wolfSSL - wolfSSL SSL/TLS library, support up to TLS1.3

Users » wolfSSL » Code » wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

src/tls.c@7:481bce714567, 2017-05-02 (annotated)

Committer:: wolfSSL
Date:: Tue May 02 08:44:47 2017 +0000
Revision:: 7:481bce714567

wolfSSL3.10.2

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	7:481bce714567	1	/* tls.c
wolfSSL	7:481bce714567	2	*
wolfSSL	7:481bce714567	3	* Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL	7:481bce714567	4	*
wolfSSL	7:481bce714567	5	* This file is part of wolfSSL.
wolfSSL	7:481bce714567	6	*
wolfSSL	7:481bce714567	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	7:481bce714567	8	* it under the terms of the GNU General Public License as published by
wolfSSL	7:481bce714567	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	7:481bce714567	10	* (at your option) any later version.
wolfSSL	7:481bce714567	11	*
wolfSSL	7:481bce714567	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	7:481bce714567	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	7:481bce714567	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	7:481bce714567	15	* GNU General Public License for more details.
wolfSSL	7:481bce714567	16	*
wolfSSL	7:481bce714567	17	* You should have received a copy of the GNU General Public License
wolfSSL	7:481bce714567	18	* along with this program; if not, write to the Free Software
wolfSSL	7:481bce714567	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	7:481bce714567	20	*/
wolfSSL	7:481bce714567	21
wolfSSL	7:481bce714567	22
wolfSSL	7:481bce714567	23
wolfSSL	7:481bce714567	24	#ifdef HAVE_CONFIG_H
wolfSSL	7:481bce714567	25	#include <config.h>
wolfSSL	7:481bce714567	26	#endif
wolfSSL	7:481bce714567	27
wolfSSL	7:481bce714567	28	#include <wolfssl/wolfcrypt/settings.h>
wolfSSL	7:481bce714567	29
wolfSSL	7:481bce714567	30	#ifndef WOLFCRYPT_ONLY
wolfSSL	7:481bce714567	31
wolfSSL	7:481bce714567	32	#include <wolfssl/ssl.h>
wolfSSL	7:481bce714567	33	#include <wolfssl/internal.h>
wolfSSL	7:481bce714567	34	#include <wolfssl/error-ssl.h>
wolfSSL	7:481bce714567	35	#include <wolfssl/wolfcrypt/hmac.h>
wolfSSL	7:481bce714567	36	#ifdef NO_INLINE
wolfSSL	7:481bce714567	37	#include <wolfssl/wolfcrypt/misc.h>
wolfSSL	7:481bce714567	38	#else
wolfSSL	7:481bce714567	39	#define WOLFSSL_MISC_INCLUDED
wolfSSL	7:481bce714567	40	#include <wolfcrypt/src/misc.c>
wolfSSL	7:481bce714567	41	#endif
wolfSSL	7:481bce714567	42
wolfSSL	7:481bce714567	43	#ifdef HAVE_NTRU
wolfSSL	7:481bce714567	44	#include "libntruencrypt/ntru_crypto.h"
wolfSSL	7:481bce714567	45	#include <wolfssl/wolfcrypt/random.h>
wolfSSL	7:481bce714567	46	#endif
wolfSSL	7:481bce714567	47	#ifdef HAVE_QSH
wolfSSL	7:481bce714567	48	static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key);
wolfSSL	7:481bce714567	49	static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name);
wolfSSL	7:481bce714567	50	static int TLSX_CreateNtruKey(WOLFSSL* ssl, int type);
wolfSSL	7:481bce714567	51	#endif
wolfSSL	7:481bce714567	52
wolfSSL	7:481bce714567	53
wolfSSL	7:481bce714567	54	#ifndef NO_TLS
wolfSSL	7:481bce714567	55
wolfSSL	7:481bce714567	56	/* Digest enable checks */
wolfSSL	7:481bce714567	57	#ifdef NO_OLD_TLS /* TLS 1.2 only */
wolfSSL	7:481bce714567	58	#if defined(NO_SHA256) && !defined(WOLFSSL_SHA384) && \
wolfSSL	7:481bce714567	59	!defined(WOLFSSL_SHA512)
wolfSSL	7:481bce714567	60	#error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2
wolfSSL	7:481bce714567	61	#endif
wolfSSL	7:481bce714567	62	#else /* TLS 1.1 or older */
wolfSSL	7:481bce714567	63	#if defined(NO_MD5) && defined(NO_SHA)
wolfSSL	7:481bce714567	64	#error Must have SHA1 and MD5 enabled for old TLS
wolfSSL	7:481bce714567	65	#endif
wolfSSL	7:481bce714567	66	#endif
wolfSSL	7:481bce714567	67
wolfSSL	7:481bce714567	68
wolfSSL	7:481bce714567	69	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	70	#define P_HASH_MAX_SIZE SHA384_DIGEST_SIZE
wolfSSL	7:481bce714567	71	#else
wolfSSL	7:481bce714567	72	#define P_HASH_MAX_SIZE SHA256_DIGEST_SIZE
wolfSSL	7:481bce714567	73	#endif
wolfSSL	7:481bce714567	74
wolfSSL	7:481bce714567	75	/* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
wolfSSL	7:481bce714567	76	static int p_hash(byte* result, word32 resLen, const byte* secret,
wolfSSL	7:481bce714567	77	word32 secLen, const byte* seed, word32 seedLen, int hash)
wolfSSL	7:481bce714567	78	{
wolfSSL	7:481bce714567	79	word32 len = P_HASH_MAX_SIZE;
wolfSSL	7:481bce714567	80	word32 times;
wolfSSL	7:481bce714567	81	word32 lastLen;
wolfSSL	7:481bce714567	82	word32 lastTime;
wolfSSL	7:481bce714567	83	word32 i;
wolfSSL	7:481bce714567	84	word32 idx = 0;
wolfSSL	7:481bce714567	85	int ret = 0;
wolfSSL	7:481bce714567	86	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	87	byte* previous;
wolfSSL	7:481bce714567	88	byte* current;
wolfSSL	7:481bce714567	89	Hmac* hmac;
wolfSSL	7:481bce714567	90	#else
wolfSSL	7:481bce714567	91	byte previous[P_HASH_MAX_SIZE]; /* max size */
wolfSSL	7:481bce714567	92	byte current[P_HASH_MAX_SIZE]; /* max size */
wolfSSL	7:481bce714567	93	Hmac hmac[1];
wolfSSL	7:481bce714567	94	#endif
wolfSSL	7:481bce714567	95
wolfSSL	7:481bce714567	96	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	97	previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	98	current = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	99	hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	100
wolfSSL	7:481bce714567	101	if (previous == NULL \|\| current == NULL \|\| hmac == NULL) {
wolfSSL	7:481bce714567	102	if (previous) XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	103	if (current) XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	104	if (hmac) XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	105
wolfSSL	7:481bce714567	106	return MEMORY_E;
wolfSSL	7:481bce714567	107	}
wolfSSL	7:481bce714567	108	#endif
wolfSSL	7:481bce714567	109
wolfSSL	7:481bce714567	110	switch (hash) {
wolfSSL	7:481bce714567	111	#ifndef NO_MD5
wolfSSL	7:481bce714567	112	case md5_mac:
wolfSSL	7:481bce714567	113	hash = MD5;
wolfSSL	7:481bce714567	114	len = MD5_DIGEST_SIZE;
wolfSSL	7:481bce714567	115	break;
wolfSSL	7:481bce714567	116	#endif
wolfSSL	7:481bce714567	117
wolfSSL	7:481bce714567	118	#ifndef NO_SHA256
wolfSSL	7:481bce714567	119	case sha256_mac:
wolfSSL	7:481bce714567	120	hash = SHA256;
wolfSSL	7:481bce714567	121	len = SHA256_DIGEST_SIZE;
wolfSSL	7:481bce714567	122	break;
wolfSSL	7:481bce714567	123	#endif
wolfSSL	7:481bce714567	124
wolfSSL	7:481bce714567	125	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	126	case sha384_mac:
wolfSSL	7:481bce714567	127	hash = SHA384;
wolfSSL	7:481bce714567	128	len = SHA384_DIGEST_SIZE;
wolfSSL	7:481bce714567	129	break;
wolfSSL	7:481bce714567	130	#endif
wolfSSL	7:481bce714567	131
wolfSSL	7:481bce714567	132	#ifndef NO_SHA
wolfSSL	7:481bce714567	133	case sha_mac:
wolfSSL	7:481bce714567	134	default:
wolfSSL	7:481bce714567	135	hash = SHA;
wolfSSL	7:481bce714567	136	len = SHA_DIGEST_SIZE;
wolfSSL	7:481bce714567	137	break;
wolfSSL	7:481bce714567	138	#endif
wolfSSL	7:481bce714567	139	}
wolfSSL	7:481bce714567	140
wolfSSL	7:481bce714567	141	times = resLen / len;
wolfSSL	7:481bce714567	142	lastLen = resLen % len;
wolfSSL	7:481bce714567	143
wolfSSL	7:481bce714567	144	if (lastLen)
wolfSSL	7:481bce714567	145	times += 1;
wolfSSL	7:481bce714567	146
wolfSSL	7:481bce714567	147	lastTime = times - 1;
wolfSSL	7:481bce714567	148
wolfSSL	7:481bce714567	149	if ((ret = wc_HmacSetKey(hmac, hash, secret, secLen)) == 0) {
wolfSSL	7:481bce714567	150	if ((ret = wc_HmacUpdate(hmac, seed, seedLen)) == 0) { /* A0 = seed */
wolfSSL	7:481bce714567	151	if ((ret = wc_HmacFinal(hmac, previous)) == 0) { /* A1 */
wolfSSL	7:481bce714567	152	for (i = 0; i < times; i++) {
wolfSSL	7:481bce714567	153	ret = wc_HmacUpdate(hmac, previous, len);
wolfSSL	7:481bce714567	154	if (ret != 0)
wolfSSL	7:481bce714567	155	break;
wolfSSL	7:481bce714567	156	ret = wc_HmacUpdate(hmac, seed, seedLen);
wolfSSL	7:481bce714567	157	if (ret != 0)
wolfSSL	7:481bce714567	158	break;
wolfSSL	7:481bce714567	159	ret = wc_HmacFinal(hmac, current);
wolfSSL	7:481bce714567	160	if (ret != 0)
wolfSSL	7:481bce714567	161	break;
wolfSSL	7:481bce714567	162
wolfSSL	7:481bce714567	163	if ((i == lastTime) && lastLen)
wolfSSL	7:481bce714567	164	XMEMCPY(&result[idx], current,
wolfSSL	7:481bce714567	165	min(lastLen, P_HASH_MAX_SIZE));
wolfSSL	7:481bce714567	166	else {
wolfSSL	7:481bce714567	167	XMEMCPY(&result[idx], current, len);
wolfSSL	7:481bce714567	168	idx += len;
wolfSSL	7:481bce714567	169	ret = wc_HmacUpdate(hmac, previous, len);
wolfSSL	7:481bce714567	170	if (ret != 0)
wolfSSL	7:481bce714567	171	break;
wolfSSL	7:481bce714567	172	ret = wc_HmacFinal(hmac, previous);
wolfSSL	7:481bce714567	173	if (ret != 0)
wolfSSL	7:481bce714567	174	break;
wolfSSL	7:481bce714567	175	}
wolfSSL	7:481bce714567	176	}
wolfSSL	7:481bce714567	177	}
wolfSSL	7:481bce714567	178	}
wolfSSL	7:481bce714567	179	}
wolfSSL	7:481bce714567	180
wolfSSL	7:481bce714567	181	ForceZero(previous, P_HASH_MAX_SIZE);
wolfSSL	7:481bce714567	182	ForceZero(current, P_HASH_MAX_SIZE);
wolfSSL	7:481bce714567	183	ForceZero(hmac, sizeof(Hmac));
wolfSSL	7:481bce714567	184
wolfSSL	7:481bce714567	185	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	186	XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	187	XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	188	XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	189	#endif
wolfSSL	7:481bce714567	190
wolfSSL	7:481bce714567	191	return ret;
wolfSSL	7:481bce714567	192	}
wolfSSL	7:481bce714567	193
wolfSSL	7:481bce714567	194	#undef P_HASH_MAX_SIZE
wolfSSL	7:481bce714567	195
wolfSSL	7:481bce714567	196
wolfSSL	7:481bce714567	197	#ifndef NO_OLD_TLS
wolfSSL	7:481bce714567	198
wolfSSL	7:481bce714567	199	/* calculate XOR for TLSv1 PRF */
wolfSSL	7:481bce714567	200	static INLINE void get_xor(byte digest, word32 digLen, byte md5, byte* sha)
wolfSSL	7:481bce714567	201	{
wolfSSL	7:481bce714567	202	word32 i;
wolfSSL	7:481bce714567	203
wolfSSL	7:481bce714567	204	for (i = 0; i < digLen; i++)
wolfSSL	7:481bce714567	205	digest[i] = md5[i] ^ sha[i];
wolfSSL	7:481bce714567	206	}
wolfSSL	7:481bce714567	207
wolfSSL	7:481bce714567	208
wolfSSL	7:481bce714567	209	/* compute TLSv1 PRF (pseudo random function using HMAC) */
wolfSSL	7:481bce714567	210	static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
wolfSSL	7:481bce714567	211	const byte* label, word32 labLen, const byte* seed,
wolfSSL	7:481bce714567	212	word32 seedLen)
wolfSSL	7:481bce714567	213	{
wolfSSL	7:481bce714567	214	int ret = 0;
wolfSSL	7:481bce714567	215	word32 half = (secLen + 1) / 2;
wolfSSL	7:481bce714567	216
wolfSSL	7:481bce714567	217	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	218	byte* md5_half;
wolfSSL	7:481bce714567	219	byte* sha_half;
wolfSSL	7:481bce714567	220	byte* labelSeed;
wolfSSL	7:481bce714567	221	byte* md5_result;
wolfSSL	7:481bce714567	222	byte* sha_result;
wolfSSL	7:481bce714567	223	#else
wolfSSL	7:481bce714567	224	byte md5_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL	7:481bce714567	225	byte sha_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL	7:481bce714567	226	byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
wolfSSL	7:481bce714567	227	byte md5_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL	7:481bce714567	228	byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL	7:481bce714567	229	#endif
wolfSSL	7:481bce714567	230
wolfSSL	7:481bce714567	231	if (half > MAX_PRF_HALF)
wolfSSL	7:481bce714567	232	return BUFFER_E;
wolfSSL	7:481bce714567	233	if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL	7:481bce714567	234	return BUFFER_E;
wolfSSL	7:481bce714567	235	if (digLen > MAX_PRF_DIG)
wolfSSL	7:481bce714567	236	return BUFFER_E;
wolfSSL	7:481bce714567	237
wolfSSL	7:481bce714567	238	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	239	md5_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	240	sha_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	241	labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	242	md5_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	243	sha_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	244
wolfSSL	7:481bce714567	245	if (md5_half == NULL \|\| sha_half == NULL \|\| labelSeed == NULL \|\|
wolfSSL	7:481bce714567	246	md5_result == NULL \|\| sha_result == NULL) {
wolfSSL	7:481bce714567	247	if (md5_half) XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	248	if (sha_half) XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	249	if (labelSeed) XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	250	if (md5_result) XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	251	if (sha_result) XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	252
wolfSSL	7:481bce714567	253	return MEMORY_E;
wolfSSL	7:481bce714567	254	}
wolfSSL	7:481bce714567	255	#endif
wolfSSL	7:481bce714567	256
wolfSSL	7:481bce714567	257	XMEMSET(md5_result, 0, digLen);
wolfSSL	7:481bce714567	258	XMEMSET(sha_result, 0, digLen);
wolfSSL	7:481bce714567	259
wolfSSL	7:481bce714567	260	XMEMCPY(md5_half, secret, half);
wolfSSL	7:481bce714567	261	XMEMCPY(sha_half, secret + half - secLen % 2, half);
wolfSSL	7:481bce714567	262
wolfSSL	7:481bce714567	263	XMEMCPY(labelSeed, label, labLen);
wolfSSL	7:481bce714567	264	XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL	7:481bce714567	265
wolfSSL	7:481bce714567	266	if ((ret = p_hash(md5_result, digLen, md5_half, half, labelSeed,
wolfSSL	7:481bce714567	267	labLen + seedLen, md5_mac)) == 0) {
wolfSSL	7:481bce714567	268	if ((ret = p_hash(sha_result, digLen, sha_half, half, labelSeed,
wolfSSL	7:481bce714567	269	labLen + seedLen, sha_mac)) == 0) {
wolfSSL	7:481bce714567	270	get_xor(digest, digLen, md5_result, sha_result);
wolfSSL	7:481bce714567	271	}
wolfSSL	7:481bce714567	272	}
wolfSSL	7:481bce714567	273
wolfSSL	7:481bce714567	274	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	275	XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	276	XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	277	XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	278	XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	279	XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	280	#endif
wolfSSL	7:481bce714567	281
wolfSSL	7:481bce714567	282	return ret;
wolfSSL	7:481bce714567	283	}
wolfSSL	7:481bce714567	284
wolfSSL	7:481bce714567	285	#endif
wolfSSL	7:481bce714567	286
wolfSSL	7:481bce714567	287
wolfSSL	7:481bce714567	288	/* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack
wolfSSL	7:481bce714567	289	use */
wolfSSL	7:481bce714567	290	static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
wolfSSL	7:481bce714567	291	const byte* label, word32 labLen, const byte* seed, word32 seedLen,
wolfSSL	7:481bce714567	292	int useAtLeastSha256, int hash_type)
wolfSSL	7:481bce714567	293	{
wolfSSL	7:481bce714567	294	int ret = 0;
wolfSSL	7:481bce714567	295
wolfSSL	7:481bce714567	296	if (useAtLeastSha256) {
wolfSSL	7:481bce714567	297	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	298	byte* labelSeed;
wolfSSL	7:481bce714567	299	#else
wolfSSL	7:481bce714567	300	byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
wolfSSL	7:481bce714567	301	#endif
wolfSSL	7:481bce714567	302
wolfSSL	7:481bce714567	303	if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL	7:481bce714567	304	return BUFFER_E;
wolfSSL	7:481bce714567	305
wolfSSL	7:481bce714567	306	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	307	labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL,
wolfSSL	7:481bce714567	308	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	309	if (labelSeed == NULL)
wolfSSL	7:481bce714567	310	return MEMORY_E;
wolfSSL	7:481bce714567	311	#endif
wolfSSL	7:481bce714567	312
wolfSSL	7:481bce714567	313	XMEMCPY(labelSeed, label, labLen);
wolfSSL	7:481bce714567	314	XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL	7:481bce714567	315
wolfSSL	7:481bce714567	316	/* If a cipher suite wants an algorithm better than sha256, it
wolfSSL	7:481bce714567	317	* should use better. */
wolfSSL	7:481bce714567	318	if (hash_type < sha256_mac \|\| hash_type == blake2b_mac)
wolfSSL	7:481bce714567	319	hash_type = sha256_mac;
wolfSSL	7:481bce714567	320	ret = p_hash(digest, digLen, secret, secLen, labelSeed,
wolfSSL	7:481bce714567	321	labLen + seedLen, hash_type);
wolfSSL	7:481bce714567	322
wolfSSL	7:481bce714567	323	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	324	XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	325	#endif
wolfSSL	7:481bce714567	326	}
wolfSSL	7:481bce714567	327	#ifndef NO_OLD_TLS
wolfSSL	7:481bce714567	328	else {
wolfSSL	7:481bce714567	329	ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed,
wolfSSL	7:481bce714567	330	seedLen);
wolfSSL	7:481bce714567	331	}
wolfSSL	7:481bce714567	332	#endif
wolfSSL	7:481bce714567	333
wolfSSL	7:481bce714567	334	return ret;
wolfSSL	7:481bce714567	335	}
wolfSSL	7:481bce714567	336
wolfSSL	7:481bce714567	337
wolfSSL	7:481bce714567	338	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	339	#define HSHASH_SZ SHA384_DIGEST_SIZE
wolfSSL	7:481bce714567	340	#else
wolfSSL	7:481bce714567	341	#define HSHASH_SZ FINISHED_SZ
wolfSSL	7:481bce714567	342	#endif
wolfSSL	7:481bce714567	343
wolfSSL	7:481bce714567	344
wolfSSL	7:481bce714567	345	int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen)
wolfSSL	7:481bce714567	346	{
wolfSSL	7:481bce714567	347	word32 hashSz = FINISHED_SZ;
wolfSSL	7:481bce714567	348
wolfSSL	7:481bce714567	349	if (ssl == NULL \|\| hash == NULL \|\| hashLen == NULL \|\| *hashLen < HSHASH_SZ)
wolfSSL	7:481bce714567	350	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	351
wolfSSL	7:481bce714567	352	#ifndef NO_OLD_TLS
wolfSSL	7:481bce714567	353	wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash);
wolfSSL	7:481bce714567	354	wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[MD5_DIGEST_SIZE]);
wolfSSL	7:481bce714567	355	#endif
wolfSSL	7:481bce714567	356
wolfSSL	7:481bce714567	357	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	7:481bce714567	358	#ifndef NO_SHA256
wolfSSL	7:481bce714567	359	if (ssl->specs.mac_algorithm <= sha256_mac \|\|
wolfSSL	7:481bce714567	360	ssl->specs.mac_algorithm == blake2b_mac) {
wolfSSL	7:481bce714567	361	int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash);
wolfSSL	7:481bce714567	362
wolfSSL	7:481bce714567	363	if (ret != 0)
wolfSSL	7:481bce714567	364	return ret;
wolfSSL	7:481bce714567	365
wolfSSL	7:481bce714567	366	hashSz = SHA256_DIGEST_SIZE;
wolfSSL	7:481bce714567	367	}
wolfSSL	7:481bce714567	368	#endif
wolfSSL	7:481bce714567	369	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	370	if (ssl->specs.mac_algorithm == sha384_mac) {
wolfSSL	7:481bce714567	371	int ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash);
wolfSSL	7:481bce714567	372
wolfSSL	7:481bce714567	373	if (ret != 0)
wolfSSL	7:481bce714567	374	return ret;
wolfSSL	7:481bce714567	375
wolfSSL	7:481bce714567	376	hashSz = SHA384_DIGEST_SIZE;
wolfSSL	7:481bce714567	377	}
wolfSSL	7:481bce714567	378	#endif
wolfSSL	7:481bce714567	379	}
wolfSSL	7:481bce714567	380
wolfSSL	7:481bce714567	381	*hashLen = hashSz;
wolfSSL	7:481bce714567	382
wolfSSL	7:481bce714567	383	return 0;
wolfSSL	7:481bce714567	384	}
wolfSSL	7:481bce714567	385
wolfSSL	7:481bce714567	386
wolfSSL	7:481bce714567	387	int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL	7:481bce714567	388	{
wolfSSL	7:481bce714567	389	int ret;
wolfSSL	7:481bce714567	390	const byte* side;
wolfSSL	7:481bce714567	391	byte handshake_hash[HSHASH_SZ];
wolfSSL	7:481bce714567	392	word32 hashSz = HSHASH_SZ;
wolfSSL	7:481bce714567	393
wolfSSL	7:481bce714567	394	ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
wolfSSL	7:481bce714567	395	if (ret < 0)
wolfSSL	7:481bce714567	396	return ret;
wolfSSL	7:481bce714567	397
wolfSSL	7:481bce714567	398	if ( XSTRNCMP((const char)sender, (const char)client, SIZEOF_SENDER) == 0)
wolfSSL	7:481bce714567	399	side = tls_client;
wolfSSL	7:481bce714567	400	else
wolfSSL	7:481bce714567	401	side = tls_server;
wolfSSL	7:481bce714567	402
wolfSSL	7:481bce714567	403	return PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret,
wolfSSL	7:481bce714567	404	SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz,
wolfSSL	7:481bce714567	405	IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL	7:481bce714567	406	}
wolfSSL	7:481bce714567	407
wolfSSL	7:481bce714567	408
wolfSSL	7:481bce714567	409	#ifndef NO_OLD_TLS
wolfSSL	7:481bce714567	410
wolfSSL	7:481bce714567	411	ProtocolVersion MakeTLSv1(void)
wolfSSL	7:481bce714567	412	{
wolfSSL	7:481bce714567	413	ProtocolVersion pv;
wolfSSL	7:481bce714567	414	pv.major = SSLv3_MAJOR;
wolfSSL	7:481bce714567	415	pv.minor = TLSv1_MINOR;
wolfSSL	7:481bce714567	416
wolfSSL	7:481bce714567	417	return pv;
wolfSSL	7:481bce714567	418	}
wolfSSL	7:481bce714567	419
wolfSSL	7:481bce714567	420
wolfSSL	7:481bce714567	421	ProtocolVersion MakeTLSv1_1(void)
wolfSSL	7:481bce714567	422	{
wolfSSL	7:481bce714567	423	ProtocolVersion pv;
wolfSSL	7:481bce714567	424	pv.major = SSLv3_MAJOR;
wolfSSL	7:481bce714567	425	pv.minor = TLSv1_1_MINOR;
wolfSSL	7:481bce714567	426
wolfSSL	7:481bce714567	427	return pv;
wolfSSL	7:481bce714567	428	}
wolfSSL	7:481bce714567	429
wolfSSL	7:481bce714567	430	#endif
wolfSSL	7:481bce714567	431
wolfSSL	7:481bce714567	432
wolfSSL	7:481bce714567	433	ProtocolVersion MakeTLSv1_2(void)
wolfSSL	7:481bce714567	434	{
wolfSSL	7:481bce714567	435	ProtocolVersion pv;
wolfSSL	7:481bce714567	436	pv.major = SSLv3_MAJOR;
wolfSSL	7:481bce714567	437	pv.minor = TLSv1_2_MINOR;
wolfSSL	7:481bce714567	438
wolfSSL	7:481bce714567	439	return pv;
wolfSSL	7:481bce714567	440	}
wolfSSL	7:481bce714567	441
wolfSSL	7:481bce714567	442
wolfSSL	7:481bce714567	443	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	7:481bce714567	444	static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] =
wolfSSL	7:481bce714567	445	"extended master secret";
wolfSSL	7:481bce714567	446	#endif
wolfSSL	7:481bce714567	447	static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
wolfSSL	7:481bce714567	448	static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
wolfSSL	7:481bce714567	449
wolfSSL	7:481bce714567	450
wolfSSL	7:481bce714567	451	/* External facing wrapper so user can call as well, 0 on success */
wolfSSL	7:481bce714567	452	int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen,
wolfSSL	7:481bce714567	453	const byte* ms, word32 msLen,
wolfSSL	7:481bce714567	454	const byte* sr, const byte* cr,
wolfSSL	7:481bce714567	455	int tls1_2, int hash_type)
wolfSSL	7:481bce714567	456	{
wolfSSL	7:481bce714567	457	byte seed[SEED_LEN];
wolfSSL	7:481bce714567	458
wolfSSL	7:481bce714567	459	XMEMCPY(seed, sr, RAN_LEN);
wolfSSL	7:481bce714567	460	XMEMCPY(seed + RAN_LEN, cr, RAN_LEN);
wolfSSL	7:481bce714567	461
wolfSSL	7:481bce714567	462	return PRF(key_data, keyLen, ms, msLen, key_label, KEY_LABEL_SZ,
wolfSSL	7:481bce714567	463	seed, SEED_LEN, tls1_2, hash_type);
wolfSSL	7:481bce714567	464	}
wolfSSL	7:481bce714567	465
wolfSSL	7:481bce714567	466
wolfSSL	7:481bce714567	467	int DeriveTlsKeys(WOLFSSL* ssl)
wolfSSL	7:481bce714567	468	{
wolfSSL	7:481bce714567	469	int ret;
wolfSSL	7:481bce714567	470	int length = 2 * ssl->specs.hash_size +
wolfSSL	7:481bce714567	471	2 * ssl->specs.key_size +
wolfSSL	7:481bce714567	472	2 * ssl->specs.iv_size;
wolfSSL	7:481bce714567	473	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	474	byte* key_data;
wolfSSL	7:481bce714567	475	#else
wolfSSL	7:481bce714567	476	byte key_data[MAX_PRF_DIG];
wolfSSL	7:481bce714567	477	#endif
wolfSSL	7:481bce714567	478
wolfSSL	7:481bce714567	479	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	480	key_data = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	481	if (key_data == NULL) {
wolfSSL	7:481bce714567	482	return MEMORY_E;
wolfSSL	7:481bce714567	483	}
wolfSSL	7:481bce714567	484	#endif
wolfSSL	7:481bce714567	485
wolfSSL	7:481bce714567	486	ret = wolfSSL_DeriveTlsKeys(key_data, length,
wolfSSL	7:481bce714567	487	ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL	7:481bce714567	488	ssl->arrays->serverRandom, ssl->arrays->clientRandom,
wolfSSL	7:481bce714567	489	IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL	7:481bce714567	490	if (ret == 0)
wolfSSL	7:481bce714567	491	ret = StoreKeys(ssl, key_data);
wolfSSL	7:481bce714567	492
wolfSSL	7:481bce714567	493	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	494	XFREE(key_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	495	#endif
wolfSSL	7:481bce714567	496
wolfSSL	7:481bce714567	497	return ret;
wolfSSL	7:481bce714567	498	}
wolfSSL	7:481bce714567	499
wolfSSL	7:481bce714567	500
wolfSSL	7:481bce714567	501	/* External facing wrapper so user can call as well, 0 on success */
wolfSSL	7:481bce714567	502	int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
wolfSSL	7:481bce714567	503	const byte* pms, word32 pmsLen,
wolfSSL	7:481bce714567	504	const byte* cr, const byte* sr,
wolfSSL	7:481bce714567	505	int tls1_2, int hash_type)
wolfSSL	7:481bce714567	506	{
wolfSSL	7:481bce714567	507	byte seed[SEED_LEN];
wolfSSL	7:481bce714567	508
wolfSSL	7:481bce714567	509	XMEMCPY(seed, cr, RAN_LEN);
wolfSSL	7:481bce714567	510	XMEMCPY(seed + RAN_LEN, sr, RAN_LEN);
wolfSSL	7:481bce714567	511
wolfSSL	7:481bce714567	512	return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ,
wolfSSL	7:481bce714567	513	seed, SEED_LEN, tls1_2, hash_type);
wolfSSL	7:481bce714567	514	}
wolfSSL	7:481bce714567	515
wolfSSL	7:481bce714567	516
wolfSSL	7:481bce714567	517	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	7:481bce714567	518
wolfSSL	7:481bce714567	519	/* External facing wrapper so user can call as well, 0 on success */
wolfSSL	7:481bce714567	520	int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen,
wolfSSL	7:481bce714567	521	const byte* pms, word32 pmsLen,
wolfSSL	7:481bce714567	522	const byte* sHash, word32 sHashLen,
wolfSSL	7:481bce714567	523	int tls1_2, int hash_type)
wolfSSL	7:481bce714567	524	{
wolfSSL	7:481bce714567	525	return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ,
wolfSSL	7:481bce714567	526	sHash, sHashLen, tls1_2, hash_type);
wolfSSL	7:481bce714567	527	}
wolfSSL	7:481bce714567	528
wolfSSL	7:481bce714567	529	#endif /* HAVE_EXTENDED_MASTER */
wolfSSL	7:481bce714567	530
wolfSSL	7:481bce714567	531
wolfSSL	7:481bce714567	532	int MakeTlsMasterSecret(WOLFSSL* ssl)
wolfSSL	7:481bce714567	533	{
wolfSSL	7:481bce714567	534	int ret;
wolfSSL	7:481bce714567	535	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	7:481bce714567	536	byte handshake_hash[HSHASH_SZ];
wolfSSL	7:481bce714567	537	word32 hashSz = HSHASH_SZ;
wolfSSL	7:481bce714567	538
wolfSSL	7:481bce714567	539	if (ssl->options.haveEMS) {
wolfSSL	7:481bce714567	540
wolfSSL	7:481bce714567	541	ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
wolfSSL	7:481bce714567	542	if (ret < 0)
wolfSSL	7:481bce714567	543	return ret;
wolfSSL	7:481bce714567	544
wolfSSL	7:481bce714567	545	ret = wolfSSL_MakeTlsExtendedMasterSecret(
wolfSSL	7:481bce714567	546	ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL	7:481bce714567	547	ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
wolfSSL	7:481bce714567	548	handshake_hash, hashSz,
wolfSSL	7:481bce714567	549	IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL	7:481bce714567	550	} else
wolfSSL	7:481bce714567	551	#endif
wolfSSL	7:481bce714567	552	ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL	7:481bce714567	553	ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
wolfSSL	7:481bce714567	554	ssl->arrays->clientRandom, ssl->arrays->serverRandom,
wolfSSL	7:481bce714567	555	IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL	7:481bce714567	556
wolfSSL	7:481bce714567	557	if (ret == 0) {
wolfSSL	7:481bce714567	558	#ifdef SHOW_SECRETS
wolfSSL	7:481bce714567	559	int i;
wolfSSL	7:481bce714567	560
wolfSSL	7:481bce714567	561	printf("master secret: ");
wolfSSL	7:481bce714567	562	for (i = 0; i < SECRET_LEN; i++)
wolfSSL	7:481bce714567	563	printf("%02x", ssl->arrays->masterSecret[i]);
wolfSSL	7:481bce714567	564	printf("\n");
wolfSSL	7:481bce714567	565	#endif
wolfSSL	7:481bce714567	566
wolfSSL	7:481bce714567	567	ret = DeriveTlsKeys(ssl);
wolfSSL	7:481bce714567	568	}
wolfSSL	7:481bce714567	569
wolfSSL	7:481bce714567	570	return ret;
wolfSSL	7:481bce714567	571	}
wolfSSL	7:481bce714567	572
wolfSSL	7:481bce714567	573
wolfSSL	7:481bce714567	574	/* Used by EAP-TLS and EAP-TTLS to derive keying material from
wolfSSL	7:481bce714567	575	* the master_secret. */
wolfSSL	7:481bce714567	576	int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
wolfSSL	7:481bce714567	577	const char* label)
wolfSSL	7:481bce714567	578	{
wolfSSL	7:481bce714567	579	int ret;
wolfSSL	7:481bce714567	580	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	581	byte* seed;
wolfSSL	7:481bce714567	582	#else
wolfSSL	7:481bce714567	583	byte seed[SEED_LEN];
wolfSSL	7:481bce714567	584	#endif
wolfSSL	7:481bce714567	585
wolfSSL	7:481bce714567	586	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	587	seed = (byte*)XMALLOC(SEED_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	588	if (seed == NULL)
wolfSSL	7:481bce714567	589	return MEMORY_E;
wolfSSL	7:481bce714567	590	#endif
wolfSSL	7:481bce714567	591
wolfSSL	7:481bce714567	592	/*
wolfSSL	7:481bce714567	593	* As per RFC-5281, the order of the client and server randoms is reversed
wolfSSL	7:481bce714567	594	* from that used by the TLS protocol to derive keys.
wolfSSL	7:481bce714567	595	*/
wolfSSL	7:481bce714567	596	XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	7:481bce714567	597	XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	7:481bce714567	598
wolfSSL	7:481bce714567	599	ret = PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL	7:481bce714567	600	(const byte *)label, (word32)XSTRLEN(label), seed, SEED_LEN,
wolfSSL	7:481bce714567	601	IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL	7:481bce714567	602
wolfSSL	7:481bce714567	603	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	604	XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	605	#endif
wolfSSL	7:481bce714567	606
wolfSSL	7:481bce714567	607	return ret;
wolfSSL	7:481bce714567	608	}
wolfSSL	7:481bce714567	609
wolfSSL	7:481bce714567	610
wolfSSL	7:481bce714567	611	/* next for static INLINE s copied internal.c */
wolfSSL	7:481bce714567	612
wolfSSL	7:481bce714567	613	/* convert 16 bit integer to opaque */
wolfSSL	7:481bce714567	614	static INLINE void c16toa(word16 u16, byte* c)
wolfSSL	7:481bce714567	615	{
wolfSSL	7:481bce714567	616	c[0] = (u16 >> 8) & 0xff;
wolfSSL	7:481bce714567	617	c[1] = u16 & 0xff;
wolfSSL	7:481bce714567	618	}
wolfSSL	7:481bce714567	619
wolfSSL	7:481bce714567	620	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	7:481bce714567	621	/* convert opaque to 16 bit integer */
wolfSSL	7:481bce714567	622	static INLINE void ato16(const byte* c, word16* u16)
wolfSSL	7:481bce714567	623	{
wolfSSL	7:481bce714567	624	*u16 = (c[0] << 8) \| (c[1]);
wolfSSL	7:481bce714567	625	}
wolfSSL	7:481bce714567	626
wolfSSL	7:481bce714567	627	#if defined(HAVE_SNI) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	7:481bce714567	628	/* convert a 24 bit integer into a 32 bit one */
wolfSSL	7:481bce714567	629	static INLINE void c24to32(const word24 u24, word32* u32)
wolfSSL	7:481bce714567	630	{
wolfSSL	7:481bce714567	631	*u32 = (u24[0] << 16) \| (u24[1] << 8) \| u24[2];
wolfSSL	7:481bce714567	632	}
wolfSSL	7:481bce714567	633	#endif
wolfSSL	7:481bce714567	634	#endif
wolfSSL	7:481bce714567	635
wolfSSL	7:481bce714567	636	/* convert 32 bit integer to opaque */
wolfSSL	7:481bce714567	637	static INLINE void c32toa(word32 u32, byte* c)
wolfSSL	7:481bce714567	638	{
wolfSSL	7:481bce714567	639	c[0] = (u32 >> 24) & 0xff;
wolfSSL	7:481bce714567	640	c[1] = (u32 >> 16) & 0xff;
wolfSSL	7:481bce714567	641	c[2] = (u32 >> 8) & 0xff;
wolfSSL	7:481bce714567	642	c[3] = u32 & 0xff;
wolfSSL	7:481bce714567	643	}
wolfSSL	7:481bce714567	644
wolfSSL	7:481bce714567	645
wolfSSL	7:481bce714567	646	static INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2])
wolfSSL	7:481bce714567	647	{
wolfSSL	7:481bce714567	648	if (verify) {
wolfSSL	7:481bce714567	649	seq[0] = ssl->keys.peer_sequence_number_hi;
wolfSSL	7:481bce714567	650	seq[1] = ssl->keys.peer_sequence_number_lo++;
wolfSSL	7:481bce714567	651	if (seq[1] > ssl->keys.peer_sequence_number_lo) {
wolfSSL	7:481bce714567	652	/* handle rollover */
wolfSSL	7:481bce714567	653	ssl->keys.peer_sequence_number_hi++;
wolfSSL	7:481bce714567	654	}
wolfSSL	7:481bce714567	655	}
wolfSSL	7:481bce714567	656	else {
wolfSSL	7:481bce714567	657	seq[0] = ssl->keys.sequence_number_hi;
wolfSSL	7:481bce714567	658	seq[1] = ssl->keys.sequence_number_lo++;
wolfSSL	7:481bce714567	659	if (seq[1] > ssl->keys.sequence_number_lo) {
wolfSSL	7:481bce714567	660	/* handle rollover */
wolfSSL	7:481bce714567	661	ssl->keys.sequence_number_hi++;
wolfSSL	7:481bce714567	662	}
wolfSSL	7:481bce714567	663	}
wolfSSL	7:481bce714567	664	}
wolfSSL	7:481bce714567	665
wolfSSL	7:481bce714567	666
wolfSSL	7:481bce714567	667	#ifdef WOLFSSL_DTLS
wolfSSL	7:481bce714567	668	static INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2])
wolfSSL	7:481bce714567	669	{
wolfSSL	7:481bce714567	670	if (order == PREV_ORDER) {
wolfSSL	7:481bce714567	671	/* Previous epoch case */
wolfSSL	7:481bce714567	672	seq[0] = ((ssl->keys.dtls_epoch - 1) << 16) \|
wolfSSL	7:481bce714567	673	(ssl->keys.dtls_prev_sequence_number_hi & 0xFFFF);
wolfSSL	7:481bce714567	674	seq[1] = ssl->keys.dtls_prev_sequence_number_lo;
wolfSSL	7:481bce714567	675	}
wolfSSL	7:481bce714567	676	else if (order == PEER_ORDER) {
wolfSSL	7:481bce714567	677	seq[0] = (ssl->keys.curEpoch << 16) \|
wolfSSL	7:481bce714567	678	(ssl->keys.curSeq_hi & 0xFFFF);
wolfSSL	7:481bce714567	679	seq[1] = ssl->keys.curSeq_lo; /* explicit from peer */
wolfSSL	7:481bce714567	680	}
wolfSSL	7:481bce714567	681	else {
wolfSSL	7:481bce714567	682	seq[0] = (ssl->keys.dtls_epoch << 16) \|
wolfSSL	7:481bce714567	683	(ssl->keys.dtls_sequence_number_hi & 0xFFFF);
wolfSSL	7:481bce714567	684	seq[1] = ssl->keys.dtls_sequence_number_lo;
wolfSSL	7:481bce714567	685	}
wolfSSL	7:481bce714567	686	}
wolfSSL	7:481bce714567	687	#endif /* WOLFSSL_DTLS */
wolfSSL	7:481bce714567	688
wolfSSL	7:481bce714567	689
wolfSSL	7:481bce714567	690	static INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out)
wolfSSL	7:481bce714567	691	{
wolfSSL	7:481bce714567	692	word32 seq[2] = {0, 0};
wolfSSL	7:481bce714567	693
wolfSSL	7:481bce714567	694	if (!ssl->options.dtls) {
wolfSSL	7:481bce714567	695	GetSEQIncrement(ssl, verifyOrder, seq);
wolfSSL	7:481bce714567	696	}
wolfSSL	7:481bce714567	697	else {
wolfSSL	7:481bce714567	698	#ifdef WOLFSSL_DTLS
wolfSSL	7:481bce714567	699	DtlsGetSEQ(ssl, verifyOrder, seq);
wolfSSL	7:481bce714567	700	#endif
wolfSSL	7:481bce714567	701	}
wolfSSL	7:481bce714567	702
wolfSSL	7:481bce714567	703	c32toa(seq[0], out);
wolfSSL	7:481bce714567	704	c32toa(seq[1], out + OPAQUE32_LEN);
wolfSSL	7:481bce714567	705	}
wolfSSL	7:481bce714567	706
wolfSSL	7:481bce714567	707
wolfSSL	7:481bce714567	708	/* end copy */
wolfSSL	7:481bce714567	709
wolfSSL	7:481bce714567	710
wolfSSL	7:481bce714567	711	/* return HMAC digest type in wolfSSL format */
wolfSSL	7:481bce714567	712	int wolfSSL_GetHmacType(WOLFSSL* ssl)
wolfSSL	7:481bce714567	713	{
wolfSSL	7:481bce714567	714	if (ssl == NULL)
wolfSSL	7:481bce714567	715	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	716
wolfSSL	7:481bce714567	717	switch (ssl->specs.mac_algorithm) {
wolfSSL	7:481bce714567	718	#ifndef NO_MD5
wolfSSL	7:481bce714567	719	case md5_mac:
wolfSSL	7:481bce714567	720	{
wolfSSL	7:481bce714567	721	return MD5;
wolfSSL	7:481bce714567	722	}
wolfSSL	7:481bce714567	723	#endif
wolfSSL	7:481bce714567	724	#ifndef NO_SHA256
wolfSSL	7:481bce714567	725	case sha256_mac:
wolfSSL	7:481bce714567	726	{
wolfSSL	7:481bce714567	727	return SHA256;
wolfSSL	7:481bce714567	728	}
wolfSSL	7:481bce714567	729	#endif
wolfSSL	7:481bce714567	730	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	731	case sha384_mac:
wolfSSL	7:481bce714567	732	{
wolfSSL	7:481bce714567	733	return SHA384;
wolfSSL	7:481bce714567	734	}
wolfSSL	7:481bce714567	735
wolfSSL	7:481bce714567	736	#endif
wolfSSL	7:481bce714567	737	#ifndef NO_SHA
wolfSSL	7:481bce714567	738	case sha_mac:
wolfSSL	7:481bce714567	739	{
wolfSSL	7:481bce714567	740	return SHA;
wolfSSL	7:481bce714567	741	}
wolfSSL	7:481bce714567	742	#endif
wolfSSL	7:481bce714567	743	#ifdef HAVE_BLAKE2
wolfSSL	7:481bce714567	744	case blake2b_mac:
wolfSSL	7:481bce714567	745	{
wolfSSL	7:481bce714567	746	return BLAKE2B_ID;
wolfSSL	7:481bce714567	747	}
wolfSSL	7:481bce714567	748	#endif
wolfSSL	7:481bce714567	749	default:
wolfSSL	7:481bce714567	750	{
wolfSSL	7:481bce714567	751	return SSL_FATAL_ERROR;
wolfSSL	7:481bce714567	752	}
wolfSSL	7:481bce714567	753	}
wolfSSL	7:481bce714567	754	}
wolfSSL	7:481bce714567	755
wolfSSL	7:481bce714567	756
wolfSSL	7:481bce714567	757	int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
wolfSSL	7:481bce714567	758	int verify)
wolfSSL	7:481bce714567	759	{
wolfSSL	7:481bce714567	760	if (ssl == NULL \|\| inner == NULL)
wolfSSL	7:481bce714567	761	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	762
wolfSSL	7:481bce714567	763	XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ);
wolfSSL	7:481bce714567	764
wolfSSL	7:481bce714567	765	WriteSEQ(ssl, verify, inner);
wolfSSL	7:481bce714567	766	inner[SEQ_SZ] = (byte)content;
wolfSSL	7:481bce714567	767	inner[SEQ_SZ + ENUM_LEN] = ssl->version.major;
wolfSSL	7:481bce714567	768	inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
wolfSSL	7:481bce714567	769	c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
wolfSSL	7:481bce714567	770
wolfSSL	7:481bce714567	771	return 0;
wolfSSL	7:481bce714567	772	}
wolfSSL	7:481bce714567	773
wolfSSL	7:481bce714567	774
wolfSSL	7:481bce714567	775	/* TLS type HMAC */
wolfSSL	7:481bce714567	776	int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL	7:481bce714567	777	int content, int verify)
wolfSSL	7:481bce714567	778	{
wolfSSL	7:481bce714567	779	Hmac hmac;
wolfSSL	7:481bce714567	780	int ret;
wolfSSL	7:481bce714567	781	byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
wolfSSL	7:481bce714567	782
wolfSSL	7:481bce714567	783	if (ssl == NULL)
wolfSSL	7:481bce714567	784	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	785
wolfSSL	7:481bce714567	786	#ifdef HAVE_FUZZER
wolfSSL	7:481bce714567	787	if (ssl->fuzzerCb)
wolfSSL	7:481bce714567	788	ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
wolfSSL	7:481bce714567	789	#endif
wolfSSL	7:481bce714567	790
wolfSSL	7:481bce714567	791	wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
wolfSSL	7:481bce714567	792
wolfSSL	7:481bce714567	793	ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
wolfSSL	7:481bce714567	794	wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
wolfSSL	7:481bce714567	795	if (ret != 0)
wolfSSL	7:481bce714567	796	return ret;
wolfSSL	7:481bce714567	797	ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
wolfSSL	7:481bce714567	798	if (ret != 0)
wolfSSL	7:481bce714567	799	return ret;
wolfSSL	7:481bce714567	800	ret = wc_HmacUpdate(&hmac, in, sz); /* content */
wolfSSL	7:481bce714567	801	if (ret != 0)
wolfSSL	7:481bce714567	802	return ret;
wolfSSL	7:481bce714567	803	ret = wc_HmacFinal(&hmac, digest);
wolfSSL	7:481bce714567	804	if (ret != 0)
wolfSSL	7:481bce714567	805	return ret;
wolfSSL	7:481bce714567	806
wolfSSL	7:481bce714567	807	return 0;
wolfSSL	7:481bce714567	808	}
wolfSSL	7:481bce714567	809
wolfSSL	7:481bce714567	810	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	7:481bce714567	811
wolfSSL	7:481bce714567	812	/**
wolfSSL	7:481bce714567	813	* The TLSX semaphore is used to calculate the size of the extensions to be sent
wolfSSL	7:481bce714567	814	* from one peer to another.
wolfSSL	7:481bce714567	815	*/
wolfSSL	7:481bce714567	816
wolfSSL	7:481bce714567	817	/** Supports up to 64 flags. Increase as needed. */
wolfSSL	7:481bce714567	818	#define SEMAPHORE_SIZE 8
wolfSSL	7:481bce714567	819
wolfSSL	7:481bce714567	820	/**
wolfSSL	7:481bce714567	821	* Converts the extension type (id) to an index in the semaphore.
wolfSSL	7:481bce714567	822	*
wolfSSL	7:481bce714567	823	* Oficial reference for TLS extension types:
wolfSSL	7:481bce714567	824	* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
wolfSSL	7:481bce714567	825	*
wolfSSL	7:481bce714567	826	* Motivation:
wolfSSL	7:481bce714567	827	* Previously, we used the extension type itself as the index of that
wolfSSL	7:481bce714567	828	* extension in the semaphore as the extension types were declared
wolfSSL	7:481bce714567	829	* sequentially, but maintain a semaphore as big as the number of available
wolfSSL	7:481bce714567	830	* extensions is no longer an option since the release of renegotiation_info.
wolfSSL	7:481bce714567	831	*
wolfSSL	7:481bce714567	832	* How to update:
wolfSSL	7:481bce714567	833	* Assign extension types that extrapolate the number of available semaphores
wolfSSL	7:481bce714567	834	* to the first available index going backwards in the semaphore array.
wolfSSL	7:481bce714567	835	* When adding a new extension type that don't extrapolate the number of
wolfSSL	7:481bce714567	836	* available semaphores, check for a possible collision with with a
wolfSSL	7:481bce714567	837	* 'remapped' extension type.
wolfSSL	7:481bce714567	838	*/
wolfSSL	7:481bce714567	839	static INLINE word16 TLSX_ToSemaphore(word16 type)
wolfSSL	7:481bce714567	840	{
wolfSSL	7:481bce714567	841	switch (type) {
wolfSSL	7:481bce714567	842
wolfSSL	7:481bce714567	843	case TLSX_RENEGOTIATION_INFO: /* 0xFF01 */
wolfSSL	7:481bce714567	844	return 63;
wolfSSL	7:481bce714567	845
wolfSSL	7:481bce714567	846	default:
wolfSSL	7:481bce714567	847	if (type > 62) {
wolfSSL	7:481bce714567	848	/* This message SHOULD only happens during the adding of
wolfSSL	7:481bce714567	849	new TLS extensions in which its IANA number overflows
wolfSSL	7:481bce714567	850	the current semaphore's range, or if its number already
wolfSSL	7:481bce714567	851	is assigned to be used by another extension.
wolfSSL	7:481bce714567	852	Use this check value for the new extension and decrement
wolfSSL	7:481bce714567	853	the check value by one. */
wolfSSL	7:481bce714567	854	WOLFSSL_MSG("### TLSX semaphore colision or overflow detected!");
wolfSSL	7:481bce714567	855	}
wolfSSL	7:481bce714567	856	}
wolfSSL	7:481bce714567	857
wolfSSL	7:481bce714567	858	return type;
wolfSSL	7:481bce714567	859	}
wolfSSL	7:481bce714567	860
wolfSSL	7:481bce714567	861	/** Checks if a specific light (tls extension) is not set in the semaphore. */
wolfSSL	7:481bce714567	862	#define IS_OFF(semaphore, light) \
wolfSSL	7:481bce714567	863	((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
wolfSSL	7:481bce714567	864
wolfSSL	7:481bce714567	865	/** Turn on a specific light (tls extension) in the semaphore. */
wolfSSL	7:481bce714567	866	#define TURN_ON(semaphore, light) \
wolfSSL	7:481bce714567	867	((semaphore)[(light) / 8] \|= (byte) (0x01 << ((light) % 8)))
wolfSSL	7:481bce714567	868
wolfSSL	7:481bce714567	869	/** Creates a new extension. */
wolfSSL	7:481bce714567	870	static TLSX* TLSX_New(TLSX_Type type, void* data, void* heap)
wolfSSL	7:481bce714567	871	{
wolfSSL	7:481bce714567	872	TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	873
wolfSSL	7:481bce714567	874	if (extension) {
wolfSSL	7:481bce714567	875	extension->type = type;
wolfSSL	7:481bce714567	876	extension->data = data;
wolfSSL	7:481bce714567	877	extension->resp = 0;
wolfSSL	7:481bce714567	878	extension->next = NULL;
wolfSSL	7:481bce714567	879	}
wolfSSL	7:481bce714567	880
wolfSSL	7:481bce714567	881	return extension;
wolfSSL	7:481bce714567	882	}
wolfSSL	7:481bce714567	883
wolfSSL	7:481bce714567	884	/**
wolfSSL	7:481bce714567	885	* Creates a new extension and pushes it to the provided list.
wolfSSL	7:481bce714567	886	* Checks for duplicate extensions, keeps the newest.
wolfSSL	7:481bce714567	887	*/
wolfSSL	7:481bce714567	888	static int TLSX_Push(TLSX** list, TLSX_Type type, void* data, void* heap)
wolfSSL	7:481bce714567	889	{
wolfSSL	7:481bce714567	890	TLSX* extension = TLSX_New(type, data, heap);
wolfSSL	7:481bce714567	891
wolfSSL	7:481bce714567	892	if (extension == NULL)
wolfSSL	7:481bce714567	893	return MEMORY_E;
wolfSSL	7:481bce714567	894
wolfSSL	7:481bce714567	895	/* pushes the new extension on the list. */
wolfSSL	7:481bce714567	896	extension->next = *list;
wolfSSL	7:481bce714567	897	*list = extension;
wolfSSL	7:481bce714567	898
wolfSSL	7:481bce714567	899	/* remove duplicate extensions, there should be only one of each type. */
wolfSSL	7:481bce714567	900	do {
wolfSSL	7:481bce714567	901	if (extension->next && extension->next->type == type) {
wolfSSL	7:481bce714567	902	TLSX *next = extension->next;
wolfSSL	7:481bce714567	903
wolfSSL	7:481bce714567	904	extension->next = next->next;
wolfSSL	7:481bce714567	905	next->next = NULL;
wolfSSL	7:481bce714567	906
wolfSSL	7:481bce714567	907	TLSX_FreeAll(next, heap);
wolfSSL	7:481bce714567	908
wolfSSL	7:481bce714567	909	/* there is no way to occur more than */
wolfSSL	7:481bce714567	910	/* two extensions of the same type. */
wolfSSL	7:481bce714567	911	break;
wolfSSL	7:481bce714567	912	}
wolfSSL	7:481bce714567	913	} while ((extension = extension->next));
wolfSSL	7:481bce714567	914
wolfSSL	7:481bce714567	915	return 0;
wolfSSL	7:481bce714567	916	}
wolfSSL	7:481bce714567	917
wolfSSL	7:481bce714567	918	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	919
wolfSSL	7:481bce714567	920	/** Mark an extension to be sent back to the client. */
wolfSSL	7:481bce714567	921	void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type);
wolfSSL	7:481bce714567	922
wolfSSL	7:481bce714567	923	void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
wolfSSL	7:481bce714567	924	{
wolfSSL	7:481bce714567	925	TLSX *ext = TLSX_Find(ssl->extensions, type);
wolfSSL	7:481bce714567	926
wolfSSL	7:481bce714567	927	if (ext)
wolfSSL	7:481bce714567	928	ext->resp = 1;
wolfSSL	7:481bce714567	929	}
wolfSSL	7:481bce714567	930
wolfSSL	7:481bce714567	931	#endif
wolfSSL	7:481bce714567	932
wolfSSL	7:481bce714567	933	/******************************************************************************/
wolfSSL	7:481bce714567	934	/* Application-Layer Protocol Negotiation */
wolfSSL	7:481bce714567	935	/******************************************************************************/
wolfSSL	7:481bce714567	936
wolfSSL	7:481bce714567	937	#ifdef HAVE_ALPN
wolfSSL	7:481bce714567	938	/** Creates a new ALPN object, providing protocol name to use. */
wolfSSL	7:481bce714567	939	static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz,
wolfSSL	7:481bce714567	940	void* heap)
wolfSSL	7:481bce714567	941	{
wolfSSL	7:481bce714567	942	ALPN *alpn;
wolfSSL	7:481bce714567	943
wolfSSL	7:481bce714567	944	WOLFSSL_ENTER("TLSX_ALPN_New");
wolfSSL	7:481bce714567	945
wolfSSL	7:481bce714567	946	if (protocol_name == NULL \|\|
wolfSSL	7:481bce714567	947	protocol_nameSz > WOLFSSL_MAX_ALPN_PROTO_NAME_LEN) {
wolfSSL	7:481bce714567	948	WOLFSSL_MSG("Invalid arguments");
wolfSSL	7:481bce714567	949	return NULL;
wolfSSL	7:481bce714567	950	}
wolfSSL	7:481bce714567	951
wolfSSL	7:481bce714567	952	alpn = (ALPN*)XMALLOC(sizeof(ALPN), heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	953	if (alpn == NULL) {
wolfSSL	7:481bce714567	954	WOLFSSL_MSG("Memory failure");
wolfSSL	7:481bce714567	955	return NULL;
wolfSSL	7:481bce714567	956	}
wolfSSL	7:481bce714567	957
wolfSSL	7:481bce714567	958	alpn->next = NULL;
wolfSSL	7:481bce714567	959	alpn->negotiated = 0;
wolfSSL	7:481bce714567	960	alpn->options = 0;
wolfSSL	7:481bce714567	961
wolfSSL	7:481bce714567	962	alpn->protocol_name = (char*)XMALLOC(protocol_nameSz + 1,
wolfSSL	7:481bce714567	963	heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	964	if (alpn->protocol_name == NULL) {
wolfSSL	7:481bce714567	965	WOLFSSL_MSG("Memory failure");
wolfSSL	7:481bce714567	966	XFREE(alpn, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	967	return NULL;
wolfSSL	7:481bce714567	968	}
wolfSSL	7:481bce714567	969
wolfSSL	7:481bce714567	970	XMEMCPY(alpn->protocol_name, protocol_name, protocol_nameSz);
wolfSSL	7:481bce714567	971	alpn->protocol_name[protocol_nameSz] = 0;
wolfSSL	7:481bce714567	972
wolfSSL	7:481bce714567	973	return alpn;
wolfSSL	7:481bce714567	974	}
wolfSSL	7:481bce714567	975
wolfSSL	7:481bce714567	976	/** Releases an ALPN object. */
wolfSSL	7:481bce714567	977	static void TLSX_ALPN_Free(ALPN alpn, void heap)
wolfSSL	7:481bce714567	978	{
wolfSSL	7:481bce714567	979	(void)heap;
wolfSSL	7:481bce714567	980
wolfSSL	7:481bce714567	981	if (alpn == NULL)
wolfSSL	7:481bce714567	982	return;
wolfSSL	7:481bce714567	983
wolfSSL	7:481bce714567	984	XFREE(alpn->protocol_name, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	985	XFREE(alpn, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	986	}
wolfSSL	7:481bce714567	987
wolfSSL	7:481bce714567	988	/** Releases all ALPN objects in the provided list. */
wolfSSL	7:481bce714567	989	static void TLSX_ALPN_FreeAll(ALPN list, void heap)
wolfSSL	7:481bce714567	990	{
wolfSSL	7:481bce714567	991	ALPN* alpn;
wolfSSL	7:481bce714567	992
wolfSSL	7:481bce714567	993	while ((alpn = list)) {
wolfSSL	7:481bce714567	994	list = alpn->next;
wolfSSL	7:481bce714567	995	TLSX_ALPN_Free(alpn, heap);
wolfSSL	7:481bce714567	996	}
wolfSSL	7:481bce714567	997	}
wolfSSL	7:481bce714567	998
wolfSSL	7:481bce714567	999	/** Tells the buffered size of the ALPN objects in a list. */
wolfSSL	7:481bce714567	1000	static word16 TLSX_ALPN_GetSize(ALPN *list)
wolfSSL	7:481bce714567	1001	{
wolfSSL	7:481bce714567	1002	ALPN* alpn;
wolfSSL	7:481bce714567	1003	word16 length = OPAQUE16_LEN; /* list length */
wolfSSL	7:481bce714567	1004
wolfSSL	7:481bce714567	1005	while ((alpn = list)) {
wolfSSL	7:481bce714567	1006	list = alpn->next;
wolfSSL	7:481bce714567	1007
wolfSSL	7:481bce714567	1008	length++; /* protocol name length is on one byte */
wolfSSL	7:481bce714567	1009	length += (word16)XSTRLEN(alpn->protocol_name);
wolfSSL	7:481bce714567	1010	}
wolfSSL	7:481bce714567	1011
wolfSSL	7:481bce714567	1012	return length;
wolfSSL	7:481bce714567	1013	}
wolfSSL	7:481bce714567	1014
wolfSSL	7:481bce714567	1015	/** Writes the ALPN objects of a list in a buffer. */
wolfSSL	7:481bce714567	1016	static word16 TLSX_ALPN_Write(ALPN list, byte output)
wolfSSL	7:481bce714567	1017	{
wolfSSL	7:481bce714567	1018	ALPN* alpn;
wolfSSL	7:481bce714567	1019	word16 length = 0;
wolfSSL	7:481bce714567	1020	word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL	7:481bce714567	1021
wolfSSL	7:481bce714567	1022	while ((alpn = list)) {
wolfSSL	7:481bce714567	1023	list = alpn->next;
wolfSSL	7:481bce714567	1024
wolfSSL	7:481bce714567	1025	length = (word16)XSTRLEN(alpn->protocol_name);
wolfSSL	7:481bce714567	1026
wolfSSL	7:481bce714567	1027	/* protocol name length */
wolfSSL	7:481bce714567	1028	output[offset++] = (byte)length;
wolfSSL	7:481bce714567	1029
wolfSSL	7:481bce714567	1030	/* protocol name value */
wolfSSL	7:481bce714567	1031	XMEMCPY(output + offset, alpn->protocol_name, length);
wolfSSL	7:481bce714567	1032
wolfSSL	7:481bce714567	1033	offset += length;
wolfSSL	7:481bce714567	1034	}
wolfSSL	7:481bce714567	1035
wolfSSL	7:481bce714567	1036	/* writing list length */
wolfSSL	7:481bce714567	1037	c16toa(offset - OPAQUE16_LEN, output);
wolfSSL	7:481bce714567	1038
wolfSSL	7:481bce714567	1039	return offset;
wolfSSL	7:481bce714567	1040	}
wolfSSL	7:481bce714567	1041
wolfSSL	7:481bce714567	1042	/** Finds a protocol name in the provided ALPN list */
wolfSSL	7:481bce714567	1043	static ALPN* TLSX_ALPN_Find(ALPN list, char protocol_name, word16 size)
wolfSSL	7:481bce714567	1044	{
wolfSSL	7:481bce714567	1045	ALPN *alpn;
wolfSSL	7:481bce714567	1046
wolfSSL	7:481bce714567	1047	if (list == NULL \|\| protocol_name == NULL)
wolfSSL	7:481bce714567	1048	return NULL;
wolfSSL	7:481bce714567	1049
wolfSSL	7:481bce714567	1050	alpn = list;
wolfSSL	7:481bce714567	1051	while (alpn != NULL && (
wolfSSL	7:481bce714567	1052	(word16)XSTRLEN(alpn->protocol_name) != size \|\|
wolfSSL	7:481bce714567	1053	XSTRNCMP(alpn->protocol_name, protocol_name, size)))
wolfSSL	7:481bce714567	1054	alpn = alpn->next;
wolfSSL	7:481bce714567	1055
wolfSSL	7:481bce714567	1056	return alpn;
wolfSSL	7:481bce714567	1057	}
wolfSSL	7:481bce714567	1058
wolfSSL	7:481bce714567	1059	/** Set the ALPN matching client and server requirements */
wolfSSL	7:481bce714567	1060	static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size,
wolfSSL	7:481bce714567	1061	void* heap)
wolfSSL	7:481bce714567	1062	{
wolfSSL	7:481bce714567	1063	ALPN *alpn;
wolfSSL	7:481bce714567	1064	int ret;
wolfSSL	7:481bce714567	1065
wolfSSL	7:481bce714567	1066	if (extensions == NULL \|\| data == NULL)
wolfSSL	7:481bce714567	1067	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1068
wolfSSL	7:481bce714567	1069	alpn = TLSX_ALPN_New((char *)data, size, heap);
wolfSSL	7:481bce714567	1070	if (alpn == NULL) {
wolfSSL	7:481bce714567	1071	WOLFSSL_MSG("Memory failure");
wolfSSL	7:481bce714567	1072	return MEMORY_E;
wolfSSL	7:481bce714567	1073	}
wolfSSL	7:481bce714567	1074
wolfSSL	7:481bce714567	1075	alpn->negotiated = 1;
wolfSSL	7:481bce714567	1076
wolfSSL	7:481bce714567	1077	ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn,
wolfSSL	7:481bce714567	1078	heap);
wolfSSL	7:481bce714567	1079	if (ret != 0) {
wolfSSL	7:481bce714567	1080	TLSX_ALPN_Free(alpn, heap);
wolfSSL	7:481bce714567	1081	return ret;
wolfSSL	7:481bce714567	1082	}
wolfSSL	7:481bce714567	1083
wolfSSL	7:481bce714567	1084	return SSL_SUCCESS;
wolfSSL	7:481bce714567	1085	}
wolfSSL	7:481bce714567	1086
wolfSSL	7:481bce714567	1087	/** Parses a buffer of ALPN extensions and set the first one matching
wolfSSL	7:481bce714567	1088	* client and server requirements */
wolfSSL	7:481bce714567	1089	static int TLSX_ALPN_ParseAndSet(WOLFSSL ssl, byte input, word16 length,
wolfSSL	7:481bce714567	1090	byte isRequest)
wolfSSL	7:481bce714567	1091	{
wolfSSL	7:481bce714567	1092	word16 size = 0, offset = 0, idx = 0;
wolfSSL	7:481bce714567	1093	int r = BUFFER_ERROR;
wolfSSL	7:481bce714567	1094	byte match = 0;
wolfSSL	7:481bce714567	1095	TLSX *extension;
wolfSSL	7:481bce714567	1096	ALPN alpn = NULL, list;
wolfSSL	7:481bce714567	1097
wolfSSL	7:481bce714567	1098	extension = TLSX_Find(ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL	7:481bce714567	1099	if (extension == NULL)
wolfSSL	7:481bce714567	1100	extension = TLSX_Find(ssl->ctx->extensions,
wolfSSL	7:481bce714567	1101	TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL	7:481bce714567	1102
wolfSSL	7:481bce714567	1103	if (extension == NULL \|\| extension->data == NULL) {
wolfSSL	7:481bce714567	1104	WOLFSSL_MSG("No ALPN extensions not used or bad");
wolfSSL	7:481bce714567	1105	return isRequest ? 0 /* not using ALPN */
wolfSSL	7:481bce714567	1106	: BUFFER_ERROR; /* unexpected ALPN response */
wolfSSL	7:481bce714567	1107	}
wolfSSL	7:481bce714567	1108
wolfSSL	7:481bce714567	1109	if (OPAQUE16_LEN > length)
wolfSSL	7:481bce714567	1110	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1111
wolfSSL	7:481bce714567	1112	ato16(input, &size);
wolfSSL	7:481bce714567	1113	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	1114
wolfSSL	7:481bce714567	1115	/* validating alpn list length */
wolfSSL	7:481bce714567	1116	if (length != OPAQUE16_LEN + size)
wolfSSL	7:481bce714567	1117	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1118
wolfSSL	7:481bce714567	1119	list = (ALPN*)extension->data;
wolfSSL	7:481bce714567	1120
wolfSSL	7:481bce714567	1121	/* keep the list sent by client */
wolfSSL	7:481bce714567	1122	if (isRequest) {
wolfSSL	7:481bce714567	1123	if (ssl->alpn_client_list != NULL)
wolfSSL	7:481bce714567	1124	XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	1125
wolfSSL	7:481bce714567	1126	ssl->alpn_client_list = (char *)XMALLOC(size, ssl->heap,
wolfSSL	7:481bce714567	1127	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	1128	if (ssl->alpn_client_list == NULL)
wolfSSL	7:481bce714567	1129	return MEMORY_ERROR;
wolfSSL	7:481bce714567	1130	}
wolfSSL	7:481bce714567	1131
wolfSSL	7:481bce714567	1132	for (size = 0; offset < length; offset += size) {
wolfSSL	7:481bce714567	1133
wolfSSL	7:481bce714567	1134	size = input[offset++];
wolfSSL	7:481bce714567	1135	if (offset + size > length)
wolfSSL	7:481bce714567	1136	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1137
wolfSSL	7:481bce714567	1138	if (isRequest) {
wolfSSL	7:481bce714567	1139	XMEMCPY(ssl->alpn_client_list+idx, (char*)input + offset, size);
wolfSSL	7:481bce714567	1140	idx += size;
wolfSSL	7:481bce714567	1141	ssl->alpn_client_list[idx++] = ',';
wolfSSL	7:481bce714567	1142	}
wolfSSL	7:481bce714567	1143
wolfSSL	7:481bce714567	1144	if (!match) {
wolfSSL	7:481bce714567	1145	alpn = TLSX_ALPN_Find(list, (char*)input + offset, size);
wolfSSL	7:481bce714567	1146	if (alpn != NULL) {
wolfSSL	7:481bce714567	1147	WOLFSSL_MSG("ALPN protocol match");
wolfSSL	7:481bce714567	1148	match = 1;
wolfSSL	7:481bce714567	1149
wolfSSL	7:481bce714567	1150	/* skip reading other values if not required */
wolfSSL	7:481bce714567	1151	if (!isRequest)
wolfSSL	7:481bce714567	1152	break;
wolfSSL	7:481bce714567	1153	}
wolfSSL	7:481bce714567	1154	}
wolfSSL	7:481bce714567	1155	}
wolfSSL	7:481bce714567	1156
wolfSSL	7:481bce714567	1157	if (isRequest)
wolfSSL	7:481bce714567	1158	ssl->alpn_client_list[idx-1] = 0;
wolfSSL	7:481bce714567	1159
wolfSSL	7:481bce714567	1160	if (!match) {
wolfSSL	7:481bce714567	1161	WOLFSSL_MSG("No ALPN protocol match");
wolfSSL	7:481bce714567	1162
wolfSSL	7:481bce714567	1163	/* do nothing if no protocol match between client and server and option
wolfSSL	7:481bce714567	1164	is set to continue (like OpenSSL) */
wolfSSL	7:481bce714567	1165	if (list->options & WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) {
wolfSSL	7:481bce714567	1166	WOLFSSL_MSG("Continue on mismatch");
wolfSSL	7:481bce714567	1167	return 0;
wolfSSL	7:481bce714567	1168	}
wolfSSL	7:481bce714567	1169
wolfSSL	7:481bce714567	1170	SendAlert(ssl, alert_fatal, no_application_protocol);
wolfSSL	7:481bce714567	1171	return UNKNOWN_ALPN_PROTOCOL_NAME_E;
wolfSSL	7:481bce714567	1172	}
wolfSSL	7:481bce714567	1173
wolfSSL	7:481bce714567	1174	/* set the matching negotiated protocol */
wolfSSL	7:481bce714567	1175	r = TLSX_SetALPN(&ssl->extensions,
wolfSSL	7:481bce714567	1176	alpn->protocol_name,
wolfSSL	7:481bce714567	1177	(word16)XSTRLEN(alpn->protocol_name),
wolfSSL	7:481bce714567	1178	ssl->heap);
wolfSSL	7:481bce714567	1179	if (r != SSL_SUCCESS) {
wolfSSL	7:481bce714567	1180	WOLFSSL_MSG("TLSX_UseALPN failed");
wolfSSL	7:481bce714567	1181	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1182	}
wolfSSL	7:481bce714567	1183
wolfSSL	7:481bce714567	1184	/* reply to ALPN extension sent from client */
wolfSSL	7:481bce714567	1185	if (isRequest) {
wolfSSL	7:481bce714567	1186	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1187	TLSX_SetResponse(ssl, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL	7:481bce714567	1188	#endif
wolfSSL	7:481bce714567	1189	}
wolfSSL	7:481bce714567	1190
wolfSSL	7:481bce714567	1191	return 0;
wolfSSL	7:481bce714567	1192	}
wolfSSL	7:481bce714567	1193
wolfSSL	7:481bce714567	1194	/** Add a protocol name to the list of accepted usable ones */
wolfSSL	7:481bce714567	1195	int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options,
wolfSSL	7:481bce714567	1196	void* heap)
wolfSSL	7:481bce714567	1197	{
wolfSSL	7:481bce714567	1198	ALPN *alpn;
wolfSSL	7:481bce714567	1199	TLSX *extension;
wolfSSL	7:481bce714567	1200	int ret;
wolfSSL	7:481bce714567	1201
wolfSSL	7:481bce714567	1202	if (extensions == NULL \|\| data == NULL)
wolfSSL	7:481bce714567	1203	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1204
wolfSSL	7:481bce714567	1205	alpn = TLSX_ALPN_New((char *)data, size, heap);
wolfSSL	7:481bce714567	1206	if (alpn == NULL) {
wolfSSL	7:481bce714567	1207	WOLFSSL_MSG("Memory failure");
wolfSSL	7:481bce714567	1208	return MEMORY_E;
wolfSSL	7:481bce714567	1209	}
wolfSSL	7:481bce714567	1210
wolfSSL	7:481bce714567	1211	/* Set Options of ALPN */
wolfSSL	7:481bce714567	1212	alpn->options = options;
wolfSSL	7:481bce714567	1213
wolfSSL	7:481bce714567	1214	extension = TLSX_Find(*extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL	7:481bce714567	1215	if (extension == NULL) {
wolfSSL	7:481bce714567	1216	ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL,
wolfSSL	7:481bce714567	1217	(void*)alpn, heap);
wolfSSL	7:481bce714567	1218	if (ret != 0) {
wolfSSL	7:481bce714567	1219	TLSX_ALPN_Free(alpn, heap);
wolfSSL	7:481bce714567	1220	return ret;
wolfSSL	7:481bce714567	1221	}
wolfSSL	7:481bce714567	1222	}
wolfSSL	7:481bce714567	1223	else {
wolfSSL	7:481bce714567	1224	/* push new ALPN object to extension data. */
wolfSSL	7:481bce714567	1225	alpn->next = (ALPN*)extension->data;
wolfSSL	7:481bce714567	1226	extension->data = (void*)alpn;
wolfSSL	7:481bce714567	1227	}
wolfSSL	7:481bce714567	1228
wolfSSL	7:481bce714567	1229	return SSL_SUCCESS;
wolfSSL	7:481bce714567	1230	}
wolfSSL	7:481bce714567	1231
wolfSSL	7:481bce714567	1232	/** Get the protocol name set by the server */
wolfSSL	7:481bce714567	1233	int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz)
wolfSSL	7:481bce714567	1234	{
wolfSSL	7:481bce714567	1235	TLSX *extension;
wolfSSL	7:481bce714567	1236	ALPN *alpn;
wolfSSL	7:481bce714567	1237
wolfSSL	7:481bce714567	1238	if (extensions == NULL \|\| data == NULL \|\| dataSz == NULL)
wolfSSL	7:481bce714567	1239	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1240
wolfSSL	7:481bce714567	1241	extension = TLSX_Find(extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL	7:481bce714567	1242	if (extension == NULL) {
wolfSSL	7:481bce714567	1243	WOLFSSL_MSG("TLS extension not found");
wolfSSL	7:481bce714567	1244	return SSL_ALPN_NOT_FOUND;
wolfSSL	7:481bce714567	1245	}
wolfSSL	7:481bce714567	1246
wolfSSL	7:481bce714567	1247	alpn = (ALPN *)extension->data;
wolfSSL	7:481bce714567	1248	if (alpn == NULL) {
wolfSSL	7:481bce714567	1249	WOLFSSL_MSG("ALPN extension not found");
wolfSSL	7:481bce714567	1250	*data = NULL;
wolfSSL	7:481bce714567	1251	*dataSz = 0;
wolfSSL	7:481bce714567	1252	return SSL_FATAL_ERROR;
wolfSSL	7:481bce714567	1253	}
wolfSSL	7:481bce714567	1254
wolfSSL	7:481bce714567	1255	if (alpn->negotiated != 1) {
wolfSSL	7:481bce714567	1256
wolfSSL	7:481bce714567	1257	/* consider as an error */
wolfSSL	7:481bce714567	1258	if (alpn->options & WOLFSSL_ALPN_FAILED_ON_MISMATCH) {
wolfSSL	7:481bce714567	1259	WOLFSSL_MSG("No protocol match with peer -> Failed");
wolfSSL	7:481bce714567	1260	return SSL_FATAL_ERROR;
wolfSSL	7:481bce714567	1261	}
wolfSSL	7:481bce714567	1262
wolfSSL	7:481bce714567	1263	/* continue without negotiated protocol */
wolfSSL	7:481bce714567	1264	WOLFSSL_MSG("No protocol match with peer -> Continue");
wolfSSL	7:481bce714567	1265	return SSL_ALPN_NOT_FOUND;
wolfSSL	7:481bce714567	1266	}
wolfSSL	7:481bce714567	1267
wolfSSL	7:481bce714567	1268	if (alpn->next != NULL) {
wolfSSL	7:481bce714567	1269	WOLFSSL_MSG("Only one protocol name must be accepted");
wolfSSL	7:481bce714567	1270	return SSL_FATAL_ERROR;
wolfSSL	7:481bce714567	1271	}
wolfSSL	7:481bce714567	1272
wolfSSL	7:481bce714567	1273	*data = alpn->protocol_name;
wolfSSL	7:481bce714567	1274	dataSz = (word16)XSTRLEN((char)*data);
wolfSSL	7:481bce714567	1275
wolfSSL	7:481bce714567	1276	return SSL_SUCCESS;
wolfSSL	7:481bce714567	1277	}
wolfSSL	7:481bce714567	1278
wolfSSL	7:481bce714567	1279	#define ALPN_FREE_ALL TLSX_ALPN_FreeAll
wolfSSL	7:481bce714567	1280	#define ALPN_GET_SIZE TLSX_ALPN_GetSize
wolfSSL	7:481bce714567	1281	#define ALPN_WRITE TLSX_ALPN_Write
wolfSSL	7:481bce714567	1282	#define ALPN_PARSE TLSX_ALPN_ParseAndSet
wolfSSL	7:481bce714567	1283
wolfSSL	7:481bce714567	1284	#else /* HAVE_ALPN */
wolfSSL	7:481bce714567	1285
wolfSSL	7:481bce714567	1286	#define ALPN_FREE_ALL(list, heap)
wolfSSL	7:481bce714567	1287	#define ALPN_GET_SIZE(list) 0
wolfSSL	7:481bce714567	1288	#define ALPN_WRITE(a, b) 0
wolfSSL	7:481bce714567	1289	#define ALPN_PARSE(a, b, c, d) 0
wolfSSL	7:481bce714567	1290
wolfSSL	7:481bce714567	1291	#endif /* HAVE_ALPN */
wolfSSL	7:481bce714567	1292
wolfSSL	7:481bce714567	1293	/******************************************************************************/
wolfSSL	7:481bce714567	1294	/* Server Name Indication */
wolfSSL	7:481bce714567	1295	/******************************************************************************/
wolfSSL	7:481bce714567	1296
wolfSSL	7:481bce714567	1297	#ifdef HAVE_SNI
wolfSSL	7:481bce714567	1298
wolfSSL	7:481bce714567	1299	/** Creates a new SNI object. */
wolfSSL	7:481bce714567	1300	static SNI* TLSX_SNI_New(byte type, const void* data, word16 size, void* heap)
wolfSSL	7:481bce714567	1301	{
wolfSSL	7:481bce714567	1302	SNI* sni = (SNI*)XMALLOC(sizeof(SNI), heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	1303
wolfSSL	7:481bce714567	1304	if (sni) {
wolfSSL	7:481bce714567	1305	sni->type = type;
wolfSSL	7:481bce714567	1306	sni->next = NULL;
wolfSSL	7:481bce714567	1307
wolfSSL	7:481bce714567	1308	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1309	sni->options = 0;
wolfSSL	7:481bce714567	1310	sni->status = WOLFSSL_SNI_NO_MATCH;
wolfSSL	7:481bce714567	1311	#endif
wolfSSL	7:481bce714567	1312
wolfSSL	7:481bce714567	1313	switch (sni->type) {
wolfSSL	7:481bce714567	1314	case WOLFSSL_SNI_HOST_NAME:
wolfSSL	7:481bce714567	1315	sni->data.host_name = (char*)XMALLOC(size + 1, heap,
wolfSSL	7:481bce714567	1316	DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	1317	if (sni->data.host_name) {
wolfSSL	7:481bce714567	1318	XSTRNCPY(sni->data.host_name, (const char*)data, size);
wolfSSL	7:481bce714567	1319	sni->data.host_name[size] = 0;
wolfSSL	7:481bce714567	1320	} else {
wolfSSL	7:481bce714567	1321	XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	1322	sni = NULL;
wolfSSL	7:481bce714567	1323	}
wolfSSL	7:481bce714567	1324	break;
wolfSSL	7:481bce714567	1325
wolfSSL	7:481bce714567	1326	default: /* invalid type */
wolfSSL	7:481bce714567	1327	XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	1328	sni = NULL;
wolfSSL	7:481bce714567	1329	}
wolfSSL	7:481bce714567	1330	}
wolfSSL	7:481bce714567	1331
wolfSSL	7:481bce714567	1332	return sni;
wolfSSL	7:481bce714567	1333	}
wolfSSL	7:481bce714567	1334
wolfSSL	7:481bce714567	1335	/** Releases a SNI object. */
wolfSSL	7:481bce714567	1336	static void TLSX_SNI_Free(SNI* sni, void* heap)
wolfSSL	7:481bce714567	1337	{
wolfSSL	7:481bce714567	1338	if (sni) {
wolfSSL	7:481bce714567	1339	switch (sni->type) {
wolfSSL	7:481bce714567	1340	case WOLFSSL_SNI_HOST_NAME:
wolfSSL	7:481bce714567	1341	XFREE(sni->data.host_name, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	1342	break;
wolfSSL	7:481bce714567	1343	}
wolfSSL	7:481bce714567	1344
wolfSSL	7:481bce714567	1345	XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	1346	}
wolfSSL	7:481bce714567	1347	(void)heap;
wolfSSL	7:481bce714567	1348	}
wolfSSL	7:481bce714567	1349
wolfSSL	7:481bce714567	1350	/** Releases all SNI objects in the provided list. */
wolfSSL	7:481bce714567	1351	static void TLSX_SNI_FreeAll(SNI* list, void* heap)
wolfSSL	7:481bce714567	1352	{
wolfSSL	7:481bce714567	1353	SNI* sni;
wolfSSL	7:481bce714567	1354
wolfSSL	7:481bce714567	1355	while ((sni = list)) {
wolfSSL	7:481bce714567	1356	list = sni->next;
wolfSSL	7:481bce714567	1357	TLSX_SNI_Free(sni, heap);
wolfSSL	7:481bce714567	1358	}
wolfSSL	7:481bce714567	1359	}
wolfSSL	7:481bce714567	1360
wolfSSL	7:481bce714567	1361	/** Tells the buffered size of the SNI objects in a list. */
wolfSSL	7:481bce714567	1362	static word16 TLSX_SNI_GetSize(SNI* list)
wolfSSL	7:481bce714567	1363	{
wolfSSL	7:481bce714567	1364	SNI* sni;
wolfSSL	7:481bce714567	1365	word16 length = OPAQUE16_LEN; /* list length */
wolfSSL	7:481bce714567	1366
wolfSSL	7:481bce714567	1367	while ((sni = list)) {
wolfSSL	7:481bce714567	1368	list = sni->next;
wolfSSL	7:481bce714567	1369
wolfSSL	7:481bce714567	1370	length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */
wolfSSL	7:481bce714567	1371
wolfSSL	7:481bce714567	1372	switch (sni->type) {
wolfSSL	7:481bce714567	1373	case WOLFSSL_SNI_HOST_NAME:
wolfSSL	7:481bce714567	1374	length += XSTRLEN((char*)sni->data.host_name);
wolfSSL	7:481bce714567	1375	break;
wolfSSL	7:481bce714567	1376	}
wolfSSL	7:481bce714567	1377	}
wolfSSL	7:481bce714567	1378
wolfSSL	7:481bce714567	1379	return length;
wolfSSL	7:481bce714567	1380	}
wolfSSL	7:481bce714567	1381
wolfSSL	7:481bce714567	1382	/** Writes the SNI objects of a list in a buffer. */
wolfSSL	7:481bce714567	1383	static word16 TLSX_SNI_Write(SNI* list, byte* output)
wolfSSL	7:481bce714567	1384	{
wolfSSL	7:481bce714567	1385	SNI* sni;
wolfSSL	7:481bce714567	1386	word16 length = 0;
wolfSSL	7:481bce714567	1387	word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL	7:481bce714567	1388
wolfSSL	7:481bce714567	1389	while ((sni = list)) {
wolfSSL	7:481bce714567	1390	list = sni->next;
wolfSSL	7:481bce714567	1391
wolfSSL	7:481bce714567	1392	output[offset++] = sni->type; /* sni type */
wolfSSL	7:481bce714567	1393
wolfSSL	7:481bce714567	1394	switch (sni->type) {
wolfSSL	7:481bce714567	1395	case WOLFSSL_SNI_HOST_NAME:
wolfSSL	7:481bce714567	1396	length = XSTRLEN((char*)sni->data.host_name);
wolfSSL	7:481bce714567	1397
wolfSSL	7:481bce714567	1398	c16toa(length, output + offset); /* sni length */
wolfSSL	7:481bce714567	1399	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	1400
wolfSSL	7:481bce714567	1401	XMEMCPY(output + offset, sni->data.host_name, length);
wolfSSL	7:481bce714567	1402
wolfSSL	7:481bce714567	1403	offset += length;
wolfSSL	7:481bce714567	1404	break;
wolfSSL	7:481bce714567	1405	}
wolfSSL	7:481bce714567	1406	}
wolfSSL	7:481bce714567	1407
wolfSSL	7:481bce714567	1408	c16toa(offset - OPAQUE16_LEN, output); /* writing list length */
wolfSSL	7:481bce714567	1409
wolfSSL	7:481bce714567	1410	return offset;
wolfSSL	7:481bce714567	1411	}
wolfSSL	7:481bce714567	1412
wolfSSL	7:481bce714567	1413	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1414
wolfSSL	7:481bce714567	1415	/** Finds a SNI object in the provided list. */
wolfSSL	7:481bce714567	1416	static SNI* TLSX_SNI_Find(SNI *list, byte type)
wolfSSL	7:481bce714567	1417	{
wolfSSL	7:481bce714567	1418	SNI *sni = list;
wolfSSL	7:481bce714567	1419
wolfSSL	7:481bce714567	1420	while (sni && sni->type != type)
wolfSSL	7:481bce714567	1421	sni = sni->next;
wolfSSL	7:481bce714567	1422
wolfSSL	7:481bce714567	1423	return sni;
wolfSSL	7:481bce714567	1424	}
wolfSSL	7:481bce714567	1425
wolfSSL	7:481bce714567	1426
wolfSSL	7:481bce714567	1427	/** Sets the status of a SNI object. */
wolfSSL	7:481bce714567	1428	static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
wolfSSL	7:481bce714567	1429	{
wolfSSL	7:481bce714567	1430	TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL	7:481bce714567	1431	SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL	7:481bce714567	1432
wolfSSL	7:481bce714567	1433	if (sni)
wolfSSL	7:481bce714567	1434	sni->status = status;
wolfSSL	7:481bce714567	1435	}
wolfSSL	7:481bce714567	1436
wolfSSL	7:481bce714567	1437	/** Gets the status of a SNI object. */
wolfSSL	7:481bce714567	1438	byte TLSX_SNI_Status(TLSX* extensions, byte type)
wolfSSL	7:481bce714567	1439	{
wolfSSL	7:481bce714567	1440	TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL	7:481bce714567	1441	SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL	7:481bce714567	1442
wolfSSL	7:481bce714567	1443	if (sni)
wolfSSL	7:481bce714567	1444	return sni->status;
wolfSSL	7:481bce714567	1445
wolfSSL	7:481bce714567	1446	return 0;
wolfSSL	7:481bce714567	1447	}
wolfSSL	7:481bce714567	1448
wolfSSL	7:481bce714567	1449	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	7:481bce714567	1450
wolfSSL	7:481bce714567	1451	/** Parses a buffer of SNI extensions. */
wolfSSL	7:481bce714567	1452	static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	7:481bce714567	1453	byte isRequest)
wolfSSL	7:481bce714567	1454	{
wolfSSL	7:481bce714567	1455	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1456	word16 size = 0;
wolfSSL	7:481bce714567	1457	word16 offset = 0;
wolfSSL	7:481bce714567	1458	int cacheOnly = 0;
wolfSSL	7:481bce714567	1459	#endif
wolfSSL	7:481bce714567	1460
wolfSSL	7:481bce714567	1461	TLSX *extension = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
wolfSSL	7:481bce714567	1462
wolfSSL	7:481bce714567	1463	if (!extension)
wolfSSL	7:481bce714567	1464	extension = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
wolfSSL	7:481bce714567	1465
wolfSSL	7:481bce714567	1466	(void)isRequest;
wolfSSL	7:481bce714567	1467	(void)input;
wolfSSL	7:481bce714567	1468
wolfSSL	7:481bce714567	1469	if (!extension \|\| !extension->data) {
wolfSSL	7:481bce714567	1470	#if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	7:481bce714567	1471	/* This will keep SNI even though TLSX_UseSNI has not been called.
wolfSSL	7:481bce714567	1472	* Enable it so that the received sni is available to functions
wolfSSL	7:481bce714567	1473	* that use a custom callback when SNI is received */
wolfSSL	7:481bce714567	1474	cacheOnly = 1;
wolfSSL	7:481bce714567	1475	WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
wolfSSL	7:481bce714567	1476	#else
wolfSSL	7:481bce714567	1477	return isRequest ? 0 /* not using SNI. */
wolfSSL	7:481bce714567	1478	: BUFFER_ERROR; /* unexpected SNI response. */
wolfSSL	7:481bce714567	1479	#endif
wolfSSL	7:481bce714567	1480	}
wolfSSL	7:481bce714567	1481
wolfSSL	7:481bce714567	1482	if (!isRequest)
wolfSSL	7:481bce714567	1483	return length ? BUFFER_ERROR /* SNI response MUST be empty. */
wolfSSL	7:481bce714567	1484	: 0; /* nothing else to do. */
wolfSSL	7:481bce714567	1485
wolfSSL	7:481bce714567	1486	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1487
wolfSSL	7:481bce714567	1488	if (OPAQUE16_LEN > length)
wolfSSL	7:481bce714567	1489	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1490
wolfSSL	7:481bce714567	1491	ato16(input, &size);
wolfSSL	7:481bce714567	1492	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	1493
wolfSSL	7:481bce714567	1494	/* validating sni list length */
wolfSSL	7:481bce714567	1495	if (length != OPAQUE16_LEN + size)
wolfSSL	7:481bce714567	1496	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1497
wolfSSL	7:481bce714567	1498	for (size = 0; offset < length; offset += size) {
wolfSSL	7:481bce714567	1499	SNI *sni = NULL;
wolfSSL	7:481bce714567	1500	byte type = input[offset++];
wolfSSL	7:481bce714567	1501
wolfSSL	7:481bce714567	1502	if (offset + OPAQUE16_LEN > length)
wolfSSL	7:481bce714567	1503	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1504
wolfSSL	7:481bce714567	1505	ato16(input + offset, &size);
wolfSSL	7:481bce714567	1506	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	1507
wolfSSL	7:481bce714567	1508	if (offset + size > length)
wolfSSL	7:481bce714567	1509	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1510
wolfSSL	7:481bce714567	1511	if (!cacheOnly && !(sni = TLSX_SNI_Find((SNI*)extension->data, type)))
wolfSSL	7:481bce714567	1512	continue; /* not using this type of SNI. */
wolfSSL	7:481bce714567	1513
wolfSSL	7:481bce714567	1514	switch(type) {
wolfSSL	7:481bce714567	1515	case WOLFSSL_SNI_HOST_NAME: {
wolfSSL	7:481bce714567	1516	int matchStat;
wolfSSL	7:481bce714567	1517	byte matched = cacheOnly \|\|
wolfSSL	7:481bce714567	1518	((XSTRLEN(sni->data.host_name) == size)
wolfSSL	7:481bce714567	1519	&& (XSTRNCMP(sni->data.host_name,
wolfSSL	7:481bce714567	1520	(const char*)input + offset, size) == 0));
wolfSSL	7:481bce714567	1521
wolfSSL	7:481bce714567	1522	if (matched \|\| sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) {
wolfSSL	7:481bce714567	1523	int r = TLSX_UseSNI(&ssl->extensions,
wolfSSL	7:481bce714567	1524	type, input + offset, size, ssl->heap);
wolfSSL	7:481bce714567	1525
wolfSSL	7:481bce714567	1526	if (r != SSL_SUCCESS)
wolfSSL	7:481bce714567	1527	return r; /* throws error. */
wolfSSL	7:481bce714567	1528
wolfSSL	7:481bce714567	1529	if(cacheOnly) {
wolfSSL	7:481bce714567	1530	WOLFSSL_MSG("Forcing storage of SNI, Fake match");
wolfSSL	7:481bce714567	1531	matchStat = WOLFSSL_SNI_FORCE_KEEP;
wolfSSL	7:481bce714567	1532	} else if(matched) {
wolfSSL	7:481bce714567	1533	WOLFSSL_MSG("SNI did match!");
wolfSSL	7:481bce714567	1534	matchStat = WOLFSSL_SNI_REAL_MATCH;
wolfSSL	7:481bce714567	1535	} else {
wolfSSL	7:481bce714567	1536	WOLFSSL_MSG("fake SNI match from ANSWER_ON_MISMATCH");
wolfSSL	7:481bce714567	1537	matchStat = WOLFSSL_SNI_FAKE_MATCH;
wolfSSL	7:481bce714567	1538	}
wolfSSL	7:481bce714567	1539
wolfSSL	7:481bce714567	1540	TLSX_SNI_SetStatus(ssl->extensions, type, matchStat);
wolfSSL	7:481bce714567	1541
wolfSSL	7:481bce714567	1542	if(!cacheOnly)
wolfSSL	7:481bce714567	1543	TLSX_SetResponse(ssl, TLSX_SERVER_NAME);
wolfSSL	7:481bce714567	1544
wolfSSL	7:481bce714567	1545	} else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
wolfSSL	7:481bce714567	1546	SendAlert(ssl, alert_fatal, unrecognized_name);
wolfSSL	7:481bce714567	1547
wolfSSL	7:481bce714567	1548	return UNKNOWN_SNI_HOST_NAME_E;
wolfSSL	7:481bce714567	1549	}
wolfSSL	7:481bce714567	1550	break;
wolfSSL	7:481bce714567	1551	}
wolfSSL	7:481bce714567	1552	}
wolfSSL	7:481bce714567	1553	}
wolfSSL	7:481bce714567	1554
wolfSSL	7:481bce714567	1555	#endif
wolfSSL	7:481bce714567	1556
wolfSSL	7:481bce714567	1557	return 0;
wolfSSL	7:481bce714567	1558	}
wolfSSL	7:481bce714567	1559
wolfSSL	7:481bce714567	1560	static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
wolfSSL	7:481bce714567	1561	{
wolfSSL	7:481bce714567	1562	(void)ssl;
wolfSSL	7:481bce714567	1563
wolfSSL	7:481bce714567	1564	if (isRequest) {
wolfSSL	7:481bce714567	1565	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1566	TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
wolfSSL	7:481bce714567	1567	TLSX* ssl_ext = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
wolfSSL	7:481bce714567	1568	SNI* ctx_sni = ctx_ext ? (SNI*)ctx_ext->data : NULL;
wolfSSL	7:481bce714567	1569	SNI* ssl_sni = ssl_ext ? (SNI*)ssl_ext->data : NULL;
wolfSSL	7:481bce714567	1570	SNI* sni = NULL;
wolfSSL	7:481bce714567	1571
wolfSSL	7:481bce714567	1572	for (; ctx_sni; ctx_sni = ctx_sni->next) {
wolfSSL	7:481bce714567	1573	if (ctx_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
wolfSSL	7:481bce714567	1574	sni = TLSX_SNI_Find(ssl_sni, ctx_sni->type);
wolfSSL	7:481bce714567	1575
wolfSSL	7:481bce714567	1576	if (sni) {
wolfSSL	7:481bce714567	1577	if (sni->status != WOLFSSL_SNI_NO_MATCH)
wolfSSL	7:481bce714567	1578	continue;
wolfSSL	7:481bce714567	1579
wolfSSL	7:481bce714567	1580	/* if ssl level overrides ctx level, it is ok. */
wolfSSL	7:481bce714567	1581	if ((sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) == 0)
wolfSSL	7:481bce714567	1582	continue;
wolfSSL	7:481bce714567	1583	}
wolfSSL	7:481bce714567	1584
wolfSSL	7:481bce714567	1585	SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL	7:481bce714567	1586	return SNI_ABSENT_ERROR;
wolfSSL	7:481bce714567	1587	}
wolfSSL	7:481bce714567	1588	}
wolfSSL	7:481bce714567	1589
wolfSSL	7:481bce714567	1590	for (; ssl_sni; ssl_sni = ssl_sni->next) {
wolfSSL	7:481bce714567	1591	if (ssl_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
wolfSSL	7:481bce714567	1592	if (ssl_sni->status != WOLFSSL_SNI_NO_MATCH)
wolfSSL	7:481bce714567	1593	continue;
wolfSSL	7:481bce714567	1594
wolfSSL	7:481bce714567	1595	SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL	7:481bce714567	1596	return SNI_ABSENT_ERROR;
wolfSSL	7:481bce714567	1597	}
wolfSSL	7:481bce714567	1598	}
wolfSSL	7:481bce714567	1599	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	7:481bce714567	1600	}
wolfSSL	7:481bce714567	1601
wolfSSL	7:481bce714567	1602	return 0;
wolfSSL	7:481bce714567	1603	}
wolfSSL	7:481bce714567	1604
wolfSSL	7:481bce714567	1605	int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
wolfSSL	7:481bce714567	1606	void* heap)
wolfSSL	7:481bce714567	1607	{
wolfSSL	7:481bce714567	1608	TLSX* extension = TLSX_Find(*extensions, TLSX_SERVER_NAME);
wolfSSL	7:481bce714567	1609	SNI* sni = NULL;
wolfSSL	7:481bce714567	1610
wolfSSL	7:481bce714567	1611	if (extensions == NULL \|\| data == NULL)
wolfSSL	7:481bce714567	1612	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1613
wolfSSL	7:481bce714567	1614	if ((sni = TLSX_SNI_New(type, data, size, heap)) == NULL)
wolfSSL	7:481bce714567	1615	return MEMORY_E;
wolfSSL	7:481bce714567	1616
wolfSSL	7:481bce714567	1617	if (!extension) {
wolfSSL	7:481bce714567	1618	int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap);
wolfSSL	7:481bce714567	1619	if (ret != 0) {
wolfSSL	7:481bce714567	1620	TLSX_SNI_Free(sni, heap);
wolfSSL	7:481bce714567	1621	return ret;
wolfSSL	7:481bce714567	1622	}
wolfSSL	7:481bce714567	1623	}
wolfSSL	7:481bce714567	1624	else {
wolfSSL	7:481bce714567	1625	/* push new SNI object to extension data. */
wolfSSL	7:481bce714567	1626	sni->next = (SNI*)extension->data;
wolfSSL	7:481bce714567	1627	extension->data = (void*)sni;
wolfSSL	7:481bce714567	1628
wolfSSL	7:481bce714567	1629	/* remove duplicate SNI, there should be only one of each type. */
wolfSSL	7:481bce714567	1630	do {
wolfSSL	7:481bce714567	1631	if (sni->next && sni->next->type == type) {
wolfSSL	7:481bce714567	1632	SNI *next = sni->next;
wolfSSL	7:481bce714567	1633
wolfSSL	7:481bce714567	1634	sni->next = next->next;
wolfSSL	7:481bce714567	1635	TLSX_SNI_Free(next, heap);
wolfSSL	7:481bce714567	1636
wolfSSL	7:481bce714567	1637	/* there is no way to occur more than */
wolfSSL	7:481bce714567	1638	/* two SNIs of the same type. */
wolfSSL	7:481bce714567	1639	break;
wolfSSL	7:481bce714567	1640	}
wolfSSL	7:481bce714567	1641	} while ((sni = sni->next));
wolfSSL	7:481bce714567	1642	}
wolfSSL	7:481bce714567	1643
wolfSSL	7:481bce714567	1644	return SSL_SUCCESS;
wolfSSL	7:481bce714567	1645	}
wolfSSL	7:481bce714567	1646
wolfSSL	7:481bce714567	1647	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1648
wolfSSL	7:481bce714567	1649	/** Tells the SNI requested by the client. */
wolfSSL	7:481bce714567	1650	word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
wolfSSL	7:481bce714567	1651	{
wolfSSL	7:481bce714567	1652	TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL	7:481bce714567	1653	SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL	7:481bce714567	1654
wolfSSL	7:481bce714567	1655	if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) {
wolfSSL	7:481bce714567	1656	switch (sni->type) {
wolfSSL	7:481bce714567	1657	case WOLFSSL_SNI_HOST_NAME:
wolfSSL	7:481bce714567	1658	*data = sni->data.host_name;
wolfSSL	7:481bce714567	1659	return XSTRLEN((char)data);
wolfSSL	7:481bce714567	1660	}
wolfSSL	7:481bce714567	1661	}
wolfSSL	7:481bce714567	1662
wolfSSL	7:481bce714567	1663	return 0;
wolfSSL	7:481bce714567	1664	}
wolfSSL	7:481bce714567	1665
wolfSSL	7:481bce714567	1666	/** Sets the options for a SNI object. */
wolfSSL	7:481bce714567	1667	void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
wolfSSL	7:481bce714567	1668	{
wolfSSL	7:481bce714567	1669	TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL	7:481bce714567	1670	SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL	7:481bce714567	1671
wolfSSL	7:481bce714567	1672	if (sni)
wolfSSL	7:481bce714567	1673	sni->options = options;
wolfSSL	7:481bce714567	1674	}
wolfSSL	7:481bce714567	1675
wolfSSL	7:481bce714567	1676	/** Retrieves a SNI request from a client hello buffer. */
wolfSSL	7:481bce714567	1677	int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
wolfSSL	7:481bce714567	1678	byte type, byte* sni, word32* inOutSz)
wolfSSL	7:481bce714567	1679	{
wolfSSL	7:481bce714567	1680	word32 offset = 0;
wolfSSL	7:481bce714567	1681	word32 len32 = 0;
wolfSSL	7:481bce714567	1682	word16 len16 = 0;
wolfSSL	7:481bce714567	1683
wolfSSL	7:481bce714567	1684	if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST)
wolfSSL	7:481bce714567	1685	return INCOMPLETE_DATA;
wolfSSL	7:481bce714567	1686
wolfSSL	7:481bce714567	1687	/* TLS record header */
wolfSSL	7:481bce714567	1688	if ((enum ContentType) clientHello[offset++] != handshake) {
wolfSSL	7:481bce714567	1689
wolfSSL	7:481bce714567	1690	/* checking for SSLv2.0 client hello according to: */
wolfSSL	7:481bce714567	1691	/* http://tools.ietf.org/html/rfc4346#appendix-E.1 */
wolfSSL	7:481bce714567	1692	if ((enum HandShakeType) clientHello[++offset] == client_hello) {
wolfSSL	7:481bce714567	1693	offset += ENUM_LEN + VERSION_SZ; /* skip version */
wolfSSL	7:481bce714567	1694
wolfSSL	7:481bce714567	1695	ato16(clientHello + offset, &len16);
wolfSSL	7:481bce714567	1696	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	1697
wolfSSL	7:481bce714567	1698	if (len16 % 3) /* cipher_spec_length must be multiple of 3 */
wolfSSL	7:481bce714567	1699	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1700
wolfSSL	7:481bce714567	1701	ato16(clientHello + offset, &len16);
wolfSSL	7:481bce714567	1702	/* Returning SNI_UNSUPPORTED do not increment offset here */
wolfSSL	7:481bce714567	1703
wolfSSL	7:481bce714567	1704	if (len16 != 0) /* session_id_length must be 0 */
wolfSSL	7:481bce714567	1705	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1706
wolfSSL	7:481bce714567	1707	return SNI_UNSUPPORTED;
wolfSSL	7:481bce714567	1708	}
wolfSSL	7:481bce714567	1709
wolfSSL	7:481bce714567	1710	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1711	}
wolfSSL	7:481bce714567	1712
wolfSSL	7:481bce714567	1713	if (clientHello[offset++] != SSLv3_MAJOR)
wolfSSL	7:481bce714567	1714	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1715
wolfSSL	7:481bce714567	1716	if (clientHello[offset++] < TLSv1_MINOR)
wolfSSL	7:481bce714567	1717	return SNI_UNSUPPORTED;
wolfSSL	7:481bce714567	1718
wolfSSL	7:481bce714567	1719	ato16(clientHello + offset, &len16);
wolfSSL	7:481bce714567	1720	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	1721
wolfSSL	7:481bce714567	1722	if (offset + len16 > helloSz)
wolfSSL	7:481bce714567	1723	return INCOMPLETE_DATA;
wolfSSL	7:481bce714567	1724
wolfSSL	7:481bce714567	1725	/* Handshake header */
wolfSSL	7:481bce714567	1726	if ((enum HandShakeType) clientHello[offset] != client_hello)
wolfSSL	7:481bce714567	1727	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1728
wolfSSL	7:481bce714567	1729	c24to32(clientHello + offset + 1, &len32);
wolfSSL	7:481bce714567	1730	offset += HANDSHAKE_HEADER_SZ;
wolfSSL	7:481bce714567	1731
wolfSSL	7:481bce714567	1732	if (offset + len32 > helloSz)
wolfSSL	7:481bce714567	1733	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1734
wolfSSL	7:481bce714567	1735	/* client hello */
wolfSSL	7:481bce714567	1736	offset += VERSION_SZ + RAN_LEN; /* version, random */
wolfSSL	7:481bce714567	1737
wolfSSL	7:481bce714567	1738	if (helloSz < offset + clientHello[offset])
wolfSSL	7:481bce714567	1739	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1740
wolfSSL	7:481bce714567	1741	offset += ENUM_LEN + clientHello[offset]; /* skip session id */
wolfSSL	7:481bce714567	1742
wolfSSL	7:481bce714567	1743	/* cypher suites */
wolfSSL	7:481bce714567	1744	if (helloSz < offset + OPAQUE16_LEN)
wolfSSL	7:481bce714567	1745	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1746
wolfSSL	7:481bce714567	1747	ato16(clientHello + offset, &len16);
wolfSSL	7:481bce714567	1748	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	1749
wolfSSL	7:481bce714567	1750	if (helloSz < offset + len16)
wolfSSL	7:481bce714567	1751	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1752
wolfSSL	7:481bce714567	1753	offset += len16; /* skip cypher suites */
wolfSSL	7:481bce714567	1754
wolfSSL	7:481bce714567	1755	/* compression methods */
wolfSSL	7:481bce714567	1756	if (helloSz < offset + 1)
wolfSSL	7:481bce714567	1757	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1758
wolfSSL	7:481bce714567	1759	if (helloSz < offset + clientHello[offset])
wolfSSL	7:481bce714567	1760	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1761
wolfSSL	7:481bce714567	1762	offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
wolfSSL	7:481bce714567	1763
wolfSSL	7:481bce714567	1764	/* extensions */
wolfSSL	7:481bce714567	1765	if (helloSz < offset + OPAQUE16_LEN)
wolfSSL	7:481bce714567	1766	return 0; /* no extensions in client hello. */
wolfSSL	7:481bce714567	1767
wolfSSL	7:481bce714567	1768	ato16(clientHello + offset, &len16);
wolfSSL	7:481bce714567	1769	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	1770
wolfSSL	7:481bce714567	1771	if (helloSz < offset + len16)
wolfSSL	7:481bce714567	1772	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1773
wolfSSL	7:481bce714567	1774	while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) {
wolfSSL	7:481bce714567	1775	word16 extType;
wolfSSL	7:481bce714567	1776	word16 extLen;
wolfSSL	7:481bce714567	1777
wolfSSL	7:481bce714567	1778	ato16(clientHello + offset, &extType);
wolfSSL	7:481bce714567	1779	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	1780
wolfSSL	7:481bce714567	1781	ato16(clientHello + offset, &extLen);
wolfSSL	7:481bce714567	1782	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	1783
wolfSSL	7:481bce714567	1784	if (helloSz < offset + extLen)
wolfSSL	7:481bce714567	1785	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1786
wolfSSL	7:481bce714567	1787	if (extType != TLSX_SERVER_NAME) {
wolfSSL	7:481bce714567	1788	offset += extLen; /* skip extension */
wolfSSL	7:481bce714567	1789	} else {
wolfSSL	7:481bce714567	1790	word16 listLen;
wolfSSL	7:481bce714567	1791
wolfSSL	7:481bce714567	1792	ato16(clientHello + offset, &listLen);
wolfSSL	7:481bce714567	1793	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	1794
wolfSSL	7:481bce714567	1795	if (helloSz < offset + listLen)
wolfSSL	7:481bce714567	1796	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1797
wolfSSL	7:481bce714567	1798	while (listLen > ENUM_LEN + OPAQUE16_LEN) {
wolfSSL	7:481bce714567	1799	byte sniType = clientHello[offset++];
wolfSSL	7:481bce714567	1800	word16 sniLen;
wolfSSL	7:481bce714567	1801
wolfSSL	7:481bce714567	1802	ato16(clientHello + offset, &sniLen);
wolfSSL	7:481bce714567	1803	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	1804
wolfSSL	7:481bce714567	1805	if (helloSz < offset + sniLen)
wolfSSL	7:481bce714567	1806	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1807
wolfSSL	7:481bce714567	1808	if (sniType != type) {
wolfSSL	7:481bce714567	1809	offset += sniLen;
wolfSSL	7:481bce714567	1810	listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen);
wolfSSL	7:481bce714567	1811	continue;
wolfSSL	7:481bce714567	1812	}
wolfSSL	7:481bce714567	1813
wolfSSL	7:481bce714567	1814	inOutSz = min(sniLen, inOutSz);
wolfSSL	7:481bce714567	1815	XMEMCPY(sni, clientHello + offset, *inOutSz);
wolfSSL	7:481bce714567	1816
wolfSSL	7:481bce714567	1817	return SSL_SUCCESS;
wolfSSL	7:481bce714567	1818	}
wolfSSL	7:481bce714567	1819	}
wolfSSL	7:481bce714567	1820
wolfSSL	7:481bce714567	1821	len16 -= min(2 * OPAQUE16_LEN + extLen, len16);
wolfSSL	7:481bce714567	1822	}
wolfSSL	7:481bce714567	1823
wolfSSL	7:481bce714567	1824	return len16 ? BUFFER_ERROR : 0;
wolfSSL	7:481bce714567	1825	}
wolfSSL	7:481bce714567	1826
wolfSSL	7:481bce714567	1827	#endif
wolfSSL	7:481bce714567	1828
wolfSSL	7:481bce714567	1829	#define SNI_FREE_ALL TLSX_SNI_FreeAll
wolfSSL	7:481bce714567	1830	#define SNI_GET_SIZE TLSX_SNI_GetSize
wolfSSL	7:481bce714567	1831	#define SNI_WRITE TLSX_SNI_Write
wolfSSL	7:481bce714567	1832	#define SNI_PARSE TLSX_SNI_Parse
wolfSSL	7:481bce714567	1833	#define SNI_VERIFY_PARSE TLSX_SNI_VerifyParse
wolfSSL	7:481bce714567	1834
wolfSSL	7:481bce714567	1835	#else
wolfSSL	7:481bce714567	1836
wolfSSL	7:481bce714567	1837	#define SNI_FREE_ALL(list, heap)
wolfSSL	7:481bce714567	1838	#define SNI_GET_SIZE(list) 0
wolfSSL	7:481bce714567	1839	#define SNI_WRITE(a, b) 0
wolfSSL	7:481bce714567	1840	#define SNI_PARSE(a, b, c, d) 0
wolfSSL	7:481bce714567	1841	#define SNI_VERIFY_PARSE(a, b) 0
wolfSSL	7:481bce714567	1842
wolfSSL	7:481bce714567	1843	#endif /* HAVE_SNI */
wolfSSL	7:481bce714567	1844
wolfSSL	7:481bce714567	1845	/******************************************************************************/
wolfSSL	7:481bce714567	1846	/* Max Fragment Length Negotiation */
wolfSSL	7:481bce714567	1847	/******************************************************************************/
wolfSSL	7:481bce714567	1848
wolfSSL	7:481bce714567	1849	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	7:481bce714567	1850
wolfSSL	7:481bce714567	1851	static word16 TLSX_MFL_Write(byte* data, byte* output)
wolfSSL	7:481bce714567	1852	{
wolfSSL	7:481bce714567	1853	output[0] = data[0];
wolfSSL	7:481bce714567	1854
wolfSSL	7:481bce714567	1855	return ENUM_LEN;
wolfSSL	7:481bce714567	1856	}
wolfSSL	7:481bce714567	1857
wolfSSL	7:481bce714567	1858	static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	7:481bce714567	1859	byte isRequest)
wolfSSL	7:481bce714567	1860	{
wolfSSL	7:481bce714567	1861	(void)isRequest;
wolfSSL	7:481bce714567	1862
wolfSSL	7:481bce714567	1863	if (length != ENUM_LEN)
wolfSSL	7:481bce714567	1864	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1865
wolfSSL	7:481bce714567	1866	switch (*input) {
wolfSSL	7:481bce714567	1867	case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break;
wolfSSL	7:481bce714567	1868	case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break;
wolfSSL	7:481bce714567	1869	case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break;
wolfSSL	7:481bce714567	1870	case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break;
wolfSSL	7:481bce714567	1871	case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break;
wolfSSL	7:481bce714567	1872
wolfSSL	7:481bce714567	1873	default:
wolfSSL	7:481bce714567	1874	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	7:481bce714567	1875
wolfSSL	7:481bce714567	1876	return UNKNOWN_MAX_FRAG_LEN_E;
wolfSSL	7:481bce714567	1877	}
wolfSSL	7:481bce714567	1878
wolfSSL	7:481bce714567	1879	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1880	if (isRequest) {
wolfSSL	7:481bce714567	1881	int r = TLSX_UseMaxFragment(&ssl->extensions, *input, ssl->heap);
wolfSSL	7:481bce714567	1882
wolfSSL	7:481bce714567	1883	if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL	7:481bce714567	1884
wolfSSL	7:481bce714567	1885	TLSX_SetResponse(ssl, TLSX_MAX_FRAGMENT_LENGTH);
wolfSSL	7:481bce714567	1886	}
wolfSSL	7:481bce714567	1887	#endif
wolfSSL	7:481bce714567	1888
wolfSSL	7:481bce714567	1889	return 0;
wolfSSL	7:481bce714567	1890	}
wolfSSL	7:481bce714567	1891
wolfSSL	7:481bce714567	1892	int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap)
wolfSSL	7:481bce714567	1893	{
wolfSSL	7:481bce714567	1894	byte* data = NULL;
wolfSSL	7:481bce714567	1895	int ret = 0;
wolfSSL	7:481bce714567	1896
wolfSSL	7:481bce714567	1897	if (extensions == NULL)
wolfSSL	7:481bce714567	1898	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1899
wolfSSL	7:481bce714567	1900	if (mfl < WOLFSSL_MFL_2_9 \|\| WOLFSSL_MFL_2_13 < mfl)
wolfSSL	7:481bce714567	1901	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1902
wolfSSL	7:481bce714567	1903	if ((data = (byte*)XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	7:481bce714567	1904	return MEMORY_E;
wolfSSL	7:481bce714567	1905
wolfSSL	7:481bce714567	1906	data[0] = mfl;
wolfSSL	7:481bce714567	1907
wolfSSL	7:481bce714567	1908	/* push new MFL extension. */
wolfSSL	7:481bce714567	1909	if ((ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data, heap))
wolfSSL	7:481bce714567	1910	!= 0) {
wolfSSL	7:481bce714567	1911	XFREE(data, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	1912	return ret;
wolfSSL	7:481bce714567	1913	}
wolfSSL	7:481bce714567	1914
wolfSSL	7:481bce714567	1915	return SSL_SUCCESS;
wolfSSL	7:481bce714567	1916	}
wolfSSL	7:481bce714567	1917
wolfSSL	7:481bce714567	1918
wolfSSL	7:481bce714567	1919	#define MFL_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX)
wolfSSL	7:481bce714567	1920	#define MFL_GET_SIZE(data) ENUM_LEN
wolfSSL	7:481bce714567	1921	#define MFL_WRITE TLSX_MFL_Write
wolfSSL	7:481bce714567	1922	#define MFL_PARSE TLSX_MFL_Parse
wolfSSL	7:481bce714567	1923
wolfSSL	7:481bce714567	1924	#else
wolfSSL	7:481bce714567	1925
wolfSSL	7:481bce714567	1926	#define MFL_FREE_ALL(a, b)
wolfSSL	7:481bce714567	1927	#define MFL_GET_SIZE(a) 0
wolfSSL	7:481bce714567	1928	#define MFL_WRITE(a, b) 0
wolfSSL	7:481bce714567	1929	#define MFL_PARSE(a, b, c, d) 0
wolfSSL	7:481bce714567	1930
wolfSSL	7:481bce714567	1931	#endif /* HAVE_MAX_FRAGMENT */
wolfSSL	7:481bce714567	1932
wolfSSL	7:481bce714567	1933	/******************************************************************************/
wolfSSL	7:481bce714567	1934	/* Truncated HMAC */
wolfSSL	7:481bce714567	1935	/******************************************************************************/
wolfSSL	7:481bce714567	1936
wolfSSL	7:481bce714567	1937	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	7:481bce714567	1938
wolfSSL	7:481bce714567	1939	static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	7:481bce714567	1940	byte isRequest)
wolfSSL	7:481bce714567	1941	{
wolfSSL	7:481bce714567	1942	(void)isRequest;
wolfSSL	7:481bce714567	1943
wolfSSL	7:481bce714567	1944	if (length != 0 \|\| input == NULL)
wolfSSL	7:481bce714567	1945	return BUFFER_ERROR;
wolfSSL	7:481bce714567	1946
wolfSSL	7:481bce714567	1947	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1948	if (isRequest) {
wolfSSL	7:481bce714567	1949	int r = TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap);
wolfSSL	7:481bce714567	1950
wolfSSL	7:481bce714567	1951	if (r != SSL_SUCCESS)
wolfSSL	7:481bce714567	1952	return r; /* throw error */
wolfSSL	7:481bce714567	1953
wolfSSL	7:481bce714567	1954	TLSX_SetResponse(ssl, TLSX_TRUNCATED_HMAC);
wolfSSL	7:481bce714567	1955	}
wolfSSL	7:481bce714567	1956	#endif
wolfSSL	7:481bce714567	1957
wolfSSL	7:481bce714567	1958	ssl->truncated_hmac = 1;
wolfSSL	7:481bce714567	1959
wolfSSL	7:481bce714567	1960	return 0;
wolfSSL	7:481bce714567	1961	}
wolfSSL	7:481bce714567	1962
wolfSSL	7:481bce714567	1963	int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap)
wolfSSL	7:481bce714567	1964	{
wolfSSL	7:481bce714567	1965	int ret = 0;
wolfSSL	7:481bce714567	1966
wolfSSL	7:481bce714567	1967	if (extensions == NULL)
wolfSSL	7:481bce714567	1968	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1969
wolfSSL	7:481bce714567	1970	if ((ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL, heap)) != 0)
wolfSSL	7:481bce714567	1971	return ret;
wolfSSL	7:481bce714567	1972
wolfSSL	7:481bce714567	1973	return SSL_SUCCESS;
wolfSSL	7:481bce714567	1974	}
wolfSSL	7:481bce714567	1975
wolfSSL	7:481bce714567	1976	#define THM_PARSE TLSX_THM_Parse
wolfSSL	7:481bce714567	1977
wolfSSL	7:481bce714567	1978	#else
wolfSSL	7:481bce714567	1979
wolfSSL	7:481bce714567	1980	#define THM_PARSE(a, b, c, d) 0
wolfSSL	7:481bce714567	1981
wolfSSL	7:481bce714567	1982	#endif /* HAVE_TRUNCATED_HMAC */
wolfSSL	7:481bce714567	1983
wolfSSL	7:481bce714567	1984	/******************************************************************************/
wolfSSL	7:481bce714567	1985	/* Certificate Status Request */
wolfSSL	7:481bce714567	1986	/******************************************************************************/
wolfSSL	7:481bce714567	1987
wolfSSL	7:481bce714567	1988	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	7:481bce714567	1989
wolfSSL	7:481bce714567	1990	static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap)
wolfSSL	7:481bce714567	1991	{
wolfSSL	7:481bce714567	1992	switch (csr->status_type) {
wolfSSL	7:481bce714567	1993	case WOLFSSL_CSR_OCSP:
wolfSSL	7:481bce714567	1994	FreeOcspRequest(&csr->request.ocsp);
wolfSSL	7:481bce714567	1995	break;
wolfSSL	7:481bce714567	1996	}
wolfSSL	7:481bce714567	1997
wolfSSL	7:481bce714567	1998	XFREE(csr, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	1999	(void)heap;
wolfSSL	7:481bce714567	2000	}
wolfSSL	7:481bce714567	2001
wolfSSL	7:481bce714567	2002	static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
wolfSSL	7:481bce714567	2003	{
wolfSSL	7:481bce714567	2004	word16 size = 0;
wolfSSL	7:481bce714567	2005
wolfSSL	7:481bce714567	2006	/* shut up compiler warnings */
wolfSSL	7:481bce714567	2007	(void) csr; (void) isRequest;
wolfSSL	7:481bce714567	2008
wolfSSL	7:481bce714567	2009	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	2010	if (isRequest) {
wolfSSL	7:481bce714567	2011	switch (csr->status_type) {
wolfSSL	7:481bce714567	2012	case WOLFSSL_CSR_OCSP:
wolfSSL	7:481bce714567	2013	size += ENUM_LEN + 2 * OPAQUE16_LEN;
wolfSSL	7:481bce714567	2014
wolfSSL	7:481bce714567	2015	if (csr->request.ocsp.nonceSz)
wolfSSL	7:481bce714567	2016	size += OCSP_NONCE_EXT_SZ;
wolfSSL	7:481bce714567	2017	break;
wolfSSL	7:481bce714567	2018	}
wolfSSL	7:481bce714567	2019	}
wolfSSL	7:481bce714567	2020	#endif
wolfSSL	7:481bce714567	2021
wolfSSL	7:481bce714567	2022	return size;
wolfSSL	7:481bce714567	2023	}
wolfSSL	7:481bce714567	2024
wolfSSL	7:481bce714567	2025	static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
wolfSSL	7:481bce714567	2026	byte isRequest)
wolfSSL	7:481bce714567	2027	{
wolfSSL	7:481bce714567	2028	/* shut up compiler warnings */
wolfSSL	7:481bce714567	2029	(void) csr; (void) output; (void) isRequest;
wolfSSL	7:481bce714567	2030
wolfSSL	7:481bce714567	2031	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	2032	if (isRequest) {
wolfSSL	7:481bce714567	2033	word16 offset = 0;
wolfSSL	7:481bce714567	2034	word16 length = 0;
wolfSSL	7:481bce714567	2035
wolfSSL	7:481bce714567	2036	/* type */
wolfSSL	7:481bce714567	2037	output[offset++] = csr->status_type;
wolfSSL	7:481bce714567	2038
wolfSSL	7:481bce714567	2039	switch (csr->status_type) {
wolfSSL	7:481bce714567	2040	case WOLFSSL_CSR_OCSP:
wolfSSL	7:481bce714567	2041	/* responder id list */
wolfSSL	7:481bce714567	2042	c16toa(0, output + offset);
wolfSSL	7:481bce714567	2043	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	2044
wolfSSL	7:481bce714567	2045	/* request extensions */
wolfSSL	7:481bce714567	2046	if (csr->request.ocsp.nonceSz)
wolfSSL	7:481bce714567	2047	length = (word16)EncodeOcspRequestExtensions(
wolfSSL	7:481bce714567	2048	&csr->request.ocsp,
wolfSSL	7:481bce714567	2049	output + offset + OPAQUE16_LEN,
wolfSSL	7:481bce714567	2050	OCSP_NONCE_EXT_SZ);
wolfSSL	7:481bce714567	2051
wolfSSL	7:481bce714567	2052	c16toa(length, output + offset);
wolfSSL	7:481bce714567	2053	offset += OPAQUE16_LEN + length;
wolfSSL	7:481bce714567	2054
wolfSSL	7:481bce714567	2055	break;
wolfSSL	7:481bce714567	2056	}
wolfSSL	7:481bce714567	2057
wolfSSL	7:481bce714567	2058	return offset;
wolfSSL	7:481bce714567	2059	}
wolfSSL	7:481bce714567	2060	#endif
wolfSSL	7:481bce714567	2061
wolfSSL	7:481bce714567	2062	return 0;
wolfSSL	7:481bce714567	2063	}
wolfSSL	7:481bce714567	2064
wolfSSL	7:481bce714567	2065	static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	7:481bce714567	2066	byte isRequest)
wolfSSL	7:481bce714567	2067	{
wolfSSL	7:481bce714567	2068	int ret;
wolfSSL	7:481bce714567	2069
wolfSSL	7:481bce714567	2070	/* shut up compiler warnings */
wolfSSL	7:481bce714567	2071	(void) ssl; (void) input;
wolfSSL	7:481bce714567	2072
wolfSSL	7:481bce714567	2073	if (!isRequest) {
wolfSSL	7:481bce714567	2074	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	2075	TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
wolfSSL	7:481bce714567	2076	CertificateStatusRequest* csr = extension ?
wolfSSL	7:481bce714567	2077	(CertificateStatusRequest*)extension->data : NULL;
wolfSSL	7:481bce714567	2078
wolfSSL	7:481bce714567	2079	if (!csr) {
wolfSSL	7:481bce714567	2080	/* look at context level */
wolfSSL	7:481bce714567	2081	extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST);
wolfSSL	7:481bce714567	2082	csr = extension ? (CertificateStatusRequest*)extension->data : NULL;
wolfSSL	7:481bce714567	2083
wolfSSL	7:481bce714567	2084	if (!csr)
wolfSSL	7:481bce714567	2085	return BUFFER_ERROR; /* unexpected extension */
wolfSSL	7:481bce714567	2086
wolfSSL	7:481bce714567	2087	/* enable extension at ssl level */
wolfSSL	7:481bce714567	2088	ret = TLSX_UseCertificateStatusRequest(&ssl->extensions,
wolfSSL	7:481bce714567	2089	csr->status_type, csr->options, ssl->heap);
wolfSSL	7:481bce714567	2090	if (ret != SSL_SUCCESS)
wolfSSL	7:481bce714567	2091	return ret;
wolfSSL	7:481bce714567	2092
wolfSSL	7:481bce714567	2093	switch (csr->status_type) {
wolfSSL	7:481bce714567	2094	case WOLFSSL_CSR_OCSP:
wolfSSL	7:481bce714567	2095	/* propagate nonce */
wolfSSL	7:481bce714567	2096	if (csr->request.ocsp.nonceSz) {
wolfSSL	7:481bce714567	2097	OcspRequest* request =
wolfSSL	7:481bce714567	2098	(OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions);
wolfSSL	7:481bce714567	2099
wolfSSL	7:481bce714567	2100	if (request) {
wolfSSL	7:481bce714567	2101	XMEMCPY(request->nonce, csr->request.ocsp.nonce,
wolfSSL	7:481bce714567	2102	csr->request.ocsp.nonceSz);
wolfSSL	7:481bce714567	2103	request->nonceSz = csr->request.ocsp.nonceSz;
wolfSSL	7:481bce714567	2104	}
wolfSSL	7:481bce714567	2105	}
wolfSSL	7:481bce714567	2106	break;
wolfSSL	7:481bce714567	2107	}
wolfSSL	7:481bce714567	2108	}
wolfSSL	7:481bce714567	2109
wolfSSL	7:481bce714567	2110	ssl->status_request = 1;
wolfSSL	7:481bce714567	2111
wolfSSL	7:481bce714567	2112	return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */
wolfSSL	7:481bce714567	2113	#endif
wolfSSL	7:481bce714567	2114	}
wolfSSL	7:481bce714567	2115	else {
wolfSSL	7:481bce714567	2116	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	2117	byte status_type;
wolfSSL	7:481bce714567	2118	word16 offset = 0;
wolfSSL	7:481bce714567	2119	word16 size = 0;
wolfSSL	7:481bce714567	2120
wolfSSL	7:481bce714567	2121	if (length < ENUM_LEN)
wolfSSL	7:481bce714567	2122	return BUFFER_ERROR;
wolfSSL	7:481bce714567	2123
wolfSSL	7:481bce714567	2124	status_type = input[offset++];
wolfSSL	7:481bce714567	2125
wolfSSL	7:481bce714567	2126	switch (status_type) {
wolfSSL	7:481bce714567	2127	case WOLFSSL_CSR_OCSP: {
wolfSSL	7:481bce714567	2128
wolfSSL	7:481bce714567	2129	/* skip responder_id_list */
wolfSSL	7:481bce714567	2130	if (length - offset < OPAQUE16_LEN)
wolfSSL	7:481bce714567	2131	return BUFFER_ERROR;
wolfSSL	7:481bce714567	2132
wolfSSL	7:481bce714567	2133	ato16(input + offset, &size);
wolfSSL	7:481bce714567	2134	offset += OPAQUE16_LEN + size;
wolfSSL	7:481bce714567	2135
wolfSSL	7:481bce714567	2136	/* skip request_extensions */
wolfSSL	7:481bce714567	2137	if (length - offset < OPAQUE16_LEN)
wolfSSL	7:481bce714567	2138	return BUFFER_ERROR;
wolfSSL	7:481bce714567	2139
wolfSSL	7:481bce714567	2140	ato16(input + offset, &size);
wolfSSL	7:481bce714567	2141	offset += OPAQUE16_LEN + size;
wolfSSL	7:481bce714567	2142
wolfSSL	7:481bce714567	2143	if (offset > length)
wolfSSL	7:481bce714567	2144	return BUFFER_ERROR;
wolfSSL	7:481bce714567	2145
wolfSSL	7:481bce714567	2146	/* is able to send OCSP response? */
wolfSSL	7:481bce714567	2147	if (ssl->ctx->cm == NULL \|\| !ssl->ctx->cm->ocspStaplingEnabled)
wolfSSL	7:481bce714567	2148	return 0;
wolfSSL	7:481bce714567	2149	}
wolfSSL	7:481bce714567	2150	break;
wolfSSL	7:481bce714567	2151
wolfSSL	7:481bce714567	2152	/* unknown status type */
wolfSSL	7:481bce714567	2153	default:
wolfSSL	7:481bce714567	2154	return 0;
wolfSSL	7:481bce714567	2155	}
wolfSSL	7:481bce714567	2156
wolfSSL	7:481bce714567	2157	/* if using status_request and already sending it, skip this one */
wolfSSL	7:481bce714567	2158	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	7:481bce714567	2159	if (ssl->status_request_v2)
wolfSSL	7:481bce714567	2160	return 0;
wolfSSL	7:481bce714567	2161	#endif
wolfSSL	7:481bce714567	2162
wolfSSL	7:481bce714567	2163	/* accept the first good status_type and return */
wolfSSL	7:481bce714567	2164	ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type,
wolfSSL	7:481bce714567	2165	0, ssl->heap);
wolfSSL	7:481bce714567	2166	if (ret != SSL_SUCCESS)
wolfSSL	7:481bce714567	2167	return ret; /* throw error */
wolfSSL	7:481bce714567	2168
wolfSSL	7:481bce714567	2169	TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST);
wolfSSL	7:481bce714567	2170	ssl->status_request = status_type;
wolfSSL	7:481bce714567	2171
wolfSSL	7:481bce714567	2172	#endif
wolfSSL	7:481bce714567	2173	}
wolfSSL	7:481bce714567	2174
wolfSSL	7:481bce714567	2175	return 0;
wolfSSL	7:481bce714567	2176	}
wolfSSL	7:481bce714567	2177
wolfSSL	7:481bce714567	2178	int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
wolfSSL	7:481bce714567	2179	{
wolfSSL	7:481bce714567	2180	TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
wolfSSL	7:481bce714567	2181	CertificateStatusRequest* csr = extension ?
wolfSSL	7:481bce714567	2182	(CertificateStatusRequest*)extension->data : NULL;
wolfSSL	7:481bce714567	2183	int ret = 0;
wolfSSL	7:481bce714567	2184
wolfSSL	7:481bce714567	2185	if (csr) {
wolfSSL	7:481bce714567	2186	switch (csr->status_type) {
wolfSSL	7:481bce714567	2187	case WOLFSSL_CSR_OCSP: {
wolfSSL	7:481bce714567	2188	byte nonce[MAX_OCSP_NONCE_SZ];
wolfSSL	7:481bce714567	2189	int nonceSz = csr->request.ocsp.nonceSz;
wolfSSL	7:481bce714567	2190
wolfSSL	7:481bce714567	2191	/* preserve nonce */
wolfSSL	7:481bce714567	2192	XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz);
wolfSSL	7:481bce714567	2193
wolfSSL	7:481bce714567	2194	if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap))
wolfSSL	7:481bce714567	2195	!= 0)
wolfSSL	7:481bce714567	2196	return ret;
wolfSSL	7:481bce714567	2197
wolfSSL	7:481bce714567	2198	/* restore nonce */
wolfSSL	7:481bce714567	2199	XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz);
wolfSSL	7:481bce714567	2200	csr->request.ocsp.nonceSz = nonceSz;
wolfSSL	7:481bce714567	2201	}
wolfSSL	7:481bce714567	2202	break;
wolfSSL	7:481bce714567	2203	}
wolfSSL	7:481bce714567	2204	}
wolfSSL	7:481bce714567	2205
wolfSSL	7:481bce714567	2206	return ret;
wolfSSL	7:481bce714567	2207	}
wolfSSL	7:481bce714567	2208
wolfSSL	7:481bce714567	2209	void* TLSX_CSR_GetRequest(TLSX* extensions)
wolfSSL	7:481bce714567	2210	{
wolfSSL	7:481bce714567	2211	TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
wolfSSL	7:481bce714567	2212	CertificateStatusRequest* csr = extension ?
wolfSSL	7:481bce714567	2213	(CertificateStatusRequest*)extension->data : NULL;
wolfSSL	7:481bce714567	2214
wolfSSL	7:481bce714567	2215	if (csr) {
wolfSSL	7:481bce714567	2216	switch (csr->status_type) {
wolfSSL	7:481bce714567	2217	case WOLFSSL_CSR_OCSP:
wolfSSL	7:481bce714567	2218	return &csr->request.ocsp;
wolfSSL	7:481bce714567	2219	break;
wolfSSL	7:481bce714567	2220	}
wolfSSL	7:481bce714567	2221	}
wolfSSL	7:481bce714567	2222
wolfSSL	7:481bce714567	2223	return NULL;
wolfSSL	7:481bce714567	2224	}
wolfSSL	7:481bce714567	2225
wolfSSL	7:481bce714567	2226	int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
wolfSSL	7:481bce714567	2227	{
wolfSSL	7:481bce714567	2228	TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
wolfSSL	7:481bce714567	2229	CertificateStatusRequest* csr = extension ?
wolfSSL	7:481bce714567	2230	(CertificateStatusRequest*)extension->data : NULL;
wolfSSL	7:481bce714567	2231
wolfSSL	7:481bce714567	2232	if (csr) {
wolfSSL	7:481bce714567	2233	switch (csr->status_type) {
wolfSSL	7:481bce714567	2234	case WOLFSSL_CSR_OCSP:
wolfSSL	7:481bce714567	2235	if (ssl->ctx->cm->ocspEnabled)
wolfSSL	7:481bce714567	2236	return CheckOcspRequest(ssl->ctx->cm->ocsp,
wolfSSL	7:481bce714567	2237	&csr->request.ocsp, NULL);
wolfSSL	7:481bce714567	2238	else
wolfSSL	7:481bce714567	2239	return OCSP_LOOKUP_FAIL;
wolfSSL	7:481bce714567	2240	}
wolfSSL	7:481bce714567	2241	}
wolfSSL	7:481bce714567	2242
wolfSSL	7:481bce714567	2243	return 0;
wolfSSL	7:481bce714567	2244	}
wolfSSL	7:481bce714567	2245
wolfSSL	7:481bce714567	2246	int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
wolfSSL	7:481bce714567	2247	byte options, void* heap)
wolfSSL	7:481bce714567	2248	{
wolfSSL	7:481bce714567	2249	CertificateStatusRequest* csr = NULL;
wolfSSL	7:481bce714567	2250	int ret = 0;
wolfSSL	7:481bce714567	2251
wolfSSL	7:481bce714567	2252	if (!extensions \|\| status_type != WOLFSSL_CSR_OCSP)
wolfSSL	7:481bce714567	2253	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	2254
wolfSSL	7:481bce714567	2255	csr = (CertificateStatusRequest*)
wolfSSL	7:481bce714567	2256	XMALLOC(sizeof(CertificateStatusRequest), heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	2257	if (!csr)
wolfSSL	7:481bce714567	2258	return MEMORY_E;
wolfSSL	7:481bce714567	2259
wolfSSL	7:481bce714567	2260	ForceZero(csr, sizeof(CertificateStatusRequest));
wolfSSL	7:481bce714567	2261
wolfSSL	7:481bce714567	2262	csr->status_type = status_type;
wolfSSL	7:481bce714567	2263	csr->options = options;
wolfSSL	7:481bce714567	2264
wolfSSL	7:481bce714567	2265	switch (csr->status_type) {
wolfSSL	7:481bce714567	2266	case WOLFSSL_CSR_OCSP:
wolfSSL	7:481bce714567	2267	if (options & WOLFSSL_CSR_OCSP_USE_NONCE) {
wolfSSL	7:481bce714567	2268	WC_RNG rng;
wolfSSL	7:481bce714567	2269
wolfSSL	7:481bce714567	2270	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	7:481bce714567	2271	if (wc_InitRng_ex(&rng, heap) == 0) {
wolfSSL	7:481bce714567	2272	#else
wolfSSL	7:481bce714567	2273	if (wc_InitRng(&rng) == 0) {
wolfSSL	7:481bce714567	2274	#endif
wolfSSL	7:481bce714567	2275	if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce,
wolfSSL	7:481bce714567	2276	MAX_OCSP_NONCE_SZ) == 0)
wolfSSL	7:481bce714567	2277	csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ;
wolfSSL	7:481bce714567	2278
wolfSSL	7:481bce714567	2279	wc_FreeRng(&rng);
wolfSSL	7:481bce714567	2280	}
wolfSSL	7:481bce714567	2281	}
wolfSSL	7:481bce714567	2282	break;
wolfSSL	7:481bce714567	2283	}
wolfSSL	7:481bce714567	2284
wolfSSL	7:481bce714567	2285	if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST, csr, heap)) != 0) {
wolfSSL	7:481bce714567	2286	XFREE(csr, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	2287	return ret;
wolfSSL	7:481bce714567	2288	}
wolfSSL	7:481bce714567	2289
wolfSSL	7:481bce714567	2290	return SSL_SUCCESS;
wolfSSL	7:481bce714567	2291	}
wolfSSL	7:481bce714567	2292
wolfSSL	7:481bce714567	2293	#define CSR_FREE_ALL TLSX_CSR_Free
wolfSSL	7:481bce714567	2294	#define CSR_GET_SIZE TLSX_CSR_GetSize
wolfSSL	7:481bce714567	2295	#define CSR_WRITE TLSX_CSR_Write
wolfSSL	7:481bce714567	2296	#define CSR_PARSE TLSX_CSR_Parse
wolfSSL	7:481bce714567	2297
wolfSSL	7:481bce714567	2298	#else
wolfSSL	7:481bce714567	2299
wolfSSL	7:481bce714567	2300	#define CSR_FREE_ALL(data, heap)
wolfSSL	7:481bce714567	2301	#define CSR_GET_SIZE(a, b) 0
wolfSSL	7:481bce714567	2302	#define CSR_WRITE(a, b, c) 0
wolfSSL	7:481bce714567	2303	#define CSR_PARSE(a, b, c, d) 0
wolfSSL	7:481bce714567	2304
wolfSSL	7:481bce714567	2305	#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL	7:481bce714567	2306
wolfSSL	7:481bce714567	2307	/******************************************************************************/
wolfSSL	7:481bce714567	2308	/* Certificate Status Request v2 */
wolfSSL	7:481bce714567	2309	/******************************************************************************/
wolfSSL	7:481bce714567	2310
wolfSSL	7:481bce714567	2311	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	7:481bce714567	2312
wolfSSL	7:481bce714567	2313	static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2, void* heap)
wolfSSL	7:481bce714567	2314	{
wolfSSL	7:481bce714567	2315	CertificateStatusRequestItemV2* next;
wolfSSL	7:481bce714567	2316
wolfSSL	7:481bce714567	2317	for (; csr2; csr2 = next) {
wolfSSL	7:481bce714567	2318	next = csr2->next;
wolfSSL	7:481bce714567	2319
wolfSSL	7:481bce714567	2320	switch (csr2->status_type) {
wolfSSL	7:481bce714567	2321	case WOLFSSL_CSR2_OCSP:
wolfSSL	7:481bce714567	2322	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	7:481bce714567	2323	while(csr2->requests--)
wolfSSL	7:481bce714567	2324	FreeOcspRequest(&csr2->request.ocsp[csr2->requests]);
wolfSSL	7:481bce714567	2325	break;
wolfSSL	7:481bce714567	2326	}
wolfSSL	7:481bce714567	2327
wolfSSL	7:481bce714567	2328	XFREE(csr2, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	2329	}
wolfSSL	7:481bce714567	2330	(void)heap;
wolfSSL	7:481bce714567	2331	}
wolfSSL	7:481bce714567	2332
wolfSSL	7:481bce714567	2333	static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2,
wolfSSL	7:481bce714567	2334	byte isRequest)
wolfSSL	7:481bce714567	2335	{
wolfSSL	7:481bce714567	2336	word16 size = 0;
wolfSSL	7:481bce714567	2337
wolfSSL	7:481bce714567	2338	/* shut up compiler warnings */
wolfSSL	7:481bce714567	2339	(void) csr2; (void) isRequest;
wolfSSL	7:481bce714567	2340
wolfSSL	7:481bce714567	2341	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	2342	if (isRequest) {
wolfSSL	7:481bce714567	2343	CertificateStatusRequestItemV2* next;
wolfSSL	7:481bce714567	2344
wolfSSL	7:481bce714567	2345	for (size = OPAQUE16_LEN; csr2; csr2 = next) {
wolfSSL	7:481bce714567	2346	next = csr2->next;
wolfSSL	7:481bce714567	2347
wolfSSL	7:481bce714567	2348	switch (csr2->status_type) {
wolfSSL	7:481bce714567	2349	case WOLFSSL_CSR2_OCSP:
wolfSSL	7:481bce714567	2350	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	7:481bce714567	2351	size += ENUM_LEN + 3 * OPAQUE16_LEN;
wolfSSL	7:481bce714567	2352
wolfSSL	7:481bce714567	2353	if (csr2->request.ocsp[0].nonceSz)
wolfSSL	7:481bce714567	2354	size += OCSP_NONCE_EXT_SZ;
wolfSSL	7:481bce714567	2355	break;
wolfSSL	7:481bce714567	2356	}
wolfSSL	7:481bce714567	2357	}
wolfSSL	7:481bce714567	2358	}
wolfSSL	7:481bce714567	2359	#endif
wolfSSL	7:481bce714567	2360
wolfSSL	7:481bce714567	2361	return size;
wolfSSL	7:481bce714567	2362	}
wolfSSL	7:481bce714567	2363
wolfSSL	7:481bce714567	2364	static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
wolfSSL	7:481bce714567	2365	byte* output, byte isRequest)
wolfSSL	7:481bce714567	2366	{
wolfSSL	7:481bce714567	2367	/* shut up compiler warnings */
wolfSSL	7:481bce714567	2368	(void) csr2; (void) output; (void) isRequest;
wolfSSL	7:481bce714567	2369
wolfSSL	7:481bce714567	2370	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	2371	if (isRequest) {
wolfSSL	7:481bce714567	2372	word16 offset;
wolfSSL	7:481bce714567	2373	word16 length;
wolfSSL	7:481bce714567	2374
wolfSSL	7:481bce714567	2375	for (offset = OPAQUE16_LEN; csr2 != NULL; csr2 = csr2->next) {
wolfSSL	7:481bce714567	2376	/* status_type */
wolfSSL	7:481bce714567	2377	output[offset++] = csr2->status_type;
wolfSSL	7:481bce714567	2378
wolfSSL	7:481bce714567	2379	/* request */
wolfSSL	7:481bce714567	2380	switch (csr2->status_type) {
wolfSSL	7:481bce714567	2381	case WOLFSSL_CSR2_OCSP:
wolfSSL	7:481bce714567	2382	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	7:481bce714567	2383	/* request_length */
wolfSSL	7:481bce714567	2384	length = 2 * OPAQUE16_LEN;
wolfSSL	7:481bce714567	2385
wolfSSL	7:481bce714567	2386	if (csr2->request.ocsp[0].nonceSz)
wolfSSL	7:481bce714567	2387	length += OCSP_NONCE_EXT_SZ;
wolfSSL	7:481bce714567	2388
wolfSSL	7:481bce714567	2389	c16toa(length, output + offset);
wolfSSL	7:481bce714567	2390	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	2391
wolfSSL	7:481bce714567	2392	/* responder id list */
wolfSSL	7:481bce714567	2393	c16toa(0, output + offset);
wolfSSL	7:481bce714567	2394	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	2395
wolfSSL	7:481bce714567	2396	/* request extensions */
wolfSSL	7:481bce714567	2397	length = 0;
wolfSSL	7:481bce714567	2398
wolfSSL	7:481bce714567	2399	if (csr2->request.ocsp[0].nonceSz)
wolfSSL	7:481bce714567	2400	length = (word16)EncodeOcspRequestExtensions(
wolfSSL	7:481bce714567	2401	&csr2->request.ocsp[0],
wolfSSL	7:481bce714567	2402	output + offset + OPAQUE16_LEN,
wolfSSL	7:481bce714567	2403	OCSP_NONCE_EXT_SZ);
wolfSSL	7:481bce714567	2404
wolfSSL	7:481bce714567	2405	c16toa(length, output + offset);
wolfSSL	7:481bce714567	2406	offset += OPAQUE16_LEN + length;
wolfSSL	7:481bce714567	2407	break;
wolfSSL	7:481bce714567	2408	}
wolfSSL	7:481bce714567	2409	}
wolfSSL	7:481bce714567	2410
wolfSSL	7:481bce714567	2411	/* list size */
wolfSSL	7:481bce714567	2412	c16toa(offset - OPAQUE16_LEN, output);
wolfSSL	7:481bce714567	2413
wolfSSL	7:481bce714567	2414	return offset;
wolfSSL	7:481bce714567	2415	}
wolfSSL	7:481bce714567	2416	#endif
wolfSSL	7:481bce714567	2417
wolfSSL	7:481bce714567	2418	return 0;
wolfSSL	7:481bce714567	2419	}
wolfSSL	7:481bce714567	2420
wolfSSL	7:481bce714567	2421	static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	7:481bce714567	2422	byte isRequest)
wolfSSL	7:481bce714567	2423	{
wolfSSL	7:481bce714567	2424	int ret;
wolfSSL	7:481bce714567	2425
wolfSSL	7:481bce714567	2426	/* shut up compiler warnings */
wolfSSL	7:481bce714567	2427	(void) ssl; (void) input;
wolfSSL	7:481bce714567	2428
wolfSSL	7:481bce714567	2429	if (!isRequest) {
wolfSSL	7:481bce714567	2430	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	2431	TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL	7:481bce714567	2432	CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL	7:481bce714567	2433	(CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL	7:481bce714567	2434
wolfSSL	7:481bce714567	2435	if (!csr2) {
wolfSSL	7:481bce714567	2436	/* look at context level */
wolfSSL	7:481bce714567	2437	extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL	7:481bce714567	2438	csr2 = extension ?
wolfSSL	7:481bce714567	2439	(CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL	7:481bce714567	2440
wolfSSL	7:481bce714567	2441	if (!csr2)
wolfSSL	7:481bce714567	2442	return BUFFER_ERROR; /* unexpected extension */
wolfSSL	7:481bce714567	2443
wolfSSL	7:481bce714567	2444	/* enable extension at ssl level */
wolfSSL	7:481bce714567	2445	for (; csr2; csr2 = csr2->next) {
wolfSSL	7:481bce714567	2446	ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions,
wolfSSL	7:481bce714567	2447	csr2->status_type, csr2->options, ssl->heap);
wolfSSL	7:481bce714567	2448	if (ret != SSL_SUCCESS)
wolfSSL	7:481bce714567	2449	return ret;
wolfSSL	7:481bce714567	2450
wolfSSL	7:481bce714567	2451	switch (csr2->status_type) {
wolfSSL	7:481bce714567	2452	case WOLFSSL_CSR2_OCSP:
wolfSSL	7:481bce714567	2453	/* followed by */
wolfSSL	7:481bce714567	2454	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	7:481bce714567	2455	/* propagate nonce */
wolfSSL	7:481bce714567	2456	if (csr2->request.ocsp[0].nonceSz) {
wolfSSL	7:481bce714567	2457	OcspRequest* request =
wolfSSL	7:481bce714567	2458	(OcspRequest*)TLSX_CSR2_GetRequest(ssl->extensions,
wolfSSL	7:481bce714567	2459	csr2->status_type, 0);
wolfSSL	7:481bce714567	2460
wolfSSL	7:481bce714567	2461	if (request) {
wolfSSL	7:481bce714567	2462	XMEMCPY(request->nonce,
wolfSSL	7:481bce714567	2463	csr2->request.ocsp[0].nonce,
wolfSSL	7:481bce714567	2464	csr2->request.ocsp[0].nonceSz);
wolfSSL	7:481bce714567	2465
wolfSSL	7:481bce714567	2466	request->nonceSz =
wolfSSL	7:481bce714567	2467	csr2->request.ocsp[0].nonceSz;
wolfSSL	7:481bce714567	2468	}
wolfSSL	7:481bce714567	2469	}
wolfSSL	7:481bce714567	2470	break;
wolfSSL	7:481bce714567	2471	}
wolfSSL	7:481bce714567	2472	}
wolfSSL	7:481bce714567	2473	}
wolfSSL	7:481bce714567	2474
wolfSSL	7:481bce714567	2475	ssl->status_request_v2 = 1;
wolfSSL	7:481bce714567	2476
wolfSSL	7:481bce714567	2477	return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */
wolfSSL	7:481bce714567	2478	#endif
wolfSSL	7:481bce714567	2479	}
wolfSSL	7:481bce714567	2480	else {
wolfSSL	7:481bce714567	2481	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	2482	byte status_type;
wolfSSL	7:481bce714567	2483	word16 request_length;
wolfSSL	7:481bce714567	2484	word16 offset = 0;
wolfSSL	7:481bce714567	2485	word16 size = 0;
wolfSSL	7:481bce714567	2486
wolfSSL	7:481bce714567	2487	/* list size */
wolfSSL	7:481bce714567	2488	ato16(input + offset, &request_length);
wolfSSL	7:481bce714567	2489	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	2490
wolfSSL	7:481bce714567	2491	if (length - OPAQUE16_LEN != request_length)
wolfSSL	7:481bce714567	2492	return BUFFER_ERROR;
wolfSSL	7:481bce714567	2493
wolfSSL	7:481bce714567	2494	while (length > offset) {
wolfSSL	7:481bce714567	2495	if (length - offset < ENUM_LEN + OPAQUE16_LEN)
wolfSSL	7:481bce714567	2496	return BUFFER_ERROR;
wolfSSL	7:481bce714567	2497
wolfSSL	7:481bce714567	2498	status_type = input[offset++];
wolfSSL	7:481bce714567	2499
wolfSSL	7:481bce714567	2500	ato16(input + offset, &request_length);
wolfSSL	7:481bce714567	2501	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	2502
wolfSSL	7:481bce714567	2503	if (length - offset < request_length)
wolfSSL	7:481bce714567	2504	return BUFFER_ERROR;
wolfSSL	7:481bce714567	2505
wolfSSL	7:481bce714567	2506	switch (status_type) {
wolfSSL	7:481bce714567	2507	case WOLFSSL_CSR2_OCSP:
wolfSSL	7:481bce714567	2508	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	7:481bce714567	2509	/* skip responder_id_list */
wolfSSL	7:481bce714567	2510	if (length - offset < OPAQUE16_LEN)
wolfSSL	7:481bce714567	2511	return BUFFER_ERROR;
wolfSSL	7:481bce714567	2512
wolfSSL	7:481bce714567	2513	ato16(input + offset, &size);
wolfSSL	7:481bce714567	2514	offset += OPAQUE16_LEN + size;
wolfSSL	7:481bce714567	2515
wolfSSL	7:481bce714567	2516	/* skip request_extensions */
wolfSSL	7:481bce714567	2517	if (length - offset < OPAQUE16_LEN)
wolfSSL	7:481bce714567	2518	return BUFFER_ERROR;
wolfSSL	7:481bce714567	2519
wolfSSL	7:481bce714567	2520	ato16(input + offset, &size);
wolfSSL	7:481bce714567	2521	offset += OPAQUE16_LEN + size;
wolfSSL	7:481bce714567	2522
wolfSSL	7:481bce714567	2523	if (offset > length)
wolfSSL	7:481bce714567	2524	return BUFFER_ERROR;
wolfSSL	7:481bce714567	2525
wolfSSL	7:481bce714567	2526	/* is able to send OCSP response? */
wolfSSL	7:481bce714567	2527	if (ssl->ctx->cm == NULL
wolfSSL	7:481bce714567	2528	\|\| !ssl->ctx->cm->ocspStaplingEnabled)
wolfSSL	7:481bce714567	2529	continue;
wolfSSL	7:481bce714567	2530	break;
wolfSSL	7:481bce714567	2531
wolfSSL	7:481bce714567	2532	default:
wolfSSL	7:481bce714567	2533	/* unknown status type, skipping! */
wolfSSL	7:481bce714567	2534	offset += request_length;
wolfSSL	7:481bce714567	2535	continue;
wolfSSL	7:481bce714567	2536	}
wolfSSL	7:481bce714567	2537
wolfSSL	7:481bce714567	2538	/* if using status_request and already sending it, skip this one */
wolfSSL	7:481bce714567	2539	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	7:481bce714567	2540	if (ssl->status_request)
wolfSSL	7:481bce714567	2541	return 0;
wolfSSL	7:481bce714567	2542	#endif
wolfSSL	7:481bce714567	2543
wolfSSL	7:481bce714567	2544	/* accept the first good status_type and return */
wolfSSL	7:481bce714567	2545	ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions,
wolfSSL	7:481bce714567	2546	status_type, 0, ssl->heap);
wolfSSL	7:481bce714567	2547	if (ret != SSL_SUCCESS)
wolfSSL	7:481bce714567	2548	return ret; /* throw error */
wolfSSL	7:481bce714567	2549
wolfSSL	7:481bce714567	2550	TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST_V2);
wolfSSL	7:481bce714567	2551	ssl->status_request_v2 = status_type;
wolfSSL	7:481bce714567	2552
wolfSSL	7:481bce714567	2553	return 0;
wolfSSL	7:481bce714567	2554	}
wolfSSL	7:481bce714567	2555	#endif
wolfSSL	7:481bce714567	2556	}
wolfSSL	7:481bce714567	2557
wolfSSL	7:481bce714567	2558	return 0;
wolfSSL	7:481bce714567	2559	}
wolfSSL	7:481bce714567	2560
wolfSSL	7:481bce714567	2561	int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer,
wolfSSL	7:481bce714567	2562	void* heap)
wolfSSL	7:481bce714567	2563	{
wolfSSL	7:481bce714567	2564	TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL	7:481bce714567	2565	CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL	7:481bce714567	2566	(CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL	7:481bce714567	2567	int ret = 0;
wolfSSL	7:481bce714567	2568
wolfSSL	7:481bce714567	2569	for (; csr2; csr2 = csr2->next) {
wolfSSL	7:481bce714567	2570	switch (csr2->status_type) {
wolfSSL	7:481bce714567	2571	case WOLFSSL_CSR2_OCSP:
wolfSSL	7:481bce714567	2572	if (!isPeer \|\| csr2->requests != 0)
wolfSSL	7:481bce714567	2573	break;
wolfSSL	7:481bce714567	2574
wolfSSL	7:481bce714567	2575	/* followed by */
wolfSSL	7:481bce714567	2576
wolfSSL	7:481bce714567	2577	case WOLFSSL_CSR2_OCSP_MULTI: {
wolfSSL	7:481bce714567	2578	if (csr2->requests < 1 + MAX_CHAIN_DEPTH) {
wolfSSL	7:481bce714567	2579	byte nonce[MAX_OCSP_NONCE_SZ];
wolfSSL	7:481bce714567	2580	int nonceSz = csr2->request.ocsp[0].nonceSz;
wolfSSL	7:481bce714567	2581
wolfSSL	7:481bce714567	2582	/* preserve nonce, replicating nonce of ocsp[0] */
wolfSSL	7:481bce714567	2583	XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz);
wolfSSL	7:481bce714567	2584
wolfSSL	7:481bce714567	2585	if ((ret = InitOcspRequest(
wolfSSL	7:481bce714567	2586	&csr2->request.ocsp[csr2->requests], cert,
wolfSSL	7:481bce714567	2587	0, heap)) != 0)
wolfSSL	7:481bce714567	2588	return ret;
wolfSSL	7:481bce714567	2589
wolfSSL	7:481bce714567	2590	/* restore nonce */
wolfSSL	7:481bce714567	2591	XMEMCPY(csr2->request.ocsp[csr2->requests].nonce,
wolfSSL	7:481bce714567	2592	nonce, nonceSz);
wolfSSL	7:481bce714567	2593	csr2->request.ocsp[csr2->requests].nonceSz = nonceSz;
wolfSSL	7:481bce714567	2594	csr2->requests++;
wolfSSL	7:481bce714567	2595	}
wolfSSL	7:481bce714567	2596	}
wolfSSL	7:481bce714567	2597	break;
wolfSSL	7:481bce714567	2598	}
wolfSSL	7:481bce714567	2599	}
wolfSSL	7:481bce714567	2600
wolfSSL	7:481bce714567	2601	(void)cert;
wolfSSL	7:481bce714567	2602	return ret;
wolfSSL	7:481bce714567	2603	}
wolfSSL	7:481bce714567	2604
wolfSSL	7:481bce714567	2605	void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte index)
wolfSSL	7:481bce714567	2606	{
wolfSSL	7:481bce714567	2607	TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL	7:481bce714567	2608	CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL	7:481bce714567	2609	(CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL	7:481bce714567	2610
wolfSSL	7:481bce714567	2611	for (; csr2; csr2 = csr2->next) {
wolfSSL	7:481bce714567	2612	if (csr2->status_type == status_type) {
wolfSSL	7:481bce714567	2613	switch (csr2->status_type) {
wolfSSL	7:481bce714567	2614	case WOLFSSL_CSR2_OCSP:
wolfSSL	7:481bce714567	2615	/* followed by */
wolfSSL	7:481bce714567	2616
wolfSSL	7:481bce714567	2617	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	7:481bce714567	2618	/* requests are initialized in the reverse order */
wolfSSL	7:481bce714567	2619	return index < csr2->requests
wolfSSL	7:481bce714567	2620	? &csr2->request.ocsp[csr2->requests - index - 1]
wolfSSL	7:481bce714567	2621	: NULL;
wolfSSL	7:481bce714567	2622	break;
wolfSSL	7:481bce714567	2623	}
wolfSSL	7:481bce714567	2624	}
wolfSSL	7:481bce714567	2625	}
wolfSSL	7:481bce714567	2626
wolfSSL	7:481bce714567	2627	return NULL;
wolfSSL	7:481bce714567	2628	}
wolfSSL	7:481bce714567	2629
wolfSSL	7:481bce714567	2630	int TLSX_CSR2_ForceRequest(WOLFSSL* ssl)
wolfSSL	7:481bce714567	2631	{
wolfSSL	7:481bce714567	2632	TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL	7:481bce714567	2633	CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL	7:481bce714567	2634	(CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL	7:481bce714567	2635
wolfSSL	7:481bce714567	2636	/* forces only the first one */
wolfSSL	7:481bce714567	2637	if (csr2) {
wolfSSL	7:481bce714567	2638	switch (csr2->status_type) {
wolfSSL	7:481bce714567	2639	case WOLFSSL_CSR2_OCSP:
wolfSSL	7:481bce714567	2640	/* followed by */
wolfSSL	7:481bce714567	2641
wolfSSL	7:481bce714567	2642	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	7:481bce714567	2643	if (ssl->ctx->cm->ocspEnabled)
wolfSSL	7:481bce714567	2644	return CheckOcspRequest(ssl->ctx->cm->ocsp,
wolfSSL	7:481bce714567	2645	&csr2->request.ocsp[0], NULL);
wolfSSL	7:481bce714567	2646	else
wolfSSL	7:481bce714567	2647	return OCSP_LOOKUP_FAIL;
wolfSSL	7:481bce714567	2648	}
wolfSSL	7:481bce714567	2649	}
wolfSSL	7:481bce714567	2650
wolfSSL	7:481bce714567	2651	return 0;
wolfSSL	7:481bce714567	2652	}
wolfSSL	7:481bce714567	2653
wolfSSL	7:481bce714567	2654	int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
wolfSSL	7:481bce714567	2655	byte options, void* heap)
wolfSSL	7:481bce714567	2656	{
wolfSSL	7:481bce714567	2657	TLSX* extension = NULL;
wolfSSL	7:481bce714567	2658	CertificateStatusRequestItemV2* csr2 = NULL;
wolfSSL	7:481bce714567	2659	int ret = 0;
wolfSSL	7:481bce714567	2660
wolfSSL	7:481bce714567	2661	if (!extensions)
wolfSSL	7:481bce714567	2662	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	2663
wolfSSL	7:481bce714567	2664	if (status_type != WOLFSSL_CSR2_OCSP
wolfSSL	7:481bce714567	2665	&& status_type != WOLFSSL_CSR2_OCSP_MULTI)
wolfSSL	7:481bce714567	2666	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	2667
wolfSSL	7:481bce714567	2668	csr2 = (CertificateStatusRequestItemV2*)
wolfSSL	7:481bce714567	2669	XMALLOC(sizeof(CertificateStatusRequestItemV2), heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	2670	if (!csr2)
wolfSSL	7:481bce714567	2671	return MEMORY_E;
wolfSSL	7:481bce714567	2672
wolfSSL	7:481bce714567	2673	ForceZero(csr2, sizeof(CertificateStatusRequestItemV2));
wolfSSL	7:481bce714567	2674
wolfSSL	7:481bce714567	2675	csr2->status_type = status_type;
wolfSSL	7:481bce714567	2676	csr2->options = options;
wolfSSL	7:481bce714567	2677	csr2->next = NULL;
wolfSSL	7:481bce714567	2678
wolfSSL	7:481bce714567	2679	switch (csr2->status_type) {
wolfSSL	7:481bce714567	2680	case WOLFSSL_CSR2_OCSP:
wolfSSL	7:481bce714567	2681	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	7:481bce714567	2682	if (options & WOLFSSL_CSR2_OCSP_USE_NONCE) {
wolfSSL	7:481bce714567	2683	WC_RNG rng;
wolfSSL	7:481bce714567	2684
wolfSSL	7:481bce714567	2685	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	7:481bce714567	2686	if (wc_InitRng_ex(&rng, heap) == 0) {
wolfSSL	7:481bce714567	2687	#else
wolfSSL	7:481bce714567	2688	if (wc_InitRng(&rng) == 0) {
wolfSSL	7:481bce714567	2689	#endif
wolfSSL	7:481bce714567	2690	if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp[0].nonce,
wolfSSL	7:481bce714567	2691	MAX_OCSP_NONCE_SZ) == 0)
wolfSSL	7:481bce714567	2692	csr2->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ;
wolfSSL	7:481bce714567	2693
wolfSSL	7:481bce714567	2694	wc_FreeRng(&rng);
wolfSSL	7:481bce714567	2695	}
wolfSSL	7:481bce714567	2696	}
wolfSSL	7:481bce714567	2697	break;
wolfSSL	7:481bce714567	2698	}
wolfSSL	7:481bce714567	2699
wolfSSL	7:481bce714567	2700	/* append new item */
wolfSSL	7:481bce714567	2701	if ((extension = TLSX_Find(*extensions, TLSX_STATUS_REQUEST_V2))) {
wolfSSL	7:481bce714567	2702	CertificateStatusRequestItemV2* last =
wolfSSL	7:481bce714567	2703	(CertificateStatusRequestItemV2*)extension->data;
wolfSSL	7:481bce714567	2704
wolfSSL	7:481bce714567	2705	for (; last->next; last = last->next);
wolfSSL	7:481bce714567	2706
wolfSSL	7:481bce714567	2707	last->next = csr2;
wolfSSL	7:481bce714567	2708	}
wolfSSL	7:481bce714567	2709	else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2,heap))) {
wolfSSL	7:481bce714567	2710	XFREE(csr2, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	2711	return ret;
wolfSSL	7:481bce714567	2712	}
wolfSSL	7:481bce714567	2713
wolfSSL	7:481bce714567	2714	return SSL_SUCCESS;
wolfSSL	7:481bce714567	2715	}
wolfSSL	7:481bce714567	2716
wolfSSL	7:481bce714567	2717	#define CSR2_FREE_ALL TLSX_CSR2_FreeAll
wolfSSL	7:481bce714567	2718	#define CSR2_GET_SIZE TLSX_CSR2_GetSize
wolfSSL	7:481bce714567	2719	#define CSR2_WRITE TLSX_CSR2_Write
wolfSSL	7:481bce714567	2720	#define CSR2_PARSE TLSX_CSR2_Parse
wolfSSL	7:481bce714567	2721
wolfSSL	7:481bce714567	2722	#else
wolfSSL	7:481bce714567	2723
wolfSSL	7:481bce714567	2724	#define CSR2_FREE_ALL(data, heap)
wolfSSL	7:481bce714567	2725	#define CSR2_GET_SIZE(a, b) 0
wolfSSL	7:481bce714567	2726	#define CSR2_WRITE(a, b, c) 0
wolfSSL	7:481bce714567	2727	#define CSR2_PARSE(a, b, c, d) 0
wolfSSL	7:481bce714567	2728
wolfSSL	7:481bce714567	2729	#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL	7:481bce714567	2730
wolfSSL	7:481bce714567	2731	/******************************************************************************/
wolfSSL	7:481bce714567	2732	/* Supported Elliptic Curves */
wolfSSL	7:481bce714567	2733	/******************************************************************************/
wolfSSL	7:481bce714567	2734
wolfSSL	7:481bce714567	2735	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	7:481bce714567	2736
wolfSSL	7:481bce714567	2737	#ifndef HAVE_ECC
wolfSSL	7:481bce714567	2738	#error Elliptic Curves Extension requires Elliptic Curve Cryptography. \
wolfSSL	7:481bce714567	2739	Use --enable-ecc in the configure script or define HAVE_ECC.
wolfSSL	7:481bce714567	2740	#endif
wolfSSL	7:481bce714567	2741
wolfSSL	7:481bce714567	2742	static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list, void* heap)
wolfSSL	7:481bce714567	2743	{
wolfSSL	7:481bce714567	2744	EllipticCurve* curve;
wolfSSL	7:481bce714567	2745
wolfSSL	7:481bce714567	2746	while ((curve = list)) {
wolfSSL	7:481bce714567	2747	list = curve->next;
wolfSSL	7:481bce714567	2748	XFREE(curve, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	2749	}
wolfSSL	7:481bce714567	2750	(void)heap;
wolfSSL	7:481bce714567	2751	}
wolfSSL	7:481bce714567	2752
wolfSSL	7:481bce714567	2753	static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name,
wolfSSL	7:481bce714567	2754	void* heap)
wolfSSL	7:481bce714567	2755	{
wolfSSL	7:481bce714567	2756	EllipticCurve* curve = NULL;
wolfSSL	7:481bce714567	2757
wolfSSL	7:481bce714567	2758	if (list == NULL)
wolfSSL	7:481bce714567	2759	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	2760
wolfSSL	7:481bce714567	2761	curve = (EllipticCurve*)XMALLOC(sizeof(EllipticCurve), heap,
wolfSSL	7:481bce714567	2762	DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	2763	if (curve == NULL)
wolfSSL	7:481bce714567	2764	return MEMORY_E;
wolfSSL	7:481bce714567	2765
wolfSSL	7:481bce714567	2766	curve->name = name;
wolfSSL	7:481bce714567	2767	curve->next = *list;
wolfSSL	7:481bce714567	2768
wolfSSL	7:481bce714567	2769	*list = curve;
wolfSSL	7:481bce714567	2770
wolfSSL	7:481bce714567	2771	return 0;
wolfSSL	7:481bce714567	2772	}
wolfSSL	7:481bce714567	2773
wolfSSL	7:481bce714567	2774	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	2775
wolfSSL	7:481bce714567	2776	static void TLSX_EllipticCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
wolfSSL	7:481bce714567	2777	{
wolfSSL	7:481bce714567	2778	int i;
wolfSSL	7:481bce714567	2779
wolfSSL	7:481bce714567	2780	for (i = 0; i < ssl->suites->suiteSz; i+= 2)
wolfSSL	7:481bce714567	2781	if (ssl->suites->suites[i] == ECC_BYTE \|\|
wolfSSL	7:481bce714567	2782	ssl->suites->suites[i] == CHACHA_BYTE)
wolfSSL	7:481bce714567	2783	return;
wolfSSL	7:481bce714567	2784
wolfSSL	7:481bce714567	2785	/* turns semaphore on to avoid sending this extension. */
wolfSSL	7:481bce714567	2786	TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS));
wolfSSL	7:481bce714567	2787	}
wolfSSL	7:481bce714567	2788
wolfSSL	7:481bce714567	2789	static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list)
wolfSSL	7:481bce714567	2790	{
wolfSSL	7:481bce714567	2791	EllipticCurve* curve;
wolfSSL	7:481bce714567	2792	word16 length = OPAQUE16_LEN; /* list length */
wolfSSL	7:481bce714567	2793
wolfSSL	7:481bce714567	2794	while ((curve = list)) {
wolfSSL	7:481bce714567	2795	list = curve->next;
wolfSSL	7:481bce714567	2796	length += OPAQUE16_LEN; /* curve length */
wolfSSL	7:481bce714567	2797	}
wolfSSL	7:481bce714567	2798
wolfSSL	7:481bce714567	2799	return length;
wolfSSL	7:481bce714567	2800	}
wolfSSL	7:481bce714567	2801
wolfSSL	7:481bce714567	2802	static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output);
wolfSSL	7:481bce714567	2803	static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output)
wolfSSL	7:481bce714567	2804	{
wolfSSL	7:481bce714567	2805	word16 offset = 0;
wolfSSL	7:481bce714567	2806
wolfSSL	7:481bce714567	2807	if (!curve)
wolfSSL	7:481bce714567	2808	return offset;
wolfSSL	7:481bce714567	2809
wolfSSL	7:481bce714567	2810	offset = TLSX_EllipticCurve_WriteR(curve->next, output);
wolfSSL	7:481bce714567	2811	c16toa(curve->name, output + offset);
wolfSSL	7:481bce714567	2812
wolfSSL	7:481bce714567	2813	return OPAQUE16_LEN + offset;
wolfSSL	7:481bce714567	2814	}
wolfSSL	7:481bce714567	2815
wolfSSL	7:481bce714567	2816	static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output)
wolfSSL	7:481bce714567	2817	{
wolfSSL	7:481bce714567	2818	word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN);
wolfSSL	7:481bce714567	2819
wolfSSL	7:481bce714567	2820	c16toa(length, output); /* writing list length */
wolfSSL	7:481bce714567	2821
wolfSSL	7:481bce714567	2822	return OPAQUE16_LEN + length;
wolfSSL	7:481bce714567	2823	}
wolfSSL	7:481bce714567	2824
wolfSSL	7:481bce714567	2825	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	7:481bce714567	2826	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	2827
wolfSSL	7:481bce714567	2828	static int TLSX_EllipticCurve_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	7:481bce714567	2829	byte isRequest)
wolfSSL	7:481bce714567	2830	{
wolfSSL	7:481bce714567	2831	word16 offset;
wolfSSL	7:481bce714567	2832	word16 name;
wolfSSL	7:481bce714567	2833	int r;
wolfSSL	7:481bce714567	2834
wolfSSL	7:481bce714567	2835	(void) isRequest; /* shut up compiler! */
wolfSSL	7:481bce714567	2836
wolfSSL	7:481bce714567	2837	if (OPAQUE16_LEN > length \|\| length % OPAQUE16_LEN)
wolfSSL	7:481bce714567	2838	return BUFFER_ERROR;
wolfSSL	7:481bce714567	2839
wolfSSL	7:481bce714567	2840	ato16(input, &offset);
wolfSSL	7:481bce714567	2841
wolfSSL	7:481bce714567	2842	/* validating curve list length */
wolfSSL	7:481bce714567	2843	if (length != OPAQUE16_LEN + offset)
wolfSSL	7:481bce714567	2844	return BUFFER_ERROR;
wolfSSL	7:481bce714567	2845
wolfSSL	7:481bce714567	2846	while (offset) {
wolfSSL	7:481bce714567	2847	ato16(input + offset, &name);
wolfSSL	7:481bce714567	2848	offset -= OPAQUE16_LEN;
wolfSSL	7:481bce714567	2849
wolfSSL	7:481bce714567	2850	r = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap);
wolfSSL	7:481bce714567	2851
wolfSSL	7:481bce714567	2852	if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL	7:481bce714567	2853	}
wolfSSL	7:481bce714567	2854
wolfSSL	7:481bce714567	2855	return 0;
wolfSSL	7:481bce714567	2856	}
wolfSSL	7:481bce714567	2857
wolfSSL	7:481bce714567	2858	int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
wolfSSL	7:481bce714567	2859	TLSX* extension = (first == ECC_BYTE \|\| first == CHACHA_BYTE)
wolfSSL	7:481bce714567	2860	? TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS)
wolfSSL	7:481bce714567	2861	: NULL;
wolfSSL	7:481bce714567	2862	EllipticCurve* curve = NULL;
wolfSSL	7:481bce714567	2863	word32 oid = 0;
wolfSSL	7:481bce714567	2864	word16 octets = 0; /* according to 'ecc_set_type ecc_sets[];' */
wolfSSL	7:481bce714567	2865	int sig = 0; /* validate signature */
wolfSSL	7:481bce714567	2866	int key = 0; /* validate key */
wolfSSL	7:481bce714567	2867
wolfSSL	7:481bce714567	2868	(void)oid;
wolfSSL	7:481bce714567	2869	(void)octets;
wolfSSL	7:481bce714567	2870
wolfSSL	7:481bce714567	2871	if (!extension)
wolfSSL	7:481bce714567	2872	return 1; /* no suite restriction */
wolfSSL	7:481bce714567	2873
wolfSSL	7:481bce714567	2874	for (curve = (EllipticCurve*)extension->data;
wolfSSL	7:481bce714567	2875	curve && !(sig && key);
wolfSSL	7:481bce714567	2876	curve = curve->next) {
wolfSSL	7:481bce714567	2877
wolfSSL	7:481bce714567	2878	/* find supported curve */
wolfSSL	7:481bce714567	2879	switch (curve->name) {
wolfSSL	7:481bce714567	2880	#if defined(HAVE_ECC160) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	2881	#ifndef NO_ECC_SECP
wolfSSL	7:481bce714567	2882	case WOLFSSL_ECC_SECP160R1: oid = ECC_SECP160R1_OID; octets = 20; break;
wolfSSL	7:481bce714567	2883	#endif /* !NO_ECC_SECP */
wolfSSL	7:481bce714567	2884	#ifdef HAVE_ECC_SECPR2
wolfSSL	7:481bce714567	2885	case WOLFSSL_ECC_SECP160R2: oid = ECC_SECP160R2_OID; octets = 20; break;
wolfSSL	7:481bce714567	2886	#endif /* HAVE_ECC_SECPR2 */
wolfSSL	7:481bce714567	2887	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	7:481bce714567	2888	case WOLFSSL_ECC_SECP160K1: oid = ECC_SECP160K1_OID; octets = 20; break;
wolfSSL	7:481bce714567	2889	#endif /* HAVE_ECC_KOBLITZ */
wolfSSL	7:481bce714567	2890	#endif
wolfSSL	7:481bce714567	2891	#if defined(HAVE_ECC192) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	2892	#ifndef NO_ECC_SECP
wolfSSL	7:481bce714567	2893	case WOLFSSL_ECC_SECP192R1: oid = ECC_SECP192R1_OID; octets = 24; break;
wolfSSL	7:481bce714567	2894	#endif /* !NO_ECC_SECP */
wolfSSL	7:481bce714567	2895	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	7:481bce714567	2896	case WOLFSSL_ECC_SECP192K1: oid = ECC_SECP192K1_OID; octets = 24; break;
wolfSSL	7:481bce714567	2897	#endif /* HAVE_ECC_KOBLITZ */
wolfSSL	7:481bce714567	2898	#endif
wolfSSL	7:481bce714567	2899	#if defined(HAVE_ECC224) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	2900	#ifndef NO_ECC_SECP
wolfSSL	7:481bce714567	2901	case WOLFSSL_ECC_SECP224R1: oid = ECC_SECP224R1_OID; octets = 28; break;
wolfSSL	7:481bce714567	2902	#endif /* !NO_ECC_SECP */
wolfSSL	7:481bce714567	2903	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	7:481bce714567	2904	case WOLFSSL_ECC_SECP224K1: oid = ECC_SECP224K1_OID; octets = 28; break;
wolfSSL	7:481bce714567	2905	#endif /* HAVE_ECC_KOBLITZ */
wolfSSL	7:481bce714567	2906	#endif
wolfSSL	7:481bce714567	2907	#if !defined(NO_ECC256) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	2908	#ifndef NO_ECC_SECP
wolfSSL	7:481bce714567	2909	case WOLFSSL_ECC_SECP256R1: oid = ECC_SECP256R1_OID; octets = 32; break;
wolfSSL	7:481bce714567	2910	#endif /* !NO_ECC_SECP */
wolfSSL	7:481bce714567	2911	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	7:481bce714567	2912	case WOLFSSL_ECC_SECP256K1: oid = ECC_SECP256K1_OID; octets = 32; break;
wolfSSL	7:481bce714567	2913	#endif /* HAVE_ECC_KOBLITZ */
wolfSSL	7:481bce714567	2914	#ifdef HAVE_ECC_BRAINPOOL
wolfSSL	7:481bce714567	2915	case WOLFSSL_ECC_BRAINPOOLP256R1: oid = ECC_BRAINPOOLP256R1_OID; octets = 32; break;
wolfSSL	7:481bce714567	2916	#endif /* HAVE_ECC_BRAINPOOL */
wolfSSL	7:481bce714567	2917	#endif
wolfSSL	7:481bce714567	2918	#if defined(HAVE_ECC384) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	2919	#ifndef NO_ECC_SECP
wolfSSL	7:481bce714567	2920	case WOLFSSL_ECC_SECP384R1: oid = ECC_SECP384R1_OID; octets = 48; break;
wolfSSL	7:481bce714567	2921	#endif /* !NO_ECC_SECP */
wolfSSL	7:481bce714567	2922	#ifdef HAVE_ECC_BRAINPOOL
wolfSSL	7:481bce714567	2923	case WOLFSSL_ECC_BRAINPOOLP384R1: oid = ECC_BRAINPOOLP384R1_OID; octets = 48; break;
wolfSSL	7:481bce714567	2924	#endif /* HAVE_ECC_BRAINPOOL */
wolfSSL	7:481bce714567	2925	#endif
wolfSSL	7:481bce714567	2926	#if defined(HAVE_ECC512) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	2927	#ifdef HAVE_ECC_BRAINPOOL
wolfSSL	7:481bce714567	2928	case WOLFSSL_ECC_BRAINPOOLP512R1: oid = ECC_BRAINPOOLP512R1_OID; octets = 64; break;
wolfSSL	7:481bce714567	2929	#endif /* HAVE_ECC_BRAINPOOL */
wolfSSL	7:481bce714567	2930	#endif
wolfSSL	7:481bce714567	2931	#if defined(HAVE_ECC521) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	2932	#ifndef NO_ECC_SECP
wolfSSL	7:481bce714567	2933	case WOLFSSL_ECC_SECP521R1: oid = ECC_SECP521R1_OID; octets = 66; break;
wolfSSL	7:481bce714567	2934	#endif /* !NO_ECC_SECP */
wolfSSL	7:481bce714567	2935	#endif
wolfSSL	7:481bce714567	2936	default: continue; /* unsupported curve */
wolfSSL	7:481bce714567	2937	}
wolfSSL	7:481bce714567	2938
wolfSSL	7:481bce714567	2939	if (first == ECC_BYTE) {
wolfSSL	7:481bce714567	2940	switch (second) {
wolfSSL	7:481bce714567	2941	/* ECDHE_ECDSA */
wolfSSL	7:481bce714567	2942	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL	7:481bce714567	2943	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL	7:481bce714567	2944	case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
wolfSSL	7:481bce714567	2945	case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL	7:481bce714567	2946	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL	7:481bce714567	2947	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL	7:481bce714567	2948	case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL	7:481bce714567	2949	case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL	7:481bce714567	2950	case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL	7:481bce714567	2951	case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
wolfSSL	7:481bce714567	2952	sig \|= ssl->pkCurveOID == oid;
wolfSSL	7:481bce714567	2953	key \|= ssl->eccTempKeySz == octets;
wolfSSL	7:481bce714567	2954	break;
wolfSSL	7:481bce714567	2955
wolfSSL	7:481bce714567	2956	#ifdef WOLFSSL_STATIC_DH
wolfSSL	7:481bce714567	2957	/* ECDH_ECDSA */
wolfSSL	7:481bce714567	2958	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL	7:481bce714567	2959	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL	7:481bce714567	2960	case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
wolfSSL	7:481bce714567	2961	case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL	7:481bce714567	2962	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL	7:481bce714567	2963	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL	7:481bce714567	2964	case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL	7:481bce714567	2965	case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL	7:481bce714567	2966	sig \|= ssl->pkCurveOID == oid;
wolfSSL	7:481bce714567	2967	key \|= ssl->pkCurveOID == oid;
wolfSSL	7:481bce714567	2968	break;
wolfSSL	7:481bce714567	2969	#endif /* WOLFSSL_STATIC_DH */
wolfSSL	7:481bce714567	2970	#ifndef NO_RSA
wolfSSL	7:481bce714567	2971	/* ECDHE_RSA */
wolfSSL	7:481bce714567	2972	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
wolfSSL	7:481bce714567	2973	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
wolfSSL	7:481bce714567	2974	case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
wolfSSL	7:481bce714567	2975	case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL	7:481bce714567	2976	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL	7:481bce714567	2977	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL	7:481bce714567	2978	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL	7:481bce714567	2979	case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL	7:481bce714567	2980	sig = 1;
wolfSSL	7:481bce714567	2981	key \|= ssl->eccTempKeySz == octets;
wolfSSL	7:481bce714567	2982	break;
wolfSSL	7:481bce714567	2983
wolfSSL	7:481bce714567	2984	#ifdef WOLFSSL_STATIC_DH
wolfSSL	7:481bce714567	2985	/* ECDH_RSA */
wolfSSL	7:481bce714567	2986	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
wolfSSL	7:481bce714567	2987	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
wolfSSL	7:481bce714567	2988	case TLS_ECDH_RSA_WITH_RC4_128_SHA:
wolfSSL	7:481bce714567	2989	case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL	7:481bce714567	2990	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL	7:481bce714567	2991	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL	7:481bce714567	2992	case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL	7:481bce714567	2993	case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL	7:481bce714567	2994	sig = 1;
wolfSSL	7:481bce714567	2995	key \|= ssl->pkCurveOID == oid;
wolfSSL	7:481bce714567	2996	break;
wolfSSL	7:481bce714567	2997	#endif /* WOLFSSL_STATIC_DH */
wolfSSL	7:481bce714567	2998	#endif
wolfSSL	7:481bce714567	2999	default:
wolfSSL	7:481bce714567	3000	sig = 1;
wolfSSL	7:481bce714567	3001	key = 1;
wolfSSL	7:481bce714567	3002	break;
wolfSSL	7:481bce714567	3003	}
wolfSSL	7:481bce714567	3004	}
wolfSSL	7:481bce714567	3005
wolfSSL	7:481bce714567	3006	/* ChaCha20-Poly1305 ECC cipher suites */
wolfSSL	7:481bce714567	3007	if (first == CHACHA_BYTE) {
wolfSSL	7:481bce714567	3008	switch (second) {
wolfSSL	7:481bce714567	3009	/* ECDHE_ECDSA */
wolfSSL	7:481bce714567	3010	case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	7:481bce714567	3011	case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL	7:481bce714567	3012	sig \|= ssl->pkCurveOID == oid;
wolfSSL	7:481bce714567	3013	key \|= ssl->eccTempKeySz == octets;
wolfSSL	7:481bce714567	3014	break;
wolfSSL	7:481bce714567	3015	#ifndef NO_RSA
wolfSSL	7:481bce714567	3016	/* ECDHE_RSA */
wolfSSL	7:481bce714567	3017	case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	7:481bce714567	3018	case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL	7:481bce714567	3019	sig = 1;
wolfSSL	7:481bce714567	3020	key \|= ssl->eccTempKeySz == octets;
wolfSSL	7:481bce714567	3021	break;
wolfSSL	7:481bce714567	3022	#endif
wolfSSL	7:481bce714567	3023	default:
wolfSSL	7:481bce714567	3024	sig = 1;
wolfSSL	7:481bce714567	3025	key = 1;
wolfSSL	7:481bce714567	3026	break;
wolfSSL	7:481bce714567	3027	}
wolfSSL	7:481bce714567	3028	}
wolfSSL	7:481bce714567	3029	}
wolfSSL	7:481bce714567	3030
wolfSSL	7:481bce714567	3031	return sig && key;
wolfSSL	7:481bce714567	3032	}
wolfSSL	7:481bce714567	3033
wolfSSL	7:481bce714567	3034	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	7:481bce714567	3035
wolfSSL	7:481bce714567	3036	int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap)
wolfSSL	7:481bce714567	3037	{
wolfSSL	7:481bce714567	3038	TLSX* extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL	7:481bce714567	3039	EllipticCurve* curve = NULL;
wolfSSL	7:481bce714567	3040	int ret = 0;
wolfSSL	7:481bce714567	3041
wolfSSL	7:481bce714567	3042	if (extensions == NULL)
wolfSSL	7:481bce714567	3043	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	3044
wolfSSL	7:481bce714567	3045	if ((ret = TLSX_EllipticCurve_Append(&curve, name, heap)) != 0)
wolfSSL	7:481bce714567	3046	return ret;
wolfSSL	7:481bce714567	3047
wolfSSL	7:481bce714567	3048	if (!extension) {
wolfSSL	7:481bce714567	3049	if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve, heap))
wolfSSL	7:481bce714567	3050	!= 0) {
wolfSSL	7:481bce714567	3051	XFREE(curve, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	3052	return ret;
wolfSSL	7:481bce714567	3053	}
wolfSSL	7:481bce714567	3054	}
wolfSSL	7:481bce714567	3055	else {
wolfSSL	7:481bce714567	3056	/* push new EllipticCurve object to extension data. */
wolfSSL	7:481bce714567	3057	curve->next = (EllipticCurve*)extension->data;
wolfSSL	7:481bce714567	3058	extension->data = (void*)curve;
wolfSSL	7:481bce714567	3059
wolfSSL	7:481bce714567	3060	/* look for another curve of the same name to remove (replacement) */
wolfSSL	7:481bce714567	3061	do {
wolfSSL	7:481bce714567	3062	if (curve->next && curve->next->name == name) {
wolfSSL	7:481bce714567	3063	EllipticCurve *next = curve->next;
wolfSSL	7:481bce714567	3064
wolfSSL	7:481bce714567	3065	curve->next = next->next;
wolfSSL	7:481bce714567	3066	XFREE(next, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	3067
wolfSSL	7:481bce714567	3068	break;
wolfSSL	7:481bce714567	3069	}
wolfSSL	7:481bce714567	3070	} while ((curve = curve->next));
wolfSSL	7:481bce714567	3071	}
wolfSSL	7:481bce714567	3072
wolfSSL	7:481bce714567	3073	return SSL_SUCCESS;
wolfSSL	7:481bce714567	3074	}
wolfSSL	7:481bce714567	3075
wolfSSL	7:481bce714567	3076	#define EC_FREE_ALL TLSX_EllipticCurve_FreeAll
wolfSSL	7:481bce714567	3077	#define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest
wolfSSL	7:481bce714567	3078
wolfSSL	7:481bce714567	3079	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	3080	#define EC_GET_SIZE TLSX_EllipticCurve_GetSize
wolfSSL	7:481bce714567	3081	#define EC_WRITE TLSX_EllipticCurve_Write
wolfSSL	7:481bce714567	3082	#else
wolfSSL	7:481bce714567	3083	#define EC_GET_SIZE(list) 0
wolfSSL	7:481bce714567	3084	#define EC_WRITE(a, b) 0
wolfSSL	7:481bce714567	3085	#endif
wolfSSL	7:481bce714567	3086
wolfSSL	7:481bce714567	3087	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	3088	#define EC_PARSE TLSX_EllipticCurve_Parse
wolfSSL	7:481bce714567	3089	#else
wolfSSL	7:481bce714567	3090	#define EC_PARSE(a, b, c, d) 0
wolfSSL	7:481bce714567	3091	#endif
wolfSSL	7:481bce714567	3092
wolfSSL	7:481bce714567	3093	#else
wolfSSL	7:481bce714567	3094
wolfSSL	7:481bce714567	3095	#define EC_FREE_ALL(list, heap)
wolfSSL	7:481bce714567	3096	#define EC_GET_SIZE(list) 0
wolfSSL	7:481bce714567	3097	#define EC_WRITE(a, b) 0
wolfSSL	7:481bce714567	3098	#define EC_PARSE(a, b, c, d) 0
wolfSSL	7:481bce714567	3099	#define EC_VALIDATE_REQUEST(a, b)
wolfSSL	7:481bce714567	3100
wolfSSL	7:481bce714567	3101	#endif /* HAVE_SUPPORTED_CURVES */
wolfSSL	7:481bce714567	3102
wolfSSL	7:481bce714567	3103	/******************************************************************************/
wolfSSL	7:481bce714567	3104	/* Renegotiation Indication */
wolfSSL	7:481bce714567	3105	/******************************************************************************/
wolfSSL	7:481bce714567	3106
wolfSSL	7:481bce714567	3107	#if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	7:481bce714567	3108	\|\| defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	7:481bce714567	3109
wolfSSL	7:481bce714567	3110	static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data,
wolfSSL	7:481bce714567	3111	int isRequest)
wolfSSL	7:481bce714567	3112	{
wolfSSL	7:481bce714567	3113	byte length = OPAQUE8_LEN; /* empty info length */
wolfSSL	7:481bce714567	3114
wolfSSL	7:481bce714567	3115	/* data will be NULL for HAVE_SERVER_RENEGOTIATION_INFO only */
wolfSSL	7:481bce714567	3116	if (data && data->enabled) {
wolfSSL	7:481bce714567	3117	/* client sends client_verify_data only */
wolfSSL	7:481bce714567	3118	length += TLS_FINISHED_SZ;
wolfSSL	7:481bce714567	3119
wolfSSL	7:481bce714567	3120	/* server also sends server_verify_data */
wolfSSL	7:481bce714567	3121	if (!isRequest)
wolfSSL	7:481bce714567	3122	length += TLS_FINISHED_SZ;
wolfSSL	7:481bce714567	3123	}
wolfSSL	7:481bce714567	3124
wolfSSL	7:481bce714567	3125	return length;
wolfSSL	7:481bce714567	3126	}
wolfSSL	7:481bce714567	3127
wolfSSL	7:481bce714567	3128	static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data,
wolfSSL	7:481bce714567	3129	byte* output, int isRequest)
wolfSSL	7:481bce714567	3130	{
wolfSSL	7:481bce714567	3131	word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */
wolfSSL	7:481bce714567	3132
wolfSSL	7:481bce714567	3133	if (data && data->enabled) {
wolfSSL	7:481bce714567	3134	/* client sends client_verify_data only */
wolfSSL	7:481bce714567	3135	XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ);
wolfSSL	7:481bce714567	3136	offset += TLS_FINISHED_SZ;
wolfSSL	7:481bce714567	3137
wolfSSL	7:481bce714567	3138	/* server also sends server_verify_data */
wolfSSL	7:481bce714567	3139	if (!isRequest) {
wolfSSL	7:481bce714567	3140	XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ);
wolfSSL	7:481bce714567	3141	offset += TLS_FINISHED_SZ;
wolfSSL	7:481bce714567	3142	}
wolfSSL	7:481bce714567	3143	}
wolfSSL	7:481bce714567	3144
wolfSSL	7:481bce714567	3145	output[0] = (byte)(offset - 1); /* info length - self */
wolfSSL	7:481bce714567	3146
wolfSSL	7:481bce714567	3147	return offset;
wolfSSL	7:481bce714567	3148	}
wolfSSL	7:481bce714567	3149
wolfSSL	7:481bce714567	3150	static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
wolfSSL	7:481bce714567	3151	word16 length, byte isRequest)
wolfSSL	7:481bce714567	3152	{
wolfSSL	7:481bce714567	3153	int ret = SECURE_RENEGOTIATION_E;
wolfSSL	7:481bce714567	3154
wolfSSL	7:481bce714567	3155	if (length >= OPAQUE8_LEN) {
wolfSSL	7:481bce714567	3156	if (ssl->secure_renegotiation == NULL) {
wolfSSL	7:481bce714567	3157	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	3158	if (isRequest && *input == 0) {
wolfSSL	7:481bce714567	3159	#ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL	7:481bce714567	3160	if (length == OPAQUE8_LEN) {
wolfSSL	7:481bce714567	3161	if (TLSX_Find(ssl->extensions,
wolfSSL	7:481bce714567	3162	TLSX_RENEGOTIATION_INFO) == NULL) {
wolfSSL	7:481bce714567	3163	ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions,
wolfSSL	7:481bce714567	3164	ssl->heap);
wolfSSL	7:481bce714567	3165	if (ret == SSL_SUCCESS)
wolfSSL	7:481bce714567	3166	ret = 0;
wolfSSL	7:481bce714567	3167
wolfSSL	7:481bce714567	3168	} else {
wolfSSL	7:481bce714567	3169	ret = 0;
wolfSSL	7:481bce714567	3170	}
wolfSSL	7:481bce714567	3171	}
wolfSSL	7:481bce714567	3172	#else
wolfSSL	7:481bce714567	3173	ret = 0; /* don't reply, user didn't enable */
wolfSSL	7:481bce714567	3174	#endif /* HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL	7:481bce714567	3175	}
wolfSSL	7:481bce714567	3176	#ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL	7:481bce714567	3177	else if (!isRequest) {
wolfSSL	7:481bce714567	3178	/* don't do anything on client side */
wolfSSL	7:481bce714567	3179	ret = 0;
wolfSSL	7:481bce714567	3180	}
wolfSSL	7:481bce714567	3181	#endif
wolfSSL	7:481bce714567	3182	#endif
wolfSSL	7:481bce714567	3183	}
wolfSSL	7:481bce714567	3184	else if (isRequest) {
wolfSSL	7:481bce714567	3185	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	3186	if (*input == TLS_FINISHED_SZ) {
wolfSSL	7:481bce714567	3187	/* TODO compare client_verify_data */
wolfSSL	7:481bce714567	3188	ret = 0;
wolfSSL	7:481bce714567	3189	}
wolfSSL	7:481bce714567	3190	#endif
wolfSSL	7:481bce714567	3191	}
wolfSSL	7:481bce714567	3192	else {
wolfSSL	7:481bce714567	3193	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	3194	if (!ssl->secure_renegotiation->enabled) {
wolfSSL	7:481bce714567	3195	if (*input == 0) {
wolfSSL	7:481bce714567	3196	ssl->secure_renegotiation->enabled = 1;
wolfSSL	7:481bce714567	3197	ret = 0;
wolfSSL	7:481bce714567	3198	}
wolfSSL	7:481bce714567	3199	}
wolfSSL	7:481bce714567	3200	else if (input == 2 TLS_FINISHED_SZ &&
wolfSSL	7:481bce714567	3201	length == 2 * TLS_FINISHED_SZ + OPAQUE8_LEN) {
wolfSSL	7:481bce714567	3202	input++; /* get past size */
wolfSSL	7:481bce714567	3203
wolfSSL	7:481bce714567	3204	/* validate client and server verify data */
wolfSSL	7:481bce714567	3205	if (XMEMCMP(input,
wolfSSL	7:481bce714567	3206	ssl->secure_renegotiation->client_verify_data,
wolfSSL	7:481bce714567	3207	TLS_FINISHED_SZ) == 0 &&
wolfSSL	7:481bce714567	3208	XMEMCMP(input + TLS_FINISHED_SZ,
wolfSSL	7:481bce714567	3209	ssl->secure_renegotiation->server_verify_data,
wolfSSL	7:481bce714567	3210	TLS_FINISHED_SZ) == 0) {
wolfSSL	7:481bce714567	3211	WOLFSSL_MSG("SCR client and server verify data match");
wolfSSL	7:481bce714567	3212	ret = 0; /* verified */
wolfSSL	7:481bce714567	3213	} else {
wolfSSL	7:481bce714567	3214	/* already in error state */
wolfSSL	7:481bce714567	3215	WOLFSSL_MSG("SCR client and server verify data Failure");
wolfSSL	7:481bce714567	3216	}
wolfSSL	7:481bce714567	3217	}
wolfSSL	7:481bce714567	3218	#endif
wolfSSL	7:481bce714567	3219	}
wolfSSL	7:481bce714567	3220	}
wolfSSL	7:481bce714567	3221
wolfSSL	7:481bce714567	3222	if (ret != 0) {
wolfSSL	7:481bce714567	3223	SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL	7:481bce714567	3224	}
wolfSSL	7:481bce714567	3225
wolfSSL	7:481bce714567	3226	return ret;
wolfSSL	7:481bce714567	3227	}
wolfSSL	7:481bce714567	3228
wolfSSL	7:481bce714567	3229	int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap)
wolfSSL	7:481bce714567	3230	{
wolfSSL	7:481bce714567	3231	int ret = 0;
wolfSSL	7:481bce714567	3232	SecureRenegotiation* data = NULL;
wolfSSL	7:481bce714567	3233
wolfSSL	7:481bce714567	3234	data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), heap,
wolfSSL	7:481bce714567	3235	DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	3236	if (data == NULL)
wolfSSL	7:481bce714567	3237	return MEMORY_E;
wolfSSL	7:481bce714567	3238
wolfSSL	7:481bce714567	3239	XMEMSET(data, 0, sizeof(SecureRenegotiation));
wolfSSL	7:481bce714567	3240
wolfSSL	7:481bce714567	3241	ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data, heap);
wolfSSL	7:481bce714567	3242	if (ret != 0) {
wolfSSL	7:481bce714567	3243	XFREE(data, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	3244	return ret;
wolfSSL	7:481bce714567	3245	}
wolfSSL	7:481bce714567	3246
wolfSSL	7:481bce714567	3247	return SSL_SUCCESS;
wolfSSL	7:481bce714567	3248	}
wolfSSL	7:481bce714567	3249
wolfSSL	7:481bce714567	3250	#ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL	7:481bce714567	3251
wolfSSL	7:481bce714567	3252	int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap)
wolfSSL	7:481bce714567	3253	{
wolfSSL	7:481bce714567	3254	int ret;
wolfSSL	7:481bce714567	3255
wolfSSL	7:481bce714567	3256	ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, NULL, heap);
wolfSSL	7:481bce714567	3257	if (ret != 0)
wolfSSL	7:481bce714567	3258	return ret;
wolfSSL	7:481bce714567	3259
wolfSSL	7:481bce714567	3260	/* send empty renegotiation_info extension */
wolfSSL	7:481bce714567	3261	TLSX* ext = TLSX_Find(*extensions, TLSX_RENEGOTIATION_INFO);
wolfSSL	7:481bce714567	3262	if (ext)
wolfSSL	7:481bce714567	3263	ext->resp = 1;
wolfSSL	7:481bce714567	3264
wolfSSL	7:481bce714567	3265	return SSL_SUCCESS;
wolfSSL	7:481bce714567	3266	}
wolfSSL	7:481bce714567	3267
wolfSSL	7:481bce714567	3268	#endif /* HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL	7:481bce714567	3269
wolfSSL	7:481bce714567	3270
wolfSSL	7:481bce714567	3271	#define SCR_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX)
wolfSSL	7:481bce714567	3272	#define SCR_GET_SIZE TLSX_SecureRenegotiation_GetSize
wolfSSL	7:481bce714567	3273	#define SCR_WRITE TLSX_SecureRenegotiation_Write
wolfSSL	7:481bce714567	3274	#define SCR_PARSE TLSX_SecureRenegotiation_Parse
wolfSSL	7:481bce714567	3275
wolfSSL	7:481bce714567	3276	#else
wolfSSL	7:481bce714567	3277
wolfSSL	7:481bce714567	3278	#define SCR_FREE_ALL(a, heap)
wolfSSL	7:481bce714567	3279	#define SCR_GET_SIZE(a, b) 0
wolfSSL	7:481bce714567	3280	#define SCR_WRITE(a, b, c) 0
wolfSSL	7:481bce714567	3281	#define SCR_PARSE(a, b, c, d) 0
wolfSSL	7:481bce714567	3282
wolfSSL	7:481bce714567	3283	#endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL	7:481bce714567	3284
wolfSSL	7:481bce714567	3285	/******************************************************************************/
wolfSSL	7:481bce714567	3286	/* Session Tickets */
wolfSSL	7:481bce714567	3287	/******************************************************************************/
wolfSSL	7:481bce714567	3288
wolfSSL	7:481bce714567	3289	#ifdef HAVE_SESSION_TICKET
wolfSSL	7:481bce714567	3290
wolfSSL	7:481bce714567	3291	static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
wolfSSL	7:481bce714567	3292	{
wolfSSL	7:481bce714567	3293	TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET);
wolfSSL	7:481bce714567	3294	SessionTicket* ticket = extension ?
wolfSSL	7:481bce714567	3295	(SessionTicket*)extension->data : NULL;
wolfSSL	7:481bce714567	3296
wolfSSL	7:481bce714567	3297	if (ticket) {
wolfSSL	7:481bce714567	3298	/* TODO validate ticket timeout here! */
wolfSSL	7:481bce714567	3299	if (ticket->lifetime == 0xfffffff) {
wolfSSL	7:481bce714567	3300	/* send empty ticket on timeout */
wolfSSL	7:481bce714567	3301	TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL	7:481bce714567	3302	}
wolfSSL	7:481bce714567	3303	}
wolfSSL	7:481bce714567	3304	}
wolfSSL	7:481bce714567	3305
wolfSSL	7:481bce714567	3306
wolfSSL	7:481bce714567	3307	static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
wolfSSL	7:481bce714567	3308	{
wolfSSL	7:481bce714567	3309	(void)isRequest;
wolfSSL	7:481bce714567	3310	return ticket ? ticket->size : 0;
wolfSSL	7:481bce714567	3311	}
wolfSSL	7:481bce714567	3312
wolfSSL	7:481bce714567	3313	static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
wolfSSL	7:481bce714567	3314	int isRequest)
wolfSSL	7:481bce714567	3315	{
wolfSSL	7:481bce714567	3316	word16 offset = 0; /* empty ticket */
wolfSSL	7:481bce714567	3317
wolfSSL	7:481bce714567	3318	if (isRequest && ticket) {
wolfSSL	7:481bce714567	3319	XMEMCPY(output + offset, ticket->data, ticket->size);
wolfSSL	7:481bce714567	3320	offset += ticket->size;
wolfSSL	7:481bce714567	3321	}
wolfSSL	7:481bce714567	3322
wolfSSL	7:481bce714567	3323	return offset;
wolfSSL	7:481bce714567	3324	}
wolfSSL	7:481bce714567	3325
wolfSSL	7:481bce714567	3326
wolfSSL	7:481bce714567	3327	static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	7:481bce714567	3328	byte isRequest)
wolfSSL	7:481bce714567	3329	{
wolfSSL	7:481bce714567	3330	int ret = 0;
wolfSSL	7:481bce714567	3331
wolfSSL	7:481bce714567	3332	(void) input; /* avoid unused parameter if NO_WOLFSSL_SERVER defined */
wolfSSL	7:481bce714567	3333
wolfSSL	7:481bce714567	3334	if (!isRequest) {
wolfSSL	7:481bce714567	3335	/* client side */
wolfSSL	7:481bce714567	3336	if (length != 0)
wolfSSL	7:481bce714567	3337	return BUFFER_ERROR;
wolfSSL	7:481bce714567	3338
wolfSSL	7:481bce714567	3339	ssl->expect_session_ticket = 1;
wolfSSL	7:481bce714567	3340	}
wolfSSL	7:481bce714567	3341	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	3342	else {
wolfSSL	7:481bce714567	3343	/* server side */
wolfSSL	7:481bce714567	3344	if (ssl->ctx->ticketEncCb == NULL) {
wolfSSL	7:481bce714567	3345	WOLFSSL_MSG("Client sent session ticket, server has no callback");
wolfSSL	7:481bce714567	3346	return 0;
wolfSSL	7:481bce714567	3347	}
wolfSSL	7:481bce714567	3348
wolfSSL	7:481bce714567	3349	if (length == 0) {
wolfSSL	7:481bce714567	3350	/* blank ticket */
wolfSSL	7:481bce714567	3351	ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL	7:481bce714567	3352	if (ret == SSL_SUCCESS) {
wolfSSL	7:481bce714567	3353	ret = 0;
wolfSSL	7:481bce714567	3354	TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); /* send blank ticket */
wolfSSL	7:481bce714567	3355	ssl->options.createTicket = 1; /* will send ticket msg */
wolfSSL	7:481bce714567	3356	ssl->options.useTicket = 1;
wolfSSL	7:481bce714567	3357	ssl->options.resuming = 0; /* no standard resumption */
wolfSSL	7:481bce714567	3358	ssl->arrays->sessionIDSz = 0; /* no echo on blank ticket */
wolfSSL	7:481bce714567	3359	}
wolfSSL	7:481bce714567	3360	} else {
wolfSSL	7:481bce714567	3361	/* got actual ticket from client */
wolfSSL	7:481bce714567	3362	ret = DoClientTicket(ssl, input, length);
wolfSSL	7:481bce714567	3363	if (ret == WOLFSSL_TICKET_RET_OK) { /* use ticket to resume */
wolfSSL	7:481bce714567	3364	WOLFSSL_MSG("Using exisitng client ticket");
wolfSSL	7:481bce714567	3365	ssl->options.useTicket = 1;
wolfSSL	7:481bce714567	3366	ssl->options.resuming = 1;
wolfSSL	7:481bce714567	3367	} else if (ret == WOLFSSL_TICKET_RET_CREATE) {
wolfSSL	7:481bce714567	3368	WOLFSSL_MSG("Using existing client ticket, creating new one");
wolfSSL	7:481bce714567	3369	ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL	7:481bce714567	3370	if (ret == SSL_SUCCESS) {
wolfSSL	7:481bce714567	3371	ret = 0;
wolfSSL	7:481bce714567	3372	TLSX_SetResponse(ssl, TLSX_SESSION_TICKET);
wolfSSL	7:481bce714567	3373	/* send blank ticket */
wolfSSL	7:481bce714567	3374	ssl->options.createTicket = 1; /* will send ticket msg */
wolfSSL	7:481bce714567	3375	ssl->options.useTicket = 1;
wolfSSL	7:481bce714567	3376	ssl->options.resuming = 1;
wolfSSL	7:481bce714567	3377	}
wolfSSL	7:481bce714567	3378	} else if (ret == WOLFSSL_TICKET_RET_REJECT) {
wolfSSL	7:481bce714567	3379	WOLFSSL_MSG("Process client ticket rejected, not using");
wolfSSL	7:481bce714567	3380	ssl->options.rejectTicket = 1;
wolfSSL	7:481bce714567	3381	ret = 0; /* not fatal */
wolfSSL	7:481bce714567	3382	} else if (ret == WOLFSSL_TICKET_RET_FATAL \|\| ret < 0) {
wolfSSL	7:481bce714567	3383	WOLFSSL_MSG("Process client ticket fatal error, not using");
wolfSSL	7:481bce714567	3384	}
wolfSSL	7:481bce714567	3385	}
wolfSSL	7:481bce714567	3386	}
wolfSSL	7:481bce714567	3387	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	7:481bce714567	3388
wolfSSL	7:481bce714567	3389	return ret;
wolfSSL	7:481bce714567	3390	}
wolfSSL	7:481bce714567	3391
wolfSSL	7:481bce714567	3392	WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
wolfSSL	7:481bce714567	3393	byte* data, word16 size, void* heap)
wolfSSL	7:481bce714567	3394	{
wolfSSL	7:481bce714567	3395	SessionTicket* ticket = (SessionTicket*)XMALLOC(sizeof(SessionTicket),
wolfSSL	7:481bce714567	3396	heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	3397	if (ticket) {
wolfSSL	7:481bce714567	3398	ticket->data = (byte*)XMALLOC(size, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	3399	if (ticket->data == NULL) {
wolfSSL	7:481bce714567	3400	XFREE(ticket, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	3401	return NULL;
wolfSSL	7:481bce714567	3402	}
wolfSSL	7:481bce714567	3403
wolfSSL	7:481bce714567	3404	XMEMCPY(ticket->data, data, size);
wolfSSL	7:481bce714567	3405	ticket->size = size;
wolfSSL	7:481bce714567	3406	ticket->lifetime = lifetime;
wolfSSL	7:481bce714567	3407	}
wolfSSL	7:481bce714567	3408
wolfSSL	7:481bce714567	3409	return ticket;
wolfSSL	7:481bce714567	3410	}
wolfSSL	7:481bce714567	3411	WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap)
wolfSSL	7:481bce714567	3412	{
wolfSSL	7:481bce714567	3413	if (ticket) {
wolfSSL	7:481bce714567	3414	XFREE(ticket->data, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	3415	XFREE(ticket, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	3416	}
wolfSSL	7:481bce714567	3417
wolfSSL	7:481bce714567	3418	(void)heap;
wolfSSL	7:481bce714567	3419	}
wolfSSL	7:481bce714567	3420
wolfSSL	7:481bce714567	3421	int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket, void* heap)
wolfSSL	7:481bce714567	3422	{
wolfSSL	7:481bce714567	3423	int ret = 0;
wolfSSL	7:481bce714567	3424
wolfSSL	7:481bce714567	3425	if (extensions == NULL)
wolfSSL	7:481bce714567	3426	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	3427
wolfSSL	7:481bce714567	3428	/* If the ticket is NULL, the client will request a new ticket from the
wolfSSL	7:481bce714567	3429	server. Otherwise, the client will use it in the next client hello. */
wolfSSL	7:481bce714567	3430	if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket, heap))
wolfSSL	7:481bce714567	3431	!= 0)
wolfSSL	7:481bce714567	3432	return ret;
wolfSSL	7:481bce714567	3433
wolfSSL	7:481bce714567	3434	return SSL_SUCCESS;
wolfSSL	7:481bce714567	3435	}
wolfSSL	7:481bce714567	3436
wolfSSL	7:481bce714567	3437	#define STK_VALIDATE_REQUEST TLSX_SessionTicket_ValidateRequest
wolfSSL	7:481bce714567	3438	#define STK_GET_SIZE TLSX_SessionTicket_GetSize
wolfSSL	7:481bce714567	3439	#define STK_WRITE TLSX_SessionTicket_Write
wolfSSL	7:481bce714567	3440	#define STK_PARSE TLSX_SessionTicket_Parse
wolfSSL	7:481bce714567	3441	#define STK_FREE(stk, heap) TLSX_SessionTicket_Free((SessionTicket*)stk,(heap))
wolfSSL	7:481bce714567	3442
wolfSSL	7:481bce714567	3443	#else
wolfSSL	7:481bce714567	3444
wolfSSL	7:481bce714567	3445	#define STK_FREE(a, b)
wolfSSL	7:481bce714567	3446	#define STK_VALIDATE_REQUEST(a)
wolfSSL	7:481bce714567	3447	#define STK_GET_SIZE(a, b) 0
wolfSSL	7:481bce714567	3448	#define STK_WRITE(a, b, c) 0
wolfSSL	7:481bce714567	3449	#define STK_PARSE(a, b, c, d) 0
wolfSSL	7:481bce714567	3450
wolfSSL	7:481bce714567	3451	#endif /* HAVE_SESSION_TICKET */
wolfSSL	7:481bce714567	3452
wolfSSL	7:481bce714567	3453	/******************************************************************************/
wolfSSL	7:481bce714567	3454	/* Quantum-Safe-Hybrid */
wolfSSL	7:481bce714567	3455	/******************************************************************************/
wolfSSL	7:481bce714567	3456
wolfSSL	7:481bce714567	3457	#ifdef HAVE_QSH
wolfSSL	7:481bce714567	3458	static WC_RNG* rng;
wolfSSL	7:481bce714567	3459	static wolfSSL_Mutex* rngMutex;
wolfSSL	7:481bce714567	3460
wolfSSL	7:481bce714567	3461	static void TLSX_QSH_FreeAll(QSHScheme* list, void* heap)
wolfSSL	7:481bce714567	3462	{
wolfSSL	7:481bce714567	3463	QSHScheme* current;
wolfSSL	7:481bce714567	3464
wolfSSL	7:481bce714567	3465	while ((current = list)) {
wolfSSL	7:481bce714567	3466	list = current->next;
wolfSSL	7:481bce714567	3467	XFREE(current, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	3468	}
wolfSSL	7:481bce714567	3469
wolfSSL	7:481bce714567	3470	(void)heap;
wolfSSL	7:481bce714567	3471	}
wolfSSL	7:481bce714567	3472
wolfSSL	7:481bce714567	3473	static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub,
wolfSSL	7:481bce714567	3474	word16 pubLen)
wolfSSL	7:481bce714567	3475	{
wolfSSL	7:481bce714567	3476	QSHScheme* temp;
wolfSSL	7:481bce714567	3477
wolfSSL	7:481bce714567	3478	if (list == NULL)
wolfSSL	7:481bce714567	3479	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	3480
wolfSSL	7:481bce714567	3481	if ((temp = (QSHScheme*)XMALLOC(sizeof(QSHScheme), NULL,
wolfSSL	7:481bce714567	3482	DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	7:481bce714567	3483	return MEMORY_E;
wolfSSL	7:481bce714567	3484
wolfSSL	7:481bce714567	3485	temp->name = name;
wolfSSL	7:481bce714567	3486	temp->PK = pub;
wolfSSL	7:481bce714567	3487	temp->PKLen = pubLen;
wolfSSL	7:481bce714567	3488	temp->next = *list;
wolfSSL	7:481bce714567	3489
wolfSSL	7:481bce714567	3490	*list = temp;
wolfSSL	7:481bce714567	3491
wolfSSL	7:481bce714567	3492	return 0;
wolfSSL	7:481bce714567	3493	}
wolfSSL	7:481bce714567	3494
wolfSSL	7:481bce714567	3495
wolfSSL	7:481bce714567	3496	/* request for server's public key : 02 indicates 0-2 requested */
wolfSSL	7:481bce714567	3497	static byte TLSX_QSH_SerPKReq(byte* output, byte isRequest)
wolfSSL	7:481bce714567	3498	{
wolfSSL	7:481bce714567	3499	if (isRequest) {
wolfSSL	7:481bce714567	3500	/* only request one public key from the server */
wolfSSL	7:481bce714567	3501	output[0] = 0x01;
wolfSSL	7:481bce714567	3502
wolfSSL	7:481bce714567	3503	return OPAQUE8_LEN;
wolfSSL	7:481bce714567	3504	}
wolfSSL	7:481bce714567	3505	else {
wolfSSL	7:481bce714567	3506	return 0;
wolfSSL	7:481bce714567	3507	}
wolfSSL	7:481bce714567	3508	}
wolfSSL	7:481bce714567	3509
wolfSSL	7:481bce714567	3510	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	3511
wolfSSL	7:481bce714567	3512	/* check for TLS_QSH suite */
wolfSSL	7:481bce714567	3513	static void TLSX_QSH_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
wolfSSL	7:481bce714567	3514	{
wolfSSL	7:481bce714567	3515	int i;
wolfSSL	7:481bce714567	3516
wolfSSL	7:481bce714567	3517	for (i = 0; i < ssl->suites->suiteSz; i+= 2)
wolfSSL	7:481bce714567	3518	if (ssl->suites->suites[i] == QSH_BYTE)
wolfSSL	7:481bce714567	3519	return;
wolfSSL	7:481bce714567	3520
wolfSSL	7:481bce714567	3521	/* No QSH suite found */
wolfSSL	7:481bce714567	3522	TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_QUANTUM_SAFE_HYBRID));
wolfSSL	7:481bce714567	3523	}
wolfSSL	7:481bce714567	3524
wolfSSL	7:481bce714567	3525
wolfSSL	7:481bce714567	3526	/* return the size of the QSH hello extension
wolfSSL	7:481bce714567	3527	list the list of QSHScheme structs containing id and key
wolfSSL	7:481bce714567	3528	isRequest if 1 then is being sent to the server
wolfSSL	7:481bce714567	3529	*/
wolfSSL	7:481bce714567	3530	word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest)
wolfSSL	7:481bce714567	3531	{
wolfSSL	7:481bce714567	3532	QSHScheme* temp = list;
wolfSSL	7:481bce714567	3533	word16 length = 0;
wolfSSL	7:481bce714567	3534
wolfSSL	7:481bce714567	3535	/* account for size of scheme list and public key list */
wolfSSL	7:481bce714567	3536	if (isRequest)
wolfSSL	7:481bce714567	3537	length = OPAQUE16_LEN;
wolfSSL	7:481bce714567	3538	length += OPAQUE24_LEN;
wolfSSL	7:481bce714567	3539
wolfSSL	7:481bce714567	3540	/* for each non null element in list add size */
wolfSSL	7:481bce714567	3541	while ((temp)) {
wolfSSL	7:481bce714567	3542	/* add public key info Scheme \| Key Length \| Key */
wolfSSL	7:481bce714567	3543	length += OPAQUE16_LEN;
wolfSSL	7:481bce714567	3544	length += OPAQUE16_LEN;
wolfSSL	7:481bce714567	3545	length += temp->PKLen;
wolfSSL	7:481bce714567	3546
wolfSSL	7:481bce714567	3547	/* if client add name size for scheme list
wolfSSL	7:481bce714567	3548	advance to next QSHScheme struct in list */
wolfSSL	7:481bce714567	3549	if (isRequest)
wolfSSL	7:481bce714567	3550	length += OPAQUE16_LEN;
wolfSSL	7:481bce714567	3551	temp = temp->next;
wolfSSL	7:481bce714567	3552	}
wolfSSL	7:481bce714567	3553
wolfSSL	7:481bce714567	3554	/* add length for request server public keys */
wolfSSL	7:481bce714567	3555	if (isRequest)
wolfSSL	7:481bce714567	3556	length += OPAQUE8_LEN;
wolfSSL	7:481bce714567	3557
wolfSSL	7:481bce714567	3558	return length;
wolfSSL	7:481bce714567	3559	}
wolfSSL	7:481bce714567	3560
wolfSSL	7:481bce714567	3561
wolfSSL	7:481bce714567	3562	/* write out a list of QSHScheme IDs */
wolfSSL	7:481bce714567	3563	static word16 TLSX_QSH_Write(QSHScheme* list, byte* output)
wolfSSL	7:481bce714567	3564	{
wolfSSL	7:481bce714567	3565	QSHScheme* current = list;
wolfSSL	7:481bce714567	3566	word16 length = 0;
wolfSSL	7:481bce714567	3567
wolfSSL	7:481bce714567	3568	length += OPAQUE16_LEN;
wolfSSL	7:481bce714567	3569
wolfSSL	7:481bce714567	3570	while (current) {
wolfSSL	7:481bce714567	3571	c16toa(current->name, output + length);
wolfSSL	7:481bce714567	3572	length += OPAQUE16_LEN;
wolfSSL	7:481bce714567	3573	current = (QSHScheme*)current->next;
wolfSSL	7:481bce714567	3574	}
wolfSSL	7:481bce714567	3575
wolfSSL	7:481bce714567	3576	c16toa(length - OPAQUE16_LEN, output); /* writing list length */
wolfSSL	7:481bce714567	3577
wolfSSL	7:481bce714567	3578	return length;
wolfSSL	7:481bce714567	3579	}
wolfSSL	7:481bce714567	3580
wolfSSL	7:481bce714567	3581
wolfSSL	7:481bce714567	3582	/* write public key list in extension */
wolfSSL	7:481bce714567	3583	static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output);
wolfSSL	7:481bce714567	3584	static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output)
wolfSSL	7:481bce714567	3585	{
wolfSSL	7:481bce714567	3586	word32 offset = 0;
wolfSSL	7:481bce714567	3587	word16 public_len = 0;
wolfSSL	7:481bce714567	3588
wolfSSL	7:481bce714567	3589	if (!format)
wolfSSL	7:481bce714567	3590	return offset;
wolfSSL	7:481bce714567	3591
wolfSSL	7:481bce714567	3592	/* write scheme ID */
wolfSSL	7:481bce714567	3593	c16toa(format->name, output + offset);
wolfSSL	7:481bce714567	3594	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	3595
wolfSSL	7:481bce714567	3596	/* write public key matching scheme */
wolfSSL	7:481bce714567	3597	public_len = format->PKLen;
wolfSSL	7:481bce714567	3598	c16toa(public_len, output + offset);
wolfSSL	7:481bce714567	3599	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	3600	if (format->PK) {
wolfSSL	7:481bce714567	3601	XMEMCPY(output+offset, format->PK, public_len);
wolfSSL	7:481bce714567	3602	}
wolfSSL	7:481bce714567	3603
wolfSSL	7:481bce714567	3604	return public_len + offset;
wolfSSL	7:481bce714567	3605	}
wolfSSL	7:481bce714567	3606
wolfSSL	7:481bce714567	3607	word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output)
wolfSSL	7:481bce714567	3608	{
wolfSSL	7:481bce714567	3609	QSHScheme* current = list;
wolfSSL	7:481bce714567	3610	word32 length = 0;
wolfSSL	7:481bce714567	3611	word24 toWire;
wolfSSL	7:481bce714567	3612
wolfSSL	7:481bce714567	3613	length += OPAQUE24_LEN;
wolfSSL	7:481bce714567	3614
wolfSSL	7:481bce714567	3615	while (current) {
wolfSSL	7:481bce714567	3616	length += TLSX_QSHPK_WriteR(current, output + length);
wolfSSL	7:481bce714567	3617	current = (QSHScheme*)current->next;
wolfSSL	7:481bce714567	3618	}
wolfSSL	7:481bce714567	3619	/* length of public keys sent */
wolfSSL	7:481bce714567	3620	c32to24(length - OPAQUE24_LEN, toWire);
wolfSSL	7:481bce714567	3621	output[0] = toWire[0];
wolfSSL	7:481bce714567	3622	output[1] = toWire[1];
wolfSSL	7:481bce714567	3623	output[2] = toWire[2];
wolfSSL	7:481bce714567	3624
wolfSSL	7:481bce714567	3625	return length;
wolfSSL	7:481bce714567	3626	}
wolfSSL	7:481bce714567	3627
wolfSSL	7:481bce714567	3628	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	7:481bce714567	3629	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	3630
wolfSSL	7:481bce714567	3631	static void TLSX_QSHAgreement(TLSX** extensions, void* heap)
wolfSSL	7:481bce714567	3632	{
wolfSSL	7:481bce714567	3633	TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL	7:481bce714567	3634	QSHScheme* format = NULL;
wolfSSL	7:481bce714567	3635	QSHScheme* del = NULL;
wolfSSL	7:481bce714567	3636	QSHScheme* prev = NULL;
wolfSSL	7:481bce714567	3637
wolfSSL	7:481bce714567	3638	if (extension == NULL)
wolfSSL	7:481bce714567	3639	return;
wolfSSL	7:481bce714567	3640
wolfSSL	7:481bce714567	3641	format = (QSHScheme*)extension->data;
wolfSSL	7:481bce714567	3642	while (format) {
wolfSSL	7:481bce714567	3643	if (format->PKLen == 0) {
wolfSSL	7:481bce714567	3644	/* case of head */
wolfSSL	7:481bce714567	3645	if (format == extension->data) {
wolfSSL	7:481bce714567	3646	extension->data = format->next;
wolfSSL	7:481bce714567	3647	}
wolfSSL	7:481bce714567	3648	if (prev)
wolfSSL	7:481bce714567	3649	prev->next = format->next;
wolfSSL	7:481bce714567	3650	del = format;
wolfSSL	7:481bce714567	3651	format = format->next;
wolfSSL	7:481bce714567	3652	XFREE(del, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	3653	del = NULL;
wolfSSL	7:481bce714567	3654	} else {
wolfSSL	7:481bce714567	3655	prev = format;
wolfSSL	7:481bce714567	3656	format = format->next;
wolfSSL	7:481bce714567	3657	}
wolfSSL	7:481bce714567	3658	}
wolfSSL	7:481bce714567	3659
wolfSSL	7:481bce714567	3660	(void)heap;
wolfSSL	7:481bce714567	3661	}
wolfSSL	7:481bce714567	3662
wolfSSL	7:481bce714567	3663
wolfSSL	7:481bce714567	3664	/* Parse in hello extension
wolfSSL	7:481bce714567	3665	input the byte stream to process
wolfSSL	7:481bce714567	3666	length length of total extension found
wolfSSL	7:481bce714567	3667	isRequest set to 1 if being sent to the server
wolfSSL	7:481bce714567	3668	*/
wolfSSL	7:481bce714567	3669	static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	7:481bce714567	3670	byte isRequest)
wolfSSL	7:481bce714567	3671	{
wolfSSL	7:481bce714567	3672	byte numKeys = 0;
wolfSSL	7:481bce714567	3673	word16 offset = 0;
wolfSSL	7:481bce714567	3674	word16 schemSz = 0;
wolfSSL	7:481bce714567	3675	word16 offset_len = 0;
wolfSSL	7:481bce714567	3676	word32 offset_pk = 0;
wolfSSL	7:481bce714567	3677	word16 name = 0;
wolfSSL	7:481bce714567	3678	word16 PKLen = 0;
wolfSSL	7:481bce714567	3679	byte* PK = NULL;
wolfSSL	7:481bce714567	3680	int r;
wolfSSL	7:481bce714567	3681
wolfSSL	7:481bce714567	3682
wolfSSL	7:481bce714567	3683	if (OPAQUE16_LEN > length)
wolfSSL	7:481bce714567	3684	return BUFFER_ERROR;
wolfSSL	7:481bce714567	3685
wolfSSL	7:481bce714567	3686	if (isRequest) {
wolfSSL	7:481bce714567	3687	ato16(input, &schemSz);
wolfSSL	7:481bce714567	3688
wolfSSL	7:481bce714567	3689	/* list of public keys available for QSH schemes */
wolfSSL	7:481bce714567	3690	offset_len = schemSz + OPAQUE16_LEN;
wolfSSL	7:481bce714567	3691	}
wolfSSL	7:481bce714567	3692
wolfSSL	7:481bce714567	3693	offset_pk = ((input[offset_len] << 16) & 0xFF00000) \|
wolfSSL	7:481bce714567	3694	(((input[offset_len + 1]) << 8) & 0xFF00) \|
wolfSSL	7:481bce714567	3695	(input[offset_len + 2] & 0xFF);
wolfSSL	7:481bce714567	3696	offset_len += OPAQUE24_LEN;
wolfSSL	7:481bce714567	3697
wolfSSL	7:481bce714567	3698	/* check buffer size */
wolfSSL	7:481bce714567	3699	if (offset_pk > length)
wolfSSL	7:481bce714567	3700	return BUFFER_ERROR;
wolfSSL	7:481bce714567	3701
wolfSSL	7:481bce714567	3702	/* set maximum number of keys the client will accept */
wolfSSL	7:481bce714567	3703	if (!isRequest)
wolfSSL	7:481bce714567	3704	numKeys = (ssl->maxRequest < 1)? 1 : ssl->maxRequest;
wolfSSL	7:481bce714567	3705
wolfSSL	7:481bce714567	3706	/* hello extension read list of scheme ids */
wolfSSL	7:481bce714567	3707	if (isRequest) {
wolfSSL	7:481bce714567	3708
wolfSSL	7:481bce714567	3709	/* read in request for public keys */
wolfSSL	7:481bce714567	3710	ssl->minRequest = (input[length -1] >> 4) & 0xFF;
wolfSSL	7:481bce714567	3711	ssl->maxRequest = input[length -1] & 0x0F;
wolfSSL	7:481bce714567	3712
wolfSSL	7:481bce714567	3713	/* choose the min between min requested by client and 1 */
wolfSSL	7:481bce714567	3714	numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
wolfSSL	7:481bce714567	3715
wolfSSL	7:481bce714567	3716	if (ssl->minRequest > ssl->maxRequest)
wolfSSL	7:481bce714567	3717	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	3718
wolfSSL	7:481bce714567	3719	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	3720	schemSz += offset;
wolfSSL	7:481bce714567	3721
wolfSSL	7:481bce714567	3722	/* check buffer size */
wolfSSL	7:481bce714567	3723	if (schemSz > length)
wolfSSL	7:481bce714567	3724	return BUFFER_ERROR;
wolfSSL	7:481bce714567	3725
wolfSSL	7:481bce714567	3726	while ((offset < schemSz) && numKeys) {
wolfSSL	7:481bce714567	3727	/* Scheme ID list */
wolfSSL	7:481bce714567	3728	ato16(input + offset, &name);
wolfSSL	7:481bce714567	3729	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	3730
wolfSSL	7:481bce714567	3731	/* validate we have scheme id */
wolfSSL	7:481bce714567	3732	if (ssl->user_set_QSHSchemes &&
wolfSSL	7:481bce714567	3733	!TLSX_ValidateQSHScheme(&ssl->extensions, name)) {
wolfSSL	7:481bce714567	3734	continue;
wolfSSL	7:481bce714567	3735	}
wolfSSL	7:481bce714567	3736
wolfSSL	7:481bce714567	3737	/* server create keys on demand */
wolfSSL	7:481bce714567	3738	if ((r = TLSX_CreateNtruKey(ssl, name)) != 0) {
wolfSSL	7:481bce714567	3739	WOLFSSL_MSG("Error creating ntru keys");
wolfSSL	7:481bce714567	3740	return r;
wolfSSL	7:481bce714567	3741	}
wolfSSL	7:481bce714567	3742
wolfSSL	7:481bce714567	3743	/* peer sent an agreed upon scheme */
wolfSSL	7:481bce714567	3744	r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap);
wolfSSL	7:481bce714567	3745
wolfSSL	7:481bce714567	3746	if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL	7:481bce714567	3747
wolfSSL	7:481bce714567	3748	numKeys--;
wolfSSL	7:481bce714567	3749	}
wolfSSL	7:481bce714567	3750
wolfSSL	7:481bce714567	3751	/* choose the min between min requested by client and 1 */
wolfSSL	7:481bce714567	3752	numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
wolfSSL	7:481bce714567	3753	}
wolfSSL	7:481bce714567	3754
wolfSSL	7:481bce714567	3755	/* QSHPK struct */
wolfSSL	7:481bce714567	3756	offset_pk += offset_len;
wolfSSL	7:481bce714567	3757	while ((offset_len < offset_pk) && numKeys) {
wolfSSL	7:481bce714567	3758	QSHKey * temp;
wolfSSL	7:481bce714567	3759
wolfSSL	7:481bce714567	3760	if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap,
wolfSSL	7:481bce714567	3761	DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	7:481bce714567	3762	return MEMORY_E;
wolfSSL	7:481bce714567	3763
wolfSSL	7:481bce714567	3764	/* initialize */
wolfSSL	7:481bce714567	3765	temp->next = NULL;
wolfSSL	7:481bce714567	3766	temp->pub.buffer = NULL;
wolfSSL	7:481bce714567	3767	temp->pub.length = 0;
wolfSSL	7:481bce714567	3768	temp->pri.buffer = NULL;
wolfSSL	7:481bce714567	3769	temp->pri.length = 0;
wolfSSL	7:481bce714567	3770
wolfSSL	7:481bce714567	3771	/* scheme id */
wolfSSL	7:481bce714567	3772	ato16(input + offset_len, &(temp->name));
wolfSSL	7:481bce714567	3773	offset_len += OPAQUE16_LEN;
wolfSSL	7:481bce714567	3774
wolfSSL	7:481bce714567	3775	/* public key length */
wolfSSL	7:481bce714567	3776	ato16(input + offset_len, &PKLen);
wolfSSL	7:481bce714567	3777	temp->pub.length = PKLen;
wolfSSL	7:481bce714567	3778	offset_len += OPAQUE16_LEN;
wolfSSL	7:481bce714567	3779
wolfSSL	7:481bce714567	3780
wolfSSL	7:481bce714567	3781	if (isRequest) {
wolfSSL	7:481bce714567	3782	/* validate we have scheme id */
wolfSSL	7:481bce714567	3783	if (ssl->user_set_QSHSchemes &&
wolfSSL	7:481bce714567	3784	(!TLSX_ValidateQSHScheme(&ssl->extensions, temp->name))) {
wolfSSL	7:481bce714567	3785	offset_len += PKLen;
wolfSSL	7:481bce714567	3786	XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	3787	continue;
wolfSSL	7:481bce714567	3788	}
wolfSSL	7:481bce714567	3789	}
wolfSSL	7:481bce714567	3790
wolfSSL	7:481bce714567	3791	/* read in public key */
wolfSSL	7:481bce714567	3792	if (PKLen > 0) {
wolfSSL	7:481bce714567	3793	temp->pub.buffer = (byte*)XMALLOC(temp->pub.length,
wolfSSL	7:481bce714567	3794	ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	7:481bce714567	3795	XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length);
wolfSSL	7:481bce714567	3796	offset_len += PKLen;
wolfSSL	7:481bce714567	3797	}
wolfSSL	7:481bce714567	3798	else {
wolfSSL	7:481bce714567	3799	PK = NULL;
wolfSSL	7:481bce714567	3800	}
wolfSSL	7:481bce714567	3801
wolfSSL	7:481bce714567	3802	/* use own key when adding to extensions list for sending reply */
wolfSSL	7:481bce714567	3803	PKLen = 0;
wolfSSL	7:481bce714567	3804	PK = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &PKLen, temp->name);
wolfSSL	7:481bce714567	3805	r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen,
wolfSSL	7:481bce714567	3806	ssl->heap);
wolfSSL	7:481bce714567	3807
wolfSSL	7:481bce714567	3808	/* store peers key */
wolfSSL	7:481bce714567	3809	ssl->peerQSHKeyPresent = 1;
wolfSSL	7:481bce714567	3810	if (TLSX_AddQSHKey(&ssl->peerQSHKey, temp) != 0)
wolfSSL	7:481bce714567	3811	return MEMORY_E;
wolfSSL	7:481bce714567	3812
wolfSSL	7:481bce714567	3813	if (temp->pub.length == 0) {
wolfSSL	7:481bce714567	3814	XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	3815	}
wolfSSL	7:481bce714567	3816
wolfSSL	7:481bce714567	3817	if (r != SSL_SUCCESS) {return r;} /* throw error */
wolfSSL	7:481bce714567	3818
wolfSSL	7:481bce714567	3819	numKeys--;
wolfSSL	7:481bce714567	3820	}
wolfSSL	7:481bce714567	3821
wolfSSL	7:481bce714567	3822	/* reply to a QSH extension sent from client */
wolfSSL	7:481bce714567	3823	if (isRequest) {
wolfSSL	7:481bce714567	3824	TLSX_SetResponse(ssl, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL	7:481bce714567	3825	/* only use schemes we have key generated for -- free the rest */
wolfSSL	7:481bce714567	3826	TLSX_QSHAgreement(&ssl->extensions, ssl->heap);
wolfSSL	7:481bce714567	3827	}
wolfSSL	7:481bce714567	3828
wolfSSL	7:481bce714567	3829	return 0;
wolfSSL	7:481bce714567	3830	}
wolfSSL	7:481bce714567	3831
wolfSSL	7:481bce714567	3832
wolfSSL	7:481bce714567	3833	/* Used for parsing in QSHCipher structs on Key Exchange */
wolfSSL	7:481bce714567	3834	int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length,
wolfSSL	7:481bce714567	3835	byte isServer)
wolfSSL	7:481bce714567	3836	{
wolfSSL	7:481bce714567	3837	QSHKey* key;
wolfSSL	7:481bce714567	3838	word16 Max_Secret_Len = 48;
wolfSSL	7:481bce714567	3839	word16 offset = 0;
wolfSSL	7:481bce714567	3840	word16 offset_len = 0;
wolfSSL	7:481bce714567	3841	word32 offset_pk = 0;
wolfSSL	7:481bce714567	3842	word16 name = 0;
wolfSSL	7:481bce714567	3843	word16 secretLen = 0;
wolfSSL	7:481bce714567	3844	byte* secret = NULL;
wolfSSL	7:481bce714567	3845	word16 buffLen = 0;
wolfSSL	7:481bce714567	3846	byte buff[145]; /* size enough for 3 secrets */
wolfSSL	7:481bce714567	3847	buffer* buf;
wolfSSL	7:481bce714567	3848
wolfSSL	7:481bce714567	3849	/* pointer to location where secret should be stored */
wolfSSL	7:481bce714567	3850	if (isServer) {
wolfSSL	7:481bce714567	3851	buf = ssl->QSH_secret->CliSi;
wolfSSL	7:481bce714567	3852	}
wolfSSL	7:481bce714567	3853	else {
wolfSSL	7:481bce714567	3854	buf = ssl->QSH_secret->SerSi;
wolfSSL	7:481bce714567	3855	}
wolfSSL	7:481bce714567	3856
wolfSSL	7:481bce714567	3857	offset_pk = ((input[offset_len] << 16) & 0xFF0000) \|
wolfSSL	7:481bce714567	3858	(((input[offset_len + 1]) << 8) & 0xFF00) \|
wolfSSL	7:481bce714567	3859	(input[offset_len + 2] & 0xFF);
wolfSSL	7:481bce714567	3860	offset_len += OPAQUE24_LEN;
wolfSSL	7:481bce714567	3861
wolfSSL	7:481bce714567	3862	/* validating extension list length -- check if trying to read over edge
wolfSSL	7:481bce714567	3863	of buffer */
wolfSSL	7:481bce714567	3864	if (length < (offset_pk + OPAQUE24_LEN)) {
wolfSSL	7:481bce714567	3865	return BUFFER_ERROR;
wolfSSL	7:481bce714567	3866	}
wolfSSL	7:481bce714567	3867
wolfSSL	7:481bce714567	3868	/* QSHCipherList struct */
wolfSSL	7:481bce714567	3869	offset_pk += offset_len;
wolfSSL	7:481bce714567	3870	while (offset_len < offset_pk) {
wolfSSL	7:481bce714567	3871
wolfSSL	7:481bce714567	3872	/* scheme id */
wolfSSL	7:481bce714567	3873	ato16(input + offset_len, &name);
wolfSSL	7:481bce714567	3874	offset_len += OPAQUE16_LEN;
wolfSSL	7:481bce714567	3875
wolfSSL	7:481bce714567	3876	/* public key length */
wolfSSL	7:481bce714567	3877	ato16(input + offset_len, &secretLen);
wolfSSL	7:481bce714567	3878	offset_len += OPAQUE16_LEN;
wolfSSL	7:481bce714567	3879
wolfSSL	7:481bce714567	3880	/* read in public key */
wolfSSL	7:481bce714567	3881	if (secretLen > 0) {
wolfSSL	7:481bce714567	3882	secret = (byte*)(input + offset_len);
wolfSSL	7:481bce714567	3883	offset_len += secretLen;
wolfSSL	7:481bce714567	3884	}
wolfSSL	7:481bce714567	3885	else {
wolfSSL	7:481bce714567	3886	secret = NULL;
wolfSSL	7:481bce714567	3887	}
wolfSSL	7:481bce714567	3888
wolfSSL	7:481bce714567	3889	/* no secret sent */
wolfSSL	7:481bce714567	3890	if (secret == NULL)
wolfSSL	7:481bce714567	3891	continue;
wolfSSL	7:481bce714567	3892
wolfSSL	7:481bce714567	3893	/* find corresponding key */
wolfSSL	7:481bce714567	3894	key = ssl->QSH_Key;
wolfSSL	7:481bce714567	3895	while (key) {
wolfSSL	7:481bce714567	3896	if (key->name == name)
wolfSSL	7:481bce714567	3897	break;
wolfSSL	7:481bce714567	3898	else
wolfSSL	7:481bce714567	3899	key = (QSHKey*)key->next;
wolfSSL	7:481bce714567	3900	}
wolfSSL	7:481bce714567	3901
wolfSSL	7:481bce714567	3902	/* if we do not have the key than there was a big issue negotiation */
wolfSSL	7:481bce714567	3903	if (key == NULL) {
wolfSSL	7:481bce714567	3904	WOLFSSL_MSG("key was null for decryption!!!\n");
wolfSSL	7:481bce714567	3905	return MEMORY_E;
wolfSSL	7:481bce714567	3906	}
wolfSSL	7:481bce714567	3907
wolfSSL	7:481bce714567	3908	/* Decrypt sent secret */
wolfSSL	7:481bce714567	3909	buffLen = Max_Secret_Len;
wolfSSL	7:481bce714567	3910	QSH_Decrypt(key, secret, secretLen, buff + offset, &buffLen);
wolfSSL	7:481bce714567	3911	offset += buffLen;
wolfSSL	7:481bce714567	3912	}
wolfSSL	7:481bce714567	3913
wolfSSL	7:481bce714567	3914	/* allocate memory for buffer */
wolfSSL	7:481bce714567	3915	buf->length = offset;
wolfSSL	7:481bce714567	3916	buf->buffer = (byte*)XMALLOC(offset, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	3917	if (buf->buffer == NULL)
wolfSSL	7:481bce714567	3918	return MEMORY_E;
wolfSSL	7:481bce714567	3919
wolfSSL	7:481bce714567	3920	/* store secrets */
wolfSSL	7:481bce714567	3921	XMEMCPY(buf->buffer, buff, offset);
wolfSSL	7:481bce714567	3922	ForceZero(buff, offset);
wolfSSL	7:481bce714567	3923
wolfSSL	7:481bce714567	3924	return offset_len;
wolfSSL	7:481bce714567	3925	}
wolfSSL	7:481bce714567	3926
wolfSSL	7:481bce714567	3927
wolfSSL	7:481bce714567	3928	/* return 1 on success */
wolfSSL	7:481bce714567	3929	int TLSX_ValidateQSHScheme(TLSX** extensions, word16 theirs) {
wolfSSL	7:481bce714567	3930	TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL	7:481bce714567	3931	QSHScheme* format = NULL;
wolfSSL	7:481bce714567	3932
wolfSSL	7:481bce714567	3933	/* if no extension is sent then do not use QSH */
wolfSSL	7:481bce714567	3934	if (!extension) {
wolfSSL	7:481bce714567	3935	WOLFSSL_MSG("No QSH Extension");
wolfSSL	7:481bce714567	3936	return 0;
wolfSSL	7:481bce714567	3937	}
wolfSSL	7:481bce714567	3938
wolfSSL	7:481bce714567	3939	for (format = (QSHScheme*)extension->data; format; format = format->next) {
wolfSSL	7:481bce714567	3940	if (format->name == theirs) {
wolfSSL	7:481bce714567	3941	WOLFSSL_MSG("Found Matching QSH Scheme");
wolfSSL	7:481bce714567	3942	return 1; /* have QSH */
wolfSSL	7:481bce714567	3943	}
wolfSSL	7:481bce714567	3944	}
wolfSSL	7:481bce714567	3945
wolfSSL	7:481bce714567	3946	return 0;
wolfSSL	7:481bce714567	3947	}
wolfSSL	7:481bce714567	3948	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	7:481bce714567	3949
wolfSSL	7:481bce714567	3950	/* test if the QSH Scheme is implemented
wolfSSL	7:481bce714567	3951	return 1 if yes 0 if no */
wolfSSL	7:481bce714567	3952	static int TLSX_HaveQSHScheme(word16 name)
wolfSSL	7:481bce714567	3953	{
wolfSSL	7:481bce714567	3954	switch(name) {
wolfSSL	7:481bce714567	3955	#ifdef HAVE_NTRU
wolfSSL	7:481bce714567	3956	case WOLFSSL_NTRU_EESS439:
wolfSSL	7:481bce714567	3957	case WOLFSSL_NTRU_EESS593:
wolfSSL	7:481bce714567	3958	case WOLFSSL_NTRU_EESS743:
wolfSSL	7:481bce714567	3959	return 1;
wolfSSL	7:481bce714567	3960	#endif
wolfSSL	7:481bce714567	3961	case WOLFSSL_LWE_XXX:
wolfSSL	7:481bce714567	3962	case WOLFSSL_HFE_XXX:
wolfSSL	7:481bce714567	3963	return 0; /* not supported yet */
wolfSSL	7:481bce714567	3964
wolfSSL	7:481bce714567	3965	default:
wolfSSL	7:481bce714567	3966	return 0;
wolfSSL	7:481bce714567	3967	}
wolfSSL	7:481bce714567	3968	}
wolfSSL	7:481bce714567	3969
wolfSSL	7:481bce714567	3970
wolfSSL	7:481bce714567	3971	/* Add a QSHScheme struct to list of usable ones */
wolfSSL	7:481bce714567	3972	int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz,
wolfSSL	7:481bce714567	3973	void* heap)
wolfSSL	7:481bce714567	3974	{
wolfSSL	7:481bce714567	3975	TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL	7:481bce714567	3976	QSHScheme* format = NULL;
wolfSSL	7:481bce714567	3977	int ret = 0;
wolfSSL	7:481bce714567	3978
wolfSSL	7:481bce714567	3979	/* sanity check */
wolfSSL	7:481bce714567	3980	if (extensions == NULL \|\| (pKey == NULL && pkeySz != 0))
wolfSSL	7:481bce714567	3981	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	3982
wolfSSL	7:481bce714567	3983	/* if scheme is implemented than add */
wolfSSL	7:481bce714567	3984	if (TLSX_HaveQSHScheme(name)) {
wolfSSL	7:481bce714567	3985	if ((ret = TLSX_QSH_Append(&format, name, pKey, pkeySz)) != 0)
wolfSSL	7:481bce714567	3986	return ret;
wolfSSL	7:481bce714567	3987
wolfSSL	7:481bce714567	3988	if (!extension) {
wolfSSL	7:481bce714567	3989	if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format,
wolfSSL	7:481bce714567	3990	heap)) != 0) {
wolfSSL	7:481bce714567	3991	XFREE(format, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	3992	return ret;
wolfSSL	7:481bce714567	3993	}
wolfSSL	7:481bce714567	3994	}
wolfSSL	7:481bce714567	3995	else {
wolfSSL	7:481bce714567	3996	/* push new QSH object to extension data. */
wolfSSL	7:481bce714567	3997	format->next = (QSHScheme*)extension->data;
wolfSSL	7:481bce714567	3998	extension->data = (void*)format;
wolfSSL	7:481bce714567	3999
wolfSSL	7:481bce714567	4000	/* look for another format of the same name to remove (replacement) */
wolfSSL	7:481bce714567	4001	do {
wolfSSL	7:481bce714567	4002	if (format->next && (format->next->name == name)) {
wolfSSL	7:481bce714567	4003	QSHScheme* next = format->next;
wolfSSL	7:481bce714567	4004
wolfSSL	7:481bce714567	4005	format->next = next->next;
wolfSSL	7:481bce714567	4006	XFREE(next, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	4007
wolfSSL	7:481bce714567	4008	break;
wolfSSL	7:481bce714567	4009	}
wolfSSL	7:481bce714567	4010	} while ((format = format->next));
wolfSSL	7:481bce714567	4011	}
wolfSSL	7:481bce714567	4012	}
wolfSSL	7:481bce714567	4013	return SSL_SUCCESS;
wolfSSL	7:481bce714567	4014	}
wolfSSL	7:481bce714567	4015
wolfSSL	7:481bce714567	4016	#define QSH_FREE_ALL TLSX_QSH_FreeAll
wolfSSL	7:481bce714567	4017	#define QSH_VALIDATE_REQUEST TLSX_QSH_ValidateRequest
wolfSSL	7:481bce714567	4018
wolfSSL	7:481bce714567	4019	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	4020	#define QSH_GET_SIZE TLSX_QSH_GetSize
wolfSSL	7:481bce714567	4021	#define QSH_WRITE TLSX_QSH_Write
wolfSSL	7:481bce714567	4022	#else
wolfSSL	7:481bce714567	4023	#define QSH_GET_SIZE(list) 0
wolfSSL	7:481bce714567	4024	#define QSH_WRITE(a, b) 0
wolfSSL	7:481bce714567	4025	#endif
wolfSSL	7:481bce714567	4026
wolfSSL	7:481bce714567	4027	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	4028	#define QSH_PARSE TLSX_QSH_Parse
wolfSSL	7:481bce714567	4029	#else
wolfSSL	7:481bce714567	4030	#define QSH_PARSE(a, b, c, d) 0
wolfSSL	7:481bce714567	4031	#endif
wolfSSL	7:481bce714567	4032
wolfSSL	7:481bce714567	4033	#define QSHPK_WRITE TLSX_QSHPK_Write
wolfSSL	7:481bce714567	4034	#define QSH_SERREQ TLSX_QSH_SerPKReq
wolfSSL	7:481bce714567	4035	#else
wolfSSL	7:481bce714567	4036
wolfSSL	7:481bce714567	4037	#define QSH_FREE_ALL(list, heap)
wolfSSL	7:481bce714567	4038	#define QSH_GET_SIZE(list, a) 0
wolfSSL	7:481bce714567	4039	#define QSH_WRITE(a, b) 0
wolfSSL	7:481bce714567	4040	#define QSH_PARSE(a, b, c, d) 0
wolfSSL	7:481bce714567	4041	#define QSHPK_WRITE(a, b) 0
wolfSSL	7:481bce714567	4042	#define QSH_SERREQ(a, b) 0
wolfSSL	7:481bce714567	4043	#define QSH_VALIDATE_REQUEST(a, b)
wolfSSL	7:481bce714567	4044
wolfSSL	7:481bce714567	4045	#endif /* HAVE_QSH */
wolfSSL	7:481bce714567	4046
wolfSSL	7:481bce714567	4047	/******************************************************************************/
wolfSSL	7:481bce714567	4048	/* TLS Extensions Framework */
wolfSSL	7:481bce714567	4049	/******************************************************************************/
wolfSSL	7:481bce714567	4050
wolfSSL	7:481bce714567	4051	/** Finds an extension in the provided list. */
wolfSSL	7:481bce714567	4052	TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
wolfSSL	7:481bce714567	4053	{
wolfSSL	7:481bce714567	4054	TLSX* extension = list;
wolfSSL	7:481bce714567	4055
wolfSSL	7:481bce714567	4056	while (extension && extension->type != type)
wolfSSL	7:481bce714567	4057	extension = extension->next;
wolfSSL	7:481bce714567	4058
wolfSSL	7:481bce714567	4059	return extension;
wolfSSL	7:481bce714567	4060	}
wolfSSL	7:481bce714567	4061
wolfSSL	7:481bce714567	4062	/** Releases all extensions in the provided list. */
wolfSSL	7:481bce714567	4063	void TLSX_FreeAll(TLSX* list, void* heap)
wolfSSL	7:481bce714567	4064	{
wolfSSL	7:481bce714567	4065	TLSX* extension;
wolfSSL	7:481bce714567	4066
wolfSSL	7:481bce714567	4067	while ((extension = list)) {
wolfSSL	7:481bce714567	4068	list = extension->next;
wolfSSL	7:481bce714567	4069
wolfSSL	7:481bce714567	4070	switch (extension->type) {
wolfSSL	7:481bce714567	4071
wolfSSL	7:481bce714567	4072	case TLSX_SERVER_NAME:
wolfSSL	7:481bce714567	4073	SNI_FREE_ALL((SNI*)extension->data, heap);
wolfSSL	7:481bce714567	4074	break;
wolfSSL	7:481bce714567	4075
wolfSSL	7:481bce714567	4076	case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL	7:481bce714567	4077	MFL_FREE_ALL(extension->data, heap);
wolfSSL	7:481bce714567	4078	break;
wolfSSL	7:481bce714567	4079
wolfSSL	7:481bce714567	4080	case TLSX_TRUNCATED_HMAC:
wolfSSL	7:481bce714567	4081	/* Nothing to do. */
wolfSSL	7:481bce714567	4082	break;
wolfSSL	7:481bce714567	4083
wolfSSL	7:481bce714567	4084	case TLSX_SUPPORTED_GROUPS:
wolfSSL	7:481bce714567	4085	EC_FREE_ALL((EllipticCurve*)extension->data, heap);
wolfSSL	7:481bce714567	4086	break;
wolfSSL	7:481bce714567	4087
wolfSSL	7:481bce714567	4088	case TLSX_STATUS_REQUEST:
wolfSSL	7:481bce714567	4089	CSR_FREE_ALL((CertificateStatusRequest*)extension->data, heap);
wolfSSL	7:481bce714567	4090	break;
wolfSSL	7:481bce714567	4091
wolfSSL	7:481bce714567	4092	case TLSX_STATUS_REQUEST_V2:
wolfSSL	7:481bce714567	4093	CSR2_FREE_ALL((CertificateStatusRequestItemV2*)extension->data,
wolfSSL	7:481bce714567	4094	heap);
wolfSSL	7:481bce714567	4095	break;
wolfSSL	7:481bce714567	4096
wolfSSL	7:481bce714567	4097	case TLSX_RENEGOTIATION_INFO:
wolfSSL	7:481bce714567	4098	SCR_FREE_ALL(extension->data, heap);
wolfSSL	7:481bce714567	4099	break;
wolfSSL	7:481bce714567	4100
wolfSSL	7:481bce714567	4101	case TLSX_SESSION_TICKET:
wolfSSL	7:481bce714567	4102	STK_FREE(extension->data, heap);
wolfSSL	7:481bce714567	4103	break;
wolfSSL	7:481bce714567	4104
wolfSSL	7:481bce714567	4105	case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL	7:481bce714567	4106	QSH_FREE_ALL((QSHScheme*)extension->data, heap);
wolfSSL	7:481bce714567	4107	break;
wolfSSL	7:481bce714567	4108
wolfSSL	7:481bce714567	4109	case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL	7:481bce714567	4110	ALPN_FREE_ALL((ALPN*)extension->data, heap);
wolfSSL	7:481bce714567	4111	break;
wolfSSL	7:481bce714567	4112	}
wolfSSL	7:481bce714567	4113
wolfSSL	7:481bce714567	4114	XFREE(extension, heap, DYNAMIC_TYPE_TLSX);
wolfSSL	7:481bce714567	4115	}
wolfSSL	7:481bce714567	4116
wolfSSL	7:481bce714567	4117	(void)heap;
wolfSSL	7:481bce714567	4118	}
wolfSSL	7:481bce714567	4119
wolfSSL	7:481bce714567	4120	/** Checks if the tls extensions are supported based on the protocol version. */
wolfSSL	7:481bce714567	4121	int TLSX_SupportExtensions(WOLFSSL* ssl) {
wolfSSL	7:481bce714567	4122	return ssl && (IsTLS(ssl) \|\| ssl->version.major == DTLS_MAJOR);
wolfSSL	7:481bce714567	4123	}
wolfSSL	7:481bce714567	4124
wolfSSL	7:481bce714567	4125	/** Tells the buffered size of the extensions in a list. */
wolfSSL	7:481bce714567	4126	static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
wolfSSL	7:481bce714567	4127	{
wolfSSL	7:481bce714567	4128	TLSX* extension;
wolfSSL	7:481bce714567	4129	word16 length = 0;
wolfSSL	7:481bce714567	4130
wolfSSL	7:481bce714567	4131	while ((extension = list)) {
wolfSSL	7:481bce714567	4132	list = extension->next;
wolfSSL	7:481bce714567	4133
wolfSSL	7:481bce714567	4134	/* only extensions marked as response are sent back to the client. */
wolfSSL	7:481bce714567	4135	if (!isRequest && !extension->resp)
wolfSSL	7:481bce714567	4136	continue; /* skip! */
wolfSSL	7:481bce714567	4137
wolfSSL	7:481bce714567	4138	/* ssl level extensions are expected to override ctx level ones. */
wolfSSL	7:481bce714567	4139	if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
wolfSSL	7:481bce714567	4140	continue; /* skip! */
wolfSSL	7:481bce714567	4141
wolfSSL	7:481bce714567	4142	/* extension type + extension data length. */
wolfSSL	7:481bce714567	4143	length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL	7:481bce714567	4144
wolfSSL	7:481bce714567	4145
wolfSSL	7:481bce714567	4146	switch (extension->type) {
wolfSSL	7:481bce714567	4147
wolfSSL	7:481bce714567	4148	case TLSX_SERVER_NAME:
wolfSSL	7:481bce714567	4149	/* SNI only sends the name on the request. */
wolfSSL	7:481bce714567	4150	if (isRequest)
wolfSSL	7:481bce714567	4151	length += SNI_GET_SIZE((SNI*)extension->data);
wolfSSL	7:481bce714567	4152	break;
wolfSSL	7:481bce714567	4153
wolfSSL	7:481bce714567	4154	case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL	7:481bce714567	4155	length += MFL_GET_SIZE(extension->data);
wolfSSL	7:481bce714567	4156	break;
wolfSSL	7:481bce714567	4157
wolfSSL	7:481bce714567	4158	case TLSX_TRUNCATED_HMAC:
wolfSSL	7:481bce714567	4159	/* always empty. */
wolfSSL	7:481bce714567	4160	break;
wolfSSL	7:481bce714567	4161
wolfSSL	7:481bce714567	4162	case TLSX_SUPPORTED_GROUPS:
wolfSSL	7:481bce714567	4163	length += EC_GET_SIZE((EllipticCurve*)extension->data);
wolfSSL	7:481bce714567	4164	break;
wolfSSL	7:481bce714567	4165
wolfSSL	7:481bce714567	4166	case TLSX_STATUS_REQUEST:
wolfSSL	7:481bce714567	4167	length += CSR_GET_SIZE(
wolfSSL	7:481bce714567	4168	(CertificateStatusRequest*)extension->data, isRequest);
wolfSSL	7:481bce714567	4169	break;
wolfSSL	7:481bce714567	4170
wolfSSL	7:481bce714567	4171	case TLSX_STATUS_REQUEST_V2:
wolfSSL	7:481bce714567	4172	length += CSR2_GET_SIZE(
wolfSSL	7:481bce714567	4173	(CertificateStatusRequestItemV2*)extension->data,
wolfSSL	7:481bce714567	4174	isRequest);
wolfSSL	7:481bce714567	4175	break;
wolfSSL	7:481bce714567	4176
wolfSSL	7:481bce714567	4177	case TLSX_RENEGOTIATION_INFO:
wolfSSL	7:481bce714567	4178	length += SCR_GET_SIZE((SecureRenegotiation*)extension->data,
wolfSSL	7:481bce714567	4179	isRequest);
wolfSSL	7:481bce714567	4180	break;
wolfSSL	7:481bce714567	4181
wolfSSL	7:481bce714567	4182	case TLSX_SESSION_TICKET:
wolfSSL	7:481bce714567	4183	length += STK_GET_SIZE((SessionTicket*)extension->data,
wolfSSL	7:481bce714567	4184	isRequest);
wolfSSL	7:481bce714567	4185	break;
wolfSSL	7:481bce714567	4186
wolfSSL	7:481bce714567	4187	case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL	7:481bce714567	4188	length += QSH_GET_SIZE((QSHScheme*)extension->data, isRequest);
wolfSSL	7:481bce714567	4189	break;
wolfSSL	7:481bce714567	4190
wolfSSL	7:481bce714567	4191	case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL	7:481bce714567	4192	length += ALPN_GET_SIZE((ALPN*)extension->data);
wolfSSL	7:481bce714567	4193	break;
wolfSSL	7:481bce714567	4194
wolfSSL	7:481bce714567	4195	}
wolfSSL	7:481bce714567	4196
wolfSSL	7:481bce714567	4197	/* marks the extension as processed so ctx level */
wolfSSL	7:481bce714567	4198	/* extensions don't overlap with ssl level ones. */
wolfSSL	7:481bce714567	4199	TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
wolfSSL	7:481bce714567	4200	}
wolfSSL	7:481bce714567	4201
wolfSSL	7:481bce714567	4202	return length;
wolfSSL	7:481bce714567	4203	}
wolfSSL	7:481bce714567	4204
wolfSSL	7:481bce714567	4205	/** Writes the extensions of a list in a buffer. */
wolfSSL	7:481bce714567	4206	static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
wolfSSL	7:481bce714567	4207	byte isRequest)
wolfSSL	7:481bce714567	4208	{
wolfSSL	7:481bce714567	4209	TLSX* extension;
wolfSSL	7:481bce714567	4210	word16 offset = 0;
wolfSSL	7:481bce714567	4211	word16 length_offset = 0;
wolfSSL	7:481bce714567	4212
wolfSSL	7:481bce714567	4213	while ((extension = list)) {
wolfSSL	7:481bce714567	4214	list = extension->next;
wolfSSL	7:481bce714567	4215
wolfSSL	7:481bce714567	4216	/* only extensions marked as response are written in a response. */
wolfSSL	7:481bce714567	4217	if (!isRequest && !extension->resp)
wolfSSL	7:481bce714567	4218	continue; /* skip! */
wolfSSL	7:481bce714567	4219
wolfSSL	7:481bce714567	4220	/* ssl level extensions are expected to override ctx level ones. */
wolfSSL	7:481bce714567	4221	if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
wolfSSL	7:481bce714567	4222	continue; /* skip! */
wolfSSL	7:481bce714567	4223
wolfSSL	7:481bce714567	4224	/* writes extension type. */
wolfSSL	7:481bce714567	4225	c16toa(extension->type, output + offset);
wolfSSL	7:481bce714567	4226	offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL	7:481bce714567	4227	length_offset = offset;
wolfSSL	7:481bce714567	4228
wolfSSL	7:481bce714567	4229	/* extension data should be written internally. */
wolfSSL	7:481bce714567	4230	switch (extension->type) {
wolfSSL	7:481bce714567	4231	case TLSX_SERVER_NAME:
wolfSSL	7:481bce714567	4232	if (isRequest)
wolfSSL	7:481bce714567	4233	offset += SNI_WRITE((SNI*)extension->data, output + offset);
wolfSSL	7:481bce714567	4234	break;
wolfSSL	7:481bce714567	4235
wolfSSL	7:481bce714567	4236	case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL	7:481bce714567	4237	offset += MFL_WRITE((byte*)extension->data, output + offset);
wolfSSL	7:481bce714567	4238	break;
wolfSSL	7:481bce714567	4239
wolfSSL	7:481bce714567	4240	case TLSX_TRUNCATED_HMAC:
wolfSSL	7:481bce714567	4241	/* always empty. */
wolfSSL	7:481bce714567	4242	break;
wolfSSL	7:481bce714567	4243
wolfSSL	7:481bce714567	4244	case TLSX_SUPPORTED_GROUPS:
wolfSSL	7:481bce714567	4245	offset += EC_WRITE((EllipticCurve*)extension->data,
wolfSSL	7:481bce714567	4246	output + offset);
wolfSSL	7:481bce714567	4247	break;
wolfSSL	7:481bce714567	4248
wolfSSL	7:481bce714567	4249	case TLSX_STATUS_REQUEST:
wolfSSL	7:481bce714567	4250	offset += CSR_WRITE((CertificateStatusRequest*)extension->data,
wolfSSL	7:481bce714567	4251	output + offset, isRequest);
wolfSSL	7:481bce714567	4252	break;
wolfSSL	7:481bce714567	4253
wolfSSL	7:481bce714567	4254	case TLSX_STATUS_REQUEST_V2:
wolfSSL	7:481bce714567	4255	offset += CSR2_WRITE(
wolfSSL	7:481bce714567	4256	(CertificateStatusRequestItemV2*)extension->data,
wolfSSL	7:481bce714567	4257	output + offset, isRequest);
wolfSSL	7:481bce714567	4258	break;
wolfSSL	7:481bce714567	4259
wolfSSL	7:481bce714567	4260	case TLSX_RENEGOTIATION_INFO:
wolfSSL	7:481bce714567	4261	offset += SCR_WRITE((SecureRenegotiation*)extension->data,
wolfSSL	7:481bce714567	4262	output + offset, isRequest);
wolfSSL	7:481bce714567	4263	break;
wolfSSL	7:481bce714567	4264
wolfSSL	7:481bce714567	4265	case TLSX_SESSION_TICKET:
wolfSSL	7:481bce714567	4266	offset += STK_WRITE((SessionTicket*)extension->data,
wolfSSL	7:481bce714567	4267	output + offset, isRequest);
wolfSSL	7:481bce714567	4268	break;
wolfSSL	7:481bce714567	4269
wolfSSL	7:481bce714567	4270	case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL	7:481bce714567	4271	if (isRequest) {
wolfSSL	7:481bce714567	4272	offset += QSH_WRITE((QSHScheme*)extension->data, output + offset);
wolfSSL	7:481bce714567	4273	}
wolfSSL	7:481bce714567	4274	offset += QSHPK_WRITE((QSHScheme*)extension->data, output + offset);
wolfSSL	7:481bce714567	4275	offset += QSH_SERREQ(output + offset, isRequest);
wolfSSL	7:481bce714567	4276	break;
wolfSSL	7:481bce714567	4277
wolfSSL	7:481bce714567	4278	case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL	7:481bce714567	4279	offset += ALPN_WRITE((ALPN*)extension->data, output + offset);
wolfSSL	7:481bce714567	4280	break;
wolfSSL	7:481bce714567	4281	}
wolfSSL	7:481bce714567	4282
wolfSSL	7:481bce714567	4283	/* writes extension data length. */
wolfSSL	7:481bce714567	4284	c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN);
wolfSSL	7:481bce714567	4285
wolfSSL	7:481bce714567	4286	/* marks the extension as processed so ctx level */
wolfSSL	7:481bce714567	4287	/* extensions don't overlap with ssl level ones. */
wolfSSL	7:481bce714567	4288	TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
wolfSSL	7:481bce714567	4289	}
wolfSSL	7:481bce714567	4290
wolfSSL	7:481bce714567	4291	return offset;
wolfSSL	7:481bce714567	4292	}
wolfSSL	7:481bce714567	4293
wolfSSL	7:481bce714567	4294
wolfSSL	7:481bce714567	4295	#ifdef HAVE_NTRU
wolfSSL	7:481bce714567	4296
wolfSSL	7:481bce714567	4297	static word32 GetEntropy(unsigned char* out, word32 num_bytes)
wolfSSL	7:481bce714567	4298	{
wolfSSL	7:481bce714567	4299	int ret = 0;
wolfSSL	7:481bce714567	4300
wolfSSL	7:481bce714567	4301	if (rng == NULL) {
wolfSSL	7:481bce714567	4302	if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL,
wolfSSL	7:481bce714567	4303	DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	7:481bce714567	4304	return DRBG_OUT_OF_MEMORY;
wolfSSL	7:481bce714567	4305	wc_InitRng(rng);
wolfSSL	7:481bce714567	4306	}
wolfSSL	7:481bce714567	4307
wolfSSL	7:481bce714567	4308	if (rngMutex == NULL) {
wolfSSL	7:481bce714567	4309	if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL,
wolfSSL	7:481bce714567	4310	DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	7:481bce714567	4311	return DRBG_OUT_OF_MEMORY;
wolfSSL	7:481bce714567	4312	wc_InitMutex(rngMutex);
wolfSSL	7:481bce714567	4313	}
wolfSSL	7:481bce714567	4314
wolfSSL	7:481bce714567	4315	ret \|= wc_LockMutex(rngMutex);
wolfSSL	7:481bce714567	4316	ret \|= wc_RNG_GenerateBlock(rng, out, num_bytes);
wolfSSL	7:481bce714567	4317	ret \|= wc_UnLockMutex(rngMutex);
wolfSSL	7:481bce714567	4318
wolfSSL	7:481bce714567	4319	if (ret != 0)
wolfSSL	7:481bce714567	4320	return DRBG_ENTROPY_FAIL;
wolfSSL	7:481bce714567	4321
wolfSSL	7:481bce714567	4322	return DRBG_OK;
wolfSSL	7:481bce714567	4323	}
wolfSSL	7:481bce714567	4324	#endif
wolfSSL	7:481bce714567	4325
wolfSSL	7:481bce714567	4326
wolfSSL	7:481bce714567	4327	#ifdef HAVE_QSH
wolfSSL	7:481bce714567	4328	static int TLSX_CreateQSHKey(WOLFSSL* ssl, int type)
wolfSSL	7:481bce714567	4329	{
wolfSSL	7:481bce714567	4330	int ret;
wolfSSL	7:481bce714567	4331
wolfSSL	7:481bce714567	4332	switch (type) {
wolfSSL	7:481bce714567	4333	#ifdef HAVE_NTRU
wolfSSL	7:481bce714567	4334	case WOLFSSL_NTRU_EESS439:
wolfSSL	7:481bce714567	4335	case WOLFSSL_NTRU_EESS593:
wolfSSL	7:481bce714567	4336	case WOLFSSL_NTRU_EESS743:
wolfSSL	7:481bce714567	4337	ret = TLSX_CreateNtruKey(ssl, type);
wolfSSL	7:481bce714567	4338	break;
wolfSSL	7:481bce714567	4339	#endif
wolfSSL	7:481bce714567	4340	default:
wolfSSL	7:481bce714567	4341	WOLFSSL_MSG("Unknown type for creating NTRU key");
wolfSSL	7:481bce714567	4342	return -1;
wolfSSL	7:481bce714567	4343	}
wolfSSL	7:481bce714567	4344
wolfSSL	7:481bce714567	4345	return ret;
wolfSSL	7:481bce714567	4346	}
wolfSSL	7:481bce714567	4347
wolfSSL	7:481bce714567	4348
wolfSSL	7:481bce714567	4349	static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key)
wolfSSL	7:481bce714567	4350	{
wolfSSL	7:481bce714567	4351	QSHKey* current;
wolfSSL	7:481bce714567	4352
wolfSSL	7:481bce714567	4353	if (key == NULL)
wolfSSL	7:481bce714567	4354	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	4355
wolfSSL	7:481bce714567	4356	/* if no public key stored in key then do not add */
wolfSSL	7:481bce714567	4357	if (key->pub.length == 0 \|\| key->pub.buffer == NULL)
wolfSSL	7:481bce714567	4358	return 0;
wolfSSL	7:481bce714567	4359
wolfSSL	7:481bce714567	4360	/* first element to be added to the list */
wolfSSL	7:481bce714567	4361	current = *list;
wolfSSL	7:481bce714567	4362	if (current == NULL) {
wolfSSL	7:481bce714567	4363	*list = key;
wolfSSL	7:481bce714567	4364	return 0;
wolfSSL	7:481bce714567	4365	}
wolfSSL	7:481bce714567	4366
wolfSSL	7:481bce714567	4367	while (current->next) {
wolfSSL	7:481bce714567	4368	/* can only have one of the key in the list */
wolfSSL	7:481bce714567	4369	if (current->name == key->name)
wolfSSL	7:481bce714567	4370	return -1;
wolfSSL	7:481bce714567	4371	current = (QSHKey*)current->next;
wolfSSL	7:481bce714567	4372	}
wolfSSL	7:481bce714567	4373
wolfSSL	7:481bce714567	4374	current->next = (struct QSHKey*)key;
wolfSSL	7:481bce714567	4375
wolfSSL	7:481bce714567	4376	return 0;
wolfSSL	7:481bce714567	4377	}
wolfSSL	7:481bce714567	4378
wolfSSL	7:481bce714567	4379
wolfSSL	7:481bce714567	4380	#ifdef HAVE_NTRU
wolfSSL	7:481bce714567	4381	int TLSX_CreateNtruKey(WOLFSSL* ssl, int type)
wolfSSL	7:481bce714567	4382	{
wolfSSL	7:481bce714567	4383	int ret;
wolfSSL	7:481bce714567	4384	int ntruType;
wolfSSL	7:481bce714567	4385
wolfSSL	7:481bce714567	4386	/* variable declarations for NTRU*/
wolfSSL	7:481bce714567	4387	QSHKey* temp = NULL;
wolfSSL	7:481bce714567	4388	byte public_key[1027];
wolfSSL	7:481bce714567	4389	word16 public_key_len = sizeof(public_key);
wolfSSL	7:481bce714567	4390	byte private_key[1120];
wolfSSL	7:481bce714567	4391	word16 private_key_len = sizeof(private_key);
wolfSSL	7:481bce714567	4392	DRBG_HANDLE drbg;
wolfSSL	7:481bce714567	4393
wolfSSL	7:481bce714567	4394	if (ssl == NULL)
wolfSSL	7:481bce714567	4395	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	4396
wolfSSL	7:481bce714567	4397	switch (type) {
wolfSSL	7:481bce714567	4398	case WOLFSSL_NTRU_EESS439:
wolfSSL	7:481bce714567	4399	ntruType = NTRU_EES439EP1;
wolfSSL	7:481bce714567	4400	break;
wolfSSL	7:481bce714567	4401	case WOLFSSL_NTRU_EESS593:
wolfSSL	7:481bce714567	4402	ntruType = NTRU_EES593EP1;
wolfSSL	7:481bce714567	4403	break;
wolfSSL	7:481bce714567	4404	case WOLFSSL_NTRU_EESS743:
wolfSSL	7:481bce714567	4405	ntruType = NTRU_EES743EP1;
wolfSSL	7:481bce714567	4406	break;
wolfSSL	7:481bce714567	4407	default:
wolfSSL	7:481bce714567	4408	WOLFSSL_MSG("Unknown type for creating NTRU key");
wolfSSL	7:481bce714567	4409	return -1;
wolfSSL	7:481bce714567	4410	}
wolfSSL	7:481bce714567	4411	ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL	7:481bce714567	4412	if (ret != DRBG_OK) {
wolfSSL	7:481bce714567	4413	WOLFSSL_MSG("NTRU drbg instantiate failed\n");
wolfSSL	7:481bce714567	4414	return ret;
wolfSSL	7:481bce714567	4415	}
wolfSSL	7:481bce714567	4416
wolfSSL	7:481bce714567	4417	if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
wolfSSL	7:481bce714567	4418	&public_key_len, NULL, &private_key_len, NULL)) != NTRU_OK)
wolfSSL	7:481bce714567	4419	return ret;
wolfSSL	7:481bce714567	4420
wolfSSL	7:481bce714567	4421	if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
wolfSSL	7:481bce714567	4422	&public_key_len, public_key, &private_key_len, private_key)) != NTRU_OK)
wolfSSL	7:481bce714567	4423	return ret;
wolfSSL	7:481bce714567	4424
wolfSSL	7:481bce714567	4425	ret = ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL	7:481bce714567	4426	if (ret != NTRU_OK) {
wolfSSL	7:481bce714567	4427	WOLFSSL_MSG("NTRU drbg uninstantiate failed\n");
wolfSSL	7:481bce714567	4428	return ret;
wolfSSL	7:481bce714567	4429	}
wolfSSL	7:481bce714567	4430
wolfSSL	7:481bce714567	4431	if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap,
wolfSSL	7:481bce714567	4432	DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	7:481bce714567	4433	return MEMORY_E;
wolfSSL	7:481bce714567	4434	temp->name = type;
wolfSSL	7:481bce714567	4435	temp->pub.length = public_key_len;
wolfSSL	7:481bce714567	4436	temp->pub.buffer = (byte*)XMALLOC(public_key_len, ssl->heap,
wolfSSL	7:481bce714567	4437	DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	7:481bce714567	4438	XMEMCPY(temp->pub.buffer, public_key, public_key_len);
wolfSSL	7:481bce714567	4439	temp->pri.length = private_key_len;
wolfSSL	7:481bce714567	4440	temp->pri.buffer = (byte*)XMALLOC(private_key_len, ssl->heap,
wolfSSL	7:481bce714567	4441	DYNAMIC_TYPE_ARRAYS);
wolfSSL	7:481bce714567	4442	XMEMCPY(temp->pri.buffer, private_key, private_key_len);
wolfSSL	7:481bce714567	4443	temp->next = NULL;
wolfSSL	7:481bce714567	4444
wolfSSL	7:481bce714567	4445	TLSX_AddQSHKey(&ssl->QSH_Key, temp);
wolfSSL	7:481bce714567	4446
wolfSSL	7:481bce714567	4447	return ret;
wolfSSL	7:481bce714567	4448	}
wolfSSL	7:481bce714567	4449	#endif
wolfSSL	7:481bce714567	4450
wolfSSL	7:481bce714567	4451
wolfSSL	7:481bce714567	4452	/*
wolfSSL	7:481bce714567	4453	Used to find a public key from the list of keys
wolfSSL	7:481bce714567	4454	pubLen length of array
wolfSSL	7:481bce714567	4455	name input the name of the scheme looking for ie WOLFSSL_NTRU_ESSXXX
wolfSSL	7:481bce714567	4456
wolfSSL	7:481bce714567	4457	returns a pointer to public key byte* or NULL if not found
wolfSSL	7:481bce714567	4458	*/
wolfSSL	7:481bce714567	4459	static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name)
wolfSSL	7:481bce714567	4460	{
wolfSSL	7:481bce714567	4461	QSHKey* current = qsh;
wolfSSL	7:481bce714567	4462
wolfSSL	7:481bce714567	4463	if (qsh == NULL \|\| pubLen == NULL)
wolfSSL	7:481bce714567	4464	return NULL;
wolfSSL	7:481bce714567	4465
wolfSSL	7:481bce714567	4466	*pubLen = 0;
wolfSSL	7:481bce714567	4467
wolfSSL	7:481bce714567	4468	while(current) {
wolfSSL	7:481bce714567	4469	if (current->name == name) {
wolfSSL	7:481bce714567	4470	*pubLen = current->pub.length;
wolfSSL	7:481bce714567	4471	return current->pub.buffer;
wolfSSL	7:481bce714567	4472	}
wolfSSL	7:481bce714567	4473	current = (QSHKey*)current->next;
wolfSSL	7:481bce714567	4474	}
wolfSSL	7:481bce714567	4475
wolfSSL	7:481bce714567	4476	return NULL;
wolfSSL	7:481bce714567	4477	}
wolfSSL	7:481bce714567	4478	#endif /* HAVE_QSH */
wolfSSL	7:481bce714567	4479
wolfSSL	7:481bce714567	4480
wolfSSL	7:481bce714567	4481	int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
wolfSSL	7:481bce714567	4482	{
wolfSSL	7:481bce714567	4483	int ret = 0;
wolfSSL	7:481bce714567	4484	byte* public_key = NULL;
wolfSSL	7:481bce714567	4485	word16 public_key_len = 0;
wolfSSL	7:481bce714567	4486	#ifdef HAVE_QSH
wolfSSL	7:481bce714567	4487	TLSX* extension;
wolfSSL	7:481bce714567	4488	QSHScheme* qsh;
wolfSSL	7:481bce714567	4489	QSHScheme* next;
wolfSSL	7:481bce714567	4490
wolfSSL	7:481bce714567	4491	/* add supported QSHSchemes */
wolfSSL	7:481bce714567	4492	WOLFSSL_MSG("Adding supported QSH Schemes");
wolfSSL	7:481bce714567	4493	#endif
wolfSSL	7:481bce714567	4494
wolfSSL	7:481bce714567	4495	/* server will add extension depending on whats parsed from client */
wolfSSL	7:481bce714567	4496	if (!isServer) {
wolfSSL	7:481bce714567	4497	#ifdef HAVE_QSH
wolfSSL	7:481bce714567	4498	/* test if user has set a specific scheme already */
wolfSSL	7:481bce714567	4499	if (!ssl->user_set_QSHSchemes) {
wolfSSL	7:481bce714567	4500	if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
wolfSSL	7:481bce714567	4501	if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS743)) != 0) {
wolfSSL	7:481bce714567	4502	WOLFSSL_MSG("Error creating ntru keys");
wolfSSL	7:481bce714567	4503	return ret;
wolfSSL	7:481bce714567	4504	}
wolfSSL	7:481bce714567	4505	if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS593)) != 0) {
wolfSSL	7:481bce714567	4506	WOLFSSL_MSG("Error creating ntru keys");
wolfSSL	7:481bce714567	4507	return ret;
wolfSSL	7:481bce714567	4508	}
wolfSSL	7:481bce714567	4509	if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS439)) != 0) {
wolfSSL	7:481bce714567	4510	WOLFSSL_MSG("Error creating ntru keys");
wolfSSL	7:481bce714567	4511	return ret;
wolfSSL	7:481bce714567	4512	}
wolfSSL	7:481bce714567	4513
wolfSSL	7:481bce714567	4514	/* add NTRU 256 */
wolfSSL	7:481bce714567	4515	public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL	7:481bce714567	4516	&public_key_len, WOLFSSL_NTRU_EESS743);
wolfSSL	7:481bce714567	4517	}
wolfSSL	7:481bce714567	4518	if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS743,
wolfSSL	7:481bce714567	4519	public_key, public_key_len, ssl->heap)
wolfSSL	7:481bce714567	4520	!= SSL_SUCCESS)
wolfSSL	7:481bce714567	4521	ret = -1;
wolfSSL	7:481bce714567	4522
wolfSSL	7:481bce714567	4523	/* add NTRU 196 */
wolfSSL	7:481bce714567	4524	if (ssl->sendQSHKeys) {
wolfSSL	7:481bce714567	4525	public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL	7:481bce714567	4526	&public_key_len, WOLFSSL_NTRU_EESS593);
wolfSSL	7:481bce714567	4527	}
wolfSSL	7:481bce714567	4528	if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS593,
wolfSSL	7:481bce714567	4529	public_key, public_key_len, ssl->heap)
wolfSSL	7:481bce714567	4530	!= SSL_SUCCESS)
wolfSSL	7:481bce714567	4531	ret = -1;
wolfSSL	7:481bce714567	4532
wolfSSL	7:481bce714567	4533	/* add NTRU 128 */
wolfSSL	7:481bce714567	4534	if (ssl->sendQSHKeys) {
wolfSSL	7:481bce714567	4535	public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL	7:481bce714567	4536	&public_key_len, WOLFSSL_NTRU_EESS439);
wolfSSL	7:481bce714567	4537	}
wolfSSL	7:481bce714567	4538	if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS439,
wolfSSL	7:481bce714567	4539	public_key, public_key_len, ssl->heap)
wolfSSL	7:481bce714567	4540	!= SSL_SUCCESS)
wolfSSL	7:481bce714567	4541	ret = -1;
wolfSSL	7:481bce714567	4542	}
wolfSSL	7:481bce714567	4543	else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
wolfSSL	7:481bce714567	4544	/* for each scheme make a client key */
wolfSSL	7:481bce714567	4545	extension = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL	7:481bce714567	4546	if (extension) {
wolfSSL	7:481bce714567	4547	qsh = (QSHScheme*)extension->data;
wolfSSL	7:481bce714567	4548
wolfSSL	7:481bce714567	4549	while (qsh) {
wolfSSL	7:481bce714567	4550	if ((ret = TLSX_CreateQSHKey(ssl, qsh->name)) != 0)
wolfSSL	7:481bce714567	4551	return ret;
wolfSSL	7:481bce714567	4552
wolfSSL	7:481bce714567	4553	/* get next now because qsh could be freed */
wolfSSL	7:481bce714567	4554	next = qsh->next;
wolfSSL	7:481bce714567	4555
wolfSSL	7:481bce714567	4556	/* find the public key created and add to extension*/
wolfSSL	7:481bce714567	4557	public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL	7:481bce714567	4558	&public_key_len, qsh->name);
wolfSSL	7:481bce714567	4559	if (TLSX_UseQSHScheme(&ssl->extensions, qsh->name,
wolfSSL	7:481bce714567	4560	public_key, public_key_len,
wolfSSL	7:481bce714567	4561	ssl->heap) != SSL_SUCCESS)
wolfSSL	7:481bce714567	4562	ret = -1;
wolfSSL	7:481bce714567	4563	qsh = next;
wolfSSL	7:481bce714567	4564	}
wolfSSL	7:481bce714567	4565	}
wolfSSL	7:481bce714567	4566	}
wolfSSL	7:481bce714567	4567	#endif
wolfSSL	7:481bce714567	4568
wolfSSL	7:481bce714567	4569	#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL	7:481bce714567	4570	if (!ssl->options.userCurves && !ssl->ctx->userCurves) {
wolfSSL	7:481bce714567	4571	#if defined(HAVE_ECC160) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	4572	#ifndef NO_ECC_SECP
wolfSSL	7:481bce714567	4573	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP160R1, ssl->heap);
wolfSSL	7:481bce714567	4574	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4575	#endif
wolfSSL	7:481bce714567	4576	#ifdef HAVE_ECC_SECPR2
wolfSSL	7:481bce714567	4577	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP160R2, ssl->heap);
wolfSSL	7:481bce714567	4578	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4579	#endif
wolfSSL	7:481bce714567	4580	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	7:481bce714567	4581	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP160K1, ssl->heap);
wolfSSL	7:481bce714567	4582	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4583	#endif
wolfSSL	7:481bce714567	4584	#endif
wolfSSL	7:481bce714567	4585	#if defined(HAVE_ECC192) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	4586	#ifndef NO_ECC_SECP
wolfSSL	7:481bce714567	4587	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP192R1, ssl->heap);
wolfSSL	7:481bce714567	4588	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4589	#endif
wolfSSL	7:481bce714567	4590	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	7:481bce714567	4591	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP192K1, ssl->heap);
wolfSSL	7:481bce714567	4592	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4593	#endif
wolfSSL	7:481bce714567	4594	#endif
wolfSSL	7:481bce714567	4595	#if defined(HAVE_ECC224) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	4596	#ifndef NO_ECC_SECP
wolfSSL	7:481bce714567	4597	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP224R1, ssl->heap);
wolfSSL	7:481bce714567	4598	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4599	#endif
wolfSSL	7:481bce714567	4600	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	7:481bce714567	4601	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP224K1, ssl->heap);
wolfSSL	7:481bce714567	4602	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4603	#endif
wolfSSL	7:481bce714567	4604	#endif
wolfSSL	7:481bce714567	4605	#if !defined(NO_ECC256) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	4606	#ifndef NO_ECC_SECP
wolfSSL	7:481bce714567	4607	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP256R1, ssl->heap);
wolfSSL	7:481bce714567	4608	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4609	#endif
wolfSSL	7:481bce714567	4610	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	7:481bce714567	4611	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP256K1, ssl->heap);
wolfSSL	7:481bce714567	4612	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4613	#endif
wolfSSL	7:481bce714567	4614	#ifdef HAVE_ECC_BRAINPOOL
wolfSSL	7:481bce714567	4615	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap);
wolfSSL	7:481bce714567	4616	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4617	#endif
wolfSSL	7:481bce714567	4618	#endif
wolfSSL	7:481bce714567	4619	#if defined(HAVE_ECC384) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	4620	#ifndef NO_ECC_SECP
wolfSSL	7:481bce714567	4621	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP384R1, ssl->heap);
wolfSSL	7:481bce714567	4622	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4623	#endif
wolfSSL	7:481bce714567	4624	#ifdef HAVE_ECC_BRAINPOOL
wolfSSL	7:481bce714567	4625	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap);
wolfSSL	7:481bce714567	4626	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4627	#endif
wolfSSL	7:481bce714567	4628	#endif
wolfSSL	7:481bce714567	4629	#if defined(HAVE_ECC512) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	4630	#ifdef HAVE_ECC_BRAINPOOL
wolfSSL	7:481bce714567	4631	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap);
wolfSSL	7:481bce714567	4632	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4633	#endif
wolfSSL	7:481bce714567	4634	#endif
wolfSSL	7:481bce714567	4635	#if defined(HAVE_ECC521) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	7:481bce714567	4636	#ifndef NO_ECC_SECP
wolfSSL	7:481bce714567	4637	ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP521R1, ssl->heap);
wolfSSL	7:481bce714567	4638	if (ret != SSL_SUCCESS) return ret;
wolfSSL	7:481bce714567	4639	#endif
wolfSSL	7:481bce714567	4640	#endif
wolfSSL	7:481bce714567	4641	}
wolfSSL	7:481bce714567	4642	#endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */
wolfSSL	7:481bce714567	4643	} /* is not server */
wolfSSL	7:481bce714567	4644
wolfSSL	7:481bce714567	4645	(void)public_key;
wolfSSL	7:481bce714567	4646	(void)public_key_len;
wolfSSL	7:481bce714567	4647	(void)ssl;
wolfSSL	7:481bce714567	4648
wolfSSL	7:481bce714567	4649	if (ret == SSL_SUCCESS)
wolfSSL	7:481bce714567	4650	ret = 0;
wolfSSL	7:481bce714567	4651
wolfSSL	7:481bce714567	4652	return ret;
wolfSSL	7:481bce714567	4653	}
wolfSSL	7:481bce714567	4654
wolfSSL	7:481bce714567	4655
wolfSSL	7:481bce714567	4656	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	4657
wolfSSL	7:481bce714567	4658	/** Tells the buffered size of extensions to be sent into the client hello. */
wolfSSL	7:481bce714567	4659	word16 TLSX_GetRequestSize(WOLFSSL* ssl)
wolfSSL	7:481bce714567	4660	{
wolfSSL	7:481bce714567	4661	word16 length = 0;
wolfSSL	7:481bce714567	4662
wolfSSL	7:481bce714567	4663	if (TLSX_SupportExtensions(ssl)) {
wolfSSL	7:481bce714567	4664	byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL	7:481bce714567	4665
wolfSSL	7:481bce714567	4666	EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL	7:481bce714567	4667	QSH_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL	7:481bce714567	4668	STK_VALIDATE_REQUEST(ssl);
wolfSSL	7:481bce714567	4669
wolfSSL	7:481bce714567	4670	if (ssl->extensions)
wolfSSL	7:481bce714567	4671	length += TLSX_GetSize(ssl->extensions, semaphore, 1);
wolfSSL	7:481bce714567	4672
wolfSSL	7:481bce714567	4673	if (ssl->ctx && ssl->ctx->extensions)
wolfSSL	7:481bce714567	4674	length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1);
wolfSSL	7:481bce714567	4675
wolfSSL	7:481bce714567	4676	if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL	7:481bce714567	4677	length += HELLO_EXT_SZ + HELLO_EXT_SIGALGO_SZ
wolfSSL	7:481bce714567	4678	+ ssl->suites->hashSigAlgoSz;
wolfSSL	7:481bce714567	4679
wolfSSL	7:481bce714567	4680	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	7:481bce714567	4681	if (ssl->options.haveEMS)
wolfSSL	7:481bce714567	4682	length += HELLO_EXT_SZ;
wolfSSL	7:481bce714567	4683	#endif
wolfSSL	7:481bce714567	4684	}
wolfSSL	7:481bce714567	4685
wolfSSL	7:481bce714567	4686	if (length)
wolfSSL	7:481bce714567	4687	length += OPAQUE16_LEN; /* for total length storage. */
wolfSSL	7:481bce714567	4688
wolfSSL	7:481bce714567	4689	return length;
wolfSSL	7:481bce714567	4690	}
wolfSSL	7:481bce714567	4691
wolfSSL	7:481bce714567	4692	/** Writes the extensions to be sent into the client hello. */
wolfSSL	7:481bce714567	4693	word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
wolfSSL	7:481bce714567	4694	{
wolfSSL	7:481bce714567	4695	word16 offset = 0;
wolfSSL	7:481bce714567	4696
wolfSSL	7:481bce714567	4697	if (TLSX_SupportExtensions(ssl) && output) {
wolfSSL	7:481bce714567	4698	byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL	7:481bce714567	4699
wolfSSL	7:481bce714567	4700	offset += OPAQUE16_LEN; /* extensions length */
wolfSSL	7:481bce714567	4701
wolfSSL	7:481bce714567	4702	EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL	7:481bce714567	4703	STK_VALIDATE_REQUEST(ssl);
wolfSSL	7:481bce714567	4704	QSH_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL	7:481bce714567	4705
wolfSSL	7:481bce714567	4706	if (ssl->extensions)
wolfSSL	7:481bce714567	4707	offset += TLSX_Write(ssl->extensions, output + offset,
wolfSSL	7:481bce714567	4708	semaphore, 1);
wolfSSL	7:481bce714567	4709
wolfSSL	7:481bce714567	4710	if (ssl->ctx && ssl->ctx->extensions)
wolfSSL	7:481bce714567	4711	offset += TLSX_Write(ssl->ctx->extensions, output + offset,
wolfSSL	7:481bce714567	4712	semaphore, 1);
wolfSSL	7:481bce714567	4713
wolfSSL	7:481bce714567	4714	if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) {
wolfSSL	7:481bce714567	4715	int i;
wolfSSL	7:481bce714567	4716	/* extension type */
wolfSSL	7:481bce714567	4717	c16toa(HELLO_EXT_SIG_ALGO, output + offset);
wolfSSL	7:481bce714567	4718	offset += HELLO_EXT_TYPE_SZ;
wolfSSL	7:481bce714567	4719
wolfSSL	7:481bce714567	4720	/* extension data length */
wolfSSL	7:481bce714567	4721	c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz,
wolfSSL	7:481bce714567	4722	output + offset);
wolfSSL	7:481bce714567	4723	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	4724
wolfSSL	7:481bce714567	4725	/* sig algos length */
wolfSSL	7:481bce714567	4726	c16toa(ssl->suites->hashSigAlgoSz, output + offset);
wolfSSL	7:481bce714567	4727	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	4728
wolfSSL	7:481bce714567	4729	/* sig algos */
wolfSSL	7:481bce714567	4730	for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, offset++)
wolfSSL	7:481bce714567	4731	output[offset] = ssl->suites->hashSigAlgo[i];
wolfSSL	7:481bce714567	4732	}
wolfSSL	7:481bce714567	4733
wolfSSL	7:481bce714567	4734	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	7:481bce714567	4735	if (ssl->options.haveEMS) {
wolfSSL	7:481bce714567	4736	c16toa(HELLO_EXT_EXTMS, output + offset);
wolfSSL	7:481bce714567	4737	offset += HELLO_EXT_TYPE_SZ;
wolfSSL	7:481bce714567	4738	c16toa(0, output + offset);
wolfSSL	7:481bce714567	4739	offset += HELLO_EXT_SZ_SZ;
wolfSSL	7:481bce714567	4740	}
wolfSSL	7:481bce714567	4741	#endif
wolfSSL	7:481bce714567	4742
wolfSSL	7:481bce714567	4743	if (offset > OPAQUE16_LEN)
wolfSSL	7:481bce714567	4744	c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL	7:481bce714567	4745	}
wolfSSL	7:481bce714567	4746
wolfSSL	7:481bce714567	4747	return offset;
wolfSSL	7:481bce714567	4748	}
wolfSSL	7:481bce714567	4749
wolfSSL	7:481bce714567	4750	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	7:481bce714567	4751
wolfSSL	7:481bce714567	4752	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	4753
wolfSSL	7:481bce714567	4754	/** Tells the buffered size of extensions to be sent into the server hello. */
wolfSSL	7:481bce714567	4755	word16 TLSX_GetResponseSize(WOLFSSL* ssl)
wolfSSL	7:481bce714567	4756	{
wolfSSL	7:481bce714567	4757	word16 length = 0;
wolfSSL	7:481bce714567	4758	byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL	7:481bce714567	4759
wolfSSL	7:481bce714567	4760	#ifdef HAVE_QSH
wolfSSL	7:481bce714567	4761	/* change response if not using TLS_QSH */
wolfSSL	7:481bce714567	4762	if (!ssl->options.haveQSH) {
wolfSSL	7:481bce714567	4763	TLSX* ext = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL	7:481bce714567	4764	if (ext)
wolfSSL	7:481bce714567	4765	ext->resp = 0;
wolfSSL	7:481bce714567	4766	}
wolfSSL	7:481bce714567	4767	#endif
wolfSSL	7:481bce714567	4768
wolfSSL	7:481bce714567	4769	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	7:481bce714567	4770	if (ssl->options.haveEMS)
wolfSSL	7:481bce714567	4771	length += HELLO_EXT_SZ;
wolfSSL	7:481bce714567	4772	#endif
wolfSSL	7:481bce714567	4773
wolfSSL	7:481bce714567	4774	if (TLSX_SupportExtensions(ssl))
wolfSSL	7:481bce714567	4775	length += TLSX_GetSize(ssl->extensions, semaphore, 0);
wolfSSL	7:481bce714567	4776
wolfSSL	7:481bce714567	4777	/* All the response data is set at the ssl object only, so no ctx here. */
wolfSSL	7:481bce714567	4778
wolfSSL	7:481bce714567	4779	if (length)
wolfSSL	7:481bce714567	4780	length += OPAQUE16_LEN; /* for total length storage. */
wolfSSL	7:481bce714567	4781
wolfSSL	7:481bce714567	4782	return length;
wolfSSL	7:481bce714567	4783	}
wolfSSL	7:481bce714567	4784
wolfSSL	7:481bce714567	4785	/** Writes the server hello extensions into a buffer. */
wolfSSL	7:481bce714567	4786	word16 TLSX_WriteResponse(WOLFSSL ssl, byte output)
wolfSSL	7:481bce714567	4787	{
wolfSSL	7:481bce714567	4788	word16 offset = 0;
wolfSSL	7:481bce714567	4789
wolfSSL	7:481bce714567	4790	if (TLSX_SupportExtensions(ssl) && output) {
wolfSSL	7:481bce714567	4791	byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL	7:481bce714567	4792
wolfSSL	7:481bce714567	4793	offset += OPAQUE16_LEN; /* extensions length */
wolfSSL	7:481bce714567	4794
wolfSSL	7:481bce714567	4795	offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0);
wolfSSL	7:481bce714567	4796
wolfSSL	7:481bce714567	4797	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	7:481bce714567	4798	if (ssl->options.haveEMS) {
wolfSSL	7:481bce714567	4799	c16toa(HELLO_EXT_EXTMS, output + offset);
wolfSSL	7:481bce714567	4800	offset += HELLO_EXT_TYPE_SZ;
wolfSSL	7:481bce714567	4801	c16toa(0, output + offset);
wolfSSL	7:481bce714567	4802	offset += HELLO_EXT_SZ_SZ;
wolfSSL	7:481bce714567	4803	}
wolfSSL	7:481bce714567	4804	#endif
wolfSSL	7:481bce714567	4805
wolfSSL	7:481bce714567	4806	if (offset > OPAQUE16_LEN)
wolfSSL	7:481bce714567	4807	c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL	7:481bce714567	4808	}
wolfSSL	7:481bce714567	4809
wolfSSL	7:481bce714567	4810	return offset;
wolfSSL	7:481bce714567	4811	}
wolfSSL	7:481bce714567	4812
wolfSSL	7:481bce714567	4813	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	7:481bce714567	4814
wolfSSL	7:481bce714567	4815	/** Parses a buffer of TLS extensions. */
wolfSSL	7:481bce714567	4816	int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
wolfSSL	7:481bce714567	4817	Suites *suites)
wolfSSL	7:481bce714567	4818	{
wolfSSL	7:481bce714567	4819	int ret = 0;
wolfSSL	7:481bce714567	4820	word16 offset = 0;
wolfSSL	7:481bce714567	4821	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	7:481bce714567	4822	byte pendingEMS = 0;
wolfSSL	7:481bce714567	4823	#endif
wolfSSL	7:481bce714567	4824
wolfSSL	7:481bce714567	4825	if (!ssl \|\| !input \|\| (isRequest && !suites))
wolfSSL	7:481bce714567	4826	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	4827
wolfSSL	7:481bce714567	4828	while (ret == 0 && offset < length) {
wolfSSL	7:481bce714567	4829	word16 type;
wolfSSL	7:481bce714567	4830	word16 size;
wolfSSL	7:481bce714567	4831
wolfSSL	7:481bce714567	4832	if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
wolfSSL	7:481bce714567	4833	return BUFFER_ERROR;
wolfSSL	7:481bce714567	4834
wolfSSL	7:481bce714567	4835	ato16(input + offset, &type);
wolfSSL	7:481bce714567	4836	offset += HELLO_EXT_TYPE_SZ;
wolfSSL	7:481bce714567	4837
wolfSSL	7:481bce714567	4838	ato16(input + offset, &size);
wolfSSL	7:481bce714567	4839	offset += OPAQUE16_LEN;
wolfSSL	7:481bce714567	4840
wolfSSL	7:481bce714567	4841	if (offset + size > length)
wolfSSL	7:481bce714567	4842	return BUFFER_ERROR;
wolfSSL	7:481bce714567	4843
wolfSSL	7:481bce714567	4844	switch (type) {
wolfSSL	7:481bce714567	4845	case TLSX_SERVER_NAME:
wolfSSL	7:481bce714567	4846	WOLFSSL_MSG("SNI extension received");
wolfSSL	7:481bce714567	4847
wolfSSL	7:481bce714567	4848	ret = SNI_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	7:481bce714567	4849	break;
wolfSSL	7:481bce714567	4850
wolfSSL	7:481bce714567	4851	case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL	7:481bce714567	4852	WOLFSSL_MSG("Max Fragment Length extension received");
wolfSSL	7:481bce714567	4853
wolfSSL	7:481bce714567	4854	ret = MFL_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	7:481bce714567	4855	break;
wolfSSL	7:481bce714567	4856
wolfSSL	7:481bce714567	4857	case TLSX_TRUNCATED_HMAC:
wolfSSL	7:481bce714567	4858	WOLFSSL_MSG("Truncated HMAC extension received");
wolfSSL	7:481bce714567	4859
wolfSSL	7:481bce714567	4860	ret = THM_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	7:481bce714567	4861	break;
wolfSSL	7:481bce714567	4862
wolfSSL	7:481bce714567	4863	case TLSX_SUPPORTED_GROUPS:
wolfSSL	7:481bce714567	4864	WOLFSSL_MSG("Elliptic Curves extension received");
wolfSSL	7:481bce714567	4865
wolfSSL	7:481bce714567	4866	ret = EC_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	7:481bce714567	4867	break;
wolfSSL	7:481bce714567	4868
wolfSSL	7:481bce714567	4869	case TLSX_STATUS_REQUEST:
wolfSSL	7:481bce714567	4870	WOLFSSL_MSG("Certificate Status Request extension received");
wolfSSL	7:481bce714567	4871
wolfSSL	7:481bce714567	4872	ret = CSR_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	7:481bce714567	4873	break;
wolfSSL	7:481bce714567	4874
wolfSSL	7:481bce714567	4875	case TLSX_STATUS_REQUEST_V2:
wolfSSL	7:481bce714567	4876	WOLFSSL_MSG("Certificate Status Request v2 extension received");
wolfSSL	7:481bce714567	4877
wolfSSL	7:481bce714567	4878	ret = CSR2_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	7:481bce714567	4879	break;
wolfSSL	7:481bce714567	4880
wolfSSL	7:481bce714567	4881	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	7:481bce714567	4882	case HELLO_EXT_EXTMS:
wolfSSL	7:481bce714567	4883	WOLFSSL_MSG("Extended Master Secret extension received");
wolfSSL	7:481bce714567	4884
wolfSSL	7:481bce714567	4885	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	4886	if (isRequest)
wolfSSL	7:481bce714567	4887	ssl->options.haveEMS = 1;
wolfSSL	7:481bce714567	4888	#endif
wolfSSL	7:481bce714567	4889	pendingEMS = 1;
wolfSSL	7:481bce714567	4890	break;
wolfSSL	7:481bce714567	4891	#endif
wolfSSL	7:481bce714567	4892
wolfSSL	7:481bce714567	4893	case TLSX_RENEGOTIATION_INFO:
wolfSSL	7:481bce714567	4894	WOLFSSL_MSG("Secure Renegotiation extension received");
wolfSSL	7:481bce714567	4895
wolfSSL	7:481bce714567	4896	ret = SCR_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	7:481bce714567	4897	break;
wolfSSL	7:481bce714567	4898
wolfSSL	7:481bce714567	4899	case TLSX_SESSION_TICKET:
wolfSSL	7:481bce714567	4900	WOLFSSL_MSG("Session Ticket extension received");
wolfSSL	7:481bce714567	4901
wolfSSL	7:481bce714567	4902	ret = STK_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	7:481bce714567	4903	break;
wolfSSL	7:481bce714567	4904
wolfSSL	7:481bce714567	4905	case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL	7:481bce714567	4906	WOLFSSL_MSG("Quantum-Safe-Hybrid extension received");
wolfSSL	7:481bce714567	4907
wolfSSL	7:481bce714567	4908	ret = QSH_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	7:481bce714567	4909	break;
wolfSSL	7:481bce714567	4910
wolfSSL	7:481bce714567	4911	case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL	7:481bce714567	4912	WOLFSSL_MSG("ALPN extension received");
wolfSSL	7:481bce714567	4913
wolfSSL	7:481bce714567	4914	ret = ALPN_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	7:481bce714567	4915	break;
wolfSSL	7:481bce714567	4916
wolfSSL	7:481bce714567	4917	case HELLO_EXT_SIG_ALGO:
wolfSSL	7:481bce714567	4918	if (isRequest) {
wolfSSL	7:481bce714567	4919	/* do not mess with offset inside the switch! */
wolfSSL	7:481bce714567	4920	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	7:481bce714567	4921	ato16(input + offset, &suites->hashSigAlgoSz);
wolfSSL	7:481bce714567	4922
wolfSSL	7:481bce714567	4923	if (suites->hashSigAlgoSz > size - OPAQUE16_LEN)
wolfSSL	7:481bce714567	4924	return BUFFER_ERROR;
wolfSSL	7:481bce714567	4925
wolfSSL	7:481bce714567	4926	XMEMCPY(suites->hashSigAlgo,
wolfSSL	7:481bce714567	4927	input + offset + OPAQUE16_LEN,
wolfSSL	7:481bce714567	4928	min(suites->hashSigAlgoSz,
wolfSSL	7:481bce714567	4929	HELLO_EXT_SIGALGO_MAX));
wolfSSL	7:481bce714567	4930	}
wolfSSL	7:481bce714567	4931	} else {
wolfSSL	7:481bce714567	4932	WOLFSSL_MSG("Servers MUST NOT send SIG ALGO extension.");
wolfSSL	7:481bce714567	4933	}
wolfSSL	7:481bce714567	4934
wolfSSL	7:481bce714567	4935	break;
wolfSSL	7:481bce714567	4936	}
wolfSSL	7:481bce714567	4937
wolfSSL	7:481bce714567	4938	/* offset should be updated here! */
wolfSSL	7:481bce714567	4939	offset += size;
wolfSSL	7:481bce714567	4940	}
wolfSSL	7:481bce714567	4941
wolfSSL	7:481bce714567	4942	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	7:481bce714567	4943	if (!isRequest && ssl->options.haveEMS && !pendingEMS)
wolfSSL	7:481bce714567	4944	ssl->options.haveEMS = 0;
wolfSSL	7:481bce714567	4945	#endif
wolfSSL	7:481bce714567	4946
wolfSSL	7:481bce714567	4947	if (ret == 0)
wolfSSL	7:481bce714567	4948	ret = SNI_VERIFY_PARSE(ssl, isRequest);
wolfSSL	7:481bce714567	4949
wolfSSL	7:481bce714567	4950	return ret;
wolfSSL	7:481bce714567	4951	}
wolfSSL	7:481bce714567	4952
wolfSSL	7:481bce714567	4953	/* undefining semaphore macros */
wolfSSL	7:481bce714567	4954	#undef IS_OFF
wolfSSL	7:481bce714567	4955	#undef TURN_ON
wolfSSL	7:481bce714567	4956	#undef SEMAPHORE_SIZE
wolfSSL	7:481bce714567	4957
wolfSSL	7:481bce714567	4958	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	7:481bce714567	4959
wolfSSL	7:481bce714567	4960	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	4961
wolfSSL	7:481bce714567	4962	#ifndef NO_OLD_TLS
wolfSSL	7:481bce714567	4963
wolfSSL	7:481bce714567	4964	WOLFSSL_METHOD* wolfTLSv1_client_method(void)
wolfSSL	7:481bce714567	4965	{
wolfSSL	7:481bce714567	4966	return wolfTLSv1_client_method_ex(NULL);
wolfSSL	7:481bce714567	4967	}
wolfSSL	7:481bce714567	4968
wolfSSL	7:481bce714567	4969
wolfSSL	7:481bce714567	4970	WOLFSSL_METHOD* wolfTLSv1_1_client_method(void)
wolfSSL	7:481bce714567	4971	{
wolfSSL	7:481bce714567	4972	return wolfTLSv1_1_client_method_ex(NULL);
wolfSSL	7:481bce714567	4973	}
wolfSSL	7:481bce714567	4974
wolfSSL	7:481bce714567	4975	WOLFSSL_METHOD* wolfTLSv1_client_method_ex(void* heap)
wolfSSL	7:481bce714567	4976	{
wolfSSL	7:481bce714567	4977	WOLFSSL_METHOD* method =
wolfSSL	7:481bce714567	4978	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL	7:481bce714567	4979	heap, DYNAMIC_TYPE_METHOD);
wolfSSL	7:481bce714567	4980	if (method)
wolfSSL	7:481bce714567	4981	InitSSL_Method(method, MakeTLSv1());
wolfSSL	7:481bce714567	4982	return method;
wolfSSL	7:481bce714567	4983	}
wolfSSL	7:481bce714567	4984
wolfSSL	7:481bce714567	4985
wolfSSL	7:481bce714567	4986	WOLFSSL_METHOD* wolfTLSv1_1_client_method_ex(void* heap)
wolfSSL	7:481bce714567	4987	{
wolfSSL	7:481bce714567	4988	WOLFSSL_METHOD* method =
wolfSSL	7:481bce714567	4989	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL	7:481bce714567	4990	heap, DYNAMIC_TYPE_METHOD);
wolfSSL	7:481bce714567	4991	if (method)
wolfSSL	7:481bce714567	4992	InitSSL_Method(method, MakeTLSv1_1());
wolfSSL	7:481bce714567	4993	return method;
wolfSSL	7:481bce714567	4994	}
wolfSSL	7:481bce714567	4995
wolfSSL	7:481bce714567	4996	#endif /* !NO_OLD_TLS */
wolfSSL	7:481bce714567	4997
wolfSSL	7:481bce714567	4998
wolfSSL	7:481bce714567	4999	WOLFSSL_METHOD* wolfTLSv1_2_client_method(void)
wolfSSL	7:481bce714567	5000	{
wolfSSL	7:481bce714567	5001	return wolfTLSv1_2_client_method_ex(NULL);
wolfSSL	7:481bce714567	5002	}
wolfSSL	7:481bce714567	5003
wolfSSL	7:481bce714567	5004	WOLFSSL_METHOD* wolfTLSv1_2_client_method_ex(void* heap)
wolfSSL	7:481bce714567	5005	{
wolfSSL	7:481bce714567	5006	WOLFSSL_METHOD* method =
wolfSSL	7:481bce714567	5007	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL	7:481bce714567	5008	heap, DYNAMIC_TYPE_METHOD);
wolfSSL	7:481bce714567	5009	(void)heap;
wolfSSL	7:481bce714567	5010	if (method)
wolfSSL	7:481bce714567	5011	InitSSL_Method(method, MakeTLSv1_2());
wolfSSL	7:481bce714567	5012	return method;
wolfSSL	7:481bce714567	5013	}
wolfSSL	7:481bce714567	5014
wolfSSL	7:481bce714567	5015
wolfSSL	7:481bce714567	5016	WOLFSSL_METHOD* wolfSSLv23_client_method(void)
wolfSSL	7:481bce714567	5017	{
wolfSSL	7:481bce714567	5018	return wolfSSLv23_client_method_ex(NULL);
wolfSSL	7:481bce714567	5019	}
wolfSSL	7:481bce714567	5020
wolfSSL	7:481bce714567	5021
wolfSSL	7:481bce714567	5022	WOLFSSL_METHOD* wolfSSLv23_client_method_ex(void* heap)
wolfSSL	7:481bce714567	5023	{
wolfSSL	7:481bce714567	5024	WOLFSSL_METHOD* method =
wolfSSL	7:481bce714567	5025	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL	7:481bce714567	5026	heap, DYNAMIC_TYPE_METHOD);
wolfSSL	7:481bce714567	5027	(void)heap;
wolfSSL	7:481bce714567	5028	if (method) {
wolfSSL	7:481bce714567	5029	#if !defined(NO_SHA256) \|\| defined(WOLFSSL_SHA384) \|\| defined(WOLFSSL_SHA512)
wolfSSL	7:481bce714567	5030	InitSSL_Method(method, MakeTLSv1_2());
wolfSSL	7:481bce714567	5031	#else
wolfSSL	7:481bce714567	5032	#ifndef NO_OLD_TLS
wolfSSL	7:481bce714567	5033	InitSSL_Method(method, MakeTLSv1_1());
wolfSSL	7:481bce714567	5034	#endif
wolfSSL	7:481bce714567	5035	#endif
wolfSSL	7:481bce714567	5036	#ifndef NO_OLD_TLS
wolfSSL	7:481bce714567	5037	method->downgrade = 1;
wolfSSL	7:481bce714567	5038	#endif
wolfSSL	7:481bce714567	5039	}
wolfSSL	7:481bce714567	5040	return method;
wolfSSL	7:481bce714567	5041	}
wolfSSL	7:481bce714567	5042
wolfSSL	7:481bce714567	5043	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	7:481bce714567	5044
wolfSSL	7:481bce714567	5045
wolfSSL	7:481bce714567	5046
wolfSSL	7:481bce714567	5047	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	5048
wolfSSL	7:481bce714567	5049	#ifndef NO_OLD_TLS
wolfSSL	7:481bce714567	5050
wolfSSL	7:481bce714567	5051	WOLFSSL_METHOD* wolfTLSv1_server_method(void)
wolfSSL	7:481bce714567	5052	{
wolfSSL	7:481bce714567	5053	return wolfTLSv1_server_method_ex(NULL);
wolfSSL	7:481bce714567	5054	}
wolfSSL	7:481bce714567	5055
wolfSSL	7:481bce714567	5056
wolfSSL	7:481bce714567	5057	WOLFSSL_METHOD* wolfTLSv1_1_server_method(void)
wolfSSL	7:481bce714567	5058	{
wolfSSL	7:481bce714567	5059	return wolfTLSv1_1_server_method_ex(NULL);
wolfSSL	7:481bce714567	5060	}
wolfSSL	7:481bce714567	5061
wolfSSL	7:481bce714567	5062	WOLFSSL_METHOD* wolfTLSv1_server_method_ex(void* heap)
wolfSSL	7:481bce714567	5063	{
wolfSSL	7:481bce714567	5064	WOLFSSL_METHOD* method =
wolfSSL	7:481bce714567	5065	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL	7:481bce714567	5066	heap, DYNAMIC_TYPE_METHOD);
wolfSSL	7:481bce714567	5067	if (method) {
wolfSSL	7:481bce714567	5068	InitSSL_Method(method, MakeTLSv1());
wolfSSL	7:481bce714567	5069	method->side = WOLFSSL_SERVER_END;
wolfSSL	7:481bce714567	5070	}
wolfSSL	7:481bce714567	5071	return method;
wolfSSL	7:481bce714567	5072	}
wolfSSL	7:481bce714567	5073
wolfSSL	7:481bce714567	5074
wolfSSL	7:481bce714567	5075	WOLFSSL_METHOD* wolfTLSv1_1_server_method_ex(void* heap)
wolfSSL	7:481bce714567	5076	{
wolfSSL	7:481bce714567	5077	WOLFSSL_METHOD* method =
wolfSSL	7:481bce714567	5078	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL	7:481bce714567	5079	heap, DYNAMIC_TYPE_METHOD);
wolfSSL	7:481bce714567	5080	if (method) {
wolfSSL	7:481bce714567	5081	InitSSL_Method(method, MakeTLSv1_1());
wolfSSL	7:481bce714567	5082	method->side = WOLFSSL_SERVER_END;
wolfSSL	7:481bce714567	5083	}
wolfSSL	7:481bce714567	5084	return method;
wolfSSL	7:481bce714567	5085	}
wolfSSL	7:481bce714567	5086	#endif /* !NO_OLD_TLS */
wolfSSL	7:481bce714567	5087
wolfSSL	7:481bce714567	5088
wolfSSL	7:481bce714567	5089	WOLFSSL_METHOD* wolfTLSv1_2_server_method(void)
wolfSSL	7:481bce714567	5090	{
wolfSSL	7:481bce714567	5091	return wolfTLSv1_2_server_method_ex(NULL);
wolfSSL	7:481bce714567	5092	}
wolfSSL	7:481bce714567	5093
wolfSSL	7:481bce714567	5094	WOLFSSL_METHOD* wolfTLSv1_2_server_method_ex(void* heap)
wolfSSL	7:481bce714567	5095	{
wolfSSL	7:481bce714567	5096	WOLFSSL_METHOD* method =
wolfSSL	7:481bce714567	5097	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL	7:481bce714567	5098	heap, DYNAMIC_TYPE_METHOD);
wolfSSL	7:481bce714567	5099	(void)heap;
wolfSSL	7:481bce714567	5100	if (method) {
wolfSSL	7:481bce714567	5101	InitSSL_Method(method, MakeTLSv1_2());
wolfSSL	7:481bce714567	5102	method->side = WOLFSSL_SERVER_END;
wolfSSL	7:481bce714567	5103	}
wolfSSL	7:481bce714567	5104	return method;
wolfSSL	7:481bce714567	5105	}
wolfSSL	7:481bce714567	5106
wolfSSL	7:481bce714567	5107
wolfSSL	7:481bce714567	5108	WOLFSSL_METHOD* wolfSSLv23_server_method(void)
wolfSSL	7:481bce714567	5109	{
wolfSSL	7:481bce714567	5110	return wolfSSLv23_server_method_ex(NULL);
wolfSSL	7:481bce714567	5111	}
wolfSSL	7:481bce714567	5112
wolfSSL	7:481bce714567	5113	WOLFSSL_METHOD* wolfSSLv23_server_method_ex(void* heap)
wolfSSL	7:481bce714567	5114	{
wolfSSL	7:481bce714567	5115	WOLFSSL_METHOD* method =
wolfSSL	7:481bce714567	5116	(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL	7:481bce714567	5117	heap, DYNAMIC_TYPE_METHOD);
wolfSSL	7:481bce714567	5118	(void)heap;
wolfSSL	7:481bce714567	5119	if (method) {
wolfSSL	7:481bce714567	5120	#if !defined(NO_SHA256) \|\| defined(WOLFSSL_SHA384) \|\| defined(WOLFSSL_SHA512)
wolfSSL	7:481bce714567	5121	InitSSL_Method(method, MakeTLSv1_2());
wolfSSL	7:481bce714567	5122	#else
wolfSSL	7:481bce714567	5123	#ifndef NO_OLD_TLS
wolfSSL	7:481bce714567	5124	InitSSL_Method(method, MakeTLSv1_1());
wolfSSL	7:481bce714567	5125	#else
wolfSSL	7:481bce714567	5126	#error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2
wolfSSL	7:481bce714567	5127	#endif
wolfSSL	7:481bce714567	5128	#endif
wolfSSL	7:481bce714567	5129	#ifndef NO_OLD_TLS
wolfSSL	7:481bce714567	5130	method->downgrade = 1;
wolfSSL	7:481bce714567	5131	#endif
wolfSSL	7:481bce714567	5132	method->side = WOLFSSL_SERVER_END;
wolfSSL	7:481bce714567	5133	}
wolfSSL	7:481bce714567	5134	return method;
wolfSSL	7:481bce714567	5135	}
wolfSSL	7:481bce714567	5136
wolfSSL	7:481bce714567	5137
wolfSSL	7:481bce714567	5138	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	7:481bce714567	5139	#endif /* NO_TLS */
wolfSSL	7:481bce714567	5140	#endif /* WOLFCRYPT_ONLY */
wolfSSL	7:481bce714567	5141

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	26 Jun 2015
Imports:	673
Forks:	0
Commits:	18
Dependents:	29
Dependencies:	0
Followers:	21

src/tls.c@7:481bce714567, 2017-05-02 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning