d80432c79	2063	/* accept the first good status_type and return */
wolfSSL	4:1b0d80432c79	2064	ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type,
wolfSSL	4:1b0d80432c79	2065	0);
wolfSSL	4:1b0d80432c79	2066	if (ret != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	2067	return ret; /* throw error */
wolfSSL	4:1b0d80432c79	2068
wolfSSL	4:1b0d80432c79	2069	TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST);
wolfSSL	4:1b0d80432c79	2070	ssl->status_request = status_type;
wolfSSL	4:1b0d80432c79	2071
wolfSSL	4:1b0d80432c79	2072	#endif
wolfSSL	4:1b0d80432c79	2073	}
wolfSSL	4:1b0d80432c79	2074
wolfSSL	4:1b0d80432c79	2075	return 0;
wolfSSL	4:1b0d80432c79	2076	}
wolfSSL	4:1b0d80432c79	2077
wolfSSL	4:1b0d80432c79	2078	int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert)
wolfSSL	4:1b0d80432c79	2079	{
wolfSSL	4:1b0d80432c79	2080	TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
wolfSSL	4:1b0d80432c79	2081	CertificateStatusRequest* csr = extension ? extension->data : NULL;
wolfSSL	4:1b0d80432c79	2082	int ret = 0;
wolfSSL	4:1b0d80432c79	2083
wolfSSL	4:1b0d80432c79	2084	if (csr) {
wolfSSL	4:1b0d80432c79	2085	switch (csr->status_type) {
wolfSSL	4:1b0d80432c79	2086	case WOLFSSL_CSR_OCSP: {
wolfSSL	4:1b0d80432c79	2087	byte nonce[MAX_OCSP_NONCE_SZ];
wolfSSL	4:1b0d80432c79	2088	int nonceSz = csr->request.ocsp.nonceSz;
wolfSSL	4:1b0d80432c79	2089
wolfSSL	4:1b0d80432c79	2090	/* preserve nonce */
wolfSSL	4:1b0d80432c79	2091	XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz);
wolfSSL	4:1b0d80432c79	2092
wolfSSL	4:1b0d80432c79	2093	if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0)) != 0)
wolfSSL	4:1b0d80432c79	2094	return ret;
wolfSSL	4:1b0d80432c79	2095
wolfSSL	4:1b0d80432c79	2096	/* restore nonce */
wolfSSL	4:1b0d80432c79	2097	XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz);
wolfSSL	4:1b0d80432c79	2098	csr->request.ocsp.nonceSz = nonceSz;
wolfSSL	4:1b0d80432c79	2099	}
wolfSSL	4:1b0d80432c79	2100	break;
wolfSSL	4:1b0d80432c79	2101	}
wolfSSL	4:1b0d80432c79	2102	}
wolfSSL	4:1b0d80432c79	2103
wolfSSL	4:1b0d80432c79	2104	return ret;
wolfSSL	4:1b0d80432c79	2105	}
wolfSSL	4:1b0d80432c79	2106
wolfSSL	4:1b0d80432c79	2107	void* TLSX_CSR_GetRequest(TLSX* extensions)
wolfSSL	4:1b0d80432c79	2108	{
wolfSSL	4:1b0d80432c79	2109	TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
wolfSSL	4:1b0d80432c79	2110	CertificateStatusRequest* csr = extension ? extension->data : NULL;
wolfSSL	4:1b0d80432c79	2111
wolfSSL	4:1b0d80432c79	2112	if (csr) {
wolfSSL	4:1b0d80432c79	2113	switch (csr->status_type) {
wolfSSL	4:1b0d80432c79	2114	case WOLFSSL_CSR_OCSP:
wolfSSL	4:1b0d80432c79	2115	return &csr->request.ocsp;
wolfSSL	4:1b0d80432c79	2116	break;
wolfSSL	4:1b0d80432c79	2117	}
wolfSSL	4:1b0d80432c79	2118	}
wolfSSL	4:1b0d80432c79	2119
wolfSSL	4:1b0d80432c79	2120	return NULL;
wolfSSL	4:1b0d80432c79	2121	}
wolfSSL	4:1b0d80432c79	2122
wolfSSL	4:1b0d80432c79	2123	int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	2124	{
wolfSSL	4:1b0d80432c79	2125	TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
wolfSSL	4:1b0d80432c79	2126	CertificateStatusRequest* csr = extension ? extension->data : NULL;
wolfSSL	4:1b0d80432c79	2127
wolfSSL	4:1b0d80432c79	2128	if (csr) {
wolfSSL	4:1b0d80432c79	2129	switch (csr->status_type) {
wolfSSL	4:1b0d80432c79	2130	case WOLFSSL_CSR_OCSP:
wolfSSL	4:1b0d80432c79	2131	if (ssl->ctx->cm->ocspEnabled)
wolfSSL	4:1b0d80432c79	2132	return CheckOcspRequest(ssl->ctx->cm->ocsp,
wolfSSL	4:1b0d80432c79	2133	&csr->request.ocsp, NULL);
wolfSSL	4:1b0d80432c79	2134	else
wolfSSL	4:1b0d80432c79	2135	return OCSP_LOOKUP_FAIL;
wolfSSL	4:1b0d80432c79	2136	}
wolfSSL	4:1b0d80432c79	2137	}
wolfSSL	4:1b0d80432c79	2138
wolfSSL	4:1b0d80432c79	2139	return 0;
wolfSSL	4:1b0d80432c79	2140	}
wolfSSL	4:1b0d80432c79	2141
wolfSSL	4:1b0d80432c79	2142	int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
wolfSSL	4:1b0d80432c79	2143	byte options)
wolfSSL	4:1b0d80432c79	2144	{
wolfSSL	4:1b0d80432c79	2145	CertificateStatusRequest* csr = NULL;
wolfSSL	4:1b0d80432c79	2146	int ret = 0;
wolfSSL	4:1b0d80432c79	2147
wolfSSL	4:1b0d80432c79	2148	if (!extensions \|\| status_type != WOLFSSL_CSR_OCSP)
wolfSSL	4:1b0d80432c79	2149	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	2150
wolfSSL	4:1b0d80432c79	2151	csr = (CertificateStatusRequest*)
wolfSSL	4:1b0d80432c79	2152	XMALLOC(sizeof(CertificateStatusRequest), NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	2153	if (!csr)
wolfSSL	4:1b0d80432c79	2154	return MEMORY_E;
wolfSSL	4:1b0d80432c79	2155
wolfSSL	4:1b0d80432c79	2156	ForceZero(csr, sizeof(CertificateStatusRequest));
wolfSSL	4:1b0d80432c79	2157
wolfSSL	4:1b0d80432c79	2158	csr->status_type = status_type;
wolfSSL	4:1b0d80432c79	2159	csr->options = options;
wolfSSL	4:1b0d80432c79	2160
wolfSSL	4:1b0d80432c79	2161	switch (csr->status_type) {
wolfSSL	4:1b0d80432c79	2162	case WOLFSSL_CSR_OCSP:
wolfSSL	4:1b0d80432c79	2163	if (options & WOLFSSL_CSR_OCSP_USE_NONCE) {
wolfSSL	4:1b0d80432c79	2164	WC_RNG rng;
wolfSSL	4:1b0d80432c79	2165
wolfSSL	4:1b0d80432c79	2166	if (wc_InitRng(&rng) == 0) {
wolfSSL	4:1b0d80432c79	2167	if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce,
wolfSSL	4:1b0d80432c79	2168	MAX_OCSP_NONCE_SZ) == 0)
wolfSSL	4:1b0d80432c79	2169	csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ;
wolfSSL	4:1b0d80432c79	2170
wolfSSL	4:1b0d80432c79	2171	wc_FreeRng(&rng);
wolfSSL	4:1b0d80432c79	2172	}
wolfSSL	4:1b0d80432c79	2173	}
wolfSSL	4:1b0d80432c79	2174	break;
wolfSSL	4:1b0d80432c79	2175	}
wolfSSL	4:1b0d80432c79	2176
wolfSSL	4:1b0d80432c79	2177	if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST, csr)) != 0) {
wolfSSL	4:1b0d80432c79	2178	XFREE(csr, NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	2179	return ret;
wolfSSL	4:1b0d80432c79	2180	}
wolfSSL	4:1b0d80432c79	2181
wolfSSL	4:1b0d80432c79	2182	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	2183	}
wolfSSL	4:1b0d80432c79	2184
wolfSSL	4:1b0d80432c79	2185	#define CSR_FREE_ALL TLSX_CSR_Free
wolfSSL	4:1b0d80432c79	2186	#define CSR_GET_SIZE TLSX_CSR_GetSize
wolfSSL	4:1b0d80432c79	2187	#define CSR_WRITE TLSX_CSR_Write
wolfSSL	4:1b0d80432c79	2188	#define CSR_PARSE TLSX_CSR_Parse
wolfSSL	4:1b0d80432c79	2189
wolfSSL	4:1b0d80432c79	2190	#else
wolfSSL	4:1b0d80432c79	2191
wolfSSL	4:1b0d80432c79	2192	#define CSR_FREE_ALL(data)
wolfSSL	4:1b0d80432c79	2193	#define CSR_GET_SIZE(a, b) 0
wolfSSL	4:1b0d80432c79	2194	#define CSR_WRITE(a, b, c) 0
wolfSSL	4:1b0d80432c79	2195	#define CSR_PARSE(a, b, c, d) 0
wolfSSL	4:1b0d80432c79	2196
wolfSSL	4:1b0d80432c79	2197	#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL	4:1b0d80432c79	2198
wolfSSL	4:1b0d80432c79	2199	/******************************************************************************/
wolfSSL	4:1b0d80432c79	2200	/* Certificate Status Request v2 */
wolfSSL	4:1b0d80432c79	2201	/******************************************************************************/
wolfSSL	4:1b0d80432c79	2202
wolfSSL	4:1b0d80432c79	2203	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	4:1b0d80432c79	2204
wolfSSL	4:1b0d80432c79	2205	static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2)
wolfSSL	4:1b0d80432c79	2206	{
wolfSSL	4:1b0d80432c79	2207	CertificateStatusRequestItemV2* next;
wolfSSL	4:1b0d80432c79	2208
wolfSSL	4:1b0d80432c79	2209	for (; csr2; csr2 = next) {
wolfSSL	4:1b0d80432c79	2210	next = csr2->next;
wolfSSL	4:1b0d80432c79	2211
wolfSSL	4:1b0d80432c79	2212	switch (csr2->status_type) {
wolfSSL	4:1b0d80432c79	2213	case WOLFSSL_CSR2_OCSP:
wolfSSL	4:1b0d80432c79	2214	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	4:1b0d80432c79	2215	while(csr2->requests--)
wolfSSL	4:1b0d80432c79	2216	FreeOcspRequest(&csr2->request.ocsp[csr2->requests]);
wolfSSL	4:1b0d80432c79	2217	break;
wolfSSL	4:1b0d80432c79	2218	}
wolfSSL	4:1b0d80432c79	2219
wolfSSL	4:1b0d80432c79	2220	XFREE(csr2, NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	2221	}
wolfSSL	4:1b0d80432c79	2222	}
wolfSSL	4:1b0d80432c79	2223
wolfSSL	4:1b0d80432c79	2224	static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2,
wolfSSL	4:1b0d80432c79	2225	byte isRequest)
wolfSSL	4:1b0d80432c79	2226	{
wolfSSL	4:1b0d80432c79	2227	word16 size = 0;
wolfSSL	4:1b0d80432c79	2228
wolfSSL	4:1b0d80432c79	2229	/* shut up compiler warnings */
wolfSSL	4:1b0d80432c79	2230	(void) csr2; (void) isRequest;
wolfSSL	4:1b0d80432c79	2231
wolfSSL	4:1b0d80432c79	2232	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	2233	if (isRequest) {
wolfSSL	4:1b0d80432c79	2234	CertificateStatusRequestItemV2* next;
wolfSSL	4:1b0d80432c79	2235
wolfSSL	4:1b0d80432c79	2236	for (size = OPAQUE16_LEN; csr2; csr2 = next) {
wolfSSL	4:1b0d80432c79	2237	next = csr2->next;
wolfSSL	4:1b0d80432c79	2238
wolfSSL	4:1b0d80432c79	2239	switch (csr2->status_type) {
wolfSSL	4:1b0d80432c79	2240	case WOLFSSL_CSR2_OCSP:
wolfSSL	4:1b0d80432c79	2241	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	4:1b0d80432c79	2242	size += ENUM_LEN + 3 * OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	2243
wolfSSL	4:1b0d80432c79	2244	if (csr2->request.ocsp[0].nonceSz)
wolfSSL	4:1b0d80432c79	2245	size += OCSP_NONCE_EXT_SZ;
wolfSSL	4:1b0d80432c79	2246	break;
wolfSSL	4:1b0d80432c79	2247	}
wolfSSL	4:1b0d80432c79	2248	}
wolfSSL	4:1b0d80432c79	2249	}
wolfSSL	4:1b0d80432c79	2250	#endif
wolfSSL	4:1b0d80432c79	2251
wolfSSL	4:1b0d80432c79	2252	return size;
wolfSSL	4:1b0d80432c79	2253	}
wolfSSL	4:1b0d80432c79	2254
wolfSSL	4:1b0d80432c79	2255	static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
wolfSSL	4:1b0d80432c79	2256	byte* output, byte isRequest)
wolfSSL	4:1b0d80432c79	2257	{
wolfSSL	4:1b0d80432c79	2258	/* shut up compiler warnings */
wolfSSL	4:1b0d80432c79	2259	(void) csr2; (void) output; (void) isRequest;
wolfSSL	4:1b0d80432c79	2260
wolfSSL	4:1b0d80432c79	2261	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	2262	if (isRequest) {
wolfSSL	4:1b0d80432c79	2263	word16 offset;
wolfSSL	4:1b0d80432c79	2264	word16 length;
wolfSSL	4:1b0d80432c79	2265
wolfSSL	4:1b0d80432c79	2266	for (offset = OPAQUE16_LEN; csr2 != NULL; csr2 = csr2->next) {
wolfSSL	4:1b0d80432c79	2267	/* status_type */
wolfSSL	4:1b0d80432c79	2268	output[offset++] = csr2->status_type;
wolfSSL	4:1b0d80432c79	2269
wolfSSL	4:1b0d80432c79	2270	/* request */
wolfSSL	4:1b0d80432c79	2271	switch (csr2->status_type) {
wolfSSL	4:1b0d80432c79	2272	case WOLFSSL_CSR2_OCSP:
wolfSSL	4:1b0d80432c79	2273	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	4:1b0d80432c79	2274	/* request_length */
wolfSSL	4:1b0d80432c79	2275	length = 2 * OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	2276
wolfSSL	4:1b0d80432c79	2277	if (csr2->request.ocsp[0].nonceSz)
wolfSSL	4:1b0d80432c79	2278	length += OCSP_NONCE_EXT_SZ;
wolfSSL	4:1b0d80432c79	2279
wolfSSL	4:1b0d80432c79	2280	c16toa(length, output + offset);
wolfSSL	4:1b0d80432c79	2281	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	2282
wolfSSL	4:1b0d80432c79	2283	/* responder id list */
wolfSSL	4:1b0d80432c79	2284	c16toa(0, output + offset);
wolfSSL	4:1b0d80432c79	2285	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	2286
wolfSSL	4:1b0d80432c79	2287	/* request extensions */
wolfSSL	4:1b0d80432c79	2288	length = 0;
wolfSSL	4:1b0d80432c79	2289
wolfSSL	4:1b0d80432c79	2290	if (csr2->request.ocsp[0].nonceSz)
wolfSSL	4:1b0d80432c79	2291	length = EncodeOcspRequestExtensions(
wolfSSL	4:1b0d80432c79	2292	&csr2->request.ocsp[0],
wolfSSL	4:1b0d80432c79	2293	output + offset + OPAQUE16_LEN,
wolfSSL	4:1b0d80432c79	2294	OCSP_NONCE_EXT_SZ);
wolfSSL	4:1b0d80432c79	2295
wolfSSL	4:1b0d80432c79	2296	c16toa(length, output + offset);
wolfSSL	4:1b0d80432c79	2297	offset += OPAQUE16_LEN + length;
wolfSSL	4:1b0d80432c79	2298	break;
wolfSSL	4:1b0d80432c79	2299	}
wolfSSL	4:1b0d80432c79	2300	}
wolfSSL	4:1b0d80432c79	2301
wolfSSL	4:1b0d80432c79	2302	/* list size */
wolfSSL	4:1b0d80432c79	2303	c16toa(offset - OPAQUE16_LEN, output);
wolfSSL	4:1b0d80432c79	2304
wolfSSL	4:1b0d80432c79	2305	return offset;
wolfSSL	4:1b0d80432c79	2306	}
wolfSSL	4:1b0d80432c79	2307	#endif
wolfSSL	4:1b0d80432c79	2308
wolfSSL	4:1b0d80432c79	2309	return 0;
wolfSSL	4:1b0d80432c79	2310	}
wolfSSL	4:1b0d80432c79	2311
wolfSSL	4:1b0d80432c79	2312	static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	4:1b0d80432c79	2313	byte isRequest)
wolfSSL	4:1b0d80432c79	2314	{
wolfSSL	4:1b0d80432c79	2315	int ret;
wolfSSL	4:1b0d80432c79	2316
wolfSSL	4:1b0d80432c79	2317	/* shut up compiler warnings */
wolfSSL	4:1b0d80432c79	2318	(void) ssl; (void) input;
wolfSSL	4:1b0d80432c79	2319
wolfSSL	4:1b0d80432c79	2320	if (!isRequest) {
wolfSSL	4:1b0d80432c79	2321	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	2322	TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL	4:1b0d80432c79	2323	CertificateStatusRequestItemV2* csr2 = extension ? extension->data
wolfSSL	4:1b0d80432c79	2324	: NULL;
wolfSSL	4:1b0d80432c79	2325
wolfSSL	4:1b0d80432c79	2326	if (!csr2) {
wolfSSL	4:1b0d80432c79	2327	/* look at context level */
wolfSSL	4:1b0d80432c79	2328
wolfSSL	4:1b0d80432c79	2329	extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL	4:1b0d80432c79	2330	csr2 = extension ? extension->data : NULL;
wolfSSL	4:1b0d80432c79	2331
wolfSSL	4:1b0d80432c79	2332	if (!csr2)
wolfSSL	4:1b0d80432c79	2333	return BUFFER_ERROR; /* unexpected extension */
wolfSSL	4:1b0d80432c79	2334
wolfSSL	4:1b0d80432c79	2335	/* enable extension at ssl level */
wolfSSL	4:1b0d80432c79	2336	for (; csr2; csr2 = csr2->next) {
wolfSSL	4:1b0d80432c79	2337	ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions,
wolfSSL	4:1b0d80432c79	2338	csr2->status_type, csr2->options);
wolfSSL	4:1b0d80432c79	2339	if (ret != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	2340	return ret;
wolfSSL	4:1b0d80432c79	2341
wolfSSL	4:1b0d80432c79	2342	switch (csr2->status_type) {
wolfSSL	4:1b0d80432c79	2343	case WOLFSSL_CSR2_OCSP:
wolfSSL	4:1b0d80432c79	2344	/* followed by */
wolfSSL	4:1b0d80432c79	2345	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	4:1b0d80432c79	2346	/* propagate nonce */
wolfSSL	4:1b0d80432c79	2347	if (csr2->request.ocsp[0].nonceSz) {
wolfSSL	4:1b0d80432c79	2348	OcspRequest* request =
wolfSSL	4:1b0d80432c79	2349	TLSX_CSR2_GetRequest(ssl->extensions,
wolfSSL	4:1b0d80432c79	2350	csr2->status_type, 0);
wolfSSL	4:1b0d80432c79	2351
wolfSSL	4:1b0d80432c79	2352	if (request) {
wolfSSL	4:1b0d80432c79	2353	XMEMCPY(request->nonce,
wolfSSL	4:1b0d80432c79	2354	csr2->request.ocsp[0].nonce,
wolfSSL	4:1b0d80432c79	2355	csr2->request.ocsp[0].nonceSz);
wolfSSL	4:1b0d80432c79	2356
wolfSSL	4:1b0d80432c79	2357	request->nonceSz =
wolfSSL	4:1b0d80432c79	2358	csr2->request.ocsp[0].nonceSz;
wolfSSL	4:1b0d80432c79	2359	}
wolfSSL	4:1b0d80432c79	2360	}
wolfSSL	4:1b0d80432c79	2361	break;
wolfSSL	4:1b0d80432c79	2362	}
wolfSSL	4:1b0d80432c79	2363	}
wolfSSL	4:1b0d80432c79	2364
wolfSSL	4:1b0d80432c79	2365	}
wolfSSL	4:1b0d80432c79	2366
wolfSSL	4:1b0d80432c79	2367	ssl->status_request_v2 = 1;
wolfSSL	4:1b0d80432c79	2368
wolfSSL	4:1b0d80432c79	2369	return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */
wolfSSL	4:1b0d80432c79	2370	#endif
wolfSSL	4:1b0d80432c79	2371	}
wolfSSL	4:1b0d80432c79	2372	else {
wolfSSL	4:1b0d80432c79	2373	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	2374	byte status_type;
wolfSSL	4:1b0d80432c79	2375	word16 request_length;
wolfSSL	4:1b0d80432c79	2376	word16 offset = 0;
wolfSSL	4:1b0d80432c79	2377	word16 size = 0;
wolfSSL	4:1b0d80432c79	2378
wolfSSL	4:1b0d80432c79	2379	/* list size */
wolfSSL	4:1b0d80432c79	2380	ato16(input + offset, &request_length);
wolfSSL	4:1b0d80432c79	2381	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	2382
wolfSSL	4:1b0d80432c79	2383	if (length - OPAQUE16_LEN != request_length)
wolfSSL	4:1b0d80432c79	2384	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	2385
wolfSSL	4:1b0d80432c79	2386	while (length > offset) {
wolfSSL	4:1b0d80432c79	2387	if (length - offset < ENUM_LEN + OPAQUE16_LEN)
wolfSSL	4:1b0d80432c79	2388	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	2389
wolfSSL	4:1b0d80432c79	2390	status_type = input[offset++];
wolfSSL	4:1b0d80432c79	2391
wolfSSL	4:1b0d80432c79	2392	ato16(input + offset, &request_length);
wolfSSL	4:1b0d80432c79	2393	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	2394
wolfSSL	4:1b0d80432c79	2395	if (length - offset < request_length)
wolfSSL	4:1b0d80432c79	2396	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	2397
wolfSSL	4:1b0d80432c79	2398	switch (status_type) {
wolfSSL	4:1b0d80432c79	2399	case WOLFSSL_CSR2_OCSP:
wolfSSL	4:1b0d80432c79	2400	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	4:1b0d80432c79	2401	/* skip responder_id_list */
wolfSSL	4:1b0d80432c79	2402	if (length - offset < OPAQUE16_LEN)
wolfSSL	4:1b0d80432c79	2403	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	2404
wolfSSL	4:1b0d80432c79	2405	ato16(input + offset, &size);
wolfSSL	4:1b0d80432c79	2406	offset += OPAQUE16_LEN + size;
wolfSSL	4:1b0d80432c79	2407
wolfSSL	4:1b0d80432c79	2408	/* skip request_extensions */
wolfSSL	4:1b0d80432c79	2409	if (length - offset < OPAQUE16_LEN)
wolfSSL	4:1b0d80432c79	2410	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	2411
wolfSSL	4:1b0d80432c79	2412	ato16(input + offset, &size);
wolfSSL	4:1b0d80432c79	2413	offset += OPAQUE16_LEN + size;
wolfSSL	4:1b0d80432c79	2414
wolfSSL	4:1b0d80432c79	2415	if (offset > length)
wolfSSL	4:1b0d80432c79	2416	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	2417
wolfSSL	4:1b0d80432c79	2418	/* is able to send OCSP response? */
wolfSSL	4:1b0d80432c79	2419	if (ssl->ctx->cm == NULL
wolfSSL	4:1b0d80432c79	2420	\|\| !ssl->ctx->cm->ocspStaplingEnabled)
wolfSSL	4:1b0d80432c79	2421	continue;
wolfSSL	4:1b0d80432c79	2422	break;
wolfSSL	4:1b0d80432c79	2423
wolfSSL	4:1b0d80432c79	2424	default:
wolfSSL	4:1b0d80432c79	2425	/* unknown status type, skipping! */
wolfSSL	4:1b0d80432c79	2426	offset += request_length;
wolfSSL	4:1b0d80432c79	2427	continue;
wolfSSL	4:1b0d80432c79	2428	}
wolfSSL	4:1b0d80432c79	2429
wolfSSL	4:1b0d80432c79	2430	/* if using status_request and already sending it, skip this one */
wolfSSL	4:1b0d80432c79	2431	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	4:1b0d80432c79	2432	if (ssl->status_request)
wolfSSL	4:1b0d80432c79	2433	return 0;
wolfSSL	4:1b0d80432c79	2434	#endif
wolfSSL	4:1b0d80432c79	2435
wolfSSL	4:1b0d80432c79	2436	/* accept the first good status_type and return */
wolfSSL	4:1b0d80432c79	2437	ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions,
wolfSSL	4:1b0d80432c79	2438	status_type, 0);
wolfSSL	4:1b0d80432c79	2439	if (ret != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	2440	return ret; /* throw error */
wolfSSL	4:1b0d80432c79	2441
wolfSSL	4:1b0d80432c79	2442	TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST_V2);
wolfSSL	4:1b0d80432c79	2443	ssl->status_request_v2 = status_type;
wolfSSL	4:1b0d80432c79	2444
wolfSSL	4:1b0d80432c79	2445	return 0;
wolfSSL	4:1b0d80432c79	2446	}
wolfSSL	4:1b0d80432c79	2447	#endif
wolfSSL	4:1b0d80432c79	2448	}
wolfSSL	4:1b0d80432c79	2449
wolfSSL	4:1b0d80432c79	2450	return 0;
wolfSSL	4:1b0d80432c79	2451	}
wolfSSL	4:1b0d80432c79	2452
wolfSSL	4:1b0d80432c79	2453	int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer)
wolfSSL	4:1b0d80432c79	2454	{
wolfSSL	4:1b0d80432c79	2455	TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL	4:1b0d80432c79	2456	CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL;
wolfSSL	4:1b0d80432c79	2457	int ret = 0;
wolfSSL	4:1b0d80432c79	2458
wolfSSL	4:1b0d80432c79	2459	for (; csr2; csr2 = csr2->next) {
wolfSSL	4:1b0d80432c79	2460	switch (csr2->status_type) {
wolfSSL	4:1b0d80432c79	2461	case WOLFSSL_CSR2_OCSP:
wolfSSL	4:1b0d80432c79	2462	if (!isPeer \|\| csr2->requests != 0)
wolfSSL	4:1b0d80432c79	2463	break;
wolfSSL	4:1b0d80432c79	2464
wolfSSL	4:1b0d80432c79	2465	/* followed by */
wolfSSL	4:1b0d80432c79	2466
wolfSSL	4:1b0d80432c79	2467	case WOLFSSL_CSR2_OCSP_MULTI: {
wolfSSL	4:1b0d80432c79	2468	if (csr2->requests < 1 + MAX_CHAIN_DEPTH) {
wolfSSL	4:1b0d80432c79	2469	byte nonce[MAX_OCSP_NONCE_SZ];
wolfSSL	4:1b0d80432c79	2470	int nonceSz = csr2->request.ocsp[0].nonceSz;
wolfSSL	4:1b0d80432c79	2471
wolfSSL	4:1b0d80432c79	2472	/* preserve nonce, replicating nonce of ocsp[0] */
wolfSSL	4:1b0d80432c79	2473	XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz);
wolfSSL	4:1b0d80432c79	2474
wolfSSL	4:1b0d80432c79	2475	if ((ret = InitOcspRequest(
wolfSSL	4:1b0d80432c79	2476	&csr2->request.ocsp[csr2->requests], cert, 0)) != 0)
wolfSSL	4:1b0d80432c79	2477	return ret;
wolfSSL	4:1b0d80432c79	2478
wolfSSL	4:1b0d80432c79	2479	/* restore nonce */
wolfSSL	4:1b0d80432c79	2480	XMEMCPY(csr2->request.ocsp[csr2->requests].nonce,
wolfSSL	4:1b0d80432c79	2481	nonce, nonceSz);
wolfSSL	4:1b0d80432c79	2482	csr2->request.ocsp[csr2->requests].nonceSz = nonceSz;
wolfSSL	4:1b0d80432c79	2483	csr2->requests++;
wolfSSL	4:1b0d80432c79	2484	}
wolfSSL	4:1b0d80432c79	2485	}
wolfSSL	4:1b0d80432c79	2486	break;
wolfSSL	4:1b0d80432c79	2487	}
wolfSSL	4:1b0d80432c79	2488	}
wolfSSL	4:1b0d80432c79	2489
wolfSSL	4:1b0d80432c79	2490	return ret;
wolfSSL	4:1b0d80432c79	2491	}
wolfSSL	4:1b0d80432c79	2492
wolfSSL	4:1b0d80432c79	2493	void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte index)
wolfSSL	4:1b0d80432c79	2494	{
wolfSSL	4:1b0d80432c79	2495	TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL	4:1b0d80432c79	2496	CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL;
wolfSSL	4:1b0d80432c79	2497
wolfSSL	4:1b0d80432c79	2498	for (; csr2; csr2 = csr2->next) {
wolfSSL	4:1b0d80432c79	2499	if (csr2->status_type == status_type) {
wolfSSL	4:1b0d80432c79	2500	switch (csr2->status_type) {
wolfSSL	4:1b0d80432c79	2501	case WOLFSSL_CSR2_OCSP:
wolfSSL	4:1b0d80432c79	2502	/* followed by */
wolfSSL	4:1b0d80432c79	2503
wolfSSL	4:1b0d80432c79	2504	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	4:1b0d80432c79	2505	/* requests are initialized in the reverse order */
wolfSSL	4:1b0d80432c79	2506	return index < csr2->requests
wolfSSL	4:1b0d80432c79	2507	? &csr2->request.ocsp[csr2->requests - index - 1]
wolfSSL	4:1b0d80432c79	2508	: NULL;
wolfSSL	4:1b0d80432c79	2509	break;
wolfSSL	4:1b0d80432c79	2510	}
wolfSSL	4:1b0d80432c79	2511	}
wolfSSL	4:1b0d80432c79	2512	}
wolfSSL	4:1b0d80432c79	2513
wolfSSL	4:1b0d80432c79	2514	return NULL;
wolfSSL	4:1b0d80432c79	2515	}
wolfSSL	4:1b0d80432c79	2516
wolfSSL	4:1b0d80432c79	2517	int TLSX_CSR2_ForceRequest(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	2518	{
wolfSSL	4:1b0d80432c79	2519	TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL	4:1b0d80432c79	2520	CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL;
wolfSSL	4:1b0d80432c79	2521
wolfSSL	4:1b0d80432c79	2522	/* forces only the first one */
wolfSSL	4:1b0d80432c79	2523	if (csr2) {
wolfSSL	4:1b0d80432c79	2524	switch (csr2->status_type) {
wolfSSL	4:1b0d80432c79	2525	case WOLFSSL_CSR2_OCSP:
wolfSSL	4:1b0d80432c79	2526	/* followed by */
wolfSSL	4:1b0d80432c79	2527
wolfSSL	4:1b0d80432c79	2528	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	4:1b0d80432c79	2529	if (ssl->ctx->cm->ocspEnabled)
wolfSSL	4:1b0d80432c79	2530	return CheckOcspRequest(ssl->ctx->cm->ocsp,
wolfSSL	4:1b0d80432c79	2531	&csr2->request.ocsp[0], NULL);
wolfSSL	4:1b0d80432c79	2532	else
wolfSSL	4:1b0d80432c79	2533	return OCSP_LOOKUP_FAIL;
wolfSSL	4:1b0d80432c79	2534	}
wolfSSL	4:1b0d80432c79	2535	}
wolfSSL	4:1b0d80432c79	2536
wolfSSL	4:1b0d80432c79	2537	return 0;
wolfSSL	4:1b0d80432c79	2538	}
wolfSSL	4:1b0d80432c79	2539
wolfSSL	4:1b0d80432c79	2540	int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
wolfSSL	4:1b0d80432c79	2541	byte options)
wolfSSL	4:1b0d80432c79	2542	{
wolfSSL	4:1b0d80432c79	2543	TLSX* extension = NULL;
wolfSSL	4:1b0d80432c79	2544	CertificateStatusRequestItemV2* csr2 = NULL;
wolfSSL	4:1b0d80432c79	2545	int ret = 0;
wolfSSL	4:1b0d80432c79	2546
wolfSSL	4:1b0d80432c79	2547	if (!extensions)
wolfSSL	4:1b0d80432c79	2548	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	2549
wolfSSL	4:1b0d80432c79	2550	if (status_type != WOLFSSL_CSR2_OCSP
wolfSSL	4:1b0d80432c79	2551	&& status_type != WOLFSSL_CSR2_OCSP_MULTI)
wolfSSL	4:1b0d80432c79	2552	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	2553
wolfSSL	4:1b0d80432c79	2554	csr2 = (CertificateStatusRequestItemV2*)
wolfSSL	4:1b0d80432c79	2555	XMALLOC(sizeof(CertificateStatusRequestItemV2), NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	2556	if (!csr2)
wolfSSL	4:1b0d80432c79	2557	return MEMORY_E;
wolfSSL	4:1b0d80432c79	2558
wolfSSL	4:1b0d80432c79	2559	ForceZero(csr2, sizeof(CertificateStatusRequestItemV2));
wolfSSL	4:1b0d80432c79	2560
wolfSSL	4:1b0d80432c79	2561	csr2->status_type = status_type;
wolfSSL	4:1b0d80432c79	2562	csr2->options = options;
wolfSSL	4:1b0d80432c79	2563	csr2->next = NULL;
wolfSSL	4:1b0d80432c79	2564
wolfSSL	4:1b0d80432c79	2565	switch (csr2->status_type) {
wolfSSL	4:1b0d80432c79	2566	case WOLFSSL_CSR2_OCSP:
wolfSSL	4:1b0d80432c79	2567	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	4:1b0d80432c79	2568	if (options & WOLFSSL_CSR2_OCSP_USE_NONCE) {
wolfSSL	4:1b0d80432c79	2569	WC_RNG rng;
wolfSSL	4:1b0d80432c79	2570
wolfSSL	4:1b0d80432c79	2571	if (wc_InitRng(&rng) == 0) {
wolfSSL	4:1b0d80432c79	2572	if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp[0].nonce,
wolfSSL	4:1b0d80432c79	2573	MAX_OCSP_NONCE_SZ) == 0)
wolfSSL	4:1b0d80432c79	2574	csr2->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ;
wolfSSL	4:1b0d80432c79	2575
wolfSSL	4:1b0d80432c79	2576	wc_FreeRng(&rng);
wolfSSL	4:1b0d80432c79	2577	}
wolfSSL	4:1b0d80432c79	2578	}
wolfSSL	4:1b0d80432c79	2579	break;
wolfSSL	4:1b0d80432c79	2580	}
wolfSSL	4:1b0d80432c79	2581
wolfSSL	4:1b0d80432c79	2582	/* append new item */
wolfSSL	4:1b0d80432c79	2583	if ((extension = TLSX_Find(*extensions, TLSX_STATUS_REQUEST_V2))) {
wolfSSL	4:1b0d80432c79	2584	CertificateStatusRequestItemV2* last =
wolfSSL	4:1b0d80432c79	2585	(CertificateStatusRequestItemV2*)extension->data;
wolfSSL	4:1b0d80432c79	2586
wolfSSL	4:1b0d80432c79	2587	for (; last->next; last = last->next);
wolfSSL	4:1b0d80432c79	2588
wolfSSL	4:1b0d80432c79	2589	last->next = csr2;
wolfSSL	4:1b0d80432c79	2590	}
wolfSSL	4:1b0d80432c79	2591	else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2))) {
wolfSSL	4:1b0d80432c79	2592	XFREE(csr2, NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	2593	return ret;
wolfSSL	4:1b0d80432c79	2594	}
wolfSSL	4:1b0d80432c79	2595
wolfSSL	4:1b0d80432c79	2596	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	2597	}
wolfSSL	4:1b0d80432c79	2598
wolfSSL	4:1b0d80432c79	2599	#define CSR2_FREE_ALL TLSX_CSR2_FreeAll
wolfSSL	4:1b0d80432c79	2600	#define CSR2_GET_SIZE TLSX_CSR2_GetSize
wolfSSL	4:1b0d80432c79	2601	#define CSR2_WRITE TLSX_CSR2_Write
wolfSSL	4:1b0d80432c79	2602	#define CSR2_PARSE TLSX_CSR2_Parse
wolfSSL	4:1b0d80432c79	2603
wolfSSL	4:1b0d80432c79	2604	#else
wolfSSL	4:1b0d80432c79	2605
wolfSSL	4:1b0d80432c79	2606	#define CSR2_FREE_ALL(data)
wolfSSL	4:1b0d80432c79	2607	#define CSR2_GET_SIZE(a, b) 0
wolfSSL	4:1b0d80432c79	2608	#define CSR2_WRITE(a, b, c) 0
wolfSSL	4:1b0d80432c79	2609	#define CSR2_PARSE(a, b, c, d) 0
wolfSSL	4:1b0d80432c79	2610
wolfSSL	4:1b0d80432c79	2611	#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL	4:1b0d80432c79	2612
wolfSSL	4:1b0d80432c79	2613	/******************************************************************************/
wolfSSL	4:1b0d80432c79	2614	/* Supported Elliptic Curves */
wolfSSL	4:1b0d80432c79	2615	/******************************************************************************/
wolfSSL	4:1b0d80432c79	2616
wolfSSL	4:1b0d80432c79	2617	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	4:1b0d80432c79	2618
wolfSSL	4:1b0d80432c79	2619	#ifndef HAVE_ECC
wolfSSL	4:1b0d80432c79	2620	#error Elliptic Curves Extension requires Elliptic Curve Cryptography. \
wolfSSL	4:1b0d80432c79	2621	Use --enable-ecc in the configure script or define HAVE_ECC.
wolfSSL	4:1b0d80432c79	2622	#endif
wolfSSL	4:1b0d80432c79	2623
wolfSSL	4:1b0d80432c79	2624	static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list)
wolfSSL	4:1b0d80432c79	2625	{
wolfSSL	4:1b0d80432c79	2626	EllipticCurve* curve;
wolfSSL	4:1b0d80432c79	2627
wolfSSL	4:1b0d80432c79	2628	while ((curve = list)) {
wolfSSL	4:1b0d80432c79	2629	list = curve->next;
wolfSSL	4:1b0d80432c79	2630	XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	2631	}
wolfSSL	4:1b0d80432c79	2632	}
wolfSSL	4:1b0d80432c79	2633
wolfSSL	4:1b0d80432c79	2634	static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name)
wolfSSL	4:1b0d80432c79	2635	{
wolfSSL	4:1b0d80432c79	2636	EllipticCurve* curve = NULL;
wolfSSL	4:1b0d80432c79	2637
wolfSSL	4:1b0d80432c79	2638	if (list == NULL)
wolfSSL	4:1b0d80432c79	2639	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	2640
wolfSSL	4:1b0d80432c79	2641	curve = (EllipticCurve*)XMALLOC(sizeof(EllipticCurve), NULL,
wolfSSL	4:1b0d80432c79	2642	DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	2643	if (curve == NULL)
wolfSSL	4:1b0d80432c79	2644	return MEMORY_E;
wolfSSL	4:1b0d80432c79	2645
wolfSSL	4:1b0d80432c79	2646	curve->name = name;
wolfSSL	4:1b0d80432c79	2647	curve->next = *list;
wolfSSL	4:1b0d80432c79	2648
wolfSSL	4:1b0d80432c79	2649	*list = curve;
wolfSSL	4:1b0d80432c79	2650
wolfSSL	4:1b0d80432c79	2651	return 0;
wolfSSL	4:1b0d80432c79	2652	}
wolfSSL	4:1b0d80432c79	2653
wolfSSL	4:1b0d80432c79	2654	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	2655
wolfSSL	4:1b0d80432c79	2656	static void TLSX_EllipticCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
wolfSSL	4:1b0d80432c79	2657	{
wolfSSL	4:1b0d80432c79	2658	int i;
wolfSSL	4:1b0d80432c79	2659
wolfSSL	4:1b0d80432c79	2660	for (i = 0; i < ssl->suites->suiteSz; i+= 2)
wolfSSL	4:1b0d80432c79	2661	if (ssl->suites->suites[i] == ECC_BYTE \|\|
wolfSSL	4:1b0d80432c79	2662	ssl->suites->suites[i] == CHACHA_BYTE)
wolfSSL	4:1b0d80432c79	2663	return;
wolfSSL	4:1b0d80432c79	2664
wolfSSL	4:1b0d80432c79	2665	/* turns semaphore on to avoid sending this extension. */
wolfSSL	4:1b0d80432c79	2666	TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS));
wolfSSL	4:1b0d80432c79	2667	}
wolfSSL	4:1b0d80432c79	2668
wolfSSL	4:1b0d80432c79	2669	static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list)
wolfSSL	4:1b0d80432c79	2670	{
wolfSSL	4:1b0d80432c79	2671	EllipticCurve* curve;
wolfSSL	4:1b0d80432c79	2672	word16 length = OPAQUE16_LEN; /* list length */
wolfSSL	4:1b0d80432c79	2673
wolfSSL	4:1b0d80432c79	2674	while ((curve = list)) {
wolfSSL	4:1b0d80432c79	2675	list = curve->next;
wolfSSL	4:1b0d80432c79	2676	length += OPAQUE16_LEN; /* curve length */
wolfSSL	4:1b0d80432c79	2677	}
wolfSSL	4:1b0d80432c79	2678
wolfSSL	4:1b0d80432c79	2679	return length;
wolfSSL	4:1b0d80432c79	2680	}
wolfSSL	4:1b0d80432c79	2681
wolfSSL	4:1b0d80432c79	2682	static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output);
wolfSSL	4:1b0d80432c79	2683	static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output)
wolfSSL	4:1b0d80432c79	2684	{
wolfSSL	4:1b0d80432c79	2685	word16 offset = 0;
wolfSSL	4:1b0d80432c79	2686
wolfSSL	4:1b0d80432c79	2687	if (!curve)
wolfSSL	4:1b0d80432c79	2688	return offset;
wolfSSL	4:1b0d80432c79	2689
wolfSSL	4:1b0d80432c79	2690	offset = TLSX_EllipticCurve_WriteR(curve->next, output);
wolfSSL	4:1b0d80432c79	2691	c16toa(curve->name, output + offset);
wolfSSL	4:1b0d80432c79	2692
wolfSSL	4:1b0d80432c79	2693	return OPAQUE16_LEN + offset;
wolfSSL	4:1b0d80432c79	2694	}
wolfSSL	4:1b0d80432c79	2695
wolfSSL	4:1b0d80432c79	2696	static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output)
wolfSSL	4:1b0d80432c79	2697	{
wolfSSL	4:1b0d80432c79	2698	word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN);
wolfSSL	4:1b0d80432c79	2699
wolfSSL	4:1b0d80432c79	2700	c16toa(length, output); /* writing list length */
wolfSSL	4:1b0d80432c79	2701
wolfSSL	4:1b0d80432c79	2702	return OPAQUE16_LEN + length;
wolfSSL	4:1b0d80432c79	2703	}
wolfSSL	4:1b0d80432c79	2704
wolfSSL	4:1b0d80432c79	2705	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	4:1b0d80432c79	2706	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	2707
wolfSSL	4:1b0d80432c79	2708	static int TLSX_EllipticCurve_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	4:1b0d80432c79	2709	byte isRequest)
wolfSSL	4:1b0d80432c79	2710	{
wolfSSL	4:1b0d80432c79	2711	word16 offset;
wolfSSL	4:1b0d80432c79	2712	word16 name;
wolfSSL	4:1b0d80432c79	2713	int r;
wolfSSL	4:1b0d80432c79	2714
wolfSSL	4:1b0d80432c79	2715	(void) isRequest; /* shut up compiler! */
wolfSSL	4:1b0d80432c79	2716
wolfSSL	4:1b0d80432c79	2717	if (OPAQUE16_LEN > length \|\| length % OPAQUE16_LEN)
wolfSSL	4:1b0d80432c79	2718	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	2719
wolfSSL	4:1b0d80432c79	2720	ato16(input, &offset);
wolfSSL	4:1b0d80432c79	2721
wolfSSL	4:1b0d80432c79	2722	/* validating curve list length */
wolfSSL	4:1b0d80432c79	2723	if (length != OPAQUE16_LEN + offset)
wolfSSL	4:1b0d80432c79	2724	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	2725
wolfSSL	4:1b0d80432c79	2726	while (offset) {
wolfSSL	4:1b0d80432c79	2727	ato16(input + offset, &name);
wolfSSL	4:1b0d80432c79	2728	offset -= OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	2729
wolfSSL	4:1b0d80432c79	2730	r = TLSX_UseSupportedCurve(&ssl->extensions, name);
wolfSSL	4:1b0d80432c79	2731
wolfSSL	4:1b0d80432c79	2732	if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL	4:1b0d80432c79	2733	}
wolfSSL	4:1b0d80432c79	2734
wolfSSL	4:1b0d80432c79	2735	return 0;
wolfSSL	4:1b0d80432c79	2736	}
wolfSSL	4:1b0d80432c79	2737
wolfSSL	4:1b0d80432c79	2738	int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
wolfSSL	4:1b0d80432c79	2739	TLSX* extension = (first == ECC_BYTE \|\| first == CHACHA_BYTE)
wolfSSL	4:1b0d80432c79	2740	? TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS)
wolfSSL	4:1b0d80432c79	2741	: NULL;
wolfSSL	4:1b0d80432c79	2742	EllipticCurve* curve = NULL;
wolfSSL	4:1b0d80432c79	2743	word32 oid = 0;
wolfSSL	4:1b0d80432c79	2744	word16 octets = 0; /* according to 'ecc_set_type ecc_sets[];' */
wolfSSL	4:1b0d80432c79	2745	int sig = 0; /* validate signature */
wolfSSL	4:1b0d80432c79	2746	int key = 0; /* validate key */
wolfSSL	4:1b0d80432c79	2747
wolfSSL	4:1b0d80432c79	2748	(void)oid;
wolfSSL	4:1b0d80432c79	2749	(void)octets;
wolfSSL	4:1b0d80432c79	2750
wolfSSL	4:1b0d80432c79	2751	if (!extension)
wolfSSL	4:1b0d80432c79	2752	return 1; /* no suite restriction */
wolfSSL	4:1b0d80432c79	2753
wolfSSL	4:1b0d80432c79	2754	for (curve = extension->data; curve && !(sig && key); curve = curve->next) {
wolfSSL	4:1b0d80432c79	2755
wolfSSL	4:1b0d80432c79	2756	switch (curve->name) {
wolfSSL	4:1b0d80432c79	2757	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC160)
wolfSSL	4:1b0d80432c79	2758	case WOLFSSL_ECC_SECP160R1: oid = ECC_160R1; octets = 20; break;
wolfSSL	4:1b0d80432c79	2759	#endif
wolfSSL	4:1b0d80432c79	2760	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC192)
wolfSSL	4:1b0d80432c79	2761	case WOLFSSL_ECC_SECP192R1: oid = ECC_192R1; octets = 24; break;
wolfSSL	4:1b0d80432c79	2762	#endif
wolfSSL	4:1b0d80432c79	2763	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC224)
wolfSSL	4:1b0d80432c79	2764	case WOLFSSL_ECC_SECP224R1: oid = ECC_224R1; octets = 28; break;
wolfSSL	4:1b0d80432c79	2765	#endif
wolfSSL	4:1b0d80432c79	2766	#if defined(HAVE_ALL_CURVES) \|\| !defined(NO_ECC256)
wolfSSL	4:1b0d80432c79	2767	case WOLFSSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break;
wolfSSL	4:1b0d80432c79	2768	#endif
wolfSSL	4:1b0d80432c79	2769	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC384)
wolfSSL	4:1b0d80432c79	2770	case WOLFSSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break;
wolfSSL	4:1b0d80432c79	2771	#endif
wolfSSL	4:1b0d80432c79	2772	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC521)
wolfSSL	4:1b0d80432c79	2773	case WOLFSSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break;
wolfSSL	4:1b0d80432c79	2774	#endif
wolfSSL	4:1b0d80432c79	2775	default: continue; /* unsupported curve */
wolfSSL	4:1b0d80432c79	2776	}
wolfSSL	4:1b0d80432c79	2777
wolfSSL	4:1b0d80432c79	2778	if (first == ECC_BYTE) {
wolfSSL	4:1b0d80432c79	2779	switch (second) {
wolfSSL	4:1b0d80432c79	2780	#ifndef NO_DSA
wolfSSL	4:1b0d80432c79	2781	/* ECDHE_ECDSA */
wolfSSL	4:1b0d80432c79	2782	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL	4:1b0d80432c79	2783	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL	4:1b0d80432c79	2784	case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
wolfSSL	4:1b0d80432c79	2785	case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL	4:1b0d80432c79	2786	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL	4:1b0d80432c79	2787	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL	4:1b0d80432c79	2788	case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL	4:1b0d80432c79	2789	case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL	4:1b0d80432c79	2790	case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL	4:1b0d80432c79	2791	case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
wolfSSL	4:1b0d80432c79	2792	sig \|= ssl->pkCurveOID == oid;
wolfSSL	4:1b0d80432c79	2793	key \|= ssl->eccTempKeySz == octets;
wolfSSL	4:1b0d80432c79	2794	break;
wolfSSL	4:1b0d80432c79	2795
wolfSSL	4:1b0d80432c79	2796	/* ECDH_ECDSA */
wolfSSL	4:1b0d80432c79	2797	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL	4:1b0d80432c79	2798	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL	4:1b0d80432c79	2799	case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
wolfSSL	4:1b0d80432c79	2800	case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL	4:1b0d80432c79	2801	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL	4:1b0d80432c79	2802	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL	4:1b0d80432c79	2803	case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL	4:1b0d80432c79	2804	case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL	4:1b0d80432c79	2805	sig \|= ssl->pkCurveOID == oid;
wolfSSL	4:1b0d80432c79	2806	key \|= ssl->pkCurveOID == oid;
wolfSSL	4:1b0d80432c79	2807	break;
wolfSSL	4:1b0d80432c79	2808	#endif
wolfSSL	4:1b0d80432c79	2809	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	2810	/* ECDHE_RSA */
wolfSSL	4:1b0d80432c79	2811	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
wolfSSL	4:1b0d80432c79	2812	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
wolfSSL	4:1b0d80432c79	2813	case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
wolfSSL	4:1b0d80432c79	2814	case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL	4:1b0d80432c79	2815	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL	4:1b0d80432c79	2816	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL	4:1b0d80432c79	2817	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL	4:1b0d80432c79	2818	case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL	4:1b0d80432c79	2819	sig = 1;
wolfSSL	4:1b0d80432c79	2820	key \|= ssl->eccTempKeySz == octets;
wolfSSL	4:1b0d80432c79	2821	break;
wolfSSL	4:1b0d80432c79	2822
wolfSSL	4:1b0d80432c79	2823	/* ECDH_RSA */
wolfSSL	4:1b0d80432c79	2824	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
wolfSSL	4:1b0d80432c79	2825	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
wolfSSL	4:1b0d80432c79	2826	case TLS_ECDH_RSA_WITH_RC4_128_SHA:
wolfSSL	4:1b0d80432c79	2827	case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL	4:1b0d80432c79	2828	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL	4:1b0d80432c79	2829	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL	4:1b0d80432c79	2830	case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL	4:1b0d80432c79	2831	case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL	4:1b0d80432c79	2832	sig = 1;
wolfSSL	4:1b0d80432c79	2833	key \|= ssl->pkCurveOID == oid;
wolfSSL	4:1b0d80432c79	2834	break;
wolfSSL	4:1b0d80432c79	2835	#endif
wolfSSL	4:1b0d80432c79	2836	default:
wolfSSL	4:1b0d80432c79	2837	sig = 1;
wolfSSL	4:1b0d80432c79	2838	key = 1;
wolfSSL	4:1b0d80432c79	2839	break;
wolfSSL	4:1b0d80432c79	2840	}
wolfSSL	4:1b0d80432c79	2841	}
wolfSSL	4:1b0d80432c79	2842
wolfSSL	4:1b0d80432c79	2843	/* ChaCha20-Poly1305 ECC cipher suites */
wolfSSL	4:1b0d80432c79	2844	if (first == CHACHA_BYTE) {
wolfSSL	4:1b0d80432c79	2845	switch (second) {
wolfSSL	4:1b0d80432c79	2846	#ifndef NO_DSA
wolfSSL	4:1b0d80432c79	2847	/* ECDHE_ECDSA */
wolfSSL	4:1b0d80432c79	2848	case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	4:1b0d80432c79	2849	case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL	4:1b0d80432c79	2850	sig \|= ssl->pkCurveOID == oid;
wolfSSL	4:1b0d80432c79	2851	key \|= ssl->eccTempKeySz == octets;
wolfSSL	4:1b0d80432c79	2852	break;
wolfSSL	4:1b0d80432c79	2853	#endif
wolfSSL	4:1b0d80432c79	2854	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	2855	/* ECDHE_RSA */
wolfSSL	4:1b0d80432c79	2856	case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	4:1b0d80432c79	2857	case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL	4:1b0d80432c79	2858	sig = 1;
wolfSSL	4:1b0d80432c79	2859	key \|= ssl->eccTempKeySz == octets;
wolfSSL	4:1b0d80432c79	2860	break;
wolfSSL	4:1b0d80432c79	2861	#endif
wolfSSL	4:1b0d80432c79	2862	default:
wolfSSL	4:1b0d80432c79	2863	sig = 1;
wolfSSL	4:1b0d80432c79	2864	key = 1;
wolfSSL	4:1b0d80432c79	2865	break;
wolfSSL	4:1b0d80432c79	2866	}
wolfSSL	4:1b0d80432c79	2867	}
wolfSSL	4:1b0d80432c79	2868	}
wolfSSL	4:1b0d80432c79	2869
wolfSSL	4:1b0d80432c79	2870	return sig && key;
wolfSSL	4:1b0d80432c79	2871	}
wolfSSL	4:1b0d80432c79	2872
wolfSSL	4:1b0d80432c79	2873	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	4:1b0d80432c79	2874
wolfSSL	4:1b0d80432c79	2875	int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
wolfSSL	4:1b0d80432c79	2876	{
wolfSSL	4:1b0d80432c79	2877	TLSX* extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL	4:1b0d80432c79	2878	EllipticCurve* curve = NULL;
wolfSSL	4:1b0d80432c79	2879	int ret = 0;
wolfSSL	4:1b0d80432c79	2880
wolfSSL	4:1b0d80432c79	2881	if (extensions == NULL)
wolfSSL	4:1b0d80432c79	2882	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	2883
wolfSSL	4:1b0d80432c79	2884	if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0)
wolfSSL	4:1b0d80432c79	2885	return ret;
wolfSSL	4:1b0d80432c79	2886
wolfSSL	4:1b0d80432c79	2887	if (!extension) {
wolfSSL	4:1b0d80432c79	2888	if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve)) != 0) {
wolfSSL	4:1b0d80432c79	2889	XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	2890	return ret;
wolfSSL	4:1b0d80432c79	2891	}
wolfSSL	4:1b0d80432c79	2892	}
wolfSSL	4:1b0d80432c79	2893	else {
wolfSSL	4:1b0d80432c79	2894	/* push new EllipticCurve object to extension data. */
wolfSSL	4:1b0d80432c79	2895	curve->next = (EllipticCurve*)extension->data;
wolfSSL	4:1b0d80432c79	2896	extension->data = (void*)curve;
wolfSSL	4:1b0d80432c79	2897
wolfSSL	4:1b0d80432c79	2898	/* look for another curve of the same name to remove (replacement) */
wolfSSL	4:1b0d80432c79	2899	do {
wolfSSL	4:1b0d80432c79	2900	if (curve->next && curve->next->name == name) {
wolfSSL	4:1b0d80432c79	2901	EllipticCurve *next = curve->next;
wolfSSL	4:1b0d80432c79	2902
wolfSSL	4:1b0d80432c79	2903	curve->next = next->next;
wolfSSL	4:1b0d80432c79	2904	XFREE(next, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	2905
wolfSSL	4:1b0d80432c79	2906	break;
wolfSSL	4:1b0d80432c79	2907	}
wolfSSL	4:1b0d80432c79	2908	} while ((curve = curve->next));
wolfSSL	4:1b0d80432c79	2909	}
wolfSSL	4:1b0d80432c79	2910
wolfSSL	4:1b0d80432c79	2911	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	2912	}
wolfSSL	4:1b0d80432c79	2913
wolfSSL	4:1b0d80432c79	2914	#define EC_FREE_ALL TLSX_EllipticCurve_FreeAll
wolfSSL	4:1b0d80432c79	2915	#define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest
wolfSSL	4:1b0d80432c79	2916
wolfSSL	4:1b0d80432c79	2917	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	2918	#define EC_GET_SIZE TLSX_EllipticCurve_GetSize
wolfSSL	4:1b0d80432c79	2919	#define EC_WRITE TLSX_EllipticCurve_Write
wolfSSL	4:1b0d80432c79	2920	#else
wolfSSL	4:1b0d80432c79	2921	#define EC_GET_SIZE(list) 0
wolfSSL	4:1b0d80432c79	2922	#define EC_WRITE(a, b) 0
wolfSSL	4:1b0d80432c79	2923	#endif
wolfSSL	4:1b0d80432c79	2924
wolfSSL	4:1b0d80432c79	2925	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	2926	#define EC_PARSE TLSX_EllipticCurve_Parse
wolfSSL	4:1b0d80432c79	2927	#else
wolfSSL	4:1b0d80432c79	2928	#define EC_PARSE(a, b, c, d) 0
wolfSSL	4:1b0d80432c79	2929	#endif
wolfSSL	4:1b0d80432c79	2930
wolfSSL	4:1b0d80432c79	2931	#else
wolfSSL	4:1b0d80432c79	2932
wolfSSL	4:1b0d80432c79	2933	#define EC_FREE_ALL(list)
wolfSSL	4:1b0d80432c79	2934	#define EC_GET_SIZE(list) 0
wolfSSL	4:1b0d80432c79	2935	#define EC_WRITE(a, b) 0
wolfSSL	4:1b0d80432c79	2936	#define EC_PARSE(a, b, c, d) 0
wolfSSL	4:1b0d80432c79	2937	#define EC_VALIDATE_REQUEST(a, b)
wolfSSL	4:1b0d80432c79	2938
wolfSSL	4:1b0d80432c79	2939	#endif /* HAVE_SUPPORTED_CURVES */
wolfSSL	4:1b0d80432c79	2940
wolfSSL	4:1b0d80432c79	2941	/******************************************************************************/
wolfSSL	4:1b0d80432c79	2942	/* Renegotiation Indication */
wolfSSL	4:1b0d80432c79	2943	/******************************************************************************/
wolfSSL	4:1b0d80432c79	2944
wolfSSL	4:1b0d80432c79	2945	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	4:1b0d80432c79	2946
wolfSSL	4:1b0d80432c79	2947	static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data,
wolfSSL	4:1b0d80432c79	2948	int isRequest)
wolfSSL	4:1b0d80432c79	2949	{
wolfSSL	4:1b0d80432c79	2950	byte length = OPAQUE8_LEN; /* empty info length */
wolfSSL	4:1b0d80432c79	2951
wolfSSL	4:1b0d80432c79	2952	if (data->enabled) {
wolfSSL	4:1b0d80432c79	2953	/* client sends client_verify_data only */
wolfSSL	4:1b0d80432c79	2954	length += TLS_FINISHED_SZ;
wolfSSL	4:1b0d80432c79	2955
wolfSSL	4:1b0d80432c79	2956	/* server also sends server_verify_data */
wolfSSL	4:1b0d80432c79	2957	if (!isRequest)
wolfSSL	4:1b0d80432c79	2958	length += TLS_FINISHED_SZ;
wolfSSL	4:1b0d80432c79	2959	}
wolfSSL	4:1b0d80432c79	2960
wolfSSL	4:1b0d80432c79	2961	return length;
wolfSSL	4:1b0d80432c79	2962	}
wolfSSL	4:1b0d80432c79	2963
wolfSSL	4:1b0d80432c79	2964	static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data,
wolfSSL	4:1b0d80432c79	2965	byte* output, int isRequest)
wolfSSL	4:1b0d80432c79	2966	{
wolfSSL	4:1b0d80432c79	2967	word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */
wolfSSL	4:1b0d80432c79	2968
wolfSSL	4:1b0d80432c79	2969	if (data->enabled) {
wolfSSL	4:1b0d80432c79	2970	/* client sends client_verify_data only */
wolfSSL	4:1b0d80432c79	2971	XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ);
wolfSSL	4:1b0d80432c79	2972	offset += TLS_FINISHED_SZ;
wolfSSL	4:1b0d80432c79	2973
wolfSSL	4:1b0d80432c79	2974	/* server also sends server_verify_data */
wolfSSL	4:1b0d80432c79	2975	if (!isRequest) {
wolfSSL	4:1b0d80432c79	2976	XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ);
wolfSSL	4:1b0d80432c79	2977	offset += TLS_FINISHED_SZ;
wolfSSL	4:1b0d80432c79	2978	}
wolfSSL	4:1b0d80432c79	2979	}
wolfSSL	4:1b0d80432c79	2980
wolfSSL	4:1b0d80432c79	2981	output[0] = offset - 1; /* info length - self */
wolfSSL	4:1b0d80432c79	2982
wolfSSL	4:1b0d80432c79	2983	return offset;
wolfSSL	4:1b0d80432c79	2984	}
wolfSSL	4:1b0d80432c79	2985
wolfSSL	4:1b0d80432c79	2986	static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
wolfSSL	4:1b0d80432c79	2987	word16 length, byte isRequest)
wolfSSL	4:1b0d80432c79	2988	{
wolfSSL	4:1b0d80432c79	2989	int ret = SECURE_RENEGOTIATION_E;
wolfSSL	4:1b0d80432c79	2990
wolfSSL	4:1b0d80432c79	2991	if (length >= OPAQUE8_LEN) {
wolfSSL	4:1b0d80432c79	2992	if (ssl->secure_renegotiation == NULL) {
wolfSSL	4:1b0d80432c79	2993	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	2994	if (isRequest && *input == 0) {
wolfSSL	4:1b0d80432c79	2995	ret = 0; /* don't reply, user didn't enable */
wolfSSL	4:1b0d80432c79	2996	}
wolfSSL	4:1b0d80432c79	2997	#endif
wolfSSL	4:1b0d80432c79	2998	}
wolfSSL	4:1b0d80432c79	2999	else if (isRequest) {
wolfSSL	4:1b0d80432c79	3000	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	3001	if (*input == TLS_FINISHED_SZ) {
wolfSSL	4:1b0d80432c79	3002	/* TODO compare client_verify_data */
wolfSSL	4:1b0d80432c79	3003	ret = 0;
wolfSSL	4:1b0d80432c79	3004	}
wolfSSL	4:1b0d80432c79	3005	#endif
wolfSSL	4:1b0d80432c79	3006	}
wolfSSL	4:1b0d80432c79	3007	else {
wolfSSL	4:1b0d80432c79	3008	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	3009	if (!ssl->secure_renegotiation->enabled) {
wolfSSL	4:1b0d80432c79	3010	if (*input == 0) {
wolfSSL	4:1b0d80432c79	3011	ssl->secure_renegotiation->enabled = 1;
wolfSSL	4:1b0d80432c79	3012	ret = 0;
wolfSSL	4:1b0d80432c79	3013	}
wolfSSL	4:1b0d80432c79	3014	}
wolfSSL	4:1b0d80432c79	3015	else if (input == 2 TLS_FINISHED_SZ) {
wolfSSL	4:1b0d80432c79	3016	/* TODO compare client_verify_data and server_verify_data */
wolfSSL	4:1b0d80432c79	3017	ret = 0;
wolfSSL	4:1b0d80432c79	3018	}
wolfSSL	4:1b0d80432c79	3019	#endif
wolfSSL	4:1b0d80432c79	3020	}
wolfSSL	4:1b0d80432c79	3021	}
wolfSSL	4:1b0d80432c79	3022
wolfSSL	4:1b0d80432c79	3023	if (ret != 0) {
wolfSSL	4:1b0d80432c79	3024	/* TODO: turn on fatal error at ssl level too */
wolfSSL	4:1b0d80432c79	3025	SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL	4:1b0d80432c79	3026	}
wolfSSL	4:1b0d80432c79	3027
wolfSSL	4:1b0d80432c79	3028	return ret;
wolfSSL	4:1b0d80432c79	3029	}
wolfSSL	4:1b0d80432c79	3030
wolfSSL	4:1b0d80432c79	3031	int TLSX_UseSecureRenegotiation(TLSX** extensions)
wolfSSL	4:1b0d80432c79	3032	{
wolfSSL	4:1b0d80432c79	3033	int ret = 0;
wolfSSL	4:1b0d80432c79	3034	SecureRenegotiation* data = NULL;
wolfSSL	4:1b0d80432c79	3035
wolfSSL	4:1b0d80432c79	3036	data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), NULL,
wolfSSL	4:1b0d80432c79	3037	DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	3038	if (data == NULL)
wolfSSL	4:1b0d80432c79	3039	return MEMORY_E;
wolfSSL	4:1b0d80432c79	3040
wolfSSL	4:1b0d80432c79	3041	XMEMSET(data, 0, sizeof(SecureRenegotiation));
wolfSSL	4:1b0d80432c79	3042
wolfSSL	4:1b0d80432c79	3043	ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data);
wolfSSL	4:1b0d80432c79	3044	if (ret != 0) {
wolfSSL	4:1b0d80432c79	3045	XFREE(data, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	3046	return ret;
wolfSSL	4:1b0d80432c79	3047	}
wolfSSL	4:1b0d80432c79	3048
wolfSSL	4:1b0d80432c79	3049	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	3050	}
wolfSSL	4:1b0d80432c79	3051
wolfSSL	4:1b0d80432c79	3052
wolfSSL	4:1b0d80432c79	3053	#define SCR_FREE_ALL(data) XFREE(data, NULL, DYNAMIC_TYPE_TLSX)
wolfSSL	4:1b0d80432c79	3054	#define SCR_GET_SIZE TLSX_SecureRenegotiation_GetSize
wolfSSL	4:1b0d80432c79	3055	#define SCR_WRITE TLSX_SecureRenegotiation_Write
wolfSSL	4:1b0d80432c79	3056	#define SCR_PARSE TLSX_SecureRenegotiation_Parse
wolfSSL	4:1b0d80432c79	3057
wolfSSL	4:1b0d80432c79	3058	#else
wolfSSL	4:1b0d80432c79	3059
wolfSSL	4:1b0d80432c79	3060	#define SCR_FREE_ALL(a)
wolfSSL	4:1b0d80432c79	3061	#define SCR_GET_SIZE(a, b) 0
wolfSSL	4:1b0d80432c79	3062	#define SCR_WRITE(a, b, c) 0
wolfSSL	4:1b0d80432c79	3063	#define SCR_PARSE(a, b, c, d) 0
wolfSSL	4:1b0d80432c79	3064
wolfSSL	4:1b0d80432c79	3065	#endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL	4:1b0d80432c79	3066
wolfSSL	4:1b0d80432c79	3067	/******************************************************************************/
wolfSSL	4:1b0d80432c79	3068	/* Session Tickets */
wolfSSL	4:1b0d80432c79	3069	/******************************************************************************/
wolfSSL	4:1b0d80432c79	3070
wolfSSL	4:1b0d80432c79	3071	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	3072
wolfSSL	4:1b0d80432c79	3073	static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	3074	{
wolfSSL	4:1b0d80432c79	3075	TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET);
wolfSSL	4:1b0d80432c79	3076	SessionTicket* ticket = extension ? extension->data : NULL;
wolfSSL	4:1b0d80432c79	3077
wolfSSL	4:1b0d80432c79	3078	if (ticket) {
wolfSSL	4:1b0d80432c79	3079	/* TODO validate ticket timeout here! */
wolfSSL	4:1b0d80432c79	3080	if (ticket->lifetime == 0xfffffff) {
wolfSSL	4:1b0d80432c79	3081	/* send empty ticket on timeout */
wolfSSL	4:1b0d80432c79	3082	TLSX_UseSessionTicket(&ssl->extensions, NULL);
wolfSSL	4:1b0d80432c79	3083	}
wolfSSL	4:1b0d80432c79	3084	}
wolfSSL	4:1b0d80432c79	3085	}
wolfSSL	4:1b0d80432c79	3086
wolfSSL	4:1b0d80432c79	3087
wolfSSL	4:1b0d80432c79	3088	static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
wolfSSL	4:1b0d80432c79	3089	{
wolfSSL	4:1b0d80432c79	3090	(void)isRequest;
wolfSSL	4:1b0d80432c79	3091	return ticket ? ticket->size : 0;
wolfSSL	4:1b0d80432c79	3092	}
wolfSSL	4:1b0d80432c79	3093
wolfSSL	4:1b0d80432c79	3094	static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
wolfSSL	4:1b0d80432c79	3095	int isRequest)
wolfSSL	4:1b0d80432c79	3096	{
wolfSSL	4:1b0d80432c79	3097	word16 offset = 0; /* empty ticket */
wolfSSL	4:1b0d80432c79	3098
wolfSSL	4:1b0d80432c79	3099	if (isRequest && ticket) {
wolfSSL	4:1b0d80432c79	3100	XMEMCPY(output + offset, ticket->data, ticket->size);
wolfSSL	4:1b0d80432c79	3101	offset += ticket->size;
wolfSSL	4:1b0d80432c79	3102	}
wolfSSL	4:1b0d80432c79	3103
wolfSSL	4:1b0d80432c79	3104	return offset;
wolfSSL	4:1b0d80432c79	3105	}
wolfSSL	4:1b0d80432c79	3106
wolfSSL	4:1b0d80432c79	3107
wolfSSL	4:1b0d80432c79	3108	static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	4:1b0d80432c79	3109	byte isRequest)
wolfSSL	4:1b0d80432c79	3110	{
wolfSSL	4:1b0d80432c79	3111	int ret = 0;
wolfSSL	4:1b0d80432c79	3112
wolfSSL	4:1b0d80432c79	3113	if (!isRequest) {
wolfSSL	4:1b0d80432c79	3114	/* client side */
wolfSSL	4:1b0d80432c79	3115	if (length != 0)
wolfSSL	4:1b0d80432c79	3116	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	3117
wolfSSL	4:1b0d80432c79	3118	ssl->expect_session_ticket = 1;
wolfSSL	4:1b0d80432c79	3119	}
wolfSSL	4:1b0d80432c79	3120	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	3121	else {
wolfSSL	4:1b0d80432c79	3122	/* server side */
wolfSSL	4:1b0d80432c79	3123	if (ssl->ctx->ticketEncCb == NULL) {
wolfSSL	4:1b0d80432c79	3124	WOLFSSL_MSG("Client sent session ticket, server has no callback");
wolfSSL	4:1b0d80432c79	3125	return 0;
wolfSSL	4:1b0d80432c79	3126	}
wolfSSL	4:1b0d80432c79	3127
wolfSSL	4:1b0d80432c79	3128	if (length == 0) {
wolfSSL	4:1b0d80432c79	3129	/* blank ticket */
wolfSSL	4:1b0d80432c79	3130	ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
wolfSSL	4:1b0d80432c79	3131	if (ret == SSL_SUCCESS) {
wolfSSL	4:1b0d80432c79	3132	ret = 0;
wolfSSL	4:1b0d80432c79	3133	TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); /* send blank ticket */
wolfSSL	4:1b0d80432c79	3134	ssl->options.createTicket = 1; /* will send ticket msg */
wolfSSL	4:1b0d80432c79	3135	ssl->options.useTicket = 1;
wolfSSL	4:1b0d80432c79	3136	}
wolfSSL	4:1b0d80432c79	3137	} else {
wolfSSL	4:1b0d80432c79	3138	/* got actual ticket from client */
wolfSSL	4:1b0d80432c79	3139	ret = DoClientTicket(ssl, input, length);
wolfSSL	4:1b0d80432c79	3140	if (ret == WOLFSSL_TICKET_RET_OK) { /* use ticket to resume */
wolfSSL	4:1b0d80432c79	3141	WOLFSSL_MSG("Using exisitng client ticket");
wolfSSL	4:1b0d80432c79	3142	ssl->options.useTicket = 1;
wolfSSL	4:1b0d80432c79	3143	ssl->options.resuming = 1;
wolfSSL	4:1b0d80432c79	3144	} else if (ret == WOLFSSL_TICKET_RET_CREATE) {
wolfSSL	4:1b0d80432c79	3145	WOLFSSL_MSG("Using existing client ticket, creating new one");
wolfSSL	4:1b0d80432c79	3146	ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
wolfSSL	4:1b0d80432c79	3147	if (ret == SSL_SUCCESS) {
wolfSSL	4:1b0d80432c79	3148	ret = 0;
wolfSSL	4:1b0d80432c79	3149	TLSX_SetResponse(ssl, TLSX_SESSION_TICKET);
wolfSSL	4:1b0d80432c79	3150	/* send blank ticket */
wolfSSL	4:1b0d80432c79	3151	ssl->options.createTicket = 1; /* will send ticket msg */
wolfSSL	4:1b0d80432c79	3152	ssl->options.useTicket = 1;
wolfSSL	4:1b0d80432c79	3153	ssl->options.resuming = 1;
wolfSSL	4:1b0d80432c79	3154	}
wolfSSL	4:1b0d80432c79	3155	} else if (ret == WOLFSSL_TICKET_RET_REJECT) {
wolfSSL	4:1b0d80432c79	3156	WOLFSSL_MSG("Process client ticket rejected, not using");
wolfSSL	4:1b0d80432c79	3157	ret = 0; /* not fatal */
wolfSSL	4:1b0d80432c79	3158	} else if (ret == WOLFSSL_TICKET_RET_FATAL \|\| ret < 0) {
wolfSSL	4:1b0d80432c79	3159	WOLFSSL_MSG("Process client ticket fatal error, not using");
wolfSSL	4:1b0d80432c79	3160	}
wolfSSL	4:1b0d80432c79	3161	}
wolfSSL	4:1b0d80432c79	3162	}
wolfSSL	4:1b0d80432c79	3163	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	4:1b0d80432c79	3164
wolfSSL	4:1b0d80432c79	3165	return ret;
wolfSSL	4:1b0d80432c79	3166	}
wolfSSL	4:1b0d80432c79	3167
wolfSSL	4:1b0d80432c79	3168	WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
wolfSSL	4:1b0d80432c79	3169	byte* data, word16 size)
wolfSSL	4:1b0d80432c79	3170	{
wolfSSL	4:1b0d80432c79	3171	SessionTicket* ticket = (SessionTicket*)XMALLOC(sizeof(SessionTicket),
wolfSSL	4:1b0d80432c79	3172	NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	3173	if (ticket) {
wolfSSL	4:1b0d80432c79	3174	ticket->data = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	3175	if (ticket->data == NULL) {
wolfSSL	4:1b0d80432c79	3176	XFREE(ticket, NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	3177	return NULL;
wolfSSL	4:1b0d80432c79	3178	}
wolfSSL	4:1b0d80432c79	3179
wolfSSL	4:1b0d80432c79	3180	XMEMCPY(ticket->data, data, size);
wolfSSL	4:1b0d80432c79	3181	ticket->size = size;
wolfSSL	4:1b0d80432c79	3182	ticket->lifetime = lifetime;
wolfSSL	4:1b0d80432c79	3183	}
wolfSSL	4:1b0d80432c79	3184
wolfSSL	4:1b0d80432c79	3185	return ticket;
wolfSSL	4:1b0d80432c79	3186	}
wolfSSL	4:1b0d80432c79	3187	WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket)
wolfSSL	4:1b0d80432c79	3188	{
wolfSSL	4:1b0d80432c79	3189	if (ticket) {
wolfSSL	4:1b0d80432c79	3190	XFREE(ticket->data, NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	3191	XFREE(ticket, NULL, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	3192	}
wolfSSL	4:1b0d80432c79	3193	}
wolfSSL	4:1b0d80432c79	3194
wolfSSL	4:1b0d80432c79	3195	int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
wolfSSL	4:1b0d80432c79	3196	{
wolfSSL	4:1b0d80432c79	3197	int ret = 0;
wolfSSL	4:1b0d80432c79	3198
wolfSSL	4:1b0d80432c79	3199	if (extensions == NULL)
wolfSSL	4:1b0d80432c79	3200	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	3201
wolfSSL	4:1b0d80432c79	3202	/* If the ticket is NULL, the client will request a new ticket from the
wolfSSL	4:1b0d80432c79	3203	server. Otherwise, the client will use it in the next client hello. */
wolfSSL	4:1b0d80432c79	3204	if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket)) != 0)
wolfSSL	4:1b0d80432c79	3205	return ret;
wolfSSL	4:1b0d80432c79	3206
wolfSSL	4:1b0d80432c79	3207	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	3208	}
wolfSSL	4:1b0d80432c79	3209
wolfSSL	4:1b0d80432c79	3210	#define STK_VALIDATE_REQUEST TLSX_SessionTicket_ValidateRequest
wolfSSL	4:1b0d80432c79	3211	#define STK_GET_SIZE TLSX_SessionTicket_GetSize
wolfSSL	4:1b0d80432c79	3212	#define STK_WRITE TLSX_SessionTicket_Write
wolfSSL	4:1b0d80432c79	3213	#define STK_PARSE TLSX_SessionTicket_Parse
wolfSSL	4:1b0d80432c79	3214
wolfSSL	4:1b0d80432c79	3215	#else
wolfSSL	4:1b0d80432c79	3216
wolfSSL	4:1b0d80432c79	3217	#define STK_VALIDATE_REQUEST(a)
wolfSSL	4:1b0d80432c79	3218	#define STK_GET_SIZE(a, b) 0
wolfSSL	4:1b0d80432c79	3219	#define STK_WRITE(a, b, c) 0
wolfSSL	4:1b0d80432c79	3220	#define STK_PARSE(a, b, c, d) 0
wolfSSL	4:1b0d80432c79	3221
wolfSSL	4:1b0d80432c79	3222	#endif /* HAVE_SESSION_TICKET */
wolfSSL	4:1b0d80432c79	3223
wolfSSL	4:1b0d80432c79	3224	/******************************************************************************/
wolfSSL	4:1b0d80432c79	3225	/* Quantum-Safe-Hybrid */
wolfSSL	4:1b0d80432c79	3226	/******************************************************************************/
wolfSSL	4:1b0d80432c79	3227
wolfSSL	4:1b0d80432c79	3228	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	3229	static WC_RNG* rng;
wolfSSL	4:1b0d80432c79	3230	static wolfSSL_Mutex* rngMutex;
wolfSSL	4:1b0d80432c79	3231
wolfSSL	4:1b0d80432c79	3232	static void TLSX_QSH_FreeAll(QSHScheme* list)
wolfSSL	4:1b0d80432c79	3233	{
wolfSSL	4:1b0d80432c79	3234	QSHScheme* current;
wolfSSL	4:1b0d80432c79	3235
wolfSSL	4:1b0d80432c79	3236	while ((current = list)) {
wolfSSL	4:1b0d80432c79	3237	list = current->next;
wolfSSL	4:1b0d80432c79	3238	XFREE(current, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	3239	}
wolfSSL	4:1b0d80432c79	3240	}
wolfSSL	4:1b0d80432c79	3241
wolfSSL	4:1b0d80432c79	3242	static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub,
wolfSSL	4:1b0d80432c79	3243	word16 pubLen)
wolfSSL	4:1b0d80432c79	3244	{
wolfSSL	4:1b0d80432c79	3245	QSHScheme* temp;
wolfSSL	4:1b0d80432c79	3246
wolfSSL	4:1b0d80432c79	3247	if (list == NULL)
wolfSSL	4:1b0d80432c79	3248	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	3249
wolfSSL	4:1b0d80432c79	3250	if ((temp = (QSHScheme*)XMALLOC(sizeof(QSHScheme), NULL,
wolfSSL	4:1b0d80432c79	3251	DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	4:1b0d80432c79	3252	return MEMORY_E;
wolfSSL	4:1b0d80432c79	3253
wolfSSL	4:1b0d80432c79	3254	temp->name = name;
wolfSSL	4:1b0d80432c79	3255	temp->PK = pub;
wolfSSL	4:1b0d80432c79	3256	temp->PKLen = pubLen;
wolfSSL	4:1b0d80432c79	3257	temp->next = *list;
wolfSSL	4:1b0d80432c79	3258
wolfSSL	4:1b0d80432c79	3259	*list = temp;
wolfSSL	4:1b0d80432c79	3260
wolfSSL	4:1b0d80432c79	3261	return 0;
wolfSSL	4:1b0d80432c79	3262	}
wolfSSL	4:1b0d80432c79	3263
wolfSSL	4:1b0d80432c79	3264
wolfSSL	4:1b0d80432c79	3265	/* request for server's public key : 02 indicates 0-2 requested */
wolfSSL	4:1b0d80432c79	3266	static byte TLSX_QSH_SerPKReq(byte* output, byte isRequest)
wolfSSL	4:1b0d80432c79	3267	{
wolfSSL	4:1b0d80432c79	3268	if (isRequest) {
wolfSSL	4:1b0d80432c79	3269	/* only request one public key from the server */
wolfSSL	4:1b0d80432c79	3270	output[0] = 0x01;
wolfSSL	4:1b0d80432c79	3271
wolfSSL	4:1b0d80432c79	3272	return OPAQUE8_LEN;
wolfSSL	4:1b0d80432c79	3273	}
wolfSSL	4:1b0d80432c79	3274	else {
wolfSSL	4:1b0d80432c79	3275	return 0;
wolfSSL	4:1b0d80432c79	3276	}
wolfSSL	4:1b0d80432c79	3277	}
wolfSSL	4:1b0d80432c79	3278
wolfSSL	4:1b0d80432c79	3279	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	3280
wolfSSL	4:1b0d80432c79	3281	/* check for TLS_QSH suite */
wolfSSL	4:1b0d80432c79	3282	static void TLSX_QSH_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
wolfSSL	4:1b0d80432c79	3283	{
wolfSSL	4:1b0d80432c79	3284	int i;
wolfSSL	4:1b0d80432c79	3285
wolfSSL	4:1b0d80432c79	3286	for (i = 0; i < ssl->suites->suiteSz; i+= 2)
wolfSSL	4:1b0d80432c79	3287	if (ssl->suites->suites[i] == QSH_BYTE)
wolfSSL	4:1b0d80432c79	3288	return;
wolfSSL	4:1b0d80432c79	3289
wolfSSL	4:1b0d80432c79	3290	/* No QSH suite found */
wolfSSL	4:1b0d80432c79	3291	TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_QUANTUM_SAFE_HYBRID));
wolfSSL	4:1b0d80432c79	3292	}
wolfSSL	4:1b0d80432c79	3293
wolfSSL	4:1b0d80432c79	3294
wolfSSL	4:1b0d80432c79	3295	/* return the size of the QSH hello extension
wolfSSL	4:1b0d80432c79	3296	list the list of QSHScheme structs containing id and key
wolfSSL	4:1b0d80432c79	3297	isRequest if 1 then is being sent to the server
wolfSSL	4:1b0d80432c79	3298	*/
wolfSSL	4:1b0d80432c79	3299	word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest)
wolfSSL	4:1b0d80432c79	3300	{
wolfSSL	4:1b0d80432c79	3301	QSHScheme* temp = list;
wolfSSL	4:1b0d80432c79	3302	word16 length = 0;
wolfSSL	4:1b0d80432c79	3303
wolfSSL	4:1b0d80432c79	3304	/* account for size of scheme list and public key list */
wolfSSL	4:1b0d80432c79	3305	if (isRequest)
wolfSSL	4:1b0d80432c79	3306	length = OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3307	length += OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	3308
wolfSSL	4:1b0d80432c79	3309	/* for each non null element in list add size */
wolfSSL	4:1b0d80432c79	3310	while ((temp)) {
wolfSSL	4:1b0d80432c79	3311	/* add public key info Scheme \| Key Length \| Key */
wolfSSL	4:1b0d80432c79	3312	length += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3313	length += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3314	length += temp->PKLen;
wolfSSL	4:1b0d80432c79	3315
wolfSSL	4:1b0d80432c79	3316	/* if client add name size for scheme list
wolfSSL	4:1b0d80432c79	3317	advance to next QSHScheme struct in list */
wolfSSL	4:1b0d80432c79	3318	if (isRequest)
wolfSSL	4:1b0d80432c79	3319	length += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3320	temp = temp->next;
wolfSSL	4:1b0d80432c79	3321	}
wolfSSL	4:1b0d80432c79	3322
wolfSSL	4:1b0d80432c79	3323	/* add length for request server public keys */
wolfSSL	4:1b0d80432c79	3324	if (isRequest)
wolfSSL	4:1b0d80432c79	3325	length += OPAQUE8_LEN;
wolfSSL	4:1b0d80432c79	3326
wolfSSL	4:1b0d80432c79	3327	return length;
wolfSSL	4:1b0d80432c79	3328	}
wolfSSL	4:1b0d80432c79	3329
wolfSSL	4:1b0d80432c79	3330
wolfSSL	4:1b0d80432c79	3331	/* write out a list of QSHScheme IDs */
wolfSSL	4:1b0d80432c79	3332	static word16 TLSX_QSH_Write(QSHScheme* list, byte* output)
wolfSSL	4:1b0d80432c79	3333	{
wolfSSL	4:1b0d80432c79	3334	QSHScheme* current = list;
wolfSSL	4:1b0d80432c79	3335	word16 length = 0;
wolfSSL	4:1b0d80432c79	3336
wolfSSL	4:1b0d80432c79	3337	length += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3338
wolfSSL	4:1b0d80432c79	3339	while (current) {
wolfSSL	4:1b0d80432c79	3340	c16toa(current->name, output + length);
wolfSSL	4:1b0d80432c79	3341	length += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3342	current = (QSHScheme*)current->next;
wolfSSL	4:1b0d80432c79	3343	}
wolfSSL	4:1b0d80432c79	3344
wolfSSL	4:1b0d80432c79	3345	c16toa(length - OPAQUE16_LEN, output); /* writing list length */
wolfSSL	4:1b0d80432c79	3346
wolfSSL	4:1b0d80432c79	3347	return length;
wolfSSL	4:1b0d80432c79	3348	}
wolfSSL	4:1b0d80432c79	3349
wolfSSL	4:1b0d80432c79	3350
wolfSSL	4:1b0d80432c79	3351	/* write public key list in extension */
wolfSSL	4:1b0d80432c79	3352	static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output);
wolfSSL	4:1b0d80432c79	3353	static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output)
wolfSSL	4:1b0d80432c79	3354	{
wolfSSL	4:1b0d80432c79	3355	word32 offset = 0;
wolfSSL	4:1b0d80432c79	3356	word16 public_len = 0;
wolfSSL	4:1b0d80432c79	3357
wolfSSL	4:1b0d80432c79	3358	if (!format)
wolfSSL	4:1b0d80432c79	3359	return offset;
wolfSSL	4:1b0d80432c79	3360
wolfSSL	4:1b0d80432c79	3361	/* write scheme ID */
wolfSSL	4:1b0d80432c79	3362	c16toa(format->name, output + offset);
wolfSSL	4:1b0d80432c79	3363	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3364
wolfSSL	4:1b0d80432c79	3365	/* write public key matching scheme */
wolfSSL	4:1b0d80432c79	3366	public_len = format->PKLen;
wolfSSL	4:1b0d80432c79	3367	c16toa(public_len, output + offset);
wolfSSL	4:1b0d80432c79	3368	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3369	if (format->PK) {
wolfSSL	4:1b0d80432c79	3370	XMEMCPY(output+offset, format->PK, public_len);
wolfSSL	4:1b0d80432c79	3371	}
wolfSSL	4:1b0d80432c79	3372
wolfSSL	4:1b0d80432c79	3373	return public_len + offset;
wolfSSL	4:1b0d80432c79	3374	}
wolfSSL	4:1b0d80432c79	3375
wolfSSL	4:1b0d80432c79	3376	word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output)
wolfSSL	4:1b0d80432c79	3377	{
wolfSSL	4:1b0d80432c79	3378	QSHScheme* current = list;
wolfSSL	4:1b0d80432c79	3379	word32 length = 0;
wolfSSL	4:1b0d80432c79	3380	word24 toWire;
wolfSSL	4:1b0d80432c79	3381
wolfSSL	4:1b0d80432c79	3382	length += OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	3383
wolfSSL	4:1b0d80432c79	3384	while (current) {
wolfSSL	4:1b0d80432c79	3385	length += TLSX_QSHPK_WriteR(current, output + length);
wolfSSL	4:1b0d80432c79	3386	current = (QSHScheme*)current->next;
wolfSSL	4:1b0d80432c79	3387	}
wolfSSL	4:1b0d80432c79	3388	/* length of public keys sent */
wolfSSL	4:1b0d80432c79	3389	c32to24(length - OPAQUE24_LEN, toWire);
wolfSSL	4:1b0d80432c79	3390	output[0] = toWire[0];
wolfSSL	4:1b0d80432c79	3391	output[1] = toWire[1];
wolfSSL	4:1b0d80432c79	3392	output[2] = toWire[2];
wolfSSL	4:1b0d80432c79	3393
wolfSSL	4:1b0d80432c79	3394	return length;
wolfSSL	4:1b0d80432c79	3395	}
wolfSSL	4:1b0d80432c79	3396
wolfSSL	4:1b0d80432c79	3397	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	4:1b0d80432c79	3398	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	3399
wolfSSL	4:1b0d80432c79	3400	static void TLSX_QSHAgreement(TLSX** extensions)
wolfSSL	4:1b0d80432c79	3401	{
wolfSSL	4:1b0d80432c79	3402	TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL	4:1b0d80432c79	3403	QSHScheme* format = NULL;
wolfSSL	4:1b0d80432c79	3404	QSHScheme* del = NULL;
wolfSSL	4:1b0d80432c79	3405	QSHScheme* prev = NULL;
wolfSSL	4:1b0d80432c79	3406
wolfSSL	4:1b0d80432c79	3407	if (extension == NULL)
wolfSSL	4:1b0d80432c79	3408	return;
wolfSSL	4:1b0d80432c79	3409
wolfSSL	4:1b0d80432c79	3410	format = (QSHScheme*)extension->data;
wolfSSL	4:1b0d80432c79	3411	while (format) {
wolfSSL	4:1b0d80432c79	3412	if (format->PKLen == 0) {
wolfSSL	4:1b0d80432c79	3413	/* case of head */
wolfSSL	4:1b0d80432c79	3414	if (format == extension->data) {
wolfSSL	4:1b0d80432c79	3415	extension->data = format->next;
wolfSSL	4:1b0d80432c79	3416	}
wolfSSL	4:1b0d80432c79	3417	if (prev)
wolfSSL	4:1b0d80432c79	3418	prev->next = format->next;
wolfSSL	4:1b0d80432c79	3419	del = format;
wolfSSL	4:1b0d80432c79	3420	format = format->next;
wolfSSL	4:1b0d80432c79	3421	XFREE(del, 0, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	3422	del = NULL;
wolfSSL	4:1b0d80432c79	3423	} else {
wolfSSL	4:1b0d80432c79	3424	prev = format;
wolfSSL	4:1b0d80432c79	3425	format = format->next;
wolfSSL	4:1b0d80432c79	3426	}
wolfSSL	4:1b0d80432c79	3427	}
wolfSSL	4:1b0d80432c79	3428	}
wolfSSL	4:1b0d80432c79	3429
wolfSSL	4:1b0d80432c79	3430
wolfSSL	4:1b0d80432c79	3431	/* Parse in hello extension
wolfSSL	4:1b0d80432c79	3432	input the byte stream to process
wolfSSL	4:1b0d80432c79	3433	length length of total extension found
wolfSSL	4:1b0d80432c79	3434	isRequest set to 1 if being sent to the server
wolfSSL	4:1b0d80432c79	3435	*/
wolfSSL	4:1b0d80432c79	3436	static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	4:1b0d80432c79	3437	byte isRequest)
wolfSSL	4:1b0d80432c79	3438	{
wolfSSL	4:1b0d80432c79	3439	byte numKeys = 0;
wolfSSL	4:1b0d80432c79	3440	word16 offset = 0;
wolfSSL	4:1b0d80432c79	3441	word16 schemSz = 0;
wolfSSL	4:1b0d80432c79	3442	word16 offset_len = 0;
wolfSSL	4:1b0d80432c79	3443	word32 offset_pk = 0;
wolfSSL	4:1b0d80432c79	3444	word16 name = 0;
wolfSSL	4:1b0d80432c79	3445	word16 PKLen = 0;
wolfSSL	4:1b0d80432c79	3446	byte* PK = NULL;
wolfSSL	4:1b0d80432c79	3447	int r;
wolfSSL	4:1b0d80432c79	3448
wolfSSL	4:1b0d80432c79	3449
wolfSSL	4:1b0d80432c79	3450	if (OPAQUE16_LEN > length)
wolfSSL	4:1b0d80432c79	3451	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	3452
wolfSSL	4:1b0d80432c79	3453	if (isRequest) {
wolfSSL	4:1b0d80432c79	3454	ato16(input, &schemSz);
wolfSSL	4:1b0d80432c79	3455
wolfSSL	4:1b0d80432c79	3456	/* list of public keys available for QSH schemes */
wolfSSL	4:1b0d80432c79	3457	offset_len = schemSz + OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3458	}
wolfSSL	4:1b0d80432c79	3459
wolfSSL	4:1b0d80432c79	3460	offset_pk = ((input[offset_len] << 16) & 0xFF00000) \|
wolfSSL	4:1b0d80432c79	3461	(((input[offset_len + 1]) << 8) & 0xFF00) \|
wolfSSL	4:1b0d80432c79	3462	(input[offset_len + 2] & 0xFF);
wolfSSL	4:1b0d80432c79	3463	offset_len += OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	3464
wolfSSL	4:1b0d80432c79	3465	/* check buffer size */
wolfSSL	4:1b0d80432c79	3466	if (offset_pk > length)
wolfSSL	4:1b0d80432c79	3467	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	3468
wolfSSL	4:1b0d80432c79	3469	/* set maximum number of keys the client will accept */
wolfSSL	4:1b0d80432c79	3470	if (!isRequest)
wolfSSL	4:1b0d80432c79	3471	numKeys = (ssl->maxRequest < 1)? 1 : ssl->maxRequest;
wolfSSL	4:1b0d80432c79	3472
wolfSSL	4:1b0d80432c79	3473	/* hello extension read list of scheme ids */
wolfSSL	4:1b0d80432c79	3474	if (isRequest) {
wolfSSL	4:1b0d80432c79	3475
wolfSSL	4:1b0d80432c79	3476	/* read in request for public keys */
wolfSSL	4:1b0d80432c79	3477	ssl->minRequest = (input[length -1] >> 4) & 0xFF;
wolfSSL	4:1b0d80432c79	3478	ssl->maxRequest = input[length -1] & 0x0F;
wolfSSL	4:1b0d80432c79	3479
wolfSSL	4:1b0d80432c79	3480	/* choose the min between min requested by client and 1 */
wolfSSL	4:1b0d80432c79	3481	numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
wolfSSL	4:1b0d80432c79	3482
wolfSSL	4:1b0d80432c79	3483	if (ssl->minRequest > ssl->maxRequest)
wolfSSL	4:1b0d80432c79	3484	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	3485
wolfSSL	4:1b0d80432c79	3486	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3487	schemSz += offset;
wolfSSL	4:1b0d80432c79	3488
wolfSSL	4:1b0d80432c79	3489	/* check buffer size */
wolfSSL	4:1b0d80432c79	3490	if (schemSz > length)
wolfSSL	4:1b0d80432c79	3491	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	3492
wolfSSL	4:1b0d80432c79	3493	while ((offset < schemSz) && numKeys) {
wolfSSL	4:1b0d80432c79	3494	/* Scheme ID list */
wolfSSL	4:1b0d80432c79	3495	ato16(input + offset, &name);
wolfSSL	4:1b0d80432c79	3496	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3497
wolfSSL	4:1b0d80432c79	3498	/* validate we have scheme id */
wolfSSL	4:1b0d80432c79	3499	if (ssl->user_set_QSHSchemes &&
wolfSSL	4:1b0d80432c79	3500	!TLSX_ValidateQSHScheme(&ssl->extensions, name)) {
wolfSSL	4:1b0d80432c79	3501	continue;
wolfSSL	4:1b0d80432c79	3502	}
wolfSSL	4:1b0d80432c79	3503
wolfSSL	4:1b0d80432c79	3504	/* server create keys on demand */
wolfSSL	4:1b0d80432c79	3505	if ((r = TLSX_CreateNtruKey(ssl, name)) != 0) {
wolfSSL	4:1b0d80432c79	3506	WOLFSSL_MSG("Error creating ntru keys");
wolfSSL	4:1b0d80432c79	3507	return r;
wolfSSL	4:1b0d80432c79	3508	}
wolfSSL	4:1b0d80432c79	3509
wolfSSL	4:1b0d80432c79	3510	/* peer sent an agreed upon scheme */
wolfSSL	4:1b0d80432c79	3511	r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0);
wolfSSL	4:1b0d80432c79	3512
wolfSSL	4:1b0d80432c79	3513	if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL	4:1b0d80432c79	3514
wolfSSL	4:1b0d80432c79	3515	numKeys--;
wolfSSL	4:1b0d80432c79	3516	}
wolfSSL	4:1b0d80432c79	3517
wolfSSL	4:1b0d80432c79	3518	/* choose the min between min requested by client and 1 */
wolfSSL	4:1b0d80432c79	3519	numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
wolfSSL	4:1b0d80432c79	3520	}
wolfSSL	4:1b0d80432c79	3521
wolfSSL	4:1b0d80432c79	3522	/* QSHPK struct */
wolfSSL	4:1b0d80432c79	3523	offset_pk += offset_len;
wolfSSL	4:1b0d80432c79	3524	while ((offset_len < offset_pk) && numKeys) {
wolfSSL	4:1b0d80432c79	3525	QSHKey * temp;
wolfSSL	4:1b0d80432c79	3526
wolfSSL	4:1b0d80432c79	3527	if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), NULL,
wolfSSL	4:1b0d80432c79	3528	DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	4:1b0d80432c79	3529	return MEMORY_E;
wolfSSL	4:1b0d80432c79	3530
wolfSSL	4:1b0d80432c79	3531	/* initialize */
wolfSSL	4:1b0d80432c79	3532	temp->next = NULL;
wolfSSL	4:1b0d80432c79	3533	temp->pub.buffer = NULL;
wolfSSL	4:1b0d80432c79	3534	temp->pub.length = 0;
wolfSSL	4:1b0d80432c79	3535	temp->pri.buffer = NULL;
wolfSSL	4:1b0d80432c79	3536	temp->pri.length = 0;
wolfSSL	4:1b0d80432c79	3537
wolfSSL	4:1b0d80432c79	3538	/* scheme id */
wolfSSL	4:1b0d80432c79	3539	ato16(input + offset_len, &(temp->name));
wolfSSL	4:1b0d80432c79	3540	offset_len += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3541
wolfSSL	4:1b0d80432c79	3542	/* public key length */
wolfSSL	4:1b0d80432c79	3543	ato16(input + offset_len, &PKLen);
wolfSSL	4:1b0d80432c79	3544	temp->pub.length = PKLen;
wolfSSL	4:1b0d80432c79	3545	offset_len += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3546
wolfSSL	4:1b0d80432c79	3547
wolfSSL	4:1b0d80432c79	3548	if (isRequest) {
wolfSSL	4:1b0d80432c79	3549	/* validate we have scheme id */
wolfSSL	4:1b0d80432c79	3550	if (ssl->user_set_QSHSchemes &&
wolfSSL	4:1b0d80432c79	3551	(!TLSX_ValidateQSHScheme(&ssl->extensions, temp->name))) {
wolfSSL	4:1b0d80432c79	3552	offset_len += PKLen;
wolfSSL	4:1b0d80432c79	3553	XFREE(temp, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	3554	continue;
wolfSSL	4:1b0d80432c79	3555	}
wolfSSL	4:1b0d80432c79	3556	}
wolfSSL	4:1b0d80432c79	3557
wolfSSL	4:1b0d80432c79	3558	/* read in public key */
wolfSSL	4:1b0d80432c79	3559	if (PKLen > 0) {
wolfSSL	4:1b0d80432c79	3560	temp->pub.buffer = (byte*)XMALLOC(temp->pub.length,
wolfSSL	4:1b0d80432c79	3561	NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	4:1b0d80432c79	3562	XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length);
wolfSSL	4:1b0d80432c79	3563	offset_len += PKLen;
wolfSSL	4:1b0d80432c79	3564	}
wolfSSL	4:1b0d80432c79	3565	else {
wolfSSL	4:1b0d80432c79	3566	PK = NULL;
wolfSSL	4:1b0d80432c79	3567	}
wolfSSL	4:1b0d80432c79	3568
wolfSSL	4:1b0d80432c79	3569	/* use own key when adding to extensions list for sending reply */
wolfSSL	4:1b0d80432c79	3570	PKLen = 0;
wolfSSL	4:1b0d80432c79	3571	PK = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &PKLen, temp->name);
wolfSSL	4:1b0d80432c79	3572	r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen);
wolfSSL	4:1b0d80432c79	3573
wolfSSL	4:1b0d80432c79	3574	/* store peers key */
wolfSSL	4:1b0d80432c79	3575	ssl->peerQSHKeyPresent = 1;
wolfSSL	4:1b0d80432c79	3576	if (TLSX_AddQSHKey(&ssl->peerQSHKey, temp) != 0)
wolfSSL	4:1b0d80432c79	3577	return MEMORY_E;
wolfSSL	4:1b0d80432c79	3578
wolfSSL	4:1b0d80432c79	3579	if (temp->pub.length == 0) {
wolfSSL	4:1b0d80432c79	3580	XFREE(temp, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	3581	}
wolfSSL	4:1b0d80432c79	3582
wolfSSL	4:1b0d80432c79	3583	if (r != SSL_SUCCESS) {return r;} /* throw error */
wolfSSL	4:1b0d80432c79	3584
wolfSSL	4:1b0d80432c79	3585	numKeys--;
wolfSSL	4:1b0d80432c79	3586	}
wolfSSL	4:1b0d80432c79	3587
wolfSSL	4:1b0d80432c79	3588	/* reply to a QSH extension sent from client */
wolfSSL	4:1b0d80432c79	3589	if (isRequest) {
wolfSSL	4:1b0d80432c79	3590	TLSX_SetResponse(ssl, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL	4:1b0d80432c79	3591	/* only use schemes we have key generated for -- free the rest */
wolfSSL	4:1b0d80432c79	3592	TLSX_QSHAgreement(&ssl->extensions);
wolfSSL	4:1b0d80432c79	3593	}
wolfSSL	4:1b0d80432c79	3594
wolfSSL	4:1b0d80432c79	3595	return 0;
wolfSSL	4:1b0d80432c79	3596	}
wolfSSL	4:1b0d80432c79	3597
wolfSSL	4:1b0d80432c79	3598
wolfSSL	4:1b0d80432c79	3599	/* Used for parsing in QSHCipher structs on Key Exchange */
wolfSSL	4:1b0d80432c79	3600	int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length,
wolfSSL	4:1b0d80432c79	3601	byte isServer)
wolfSSL	4:1b0d80432c79	3602	{
wolfSSL	4:1b0d80432c79	3603	QSHKey* key;
wolfSSL	4:1b0d80432c79	3604	word16 Max_Secret_Len = 48;
wolfSSL	4:1b0d80432c79	3605	word16 offset = 0;
wolfSSL	4:1b0d80432c79	3606	word16 offset_len = 0;
wolfSSL	4:1b0d80432c79	3607	word32 offset_pk = 0;
wolfSSL	4:1b0d80432c79	3608	word16 name = 0;
wolfSSL	4:1b0d80432c79	3609	word16 secretLen = 0;
wolfSSL	4:1b0d80432c79	3610	byte* secret = NULL;
wolfSSL	4:1b0d80432c79	3611	word16 buffLen = 0;
wolfSSL	4:1b0d80432c79	3612	byte buff[145]; /* size enough for 3 secrets */
wolfSSL	4:1b0d80432c79	3613	buffer* buf;
wolfSSL	4:1b0d80432c79	3614
wolfSSL	4:1b0d80432c79	3615	/* pointer to location where secret should be stored */
wolfSSL	4:1b0d80432c79	3616	if (isServer) {
wolfSSL	4:1b0d80432c79	3617	buf = ssl->QSH_secret->CliSi;
wolfSSL	4:1b0d80432c79	3618	}
wolfSSL	4:1b0d80432c79	3619	else {
wolfSSL	4:1b0d80432c79	3620	buf = ssl->QSH_secret->SerSi;
wolfSSL	4:1b0d80432c79	3621	}
wolfSSL	4:1b0d80432c79	3622
wolfSSL	4:1b0d80432c79	3623	offset_pk = ((input[offset_len] << 16) & 0xFF0000) \|
wolfSSL	4:1b0d80432c79	3624	(((input[offset_len + 1]) << 8) & 0xFF00) \|
wolfSSL	4:1b0d80432c79	3625	(input[offset_len + 2] & 0xFF);
wolfSSL	4:1b0d80432c79	3626	offset_len += OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	3627
wolfSSL	4:1b0d80432c79	3628	/* validating extension list length -- check if trying to read over edge
wolfSSL	4:1b0d80432c79	3629	of buffer */
wolfSSL	4:1b0d80432c79	3630	if (length < (offset_pk + OPAQUE24_LEN)) {
wolfSSL	4:1b0d80432c79	3631	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	3632	}
wolfSSL	4:1b0d80432c79	3633
wolfSSL	4:1b0d80432c79	3634	/* QSHCipherList struct */
wolfSSL	4:1b0d80432c79	3635	offset_pk += offset_len;
wolfSSL	4:1b0d80432c79	3636	while (offset_len < offset_pk) {
wolfSSL	4:1b0d80432c79	3637
wolfSSL	4:1b0d80432c79	3638	/* scheme id */
wolfSSL	4:1b0d80432c79	3639	ato16(input + offset_len, &name);
wolfSSL	4:1b0d80432c79	3640	offset_len += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3641
wolfSSL	4:1b0d80432c79	3642	/* public key length */
wolfSSL	4:1b0d80432c79	3643	ato16(input + offset_len, &secretLen);
wolfSSL	4:1b0d80432c79	3644	offset_len += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3645
wolfSSL	4:1b0d80432c79	3646	/* read in public key */
wolfSSL	4:1b0d80432c79	3647	if (secretLen > 0) {
wolfSSL	4:1b0d80432c79	3648	secret = (byte*)(input + offset_len);
wolfSSL	4:1b0d80432c79	3649	offset_len += secretLen;
wolfSSL	4:1b0d80432c79	3650	}
wolfSSL	4:1b0d80432c79	3651	else {
wolfSSL	4:1b0d80432c79	3652	secret = NULL;
wolfSSL	4:1b0d80432c79	3653	}
wolfSSL	4:1b0d80432c79	3654
wolfSSL	4:1b0d80432c79	3655	/* no secret sent */
wolfSSL	4:1b0d80432c79	3656	if (secret == NULL)
wolfSSL	4:1b0d80432c79	3657	continue;
wolfSSL	4:1b0d80432c79	3658
wolfSSL	4:1b0d80432c79	3659	/* find corresponding key */
wolfSSL	4:1b0d80432c79	3660	key = ssl->QSH_Key;
wolfSSL	4:1b0d80432c79	3661	while (key) {
wolfSSL	4:1b0d80432c79	3662	if (key->name == name)
wolfSSL	4:1b0d80432c79	3663	break;
wolfSSL	4:1b0d80432c79	3664	else
wolfSSL	4:1b0d80432c79	3665	key = (QSHKey*)key->next;
wolfSSL	4:1b0d80432c79	3666	}
wolfSSL	4:1b0d80432c79	3667
wolfSSL	4:1b0d80432c79	3668	/* if we do not have the key than there was a big issue negotiation */
wolfSSL	4:1b0d80432c79	3669	if (key == NULL) {
wolfSSL	4:1b0d80432c79	3670	WOLFSSL_MSG("key was null for decryption!!!\n");
wolfSSL	4:1b0d80432c79	3671	return MEMORY_E;
wolfSSL	4:1b0d80432c79	3672	}
wolfSSL	4:1b0d80432c79	3673
wolfSSL	4:1b0d80432c79	3674	/* Decrypt sent secret */
wolfSSL	4:1b0d80432c79	3675	buffLen = Max_Secret_Len;
wolfSSL	4:1b0d80432c79	3676	QSH_Decrypt(key, secret, secretLen, buff + offset, &buffLen);
wolfSSL	4:1b0d80432c79	3677	offset += buffLen;
wolfSSL	4:1b0d80432c79	3678	}
wolfSSL	4:1b0d80432c79	3679
wolfSSL	4:1b0d80432c79	3680	/* allocate memory for buffer */
wolfSSL	4:1b0d80432c79	3681	buf->length = offset;
wolfSSL	4:1b0d80432c79	3682	buf->buffer = (byte*)XMALLOC(offset, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	3683	if (buf->buffer == NULL)
wolfSSL	4:1b0d80432c79	3684	return MEMORY_E;
wolfSSL	4:1b0d80432c79	3685
wolfSSL	4:1b0d80432c79	3686	/* store secrets */
wolfSSL	4:1b0d80432c79	3687	XMEMCPY(buf->buffer, buff, offset);
wolfSSL	4:1b0d80432c79	3688	ForceZero(buff, offset);
wolfSSL	4:1b0d80432c79	3689
wolfSSL	4:1b0d80432c79	3690	return offset_len;
wolfSSL	4:1b0d80432c79	3691	}
wolfSSL	4:1b0d80432c79	3692
wolfSSL	4:1b0d80432c79	3693
wolfSSL	4:1b0d80432c79	3694	/* return 1 on success */
wolfSSL	4:1b0d80432c79	3695	int TLSX_ValidateQSHScheme(TLSX** extensions, word16 theirs) {
wolfSSL	4:1b0d80432c79	3696	TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL	4:1b0d80432c79	3697	QSHScheme* format = NULL;
wolfSSL	4:1b0d80432c79	3698
wolfSSL	4:1b0d80432c79	3699	/* if no extension is sent then do not use QSH */
wolfSSL	4:1b0d80432c79	3700	if (!extension) {
wolfSSL	4:1b0d80432c79	3701	WOLFSSL_MSG("No QSH Extension");
wolfSSL	4:1b0d80432c79	3702	return 0;
wolfSSL	4:1b0d80432c79	3703	}
wolfSSL	4:1b0d80432c79	3704
wolfSSL	4:1b0d80432c79	3705	for (format = (QSHScheme*)extension->data; format; format = format->next) {
wolfSSL	4:1b0d80432c79	3706	if (format->name == theirs) {
wolfSSL	4:1b0d80432c79	3707	WOLFSSL_MSG("Found Matching QSH Scheme");
wolfSSL	4:1b0d80432c79	3708	return 1; /* have QSH */
wolfSSL	4:1b0d80432c79	3709	}
wolfSSL	4:1b0d80432c79	3710	}
wolfSSL	4:1b0d80432c79	3711
wolfSSL	4:1b0d80432c79	3712	return 0;
wolfSSL	4:1b0d80432c79	3713	}
wolfSSL	4:1b0d80432c79	3714	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	4:1b0d80432c79	3715
wolfSSL	4:1b0d80432c79	3716	/* test if the QSH Scheme is implemented
wolfSSL	4:1b0d80432c79	3717	return 1 if yes 0 if no */
wolfSSL	4:1b0d80432c79	3718	static int TLSX_HaveQSHScheme(word16 name)
wolfSSL	4:1b0d80432c79	3719	{
wolfSSL	4:1b0d80432c79	3720	switch(name) {
wolfSSL	4:1b0d80432c79	3721	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	3722	case WOLFSSL_NTRU_EESS439:
wolfSSL	4:1b0d80432c79	3723	case WOLFSSL_NTRU_EESS593:
wolfSSL	4:1b0d80432c79	3724	case WOLFSSL_NTRU_EESS743:
wolfSSL	4:1b0d80432c79	3725	return 1;
wolfSSL	4:1b0d80432c79	3726	#endif
wolfSSL	4:1b0d80432c79	3727	case WOLFSSL_LWE_XXX:
wolfSSL	4:1b0d80432c79	3728	case WOLFSSL_HFE_XXX:
wolfSSL	4:1b0d80432c79	3729	return 0; /* not supported yet */
wolfSSL	4:1b0d80432c79	3730
wolfSSL	4:1b0d80432c79	3731	default:
wolfSSL	4:1b0d80432c79	3732	return 0;
wolfSSL	4:1b0d80432c79	3733	}
wolfSSL	4:1b0d80432c79	3734	}
wolfSSL	4:1b0d80432c79	3735
wolfSSL	4:1b0d80432c79	3736
wolfSSL	4:1b0d80432c79	3737	/* Add a QSHScheme struct to list of usable ones */
wolfSSL	4:1b0d80432c79	3738	int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz)
wolfSSL	4:1b0d80432c79	3739	{
wolfSSL	4:1b0d80432c79	3740	TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL	4:1b0d80432c79	3741	QSHScheme* format = NULL;
wolfSSL	4:1b0d80432c79	3742	int ret = 0;
wolfSSL	4:1b0d80432c79	3743
wolfSSL	4:1b0d80432c79	3744	/* sanity check */
wolfSSL	4:1b0d80432c79	3745	if (extensions == NULL \|\| (pKey == NULL && pkeySz != 0))
wolfSSL	4:1b0d80432c79	3746	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	3747
wolfSSL	4:1b0d80432c79	3748	/* if scheme is implemented than add */
wolfSSL	4:1b0d80432c79	3749	if (TLSX_HaveQSHScheme(name)) {
wolfSSL	4:1b0d80432c79	3750	if ((ret = TLSX_QSH_Append(&format, name, pKey, pkeySz)) != 0)
wolfSSL	4:1b0d80432c79	3751	return ret;
wolfSSL	4:1b0d80432c79	3752
wolfSSL	4:1b0d80432c79	3753	if (!extension) {
wolfSSL	4:1b0d80432c79	3754	if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format))
wolfSSL	4:1b0d80432c79	3755	!= 0) {
wolfSSL	4:1b0d80432c79	3756	XFREE(format, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	3757	return ret;
wolfSSL	4:1b0d80432c79	3758	}
wolfSSL	4:1b0d80432c79	3759	}
wolfSSL	4:1b0d80432c79	3760	else {
wolfSSL	4:1b0d80432c79	3761	/* push new QSH object to extension data. */
wolfSSL	4:1b0d80432c79	3762	format->next = (QSHScheme*)extension->data;
wolfSSL	4:1b0d80432c79	3763	extension->data = (void*)format;
wolfSSL	4:1b0d80432c79	3764
wolfSSL	4:1b0d80432c79	3765	/* look for another format of the same name to remove (replacement) */
wolfSSL	4:1b0d80432c79	3766	do {
wolfSSL	4:1b0d80432c79	3767	if (format->next && (format->next->name == name)) {
wolfSSL	4:1b0d80432c79	3768	QSHScheme* next = format->next;
wolfSSL	4:1b0d80432c79	3769
wolfSSL	4:1b0d80432c79	3770	format->next = next->next;
wolfSSL	4:1b0d80432c79	3771	XFREE(next, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	3772
wolfSSL	4:1b0d80432c79	3773	break;
wolfSSL	4:1b0d80432c79	3774	}
wolfSSL	4:1b0d80432c79	3775	} while ((format = format->next));
wolfSSL	4:1b0d80432c79	3776	}
wolfSSL	4:1b0d80432c79	3777	}
wolfSSL	4:1b0d80432c79	3778	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	3779	}
wolfSSL	4:1b0d80432c79	3780
wolfSSL	4:1b0d80432c79	3781	#define QSH_FREE_ALL TLSX_QSH_FreeAll
wolfSSL	4:1b0d80432c79	3782	#define QSH_VALIDATE_REQUEST TLSX_QSH_ValidateRequest
wolfSSL	4:1b0d80432c79	3783
wolfSSL	4:1b0d80432c79	3784	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	3785	#define QSH_GET_SIZE TLSX_QSH_GetSize
wolfSSL	4:1b0d80432c79	3786	#define QSH_WRITE TLSX_QSH_Write
wolfSSL	4:1b0d80432c79	3787	#else
wolfSSL	4:1b0d80432c79	3788	#define QSH_GET_SIZE(list) 0
wolfSSL	4:1b0d80432c79	3789	#define QSH_WRITE(a, b) 0
wolfSSL	4:1b0d80432c79	3790	#endif
wolfSSL	4:1b0d80432c79	3791
wolfSSL	4:1b0d80432c79	3792	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	3793	#define QSH_PARSE TLSX_QSH_Parse
wolfSSL	4:1b0d80432c79	3794	#else
wolfSSL	4:1b0d80432c79	3795	#define QSH_PARSE(a, b, c, d) 0
wolfSSL	4:1b0d80432c79	3796	#endif
wolfSSL	4:1b0d80432c79	3797
wolfSSL	4:1b0d80432c79	3798	#define QSHPK_WRITE TLSX_QSHPK_Write
wolfSSL	4:1b0d80432c79	3799	#define QSH_SERREQ TLSX_QSH_SerPKReq
wolfSSL	4:1b0d80432c79	3800	#else
wolfSSL	4:1b0d80432c79	3801
wolfSSL	4:1b0d80432c79	3802	#define QSH_FREE_ALL(list)
wolfSSL	4:1b0d80432c79	3803	#define QSH_GET_SIZE(list, a) 0
wolfSSL	4:1b0d80432c79	3804	#define QSH_WRITE(a, b) 0
wolfSSL	4:1b0d80432c79	3805	#define QSH_PARSE(a, b, c, d) 0
wolfSSL	4:1b0d80432c79	3806	#define QSHPK_WRITE(a, b) 0
wolfSSL	4:1b0d80432c79	3807	#define QSH_SERREQ(a, b) 0
wolfSSL	4:1b0d80432c79	3808	#define QSH_VALIDATE_REQUEST(a, b)
wolfSSL	4:1b0d80432c79	3809
wolfSSL	4:1b0d80432c79	3810	#endif /* HAVE_QSH */
wolfSSL	4:1b0d80432c79	3811
wolfSSL	4:1b0d80432c79	3812	/******************************************************************************/
wolfSSL	4:1b0d80432c79	3813	/* TLS Extensions Framework */
wolfSSL	4:1b0d80432c79	3814	/******************************************************************************/
wolfSSL	4:1b0d80432c79	3815
wolfSSL	4:1b0d80432c79	3816	/** Finds an extension in the provided list. */
wolfSSL	4:1b0d80432c79	3817	TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
wolfSSL	4:1b0d80432c79	3818	{
wolfSSL	4:1b0d80432c79	3819	TLSX* extension = list;
wolfSSL	4:1b0d80432c79	3820
wolfSSL	4:1b0d80432c79	3821	while (extension && extension->type != type)
wolfSSL	4:1b0d80432c79	3822	extension = extension->next;
wolfSSL	4:1b0d80432c79	3823
wolfSSL	4:1b0d80432c79	3824	return extension;
wolfSSL	4:1b0d80432c79	3825	}
wolfSSL	4:1b0d80432c79	3826
wolfSSL	4:1b0d80432c79	3827	/** Releases all extensions in the provided list. */
wolfSSL	4:1b0d80432c79	3828	void TLSX_FreeAll(TLSX* list)
wolfSSL	4:1b0d80432c79	3829	{
wolfSSL	4:1b0d80432c79	3830	TLSX* extension;
wolfSSL	4:1b0d80432c79	3831
wolfSSL	4:1b0d80432c79	3832	while ((extension = list)) {
wolfSSL	4:1b0d80432c79	3833	list = extension->next;
wolfSSL	4:1b0d80432c79	3834
wolfSSL	4:1b0d80432c79	3835	switch (extension->type) {
wolfSSL	4:1b0d80432c79	3836
wolfSSL	4:1b0d80432c79	3837	case TLSX_SERVER_NAME:
wolfSSL	4:1b0d80432c79	3838	SNI_FREE_ALL((SNI*)extension->data);
wolfSSL	4:1b0d80432c79	3839	break;
wolfSSL	4:1b0d80432c79	3840
wolfSSL	4:1b0d80432c79	3841	case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL	4:1b0d80432c79	3842	MFL_FREE_ALL(extension->data);
wolfSSL	4:1b0d80432c79	3843	break;
wolfSSL	4:1b0d80432c79	3844
wolfSSL	4:1b0d80432c79	3845	case TLSX_TRUNCATED_HMAC:
wolfSSL	4:1b0d80432c79	3846	/* Nothing to do. */
wolfSSL	4:1b0d80432c79	3847	break;
wolfSSL	4:1b0d80432c79	3848
wolfSSL	4:1b0d80432c79	3849	case TLSX_SUPPORTED_GROUPS:
wolfSSL	4:1b0d80432c79	3850	EC_FREE_ALL(extension->data);
wolfSSL	4:1b0d80432c79	3851	break;
wolfSSL	4:1b0d80432c79	3852
wolfSSL	4:1b0d80432c79	3853	case TLSX_STATUS_REQUEST:
wolfSSL	4:1b0d80432c79	3854	CSR_FREE_ALL(extension->data);
wolfSSL	4:1b0d80432c79	3855	break;
wolfSSL	4:1b0d80432c79	3856
wolfSSL	4:1b0d80432c79	3857	case TLSX_STATUS_REQUEST_V2:
wolfSSL	4:1b0d80432c79	3858	CSR2_FREE_ALL(extension->data);
wolfSSL	4:1b0d80432c79	3859	break;
wolfSSL	4:1b0d80432c79	3860
wolfSSL	4:1b0d80432c79	3861	case TLSX_RENEGOTIATION_INFO:
wolfSSL	4:1b0d80432c79	3862	SCR_FREE_ALL(extension->data);
wolfSSL	4:1b0d80432c79	3863	break;
wolfSSL	4:1b0d80432c79	3864
wolfSSL	4:1b0d80432c79	3865	case TLSX_SESSION_TICKET:
wolfSSL	4:1b0d80432c79	3866	/* Nothing to do. */
wolfSSL	4:1b0d80432c79	3867	break;
wolfSSL	4:1b0d80432c79	3868
wolfSSL	4:1b0d80432c79	3869	case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL	4:1b0d80432c79	3870	QSH_FREE_ALL((QSHScheme*)extension->data);
wolfSSL	4:1b0d80432c79	3871	break;
wolfSSL	4:1b0d80432c79	3872
wolfSSL	4:1b0d80432c79	3873	case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL	4:1b0d80432c79	3874	ALPN_FREE_ALL((ALPN*)extension->data);
wolfSSL	4:1b0d80432c79	3875	break;
wolfSSL	4:1b0d80432c79	3876	}
wolfSSL	4:1b0d80432c79	3877
wolfSSL	4:1b0d80432c79	3878	XFREE(extension, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	4:1b0d80432c79	3879	}
wolfSSL	4:1b0d80432c79	3880	}
wolfSSL	4:1b0d80432c79	3881
wolfSSL	4:1b0d80432c79	3882	/** Checks if the tls extensions are supported based on the protocol version. */
wolfSSL	4:1b0d80432c79	3883	int TLSX_SupportExtensions(WOLFSSL* ssl) {
wolfSSL	4:1b0d80432c79	3884	return ssl && (IsTLS(ssl) \|\| ssl->version.major == DTLS_MAJOR);
wolfSSL	4:1b0d80432c79	3885	}
wolfSSL	4:1b0d80432c79	3886
wolfSSL	4:1b0d80432c79	3887	/** Tells the buffered size of the extensions in a list. */
wolfSSL	4:1b0d80432c79	3888	static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
wolfSSL	4:1b0d80432c79	3889	{
wolfSSL	4:1b0d80432c79	3890	TLSX* extension;
wolfSSL	4:1b0d80432c79	3891	word16 length = 0;
wolfSSL	4:1b0d80432c79	3892
wolfSSL	4:1b0d80432c79	3893	while ((extension = list)) {
wolfSSL	4:1b0d80432c79	3894	list = extension->next;
wolfSSL	4:1b0d80432c79	3895
wolfSSL	4:1b0d80432c79	3896	/* only extensions marked as response are sent back to the client. */
wolfSSL	4:1b0d80432c79	3897	if (!isRequest && !extension->resp)
wolfSSL	4:1b0d80432c79	3898	continue; /* skip! */
wolfSSL	4:1b0d80432c79	3899
wolfSSL	4:1b0d80432c79	3900	/* ssl level extensions are expected to override ctx level ones. */
wolfSSL	4:1b0d80432c79	3901	if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
wolfSSL	4:1b0d80432c79	3902	continue; /* skip! */
wolfSSL	4:1b0d80432c79	3903
wolfSSL	4:1b0d80432c79	3904	/* extension type + extension data length. */
wolfSSL	4:1b0d80432c79	3905	length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3906
wolfSSL	4:1b0d80432c79	3907
wolfSSL	4:1b0d80432c79	3908	switch (extension->type) {
wolfSSL	4:1b0d80432c79	3909
wolfSSL	4:1b0d80432c79	3910	case TLSX_SERVER_NAME:
wolfSSL	4:1b0d80432c79	3911	/* SNI only sends the name on the request. */
wolfSSL	4:1b0d80432c79	3912	if (isRequest)
wolfSSL	4:1b0d80432c79	3913	length += SNI_GET_SIZE(extension->data);
wolfSSL	4:1b0d80432c79	3914	break;
wolfSSL	4:1b0d80432c79	3915
wolfSSL	4:1b0d80432c79	3916	case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL	4:1b0d80432c79	3917	length += MFL_GET_SIZE(extension->data);
wolfSSL	4:1b0d80432c79	3918	break;
wolfSSL	4:1b0d80432c79	3919
wolfSSL	4:1b0d80432c79	3920	case TLSX_TRUNCATED_HMAC:
wolfSSL	4:1b0d80432c79	3921	/* always empty. */
wolfSSL	4:1b0d80432c79	3922	break;
wolfSSL	4:1b0d80432c79	3923
wolfSSL	4:1b0d80432c79	3924	case TLSX_SUPPORTED_GROUPS:
wolfSSL	4:1b0d80432c79	3925	length += EC_GET_SIZE(extension->data);
wolfSSL	4:1b0d80432c79	3926	break;
wolfSSL	4:1b0d80432c79	3927
wolfSSL	4:1b0d80432c79	3928	case TLSX_STATUS_REQUEST:
wolfSSL	4:1b0d80432c79	3929	length += CSR_GET_SIZE(extension->data, isRequest);
wolfSSL	4:1b0d80432c79	3930	break;
wolfSSL	4:1b0d80432c79	3931
wolfSSL	4:1b0d80432c79	3932	case TLSX_STATUS_REQUEST_V2:
wolfSSL	4:1b0d80432c79	3933	length += CSR2_GET_SIZE(extension->data, isRequest);
wolfSSL	4:1b0d80432c79	3934	break;
wolfSSL	4:1b0d80432c79	3935
wolfSSL	4:1b0d80432c79	3936	case TLSX_RENEGOTIATION_INFO:
wolfSSL	4:1b0d80432c79	3937	length += SCR_GET_SIZE(extension->data, isRequest);
wolfSSL	4:1b0d80432c79	3938	break;
wolfSSL	4:1b0d80432c79	3939
wolfSSL	4:1b0d80432c79	3940	case TLSX_SESSION_TICKET:
wolfSSL	4:1b0d80432c79	3941	length += STK_GET_SIZE(extension->data, isRequest);
wolfSSL	4:1b0d80432c79	3942	break;
wolfSSL	4:1b0d80432c79	3943
wolfSSL	4:1b0d80432c79	3944	case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL	4:1b0d80432c79	3945	length += QSH_GET_SIZE((QSHScheme*)extension->data, isRequest);
wolfSSL	4:1b0d80432c79	3946	break;
wolfSSL	4:1b0d80432c79	3947
wolfSSL	4:1b0d80432c79	3948	case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL	4:1b0d80432c79	3949	length += ALPN_GET_SIZE(extension->data);
wolfSSL	4:1b0d80432c79	3950	break;
wolfSSL	4:1b0d80432c79	3951
wolfSSL	4:1b0d80432c79	3952	}
wolfSSL	4:1b0d80432c79	3953
wolfSSL	4:1b0d80432c79	3954	/* marks the extension as processed so ctx level */
wolfSSL	4:1b0d80432c79	3955	/* extensions don't overlap with ssl level ones. */
wolfSSL	4:1b0d80432c79	3956	TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
wolfSSL	4:1b0d80432c79	3957	}
wolfSSL	4:1b0d80432c79	3958
wolfSSL	4:1b0d80432c79	3959	return length;
wolfSSL	4:1b0d80432c79	3960	}
wolfSSL	4:1b0d80432c79	3961
wolfSSL	4:1b0d80432c79	3962	/** Writes the extensions of a list in a buffer. */
wolfSSL	4:1b0d80432c79	3963	static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
wolfSSL	4:1b0d80432c79	3964	byte isRequest)
wolfSSL	4:1b0d80432c79	3965	{
wolfSSL	4:1b0d80432c79	3966	TLSX* extension;
wolfSSL	4:1b0d80432c79	3967	word16 offset = 0;
wolfSSL	4:1b0d80432c79	3968	word16 length_offset = 0;
wolfSSL	4:1b0d80432c79	3969
wolfSSL	4:1b0d80432c79	3970	while ((extension = list)) {
wolfSSL	4:1b0d80432c79	3971	list = extension->next;
wolfSSL	4:1b0d80432c79	3972
wolfSSL	4:1b0d80432c79	3973	/* only extensions marked as response are written in a response. */
wolfSSL	4:1b0d80432c79	3974	if (!isRequest && !extension->resp)
wolfSSL	4:1b0d80432c79	3975	continue; /* skip! */
wolfSSL	4:1b0d80432c79	3976
wolfSSL	4:1b0d80432c79	3977	/* ssl level extensions are expected to override ctx level ones. */
wolfSSL	4:1b0d80432c79	3978	if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
wolfSSL	4:1b0d80432c79	3979	continue; /* skip! */
wolfSSL	4:1b0d80432c79	3980
wolfSSL	4:1b0d80432c79	3981	/* writes extension type. */
wolfSSL	4:1b0d80432c79	3982	c16toa(extension->type, output + offset);
wolfSSL	4:1b0d80432c79	3983	offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	3984	length_offset = offset;
wolfSSL	4:1b0d80432c79	3985
wolfSSL	4:1b0d80432c79	3986	/* extension data should be written internally. */
wolfSSL	4:1b0d80432c79	3987	switch (extension->type) {
wolfSSL	4:1b0d80432c79	3988	case TLSX_SERVER_NAME:
wolfSSL	4:1b0d80432c79	3989	if (isRequest)
wolfSSL	4:1b0d80432c79	3990	offset += SNI_WRITE(extension->data, output + offset);
wolfSSL	4:1b0d80432c79	3991	break;
wolfSSL	4:1b0d80432c79	3992
wolfSSL	4:1b0d80432c79	3993	case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL	4:1b0d80432c79	3994	offset += MFL_WRITE(extension->data, output + offset);
wolfSSL	4:1b0d80432c79	3995	break;
wolfSSL	4:1b0d80432c79	3996
wolfSSL	4:1b0d80432c79	3997	case TLSX_TRUNCATED_HMAC:
wolfSSL	4:1b0d80432c79	3998	/* always empty. */
wolfSSL	4:1b0d80432c79	3999	break;
wolfSSL	4:1b0d80432c79	4000
wolfSSL	4:1b0d80432c79	4001	case TLSX_SUPPORTED_GROUPS:
wolfSSL	4:1b0d80432c79	4002	offset += EC_WRITE(extension->data, output + offset);
wolfSSL	4:1b0d80432c79	4003	break;
wolfSSL	4:1b0d80432c79	4004
wolfSSL	4:1b0d80432c79	4005	case TLSX_STATUS_REQUEST:
wolfSSL	4:1b0d80432c79	4006	offset += CSR_WRITE(extension->data, output + offset,
wolfSSL	4:1b0d80432c79	4007	isRequest);
wolfSSL	4:1b0d80432c79	4008	break;
wolfSSL	4:1b0d80432c79	4009
wolfSSL	4:1b0d80432c79	4010	case TLSX_STATUS_REQUEST_V2:
wolfSSL	4:1b0d80432c79	4011	offset += CSR2_WRITE(extension->data, output + offset,
wolfSSL	4:1b0d80432c79	4012	isRequest);
wolfSSL	4:1b0d80432c79	4013	break;
wolfSSL	4:1b0d80432c79	4014
wolfSSL	4:1b0d80432c79	4015	case TLSX_RENEGOTIATION_INFO:
wolfSSL	4:1b0d80432c79	4016	offset += SCR_WRITE(extension->data, output + offset,
wolfSSL	4:1b0d80432c79	4017	isRequest);
wolfSSL	4:1b0d80432c79	4018	break;
wolfSSL	4:1b0d80432c79	4019
wolfSSL	4:1b0d80432c79	4020	case TLSX_SESSION_TICKET:
wolfSSL	4:1b0d80432c79	4021	offset += STK_WRITE(extension->data, output + offset,
wolfSSL	4:1b0d80432c79	4022	isRequest);
wolfSSL	4:1b0d80432c79	4023	break;
wolfSSL	4:1b0d80432c79	4024
wolfSSL	4:1b0d80432c79	4025	case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL	4:1b0d80432c79	4026	if (isRequest) {
wolfSSL	4:1b0d80432c79	4027	offset += QSH_WRITE((QSHScheme*)extension->data, output + offset);
wolfSSL	4:1b0d80432c79	4028	}
wolfSSL	4:1b0d80432c79	4029	offset += QSHPK_WRITE((QSHScheme*)extension->data, output + offset);
wolfSSL	4:1b0d80432c79	4030	offset += QSH_SERREQ(output + offset, isRequest);
wolfSSL	4:1b0d80432c79	4031	break;
wolfSSL	4:1b0d80432c79	4032
wolfSSL	4:1b0d80432c79	4033	case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL	4:1b0d80432c79	4034	offset += ALPN_WRITE(extension->data, output + offset);
wolfSSL	4:1b0d80432c79	4035	break;
wolfSSL	4:1b0d80432c79	4036	}
wolfSSL	4:1b0d80432c79	4037
wolfSSL	4:1b0d80432c79	4038	/* writes extension data length. */
wolfSSL	4:1b0d80432c79	4039	c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN);
wolfSSL	4:1b0d80432c79	4040
wolfSSL	4:1b0d80432c79	4041	/* marks the extension as processed so ctx level */
wolfSSL	4:1b0d80432c79	4042	/* extensions don't overlap with ssl level ones. */
wolfSSL	4:1b0d80432c79	4043	TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
wolfSSL	4:1b0d80432c79	4044	}
wolfSSL	4:1b0d80432c79	4045
wolfSSL	4:1b0d80432c79	4046	return offset;
wolfSSL	4:1b0d80432c79	4047	}
wolfSSL	4:1b0d80432c79	4048
wolfSSL	4:1b0d80432c79	4049
wolfSSL	4:1b0d80432c79	4050	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	4051
wolfSSL	4:1b0d80432c79	4052	static word32 GetEntropy(unsigned char* out, word32 num_bytes)
wolfSSL	4:1b0d80432c79	4053	{
wolfSSL	4:1b0d80432c79	4054	int ret = 0;
wolfSSL	4:1b0d80432c79	4055
wolfSSL	4:1b0d80432c79	4056	if (rng == NULL) {
wolfSSL	4:1b0d80432c79	4057	if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL,
wolfSSL	4:1b0d80432c79	4058	DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	4:1b0d80432c79	4059	return DRBG_OUT_OF_MEMORY;
wolfSSL	4:1b0d80432c79	4060	wc_InitRng(rng);
wolfSSL	4:1b0d80432c79	4061	}
wolfSSL	4:1b0d80432c79	4062
wolfSSL	4:1b0d80432c79	4063	if (rngMutex == NULL) {
wolfSSL	4:1b0d80432c79	4064	if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL,
wolfSSL	4:1b0d80432c79	4065	DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	4:1b0d80432c79	4066	return DRBG_OUT_OF_MEMORY;
wolfSSL	4:1b0d80432c79	4067	InitMutex(rngMutex);
wolfSSL	4:1b0d80432c79	4068	}
wolfSSL	4:1b0d80432c79	4069
wolfSSL	4:1b0d80432c79	4070	ret \|= LockMutex(rngMutex);
wolfSSL	4:1b0d80432c79	4071	ret \|= wc_RNG_GenerateBlock(rng, out, num_bytes);
wolfSSL	4:1b0d80432c79	4072	ret \|= UnLockMutex(rngMutex);
wolfSSL	4:1b0d80432c79	4073
wolfSSL	4:1b0d80432c79	4074	if (ret != 0)
wolfSSL	4:1b0d80432c79	4075	return DRBG_ENTROPY_FAIL;
wolfSSL	4:1b0d80432c79	4076
wolfSSL	4:1b0d80432c79	4077	return DRBG_OK;
wolfSSL	4:1b0d80432c79	4078	}
wolfSSL	4:1b0d80432c79	4079	#endif
wolfSSL	4:1b0d80432c79	4080
wolfSSL	4:1b0d80432c79	4081
wolfSSL	4:1b0d80432c79	4082	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	4083	static int TLSX_CreateQSHKey(WOLFSSL* ssl, int type)
wolfSSL	4:1b0d80432c79	4084	{
wolfSSL	4:1b0d80432c79	4085	int ret;
wolfSSL	4:1b0d80432c79	4086
wolfSSL	4:1b0d80432c79	4087	switch (type) {
wolfSSL	4:1b0d80432c79	4088	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	4089	case WOLFSSL_NTRU_EESS439:
wolfSSL	4:1b0d80432c79	4090	case WOLFSSL_NTRU_EESS593:
wolfSSL	4:1b0d80432c79	4091	case WOLFSSL_NTRU_EESS743:
wolfSSL	4:1b0d80432c79	4092	ret = TLSX_CreateNtruKey(ssl, type);
wolfSSL	4:1b0d80432c79	4093	break;
wolfSSL	4:1b0d80432c79	4094	#endif
wolfSSL	4:1b0d80432c79	4095	default:
wolfSSL	4:1b0d80432c79	4096	WOLFSSL_MSG("Unknown type for creating NTRU key");
wolfSSL	4:1b0d80432c79	4097	return -1;
wolfSSL	4:1b0d80432c79	4098	}
wolfSSL	4:1b0d80432c79	4099
wolfSSL	4:1b0d80432c79	4100	return ret;
wolfSSL	4:1b0d80432c79	4101	}
wolfSSL	4:1b0d80432c79	4102
wolfSSL	4:1b0d80432c79	4103
wolfSSL	4:1b0d80432c79	4104	static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key)
wolfSSL	4:1b0d80432c79	4105	{
wolfSSL	4:1b0d80432c79	4106	QSHKey* current;
wolfSSL	4:1b0d80432c79	4107
wolfSSL	4:1b0d80432c79	4108	if (key == NULL)
wolfSSL	4:1b0d80432c79	4109	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	4110
wolfSSL	4:1b0d80432c79	4111	/* if no public key stored in key then do not add */
wolfSSL	4:1b0d80432c79	4112	if (key->pub.length == 0 \|\| key->pub.buffer == NULL)
wolfSSL	4:1b0d80432c79	4113	return 0;
wolfSSL	4:1b0d80432c79	4114
wolfSSL	4:1b0d80432c79	4115	/* first element to be added to the list */
wolfSSL	4:1b0d80432c79	4116	current = *list;
wolfSSL	4:1b0d80432c79	4117	if (current == NULL) {
wolfSSL	4:1b0d80432c79	4118	*list = key;
wolfSSL	4:1b0d80432c79	4119	return 0;
wolfSSL	4:1b0d80432c79	4120	}
wolfSSL	4:1b0d80432c79	4121
wolfSSL	4:1b0d80432c79	4122	while (current->next) {
wolfSSL	4:1b0d80432c79	4123	/* can only have one of the key in the list */
wolfSSL	4:1b0d80432c79	4124	if (current->name == key->name)
wolfSSL	4:1b0d80432c79	4125	return -1;
wolfSSL	4:1b0d80432c79	4126	current = (QSHKey*)current->next;
wolfSSL	4:1b0d80432c79	4127	}
wolfSSL	4:1b0d80432c79	4128
wolfSSL	4:1b0d80432c79	4129	current->next = (struct QSHKey*)key;
wolfSSL	4:1b0d80432c79	4130
wolfSSL	4:1b0d80432c79	4131	return 0;
wolfSSL	4:1b0d80432c79	4132	}
wolfSSL	4:1b0d80432c79	4133
wolfSSL	4:1b0d80432c79	4134
wolfSSL	4:1b0d80432c79	4135	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	4136	int TLSX_CreateNtruKey(WOLFSSL* ssl, int type)
wolfSSL	4:1b0d80432c79	4137	{
wolfSSL	4:1b0d80432c79	4138	int ret;
wolfSSL	4:1b0d80432c79	4139	int ntruType;
wolfSSL	4:1b0d80432c79	4140
wolfSSL	4:1b0d80432c79	4141	/* variable declarations for NTRU*/
wolfSSL	4:1b0d80432c79	4142	QSHKey* temp = NULL;
wolfSSL	4:1b0d80432c79	4143	byte public_key[1027];
wolfSSL	4:1b0d80432c79	4144	word16 public_key_len = sizeof(public_key);
wolfSSL	4:1b0d80432c79	4145	byte private_key[1120];
wolfSSL	4:1b0d80432c79	4146	word16 private_key_len = sizeof(private_key);
wolfSSL	4:1b0d80432c79	4147	DRBG_HANDLE drbg;
wolfSSL	4:1b0d80432c79	4148
wolfSSL	4:1b0d80432c79	4149	if (ssl == NULL)
wolfSSL	4:1b0d80432c79	4150	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	4151
wolfSSL	4:1b0d80432c79	4152	switch (type) {
wolfSSL	4:1b0d80432c79	4153	case WOLFSSL_NTRU_EESS439:
wolfSSL	4:1b0d80432c79	4154	ntruType = NTRU_EES439EP1;
wolfSSL	4:1b0d80432c79	4155	break;
wolfSSL	4:1b0d80432c79	4156	case WOLFSSL_NTRU_EESS593:
wolfSSL	4:1b0d80432c79	4157	ntruType = NTRU_EES593EP1;
wolfSSL	4:1b0d80432c79	4158	break;
wolfSSL	4:1b0d80432c79	4159	case WOLFSSL_NTRU_EESS743:
wolfSSL	4:1b0d80432c79	4160	ntruType = NTRU_EES743EP1;
wolfSSL	4:1b0d80432c79	4161	break;
wolfSSL	4:1b0d80432c79	4162	default:
wolfSSL	4:1b0d80432c79	4163	WOLFSSL_MSG("Unknown type for creating NTRU key");
wolfSSL	4:1b0d80432c79	4164	return -1;
wolfSSL	4:1b0d80432c79	4165	}
wolfSSL	4:1b0d80432c79	4166	ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL	4:1b0d80432c79	4167	if (ret != DRBG_OK) {
wolfSSL	4:1b0d80432c79	4168	WOLFSSL_MSG("NTRU drbg instantiate failed\n");
wolfSSL	4:1b0d80432c79	4169	return ret;
wolfSSL	4:1b0d80432c79	4170	}
wolfSSL	4:1b0d80432c79	4171
wolfSSL	4:1b0d80432c79	4172	if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
wolfSSL	4:1b0d80432c79	4173	&public_key_len, NULL, &private_key_len, NULL)) != NTRU_OK)
wolfSSL	4:1b0d80432c79	4174	return ret;
wolfSSL	4:1b0d80432c79	4175
wolfSSL	4:1b0d80432c79	4176	if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
wolfSSL	4:1b0d80432c79	4177	&public_key_len, public_key, &private_key_len, private_key)) != NTRU_OK)
wolfSSL	4:1b0d80432c79	4178	return ret;
wolfSSL	4:1b0d80432c79	4179
wolfSSL	4:1b0d80432c79	4180	ret = ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL	4:1b0d80432c79	4181	if (ret != NTRU_OK) {
wolfSSL	4:1b0d80432c79	4182	WOLFSSL_MSG("NTRU drbg uninstantiate failed\n");
wolfSSL	4:1b0d80432c79	4183	return ret;
wolfSSL	4:1b0d80432c79	4184	}
wolfSSL	4:1b0d80432c79	4185
wolfSSL	4:1b0d80432c79	4186	if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), NULL,
wolfSSL	4:1b0d80432c79	4187	DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	4:1b0d80432c79	4188	return MEMORY_E;
wolfSSL	4:1b0d80432c79	4189	temp->name = type;
wolfSSL	4:1b0d80432c79	4190	temp->pub.length = public_key_len;
wolfSSL	4:1b0d80432c79	4191	temp->pub.buffer = (byte*)XMALLOC(public_key_len, public_key,
wolfSSL	4:1b0d80432c79	4192	DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	4:1b0d80432c79	4193	XMEMCPY(temp->pub.buffer, public_key, public_key_len);
wolfSSL	4:1b0d80432c79	4194	temp->pri.length = private_key_len;
wolfSSL	4:1b0d80432c79	4195	temp->pri.buffer = (byte*)XMALLOC(private_key_len, private_key,
wolfSSL	4:1b0d80432c79	4196	DYNAMIC_TYPE_ARRAYS);
wolfSSL	4:1b0d80432c79	4197	XMEMCPY(temp->pri.buffer, private_key, private_key_len);
wolfSSL	4:1b0d80432c79	4198	temp->next = NULL;
wolfSSL	4:1b0d80432c79	4199
wolfSSL	4:1b0d80432c79	4200	TLSX_AddQSHKey(&ssl->QSH_Key, temp);
wolfSSL	4:1b0d80432c79	4201
wolfSSL	4:1b0d80432c79	4202	return ret;
wolfSSL	4:1b0d80432c79	4203	}
wolfSSL	4:1b0d80432c79	4204	#endif
wolfSSL	4:1b0d80432c79	4205
wolfSSL	4:1b0d80432c79	4206
wolfSSL	4:1b0d80432c79	4207	/*
wolfSSL	4:1b0d80432c79	4208	Used to find a public key from the list of keys
wolfSSL	4:1b0d80432c79	4209	pubLen length of array
wolfSSL	4:1b0d80432c79	4210	name input the name of the scheme looking for ie WOLFSSL_NTRU_ESSXXX
wolfSSL	4:1b0d80432c79	4211
wolfSSL	4:1b0d80432c79	4212	returns a pointer to public key byte* or NULL if not found
wolfSSL	4:1b0d80432c79	4213	*/
wolfSSL	4:1b0d80432c79	4214	static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name)
wolfSSL	4:1b0d80432c79	4215	{
wolfSSL	4:1b0d80432c79	4216	QSHKey* current = qsh;
wolfSSL	4:1b0d80432c79	4217
wolfSSL	4:1b0d80432c79	4218	if (qsh == NULL \|\| pubLen == NULL)
wolfSSL	4:1b0d80432c79	4219	return NULL;
wolfSSL	4:1b0d80432c79	4220
wolfSSL	4:1b0d80432c79	4221	*pubLen = 0;
wolfSSL	4:1b0d80432c79	4222
wolfSSL	4:1b0d80432c79	4223	while(current) {
wolfSSL	4:1b0d80432c79	4224	if (current->name == name) {
wolfSSL	4:1b0d80432c79	4225	*pubLen = current->pub.length;
wolfSSL	4:1b0d80432c79	4226	return current->pub.buffer;
wolfSSL	4:1b0d80432c79	4227	}
wolfSSL	4:1b0d80432c79	4228	current = (QSHKey*)current->next;
wolfSSL	4:1b0d80432c79	4229	}
wolfSSL	4:1b0d80432c79	4230
wolfSSL	4:1b0d80432c79	4231	return NULL;
wolfSSL	4:1b0d80432c79	4232	}
wolfSSL	4:1b0d80432c79	4233	#endif /* HAVE_QSH */
wolfSSL	4:1b0d80432c79	4234
wolfSSL	4:1b0d80432c79	4235
wolfSSL	4:1b0d80432c79	4236	int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
wolfSSL	4:1b0d80432c79	4237	{
wolfSSL	4:1b0d80432c79	4238	byte* public_key = NULL;
wolfSSL	4:1b0d80432c79	4239	word16 public_key_len = 0;
wolfSSL	4:1b0d80432c79	4240	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	4241	TLSX* extension;
wolfSSL	4:1b0d80432c79	4242	QSHScheme* qsh;
wolfSSL	4:1b0d80432c79	4243	QSHScheme* next;
wolfSSL	4:1b0d80432c79	4244	#endif
wolfSSL	4:1b0d80432c79	4245	int ret = 0;
wolfSSL	4:1b0d80432c79	4246
wolfSSL	4:1b0d80432c79	4247	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	4248	/* add supported QSHSchemes */
wolfSSL	4:1b0d80432c79	4249	WOLFSSL_MSG("Adding supported QSH Schemes");
wolfSSL	4:1b0d80432c79	4250
wolfSSL	4:1b0d80432c79	4251	/* server will add extension depending on whats parsed from client */
wolfSSL	4:1b0d80432c79	4252	if (!isServer) {
wolfSSL	4:1b0d80432c79	4253
wolfSSL	4:1b0d80432c79	4254	/* test if user has set a specific scheme already */
wolfSSL	4:1b0d80432c79	4255	if (!ssl->user_set_QSHSchemes) {
wolfSSL	4:1b0d80432c79	4256	if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
wolfSSL	4:1b0d80432c79	4257	if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS743)) != 0) {
wolfSSL	4:1b0d80432c79	4258	WOLFSSL_MSG("Error creating ntru keys");
wolfSSL	4:1b0d80432c79	4259	return ret;
wolfSSL	4:1b0d80432c79	4260	}
wolfSSL	4:1b0d80432c79	4261	if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS593)) != 0) {
wolfSSL	4:1b0d80432c79	4262	WOLFSSL_MSG("Error creating ntru keys");
wolfSSL	4:1b0d80432c79	4263	return ret;
wolfSSL	4:1b0d80432c79	4264	}
wolfSSL	4:1b0d80432c79	4265	if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS439)) != 0) {
wolfSSL	4:1b0d80432c79	4266	WOLFSSL_MSG("Error creating ntru keys");
wolfSSL	4:1b0d80432c79	4267	return ret;
wolfSSL	4:1b0d80432c79	4268	}
wolfSSL	4:1b0d80432c79	4269
wolfSSL	4:1b0d80432c79	4270	/* add NTRU 256 */
wolfSSL	4:1b0d80432c79	4271	public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL	4:1b0d80432c79	4272	&public_key_len, WOLFSSL_NTRU_EESS743);
wolfSSL	4:1b0d80432c79	4273	}
wolfSSL	4:1b0d80432c79	4274	if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS743,
wolfSSL	4:1b0d80432c79	4275	public_key, public_key_len) != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	4276	ret = -1;
wolfSSL	4:1b0d80432c79	4277
wolfSSL	4:1b0d80432c79	4278	/* add NTRU 196 */
wolfSSL	4:1b0d80432c79	4279	if (ssl->sendQSHKeys) {
wolfSSL	4:1b0d80432c79	4280	public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL	4:1b0d80432c79	4281	&public_key_len, WOLFSSL_NTRU_EESS593);
wolfSSL	4:1b0d80432c79	4282	}
wolfSSL	4:1b0d80432c79	4283	if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS593,
wolfSSL	4:1b0d80432c79	4284	public_key, public_key_len) != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	4285	ret = -1;
wolfSSL	4:1b0d80432c79	4286
wolfSSL	4:1b0d80432c79	4287	/* add NTRU 128 */
wolfSSL	4:1b0d80432c79	4288	if (ssl->sendQSHKeys) {
wolfSSL	4:1b0d80432c79	4289	public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL	4:1b0d80432c79	4290	&public_key_len, WOLFSSL_NTRU_EESS439);
wolfSSL	4:1b0d80432c79	4291	}
wolfSSL	4:1b0d80432c79	4292	if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS439,
wolfSSL	4:1b0d80432c79	4293	public_key, public_key_len) != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	4294	ret = -1;
wolfSSL	4:1b0d80432c79	4295	}
wolfSSL	4:1b0d80432c79	4296	else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
wolfSSL	4:1b0d80432c79	4297	/* for each scheme make a client key */
wolfSSL	4:1b0d80432c79	4298	extension = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL	4:1b0d80432c79	4299	if (extension) {
wolfSSL	4:1b0d80432c79	4300	qsh = (QSHScheme*)extension->data;
wolfSSL	4:1b0d80432c79	4301
wolfSSL	4:1b0d80432c79	4302	while (qsh) {
wolfSSL	4:1b0d80432c79	4303	if ((ret = TLSX_CreateQSHKey(ssl, qsh->name)) != 0)
wolfSSL	4:1b0d80432c79	4304	return ret;
wolfSSL	4:1b0d80432c79	4305
wolfSSL	4:1b0d80432c79	4306	/* get next now because qsh could be freed */
wolfSSL	4:1b0d80432c79	4307	next = qsh->next;
wolfSSL	4:1b0d80432c79	4308
wolfSSL	4:1b0d80432c79	4309	/* find the public key created and add to extension*/
wolfSSL	4:1b0d80432c79	4310	public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL	4:1b0d80432c79	4311	&public_key_len, qsh->name);
wolfSSL	4:1b0d80432c79	4312	if (TLSX_UseQSHScheme(&ssl->extensions, qsh->name,
wolfSSL	4:1b0d80432c79	4313	public_key, public_key_len) != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	4314	ret = -1;
wolfSSL	4:1b0d80432c79	4315	qsh = next;
wolfSSL	4:1b0d80432c79	4316	}
wolfSSL	4:1b0d80432c79	4317	}
wolfSSL	4:1b0d80432c79	4318	}
wolfSSL	4:1b0d80432c79	4319	} /* is not server */
wolfSSL	4:1b0d80432c79	4320	#endif
wolfSSL	4:1b0d80432c79	4321
wolfSSL	4:1b0d80432c79	4322	(void)isServer;
wolfSSL	4:1b0d80432c79	4323	(void)public_key;
wolfSSL	4:1b0d80432c79	4324	(void)public_key_len;
wolfSSL	4:1b0d80432c79	4325	(void)ssl;
wolfSSL	4:1b0d80432c79	4326
wolfSSL	4:1b0d80432c79	4327	return ret;
wolfSSL	4:1b0d80432c79	4328	}
wolfSSL	4:1b0d80432c79	4329
wolfSSL	4:1b0d80432c79	4330
wolfSSL	4:1b0d80432c79	4331	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	4332
wolfSSL	4:1b0d80432c79	4333	/** Tells the buffered size of extensions to be sent into the client hello. */
wolfSSL	4:1b0d80432c79	4334	word16 TLSX_GetRequestSize(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	4335	{
wolfSSL	4:1b0d80432c79	4336	word16 length = 0;
wolfSSL	4:1b0d80432c79	4337
wolfSSL	4:1b0d80432c79	4338	if (TLSX_SupportExtensions(ssl)) {
wolfSSL	4:1b0d80432c79	4339	byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL	4:1b0d80432c79	4340
wolfSSL	4:1b0d80432c79	4341	EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL	4:1b0d80432c79	4342	QSH_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL	4:1b0d80432c79	4343	STK_VALIDATE_REQUEST(ssl);
wolfSSL	4:1b0d80432c79	4344
wolfSSL	4:1b0d80432c79	4345	if (ssl->extensions)
wolfSSL	4:1b0d80432c79	4346	length += TLSX_GetSize(ssl->extensions, semaphore, 1);
wolfSSL	4:1b0d80432c79	4347
wolfSSL	4:1b0d80432c79	4348	if (ssl->ctx && ssl->ctx->extensions)
wolfSSL	4:1b0d80432c79	4349	length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1);
wolfSSL	4:1b0d80432c79	4350
wolfSSL	4:1b0d80432c79	4351	if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL	4:1b0d80432c79	4352	length += ssl->suites->hashSigAlgoSz + HELLO_EXT_LEN;
wolfSSL	4:1b0d80432c79	4353	}
wolfSSL	4:1b0d80432c79	4354
wolfSSL	4:1b0d80432c79	4355	if (length)
wolfSSL	4:1b0d80432c79	4356	length += OPAQUE16_LEN; /* for total length storage. */
wolfSSL	4:1b0d80432c79	4357
wolfSSL	4:1b0d80432c79	4358	return length;
wolfSSL	4:1b0d80432c79	4359	}
wolfSSL	4:1b0d80432c79	4360
wolfSSL	4:1b0d80432c79	4361	/** Writes the extensions to be sent into the client hello. */
wolfSSL	4:1b0d80432c79	4362	word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
wolfSSL	4:1b0d80432c79	4363	{
wolfSSL	4:1b0d80432c79	4364	word16 offset = 0;
wolfSSL	4:1b0d80432c79	4365
wolfSSL	4:1b0d80432c79	4366	if (TLSX_SupportExtensions(ssl) && output) {
wolfSSL	4:1b0d80432c79	4367	byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL	4:1b0d80432c79	4368
wolfSSL	4:1b0d80432c79	4369	offset += OPAQUE16_LEN; /* extensions length */
wolfSSL	4:1b0d80432c79	4370
wolfSSL	4:1b0d80432c79	4371	EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL	4:1b0d80432c79	4372	STK_VALIDATE_REQUEST(ssl);
wolfSSL	4:1b0d80432c79	4373	QSH_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL	4:1b0d80432c79	4374
wolfSSL	4:1b0d80432c79	4375	if (ssl->extensions)
wolfSSL	4:1b0d80432c79	4376	offset += TLSX_Write(ssl->extensions, output + offset,
wolfSSL	4:1b0d80432c79	4377	semaphore, 1);
wolfSSL	4:1b0d80432c79	4378
wolfSSL	4:1b0d80432c79	4379	if (ssl->ctx && ssl->ctx->extensions)
wolfSSL	4:1b0d80432c79	4380	offset += TLSX_Write(ssl->ctx->extensions, output + offset,
wolfSSL	4:1b0d80432c79	4381	semaphore, 1);
wolfSSL	4:1b0d80432c79	4382
wolfSSL	4:1b0d80432c79	4383	if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL	4:1b0d80432c79	4384	{
wolfSSL	4:1b0d80432c79	4385	int i;
wolfSSL	4:1b0d80432c79	4386	/* extension type */
wolfSSL	4:1b0d80432c79	4387	c16toa(HELLO_EXT_SIG_ALGO, output + offset);
wolfSSL	4:1b0d80432c79	4388	offset += HELLO_EXT_TYPE_SZ;
wolfSSL	4:1b0d80432c79	4389
wolfSSL	4:1b0d80432c79	4390	/* extension data length */
wolfSSL	4:1b0d80432c79	4391	c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz, output + offset);
wolfSSL	4:1b0d80432c79	4392	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	4393
wolfSSL	4:1b0d80432c79	4394	/* sig algos length */
wolfSSL	4:1b0d80432c79	4395	c16toa(ssl->suites->hashSigAlgoSz, output + offset);
wolfSSL	4:1b0d80432c79	4396	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	4397
wolfSSL	4:1b0d80432c79	4398	/* sig algos */
wolfSSL	4:1b0d80432c79	4399	for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, offset++)
wolfSSL	4:1b0d80432c79	4400	output[offset] = ssl->suites->hashSigAlgo[i];
wolfSSL	4:1b0d80432c79	4401	}
wolfSSL	4:1b0d80432c79	4402
wolfSSL	4:1b0d80432c79	4403	if (offset > OPAQUE16_LEN)
wolfSSL	4:1b0d80432c79	4404	c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL	4:1b0d80432c79	4405	}
wolfSSL	4:1b0d80432c79	4406
wolfSSL	4:1b0d80432c79	4407	return offset;
wolfSSL	4:1b0d80432c79	4408	}
wolfSSL	4:1b0d80432c79	4409
wolfSSL	4:1b0d80432c79	4410	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	4:1b0d80432c79	4411
wolfSSL	4:1b0d80432c79	4412	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	4413
wolfSSL	4:1b0d80432c79	4414	/** Tells the buffered size of extensions to be sent into the server hello. */
wolfSSL	4:1b0d80432c79	4415	word16 TLSX_GetResponseSize(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	4416	{
wolfSSL	4:1b0d80432c79	4417	word16 length = 0;
wolfSSL	4:1b0d80432c79	4418	byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL	4:1b0d80432c79	4419
wolfSSL	4:1b0d80432c79	4420	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	4421	/* change response if not using TLS_QSH */
wolfSSL	4:1b0d80432c79	4422	if (!ssl->options.haveQSH) {
wolfSSL	4:1b0d80432c79	4423	TLSX* ext = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL	4:1b0d80432c79	4424	if (ext)
wolfSSL	4:1b0d80432c79	4425	ext->resp = 0;
wolfSSL	4:1b0d80432c79	4426	}
wolfSSL	4:1b0d80432c79	4427	#endif
wolfSSL	4:1b0d80432c79	4428
wolfSSL	4:1b0d80432c79	4429	if (TLSX_SupportExtensions(ssl))
wolfSSL	4:1b0d80432c79	4430	length += TLSX_GetSize(ssl->extensions, semaphore, 0);
wolfSSL	4:1b0d80432c79	4431
wolfSSL	4:1b0d80432c79	4432	/* All the response data is set at the ssl object only, so no ctx here. */
wolfSSL	4:1b0d80432c79	4433
wolfSSL	4:1b0d80432c79	4434	if (length)
wolfSSL	4:1b0d80432c79	4435	length += OPAQUE16_LEN; /* for total length storage */
wolfSSL	4:1b0d80432c79	4436
wolfSSL	4:1b0d80432c79	4437	return length;
wolfSSL	4:1b0d80432c79	4438	}
wolfSSL	4:1b0d80432c79	4439
wolfSSL	4:1b0d80432c79	4440	/** Writes the server hello extensions into a buffer. */
wolfSSL	4:1b0d80432c79	4441	word16 TLSX_WriteResponse(WOLFSSL ssl, byte output)
wolfSSL	4:1b0d80432c79	4442	{
wolfSSL	4:1b0d80432c79	4443	word16 offset = 0;
wolfSSL	4:1b0d80432c79	4444
wolfSSL	4:1b0d80432c79	4445	if (TLSX_SupportExtensions(ssl) && output) {
wolfSSL	4:1b0d80432c79	4446	byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL	4:1b0d80432c79	4447
wolfSSL	4:1b0d80432c79	4448	offset += OPAQUE16_LEN; /* extensions length */
wolfSSL	4:1b0d80432c79	4449
wolfSSL	4:1b0d80432c79	4450	offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0);
wolfSSL	4:1b0d80432c79	4451
wolfSSL	4:1b0d80432c79	4452	if (offset > OPAQUE16_LEN)
wolfSSL	4:1b0d80432c79	4453	c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL	4:1b0d80432c79	4454	}
wolfSSL	4:1b0d80432c79	4455
wolfSSL	4:1b0d80432c79	4456	return offset;
wolfSSL	4:1b0d80432c79	4457	}
wolfSSL	4:1b0d80432c79	4458
wolfSSL	4:1b0d80432c79	4459	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	4:1b0d80432c79	4460
wolfSSL	4:1b0d80432c79	4461	/** Parses a buffer of TLS extensions. */
wolfSSL	4:1b0d80432c79	4462	int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
wolfSSL	4:1b0d80432c79	4463	Suites *suites)
wolfSSL	4:1b0d80432c79	4464	{
wolfSSL	4:1b0d80432c79	4465	int ret = 0;
wolfSSL	4:1b0d80432c79	4466	word16 offset = 0;
wolfSSL	4:1b0d80432c79	4467
wolfSSL	4:1b0d80432c79	4468	if (!ssl \|\| !input \|\| (isRequest && !suites))
wolfSSL	4:1b0d80432c79	4469	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	4470
wolfSSL	4:1b0d80432c79	4471	while (ret == 0 && offset < length) {
wolfSSL	4:1b0d80432c79	4472	word16 type;
wolfSSL	4:1b0d80432c79	4473	word16 size;
wolfSSL	4:1b0d80432c79	4474
wolfSSL	4:1b0d80432c79	4475	if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
wolfSSL	4:1b0d80432c79	4476	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	4477
wolfSSL	4:1b0d80432c79	4478	ato16(input + offset, &type);
wolfSSL	4:1b0d80432c79	4479	offset += HELLO_EXT_TYPE_SZ;
wolfSSL	4:1b0d80432c79	4480
wolfSSL	4:1b0d80432c79	4481	ato16(input + offset, &size);
wolfSSL	4:1b0d80432c79	4482	offset += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	4483
wolfSSL	4:1b0d80432c79	4484	if (offset + size > length)
wolfSSL	4:1b0d80432c79	4485	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	4486
wolfSSL	4:1b0d80432c79	4487	switch (type) {
wolfSSL	4:1b0d80432c79	4488	case TLSX_SERVER_NAME:
wolfSSL	4:1b0d80432c79	4489	WOLFSSL_MSG("SNI extension received");
wolfSSL	4:1b0d80432c79	4490
wolfSSL	4:1b0d80432c79	4491	ret = SNI_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	4:1b0d80432c79	4492	break;
wolfSSL	4:1b0d80432c79	4493
wolfSSL	4:1b0d80432c79	4494	case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL	4:1b0d80432c79	4495	WOLFSSL_MSG("Max Fragment Length extension received");
wolfSSL	4:1b0d80432c79	4496
wolfSSL	4:1b0d80432c79	4497	ret = MFL_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	4:1b0d80432c79	4498	break;
wolfSSL	4:1b0d80432c79	4499
wolfSSL	4:1b0d80432c79	4500	case TLSX_TRUNCATED_HMAC:
wolfSSL	4:1b0d80432c79	4501	WOLFSSL_MSG("Truncated HMAC extension received");
wolfSSL	4:1b0d80432c79	4502
wolfSSL	4:1b0d80432c79	4503	ret = THM_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	4:1b0d80432c79	4504	break;
wolfSSL	4:1b0d80432c79	4505
wolfSSL	4:1b0d80432c79	4506	case TLSX_SUPPORTED_GROUPS:
wolfSSL	4:1b0d80432c79	4507	WOLFSSL_MSG("Elliptic Curves extension received");
wolfSSL	4:1b0d80432c79	4508
wolfSSL	4:1b0d80432c79	4509	ret = EC_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	4:1b0d80432c79	4510	break;
wolfSSL	4:1b0d80432c79	4511
wolfSSL	4:1b0d80432c79	4512	case TLSX_STATUS_REQUEST:
wolfSSL	4:1b0d80432c79	4513	WOLFSSL_MSG("Certificate Status Request extension received");
wolfSSL	4:1b0d80432c79	4514
wolfSSL	4:1b0d80432c79	4515	ret = CSR_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	4:1b0d80432c79	4516	break;
wolfSSL	4:1b0d80432c79	4517
wolfSSL	4:1b0d80432c79	4518	case TLSX_STATUS_REQUEST_V2:
wolfSSL	4:1b0d80432c79	4519	WOLFSSL_MSG("Certificate Status Request v2 extension received");
wolfSSL	4:1b0d80432c79	4520
wolfSSL	4:1b0d80432c79	4521	ret = CSR2_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	4:1b0d80432c79	4522	break;
wolfSSL	4:1b0d80432c79	4523
wolfSSL	4:1b0d80432c79	4524	case TLSX_RENEGOTIATION_INFO:
wolfSSL	4:1b0d80432c79	4525	WOLFSSL_MSG("Secure Renegotiation extension received");
wolfSSL	4:1b0d80432c79	4526
wolfSSL	4:1b0d80432c79	4527	ret = SCR_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	4:1b0d80432c79	4528	break;
wolfSSL	4:1b0d80432c79	4529
wolfSSL	4:1b0d80432c79	4530	case TLSX_SESSION_TICKET:
wolfSSL	4:1b0d80432c79	4531	WOLFSSL_MSG("Session Ticket extension received");
wolfSSL	4:1b0d80432c79	4532
wolfSSL	4:1b0d80432c79	4533	ret = STK_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	4:1b0d80432c79	4534	break;
wolfSSL	4:1b0d80432c79	4535
wolfSSL	4:1b0d80432c79	4536	case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL	4:1b0d80432c79	4537	WOLFSSL_MSG("Quantum-Safe-Hybrid extension received");
wolfSSL	4:1b0d80432c79	4538
wolfSSL	4:1b0d80432c79	4539	ret = QSH_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	4:1b0d80432c79	4540	break;
wolfSSL	4:1b0d80432c79	4541
wolfSSL	4:1b0d80432c79	4542	case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL	4:1b0d80432c79	4543	WOLFSSL_MSG("ALPN extension received");
wolfSSL	4:1b0d80432c79	4544
wolfSSL	4:1b0d80432c79	4545	ret = ALPN_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	4:1b0d80432c79	4546	break;
wolfSSL	4:1b0d80432c79	4547
wolfSSL	4:1b0d80432c79	4548	case HELLO_EXT_SIG_ALGO:
wolfSSL	4:1b0d80432c79	4549	if (isRequest) {
wolfSSL	4:1b0d80432c79	4550	/* do not mess with offset inside the switch! */
wolfSSL	4:1b0d80432c79	4551	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	4552	ato16(input + offset, &suites->hashSigAlgoSz);
wolfSSL	4:1b0d80432c79	4553
wolfSSL	4:1b0d80432c79	4554	if (suites->hashSigAlgoSz > size - OPAQUE16_LEN)
wolfSSL	4:1b0d80432c79	4555	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	4556
wolfSSL	4:1b0d80432c79	4557	XMEMCPY(suites->hashSigAlgo,
wolfSSL	4:1b0d80432c79	4558	input + offset + OPAQUE16_LEN,
wolfSSL	4:1b0d80432c79	4559	min(suites->hashSigAlgoSz,
wolfSSL	4:1b0d80432c79	4560	HELLO_EXT_SIGALGO_MAX));
wolfSSL	4:1b0d80432c79	4561	}
wolfSSL	4:1b0d80432c79	4562	} else {
wolfSSL	4:1b0d80432c79	4563	WOLFSSL_MSG("Servers MUST NOT send SIG ALGO extension.");
wolfSSL	4:1b0d80432c79	4564	}
wolfSSL	4:1b0d80432c79	4565
wolfSSL	4:1b0d80432c79	4566	break;
wolfSSL	4:1b0d80432c79	4567	}
wolfSSL	4:1b0d80432c79	4568
wolfSSL	4:1b0d80432c79	4569	/* offset should be updated here! */
wolfSSL	4:1b0d80432c79	4570	offset += size;
wolfSSL	4:1b0d80432c79	4571	}
wolfSSL	4:1b0d80432c79	4572
wolfSSL	4:1b0d80432c79	4573	if (ret == 0)
wolfSSL	4:1b0d80432c79	4574	ret = SNI_VERIFY_PARSE(ssl, isRequest);
wolfSSL	4:1b0d80432c79	4575
wolfSSL	4:1b0d80432c79	4576	return ret;
wolfSSL	4:1b0d80432c79	4577	}
wolfSSL	4:1b0d80432c79	4578
wolfSSL	4:1b0d80432c79	4579	/* undefining semaphore macros */
wolfSSL	4:1b0d80432c79	4580	#undef IS_OFF
wolfSSL	4:1b0d80432c79	4581	#undef TURN_ON
wolfSSL	4:1b0d80432c79	4582	#undef SEMAPHORE_SIZE
wolfSSL	4:1b0d80432c79	4583
wolfSSL	4:1b0d80432c79	4584	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	4:1b0d80432c79	4585
wolfSSL	4:1b0d80432c79	4586	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	4587
wolfSSL	4:1b0d80432c79	4588	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	4589
wolfSSL	4:1b0d80432c79	4590	WOLFSSL_METHOD* wolfTLSv1_client_method(void)
wolfSSL	4:1b0d80432c79	4591	{
wolfSSL	4:1b0d80432c79	4592	WOLFSSL_METHOD* method =
wolfSSL	4:1b0d80432c79	4593	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL	4:1b0d80432c79	4594	DYNAMIC_TYPE_METHOD);
wolfSSL	4:1b0d80432c79	4595	if (method)
wolfSSL	4:1b0d80432c79	4596	InitSSL_Method(method, MakeTLSv1());
wolfSSL	4:1b0d80432c79	4597	return method;
wolfSSL	4:1b0d80432c79	4598	}
wolfSSL	4:1b0d80432c79	4599
wolfSSL	4:1b0d80432c79	4600
wolfSSL	4:1b0d80432c79	4601	WOLFSSL_METHOD* wolfTLSv1_1_client_method(void)
wolfSSL	4:1b0d80432c79	4602	{
wolfSSL	4:1b0d80432c79	4603	WOLFSSL_METHOD* method =
wolfSSL	4:1b0d80432c79	4604	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL	4:1b0d80432c79	4605	DYNAMIC_TYPE_METHOD);
wolfSSL	4:1b0d80432c79	4606	if (method)
wolfSSL	4:1b0d80432c79	4607	InitSSL_Method(method, MakeTLSv1_1());
wolfSSL	4:1b0d80432c79	4608	return method;
wolfSSL	4:1b0d80432c79	4609	}
wolfSSL	4:1b0d80432c79	4610
wolfSSL	4:1b0d80432c79	4611	#endif /* !NO_OLD_TLS */
wolfSSL	4:1b0d80432c79	4612
wolfSSL	4:1b0d80432c79	4613	#ifndef NO_SHA256 /* can't use without SHA256 */
wolfSSL	4:1b0d80432c79	4614
wolfSSL	4:1b0d80432c79	4615	WOLFSSL_METHOD* wolfTLSv1_2_client_method(void)
wolfSSL	4:1b0d80432c79	4616	{
wolfSSL	4:1b0d80432c79	4617	WOLFSSL_METHOD* method =
wolfSSL	4:1b0d80432c79	4618	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL	4:1b0d80432c79	4619	DYNAMIC_TYPE_METHOD);
wolfSSL	4:1b0d80432c79	4620	if (method)
wolfSSL	4:1b0d80432c79	4621	InitSSL_Method(method, MakeTLSv1_2());
wolfSSL	4:1b0d80432c79	4622	return method;
wolfSSL	4:1b0d80432c79	4623	}
wolfSSL	4:1b0d80432c79	4624
wolfSSL	4:1b0d80432c79	4625	#endif
wolfSSL	4:1b0d80432c79	4626
wolfSSL	4:1b0d80432c79	4627
wolfSSL	4:1b0d80432c79	4628	WOLFSSL_METHOD* wolfSSLv23_client_method(void)
wolfSSL	4:1b0d80432c79	4629	{
wolfSSL	4:1b0d80432c79	4630	WOLFSSL_METHOD* method =
wolfSSL	4:1b0d80432c79	4631	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL	4:1b0d80432c79	4632	DYNAMIC_TYPE_METHOD);
wolfSSL	4:1b0d80432c79	4633	if (method) {
wolfSSL	4:1b0d80432c79	4634	#ifndef NO_SHA256 /* 1.2 requires SHA256 */
wolfSSL	4:1b0d80432c79	4635	InitSSL_Method(method, MakeTLSv1_2());
wolfSSL	4:1b0d80432c79	4636	#else
wolfSSL	4:1b0d80432c79	4637	InitSSL_Method(method, MakeTLSv1_1());
wolfSSL	4:1b0d80432c79	4638	#endif
wolfSSL	4:1b0d80432c79	4639	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	4640	method->downgrade = 1;
wolfSSL	4:1b0d80432c79	4641	#endif
wolfSSL	4:1b0d80432c79	4642	}
wolfSSL	4:1b0d80432c79	4643	return method;
wolfSSL	4:1b0d80432c79	4644	}
wolfSSL	4:1b0d80432c79	4645
wolfSSL	4:1b0d80432c79	4646
wolfSSL	4:1b0d80432c79	4647	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	4:1b0d80432c79	4648
wolfSSL	4:1b0d80432c79	4649
wolfSSL	4:1b0d80432c79	4650
wolfSSL	4:1b0d80432c79	4651	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	4652
wolfSSL	4:1b0d80432c79	4653	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	4654
wolfSSL	4:1b0d80432c79	4655	WOLFSSL_METHOD* wolfTLSv1_server_method(void)
wolfSSL	4:1b0d80432c79	4656	{
wolfSSL	4:1b0d80432c79	4657	WOLFSSL_METHOD* method =
wolfSSL	4:1b0d80432c79	4658	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL	4:1b0d80432c79	4659	DYNAMIC_TYPE_METHOD);
wolfSSL	4:1b0d80432c79	4660	if (method) {
wolfSSL	4:1b0d80432c79	4661	InitSSL_Method(method, MakeTLSv1());
wolfSSL	4:1b0d80432c79	4662	method->side = WOLFSSL_SERVER_END;
wolfSSL	4:1b0d80432c79	4663	}
wolfSSL	4:1b0d80432c79	4664	return method;
wolfSSL	4:1b0d80432c79	4665	}
wolfSSL	4:1b0d80432c79	4666
wolfSSL	4:1b0d80432c79	4667
wolfSSL	4:1b0d80432c79	4668	WOLFSSL_METHOD* wolfTLSv1_1_server_method(void)
wolfSSL	4:1b0d80432c79	4669	{
wolfSSL	4:1b0d80432c79	4670	WOLFSSL_METHOD* method =
wolfSSL	4:1b0d80432c79	4671	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL	4:1b0d80432c79	4672	DYNAMIC_TYPE_METHOD);
wolfSSL	4:1b0d80432c79	4673	if (method) {
wolfSSL	4:1b0d80432c79	4674	InitSSL_Method(method, MakeTLSv1_1());
wolfSSL	4:1b0d80432c79	4675	method->side = WOLFSSL_SERVER_END;
wolfSSL	4:1b0d80432c79	4676	}
wolfSSL	4:1b0d80432c79	4677	return method;
wolfSSL	4:1b0d80432c79	4678	}
wolfSSL	4:1b0d80432c79	4679
wolfSSL	4:1b0d80432c79	4680	#endif /* !NO_OLD_TLS */
wolfSSL	4:1b0d80432c79	4681
wolfSSL	4:1b0d80432c79	4682	#ifndef NO_SHA256 /* can't use without SHA256 */
wolfSSL	4:1b0d80432c79	4683
wolfSSL	4:1b0d80432c79	4684	WOLFSSL_METHOD* wolfTLSv1_2_server_method(void)
wolfSSL	4:1b0d80432c79	4685	{
wolfSSL	4:1b0d80432c79	4686	WOLFSSL_METHOD* method =
wolfSSL	4:1b0d80432c79	4687	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL	4:1b0d80432c79	4688	DYNAMIC_TYPE_METHOD);
wolfSSL	4:1b0d80432c79	4689	if (method) {
wolfSSL	4:1b0d80432c79	4690	InitSSL_Method(method, MakeTLSv1_2());
wolfSSL	4:1b0d80432c79	4691	method->side = WOLFSSL_SERVER_END;
wolfSSL	4:1b0d80432c79	4692	}
wolfSSL	4:1b0d80432c79	4693	return method;
wolfSSL	4:1b0d80432c79	4694	}
wolfSSL	4:1b0d80432c79	4695
wolfSSL	4:1b0d80432c79	4696	#endif
wolfSSL	4:1b0d80432c79	4697
wolfSSL	4:1b0d80432c79	4698
wolfSSL	4:1b0d80432c79	4699	WOLFSSL_METHOD* wolfSSLv23_server_method(void)
wolfSSL	4:1b0d80432c79	4700	{
wolfSSL	4:1b0d80432c79	4701	WOLFSSL_METHOD* method =
wolfSSL	4:1b0d80432c79	4702	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL	4:1b0d80432c79	4703	DYNAMIC_TYPE_METHOD);
wolfSSL	4:1b0d80432c79	4704	if (method) {
wolfSSL	4:1b0d80432c79	4705	#ifndef NO_SHA256 /* 1.2 requires SHA256 */
wolfSSL	4:1b0d80432c79	4706	InitSSL_Method(method, MakeTLSv1_2());
wolfSSL	4:1b0d80432c79	4707	#else
wolfSSL	4:1b0d80432c79	4708	InitSSL_Method(method, MakeTLSv1_1());
wolfSSL	4:1b0d80432c79	4709	#endif
wolfSSL	4:1b0d80432c79	4710	method->side = WOLFSSL_SERVER_END;
wolfSSL	4:1b0d80432c79	4711	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	4712	method->downgrade = 1;
wolfSSL	4:1b0d80432c79	4713	#endif /* !NO_OLD_TLS */
wolfSSL	4:1b0d80432c79	4714	}
wolfSSL	4:1b0d80432c79	4715	return method;
wolfSSL	4:1b0d80432c79	4716	}
wolfSSL	4:1b0d80432c79	4717
wolfSSL	4:1b0d80432c79	4718
wolfSSL	4:1b0d80432c79	4719
wolfSSL	4:1b0d80432c79	4720	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	4:1b0d80432c79	4721	#endif /* NO_TLS */
wolfSSL	4:1b0d80432c79	4722	#endif /* WOLFCRYPT_ONLY */
wolfSSL	4:1b0d80432c79	4723

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	26 Jun 2015
Imports:	673
Forks:	0
Commits:	18
Dependents:	29
Dependencies:	0
Followers:	21

src/tls.c@4:1b0d80432c79, 2016-04-28 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning